Packages changed:
  alsa
  apparmor
  at-spi2-core (2.40.1 -> 2.40.2)
  avahi
  compat-usrmerge
  cups
  gobject-introspection
  libX11 (1.7.1 -> 1.7.2)
  libapparmor
  libnettle (3.7.2 -> 3.7.3)
  librsvg (2.50.6 -> 2.50.7)
  openSUSE-build-key
  pam-config
  polkit
  python-attrs (20.3.0 -> 21.2.0)
  python-idna (3.1 -> 3.2)
  python-more-itertools (8.7.0 -> 8.8.0)
  python-oauthlib (3.1.0 -> 3.1.1)
  python38
  python38-core
  setools
  u-boot-rpiarm64

=== Details ===

==== alsa ====

- Fix regression in config read and UCM handling on pipewire and
  pulseaudio (boo#1187079, boo#1187033):
  0001-conf-fix-load_for_all_cards.patch
  0002-ucm-add-_alibpref-to-get-the-private-device-prefix.patch
  0003-ucm-fix-_alibpref-string-add-.-delimiter-to-the-end.patch

==== apparmor ====
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor

- move Requires: python3 back to the python3-apparmor subpackage -
  readline usage is in the python modules, not in apparmor-utils
- Remove python symbols (python means currently python2), work
  only with python3 ones (fallout from bsc#1185588).

==== at-spi2-core ====
Version update (2.40.1 -> 2.40.2)
Subpackages: libatspi0

- Update to version 2.40.2:
  + README: Remove outdated links.
  + Key grab fixes for the new API.
  + registryd: Add a missing call to va_end.

==== avahi ====
Subpackages: libavahi-client3 libavahi-common3

- Fix libavahi-devel requirements. The devel package installs
  libavahi-libevent.so but didn't require the library it's
  pointing to.

==== compat-usrmerge ====

- early exit in case of overlayfs (boo#1187027)
- Avoid dependency on mountpoint from util-linux
- Also check for availability of find
- fix conversion with split /usr (boo#1186781)
- exit early if one of the affected directories has mountpoint
  beneath it
- add fallback for filesystems without renameat2 (boo#1186637)

==== cups ====
Subpackages: cups-config libcups2

- Provide /usr/share/cups/ppdc/ in the "cups" main package
  to avoid that "lpinfo -m" results in /var/log/cups/error_log
  things like "ppdc: Unable to find include file font.defs"
  or "ppdc: Unable to find include file hp.h" and then
  "Bad driver information file /usr/share/cups/drv/sample.drv"
  (bsc#1186843)

==== gobject-introspection ====
Subpackages: girepository-1_0 libgirepository-1_0-1

- gi-find-deps.sh: on Tumbleweed, HOSTTYPE on ppc64/ppc64le reports
  powerpc64 and powerpc64le: accept those strings as 64bit archs.

==== libX11 ====
Version update (1.7.1 -> 1.7.2)
Subpackages: libX11-6 libX11-data

- Update to version 1.7.2
  * bug fix release, correcting a regression introduced by and
    improving the checks from the fix for CVE-2021-31535.
- supersedes U_Check-for-NULL-strings-before-getting-their-lengths.patch

==== libapparmor ====

- move Requires: python3 back to the python3-apparmor subpackage -
  readline usage is in the python modules, not in apparmor-utils
- Remove python symbols (python means currently python2), work
  only with python3 ones (fallout from bsc#1185588).

==== libnettle ====
Version update (3.7.2 -> 3.7.3)
Subpackages: libhogweed6 libnettle8

- GNU Nettle 3.7.3: [CVE-2021-3580, bsc#1187060]
  * Fix crash for zero input to rsa_sec_decrypt and
    rsa_decrypt_tr. Potential denial of service vector.
  * Ensure that all of rsa_decrypt_tr and rsa_sec_decrypt return
    failure for out of range inputs, instead of either crashing,
    or silently reducing input modulo n. Potential denial of
    service vector.
  * Ensure that rsa_decrypt returns failure for out of range
    inputs, instead of silently reducing input modulo n.
  * Ensure that rsa_sec_decrypt returns failure if the message
    size is too large for the given key. Unlike the other bugs,
    this would typically be triggered by invalid local
    configuration, rather than by processing untrusted remote
    data.

==== librsvg ====
Version update (2.50.6 -> 2.50.7)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2

- Update to version 2.50.7:
  + Two cairo-related bug fixes:
  - glgo#GNOME/librsvg#745: Fix mismatched cairo_save/restore
    when running in inside the Cairo test suite.
  - glgo#GNOME/librsvg#746: Possible cairo_save() without
    cairo_restore() in render_layer().

==== openSUSE-build-key ====

- remove dumpsigs, unused since SLE12+ (rpm 4.x) (bsc#1186827)
- add URL
- spec-cleaner run
- Merge changes from openSUSE Leap 15.3 for rpm-repos-openSUSE (boo#1186593)
- Refresh the SLE15 build@suse.de key
  * Updated gpg-pubkey-39db7c82-5847eb1f.asc

==== pam-config ====

- Add "revoke" to the option list for pam_keyinit
  (Remove some leftover debugs while we're at it)
  [pam-config-fix-pam_keyinit-options.patch]
- prior to writing an service-specific config file, the main function
  calls access() on the destination file in /etc/pam.d.
  This will fail and no config file will be written when the original
  config file was installed in /usr/etc/pam.d.
  A similar problem exists when creating the new service file:
  create_service_file() wants to give the new service file the same
  user, group and mode as the old one, but the old one may not exist.
  In that case, set these to 0(root), 0(root), and 0644.
  [pam-config-remove-bad-access-call.patch]

==== polkit ====
Subpackages: libpolkit0

- Fix verifyscript: the path to the binary was wrongly defined as
  %{_libexecdir}/lib.
- CVE-2021-3560: fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync()
  (bsc#1186497)
  CVE-2021-3560.patch

==== python-attrs ====
Version update (20.3.0 -> 21.2.0)

- update to 21.2.0:
  * We had to revert the recursive feature for ``attr.evolve()`` because it
    broke some use-cases -- sorry!
  * Python 3.4 is now blocked using packaging metadata because ``attrs`` can't
    be imported on it anymore.
  * The long-awaited, much-talked-about, little-delivered ``import attrs`` is
    finally upon us!
  * The *cmp* argument to ``attr.s()`` and `attr.ib()` has been **undeprecated**
    It will continue to be supported as syntactic sugar to set *eq* and *order* in one go.
  * Further smaller changes, see included Changelog.md

==== python-idna ====
Version update (3.1 -> 3.2)

- update to 3.2:
  * Add type hints (Thanks, Seth Michael Larson!)
  * Remove support for Python 3.4

==== python-more-itertools ====
Version update (8.7.0 -> 8.8.0)

- update to 8.8.0:
  * :func:`countable` (thanks to krzysieq)
  * :func:`split_before` was updated to handle empy collections (thanks to TiunovNN)
  * :func:`unique_everseen` got a performance boost (thanks to Numerlor)
  * The type hint for :func:`value_chain` was corrected (thanks to vr2262)
- %check: use %pyunittest rpm macro

==== python-oauthlib ====
Version update (3.1.0 -> 3.1.1)

- update to 3.1.1:
  * #753: Fix acceptance of valid IPv6 addresses in URI validation
  * #730: Base OAuth2 Client now has a consistent way of managing the `scope`: it consistently
    relies on the `scope` provided in the constructor if any, except if overridden temporarily
    in a method call. Note that in particular providing a non-None `scope` in
    `prepare_authorization_request` or `prepare_refresh_token` does not override anymore
    `self.scope` forever, it is just used temporarily.
  * #726: MobileApplicationClient.prepare_request_uri and MobileApplicationClient.parse_request_uri_response,
    ServiceApplicationClient.prepare_request_body,
    and WebApplicationClient.prepare_request_uri now correctly use the default `scope` provided in
    constructor.
  * #725: LegacyApplicationClient.prepare_request_body now correctly uses the default `scope` provided in constructor
  * #711: client_credentials grant: fix log message
  * #746: OpenID Connect Hybrid - fix nonce not passed to add_id_token
  * #756: Different prompt values are now handled according to spec (e.g. prompt=none)
  * #759: OpenID Connect - fix Authorization: Basic parsing
  * #716: improved skeleton validator for public vs private client
  * #720: replace mock library with standard unittest.mock
  * #727: build isort integration
  * #734: python2 code removal
  * #735, #750: add python3.8 support
  * #749: bump minimum versions of pyjwt and cryptography
- drop o_switch_to_unitest_mock.patch (upstream)

==== python38 ====

- allow building against sphinx 3.x+
- Stop providing "python" symbol (bsc#1185588), which means
  python2 currently.

==== python38-core ====
Subpackages: libpython3_8-1_0 python38-base

- allow building against sphinx 3.x+
- Stop providing "python" symbol (bsc#1185588), which means
  python2 currently.

==== setools ====

- Fix dependency of python3-setools: require python3, not python
  (which is python2).

==== u-boot-rpiarm64 ====
Subpackages: u-boot-rpiarm64-doc

Fix Ethernet PHY initialization on OdroidC2 (boo#1187095)
  Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.04
  * Patches added:
  0015-arm64-dts-meson-odroidc2-readd-PHY-.patch