Packages changed:
  aaa_base (84.87+git20210317.2c04190 -> 84.87+git20210601.8cb043f)
  alsa (1.2.4 -> 1.2.5)
  boost-base
  chrony (3.5.1 -> 4.1)
  curl (7.76.1 -> 7.77.0)
  gnutls (3.7.1 -> 3.7.2)
  helm (3.5.4 -> 3.6.0)
  kmod (28 -> 29)
  libX11
  libcap
  libmodulemd (2.12.0 -> 2.12.1)
  libtasn1 (4.16.0 -> 4.17.0)
  openssl
  pcre2 (10.36 -> 10.37)
  vim (8.2.2850 -> 8.2.2918)
  wget
  xen (4.14.1_16 -> 4.15.0_01)
  yast2 (4.4.5 -> 4.4.9)

=== Details ===

==== aaa_base ====
Version update (84.87+git20210317.2c04190 -> 84.87+git20210601.8cb043f)

- Update to version 84.87+git20210601.8cb043f:
  * Use shell builtins for $HOSTTYPE and others (boo#1186296)

==== alsa ====
Version update (1.2.4 -> 1.2.5)

- Update to version 1.2.5
  * https://www.alsa-project.org/wiki/Changes_v1.2.4_v1.2.5#alsa-lib
- Drop upstream fixed patches
  * 0001-dlmisc-the-snd_plugin_dir_set-snd_plugin_dir-must-be.patch
  * 0002-dlmisc-fix-snd_plugin_dir-locking-for-not-DL_ORIGIN_.patch
  * 0003-pcm-snd_pcm_mmap_readi-fix-typo-in-comment.patch
  * 0004-topology-use-inclusive-language-for-bclk.patch
  * 0005-topology-use-inclusive-language-for-fsync.patch
  * 0006-topology-use-inclusive-language-in-documentation.patch
  * 0007-pcm-set-the-snd_pcm_ioplug_status-tstamp-field.patch
  * 0009-pcm-Add-snd_pcm_audio_tstamp_type_t-constants.patch
  * 0045-pcm-direct-Fix-the-missing-appl_ptr-update.patch
  * 0019-pcm-fix-__snd_pcm_state-return-value.patch
  * 0025-pcm-plugin-optimize-sync-in-snd_pcm_plugin_status.patch
  * 0026-Revert-pcm_plugin-fix-delay.patch
  * 0014-rawmidi-fix-memory-leak-in-snd_rawmidi_virtual_open.patch
  * 0037-topology-tplg_decode_pcm-add-missing-log-argument-co.patch
  * 0040-topology-sort_config-cleanups-use-goto-for-the-error.patch
  * 0028-pcm-rate-tidy-up-snd_pcm_rate_avail_update.patch
  * 0046-pcm-ioplug-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_statu.patch
  * 0030-pcm-rate-use-pcm_frame_diff-in-snd_pcm_rate_playback.patch
  * 0047-pcm-null-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch
  * 0043-pcm-dmix-dshare-delay-calculation-fixes-and-cleanups.patch
  * 0042-pcm_plugin-set-the-initial-hw_ptr-appl_ptr-from-the-.patch
  * 0011-pcm-Fix-a-typo-in-SND_PCM_AUDIO_TSTAMP_TYPE_LAST-def.patch
  * 0017-pcm_multi-remove-dead-assignment-from-_snd_pcm_multi.patch
  * 0027-pcm-ioplug-fix-the-delay-calculation-in-the-status-c.patch
  * 0041-conf-USB-add-Xonar-U7-MKII-to-USB-Audio.pcm.iec958_d.patch
  * 0016-pcm-remove-dead-assignments-from-snd_pcm_rate_-commi.patch
  * 0035-topology-tplg_pprint_integer-fix-coverity-uninitaliz.patch
  * 0034-ucm-fix-possible-memory-leak-in-parse_verb_file.patch
  * 0021-conf-fix-return-code-in-_snd_config_load_with_includ.patch
  * 0023-pcm-plugin-status-revert-the-recent-changes.patch
  * 0020-confmisc-fix-memory-leak-in-snd_func_concat.patch
  * 0029-pcm-ioplug-fix-the-delay-calculation-for-old-plugins.patch
  * 0039-ucm-uc_mgr_substitute_tree-fix-use-after-free.patch
  * 0024-pcm-plugin-tidy-snd_pcm_plugin_avail_update.patch
  * 0010-test-audio_time-Make-use-of-SND_PCM_AUDIO_TSTAMP_TYP.patch
  * 0033-pcm-rate-fix-the-capture-delay-values.patch
  * 0015-timer-fix-sizeof-operator-mismatch-in-snd_timer_quer.patch
  * 0036-topology-tplg_add_widget_object-do-not-use-invalid-e.patch
  * 0044-topology-fix-parse_tuple_set-remove-dead-condition-c.patch
  * 0038-topology-parse_tuple_set-remove-dead-condition-code.patch
  * 0018-conf-fix-get_hexachar-return-value.patch
  * 0013-ucm-fix-bad-frees-in-get_list0-and-get_list20.patch
  * 0012-conf-fix-use-after-free-in-_snd_config_load_with_inc.patch
  * 0031-pcm-plugin-fix-status-code-for-capture.patch
  * 0048-pcm-share-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch
  * 0032-pcm-rate-use-pcm_frame_diff-on-related-places.patch
  * 0022-pcm-plugin-status-fix-the-return-value-regression.patch

==== boost-base ====
Subpackages: boost-license1_76_0 libboost_thread1_76_0

- Compile boost iostreams with lzma support for reading .xz files

==== chrony ====
Version update (3.5.1 -> 4.1)
Subpackages: chrony-pool-openSUSE

- Update to 4.1
  * Add support for NTS servers specified by IP address (matching
    Subject Alternative Name in server certificate)
  * Add source-specific configuration of trusted certificates
  * Allow multiple files and directories with trusted certificates
  * Allow multiple pairs of server keys and certificates
  * Add copy option to server/pool directive
  * Increase PPS lock limit to 40% of pulse interval
  * Perform source selection immediately after loading dump files
  * Reload dump files for addresses negotiated by NTS-KE server
  * Update seccomp filter and add less restrictive level
  * Restart ongoing name resolution on online command
  * Fix dump files to not include uncorrected offset
  * Fix initstepslew to accept time from own NTP clients
  * Reset NTP address and port when no longer negotiated by NTS-KE
    server
- Update clknetsim to snapshot f89702d.
- Refresh chrony.keyring from
  https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc
- Ensure the correct pool packages are installed for openSUSE
  and SLE (bsc#1180689).
- Enable syscallfilter unconditionally [boo#1181826].
- drop buildrequires on NSS. We need gnutls for NTS anyway and we
  can do all the other required crypto via nettle+gnutls. no need
  for another crypto library.
- Update to 4.0
  - Enhancements
  - Add support for Network Time Security (NTS) authentication
  - Add support for AES-CMAC keys (AES128, AES256) with Nettle
  - Add authselectmode directive to control selection of
    unauthenticated sources
  - Add binddevice, bindacqdevice, bindcmddevice directives
  - Add confdir directive to better support fragmented
    configuration
  - Add sourcedir directive and "reload sources" command to
    support dynamic NTP sources specified in files
  - Add clockprecision directive
  - Add dscp directive to set Differentiated Services Code Point
    (DSCP)
  - Add -L option to limit log messages by severity
  - Add -p option to print whole configuration with included
    files
  - Add -U option to allow start under non-root user
  - Allow maxsamples to be set to 1 for faster update with -q/-Q
    option
  - Avoid replacing NTP sources with sources that have
    unreachable address
  - Improve pools to repeat name resolution to get "maxsources"
    sources
  - Improve source selection with trusted sources
  - Improve NTP loop test to prevent synchronisation to itself
  - Repeat iburst when NTP source is switched from offline state
    to online
  - Update clock synchronisation status and leap status more
    frequently
  - Update seccomp filter
  - Add "add pool" command
  - Add "reset sources" command to drop all measurements
  - Add authdata command to print details about NTP
    authentication
  - Add selectdata command to print details about source
    selection
  - Add -N option and sourcename command to print original names
    of sources
  - Add -a option to some commands to print also unresolved
    sources
  - Add -k, -p, -r options to clients command to select, limit,
    reset data
  - Bug fixes
  - Don?t set interface for NTP responses to allow asymmetric
    routing
  - Handle RTCs that don?t support interrupts
  - Respond to command requests with correct address on
    multihomed hosts
  - Removed features
  - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
  - Drop support for long (non-standard) MACs in NTPv4 packets
    (chrony 2.x clients using non-MD5/SHA1 keys need to use
    option "version 3")
  - Drop support for line editing with GNU Readline
- add BuildRequires for gnutls-devel (which also pulls nettle to
  enable the new features)
- drop patches which are included in the update:
  chrony-test-update-processing-of-packet-log.patch
  chrony-test-fix-util-unit-test-for-NTP-era-split.patch
- refreshed chrony-config.patch
- track series file for easier quilt setup
- added option to turn off testsuite with
  osc build --without=testsuite
  testsuite still runs by default

==== curl ====
Version update (7.76.1 -> 7.77.0)
Subpackages: libcurl4

- Update to 7.77.0: [bsc#1186114, CVE-2021-22898]
  [bsc#1186115, bsc#1185579, CVE-2021-22901]
  * Security fixes:
  - CVE-2021-22297: schannel cipher selection surprise
  - CVE-2021-22298: TELNET stack contents disclosure
  - CVE-2021-22901: TLS session caching disaster
  * Changes:
  - configure: make the TLS library choice(s) explicit
  - curl: ignore options asking for SSLv2 or SSLv3
  - hsts: enable by default
  - SSL: support in-memory CA certs for some backends
  - vtls: refuse setting any SSL version
  * Bugfixes:
  - configure: provide --with-openssl, deprecate --with-ssl
  - cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies
  - curl: include libmetalink version in --version output
  - data_pending: check only SECONDARY socket for FTP(S) transfers
  - gnutls: don't allow TLS 1.3 for versions that don't support it
  - gnutls: make setting only the MAX TLS allowed version work
  - http2: fix resource leaks in set_transfer_url() and push_promise()
  - http: limit the initial send amount to used upload buffer size
  - rustls: only return CURLE_AGAIN when TLS session is fully drained
  - rustls: use ALPN
  - schannel: Disable auto credentials; add an option to enable it
  - schannel: Support strong crypto option
  - sectransp: allow cipher name to be specified
  - sockfilt: avoid getting stuck waiting for writable socket

==== gnutls ====
Version update (3.7.1 -> 3.7.2)

- Update to version 3.7.2
  * Added Linux kernel AF_ALG based acceleration
  * Fixed timing of early data exchange
  * The priority string option DISABLE_TLS13_COMPAT_MODE was added
    to disable TLS 1.3 middlebox compatibility mode
  * The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to
    GNUTLS_NO_IMPLICIT_INIT to reflect the purpose
  * certtool:
  * When signing a CSR, CRL distribution point (CDP) is no
    longer copied from the signing CA by default
  * When producing certificates and certificate requests, subject
    DN components that are provided individually will now be
    ordered by assumed scale
- Rework the crypto-policies dependencies in libraries [bsc#1186385]

==== helm ====
Version update (3.5.4 -> 3.6.0)

- Update to version 3.6.0:
  * bump version to v3.6.0
  * chore: update testdata to use the new ingress template
  * feat: add networking.k8s.io/v1 support to ingress template
  * Moving myself to maintainer emeritus
  * upgrade to kubernetes 1.21
  * Fix capabilities changes leaking into other tests
  * Add tests for template --kube-version
  * feat(helm): Support setting --kube-version
  * fix(ci) update ci to use main branch
  * Update references to default branch name as it has changed to main
  * Add ReadyChecker to decouple ready check logic from --wait
  * chore(deps): Bump github.com/deislabs/oras from v0.10.0 to v0.11.1 and drop replace
  * Add/update deprecation notices
  * Wrap validation error instead of recreating
  * Move default to avoid nil check
  * Add name validation rules for object kinds
  * Improve description for version flag.
  * chore: Spelling (#9410)
  * chore(deps): Bump k8s.io/klog/v2 from 2.5.0 to 2.8.0
  * chore(deps): Bump github.com/containerd/containerd from 1.4.3 to 1.4.4
  * chore(deps): Bump github.com/lib/pq from 1.9.0 to 1.10.0
  * Bump github.com/spf13/cobra from 1.1.1 to 1.1.3
  * Cleanup mpodule dependencies
  * feat(comp): Uninstall accepts multiple releases
  * new key for technosophos (#9478)
  * chore(deps): Bump github.com/sirupsen/logrus from 1.7.0 to 1.8.1
  * add flag trimpath in the go build command
  * stick to 0.20.4
  * updated unit tests to conform with helm best practices
  * corrected order of helm lint coalescing of multiple values files
  * upgrade to v0.21.0-beta.0
  * Fix the example for --time-format flag
  * Use kube libraries v0.20.4
  * Added s390x support to get script
  * add test to ensure OCIGetter registryClient is set
  * initialize registry client in oci getter
  * feat(comp): Add descriptions for output format
  * feat(comp): Add descriptions for --version comp
  * feat(comp): Add descriptions for revision comp
  * feat(comp): Add descriptions for kube-context comp
  * feat(comp): Add descriptions for plugin completion
  * feat(comp): Add descriptions for release name comp
  * feat(comp): Improve completion for plugin commands
  * fix(cmd): Show that flags can be used for zsh/fish
  * use relative linking
  * formatting
  * more words
  * keep it concise
  * docs(CONTRIBUTING): writing a HIP
  * update test expectation for new template error string
  * Add darwin/arm64 (Apple Silicon) support
  * fix windows tests
  * fix(test): Increase golangci-lint timeout
  * fix(helm): get/get-helm-3 whitespace support in runAsRoot
  * fix release sha256
  * feat(comp): Completion for the docs --type flag
  * Bump github.com/jmoiron/sqlx from 1.2.0 to 1.3.1
  * Updating golangci-lint to 1.36.0
  * chore(go.mod): bump Masterminds/{spring,goutils} and deislabs/oras
  * fix(*): Validate metadata semver and printable characters
  * Bump github.com/mitchellh/copystructure from 1.0.0 to 1.1.1
  * closes #9312
  * Fix-9253: Change the deprecated charts repo URL in release notes
  * Fix `helm list --offset` cli help string
  * Define GPG_PUBRING to make pubring configurable
  * Bump github.com/mattn/go-shellwords from 1.0.10 to 1.0.11
  * Bump k8s.io/klog/v2 from 2.4.0 to 2.5.0
  * Upgrade to oras v0.9.0 (#9269)
  * use kube libraries v0.20.2
  * print warning message instead of debug message when ~/.config exists but is not accessible
  * Update default ingress values section to correspond with template
  * chore(Makefile): add target to generate golden files
  * Fix dep build with OCI based charts
  * Fix typo in comment
  * bump version to
  * fix(Makefile): rebuild the binary if go.mod has changed
  * fix(pkg/storage): If storage.Create fails to clean up recent release versions, return an error
  * test(pkg/storage): Verify that storage.Create returns an error if it fails to clean up least-recent release versions
  * Bump github.com/containerd/containerd from 1.3.4 to 1.4.3
  * Improve the console output for resource policy keep to align with helm2.

==== kmod ====
Version update (28 -> 29)
Subpackages: libkmod2

- /usr/lib should override /lib where both are available. Support /usr/lib for
  depmod.d as well.
  * Refresh usr-lib-modprobe.patch
- Remove test patches included in release 29
  - kmod-populate-modules-Use-more-bash-more-quotes.patch
  - kmod-testsuite-compress-modules-if-feature-is-enabled.patch
  - kmod-also-test-xz-compression.patch
- Update to release 29
  * Fix `modinfo -F` not working for built-in modules and
    certain fields.
  * Fix a memory leak, overflow and double free on error path.
- Drop 0001-Fix-modinfo-F-always-shows-name-for-built-ins.patch,
  0001-libkmod-config-revamp-kcmdline-parsing-into-a-state-.patch,
  0002-libkmod-config-re-quote-option-from-kernel-cmdline.patch
  (all merged)

==== libX11 ====
Subpackages: libX11-6 libX11-data

- U_Check-for-NULL-strings-before-getting-their-lengths.patch
  * regression in libX11 1.7.1 (boo#1186643)
    fixes segfaults for xforms applications like fdesign

==== libcap ====

- Fix a broken symlink. libcap-devel installs libpsx.so but
  didn't install the library it's pointing to.

==== libmodulemd ====
Version update (2.12.0 -> 2.12.1)

- Updated to 2.12.1
  This is a bug-fix release fully compatible with the previous 2.12.0
  version. Notable changes:
  Enhancements:
  - Improve diagnostic messages for compression tests.
  - Tests performed in a GitHub continues integration are faster.
  - Use GitHub actions to perform CI tests also on ArchLinux, Mageia,
    Mandriva, and OpenSUSE.
  Fixes:
  - Relax context value up to 13 characters including an underscore
    character in modulemd v2 format. This reenables scratch-builds in MBS.
    Migrate Packit tests from a deprecated current_version_command to
    a newer actions/get-current-version.

==== libtasn1 ====
Version update (4.16.0 -> 4.17.0)

- libtasn1 4.17.0:
  * Print deprecation messages for deprecated macros
  * Fix some clang issues due to illegal pointers
  * Restore handling of SIZE nodes
  * Fix memory leak caught by oss-fuzz
  * Gtk-doc fixes
  * Fix bugs unveiled by Static Analysis
  * Update gnulib files and many build fixes
- move tools to -tools packages and clarify licenses
- update upstream signing keyring
- remove deprecated texinfo packaging macros

==== openssl ====

- Provide openssl(cli) by the meta package: Together with the
  suggests openssl in the base patterns, any consumer of this
  symbols should get the openssl meta package as candidate, which
  allows us to easier change the recommended default version.

==== pcre2 ====
Version update (10.36 -> 10.37)

- pcre2 10.37:
  * removal of the actual POSIX names regcomp etc. from the POSIX
    wrapper library because these have caused issues for some
    applications, replacing pcre2-symbol-clash.patch
  * fix a hypothetical NULL dereference
  * fix two bugs related to over-large numbers so the behaviour is
    now the same as Perl
  * Fix propagation of \K back from the full pattern recursion
  * Restore single character repetition optimization in JIT

==== vim ====
Version update (8.2.2850 -> 8.2.2918)
Subpackages: vim-data-common vim-small

- Updated to version 8.2.2918, fixes the following problems
  * Using <Cmd> mapping on the command line triggers CmdlineChanged. (Naohiro
  Ono)
  * Configure can add --as-needed a second time.
  * Window is not updated after using <Cmd> mapping.
  * Custom statusline cannot contain % items.
  * White space after "->" does not give E274.
  * Get readonly error for device that can't be written to.
  * Vim9: exception in ISN_INSTR caught at wrong level.
  * Test fails because of changed error message.
  * Tcl test fails because of changed error message.
  * Adding a text property causes the whole window to be redawn.
  * Vim9: "legacy return" is not recognized as a return statement.
  * Removing a text property causes the whole window to be redawn.
  * Removing a text property does not redraw optimally.
  * Vim9: crash when using inline function.
  * Skipping over function body fails.
  * Vim9: memory leak when using inline function.
  * Build failure.
  * Vim9: When executing a compiled expression the trylevel at start is
  changed but not restored. (closes #8214)
  * Using unified diff is not tested.
  * CmdlineChange event triggered twice for CTRL-R.
  * Unnessary VIM_ISDIGIT() calls, badly indented code.
  * Python tests fail without the channel feature.
  * Not enough tests for writing buffers.
  * Cancelling inputlist() after a digit does not return zero.
  * Configure cannot detect Python 3.10.
  * Insufficient tests for popup menu rightleft.
  * Vim9: for loop list unpack only allows for one "_".
  * File extension .hsig not recognized.
  * Unified diff fails if actually used.
  * Various pieces of code not covered by tests.
  * Vim9: memory leak when lambda has an error.
  * Not enough cscope code is covered by tests.
  * searching for \%'> does not match linewise end of line. (Tim Chase)
  * Various pieces of code not covered by tests.
  * Crash when passing null string to fullcommand().
  * Vim9: "k" command recognized in Vim9 script.
  * Typo and verbose comment in Makefiles.
  * Text property duplicated when data block splits.
  * Cannot build with Perl 5.34.
  * Error message contains random characters.
  * Multi-byte text in popup title shows up wrong.
  * Vim9: random characters appear in some error messages.
  * Spellfile functionality not fully tested.
  * Vim9: can use reserved words at the script level.
  * QuitPre and ExitPre not triggered when GUI window is closed.
  * Appveyor script does not detect nmake failure.
  * QuitPre is triggered before :wq writes the file, which is different from
  other commands.
  * Some operators not fully tested.
  * Spellfile functionality not fully tested.
  * Cursor position wrong on wrapped line with 'signcolumn'.
  * "g$" causes scroll if half a double width char is visible.
  * No error when defaults.vim cannot be loaded.
  * ASAN reports errors for test_startup for unknown reasons.
  * Memory leak when running out of memory.
  * Crash when using a terminal popup window from the cmdline window.
  * Build error with non-Unix system.
  * Test for cmdline window and terminal fails on MS-Windows.
  * Pattern "\%V" does not match all of block selection. (Rick Howe)
  * MS-Windows: most users expect using Unicode.
  * MS-Windows conpty supports using mouse events.
  * Cannot paste a block without adding padding.
  * Operators are not fully tested.
  * Spellfile functionality not fully tested.
  * Builtin function can be shadowed by global variable.

==== wget ====

- When running recursively, wget will verify the length of the whole
  URL when saving the files. This will make it overwrite files with
  truncated names, throwing the "The name is too long, ... trying to
  shorten" messages. The patch moves the length check code to a
  separate function and call it from the append_dir_structure() for each
  path element.
  [ bsc#1181173, 0001-src-main.c-Introduce-truncate_filename-option.patch]
- If wget for an http URL is redirected to a different site (hostname
  parts of URLs differ), then any "Authenticate" and "Cookie" header
  entries are discarded.
  [bsc#1175551, wget-do-not-propagate-credentials.patch]

==== xen ====
Version update (4.14.1_16 -> 4.15.0_01)

- Add xen.sysconfig-fillup.patch to make sure xencommons is in a
  format as expected by fillup. (bsc#1185682)
  Each comment needs to be followed by an enabled key. Otherwise
  fillup will remove manually enabled key=value pairs, along with
  everything that looks like a stale comment, during next pkg update
- Remove init.xen_loop and /etc/modprobe.d/xen_loop.conf
  The number of loop devices is unlimited since a while
- Refresh xenstore-launch.patch to cover also daemon case
- Now that SOURCE_DATE_EPOCH is defined and Xen Makefile uses it,
  drop reproducible.patch
- Update to Xen 4.15.0 FCS release
  xen-4.15.0-testing-src.tar.bz2
  * Xen can now export Intel Processor Trace (IPT) data from guests to tools in dom0.
  * Xen now supports Viridian enlightenments for guests with more than 64 vcpus.
  * Xenstored and oxenstored both now support LiveUpdate (tech preview).
  * Unified boot images
  * Switched x86 MSR accesses to deny by default policy.
  * Named PCI devices for xl/libxl and improved documentation for xl PCI configuration format.
  * Support for zstd-compressed dom0 (x86) and domU kernels.
  * Reduce ACPI verbosity by default.
  * Add ucode=allow-same option to test late microcode loading path.
  * Library improvements from NetBSD ports upstreamed.
  * x86: Allow domains to use AVX-VNNI instructions.
  * Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts.
  * xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend.
  * On detecting a host crash, some debug key handlers can automatically triggered to aid in debugging.
  * Increase the maximum number of guests which can share a single IRQ from 7 to 16, and make this configurable with irq-max-guests.
- Dropped patches contained in new tarball
  5fca3b32-tools-libs-ctrl-fix-dumping-of-ballooned-guest.patch
  5fedf9f4-x86-hpet_setup-fix-retval.patch
  5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch
  5ff71655-x86-dpci-EOI-regardless-of-masking.patch
  5ffc58c4-ACPI-reduce-verbosity-by-default.patch
  5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch
  600999ad-x86-dpci-do-not-remove-pirqs-from.patch
  600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch
  6011bbc7-x86-timer-fix-boot-without-PIT.patch
  6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch
  6013e546-x86-HVM-reorder-domain-init-error-path.patch
  601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch
  602bd768-page_alloc-only-flush-after-scrubbing.patch
  602cfe3d-IOMMU-check-if-initialized-before-teardown.patch
  602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch
  602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch
  602ffae9-tools-libs-light-fix-xl-save--c-handling.patch
  6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch
  60787714-x86-HPET-avoid-legacy-replacement-mode.patch
  60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch
  60410127-gcc11-adjust-rijndaelEncrypt.patch
  60422428-x86-shadow-avoid-fast-fault-path.patch
  604b9070-VT-d-disable-QI-IR-before-init.patch
  60535c11-libxl-domain-soft-reset.patch (Replaces xsa368.patch)
  60700077-x86-vpt-avoid-pt_migrate-rwlock.patch
  libxc-bitmap-50a5215f30e964a6f16165ab57925ca39f31a849.patch
  libxc-bitmap-longs.patch
  libxc-sr-3cccdae45242dab27198b8e150be0c85acd5d3c9.patch
  libxl.fix-libacpi-dependency.patch
  stubdom-have-iovec.patch
  xenwatchdogd-options.patch

==== yast2 ====
Version update (4.4.5 -> 4.4.9)

- AutoYaST: SectionWithAttributes allows to indicate whether an
  attribute accepts blank values (related to jsc#PM-2620).
- 4.4.9
- revert disable of hibernation based on product and virtual
  machines (bsc#1184470)
- 4.4.8
- Improve Yast2::Equatable mixin making the #hash method to be fine
  tuned easelly (related to bsc#11806082).
- 4.4.7
- Added some names to the list of parameters handled by CFA for the
  login.defs configuration (related to jsc#PM-2620).
- 4.4.6