Packages changed:
  MozillaFirefox (65.0 -> 65.0.1)
  crash
  gcal
  gsl
  hugin
  i4l-base
  joe
  ksshaskpass5 (5.15.0 -> 5.15.1)
  libblockdev
  libhangul (0.1.0+git20150224.78e9d89 -> 0.1.1~git20180606.42f7640)
  libyui-qt-pkg (2.45.25 -> 2.45.26)
  metis
  openssh
  openssh-askpass-gnome
  podofo
  python-argcomplete (1.9.2 -> 1.9.4)
  python-decorator (4.3.0 -> 4.3.2)
  qemu
  qemu-linux-user
  qqc2-desktop-style
  squid (4.5 -> 4.6)
  sysconfig (0.85.1 -> 0.85.2)

=== Details ===

==== MozillaFirefox ====
Version update (65.0 -> 65.0.1)
Subpackages: MozillaFirefox-translations-common

- Update _constraints to avoid 'no space left' error seen on aarch64
- Mozilla Firefox 65.0.1
  * Fixed accidental requests to addons.mozilla.org when an addon
    recommendation doorhanger is shown (bmo#1526387)
  * Improved playback of interactive Netflix videos (bmo#1524500)
  * Fixed incorrect sizing of the "Clear Recent History" window in
    some situations (bmo#1523696)
  * Fixed audio & video delays while making WebRTC calls
    (bmo#1521577, bmo#1523817)
  * Fixed video sizing problems during some WebRTC calls (bmo#1520200)
  * Fixed looping CONNECT requests when using WebSockets over HTTP/2
    from behind a proxy server (bmo#1523427)
  * Fixed the "Enter" key not working on password entry fields for
    certain Linux distributions (bmo#1523635)
  MFSA 2019-04 (bsc#1125330)
  * CVE-2018-18356 bmo#1525817
    Use-after-free in Skia
  * CVE-2019-5785 bmo#1525433
    Integer overflow in Skia
  * CVE-2018-18511 bmo#1526218
    Cross-origin theft of images with ImageBitmapRenderingContext
- Enable LTO only for latest new toolchain (boo#1125038) for x86_64
  (with increased memory constraints)

==== crash ====

- With a xen 4.11 dump crash will fail to start reporting "cannot
  fill pcpu struct" and "cannot read cpu_info" due to xen changes
  not tracked by crash updates. Fixed by including:
  crash-xen-invalid-pcpu-vaddr-use-hardware-domain-symbol.patch
  (bsc#1122594)

==== gcal ====
Subpackages: gcal-lang

- add patches (parts of git commits from gnulib):
  - gnulib-4af4a4a71827c0bc5e0ec67af23edef4f15cee8e-excerpt.patch
  - gnulib-74d9d6a293d7462dea8f83e7fc5ac792e956a0ad-excerpt.patch
  to fix compilation on current glibc
  (fflush: adjust to glibc 2.28 libio.h removal)
  (fflush: be more paranoid about libio.h change)

==== gsl ====
Subpackages: libgsl23 libgslcblas0

- mark examples as a noarch package
- install license for examples and remove unnecessary dependencies
- add an examples sub package to test in production env
- Simplify package naming for HPC.
- Fix dependencies for HPC.
- Library directory is always available when module file is
  installed, do not hide it.
- Properly create and tear down default version links when the
  HPC master packages are installed/uninstalled.
- Create pkgconfig file for gslcblas as well.
- Add missing env variables to modules file: MANPATH, INFOPATH,
  PKG_CONFIG_PATH.

==== hugin ====

- Don't skip rpath (bsc#1125178).

==== i4l-base ====
Subpackages: i4l-isdnlog libcapi20-3

- add divactrl_2.1-sysmacros.diff to fix build
- buildrequires groff to fix documentation build

==== joe ====

- Dropped .desktop files to follow openSUSE guidelines regarding console
  applications: https://lists.opensuse.org/opensuse-factory/2019-02/msg00377.html
- Dropped obsolete patch joe-4.6-desktop_files.patch

==== ksshaskpass5 ====
Version update (5.15.0 -> 5.15.1)
Subpackages: ksshaskpass5-lang

- Update to 5.15.1
  * New bugfix release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.15.1.php
- No code changes since 5.15.0
- Do not require openssh-askpass simply provide another password
  asking interface for openssh

==== libblockdev ====
Subpackages: libbd_btrfs2 libbd_crypto2 libbd_fs2 libbd_loop2 libbd_mdraid2 libbd_part2 libbd_swap2 libbd_utils2 libblockdev2

- Explain VDO. Fix grammar mishaps.

==== libhangul ====
Version update (0.1.0+git20150224.78e9d89 -> 0.1.1~git20180606.42f7640)

- Update to version 0.1.1~git20180606.42f7640:
  * no english changelog

==== libyui-qt-pkg ====
Version update (2.45.25 -> 2.45.26)

- Fix icon display to new libyui-qt function (boo#1125424)
- 2.45.26

==== metis ====

- add a examples subpackage which include graphs* file to test Metis
- Set default module version correctly when installing
  master package, unset when deinstalling the default library
  package.
- Fix %%post and %%postun scripts for HPC.
- Fix dependencies for HPC.
- Fix HPC modulefile:
  * Aibraries are always there when module file is installed.
  * Set PKG_CONFIG_PATH.
- Fix package group names.

==== openssh ====
Subpackages: openssh-helpers

- Handle brace expansion in scp when checking that filenames sent
  by the server side match what the client requested [bsc#1125687]
  * openssh-7.9p1-brace-expansion.patch
- Updated security fixes:
  * [bsc#1121816, CVE-2019-6109] Sanitize scp filenames via snmprintf
    and have progressmeter force an update at the beginning and end
    of each transfer. Added patches:
  - openssh-CVE-2019-6109-sanitize-scp-filenames.patch
  - openssh-CVE-2019-6109-force-progressmeter-update.patch
  * [bsc#1121821, CVE-2019-6111] Check in scp client that filenames
    sent during remote->local directory copies satisfy the wildcard
    specified by the user. Added patch:
  - openssh-CVE-2019-6111-scp-client-wildcard.patch
  * Removed openssh-7.9p1-scp-name-validator.patch
- Change the askpass wrapper to not use x11 interface:
  * by default we use the -gnome UI (which is gtk3 only, no gnome dep)
  * if desktop is KDE/LxQt we use ksshaskpass

==== openssh-askpass-gnome ====

- Supplement the openssh and libx11 together to ensure this package
  is installed on machines where there is X stack

==== podofo ====

- Add patches from upstream to fix several CVEs:
  * r1933-Really-fix-CVE-2017-7381.patch
    to fix a null pointer dereference (bsc#1032020, CVE-2017-7381)
  * r1936-Really-fix-CVE-2017-7382.patch
    to fix a null pointer dereference (bsc#1032021, CVE-2017-7382)
  * r1937-Really-fix-CVE-2017-7383.patch
    to fix a null pointer dereference (bsc#1032022, CVE-2017-7383)
  * r1938-Fix-CVE-2018-11256-PdfError-info-gives-not-found-page-0-based.patch
    to fix a null pointer dereference Denial of Service
    (bsc#1096889, CVE-2018-11256)
  * r1941-Fix-CVE-2017-8054-and-other-issues-keeping-binary-compat.patch
    This patch was rebased from the one upstream so that it applies correctly
    and modified so it doesn't break binary compatibility.
    (CVE-2017-8054, boo#1035596)
  * r1945-Fix-possible-incompatibility-of-PdfAESStream-with-OpenSSL-1.1.0g.patch
  * r1948-Fix-CVE-2018-12982-implementing-inline-PdfDictionary-MustGetKey.patch
    This patch was rebased from the one upstream so that it applies correctly.
    (CVE-2018-12982, boo#1099720)
  * r1949-Fix-CVE-2018-5783-by-introducing-singleton-limit-for-indirect-objects-keeping-binary-compat.patch
    This patch was rebased from the one upstream so that it applies correctly
    and modified so it doesn't break binary compatibility.
    (CVE-2018-5783, boo#1076962)
  * r1950-Fix-null-pointer-dereference-in-PdfTranslator-setTarget.patch
  * r1952-Fix-CVE-2018-11255-Null-pointer-dereference-in-PdfPage-GetPageNumber.patch
    (CVE-2018-11255, boo#1096890)
  * r1953-Fix-CVE-2018-14320-Possible-undefined-behaviour-in-PdfEncoding-ParseToUnicode.patch
    (CVE-2018-14320, boo#1108764)
  * r1954-Fix-CVE-2018-20751-null-pointer-dereference-in-crop_page-of-tools-podofocrop.patch
    (CVE-2018-20751, boo#1124357)
  * r1961-EncryptTest-Fix-buffer-overflow-in-decrypted-out-buffer-in-TestEncrypt.patch
    This patch was rebased from the one upstream so that it applies correctly.
  * r1963-Fix-heap-based-buffer-overflow-vulnerability-in-PoDoFo-PdfVariant-DelayedLoad.patch
- Renamed fix-build.patch to r1942-Fix-build-with-cmake-ge-3.12.patch to
  keep its name consistent with the other upstream patches.

==== python-argcomplete ====
Version update (1.9.2 -> 1.9.4)

- Trim unnecessary build dependencies using trim-test-deps.patch
- Simplify skip_tcsh_tests.patch so it is easier to read and update
- Update to v1.9.4
  * Use the correct interpreter when checking wrappers
  * Provide shellcode as a module function (#237)
- from v1.9.3
  * Fix handling of COMP\_POINT
  * Fix crash when writing unicode to debug\_stream in Python 2

==== python-decorator ====
Version update (4.3.0 -> 4.3.2)

- update to version 4.3.2
  * now the decorator module can decorate generator functions by
    preserving their being generator functions
  * Set `python_requires='>=2.6, !=3.0.*, !=3.1.*'` in setup.py
- update to version 4.3.1
  * Added a section "For the impatient" to the README, addressing
    an issue raised by Amir Malekpour.
  * Added support for Python 3.7.
  * Now  the path to the decorator module appears in the
    tracebacks, as suggested by a user at EuroPython 2018.

==== qemu ====
Subpackages: qemu-arm qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-nfs qemu-block-rbd qemu-block-ssh qemu-extra qemu-guest-agent qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-sdl qemu-vgabios qemu-x86

- Package and cross-build rom files for aarch64 from
  SLE15/Leap15.0 to fix boo#1125964
- Add patch to fix seabios cross-compilation:
  * seabios-fix_cross_compilation.patch
- Add patch to fix sgabios cross-compilation:
  * sgabios-fix-cross-build.patch
- Fix _constraints to include all architectures for disk size
  (fix aarch64)
- Revert upstream patch which declares x86 vmx feature a migration
  blocker. Given the proliferation of using vm's with host features
  passed through and the general knowledge that nested
  virtualization has many usage caveats, but still gets put in use
  in restricted scenarios, this patch did more harm than good, I
  feel. So despite this relaxation, please consider yourself warned
  that nested virtualization is not yet a supportable feature.
  (bsc#1121604)
  0058-Revert-target-i386-kvm-add-VMX-migr.patch
- Fix SEV VM device assignment (bsc#1123205)
  0059-memory-Fix-the-memory-region-type-a.patch
  0060-target-i386-sev-Do-not-pin-the-ram-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
- Remove 71-sev.rules, which modifies the default permissions of
  /dev/sev by adding the kvm group as reader/writer. Upstream
  decided to take a different approach for libvirt to manage SEV
  due to security concerns which I agree overrides the convenience
  of providing /dev/sev access to all the kvm group (bsc#1124842
  bsc#1102604)

==== qemu-linux-user ====

- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
  * Patches added:
  0058-Revert-target-i386-kvm-add-VMX-migr.patch
  0059-memory-Fix-the-memory-region-type-a.patch
  0060-target-i386-sev-Do-not-pin-the-ram-.patch

==== qqc2-desktop-style ====

- Add 0001-Fix-MobileTextActionsToolBar.qml-with-Qt-5.9.patch (by Fabian Vogt)
  to fix an issue with Qt 5.9
- Downgrade the Qt version requirement to build with 5.9

==== squid ====
Version update (4.5 -> 4.6)

- Update to squid 4.6:
  + master commit b599471 leaks memory (#4919)
  + SourceFormat Enforcement (#367)
  + Detect IPv6 loopack binding errors (#355)
  + Do not call setsid() in --foreground mode (#354)
  + Fail Rock swapout if the disk dropped write reqs (#352)
  + Initialize StoreMapSlice when reserving a new cache slot (#350)
  + Fixed disker-to-worker queue overflows (#353)
  + Fix OpenSSL builds that define OPENSSL_NO_ENGINE (#349)
  + Fix BodyPipe/Sink memory leaks associated with auto-consumption
  + Exit when GoIntoBackground() fork() call fails (#344)
  + GCC-8 compile errors with -O3 optimization (#4875)
  + Initial translations to ka/georgian language (#345)
  + basic_ldap_auth: Return BH on internal errors (#347)

==== sysconfig ====
Version update (0.85.1 -> 0.85.2)
Subpackages: sysconfig-netconfig

- version 0.85.2
- Fixed changes file to mention relevant github pull requests.
- Removed remaining preun rpm hook from EOL openSUSE versions
- Merged /var/adm/netconfig move revert from openSUSE:Factory
  causing to not find md5 sums from previous netconfig version
  due to incorrectly merged hook in spec file and trouble on
  transactional systems without writeable /var/lib/netconfig.
  Removed obsoletes revert-var-adm-lib-netconfig-move.patch.
  (bsc#1124152,bsc#1124340).
- Merged rpm spec bash section marks (gh#openSUSE/sysconfig#23)