Packages changed:
  MozillaFirefox (66.0.5 -> 67.0)
  kernel-firmware (20190502 -> 20190514)
  opus (1.3 -> 1.3.1)
  pipewire (0.2.5 -> 0.2.6)
  polkit-default-privs (13.2+20190520.a67a2af -> 13.2+20190523.efe368f)
  python-kiwi (9.17.37 -> 9.17.39)
  python-pexpect (4.6.0 -> 4.7.0)
  python-pyasn1-modules (0.2.4 -> 0.2.5)
  python-requests (2.21.0 -> 2.22.0)
  ruby2.6
  spandsp
  webkit2gtk3 (2.24.1 -> 2.24.2)
  wireshark (3.0.1 -> 3.0.2)
  yast2-add-on (4.1.11 -> 4.1.12)

=== Details ===

==== MozillaFirefox ====
Version update (66.0.5 -> 67.0)
Subpackages: MozillaFirefox-translations-common

- Mozilla Firefox 67.0
  * Firefox 67 will be able to run different Firefox installs side by side
    https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per-install-architecture/
  * Tabs can now be pinned from the Page Actions menu in the address bar
  * Users can block known cryptominers and fingerprinters in the
    Custom settings or their Content Blocking preferences
  * The Import Data from Another Browser feature is now also available
    from the File menu
  * Firefox will now protect you against running older versions which
    can lead to data corruption and stability issues
  * Easier access to your list of saved logins from the main menu and
    login autocomplete
  * We?ve added a toolbar menu for your Firefox Account to provide more
    transparency for when you are synced, sharing data across devices
    and with Firefox. Personalize the appearance of the menu with your
    own avatar
  * Enable FIDO U2F API, and permit registrations for Google Accounts
  * Enabled AV1 support on Linux
  MFSA 2019-13 (boo#1135824)
  * CVE-2019-9815 (bmo#1546544)
    Disable hyperthreading on content JavaScript threads on macOS
  * CVE-2019-9816 (bmo#1536768)
    Type confusion with object groups and UnboxedObjects
  * CVE-2019-9817 (bmo#1540221)
    Stealing of cross-domain images using canvas
  * CVE-2019-9818 (bmo#1542581) (Windows only)
    Use-after-free in crash generation server
  * CVE-2019-9819 (bmo#1532553)
    Compartment mismatch with fetch API
  * CVE-2019-9820 (bmo#1536405)
    Use-after-free of ChromeEventHandler by DocShell
  * CVE-2019-9821 (bmo#1539125)
    Use-after-free in AssertWorkerThread
  * CVE-2019-11691 (bmo#1542465)
    Use-after-free in XMLHttpRequest
  * CVE-2019-11692 (bmo#1544670)
    Use-after-free removing listeners in the event listener manager
  * CVE-2019-11693 (bmo#1532525)
    Buffer overflow in WebGL bufferdata on Linux
  * CVE-2019-7317 (bmo#1542829)
    Use-after-free in png_image_free of libpng library
  * CVE-2019-11694 (bmo#1534196) (Windows only)
    Uninitialized memory memory leakage in Windows sandbox
  * CVE-2019-11695 (bmo#1445844)
    Custom cursor can render over user interface outside of web content
  * CVE-2019-11696 (bmo#1392955)
    Java web start .JNLP files are not recognized as executable files
    for download prompts
  * CVE-2019-11697 (bmo#1440079)
    Pressing key combinations can bypass installation prompt delays and
    install extensions
  * CVE-2019-11698 (bmo#1543191)
    Theft of user history data through drag and drop of hyperlinks
    to and from bookmarks
  * CVE-2019-11700 (bmo#1549833) (Windows only)
    res: protocol can be used to open known local files
  * CVE-2019-11699 (bmo#1528939)
    Incorrect domain name highlighting during page navigation
  * CVE-2019-11701 (bmo#1518627)
    webcal: protocol default handler loads vulnerable web page
  * CVE-2019-9814 (bmo#1527592, bmo#1534536, bmo#1520132, bmo#1543159,
    bmo#1539393, bmo#1459932, bmo#1459182, bmo#1516425)
    Memory safety bugs fixed in Firefox 67
  * CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136,
    bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108,
    bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097,
    bmo#1532465, bmo#1533554, bmo#1541580)
    Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
- requires
  * rust/cargo >= 1.32
  * mozilla-nspr >= 4.21
  * mozilla-nss >= 3.43
  * rust-cbindgen >= 0.8.2
- rebased patches
- KDE integration for default browser detection is broken in this revision
- Fix armv7 build with:
  * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch

==== kernel-firmware ====
Version update (20190502 -> 20190514)
Subpackages: ucode-amd

- Update to version 20190514:
  * linux-firmware: Update firmware file for Intel Bluetooth 8265
  * linux-firmware: Update firmware file for Intel Bluetooth 9260
  * linux-firmware: Update firmware file for Intel Bluetooth 9560
  * linux-firmware: Update firmware file for Intel Bluetooth 22161
  * amlogic: add video decoder firmwares
  * iwlwifi: update -46 firmwares for 22260 and 9000 series
  * iwlwifi: add firmware for 22260 and update 9000 series -46 firmwares
  * iwlwifi: add -46.ucode firmwares for 9000 series

==== opus ====
Version update (1.3 -> 1.3.1)

- Update to version 1.3.1
  * This release fixes an issue with the analysis on files with
    digital silence (all zeros), especially on x87 builds
    (mostly affects 32-bit builds).
  * Two new features:
    + A new OPUS_GET_IN_DTX query to know if the encoder is in
    DTX mode (last frame was either a comfort noise frame or
    not encoded at all)
    + A new (and still experimental) CMake-based build system
    that is eventually meant to replace the VS2015 build
    system (the autotools one will stay).

==== pipewire ====
Version update (0.2.5 -> 0.2.6)
Subpackages: libpipewire-0_2-1 pipewire-modules pipewire-spa-plugins pipewire-spa-tools pipewire-tools

- Update to version 0.2.6:
  + Improve error checking for threads.
  + Fix some memory and fd leaks.
  + Fix compilation with C++ compilers and clang.
  + DISABLE_RTKIT should now not try to use dbus at all.
  + Camera Portal fixes:
  - add Camera media.role.
  - Rename module-flatpak to module-portal.
  - Use the portal permissions store for camera checks.
  + Actually use the passed fd in pipewiresrc.
  + Make properties with "pipewire." prefix read-only.
  + Add security label to client object.
  + Enforce link permissions.
  + Permissions of objects are now combined with parent
    permissions.
  + Remove libv4l2 dependency, it is not used.
  + Improve format negotiation in autolink #146.
  + Try to avoid list corruption with event emmission #143.
  + Fix destroy of client-node memory corruption.
  + Various small improvements.
- Remove pkgconfig(libv4l2) BuildRequires: follow upstreams cleanup
  of build dependencies.
- Drop avoid-invalid-conversion-error-with-C++.patch: fixed
  upstream.

==== polkit-default-privs ====
Version update (13.2+20190520.a67a2af -> 13.2+20190523.efe368f)

- Update to version 13.2+20190523.efe368f:
  * polkit profiles: whitelist lightdm-gtk-greeter-settings (bsc#1135695)

==== python-kiwi ====
Version update (9.17.37 -> 9.17.39)

- Bump version: 9.17.38 ? 9.17.39
- Update obs docs per review by Tom
- Disable check-valid-until with repository_gpgcheck
  This commit is two fold:
  * From one side fixes a wrong use of the `trusted` option for
  apt repositories. `trusted=no` does not force to run the gpg checks
  it just forces the repository to be considered untrusted regardless
  the result of the security checks.
  * From the other side it disables the option `check-valid-until` in
  case gpg checks are disabled using the `repository_gpgcheck`. It
  works at repository level. This enables using unmaintained or
  expired repositories for the build.
  Fixes #1028
- Simplify shell pipe expression with shell builtin
  Replace "echo $var | sed ..." expression with ${var//SEARCH/REPLACE}
  shell builtin as suggested by Codacy
- Make mediacheck runtime check arch independent
  The check_mediacheck_only_for_x86_arch runtime check fails on
  non x86 architectures but the tagmedia toolchain exists independent
  of the platform architecture. This Fixes #1091
- Set home as protected path
  Along with adding home to the protection list, cleanup
  the prepare instance cleanup code in a way that it only
  runs if a root_bind object exists which needs to call
  its cleanup path
- Extend docs about building multiple profiles on OBS
- Remove FIXME from the runtime configuration file example
- Improve the documentation about building in the Build Service
  Co-Authored-By: Thomas Schraitle <tom_schr@web.de>
- Turn sphinx warnings into errors
  Modify the sphinx Makefile to treat warnings
  like undefined references as errors
- kiwi-live-lib: mount live ISO as read-only
  During the boot process of a live image, dracut shows this WARNING:
  dracut-initqueue: mount: /run/initramfs/live: WARNING: device write-protected, mounted read-only
  This is not a problem, as the live ISO image is, indeed, read-only.
  This patch fix this cosmetic issue being explicit in the mount
  options in `mountIso` function.
- Call isolinux-config only on supported archs
- Discard default dependencies for sysroot.mount
  This commit makes default dependencies from sysroot.mount to be
  explicitly omitted. This fixes potential inconsistencies in
  ordering pre-mount.service with local-fs.target. This change is
  also applied to upstream sysroot.mount generator here:
  https://github.com/systemd/systemd/pull/12281
  Fixes #1015
- Fix locale setting
  For pre-Leap 15 openSUSE versions KIWI >= 9.12.0 was not completely
  setting locale, as it was missingto set the RC_LANG variable from
  `/etc/sysconfig/language` file. Current commit enforces to update
  locale in `/etc/sysconfig/language` (if the file exists) at the
  same time it applies systemd-firstboot configurations.
  Fixes #1081
- Cleanup TODO & FIXME from xml_description.rst
- Add GitLab CI pipeline badge to README.rst
- Extend the development documentation
  Co-Authored-By: Thomas Schraitle <tom_schr@web.de>
- Log thrown exceptions in Compress.get_format()
- Fix documentation of Compress.get_format()
- log exception in SystemPrepare.__del__
- Use yaml.safe_load instead of yaml.load
  yaml.load is relatively dangerous when the loaded data comes from untrusted
  sources, as it can allow for arbitrary code execution, see:
  https://pyyaml.org/wiki/PyYAMLDocumentation#LoadingYAML
  safe_load limits the created python objects to the basic Python types like
  integers and strings, which is all that we need for the runtime configuration
  file.
- Fixing doc source for broken refs and xml syntax
- Document the usage of profiles via the CLI and OBS
- Apply suggestions from @tomschr
  Co-Authored-By: dcermak <45594031+dcermak@users.noreply.github.com>
- Improve the documentation of the runtime configuration file
  Co-Authored-By: Thomas Schraitle <tom_schr@web.de>
- Apply suggestions from @tomschr
  Co-Authored-By: dcermak <45594031+dcermak@users.noreply.github.com>
- Extend the documentation of Custom Disk Volumes
- Add documentation of the XML schema in a tutorial like fashion
  Co-Authored-By: Thomas Schraitle <tom_schr@web.de>
- Add documentation how to configure VMX build types
- Cleanup warnings in utils/size.py
  - use a raw string for the regexp search string
  - improve the readability of the returned value
- Make the user.password attribute mandatory
  Not providing a user password results in an error when usermod or openssl
  is later called by kiwi (depending on the value of `pwdformat`).
  This fixes #1061.
- Fixed repo setup for cloud integration test builds
  Using the devel:languages:python repos leads to inconsistencies
  on the module dependencies
- Bump version: 9.17.37 ? 9.17.38
- Delete obsolete repository types
  Deleted red-carpet, slack-site, up2date-mirrors, urpmi and yast2
  from the allowed values list of the repository type attribute.
  This Fixes #1029
- Fixed build_in_buildservice stale references
  Fixed style issues reported on sphinx build. Also deleted
  pointers to non existing references
- Delete suseRemovePackagesMarkedForDeletion
  Any package removal is controlled by kiwi itself. There is no
  need to provide a shell helper method that is rpm specific.
  This Fixes #1054
- Preserve licenses/other txt files by baseStripFirmware (bsc#1132455) (Fixes #1063)
  LICENSES are usually not large and should be kept alongside
  of the binaries. Also some firmware files sideload additional
  txt files (like for example brcmfmac43430 needs the sdio description
  txt files). We should just always include them because they're
  not listed as needed files.
  Co-Authored-By: Dan ?ermák <dcermak@suse.com>
- Split overview/workflow.rst into multiple files
  Co-Authored-By: Thomas Schraitle <tom_schr@web.de>
- Update doc/source/building/build_in_buildservice.rst
  Co-Authored-By: dcermak <45594031+dcermak@users.noreply.github.com>
- Rework documentation about building on OBS
- Added integration test guest image for OpenStack
- Update suse integration tests per Factory changes
  The way plymouth themes are provided has changed on suse.
  The package plymouth-branding-openSUSE is no longer providing
  the theme named openSUSE. In fact the plan is to switch to
  the upstream bgrt theme which is provided in another package.
  This commit adapts to the changes in the distribution
- Bump copyright year in the docs

==== python-pexpect ====
Version update (4.6.0 -> 4.7.0)

- Update to 4.7.0:
  * The :meth:`.pxssh.login` method now no longer requires a username if an ssh config is provided and will raise an error if neither are provided. (:ghpull:`562`).
  * The :meth:`.pxssh.login` method now supports providing your own ssh command via the cmd parameter. (:ghpull:`528`) (:ghpull:`563`).
  * :class:`.pxssh` now supports the use_poll parameter which is passed into :meth:`.pexpect.spawn` (:ghpull:`542`).
  * Minor bug fix with ssh_config. (:ghpull:`498`).
  * :meth:`.replwrap.run_command` now has async support via an async_ parameter. (:ghpull:`501`).
  * :meth:`.pexpect.spawn` will now read additional bytes if able up to a buffer limit. (:ghpull:`304`).
- Drop merged patch fix-test.patch

==== python-pyasn1-modules ====
Version update (0.2.4 -> 0.2.5)

- Update to 0.2.5:
  - Added RFC3560 providing RSAES-OAEP Key Transport Algorithm
    in CMS
  - Added RFC6019 providing BinaryTime - an alternate format
    for representing Date and Time
  - RFC3565 superseded by RFC5649
  - Added RFC5480 providng Elliptic Curve Cryptography Subject
    Public Key Information
  - Added RFC8520 providing X.509 Extensions for MUD URL and
    MUD Signer
  - Added RFC3161 providing Time-Stamp Protocol support
  - Added RFC3709 providing Logotypes in X.509 Certificates
  - Added RFC3274 providing CMS Compressed Data Content Type
  - Added RFC4073 providing Multiple Contents protection
    with CMS
- Execute testsuite

==== python-requests ====
Version update (2.21.0 -> 2.22.0)

- Update to 2.22.0:
  * Requests now supports urllib3 v1.25.2. (note: 1.25.0 and 1.25.1 are incompatible)
- Rebase requests-no-hardcoded-version.patch

==== ruby2.6 ====
Subpackages: libruby2_6-2_6 ruby2.6-devel

- Move RPM macros to %_rpmmacrodir.

==== spandsp ====

- Disable LTO (boo#1136056).

==== webkit2gtk3 ====
Version update (2.24.1 -> 2.24.2)
Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 libwebkit2gtk3-lang typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles

- Update to version 2.24.2:
  + Fix rendering of emojis copy-pasted from GTK emoji chooser.
  + Fix space characters not being rendered with some CJK fonts.
  + Fix adaptive streaming playback with older GStreamer versions.
  + Set a maximum zoom level for pinch zooming gesture.
  + Fix navigation gesture to not interfere with scrolling.
  + Fix SSE2 detection at compile time, ensuring the right flags
    are passed to the compiler.
  + Fix several crashes and rendering issues.
  + Security fixes: CVE-2019-8595, CVE-2019-8607, CVE-2019-8615.
  + Updated translations.
- Drop webkit2gtk3-fix-i586-build.patch: Fixed upstream.

==== wireshark ====
Version update (3.0.1 -> 3.0.2)
Subpackages: libwireshark12 libwiretap9 libwscodecs2 libwsutil10 wireshark-ui-qt

- Wireshark 3.0.2 (bsc#1136021)
  * Wireshark dissection engine crash.
- Further features, bug fixes and updated protocol support as listed in:
  https://www.wireshark.org/docs/relnotes/wireshark-3.0.2.html

==== yast2-add-on ====
Version update (4.1.11 -> 4.1.12)

- Fix: Update repository will be registered while installing
  an add-on on a running system (bsc#1055126).
- 4.1.12