Packages changed:
  aaa_base (84.87+git20191120.98f1524 -> 84.87+git20191206.1cb88e3)
  btrfsprogs (5.3.1 -> 5.4)
  dbus-1 (1.12.12 -> 1.12.16)
  expat (2.2.8 -> 2.2.9)
  gnutls (3.6.10 -> 3.6.11.1)
  haproxy (2.0.9+git6.26b7b800 -> 2.0.10+git14.7caf150a)
  iproute2 (5.3 -> 5.4)
  libxcrypt (4.4.3 -> 4.4.10)
  rebootmgr
  restorecond
  systemd

=== Details ===

==== aaa_base ====
Version update (84.87+git20191120.98f1524 -> 84.87+git20191206.1cb88e3)

- Update to version 84.87+git20191206.1cb88e3:
  * Add support for lesskey.bin in /usr/etc
  * Do last change also for tcsh
  * Not all XTerm based emulators do have an terminfo entry

==== btrfsprogs ====
Version update (5.3.1 -> 5.4)
Subpackages: btrfsprogs-udev-rules libbtrfs0

- Update to 5.4
  * support new hash algorithms (kernel 5.5):
  * mkfs.btrfs and btrfs-convert with --csum, crc32c, xxhash, sha256, blake2
  * mkfs: support new raid1c3 and raid1c4 block group profiles (kernel 5.5)
  * check:
  * --repair delays start with a warning, can be skipped using --force
  * enhanced detetion of inode types from partial data, more options for
    repair
  * receive: fix quiet option
  * image: speed up chunk loading
  * fi usage:
  * sort devices by id
  * print ratio of used/total per block group type
  * rescue zero-log: reset the log pointers directly, avoid reading some other
    potentially damaged structures
  * new make target install-static to install only static binaries/libraries
  * other
  * docs updates
  * new tests
  * cleanups and refactoring

==== dbus-1 ====
Version update (1.12.12 -> 1.12.16)
Subpackages: libdbus-1-3

- Verify signatures
  * dbus-1.keyring - Key for Simon McVittie (smcv) from the Debian
  developer keyring.
- Drop dbus_at_console.ck not needed
- Clean up sources
  * Source2 dbus-1.desktop now Source4
  * baselib.conf now source 3
- Update to 1.12.16
  * CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
    authentication for identities that differ from the user running the
    DBusServer. Previously, a local attacker could manipulate symbolic
    links in their own home directory to bypass authentication and connect
    to a DBusServer with elevated privileges. The standard system and
    session dbus-daemons in their default configuration were immune to this
    attack because they did not allow DBUS_COOKIE_SHA1, but third-party
    users of DBusServer such as Upstart could be vulnerable.
    Thanks to Joe Vennix of Apple Information Security.
    (bsc#1137832, dbus#269, Simon McVittie)
- From 1.12.14
  * Raise soft fd limit to match hard limit, even if unprivileged.
    This makes session buses with many clients, or with clients that make
    heavy use of fd-passing, less likely to suffer from fd exhaustion.
    (dbus!103, Simon McVittie)
  * If a privileged dbus-daemon has a hard fd limit greater than 64K, don't
    reduce it to 64K, ensuring that we can put back the original fd limits
    when carrying out traditional (non-systemd) activation. This fixes a
    regression with systemd >= 240 in which system services inherited
    dbus-daemon's hard and soft limit of 64K fds, instead of the intended
    soft limit of 1K and hard limit of 512K or 1M.
    (dbus!103, Debian#928877; Simon McVittie)
  * Fix build failures caused by an AX_CODE_COVERAGE API change in newer
    autoconf-archive versions (dbus#249, dbus!88; Simon McVittie)
  * Fix build failures with newer autoconf-archive versions that include
    AX_-prefixed shell variable names (dbus#249, dbus!86; Simon McVittie)
  * Parse section/group names in .service files according to the syntax
    from the Desktop Entry Specification, rejecting control characters
    and non-ASCII in section/group names (dbus#208, David King)
  * Fix various -Wlogical-op issues that cause build failure with newer
    gcc versions (dbus#225, dbus!109; David King)
  * Don't assume we can set permissions on a directory, for the benefit of
    MSYS and Cygwin builds (dbus#216, dbus!110; Simon McVittie)
  * Don't overwrite PKG_CONFIG_PATH and related environment variables when
    the pkg-config-based version of DBus1Config is used in a CMake project
    (dbus#267, dbus!96; Clemens Lang)
- Drop now upstream Patches
  * dbus-no-ax-check.patch
  * dbus-new-autoconf-archive.patch

==== expat ====
Version update (2.2.8 -> 2.2.9)

- Version update to 2.2.9
  * Other changes:
  - examples: Drop executable bits from elements.c
    [#349]  Windows: Change the name of the Windows DLLs from expat*.dll
    to libexpat*.dll once more (regression from 2.2.8, first
    fixed in 1.95.3, issue #61 on SourceForge today,
    was issue #432456 back then); needs a fix due
    case-insensitive file systems on Windows and the fact that
    Perl's XML::Parser::Expat compiles into Expat.dll.
    [#347]  Windows: Only define _CRT_RAND_S if not defined
    Version info bumped from 7:10:6 to 7:11:6

==== gnutls ====
Version update (3.6.10 -> 3.6.11.1)

- gnutls 3.6.11.1:
  * libgnutls: Corrected issue with TLS 1.2 session ticket
    handling as client during resumption
  * libgnutls: gnutls_base64_decode2() succeeds decoding the empty
    string to the empty string. This is a behavioral change of the
    API but it conforms to the RFC4648 expectations
  * libgnutls: Fixed AES-CFB8 implementation, when input is shorter
    than the block size. Fix backported from nettle.
  * certtool: CRL distribution points will be set in CA
    certificates even when non self-signed
  * gnutls-cli/serv: added raw public-key handling capabilities
    (RFC7250). Key material can be set via the --rawpkkeyfile and
  - -rawpkfile flags.

==== haproxy ====
Version update (2.0.9+git6.26b7b800 -> 2.0.10+git14.7caf150a)

- Update to version 2.0.10+git14.7caf150a:
  * BUG/MINOR: mux-h1: Fix conditions to know whether or not we may receive data
  * BUG/MINOR: mux-h1: Don't rely on CO_FL_SOCK_RD_SH to set H1C_F_CS_SHUTDOWN
  * BUG/MEDIUM: mux-h1: Never reuse H1 connection if a shutw is pending
  * BUG/MINOR: ssl: certificate choice can be unexpected with openssl >= 1.1.1
  * BUG/MEDIUM: listener/thread: fix a race when pausing a listener
  * BUG/MINOR: stream-int: avoid calling rcv_buf() when splicing is still possible
  * BUG/MEDIUM: stream-int: don't subscribed for recv when we're trying to flush data
  * DOC: move the "group" keyword at the right place
  * DOC: clarify matching strings on binary fetches
  * DOC: Clarify behavior of server maxconn in HTTP mode
- Update to version 2.0.10+git4.6d9a455d:
  * BUG/MINOR: http-htx: Don't make http_find_header() fail if the value is empty
- Update to version 2.0.10+git3.200c6215:
  * BUG/MINOR: contrib/prometheus-exporter: decode parameter and value only
- Update to version 2.0.10+git2.3a00e5fc:
  * BUG/MINOR: contrib/prometheus-exporter: Use HTX errors and not legacy ones
  * BUG/MINOR: stream: init variables when the list is empty
- Update to version 2.0.10+git0.ac198b92:
  * [RELEASE] Released version 2.0.10
  * SCRIPTS: git-show-backports: add "-s" to proposed cherry-pick commands
  * SCRIPTS: create-release: show the correct origin name in suggested commands
  * BUG/MAJOR: mux-h2: don't try to decode a response HEADERS frame in idle state
  * BUG/MAJOR: h2: make header field name filtering stronger
  * BUG/MAJOR: h2: reject header values containing invalid chars
  * MINOR: ist: add ist_find_ctl()
  * BUG/MINOR: ssl: fix curve setup with LibreSSL
  * BUG/MINOR: cli: fix out of bounds in -S parser
  * DOC: Add documentation about the use-service action
  * DOC: Add missing stats fields in the management manual
  * BUG/MINOR: mux-h1: Adjust header case when chunked encoding is add to a message
  * BUG/MINOR: mux-h1: Fix a UAF in cfg_h1_headers_case_adjust_postparser()
  * MEDIUM: mux-h1: Add the support of headers adjustment for bogus HTTP/1 apps
  * REGTEST: vtest can now enable mcli with its own flag
  * MINOR: stats: Report max times in addition of the averages for sessions
  * BUG/MINOR: stream-int: Fix si_cs_recv() return value
  * MINOR: contrib/prometheus-exporter: Add a param to ignore servers in maintenance
  * MINOR: contrib/prometheus-exporter: filter exported metrics by scope
  * MINOR: contrib/prometheus-exporter: report the number of idle conns per server
  * BUG/MINOR: contrib/prometheus-exporter: Rename some metrics
  * MINOR: contrib/prometheus-exporter: Report metrics about max times for sessions
  * MINOR: counters: Add fields to store the max observed for {q,c,d,t}_time
  * MINOR: stream: Remove the lock on the proxy to update time stats
  * MINOR: freq_ctr: Make the sliding window sums thread-safe
  * BUG/MINOR: http-ana: Properly catch aborts during the payload forwarding
  * BUG/MINOR: mux-h1: Fix tunnel mode detection on the response path
  * BUILD: debug: Avoid warnings in dev mode with -02 because of some BUG_ON tests
  * BUG/MEDIUM: stream-int: Don't loose events on the CS when an EOS is reported
  * BUILD/MINOR: ssl: fix compiler warning about useless statement
  * BUG/MINOR: peers: "peer alive" flag not reset when deconnecting.
  * BUG/MEDIUM: mworker: don't fill the -sf argument with -1 during the reexec

==== iproute2 ====
Version update (5.3 -> 5.4)

- Update to new upstream release 5.4
  * devlink: increase number of supported options (32 -> 64)
  * devlink: add trap set and show commands
  * devlink: add trap group set and show commands
  * devlink: add reset_dev_on_drv_probe param
  * devlink: support unknown value for fw_load_policy
  * devlink: support flash status monitoring
  * devlink: add reload failed indication
  * ip: netns: support dump of nsid conversion table
  * ip: nexthop: support filtering by protocol for flush and list
  * rdma: driver QP type string
  * tc: introduce ct action
  * tc: support 64-bit rate and peakrate
  * tc: etf: support skip_sock_check
  * tc: flower: add matching on conntrack info
  * tc: taprio: support setting flags
  * tc: taprio: support setting txtime_delay
  * documentation improvements
  * json output improvements
  * drop outdated example scripts and README files
- drop (patched script dropped)
  examples-fix-bashisms-in-example-script.patch
- ss-fix-end-of-line-printing-in-misc-ss.c.patch:
  fix missing end of line at the end of ss output

==== libxcrypt ====
Version update (4.4.3 -> 4.4.10)

- Update to version 4.4.10
  * Fix alignment problem for GOST 34.11 (Streebog) in gost-yestcrypt.
  * The crypt_* functions will now all fail and set errno to ERANGE if
    their 'phrase' argument is longer than CRYPT_MAX_PASSPHRASE_SIZE
    characters (this is currently 512)
  * The NT hashing method no longer truncates passphrases at 128
    characters; Windows does not do this.
- format-overflow.patch: remove

==== rebootmgr ====

- Fix %posttrans script returning an error code

==== restorecond ====

- Use %make_build and respect %optflags.

==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev

- Import commit dbb1d4734daffa62e0eddecfa4f784c84a9d8e76
  1439d72a72 udevd: don't use monitor after manager_exit()
  99288dd778 Revert "udevd: fix crash when workers time out after exit is signal caught"
  152577d6d0 udevd: fix crash when workers time out after exit is signal caught
  f854991504 udevd: wait for workers to finish when exiting (bsc#1106383)
  Changes from the v243-stable (84 commits):
  e51d9bf9e5 man: add entry about SpeedMeter=
  aa1fc791c7 udev: silence warning about PROGRAM+= or IMPORT+= rules
  b9a619bb67 udevadm: ignore EROFS and return earlier
  1ec5b9f80c basic: add vmware hypervisor detection from device-tree
  7fa7080248 umount: be happy if /proc/swaps doesn't exist
  [...]
  47d0e23d26 udev: fix memleak caused by wrong cleanup function
  a6fb0542c5 parse_hwdb: fix compatibility with pyparsing 2.4.*
  cb1d892f17 parse_hwdb: process files in order