Packages changed:
  ffmpeg-4
  grub2 (2.04 -> 2.06)
  hwdata (0.348 -> 0.349)
  libcdio-paranoia (10.2+2.0.0 -> 10.2+2.0.1)
  libeconf (0.4.0+git20210413.fdb8025 -> 0.4.1+git20210709.cf671f2)
  libvirt
  polkit-default-privs (1550+20210615.e149f78 -> 1550+20210708.6401347)
  python-kiwi (9.23.31 -> 9.23.43)
  rubygem-parser (3.0.1.1 -> 3.0.2.0)
  rubygem-rubocop (1.17.0 -> 1.18.3)
  selinux-policy

=== Details ===

==== ffmpeg-4 ====
Subpackages: libavcodec58_134 libavdevice58_13 libavfilter7_110 libavformat58_76 libavresample4_0 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9

- Remove second hunk of ffmpeg-CVE-2020-22046.patch, that contains
  a goto to a none existing label. In order to distinguish this
  patch from the original, I renamed it to
  ffmpeg-4.4-CVE-2020-22046.patch
- While at it, refresh the other patches with offsets
- Add ffmpeg-CVE-2020-22046.patch: Backport from upstream to fix
  a denial of service vulnerability exists in FFmpeg 4.2 due to a
  memory leak in the avpriv_float_dsp_allocl function in
  libavutil/float_dsp.c (bsc#1186849).
- Add ffmpeg-CVE-2021-33815.patch: Backport from upstream to fix
  dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an
  out-of-bounds array access because dc_count is not strictly
  checked (bsc#1186865).

==== grub2 ====
Version update (2.04 -> 2.06)
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen

- Version bump to 2.06
  * rediff
  - 0001-add-support-for-UEFI-network-protocols.patch
  - 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch
  - 0003-Make-grub_error-more-verbose.patch
  - 0003-bootp-New-net_bootp6-command.patch
  - 0005-grub.texi-Add-net_bootp6-doument.patch
  - 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch
  - 0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch
  - 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch
  - 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch
  - grub-install-force-journal-draining-to-ensure-data-i.patch
  - grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
  - grub2-diskfilter-support-pv-without-metadatacopies.patch
  - grub2-efi-HP-workaround.patch
  - grub2-efi-xen-cfg-unquote.patch
  - grub2-efi-xen-chainload.patch
  - grub2-fix-menu-in-xen-host-server.patch
  - grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch
  - grub2-install-remove-useless-check-PReP-partition-is-empty.patch
  - grub2-lvm-allocate-metadata-buffer-from-raw-contents.patch
  - grub2-mkconfig-default-entry-correction.patch
  - grub2-pass-corret-root-for-nfsroot.patch
  - grub2-s390x-03-output-7-bit-ascii.patch
  - grub2-s390x-04-grub2-install.patch
  - grub2-secureboot-install-signed-grub.patch
  - grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch
  - use-grub2-as-a-package-name.patch
  * update by patch squashed:
  - 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch
  - grub2-efi-chainload-harder.patch
  - grub2-secureboot-no-insmod-on-sb.patch
  - grub2-secureboot-chainloader.patch
  - grub2-secureboot-add-linuxefi.patch
  * remove squashed patches:
  - 0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch
  - 0009-squash-Add-support-for-linuxefi.patch
  - 0041-squash-Add-secureboot-support-on-efi-chainloader.patch
  - 0042-squash-grub2-efi-chainload-harder.patch
  - 0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch
  - 0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch
  * drop upstream patches:
  - 0001-Warn-if-MBR-gap-is-small-and-user-uses-advanced-modu.patch
  - 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch
  - 0001-kern-efi-sb-Add-chainloaded-image-as-shim-s-verifiab.patch
  - 0001-mdraid1x_linux-Fix-gcc10-error-Werror-array-bounds.patch
  - 0001-normal-Move-common-datetime-functions-out-of-the-nor.patch
  - 0001-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch
  - 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch
  - 0002-grub-install-Avoid-incompleted-install-on-i386-pc.patch
  - 0002-kern-Add-X-option-to-printf-functions.patch
  - 0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch
  - 0002-zfs-Fix-gcc10-error-Werror-zero-length-bounds.patch
  - 0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch
  - 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch
  - 0003-normal-main-Search-for-specific-config-files-for-net.patch
  - 0004-calloc-Use-calloc-at-most-places.patch
  - 0004-datetime-Enable-the-datetime-module-for-the-emu-plat.patch
  - 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch
  - 0005-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch
  - 0005-efi-Add-secure-boot-detection.patch
  - 0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
  - 0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch
  - 0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch
  - 0007-font-Do-not-load-more-than-one-NAME-section.patch
  - 0007-verifiers-Move-verifiers-API-to-kernel-image.patch
  - 0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch
  - 0008-script-Remove-unused-fields-from-grub_script_functio.patch
  - 0009-kern-Add-lockdown-support.patch
  - 0009-script-Avoid-a-use-after-free-when-redefining-a-func.patch
  - 0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch
  - 0010-linux-Fix-integer-overflows-in-initrd-size-handling.patch
  - 0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch
  - 0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch
  - 0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch
  - 0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch
  - 0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch
  - 0016-commands-setpci-Restrict-setpci-command-when-locked-.patch
  - 0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch
  - 0018-gdb-Restrict-GDB-access-when-locked-down.patch
  - 0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch
  - 0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch
  - 0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch
  - 0022-lib-arg-Block-repeated-short-options-that-require-an.patch
  - 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch
  - 0024-kern-parser-Fix-resource-leak-if-argc-0.patch
  - 0025-kern-parser-Fix-a-memory-leak.patch
  - 0026-kern-parser-Introduce-process_char-helper.patch
  - 0027-kern-parser-Introduce-terminate_arg-helper.patch
  - 0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch
  - 0029-kern-buffer-Add-variable-sized-heap-buffer.patch
  - 0030-kern-parser-Fix-a-stack-buffer-overflow.patch
  - 0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch
  - 0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch
  - 0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch
  - 0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch
  - 0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch
  - 0036-util-mkimage-Improve-data_size-value-calculation.patch
  - 0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch
  - 0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch
  - 0039-grub-install-common-Add-sbat-option.patch
  - 0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch
  - grub-install-define-default-platform-for-risc-v.patch
  - grub2-editenv-add-warning-message.patch
  - grub2-efi-gop-add-blt.patch
  - grub2-efi-uga-64bit-fb.patch
  - grub2-verifiers-fix-system-freeze-if-verify-failed.patch
  - risc-v-add-clzdi2-symbol.patch
  - risc-v-fix-computation-of-pc-relative-relocation-offset.patch
- Add grub2-instdev-fixup.pl for correcting /etc/default/grub_installdevice to
  use disk devie if grub has been installed to it
- Add 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch to fix
  detection of efi fwsetup support

==== hwdata ====
Version update (0.348 -> 0.349)

- Update to version 0.349 (bsc#1187948:
  + Updated pci, usb and vendor ids.

==== libcdio-paranoia ====
Version update (10.2+2.0.0 -> 10.2+2.0.1)
Subpackages: libcdio_cdda2 libcdio_paranoia2

- version 10.2+2.0.1 (2019-09-16)
  * cdda toc routines now included
  * "make distcheck" broken in 2.0.0 works properly again
  * Remove some gcc/clang warnings
- Use %find_lang
- Use correct License
- Drop --with-pic (no effect with --disable-static)
- Trim old rpm macros/constructs
- Update descriptions

==== libeconf ====
Version update (0.4.0+git20210413.fdb8025 -> 0.4.1+git20210709.cf671f2)
Subpackages: libeconf0 libeconf0-32bit

- Update to version 0.4.1+git20210709.cf671f2:
  * CMake fixes regarding installation of econftool and man pages.
- Update to version 0.4.0+git20210708.6918ea1:
  * Fixed covscan FORWARD_NULL_issues warnings
- Update to version 0.4.0+git20210707.537a8a:
  * Fixed resource leaks found by Iker Pedrosa.

==== libvirt ====
Subpackages: libvirt-client libvirt-daemon libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs

- virtlockd: Don't report error if lockspace exists
  de1e0ae0-lockd-no-error-if-lockspace.patch
  bsc#1184253

==== polkit-default-privs ====
Version update (1550+20210615.e149f78 -> 1550+20210708.6401347)

- Update to version 1550+20210708.6401347:
  * fprint.device.enroll: keep restrictive profile in sync with upstream
- Update to version 1550+20210708.c4d6bf4:
  * kdenetwork-filesharing: align with upstream (#49)
- Update to version 1550+20210701.3047fcb:
  * ModemManager1.USSD: fix inconsistencies in standard and easy profiles
  * powerdevil.discretegpuhelper.hasdualgpu: align with upstream settings
  * cupspkhelper.mechanism.job-edit: align with upstream setting
  * org.fedoraproject.FirewallD1.info: don't be more restrictive than the 'standard' profile
  * remove org.selinux.* (policycoreutils) since they no longer exist in Factory
  * remove cinnamon.controlcenter.datetime.configure: no longer packaged
  * net.connman.vpn.secret: fix invalid label "auth_admin_keep_session"

==== python-kiwi ====
Version update (9.23.31 -> 9.23.43)

- Bump version: 9.23.42 ? 9.23.43
- Re-add suseImportBuildKey
  suseImportBuildKey is not required during the image build as kiwi imports the
  correct keys by itself. However, the created images lack the repository signing
  keys and any `zypper` commands will thus fail.
  This fixes https://github.com/OSInside/kiwi/issues/1876
- Bump version: 9.23.41 ? 9.23.42
- Fixed fedora integration test builds
  Maintain the repos in the obs prj config which prevents
  the weird "nothing provides kernel-obs-build" error
- Bump version: 9.23.40 ? 9.23.41
- Remove util-linux-systemd & util-linux Requires from dracut-kiwi-overlay
  These dependencies are pulled in via dracut-kiwi-lib.
- Add missing util-linux-systemd Requires to dracut-kiwi-[live,libs]
- Fixed test-image-orthos integration test
  The test was missing btrfs_root_is_snapshot which is required
  when using btrfs on tumbleweed.
- Fixed test-image-disk-legacy integration test
  The test did not set a device filter for ramdisk devices but
  activates unattended mode. In this mode the first device in
  the list is taken and this is a ramdisk device which is
  by default too small to be used for the installation. Thus
  the install usually fails. This commit sets the device filter
  for ramdisk devices such that only associated disk devices
  can be used for the install process, which is the purpose
  of this test. This is related to Issue OSInside/kiwi-functional-tests#8
- Bump version: 9.23.39 ? 9.23.40
- Mount dev and proc filesystems prior dracut
  In newer versions of dracut /dev and /proc must be mounted
  for dracut to work correctly. If not present the resulting
  initrd is incomplete. This Fixes #1867
- Use namespaced files in /var/tmp for large temporary files
  Previously, kiwi created staging image files as plain temporary files
  in /tmp, which causes issues on operating systems where /tmp is tmpfs.
  Notably, image builds would fail with "no space left on the device"
  because the tmpfs was not big enough for everything to exist there.
  To fix this, we change to use /var/tmp, and additionally add a prefix
  for our temporary files so that the user knows which ones kiwi created.
  Fixes: https://github.com/OSInside/kiwi/issues/1866
- Use latest stylesheet in STYLEROOT
  Use "suse2021-ns" instead of "suse2013-ns" due to new
  branding.
- Add missing util-linux-systemd dependency to dracut-kiwi-overlay
  The script kiwi-overlay-root.sh requires lsblk which is provided by
  util-linux-systemd. If that package is missing in the final image, then booting
  an overlayroot image hangs with:
  dracut-pre-mount[480]: //lib/dracut/hooks/pre-mount/30-kiwi-overlay-root.sh: line 46: lsblk: command not found
- Make sure chat link points to Element not Riot
  Riot has changed to Element. The index page on kiwi still
  uses the old location. This updates the information how to
  use the Matrix channel and the kiwi room name.
  This Fixes #1854
- Bump version: 9.23.38 ? 9.23.39
- Functions integration tests (#1851)
  Add integration tests for functions.sh
  Implement a container based test system to run shell code for testing.
  The concept utilizes pytest-testinfra and runs a container per test.
  The nested container in a container feature is supported by the github
  actions workflow. Thus the integration of this testing concept runs in
  the github actions CI rather than on gitlab
- Don't shell out for calling dnf
  refactor the dnf call to install packages and groups in
  one call. This allows to prevent calling dnf through a
  shell. For installing of a package group the group ID
  name is expected. This Fixes #1856
- - Improve the error message if the config file cannot be parsed.
- Do not shell out for calling microdnf.
  In fact it can be counter productive if the shell
  evaluates eventually existing package name/instruction
  patterns. This is related to Issue #1856
- Prevent calling pacman through a shell
  There is no reason to shell out for calling pacman.
  In fact it can be counter productive if the shell
  evaluates eventually existing package name/instruction
  patterns. This is related to Issue #1856
- Make sure mypy stubs will be installed
- Allow creation of LUKS system with empty key
  To support cloud platforms better we should allow the
  creation of an initial(insecure) LUKS encrypted image
  with an empty passphrase/keyfile. This Fixes
  bsc#1187461 and bsc#1187460
- Bump version: 9.23.37 ? 9.23.38
- Fixed cleanup of temporary directory
  In the custom kiwi initrd build process a temporary directory
  holding a copy of the initrd root tree is created. That data
  got never cleaned up. This commit uses a TemporaryDirectory
  object from the tempfile module to make sure it gets deleted
  once the execution scope is done. This Fixes #1837
- Bump version: 9.23.36 ? 9.23.37
- Delete deprecated shell functions from docs
  suseActivateDefaultServices
  suseSetupProductInformation
  suseImportBuildKey
  suseConfig
  baseCleanMount
  baseSetupUserPermissions
  baseGetPackagesForDeletion
  baseGetProfilesUsed
  baseStripMans
  baseStripDocs
  baseStripInfos
  Rpm
- Fixed creating grub bios module
  If no prebuilt grub bios module was found, kiwi creates one.
  In this case kiwi searches for the grub modules and runs
  the grub mkimage tool. The search for the modules for the
  bios module used the host system (/) grub and that fails if
  the host has packaged grub differently than the image target.
  This fix moves the lookup into the image root directory
  which is the correct place to lookup the grub data
- Bump version: 9.23.35 ? 9.23.36
- Fixed building with custom kiwi initrd setup
  The change from allowing to build with initrd_system="none"
  broke the build for initrd_system="kiwi". This commit fixes
  the regression
- Use zypper --gpg-auto-import-keys option
  When building an image against self managed repos the
  auto import of the repo gpg key makes sense to me
- Cleanup integration tests from obsolete methods
  Cleanup config.sh scripts calling obsolete helper methods
- Cleanup integration tests from obsolete methods
  Cleanup config.sh scripts calling obsolete helper methods
- Bump version: 9.23.34 ? 9.23.35
- Corrected preferences timezone code tag
- Refactor config functions code
  Reorganize the code into more readable areas like methods
  present as helpers, methods for customers, methods which are
  distribution specific and also methods that are deprecated
  and give a good reason why they are deprecated when they
  get called. This is related to Issue #1828
- Revert "Switch test-image-live-disk to Fedora 33"
  This reverts commit f80549474c4baa120e6e228bacc7b4a075265753.
- Switch test-image-live-disk to Fedora 33
- Fixed codacy code smells
- Add strong typing for the following API methods
  kiwi/boot/image/base.py
  kiwi/boot/image/builtin_kiwi.py
  kiwi/boot/image/dracut.py
  This references issue #1644
- Added support for skipping initrd creation
  Embedded systems and other customer use cases sometimes
  doesn't require an initrd. So far the initrd creation was
  a mandatory step in the process. With this commit it's
  possible to configure <type ... initrd_system="none"/>
  and therefore skip the creation and setup of an initrd.
  Using this feature comes with a price. Without an initrd
  the task of mounting the specified root=DEVICE_SPEC now
  becomes a task of the kernel. If the kernel doesn't have
  the required filesystem driver compiled in or the mount
  process of the device is not just a simple mount
  action, the boot of such an appliance will fail
- Remove grep and find from suseSetupProduct
- config/functions.sh: Avoid non-zero exit status
  In baseStripDocs and baseStripFirmware avoid non-zero exit status of grep.
  This allows the functions to be used in a script that sets the exit-on-error
  flag.
- Bump version: 9.23.33 ? 9.23.34
- Make sure we use sphinx >= 4.0.2
- Revert "Revert "Fix installation of man pages""
  This reverts commit db7410f3c5b7b101ec0974cc24de0400c491f065.
- Revert "Make sure man pages are part of the sdist tarball"
  This reverts commit 3bf80506c4bbe381b66febdd38df93e65103ffb6.
- Bump version: 9.23.32 ? 9.23.33
- Make sure man pages are part of the sdist tarball
  Due to the move of man pages in sphinx the MANIFEST.in
  has to be updated to provide the man pages in the
  sdist tarball
- Revert "Fix installation of man pages"
  This reverts commit 286b26b5b6598285bf6eb26a1f5c9200c925b529.
- Fixed missing shebang in config.sh
  The ubuntu integration test config.sh script was missing
  the shebang to let the script code run through bash
- Fix installation of man pages
  The generated source archive on PyPI has the man page files
  in ./doc/build/man instead of ./doc/build/man/8.
  Adjust the Makefile to use the correct path to install the
  man pages.
- Bump version: 9.23.31 ? 9.23.32
- Do not return default stdout if it is no raising on failure
  This commit prevents the use of a default stdout and stderr in case
  return code reports errors and it is not raising an exception.
  If we are not raising an exception there is no specific need to
  artificially append some stdout and stderr default message, we just
  behave as if there was no error.
- Update Ubuntu integration test for system settings
  In Debian based distributions the kiwi built in way
  to setup locale, keyboard and timezone via systemd tools
  does not work because not(yet) provided by the distribution.
  This commit adds a reference implementation in the Ubuntu
  integration test to demonstrate how the settings given in
  the kiwi image description needs to be handled to make
  them effective in the later image. This Fixes #1787
- Add log information on grub search
  There is a method in kiwi which searches for grub files.
  As grub is packaged differently within the distributions
  a dynamic lookup is needed. However, the result and where
  kiwi looked it up was not part of the log file. In terms
  of issues like the one from Issue #1754 it would be very
  handy to know about this information. Thus this commit
  adds debug information to the log file regarding what
  grub files are searched and where and if found
- Fixed coday complains
- Make dracut version check more robust
  The check_dracut_module_versions_compatible_to_kiwi() runtime
  check calls the package manager from the host and reads the
  package database from the image root. Doing this requires
  the package database in the image to be compatible with the
  package manager on the host. However this cannot be guarenteed
  and it is more robust to chroot into the image root and call
  the package manager from there. However, this change also comes
  with the cost that it's required to have a package manager
  available in the image root tree. Therefore along with the
  chroot based call, eventual exceptions from the call are now
  catched and leads to a debug message in the log file but will
  not lead the runtime check to fail. I consider the cases
  without a package database inside of the image to be less
  critical than the incompatibility issue between the host
  tooling and the package database in the image.
  This Fixes bsc#1185937

==== rubygem-parser ====
Version update (3.0.1.1 -> 3.0.2.0)

- updated to version 3.0.2.0
  API modifications:
  * Bump maintenance branches to 3.0.2, 2.7.4, and 2.6.8 (#805) (Koichi ITO)
  Features implemented:
  * lexer.rl: reject `\u` after control/meta escape chars. (#807) (Ilya Bylich)
  * ruby31.y: allow "command" syntax in endless method definition (#801) (Koichi ITO)

==== rubygem-rubocop ====
Version update (1.17.0 -> 1.18.3)

- updated to version 1.18.3
  [#]## Bug fixes
  * [#9891](https://github.com/rubocop/rubocop/issues/9891): Fix `--auto-gen-config` bug for `Style/HashSyntax`. ([@jonas054][])
  * [#9905](https://github.com/rubocop/rubocop/issues/9905): Fix false positive for single line concatenation in `Layout/LineEndStringConcatenationIndentation`. ([@jonas054][])
  * [#9907](https://github.com/rubocop/rubocop/issues/9907): Fix an incorrect auto-correct for `Lint/UselessTimes` when using block argument for `1.times`. ([@koic][])
  * [#9869](https://github.com/rubocop/rubocop/issues/9869): Fix reference to file in configuration override warning. ([@jonas054][])
  * [#9902](https://github.com/rubocop/rubocop/issues/9902): Fix an incorrect auto-correct for `Style/BlockDelimiters` when there is a comment after the closing brace. ([@koic][])
  * [#8469](https://github.com/rubocop/rubocop/issues/8469): Add inspection of `class <<` to `Layout/SpaceAroundOperators`. ([@jonas054][])
  * [#9909](https://github.com/rubocop/rubocop/pull/9909): This PR fixes an incorrect auto-correct for `Style/SingleLineMethods` when using `return`, `break`, or `next` for one line method body in Ruby 3.0. ([@koic][])
  * [#9914](https://github.com/rubocop/rubocop/issues/9914): Fix an error for `Layout/HashAlignment` when using aligned hash argument for `proc.()`. ([@koic][])

==== selinux-policy ====
Subpackages: selinux-policy-targeted

- Add tabrmd SELinux modules from upstream (bsc#1187925)
  https://github.com/tpm2-software/tpm2-abrmd/tree/master/selinux
- Automatic spec-cleaner to fix ordering and misaligned spaces