Removed rpms
============

 - typelib-1_0-Flatpak-1_0

Added rpms
==========

 - libSPIRV-Tools-suse15
 - libefivar1
 - libglslang-suse9
 - libplacebo43
 - libshaderc_shared1
 - libwoff2common1_0_2
 - libwoff2dec1_0_2
 - mokutil
 - openSUSE-signkey-cert
 - openssl

Package Source Changes
======================

ImageMagick
+  fix CVE-2021-20309 [bsc#1184624], Division by zero in WaveImage() of MagickCore/visual-effects.c
+  + ImageMagick-CVE-2021-20309.patch
+  fix CVE-2021-20311 [bsc#1184626], Division by zero in sRGBTransformImage() in MagickCore/colorspace.c
+  + ImageMagick-CVE-2021-20311.patch
+  fix CVE-2021-20312 [bsc#1184627], Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c
+  + ImageMagick-CVE-2021-20312.patch
+  fix CVE-2021-20313 [bsc#1184628], Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c
+  + ImageMagick-CVE-2021-20313.patch
+
+- security update
+- added patches
MozillaFirefox
+- Firefox Extended Support Release 78.10.0 ESR
+  * Fixed: Various stability, functionality, and security fixes
+- Mozilla Firefox ESR 78.10
+  MFSA 2021-15 (bsc#1184960)
+  * CVE-2021-23994 (bmo#1699077)
+    Out of bound write due to lazy initialization
+  * CVE-2021-23995 (bmo#1699835)
+    Use-after-free in Responsive Design Mode
+  * CVE-2021-23998 (bmo#1667456)
+    Secure Lock icon could have been spoofed
+  * CVE-2021-23961 (bmo#1677940)
+    More internal network hosts could have been probed by a
+    malicious webpage
+  * CVE-2021-23999 (bmo#1691153)
+    Blob URLs may have been granted additional privileges
+  * CVE-2021-24002 (bmo#1702374)
+    Arbitrary FTP command execution on FTP servers using an
+    encoded URL
+  * CVE-2021-29945 (bmo#1700690)
+    Incorrect size computation in WebAssembly JIT could lead to
+    null-reads
+  * CVE-2021-29946 (bmo#1698503)
+    Port blocking could be bypassed
+
MozillaThunderbird
+- Mozilla Thunderbird 78.10
+  * fixed: Usability & theme improvements on Windows
+  * fixed: Various security fixes
+  MFSA 2021-14 (bsc#1184960)
+  * CVE-2021-23994 (bmo#1699077)
+    Out of bound write due to lazy initialization
+  * CVE-2021-23995 (bmo#1699835)
+    Use-after-free in Responsive Design Mode
+  * CVE-2021-23998 (bmo#1667456)
+    Secure Lock icon could have been spoofed
+  * CVE-2021-23961 (bmo#1677940)
+    More internal network hosts could have been probed by a
+    malicious webpage
+  * CVE-2021-23999 (bmo#1691153)
+    Blob URLs may have been granted additional privileges
+  * CVE-2021-24002 (bmo#1702374)
+    Arbitrary FTP command execution on FTP servers using an
+    encoded URL
+  * CVE-2021-29945 (bmo#1700690)
+    Incorrect size computation in WebAssembly JIT could lead to
+    null-reads
+  * CVE-2021-29946 (bmo#1698503)
+    Port blocking could be bypassed
+  * CVE-2021-29948 (bmo#1692899)
+    Race condition when reading from disk while verifying
+    signatures
+
NetworkManager
+- Add nm-fix-dhcp-client-timeout.patch: Better handle dhclient's
+  timeout so that a recorded lease can be used when dhcp server
+  is down(glfo#NetworkManager/NetworkManager!811, bsc#1183202).
+- Modified NetworkManager.conf: Use dhclient as the default dhcp
+  client(glfo#NetworkManager/NetworkManager!811, bsc#1183202).
+
+- Add NM-restore-MAC-on-release-only-when-cloned.patch: bond:
+  restore MAC on release only when there is a cloned MAC address
+  (glfo#NetworkManager/NetworkManager!775, bsc#1183967).
+
OpenPrintingPPDs
+- Skip fixing bugs in PPD files from printer manufacturers when
+  the manufacturer's redistribution license in the PPD file allows
+  redistribution only when the content of the file is not altered
+  (see http://bugs.linux-foundation.org/show_bug.cgi?id=535).
+
+- Updated NEC-P2X.necp2xX.upp.ppd for OpenPrintingPPDs-ghostscript
+  (see http://bugs.linux-foundation.org/show_bug.cgi?id=533)
+  so that now all PPDs in the OpenPrintingPPDs packages
+  pass the very basic test with the makePPDtest script
+  which is added to the OpenPrintingPPDs source tarball.
+
+- Initial version.
+
avahi
+- Add avahi-CVE-2021-3468.patch: avoid infinite loop by handling
+  HUP event in client_work (boo#1184521 CVE-2021-3468).
+  https://github.com/lathiat/avahi/pull/330
+
ceph
+- Update to 15.2.11-83-g8a15f484c2:
+  + (bsc#1184231) cephadm: Allow to use paths in all <_devices> drivegroup sections
+
+- Update to 15.2.11-82-g7c6356e178:
+  + upstream Octopus v15.2.11 release
+    see https://ceph.io/releases/v15-2-11-octopus-released/
+  * (bsc#1183074) - (CVE-2021-20288) ceph: Unauthorized global_id reuse
+  + cephadm: Update Grafana container image from 7.0.3 to 7.3.1
+
+- Update to 15.2.10-81-g29303934a5:
+  + upstream Octopus v15.2.10 release, see https://ceph.io/releases/v15-2-10-octopus-released/
+  * bluestore: fix huge reads/writes at BlueFS (bsc#1183899)
+
+- Update to 15.2.9-83-g4275378de0:
+  + cephadm: fix 'inspect' and 'pull' (bsc#1182766)
+
+- Update to 15.2.9-82-gee18977364:
+  + upstream Octopus v15.2.9 release, see https://ceph.io/releases/v15-2-9-octopus-released/
+  * (bsc#1179997) (CVE-2020-27839) mgr/dashboard: Use secure cookies to store JWT Token
+  * (bsc#1178905) (CVE-2020-25678) Do not add sensitive information in Ceph log files
+  * (bsc#1172926) mgr/orchestrator: Sort 'ceph orch device ls' by host
+  * (bsc#1176390, bsc#1176679) mgr/dashboard: enable different URL for users
+    of browser to Grafana
+  * (bsc#1176489) mgr/cephadm: lock multithreaded access to OSDRemovalQueue
+  * (bsc#1176828) cephadm: command_unit: call systemctl with verbose=True
+  * (bsc#1177360) cephadm: silence "Failed to evict container" log msg
+  * (bsc#1177857) mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails
+  * (bsc#1178837) rgw: cls/user: set from_index for reset stats calls
+  * (bsc#1178860) mgr/dashboard: Disable TLS 1.0 and 1.1
+  * (bsc#1178932, bsc#1179569) cephadm: reference the last local image by digest
+
cifs-utils
+- cifs.upcall: fix regression in kerberos mount; (bsc#1184815).
+  * add 0015-cifs.upcall-fix-regression-in-kerberos-mount.patch
+
+- CVE-2021-20208: cifs-utils: cifs.upcall kerberos auth leak in
+  container; (bsc#1183239); CVE-2021-20208.
+
cups
+- When cupsd creates directories with specific owner group
+  and permissions (usually owner is 'root' and group matches
+  "configure --with-cups-group=lp") specify same owner group and
+  permissions in the RPM spec file to ensure those directories
+  are installed by RPM with the right settings because if those
+  directories were installed by RPM with different settings then
+  cupsd would use them as is and not adjust its specific owner
+  group and permissions which could lead to privilege escalation
+  from 'lp' user to 'root' via symlink attacks e.g. if owner is
+  falsely 'lp' instead of 'root' CVE-2021-25317 (bsc#1184161)
+
cups-filters
+- fix_upstream_issue348.patch fixes
+  https://github.com/OpenPrinting/cups-filters/issues/348
+  foomatic-rip segfaults with 'job-sheets=none,none'
+  but works with 'job-sheets=none'
+  (bsc#1182893)
+
dhcp
+- bsc#1185157:
+  Use /run instead of /var/run for PIDFile in dhcrelay.service.
+
dracut
+- Update to version 049.1+suse.187.g63c1504f:
+  * fix(shutdown): add timeout to umount calls (bsc#1178219)
+
e2fsprogs
+- Remove autoreconf call from e2fsprogs.spec (bsc#1183791)
+
flatpak
+-  Update to version 1.10.2:
+  + This is a security update which fixes a potential attack where
+    a flatpak application could use custom formated .desktop files
+    to gain access to files on the host system.
+  + Fix memory leaks
+  + Some test fixes
+  + Documentation updates
+  + G_BEGIN/END_DECLS added to library headders for c++ use
+  + Fix for X11 cookies on OpenSUSE
+  + Spawn portal better handles non-utf8 filenames
+
+- Flatpak only requires glib 2.44, not 2.60
+- Update ostree version required to 2020.8
+
+- Update to version 1.10.1:
+  + Fix flatpak build on systems with setuid bwrap
+  + Fix some compiler warnings
+  + Fix crash on updating apps with no deploy data
+  + Updated translations.
+- Remove deprecated texinfo packaging macros.
+- Switch to upstream release tarball.
+
+- Update to version 1.10.0:
+  + The major new feature in this series compared to 1.8 is the
+    support for the new repo format which should make updates
+    faster and download less data.
+  + The systemd generator snippets now call flatpak
+  - -print-updated-env in place of a bunch of shell for better
+    login performance.
+  + The .profile snippets now disable GVfs when calling flatpak to
+    avoid spawning a gvfs daemon when logging in via ssh.
+  + Build fixes for GCC 11.
+  + Flatpak now finds the pulseaudio sockets better in uncommon
+    configurations.
+  + Sandboxes with network access it now also has access to the
+    systemd-resolved socket to do dns lookups.
+  + Flatpak supports unsetting env vars in the sandbox using
+  - -unset-env, and --env=FOO= now sets FOO to the empty string
+    instead of unsetting it.
+  + Similarly the spawn portal has an option to unset an env var.
+  + The spawn portal now has an option to share the pid namespace
+    with the sub-sandbox.
+
+- Update to version 1.8.5 (CVE-2021-21261):
+  + This is a security update that fixes a sandbox escape where a
+    malicious application can execute code outside the sandbox by
+    controlling the environment of the "flatpak run" command when
+    spawning a sub-sandbox (boo#1180996)
+
+- Update to version 1.8.4:
+  + Fix support for ppc64.
+
+- Move flatpak-bisect and flatpak-coredumpctl to devel subpackage,
+  allow to remove python3 dependency on main package.
+
+- Enable LTO (boo#1133124) as gobject-introspection works fine with LTO.
+
+- Update to version 1.8.3:
+  + Fixed progress reporting for OCI and extra-data.
+  + The in-memory summary cache is more efficient.
+  + Fixed authentication getting stuck in a loop in some cases.
+  + Fixed authentication error reporting.
+  + We now extract OCI info for runtimes as well as apps.
+  + Fixed crash if anonymous authentication fails and -y is
+    specified.
+  + flatpak info now only looks at the specified installation if
+    one is specified.
+  + Better error reporting for server HTTP errors during download.
+  + Uninstall now removes applications before the runtime it
+    depends on.
+  + Fixed test-suite to pass with the latest OSTree version.
+  + Fixed dbus environment variables in flatpak enter.
+  + Avoid updating metadata from the remote when uninstalling.
+  + Fixed error message handling in various places.
+  + FlatpakTransaction now verifies all passed in refs to avoid.
+  + potential issues with invalid names.
+  + Updated translations.
+
+- Update to version 1.8.2:
+  + Added validation of collection id settings for remotes.
+  + Fix seccomp filters on s390.
+  + Robustness fixes to the spawn portal.
+  + Fix support for masking update in the system installation.
+  + Better support for distros with uncommon models of merged /usr.
+  + Cache responses from localed/AccountService.
+  + Fix hangs in cases where xdg-dbus-proxy fails to start.
+  + Fix double-free in cups socket detection.
+  + OCI authenticator now doesn't ask for auth in case of http
+    errors.
+
+- Fix invalid usage of %{_libexecdir} to reference systemd
+  directories.
+
+- Update to version 1.8.1:
+  * Avoid calling authenticator in update if ref didn't change
+  * Don't fail transaction if ref is already installed (after
+    transaction start)
+  * Fix flatpak run handling of userns in the --device=all case
+  * Fix handling of extensions from different remotes
+  * Fix flatpak run --no-session-bus
+  * Updated translations
+- Update to version 1.8.0:
+  * FlatpakTransaction has a new signal "install-authenticator"
+    which clients can handle to install authenticators needed for
+    the transaction. This is done in the CLI commands.
+  * We now always expose the host timezone data, allowing us the
+    expose the host /etc/localtime in a way that works better,
+    fixing several apps that had timezone issues.
+  * Fix flatpak enter which didn't work in some cases.
+  * We now ship a systemd unit (not installed by default) to
+    automatically detect plugged in usb sticks with sideload repos.
+  * By default we no longer install the gdm env.d file, as the
+    systemd generators work better.
+  * create-usb now exports partial commits by default
+  * Fix handling of docker media types in oci remotes
+  * Fix subjects in remote-info --log output
+- Remove source file used to generate a flatpak user on the system
+  since it's now included by upstream:
+  * system-user-flatpak.conf
+
+- Fixes for %_libexecdir changing to /usr/libexec
+
+- Update to version 1.6.4:
+  + This release backports some of the OCI authenticator fixes from
+    the 1.7 series, and should now be able to host flatpak images
+    on e.g. docker hub.
+  + Other changes:
+  - Fix a use-after free in libflatpak.
+  - Don't list p2p downgrades in list of available updates.
+
+- jsc#SLE-7171
giflib
+- Enable Position Independent Code and inherit CFLAGS from the build system.
+  * Added giflib-PIE.patch (bsc#1184123).
+
-- Update to new upstream release 5.0.4
-  * Fix for a rare misrendering bug when a GIF overruns the
-  decompression-code table.
-- Make patches have -p1, as requested by
-  http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines
-
-- Added url as source.
-  Please see http://en.opensuse.org/SourceUrls
-
-- add giflib-automake-1_13.patch, fix build with automake-1.13.1
-
-- Remove "Obsoletes: giflib", because libgif6 must not obsolete
-  libgif4 (it would do that by way of libgif4's "Provides: giflib").
-
-- Adjust baselibs.conf for libgif6, remove libungif rpm symbols
-  since they are now no longer provided.
-
-- Version 5.0.3
-  * The library is now purely reentrant and thread-safe
-  * Adds an EGifSetGifVersion() entry point
-  * All names of exported functions now have a Gif, DGif, or EGif prefix.
-- packaging changes:
-  * soname is now libgif6
-  * Compatibility with ancient "libungif" via rpm spec file hacks
-  is no longer included, if there is any application around
-  that still requires this it has to be fixed.
-
-- Remove redundant tags/sections
-
-- annotate functions from gif_lib_private.h with visibility
-  hidden so they are not exported.
-
-- add libtool as buildrequire to make the spec file more reliable
-
-- Correct project URL
-- Implement shlib naming (libgif4)
-- Apply packaging guidelines (remove redundant/obsolete
-  tags/sections from specfile, etc.)
-
-- Do not use __Date__ and __TIME__ , make build-compare
-  happier
-
-- add baselibs.conf as a source
-
gnome-session
+- Add gnome-session-exit-when-lost-name-on-bus.patch: gnome-session
+  exit immediately when lost name on bus
+  (bsc#1175622 glgo!GNOME/gnome-session!60).
+
gnome-shell-extension-desktop-icons
+- Add desktop-icons-show-iso-file-icon.patch: Show ISO file icon as
+  default icon.
+  (bsc#1183504 glgo#GNOME/World/ShellExtensions/desktop-icons!196)
+
gpgme
+- Fix t-json test in SP3: https://dev.gnupg.org/T4820 [bsc#1183801]
+  * tests/json: Bravo key does not have secret key material
+  * tests/json: Do not check for keygrip of pubkeys
+  * core: Make sure the keygrip is available in WITH_SECRET mode
+- Add gpgme-test-json.patch
+
gzip
+- fix DFLTCC segfault [bsc#1177047]
+- added patches
+  fix https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=be0a534ba2b6e77da289de8da79e70843b1028cc
+  + gzip-1.10-fix-DFLTCC-segfault.patch
+
irqbalance
+- not balancing interrupts in Xen guests (bsc#1178477, bsc#1183405)
+  A procinterrupts-check-xen-dyn-event-more-flexible.patch
+
kimageformats
+- Add patch to fix OOB write (oss-fuzz#33742):
+  * 0001-xcf-Fix-Stack-buffer-overflow-WRITE-on-broken-files.patch
+
kyotocabinet
+- Add yet an other patch kyotocabinet-pie.patch
+  * link all executables as pie (bsc#1185033)
+
+- Update to version 1.2.77:
+  * kcthread.cc (CondVar::wait): a bug on Win32 was fixed.
+  * kcdbext.h (IndexDB::set, IndexDB::replace): a bug of updating
+    existing records was fixed.
+  * kcdb.h (DB::check): new function.
+- Drop no longer needed gcc6-fix-errors.patch
+- Modernise spec file
+
-- update version 1.2.76
-  * kcthread.cc (CondVar::wait): a bug on Win32 was fixed.
-  * kcdbext.h (IndexDB::set, IndexDB::replace): a bug of updating existing records was fixed.
-  * kcdb.h (DB::check): new function.
-
-- Make kyotocabinet installation work on SLE_11
-
-- Remove redundant tags/sections per specfile guideline suggestions
-- Add autotools BuildRequires for factory/12.2
-
-- updated to 1.2.52
-
-- updated to 1.2.50
-
-- created package (version 1.2.47)
-
libabw
+- Fix descriptions in spec file
+  * libabw handles AbiWord files
+- Fix license
+  * libabw is released under MPL-2.0
+
+- Version bump to 0.0.2:
+  * various bugfixes
+  * build fixes with various boost versions.
+
+- Initial commit, package will be required with libreoffice 4.2
+
libcap
+- Add explicit dependency on libcap2 with version to libcap-progs
+  and pam_cap (bsc#1184690)
+
-- Update to libcap 2.22
-- libcap 2.22 includes:
-  * Clarified License file (with version 2 of the GPL)
-  * Support getting/setting capabilities on large files
-  * After --chroot command, change working directory to "/".
-- libcap 2.21 includes:
-  * Introduce cap_get_bound() and cap_drop_bound() functions.
-    also include a macro CAP_IS_SUPPORTED(cap) for capabilities
-- libcap 2.20 includes:
-  * Latest kernel capabilites supported: now includes CAP_SYSLOG
-  * $(CFLAGS) Makefile fixes
-  * Default to installing setcap with an inheritable capability.
-
libetonyek
+- libetonyek-0.1.1-constants.patch
+  * Ditch the boost/math/constants/constants.hpp altogether
+  * Fixes build on systems with older boost
+
+- Upgrade to upstream version 0.1.1
+  * Fix detection of Keynote 3 documents.
+
+- Upgrade to upstream version 0.1.0
+  * ABI change
+  * Remove dependency on libwpd-devel
+  * Add dependency on librevenge-devel
+
+- Version bump to 0.0.4:
+  * Various bugfixes found during the libreoffice-4.2 cycle
+- Drop upstreamed patches:
+  * libetonyek-0.0.3-comma.patch
+  * libetonyek-0.0.3-lexical_cast.patch
+  * libetonyek-more-lib64.patch
+
+- build with -fvisibility-inlines-hidden, around 400 symbols
+  less in the export symbol table.
+
+- Add ppc64le to list of lib64 archs for boost detection
+  Added patches:
+  * libetonyek-more-lib64.patch
+
+- Drop useless dep over libwpg. Cleanup whitespace.
+
+- Fix build with some boost versions and compilers
+  - Cannot take address of a template function
+- added patches:
+  * libetonyek-0.0.3-lexical_cast.patch
+
+- Fix comma at the end of an enum.
+- added patches:
+  * libetonyek-0.0.3-comma.patch
+
+- Bump to 0.0.3
+  - import text formatting attributes
+  - draw rounded rectangles and callouts
+  - fixed build with older boost
+  - implemented import of tables
+  - implemented import of presentation notes
+  - implemented import of sticky notes
+- removed patches:
+  * libetonyek-0.0.0-pi.patch - integrated upstream
+
+- Modify libetonyek-0.0.0-pi.patch
+  * fixes build of tests with less recent boost versions
+
+- Bump to 0.0.1
+  * Fixes test
+  * Various runtime fixes
+
+- Add libetonyek-0.0.0-pi.patch
+  * fixes build problems with less recent boost versions
+- Don't build noarch docs for SLE11
+
+- Make the package actually build.
+
+- Initial commit, needed by libreo-4.2
+
libhugetlbfs
+- Hardening: Link as PIE (bsc#1184123).
+
-- There are no tests installed in s390(x) case, therefore there are no
-  files in %{_libdir}/libhugetlbfs
-  Remove the directory from the file list to fix package build for s390(x)
-
-- Add support of ppc64le with 4 patches
-  libhugetlbfs-ppc64le.patch
-  libhugetlbfs.ppc64le.step2.patch
-  libhugetlbfs.ppc64le.step3.patch
-  libhugetlbfs.ppc64le.step4.patch
-
-- Update to version 2.16:
-  Features:
-  * ARM Support
-  * s390x Dynamic TASK_SIZE support
-  Bug Fixes:
-  * find_mounts() now properly NULL terminates mount point names
-
-- Update to version 2.15
-  Features:
-  * Some System z functionality went into 2.15
-  * Updated man pages
-  * Added basic events for core_i7 to oprofile_map_events
-  Fixes:
-  * Disable Unable to verify address range warning when offset < page_size
-  * Remove sscanf in library setup to avoid heap allocation before _morecore
-  override
-  * Revert heap exhaustion patch
-  * hugectl no longer clips LD_LIBRARY_PATH variable
-  * Fix clean on failure code to avoid closing stdout
-
-- Add excludearch for arm due to lacking support
-
-- Update to version 2.13
-  * hugeadm can now be used to control Transparent Huge Page tunables
-  * New morecore mode to better support THP
-  * Check permissions on hugetlbfs mount point before marking it as
-    available
-  * Fix shm tests to use random address instead of fixed, old address
-    failed on ARM
-
-- Update to version 2.12
-  * libhugetlbfs usages can now be restricted to certain binary names
-  * libhugetlbfs now supports static linking
-  * hugeadm uses more human readable directory names for mount points
-  * Fix segfault if specified user was not in passwd, failuer in
-    getpwuid() is now checked
-  * Added tests for static linking to testcase
-  * Added missing tests to driver script
-
-- Do not include the 268MB testcase /usr/lib/libhugetlbfs/tests/obj32/linkhuge_rw.
-
-- Update to version 2.11
-  Bugfixes and new features are listed in the NEWS file in
-  /usr/share/doc/packages/libhugetlbfs/NEWS
-
-- Update to version 2.9:
-  * Add --no-reseve to hugectl to request mmap'd pages are not reserved
-    for kernels newer than 2.6.34
-  * Add --obey-numa-mempol to hugeadm to request static pool pages are
-    allocated following the process NUMA memory policy
-  * Add switch to let administrator limit new mount points by size or inodes
-  * cpupcstat now caches the value returned by tlmiss_cost.sh to avoid
-    rerunning the script
-  * When specifying huge page pool sizes with hugeadm, memory sizes can
-    be used as well as the number of huge pages
-  * DEFAULT is now a valid huge page pool for resizing, it will adjust
-    the pool for the default huge page size
-  * tlbmiss_cost.sh in the contrib/ sub directory will estimate the cost
-    in CPU cycles of a TLB miss on the arch where it is run
-  * Add python script which automates huge page pool setup with minimal
-    input required from user
-  * cpupcstat now supports data collection using the perf tool as well as
-    oprofile
-  * --explain reports if min_free_kbytes is too small
-  * add --set-min_free_kbytes to hugeadm
-
-- strip test binaries to fix build
-
-- Removed unused files
-
-- add workarounds for broken Makefile logic to detect arch
-
-- Package baselibs.conf
-
-- Fix typo in requires.
-
-- Update from version 2.0 to 2.5
-
liblangtag
+- Use full download url.
+- Apply patches from git to fix few build issues.
+
+- Fix Requires to demand glib2-devel not gtk1 variant
+  (thanks coolo)
+  * Fix copy&pasto in one summary.
+
+- Use both lpgl and mpl licenses.
+  * thanks to babelworx for the hint (merge request fails to
+    complete so doing it myself).
+
+- Fix desc not to contain mention of libexttextcat.
+
+- Add missing directory to the list.
+
+- Initial package. Version 0.4.0.
+
libmodulemd
+- Update to 2.12.0
+  + Add support for 'buildorder' to Packager documents
+  + Fix issue with ModuleIndex when input contains only Obsoletes documents
+  + Extend read_packager_[file|string]() to support overriding the module name
+    and stream.
+  + Ignore Packager documents when running ModuleIndex.update_from_*()
+  + Add python overrides for XMD in PackagerV3
+  + Add python override to ignore the GType return when reading packager files
+  + Add PackagerV3.get_mdversion()
+- Drop patch incorporated in this release
+  + Patch: 0001-Fix-integer-size-issue-on-32-bit-platforms.patch
+
libnettle
+- Security fix: [bsc#1184401, CVE-2021-20305]
+  * multiply function being called with out-of-range scalars
+  * Affects ecc-ecdsa-sign(), ecc_ecdsa_verify() and _eddsa_hash().
+- Add libnettle-CVE-2021-20305.patch
+
libodfgen
+- Build also the documentation
+
+- Version bump to 0.0.3:
+  - handle more table properties
+  - more SVG path commands
+  - allow to define center of rotation for a textbox
+  - make linked text boxes more robust
+  - add support for generating presentations (using libetonyek)
+  - start on API documentation
+
+- Use verbose build.
+
+- Upstream release 0.0.2
+  * Cleanup of build system
+  * Source code layout change, so that the public headers
+    can be directly included from the tarball
+  * Improvements in generation of borders and column separators
+
+- Drop zlib-devel as it is not really required
+
+- Upstream release 0.0.1
+  * Fix android build
+  * Fix different warnings
+  * Fix different wrong strings
+
+- Format the spec file.
+
+- Initial commit of odf generating library. Will be required by
+  libreoffice-4.1.
+
libostree
+- Enable LTO (boo#1133120) as it works now.
+
+- Update to version 2020.8:
+  + This release mostly contains scalability improvements and
+    bugfixes.
+  + Caching-related HTTP headers are now supported on summaries and
+    signatures, so that they do not have to be re-downloaded if not
+    changed in the meanwhile.
+  + Summaries and delta have been reworked to allow more
+    fine-grained fetching.
+  + Finally, this fixes several bugs related to atomic variables,
+    HTTP timeouts, and 32-bit architectures.
+- Changes from version 2020.7:
+  + Static deltas can now be signed to more easily support offline
+    verification.
+  + There's now support for multiple initramfs images; the idea
+    here is that one can have a "main" initramfs image and a
+    secondary one which represents local configuration.
+  + The documentation is now moved to
+    https://ostreedev.github.io/ostree/
+  + Lot of preparatory cleanups to the pull code landed for
+    upcoming work on indexing deltas outside of the summary.
+  + On the bugfix side, the biggest one is a fix for an assertion
+    failure when upgrading from systems before ostree supported
+    devicetree.
+  + Also notable is that ostree no longer hardlinks zero sized
+    files to avoid hitting filesystem maximum link counts.
+- Changes from version 2020.6:
+  + One notable feature: ostree now supports / and /boot being on
+    the same filesystem.
+  + Other than that it's mostly bugfixes; there is one quite
+    important one for anyone using the readonly=true for /sysroot
+    (which is still just Fedora CoreOS I suspect).
+  + There's some improvements to the GObject Introspection
+    metadata, some (cosmetic) static analyzer fixes, a fix for the
+    immutable bit on s390x, dropping a deprecated bit in the
+    systemd unit file, etc.
+- Changes from version 2020.5:
+  + This release primarily fixes a regression in 2020.4 where the
+    "readonly sysroot" changes incorrectly left the sysroot
+    read-only on systems that started out with a read-only / (most
+    of them, e.g. Fedora Silverblue/IoT at least).
+  + There's some additions to the pull API to aid flatpak.
+  + There were a few fixes to the man pages, and ostree show now
+    displays the parent commit.
+  + The default dracut config now enables reproducibility.
+  + On the "feature" side, there is a new ostree admin unlock
+  - -transient. We expect this to be a foundation for further
+  support for "live" updates.
+- Changes from version 2020.4:
+  + By far the biggest change in this release is new ed25519
+    signing support, powered by libsodium.
+  + stree commit gained a new --base argument, which significantly
+    simplifies constructing "derived" commits, particularly for
+    systems using SELinux.
+  + Handling of the read-only sysroot was reimplemented to run in
+    the initramfs and be more reliable. Enabling the readonly=true
+    flag in the repo config is recommended.
+  + Several bugs were fixed in locking for the temporary "staging"
+    directories OSTree creates, particularly on NFS.
+  + lib: Coerce flags enums to GIR bitfields changed some values to
+    be (correctly) flags - this may show up as incompatible for
+    GObject Introspection consumers (but not C).
+  + A new timestamp-check-from-rev option was added for pulls,
+    which makes downgrade protection more reliable and will be used
+    by Fedora CoreOS.
+  + Several fixes and enhancements were made for "collection" pulls
+    including a new --mirror option.
+  + The ostree commit command learned a new --mode-ro-executables
+    which enforces W^R semantics on all executables.
+  + A new commit metadata key (OSTREE_COMMIT_META_KEY_ARCHITECTURE)
+    was added to help standardize the architecture of the OSTree
+    commit. This could be used on the client side for example to
+    sanity-check that the commit matches the architecture of the
+    machine before deploying.
+
+- Stop invalid usage of %_libexecdir:
+  + Use %{_prefix}/lib where appropriate.
+  + Use _systemdgeneratordir for the systemd-generators.
+  + Define _dracutmodulesdir based on dracut.pc. Add
+    BuildRequires(dracut) for this to work.
+
librevenge
+- Initial package for librevenge
+- 0001-fix-type-sizes-for-CPPUNIT_ASSERT_EQUAL.patch
+  * fix make check on some architectures.
+- 0001-fix-license-headers-for-gdb-printers.patch
+  * pretty printers are licensed MPL-2.0 by their author.
+
librsvg
+- Update to version 2.46.5:
+  + Update dependent crates that had security vulnerabilities:
+    generic-array to 0.12.4 - RUSTSEC-2020-0146
+    smallvec to 0.6.14      - RUSTSEC-2021-0003 - CVE-2021-25900
+  + There are no changes to the library code.
+  + Fix bash-isms in Makefile.am (Tin-Wei Lan).
+  + Fix Visual Studio build (Chun-wei Fan).
+- bsc#1183403 - CVE-2021-25900 - buffer overflow in the smallvec crate.
+
libsolv
+- fix rare segfault in resolve_jobrules() that could happen
+  if new rules are learnt
+- fix a couple of memory leaks in error cases
+- fix error handling in solv_xfopen_fd()
+- bump version to 0.7.19
+
+- fixed regex code on win32
+- fixed memory leak in choice rule generation
+- repo_add_conda: add flag to skip v2 packages
+- bump version to 0.7.18
+
libvoikko
+- Fix wrong size parameter in memset call
+
+- Remove redundant/unwanted tags/section (cf. specfile guidelines)
+- Use %_smp_mflags for parallel building
+
+- add libtool as buildrequire to avoid implicit dependency
+
+- Add missing baselibs.conf.
+
+- Updated to version 2.1:
+  * Add option for accepting unfinished paragraphs.
+  * Add option VOIKKO_OPT_HYPHENATE_UNKNOWN_WORDS.
+  * Add option VOIKKO_OPT_ACCEPT_BULLETED_LISTS_IN_GC.
+  * Add support for environment variable VOIKKO_DICTIONARY.
+  * Disable character case checks completely within quotations.
+  * Disable character case checks if sentence contains a tab character.
+  * Disable checks for paragraphs that contain only an URL or some other
+    non-standard text.
+  * Read replacement suggestions from data/autocorrect/fi_FI.xml.
+  * Do not try to check character case for sentences that have been written
+    fully in upper case.
+  * Allow sentences to start with a digit.
+  * Refactoring and porting to C++.
+- Added gcc-c++ python python-xml into BuildRequires
+- Added libvoikko-2.1-ac-macro-dir.diff, fixed autoreconf to run (sf#2810258)
+
libwpd
+- upgrade to version 0.9.6:
+  - Experimental support of Zip storage along with Ole.
+  - Add WPX_SEEK_END enum member in order to speed up the Zip
+    operations.
+  - Numerous fixes of coverity and cppcheck warnings and errors.
+- upstream patch to really enable Zip stream.
+- package build depends on zlib-devel.
+
+- Use SPDX-style license field
+
+- Build with fvisibility-inlines-hidden, saves around
+  600 entries in the exported symbol table.
+
+- Remove redundant/unwanted tags/section (cf. specfile guidelines)
+- Use %_smp_mflags for parallel building
+- Set proper group on subpackages
+
+- upgrade to version 0.9.4:
+  - Remove autopackage packaging that nobody uses (Fridrich)
+  - Don't output points as integer. This solves some rounding
+    issues along with the possibility of writing 10.5 point
+    font size (Fridrich)
+  - General improvement of code quality by buiding
+    with -Weffc++ option (Fridrich)
+  - Improvement of textbox code (Laurent Alonso)
+  - Fixes of autotools Windows build (Fridrich)
+- remove obsolete unnecessary patch
+
+- upgrade to version 0.9.3:
+- Improvement of arabic charset mapping (Smokey Ardisson)
+- Build system rewrite and improvement (Tomas Chvatal)
+- Cleanup of return values (Thomas Klausner)
+- Fix crashes with WP 2.1 for Mac documents (Fridrich)
+- Fix bug in WPXPropertyList::operator= (Fridrich)
+- Fix memory issues in some WPXProperty's derived classes (Fridrich)
+- Conversion of extended characters in WP 42 parser (Fridrich)
+- Various fixes for building inside LibreOffice (Tor Lillqvist, Jan Holesovky)
+
+- Do not include build dates in docs, messes up build-compare
+
+- upgrade to version 0.9.2:
+  - Fix build with gcc 4.6.x (Caolan McNamara)
+  - Handle graciously corrupted WP6 prefix data (Fridrich)
+  - Initial conversion of Mac double byte script characters (Fridrich)
+  - Internally use UCS4 instead of UCS2 (Fridrich)
+  - Add Arabic character conversion for WP5 parser (Fridrich)
+  - Allow conversion of one WP character to a sequence of unicode
+    characters (Fridrich)
+  - Miscellaneous conversion fixes (Edward Mendelson, Fridrich)
+  - Parse correctly WP 2 for Mac documents without resource fork (Fridrich)
+  - Improvements in parsing of pictures in WP1 parser (Fridrich)
+  - Fix wrong sizes of some functions in WP1 and WP42 parsers (Fridrich)
+  - Fix handling of character attributes (Fridrich)
+
+- Add missing includes to fix compilation with gcc 4.6
+
+- upgrade to version 0.9.0:
+  - Conversion of page-numbering (William)
+  - Conversion of embedded images and text boxes in WP1, WP3, WP5 and WP6
+    documents (Fridrich)
+  - Conversion of password protected WP1, WP3, WP42 and WP5 documents
+    (Fridrich)
+  - Conversion of annotations/comments in WP6 parser (Fridrich)
+  - Fix some Greek characters so that Text written in WP5.1 with Printer
+    Polyglott convert correct.
+  - Fix Unicode mappings of some older Symbol and Dingbats fonts (Fridrich)
+  - Drop the libgsf dependency in favour of pure C++ implementation of the
+    WPXInputStream interface (Fridrich, Ariya)
+  - Fix the footnote/endnote/comment/annotation/textbox writing in wpd2html
+    converter
+  - Improve metadata parsing (David Hislop)
+
libwpg
+- Build with -fvisibility-inlines-hidden
+
+- Upgrade to upstream 0.2.1
+  - Improvement of line styles and
+  - General conversion fidelity
+
+- Do not include build dates in documentation, messes up build-compare
+
+- Upgrade to a new ABI version needed by LibreOffice 3.3.0 (don't run autoreconf which is not needed anymore)
+
libxml2
+- Security fix: [bsc#1185408, CVE-2021-3518]
+  * Fix use-after-free in xinclude.c:xmlXIncludeDoProcess()
+  * Add libxml2-CVE-2021-3518.patch
+
+- Security fix: [bsc#1185410, CVE-2021-3517]
+  * Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal()
+  * Add libxml2-CVE-2021-3517.patch
+
+- Security fix: [bsc#1185409, CVE-2021-3516]
+  * Fix use-after-free in entities.c:xmlEncodeEntitiesInternal()
+  * Add libxml2-CVE-2021-3516.patch
+
libzypp
+- Properly handle permission denied when providing optional files
+  (bsc#1185239)
+- Fix sevice detection with cgroupv2 (bsc#1184997)
+- version 17.25.10 (22)
+
+- Add missing includes for GCC 11 (bsc#1181874)
+- Fix unsafe usage of static in media verifier.
+- Solver: Avoid segfault if no system is loaded (bsc#1183628)
+- MediaVerifier: Relax media set verification in case of a single
+  not-volatile medium (bsc#1180851)
+- Do no cleanup in custom cache dirs (bsc#1182936)
+- ZConfig: let pubkeyCachePath follow repoCachePath.
+- version 17.25.9 (22)
+
-- Patch: Identify well-known category names (bsc#117984)
+- Patch: Identify well-known category names (bsc#1179847)
-- Add missing includes for GCC 11 compatibility.
+- Add missing includes for GCC 11 compatibility. (bsc#1181874)
lirc
+- Update to version 0.9.1a
+  + configuration file setup hotfix.
+  + --output option hotfix.
+- Changes from version 0.9.1
+  + Added systemd support: unit files, socket activation.
+  + Default config files are installed in /etc, use --install-etc
+    to disable.
+  + Building kernel modules is not supported.
+  + New config file lirc_options.conf with cli options default values.
+  + Automagically sets the lirc protocol for /dev/rc devices.
+  + Whitespace cleanup and git hook to enforce whitespace handling.
+  + Docs are built as part of normal build process.
+  + Bugfixes
+  + Autotools update and Darwin fixes.
+  + docs: Added new Configuration Guide
+- Specfile clean-up
+  + Remove obsolete macros
+  + Use %configure
+- Use systemd instead of sysvinit
+- Drop sysconfig support
+- Add  disable-kernel-rc subpackage; allow user to easily replace
+  in-kernel solution with lirc
+- Add patches from Fedora
+  + 0001-Fix-segfault-when-starting-lircd-AUR-41581.patch
+  + 0002-lircd-Fix-bad-default-for-lircdfile.patch
+  + 0003-0.9.1a-Bugfix-segfault-when-parsing-connect-in-confi.patch
+  + 0004-lircd-fix-compiler-error-format-security-error.patch
+- Install remote configuration files in the correct location
+- Do not ghost lirc configuration files anymore; there are now
+  real and installed by lirc
+- Build with -fno-strict-aliasing; alsa module would break with
+  new gcc
+
+- use _rundir macro
+
+- fix build with automake-1.13.1
+
+- install the udev rules in /usr/lib/udev for factory and above
+
+- move udev rules files from /etc to /lib
+
+- update to version 0.9.0:
+  * Remove mceusb, streamzap, it8x, ene0100 drivers, as they're
+    now redundant with upstream kernel drivers
+  * fix oops unplugging igorplugusb receiver while in use
+  * more error-checking for NULL irctl in various lirc_dev paths
+  * add support for Monueal Moncaso IR to mplay driver
+  * add another PNP device ID to lirc_it87
+  * drop references to static chardev major number 61, we use dynamic
+  * resync lirc_dev with what was merged in the kernel
+  * reformat code using indent to look more like Linux kernel code
+  * drop explicit support for kernels older than 2.6.18
+  * adapt to using lirc.h as merged in the upstream linux kernel
+  * non-LONG_IR_CODE option dropped, its been the default for years
+  * use portable type definitions all over the place
+  * drop an old GLIBC work-around for printing 64-bit values
+  * fix timing-specific repeat-after-release issue
+- drop lirc-0.8.7-lirc_h.diff and lirc-0.8.7-lirc_h_2.diff: fixed
+  upstream
+- clean spec file with spec-cleaner
+
+- build with Igor Cesko receiver and transmitter diode support
+
+- add libtool as buildrequire to avoid implicit dependency
+
+- fix lircd not working with in-kernel drivers (bnc#668427)
+
+- fix the LIRCD_LISTENPORT setting (bnc#661841)
+
+- update to version 0.8.7
+  * updated mceusb support to properly initialize 3rd-gen hardware
+  * updated imon driver that doesn't corrupt their displays
+  * hack to make not-in-lirc zilog driver function with larger values
+
+- update to 0.8.7pre3 release
+  * improved usb-uirt support for FreeBSD (John Wehle)
+  * spurious locking complaint fixes for FreeBSD (John Wehle)
+  * added support for new Command IR III hardware (Matthew Bodkin)
+  * updated mceusb support to properly initialize 3rd-gen hardware
+  * updated imon driver that doesn't corrupt their displays
+  * hack to make not-in-lirc zilog driver function with larger values
+  * added support for Aureal ATWF@83-W001 ESKY.CC remote (Romain Henriet)
+  * added transmit support to driver for ENE CIR port
+    (only few devices support that)
+  * made generation of automatic release events in lircd more robust
+  * added tira_raw driver for the Ira/Tira receivers that supports
+    receiving in timing mode, the tira driver now supports transmit
+    (Arnold Pakolitz)
+  * added support for DFC USB InfraRed Remote Control (Davio Franke)
+  * added support for simple transmitter circuit connected to
+    soundcard (Bob van Loosen)
+  * added support for Philips SRM 7500 RF remote (Henning Glawe)
+
+- update to 0.8.7pre1 release
+  * just minor bugfixes compared to previous cvs snapshot
+
+- update to current CVS to fix build with newer kernels
+
+- don't package files in /var/run
+- fix package descriptions
+
+- use correct location of devinput config (bnc#570665)
+- use /dev/lirc0 as fallback (bnc#552455)
+- rework init script
+
+- add baselibs.conf as a source
+
+- new version 0.8.6
+  * added support for ENE KB3926 revision B/C/D (ENE0100) CIR port
+    (found on some notebooks, e.g: Acer Aspire 5720G, HP Pavilion dv5)
+    (Maxim Levitsky)
+  * merged 1st-gen mceusb device support into lirc_mceusb2,
+    renamed lirc_mceusb2 to lirc_mceusb
+  * added support for putting iMON receviers into MCE/RC6 mode
+  * added input subsystem mouse device support to iMON driver
+  * improved iMON driver to handle dual-interface iMON devices
+    via a single lirc device, reducing configuration complexity
+  * added support for more iMON devices, including proper support
+    for touchscreen iMON devices (Rene Harder)
+  * improved iMON driver including touchscreen support
+  * Linux input support added to lircmd
+  * added support for IT8720 CIR port
+  * moved default lircd, lircmd and lircrcd config file locations to
+    /etc/lirc/lircd.conf, /etc/lirc/lircmd.conf and /etc/lirc/lircrc
+  * moved lircd socket from /dev/lircd to /var/run/lirc/lircd
+  * moved default pid file location from /var/run/lircd.pid to
+    /var/run/lirc/lircd.pid
+  * added support for XMP protocol
+
+- remove Provides: lirc-devel from main package (bnc#539230)
+
+- split package to lirc, lirc-remotes, lirc-devel and liblirc_client0
+
+- new versio 0.8.5
+  * added support for Winbond 8769L CIR port (e.g. found on Acer
+    Aspire 6530G) (Juan J. Garcia de Soria)
+  * added support for FTDI FT232-based IR Receiver
+  * Linux input event generation using uinput
+  * standardised namespace following Linux input conventions
+  * added support for Awox RF/IR Remote (Arif)
+  * added support for new iMon LCD devices
+  * added support for Antec-branded iMon LCD and VFD devices
+
lvm2
+- Add metadata-based autoactivation property for VG and LV (bsc#1178680)
+  + bug-1178680_add-metadata-based-autoactivation-property-for-VG-an.patch
+
mpfr
+- Add cummulative patch mpfr-4.0.2-p6.patch fixing various bugs.
+
+- Add floating-point-format-no-lto.patch in order to fix assembler scanning
+  (boo#1141190).
+
+- Update to mpfr 4.0.2
+  * Cummulative bugfix release, includes mpfr-4.0.1-cummulative-patch.patch.
+
+- Fix %install_info_delete usage:
+  * It has to be performed in %preun not in %postun.
+  * See https://en.opensuse.org/openSUSE:Packaging_Conventions_RPM_Macros#.25install_info_delete.
+
+- Add mpfr-4.0.1-cummulative-patch.patch.  Fixes
+  * A subtraction of two numbers of the same sign or addition of two
+    numbers of different signs can be rounded incorrectly (and the
+    ternary value can be incorrect) when one of the two inputs is
+    reused as the output (destination) and all these MPFR numbers
+    have exactly GMP_NUMB_BITS bits of precision (typically, 32 bits
+    on 32-bit machines, 64 bits on 64-bit machines).
+  * The mpfr_fma and mpfr_fms functions can behave incorrectly in case
+    of internal overflow or underflow.
+  * The result of the mpfr_sqr function can be rounded incorrectly
+    in a rare case near underflow when the destination has exactly
+    GMP_NUMB_BITS bits of precision (typically, 32 bits on 32-bit
+    machines, 64 bits on 64-bit machines) and the input has at most
+    GMP_NUMB_BITS bits of precision.
+  * The behavior and documentation of the mpfr_get_str function are
+    inconsistent concerning the minimum precision (this is related to
+    the change of the minimum precision from 2 to 1 in MPFR 4.0.0). The
+    get_str patch fixes this issue in the following way: the value 1
+    can now be provided for n (4th argument of mpfr_get_str); if n = 0,
+    then the number of significant digits in the output string can now
+    be 1, as already implied by the documentation (but the code was
+    increasing it to 2).
+  * The mpfr_cmp_q function can behave incorrectly when the rational
+    (mpq_t) number has a null denominator.
+  * The mpfr_inp_str and mpfr_out_str functions might behave
+    incorrectly when the stream is a null pointer: the stream is
+    replaced by stdin and stdout, respectively. This behavior is
+    useless, not documented (thus incorrect in case a null pointer
+    would have a special meaning), and not consistent with other
+    input/output functions.
+
-- Add Source URL, see https://en.opensuse.org/SourceUrls
-
-- Update to version 3.1.2.
-  * Bug fixes
-  * Updated examples to the MPFR 3.x API
-
-- Update to version 3.1.1.
-  * Bug fixes
-
-- patch license to follow spdx.org standard
-
-- Remove redundant tags/sections per specfile guideline suggestions
-
-- Update to version 3.1.0.
-  * The mpfr_urandom and mpfr_urandomb functions now return identical
-    values on processors with different word size.
-  * Speed improvement for the mpfr_sqr and mpfr_div functions using
-    Mulders' algorithm.
-  * Much faster formatted output (mpfr_printf, etc.) with %Rg and similar.
-  * New divide-by-zero exception (flag) and associated functions.
-- Remove bogus provides/obsoletes for old shared library version.
-- Fix license, it is LGPL v3 or later.
-
-- Update to version 3.0.1.
-  * Minor bugfixes.
-
-- Update to version 3.0.0.
-  * Bump SO version to 4.
-
-- use %_smp_mflags
-
-- PA-Risc is not threadsafe just as sparc
-
-- add baselibs.conf to specfile as source
-
-- Do not use --enable-thread-safe on SPARC (Fedora does the same) -
-  the tests segfault if TS is enabled
-
-- Update to version 2.4.2.
-  * Bug and documentation fixes.
-
-- Add x86 baselibs entry.
-
-- Update to version 2.4.1 (no changes).
-- Apply current cummulative bugfixing patch.
-  * mpfr_fmod, mpfr_remainder and mpfr_remquo rounding issues.
-  * incorrect type in vasprintf.c.
-  * wrong type in mpfr_zeta_ui.
-
nautilus
+- Update set_trusted.sh: Use the right value in gio command
+  (bsc#1185026).
+
+- Update to version 3.34.3 (bsc#1171506):
+  + Revert icon emblem fixes in order to prevent performance
+    issues.
+  + Fix crashes often happening when searching.
+  + Fix crashes after conflict dialog response.
+
openexr
+  fix CVE-2021-23215 [bsc#1185216], Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers
+  fix CVE-2021-26260 [bsc#1185217], Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers
+  + openexr-CVE-2021-23215,26260.patch
+
+- security update
+- modified patches
+  % openexr-CVE-2021-3474.patch (splitted into openexr-CVE-2021-20296.patch)
+- added patches
+  fix CVE-2021-20296 [bsc#1184355], Segv on unknown address in Imf_2_5:hufUncompress - Null Pointer dereference
+  + openexr-CVE-2021-20296.patch
+  fix CVE-2021-3477 [bsc#1184353], Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts
+  + openexr-CVE-2021-3477.patch
+  fix CVE-2021-3479 [bsc#1184354], Out-of-memory caused by allocation of a very large buffer
+  + openexr-CVE-2021-3479.patch
+
+- security update
+- added patches
+  fix CVE-2021-3474 [bsc#1184174], Undefined-shift in Imf_2_5::FastHufDecoder::FastHufDecoder
+  + openexr-CVE-2021-3474.patch
+  fix CVE-2021-3475 [bsc#1184173], Integer-overflow in Imf_2_5::calculateNumTiles
+  + openexr-CVE-2021-3475.patch
+  fix CVE-2021-3476 [bsc#1184172], Undefined-shift in Imf_2_5::unpack14
+  + openexr-CVE-2021-3476.patch
+
+- security update
+- added patches
openldap2
+- bsc#1182791 - improve proxy connection timout options to correctly
+  prune connections.
+  * 0225-ITS-8625-Separate-Avlnode-and-TAvlnode-types.patch
+  * 0226-ITS-9197-back-ldap-added-task-that-prunes-expired-co.patch
+  * 0227-ITS-9197-Increase-timeouts-in-test-case-due-to-spora.patch
+  * 0228-ITS-9197-fix-typo-in-prev-commit.patch
+  * 0229-ITS-9197-Fix-test-script.patch
+  * 0230-ITS-9197-fix-info-msg-for-slapd-check.patch
+
openslp
+- Implement automatic active discovery retries so that DAs do
+  not get dropped if they are not reachable for some time
+  [bnc#1166637] [bnc#1184008]
+  new patch: openslp.unicastactivediscovery.diff
+
openssl-1_1
+- Don't list disapproved cipher algorithms while in FIPS mode
+  * openssl-1.1.1-fips_list_ciphers.patch
+  * bsc#1161276
+
p7zip
+- Add almost-upstream CVE-2021-3465.patch (bsc#1184699, CVE-2021-3465)
+
patterns-base
+- Recommending openSUSE-signkey-cert in the base pattern bsc#1182641
+
perl-Image-ExifTool
+- Update to version 12.25 fixes (boo#1185547)
+  * JPEG XL support is now official
+  * Added read support for Medical Research Council (MRC) image
+    files
+  * Added ability to write a number of 3gp tags in video files
+  * Added a new Sony PictureProfile value (thanks Jos Roost)
+  * Added a new Sony LensType (thanks LibRaw)
+  * Added a new Nikon LensID (thanks Niels Kristian Bech Jensen)
+  * Added a new Canon LensType
+  * Decode more GPS information from Blackvue dashcam videos
+  * Decode a couple of new NikonSettings tags (thanks Warren
+    Hatch)
+  * Decode a few new RIFF tags
+  * Improved Validate option to add minor warning if standard
+    XMP is missing xpacket wrapper
+  * Avoid decoding some large arrays in DNG images to improve
+    performance unless the -m option is used
+  * Patched bug that could give runtime warning when trying to
+    write an empty XMP structure
+  * Fixed decoding of ImageWidth/Height for JPEG XL images
+  * Fixed problem were Microsoft Xtra tags couldn't be deleted
+  version 12.24:
+  * Added a new PhaseOne RawFormat value (thanks LibRaw)
+  * Decode a new Sony tag (thanks Jos Roost)
+  * Decode a few new Panasonic and FujiFilm tags (thanks LibRaw
+    and Greybeard)
+  * Patched security vulnerability in DjVu reader
+  * Updated acdsee.config in distribution (thanks StarGeek)
+  * Recognize AutoCAD DXF files
+  * More work on experimental JUMBF read support
+  * More work on experimental JPEG XL read/write support
+  version 12.23:
+  * Added support for Olympus ORI files
+  * Added experimental read/write support for JPEG XL images
+  * Added experimental read support for JUMBF metadata in JPEG
+    and Jpeg2000 images
+  * Added built-in support for parsing GPS track from Denver
+    ACG-8050 videos
+    with the -ee option
+  * Added a some new Sony lenses (thanks Jos Roost and LibRaw)
+  * Changed priority of Samsung trailer tags so the first
+    DepthMapImage takes
+    precedence when -a is not used
+  * Improved identification of M4A audio files
+  * Patched to avoid escaping ',' in "Binary data" message when
+  - struct is used
+  * Removed Unknown flag from MXF VideoCodingSchemeID tag
+  * Fixed -forcewrite=EXIF to apply to EXIF in binary header of
+    EPS files
+  * API Changes:
+    + Added BlockExtract option
+  version 12.22:
+  * Added a few new Sony LensTypes and a new SonyModelID (thanks
+    Jos Roost and LibRaw)
+  * Added Extra BaseName tag
+  * Added a new CanonModelID (thanks LibRaw)
+  * Decode timed GPS from unlisted programs in M2TS videos with
+    the -ee3 option
+  * Decode more Sony rtmd tags
+  * Decode some tags for the Sony ILME-FX3 (thanks Jos Roost)
+  * Allow negative values to be written to XMP-aux:LensID
+  * Recognize HEVC video program in M2TS files
+  * Enhanced -b option so --b suppresses tags with binary data
+  * Improved flexibility when writing GPS coordinates:
+    + Now pulls latitude and longitude from a combined
+    GPSCoordinates string
+    + Recognizes the full word "South" and "West" to write
+    negative coordinates
+  * Improved warning when trying to write an integer QuickTime
+    date/time tag and Time::Local is not available
+  * Convert GPSSpeed from mph to km/h in timed GPS from Garmin
+    MP4 videos
+  version 12.21:
+  * Added a few new iOS QuickTime tags
+  * Decode a couple more Sony rtmd tags
+  * Patch to avoid possible "Use of uninitialized value" warning
+    when attempting to write QuickTime date/time tags with an
+    invalid value
+  * Fixed problem writing Microsoft Xtra tags
+  * Fixed Windows daylight savings time patch for file times
+    that was broken in 12.19 (however directory times will not
+    yet handle DST properly)
+  version 12.20:
+  * Added ability to write some Microsoft Xtra tags in MOV/MP4
+    videos
+  * Added two new Canon LensType values (thanks Norbert Wasser)
+  * Added a new Nikon LensID
+  * Fixed problem reading FITS comments that start before column
+    11
+  version 12.19:
+  * Added -list_dir option
+  * Added the "ls-l" Shortcut tag
+  * Extract Comment and History from FITS files
+  * Enhanced FilePermissions to include device type (similar to
+    "ls -l")
+  * Changed the name of Apple ContentIdentifier tag to
+    MediaGroupUUID (thanks Neal Krawetz)
+  * Fixed a potential "substr outside of string" runtime error
+    when reading corrupted EXIF
+  * Fixed edge case where NikonScanIFD may not be copied
+    properly when copying MakerNotes to another file
+  * API Changes:
+    + Added ability to read/write System tags of directories
+    + Enhanced GetAllGroups() to support family 7 and take
+    optional ExifTool reference
+    + Changed QuickTimeHandler option default to 1
+  version 12.18:
+  * Added a new SonyModelID
+  * Decode a number of Sony tags for the ILCE-1 (thanks Jos
+    Roost)
+  * Decode a couple of new Canon tags (thanks LibRaw)
+  * Patched to read differently formatted UserData:Keywords as
+    written by iPhone
+  * Patched to tolerate out-of-order Nikon MakerNote IFD entries
+    when obtaining tags necessary for decryption
+  * Fixed a few possible Condition warnings for some
+    NikonSettings tags
+  version 12.17:
+  * Added a new Canon FocusMode value
+  * Added a new FujiFilm FilmMode value
+  * Added a number of new XMP-crs tags (thanks Herb)
+  * Decode a new H264 MDPM tag
+  * Allow non-conforming lower-case XMP boolean "true" and
+    "false" values to be written, but only when print conversion
+    is disabled
+  * Improved Validate option to warn about non-capitalized
+    boolean XMP values
+  * Improved logic for setting GPSLatitude/LongitudeRef values
+    when writing
+  * Changed -json and -php options so the -a option is implied
+    even without the -g option
+  * Avoid extracting audio/video data from AVI videos when -ee
+  - u is used
+  * Patched decoding of Canon ContinuousShootingSpeed for newer
+    firmware versions of the EOS-1DXmkIII
+  * Re-worked LensID patch of version 12.00 (github issue #51)
+  * Fixed a few typos in newly-added NikonSettings tags (thanks
+    Herb)
+  * Fixed problem where group could not be specified for
+    PNG-pHYs tags when writing
+  version 12.16:
+  * Extract another form of video subtitle text
+  * Enhanced -ee option with -ee2 and -ee3 to allow parsing of
+    the H264 video stream in MP4 files
+  * Changed a Nikon FlashMode value
+  * Fixed problem that caused a failed DPX test on Strawberry
+    Perl
+  * API Changes:
+    + Enhanced ExtractEmbedded option
+  version 12.15:
+  * Added a couple of new Sony LensType values (thanks LibRaw
+    and Jos Roost)
+  * Added a new Nikon FlashMode value (thanks Mike)
+  * Decode NikonSettings (thanks Warren Hatch)
+  * Decode thermal information from DJI RJPEG images
+  * Fixed extra newline in -echo3 and -echo4 outputs added in
+    version 12.10
+  * Fixed out-of-memory problem when writing some very large PNG
+    files under Windows
+  version 12.14:
+  * Added support for 2 more types of timed GPS in video files
+    (that makes 49 different formats now supported)
+  * Added validity check for PDF trailer dictionary Size
+  * Added a new Pentax LensType
+  * Extract metadata from Jpeg2000 Association box
+  * Changed -g:XX:YY and -G:XX:YY options to show empty strings
+    for non-existent groups
+  * Patched to issue warning and avoid writing date/time values
+    with a zero month or day number
+  * Patched to avoid runtime warnings if trying to set FileName
+    to an empty string
+  * Fixed issue that could cause GPS test number 12 to fail on
+    some systems
+  * Fixed problem extracting XML as a block from Jpeg2000
+    images, and extract XML tags in the XML group instead of XMP
+- Update URL
+
+- update to 12.13:
+  - Add time zone automatically to most string-based QuickTime date/time tags
+    when writing unless the PrintConv option is disabled
+  - Added -i HIDDEN option to ignore files with names that start with "."
+  - Added a few new Nikon ShutterMode values (thanks Jan Skoda)
+  - Added ability to write Google GCamera MicroVideo XMP tags
+  - Decode a new Sony tag (thanks LibRaw)
+  - Changed behaviour when writing only pseudo tags to return an error and avoid
+    writing any other tags if writing FileName fails
+  - Print "X image files read" message even if only 1 file is read when at least
+    one other file has failed the -if condition
+  - Added ability to geotag from DJI CSV log files
+  - Added a new CanonModelID
+  - Added a couple of new Sony LensType values (thanks LibRaw)
+  - Enhanced -csvDelim option to allow "\t", "\n", "\r" and "\\"
+  - Unescape "\b" and "\f" in imported JSON values
+  - Fixed bug introduced in 12.10 which generated a "Not an integer" warning
+    when attempting to shift some QuickTime date/time tags
+  - Fixed shared-write permission problem with -@ argfile when using -stay_open
+    and a filename containing special characters on Windows
+  - Added -csvDelim option
+  - Added new Canon and Olympus LensType values (thanks LibRaw)
+  - Added a warning if ICC_Profile is deleted from an image (github issue #63)
+  - EndDir() function for -if option now works when -fileOrder is used
+  - Changed FileSize conversion to use binary prefixes since that is how the
+    conversion is currently done (eg. MiB instead of MB)
+  - Patched -csv option so columns aren't resorted when using -G option and one
+    of the tags is missing from a file
+  - Fixed incompatiblity with Google Photos when writing UserData:GPSCoordinates
+    to MP4 videos
+  - Fixed problem where the tags available in a -p format string were limited to
+    the same as the -if[NUM] option when NUM was specified
+  - Fixed incorrect decoding of SourceFileIndex/SourceDirectoryIndex for Ricoh
+    models
+
+- Update to 12.10
+  * Added -validate test for proper TIFF magic number in
+    JPEG EXIF header
+  * Added support for Nikon Z7 LensData version 0801
+  * Added a new XMP-GPano tag
+  * Decode ColorData for the Canon EOS 1DXmkIII
+  * Decode more tags for the Sony ILCE-7SM3
+  * Automatically apply QuickTimeUTC option for CR3 files
+  * Improved decoding of XAttrMDLabel from MacOS files
+  * Ignore time zones when writing date/time values and
+    using the -d option
+  * Enhanced -echo3 and -echo4 options to allow exit status
+    to be returned
+  * Changed -execute so the -q option no longer suppresses
+    the "{ready}" message when a synchronization number is used
+  * Added ability to copy CanonMakerNotes from CR3 images
+    to other file types
+  * Added read support for ON1 presets file (.ONP)
+  * Added two new CanonModelID values
+  * Added trailing "/" when writing QuickTime:GPSCoordinates
+  * Added a number of new XMP-crs tags
+  * Added a new Sony LensType (thanks Jos Roost)
+  * Added a new Nikon Z lens (thanks LibRaw)
+  * Added a new Canon LensType
+  * Decode ColorData for Canon EOS R5/R6
+  * Decode a couple of new HEIF tags
+  * Decode FirmwareVersion for Canon M50
+  * Improved decoding of Sony CreativeStyle tags
+  * Improved parsing of Radiance files to recognize comments
+  * Renamed GIF AspectRatio tag to PixelAspectRatio
+  * Patched EndDir() feature so subdirectories are always
+    processed when -r is used (previously, EndDir() would
+    end processing of a directory completely)
+  * Avoid loading GoPro module unnecessarily when reading MP4 videos
+    from some other cameras
+  * Fixed problem with an incorrect naming of CodecID tags in some
+    MKV videos
+  * Fixed verbose output to avoid "adding" messages for
+    existing flattened XMP tags
+  * Added a new Sony LensType
+  * Recognize Mac OS X xattr files
+  * Extract ThumbnailImage from MP4 videos of more dashcam models
+  * Improved decoding of a number of Sony tags
+  * Fixed problem where the special -if EndDir() function didn't
+    work properly for directories after the one in which
+    it was initially called
+  * Patched to read DLL files which don't have a .rsrc section
+  * Patched to support new IGC date format when geotagging
+  * Patched to read DLL files with an invalid size in the header
+  * Added support for GoPro .360 videos
+  * Added some new Canon RF and Nikkor Z lenses
+  * Added some new Sony LensType and CreativeStyle values
+    and decode some ILCE-7C tags
+  * Added a number of new Olympus SceneMode values
+  * Added a new Nikon LensID
+  * Decode more timed metadata from Insta360 videos
+  * Decode timed GPS from videos of more Garmin dashcam models
+  * Decode a new GoPro video tag
+  * Reformat time-only EventTime values when writing and prevent
+    arbitrary strings from being written
+  * Patched to accept backslashes in SourceFile entries for -csv option
+
+- update to 12.06
+  - Added read support for Lyrics3 metadata (and fixed problem
+    where APE metadata may be ignored if Lyrics3 exists)
+  - Added a new Panasonic VideoBurstMode value
+  - Added a new Olympus MultipleExposureMode value
+  - Added a new Nikon LensID
+  - Added back conversions for XMP-dwc EventTime that were removed
+    in 12.04 with a patch to allow time-only values
+  - Decode GIF AspectRatio
+  - Decode Olympus FocusBracketStepSize
+  - Extract PNG iDOT chunk in Binary format with the
+    name AppleDataOffsets
+  - Process PNG images which do not start with mandatory
+    IHDR chunk
+  - Added a new Panasonic SelfTimer value
+  - Decode a few more DPX tags
+  - Extract AIFF APPL tag as ApplicationData
+  - Fixed bug writing QuickTime ItemList 'gnre' Genre values
+  - Fixed an incorrect value for Panasonic VideoBurstResolution
+  - Fixed problem when applying a time shift to some invalid
+    makernote date/time values
+
+- update to 12.04:
+  * See /usr/share/doc/packages/perl-Image-ExifTool/Change
+
+- update to 11.50, see Image-ExifTool-11.50.tar.gz for details
+
+- Update to version 11.30:
+  * Add a new Sony/Minolta LensType.
+  * Decode streaming metadata from TomTom Bandit Action Cam MP4
+    videos.
+  * Decode Reconyx HF2 PRO maker notes.
+  * Decode ColorData for some new Canon models.
+  * Enhanced -geotag feature to set AmbientTemperature if
+    available.
+  * Remove non-significant spaces from some DICOM values.
+  * Fix possible "'x' outside of string" error when reading
+    corrupted EXIF.
+  * Fix incorrect write group for GeoTIFF tags.
+
+- Update to version 11.29
+  * See /usr/share/doc/packages/perl-Image-ExifTool/Changes
+
+- Update to version 11.27
+  * See /usr/share/doc/packages/perl-Image-ExifTool/Changes
+
+- Update to version 11.24
+  * See /usr/share/doc/packages/perl-Image-ExifTool/Changes
+
+- Update to version 11.11 (changes since 11.01):
+  * See /usr/share/doc/packages/perl-Image-ExifTool/Changes
+
+- Update to 11.01:
+  * Added a new ProfileCMMType
+  * Added a Validate warning about non-standard EXIF or XMP in
+    PNG images
+  * Added a new Canon LensType
+  * Decode a couple more PanasonicRaw tags
+  * Patched to avoid adding tags to QuickTime videos with multiple
+    'mdat' atoms --> avoids potential corruption of these videos!
+
+- Update to 11.00:
+  * Added read support for WTV and DVR-MS videos
+  * Added print conversions for some ASF date/time tags
+  * Added a new SonyModelID
+  * Decode a new PanasonicRaw tag
+  * Decode some new Sony RX100 VI tags
+  * Made Padding and OffsetSchema tags "unsafe" so they
+    aren't copied by default
+
permissions
+- Update to version 20181225:
+  * etc/permissions: remove unnecessary entries (bsc#1182899)
+
plasma5-desktop
+- Add upstream patch to fix renaming files on the desktop via the
+  keyboard shortcut (boo#1174487, kde#425436):
+  * 0001-Fix-renaming-shortcut-for-files-selected-via-selecti.patch
+
plasma5-workspace
+- Add upstream patch to fix broken/missing "Switch User"
+  functionality with systemd 246 (boo#1177223, kde#427777):
+  * Fix-missing-Switch-User-with-systemd-246.patch
+
plymouth
+- Pickup plymouth-only_use_fb_for_cirrus_bochs.patch: Currently our
+  kernel hardware support need this fix, and boo#1172028 will be
+  fix seperately (bnc#888590 boo#1172028 bsc#1181913).
+
ppc64-diag
+- Fix systemd warning about obsolete logging options (bsc#1183700 ltc#192095).
+  + ppc64-diag-Drop-obsolete-logging-options-from-systemd-service-f.patch
+
procps
+- Add upstream patch procps-3.3.17-bsc1181976.patch based on
+  commit 3dd1661a to fix bsc#1181976 that is change descripton
+  of psr, which is for 39th field of /proc/[pid]/stat
+
python-libxml2-python
+- Security fix: [bsc#1185408, CVE-2021-3518]
+  * Fix use-after-free in xinclude.c:xmlXIncludeDoProcess()
+  * Add libxml2-CVE-2021-3518.patch
+
+- Security fix: [bsc#1185410, CVE-2021-3517]
+  * Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal()
+  * Add libxml2-CVE-2021-3517.patch
+
+- Security fix: [bsc#1185409, CVE-2021-3516]
+  * Fix use-after-free in entities.c:xmlEncodeEntitiesInternal()
+  * Add libxml2-CVE-2021-3516.patch
+
radvd
-- fix the radvd.service file to use /etc/sysconfig/radvd
-  (bnc#854316)
-
-- Update to version 1.9.7
-  * ioctl bug fix for getting the hardware address and mtu of an interface
-- Update to version 1.9.6
-  * Check AdvSendAdvert before sending an advertisement
-- Update to version 1.9.5
-  * IPv6 forwarding setting should be 1 or 2
-  * Performance fix in netlink message processing
-  * fix for kernels with no NETLINK_NO_ENOBUFS defined
-  * distributing gz, bz2 and xz tarballs
-  * also distributing md5, sha1, sha256 and gpg signatures
-- Update to version 1.9.4
-  * IPv6 forwarding setting should be 1 or 2
-  * Performance fix in netlink message processing
-  * fix for kernels with no NETLINK_NO_ENOBUFS defined
-  * distributing gz, bz2 and xz tarballs
-  * also distributing md5, sha1, sha256 and gpg signatures
-- Update to version 1.9.3
-  * check for sys/sysctl.h availability
-  * radvdump fix to interpret MTU and Route
-- Update to version 1.9.2
-  * A few minor Makefile.am fixes
-- Update to version 1.9.1
-  * Replacing a '==' in configure with '=' for better shell portability
-- added .asc (gpg key not yet found)
-
-- Don't start daemon after package installation, the default config is almost
-  useless and previous package versions installed even bad ones into
-  /etc/radvd.conf (it would never be fixed since the file is
-  %ghost %config(noreplace)
-- Fix try-restart to only restart the daemon if it's actually running. Allow
-  condrestart, which is LSB
-
-- Add radvd-tmpfile-grpname.patch: On openSUSE, the radvd user is
-  added to the 'daemon' group (not a specific 'radvd' group). Thus
-  adjusting the groupname in for the file to be installed in
-  tmpfiles.d. Otherwise, the systemd-tmpfiles service fails to
-  start (and radvd can't find the /var/run folder).
-
-- Remove URL from source as this is a git snapshot
-
-- Update to version 1.9rc1.xxx
-  * Support systemd tmpfiles.d
-  * add Native systemd units for this service
-  * Uses libdaemon to deamonize and store PID file.
-  * Use setsockopt NETLINK_NO_ENOBUFS
-  * fixes debian bug 634485
-
-- add automake as buildrequire to avoid implicit dependency
-
-- Update to version 1.8.3:
-  + proper tracking of buffer usage in send_ra
-- Drop diff_release_1_8_2..44ee01c7.patch: fixed upstream.
-
-- Update to version 1.8.3-rc1
-- additional patches up to commit 44ee01c7 to fully fix the
-  path traversal CVE-2011-3602 (bnc#721968)
-
-- Update to version 1.8.1 for details see NEWS
-- Fix package building in factory, creating /var/run/radvd before
-  being marked as %ghost
-- Run spec cleaner
-
-- new version 1.7:
-  - Fix an unintentional change in 1.3: RAs were accidentally often unicast to
-    solicitors instead of being multicast. This is still compliant with the
-    specification but is not optimal.
-  - Allow radvd.conf prefix, clients, route, and RDNSS options to be in any order.
-  - exit if the number of prefixes/routes/etc. would grow too much.
-  - Fix radvd skipping multiple interfaces when UnicastOnly is on or
-    AdvSendAdvert is off. This got broken in radvd 1.3.
-  - Fix a segmentation fault on reload_config() timer list corruption that only
-    occurs with multiple interfaces.
-  - Add '-c' flag to test configuration.
-  - Deprecate old, pre-RFC5006 parameters. Support RFC6106 by adding DNS Search List support.
-- run as user radvd by default (bnc#691456)
-- clean up init script
-- install a small default config that advertises ULAs. Default prefix is
-  autogenerated to get a different for on each installation.
-- start even if forwarding is not on to be able to work with ULAs only
-
-- Update to version 1.3:
-  - mainly compilation fixes
-  - decreased the default valid and preferred lifetimes
-  - support for arbitrary interface names
-
rsyslog
+- fix groupname retrieval for large groups (bsc#1178490)
+  * add 0001-rainerscript-call-getgrnam_r-repeatedly-to-get-all-g.patch
+
ruby2
+- Update to 2.5.9 (boo#1184644)
+  https://www.ruby-lang.org/en/news/2021/04/05/ruby-2-5-9-released/
+  - CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability
+    in WEBrick
+  - CVE-2021-28965: XML round-trip vulnerability in REXML
+  Complete list of changes at
+  https://github.com/ruby/ruby/compare/v2_5_8...v2_5_9
+- Update suse.patch:
+  Remove fix for CVE-2020-25613 as it is included in the update
+
systemd
+- add conversion script for moving legacy collect based udev rules
+  to chzdev based ones (bsc#1183984)
+
systemd-presets-common-SUSE
+- Enable hcn-init.service for HNV on POWER (bsc#1184136 ltc#192155).
+
tcsh
+- Add patch tcsh-6.20.00-toolong.patch which is an upstream commit
+  ported back to 6.20.00 to fix bsc#1179316 about history file growing
+
usbmuxd
+- Add usbmuxd-add-socket-option.patch: allow socket to be
+  specified via the command line. Backported from upstream.
+- Add usbmuxd-add-pid-option.patch: allow the pid file to be
+  specified via the command line. Taken from upstream.
+- Add usbmuxd-run-dir.patch: use /run, rather than /var/run, for
+  the socket and pid file (bsc#1185186).
+
-- remove _service, too fragile
-
vlc
+- Update to version 3.0.13:
+  + Demux:
+  - Adaptive: fix artefacts in HLS streams with wrong profiles/levels
+  - Fix regression on some MP4 files for the audio track
+  - Fix MPGA and ADTS probing in TS files
+  - Fix Flac inside AVI files
+  - Fix VP9/Webm artefacts when seeking
+  + Codec:
+  - Support SSA text scaling
+  - Fix rotation on Android rotation
+  - Fix WebVTT subtitles that start at 00:00
+  + Access:
+  - Update libnfs to support NFSv4
+  - Improve SMB2 integration
+  - Fix Blu-ray files using Unicode names on Windows
+  - Disable mcast lookups on Android for RTSP playback
+  + Video Output: Rework the D3D11 rendering wait, to fix
+    choppiness on display
+  + Interfaces:
+  - Fix VLC getting stuck on close on X11 (#21875)
+  - Improve RTL on preferences on macOS
+  - Add mousewheel horizontal axis control
+  - Fix crash on exit on macOS
+  - Fix sizing of the fullscreen controls on macOS
+  + Misc:
+  - Improve MIDI fonts search on Linux
+  - Update Soundcloud, Youtube, liveleak
+  - Fix compilation with GCC11
+  - Fix input-slave option for subtitles
+  + Updated translations.
+- Drop vlc-gcc11.patch: fixed upstream.
+- Extend vlc-srto_tsbpddelay.patch: allow srt >= 1.3 for openSUSE.
+
+- Guard post scriptlets to only run %{_libdir}/vlc/vlc-cache-gen if
+  it already (or still, in case of uninstall) exists.
+
+- Add vlc-gcc11.patch: Fix build using gcc11 (boo#1181918).
+
+- Drop libpcre-devel BuildRequires: not been used in a while.
+
+- Limit libplacebo to is_openssue: vlc does not exist in SLE, which
+  makes the usage of is_opensuse valid; backports has is_opensuse
+  set to 1. This is mostly interesting for 3rd party build service
+  instances.
+
+- Enable libplacebo support (the core rendering algorithms and
+  ideas of mpv rewritten as an independent library):
+  + Add pkgconfig(libplacebo) BuildRequires
+  + Pass --enable-libplacebo to %configure
+
+- Update to version 3.0.12:
+  + Access: Add new RIST access module compliant with simple
+    profile (VSF_TR-06-1).
+  + Access Output: Add new RIST access output module compliant with
+    simple profile (VSF_TR-06-1).
+  + Demux: Fixed adaptive's handling of resolution settings.
+  + Audio output: Fix audio distortion on macOS during start of
+    playback.
+  + Video Output: Direct3D11: Fix some potential crashes when using
+    video filters.
+  + Misc:
+  - Several fixes in the web interface, including privacy and
+    security improvements
+  - Update YouTube and Vocaroo scripts.
+  + Updated translations.
+- Drop vlc-CVE-2020-26664.patch: fixed upstream.
+- Drop fix-missing-includes-with-qt-5.15.patch: fixed upstream.
+
vsftpd
+- Add seccomp-fixes.patch to allow getdents64 syscall in seccomp
+  sandbox, fixes bsc#1179553
+  Also in the same patch, fix the architecture offset from 4 to 5,
+  this change was documented in https://lore.kernel.org/patchwork/patch/554803/
+
+- Apply "0001-Introduce-TLSv1.1-and-TLSv1.2-options.patch" and
+  "0001-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch",
+  which add the "ssl_tlsv1_1" and "ssl_tlsv1_2" options to the
+  configuration file. Both options default to true. [SLE-4182]
+
+- Use %{_prefix}/lib instead of misused %{_libexecdir}.
+
+- Add pam_keyinit.so to PAM config file.
+  [vsftpd.pam, bsc#1144062]
+
+- Apply "vsftpd-avoid-bogus-ssl-write.patch" to fix a segmentation
+  fault that occurred while trying to write to an invalid TLS
+  context. [bsc#1125951]
+
+- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
+  shortcut the build queues by allowing usage of systemd-mini
+
+- firewall-macros should be BuildRequires, not Requires(post)
+  (the macro gets expanded during package build)
+
-- force using fork() instead of clone() on s390 - fixes bnc#890469
-  * vsftpd-3.0.2-s390.patch
-
-- Cleanup with spec-cleaner
-- Remove conditions about init files as we do not build for < 12.1
-  anyway.
-- Update the README.SUSE file to describe more the listen option.
-
-- Add socket service for vsftpd to avoid the need for xinetd here.
-
-- Add comment about listen variables for xinetd configuration.
-  Fixes bnc#872221.
-- Add default configuration as arg to xinetd started vsftpd.
-- Updated patch:
-  * vsftpd-2.0.4-xinetd.diff
-
-- Move the enabling of timeofday and alarm one level deeper to
-  be sure it is whitelisted everytime.
-  Also should possibly fix bnc#872215.
-- Updated patch:
-  * vsftpd-enable-gettimeofday-sec.patch
-
-- Remove forking from service type as it hangs in endless loop.
-
-- Fix warning about dangling symlink on rcvsftpd from rpmlint and
-  remove also clean section while at it.
-
-- Add patch to allow gettimeofday and alarm calls with seccomp
-  enabled. bnc#870122
-- Added patch:
-  * vsftpd-enable-gettimeofday-sec.patch
-
-- Specify that the service type is forking
-
-- changed license to SUSE-GPL-2.0-with-openssl-exception
-  * suggested by legal team
-
-- add allow_root_squashed_chroot option to enable chroot on nsf
-  mounted with squash_root option (fate#311051)
-  * vsftpd-root-squashed-chroot.patch
-
-- build with OPENSSL_NO_SSL_INTERN this hides internal struct
-  members or functions that if changed in future openssl versions
-  will break the ABI of the calling applications.
-
-- add vsftpd-enable-dev-log-sendto.patch (bnc#812406#c1)
-  * this enabled a sendto on /dev/log socket when syslog is enabled
-- provide more verbose explanation about isolate_network and seccomp_sanbox in
-  config file template
-- don't install init file on openSUSE 13.1+
-- drop a build support for SL 10 and older
-
-- add vsftpd-drop-newpid-from-clone.patch (bnc#786024#c38)
-  * drop CLONE_NEWPID from clone to enable audit system
-- add vsftpd-enable-fcntl-f_setfl.patch (bnc#812406)
-  * unconditionally enable F_SETFL patch - might be safe to do
-
-- add isolate_network and seccomp_sandbox options to template to make them
-  easier to find (bnc#786024)
-
-- add vsftpd-allow-dev-log-socket.patch (bnc#786024)
-  * whitelist /dev/log related socket syscall
-
-- Verify GPG signature.
-
-- Fix useradd invocation: -o is useless without -u and newer
-  versions of pwdutils/shadowutils fail on this now.
-
-- update to 3.0.2 (bnc#786024)
-  * Fix some seccomp related build errors on certain CentOS and Debian versions.
-  * Seccomp filter sandbox: missing munmap() -- oops. Did you know that qsort()
-  opens and maps /proc/meminfo but only for larger item counts?
-  * Seccomp filter sandbox: deny socket() gracefully for text_userdb_names.
-  * Fix various NULL crashes with nonsensical config settings. Noted by Tianyin
-  Xu <tixu@cs.ucsd.edu>.
-  * Force cast to unsigned char in is* char functions.
-  * Fix harmless integer issues in strlist.c.
-  * Started on a (possibly ill-advised?) crusade to compile cleanly with
-  Wconversion. Decided to suspend the effort half-way through.
-  * One more seccomp policy fix: mremap (denied).
-  * Support STOU with no filename, uses a STOU. prefix.
-
-- make seccomp sandbox enabled by default
-  * dropped vsftpd-3.0.0-turn-seccomp-sandbox-off.patch
-
-- fix building on 11.4 x86_64 and lower
-  * fix where, when, & how __USE_GNU gets #defined
-  * make seccomp optional and disable it on 10.3 and lower
-
-- update to upstream 3.0.0:
-  * Make listen mode the default.
-  * Fix missing "const" in ssl.c
-  * Add seccompsandbox.c to support a seccomp filter sandbox; works against
-    Ubuntu 12.04 ABI.
-  * Rearrange ftppolicy.c a bit so the syscall list is easily comparable with
-    seccompsandbox.c
-  * Rename deprecated "sandbox" to "ptrace_sandbox".
-  * Add a few more state checks to the privileged helper processes.
-  * Add tunable "seccomp_sandbox", default on.
-  * Use hardened build flags.
-  * Retry creating a PASV socket upon port reuse race between bind() and
-    listen(), patch from Ralph Wuerthner <ralph.wuerthner@de.ibm.com>.
-  * Don't die() if recv() indicates a closed remote connection. Problem report
-    on a Windows client from Herbert van den Bergh,
-    <herbert.van.den.bergh@oracle.com>.
-  * Add new config setting "allow_writeable_chroot" to help people in a bit of
-    a spot with the v2.3.5 defensive change. Only applies to non-anonymous.
-  * Remove a couple of fixed things from BUGS.
-  * strlen() trunction fix -- no particular impact.
-  * Apply some tidyups from mmoufid@yorku.ca.
-  * Fix delete_failed_uploads if there is a timeout. Report from Alejandro
-    Hernández Hdez <aalejandrohdez@gmail.com>.
-  * Fix other data channel bugs such as failure to log failure upon timeout.
-  * Use exit codes a bit more consistently.
-  * Fix bad interaction between SSL and trans_chunk_size.
-  * Redo data timeout to fire properly for SSL sessions.
-  * Redo idle timeout to fire properly for SSL sessions.
-  * Make sure PROT_EXEC isn't allowed, thanks to Will Drewry for noticing.
-  * Use 10 minutes as a max linger time just in case an alarm gets lost.
-  * Change PR_SET_NO_NEW_PRIVS define, from Kees Cook.
-  * Add AES128-SHA to default SSL cipher suites for FileZilla compatibility.
-    Unfortunately the default vsftpd SSL confiuration still doesn't fully work with
-    FileZilla, because FileZilla has a data connection security problem: no client
-    certificate presentation and no session reuse. At least the error message is
-    now very clear.
-  * Add restart_syscall to seccomp policy. Triggers reliably if you strace whilst
-    a data transfer is in progress.
-  * Fix delete_failed_uploads for anonymous sessions.
-  * Don't listen for urgent data if the control connection is SSL, due to possible
-    protocol synchronization issues.
-- SUSE specific changes:
-  * turn off the listen mode (listen=NO) by default and change README.SUSE
-  * merge new hardended flags for build and linking
-  * fix the wrong Type=forking from systemd service file
-  * turn off the seccomp_sandbox off by default as SUSE kernel does not support
-    it (yet)
-
-- follow Systemd Packaging guidelines
-  http://en.opensuse.org/openSUSE:Systemd_packaging_guidelines
-- add $local_fs and $remote_fs to init script
-
-- use the original tarball, because the bz2 repacking madness disables
-  gpg --verify
-- revert a part oc changes utf converting
-
-- update to upstream 2.3.5:
-  * Try and force glibc to cache zoneinfo files in an attempt to work around
-    glibc parsing vulnerability. Thanks to Kingcope.
-  * Only report CHMOD in SITE HELP if it's enabled. Thanks to Martin Schwenke
-    <martin@meltin.net>.
-  * Some simple fixes and cleanups from Thorsten Brehm <tbrehm@dspace.de>.
-  * Only advertise "AUTH SSL" if one of SSLv2, SSLv3 is enabled. Thanks to
-    steve willing <eiji-gravion@hotmail.com>.
-  * Handle connect() failures properly. Thanks to Takayuki Nagata
-    <tnagata@redhat.com>.
-  * Add stronger checks for the configuration error of running with a
-    writeable root directory inside a chroot(). This may bite people who
-    carelessly turned on chroot_local_user but such is life.
-- convert .changes file to unicode
-- refresh vsftpd-2.0.4-conf.diff to vsftpd-2.3.5-conf.patch
-- name patches explicitly without macro as per recommendations
-- remove INSTALL file from binary package
-- update license to GPL-2.0+
-- mark /etc/sysconfig/SuSEfirewall2/services/vsftpd as config file
-
-- fis copy/paste error in previous change
-
-- Add systemd unit
-
-- fix bnc#713588 - bogus logrotate config for vsftpd
-  call /sbin/killproc -HUP /usr/sbin/vsftpd like init script
-- change the url and service file to the new location at
-  security.appspot.com/vsftpd
-
-- Update to 2.3.4
-- Avoid consuming excessive CPU when matching filenames to patterns. Thanks to
-  Maksymilian Arciemowicz <cxib@securityreason.com>.
-- Some bugfixes from Raphaël Rigo <raphael.rigo@syscall.eu> -- good bugs but
-  no apparent security impact.
-
-- Update to version 2.3.2
-- Fix silly regression re: log files being overwritten from the start.
-- Rename a few file-open functions to make it clearer what they do
-
-- Update to 2.3.0
-- Add extremely simply HTTP support. It's very experimental, ignorant of HTTP
-  protocol and headers, and likely has all sorts of other issues. The use case
-  it might satisfy is if you need to serve simple static unathenticated content
-  with large levels of paranoia.
-- Fix port_promiscuous breakage.
-- Minor FAQ update.
-- Use a larger address space limit if using text_userdb_names=YES
-- Always use CLONE_NEWNET if possible when in HTTP mode.
-- Change REST + STOR so that it's possible to overwrite part of file without
-  truncating it.
-- Boot the session if we see a USER where encryption was required. May prevent
-  the transmission of plaintext passwords by buggy clients.
-- Fix failure to transmit a large ASCII file over SSL, if it contains \n -> \r\n
-  fixups.
-
-- $remote_fs --> network-remotefs
-
-- updated to version 2.2.2
-  * Change "File receive OK." to "Transfer complete." to placate some broken
-  clients. Thanks Holger Kiehl <Holger.Kiehl@dwd.de>.
-  * Fix erroneous "child died" upon FTP client connect, when under load. Awesome
-  thanks to Holger Kiehl <Holger.Kiehl@dwd.de> for running diagnostic tests on
-  his live server.
-  * Boot the session if an overly long line is encountered.
-- see Changelog file for changes in 2.1.0, 2.1.1, 2.1.2 and 2.2.0 releases
-- deprecated use-ipv6-scope-id.patch,libcap2-fix.diff,write_race.patch
-  nowarn.patch
-
-- added use-ipv6-scope-id.patch to fix connection issues with
-  ipv6-link local address (bnc#574366)
-
-- fix typo in the package description - and remove authors
-
webkit2gtk3
+- Per discussion with maintenance, let's not remove features that
+  customers could possibly be using:
+- Add webkit2gtk3-restore-npapi.patch: restore NPAPI plugin
+  support. Reverts webkit#215503.
+
+- Update to version 2.32.0 (boo#1184155):
+  + Fix the authentication request port when URL omits the port.
+  + Fix iframe scrolling when main frame is scrolled in async
+    scrolling mode.
+  + Stop using g_memdup.
+  + Show a warning message when overriding signal handler for
+    threading suspension.
+  - Fix the build on RISC-V with GCC 11.
+  - Fix several crashes and rendering issues.
+  + Security fixes: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871
+  + Changes in version 2.30.6 (boo#1184262):
+  + Update user agent quirks again for Google Docs and Google Drive.
+  + Fix several crashes and rendering issues.
+  + Security fixes: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765
+  CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870.
+- Remove webkit-font-scaling.patch: contained in upstream
+- Drop original SLE 15 support from the spec. Drop
+  webkit-process.patch and old-wayland-scanner.patch; they are not
+  needed for SP2.
+- Pass ENABLE_GAMEPAD=OFF to cmake, since we don't have manette.
+- Add glproto-devel to BuildRequires: now needed for the build on
+  SLE 15.
+
+- Update _constraints for armv6/armv7 (bsc#1182719)
+
wpa_supplicant
+- Add CVE-2021-30004.patch -- forging attacks may occur because
+  AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c
+  (bsc#1184348)
+
+- Fix systemd device ready dependencies in wpa_supplicant@.service file.
+  (see: https://forums.opensuse.org/showthread.php/547186-wpa_supplicant-service-fails-on-boot-succeeds-on-restart?p=2982844#post2982844)
+
xdg-desktop-portal
+- Ensure systemd rpm macros are called at install/uninstall times
+  for systemd user services.
+- Add BuildRequires on systemd-rpm-macros.
+
+- Update to version 1.8.0:
+  + openuri:
+  - Allow skipping the chooser for more URL tyles
+  - Robustness fixes
+  + filechooser: Return the current filter
+  + camera:
+  - Make the client node visible
+  - Don't leak pipewire proxy
+  + Fix file descriptor leaks
+  + Testsuite improvements
+  + Updated translations.
+- Changes from version 1.7.2:
+  + document:
+  - Reduce the use of open fds
+  - Add more tests and fix issues they found
+  + Fix the build with musl.
+- Changes from version 1.7.1:
+  + filechooser:
+  - Add a "directory" option
+  - Document the "writable" option
+  + document: Expose directories with their proper name
+- Changes from version 1.7.0:
+  + testsuite improvements
+  + background: Avoid a segfault
+  + screencast: Require pipewire 0.3
+  + document:
+  - Support exporting directories
+  - New fuse implementation
+  + Better support for snap and toolbox
+  + Updated translations.
+- Drop patches fixed upstream:
+  + xdg-dp-port-pipewire-3-api.patch
+  + 0001-Fix-use-after-free-in-xdg_get_app_info_from_pid.patch
+  + 0002-add-AssumedAppArmorLabel-key-to-D-Bus-service-files.patch
+  + 0003-Fix-criticals-if-no-default-handler-for-desired-type.patch
+
+- Require /usr/bin/fusermount: xdg-document-portal calls out to the
+  binary. Without it, files or dirs can be selected, but
+  whatever is done with or in them, will not have any effect
+  (boo#1175899).
+
+- Fixes for %_libexecdir changing to /usr/libexec
+
xdg-desktop-portal-gtk
+- Update to version 1.8.0:
+  + filechooser: Return the current filter
+  + screenshot: Fix cancellation
+  + appchooser: Avoid a crash
+  + wallpaper:
+  - Properly preview placement settings
+  - Drop the lockscreen option
+  + printing: Improve the notification
+  + Updated translations.
+- Changes from version 1.7.1:
+  + filechooser:
+  - Handle the "directory" option to select directories
+  - Only show preview when we have an image
+  + Updated translations.
+- Changes from version 1.7.0:
+  + screencast: Support mutter version 3
+  + settings: Fall back to gsettings for enable-animations
+  + Updated translations.
+- Drop xdg-dpg-support-mutter-pipewire-3-api.patch: Fixed upstream.
+
+- Add xdg-dpg-support-mutter-pipewire-3-api.patch: screencast: Bump
+  supported Mutter version to 3 (New pipewire api ver 3).
+
xorg-x11-server
+- U_build-glx-Lower-gl-version-to-work-with-libglvnd.patch,
+  U_meson-Fix-another-reference-to-gl-9.2.0.patch
+  * fix build on sle15-sp3 with updated libglvnd/Mesa and their
+    new pkgconfig files
+    (https://gitlab.freedesktop.org/xorg/xserver/-/issues/893)
+
+- U_xwayland-Do-not-crash-if-gbm_bo_create-fails.patch
+  * xwayland: Do not crash if gbm_bo_create() fails (boo#1184072) (boo#1184543)
+
+- U_Fix-XChangeFeedbackControl-request-underflow.patch
+  * Fix XChangeFeedbackControl() request underflow (CVE-2021-3472,
+    ZDI-CAN-1259, bsc#1180128)
+
yast2-trans
+- Update to version 84.87.20210502.7b34dbceae:
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Turkish)
+  * Translated using Weblate (Portuguese (Brazil))
+  * Translated using Weblate (Japanese)
+  * Translated using Weblate (Japanese)
+  * New POT for text domain 'network'.
+  * New POT for text domain 'installation'.
+  * New POT for text domain 'network'.
+  * Translated using Weblate (Japanese)
+  * Translated using Weblate (Japanese)
+  * Translated using Weblate (Japanese)
+  * Translated using Weblate (Japanese)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Slovak)
+