- Update avahi-daemon-check-dns.sh from Debian. Our previous
  version relied on ifconfig, route, and init.d.
- Rebase avahi-daemon-check-dns-suse.patch, and drop privileges
  when invoking avahi-daemon-check-dns.sh (boo#1180827
  CVE-2021-26720).
- Add sudo to requires: used to drop privileges.

- dnssec-keygen can no longer generate HMAC keys.
  Use tsig-keygen instead.
  modified genDDNSkey script to reflect this.
  [vendor-files/tools/bind.genDDNSkey, bsc#1180933]
- CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy
  negotiation can be targeted by a buffer overflow attack
  [bsc#1182246, CVE-2020-8625, bind-CVE-2020-8625.patch]

- Update cloud-init-write-routes.patch (bsc#1180176)
  + Follow up to previous changes. Fix order of operations
    error to make gateway comparison between subnet configuration and
    route configuration valuable rather than self-comparing.
- Add cloud-init-sle12-compat.patch (jsc#PM-2335)
  - Python 3.4 compatibility in setup.py
  - Disable some test for mock version compatibility

- It turns out the boo#1178801 libnetwork patch is also broken on Leap, so drop
  the patch entirely. bsc#1180401 bsc#1182168
  - boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
[NOTE: This update was only ever released in SLES and Leap.]

- Update to version 049.1+suse.185.g9324648a:
  * 90kernel-modules: arm/arm64: Add reset controllers (bsc#1180336)
  * Prevent creating unexpected files on the host when running dracut (bsc#1176171)

- Remove include-fixed/pthread.h
- Change GCC exception licenses to SPDX format
- add gcc7-pr81942.patch [bsc#1181618]

- euc-kr-overrun.patch: Fix buffer overrun in EUC-KR conversion module
  (CVE-2019-25013, bsc#1182117, BZ #24973)
- gconv-assertion-iso-2022-jp.patch: gconv: Fix assertion failure in
  ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256)
- iconv-redundant-shift.patch: iconv: Accept redundant shift sequences in
  IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224)
- iconv-ucs4-loop-bounds.patch: iconv: Fix incorrect UCS4 inner loop
  bounds (CVE-2020-29562, bsc#1179694, BZ #26923)
- printf-long-double-non-normal.patch: x86: Harden printf against
  non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649)
- get-nprocs-cpu-online-parsing.patch: Fix parsing of
  /sys/devices/system/cpu/online (bsc#1180038, BZ #25859)

- It turns out the boo#1178801 libnetwork patch is also broken on Leap, so drop
  the patch entirely. bsc#1180401 bsc#1182168
  - boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
[NOTE: This update was only ever released in SLES and Leap.]

- VUL-0: grub2,shim: implement new SBAT method (bsc#1182057)
  * 0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch
  * 0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch
  * 0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch
  * 0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch
  * 0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch
  * 0036-util-mkimage-Improve-data_size-value-calculation.patch
  * 0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch
  * 0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch
  * 0039-grub-install-common-Add-sbat-option.patch
- Fix CVE-2021-20225 (bsc#1182262)
  * 0022-lib-arg-Block-repeated-short-options-that-require-an.patch
- Fix CVE-2020-27749 (bsc#1179264)
  * 0024-kern-parser-Fix-resource-leak-if-argc-0.patch
  * 0025-kern-parser-Fix-a-memory-leak.patch
  * 0026-kern-parser-Introduce-process_char-helper.patch
  * 0027-kern-parser-Introduce-terminate_arg-helper.patch
  * 0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch
  * 0029-kern-buffer-Add-variable-sized-heap-buffer.patch
  * 0030-kern-parser-Fix-a-stack-buffer-overflow.patch
- Fix CVE-2021-20233 (bsc#1182263)
  * 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch
- Fix CVE-2020-25647 (bsc#1177883)
  * 0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch
- Fix CVE-2020-25632 (bsc#1176711)
  * 0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch
- Fix CVE-2020-27779, CVE-2020-14372 (bsc#1179265) (bsc#1175970)
  * 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch
  * 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch
  * 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch
  * 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch
  * 0005-efi-Add-secure-boot-detection.patch
  * 0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch
  * 0007-verifiers-Move-verifiers-API-to-kernel-image.patch
  * 0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch
  * 0009-kern-Add-lockdown-support.patch
  * 0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch
  * 0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch
  * 0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch
  * 0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch
  * 0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch
  * 0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch
  * 0016-commands-setpci-Restrict-setpci-command-when-locked-.patch
  * 0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch
  * 0018-gdb-Restrict-GDB-access-when-locked-down.patch
  * 0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch
  * 0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch
  * 0041-squash-Add-secureboot-support-on-efi-chainloader.patch
  * 0042-squash-grub2-efi-chainload-harder.patch
  * 0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch
  * 0044-squash-kern-Add-lockdown-support.patch
  * 0045-squash-verifiers-Move-verifiers-API-to-kernel-image.patch
- Drop patch supersceded by the new backport
  * 0001-linuxefi-fail-kernel-validation-without-shim-protoco.patch
  * 0001-shim_lock-Disable-GRUB_VERIFY_FLAGS_DEFER_AUTH-if-se.patch
- Add SBAT metadata section to grub.efi
- Drop shim_lock module as it is part of core of grub.efi
  * grub2.spec

- Update openssh-8.1p1-audit.patch (bsc#1180501). This fixes
  occasional crashes on connection termination caused by accessing
  freed memory.

- Fixed IndentationError in CVE-2020-28493.patch (bsc#1182244)
- CVE-2020-28493: Fixed a ReDOS vulnerability where urlize could have
  been called with untrusted user data (bsc#1181944).
  Added CVE-2020-28493.patch

- Add patch CVE-2020-36242-buffer-overflow.patch (bsc#1182066, CVE-2020-36242)
  * Using the Fernet class to symmetrically encrypt multi gigabyte values
    could result in an integer overflow and buffer overflow.

- Resync with python36 Factory package.
- Make this %primary_interpreter
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.
- Provide the newest setuptools wheel (bsc#1176262,
  CVE-2019-20916) in their correct form (bsc#1180686).
- Change setuptools and pip version numbers according to new
  wheels (bsc#1179756).

- 15.2.20210217 (tracked in bsc#1182359)
- Added note about Idaville uncore support (jsc#SLE-7957)
- Added note about removal of software scrollback (bsc#1176235)
- Added note about AutoYaST profile changes (bsc#1178261)
- Added note about exception to recommending TLS 1.3 (bsc#1181043)
- Added note about deprecating LXC containers (jsc#SLE-16660)

- Revision 4.1.5.1
- Bugs mentioned
  bsc#1181550, bsc#1181556, bsc#1181557, bsc#1181558, bsc#1181559,
  bsc#1181560, bsc#1181561, bsc#1181562, bsc#1181563, bsc#1181564,
  bsc#1181565

- Fix regression on cmd.run when passing tuples as cmd (bsc#1182740)
- Added:
  * fix_regression_in_cmd_run_after_cve.patch
- Allow extra_filerefs as sanitized kwargs for SSH client
- Added:
  * allow-extra_filerefs-as-sanitized-kwargs-for-ssh-cli.patch
- Fix errors with virt.update
- Added:
  * backport-commit-1b16478c51fb75c25cd8d217c80955feefb6.patch
- Fix for multiple for security issues
  (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144)
  (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197)
  (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560)
  (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565)
- Added:
  * fix-for-some-cves-bsc1181550.patch
- virt: search for grub.xen path
- Xen spicevmc, DNS SRV records backports:
  Fix virtual network generated DNS XML for SRV records
  Don't add spicevmc channel to xen VMs
- virt UEFI fix: virt.update when efi=True
- Added:
  * open-suse-3002.2-xen-grub-316.patch
  * virt-uefi-fix-backport-312.patch
  * 3002.2-xen-spicevmc-dns-srv-records-backports-314.patch

- Fix double width combining char handling that could lead
  to a segfault [bnc#1182092] [CVE-2021-26937]
  new patch: combchar.diff

- Bump to version 6
- Make upstream %systemd_{pre,post,preun,postun} aliases to their SUSE
  counterparts
  Packagers can now choose to use the upstream or the SUSE variants
  indifferently. For consistency the SUSE variants should be preferred
  since almost all SUSE packages already use them but the upstream
  versions might be usefull in certain cases where packages need to
  support multiple distros based on RPM.
- Improve the logic used to apply the presets (bsc#1177039)
  Before presests were applied at a) package installation b) new units
  introduced via a package update (but after making sure that it was
  not a SysV initscript being converted).
  The problem is that a) didn't handle package a renaming or split
  properly since the package with the new name is installed rather
  being updated and therefore the presets were applied even if they
  were already with the old name.
  We now cover this case (and the other ones) by applying presets only
  if the units are new and the services are not being migrated. This
  regardless of whether this happens during an install or an update.

- bsc#1181840: Same fix as for tclConfig.sh is needed for tcl.pc.

- Do not use the 'installation-helper' binary to create snapshots
  during installation or offline upgrade (bsc#1180142).
- Add a new exception to properly handle exceptions
  when reading/writing snapshots numbers (related to bsc#1180142).
- 4.2.92

- Add to firewall/security proposal option to setup selinux if
  given product require it. (jsc#SLE-17427)
- 4.2.6

- Do not crash when it is not possible to create a snapshot after
  installing or upgrading the system (bsc#1180142).
- 4.2.49

- Improve the AutoYaST interfaces reader handling better the IP
  Addresses configuration. (bsc#1174353, bsc#1178107)
- 4.2.91

- Show correct number of downloaded packages in log (bsc#1180278)
- 4.2.69
- Fix crash when installation proposal require pattern and such
  pattern is not available in any repository (found during testing
  jsc#SLE-17427)
- 4.2.68

- Move SELinux .autorelabel file from / to /etc/selinux if root
  filesystem will be mounted as read only (jsc#SLE-17307).
- 4.2.19
- AutoYaST: add support for SELinux configuration (jsc#SMO-20,
  jsc#SLE-17342).
- 4.2.18
- Avoid crashing when the SELinux configuration file does not
  exist yet (jsc#SMO-20, jsc#SLE-17342).
- 4.2.17
- Improve the class for handling the SELinux configuration.
- Saves the SELinux mode in the configuration file (jsc#SMO-20,
  jsc#SLE-17342).
- 4.2.16
- Add class for managing SELinux configuration at boot time
  (jsc#SMO-20, jsc#SLE-17342).
- 4.2.15

- Improved mechanism to detect whether _netdev is needed for a
  given disk: use its driver as extra criterion (bsc#1176140).
- 4.2.115

- Do not rely on the 'installation-helper' binary to create
  snapshots after installation or offline upgrade (bsc#1180142).
- Do not crash when it is not possible to create a snapshot before
  upgrading the system (related to bsc#1180142).
- 4.2.21