Packages changed:
  container-selinux (2.158.0 -> 2.160.1)
  dnf (4.6.1 -> 4.7.0)
  grub2
  kernel-source (5.11.15 -> 5.11.16)
  kexec-tools (2.0.20 -> 2.0.21)
  libgcrypt (1.9.2 -> 1.9.3)
  lvm2
  lvm2-device-mapper
  patterns-microos
  pipewire (0.3.25 -> 0.3.26)
  python-MarkupSafe
  python-jsonpatch (1.28 -> 1.31)
  suse-module-tools (15.4.0 -> 15.4.1)
  xinit

=== Details ===

==== container-selinux ====
Version update (2.158.0 -> 2.160.1)

- Fix container runtime binary labels (bsc#1185030). You need to
  relable at least /usr/sbin if you're affected

==== dnf ====
Version update (4.6.1 -> 4.7.0)

- Update to version 4.7.0
  + Improve repo config path ordering to fix a comps merging issue (rh#1928181)
  + Keep reason when package is removed (rh#1921063)
  + Improve mechanism for application of security filters (rh#1918475)
  + [doc] Add description for new API
  + [API] Add new method for reset of security filters
  + [doc] Improve documentation for Hotfix repositories
  + [doc] fix: "makecache" command downloads only enabled repositories
  + Use libdnf.utils.checksum_{check,value}
  + [doc] Add info that maximum parallel downloads is 20
  + Increase loglevel in case of invalid config options
  + [doc] installonly_limit documentation follows behavior
  + Prevent traceback (catch ValueError) if pkg is from cmdline
  + Add documentation for config option sslverifystatus (rh#1814383)
  + Check for specific key string when verifing signatures (rh#1915990)
  + Use rpmkeys binary to verify package signature (rh#1915990)
  + Bugs fixed (rh#1916783)
  + Preserve file mode during log rotation (rh#1910084)

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi

- Fix obsolete syslog in systemd unit file and updating to use journal as
  StandardOutput (bsc#1185149)
  * grub2-once.service

==== kernel-source ====
Version update (5.11.15 -> 5.11.16)

- Revert "rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)"
  This turned out to be a bad idea: the kernel-$flavor-devel package
  must be usable without kernel-$flavor, e.g. at the build of a KMP.
  And this change brought superfluous installation of kernel-preempt
  when a system had kernel-syms (bsc#1185113).
- commit d771304
- rpm/check-for-config-changes: add AS_HAS_* to ignores
  arch/arm64/Kconfig defines a lot of these. So far our current compilers
  seem to support them all. But it can quickly change with SLE later.
- commit a4d8194
- Linux 5.11.16 (bsc#1012628).
- bpf: Move sanitize_val_alu out of op switch (bsc#1012628).
- bpf: Improve verifier error messages for users (bsc#1012628).
- bpf: Rework ptr_limit into alu_limit and add common error path
  (bsc#1012628).
- ARM: 9071/1: uprobes: Don't hook on thumb instructions
  (bsc#1012628).
- bpf: Move off_reg into sanitize_ptr_alu (bsc#1012628).
- bpf: Ensure off_reg has no mixed signed bounds for all types
  (bsc#1012628).
- r8169: don't advertise pause in jumbo mode (bsc#1012628).
- r8169: tweak max read request size for newer chips also in
  jumbo mtu mode (bsc#1012628).
- kasan: remove redundant config option (bsc#1012628).
- kasan: fix hwasan build for gcc (bsc#1012628).
- KVM: VMX: Don't use vcpu->run->internal.ndata as an array index
  (bsc#1012628).
- KVM: VMX: Convert vcpu_vmx.exit_reason to a union (bsc#1012628).
- bpf: Use correct permission flag for mixed signed bounds
  arithmetic (bsc#1012628).
- arm64: dts: allwinner: h6: beelink-gs1: Remove ext. 32 kHz
  osc reference (bsc#1012628).
- arm64: dts: allwinner: Fix SD card CD GPIO for SOPine systems
  (bsc#1012628).
- ARM: OMAP2+: Fix uninitialized sr_inst (bsc#1012628).
- ARM: footbridge: fix PCI interrupt mapping (bsc#1012628).
- ARM: 9069/1: NOMMU: Fix conversion for_each_membock() to
  for_each_mem_range() (bsc#1012628).
- ARM: 9063/1: mm: reduce maximum number of CPUs if
  DEBUG_KMAP_LOCAL is enabled (bsc#1012628).
- ARM: OMAP2+: Fix warning for omap_init_time_of() (bsc#1012628).
- gro: ensure frag0 meets IP header alignment (bsc#1012628).
- ch_ktls: do not send snd_una update to TCB in middle
  (bsc#1012628).
- ch_ktls: tcb close causes tls connection failure (bsc#1012628).
- ch_ktls: fix device connection close (bsc#1012628).
- ch_ktls: Fix kernel panic (bsc#1012628).
- ibmvnic: remove duplicate napi_schedule call in open function
  (bsc#1012628).
- ibmvnic: remove duplicate napi_schedule call in do_reset
  function (bsc#1012628).
- ibmvnic: avoid calling napi_disable() twice (bsc#1012628).
- ia64: tools: remove inclusion of ia64-specific version of
  errno.h header (bsc#1012628).
- ia64: remove duplicate entries in generic_defconfig
  (bsc#1012628).
- ethtool: pause: make sure we init driver stats (bsc#1012628).
- i40e: fix the panic when running bpf in xdpdrv mode
  (bsc#1012628).
- ibmvnic: correctly use dev_consume/free_skb_irq (bsc#1012628).
- net: Make tcp_allowed_congestion_control readonly in non-init
  netns (bsc#1012628).
- mm: ptdump: fix build failure (bsc#1012628).
- net: ip6_tunnel: Unregister catch-all devices (bsc#1012628).
- net: sit: Unregister catch-all devices (bsc#1012628).
- net: phy: marvell: fix detection of PHY on Topaz switches
  (bsc#1012628).
- net: davicom: Fix regulator not turned off on failed probe
  (bsc#1012628).
- net/mlx5e: Fix setting of RS FEC mode (bsc#1012628).
- netfilter: nftables: clone set element expression template
  (bsc#1012628).
- netfilter: nft_limit: avoid possible divide error in
  nft_limit_init (bsc#1012628).
- net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta
  (bsc#1012628).
- net: macb: fix the restore of cmp registers (bsc#1012628).
- drm/i915/display/vlv_dsi: Do not skip panel_pwr_cycle_delay
  when disabling the panel (bsc#1012628).
- libbpf: Fix potential NULL pointer dereference (bsc#1012628).
- netfilter: arp_tables: add pre_exit hook for table unregister
  (bsc#1012628).
- netfilter: bridge: add pre_exit hooks for ebtable unregistration
  (bsc#1012628).
- libnvdimm/region: Fix nvdimm_has_flush() to handle
  ND_REGION_ASYNC (bsc#1012628).
- ice: Fix potential infinite loop when using u8 loop counter
  (bsc#1012628).
- netfilter: conntrack: do not print icmpv6 as unknown via /proc
  (bsc#1012628).
- netfilter: flowtable: fix NAT IPv6 offload mangling
  (bsc#1012628).
- ixgbe: fix unbalanced device enable/disable in suspend/resume
  (bsc#1012628).
- ixgbe: Fix NULL pointer dereference in ethtool loopback test
  (bsc#1012628).
- drm/vmwgfx: Make sure we unpin no longer needed buffers
  (bsc#1012628).
- scsi: libsas: Reset num_scatter if libata marks qc as NODATA
  (bsc#1012628).
- riscv: Fix spelling mistake "SPARSEMEM" to "SPARSMEM"
  (bsc#1012628).
- vfio/pci: Add missing range check in vfio_pci_mmap
  (bsc#1012628).
- arm64: alternatives: Move length validation in
  alternative_{insn, endif} (bsc#1012628).
- arm64: mte: Ensure TIF_MTE_ASYNC_FAULT is set atomically
  (bsc#1012628).
- Update config files.
- arm64: fix inline asm in load_unaligned_zeropad() (bsc#1012628).
- drm/i915: Don't zero out the Y plane's watermarks (bsc#1012628).
- readdir: make sure to verify directory entry for legacy
  interfaces too (bsc#1012628).
- dm verity fec: fix misaligned RS roots IO (bsc#1012628).
- HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC
  type of devices (bsc#1012628).
- Input: i8042 - fix Pegatron C15B ID entry (bsc#1012628).
- Input: s6sy761 - fix coordinate read bit shift (bsc#1012628).
- net/sctp: fix race condition in sctp_destroy_sock (bsc#1012628).
- lib: fix kconfig dependency on ARCH_WANT_FRAME_POINTERS
  (bsc#1012628).
- virt_wifi: Return micros for BSS TSF values (bsc#1012628).
- mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN
  (bsc#1012628).
- drm/amd/display: Add missing mask for DCN3 (bsc#1012628).
- pcnet32: Use pci_resource_len to validate PCI resource
  (bsc#1012628).
- net: ieee802154: forbid monitor for add llsec seclevel
  (bsc#1012628).
- net: ieee802154: stop dump llsec seclevels for monitors
  (bsc#1012628).
- net: ieee802154: forbid monitor for del llsec devkey
  (bsc#1012628).
- net: ieee802154: forbid monitor for add llsec devkey
  (bsc#1012628).
- net: ieee802154: stop dump llsec devkeys for monitors
  (bsc#1012628).
- net: ieee802154: forbid monitor for del llsec dev (bsc#1012628).
- net: ieee802154: forbid monitor for add llsec dev (bsc#1012628).
- net: ieee802154: stop dump llsec devs for monitors
  (bsc#1012628).
- net: ieee802154: forbid monitor for del llsec key (bsc#1012628).
- net: ieee802154: forbid monitor for add llsec key (bsc#1012628).
- net: ieee802154: stop dump llsec keys for monitors
  (bsc#1012628).
- iwlwifi: add support for Qu with AX201 device (bsc#1012628).
- scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST
  state (bsc#1012628).
- ASoC: fsl_esai: Fix TDM slot setup for I2S mode (bsc#1012628).
- drm/msm: Fix a5xx/a6xx timestamps (bsc#1012628).
- ARM: omap1: fix building with clang IAS (bsc#1012628).
- ARM: keystone: fix integer overflow warning (bsc#1012628).
- powerpc/signal32: Fix Oops on sigreturn with unmapped VDSO
  (bsc#1012628).
- neighbour: Disregard DEAD dst in neigh_update (bsc#1012628).
- bpf: Take module reference for trampoline in module
  (bsc#1012628).
- gpu/xen: Fix a use after free in xen_drm_drv_init (bsc#1012628).
- net: axienet: allow setups without MDIO (bsc#1012628).
- ASoC: max98373: Added 30ms turn on/off time delay (bsc#1012628).
- ASoC: max98373: Changed amp shutdown register as volatile
  (bsc#1012628).
- xfrm: BEET mode doesn't support fragments for inner packets
  (bsc#1012628).
- iwlwifi: Fix softirq/hardirq disabling in
  iwl_pcie_enqueue_hcmd() (bsc#1012628).
- arc: kernel: Return -EFAULT if copy_to_user() fails
  (bsc#1012628).
- lockdep: Add a missing initialization hint to the "INFO:
  Trying to register non-static key" message (bsc#1012628).
- remoteproc: pru: Fix loading of GNU Binutils ELF (bsc#1012628).
- ARM: dts: Fix moving mmc devices with aliases for omap4 & 5
  (bsc#1012628).
- ARM: dts: Drop duplicate sha2md5_fck to fix clk_disable race
  (bsc#1012628).
- ACPI: x86: Call acpi_boot_table_init() after
  acpi_table_upgrade() (bsc#1012628).
- dmaengine: idxd: fix wq cleanup of WQCFG registers
  (bsc#1012628).
- dmaengine: idxd: clear MSIX permission entry on shutdown
  (bsc#1012628).
- dmaengine: plx_dma: add a missing put_device() on error path
  (bsc#1012628).
- dmaengine: Fix a double free in dma_async_device_register
  (bsc#1012628).
- dmaengine: dw: Make it dependent to HAS_IOMEM (bsc#1012628).
- dmaengine: idxd: fix wq size store permission state
  (bsc#1012628).
- dmaengine: idxd: fix opcap sysfs attribute output (bsc#1012628).
- dmaengine: idxd: fix delta_rec and crc size field for completion
  record (bsc#1012628).
- dmaengine: idxd: Fix clobbering of SWERR overflow bit on
  writeback (bsc#1012628).
- gpio: sysfs: Obey valid_mask (bsc#1012628).
- Input: nspire-keypad - enable interrupts only when opened
  (bsc#1012628).
- mtd: rawnand: mtk: Fix WAITRDY break condition and timeout
  (bsc#1012628).
- AMD_SFH: Add DMI quirk table for BIOS-es which don't set the
  activestatus bits (bsc#1012628).
- AMD_SFH: Add sensor_mask module parameter (bsc#1012628).
- AMD_SFH: Removed unused activecontrolstatus member from the
  amd_mp2_dev struct (bsc#1012628).
- commit d57ad55

==== kexec-tools ====
Version update (2.0.20 -> 2.0.21)

- kexec-tools-remove-duplicate-ramdisk-definition.patch:
  Remove duplicate definition of ramdisk (fix ppc build).
- Bump version to 2.0.21
- Drop patches from upstream git:
  * kexec-tools-add-variant-helper-functions.patch
  * kexec-tools-arm64-kexec-allocate-memory-space-avoiding-reserved-regions.patch
  * kexec-tools-arm64-kdump-deal-with-resource-entries-in-proc-iomem.patch
  * kexec-tools-build-multiboot2-for-i386.patch
  * kexec-tools-fix-kexec_file_load-error-handling.patch
  * kexec-tools-reset-getopt-before-falling-back-to-legacy.patch
  * kexec-tools-s390-Reset-kernel-command-line-on-syscal.patch
  * kexec-tools-Remove-duplicated-variable-declarations.patch
- Hardening: Link as PIE (bsc#1185020).

==== libgcrypt ====
Version update (1.9.2 -> 1.9.3)

- libgcrypt 1.9.3:
  * Bug fixes:
  - Fix build problems on i386 using gcc-4.7.
  - Fix checksum calculation in OCB decryption for AES on s390.
  - Fix a regression in gcry_mpi_ec_add related to certain usages
    of curve 25519.
  - Fix a symbol not found problem on Apple M1.
  - Fix for Apple iOS getentropy peculiarity.
  - Make keygrip computation work for compressed points.
  * Performance:
  - Add x86_64 VAES/AVX2 accelerated implementation of Camellia.
  - Add x86_64 VAES/AVX2 accelerated implementation of AES.
  - Add VPMSUMD acceleration for GCM mode on PPC.
  * Internal changes.
  - Harden MPI conditional code against EM leakage.
  - Harden Elgamal by introducing exponent blinding.

==== lvm2 ====
Subpackages: liblvm2cmd2_03

- Honor lvm.conf event_activation=0 on "pvscan --cache -aay" (bsc#1185190)
  + bug-1185190_01-pvscan-support-disabled-event_activation.patch
  + bug-1185190_02-config-improve-description-for-event_activation.patch
- LVM cannot be disabled on boot (bsc#1184687)
  + bug-1184687_Add-nolvm-for-kernel-cmdline.patch
- Update patch for avoiding apply warning message
  + bug-1012973_simplify-special-case-for-md-in-69-dm-lvm-metadata.patch
- Add metadata-based autoactivation property for VG and LV (bsc#1178680)
  + bug-1178680_add-metadata-based-autoactivation-property-for-VG-an.patch

==== lvm2-device-mapper ====
Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03

- Honor lvm.conf event_activation=0 on "pvscan --cache -aay" (bsc#1185190)
  + bug-1185190_01-pvscan-support-disabled-event_activation.patch
  + bug-1185190_02-config-improve-description-for-event_activation.patch
- LVM cannot be disabled on boot (bsc#1184687)
  + bug-1184687_Add-nolvm-for-kernel-cmdline.patch
- Update patch for avoiding apply warning message
  + bug-1012973_simplify-special-case-for-md-in-69-dm-lvm-metadata.patch
- Add metadata-based autoactivation property for VG and LV (bsc#1178680)
  + bug-1178680_add-metadata-based-autoactivation-property-for-VG-an.patch

==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap

- Suggest libdnf-repo-config-zypp explicitly
- Fix dependency on systemd-icon-branding-openSUSE
- Use only kernel-firmware-all instead of kernel-firmware to avoid
  duplicate firmware on the DVD
- spice-vdagent is available on all archs
- hyper-v and open-vm-tools are available on AArch64 as well
- A fresh install does not have xdg-open & friends. Fix by adding xdg-utils
- while there, fix the comment, as they're common tools, but not
  necessarily useful only "during initial setup"
- Add packages to the desktop commons pattern:
  systemd-icons-branding-openSUSE (to list the MicroOS logo on the
  Gnome Settings About page)
- Add packages to the DVD:
  - instead of adding firmware-all, add specific firmware packages for
  common hardware (or at least, for hardware for which we have bugs
  open, see bsc#1184767 and bsc#1184403)
- Add some packages in the DVD:
  - Spice guest driver so graphics works properly out of the box,
  when installing in VMs (mostly for desktops)
  - firmwares so that (wireless mostly, bot also wired) networking
  works in the installer and on the installed system

==== pipewire ====
Version update (0.3.25 -> 0.3.26)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-modules pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools

- Update to 0.3.26:
  + Highlights:
  - I18n support, with translations merged from PulseAudio.
  - New pw-link tool.
  - Many Bluetooth improvements, support for hardware volumes.
  - Support for 64 channel devices.
  - Stability fixes and improvements.
  + PipeWire improvements:
  - The link factory can now also make links between nodes and
    ports by name so that it can be used in scripts.
  - Add module-protocol-simple that can stream raw audio on a
    socket.
  - Added i18n support. Merge PulseAudio translations for the ACP
    library so that we don't cause regressions.
  - Support more than 19 channels in the channel mixer. This
    makes all channels usable on 32 and 64 channel cards.
  - Detect if we're running in a VM and allow for tweaking some
    settings such as the max-quantum to make things work better
    in VMs.
  - Fix a potential crash when connecting a client and updating
    permissions.
  - Fix a potential crash when trying to link incompatible ports.
  - Lingering links in error will now be destroyed automatically.
  + Tools:
  - Added new pw-link tool to list and monitor ports and to list,
    monitor, create and destroy links between them.
  - pw-cli can now also list params by name.
  - pw-dump now outputs Spa:String:JSON types in metadata as
    properly parsed and formatted JSON so that tools can parse
    the metadata values using a JSON parser.
  + Session-manager:
  - Add logind support. The bluetooth monitor can only be started
    for one user at the time, so use logind detect active seats.
  - ALSA icon names were improved to match what PulseAudio does.
  - Improve the bluetooth icon name. Also use the device alias as
    the device description, like PulseAudio.
  + Device support:
  - When devices become inaccessible, they are now removed from
    the PipeWire graph.
  - Fix datatype selection for buffers in v4l2 and libcamera.
  + Bluetooth:
  - Various memory leaks and crashes are fixed.
  - Added support for AVRCP hardware volume.
  - Added support for HSP/HFP hardware volume.
  + PulseAudio server:
  - Fix module-loopback connections to monitor ports.
  - Implement module-native-protocol-tcp.
  - Handle nodes and streams with > 32 channels. The PulseAudio
    API only supports up to 32 channels so only make those 32
    first channels available with the PA API.
  - Implement module-simple-protocol-tcp.
  - Improve events emitted by the server.
  - Improvements to channels and channel_map properties on
    modules. One can imply the other and they should match when
    both given.
  - null-sink will now have their volume work correctly by
    default.
  + JACK: JACK developement files can now optionally be installed.

==== python-MarkupSafe ====

- allow tests to be disabled (still on by default)

==== python-jsonpatch ====
Version update (1.28 -> 1.31)

- update to 1.31:
  * Add support for preserving Unicode charaters
  * remove pypy build

==== suse-module-tools ====
Version update (15.4.0 -> 15.4.1)

- Update to version 15.4.1:
  * dm-crypt requires essiv in SLE15 SP3 (boo#1183063 bsc#1184134 ltc#192244).

==== xinit ====

- modernize spec file (move license to licensedir, use https)