Packages changed:
  389-ds
  apache2
  apache2-manual
  apache2-prefork
  apache2-utils
  avahi
  aws-cli (1.22.28 -> 1.22.35)
  btrfsprogs (5.15 -> 5.16)
  busybox (1.34.1 -> 1.35.0)
  drbd-utils
  emacs
  flatpak (1.12.2 -> 1.12.3)
  frameworkintegration
  freerdp (2.4.1 -> 2.5.0)
  gdm (41.0 -> 41.3)
  ghostscript
  gnome-clocks
  gnome-session (40.1.1 -> 41.3)
  grub2
  iproute2 (5.15 -> 5.16)
  libqt5-qtwebengine (5.15.7 -> 5.15.8)
  libstorage-ng (4.4.72 -> 4.4.73)
  linux-glibc-devel (5.15 -> 5.16)
  nautilus (41.1 -> 41.2)
  nodejs-common
  patterns-base
  perl-HTTP-Message (6.35 -> 6.36)
  perl-IO-Socket-SSL (2.073 -> 2.074)
  poppler (21.12.0 -> 22.01.0)
  poppler-qt5 (21.12.0 -> 22.01.0)
  python-gtk
  python-kiwi (9.24.14 -> 9.24.16)
  qemu
  strace (5.15 -> 5.16)
  yast2 (4.4.34 -> 4.4.36)
  yast2-installation (4.4.33 -> 4.4.34)
  yast2-packager (4.4.18 -> 4.4.19)
  yast2-schema (4.4.7 -> 4.4.8)
  yast2-security (4.4.6 -> 4.4.7)
  yast2-storage-ng (4.4.31 -> 4.4.32)

=== Details ===

==== 389-ds ====
Subpackages: lib389 libsvrcore0

- Fix %pre macro in pkg for systemd services
- Remove recommends on supportutils per review
- Remove insecure recommends on md5 sasl auth

==== apache2 ====

- Align some defaults in apache2-server-tuning.conf to upstream
  defaults:
  * Updated MaxRequestWorkers and ServerLimit to 256. [bsc#1194062]
- The old name MaxRequestsPerChild is changed to MaxConnectionsPerChild.
  * See https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxconnectionsperchild

==== apache2-manual ====

- Align some defaults in apache2-server-tuning.conf to upstream
  defaults:
  * Updated MaxRequestWorkers and ServerLimit to 256. [bsc#1194062]
- The old name MaxRequestsPerChild is changed to MaxConnectionsPerChild.
  * See https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxconnectionsperchild

==== apache2-prefork ====

- Align some defaults in apache2-server-tuning.conf to upstream
  defaults:
  * Updated MaxRequestWorkers and ServerLimit to 256. [bsc#1194062]
- The old name MaxRequestsPerChild is changed to MaxConnectionsPerChild.
  * See https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxconnectionsperchild

==== apache2-utils ====

- Align some defaults in apache2-server-tuning.conf to upstream
  defaults:
  * Updated MaxRequestWorkers and ServerLimit to 256. [bsc#1194062]
- The old name MaxRequestsPerChild is changed to MaxConnectionsPerChild.
  * See https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxconnectionsperchild

==== avahi ====
Subpackages: avahi-lang libavahi-client3 libavahi-client3-32bit libavahi-common3 libavahi-common3-32bit libavahi-core7

- Move sftp-ssh and ssh services to the doc directory. They allow
  a host's up/down status to be easily discovered and should not
  be enabled by default (boo#1179060).

==== aws-cli ====
Version update (1.22.28 -> 1.22.35)

- Update to version 1.22.35
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.22.35/CHANGELOG.rst
- Update Requires in spec file from setup.py

==== btrfsprogs ====
Version update (5.15 -> 5.16)
Subpackages: btrfsprogs-udev-rules libbtrfs0

- Update to 5.16
  * rescue: new subcommand clear-uuid-tree to fix failed mount due to bad uuid
    subvolume keys, caught by tree-checker
  * fi du: skip inaccessible files
  * prop: properly resolve to symlink targets
  * send, receive: fix crash after parent subvolume lookup errors
  * build:
  * fix build on 5.12+ kernels due to changes in linux/kernel.h
  * fix build on musl with old kernel headers
  * other:
  * error handling fixes, cleanups, refactoring
  * extent tree v2 preparatory work
  * lots of RST documentation updates (last release with asciidoc sources),
    https://btrfs.readthedocs.io
- Update to 5.15.1
  * fi usage: fix wrongly reported space of used or unallocated space
  * fix detection of block device discard capability
  * check: add more sanity checks for checksum items
  * build: make sphinx optional backend for documentation

==== busybox ====
Version update (1.34.1 -> 1.35.0)
Subpackages: busybox-static

- Update to 1.35.0
  - Adjust busybox.config for new features in find, date and cpio
- Annotate CVEs already fixed in upstream, but not mentioned in .changes:
  * CVE-2017-16544 (bsc#1069412): Insufficient sanitization of filenames when autocompleting
  * CVE-2015-9261 (bsc#1102912): huft_build misuses a pointer, causing segfaults
  * CVE-2016-2147 (bsc#970663): out of bounds write (heap) due to integer underflow in udhcpc
  * CVE-2016-2148 (bsc#970662): heap-based buffer overflow in OPTION_6RD parsing
  * CVE-2016-6301 (bsc#991940): NTP server denial of service flaw
  * CVE-2017-15873 (bsc#1064976): The get_next_block function in archival/libarchive/decompress_bunzip2.c has an Integer Overflow
  * CVE-2017-15874 (bsc#1064978): archival/libarchive/decompress_unlzma.c has an Integer Underflow
  * CVE-2019-5747 (bsc#1121428): out of bounds read in udhcp components
  * CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376,
    CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380,
    CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384,
    CVE-2021-42385, CVE-2021-42386 (bsc#1192869) : v1.34.0 bugfixes
  - CVE-2021-28831 (bsc#1184522): invalid free or segmentation fault via malformed gzip data
  - CVE-2018-20679 (bsc#1121426): out of bounds read in udhcp
  - CVE-2018-1000517 (bsc#1099260):  Heap-based buffer overflow in the retrieve_file_data()
  - CVE-2011-5325 (bsc#951562): tar directory traversal
  - CVE-2018-1000500 (bsc#1099263):  wget: Missing SSL certificate validation

==== drbd-utils ====

- remove instance units from post scripts, they can not be reloaded

==== emacs ====
Subpackages: emacs-info emacs-nox emacs-x11 etags

- Skip patch boo1180353-6d8144a2.patch for emacs 25.3 as already
  part of emacs 27.2: Was fix for boo#1180353 that was a possible
  segmentation fault in case of stack overflow of etags

==== flatpak ====
Version update (1.12.2 -> 1.12.3)
Subpackages: libflatpak0 system-user-flatpak

- Update to 1.12.3:
  + CVE-2021-43860: a malicious repository could have sent invalid
    application metadata in a way that hides some of the app
    permissions displayed during installation (boo#1194610)
  + flatpak-builder could allow --mirror-screenshots-url commands
    to create directories outside of the build directory
    (boo#1194611)
  + Extra-data downloading now properly handles compressed
    content-encodings which fixes checksum verification
  + Note: In some corner case server setups this may require the
    extra-data checksum to be changed
  + Avoid unnecessary policy-kit dialog due to auto-pinning when
    installing runtimes
  + Better handling of updates of extensions that exist in multiple
    repositories
  + Fixed (initial) installation apps with renamed ids
  + Fixed regression in updates from no-enumerate remotes
  + We now verify checksums of summary caches, to better handle
    local file corruption
  + Improved cli output for non-terminal targets
  + Flatpak run --session-bus now works
  + Fix build with PyParsing >= 3.0.4
  + Fixed "Since" annotations on FlatpakTransaction signals
  + bash auto completion now doesn't complete on command name
    aliases
  + Minor improvements to the search command
  + Minor improvements to the list command
  + Minor improvements to the repair command
  + Add more tests
  + Updated translations.
- Drop support-new-pyparsing.patch: Fixed upstream.

==== frameworkintegration ====
Subpackages: frameworkintegration-plugin libKF5Style5

- Add upstream change to fix a regression in 5.90.0 (kde#448237)
  * 0001-Fix-wrong-porting-of-KNSCore-Engine-configSearchLoca.patch

==== freerdp ====
Version update (2.4.1 -> 2.5.0)
Subpackages: libfreerdp2-2 libwinpr2-2

- Upgraded to freerdp 2.5.0
  * Fixed smartcard login in case a redirection occurs the pin was lost
  * Backported windows client drawing fixes
  * Backported improved macOS keyboard layout detection
  * Backported TcpConnectTimeout
  * Backported LibreSSL compatibility patches
  * Backported signal handler backtrace
  * Backported OpenSSL 3.0 support
  * Backport #gh:FreeRDP/FreeRDP#7539: Wayland client clipboard issues
  * Backport #gh:FreeRDP/FreeRDP#7509: Various fixes regarding registry
    emulation, addin loader and updated locale detection
  * Backport #gh:FreeRDP/FreeRDP#7466: Android android_register_pointer
    missing initialization

==== gdm ====
Version update (41.0 -> 41.3)
Subpackages: gdm-lang gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0

- Update to version 41.3:
  + Juggle Xorg's -listen/-nolisten command line change better.
  + Fix session type selection.
  + Fix crash.
  + Drop vestigial gdm-pin service.
  + XDMCP fixes.
  + Wayland nvidia udev updates.
  + Updated translations.
- Rebase gdm-disable-wayland-on-mgag200-chipsets.patch.
- Drop gdm-daemon-Infer-session-type-from-desktop-file.patch and
  gdm-restart-greeter-session-after-crash.patch: fixed upstream.

==== ghostscript ====
Subpackages: ghostscript-x11

- CVE-2021-45949.patch fixes CVE-2021-45949
  heap-based buffer overflow in sampled_data_finish
  cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
  (bsc#1194304)
- CVE-2021-45944 use-after-free in sampled_data_sample
  is already fixed in the Ghostscript 9.54.0 upstream sources
  (bsc#1194303)

==== gnome-clocks ====
Subpackages: gnome-clocks-lang gnome-shell-search-provider-gnome-clocks

- Add appstream-glib, desktop-file-utils BuildRequires and check
  section and meson_test macro, run tests during build.
- Modernize our Supplements to current standard.

==== gnome-session ====
Version update (40.1.1 -> 41.3)
Subpackages: gnome-session-core gnome-session-default-session gnome-session-lang gnome-session-wayland

- Update to version 41.3:
  + No changes, just version synching.
- Changes from version 40.8:
  + data: Install GNOME on Wayland session for X11 preferred setups
  + Don't spew as much into log when falling back to non-systemd sessions
  + Work better with certain versions of meson
  + Correct screwed up check for gnome-shell
  + Various cleanups and leak fixes
  + Updated translations.
- Rebase gnome-session-better-handle-empty-xdg_session_type.patch.
- Drop gnome-session-exit-when-lost-name-on-bus.patch: no longer
  applicable.

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen

- Power guest secure boot with static keys: GRUB2 signing portion
  (jsc#SLE-18271) (bsc#1192764)
  * 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch
- Power guest secure boot with static keys: GRUB2 signing portion
  (jsc#SLE-18271) (bsc#1192764)
  * grub2.spec
- Power guest secure boot with static keys: GRUB2 portion (jsc#SLE-18144)
  (bsc#1192686)
  * 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch
  * 0002-ieee1275-claim-more-memory.patch
  * 0003-ieee1275-request-memory-with-ibm-client-architecture.patch
  * 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch
  * 0005-docs-grub-Document-signing-grub-under-UEFI.patch
  * 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch
  * 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch
  * 0008-pgp-factor-out-rsa_pad.patch
  * 0009-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch
  * 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch
  * 0011-libtasn1-import-libtasn1-4.18.0.patch
  * 0012-libtasn1-disable-code-not-needed-in-grub.patch
  * 0013-libtasn1-changes-for-grub-compatibility.patch
  * 0014-libtasn1-compile-into-asn1-module.patch
  * 0015-test_asn1-test-module-for-libtasn1.patch
  * 0016-grub-install-support-embedding-x509-certificates.patch
  * 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch
  * 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch
  * 0019-appended-signatures-support-verifying-appended-signa.patch
  * 0020-appended-signatures-verification-tests.patch
  * 0021-appended-signatures-documentation.patch
  * 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch
  * 0023-x509-allow-Digitial-Signature-plus-other-Key-Usages.patch
- Fix no menuentry is found if hibernation on btrfs RAID1 (bsc#1193090)
  * grub2-systemd-sleep-plugin

==== iproute2 ====
Version update (5.15 -> 5.16)

- remove routef from links; it doesn't exist anymore
- update to 5.16:
  * devlink: Fix cmd_dev_param_set() to check configuration mode
  * ip: add AMT support
  * iplink_can: fix configuration ranges in print_usage() and add
    unit
  * tc: flower: Fix buffer overflow on large labels
  * ip/ipnexthop: fix unsigned overflow in parse_nh_group_type_res()
  * tc/m_vlan: fix print_vlan() conditional on TCA_VLAN_ACT_PUSH_ETH
  * iplink_can: add new CAN FD bittiming parameters:
    Transmitter Delay Compensation (TDC)

==== libqt5-qtwebengine ====
Version update (5.15.7 -> 5.15.8)

- Update to version 5.15.8:
  * Update Chromium:
    [Backport] CVE-2021-3517: libxml2: Heap-based buffer overflow
    in xmlEncodeEntitiesInternal() in entities.c
    [Backport] CVE-2021-3541 libxml2: Exponential entity expansion
    attack bypasses all existing protection mechanisms
    [Backport] CVE-2021-37984 : Heap buffer overflow in PDFium
    [Backport] CVE-2021-37987 : Use after free in Network APIs
    [Backport] CVE-2021-37989 : Inappropriate implementation in Blink
    [Backport] CVE-2021-37992 : Out of bounds read in WebAudio
    [Backport] CVE-2021-37993 : Use after free in PDF Accessibility
    [Backport] CVE-2021-37996 : Insufficient validation of untrusted
    input in Downloads
    [Backport] CVE-2021-38001 : Type Confusion in V8
    [Backport] CVE-2021-38003 : Inappropriate implementation in V8
    [Backport] CVE-2021-38005: Use after free in loader (1/3)
    [Backport] CVE-2021-38005: Use after free in loader (2/3)
    [Backport] CVE-2021-38005: Use after free in loader (3/3)
    [Backport] CVE-2021-38007: Type Confusion in V8
    [Backport] CVE-2021-38009: Inappropriate implementation in cache
    [Backport] CVE-2021-38010: Inappropriate implementation in serviceworkers
    [Backport] CVE-2021-38012: Type Confusion in V8
    [Backport] CVE-2021-38015: Inappropriate implementation in input
    [Backport] CVE-2021-38017: Insufficient policy enforcement in iframe
    sandbox
    [Backport] CVE-2021-38018: Inappropriate implementation in navigation
    [Backport] CVE-2021-38019: Insufficient policy enforcement in CORS
    [Backport] CVE-2021-38021: Inappropriate implementation in referrer
    [Backport] CVE-2021-38022: Inappropriate implementation in WebAuthentication
    [Backport] CVE-2021-4057: Use after free in file API
    [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (1/2)
    [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (2/2)
    [Backport] CVE-2021-4059: Insufficient data validation in loader
    [Backport] CVE-2021-4062: Heap buffer overflow in BFCache
    [Backport] CVE-2021-4078: Type confusion in V8
    [Backport] CVE-2021-4079: Out of bounds write in WebRTC
    [Backport] CVE-2021-4098: Insufficient data validation in Mojo
    [Backport] CVE-2021-4099: Use after free in Swiftshader
    [Backport] CVE-2021-4101: Heap buffer overflow in Swiftshader.
    [Backport] CVE-2021-4102: Use after free in V8
    [Backport] Dependency for CVE-2021-37989
    [Backport] Dependency for CVE-2021-38009
    [Backport] Security bug 1245870
    [Backport] Security bug 1252858
    [Backport] Security bug 1259899
    Bump V8_PATCH_LEVEL
    Compile with GCC 11 -std=c++20
    Fix stack overflow on gpu channel recreate with an error
    Use wglSetPixelFormat directly only if in software mode
    [Backport] Handle long SIGSTKSZ in glibc > 2.33
    [Backport] abseil-cpp: Fixes build with latest glibc
  * Handle qtpdf compilation with static runtime
  * Add bitcode support for qtpdf on ios
  * Do not access accessibility from qt post routines
  * Blacklist javascriptClipboard test on ubuntu 20.04
  * Re-enable network-service-in-process
  * Bump version from 5.15.7 to 5.15.8
  * Update patch level
  * Fix pinch gesture
  * Fix leak of properties after XkbRF_GetNamesProp
  * Fix leak on getDefaultScreeenId
- Drop patch:
  * 0001-Fix-build-with-glibc-2.34.patch

==== libstorage-ng ====
Version update (4.4.72 -> 4.4.73)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1

- Translated using Weblate (Indonesian) (bsc#1149754)
- 4.4.73

==== linux-glibc-devel ====
Version update (5.15 -> 5.16)

- Update to kernel headers 5.16

==== nautilus ====
Version update (41.1 -> 41.2)
Subpackages: gnome-shell-search-provider-nautilus libnautilus-extension1 nautilus-lang

- Update to version 41.2:
  + Avoid cropping format popover in Compress dialog.
  + Fix "Move to"/"Copy to" from Starred.
  + Fix memory leak on tab switch.
  + Updated translations.

==== nodejs-common ====

- Use NodeJS 17 as default for TW

==== patterns-base ====
Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced

- Install PAM manual pages instead of the PDFs
- specfile cleanup
- Don't recommend ntfs-3g by default on TW, the kernel module got
  improved

==== perl-HTTP-Message ====
Version update (6.35 -> 6.36)

- updated to 6.36
  see /usr/share/doc/packages/perl-HTTP-Message/Changes
  6.36      2022-01-05 14:39:42Z
  - Fix examples in HTTP::Request::Common synopsis: HTTP::Request::Common
    does not put headers in an arrayref, unlike HTTP::Request (GH#170) (Karen
    Etheridge)
  - Update to contributing information (GH#171) (Håkon Hægland)

==== perl-IO-Socket-SSL ====
Version update (2.073 -> 2.074)

- updated to 2.074
  see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
  2.074
  - add SSL_ciphersuites option for TLS 1.3 ciphers
  - no longer use own default for ciphers, instead use system default but disable
    some weak ciphers which might still be enabled on older systems

==== poppler ====
Version update (21.12.0 -> 22.01.0)
Subpackages: libpoppler-cpp0 libpoppler-glib8 poppler-tools

- Update to 22.01.0:
  core:
  * Allow local (relative to dll) fonts dir on Windows
  * TextOutputDev: require more spacing between columns.
    Issue #1093
  * Fix crash in Splash::gouraudTriangleShadedFill. Issue #1183
  * Fix crash when calling Form::reset()
  * GfxSeparationColorSpace: Check validity of colorspace and
    function. Issue #1184
  * Minor code improvements
  glib:
  * Include glib.h before using defines from it
  * Close file descriptors on error
  * Plug some memory leaks
  * Replace use of deprecated g_memdup/g_time_zone_new
  * Remove FD-taking functions on windows
  utils:
  * pdfsig: Add support for documents with passwords
  * pdfsig: Fix signing with -sign if nss password is needed

==== poppler-qt5 ====
Version update (21.12.0 -> 22.01.0)

- Update to 22.01.0:
  core:
  * Allow local (relative to dll) fonts dir on Windows
  * TextOutputDev: require more spacing between columns.
    Issue #1093
  * Fix crash in Splash::gouraudTriangleShadedFill. Issue #1183
  * Fix crash when calling Form::reset()
  * GfxSeparationColorSpace: Check validity of colorspace and
    function. Issue #1184
  * Minor code improvements
  glib:
  * Include glib.h before using defines from it
  * Close file descriptors on error
  * Plug some memory leaks
  * Replace use of deprecated g_memdup/g_time_zone_new
  * Remove FD-taking functions on windows
  utils:
  * pdfsig: Add support for documents with passwords
  * pdfsig: Fix signing with -sign if nss password is needed

==== python-gtk ====

- add python-rpm-macros dependency

==== python-kiwi ====
Version update (9.24.14 -> 9.24.16)

- Bump version: 9.24.15 ? 9.24.16
- Fixed regression in compression detection
  The change from 282529de8f612dee32d54ee868c2365dcd829220
  Introduced a bad regression. The assumption was made that the
  xz tool could be used to detect if a file is compressed or not.
  However, this requires the file to be locally present. In the
  scope of the method call is_compressed() and within a remote
  deployment e.g PXE this is not the case. Therefore the former
  way to "detect" the compression according to the .xz postfix
  of the source filename was restored. In addition the function
  name was changed to is_xz_compressed() because that's what the
  method can do and not more. This Fixes #2015
- Added debug option --debug-run-scripts-in-screen
  Instead of running scripts in screen if the --debug switch is
  set, we allow to explicitly switch on this behavior via
  a new option. This Fixes #2010
- Change packages target for bootincludes
  Packages marked with bootinclude="true" will be added to the
  referenced kiwi boot image description if the initrd_system
  is set to "kiwi" instead of "dracut". The package marked was
  primarily added to the type="image" section and got only
  added to the type="bootstrap" section if no image type section
  existed. However, it has turned out that this approach has
  the disadvantage that packages which must be installed as
  part of the bootstraping (e.g certificates) cannot be handled.
  This commit changes the behavior of the bootinclude to include
  the package always to the type="bootstrap" section.
- Add GitHub workflow badges
- Fixed Codacy Badge
- Allow firmware="custom" setting
  The firmware attribute in kiwi is used to indicate for
  which boot firmware the image should be build. Specifying
  the target firmware is helpful to create for example the
  correct disk layout. If no firmware is specified KIWI
  decides for a default according to the image architecture.
  This selection is not 100% accurate and as we don't know
  the later target system. Especially for embedded devices
  the correct disk layout and other settings can be
  board specific and KIWI's default settings regarding the
  firmware could be invalid. For compatibility reasons we
  cannot switch off the default selection case and therefore
  a new attribute value "custom" is introduced with this
  commit. If set KIWI does not select any firmware and
  consequently all settings caused by a firmware setup will
  be skipped. On the other hand this means all needed
  settings for the target to boot and not done by KIWI
  needs to be specified explicitly and as needed.
- Add util-linux dep for -systemdeps-disk-images subpackage
  Without this dependency, kiwi fails to work properly in minimal image
  build environments, like in a mock chroot where util-linux is not installed.
- index.rst: fix headline
  * third try: apply diff by schaefi
- index.rst: fix headline
  * removed lonely bracket
  * added more lines to fix syntax
- index.rst: Change title (bsc#1189294#c2)
  * 'KIWI NG 9: KIWI NG Documentation' -> 'Building Linux System Appliances with KIWI Next Generation (KIWI NG <VERSION>)
  * suggested in bsc#1189294#c2 for more clarity
  * change has been discussed with and approved by main author (Marcus S.)
- support compressed modules in other formats
  when cleaning up the firmware directory for unused files
- Bump version: 9.24.14 ? 9.24.15
- Update documentation
  Rework troubleshooting chapter and add an article
  about app security subsystems like selinux and their
  potential influence on building images. Also update
  the quickstart with a reference to the troublshooting
  chapter. This Fixes #1891
- Added support for collection modules
  In CentOS Stream 8 and Red Hat Enterprise Linux 8, there are
  Application Streams that are offered in the form of modules
  (using Fedora Modularity technology). To build images that use
  this content KIWI needs to support to enable/disable various
  modules. This commit allows to configure collection modules
  in a new element as shown below
  <packages type="bootstrap">
  <collectionModule name="module" stream="stream" enable="true|false"/>
  </packages>
  This Fixes Issue #1999

==== qemu ====
Subpackages: qemu-accel-qtest qemu-accel-tcg-x86 qemu-arm qemu-audio-spice qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-nfs qemu-block-rbd qemu-block-ssh qemu-chardev-baum qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-microvm qemu-ppc qemu-s390x qemu-seabios qemu-sgabios qemu-skiboot qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-vhost-user-gpu qemu-x86

- It's time to really start requiring -F when using -b in
  qemu-img for us as well. Users/customers have been warned
  in the relevant release notes (bsc#1190135)
  * Patches dropped:
  Revert-qemu-img-Improve-error-for-rebase.patch
  Revert-qemu-img-Require-F-with-b-backing.patch

==== strace ====
Version update (5.15 -> 5.16)

- Update to strace 5.16
  * Improvements
  * Implemented --secontext=mismatch option to find mismatches in SELinux
    contexts.
  * Implemented decoding of futex_waitv syscall introduced in Linux 5.16.
  * Implemented decoding of BPF_LINK_GET_NEXT_ID and BPF_LINK_GET_FD_BY_ID bpf
    syscall commands.
  * Enhanced decoding of BPF_MAP_CREATE, BPF_PROG_TEST_RUN, and BPF_PROG_LOAD
    bpf syscall commands.
  * Enhanced decoding of BTRFS_IOC_FS_INFO ioctl command.
  * Updated lists of AUDIT_*, BPF_*, BTRFS_*, DEVCONF_*, FAN_*, ETH_P_*,
    IPV4_DEVCONF_*, KVM_*, NDA_*, SO_*, and V4L2_* constants.
  * Updated lists of ioctl commands from Linux 5.16.

==== yast2 ====
Version update (4.4.34 -> 4.4.36)
Subpackages: yast2-logs

- Adapted Report.yesno_popup to Ruby 3 (bsc#1193192)
- 4.4.36
- Simplify slide show to support future parallel installations
  (jsc#SLE-20437)
- 4.4.35

==== yast2-installation ====
Version update (4.4.33 -> 4.4.34)

- Show release notes button in progress in Qt interface
  (jsc#SLE-20437)
- 4.4.34

==== yast2-packager ====
Version update (4.4.18 -> 4.4.19)

- Simplify slide show to support future parallel installations
  (jsc#SLE-20437)
- 4.4.19

==== yast2-schema ====
Version update (4.4.7 -> 4.4.8)

- Added lsm 'none' section to the security schema (jsc#SLE-22069)
- 4.4.8

==== yast2-security ====
Version update (4.4.6 -> 4.4.7)

Related to jsc#SLE-22069:
  - Autoyast LSM section: added "none" section in order to mark it
    as not selectable during the installation.
- 4.4.7

==== yast2-storage-ng ====
Version update (4.4.31 -> 4.4.32)

- Allow to skip the activation of the rest of LUKS devices
  (bsc#1162545).
- Partitioner: always allow to provide password for closed LUKS
  devices.
- 4.4.32