Packages changed:
  avahi
  btrfsprogs (5.15 -> 5.16)
  busybox (1.34.1 -> 1.35.0)
  cyrus-sasl
  grub2
  haproxy (2.5.0+git0.f2e0833f1 -> 2.5.1+git0.86b093a51)
  iproute2 (5.15 -> 5.16)
  keylime
  kubernetes1.23
  ncurses (6.3.20211127 -> 6.3.20220101)
  patterns-base
  perl-Bootloader (0.936 -> 0.937)
  podman
  qemu
  rdma-core (38.0 -> 38.1)
  shadow (4.9 -> 4.11.1)
  sqlite3 (3.36.0 -> 3.37.1)
  sssd
  vim (8.2.3995 -> 8.2.4063)
  wayland (1.19.0 -> 1.20.0)
  yast2 (4.4.34 -> 4.4.36)

=== Details ===

==== avahi ====
Subpackages: libavahi-client3 libavahi-common3

- Move sftp-ssh and ssh services to the doc directory. They allow
  a host's up/down status to be easily discovered and should not
  be enabled by default (boo#1179060).

==== btrfsprogs ====
Version update (5.15 -> 5.16)
Subpackages: btrfsprogs-udev-rules libbtrfs0

- Update to 5.16
  * rescue: new subcommand clear-uuid-tree to fix failed mount due to bad uuid
    subvolume keys, caught by tree-checker
  * fi du: skip inaccessible files
  * prop: properly resolve to symlink targets
  * send, receive: fix crash after parent subvolume lookup errors
  * build:
  * fix build on 5.12+ kernels due to changes in linux/kernel.h
  * fix build on musl with old kernel headers
  * other:
  * error handling fixes, cleanups, refactoring
  * extent tree v2 preparatory work
  * lots of RST documentation updates (last release with asciidoc sources),
    https://btrfs.readthedocs.io
- Update to 5.15.1
  * fi usage: fix wrongly reported space of used or unallocated space
  * fix detection of block device discard capability
  * check: add more sanity checks for checksum items
  * build: make sphinx optional backend for documentation

==== busybox ====
Version update (1.34.1 -> 1.35.0)

- Update to 1.35.0
  - Adjust busybox.config for new features in find, date and cpio
- Annotate CVEs already fixed in upstream, but not mentioned in .changes:
  * CVE-2017-16544 (bsc#1069412): Insufficient sanitization of filenames when autocompleting
  * CVE-2015-9261 (bsc#1102912): huft_build misuses a pointer, causing segfaults
  * CVE-2016-2147 (bsc#970663): out of bounds write (heap) due to integer underflow in udhcpc
  * CVE-2016-2148 (bsc#970662): heap-based buffer overflow in OPTION_6RD parsing
  * CVE-2016-6301 (bsc#991940): NTP server denial of service flaw
  * CVE-2017-15873 (bsc#1064976): The get_next_block function in archival/libarchive/decompress_bunzip2.c has an Integer Overflow
  * CVE-2017-15874 (bsc#1064978): archival/libarchive/decompress_unlzma.c has an Integer Underflow
  * CVE-2019-5747 (bsc#1121428): out of bounds read in udhcp components
  * CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376,
    CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380,
    CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384,
    CVE-2021-42385, CVE-2021-42386 (bsc#1192869) : v1.34.0 bugfixes
  - CVE-2021-28831 (bsc#1184522): invalid free or segmentation fault via malformed gzip data
  - CVE-2018-20679 (bsc#1121426): out of bounds read in udhcp
  - CVE-2018-1000517 (bsc#1099260):  Heap-based buffer overflow in the retrieve_file_data()
  - CVE-2011-5325 (bsc#951562): tar directory traversal
  - CVE-2018-1000500 (bsc#1099263):  wget: Missing SSL certificate validation

==== cyrus-sasl ====
Subpackages: cyrus-sasl-gssapi libsasl2-3

- postfix: sasl authentication with password fails (bsc#1194265)
  Add config parameter --with-dblib=gdbm
- Avoid converting of /etc/sasldb2 by every update. Convert
  /etc/sasldb2 only if it is a Berkeley DB

==== grub2 ====
Subpackages: grub2-arm64-efi grub2-snapper-plugin

- Power guest secure boot with static keys: GRUB2 signing portion
  (jsc#SLE-18271) (bsc#1192764)
  * 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch
- Power guest secure boot with static keys: GRUB2 signing portion
  (jsc#SLE-18271) (bsc#1192764)
  * grub2.spec
- Power guest secure boot with static keys: GRUB2 portion (jsc#SLE-18144)
  (bsc#1192686)
  * 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch
  * 0002-ieee1275-claim-more-memory.patch
  * 0003-ieee1275-request-memory-with-ibm-client-architecture.patch
  * 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch
  * 0005-docs-grub-Document-signing-grub-under-UEFI.patch
  * 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch
  * 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch
  * 0008-pgp-factor-out-rsa_pad.patch
  * 0009-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch
  * 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch
  * 0011-libtasn1-import-libtasn1-4.18.0.patch
  * 0012-libtasn1-disable-code-not-needed-in-grub.patch
  * 0013-libtasn1-changes-for-grub-compatibility.patch
  * 0014-libtasn1-compile-into-asn1-module.patch
  * 0015-test_asn1-test-module-for-libtasn1.patch
  * 0016-grub-install-support-embedding-x509-certificates.patch
  * 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch
  * 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch
  * 0019-appended-signatures-support-verifying-appended-signa.patch
  * 0020-appended-signatures-verification-tests.patch
  * 0021-appended-signatures-documentation.patch
  * 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch
  * 0023-x509-allow-Digitial-Signature-plus-other-Key-Usages.patch
- Fix no menuentry is found if hibernation on btrfs RAID1 (bsc#1193090)
  * grub2-systemd-sleep-plugin

==== haproxy ====
Version update (2.5.0+git0.f2e0833f1 -> 2.5.1+git0.86b093a51)

- Update to version 2.5.1+git0.86b093a51:
  * [RELEASE] Released version 2.5.1
  * CI: github actions: clean default step conditions
  * BUILD: cpuset: fix build issue on macos introduced by previous change
  * BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data
  * BUG/MINOR: ssl: Store client SNI in SSL context in case of ClientHello error
  * BUG/MEDIUM: mworker: don't use _getsocks in wait mode
  * BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry
  * BUG/MINOR: cli: fix _getsocks with musl libc
  * BUILD/MINOR: tools: solaris build fix on dladdr.
  * CI: github actions: update OpenSSL to 3.0.1
  * BUILD/MINOR: cpuset FreeBSD 14 build fix.
  * REGTESTS: ssl: update of a crt with server deletion
  * BUG/MEDIUM: ssl: free the ckch instance linked to a server
  * BUG/MINOR: ssl: free the fields in srv->ssl_ctx
  * CI: Github Actions: do not show VTest failures if build failed
  * BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning
  * MINOR: cpuset: switch to sched_setaffinity for FreeBSD 14 and above.
  * MINOR: proxy: add option idle-close-on-response
  * MINOR: debug: add support for -dL to dump library names at boot
  * MINOR: debug: add ability to dump loaded shared libraries
  * MINOR: compat: detect support for dl_iterate_phdr()
  * REGTESTS: ssl: fix ssl_default_server.vtc
  * BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server
  * BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time
  * DEBUG: ssl: make sure we never change a servername on established connections
  * DOC: fix misspelled keyword "resolve_retries" in resolvers
  * BUILD: ssl: unbreak the build with newer libressl
  * BUG/MINOR: mux-h1: Fix splicing for messages with unknown length
  * BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message
  * BUG/MEDIUM: peers: properly skip conn_cur from incoming messages
  * BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch
  * MINOR: pools: work around possibly slow malloc_trim() during gc
  * MINOR: ssl: Remove empty lines from "show ssl ocsp-response" output
  * BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode
  * DOC: config: fix error-log-format example
  * DOC: config: retry-on list is space-delimited
  * DOC: config: Specify %Ta is only available in HTTP mode
  * DOC: spoe: Clarify use of the event directive in spoe-message section
  * BUG/MINOR: cli/server: Don't crash when a server is added with a custom id
  * MINOR: http-rules: Add capture action to http-after-response ruleset
  * IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode
  * BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types
  * MINOR: cli: "show version" displays the current process version
  * BUG/MEDIUM: sample: Fix memory leak in sample_conv_jwt_member_query
  * BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH
  * MINOR: mux-h1: Improve H1 traces by adding info about http parsers
  * BUG/MINOR: mworker: deinit of thread poller was called when not initialized
  * BUG/MEDIUM: mworker: FD leak of the eventpoll in wait mode
  * BUG/MEDIUM: h1: Properly reset h1m flags when headers parsing is restarted
  * BUG/MAJOR: segfault using multiple log forward sections.
  * BUG/MEDIUM: resolvers: Detach query item on response error
  * BUG/MINOR: server: Don't rely on last default-server to init server SSL context
  * BUG/MINOR: vars: Fix the set-var and unset-var converters
  * BUILD: evports: remove a leftover from the dead_fd cleanup
  * BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time
  * BUG/MINOR: lua: remove loop initial declarations
  * BUG/MINOR: lua: don't expose internal proxies
  * BUG/MINOR: httpclient: allow to replace the host header
  * BUG/MINOR: cache: Fix loop on cache entries in "show cache"

==== iproute2 ====
Version update (5.15 -> 5.16)

- remove routef from links; it doesn't exist anymore
- update to 5.16:
  * devlink: Fix cmd_dev_param_set() to check configuration mode
  * ip: add AMT support
  * iplink_can: fix configuration ranges in print_usage() and add
    unit
  * tc: flower: Fix buffer overflow on large labels
  * ip/ipnexthop: fix unsigned overflow in parse_nh_group_type_res()
  * tc/m_vlan: fix print_vlan() conditional on TCA_VLAN_ACT_PUSH_ETH
  * iplink_can: add new CAN FD bittiming parameters:
    Transmitter Delay Compensation (TDC)

==== keylime ====
Subpackages: keylime-agent keylime-config keylime-firewalld keylime-registrar keylime-tpm_cert_store keylime-verifier python38-keylime

- Add 0001-Drop-dataclasses-module-usage.patch, to support Python 3.6
- Fix cfssl bcond logic in Tumbleweed / SLE

==== kubernetes1.23 ====
Subpackages: kubernetes1.23-client kubernetes1.23-client-common kubernetes1.23-kubeadm kubernetes1.23-kubelet kubernetes1.23-kubelet-common

- Increase _constraints to 13GB

==== ncurses ====
Version update (6.3.20211127 -> 6.3.20220101)
Subpackages: libncurses6 ncurses-utils terminfo-base

- Add ncurses patch 20220101
  + add section on releasing memory to curs_termcap.3x and
    curs_terminfo.3x manpages.
- Add ncurses patch 20211225
  + improve markup, e.g., for external manpage links in the manpages
    (prompted by report by Helge Kreutzmann).
- Add ncurses patch 20211219
  + install ncurses-examples programs in libexecdir, adding a wrapper
    script to invoke those.
  + add help-screen and screen-dump to test/combine.c
- Rename package ncurses-tests to ncurses-examples as upstream does
- Add ncurses patch 20211211
  + add test/combine.c, to demo/test combining characters.
- Add ncurses patch 20211204
  + improve configure check for getttynam (report by Werner Fink).
- Correct offsets of patch ncurses-6.3.dif

==== patterns-base ====
Subpackages: patterns-base-apparmor patterns-base-bootloader patterns-base-minimal_base

- Install PAM manual pages instead of the PDFs
- specfile cleanup
- Don't recommend ntfs-3g by default on TW, the kernel module got
  improved

==== perl-Bootloader ====
Version update (0.936 -> 0.937)

- merge gh#openSUSE/perl-bootloader#137
- grub2 install: Support secure boot on powerpc (bsc#1192764
  jsc#SLE-18271).
- 0.937

==== podman ====
Subpackages: podman-cni-config

- Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade
  path from podman < 3.1.2

==== qemu ====

- It's time to really start requiring -F when using -b in
  qemu-img for us as well. Users/customers have been warned
  in the relevant release notes (bsc#1190135)
  * Patches dropped:
  Revert-qemu-img-Improve-error-for-rebase.patch
  Revert-qemu-img-Require-F-with-b-backing.patch

==== rdma-core ====
Version update (38.0 -> 38.1)
Subpackages: libefa1 libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1

- Update to v38.1
  - Major fixes for hns provider

==== shadow ====
Version update (4.9 -> 4.11.1)
Subpackages: login_defs

- The legacy code does not support /etc/login.defs.d used by YaST.
  Enable libeconf to read it (bsc#1192954).
- Update to 4.11.1:
  * build: include lib/shadowlog_internal.h in dist tarballs
- Update to 4.11:
  * Handle possible TOCTTOU issues in usermod/userdel
  - (CVE-2013-4235)
  - Use O_NOFOLLOW when copying file
  - Kill all user tasks in userdel
  * Fix useradd -D segfault
  * Clean up obsolete libc feature-check ifdefs
  * Fix -fno-common build breaks due to duplicate Prog declarations
  * Have single date_to_str definition
  * Fix libsubid SONAME version
  * Clarify licensing info, use SPDX.
- Update to 4.10:
  * From this release forward, su from this package should be
    considered deprecated. Please replace any users of it with su
  from util-linux
  * libsubid fixes
  * Rename the test program list_subid_ranges to getsubids, write
    a manpage, so distros can ship it.
  * Add libeconf dep for new*idmap
  * Allow all group types with usermod -G
  * Avoid useradd generating empty subid range
  * Handle NULL pw_passwd
  * Fix default value SHA_get_salt_rounds
  * Use https where possible in README
  * Update content and format of README
  * Translation updates
  * Switch from xml2po to itstool in 'make dist'
  * Fix double frees
  * Add LOG_INIT configurable to useradd
  * Add CREATE_MAIL_SPOOL documentation
  * Create a security.md
  * Fix su never being SIGKILLd when trapping TERM
  * Fix wrong SELinux labels in several possible cases
  * Fix missing chmod in chadowtb_move
  * Handle malformed hushlogins entries
  * Fix groupdel segv when passwd does not exist
  * Fix covscan-found newgrp segfault
  * Remove trailing slash on hoedir
  * Fix passwd -l message - it does not change expirey
  * Fix SIGCHLD handling bugs in su and vipw
  * Remove special case for "" in usermod
  * Implement usermod -rG to remove a specific group
  * call pam_end() after fork in child path for su and login
  * useradd: In absence of /etc/passwd, assume 0 == root
  * lib: check NULL before freeing data
  * Fix pwck segfault
- Remove because upstreamed:
  * shadow-4.9-pwck-segfault.patch
  * shadow-4.9-newgrp-segfault.patch
  * shadow-4.9-useradd-subuid.patch
  * shadow-4.9-sgent-free.patch
  * shadow-passwd-handle-null.patch
  * shadow-fix-sigabrt.patch
  * shadow-libeconf-include.patch
  * libsubid-build-fix.patch
- Refreshed:
  * shadow-util-linux.patch
  * shadow.changes
  * shadow.keyring
  * shadow.spec
  * useradd-script.patch
  * useradd-userkeleton.patch
  * userdel-script.patch
- Update shadow.keyring:
  * Serge Hallyn serge@hallyn.com (B175CFA98F192AF2)
  * Christian Brauner christian@brauner.io (4880B8C9BD0E5106FC070F4F7B3C391EFEA93624)

==== sqlite3 ====
Version update (3.36.0 -> 3.37.1)

- update to 3.37.1:
  * Fix a bug introduced by the UPSERT enhancements of version
    3.35.0 that can cause incorrect byte-code to be generated for
    some obscure but valid SQL, possibly resulting in a NULL-
    pointer dereference.
  * Fix an OOB read that can occur in FTS5 when reading corrupt
    database files.
  * Improved robustness of the --safe option in the CLI.
  * Other minor fixes to assert() statements and test cases.
- SQLite3 3.37.0:
  * STRICT tables provide a prescriptive style of data type
    management, for developers who prefer that kind of thing.
  * When adding columns that contain a CHECK constraint or a
    generated column containing a NOT NULL constraint, the
    ALTER TABLE ADD COLUMN now checks new constraints against
    preexisting rows in the database and will only proceed if no
    constraints are violated.
  * Added the PRAGMA table_list statement.
  * Add the .connection command, allowing the CLI to keep multiple
    database connections open at the same time.
  * Add the --safe command-line option that disables dot-commands
    and SQL statements that might cause side-effects that extend
    beyond the single database file named on the command-line.
  * CLI: Performance improvements when reading SQL statements that
    span many lines.
  * Added the sqlite3_autovacuum_pages() interface.
  * The sqlite3_deserialize() does not and has never worked
    for the TEMP database. That limitation is now noted in the
    documentation.
  * The query planner now omits ORDER BY clauses on subqueries and
    views if removing those clauses does not change the semantics
    of the query.
  * The generate_series table-valued function extension is modified
    so that the first parameter ("START") is now required. This is
    done as a way to demonstrate how to write table-valued
    functions with required parameters. The legacy behavior is
    available using the -DZERO_ARGUMENT_GENERATE_SERIES
    compile-time option.
  * Added new sqlite3_changes64() and sqlite3_total_changes64()
    interfaces.
  * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
  * Use less memory to hold the database schema.

==== sssd ====
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap

- Remove libsmbclient-devel BuildRequires in favor of
  pkgconfig(smbclient)

==== vim ====
Version update (8.2.3995 -> 8.2.4063)
Subpackages: vim-data-common vim-small

- disable-unreliable-tests-arch.patch: refresh
- Updated to version 8.2.4063, fixes the following problems
- fixes boo#1194559 CVE-2022-0156
  * Not all sshconfig files are detected as such.
  * Vim9: type checking for list and dict lacks information about declared
  type.
  * Vim9: not enough testing for extend() and map().
  * Asan error for adding zero to NULL.
  * Redundant check for NUL byte.
  * Coverity warns for checking for NULL pointer after using it.
  * Insert complete code uses global variables.
  * First char typed in Select mode can be wrong.
  * Error messages are spread out.
  * Old compiler complains about struct init with variable.
  * Error messages are spread out.
  * Vim9: crash when declaring variable on the command line.
  * Session does not restore help buffer properly when "options' is missing
  from 'sessionoptions'.
  * Error messages are spread out.
  * Reading one byte beyond the end of the line.
  * Error messages are spread out.
  * Test fails because of changed error number.
  * Error messages are spread out.
  * Build failure without the spell feature.
  * Git and gitcommit file types not properly recognized.
  * Build failure with tiny features. (Tony Mechelynck)
  * Vim9: incorrect error for argument that is shadowing var.
  * Gcc warns for misleading indent in Athena menu code.
  * ml_get error when win_execute redraws with Visual selection.
  * Vim9: import mechanism is too complicated.
  * Debugger test fails.
  * Missing part of the :import changes.
  * Two error messages in the wrong file.
  * Using uninitialized variable.
  * Confusing error message if imported name is used directly.
  * Error for import not ending in .vim does not work for .vimrc.
  * ml_get error with specific win_execute() command. (Sean Dewar)
  * ml_get error with :doautoall and Visual area. (Sean Dewar)
  * Debugging NFA regexp my crash, cached indent may be wrong.
  * A script local funcref is not found from a mapping.
  * Crash in xterm with only two lines. (Dominique Pellé)
  * ATTRIBUTE_NORETURN is not needed.
  * Running filetype tests leaves directory behind.
  * Coverity warns for possibly using a NULL pointer.
  * Timer triggered at the debug prompt may cause trouble.
  * Vim9: script test file is getting too long.
  * Insert mode completion is insufficiently tested.
  * Various code not used when features are disabled.
  * The xdiff library is linked in even when not used.
  * Keeping track of allocated lines in user functions is too complicated.
  * Using unitialized pointer.
  * Vim9: build error.
  * Using int for second argument of ga_init2().
  * Vim9: no error when importing the same script twice.
  * Some global functions are only used in one file.
  * Some error messages not in the right place.
  * Depending on the build features error messages are unused.
  * gcc complains about use of "%p" in printf.
  * Vim9: reading before the start of the line with "$" by itself.
  * Vim9: need to prefix every item in an autoload script.
  * Compiler complains about possibly uninitialized variable.
  * Not easy to resize a window from a plugin.
  * Vim9: autoload mechanism doesn't fully work yet.
  * Vim9 script test fails.
  * Vim9: line break in expression causes v:errmsg to be filled. (Yegappan
  Lakshmanan)
  * Vim9: memory leak when exporting function in autoload script.
  * Vim9: not fully implementing the autoload mechanism.
  * Vim9: import test failure in wrong line.
  * Vim9: an expression of a map cannot access script-local items. (Maxim Kim)
  * win_execute() is slow on systems where getcwd() or chdir() is slow. (Rick
  Howe)
  * Codecov bash script is deprecated.
  * Match highlighting of tab too short.
  * Vim9: exported function in autoload script not found. (Yegappan Lakshmanan)

==== wayland ====
Version update (1.19.0 -> 1.20.0)
Subpackages: libwayland-client0 libwayland-cursor0 libwayland-egl1

- Add wayland-shm-Close-file-descriptors-not-needed.patch: For
  platforms that support mremap(), we don't need to hold file
  descriptors all the time, because programs like Xwayland will
  hold a lot of file descriptors and may crash, this patch close
  file descriptors earlier for those platforms (bsc#1194190).
- obsolete/provide libwayland-egl-devel 18.0.2 also on sle15-sp4
- Update to release 1.20
  * A few protocol additions: wl_surface.offset allows clients to
    update a surface's buffer offset independently from the
    buffer, wl_output.name and description allow clients to
    identify outputs without depending on xdg-output-unstable-v1.
  * In protocol definitions, events have a new "type" attribute
    and can now be marked as destructors.
  * A number of bug fixes, including a race condition when
    destroying proxies in multi-threaded clients.

==== yast2 ====
Version update (4.4.34 -> 4.4.36)

- Adapted Report.yesno_popup to Ruby 3 (bsc#1193192)
- 4.4.36
- Simplify slide show to support future parallel installations
  (jsc#SLE-20437)
- 4.4.35