Packages changed:
  Mesa (18.0.4 -> 18.1.0)
  Mesa-drivers (18.0.4 -> 18.1.0)
  babl (0.1.46 -> 0.1.50)
  biosdevname
  filesystem
  gdbm (1.13 -> 1.14.1)
  gegl (0.4.0 -> 0.4.2)
  git
  hyper-v
  kernel-firmware (20180507 -> 20180518)
  ldb (1.3.2 -> 1.3.3)
  libaio
  liborcus
  libsmbios
  libstorage-ng (3.3.292 -> 3.3.294)
  libvirt
  mozjs52
  oath-toolkit
  openldap2
  openssh (7.6p1 -> 7.7p1)
  parted
  perl (5.26.1 -> 5.26.2)
  perl-DateTime (1.48 -> 1.49)
  perl-Error (0.17025 -> 0.17026)
  postfix (3.3.0 -> 3.3.1)
  python (2.7.14 -> 2.7.15)
  python-base (2.7.14 -> 2.7.15)
  python-typing
  samba (4.8.1+git.28.de67ff4c74d -> 4.8.2+git.30.690aa93c189)
  systemd-rpm-macros
  timezone
  timezone-java
  tslib (1.15 -> 1.16)
  util-linux
  util-linux-systemd
  vim (8.0.1568 -> 8.1.0020)
  wireshark (2.6.0 -> 2.6.1)
  xdg-utils (20170508 -> 20180510)
  xen (4.10.0_20 -> 4.10.1_02)
  xf86-video-fbdev
  xf86-video-intel
  xf86-video-sis
  zstd

=== Details ===

==== Mesa ====
Version update (18.0.4 -> 18.1.0)
Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 libwayland-egl1

- Add patch U_dri3-Stricter-SBC-wraparound-handling.patch
  This fixes an error with timestamps, avoiding near infinite client
  hangs with the new X server 1.20 release and some clients, the most
  prominent being plasmashell & steam
  Bugentry: FDO#106351
- Fix python3-Mako dependency on <= Leap 42.3.
- Temporarily replace mesa-18.1.0.tar.xz.sig with
  mesa-18.1.0.tar.xz.sha1sum. The sig file uses EDDSA which is not
  supported by gpg in OBS at the moment.

==== Mesa-drivers ====
Version update (18.0.4 -> 18.1.0)
Subpackages: Mesa-dri Mesa-dri-nouveau Mesa-gallium Mesa-libva libvdpau_nouveau libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeon libxatracker2

- Add patch U_dri3-Stricter-SBC-wraparound-handling.patch
  This fixes an error with timestamps, avoiding near infinite client
  hangs with the new X server 1.20 release and some clients, the most
  prominent being plasmashell & steam
  Bugentry: FDO#106351
- Fix python3-Mako dependency on <= Leap 42.3.
- Temporarily replace mesa-18.1.0.tar.xz.sig with
  mesa-18.1.0.tar.xz.sha1sum. The sig file uses EDDSA which is not
  supported by gpg in OBS at the moment.

==== babl ====
Version update (0.1.46 -> 0.1.50)

- Improvements to speed and precision of indexed code,
  improvements to mesonbuild.
- Update to version 0.1.48:
  + Fix u8 <-> double conversions for chroma, SSE2 version of RGBA
    float to CIE L / Lab.
  + Build with -Ofast by default.

==== biosdevname ====

- Prevent infinite recursion in dmidecode.c::smbios_setslot by
  checking that subordinate bus has a number greater than the
  current bus.
  [bsc#1093625, dmidecode-prevent-infinite-recursion.patch]

==== filesystem ====

- pretrans lua script: try to move away /var/run and /var/lock
  unless they are already symlinks (bsc#1084119)

==== gdbm ====
Version update (1.13 -> 1.14.1)
Subpackages: gdbm-devel gdbm-lang libgdbm_compat4

- Version update to 1.14.1:
  * Manpage formating issues
  * Make gdbm_error thread-safe
  * Improve database reproducibility
  * Fix build with --enable-gdbm-export
- Rebase patch gdbm-no-build-date.patch

==== gegl ====
Version update (0.4.0 -> 0.4.2)
Subpackages: gegl-0_4 gegl-0_4-lang libgegl-0_4-0

- Update to version 0.4.2:
  + Build: Abort early if autoreconf fails, remove unused bits,
    default to -Ofast as CFLAGS.
  + GeglBuffer:
  - Improve concurrency for trimming and destruction of tile
    caches. Improve cache invalidation during partial mipmap
    regeneration.
  - Do new cheap clones of buffers with new internal gegl-buffer
    backed tile-backend.
  - Do not keep cached sampler in buffer it makes cache
    invalidation hard, and for performance/threading it is better
    to create ones own samplers anyways. The old API still
    exists, though parts of it is now deprecated. The single
    special case where gegl_buffer_sample remains somewhat
    performant is with the NEAREST sampler, for all other
    samplers creating a caching sampler is better.
  + Operations:
  - operation: add GeglOperationAreaFilter::get_abyss_policy()
    vfunc Copyright notice improvements to spherize,
    color-overlay.  ff-save: implement defines handling
    compilation with ffmpeg 2.3-2.7, 4.0 compat.
  - Improved multi-threaded performance of panorama-projection
    and other transformation operations through optimizations in
    buffer and base-classes.
- Drop gegl-port-ffmpeg4.patch: Fixed upstream.

==== git ====
Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk

- Fix docless build to not fail on find/chmod not having any files
- Require just python3-base not full python for build

==== hyper-v ====

- Update lsvmbus interpreter from env(1) to python3(1) (bsc#1093910)

==== kernel-firmware ====
Version update (20180507 -> 20180518)
Subpackages: ucode-amd

- Update to version 20180518:
  * linux-firmware: Update firmware file for Intel Bluetooth,8265
  * linux-firmware: Update firmware patch for Intel Bluetooth 7260 (B5/B6)
  * linux-firmware: Update firmware patch for Intel Bluetooth 7260 (B3/B4)
  * linux-firmware: Update firmware file for Intel Bluetooth,9260
  * linux-firmware:Update firmware patch for Intel Bluetooth 7265 (D1)
  * linux-firmware: Update firmware file for Intel Bluetooth,9560
  * linux-firmware: Update AMD cpu microcode
  * amdgpu: sync up polaris12 firmware with 18.10 release
  * amdgpu: sync up polaris11 firmware with 18.10 release
  * amdgpu: sync up polaris10 firmware with 18.10 release
  * amdgpu: sync up vega10 firmware with 18.10 release
  * amdgpu: sync up carrizo firmware with 18.10 release
  * amdgpu: sync up topaz firmware with 18.10 release
  * amdgpu: sync up stoney firmware with 18.10 release
  * amdgpu: sync up tonga firmware with 18.10 release
  * amdgpu: sync up fiji firmware with 18.10 release
  * amdgpu: sync up raven firmware with 18.10 release
  * nfp: Add symlink for Agilio CX 1x40GbE flower firmware
  * nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.9.A.16
  * linux-firmware: liquidio: update firmware to v1.7.2

==== ldb ====
Version update (1.3.2 -> 1.3.3)
Subpackages: libldb1 libldb1-32bit

- Update to 1.3.3
  + Fix failure to upgrade to the GUID index DB format; (bso#13306).

==== libaio ====
Subpackages: libaio-devel libaio1

- Use %license instead of %doc [bsc#1082318]

==== liborcus ====

- boost_1_67.patch: fix building with Boost 1.67 (bsc#1089811)

==== libsmbios ====

- Make the lang_package installable by providing the symbol
  required on the libname subpackage
- Add obsoletes for libsmbios2 to ease upgrading
- Adhere to the packaging guidelines
  * As we build only against tumbleweed do not fuzz around with
    supporting Fedora and Centos
  * Use explicit filelists as it is way more readable
  * Do not play around with %release as it behaves differently
    compared to RH
- Use package names as mandated by python packaging guidelines
- Use full url to fetch tarball from github...
- Do not mess with permission in %prep phase, the perms on
  directories and files look correct both in tarball and github
- Make build run parallel make and just configure/make without any
  hassle
- Do not mess with locale generating, it is properly created by make
  already
- Do not install buildlog on user systems, we have OBS for that
- Install manpage with each binary, do not just put all mans in
  python3 subpackage
- Actually run tests rather than playing around with valgrind
- Make sure to do -fPIE build

==== libstorage-ng ====
Version update (3.3.292 -> 3.3.294)
Subpackages: libstorage-ng-ruby libstorage-ng1

- Translated using Weblate (Russian)
- 3.3.294
- Translated using Weblate (Slovak)
- 3.3.293

==== libvirt ====
Subpackages: libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-driver-uml libvirt-daemon-driver-vbox libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs

- cpu: add support for 'ssbd' and 'virt-ssbd' CPUID feature bits
  CVE-2018-3639
  1dbca2ec-CVE-2018-3639.patch, 92673422-CVE-2018-3639.patch
  bsc#1092885

==== mozjs52 ====

- Fix armv6 build by fixing armv6 detection:
  * fix_armv6_build.patch

==== oath-toolkit ====

- Fix build for openSUSE Leap 42.2 and 42.3

==== openldap2 ====
Subpackages: libldap-2_4-2 libldap-2_4-2-32bit libldap-data openldap2-client openldap2-devel

- Don't require systemd explicit, spec file can handle both cases
  correct and in containers we don't have systemd.

==== openssh ====
Version update (7.6p1 -> 7.7p1)
Subpackages: openssh-helpers

- Upgrade to 7.7p1 (bsc#1094068)
  Most important changes (more details below):
  * Drop compatibility support for pre-2001 SSH implementations
  * sshd(1) does not load DSA keys by default
  Distilled upstream log:
  - --- Potentially-incompatible changes
  * ssh(1)/sshd(8): Drop compatibility support for some very old
    SSH implementations, including ssh.com <=2.* and OpenSSH <=
    3.*.  These versions were all released in or before 2001 and
    predate the final SSH RFCs. The support in question isn't
    necessary for RFC-compliant SSH implementations.
  - --- New Features
  * experimental support for PQC XMSS keys (Extended Hash-Based
    Signatures), not compiled in by default.
  * sshd(8): Add a "rdomain" criteria for the sshd_config Match
    keyword to allow conditional configuration that depends on
    which routing domain a connection was received on (currently
    supported on OpenBSD and Linux).
  * sshd_config(5): Add an optional rdomain qualifier to the
    ListenAddress directive to allow listening on different
    routing domains. This is supported only on OpenBSD and Linux
    at present.
  * sshd_config(5): Add RDomain directive to allow the
    authenticated session to be placed in an explicit routing
    domain. This is only supported on OpenBSD at present.
  * sshd(8): Add "expiry-time" option for authorized_keys files
    to allow for expiring keys.
  * ssh(1): Add a BindInterface option to allow binding the
    outgoing connection to an interface's address (basically a
    more usable BindAddress)
  * ssh(1): Expose device allocated for tun/tap forwarding via a
    new %T expansion for LocalCommand. This allows LocalCommand
    to be %used to prepare the interface.
  * sshd(8): Expose the device allocated for tun/tap forwarding
    via a new SSH_TUNNEL environment variable. This allows
    automatic setup of the interface and surrounding network
    configuration automatically on the server.
  * ssh(1)/scp(1)/sftp(1): Add URI support to ssh, sftp and scp,
    e.g.  ssh://user@host or sftp://user@host/path.  Additional
    connection parameters that use deporecated MD5 are not
    implemented.
  * ssh-keygen(1): Allow certificate validity intervals that
    specify only a start or stop time (instead of both or
    neither).
  * sftp(1): Allow "cd" and "lcd" commands with no explicit path
    argument. lcd will change to the local user's home directory
    as usual. cd will change to the starting directory for
    session (because the protocol offers no way to obtain the
    remote user's home directory). bz#2760
  * sshd(8): When doing a config test with sshd -T, only require
    the attributes that are actually used in Match criteria
    rather than (an incomplete list of) all criteria.
  - --- Bugfixes
  * ssh(1)/sshd(8): More strictly check signature types during
    key exchange against what was negotiated. Prevents downgrade
    of RSA signatures made with SHA-256/512 to SHA-1.
  * sshd(8): Fix support for client that advertise a protocol
    version of "1.99" (indicating that they are prepared to
    accept both SSHv1 and SSHv2). This was broken in OpenSSH 7.6
    during the removal of SSHv1 support. bz#2810
  * ssh(1): Warn when the agent returns a ssh-rsa (SHA1)
    signature when a rsa-sha2-256/512 signature was requested.
    This condition is possible when an old or non-OpenSSH agent
    is in use. bz#2799
  * ssh-agent(1): Fix regression introduced in 7.6 that caused
    ssh-agent to fatally exit if presented an invalid signature
    request message.
  * sshd_config(5): Accept yes/no flag options
    case-insensitively, as has been the case in ssh_config(5) for
    a long time. bz#2664
  * ssh(1): Improve error reporting for failures during
    connection.  Under some circumstances misleading errors were
    being shown. bz#2814
  * ssh-keyscan(1): Add -D option to allow printing of results
    directly in SSHFP format. bz#2821
  * regress tests: fix PuTTY interop test broken in last
    release's SSHv1 removal. bz#2823
  * ssh(1): Compatibility fix for some servers that erroneously
    drop the connection when the IUTF8 (RFC8160) option is sent.
  * scp(1): Disable RemoteCommand and RequestTTY in the ssh
    session started by scp (sftp was already doing this.)
  * ssh-keygen(1): Refuse to create a certificate with an
    unusable number of principals.
  * ssh-keygen(1): Fatally exit if ssh-keygen is unable to write
    all the public key during key generation. Previously it would
    silently ignore errors writing the comment and terminating
    newline.
  * ssh(1): Do not modify hostname arguments that are addresses
    by automatically forcing them to lower-case. Instead
    canonicalise them to resolve ambiguities (e.g. ::0001 => ::1)
    before they are matched against known_hosts. bz#2763
  * ssh(1): Don't accept junk after "yes" or "no" responses to
    hostkey prompts. bz#2803
  * sftp(1): Have sftp print a warning about shell cleanliness
    when decoding the first packet fails, which is usually caused
    by shells polluting stdout of non-interactive startups.
    bz#2800
  * ssh(1)/sshd(8): Switch timers in packet code from using
    wall-clock time to monotonic time, allowing the packet layer
    to better function over a clock step and avoiding possible
    integer overflows during steps.
  * Numerous manual page fixes and improvements.

==== parted ====
Subpackages: libparted0 parted-lang

- Use %license instead of %doc [bsc#1082318]

==== perl ====
Version update (5.26.1 -> 5.26.2)
Subpackages: perl-base perl-doc

- make perl-5.26.2 compatible with perl-5.26.1
- Update versions based on provides in perl rpm
- Version update to perl-5.26.2:
  * Tons of bugfixes
- Remove the as-needed disabling as no other distro is doing that
- Use macros where possible
- Remove if0 and commented out code to reduce the scope
- Run tests in threads

==== perl-DateTime ====
Version update (1.48 -> 1.49)

- updated to 1.49
  see /usr/share/doc/packages/perl-DateTime/Changes
  1.49   2018-05-20
  - Updated the ppport.h with the latest version of Devel::PPPort. This fixes a
    compilation warning when compiling with 5.27.11. Reported by Jim
    Keenan. Fixed GH #81.

==== perl-Error ====
Version update (0.17025 -> 0.17026)

- updated to 0.17026
  see /usr/share/doc/packages/perl-Error/Changes

==== postfix ====
Version update (3.3.0 -> 3.3.1)
Subpackages: postfix-doc

- bsc#1087471 Unreleased Postfix update breaks SUSE Manager
  o Removing setting smtpd_sasl_path and smtpd_sasl_type to empty
- Update to 3.3.1
  * Postfix did not support running as a PID=1 process, which
    complicated Postfix deployment in containers. The "postfix
    start-fg" command will now run the Postfix master daemon as a
    PID=1 process if possible. Thanks for inputs from Andreas
    Schulze, Eray Aslan, and Viktor Dukhovni.
  * Segfault in the postconf(1) command after it could not open a
    Postfix database configuration file due to a file permission
    error (dereferencing a null pointer). Reported by Andreas
    Hasenack, fixed by Viktor Dukhovni.
  * The luser_relay feature became a black hole, when the luser_relay
    parameter was set to a non-existent local address (i.e. mail
    disappeared silently). Reported by J?rgen Thomsen.
  * Missing error propagation in the tlsproxy(8) daemon could result
    in a segfault after TLS handshake error (dereferencing a
    0xffff...ffff pointer). This daemon handles the TLS protocol
    when a non-whitelisted client sends a STARTTLS command to
    postscreen(8).

==== python ====
Version update (2.7.14 -> 2.7.15)
Subpackages: python-curses

- update to 2.7.15
  * dozens of bugfixes, see NEWS for details
- removed obsolete patches:
  * python-ncurses-6.0-accessors.patch
  * python-fix-shebang.patch
  * gcc8-miscompilation-fix.patch
- add patch from upstream:
  * do-not-use-non-ascii-in-test_ssl.patch

==== python-base ====
Version update (2.7.14 -> 2.7.15)
Subpackages: libpython2_7-1_0 libpython2_7-1_0-32bit python-xml

- update to 2.7.15
  * dozens of bugfixes, see NEWS for details
- removed obsolete patches:
  * python-ncurses-6.0-accessors.patch
  * python-fix-shebang.patch
  * gcc8-miscompilation-fix.patch
- add patch from upstream:
  * do-not-use-non-ascii-in-test_ssl.patch

==== python-typing ====

- Actually skip the py3 as it caused bit of fuzz but reduce the
  code still
- Do not bother reducing the stuff to not build on 3.6, it is
  just providing noop package which does not hurt anything and
  saves 10 magic lines in spec

==== samba ====
Version update (4.8.1+git.28.de67ff4c74d -> 4.8.2+git.30.690aa93c189)
Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap2 libsmbldap2-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client samba-client-32bit samba-doc samba-libs samba-libs-32bit samba-winbind samba-winbind-32bit

- Update to 4.8.2
  + After update to 4.8.0 DC failed with "Failed to find our own
    NTDS Settings objectGUID" (bso#13335).
  + fix incorrect reporting of stream dos  attributes on a
    directory (bso#13380).
  + vfs_ceph: add asynchronous fsync; fake synchronous call (bso#13412).
  + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425)
  + vfs_ceph: Fix memory leak; (bso#13424).
  + libsmbclient: Fix hard-coded connection error return of
    ETIMEDOUT; (bso#13419).
  + s4-lsa: Fix use-after-free in LSA server; (bso#13420).
  + winbindd: Do re-connect if the RPC call fails in the passdb
    case; (bso#13430).
  + cleanupd: Sends MSG_SMB_UNLOCK twice to interested peers; (bso#13416).
  + cleanupd: Use MSG_SMB_BRL_VALIDATE to signal cleanupd
    unclean process shutdown; (bso#13414).
  + ctdb-client: Remove ununsed functions from old client code;
    (bso#13411).
  + printing: Return the same error code as windows does on upload
    failures; (bso#13395).
  + nsswitch: Fix memory leak in winbind_open_pipe_sock() when the
    privileged pipe is not accessable; (bso#13400).
  + s4:lsa_lookup: remove TALLOC_FREE(state) after all
    dcesrv_lsa_Lookup{Names,Sids}_base_map() calls; (bso#13420).
  + rpc_server: Fix NetSessEnum with stale sessions; (bso#13407).
  + s3:smbspool: Fix cmdline argument handling; (bso#13417).

==== systemd-rpm-macros ====

- remove confusing --user before --global
  Backport from
  https://github.com/systemd/systemd/commit/28d36da64a7a23a55e8d0a139f2620384fd058b3.
  This was spotted in bsc#1090785.

==== timezone ====

- in SLE 15 / Leap 15.0 yast2-country stopped setting TIMEZONE in
  /etc/sysconfig/clock and called systemd timedatectl instead.
  No longer set /etc/localtime on timezone package updates to
  avoid setting an incorrect timezone. bsc#1093392

==== timezone-java ====

- in SLE 15 / Leap 15.0 yast2-country stopped setting TIMEZONE in
  /etc/sysconfig/clock and called systemd timedatectl instead.
  No longer set /etc/localtime on timezone package updates to
  avoid setting an incorrect timezone. bsc#1093392

==== tslib ====
Version update (1.15 -> 1.16)

- Update to version 1.16:
  * This release includes libts version 0.9.1 and the following changes:
  - module_raw tatung is now disabled in the default build config. Users must
    ./configure --enable-tatung if they rely on it.
  - new module_raw one-wire-ts-input for FriedlyARM devices (disabled by
    default)
  - simple tslib_version() function to get the version string
  * This release includes the following bugfixes:
  - efcba6e ts_uinput: (fix for Android) write only one input_event at a time
  - e63f33f invert: fix ts_read() iteration over multiple samples
  - 932bb4f ts_uinput: fail for unsupported old kernel versions

==== util-linux ====
Subpackages: libblkid-devel libblkid1 libblkid1-32bit libfdisk1 libmount1 libmount1-32bit libsmartcols1 libuuid-devel libuuid1 libuuid1-32bit util-linux-lang

- Do not run rfkill-block@.service and rfkill-unblock@service as it
  is just template without parameter bsc#1092820 bsc#1093176

==== util-linux-systemd ====

- Do not run rfkill-block@.service and rfkill-unblock@service as it
  is just template without parameter bsc#1092820 bsc#1093176

==== vim ====
Version update (8.0.1568 -> 8.1.0020)
Subpackages: gvim vim-data vim-data-common

- update to 8.1 revision 0020
- refresh disable-unreliable-tests.patch vim-8.0-ttytype-test.patch
- refresh vim73-no-static-libpython.patch
- added:
  * term command - built in terminal window
- fixes:
  * Using "gn" may select wrong text when wrapping.
  * Shell command completion has duplicates
  * Possible crash in term_wait()
  * qf_init_ext() is too long.
  * Using freed memory when changing terminal cursor color
  * maparg() and mapcheck() confuse empty and non-existing.
  * syn_id2cterm_bg() may be undefined.
  * :stopinsert changes the message position.
  * The netrw plugin does not work.

==== wireshark ====
Version update (2.6.0 -> 2.6.1)
Subpackages: libwireshark11 libwiretap8 libwscodecs0 libwsutil9 wireshark-ui-qt

- Fix build with Qt 5.11 (boo#1093733)
  add wireshark-2.6.1-fix-Qt-5.11.patch
- update to 2.6.1:
  This release fixes minor vulnerabilities that could be used to
  trigger dissector crashes or cause dissectors to go into large
  infinite loops by making Wireshark read specially crafted
  packages from the network or capture files (bsc#1094301):
  * CVE-2018-11354: IEEE 1905.1a dissector crash
  * CVE-2018-11355: RTCP dissector crash
  * CVE-2018-11356: DNS dissector crash
  * CVE-2018-11357: Multiple dissectors could consume excessive memory
  * CVE-2018-11358: Q.931 dissector crash
  * CVE-2018-11359: The RRC dissector and other dissectors could crash
  * CVE-2018-11360: GSM A DTAP dissector crash
  * CVE-2018-11361: IEEE 802.11 dissector crash
  * CVE-2018-11362: LDSS dissector crash
- Further bug fixes and updated protocol support as listed in:
  https://www.wireshark.org/docs/relnotes/wireshark-2.6.1.html

==== xdg-utils ====
Version update (20170508 -> 20180510)

- Update to version 20180510 (1.1.3):
  * bump version, prep for 1.1.3 release
  * xdg-open: use pcmanfm only if it is available (BR106161)
  * Add Deepin Desktop Environment support.
  * Avoid argument injection vulnerability in open_envvar() (CVE-2017-18266,
    boo#1093086)
  * xdg-settings: check_browser is broken under kde when just the binary
    is specified (BR106343)
  * xdg-open: Fixes LXQt behavior
  * xdg-mime awk script syntax error (BR104298)
  * Spelling fixes (BR103255)
  * xdg-mime.1: Add missing period
  * Fix tests for 1f8e58d51e6fb3f50f59ed2d8265f2f346ac68e6
- Drop fix-kde-browser-check.patch which is already included upstream

==== xen ====
Version update (4.10.0_20 -> 4.10.1_02)
Subpackages: xen-doc-html xen-libs xen-tools xen-tools-domU

- bsc#1092631 - VUL-0: CVE-2018-3639: xen: V4 ? Speculative Store
  Bypass aka "Memory Disambiguation"
  5ad4923e-x86-correct-S3-resume-ordering.patch
  5ad49293-x86-suppress-BTI-mitigations-around-S3.patch
  5afc13ae-1-x86-read-MSR_ARCH_CAPABILITIES-once.patch
  5afc13ae-2-x86-express-Xen-SPEC_CTRL-choice-as-variable.patch
  5afc13ae-3-x86-merge-bti_ist_info-use_shadow_spec_ctrl.patch
  5afc13ae-4-x86-fold-XEN_IBRS-ALTERNATIVES.patch
  5afc13ae-5-x86-rename-bits-of-spec_ctrl-infrastructure.patch
  5afc13ae-6-x86-elide-MSR_SPEC_CTRL-handling-in-idle.patch
  5afc13ae-7-x86-split-X86_FEATURE_SC_MSR.patch
  5afc13ae-8-x86-explicitly-set-Xen-default-SPEC_CTRL.patch
  5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch
  5afc13ae-A-x86-introduce-spec-ctrl-cmdline-opt.patch
  Spectre-v4-1.patch
  Spectre-v4-2.patch
  Spectre-v4-3.patch
- always call qemus xen-save-devices-state in suspend/resume to
  fix migration with qcow2 images (bsc#1079730)
  libxl.Add-a-version-check-of-QEMU-for-QMP-commands.patch
  libxl.qmp-Tell-QEMU-about-live-migration-or-snapshot.patch
  xen.bug1079730.patch
- Upstream patches from Jan (bsc#1027519)
  5ad600d4-x86-pv-introduce-x86emul_read_dr.patch
  5ad600d4-x86-pv-introduce-x86emul_write_dr.patch
  5ad8c3a7-x86-spec_ctrl-update-retpoline-decision-making.patch
  5adda097-x86-HPET-fix-race-triggering-ASSERT.patch
  5adda0d5-x86-HVM-never-retain-emulated-insn-cache.patch
  5ae06fad-SVM-fix-intercepts-for-SYS-CALL-ENTER-MSRs.patch
  5ae31917-x86-cpuidle-init-stats-lock-once.patch
  5aeaeae4-introduce-vcpu_sleep_nosync_locked.patch
  5aeaeaf0-sched-fix-races-in-vcpu-migration.patch
  5aeb2c57-x86-retval-checks-of-set-guest-trapbounce.patch
  5af1daa9-1-x86-traps-fix-dr6-handing-in-DB-handler.patch (Replaces xsa260-1.patch)
  5af1daa9-2-x86-pv-move-exception-injection-into-test_all_events.patch (Replaces xsa260-2.patch)
  5af1daa9-3-x86-traps-use-IST-for-DB.patch (Replaces xsa260-3.patch)
  5af1daa9-4-x86-traps-fix-handling-of-DB-in-hypervisor-context.patch (Replaces xsa260-4.patch)
  5af1daa9-x86-HVM-guard-against-bogus-emulator-ioreq-state.patch (Replaces xsa262.patch)
  5af1daa9-x86-vpt-support-IO-APIC-routed-intr.patch (Replaces xsa261.patch)
  5af97999-viridian-cpuid-leaf-40000003.patch
- Fixes related to Page Table Isolation (XPTI). bsc#1074562 XSA-254
  5a6703cb-x86-move-invocations-of-hvm_flush_guest_tlbs.patch
  5a9985bd-x86-invpcid-support.patch
  5adde9ed-xpti-fix-double-fault-handling.patch
  5aec7393-1-x86-xpti-avoid-copy.patch
  5aec7393-2-x86-xpti-write-cr3.patch
  5aec744a-3-x86-xpti-per-domain-flag.patch
  5aec744a-4-x86-xpti-use-invpcid.patch
  5aec744a-5-x86-xpti-no-global-pages.patch
  5aec744a-6-x86-xpti-cr3-valid-flag.patch
  5aec744a-7-x86-xpti-pv_guest_cr4_to_real_cr4.patch
  5aec744b-8-x86-xpti-cr3-helpers.patch
  5aec74a8-9-x86-xpti-use-pcid.patch

==== xf86-video-fbdev ====

- Fix build with Xorg server 1.20 by updating to current Git.
  U_01-Default-to-32bpp-if-the-console-is-8bpp-and-we-weren-t-told-otherwise.patch
  U_02-Use-own-thunk-functions-instead-of-fbdevHW-Weak.patch
  U_03-Pass-the-pci-device-if-any-through-to-fbdevhw-in-probe-and-preinit.patch
  U_04-Initialize-pci_dev.patch
  U_05-Fix-shadow-fb-allocation-size-v2.patch
  U_11-Remove-dead-pix24bpp-variable.patch
  U_12-Use-shadowUpdate32to24-at-24bpp.patch
  U_13-Use-ifdef-instead-of-if-to-avoid-build-error.patch

==== xf86-video-intel ====

- n_fix-build-on-i686.patch
  * Fix build on i686 with GCC8. (bnc#1092541)

==== xf86-video-sis ====

- Fix build with Xorg server 1.20 by updating to current Git.
  U_06-Remove-reference-to-virtualFrom.patch
  U_07-xf86-video-sis-remove-the-GlxSetVisualConfigs-stub-and-friends.patch

==== zstd ====

- Use %license instead of %doc [bsc#1082318]