Packages changed:
  clucene-core
  cmake
  ffmpeg (3.4.1 -> 3.4.2)
  gnome-software (3.26.5 -> 3.26.6)
  ilmbase (2.2.0 -> 2.2.1)
  libreoffice (6.0.0.3 -> 6.0.1.1)
  mbedtls (2.6.0 -> 2.7.0)
  multipath-tools
  ncurses
  openexr (2.2.0 -> 2.2.1)
  patterns-server
  perl-DBD-Pg (3.5.3 -> 3.7.4)
  perl-IO-Socket-SSL (2.052 -> 2.054)
  python-urllib3
  rdesktop
  ripit
  sg3_utils
  skopeo
  speech-dispatcher (0.8.7 -> 0.8.8)

=== Details ===

==== clucene-core ====
Subpackages: clucene-core-devel libclucene-contribs-lib1 libclucene-core1 libclucene-shared1

- Add patch clucene-new-gcc.patch to fix visibility issues
- Use %cmake macros
- Remove few obsolete codepaths

==== cmake ====

- c17-default.patch: Add support for C17 default in GCC 8

==== ffmpeg ====
Version update (3.4.1 -> 3.4.2)
Subpackages: libavcodec-devel libavcodec57 libavdevice57 libavfilter6 libavformat57 libavresample-devel libavresample3 libavutil-devel libavutil55 libpostproc54 libswresample-devel libswresample2 libswscale-devel libswscale4

- Update to new bugfix release 3.4.2
  * Fix integer overflows, multiplication overflows, undefined
    shifts, and verify buffer lengths.
  * avfilter/vf_transpose: Fix used plane count
    [boo#1078488, CVE-2018-6392]
  * avcodec/utvideodec: Fix bytes left check in decode_frame()
    [boo#1079368, CVE-2018-6621]
- Enable use of libzvbi for displaying teletext subtitles.
- Fixed a DoS in swri_audio_convert(), added cve-2017-17555.diff
  [boo#1072366, CVE-2017-17555].

==== gnome-software ====
Version update (3.26.5 -> 3.26.6)
Subpackages: gnome-software-lang

- Update to version 3.26.6:
  + Improve alignment on the updates page.
  + Do not show missing screenshot error for fonts that have
    screenshots.
  + Fixes for third party repository handling in the sources
    dialog.
  + Fix various issues on Ubuntu when purchasing apps.
  + Fix building with gtkspell support.
  + Fix an issue that led to duplicate categories appearing on the
    overview page.
  + Various memory leak and correctness fixes.
  + Show package descriptions when installing packages through the
    dbus API.
  + Revert a commit that broke repo package install.
  + Updated translations.
- Pass enable-gtkspell=true to meson, ensure we build gtkspell
  support.

==== ilmbase ====
Version update (2.2.0 -> 2.2.1)

- fix license of halfExport.h [bsc#774408]
  + ilmbase-halfExport.h-license.patch
- Update keyring and set keyring URL
- Update to version 2.2.1
  * Bumped version to track OpenEXR
- bump sonum and macroify it
- cleanup with spec-cleaner

==== libreoffice ====
Version update (6.0.0.3 -> 6.0.1.1)
Subpackages: libreoffice-base libreoffice-base-drivers-mysql libreoffice-branding-upstream libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-kde4 libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-writer libreofficekit

- Make sure we execute everything with python3
  * 0001-Use-PYTHON_FOR_BUILD-instead-of-calling-python-direc.patch
- Bump version of bundled gpgme to 1.9.0
- Version update to 6.0.1.1:
  * various fixes all around
  * Fixes data exposure bsc#1080249 CVE-2018-1055 CVE-2018-6871
- Bump the version of libgpg-error
- Drop the libreoffice-poppler-0.62.patch merged upstream

==== mbedtls ====
Version update (2.6.0 -> 2.7.0)
Subpackages: libmbedtls10 libmbedx509-0 mbedtls-devel

- Update to version 2.7.0:
  - Security
  * Fix a heap corruption issue in the implementation of the truncated HMAC
    extension. When the truncated HMAC extension is enabled and CBC is used,
    sending a malicious application packet could be used to selectively corrupt
    6 bytes on the peer's heap, which could potentially lead to crash or remote
    code execution. The issue could be triggered remotely from either side in
    both TLS and DTLS. (CVE-2018-0488 boo#1080828)
  * Fix a buffer overflow in RSA-PSS verification when the hash was too large
    for the key size, which could potentially lead to crash or remote code
    execution. Found by Seth Terashima, Qualcomm Product Security Initiative,
    Qualcomm Technologies Inc. (CVE-2018-0487 boo#1080826)
  * Fix buffer overflow in RSA-PSS verification when the unmasked data is all
    zeros.
  * Fix an unsafe bounds check in ssl_parse_client_psk_identity() when adding
    64 KiB to the address of the SSL buffer and causing a wrap around.
  * Fix a potential heap buffer overflow in mbedtls_ssl_write(). When the (by
    default enabled) maximum fragment length extension is disabled in the
    config and the application data buffer passed to mbedtls_ssl_write
    is larger than the internal message buffer (16384 bytes by default), the
    latter overflows.
  * Add a provision to prevent compiler optimizations breaking the time
    constancy of mbedtls_ssl_safer_memcmp().
  * Ensure that buffers are cleared after use if they contain sensitive data.
    Changes were introduced in multiple places in the library.
  * Set PEM buffer to zero before freeing it, to avoid decoded private keys
    being leaked to memory after release.
  * Fix dhm_check_range() failing to detect trivial subgroups and potentially
    leaking 1 bit of the private key. Reported by prashantkspatil.
  * Make mbedtls_mpi_read_binary() constant-time with respect to the input
    data. Previously, trailing zero bytes were detected and omitted for the
    sake of saving memory, but potentially leading to slight timing
    differences. Reported by Marco Macchetti, Kudelski Group.
  * Wipe stack buffer temporarily holding EC private exponent
    after keypair generation.
  * Fix a potential heap buffer over-read in ALPN extension parsing
    (server-side). Could result in application crash, but only if an ALPN
    name larger than 16 bytes had been configured on the server.
  * Change default choice of DHE parameters from untrustworthy RFC 5114
    to RFC 3526 containing parameters generated in a nothing-up-my-sleeve
    manner.
  - Features
  * Add alternative implementation support for CCM and CMAC (MBEDTLS_CCM_ALT,
    MBEDTLS_CMAC_ALT). Submitted by Steven Cooreman, Silicon Labs.
  * Add support for alternative implementations of GCM, selected by the
    configuration flag MBEDTLS_GCM_ALT.
  * Add support for alternative implementations for ECDSA, controlled by new
    configuration flags MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and
    MBEDTLS_ECDSDA_GENKEY_AT in config.h.
    The following functions from the ECDSA module can be replaced
    with alternative implementation:
    mbedtls_ecdsa_sign(), mbedtls_ecdsa_verify() and mbedtls_ecdsa_genkey().
  * Add support for alternative implementation of ECDH, controlled by the
    new configuration flags MBEDTLS_ECDH_COMPUTE_SHARED_ALT and
    MBEDTLS_ECDH_GEN_PUBLIC_ALT in config.h.
    The following functions from the ECDH module can be replaced
    with an alternative implementation:
    mbedtls_ecdh_gen_public() and mbedtls_ecdh_compute_shared().
  * Add support for alternative implementation of ECJPAKE, controlled by
    the new configuration flag MBEDTLS_ECJPAKE_ALT.
  * Add mechanism to provide alternative implementation of the DHM module.
  - API changes
  * Extend RSA interface by multiple functions allowing structure-
    independent setup and export of RSA contexts. Most notably,
    mbedtls_rsa_import() and mbedtls_rsa_complete() are introduced for setting
    up RSA contexts from partial key material and having them completed to the
    needs of the implementation automatically. This allows to setup private RSA
    contexts from keys consisting of N,D,E only, even if P,Q are needed for the
    purpose or CRT and/or blinding.
  * The configuration option MBEDTLS_RSA_ALT can be used to define alternative
    implementations of the RSA interface declared in rsa.h.
  * The following functions in the message digest modules (MD2, MD4, MD5,
    SHA1, SHA256, SHA512) have been deprecated and replaced as shown below.
    The new functions change the return type from void to int to allow
    returning error codes when using MBEDTLS_<MODULE>_ALT.
    mbedtls_<MODULE>_starts() -> mbedtls_<MODULE>_starts_ret()
    mbedtls_<MODULE>_update() -> mbedtls_<MODULE>_update_ret()
    mbedtls_<MODULE>_finish() -> mbedtls_<MODULE>_finish_ret()
    mbedtls_<MODULE>_process() -> mbedtls_internal_<MODULE>_process()
  - Deprecations
  * Deprecate usage of RSA primitives with non-matching key-type
    (e.g. signing with a public key).
  * Direct manipulation of structure fields of RSA contexts is deprecated.
    Users are advised to use the extended RSA API instead.
  * Deprecate usage of message digest functions that return void
    (mbedtls_<MODULE>_starts, mbedtls_<MODULE>_update,
    mbedtls_<MODULE>_finish and mbedtls_<MODULE>_process where <MODULE> is
    any of MD2, MD4, MD5, SHA1, SHA256, SHA512) in favor of functions
    that can return an error code.
  * Deprecate untrustworthy DHE parameters from RFC 5114. Superseded by
    parameters from RFC 3526 or the newly added parameters from RFC 7919.
  * Deprecate hex string DHE constants MBEDTLS_DHM_RFC3526_MODP_2048_P etc.
    Supserseded by binary encoded constants MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN
    etc.
  * Deprecate mbedtls_ssl_conf_dh_param() for setting default DHE parameters
    from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin()
    accepting DHM parameters in binary form, matching the new constants.
  - Several bug fixes

==== multipath-tools ====
Subpackages: kpartx multipath-tools-rbd

- Fix whitespace in dracut conf file (bsc#1080562)

==== ncurses ====
Subpackages: libncurses6 ncurses-devel ncurses-utils tack terminfo terminfo-base

- Add ncurses patch 6.1-20180203
  + minor fixes to test/*.h to make them idempotent.
  + add/use test/parse_rgb.h to show how the "RGB" capability works.
  + add a clarification in user_caps.5 regarding "RGB" capability.
  + add extended_slk_color{,_sp} symbols to the appropriate
    package/*.{map,sym} files (report by Sven Joachim, cf: 20170401).

==== openexr ====
Version update (2.2.0 -> 2.2.1)

- Update to 2.2.1
  * Fix reported OpenEXR security vulnerabilities: CVE-2017-9110,
    CVE-2017-9111, CVE-2017-9112, CVE-2017-9113, CVE-2017-9114,
    CVE-2017-9115 and CVE-2017-9116
- pgajdos@suse.com: but really seem to fix only:
  CVE-2017-9110 [bsc#1040107], CVE-2017-9114 [bsc#1040114],
  CVE-2017-9116 [bsc#1040116], CVE-2017-12596 [bsc#1052522]; for
  the rest of issues see [bsc#1040109], [bsc#1040112],
  [bsc#1040113], [bsc#1040114], [bsc#1040115], and [bsc#1061305]

==== patterns-server ====
Subpackages: patterns-server-dhcp_dns_server patterns-server-directory_server patterns-server-file_server patterns-server-gateway_server patterns-server-kvm_server patterns-server-lamp_server patterns-server-mail_server patterns-server-print_server patterns-server-xen_server

- Recommend php7 variants by the lamp pattern (boo#1081072).

==== perl-DBD-Pg ====
Version update (3.5.3 -> 3.7.4)

- updated to 3.7.4
  see /usr/share/doc/packages/perl-DBD-Pg/Changes
- updated to 3.7.1
  see /usr/share/doc/packages/perl-DBD-Pg/Changes
  Version 3.7.1  Released February 11, 2017 (git tag 3.7.1)
  - Fixed problem when using placeholders and escaped question marks, the recopied string
    was not terminated correctly.
    [Greg Sabino Mullane]
    (Github issue #33)
  - Make sure nulls in our self-generated arrays are not set as read-only in some Perls.
    [Greg Sabino Mullane]
    (CPAN ticket #107556)
  - If the server returns no error message, and an "unknown" code from libpq, supply a custom
    message mentioning client_min_messages may be to blame.
    [Greg Sabino Mullane]
    (CPAN ticket #109591)
  - Declare VERSION with 'our' in seldom-used Bundle module
    (CPAN ticket #123218)
- updated to 3.7.0
  see /usr/share/doc/packages/perl-DBD-Pg/Changes
  Version 3.7.0  Released September 24, 2017 (git tag 3.7.0)
  - If no placeholders, use PQexec instead of PQexecParams
    [Greg Sabino Mullane]
  - Fix running tests with non-UTF8 server_encoding
    [Dagfinn Ilmari Manns�ker]
    (Github issue #26)
  - Fix crash with missing client_encoding
    [David Christensen, reported by Marko Tiikkaja]
    (Github issue #29)
  - Fix crash with missing server_version
    [David Christensen]
  - Fix leak in ->state methods
    [Dagfinn Ilmari Manns�ker]
    (Github issue #30)
  - Add $sth->{pg_async_status} to determine async status of a statement handle.
    Values can be 0 (no async), 1 (async), or -1 (cancelled)
    [Greg Sabino Mullane, as requested by Dmytro Zagashev (ZDM)]
    (CPAN ticket #116172)
  Version 3.6.2  Released May 23, 2017 (git tag 3.6.2)
  - Remove errant debugging aid from test suite
  Version 3.6.1  Released May 22, 2017 (git tag 3.6.1)
  - Various fixes to support testing against Postgres 10beta
    [David Christensen]
  Version 3.6.0  Released April 17, 2017 (git tag 3.6.0)
  - Make sure we do not inadvertently modify the string passed to prepare() when
    doing the new backslash escape manipulation.
    [Greg Sabino Mullane]
    (CPAN ticket #114000)
  - Fix bug where $DBD::Pg::DBDPG_DEFAULT not picked up as a magic
    string first time it is used in a script.
    [Greg Sabino Mullane]
    (CPAN ticket #112309)
  - Fix UTF8 flag handling in pg_(get|put)copydata
    [Dagfinn Ilmari Manns�ker]
  - Fix UTF8 double-encoding with pg_enable_utf8 = 0
    [Serge Pushkin]
    (CPAN ticket #103137)
  - Fix bug in quote_name which would fail to quote in some circumstances
    (Github Issue #22)
  - Allow clean parsing of new Postgres X.Y version format
    [Erik Rijkers    er at xs4all.nl]
  - Add pg_canonical_ids() and pg_canonical_names(), which returns information
    about each column in the result set.
    [Warstone    warstone at list.ru]
    (CPAN ticket #106858)
  - Map SQL_NUMERIC to PG_NUMERIC (instead of PG_FLOAT8)
    [Alice Maz    alice at alizemaz.com]
    (CPAN ticket #120358)
  - Force real, float, and double precision into SvNVs
    [Greg Sabino Mullane]
    (CPAN ticket #113683 and other places)
  - Support for number of rows greater than an "int". Requires support for same
    from a future version of libpq before it will work completely.
    [Greg Sabino Mullane]
    (CPAN ticket #102444)
  - Fix skipped test counts in Win32 builds
    [Andy Grundman]
  - Allow tests to work against Postgres 8.4 by tweaking client_encoding calls.
    [Pavel Raiskup    praiskup at redhat.com]
    (CPAN ticket #116179)
  - Silence warnings in t/02attribs.t and t/04misc.t
    [Dagfinn Ilmari Manns�ker]
  - Support binary COPY format
    [Dagfinn Ilmari Manns�ker]
  - Ensure tests do not use $ENV{PGSERVICE} or $ENV{PGDATABASE}
    [Erik Rijkers]
  - Switched canonical repo to git://github.com/bucardo/dbdpg.git

==== perl-IO-Socket-SSL ====
Version update (2.052 -> 2.054)

- ignore Mozilla::CA
- updated to 2.054
  see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
  2.054 2018/01/22
  - added missing test certificates to MANIFEST
  2.053 2018/01/21
  - small behavior fixes
  - if SSL_fingerprint is used and matches don't check for OCSP
  - Utils::CERT_create - small fixes to properly specific purpose, ability to
    use predefined complex purpose but disable some features
  - update PublicSuffix
  - updates for documentation, especially regarding pitfalls with forking or using
    non-blocking sockets. Spelling fixes.
  - test fixes and improvements
  - stability improvements for live tests
  - regenerate certificate in certs/ and make sure they are limited to the
    correct purpose. Checkin program used to generate certificates.
  - adjust tests since certificates have changed and some tests used
    certificates intended for client authentication as server certificates,
    which now no longer works

==== python-urllib3 ====

- disable more flaky tests specifically for PowerPC

==== rdesktop ====

- Added rdesktop-Fix-key-caching.patch
  backport of https://github.com/rdesktop/rdesktop/commit/a3dfceefc2c729243b71270e3f503fa2dd57ec8d

==== ripit ====

- use wikipedia URL, as the original domain is no longer valid
- added ripit-4.0.0-undefined_variables.patch to avoid errors if the
  user is using an old config file which does not define some variables
- added ripit-man-spellfix.patch from Debian which contains some
  spell fixes for the man page
- rebased ripit-3.9.0-ogg.patch
- use Productivity/Multimedia/CD/Grabbers as RPM group

==== sg3_utils ====
Subpackages: libsgutils2-1_43-2

- dracut.conf: add whitespace at end of line (bsc#1080562)

==== skopeo ====

- Add requirement on libcontainers-common, which now provides the
  /etc/containers/policy.json config.

==== speech-dispatcher ====
Version update (0.8.7 -> 0.8.8)
Subpackages: libspeechd-devel libspeechd2 python3-speechd speech-dispatcher-configure speech-dispatcher-module-espeak

- Update to version 0.8.8
  * Add German translation, thanks to Chris Leick for the patch
  * Fix some spelling mistakes, thanks to Paul Gevers for the patch
  * Some slight code improvements