Packages changed:
  apparmor
  branding-openSUSE
  cri-o (1.18.2 -> 1.18.3)
  haproxy (2.2.0+git0.3a00c915f -> 2.2.1+git0.0ef71a557)
  ima-evm-utils (1.2.1 -> 1.3)
  libedit
  patterns-base
  perl-Bootloader (0.929 -> 0.931)
  python-rpm-macros (20200701.9f5a2f6 -> 20200714.252de1f)
  python38-core (3.8.3 -> 3.8.4)
  read-only-root-fs
  sysconfig (0.85.4 -> 0.85.5)

=== Details ===

==== apparmor ====
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils perl-apparmor python3-apparmor

- add abstractions-X-xauth-mr582.diff to allow reading the xauth file
  from its new sddm location (boo#1174290, boo#1174293)

==== branding-openSUSE ====
Subpackages: grub2-branding-openSUSE

- Stop building grub2-branding-openSUSE for Power architectures [boo#1171146]

==== cri-o ====
Version update (1.18.2 -> 1.18.3)
Subpackages: cri-o-kubeadm-criconfig

- Update to version 1.18.3:
  - Fix a bug where a sudden reboot causes incomplete image writes.
    This could cause image storage to be corrupted, resulting in an
    error layer not known.
  - Fixed bug where pod names would sometimes leak on creation,
    causing the kubelet to fail to recreate
  - If conmon is v2.0.19 or greater, ExecSync requests will not
    double fork, causing systemd to have fewer conmons re-parented
    to it

==== haproxy ====
Version update (2.2.0+git0.3a00c915f -> 2.2.1+git0.0ef71a557)

- Update to version 2.2.1+git0.0ef71a557:
  * [RELEASE] Released version 2.2.1
  * BUG/MEDIUM: http-ana: Only set CF_EXPECT_MORE flag on data filtering
  * BUG/MEDIUM: stream-int: Don't set MSG_MORE flag if no more data are expected
  * BUG/MINOR: htx: add two missing HTX_FL_EOI and remove an unexpected one
  * MEDIUM: htx: Add a flag on a HTX message when no more data are expected
  * BUG/MEDIUM: dns: Release answer items when a DNS resolution is freed
  * BUG/MAJOR: dns: Make the do-resolve action thread-safe
  * BUG/MAJOR: tasks: don't requeue global tasks into the local queue
  * BUG/MEDIUM: resolve: fix init resolving for ring and peers section.
  * BUG/MEDIUM: arg: empty args list must be dropped
  * DOC: ssl: req_ssl_sni needs implicit TLS
  * BUILD: config: fix again bugs gcc warnings on calloc
  * BUG/MAJOR: tasks: make sure to always lock the shared wait queue if needed
  * BUILD: config: address build warning on raspbian+rpi4
  * BUG/MEDIUM: channel: Be aware of SHUTW_NOW flag when output data are peeked
  * BUG/MEDIUM: server: fix possibly uninitialized state file on close
  * BUG/MEDIUM: server: resolve state file handle leak on reload
  * BUG/MEDIUM: fcgi-app: fix memory leak in fcgi_flt_http_headers
  * BUG/MEDIUM: log: issue mixing sampled to not sampled log servers.
  * BUG/MINOR: mux-fcgi: Set flags on the right stream field for empty FCGI_STDOUT
  * BUG/MINOR: mux-fcgi: Set conn state to RECORD_P when skipping the record padding
  * BUG/MINOR: mux-fcgi: Handle empty STDERR record
  * BUG/MEDIUM: mux-h1: Continue to process request when switching in tunnel mode
  * BUG/MEDIUM: mux-fcgi: Don't add private connections in available connection list
  * BUG/MEDIUM: mux-h2: Don't add private connections in available connection list
  * CONTRIB: da: fix memory leak in dummy function da_atlas_open()
  * BUG/MEDIUM: lists: add missing store barrier in MT_LIST_ADD/MT_LIST_ADDQ
  * BUG/MEDIUM: lists: add missing store barrier on MT_LIST_BEHEAD()
  * BUG/MINOR: sample: Free str.area in smp_check_const_meth
  * BUG/MINOR: sample: Free str.area in smp_check_const_bool

==== ima-evm-utils ====
Version update (1.2.1 -> 1.3)

- Use %autosetup -p1
- Remove suse_version check for tpm2-0-tss-devel as the package is available
  for back as far as SLE 12 SP2 and respective openSUSE versions (also check
  was wrong, should have been 1500).
- Fixes from previous SR (reported by fvogt):
  * Move ibmtss runtime dependency to evmctl package
  * Remove dependencies to devel package (should not be needed)
- Update to version 1.3
  version 1.3 new features:
  * NEW ima-evm-utils regression test infrastructure with two initial
  tests:
  - ima_hash.test: calculate/verify different crypto hash algorithms
  - sign_verify.test: EVM and IMA sign/verify signature tests
  * TPM 2.0 support
  - Calculate the new per TPM 2.0 bank template data digest
  - Support original padding the SHA1 template data digest
  - Compare ALL the re-calculated TPM 2.0 bank PCRs against the
  TPM 2.0 bank PCR values
  - Calculate the per TPM bank "boot_aggregate" values, including
  PCRs 8 & 9 in calculation
  - Support reading the per TPM 2.0 Bank PCRs using Intel's TSS
  - boot_aggregate.test: compare the calculated "boot_aggregate"
  values with the "boot_aggregate" value included in the IMA
  measurement.
  * TPM 1.2 support
  - Additionally support reading the TPM 1.2 PCRs from a supplied file
  ("--pcrs" option)
  * Based on original IMA LTP and standalone version support
  - Calculate the TPM 1.2 "boot_aggregate" based on the exported
  TPM 1.2 BIOS event log.
  - In addition to verifying the IMA measurement list against the
  the TPM PCRs, verify the IMA template data digest against the
  template data.  (Based on LTP "--verify" option.)
  - Ignore file measurement violations while verifying the IMA
  measurment list. (Based on LTP "--validate" option.)
  - Verify the file data signature included in the measurement list
  based on the file hash also included in the measurement list
  (--verify-sig)
  - Support original "ima" template (mixed templates not supported)
  * Support "sm3" crypto name
  Bug fixes and code cleanup:
  * Don't exit with -1 on failure, exit with 125
  * On signature verification failure, include pathname.
  * Provide minimal hash_info.h file in case one doesn't exist, needed
  by the ima-evm-utils regression tests.
  * On systems with TPM 1.2, skip "boot_aggregate.test" using sample logs
  * Fix hash_algo type comparison mismatch
  * Simplify/clean up code
  * Address compiler complaints and failures
  * Fix memory allocations and leaks
  * Sanity check provided input files are regular files
  * Revert making "tsspcrread" a compile build time decision.
  * Limit additional messages based on log level (-v)
- Add patch 0001-pcr_tss-Fix-compilation-for-old-compilers.patch
- Upstream bumped soname to 2.0.0
- Add tpm2-0-tss-devel for Tumbleweed as build dependency, for the rest ibmtss
  as runtime dependency (needed for for reading PCR in ima_boot_aggregate cmd;
  better to use libtss2-esys and libtss2-rc than require tsspcrread binary in
  runtime, but tpm2-0-tss-devel is available only for Tumbleweed) + the same
  logic as runtime dependency for devel package
- Mark COPYING as %license

==== libedit ====

- autoreconf already runs libtoolize no need to run twice

==== patterns-base ====
Subpackages: patterns-base-apparmor patterns-base-base patterns-base-bootloader patterns-base-minimal_base

- Stop trying to install grub2-branding on ppc64/ppc64le [boo#1171146]

==== perl-Bootloader ====
Version update (0.929 -> 0.931)

- merge gh#openSUSE/perl-bootloader#129
- Check tpm.mod in the new grub2 directory (bsc#1174320)
- 0.931
- merge gh#openSUSE/perl-bootloader#130
- Throw less warnings about fstab
- 0.930

==== python-rpm-macros ====
Version update (20200701.9f5a2f6 -> 20200714.252de1f)

- Update to version 20200714.252de1f:
  * Add pyunittest and pyunittest_arch macros

==== python38-core ====
Version update (3.8.3 -> 3.8.4)

- Minor spec file fixes
- Fix minor issues found in the staging.
- Update to 3.8.4:
  - Assignment expressions (PEP-572)
  - Positional-only parameters (PEP-570)
  - Parallel filesystem cache for compiled bytecode files
    (PYTHONPYCACHEPREFIX variable)
  - Debug build uses the same ABI as release build
  - f-strings support = for self-documenting expressions
    and debugging
  - Python Runtime Audit Hooks (PEP-578)
  - Python Initialization Configuration (PEP-587)
  - Vectorcall: a fast calling protocol for CPython (PEP-590)
  - Pickle protocol 5 with out-of-band data buffers (PEP-574)
  - Many other smaller bug fixes
- Removed OBS_dev-shm.patch: contained in upstream
- Removed bpo40784-Fix-sqlite3-deterministic-test.patch:
  contained in upstream
- Changed bpo-31046_ensurepip_honours_prefix.patch: to be
  compatible with new version
- Fix %py3_compile being incorrectly defined
- Update pre_checkin.sh and regenerate
- Convert few dependencies to their pkgconfig counterparts
- Remove release requirement on libpython, it is not really needed
  to be equal as the abi changes with versions
- Add provides python3-bla on all the subpkgs in case we are
  primary provider of the functionality
- Remove unversioned files from devel subpkg too
- Remove main python3 files from -base based whether we are
  primary interpreter or not
- Fix idle to be co-installable
- Add condition to be primary to provide/obsolete python3-*
- Fix doc to build in versioned folder so the pythons can be
  installed next to each other
- Revert the full versioning of calls on the macros. These
  are generic so they should really just call python3 X
- For the doc package we can build with generic flavor, we don't
  need the our-interpreter based one
- Add provides for pytohn3X-typing/etc to allow BR on those still
  to work when needed
- Change macros.python3 to use full versioned 3.8 instead of just 3
  for python interpreter

==== read-only-root-fs ====

- Use file requires, add sed

==== sysconfig ====
Version update (0.85.4 -> 0.85.5)
Subpackages: sysconfig-netconfig

- version 0.85.5
- spec: Fix Requires, use file requires
  (https://github.com/openSUSE/sysconfig/pull/25)
- ntp: call chrony helper in background (bsc#1173391)