Packages changed:
  at-spi2-core (2.40.0 -> 2.40.1)
  cups
  glib-networking (2.68.0 -> 2.68.1)
  installation-images-MicroOS (17.0 -> 17.2)
  lcms2 (2.11 -> 2.12)
  libjpeg-turbo
  libressl (3.2.5 -> 3.3.3)
  librsvg (2.50.4 -> 2.50.5)
  mokutil
  selinux-policy
  snapper
  yast2 (4.4.2 -> 4.4.3)
  zchunk (1.1.9 -> 1.1.11)

=== Details ===

==== at-spi2-core ====
Version update (2.40.0 -> 2.40.1)
Subpackages: libatspi0

- Update to version 2.40.1:
  + Fix double free when removing event listeners.
  + Fix numlock detection.

==== cups ====
Subpackages: cups-config libcups2

- When cupsd creates directories with specific owner group
  and permissions (usually owner is 'root' and group matches
  "configure --with-cups-group=lp") specify same owner group and
  permissions in the RPM spec file to ensure those directories
  are installed by RPM with the right settings because if those
  directories were installed by RPM with different settings then
  cupsd would use them as is and not adjust its specific owner
  group and permissions which could lead to privilege escalation
  from 'lp' user to 'root' via symlink attacks e.g. if owner is
  falsely 'lp' instead of 'root' CVE-2021-25317 (bsc#1184161)

==== glib-networking ====
Version update (2.68.0 -> 2.68.1)

- Update to version 2.68.1:
  + Fix threadsafety issue in certificate verification.
  + Temporarily remove support for downloading missing intermediate
    certificates with GnuTLS 3.7.

==== installation-images-MicroOS ====
Version update (17.0 -> 17.2)

- merge gh#openSUSE/installation-images#506
- gdb extension: include debuginfod-find (debuginfod-client.rpm)
  (bsc#1182649)
- Document API of ResolveDeps and friends
- Moved resolve_deps_libsolv to its own module
- Add data files for testing ResolveDepsLibsolv.
- resolve_deps_libsolv: add basic tests, don't hardcode solv
  filename
- BuildRequire debuginfod-client
- 17.2
- merge gh#openSUSE/installation-images#509
- trigger automatic nvme discovery in udev start script
  (bsc#1184908)
- create NVMe config files before udevd is started (bsc#1184908)
- 17.1

==== lcms2 ====
Version update (2.11 -> 2.12)

- update to 2.12:
  * Added build system for fast-float plugin (see plugin documentation)
  * Added new build-in sigmoidal tone curve
  * Added XCode 12 project
  * Added support for multichannel input up to 15 channels
  * Fix LUT8 write matrix
  * Fix version mess on 10/11
  * Fix tools & samples xgetopt
  * Fix warnings on different function pointers
  * Fix matlab MEX compilation
  * plugin: cleanup and better SSE detection
  * plugin: add lab to any on float
  * plugin: it can now be compiled as C++
  * recover PDF documentation, but try to keep it under a resonable size.
  * Prevent a rare but possible out-of-bounds read in postscript generator
  * Fix some compiler warnings
  * Add named color profile building sample to testbed

==== libjpeg-turbo ====

- disable SIMD for armv6hl, not available

==== libressl ====
Version update (3.2.5 -> 3.3.3)
Subpackages: libcrypto46 libssl48 libtls20

- Update to release 3.3.3
  * Support for DTLSv1.2.
  * Continued rewrite of the record layer for the legacy stack.
  * Numerous bugs and interoperability issues were fixed in the
    new verifier. A few bugs and incompatibilities remain, so
    this release uses the old verifier by default.
  * The OpenSSL 1.1 TLSv1.3 API is not yet available.

==== librsvg ====
Version update (2.50.4 -> 2.50.5)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2

- Update to version 2.50.5:
  + Images embedded as data: URLs didn't render if they had a MIME
    type with a charset parameter.
  + Don't allow number lists with unbounded lengths in tableValues
    attributes, for feComponentTransfer and feConvolveMatrix.
  + Negative rx/ry in rect element should be ignored.

==== mokutil ====

- spec file cleanup

==== selinux-policy ====
Subpackages: selinux-policy-targeted

- Updated fix_networkmanager.patch to allow NetworkManager to watch
  its configuration directories
- Added fix_dovecot.patch to fix dovecot authentication (bsc#1182207)

==== snapper ====
Subpackages: libsnapper5

- fixed systemd sandboxing (bsc#1185596)

==== yast2 ====
Version update (4.4.2 -> 4.4.3)

- Do not crash when a client execution return false
  (related to bsc#1185561, and bsc#1180954).
- 4.4.3

==== zchunk ====
Version update (1.1.9 -> 1.1.11)

- Update to version 1.1.11
  * Fix memory leak of zck->prep_digest
  * Fix argp detection
  * Handle certain rare web servers that don't start with \r\n
- Drop upstream merged fix-test-argp.patch