SUSEConnect
- Update to 0.3.36
- Allow suseconnect-keepalive.service to recognize a configured proxy. (bsc#1200994)
- Remove the `WantedBy` statement from suseconnect-keepalive.service since it's only to be triggered by a systemd timer.
- SUSEConnect will now ensure that the `PROXY_ENABLED` environment variable is honored.
- Write services with ssl_verify=no when using connect with insecure
- Update to 0.3.35
- Rely on system-wide defaults for enabling the keepalive timer by systemd-presets-branding-SLE. (bsc#1200641)
aaa_base
- Add patch git-46-78b2a0b29381c16bec6b2a8fc7eabaa9925782d7.patch
  * The wrapper rootsh is not a restricted shell (bsc#1199492)
apache-commons-csv
- Fix the URL for the package
- Declare the LICENSE file as license and not doc
apache-commons-math3
- Fix the URL for the package
- Declare the LICENSE file as license and not doc
apparmor
- update add-samba-bgqd.diff:  to add new rule to fix 'DENIED' open on
  /proc/{pid}/fd for samba-bgqd (bnc#1196850).
- Add update-usr-sbin-smbd.diff to add new rule to allow reading of
  openssl.cnf (bnc#1195463).
aws-cli
- Update to version 1.24.4 (bsc#1199716)
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.24.4/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.24.1
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.24.1/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.23.11
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.23.11/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.23.1
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.23.1/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.22.87
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.22.87/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.22.65
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.22.65/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.22.46
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.22.46/CHANGELOG.rst
- Add missing python-rpm-macros to BuildRequires
- Update Requires in spec file from setup.py
- Update to version 1.22.35
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.22.35/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.22.28
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.22.28/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.22.24
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.22.24/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.21.6
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.21.6/CHANGELOG.rst
- Relax upper version dependency for python-docutils in Requires
- Update Requires in spec file from setup.py
- Update to version 1.20.32
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.20.32/CHANGELOG.rst
- Fix rpmlint warnings
  + use defattr for default permissions
  + mark zsh completion file as a config file
- Use github download url as a Source0
- Update Requires in spec file from setup.py
- Update to version 1.20.7
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.20.7/CHANGELOG.rst
- Update Requires in spec file from setup.py
bind
- Security Fixes:
  * Previously, there was no limit to the number of database lookups
  performed while processing large delegations, which could be abused
  to severely impact the performance of named running as a recursive
  resolver. This has been fixed.
  [bsc#1203614, CVE-2022-2795, bind-CVE-2022-2795.patch]
  * A memory leak was fixed that could be externally triggered in the
  DNSSEC verification code for the ECDSA algorithm.
  [bsc#1203619, CVE-2022-38177, bind-CVE-2022-38177.patch]
  * Memory leaks were fixed that could be externally triggered in the
  DNSSEC verification code for the EdDSA algorithm.
  [bsc#1203620, CVE-2022-38178, bind-CVE-2022-38178.patch]
- Changed ownership of /var/lib/named/master from named:named to
  root:root.
  [bsc#1201247, bind.conf]
btrfsprogs
- Build btrfsprogs against libudev-devel properly.
  0001-btrfs-progs-build-make-libudev-selectable.patch
- Also make libudev-devel a hard requirement in the spec file.
- Ignore path devices when scanning btrfs filesystem (bsc#1199391)
  0001-btrfs-progs-build-add-optional-dependency-on-libudev.patch
  0002-btrfs-progs-ignore-devices-representing-paths-in-mul.patch
  0003-btrfs-progs-add-fallback-code-for-multipath-device-d.patch
ca-certificates-mozilla
- Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
  Added:
  - Certainly Root E1
  - Certainly Root R1
  - DigiCert SMIME ECC P384 Root G5
  - DigiCert SMIME RSA4096 Root G5
  - DigiCert TLS ECC P384 Root G5
  - DigiCert TLS RSA4096 Root G5
  - E-Tugra Global Root CA ECC v3
  - E-Tugra Global Root CA RSA v3
  Removed:
  - Hellenic Academic and Research Institutions RootCA 2011
- Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
  Added:
  - Autoridad de Certificacion Firmaprofesional CIF A62634068
  - D-TRUST BR Root CA 1 2020
  - D-TRUST EV Root CA 1 2020
  - GlobalSign ECC Root CA R4
  - GTS Root R1
  - GTS Root R2
  - GTS Root R3
  - GTS Root R4
  - HiPKI Root CA - G1
  - ISRG Root X2
  - Telia Root CA v2
  - vTrus ECC Root CA
  - vTrus Root CA
  Removed:
  - Cybertrust Global Root
  - DST Root CA X3
  - DigiNotar PKIoverheid CA Organisatie - G2
  - GlobalSign ECC Root CA R4
  - GlobalSign Root CA R2
  - GTS Root R1
  - GTS Root R2
  - GTS Root R3
  - GTS Root R4
- updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added CAs:
  + HARICA Client ECC Root CA 2021
  + HARICA Client RSA Root CA 2021
  + HARICA TLS ECC Root CA 2021
  + HARICA TLS RSA Root CA 2021
  + TunTrust Root CA
- Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
- Added new root CAs:
  - NAVER Global Root Certification Authority
- Removed old root CA:
  - GeoTrust Global CA
  - GeoTrust Primary Certification Authority
  - GeoTrust Primary Certification Authority - G3
  - GeoTrust Universal CA
  - GeoTrust Universal CA 2
  - thawte Primary Root CA
  - thawte Primary Root CA - G2
  - thawte Primary Root CA - G3
  - VeriSign Class 3 Public Primary Certification Authority - G4
  - VeriSign Class 3 Public Primary Certification Authority - G5
cifs-utils
- CVE-2022-29869: mount.cifs: fix verbose messages on option parsing
  (bsc#1198976, CVE-2022-29869)
  * add cifs-utils-CVE-2022-29869.patch
cloud-regionsrv-client
- Follow up fix to 10.0.4 (bsc#1202706)
  - While the source code was updated to support SLE Micro the spec file
    was not updated for the new locations of the cache and the certs.
    Update the spec file to be consistent with the code implementation.
- Update to version 10.0.5 (bsc#1201612)
  - Handle exception when trying to deregister a system form the server
cups
- cups-branch-2.2-commit-3e4dd41459dabc5d18edbe06eb5b81291885204b.diff
  is 'git show 3e4dd41459dabc5d18edbe06eb5b81291885204b' for
  https://github.com/apple/cups/commit/3e4dd41459dabc5d18edbe06eb5b81291885204b
  (except the not needed hunk for patching CHANGES.md which fails)
  that fixes handling of MaxJobTime 0 (Issue #5438) in the CUPS 2.2 branch
  bsc#1201511:
  Stuck print jobs being cancelled immediately, despite MaxJobTime being set to 0
curl
- Security Fix: [bsc#1204383, CVE-2022-32221]
  * POST following PUT confusion
  * Add curl-CVE-2022-32221.patch
- Security fix: [bsc#1202593, CVE-2022-35252]
  * Control codes in cookie denial of service
  * Add curl-CVE-2022-35252.patch
dbus-1
- Fix a potential crash that could be triggered by an invalid signature.
  (CVE-2022-42010, bsc#1204111)
  * fix-upstream-CVE-2022-42010.patch
- Fix an out of bounds read caused by a fixed length array (CVE-2022-42011,
  bsc#1204112)
  * fix-upstream-CVE-2022-42011.patch
- A message in non-native endianness with out-of-band Unix file descriptors
  would cause a use-after-free and possible memory corruption CVE-2022-42012,
  bsc#1204113)
  * fix-upstream-CVE-2022-42012.patch
- Disable asserts (bsc#1087072)
- Refreshed patches
  * fix-upstream-CVE-2020-35512.patch
dracut
- Update to version 049.1+suse.238.gd8dbb075:
  * fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970)
  * fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461)
drools
- XEE vulnerability: validator class not used correctly in
  KieModuleModelImpl.java (bsc#1200629, CVE-2021-41411)
- Added:
  * drools-CVE-2021-41411.patch
- Declare the LICENSE file as license and not doc
elfutils
- Added 4G memory build constraint for aarch64 to pass testing.
- Update to version 0.177 (Martin Liška):
    elfclassify: New tool to analyze ELF objects.
    readelf: Print DW_AT_data_member_location as decimal offset.
    Decode DW_AT_discr_list block attributes.
    libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
    libdwelf: Add dwelf_elf_e_machine_string.
    dwelf_elf_begin now only returns NULL when there is an error
    reading or decompressing a file. If the file is not an ELF file
    an ELF handle of type ELF_K_NONE is returned.
    backends: Add support for C-SKY.
  - Update to version 0.176
    build: Add new --enable-install-elfh option.
    Do NOT use this for system installs (it overrides glibc elf.h).
    backends: riscv improved core file and return value location support.
    Fixes CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664
  - CVE-2019-7150: dwfl_segment_report_module doesn't check whether
    the dyn data read from core file is truncated (bnc#1123685)
  - CVE-2019-7665: NT_PLATFORM core file note should be a zero
    terminated string (CVE is a bit misleading, as this is not a bug
    in libelf as described) (bnc#1125007)
  - Removed patches:
  - libdwfl-sanity-check-partial-core-file-dyn-data-read.patch
  - libebl-check-NT_PLATFORM-core-notes.patch
  - Update to version 0.175 (Martin Liška):
    readelf: Handle mutliple .debug_macro sections.
    Recognize and parse GNU Property, NT_VERSION and
    GNU Build Attribute ELF Notes.
    strip: Handle SHT_GROUP correctly.
    Add strip --reloc-debug-sections-only option.
    Handle relocations against GNU compressed sections.
    libdwelf: New function dwelf_elf_begin.
    libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
    and BPF_JSLE.
    backends: RISCV handles ADD/SUB relocations.
    Handle SHT_X86_64_UNWIND.
  - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the
    function arlib_add_symbols() used by eu-ranlib (bnc#1112723)
  - CVE-2018-18310: Invalid Address Read problem in
    dwfl_segment_report_module.c (bnc#1111973)
  - CVE-2018-18520: eu-size: Bad handling of ar files inside are
    files (bnc#1112726)
  - Removed patches:
  - arlib-check-that-sh_entsize-isnt-zero.patch
  - libdwfl-sanity-check-partial-core-file-data-reads.patch
  - size-handle-recursive-elf-ar-files.patch
  - Update to version 0.174 (Martin Liška):
    libelf, libdw and all tools now handle extended shnum and
    shstrndx correctly.
    elfcompress: Don't rewrite input file if no section data needs
    updating. Try harder to keep same file mode bits
    (suid) on rewrite.
    strip: Handle mixed (out of order) allocated/non-allocated
    sections.
    unstrip: Handle SHT_GROUP sections.
    backends: RISCV and M68K now have backend implementations to
    generate CFI based backtraces.
  - CVE-2018-16402: libelf: denial of service/double free on an
    attempt to decompress the same section twice (bnc#1107066)
    Double-free crash in nm and readelf
  - CVE-2018-16403: heap buffer overflow in readelf (bnc#1107067)
  - CVE-2018-16062: heap-buffer-overflow in
    /elfutils/libdw/dwarf_getaranges.c:156 (bnc#1106390)
    Removed patches:
    libelf-error-if-elf_compress_gnu-is-used-on-SHF_COMPRESSED.patch
    libdw-check-end-of-attributes-list-consistently.patch
    libdw-readelf-make-sure-there-is-enough-data-to-read.patch
  - Update to version 0.173 (Martin Liška):
    More fixes for crashes and hangs found by afl-fuzz. In particular various
    functions now detect and break infinite loops caused by bad DIE tree cycles.
    readelf: Will now lookup the size and signedness of constant value types
    to display them correctly (and not just how they were encoded).
    libdw: New function dwarf_next_lines to read CU-less .debug_line data.
    dwarf_begin_elf now accepts ELF files containing just .debug_line
    or .debug_frame sections (which can be read without needing a DIE
    tree from the .debug_info section).
    Removed dwarf_getscn_info, which was never implemented.
    backends: Handle BPF simple relocations.
    The RISCV backends now handles ABI specific CFI and knows about
    RISCV register types and names.
  - Update to version 0.172 (Martin Liška):
    No functional changes compared to 0.171.
    Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
    Thanks to running the afl fuzzer on eu-readelf and various testcases.
  - Update to version 0.171 (Martin Liška):
    DWARF5 and split dwarf, including GNU DebugFission, are supported now.
    Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
    .debug_loclists, .debug_str_offsets and .debug_rnglists.  Plus the new
    DWARF5 and GNU DebugFission encodings of the existing .debug sections.
    Also in split DWARF .dwo (DWARF object) files.  This support is mostly
    handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
    dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
    sections and data formats.  But some new functions have been added
    to more easily get information about skeleton and split compile units
    (dwarf_get_units and dwarf_cu_info), handle new attribute data
    (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
    that might come from different sections or files (dwarf_die_addr_die).
    Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
    files, the .debug_names index, the .debug_cu_index and .debug_tu_index
    sections. Only a single .debug_info (and .debug_types) section are
    currently handled.
    readelf: Handle all new DWARF5 sections.
  - -debug-dump=info+ will show split unit DIEs when found.
  - -dwarf-skeleton can be used when inspecting a .dwo file.
    Recognizes GNU locviews with --debug-dump=loc.
    libdw: New functions dwarf_die_addr_die, dwarf_get_units,
    dwarf_getabbrevattr_data and dwarf_cu_info.
    libdw will now try to resolve the alt file on first use of
    an alt attribute FORM when not set yet with dwarf_set_alt.
    dwarf_aggregate_size() now works with multi-dimensional arrays.
    libdwfl: Use process_vm_readv when available instead of ptrace.
    backends: Add a RISC-V backend.
    There were various improvements to build on Windows.
    The sha1 and md5 implementations have been removed, they weren't used.
  - Update to version 0.170 (Martin Liška):
    libdw: Added new DWARF5 attribute, tag, character encoding, language code,
    calling convention, defaulted member function and macro constants
    to dwarf.h.
  New functions dwarf_default_lower_bound and dwarf_line_file.
  dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
  dwarf_getmacros now handles DWARF5 .debug_macro sections.
    strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
    backends: The bpf disassembler is now always build on all platforms.
  - Includes changes in 0.169
    backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
    Frame pointer unwinding fallback support for i386, x86_64, aarch64.
    translations: Update Polish translation.
  - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and
    application crash) via a crafted ELF file (bnc#1033088)
  - CVE-2017-7610: elflint: heap-based buffer overflow in check_group
    (bnc#1033087)
  - CVE-2017-7609: memory allocation failure in __libelf_decompress
    (bnc#1033086)
  - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi
    (readelf.c) (bnc#1033084)
  - CVE-2017-7608: heap-based buffer overflow in
    ebl_object_note_type_name (eblobjnotetypename.c) (bnc#1033085)
  - CVE-2017-7613: elfutils: denial of service (memory consumption)
    via a crafted ELF file (bnc#1033090)
  - CVE-2017-7612: elfutils: denial of service (heap-based buffer
    over-read and application crash) via a crafted ELF file (bnc#1033089)
  - Removed patches:
  - obsolete 0001-backends-Add-support-for-EM_PPC64-GNU_ATTRIBUTES.patch
  - ppc-machine-flags.patch
  - elflint-check-symbol-table-data-is-big-enough-before-check.patch
  - elflint-dont-check-section-group-without-flags-word.patch
  - libelf-check-compression-before-allocate-output-buffer.patch
  - readelf-fix-off-by-one-sanity-check.patch
  - use-the-empty-string-for-note-names-with-zero-size.patch
  - elflint-sanity-check-the-number-of-phdrs-and-shdrs.patch
  - elfutils-dont-trust-sh_entsize.patch
- Packaging cleanups:
  - Modernize specfile and metadata. (Jan Engelhardt)
  - Use %make_build (Martin Liška)
  - Update License tag to GPL-3.0-or-later, as requested by legal
    review. (Dominique Leuenberger)
  - Don't make elfutils recommend elfutils-lang as elfutils-lang
    already supplements elfutils. (Antoine Belvire)
  - Fix typo in the recommends name bsc#1104264 (Tomas Chvatal)
  - Use %license (boo#1082318) (Fabian Vogt)
- Test fixes (Andreas Schwab):
  - disable-tests-with-ptrace.patch: Remove, set XFAIL_TESTS instead
  - dwelf_elf_e_machine_string.patch: Avoid spurious failure
- disable-tests-with-ptrace.patch: Remove, set XFAIL_TESTS instead
- dwelf_elf_e_machine_string.patch: Avoid spurious failure
expat
- Security fix:
  * (CVE-2022-40674, bsc#1203438) use-after-free in the doContent
    function in xmlparse.c
  - Added patch expat-CVE-2022-40674.patch
fence-agents
- Azure fence agent doesn’t work correctly on SLES15 SP3 - fence_azure_arm
  fails with error 'MSIAuthentication' object has no attribute 'get_token' - SFSC00334437
  (bsc#1195891)
  - Apply proposed patch
    0001-fix_support_for_sovereign_clouds_and_MSI-439.patch
freetype2
- disable brotli linkage / WOFF2 support for now to keep dependencies
  as before.
- Added patches:
  * CVE-2022-27404.patch
    + fixes bsc#1198830, CVE-2022-27404: Buffer Overflow
  * CVE-2022-27405.patch
    + fixes bsc#1198832, CVE-2022-27405: Segmentation Fault
  * CVE-2022-27406.patch
    + fixes bsc#1198823, CVE-2022-27406: Segmentation violation
- Update to version 2.10.4
  * Fix a heap buffer overflow has been found  in the handling of
    embedded PNG bitmaps, introduced in FreeType version 2.6
    (CVE-2020-15999 bsc#1177914)
  * Minor improvements to the B/W rasterizer.
  * Auto-hinter support for Medefaidrin script.
  * Fix various  memory leaks (mainly  for CFF) and other  issues that
    might cause crashes in rare circumstances.
- Update to version 2.10.2
  * Support for WOFF2 fonts, add BR on pkgconfig(libbrotlidec)
  * Function `FT_Get_Var_Axis_Flags' returned random data for Type 1
    MM fonts.
  * Type 1 fonts with non-integer metrics are now supported by the new
    (CFF) engine introduced in FreeType 2.9.
  * Drop support for Python 2 in Freetype's API reference generator
  * Auto-hinter support for Hanifi Rohingya
  * Document the `FT2_KEEP_ALIVE' debugging environment variable.
glibc
- x86-shared-non-temporal-threshold.patch: Reversing calculation of
  __x86_shared_non_temporal_threshold (bsc#1201942)
- memcmp-power10.patch: powerpc: Optimized memcmp for power10
  (jsc#PED-987)
- disable-check-consistency.patch: i386: Disable check_consistency for GCC
  5 and above (bsc#1201640, BZ #25788)
- static-tls-surplus.patch: Remove tunables (bsc#1201560)
gnutls
- Security fix: [bsc#1202020, CVE-2022-2509]
  * Fixed double free during verification of pkcs7 signatures
  * Add gnutls-CVE-2022-2509.patch
gpg2
- Security fix [CVE-2022-34903, bsc#1201225]
  - Vulnerable to status injection
  - Added patch gnupg-CVE-2022-34903.patch
- gnupg-detect_FIPS_mode.patch: use AES as default cipher instead
  of 3DES if we are in FIPS mode. (bsc#1196125)
harfbuzz
- Add harfbuzz-CVE-2022-33068.patch: sbix: limit glyph extents
  (boo#1200900 CVE-2022-33068).
httpcomponents-asyncclient
- provide maven metadata needed by other packages to build
hwdata
- Update to version 0.360 (bsc#1200110):
  + Updated pci, usb and vendor ids.
- Update to version 0.359:
  + Updated pci, usb and vendor ids.
hwinfo
- merge gh#openSUSE/hwinfo#113
- Keep NVMe's namespace output consistency when
  nvme_core.multipath=1 (bsc#1199948)
- 21.82
- merge gh#openSUSE/hwinfo#112
- fix bug in determining serial console device name (bsc#1198043)
- 21.81
- merge gh#openSUSE/hwinfo#109
- fix logic around cdrom detection
- 21.80
- merge gh#openSUSE/hwinfo#108
- Donot close the open tray after read_cdrom_info.
- Donot close the open tray after read.
- 21.79
- merge gh#openSUSE/hwinfo#106
- Always read numerical 32bit serial number from EDID header.
  Override this with ASCII serial number from display descriptor,
  if available.
- Display numerical 32bit serial number for monitors without serial
  number display descriptor
- 21.78
- merge gh#openSUSE/hwinfo#105
- Use license file from gnu.org
- Fix spelling
- Add missing final newline
- Trim excess whitespace
- Simple maintenance improvements
- 21.77
- merge gh#openSUSE/hwinfo#104
- Fix timezone issue in SOURCE_DATE_EPOCH code
- 21.76
- merge gh#openSUSE/hwinfo#100
- recognize loongarch64 architecture
- 21.75
- merge gh#openSUSE/hwinfo#98
- update pci and usb ids
- 21.74
- merge gh#openSUSE/hwinfo#95
- don't rely on select() updating its timeout arg (bsc#1184339)
- 21.73
icu
- Backport icu-CVE-2020-21913.patch: backport commit 727505bdd
  from upstream, use LocalMemory for cmd to prevent use after free
  (bsc#1193951 CVE-2020-21913).
jakarta-commons-validator
- Declare the LICENSE file as license and not doc
java-11-openjdk
- Update to upstream tag jdk-11.0.16+8 (July 2022 CPU)
  * Security fixes:
    + JDK-8272243: Improve DER parsing
    + JDK-8272249: Better properties of loaded Properties
    + JDK-8277608: Address IP Addressing
    + JDK-8281859, CVE-2022-21540, bsc#1201694: Improve class
    compilation
    + JDK-8281866, CVE-2022-21541, bsc#1201692: Enhance
    MethodHandle invocations
    + JDK-8283190: Improve MIDI processing
    + JDK-8284370: Improve zlib usage
    + JDK-8285407, CVE-2022-34169, bsc#1201684: Improve Xalan
    supports
  * Other fixes:
    + JDK-6986863: ProfileDeferralMgr throwing
    ConcurrentModificationException
    + JDK-7124293: [macosx] VoiceOver reads percentages rather than
    the actual values for sliders.
    + JDK-7124301: [macosx] When in a tab group if you arrow
    between tabs there are no VoiceOver announcements.
    + JDK-8133713: [macosx] Accessible JTables always reported as
    empty
    + JDK-8139046: Compiler Control: IGVPrintLevel directive should
    set PrintIdealGraph
    + JDK-8139173: [macosx] JInternalFrame shadow is not properly
    drawn
    + JDK-8163498: Many long-running security libs tests
    + JDK-8166727: javac crashed: [jimage.dll+0x1942]
    ImageStrings::find+0x28
    + JDK-8169004: Fix redundant @requires tags in tests
    + JDK-8181571: printing to CUPS fails on mac sandbox app
    + JDK-8182404: remove jdk.testlibrary.JDKToolFinder and
    JDKToolLauncher
    + JDK-8186548: move jdk.testlibrary.JcmdBase closer to tests
    + JDK-8192057: com/sun/jdi/BadHandshakeTest.java fails with
    java.net.ConnectException
    + JDK-8193682: Infinite loop in ZipOutputStream.close()
    + JDK-8199874: [TESTBUG] runtime/Thread/ThreadPriorities.java
    fails with "/expected 0 to equal 10"/
    + JDK-8202886: [macos] Test java/awt/MenuBar/8007006/
    /bug8007006.java fails on MacOS
    + JDK-8203238: [TESTBUG] rewrite MemOptions shell test in Java
    + JDK-8203239: [TESTBUG] remove vmTestbase/vm/gc/kind/parOld
    test
    + JDK-8206187: javax/management/remote/mandatory/connection/
    /DefaultAgentFilterTest.java fails with Port already in use
    + JDK-8206330: Revisit com/sun/jdi/RedefineCrossEvent.java
    + JDK-8207364: nsk/jvmti/ResourceExhausted/resexhausted003
    fails to start
    + JDK-8208207: Test nsk/stress/jni/gclocker/gcl001 fails after
    co-location
    + JDK-8208246: flags duplications in
    vmTestbase_vm_g1classunloading tests
    + JDK-8208249: TriggerUnloadingByFillingMetaspace generates
    garbage class names
    + JDK-8208697: vmTestbase/metaspace/stressHierarchy/
    /stressHierarchy012/TestDescription.java fails with
    OutOfMemoryError: Metaspace
    + JDK-8209150: [TESTBUG] Add logging to verify JDK-8197901 to a
    different test
    + JDK-8209776: Refactor jdk/security/JavaDotSecurity/ifdefs.sh
    to plain java test
    + JDK-8209883: ZGC: Compile without C1 broken
    + JDK-8209920: runtime/logging/RedefineClasses.java fail with
    OOME with ZGC
    + JDK-8210022: remove jdk.testlibrary.ProcessThread, TestThread
    and XRun
    + JDK-8210039: move OSInfo to top level testlibrary
    + JDK-8210108: sun/tools/jstatd test build failures after
    JDK-8210022
    + JDK-8210112: remove jdk.testlibrary.ProcessTools
    + JDK-8210649: AssertionError @
    jdk.compiler/com.sun.tools.javac.comp.Modules.enter
    (Modules.java:244)
    + JDK-8210732: remove jdk.testlibrary.Utils
    + JDK-8211795: ArrayIndexOutOfBoundsException in PNGImageReader
    after JDK-6788458
    + JDK-8211822: Some tests fail after JDK-8210039
    + JDK-8211962: Implicit narrowing in MacOSX java.desktop jsound
    + JDK-8212151: jdi/ExclusiveBind.java times out due to "/bind
    failed: Address already in use"/ on Solaris-X64
    + JDK-8213440: Lingering INCLUDE_ALL_GCS in
    test_oopStorage_parperf.cpp
    + JDK-8214275: CondyRepeatFailedResolution asserts "/Dynamic
    constant has no fixed basic type"/
    + JDK-8214799: Add package declaration to each JTREG test case
    in the gc folder
    + JDK-8215544: SA: Modify ClhsdbLauncher to add sudo privileges
    to enable MacOS tests on Mach5
    + JDK-8216137: assert(Compile::current()->live_nodes() <
    Compile::current()->max_node_limit()) failed: Live Node limit
    exceeded limit
    + JDK-8216265: [testbug] Introduce
    Platform.sharedLibraryPathVariableName() and adapt all tests.
    + JDK-8217017: [TESTBUG] Tests fail to compile after JDK-8216265
    + JDK-8217233: Update build settings for AIX/xlc
    + JDK-8217340: Compilation failed:
    tools/launcher/Test7029048.java
    + JDK-8217473: SA: Tests using ClhsdbLauncher fail on SAP
    docker containers
    + JDK-8218136: minor hotspot adjustments for xlclang++ from
    xlc16 on AIX
    + JDK-8218751: Do not store original classfiles inside the CDS
    archive
    + JDK-8218965: aix:  support xlclang++ in the compiler detection
    + JDK-8220658: Improve the readability of container information
    in the error log
    + JDK-8220813: update hotspot tier1_gc tests depending on GC to
    use @requires vm.gc.X
    + JDK-8222799: java.beans.Introspector uses an obsolete methods
    cache
    + JDK-8222926: Shenandoah build fails with
  - -with-jvm-features=-compiler1
    + JDK-8223143: Restructure/clean-up for 'loopexit_or_null()'.
    + JDK-8223363: Bad node estimate assertion failure
    + JDK-8223502: Node estimate for loop unswitching is not
    correct: assert(delta <= 2 * required) failed: Bad node estimate
    + JDK-8224648: assert(!exceeding_node_budget()) failed: Too
    many NODES required! failure with ctw
    + JDK-8223389: Shenandoah optimizations fail with
    assert(!phase->exceeding_node_budget())
    + JDK-8223396: [TESTBUG] several jfr tests do not clean up
    files created in /tmp
    + JDK-8225475: Node budget asserts on x86_32/64
    + JDK-8227171: provide function names in native stack trace on
    aix with xlc16
    + JDK-8227389: Remove unsupported xlc16 compile options on aix
    + JDK-8229210: [TESTBUG] Move gc stress tests from JFR
    directory tree to gc/stress
    + JDK-8229486: Replace wildcard address with loopback or local
    host in tests - part 21
    + JDK-8229499: Node budget assert in fuzzed test
    + JDK-8230305: Cgroups v2: Container awareness
    + JDK-8229202: Docker reporting causes secondary crashes in
    error handling
    + JDK-8216366: Add rationale to PER_CPU_SHARES define
    + JDK-8230865: [TESTBUG] jdk/jfr/event/io/EvilInstrument.java
    fails at-run shell MakeJAR.sh target
    + JDK-8231111: Cgroups v2: Rework Metrics in java.base so as to
    recognize unified hierarchy
    + JDK-8231454: File lock in Windows on a loaded jar due to a
    leak in Introspector::getBeanInfo
    + JDK-8231489: GC watermark_0_1 failed due to
    "/metaspace.gc.Fault: GC has happened too rare"/
    + JDK-8231565: More node budget asserts in fuzzed tests
    + JDK-8233551: [TESTBUG] SelectEditTableCell.java fails on MacOS
    + JDK-8234382: Test tools/javac/processing/model/
    /testgetallmembers/Main.java using too small heap
    + JDK-8234605: C2 failed "/assert(C->live_nodes() -
    live_at_begin <= 2 * _nodes_required) failed: Bad node
    estimate: actual = 208 >> request = 101"/
    + JDK-8234608: [TESTBUG] Fix G1 redefineClasses tests and a
    memory leak
    + JDK-8235220: ClhsdbScanOops.java fails with
    sun.jvm.hotspot.types.WrongTypeException
    + JDK-8235385: Crash on aarch64 JDK due to long offset
    + JDK-8237479: 8230305 causes slowdebug build failure
    + JDK-8239559: Cgroups: Incorrect detection logic on some
    systems
    + JDK-8239785: Cgroups: Incorrect detection logic on old
    systems in hotspot
    + JDK-8240132: ProblemList com/sun/jdi/InvokeHangTest.java
    + JDK-8240189: [TESTBUG] Some cgroup tests are failing after
    JDK-8231111
    + JDK-8240335: C2: assert(found_sfpt) failed: no node in loop
    that's not input to safepoint
    + JDK-8240734: ModuleHashes attribute not reproducible between
    builds
    + JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese
    characters were garbled
    + JDK-8241707: introduce randomness k/w to hotspot test suite
    + JDK-8242310: use reproducible random in hotspot compiler tests
    + JDK-8242311: use reproducible random in hotspot runtime tests
    + JDK-8242312: use reproducible random in hotspot gc tests
    + JDK-8242313: use reproducible random in hotspot svc tests
    + JDK-8242538: java/security/SecureRandom/ThreadSafe.java
    failed on windows
    + JDK-8243429: use reproducible random in :vmTestbase_nsk_stress
    + JDK-8243666: ModuleHashes attribute generated for JMOD and
    JAR files depends on timestamps
    + JDK-8244500: jtreg test error in test/hotspot/jtreg/
    /containers/docker/TestMemoryAwareness.java
    + JDK-8244602: Add JTREG_REPEAT_COUNT to repeat execution of a
    test
    + JDK-8245543: Cgroups: Incorrect detection logic on some
    systems (still reproducible)
    + JDK-8245938: Remove unused print_stack(void) method from
    XToolkit.c
    + JDK-8246494: introduce vm.flagless at-requires property
    + JDK-8246741: NetworkInterface/UniqueMacAddressesTest: mac
    address uniqueness test failed
    + JDK-8247589: Implementation of Alpine Linux/x64 Port
    + JDK-8247591: Document Alpine Linux build steps in OpenJDK
    build guide
    + JDK-8247592: refactor test/jdk/tools/launcher/Test7029048.java
    + JDK-8247614: java/nio/channels/DatagramChannel/Connect.java
    timed out
    + JDK-8248876: LoadObject with bad base address created for
    exec file on linux
    + JDK-8249592: Robot.mouseMove moves cursor to incorrect
    location when display scale varies and Java runs in DPI
    Unaware mode
    + JDK-8252117: com/sun/jdi/BadHandshakeTest.java failed with
    "/ConnectException: Connection refused: connect"/
    + JDK-8252248: __SIGRTMAX is not declared in musl libc
    + JDK-8252250: isnanf is obsolete
    + JDK-8252359: HotSpot Not Identifying it is Running in a
    Container
    + JDK-8252957: Wrong comment in CgroupV1Subsystem::cpu_quota
    + JDK-8253435: Cgroup: 'stomping of _mount_path' crash if
    manually mounted cpusets exist
    + JDK-8253714: [cgroups v2] Soft memory limit incorrectly using
    memory.high
    + JDK-8253727: [cgroups v2] Memory and swap limits reported
    incorrectly
    + JDK-8253797: [cgroups v2] Account for the fact that swap
    accounting is disabled on some systems
    + JDK-8253872: ArgumentHandler must use the same delimiters as
    in jvmti_tools.cpp
    + JDK-8253939: [TESTBUG] Increase coverage of the cgroups
    detection code
    + JDK-8254001: [Metrics] Enhance parsing of cgroup interface
    files for version detection
    + JDK-8254887: C2: assert(cl->trip_count() > 0) failed: peeling
    a fully unrolled loop
    + JDK-8254997: Remove unimplemented
    OSContainer::read_memory_limit_in_bytes
    + JDK-8255266: Update Public Suffix List to 3c213aa
    + JDK-8255604: java/nio/channels/DatagramChannel/Connect.java
    fails with java.net.BindException: Cannot assign requested
    address: connect
    + JDK-8255787: Tag container tests that use cGroups with
    cgroups keyword
    + JDK-8256146: Cleanup test/jdk/java/nio/channels/
    /DatagramChannel/Connect.java
    + JDK-8256722: handle VC++:1927 VS2019 in  abstract_vm_version
    + JDK-8257794: Zero: assert(istate->_stack_limit ==
    istate->_thread->last_Java_sp() + 1) failed: wrong on
    Linux/x86_32
    + JDK-8258795: Update IANA Language Subtag Registry to Version
    2021-05-11
    + JDK-8258956: Memory Leak in StringCoding on ThreadLocal
    resultCached StringCoding.Result
    + JDK-8259517: Incorrect test path in test cases
    + JDK-8260518: Change default -mmacosx-version-min to 10.12
    + JDK-8261169: Upgrade HarfBuzz to the latest 2.8.0
    + JDK-8262379: Add regression test for JDK-8257746
    + JDK-8263364: sun/net/www/http/KeepAliveStream/
    /KeepAliveStreamCloseWithWrongContentLength.java wedged in
    getInputStream
    + JDK-8263718: unused-result warning happens at os_linux.cpp
    + JDK-8263856: Github Actions for macos/aarch64 cross-build
    + JDK-8264179: [TESTBUG] Some compiler tests fail when running
    without C2
    + JDK-8265261: java/nio/file/Files/InterruptCopy.java fails
    with java.lang.RuntimeException: Copy was not interrupted
    + JDK-8265297: javax/net/ssl/SSLSession/
    /TestEnabledProtocols.java failed with "/RuntimeException:
    java.net.SocketException: Connection reset"/
    + JDK-8265343: Update Debian-based cross-compilation recipes
    + JDK-8266251: compiler.inlining.InlineAccessors shouldn't do
    testing in driver VM
    + JDK-8266318: Switch to macos prefix for macOS bundles
    + JDK-8266391: Replace use of reflection in
    jdk.internal.platform.Metrics
    + JDK-8266545: 8261169 broke Harfbuzz build with gcc 7 and 8
    + JDK-8268773: Improvements related to: Failed to start thread
  - pthread_create failed (EAGAIN)
    + JDK-8269772: [macos-aarch64] test compilation failed with
    "/SocketException: No buffer space available"/
    + JDK-8269933: test/jdk/javax/net/ssl/compatibility/JdkInfo
    incorrect verification of protocol and cipher support
    + JDK-8270797: ShortECDSA.java test is not complete
    + JDK-8271055: Crash during deoptimization with
    "/assert(bb->is_reachable()) failed: getting result from
    unreachable basicblock"/ with -XX:+VerifyStack
    + JDK-8271199: Mutual TLS handshake fails signing client
    certificate with custom sensitive PKCS11 key
    + JDK-8272167: AbsPathsInImage.java should skip *.dSYM
    directories
    + JDK-8272358: Some tests may fail when executed with other
    locales than the US
    + JDK-8272493: Suboptimal code generation around
    Preconditions.checkIndex intrinsic with AVX2
    + JDK-8272908: Missing coverage for certain classes in
    com.sun.org.apache.xml.internal.security
    + JDK-8272964: java/nio/file/Files/InterruptCopy.java fails
    with java.lang.RuntimeException: Copy was not interrupted
    + JDK-8273176: handle latest VS2019 in abstract_vm_version
    + JDK-8273655: content-types.properties files are missing some
    common types
    + JDK-8274171: java/nio/file/Files/probeContentType/Basic.java
    failed on "/Content type"/ mismatches
    + JDK-8274233: Minor cleanup for ToolBox
    + JDK-8274735: javax.imageio.IIOException: Unsupported Image
    Type while processing a valid JPEG image
    + JDK-8274751: Drag And Drop hangs on Windows
    + JDK-8275082: Update XML Security for Java to 2.3.0
    + JDK-8275330: C2:  assert(n->is_Root() || n->is_Region() ||
    n->is_Phi() || n->is_MachMerge() ||
    def_block->dominates(block)) failed: uses must be dominated
    by definitions
    + JDK-8275337: C1: assert(false) failed: live_in set of first
    block must be empty
    + JDK-8276657: XSLT compiler tries to define a class with empty
    name
    + JDK-8276990: Memory leak in invoker.c fillInvokeRequest()
    during JDI operations
    + JDK-8277072: ObjectStreamClass caches keep ClassLoaders alive
    + JDK-8277093: Vector should throw ClassNotFoundException for a
    missing class of an element
    + JDK-8277396: [TESTBUG] In DefaultButtonModelCrashTest.java,
    frame is accessed from main thread
    + JDK-8277422: tools/jar/JarEntryTime.java fails with modified
    time mismatch
    + JDK-8277922: Unable to click JCheckBox in JTable through Java
    Access Bridge
    + JDK-8278065: Refactor subclassAudits to use ClassValue
    + JDK-8278186: org.jcp.xml.dsig.internal.dom.Utils
    .parseIdFromSameDocumentURI throws
    StringIndexOutOfBoundsException when calling substring method
    + JDK-8278346: java/nio/file/Files/probeContentType/Basic.java
    fails on Linux SLES15 machine
    + JDK-8278472: Invalid value set to CANDIDATEFORM structure
    + JDK-8278794: Infinite loop in DeflaterOutputStream.finish()
    + JDK-8278851: Correct signer logic for jars signed with
    multiple digestalgs
    + JDK-8278951: containers/cgroup/PlainRead.java fails on Ubuntu
    21.10
    + JDK-8279219: [REDO] C2 crash when allocating array of size
    too large
    + JDK-8279356: Method linking fails with
    guarantee(mh->adapter() != NULL) failed: Adapter blob must
    already exist!
    + JDK-8279505: Update documentation for RETRY_COUNT and
    REPEAT_COUNT
    + JDK-8279520: SPNEGO has not passed channel binding info into
    the underlying mechanism
    + JDK-8279529: ProblemList java/nio/channels/DatagramChannel/
    /ManySourcesAndTargets.java on macosx-aarch64
    + JDK-8279532: ProblemList sun/security/ssl/SSLSessionImpl/
    /NoInvalidateSocketException.java
    + JDK-8279668: x86: AVX2 versions of vpxor should be asserted
    + JDK-8279837: C2: assert(is_Loop()) failed: invalid node
    class: Region
    + JDK-8279842: HTTPS Channel Binding support for Java
    GSS/Kerberos
    + JDK-8279958: Provide configure hints for Alpine/apk package
    managers
    + JDK-8280041: Retry loop issues in java.io.ClassCache
    + JDK-8280373: Update Xalan serializer / SystemIDResolver to
    align with JDK-8270492
    + JDK-8280476: [macOS] : hotspot arm64 bug exposed by latest
    clang
    + JDK-8280684: JfrRecorderService failes with
    guarantee(num_written > 0) when no space left on device.
    + JDK-8280799: С2: assert(false) failed: cyclic dependency
    prevents range check elimination
    + JDK-8280867: Cpuid1Ecx feature parsing is incorrect for AMD
    CPUs
    + JDK-8280964: [Linux aarch64] : drawImage dithers
    TYPE_BYTE_INDEXED images incorrectly
    + JDK-8281274: deal with ActiveProcessorCount in
    os::Linux::print_container_info
    + JDK-8281275: Upgrading from 8 to 11 no longer accepts '/' as
    filepath separator in gc paths
    + JDK-8281615: Deadlock caused by jdwp agent
    + JDK-8281811: assert(_base == Tuple) failed: Not a Tuple after
    JDK-8280799
    + JDK-8282008: Incorrect handling of quoted arguments in
    ProcessBuilder
    + JDK-8282172: CompileBroker::log_metaspace_failure is called
    from non-Java/compiler threads
    + JDK-8282225: GHA: Allow one concurrent run per PR only
    + JDK-8282231: x86-32: runtime call to SharedRuntime::ldiv
    corrupts registers
    + JDK-8282293: Domain value for system property
    jdk.https.negotiate.cbt should be case-insensitive
    + JDK-8282312: Minor corrections to evbroadcasti32x4 intrinsic
    on x86
    + JDK-8282382: Report glibc malloc tunables in error reports
    + JDK-8282422: JTable.print() failed with
    UnsupportedCharsetException on AIX ko_KR locale
    + JDK-8282501: Bump update version for OpenJDK: jdk-11.0.16
    + JDK-8282583: Update BCEL md to include the copyright notice
    + JDK-8282588: [11] set harfbuzz compilation flag to -std=c++11
    + JDK-8282589: runtime/ErrorHandling/ErrorHandler.java fails on
    MacOS aarch64 in jdk 11
    + JDK-8282887: Potential memory leak in sun.util.locale.provider
    .HostLocaleProviderAdapterImpl.getNumberPattern() on Windows
    + JDK-8283018: 11u GHA: Update GCC 9 minor versions
    + JDK-8283217: Leak FcObjectSet in getFontConfigLocations() in
    fontpath.c
    + JDK-8283323: libharfbuzz optimization level results in
    extreme build times
    + JDK-8283350: (tz) Update Timezone Data to 2022a
    + JDK-8283408: Fix a C2 crash when filling arrays with unsafe
    + JDK-8283420: [AOT] Exclude TrackedFlagTest/NotTrackedFlagTest
    in 11u because of intermittent java.lang.AssertionError:
    duplicate classes for name Ljava/lang/Boolean;
    + JDK-8283424: compiler/loopopts/
    /LoopUnswitchingBadNodeBudget.java fails with release VMs due
    to lack of -XX:+UnlockDiagnosticVMOptions
    + JDK-8283451: C2: assert(_base == Long) failed: Not a Long
    + JDK-8283469: Don't use memset to initialize members in
    FileMapInfo and fix memory leak
    + JDK-8283497: [windows] print TMP and TEMP in hs_err and
    VM.info
    + JDK-8283614: [11] Repair compiler versions handling after
    8233787
    + JDK-8283641: Large value for CompileThresholdScaling causes
    assert
    + JDK-8283834: Unmappable character for US-ASCII encoding in
    TestPredicateInputBelowLoopPredicate
    + JDK-8284033: Leak XVisualInfo in getAllConfigs in
    awt_GraphicsEnv.c
    + JDK-8284094: Memory leak in invoker_completeInvokeRequest()
    + JDK-8284102: [TESTBUG] [11u] Retroactively add regression
    test for JDK-8272124
    + JDK-8284369: TestFailedAllocationBadGraph fails with
  - XX:TieredStopAtLevel < 4
    + JDK-8284389: Improve stability of GHA Pre-submit testing by
    caching cygwin installer
    + JDK-8284458: CodeHeapState::aggregate() leaks blob_name
    + JDK-8284507: GHA: Only check test results if testing was not
    skipped
    + JDK-8284549: JFR: FieldTable leaks FieldInfoTable member
    + JDK-8284573: [11u] ProblemList TestBubbleUpRef.java and
    TestGCOldWithCMS.java because of 8272195
    + JDK-8284604: [11u] Update Boot JDK used in GHA to 11.0.14.1
    + JDK-8284620: CodeBuffer may leak _overflow_arena
    + JDK-8284622: Update versions of some Github Actions used in
    JDK workflow
    + JDK-8284756: [11u] Remove unused isUseContainerSupport in
    CgroupV1Subsystem
    + JDK-8285395: [JVMCI] [11u] Partial backport of JDK-8220623:
    InstalledCode
    + JDK-8285397: JNI exception pending in CUPSfuncs.c:250
    + JDK-8285445: cannot open file "/NUL:"/
    + JDK-8285515: (dc) DatagramChannel.disconnect fails with
    "/Invalid argument"/ on macOS 12.4
    + JDK-8285523: Improve test
    java/io/FileOutputStream/OpenNUL.java
    + JDK-8285591: [11] add signum checks in DSA.java engineVerify
    + JDK-8285686: Update FreeType to 2.12.0
    + JDK-8285720: test/jdk/java/nio/file/Files/probeContentType/
    /Basic.java fails to compile after backport of 8273655
    + JDK-8285726: [11u, 17u] Unify fix for JDK-8284548 with
    version from head
    + JDK-8285727: [11u, 17u] Unify fix for JDK-8284920 with
    version from head
    + JDK-8285828: runtime/execstack/TestCheckJDK.java fails with
    zipped debug symbols
    + JDK-8286013: Incorrect test configurations for
    compiler/stable/TestStableShort.java
    + JDK-8286198: [linux] Fix process-memory information
    + JDK-8286293: Tests ShortResponseBody and
    ShortResponseBodyWithRetry should use less resources
    + JDK-8286444: javac errors after JDK-8251329 are not helpful
    enough to find root cause
    + JDK-8286594: (zipfs) Mention paths with dot elements in
    ZipException and cleanups
    + JDK-8286630: [11] avoid -std=c++11 CXX harfbuzz buildflag on
    Windows
    + JDK-8286855: javac error on invalid jar should only print
    filename
    + JDK-8287109: Distrust.java failed with
    CertificateExpiredException
    + JDK-8287119: Add Distrust.java to ProblemList
    + JDK-8287362: FieldAccessWatch testcase failed on AIX platform
    + JDK-8287378: GHA: Update cygwin to fix issues in langtools
    tests on Windows
    + JDK-8287739: [11u] ProblemList sun/security/ssl/
    /SSLSessionImpl/NoInvalidateSocketException.java
jose4j
- Declare the LICENSE file as license and not doc
kdump
- unload.sh-support-kexec-unload-when-kexec_file_load.patch
  Fix unload when secure boot enabled (bsc#1186272)
- fix-network-related-dracut-options-handling-for-fadu.patch
  Fix network-related dracut options handling for fadump case
  (bsc#1201051)
kernel-default
- Update metadata references
- commit 26d4ba7
- wifi: mac80211: fix crash in beacon protection for P2P-device
  (CVE-2022-42722 bsc#1204125).
- commit a6f4ca8
- wifi: mac80211: refactor elements parsing with parameter struct
  (CVE-2022-42719 bsc#1204051).
- commit 26c2d4f
- mac80211: fix memory leaks with element parsing (CVE-2022-42719
  bsc#1204051).
- commit a818808
- mac80211: always allocate struct ieee802_11_elems
  (CVE-2022-42719 bsc#1204051).
- commit a183a67
- wifi: cfg80211: avoid nontransmitted BSS list corruption
  (CVE-2022-42721 bsc#1204060).
- commit 5fe81ec
- wifi: mac80211: fix MBSSID parsing use-after-free
  (CVE-2022-42719 bsc#1204051).
- commit 6462e9c
- wifi: mac80211: refactor elements parsing with parameter struct
  (CVE-2022-42719 bsc#1204051).
- commit 7b3171e
- mac80211: fix memory leaks with element parsing (CVE-2022-42719
  bsc#1204051).
- mac80211: always allocate struct ieee802_11_elems
  (CVE-2022-42719 bsc#1204051).
- commit 1d0e42c
- wifi: cfg80211: fix BSS refcounting bugs (CVE-2022-42720
  bsc#1204059).
- mac80211: mlme: find auth challenge directly (CVE-2022-42719
  bsc#1204051).
- mac80211: move CRC into struct ieee802_11_elems (CVE-2022-42719
  bsc#1204051).
- wifi: cfg80211: fix BSS refcounting bugs (CVE-2022-42720
  bsc#1204059).
- cfg80211: hold bss_lock while updating nontrans_list
  (CVE-2022-42719 bsc#1204051).
- mac80211: mlme: find auth challenge directly (CVE-2022-42719
  bsc#1204051).
- mac80211: move CRC into struct ieee802_11_elems (CVE-2022-42719
  bsc#1204051).
- mac80211: don't re-parse elems in ieee80211_assoc_success()
  (CVE-2022-42719 bsc#1204051).
- commit cf17eed
- Refresh metadata
  Refresh:
  patches.suse/nvme-ensure-subsystem-reset-is-single-threaded.patch
  patches.suse/nvme-restrict-management-ioctls-to-admin.patch
- commit 32aee9f
- scsi: stex: Properly zero out the passthrough command structure
  (bsc#1203514 CVE-2022-40768).
- commit b5c1e4b
- nvme: ensure subsystem reset is single threaded (bsc#1203290
  CVE-2022-3169).
- nvme: restrict management ioctls to admin (bsc#1203290
  CVE-2022-3169).
- commit fb89dd3
- Add CVE reference on lightnvm removal patch
  modified:
  - patches.drivers/lightnvm-remove-lightnvm-implemenation.patch
- commit 6251214
- char: pcmcia: synclink_cs: Fix use-after-free in mgslpc_ops
  (CVE-2022-41848 bsc#1203987).
- commit c6f643b
- fbdev: smscufx: Fix use-after-free in ufx_ops_open()
  (CVE-2022-41849 bsc#1203992).
- commit 1b1c9cc
- Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address
  (git-fixes).
- commit d6b115e
- Input: melfas_mip4 - fix return value check in mip4_probe()
  (git-fixes).
- commit 6863cfd
- blacklist.conf: cleanup that breaks kABI
- commit 9b1761f
- USB: core: Fix RST error in hub.c (git-fixes).
- commit 0a4bc80
- struct ehci_hcd: hide new member (git-fixes).
- commit 47be3bf
- usb: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes).
- commit 6d316e7
- struct otg_fsm: hide new boolean member in gap (git-fixes).
- commit f6f0e1f
- usb: otg-fsm: Fix hrtimer list corruption (git-fixes).
- commit 659ffb3
- blacklist.conf: breaks kABI for an issue relevant only in a minor HC
- commit 803fd47
- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
- commit cd54e08
- bpf: Compile out btf_parse_module() if module BTF is not enabled
  (git-fixes).
- commit 1eec519
- net: mana: Add rmb after checking owner bits (git-fixes).
- commit 78526f5
- arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes)
- commit 1907554
- arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes)
- commit b65f350
- arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes)
- commit bdc6c6e
- net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529).
- commit a9060b8
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- commit 25390e7
- scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).
- scsi: lpfc: Fix various issues reported by tools (bsc#1203939).
- scsi: lpfc: Add reporting capability for Link Degrade Signaling
  (bsc#1203939).
- scsi: lpfc: Rework FDMI attribute registration for unintential
  padding (bsc#1203939).
- scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and
  consistency (bsc#1203939).
- scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd
  (bsc#1203939).
- scsi: lpfc: Update congestion mode logging for Emulex SAN
  Manager application (bsc#1203939).
- scsi: lpfc: Move scsi_host_template outside dynamically
  allocated/freed phba (bsc#1185032 bsc#1203939).
  Dropped:
  patches.suse/lpfc-decouple-port_template-and-vport_template.patch
- scsi: lpfc: Fix multiple NVMe remoteport registration calls
  for the same NPort ID (bsc#1203939).
- scsi: lpfc: Add missing free iocb and nlp kref put for early
  return VMID cases (bsc#1203939).
- scsi: lpfc: Fix mbuf pool resource detected as busy at driver
  unload (bsc#1203939).
- scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology
  (bsc#1203939).
- scsi: lpfc: Fix prli_fc4_req checks in PRLI handling
  (bsc#1203939).
- scsi: lpfc: Remove unneeded result variable (bsc#1203939).
- scsi: lpfc: Remove the unneeded result variable (bsc#1203939).
- commit 829fcfa
- scsi: lpfc: Add missing destroy_workqueue() in error path
  (bsc#1203939).
- scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of
  DID_REQUEUE (bsc#1203939).
- commit 26a6fd8
- wifi: cfg80211: ensure length byte is present before access
  (CVE-2022-41674 bsc#1203770).
- wifi: cfg80211/mac80211: reject bad MBSSID elements
  (CVE-2022-41674 bsc#1203770).
- wifi: cfg80211: fix u8 overflow in
  cfg80211_update_notlisted_nontrans() (CVE-2022-41674
  bsc#1203770).
- commit a878ee7
- scsi: qla2xxx: Remove unused declarations for qla2xxx
  (bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image
  Status (bsc#1203935).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Fix response queue handler reading stale packets
  (bsc#1203935).
- scsi: qla2xxx: Revert "/scsi: qla2xxx: Fix response queue
  handler reading stale packets"/ (bsc#1203935).
- scsi: qla2xxx: Log message "/skipping scsi_scan_host()"/ as
  informational (bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from
  qlt_stop_phase1() (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- commit 7c106a6
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
  (bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port
  ISP27XX (bsc#1203935).
- commit 80690be
- psi: Fix uaf issue when psi trigger is destroyed while being
  polled (bsc#1203909).
- commit fd0515b
- cgroup: cgroup_get_from_id() must check the looked-up kn is
  a directory (bsc#1203906).
- Refresh patches.suse/scsi-cgroup-Add-cgroup_get_from_id.patch.
- commit f918358
- mm/mremap: hold the rmap lock in write mode when moving page
  table entries (CVE-2022-41222 bsc#1203622).
- commit 07909f0
- USB: core: Prevent nested device-reset calls (git-fixes).
- commit 5a61004
- blacklist.conf: irrelevant in our kernel configurations
- commit 0547ac8
- usb: dwc3: disable USB core PHY management (git-fixes).
- commit 5595967
- blacklist.conf: black list commit 2fdbb8dd0155
  Add commit 2fdbb8dd0155 ("/fuse: fix deadlock between atomic O_TRUNC and page
  invalidation"/) to the blacklist.  It's a real bug, but it's been there for a
  long time, it seems to have low impact and the backport risks are high.
- commit e45fa09
- usb.h: struct usb_device: hide new member (git-fixes).
- commit 345c930
- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (CVE-2022-3303
  bsc#1203769).
- commit aa1dc74
- Revert "/SUNRPC: Remove unreachable error condition"/ (git-fixes).
- md: call __md_stop_writes in md_stop (git-fixes).
- SUNRPC: RPC level errors should set task->tk_rpc_status
  (git-fixes).
- SUNRPC: Reinitialise the backchannel request buffers before
  reuse (git-fixes).
- NFSv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- NFSv4: Fix races in the legacy idmapper upcall (git-fixes).
- sunrpc: fix expiry of auth creds (git-fixes).
- NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly
  (git-fixes).
- NFSv4.1: Don't decrease the value of seq_nr_highest_sent
  (git-fixes).
- md-raid10: fix KASAN warning (git-fixes).
- SUNRPC: Don't leak sockets in xs_local_connect() (git-fixes).
- SUNRPC: Don't call connect() more than once on a TCP socket
  (git-fixes).
- NFSD: Fix offset type in I/O trace points (git-fixes).
- SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes).
- sunrpc: Fix misplaced barrier in call_decode (git-fixes).
- xprtrdma: Fix cwnd update ordering (git-fixes).
- svcrdma: Hold private mutex while invoking rdma_accept()
  (git-fixes).
- commit 3437f45
- blacklist.conf: 441947019138 Documentation: Add documentation for Processor MMIO Stale Data
- commit 7da5a85
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit 2078b95
- ima: force signature verification when CONFIG_KEXEC_SIG is
  configured (bsc#1203737).
- kexec: do not verify the signature without the lockdown or
  mandatory signature (bsc#1203737).
- commit 6aaef78
- kABI: x86: kexec: hide new include from genksyms (bsc#1196444).
- commit f16766a
- kexec, KEYS, s390: Make use of built-in and secondary keyring
  for signature verification (bsc#1196444).
- arm64: kexec_file: use more system keyrings to verify kernel
  image signature (bsc#1196444).
- kexec, KEYS: make the code in bzImage64_verify_sig generic
  (bsc#1196444).
- kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).
- kexec: drop weak attribute from functions (bsc#1196444).
- kexec_file: drop weak attribute from functions (bsc#1196444).
- x86/kexec: fix memory leak of elf header buffer (bsc#1196444).
- kexec_file: drop weak attribute from
  arch_kexec_apply_relocations[_add] (bsc#1196444).
- commit 57f8f15
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: sg: Allow waiting for commands to complete on removed
  device (git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: core: Fix bad pointer dereference when ehandler kthread
  is invalid (git-fixes).
- commit 3a8854b
- blacklist.conf: add git-fixes not needed to list
- commit 0514bb0
- gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type
  in mpc85xx (git-fixes).
- pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH
  (git-fixes).
- drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).
- drm/meson: Correct OSD1 global alpha value (git-fixes).
- of/device: Fix up of_dma_configure_id() stub (git-fixes).
- of: fdt: fix off-by-one error in unflatten_dt_nodes()
  (git-fixes).
- efi: capsule-loader: Fix use-after-free in efi_capsule_write
  (git-fixes).
- soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
  (git-fixes).
- Input: iforce - add support for Boeder Force Feedback Wheel
  (git-fixes).
- vt: Clear selection before changing the font (git-fixes).
- drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk
  (git-fixes).
- usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS
  (git-fixes).
- USB: serial: cp210x: add Decagon UCA device id (git-fixes).
- USB: serial: option: add support for Cinterion MV32-WA/WB
  RmNet mode (git-fixes).
- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
  (git-fixes).
- USB: serial: option: add Quectel EM060K modem (git-fixes).
- USB: serial: option: add support for OPPO R11 diag port
  (git-fixes).
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
  (git-fixes).
- usb-storage: Add ignore-residue quirk for NXP PN7462AU
  (git-fixes).
- platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell
  Dot keymap fixes (git-fixes).
- ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).
- hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered
  message (git-fixes).
- HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
  (git-fixes).
- fbdev: chipsfb: Add missing pci_disable_device() in
  chipsfb_pci_init() (git-fixes).
- fbdev: fb_pm2fb: Avoid potential divide by zero error
  (git-fixes).
- drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly
  (git-fixes).
- drm/radeon: add a force flush to delay work when radeon
  (git-fixes).
- drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup
  (git-fixes).
- drm/gem: Fix GEM handle release errors (git-fixes).
- vt: selection, introduce vc_is_sel (git-fixes).
- commit 41cd9fa
- blacklist.conf: Remove vt patch entry that is needed by other fix
- commit d86dd83
- Revert "/ALSA: usb-audio: Split endpoint setups for hw_params
  and prepare"/ (git-fixes).
- ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes).
- ALSA: emu10k1: Fix out of bounds access in
  snd_emu10k1_pcm_channel_alloc() (git-fixes).
- ALSA: usb-audio: Fix an out-of-bounds bug in
  __snd_usb_parse_audio_interface() (git-fixes).
- ALSA: aloop: Fix random zeros in capture data when using
  jiffies timer (git-fixes).
- drm/msm/rd: Fix FIFO-full deadlock (git-fixes).
- ALSA: seq: Fix data-race at module auto-loading (git-fixes).
- ALSA: seq: oss: Fix data-race for max_midi_devs access
  (git-fixes).
- commit c844286
- Move upstreamed patches into sorted section
- commit 8fc0f8a
- media: dvb-core: Fix UAF due to refcount races at releasing
  (CVE-2022-41218 bsc#1202960).
- commit 260d985
- blacklist.conf: e9b6013a7ce3 x86/speculation: Update link to AMD speculation whitepaper
- commit 698f0eb
- Refresh
  patches.suse/netfilter-nf_conntrack_irc-Fix-forged-IP-logic.patch.
- commit a7baae2
- Delete
  patches.suse/net-usb-ax88179_178a-write-mac-to-hardware-in-get_ma.patch.
  (bsc#1203313)
- commit 95f983b
- blacklist.conf: ad2c302bc604 EDAC/sifive: Fix non-kernel-doc comment
- commit de5ca80
- media: em28xx: initialize refcount before kref_get
  (CVE-2022-3239 bsc#1203552).
- commit b9d53ba
- powerpc/memhotplug: Make lmb size 64bit (bsc#1203424
  ltc#199544).
- powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).
- commit 7105c05
- scsi: smartpqi: Shorten drive visibility after removal
  (bsc#1200622).
  Delete no longer needed SUSE-specific patch that adds tunable
  parameters for smartpqi reset.
  Deleted:
  patches.suse/scsi-smartpqi-create-module-parameters-for-LUN-reset.patch.
- commit 46fd862
- squashfs: fix divide error in calculate_skip() (git-fixes).
- commit 8eb4b9e
- arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341)
- commit 6f5d84d
- dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503,
  bsc#1202677).
- commit 8fdd2ed
- dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503,
  bsc#1202677).
- commit cb91fc5
- x86/bugs: Reenable retbleed=off
  While for older kernels the return thunks are statically built in and
  cannot be dynamically patched out, retbleed=off should still work so
  that it can be disabled.
- Refresh
  patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- commit 922ee7a
- md: unlock mddev before reap sync_thread in action_store
  (bsc#1197659).
- commit a26c618
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- commit b06f37e
- KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported
  value (git-fixes).
- commit 16015a8
- KVM: x86: Set error code to segment selector on LLDT/LTR
  non-canonical #GP (git-fixes).
- commit 3f756c3
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault
  checks (git-fixes).
- commit 56bf87e
- x86/xen: Remove undefined behavior in setup_features()
  (git-fixes).
- commit a4e3370
- Update references:
  - patches.kabi/kabi-return-type-change-of-secure_ipv-46-_port_ephem.patch
  - patches.suse/secure_seq-use-the-64-bits-of-the-siphash-for-port-o.patch
  - patches.suse/tcp-add-small-random-increments-to-the-source-port.patch
  - patches.suse/tcp-drop-the-hash_32-part-from-the-index-calculation.patch
  - patches.suse/tcp-dynamically-allocate-the-perturb-table-used-by-s.patch
  - patches.suse/tcp-increase-source-port-perturb-table-to-2-16.patch
  - patches.suse/tcp-resalt-the-secret-every-10-seconds.patch
  - patches.suse/tcp-use-different-parts-of-the-port_offset-for-index.patch
  (add CVE-2022-32296 bsc#1200288)
- commit 01ba066
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit 3a4afff
- Revert "/random: fix crash on multiple early calls to (bsc#1201645)"/
  This reverts commit d8168ccb1401eeeed63fa376ac53b5ab983f6d1e.
  This version of the patch causes regression of the problem it's supposed
  to fix, drop it again.
- commit 55b3759
- Refresh sorted patches, move out-of-tree ppc patches to ppc section.
- commit 4fb7690
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- commit d91e617
- JFS: more checks for invalid superblock (git-fixes).
- commit 9d9aa1f
- JFS: fix memleak in jfs_mount (git-fixes).
- commit aaf1dca
- jfs: prevent NULL deref in diFree (bsc#1203389).
- commit 55c4d53
- jfs: fix GPF in diFree (bsc#1203389).
- commit 48bda4c
- mmc: block: fix read single on recovery logic (CVE-2022-20008
  bsc#1199564).
- commit de3f02b
- tracing: hold caller_addr to hardirq_{enable,disable}_ip
  (git-fixes).
- commit 16424ba
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline
  when ftrace is dead (git-fixes).
- commit 5b60469
- arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes)
- commit 9208a35
- crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes)
- commit 790c147
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)
- commit 68c8906
- arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes)
- commit ec68a76
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes)
- commit 3cd5dd6
- arm64: mm: fix p?d_leaf() (git-fixes)
- commit a914a52
- blacklist.conf: ("/arm64: fix clang warning about TRAMP_VALIAS"/)
- commit 77f79cc
- arm64: tegra: Remove non existent Tegra194 reset (git-fixes)
- commit 500bc08
- arm64: tlb: fix the TTL value of tlb_get_level (git-fixes)
- commit 93eea81
- arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes)
- commit f1a43b3
- arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes)
- commit b0eb54a
- blacklist.conf: ("/arm64: Fix kernel address detection of __is_lm_address()"/)
- commit 2aab643
- arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes)
- commit f8968ca
- arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes)
- commit cfcfe62
- arm64/mm: Validate hotplug range before creating linear mapping (git-fixes)
- commit 067e57e
- blacklist.conf: ("/arm64: Drop unnecessary include from asm/smp.h"/)
- commit 998d48c
- netfilter: nf_tables: do not allow CHAIN_ID to refer to another
  table (CVE-2022-2586 bsc#1202095).
  Note: this patch is a backport of a 5.9-rc1 mainline commit which was only
  backported into SLE15-SP3 so that it cannot be added to cve/linux-5.3.
- commit 10f848d
- dccp: don't duplicate ccid when cloning dccp sock
  (CVE-2020-16119 bsc#1177471).
- commit 7c77568
- netfilter: nf_tables: do not allow RULE_ID to refer to another
  chain (CVE-2022-2586 bsc#1202095).
- netfilter: nf_tables: do not allow SET_ID to refer to another
  table (CVE-2022-2586 bsc#1202095).
- commit 9335568
- watchdog: wdat_wdt: Set the min and max timeout values properly
  (bsc#1194023).
- commit cc91c04
- ALSA: usb-audio: Split endpoint setups for hw_params and prepare
  (git-fixes).
- ALSA: usb-audio: Register card again for iface over
  delayed_register option (git-fixes).
- ALSA: usb-audio: Inform the delayed registration more properly
  (git-fixes).
- ALSA: usb-audio: fix spelling mistakes (git-fixes).
- commit b46a495
- s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607).
- s390/qeth: improve selection of ethtool link modes (bsc#1202984
  LTC#199607).
- s390/qeth: use QUERY OAT for initial link info (bsc#1202984
  LTC#199607).
- s390/qeth: clean up default cases for ethtool link mode
  (bsc#1202984 LTC#199607).
- s390/qeth: set static link info during initialization
  (bsc#1202984 LTC#199607).
- s390/qeth: improve QUERY CARD INFO processing (bsc#1202984
  LTC#199607).
- s390/qeth: tolerate error when querying card info (bsc#1202984
  LTC#199607).
- commit 9031a4b
- regulator: core: Clean up on enable failure (git-fixes).
- wifi: iwlegacy: 4965: corrected fix for potential off-by-one
  overflow in il4965_rs_fill_link_cmd() (git-fixes).
- commit e4c4fe1
- USB: serial: ch341: fix disabled rx timer on older devices
  (git-fixes).
- commit 85a0dd6
- USB: serial: ch341: fix lost character on LCR updates
  (git-fixes).
- commit bf1a320
- USB: serial: ch341: name prescaler, divisor registers
  (git-fixes).
- commit 63aa28e
- nvme-tcp: fix UAF when detecting digest errors (bsc#1200313
  bsc#1201489).
- commit d4bd81f
- nvme-rdma: Handle number of queue changes (bsc#1201865).
- nvme-tcp: Handle number of queue changes (bsc#1201865).
- nvmet: Expose max queues to configfs (bsc#1201865).
- commit cdc0881
- nvme-fabrics: parse nvme connect Linux error codes
  (bsc#1201865).
- commit 9e2c1de
- mm: pagewalk: Fix race between unmap and page walker (git-fixes,
  bsc#1203159).
- commit 173564a
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit ed68f11
- mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
  (CVE-2022-39188, bsc#1203107).
- commit 84aac57
- netfilter: nf_tables: disallow binding to already bound chain
  (bsc#1203117 CVE-2022-39190).
- commit 933f567
- fuse: Remove the control interface for virtio-fs (bsc#1203137).
- fuse: ioctl: translate ENOSYS (bsc#1203136).
- fuse: limit nsec (bsc#1203135).
- commit e82b600
- netfilter: nf_conntrack_irc: Tighten matching on DCC message
  (CVE-2022-2663 bsc#1202097).
- netfilter: nf_conntrack_irc: Fix forged IP logic (CVE-2022-2663
  bsc#1202097).
- commit a949534
- Revert "/clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops"/
  (git-fixes).
- Revert "/usb: gadget: udc-xilinx: replace memcpy with
  memcpy_toio"/ (git-fixes).
- commit 855ba08
- gpio: pca953x: Add mutex_lock for regcache sync in PM
  (git-fixes).
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
  (git-fixes).
- Input: rk805-pwrkey - fix module autoloading (git-fixes).
- tty: serial: lpuart: disable flow control while waiting for
  the transmit engine to complete (git-fixes).
- serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
- staging: rtl8712: fix use after free bugs (git-fixes).
- clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate
  (git-fixes).
- clk: core: Fix runtime PM sequence in clk_core_unprepare()
  (git-fixes).
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops
  (git-fixes).
- hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
- drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
  (git-fixes).
- drm/msm/dsi: fix the inconsistent indenting (git-fixes).
- drm/i915/reg: Fix spelling mistake "/Unsupport"/ -> "/Unsupported"/
  (git-fixes).
- driver core: Don't probe devices after bus_type.match() probe
  deferral (git-fixes).
- misc: fastrpc: fix memory corruption on open (git-fixes).
- misc: fastrpc: fix memory corruption on probe (git-fixes).
- iio: adc: mcp3911: use correct formula for AD conversion
  (git-fixes).
- iio: adc: mcp3911: make use of the sign bit (git-fixes).
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
  (git-fixes).
- usb: dwc2: fix wrong order of phy_power_on and phy_init
  (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
  (git-fixes).
- thunderbolt: Use the actual buffer in tb_async_error()
  (git-fixes).
- usb: typec: altmodes/displayport: correct pin assignment for
  UFP receptacles (git-fixes).
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
- ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
- Bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
  (git-fixes).
- wifi: mac80211: Don't finalize CSA in IBSS mode if state is
  disconnected (git-fixes).
- HID: steam: Prevent NULL pointer dereference in
  steam_{recv,send}_report (git-fixes).
- commit ed7b741
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- serial: mvebu-uart: uart2 error bits clearing (git-fixes).
- tty: vt: initialize unicode screen buffer (git-fixes).
- tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
- video: fbdev: i740fb: Check the argument of i740_calc_vclk()
  (git-fixes).
- usb: renesas: Fix refcount leak bug (git-fixes).
- usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
- usb: gadget: uvc: call uvc uvcg_warn on completed status
  instead of uvcg_info (git-fixes).
- vboxguest: Do not use devm for irq (git-fixes).
- wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
- wifi: mac80211_hwsim: add back erroneously removed cast
  (git-fixes).
- wifi: mac80211_hwsim: fix race condition in pending packet
  (git-fixes).
- spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
- spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
- commit 86912f8
- mmc: pxamci: Fix another error handling path in pxamci_probe()
  (git-fixes).
- mtd: rawnand: meson: Fix a potential double free issue
  (git-fixes).
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s
  error path (git-fixes).
- mtd: partitions: Fix refcount leak in parse_redboot_of
  (git-fixes).
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in
  sm_release (git-fixes).
- mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
- mtd: maps: Fix refcount leak in of_flash_probe_versatile
  (git-fixes).
- PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
- net: rose: fix netdev reference changes (git-fixes).
- commit b9934d3
- i2c: imx: Make sure to unregister adapter on remove()
  (git-fixes).
- mmc: pxamci: Fix an error handling path in pxamci_probe()
  (git-fixes).
- lib/list_debug.c: Detect uninitialized lists (git-fixes).
- mfd: max77620: Fix refcount leak in max77620_initialise_fps
  (git-fixes).
- mfd: t7l66xb: Drop platform disable callback (git-fixes).
- HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
- HID: wacom: Don't register pad_input for touch switch
  (git-fixes).
- intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
- intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
- intel_th: pci: Add Meteor Lake-P support (git-fixes).
- commit f90560c
- drm/amdgpu: remove useless condition in
  amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
- drm/sun4i: dsi: Prevent underflow when computing packet sizes
  (git-fixes).
- drm/meson: Fix refcount bugs in
  meson_vpu_has_available_connectors() (git-fixes).
- drm/meson: Fix overflow implicit truncation warnings
  (git-fixes).
- dmaengine: sprd: Cleanup in .remove() after
  pm_runtime_get_sync() failed (git-fixes).
- HID: wacom: Only report rotation for art pen (git-fixes).
- gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
- drm/amdgpu: Check BO's requested pinning domains against its
  preferred_domains (git-fixes).
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters
  (git-fixes).
- commit 9b0074c
- asm-generic: sections: refactor memory_intersects (git-fixes).
- ACPI: processor: Remove freq Qos request for all CPUs
  (git-fixes).
- ata: libata-eh: Add missing command name (git-fixes).
- ALSA: info: Fix llseek return value when using callback
  (git-fixes).
- ASoC: tas2770: Allow mono streams (git-fixes).
- ASoC: SOF: debug: Fix potential buffer overflow by snprintf()
  (git-fixes).
- ASoC: audio-graph-card: Add of_node_put() in fail path
  (git-fixes).
- ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp()
  (git-fixes).
- ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV
  (git-fixes).
- ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to
  S8_TLV (git-fixes).
- ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes).
- ASoC: mt6797-mt6351: Fix refcount leak in
  mt6797_mt6351_dev_probe (git-fixes).
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
- ACPI: LPSS: Fix missing check in register_device_clock()
  (git-fixes).
- ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes).
- ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from
  DMI quirks (git-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for
  HP machine (git-fixes).
- clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks
  (git-fixes).
- commit a8924db
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit f477eb5
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
  (git-fixes, bsc#1203098).
  kABI: Fix kABI after "/mm/rmap: Fix anon_vma->degree ambiguity
  leading to double-reuse"/ (git-fixes, bsc#1203098).
- commit cfac9ee
- scsi: lpfc: Copyright updates for 14.2.0.6 patches
  (bsc#1203063).
- scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
- scsi: lpfc: Remove SANDiags related code (bsc#1203063).
- scsi: lpfc: Add warning notification period to CMF_SYNC_WQE
  (bsc#1203063).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic
  (bsc#1203063).
- scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit
  path for GFT_ID (bsc#1203063).
- scsi: lpfc: Fix unsolicited FLOGI receive handling during
  PT2PT discovery (bsc#1203063).
- scsi: lpfc: Check the return value of alloc_workqueue()
  (bsc#1203063).
- commit e207225
- KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for
  !nested_run_pending case (git-fixes).
- commit 17df333
- blacklist.conf: add dbac14a5a05f, as it would break kabi
- commit 55dfee4
- KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending
  case (git-fixes).
- commit 1a5a475
- KVM: x86: accept userspace interrupt only if no event is
  injected (git-fixes).
- commit b61f5d7
- KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled
  (git-fixes).
- commit b27e2cd
- blacklist.conf: Add three patches
  44585f7bc0cb psi: fix "/defined but not used"/ warnings when CONFIG_PROC_FS=n
  5102bb1c9f82 psi: Fix "/defined but not used"/ warnings when CONFIG_PROC_FS=n
  ec2444530612 psi: Fix "/no previous prototype"/ warnings when CONFIG_CGROUPS=n
- commit f8fef55
- s390/mm: do not trigger write fault when vma does not allow
  VM_WRITE (git-fixes).
- s390/crash: fix incorrect number of bytes to copy to user space
  (git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes
  copied (git-fixes).
- s390/mm: fix 2KB pgtable release race (git-fixes).
- commit 32b8c39
- rpm/kernel-source.spec.in: simplify finding of broken symlinks
  "/find -xtype l"/ will report them, so use that to make the search a bit
  faster (without using shell).
- commit 13bbc51
- mkspec: eliminate @NOSOURCE@ macro
  This should be alsways used with @SOURCES@, just include the content
  there.
- commit 403d89f
- kernel-source: include the kernel signature file
  We assume that the upstream tarball is used for released kernels.
  Then we can also include the signature file and keyring in the
  kernel-source src.rpm.
  Because of mkspec code limitation exclude the signature and keyring from
  binary packages always - mkspec does not parse spec conditionals.
- commit e76c4ca
- kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages
- commit 4b42fb2
- dtb: Do not include sources in src.rpm - refer to kernel-source
  Same as other kernel binary packages there is no need to carry duplicate
  sources in dtb packages.
- commit 1bd288c
- nvme: fix RCU hole that allowed for endless looping in multipath
  round robin (bsc#1202636).
- commit e7e083b
- af_key: Do not call xfrm_probe_algs in parallel (bsc#1202898
  CVE-2022-3028).
- commit 50479c7
- usb: dwc3: gadget: Fix IN endpoint max packet size allocation
  (git-fixes).
- commit 4ad76ff
- Update patches.suse/watchdog-export-lockup_detector_reconfigure.patch (bsc#1202872 ltc#197920).
- commit 52cb092
- usb: dwc3: gadget: Store resource index of start cmd
  (git-fixes).
- commit 4fd8e68
- Update patch reference for USB gadget fix (CVE-2020-27784 bsc#1202895)
- commit 8033d12
- usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes).
- Refresh
  patches.suse/usb-dwc3-add-cancelled-reasons-for-dwc3-requests.patch.
- commit 32c5550
- usb: dwc3: gadget: Remove unnecessary checks (git-fixes).
- Refresh
  patches.suse/usb-dwc3-add-cancelled-reasons-for-dwc3-requests.patch.
- commit 7db43e6
- usb: dwc3: Switch to platform_get_irq_byname_optional()
  (git-fixes).
- commit 73d1e58
- xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like
  fallocate (bsc#1194272 CVE-2021-4155).
- commit 049d5e6
- usb: gadget: u_audio: fix race condition on endpoint stop
  (git-fixes).
- commit 152ca21
- usb: dwc3: ep0: Fix delay status handling (git-fixes).
- commit af1df0f
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- commit 9881846
- bpf: Don't use tnum_range on array range checking for poke
  descriptors (bsc#1202564 bsc#1202860 CVE-2022-2905).
- commit c59b8fc
- blacklist.conf: Add reverted patch
  d11219ad53dc amdgpu: disable powerpc support for the newer display engine
  c653c591789b drm/amdgpu: Re-enable DCN for 64-bit powerpc
- commit b8f5e97
- SUNRPC: Don't dereference xprt->snd_task if it's a cookie
  (git-fixes).
- commit 16c3d44
- vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
- vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
- vmxnet3: Record queue number to incoming packets (bsc#1200431).
- vmxnet3: disable overlay offloads if UPT device does not support
  (bsc#1200431).
- vmxnet3: update to version 7 (bsc#1200431).
- vmxnet3: use ext1 field to indicate encapsulated packet
  (bsc#1200431).
- vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
- vmxnet3: add command to set ring buffer sizes (bsc#1200431).
- vmxnet3: add support for out of order rx completion
  (bsc#1200431).
- vmxnet3: add support for large passthrough BAR register
  (bsc#1200431).
- vmxnet3: add support for capability registers (bsc#1200431).
- vmxnet3: prepare for version 7 changes (bsc#1200431).
- net: vmxnet3: fix possible NULL pointer dereference in
  vmxnet3_rq_cleanup() (bsc#1200431).
- net: vmxnet3: fix possible use-after-free bugs in
  vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
- vmxnet3: Remove useless DMA-32 fallback configuration
  (bsc#1200431).
- net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c
  (bsc#1200431).
- vmxnet3: do not stop tx queues after netif_device_detach()
  (bsc#1200431).
- vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
- commit b577aa9
- kbuild: do not create built-in objects for external module
  builds (jsc#SLE-24559 bsc#1202756).
- commit 56b8142
- tracing/probes: Have kprobes and uprobes use $COMM too
  (git-fixes).
- commit 26bf0d1
- spmi: trace: fix stack-out-of-bound access in SPMI tracing
  functions (git-fixes).
- commit 8c340f6
- tracing/histograms: Fix memory leak problem (git-fixes).
- commit 07d4ab9
- blacklist.conf: tracepoint cleanup for drivers/char/random
- commit f75eb58
- tracing/histogram: Fix a potential memory leak for kstrdup()
  (git-fixes).
- commit cce24b0
- ceph: don't truncate file in atomic_open (bsc#1202811).
- ceph: don't leak snap_rwsem in handle_cap_grant (bsc#1202810).
- commit 75744b6
- blacklist.conf: blacklist fea013e020e6
- commit 2fc68a2
- tracing: Add ustring operation to filtering string pointers
  (git-fixes).
- commit 3fbf519
- cgroup: Trace event cgroup id fields should be u64 (git-fixes).
- commit dade489
- blacklist.conf: not-relevant cleanup for drivers/char/random
- commit c90e359
- blktrace: fix blk_rq_merge documentation (git-fixes).
- commit c03c0ec
- hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet
  info (bsc#1202701).
- commit 173844d
- tpm: fix reference counting for struct tpm_chip (CVE-2022-2977
  bsc#1202672).
- commit b71aab0
- list: add "/list_del_init_careful()"/ to go with
  "/list_empty_careful()"/ (bsc#1202745).
- commit 71ed084
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 595e8a4
- blk-iocost: clamp inuse and skip noops in __propagate_weights()
  (bsc#1202722).
- commit f84d929
- blk-iocost: rename propagate_active_weights() to
  propagate_weights() (bsc#1202722).
- commit 2724a56
- blacklist.conf: Blacklist aebf5db91705
- commit 578fbe5
- blk-iocost: fix operation ordering in iocg_wake_fn()
  (bsc#1202720).
- commit 31b540e
- loop: Fix missing discard support when using LOOP_CONFIGURE
  (bsc#1202718).
- commit c85296f
- blk-iocost: fix weight updates of inner active iocgs
  (bsc#1202717).
- commit 06cf027
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered
  (bsc#1197763).
- commit f7b5cbd
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when
  journal aborted (bsc#1202716).
- commit d741558
- jbd2: fix outstanding credits assert in
  jbd2_journal_commit_transaction() (bsc#1202715).
- commit 4df2139
- fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages
  (bsc#1200873).
- commit b654d4c
- ocfs2: fix crash when initialize filecheck kobj fails
  (bsc#1197920).
- commit 137054f
- ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).
- commit 24a97d8
- ocfs2: drop acl cache for directories too (bsc#1191667).
- commit d8cc34a
- reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr
  (bsc#1202714).
- commit 4fc81aa
- ext4: recover csum seed of tmp_inode after migrating to extents
  (bsc#1202713).
- commit 79e5db2
- ext4: add reserved GDT blocks check (bsc#1202712).
- commit e96e640
- ext4: fix bug_on in ext4_writepages (bsc#1200872).
- commit 8d9a89d
- ext4: fix use-after-free in ext4_rename_dir_prepare
  (bsc#1200871).
- commit c9d1b13
- ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
- commit f4c59a1
- ext4: force overhead calculation if the s_overhead_cluster
  makes no sense (bsc#1200870).
- commit 24d5cfc
- ext4: fix overhead calculation to account for the reserved
  gdt blocks (bsc#1200869).
- commit 8fa6a02
- ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
- commit bc9242b
- ext4: fix symlink file size not match to file content
  (bsc#1200868).
- commit 888bc97
- ext4: fix error handling in ext4_restore_inline_data()
  (bsc#1197757).
- commit ed0d1f6
- ext4: don't use the orphan list when migrating an inode
  (bsc#1197756).
- commit 2d21beb
- ext4: Fix BUG_ON in ext4_bread when write quota data
  (bsc#1197755).
- commit 0551e1a
- ext4: fix potential infinite loop in ext4_dx_readdir()
  (bsc#1191662).
- commit 26c80a3
- ext4: fix loff_t overflow in ext4_max_bitmap_size()
  (bsc#1202709).
- commit bb20240
- ext4: do not set SB_ACTIVE in ext4_orphan_cleanup()
  (bsc#1202708).
- commit 070ad26
- ext4: fix invalid inode checksum (bsc#1179723).
- commit e670453
- ext4: fix error handling code in add_new_gdb (bsc#1179722).
- commit 5b945e4
- blacklist.conf: Blacklist ext2 since we don't even compile it
- commit 8f69ba8
- xfs: prevent a UAF when log IO errors race with unmount
  (git-fixes).
- commit f7eb5c7
- xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
- commit f514fcd
- xfs: make xfs_rtalloc_query_range input parameters const
  (git-fixes).
- commit 0b84c2b
- xfs: only reset incore inode health state flags when reclaiming
  an inode (git-fixes).
- commit a9e17d5
- xfs: bunmapi has unnecessary AG lock ordering issues
  (git-fixes).
- commit a76eaaf
- xfs: mark a data structure sick if there are cross-referencing
  errors (git-fixes).
- commit b0269a0
- xfs: Fix assert failure in xfs_setattr_size() (git-fixes).
- commit 1433b65
- fuse: handle kABI change in struct sock (bsc#1194535
  CVE-2021-4203).
- commit 53bc420
- usb: dwc3: qcom: fix missing optional irq warnings.
- commit de0c0d4
- usb: dwc3: gadget: Remove FS bInterval_m1 limitation
  (git-fixes).
- commit fff57cf
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
  (bsc#1194535 CVE-2021-4203).
- commit 603bd9d
- powerpc/perf: Optimize clearing the pending PMI and remove
  WARN_ON for PMI check in power_pmu_disable (bsc#1156395).
- commit d72c6fd
- powerpc/xive: Fix refcount leak in xive_get_max_prio
  (fate#322438 git-fixess).
- commit 76798e0
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- commit 35df6ef
- powerpc: define get_cycles macro for arch-override
  (bsc#1065729).
- commit 39ee615
- blacklist.conf: Add c26d4c5d4f0d powerpc/kvm: Remove obsolete and unneeded select
- commit b069bcf
- blacklist.conf: Add 235cee162459 KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ handling
- commit a0b9b11
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- net_sched: cls_route: remove from list when handle is 0
  (CVE-2022-2588 bsc#1202096).
- commit b08a235
- KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
- KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB
  (bsc#1156395).
- KVM: PPC: Book3S HV: Use GLOBAL_TOC for
  kvmppc_h_set_dabr/xdabr() (bsc#1156395).
- commit b08465c
- blacklist.conf: duplicate
- commit 23a0769
- usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command
  (git-fixes).
- Refresh
  patches.suse/usb-dwc3-add-cancelled-reasons-for-dwc3-requests.patch.
- commit 86ac68c
- KVM: PPC: Book3S HV: Context tracking exit guest context before
  enabling irqs (bsc#1065729).
- commit b7e4839
- blacklist.conf: later reverted in upstream
- commit 31b3f5b
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- commit f3043dc
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- commit 1ba1d86
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
  ZDI-CAN-17325).
- commit 1b534db
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- commit 47070d3
- ext4: Fix check for block being out of directory size
  (bsc#1198577 CVE-2022-1184).
- commit e41d129
- ext4: make sure ext4_append() always allocates new block
  (bsc#1198577 CVE-2022-1184).
- commit 5c3a0a2
- ext4: check if directory block is within i_size (bsc#1198577
  CVE-2022-1184).
- commit d289dcd
- Refresh
  patches.suse/locking-lockdep-Avoid-potential-access-of-invalid-me.patch.
  Fix builds with CONFIG_LOCKDEP on.
- commit b4f11f2
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI
  (bsc#1200845).
- PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
  (bsc#1200845).
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
- PCI: hv: Fix multi-MSI to allow more than one MSI vector
  (bsc#1200845).
- PCI: hv: Make the code arch neutral by adding arch specific
  interfaces (bsc#1200845).
- commit 7ab7313
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- commit 18b6fb8
- ext4: unindent codeblock in ext4_xattr_block_set()
  (bsc#1198971).
- commit 948b7e8
- ext4: remove EA inode entry from mbcache on inode eviction
  (bsc#1198971).
- commit d96ae24
- mbcache: add functions to delete entry if unused (bsc#1198971).
- commit dc90bf2
- mbcache: don't reclaim used entries (bsc#1198971).
- commit 9b2430e
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference
  stale pointer (git-fixes).
- commit 267c700
- ARM: 9077/1: PLT: Move struct plt_entries definition to header
  (git-fixes).
- commit ece08bc
- ARM: 9078/1: Add warn suppress parameter to
  arm_gen_branch_link() (git-fixes).
- commit 3398bca
- ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without
  DYNAMIC_FTRACE (git-fixes).
- commit 1d2e217
- ARM: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes).
- commit 83b5d04
- blacklist.conf: rework and optimization ftrace commits, not bug fixes
- commit e11832c
- Update config files.
- commit 7f7a8ef
- Update config files (bsc#1201361 bsc#1192968 https://github.com/rear/rear/issues/2554).
  ppc64: NVRAM=y
- commit 5e8bf01
- Refresh
  patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch.
- Updated
  patches.suse/x86-speculation-change-fill_return_buffer-to-work-with-objtool.patch.
  Add missing objtool annotations from upstream commits and update the latter
  patch to fix bsc#1202396.
- commit 8f03705
- objtool: Add support for intra-function calls (bsc#1202396).
- commit eabf007
- objtool: Remove INSN_STACK (bsc#1202396).
- commit c48377d
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- commit ef33ad6
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- commit cd6e886
- objtool: Support multiple stack_op per instruction
  (bsc#1202396).
- Refresh
  patches.suse/objtool-allow-no-op-cfi-ops-in-alternatives.patch.
- Refresh
  patches.suse/objtool-fix-cfi-insn_state-propagation.patch.
- Refresh patches.suse/objtool-fix-orc-vs-alternatives.patch.
- Refresh patches.suse/objtool-rename-struct-cfi_state.patch.
- commit 5c735b5
- s390/ptrace: pass invalid syscall numbers to tracing
  (bsc#1192594 LTC#197522).
- commit ad9e50e
- lib: bitmap: provide devm_bitmap_alloc() and
  devm_bitmap_zalloc() (git-fixes).
- commit 2469dd3
- firmware: tegra: bpmp: Do only aligned access to IPC memory area
  (git-fixes).
- commit 99eaa98
- module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined
  symbols (git-fixes).
- commit 35509ca
- blacklist.conf: unneeded and kABI-breaking module loader commits
- commit 3ccf763
- mm: memcontrol: fix potential oom_lock recursion deadlock
  (bsc#1202447).
- commit bc21375
- blacklist.conf: Add 7b3c36fc4c23 ptrace: fix task_join_group_stop() for the case when current is traced
- commit 572eadd
- rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385)
  We do the move only on 15.5+.
- commit 9c7ade3
- rpm/kernel-binary.spec.in: simplify find for usrmerged
  The type test and print line are the same for both cases. The usrmerged
  case only ignores more, so refactor it to make it more obvious.
- commit 583c9be
- net: enetc: Use pci_release_region() to release some resources
  (git-fixes).
- PCI: qcom: Fix pipe clock imbalance (git-fixes).
- net: cpsw: add missing of_node_put() in cpsw_probe_dt()
  (git-fixes).
- net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
- net: enetc: report software timestamping via SO_TIMESTAMPING
  (git-fixes).
- net:enetc: allocate CBD ring data memory using DMA coherent
  methods (git-fixes).
- arm64: signal: nofpsimd: Do not allocate fp/simd context when
  not available (git-fixes).
- dpaa2-eth: unregister the netdev before disconnecting from
  the PHY (git-fixes).
- net: cpsw: Properly initialise struct page_pool_params
  (git-fixes).
- pinctrl/rockchip: fix gpio device creation (git-fixes).
- spi: Fix incorrect cs_setup delay handling (git-fixes).
- random: fix crash on multiple early calls to
  add_bootloader_randomness() (git-fixes).
- tee: optee: Fix incorrect page free bug (git-fixes).
- ipmi: ssif: initialize ssif_info->client early (git-fixes).
- serial: tegra: Change lower tolerance baud rate limit for
  tegra20 and tegra30 (git-fixes).
- net: mscc: ocelot: correctly report the timestamping RX filters
  in ethtool (git-fixes).
- net: mscc: ocelot: don't downgrade timestamping RX filters in
  SIOCSHWTSTAMP (git-fixes).
- net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory
  (git-fixes).
- coresight: cti: Correct the parameter for pm_runtime_put
  (git-fixes).
- net: enetc: unmap DMA in enetc_send_cmd() (git-fixes).
- enetc: Fix endianness issues for enetc_qos (git-fixes).
- commit b9e0ed7
- selftests: futex: Use variable MAKE instead of make (git-fixes).
- commit 7d8ce88
- locking/lockdep: Avoid potential access of invalid memory in
  lock_class (git-fixes).
- commit 6e699d5
- Update
  patches.suse/can-ems_usb-ems_usb_start_xmit-fix-double-dev_kfree_.patch
  (CVE-2022-28390 bsc#1198031).
- commit 9c17688
- Update
  patches.suse/can-mcba_usb-mcba_usb_start_xmit-fix-double-dev_kfre.patch
  (CVE-2022-28389 bsc#1198033).
- commit 1983a37
- net: ethernet: ezchip: fix error handling (git-fixes).
- commit 5d377ed
- net: ethernet: ezchip: remove redundant check (git-fixes).
- commit cb426d4
- net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).
- commit ed56f34
- blacklist.conf: v5.16-rc2-1-gd257cc8cb8d5 introduces a rwsem regression
- commit edee2a5
- net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes).
- commit f83edca
- net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes).
- commit d5e4943
- perf bench: Share some global variables to fix build with gcc 10
  (git-fixes).
- commit a397021
- net: moxa: Use devm_platform_get_and_ioremap_resource()
  (git-fixes).
- commit d13dcd2
- ehea: fix error return code in ehea_restart_qps() (git-fixes).
- commit f14e06e
- net: pch_gbe: Propagate error from devm_gpio_request_one()
  (git-fixes).
- commit 51f37b6
- net: ethernet: fix potential use-after-free in ec_bhf_remove
  (git-fixes).
- commit 7175e70
- net: fec_ptp: add clock rate zero check (git-fixes).
- commit 16317aa
- net: stmmac: disable clocks in stmmac_remove_config_dt()
  (git-fixes).
- commit 1bbbc9a
- net: stmmac: dwmac1000: Fix extended MAC address registers
  definition (git-fixes).
- commit c6d0ccf
- ice: report supported and advertised autoneg using PHY
  capabilities (git-fixes).
- commit 2243129
- ixgbevf: add correct exception tracing for XDP (git-fixes).
- commit b4db988
- net/mlx5e: Check for needed capability for cvlan matching
  (git-fixes).
- commit e46f646
- net: hns: Fix kernel-doc (git-fixes).
- commit 80f2716
- net: dsa: mt7530: fix VLAN traffic leaks (git-fixes).
- commit 99b3a0b
- net: lantiq: fix memory corruption in RX ring (git-fixes).
- commit 55781d8
- net: fec: fix the potential memory leak in fec_enet_init()
  (git-fixes).
- commit 43431b4
- net: netcp: Fix an error message (git-fixes).
- commit 0432102
- qlcnic: Add null check after calling netdev_alloc_skb
  (git-fixes).
- commit 9764dcc
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
  (git-fixes).
- commit ca3de9d
- Revert "/niu: fix missing checks of niu_pci_eeprom_read"/
  (git-fixes).
- commit c1a547c
- net: stmicro: handle clk_prepare() failure during init
  (git-fixes).
- commit 1249947
- Revert "/net: stmicro: fix a missing check of clk_prepare"/
  (git-fixes).
- commit c8483b4
- Revert "/net: fujitsu: fix a potential NULL pointer dereference"/
  (git-fixes).
- commit 35e4846
- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
  (git-fixes).
- commit 11b1f00
- net: davinci_emac: Fix incorrect masking of tx and rx error
  channel (git-fixes).
- commit cef2ac2
- blacklist.conf: update blacklist
- commit e0f7a96
- blacklist.conf: Add 59b18a1e65b7 x86/msi: Fix msi message data shadow struct
- commit b422277
- ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes).
- commit 090b87e
- ALSA: hda/realtek: Fix deadlock by COEF mutex (git-fixes).
- ALSA: hda: realtek: Fix race at concurrent COEF updates
  (git-fixes).
- commit 5b77923
- ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes).
- ALSA: hda/realtek: Add quirk for TongFang devices with pop noise
  (git-fixes).
- ALSA: hda/realtek: Add quirk for the Framework Laptop
  (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes).
- commit 8286b1b
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for
  HP machines (git-fixes).
- Refresh
  patches.suse/ALSA-hda-realtek-Add-quirk-for-HP-Dev-One.patch.
- Refresh
  patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-HP-machin.patch.
- commit 3b1083d
- NTB: ntb_tool: uninitialized heap data in tool_fn_write()
  (git-fixes).
- ALSA: bcd2000: Fix a UAF bug on the error path of probing
  (git-fixes).
- commit e17531e
- ALSA: hda/realtek: fix mute/micmute LEDs for HP machines
  (git-fixes).
- commit 6646862
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx
  (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
  (git-fixes).
- ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes).
- commit 4dbfddf
- ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes).
- commit 99b2a82
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED
  (git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SF313-51
  (git-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop
  (git-fixes).
- commit a6cb05c
- ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes).
- ALSA: usb-audio: More comprehensive mixer map for ASUS ROG
  Zenith II (git-fixes).
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
  (git-fixes).
- ALSA: hda/realtek: Add quirk for another Asus K42JZ model
  (git-fixes).
- drm/gem: Properly annotate WW context on
  drm_gem_lock_reservations() error (git-fixes).
- commit fc95967
- xfrm: xfrm_policy: fix a possible double xfrm_pols_put()
  in xfrm_bundle_lookup() (CVE-2022-36879 bsc#1201948).
- commit 97b83f0
- devlink: Fix use-after-free after a failed reload (git-fixes).
- vsock: Set socket state back to SS_UNCONNECTED in
  vsock_connect_timeout() (git-fixes).
- vsock: Fix memory leak in vsock_connect() (git-fixes).
- can: ems_usb: fix clang's -Wunaligned-access warning
  (git-fixes).
- geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
- geneve: fix TOS inheriting for ipv4 (git-fixes).
- Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
  (git-fixes).
- atm: idt77252: fix use-after-free bugs caused by tst_timer
  (git-fixes).
- virtio_net: fix memory leak inside XPD_TX with mergeable
  (git-fixes).
- ACPI: property: Return type of acpi_add_nondev_subnodes()
  should be bool (git-fixes).
- pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
  (git-fixes).
- pinctrl: nomadik: Fix refcount leak in
  nmk_pinctrl_dt_subnode_to_map (git-fixes).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).
- Revert "/scripts/mod/modpost.c: permit '.cranges' secton for
  sh64 architecture."/ (git-fixes).
- ACPI: video: Force backlight native for some TongFang devices
  (git-fixes).
- thermal: Fix NULL pointer dereferences in of_thermal_ functions
  (git-fixes).
- commit 4ff3e1b
- blacklist.conf: Add 5f89468e2f06 swiotlb: manipulate orig_addr when tlb_addr has offset
- commit a6010ca
- iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes).
- commit f1b6523
- iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
- commit c36c19c
- iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
- commit 34bbfc0
- iommu/exynos: Handle failed IOMMU device registration properly
  (git-fixes).
- vfio/ccw: Remove UUID from s390 debug log (git-fixes).
- iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
- iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
- iommu/msm: Fix an incorrect NULL check on list iterator
  (git-fixes).
- iommu/omap: Fix regression in probe for NULL pointer dereference
  (git-fixes).
- iommu/iova: Improve 32-bit free space estimate (git-fixes).
- iommu/ipmmu-vmsa: Check for error num after setting mask
  (git-fixes).
- commit 040a9c6
- blacklist.conf: add various fixes
- commit 73738d1
- net/packet: fix slab-out-of-bounds access in packet_recvmsg()
  (CVE-2022-20368 bsc#1202346).
- commit e8bbbca
- media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers
  across ioctls (bsc#1202347 CVE-2022-20369).
- commit 36d8575
- iommu/vt-d: avoid invalid memory access via
  node_online(NUMA_NO_NODE) (git-fixes).
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking
  out of loop (git-fixes).
- commit c88bace
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862
  git-fixes).
- commit d5191b9
- mm: proc: smaps_rollup: do not stall write attempts on mmap_lock
  (bsc#1201990).
- mm: smaps*: extend smap_gather_stats to support specified
  beginning (bsc#1201990).
- mmap locking API: add mmap_lock_is_contended() (bsc#1201990).
- commit 7944adf
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- NFSD: Fix possible sleep during nfsd4_release_lockowner()
  (git-fixes).
- NFSD: prevent integer overflow on 32 bit systems (git-fixes).
- NFSD: prevent underflow in nfssvc_decode_writeargs()
  (git-fixes).
- NFSD: Clamp WRITE offsets (git-fixes).
- nfsd: fix use-after-free due to delegation race (git-fixes).
- SUNRPC: Prevent immediate close+reconnect (git-fixes).
- SUNRPC: Clean up scheduling of autoclose (git-fixes).
- NFSv4: Fix second deadlock in nfs4_evict_inode() (git-fixes).
- NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP
  on error (git-fixes).
- xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes).
- NFSD: Add missing NFSv2 .pc_func methods (git-fixes).
- silence nfscache allocation warnings with kvzalloc (git-fixes).
- NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID
  flag (git-fixes).
- NFS: fix nfs_path in case of a rename retry (git-fixes).
- SUNRPC reverting d03727b248d0 ("/NFSv4 fix CLOSE not waiting
  for direct IO compeletion"/) (git-fixes).
- commit a827eeb
- md/bitmap: don't set sb values if can't pass sanity check
  (bsc#1197158).
- commit 3927074
- kabi/severities: add stmmac driver local sumbols
- commit 31f077f
- net: lapbether: Prevent racing when checking whether the netif
  is running (git-fixes).
- commit 9af3eff
- octeontx2-af: fix infinite loop in unmapping NPC counter
  (git-fixes).
- commit c88fc73
- net: mvpp2: fix interrupt mask/unmask skip condition
  (git-fixes).
- commit 3584e08
- net: hdlc_x25: Return meaningful error code in x25_open
  (git-fixes).
- commit 212e2be
- Update metadata references
- commit b372491
- net: dsa: b53: fix an off by one in checking "/vlan->vid"/
  (git-fixes).
- commit ea4caa5
- can: m_can: process interrupt only when not runtime suspended
  (git-fixes).
- commit bd4c919
- VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
- VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635).
- VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635).
- VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635).
- VMCI: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635).
- commit 834df98
- remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config
  (git-fixes).
- remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
- watchdog: armada_37xx_wdt: check the return value of
  devm_ioremap() in armada_37xx_wdt_probe() (git-fixes).
- tools/thermal: Fix possible path truncations (git-fixes).
- thermal: sysfs: Fix cooling_device_stats_setup() error code path
  (git-fixes).
- serial: 8250_dw: Store LSR into lsr_saved_flags in
  dw8250_tx_wait_empty() (git-fixes).
- x86/olpc: fix 'logical not is only applied to the left hand
  side' (git-fixes).
- kfifo: fix kfifo_to_user() return type (git-fixes).
- profiling: fix shift too large makes kernel panic (git-fixes).
- video: fbdev: s3fb: Check the size of screen before memset_io()
  (git-fixes).
- video: fbdev: arkfb: Check the size of screen before memset_io()
  (git-fixes).
- video: fbdev: vt8623fb: Check the size of screen before
  memset_io() (git-fixes).
- video: fbdev: arkfb: Fix a divide-by-zero bug in
  ark_set_pixclock() (git-fixes).
- video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
- video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using
  giveback (git-fixes).
- kfifo: fix ternary sign extension bugs (git-fixes).
- commit c5d77c5
- x86/speculation: Add LFENCE to RSB fill sequence (bsc#1201726
  CVE-2022-26373).
- commit abba98d
- x86/speculation: Add RSB VM Exit protections (bsc#1201726
  CVE-2022-26373).
- commit 061bcfd
- x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
  (bsc#1201726 CVE-2022-26373).
- commit 16768aa
- acpi: Disable APEI error injection if the kernel is locked down
  (bsc#1023051, CVE-2016-3695).
- commit 80750a7
- net: ftgmac100: Fix crash when removing driver (git-fixes).
- commit 6458cfa
- net: stmmac: Modify configuration method of EEE timers
  (git-fixes).
- commit b6da91b
- net: stmmac: Use resolved link config in mac_link_up()
  (git-fixes).
- commit 4dba15f
- net/sonic: Fix a resource leak in an error handling path in
  'jazz_sonic_probe()' (git-fixes).
- commit 8d37be1
- blacklist.conf: update blacklist
- commit 51d7b18
- powerpc: powernv: kABI: add back powernv_get_random_long
  (bsc#1065729).
- commit f61a28c
- KVM: PPC: Use arch_get_random_seed_long instead of powernv
  variant (bsc#1156395).
- commit 3e6dc98
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_
  (bsc#1065729).
- powerpc/powernv: delay rng platform device creation until
  later in boot (bsc#1065729).
- commit 74ae44c
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9
  (bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- commit a69b0d7
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- Refresh patches.suse/powerpc-64s-rename-pnv-pseries_setup_rfi_flush-to-_s.patch
- powerpc/powernv: Staticify functions without prototypes
  (bsc#1065729).
- commit 98a575d
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442)
- commit ec6a677
- blacklist.conf: update blacklist
- commit 63fa2f9
- blacklist.conf: update blacklist
- commit cc1d04f
- mmc: cavium-thunderx: Add of_node_put() when breaking out of
  loop (git-fixes).
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop
  (git-fixes).
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
  (git-fixes).
- memstick/ms_block: Fix a memory leak (git-fixes).
- memstick/ms_block: Fix some incorrect memory allocation
  (git-fixes).
- mmc: sdhci-of-esdhc: Fix refcount leak in
  esdhc_signal_voltage_switch (git-fixes).
- PCI: tegra194: Fix link up retry sequence (git-fixes).
- PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep()
  (git-fixes).
- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses
  (git-fixes).
- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks
  (git-fixes).
- PCI: dwc: Always enable CDM check if "/snps,enable-cdm-check"/
  exists (git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors
  (git-fixes).
- PCI: dwc: Disable outbound windows only for controllers using
  iATU (git-fixes).
- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu()
  (git-fixes).
- PCI: dwc: Stop link on host_init errors and de-initialization
  (git-fixes).
- PCI/portdrv: Don't disable AER reporting in
  get_port_device_capability() (git-fixes).
- platform/olpc: Fix uninitialized data in debugfs write
  (git-fixes).
- USB: Follow-up to SPDX identifiers addition - remove now
  useless comments (git-fixes).
- staging: rtl8192u: Fix sleep in atomic context bug in
  dm_fsync_timer_callback (git-fixes).
- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command
  completion (git-fixes).
- USB: serial: fix tty-port initialized comments (git-fixes).
- usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
- usb: host: xhci: use snprintf() in xhci_decode_trb()
  (git-fixes).
- usb: xhci: tegra: Fix error check (git-fixes).
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
  (git-fixes).
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
  (git-fixes).
- iio: light: isl29028: Fix the warning in isl29028_remove()
  (git-fixes).
- soundwire: bus_type: fix remove and shutdown support
  (git-fixes).
- iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s1200: Fix alignment for DMA safety
  (git-fixes).
- iio: proximity: as3935: Fix alignment for DMA safety
  (git-fixes).
- intel_th: msu: Fix vmalloced buffers (git-fixes).
- intel_th: msu-sink: Potential dereference of null pointer
  (git-fixes).
- intel_th: Fix a resource leak in an error handling path
  (git-fixes).
- misc: rtsx: Fix an error handling path in rtsx_pci_probe()
  (git-fixes).
- commit 2bc728a
- iio: potentiometer: mcp4131: Fix alignment for DMA safety
  (git-fixes).
- iio: potentiometer: mcp41010: Fix alignment for DMA safety
  (git-fixes).
- iio: potentiometer: max5481: Fix alignment for DMA safety
  (git-fixes).
- iio: potentiometer: ad5272: Fix alignment for DMA safety
  (git-fixes).
- iio: gyro: fxas210002c: Fix alignment for DMA safety
  (git-fixes).
- iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4371: Fix alignment for DMA safety
  (git-fixes).
- iio: frequency: adf4350: Fix alignment for DMA safety
  (git-fixes).
- iio: frequency: ad9523: Fix alignment for DMA safety
  (git-fixes).
- iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac082s085: Fix alignment for DMA safety
  (git-fixes).
- iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
- iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
- commit 7981ef6
- clk: qcom: camcc-sdm845: Fix topology around titan_top power
  domain (git-fixes).
- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
  (git-fixes).
- clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock
  (git-fixes).
- clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
- clk: qcom: clk-krait: unlock spin after mux completion
  (git-fixes).
- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
  (git-fixes).
- HID: cp2112: prevent a buffer overflow in cp2112_xfer()
  (git-fixes).
- driver core: fix potential deadlock in __driver_attach
  (git-fixes).
- iio: amplifiers: ad8366: Fix alignment for DMA safety
  (git-fixes).
- iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads124s08: Fix alignment for DMA safety
  (git-fixes).
- iio: adc: ti-adc161s626: Fix alignment for DMA safety
  (git-fixes).
- iio: adc: ti-adc128s052: Fix alignment for DMA safety
  (git-fixes).
- iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc084s021: Fix alignment for DMA safety
  (git-fixes).
- iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
- iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
- iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
- iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
- iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently
  large (git-fixes).
- fpga: altera-pr-ip: fix unsigned comparison with less than zero
  (git-fixes).
- commit 9bda156
- openvswitch: fix OOB access in reserve_sfa_size() (CVE-2022-2639
  bsc#1202154).
- commit bfc6551
- blacklist.conf: update blacklist
- commit 847721e
- virtio-gpu: fix a missing check to avoid NULL dereference
  (git-fixes).
- media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
- media: tw686x: Register the irq at the end of probe (git-fixes).
- wifi: wil6210: debugfs: fix uninitialized variable use in
  `wil_write_file_wmi()` (git-fixes).
- wifi: libertas: Fix possible refcount leak in if_usb_probe()
  (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at
  iwl_mvm_mac_wake_tx_queue (git-fixes).
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
  (git-fixes).
- wifi: p54: add missing parentheses in p54_flush() (git-fixes).
- wifi: p54: Fix an error handling path in p54spi_probe()
  (git-fixes).
- mediatek: mt76: mac80211: Fix missing of_node_put() in
  mt76_led_init() (git-fixes).
- mt76: mt76x02u: fix possible memory leak in
  __mt76x02u_mcu_send_msg (git-fixes).
- can: pch_can: pch_can_error(): initialize errc before using it
  (git-fixes).
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in
  il4965_rs_fill_link_cmd() (git-fixes).
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
  (git-fixes).
- thermal/tools/tmon: Include pthread and time headers in tmon.h
  (git-fixes).
- regulator: of: Fix refcount leak bug in
  of_get_regulation_constraints() (git-fixes).
- soc: fsl: guts: machine variable might be unset (git-fixes).
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
  (git-fixes).
- virtio-net: fix the race between refill work and close
  (git-fixes).
- mt7601u: add USB device ID for some versions of XiaoDu WiFi
  Dongle (git-fixes).
- commit 347666b
- drm/amd/display: Enable building new display engine with KCOV
  enabled (git-fixes).
- drm/exynos/exynos7_drm_decon: free resources when
  clk_set_parent() failed (git-fixes).
- drm/msm/mdp5: Fix global state lock backoff (git-fixes).
- drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform
  (git-fixes).
- drm/mediatek: dpi: Only enable dpi after the bridge is enabled
  (git-fixes).
- drm/mediatek: dpi: Remove output format of YUV (git-fixes).
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff
  function (git-fixes).
- drm: bridge: sii8620: fix possible off-by-one (git-fixes).
- drm/rockchip: Fix an error handling path rockchip_dp_probe()
  (git-fixes).
- drm/rockchip: vop: Don't crash for invalid duplicate_state()
  (git-fixes).
- drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
- drm/radeon: fix potential buffer overflow in
  ni_set_mc_special_registers() (git-fixes).
- drm/vc4: hdmi: Correct HDMI timing registers for interlaced
  modes (git-fixes).
- drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
- drm/vc4: dsi: Add correct stop condition to
  vc4_dsi_encoder_disable iteration (git-fixes).
- drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
- drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
- drm/vc4: plane: Fix margin calculations for the right/bottom
  edges (git-fixes).
- drm/vc4: plane: Remove subpixel positioning check (git-fixes).
- drm/doc: Fix comment typo (git-fixes).
- drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register
  (git-fixes).
- drm: adv7511: override i2c address of cec before accessing it
  (git-fixes).
- drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
- drm/st7735r: Fix module autoloading for Okaya RH128128T
  (git-fixes).
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop
  (git-fixes).
- i2c: cadence: Support PEC for SMBus block read (git-fixes).
- i2c: Fix a potential use after free (git-fixes).
- commit cce0615
- drm/bridge: tc358767: Make sure Refclk clock are enabled
  (git-fixes).
- Bluetooth: hci_intel: Add check for platform_driver_register
  (git-fixes).
- can: error: specify the values of data[5..7] of CAN error frames
  (git-fixes).
- can: usb_8dev: do not report txerr and rxerr during bus-off
  (git-fixes).
- can: kvaser_usb_leaf: do not report txerr and rxerr during
  bus-off (git-fixes).
- can: kvaser_usb_hydra: do not report txerr and rxerr during
  bus-off (git-fixes).
- can: sun4i_can: do not report txerr and rxerr during bus-off
  (git-fixes).
- can: hi311x: do not report txerr and rxerr during bus-off
  (git-fixes).
- can: sja1000: do not report txerr and rxerr during bus-off
  (git-fixes).
- can: rcar_can: do not report txerr and rxerr during bus-off
  (git-fixes).
- can: pch_can: do not report txerr and rxerr during bus-off
  (git-fixes).
- ath10k: do not enforce interrupt trigger type (git-fixes).
- can: Break loopback loop on loopback documentation (git-fixes).
- ACPI: video: Shortening quirk list by identifying Clevo by
  board_name only (git-fixes).
- ACPI: APEI: Better fix to avoid spamming the console with old
  error logs (git-fixes).
- bus: hisi_lpc: fix missing platform_device_put() in
  hisi_lpc_acpi_probe() (git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future
  (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
  (git-fixes).
- ath10k: Fix error handling in ath10k_setup_msa_resources
  (git-fixes).
- commit 6ee2d65
- ipv4: avoid using shared IP generator for connected sockets
  (CVE-2020-36516 bsc#1196616).
- ipv4: tcp: send zero IPID in SYNACK messages (CVE-2020-36516
  bsc#1196616).
- commit 6c53c05
- blacklist.conf: add "/sched: Reenable interrupts in do_sched_yield()"/
  This patch caused unexplained regressions and it's not fixing any
  important issue.
- commit 7b4ecae
- Revert "/Refresh patches.suse/random-fix-crash-on-multiple-early-calls..."/ (bsc#1201645)
  This reverts commit f01d1a85f6c5334e324db629b3d43a8be5461b46.
- commit ef555c8
- media: smipcie: fix interrupt handling and IR timeout
  (git-fixes).
- commit 72251a4
- sched/fair: Revise comment about lb decision matrix (git fixes
  (sched/fair)).
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation
  (git fixes (kernel/time)).
- random: remove useless header comment (git fixes).
- profiling: fix shift-out-of-bounds bugs (git fixes).
- sched/membarrier: fix missing local execution of
  ipi_sync_rq_state() (git fixes (sched/membarrier)).
- mm: fix page reference leak in soft_offline_page() (git fixes
  (mm/memory-failure)).
- commit b0029fe
- blacklist.conf: xtensa not used
- commit c7e553d
- blacklist.conf: UML not used
- commit d38c3c3
- blacklist.conf: Cosmetic patch
- commit 137482b
- blacklist.conf: GCC-12 not used
- commit b35581e
- blacklist.conf: KASAN not configured
- commit ddca4d2
- blacklist.conf: Clang not used for build
- commit f6cb05a
- blacklist.conf: KASAN not configured
- commit db5c6ef
- blacklist.conf: 6ffbb45826f5d9ae09aa60cd88594b7816c96190
- commit ae569d4
- blacklist.conf: Build time micro-optimisation
- commit 091232d
- blacklist.conf: Build time micro-optimisation
- commit 06fea81
- blacklist.conf: Build time micro-optimisation
- commit c5a48f8
- blacklist.conf: Build fix that assumes bash does not exist
- commit a35739b
- blacklist.conf: Comment fix only
- commit 1f940f0
- blacklist.conf: Fixes pointing to misleading commit
- commit b94c0dc
- blacklist.conf: Patch has a number of high risk dependencies
- commit 58c61ac
- Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- commit 9816878
- media: rtl28xxu: add missing sleep before probing slave demod
  (git-fixes).
- commit ac926ca
- media: usb: dvb-usb-v2: rtl28xxu: convert to use
  i2c_new_client_device() (git-fixes).
- commit 47f6029
- media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T
  dongle (git-fixes).
- commit cf3cc2d
- media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes).
- commit 27a23c1
- media: rc: increase rc-mm tolerance and add debug message
  (git-fixes).
- commit 532733e
- media: v4l2-mem2mem: always consider OUTPUT queue during poll
  (git-fixes).
- commit 981dce5
- media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll()
  (git-fixes).
- commit 691e7d8
- PM: runtime: Remove link state checks in rpm_get/put_supplier()
  (git-fixes).
- commit 2786445
- usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes).
- Refresh
  patches.suse/Revert-usb-dwc3-gadget-Use-list_replace_init-before-.patch.
- Refresh
  patches.suse/usb-dwc3-gadget-Use-list_replace_init-before-travers.patch.
- commit de6720f
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit bafbca0
- sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
- commit a77b059
- KVM: x86: Update vCPU's hv_clock before back to guest when
  tsc_offset is adjusted (git-fixes).
- commit 143ba5a
- Updated commit IDs from a rebased upstream branch:
- patches.suse/powerpc-pseries-mobility-set-NMI-watchdog-factor-dur.patch.
- patches.suse/powerpc-watchdog-introduce-a-NMI-watchdog-s-factor.patch.
- patches.suse/watchdog-export-lockup_detector_reconfigure.patch.
- commit a3cdcd5
- KVM: x86: Fix split-irqchip vs interrupt injection window
  request (git-fixes).
- commit 69e8da6
- KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint
  (git-fixes).
- commit 156ec3b
- net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).
- commit 2fe0bb0
- net: usb: use eth_hw_addr_set() (git-fixes).
- commit cd08705
- KVM: VMX: Don't freeze guest when event delivery causes an
  APIC-access exit (git-fixes).
- commit 13e27e5
- net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes).
- commit 5a414a0
- net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes).
- commit 65c08ec
- net: usb: ax88179_178a: remove redundant assignment to variable
  ret (git-fixes).
- commit 75d1e2c
- ax88179_178a: add ethtool_op_get_ts_info() (git-fixes).
- commit 8bcd286
- net: usb: ax88179_178a: write mac to hardware in get_mac_addr
  (git-fixes).
- commit 18afbc0
- KVM: VMX: Add non-canonical check on writes to RTIT address MSRs
  (git-fixes).
- commit ad2b012
- lkdtm: Disable return thunks in rodata.c (bsc#1178134).
- commit 564965b
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).
- commit 8fc5407
- netfilter: nf_queue: do not allow packet truncation below
  transport header offset (bsc#1201940 CVE-2022-36946).
- commit f4f33cd
- kvm/emulate: Fix SETcc emulation function offsets with SLS
  (bsc#1201930).
- commit 0a6851d
- nvme: consider also host_iface when checking ip options
  (bsc#1199670).
- commit edd56ec
- drivers/net: Fix kABI in tun.c (git-fixes).
- commit 3adafd5
- FDDI: defxx: Make MMIO the configuration default except for EISA
  (git-fixes).
- commit 49c7c8d
- FDDI: defxx: Bail out gracefully with unassigned PCI resource
  for CSR (git-fixes).
- commit 87b1bf0
- net: tun: set tun->dev->addr_len during TUNSETLINK processing
  (git-fixes).
- commit 11d0ba1
- net: macb: restore cmp registers on resume path (git-fixes).
- commit 73e4cc3
- drivers: net: fix memory leak in peak_usb_create_dev
  (git-fixes).
- commit bf7b83d
- drivers: net: fix memory leak in atusb_probe (git-fixes).
- commit 1811ff5
- amd-xgbe: Update DMA coherency values (git-fixes).
- commit 58be63e
- net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII
  clock (git-fixes).
- commit 5683f5d
- net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes
  (git-fixes).
- commit a1e8450
- ftgmac100: Restart MAC HW once (git-fixes).
- commit 9b2ea44
- net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port
  (git-fixes).
- commit 74dff8e
- net/mlx5e: When changing XDP program without reset, take refs
  for XSK RQs (git-fixes).
- commit 4584eb8
- net: lapbether: Remove netif_start_queue / netif_stop_queue
  (git-fixes).
- commit 9195d10
- net: stmmac: fix incorrect DMA channel intr enable setting of
  EQoS v4.10 (git-fixes).
- commit 3eac36a
- net: enetc: keep RX ring consumer index in sync with hardware
  (git-fixes).
- commit 5b9c123
- net: enetc: fix incorrect TPID when receiving 802.1ad tagged
  packets (git-fixes).
- commit d2c7696
- net: hns3: fix error mask definition of flow director
  (git-fixes).
- commit e86b116
- blacklist.conf: update blacklist
- commit 545a342
- scsi: lpfc: Copyright updates for 14.2.0.5 patches
  (bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into
  lpfc_sli_prep_abort_xri() (bsc#1201956).
- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved
  configuration (bsc#1201956).
- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test
  (bsc#1201956 bsc#1200521).
- scsi: lpfc: Fix attempted FA-PWWN usage after feature disable
  (bsc#1201956).
- scsi: lpfc: Fix possible memory leak when failing to issue
  CMF WQE (bsc#1201956).
- scsi: lpfc: Remove extra atomic_inc on cmd_pending in
  queuecommand after VMID (bsc#1201956).
- scsi: lpfc: Set PU field when providing D_ID in
  XMIT_ELS_RSP64_CX iocb (bsc#1201956).
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with
  malformed user input (bsc#1201956).
- scsi: lpfc: Fix uninitialized cqe field in
  lpfc_nvme_cancel_iocb() (bsc#1201956).
- commit 6e7b732
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology
  (bsc#1201958).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
- scsi: qla2xxx: Fix response queue handler reading stale packets
  (bsc#1201958).
- scsi: qla2xxx: Zero undefined mailbox IN registers
  (bsc#1201958).
- scsi: qla2xxx: Fix incorrect display of max frame size
  (bsc#1201958).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()
  (bsc#1201958).
- commit d5c3642
- Drop qla2xxx patch which prevented nvme port discovery
  (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958)
  Upstream fixed the problem by reverting the offending commit.
  Delete:
  - patches.suse/scsi-qla2xxx-Fix-disk-failure-to-rediscover.patch.
- commit 1cb16fb
- hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
- hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).
- hv_netvsc: Fix validation in netvsc_linkstatus_callback()
  (bsc#1199364).
- net, xdp: Introduce xdp_build_skb_from_frame utility routine
  (bsc#1199364).
- net, xdp: Introduce __xdp_build_skb_from_frame utility routine
  (bsc#1199364).
- hv_netvsc: Copy packets sent by Hyper-V out of the receive
  buffer (bsc#1199364).
- hv_netvsc: Add (more) validation for untrusted Hyper-V values
  (bsc#1199364).
- bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb
  signature (bsc#1199364).
- commit cffae99
- KVM: emulate: do not adjust size of fastop and setcc subroutines
  (bsc#1201930).
- commit 317f350
- Refresh
  patches.suse/x86-prepare-asm-files-for-straight-line-speculation.patch.
- commit c513474
- Update
  patches.suse/netfilter-nf_tables-disallow-non-stateful-expression.patch
  references (add CVE-2022-32250).
- commit 8871b3f
- net/sched: cls_u32: fix netns refcount changes in u32_change()
  (CVE-2022-29581 bsc#1199665).
- commit e1d6992
- random: fix typo in comments (git-fixes).
- commit 49bfcbe
- blacklist.conf: a cleanup that breaks kABI
- commit f8d13cb
- random: document add_hwgenerator_randomness() with other input
  functions (git-fixes).
- commit 9a03f2f
- drbd: fix potential silent data corruption (git-fixes).
- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code'
  explicit (git-fixes).
- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
  (git-fixes).
- linux/random.h: Use false with bool (git-fixes).
- linux/random.h: Remove arch_has_random, arch_has_random_seed
  (git-fixes).
- commit a9f5081
- kABI workaround for including mm.h in fs/sysfs/file.c
  (bsc#1200598 cve-2022-20166).
- commit 29d7d8a
- net: stmmac: fix watchdog timeout during suspend/resume stress
  test (git-fixes).
- commit b651717
- net: stmmac: stop each tx channel independently (git-fixes).
- commit 3ba5a53
- net: stmmac: fix CBS idleslope and sendslope calculation
  (git-fixes).
- commit e0b11c6
- net: ag71xx: remove unnecessary MTU reservation (git-fixes).
- commit 6020ebf
- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE
  SFP (git-fixes).
- commit 858de54
- net: amd-xgbe: Reset link when the link never comes back
  (git-fixes).
- commit 75c3dff
- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout
  warning (git-fixes).
- commit 2d480f1
- net: amd-xgbe: Reset the PHY rx data path when mailbox command
  timeout (git-fixes).
- commit 5734e3e
- net: axienet: Handle deferred probe on clock properly
  (git-fixes).
- commit c2493d6
- net: mvneta: Remove per-cpu queue mapping for Armada 3700
  (git-fixes).
- commit 421a813
- igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes).
- commit f6ff8de
- macvlan: remove redundant null check on data (git-fixes).
- commit 37296a9
- net: dsa: bcm_sf2: put device node before return (git-fixes).
- commit d83cfd7
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM
  (bsc#1201846 ltc#198761).
- powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846
  ltc#198761).
- watchdog: export lockup_detector_reconfigure (bsc#1201846
  ltc#198761).
- powerpc/mobility: wait for memory transfer to complete
  (bsc#1201846 ltc#198761).
- commit 4aa9f78
- net: macb: unprepare clocks in case of failure (git-fixes).
- commit 9b3aefc
- net: macb: add function to disable all macb clocks (git-fixes).
- commit e67caf5
- net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes).
- commit 2629e74
- octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes).
- commit 12700d6
- net/sonic: Fix some resource leaks in error handling paths (git-fixes).
- commit 823b92f
- net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes).
- commit 3311dc2
- net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes).
- commit 0e7bc32
- net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown
  (git-fixes).
- commit 0b9accc
- cxgb4: Fix the -Wmisleading-indentation warning (git-fixes).
- commit 96affe9
- net: ll_temac: Fix potential NULL dereference in temac_probe()
  (git-fixes).
- commit 9f3a68c
- net: stmmac: dwmac1000: provide multicast filter fallback
  (git-fixes).
- commit 173655e
- net: ll_temac: Use devm_platform_ioremap_resource_byname()
  (git-fixes).
- commit bd77f60
- net: mscc: Fix OF_MDIO config check (git-fixes).
- commit 6a2a9df
- blacklist.conf: update blacklist
- commit 5495889
- blacklist.conf: update blacklist
- commit ccb0438
- i2c: cadence: Change large transfer count reset logic to be
  unconditional (git-fixes).
- gpio: pca953x: use the correct register address when regcache
  sync during init (git-fixes).
- gpio: pca953x: use the correct range when do regmap sync
  (git-fixes).
- gpio: pca953x: only use single read/write for No AI mode
  (git-fixes).
- commit 20d420c
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- serial: 8250: fix return error code in
  serial8250_request_std_resource() (git-fixes).
- wifi: mac80211: fix queue selection for mesh/OCB interfaces
  (git-fixes).
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
  (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
  with alc221 (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
  with alc671 (git-fixes).
- ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3
  model (git-fixes).
- ASoC: madera: Fix event generation for rate controls
  (git-fixes).
- ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
- ASoC: cs47l15: Fix event generation for low power mux control
  (git-fixes).
- ASoC: wm5110: Fix DRE control (git-fixes).
- ASoC: ops: Fix off by one in range control validation
  (git-fixes).
- soc: ixp4xx/npe: Fix unused match warning (git-fixes).
- NFC: nxp-nci: don't print header length mismatch on i2c error
  (git-fixes).
- platform/x86: hp-wmi: Ignore Sanitization Mode event
  (git-fixes).
- virtio_mmio: Restore guest page size on resume (git-fixes).
- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
- commit 7b686cc
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- cgroup: Use separate src/dst nodes when preloading css_sets
  for migration (bsc#1201610).
- commit fecc544
-  Fix 1201644, 1201664, 1201672, 1201673, 1201676
  All are reports of the same problem - the IBRS_* regs push/popping was
  wrong but it needs
  1b331eeea7b8 ("/x86/entry: Remove skip_r11rcx"/)
  too.
- commit cc90276
- Update patches.suse/vt-vt_ioctl-fix-race-in-VT_RESIZEX.patch
  (git-fixes bsc#1200910 CVE-2020-36558).
  Add references.
- commit d84e9d7
- Update
  patches.suse/vt-vt_ioctl-fix-VT_DISALLOCATE-freeing-in-use-virtua.patch
  (git-fixes bsc#1201429 CVE-2020-36557).
  Add references.
- commit 76ab189
- lockdown: Fix kexec lockdown bypass with ima policy
  (CVE-2022-21505 bsc#1201458).
- commit 5806b46
- arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes)
- commit b51a741
- Refresh
  patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch.
- commit 9493568
- Fix 1201644, 1201664, 1201672, 1201673, 1201676
  All are reports of the same problem - the IBRS_* regs push/popping was
  wrong but it needs
  1b331eeea7b8 ("/x86/entry: Remove skip_r11rcx"/)
  too.
- commit 7226005
- x86/entry: Remove skip_r11rcx (bsc#1201644).
- Refresh
  patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- commit b81e242
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- commit e2263d4
- blacklist.conf: updated blacklist for new issue
- commit 93feb45
- mm: and drivers core: Convert hugetlb_report_node_meminfo to
  sysfs_emit (bsc#1200598 cve-2022-20166).
- commit 6f05f26
- drivers core: Miscellaneous changes for sysfs_emit (bsc#1200598
  cve-2022-20166).
- commit 6ff7ebb
- drivers core: Remove strcat uses around sysfs_emit and neaten
  (bsc#1200598 cve-2022-20166).
- commit 4cafd1f
- vt: drop old FONT ioctls (bsc#1201636 CVE-2021-33656).
- commit bcf7213
- drivers core: Use sysfs_emit and sysfs_emit_at for show(device
  * ...) functions (bsc#1200598 cve-2022-20166).
- commit 747b6a7
- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
  (bsc#1200598 cve-2022-20166).
- commit 4aaf7f0
- fbmem: Check virtual screen sizes in fb_set_var()
  (CVE-2021-33655 bsc#1201635).
- fbcon: Prevent that screen size is smaller than font size
  (CVE-2021-33655 bsc#1201635).
- fbcon: Disallow setting font bigger than screen size
  (CVE-2021-33655 bsc#1201635).
- commit a7693d8
- Delete patches.suse/hwmon-Make-chip-parameter-for-with_info-API-mandator.patch (bsc#1201206)
  The patch seems causing a regression on Mac.
- commit f885f68
- arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA (git-fixes)
- commit 036b703
- arm64: stackleak: fix current_top_of_stack() (git-fixes)
- commit 9d510a3
- cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes)
- commit e7722fa
- arm64: module: remove (NOLOAD) from linker script (git-fixes)
- commit 2f78693
- arm64 module: set plt* section addresses to 0x0 (git-fixes)
- commit 5213f10
- kABI workaround for rtsx_usb (git-fixes).
- commit 4ee0d92
- x86/bugs: Remove apostrophe typo (bsc#1178134).
- commit 0dca060
- power/reset: arm-versatile: Fix refcount leak in
  versatile_reboot_probe (git-fixes).
- serial: stm32: Clear prev values before setting RTS delays
  (git-fixes).
- serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
  (git-fixes).
- spi: amd: Limit max transfer and message size (git-fixes).
- drm/i915/gt: Serialize TLB invalidates with GT resets
  (git-fixes).
- drm/i915/selftests: fix a couple IS_ERR() vs NULL tests
  (git-fixes).
- raw: Fix a data-race around sysctl_raw_l3mdev_accept
  (git-fixes).
- sysctl: Fix data-races in proc_dointvec_ms_jiffies()
  (git-fixes).
- sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
- sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_douintvec() (git-fixes).
- sysctl: Fix data races in proc_dointvec() (git-fixes).
- ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
- ima: Fix a potential integer overflow in
  ima_appraise_measurement (git-fixes).
- drm/panfrost: Fix shrinker list corruption by madvise IOCTL
  (git-fixes).
- drm/panfrost: Put mapping instead of shmem obj on
  panfrost_mmu_map_fault_addr() error (git-fixes).
- drm/i915: fix a possible refcount leak in
  intel_dp_add_mst_connector() (git-fixes).
- ida: don't use BUG_ON() for debugging (git-fixes).
- dmaengine: pl330: Fix lockdep warning about non-static key
  (git-fixes).
- misc: rtsx_usb: set return value in rsp_buf alloc err path
  (git-fixes).
- misc: rtsx_usb: use separate command and response buffers
  (git-fixes).
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
  transfer (git-fixes).
- i2c: cadence: Unregister the clk notifier in error path
  (git-fixes).
- memregion: Fix memregion_free() fallback definition (git-fixes).
- fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
- fbcon: Prevent that screen size is smaller than font size
  (git-fixes).
- fbcon: Disallow setting font bigger than screen size
  (git-fixes).
- video: of_display_timing.h: include errno.h (git-fixes).
- fbdev: fbmem: Fix logo center image dx issue (git-fixes).
- r8169: fix accessing unset transport header (git-fixes).
- net: rose: fix UAF bug caused by rose_t0timer_expiry
  (git-fixes).
- pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
- pinctrl: sunxi: a83t: Fix NAND function name for some pins
  (git-fixes).
- commit aa669e5
- ASoC: Intel: Skylake: Correct the handling of fmt_config
  flexible array (git-fixes).
- ASoC: Intel: Skylake: Correct the ssp rate discovery in
  skl_get_ssp_clks() (git-fixes).
- ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
  correctly (git-fixes).
- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
- dmaengine: ti: Add missing put_device in
  ti_dra7_xbar_route_allocate (git-fixes).
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
  (git-fixes).
- can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
- ASoC: Remove unused hw_write_t type (git-fixes).
- commit 2be6c70
- arm64: fix compat syscall return truncation (git-fixes)
- commit 24bf105
- arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes)
- commit 992de8b
- arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
- commit 867aa84
- arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes)
- commit ad8af15
- arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes)
- commit 02d9d74
- arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes)
- commit 4265617
- arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes)
- commit 080c096
- arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes)
- commit ddc1d85
- KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
- commit aff711b
- arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
- commit d286e63
- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes)
- commit 437cb00
- usb: typec: add missing uevent when partner support PD
  (git-fixes).
- commit 8f7dacd
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- commit 052f747
- blacklist.conf: will speed up booting in exchange for breaking charging
  from a switched off laptop with some firmwares
- commit bd8e45d
- blacklist.conf: build fix that does not matter on a released kernel
- commit 3296a39
- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
- commit a69d674
- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
- commit 1caf14d
- Sort in RETbleed backport into the sorted section
  Now that it is upstream..
- Refresh
  patches.suse/KVM-VMX-Convert-launched-argument-to-flags.patch.
- Refresh
  patches.suse/KVM-VMX-Fix-IBRS-handling-after-vmexit.patch.
- Refresh patches.suse/KVM-VMX-Flatten-__vmx_vcpu_run.patch.
- Refresh
  patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch.
- Refresh
  patches.suse/KVM-VMX-Prevent-guest-RSB-poisoning-attacks-with-eIBRS.patch.
- Refresh
  patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch.
- Refresh
  patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch.
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh patches.suse/x86-Undo-return-thunk-damage.patch.
- Refresh patches.suse/x86-Use-return-thunk-in-asm-code.patch.
- Refresh patches.suse/x86-bpf-Use-alternative-RET-encoding.patch.
- Refresh
  patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
- Refresh
  patches.suse/x86-bugs-Add-Cannon-lake-to-RETBleed-affected-CPU-list.patch.
- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
- Refresh
  patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch.
- Refresh
  patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- Refresh
  patches.suse/x86-bugs-Group-MDS-TAA-Processor-MMIO-Stale-Data-mitigations.patch.
- Refresh
  patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch.
- Refresh
  patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch.
- Refresh
  patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch.
- Refresh
  patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch.
- Refresh
  patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch.
- Refresh
  patches.suse/x86-common-Stamp-out-the-stepping-madness.patch.
- Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch.
- Refresh patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch.
- Refresh
  patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch.
- Refresh
  patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- Refresh
  patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch.
- Refresh patches.suse/x86-retpoline-Use-mfunction-return.patch.
- Refresh
  patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch.
- Refresh
  patches.suse/x86-speculation-Add-a-common-function-for-MD_CLEAR-mitigation-update.patch.
- Refresh
  patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Refresh
  patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch.
- Refresh
  patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch.
- Refresh
  patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch.
- Refresh
  patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch.
- Refresh
  patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Add-mitigation-for-Processor-MMIO-Stale-Data.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Add-sysfs-reporting-for-Processor-MMIO-Stale-Data.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Enable-CPU-Fill-buffer-clearing-on-idle.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Enumerate-Processor-MMIO-Stale-Data-bug.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Reuse-SRBDS-mitigation-for-SBDS.patch.
- Refresh
  patches.suse/x86-speculation-srbds-Update-SRBDS-mitigation-selection.patch.
- Refresh
  patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch.
- Refresh patches.suse/x86-xen-Rename-SYS-entry-points.patch.
- commit 94dfede
- arm64: dts: marvell: espressobin: add ethernet alias (git-fixes)
- commit ed82a39
- blacklist.conf: blocks a driver from building
- commit 2f8d19f
- arm64: dts: mcbin: support 2W SFP modules (git-fixes)
- commit 1950671
- arm64: lib: Use modern annotations for assembly functions (git-fixes)
  Refresh patches.suse/arm64-clear_page-shouldn-t-use-DC-ZVA-when-DCZID_EL0.DZP-1.patch.
- commit fb5a868
- spi: <linux/spi/spi.h>: add missing struct kernel-doc entry
  (git-fixes).
- Refresh
  patches.kabi/move-devm_allocate-to-end-of-structure-for-kABI.patch.
- commit 8e36894
- arm64: asm: Add new-style position independent function annotations (git-fixes)
- commit a5d53f5
- usbnet: fix memory leak in error case (git-fixes).
- commit 988ba16
- arm64: module: rework special section handling (git-fixes)
- commit 7d368bc
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit fb0447a
- dm mirror log: round up region bitmap size to BITS_PER_LONG
  (git-fixes).
- md: bcache: check the return value of kzalloc() in
  detached_dev_do_request() (git-fixes).
- dm crypt: make printing of the key constant-time (git-fixes).
- dm integrity: fix error code in dm_integrity_ctr() (git-fixes).
- dm stats: add cond_resched when looping over entries
  (git-fixes).
- md/raid0: Ignore RAID0 layout if the second zone has only one
  device (git-fixes).
- hex2bin: make the function hex_to_bin constant-time (git-fixes).
- dm integrity: fix memory corruption when tag_size is less than
  digest size (git-fixes).
- block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes).
- dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
  (git-fixes).
- block: don't delete queue kobject before its children
  (git-fixes).
- block: bio-integrity: Advance seed correctly for larger interval
  sizes (git-fixes).
- block: Fix wrong offset in bio_truncate() (git-fixes).
- block: Fix fsync always failed if once failed (git-fixes).
- dm btree remove: fix use after free in rebalance_children()
  (git-fixes).
- dm: fix mempool NULL pointer race when completing IO
  (git-fixes).
- dm crypt: Avoid percpu_counter spinlock contention in
  crypt_page_alloc() (git-fixes).
- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
  (git-fixes).
- blk-zoned: allow zone management send operations without
  CAP_SYS_ADMIN (git-fixes).
- dm btree remove: assign new_root only when removal succeeds
  (git-fixes).
- dm snapshot: properly fix a crash when an origin has no
  snapshots (git-fixes).
- dm snapshot: fix crash with transient storage and zero chunk
  size (git-fixes).
- dm raid: fix inconclusive reshape layout on fast raid4/5/6
  table reload sequences (git-fixes).
- dm space map common: fix division bug in sm_ll_find_free_block()
  (git-fixes).
- dm persistent data: packed struct should have an aligned()
  attribute too (git-fixes).
- md/bitmap: wait for external bitmap writes to complete during
  tear down (git-fixes).
- dm verity: fix FEC for RS roots unaligned to block size
  (git-fixes).
- dm bufio: subtract the number of initial sectors in
  dm_bufio_get_device_size (git-fixes).
- md: Set prev_flush_start and flush_bio in an atomic way
  (git-fixes).
- dm integrity: conditionally disable "/recalculate"/ feature
  (git-fixes).
- dm integrity: fix a crash if "/recalculate"/ used without
  "/internal_hash"/ (git-fixes).
- dm integrity: fix the maximum number of arguments (git-fixes).
- dm snapshot: flush merged data before committing metadata
  (git-fixes).
- lib/string.c: implement stpcpy (git-fixes).
- commit ab41893
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty
  rx queue (bsc#1201381).
- commit ae4d431
- Refresh
  patches.suse/crypto-qat-remove-dma_free_coherent-for-DH.patch.
  revert the effect of mainline 453431a54934d917153 on patch.
- Refresh
  patches.suse/crypto-qat-remove-dma_free_coherent-for-RSA.patch.
  revert the effect of mainline 453431a54934d917153 on patch.
- commit 5e710e7
- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
- crypto: qat - fix memory leak in RSA (git-fixes).
- crypto: qat - set to zero DH parameters before free (git-fixes).
- crypto: qat - disable registration of algorithms (git-fixes).
- commit 8d18bba
- rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer
  Dwarves 1.22 or newer is required to build kernels with BTF information
  embedded in modules.
- commit 2dbbe9d
- scripts: dummy-tools, add pahole (jsc#SLE-24559).
- commit 6a3fc85
- pty: do tty_flip_buffer_push without port->lock in pty_write
  (bsc#1198829 CVE-2022-1462).
- commit ce8f318
- tty: use new tty_insert_flip_string_and_push_buffer() in
  pty_write() (bsc#1198829 CVE-2022-1462).
- tty: extract tty_flip_buffer_commit() from
  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
- commit cbf8ad3
- bpf: Add config to allow loading modules with BTF mismatches (jsc#SLE-24559).
- Update config files:
  - MODULE_ALLOW_BTF_MISMATCH=y
- commit 0660602
- bpf: Keep module's btf_data_size intact after load (jsc#SLE-24559).
- Refresh
  patches.kabi/kabi-create-module-private-struct-to-hold-btf-size-data.patch.
- commit 6a4211c
- bpf: Sanitize BTF data pointer after module is loaded (jsc#SLE-24559).
- Refresh
  patches.kabi/kabi-create-module-private-struct-to-hold-btf-size-data.patch.
- commit ec84a18
- kbuild: Skip module BTF generation for out-of-tree external
  modules (jsc#SLE-24559).
- commit b411a90
- bpf: Load and verify kernel module BTFs (jsc#SLE-24559).
- kabi: create module private struct to hold btf size/data (jsc#SLE-24559).
- commit dd48d54
- kbuild: Build kernel module BTFs if BTF is enabled and pahole
  supports it (jsc#SLE-24559).
- Update config files:
  - PAHOLE_HAS_SPLIT_BTF=y
  - DEBUG_INFO_BTF_MODULES=y
- commit 00469b9
- bpf: Assign ID to vmlinux BTF and return extra info for BTF
  in GET_OBJ_INFO (jsc#SLE-24559).
- commit bf525c4
- bpf: Add in-kernel split BTF support (jsc#SLE-24559).
- commit de75fe3
- bpf: Provide function to get vmlinux BTF information (jsc#SLE-24559).
- Refresh
  patches.suse/bpf-Add-bpf_patch_call_args-prototype-to-include-lin.patch.
- commit 97960b8
- kbuild: rename any-prereq to newer-prereqs (jsc#SLE-24559).
- commit d74c2bd
- kbuild: drop $(wildcard $^) check in if_changed* for faster
  rebuild (jsc#SLE-24559).
- commit 2b23691
- kbuild: split final module linking out into Makefile.modfinal (jsc#SLE-24559).
- Refresh
  patches.suse/0008-scripts-Coccinelle-script-for-namespace-dependencies.patch.
- Refresh
  patches.suse/0026-modpost-do-not-invoke-extra-modpost-for-nsdeps.patch.
- Refresh
  patches.suse/0028-modpost-dump-missing-namespaces-into-a-single-module.patch.
- Refresh
  patches.suse/0029-scripts-nsdeps-support-nsdeps-for-external-module-bu.patch.
- commit 860eb7e
- kbuild: rebuild modules when module linker scripts are updated (jsc#SLE-24559).
- Refresh
  patches.suse/kbuild-stop-filtering-out-GCC_PLUGINS_CFLAGS-from-cc.patch.
- commit e48ca3e
- kbuild: add marker for build log of *.mod.o (jsc#SLE-24559).
- commit 089d37f
- io_uring: fix fs->users overflow  (CVE-2022-1116, bsc#1199647).
- commit e8dfed6
- scsi: sd: Fix potential NULL pointer dereference (git-fixes).
- scsi: scsi_debug: Sanity check block descriptor length in
  resp_mode_select() (git-fixes).
- scsi: core: Put LLD module refcnt after SCSI device is released
  (git-fixes).
- scsi: core: Retry I/O for Notify (Enable Spinup) Required error
  (git-fixes).
- scsi: core: Only put parent device if host state differs from
  SHOST_CREATED (git-fixes).
- scsi: core: Put .shost_dev in failure path if host state
  changes to RUNNING (git-fixes).
- scsi: core: Fix failure handling of scsi_add_host_with_dma()
  (git-fixes).
- scsi: core: Fix error handling of scsi_host_alloc() (git-fixes).
- scsi: ufs: handle cleanup correctly on devm_reset_control_get
  error (git-fixes).
- scsi: ufs: Release clock if DMA map fails (git-fixes).
- commit cad0d5f
- don't call utsname() after ->nsproxy is NULL (bsc#1201196).
- commit 12197a1
- mm/slub: add missing TID updates on slab deactivation
  (git-fixes).
- commit af73675
- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
- commit 89b5cfc
- xen: don't continue xenstore initialization in case of errors
  (git-fixes).
- commit a397042
- x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes).
- commit 223f7ba
- KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in
  intel_pmu_refresh() (git-fixes).
- commit 2a600a1
- KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS
  GPAs (git-fixes).
- commit a048eb5
- KVM: apic: avoid calculating pending eoi from an uninitialized
  val (git-fixes).
- commit bd607c6
- KVM: nVMX: handle nested posted interrupts when apicv is
  disabled for L1 (git-fixes).
- commit a486b7a
- KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF
  attacks (git-fixes).
- commit eb73c2f
- KVM: x86: Don't let userspace set host-reserved cr4 bits
  (git-fixes).
- commit 404b24a
- net: hso: bail out on interrupt URB allocation failure
  (git-fixes).
- commit f562212
- blacklist.conf: misattributed in upstream
- commit 202e210
- net: rose: fix UAF bugs caused by timer handler (CVE-2022-2318
  bsc#1201251).
- commit 84c7e09
- Update patch reference for rose fix (CVE-2022-2318 bsc#1201251)
- commit 4566057
- scsi: smartpqi: Update LUN reset handler (bsc#1200622).
- commit 8890fb5
- xen/netfront: force data bouncing when backend is untrusted
  (bsc#1200762, CVE-2022-33741, XSA-403).
- commit 7daee4f
- xen/netfront: fix leaking data in shared pages (bsc#1200762,
  CVE-2022-33740, XSA-403).
- commit bfb8cc2
- xen/blkfront: force data bouncing when backend is untrusted
  (bsc#1200762, CVE-2022-33742, XSA-403).
- commit 9c6c1df
- xen/blkfront: fix leaking data in shared pages (bsc#1200762,
  CVE-2022-26365, XSA-403).
- commit 7095954
- blacklist.conf: Add 6a2d90ba027a ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
- commit 272b7b1
- Add dtb-starfive
- commit 85335b1
- config: enable DEBUG_INFO_BTF
  This option allows users to access the btf type information for vmlinux
  but not kernel modules.
- commit fb07e10
- Add dtb-microchip
- commit c797107
- rpm/kernel-source.spec.in: temporary workaround for a build failure
  Upstream c6x architecture removal left a dangling link behind which
  triggers openSUSE post-build check in kernel-source, failing
  kernel-source build.
  A fix deleting the danglink link has been submitted but it did not make
  it into 5.12-rc1. Unfortunately we cannot add it as a patch as patch
  utility does not handle symlink removal. Add a temporary band-aid which
  deletes all dangling symlinks after unpacking the kernel source tarball.
  [jslaby] It's not that temporary as we are dragging this for quite some
  time in master. The reason is that this can happen any time again, so
  let's have this in packaging instead.
- commit 52a1ad7
- blacklist.conf: Add b4e00444cab4 fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
- commit b1b6d4b
kie-api
- Declare the LICENSE file as license and not doc
ldb
- Add ldb-memory-bug-15096-4.15-ldbonly.patch to backport all
  changes for ldb-2.4.4.
  + CVE-2022-32745: samba: ldb: AD users can crash the server
    process with an LDAP add or modify request; (bso#15008);
    (bso#15096); (bsc#1201492).
  + CVE-2022-2031: samba, ldb: AD users can bypass certain
    restrictions associated with changing passwords; (bso#15047);
    (bsc#1201495);
  + CVE-2022-32744: samba, ldb: AD users can forge password change
    requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- Update to version 2.4.3
  + Fix build problems, waf produces incorrect names for python
    extensions; (bso#15071);
libarchive
- Fix CVE-2021-23177, extracting a symlink with ACLs modifies ACLs of target
  (CVE-2021-23177, bsc#1192425)
  * CVE-2021-23177.patch
libassuan
- update to 2.5.5:
  * Fix a crash in the logging code
  * Upgrade autoconf
- update to 2.5.4:
  * Fix some minor build annoyances
- Update to 2.5.3:
  * Add a timeout for writing to a SOCKS5 proxy.
  * Add workaround for a problem with LD_LIBRARY_PATH on newer systems.
- qemu-disable-fdpassing-test.patch: remove
-Update to 2.5.2:
  * configure.ac: Bump LT version to C8/A8/R2
  * include libassuan.pc in the spec file
libgpg-error
- Drop --with-pic (no effect with --disable-static).
- update to 1.42:
  * Improve cross-compiling support
  * Improve $libdir determination by gpgrt-config
  * Support --disable-thread by gen-lock-obj.sh
  * Interface changes relative to the 1.40 release
    GPG_ERR_SOURCE_TPM2D
- update to 1.41:
  * Fixes another glitch in the "/ignore"/ meta command.
  * Fixes two typos in the German translation.
  * New function gpgrt_access.
  * Make "/ignore"/ meta command work correctly in the option parser.
  * Interface changes relative to the 1.39 release:
  gpgrt_access                     NEW.
- Update to 1.39:
  * "/gpg-error --lib-version"/ works again.
  * New function gpgrt_fcancel as alternative to gpgrt_close. This
    function avoid flushing out buffered data and also tries to delete
    a newly created file.
  * Update the gnupg project keyring
  * Interface changes relative to the 1.38 release:
  - gpgrt_fcancel: NEW.
- Update to 1.38:
  * New option parser features to implement system wide
    configuration files
  * New functions to build file names
  * New function to help reallocating arrays
  * Protect gpgrt_inc_errorcount against counter overflow
- drop needless autotools build dependencies that were added for
  gawk5.patch
- Update to 1.37
  Release-info: https://dev.gnupg.org/T4772
  * Fixes a build problems when using Gawk 5.0  [#4459]
  * Improves cross-compiling support.  [#4643]
  * New error codes to map SQLite primary error codes.
  * Now uses poll(2) instead of select(2) in gpgrt_poll if possible.
  * Fixes a bug in gpgrt_close.  [#4698]
  * Fixes a few minor portability bugs.
  * New interfaces in this release:
    GPG_ERR_NO_KEYBOXD    GPG_ERR_KEYBOXD       GPG_ERR_NO_SERVICE
    GPG_ERR_SERVICE       GPG_ERR_SQL_OK        GPG_ERR_SQL_ERROR
    GPG_ERR_SQL_INTERNAL  GPG_ERR_SQL_PERM      GPG_ERR_SQL_ABORT
    GPG_ERR_SQL_BUSY      GPG_ERR_SQL_LOCKED    GPG_ERR_SQL_NOMEM
    GPG_ERR_SQL_READONLY  GPG_ERR_SQL_INTERRUPT GPG_ERR_SQL_IOERR
    GPG_ERR_SQL_CORRUPT   GPG_ERR_SQL_NOTFOUND  GPG_ERR_SQL_FULL
    GPG_ERR_SQL_CANTOPEN  GPG_ERR_SQL_PROTOCOL  GPG_ERR_SQL_EMPTY
    GPG_ERR_SQL_SCHEMA    GPG_ERR_SQL_TOOBIG    GPG_ERR_SQL_CONSTRAINT
    GPG_ERR_SQL_MISMATCH  GPG_ERR_SQL_MISUSE    GPG_ERR_SQL_NOLFS
    GPG_ERR_SQL_AUTH      GPG_ERR_SQL_FORMAT    GPG_ERR_SQL_RANGE
    GPG_ERR_SQL_NOTADB    GPG_ERR_SQL_NOTICE    GPG_ERR_SQL_WARNING
    GPG_ERR_SQL_ROW       GPG_ERR_SQL_DONE
- Remove patch fixed upstream.
  * gawk5.patch
- Add patch to fix buidling with gawk 5.0 and newer:
  * gawk5.patch
- Update to 1.36:
  * Two new error codes to better support PIV cards
  * Support armv7a-unknown-linux-gnueabihf
- Update to 1.35:
  * Distribute the correct gpgrt-config
- update to 1.34:
  * Support for riscv32
  * New API to allow emergency cleanup after internal fatal errors
  * Minor bug and portability fixes
- update to 1.33:
  * New unified config script gpgrt-config
  * The log functions now sanitize strings printed with the "/%s"/
    format specifier
  * New fprintf style function to apply a custom filter for string
    arguments
  * New function to compare version strings
- Update to 1.32:
  * Fixes a problem with gpgrt_fflush and gpgrt_fopencookie
  * Fixes a problem with the C11 header stdnoreturn.h
- Fix %install_info_delete usage:
  * It has to be performed in %preun not in %postun.
  * See https://en.opensuse.org/openSUSE:Packaging_Conventions_RPM_Macros#.25install_info_delete.
- update to 1.31:
  * Fixes for platforms other than GNU/Linux
  * New translation for Spanish
- update to 1.30:
  * fixes for platforms other than GNU/Linux
  * Use %license (boo#1082318)
libgsasl
- fix OOB read in GSSAPI server - CVE-2022-2469 (bsc#1201715)
- Add: CVE-2022-2469.patch
libjpeg-turbo
  fix CVE-2020-35538 [bsc#1202915], Null pointer dereference in jcopy_sample_rows() function
  + libjpeg-turbo-CVE-2020-35538.patch
- security update
- added patches
libksba
- Security fix: [bsc#1204357, CVE-2022-3515]
  * Detect a possible overflow directly in the TLV parser.
  * Add libksba-CVE-2022-3515.patch
libtasn1
- Add libtasn1-CVE-2021-46848.patch: Fixed off-by-one array size check
  that affects asn1_encode_simple_der (CVE-2021-46848, bsc#1204690).
libtirpc
- fix CVE-2021-46828: libtirpc: DoS vulnerability with lots of
  connections (bsc#1201680)
  - add 0001-Fix-DoS-vulnerability-in-libtirpc.patch
-exclude ipv6 addresses in client protocol 2 code (bsc#1200800)
  - update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
- fix memory leak in params.r_addr assignement (bsc#1198752)
  - add 0001-fix-parms.r_addr-memory-leak.patch
libxml2
- Security fixes:
  * [CVE-2022-40303, bsc#1204366] Fix integer overflows with
    XML_PARSE_HUGE
    + Added patch libxml2-CVE-2022-40303.patch
  * [CVE-2022-40304, bsc#1204367] Fix dict corruption caused by
    entity reference cycles
    + Added patch libxml2-CVE-2022-40304.patch
- Security fix: [bsc#1201978, CVE-2016-3709]
  * Cross-site scripting vulnerability after commit 960f0e2
  * Add libxml2-CVE-2016-3709.patch
libyajl
- add libyajl-CVE-2022-24795.patch (CVE-2022-24795, bsc#1198405)
libzypp
- Resolver: Fix missing --[no]-recommends initialization in
  update (fixes #openSUSE/zypper#459, bsc#1201972)
- Log ONLY_NAMESPACE_RECOMMENDED because this is what corresponds
  to --[no]-recommends.
- version 17.31.2 (22)
- UsrEtc: Store logrotate files in %{_distconfdir} if defined
  (fixes #402)
- Log backtrace on SIGABRT too.
- Need to explicitly enable building experimental code. Otherwise
  an old Notcurses++ package which happens to be present in the
  buildenv breaks the build (fixes #412).
- Work around libyui/libyui#78 on code 15.4 and older.
- Stop using std::*ary_function; deprecated and removed in c++17.
- Don't expose header files which use types not available in
  c++11.  In 15.3 and older, YAST and PK compile with -std=c++11.
- Remove no longer needed %post code (bsc#1203649)
- Enable zck support for SLE15-SP4 and newer. On Leap it is enabled
  since 15.1 (bsc#1189282)
- version 17.31.1 (22)
- Add PoolItem::statusReinit to reset the status it's initial
  state in the ResPool (might help bsc#1199895)
  This may either be 'KEEP_STATE bySOLVER' or 'LOCKED byUSER' if
  the PoolItem matched a hard lock defined in /etc/zypp/locks.
- Fix building with GCC 13 on i586 (fixes #407, fixes #396)
- Be prepared to receive exceptions from curl_easy_cleanup
  (bsc#1201092)
- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
- Remove Medianetwork and dependend code.
  This commit removes the MediaNetwork tech preview and all related
  code. First reason for this is that MediaNetwork was just meant
  as a way to test the new CURL based downloader and second: since
  the Provide API is going to completely replace the current media
  backend it would be extra work to ensure that changes on the
  Downloader do not break MediaNetwork.
- version 17.31.0 (22)
- Fix building with GCC 12.x release (#396)
- version 17.30.3 (22)
- appdata plugin: Pass path to the repodata/ directory inside the
  cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending
  endOfScriptTag.
- version 17.30.2 (22)
- PluginRepoverification: initial version hooked into
  repo::Downloader and repo refresh.
- Immediately start monitoring the download.transfer_timeout.
  Do not wait until the first data arrived. (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only.
- Work around cases where sat repo.start points to an invalid
  solvable.  May happen if (wrong arch) solvables were removed
  at the  beginning of the repo.
- fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
  (fixes #388)
- version 17.30.1 (22)
logrotate
- Security fix: (bsc#1192449) related to (bsc#1191281, CVE-2021-3864)
  * enforce stricter parsing to avoid CVE-2021-3864
  * Added patch logrotate-enforce-stricter-parsing-and-extra-tests.patch
- Fix "/logrotate emits unintended warning: keyword size not properly
  separated, found 0x3d"/ (bsc#1200278, bsc#1200802):
  * Added patch logrotate-dont_warn_on_size=_syntax.patch
mozilla-nspr
- update to version 4.34.1
  * add file descriptor sanity checks in the NSPR poll function.
- update to version 4.34
  * add an API that returns a preferred loopback IP on hosts that
    have two IP stacks available.
- update to 4.33:
  * fixes to build system and export of private symbols
mozilla-nss
- Require libjitter only for SLE15-SP4 and greater
- update to NSS 3.79.2 (bsc#1204729)
  * bmo#1785846 - Bump minimum NSPR version to 4.34.1.
  * bmo#1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity.
- Add nss-allow-slow-tests.patch, which allows a timed test to run
  longer than 1s. This avoids turning slow builds into broken
  builds.
- Update nss-fips-approved-crypto-non-ec.patch to allow the use of
  DSA keys (verification only) (bsc#1201298).
- Update nss-fips-constructor-self-tests.patch to add
  sftk_FIPSRepeatIntegrityCheck() to softoken's .def file
  (bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to allow the use of
  longer symmetric keys via the service level indicator
  (bsc#1191546).
- Update nss-fips-constructor-self-tests.patch to hopefully export
  sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to prevent sessions
  from getting flagged as non-FIPS (bsc#1191546).
- Mark DSA keygen unapproved (bsc#1191546, bsc#1201298).
- Enable nss-fips-drbg-libjitter.patch now that we have a patched
  libjitter to build with (bsc#1202870).
- Update nss-fips-approved-crypto-non-ec.patch to prevent keys
  from getting flagged as non-FIPS and add remaining TLS mechanisms.
- Add nss-fips-drbg-libjitter.patch to use libjitterentropy for
  entropy. This is disabled until we can avoid the inline assembler
  in the latter's header file that relies on GNU extensions.
- Update nss-fips-constructor-self-tests.patch to fix an abort()
  when both NSS_FIPS and /proc FIPS mode are enabled.
- update to NSS 3.79.1 (bsc#1202645)
  * bmo#1366464 - compare signature and signatureAlgorithm fields in legacy certificate verifier.
  * bmo#1771498 - Uninitialized value in cert_ComputeCertType.
  * bmo#1759794 - protect SFTKSlot needLogin with slotLock.
  * bmo#1760998 - avoid data race on primary password change.
  * bmo#1330271 - check for null template in sec_asn1{d,e}_push_state.
- Update nss-fips-approved-crypto-non-ec.patch to unapprove the
  rest of the DSA ciphers, keeping signature verification only
  (bsc#1201298).
- Update nss-fips-constructor-self-tests.patch to fix compiler
  warning.
- Update nss-fips-constructor-self-tests.patch to add on-demand
  integrity tests through sftk_FIPSRepeatIntegrityCheck()
  (bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to mark algorithms
  as approved/non-approved according to security policy
  (bsc#1191546, bsc#1201298).
- Update nss-fips-approved-crypto-non-ec.patch to remove hard
  disabling of unapproved algorithms. This requirement is now
  fulfilled by the service level indicator (bsc#1200325).
- Remove nss-fips-tls-allow-md5-prf.patch, since we no longer need
  the workaround in FIPS mode (bsc#1200325).
- Remove nss-fips-tests-skip.patch. This is no longer needed since
  we removed the code to short-circuit broken hashes and moved to
  using the SLI.
- Remove upstreamed patches:
  * nss-fips-version-indicators.patch
  * nss-fips-tests-pin-paypalee-cert.patch
- update to NSS 3.79
  - bmo#205717 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
  - bmo#1766907 - Update mercurial in clang-format docker image.
  - bmo#1454072 - Use of uninitialized pointer in lg_init after alloc fail.
  - bmo#1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
  - bmo#1753315 - Add SECMOD_LockedModuleHasRemovableSlots.
  - bmo#1387919 - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
  - bmo#1765753 - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts.
  - bmo#1765753 - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version.
  - bmo#1764788 - Correct invalid record inner and outer content type alerts.
  - bmo#1757075 - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding.
  - bmo#1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle.
  - bmo#1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
  - bmo#1769302 - NSS 3.79 should depend on NSPR 4.34
- update to NSS 3.78.1
  * bmo#1767590 - Initialize pointers passed to
    NSS_CMSDigestContext_FinishMultiple
- update to NSS 3.78
    bmo#1755264 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests.
    bmo#1294978 - Reworked overlong record size checks and added TLS1.3 specific boundaries.
    bmo#1763120 - Add ECH Grease Support to tstclnt
    bmo#1765003 - Add a strict variant of moz::pkix::CheckCertHostname.
    bmo#1166338 - Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
    bmo#1760813 - Make SEC_PKCS12EnableCipher succeed
    bmo#1762489 - Update zlib in NSS to 1.2.12.
- update to NSS 3.77
  * Bug 1762244 - resolve mpitests build failure on Windows.
  * bmo#1761779 - Fix link to TLS page on wireshark wiki
  * bmo#1754890 - Add two D-TRUST 2020 root certificates.
  * bmo#1751298 - Add Telia Root CA v2 root certificate.
  * bmo#1751305 - Remove expired explicitly distrusted certificates
    from certdata.txt.
  * bmo#1005084 - support specific RSA-PSS parameters in mozilla::pkix
  * bmo#1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
  * bmo#1756271 - Remove token member from NSSSlot struct.
  * bmo#1602379 - Provide secure variants of mpp_pprime and mpp_make_prime.
  * bmo#1757279 - Support UTF-8 library path in the module spec string.
  * bmo#1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
  * bmo#1760827 - Add a CI Target for gcc-11.
  * bmo#1760828 - Change to makefiles for gcc-4.8.
  * bmo#1741688 - Update googletest to 1.11.0
  * bmo#1759525 - Add SetTls13GreaseEchSize to experimental API.
  * bmo#1755264 - TLS 1.3 Illegal legacy_version handling/alerts.
  * bmo#1755904 - Fix calculation of ECH HRR Transcript.
  * bmo#1758741 - Allow ld path to be set as environment variable.
  * bmo#1760653 - Ensure we don't read uninitialized memory in ssl gtests.
  * bmo#1758478 - Fix DataBuffer Move Assignment.
  * bmo#1552254 - internal_error alert on Certificate Request with
    sha1+ecdsa in TLS 1.3
  * bmo#1755092 - rework signature verification in mozilla::pkix
- Require nss-util in nss.pc and subsequently remove -lnssutil3
- update to NSS 3.76.1
  NSS 3.76.1
  * bmo#1756271 - Remove token member from NSSSlot struct.
  NSS 3.76
  * bmo#1755555 - Hold tokensLock through nssToken_GetSlot calls in
    nssTrustDomain_GetActiveSlots.
  * bmo#1370866 - Check return value of PK11Slot_GetNSSToken.
  * bmo#1747957 - Use Wycheproof JSON for RSASSA-PSS
  * bmo#1679803 - Add SHA256 fingerprint comments to old
    certdata.txt entries.
  * bmo#1753505 - Avoid truncating files in nss-release-helper.py.
  * bmo#1751157 - Throw illegal_parameter alert for illegal extensions
    in handshake message.
- Add nss-util pkgconfig and config files (copied from RH/Fedora)
- update to NSS 3.75
  * bmo#1749030 - This patch adds gcc-9 and gcc-10 to the CI.
  * bmo#1749794 - Make DottedOIDToCode.py compatible with python3.
  * bmo#1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.
  * bmo#1748386 - Remove redundant key type check.
  * bmo#1749869 - Update ABI expectations to match ECH changes.
  * bmo#1748386 - Enable CKM_CHACHA20.
  * bmo#1747327 - check return on NSS_NoDB_Init and NSS_Shutdown.
  * bmo#1747310 - real move assignment operator.
  * bmo#1748245 - Run ECDSA test vectors from bltest as part of the CI tests.
  * bmo#1743302 - Add ECDSA test vectors to the bltest command line tool.
  * bmo#1747772 - Allow to build using clang's integrated assembler.
  * bmo#1321398 - Allow to override python for the build.
  * bmo#1747317 - test HKDF output rather than input.
  * bmo#1747316 - Use ASSERT macros to end failed tests early.
  * bmo#1747310 - move assignment operator for DataBuffer.
  * bmo#1712879 - Add test cases for ECH compression and unexpected
    extensions in SH.
  * bmo#1725938 - Update tests for ECH-13.
  * bmo#1725938 - Tidy up error handling.
  * bmo#1728281 - Add tests for ECH HRR Changes.
  * bmo#1728281 - Server only sends GREASE HRR extension if enabled
    by preference.
  * bmo#1725938 - Update generation of the Associated Data for ECH-13.
  * bmo#1712879 - When ECH is accepted, reject extensions which were
    only advertised in the Outer Client Hello.
  * bmo#1712879 - Allow for compressed, non-contiguous, extensions.
  * bmo#1712879 - Scramble the PSK extension in CHOuter.
  * bmo#1712647 - Split custom extension handling for ECH.
  * bmo#1728281 - Add ECH-13 HRR Handling.
  * bmo#1677181 - Client side ECH padding.
  * bmo#1725938 - Stricter ClientHelloInner Decompression.
  * bmo#1725938 - Remove ECH_inner extension, use new enum format.
  * bmo#1725938 - Update the version number for ECH-13 and adjust
    the ECHConfig size.
- update to NSS 3.74
  * bmo#966856 - mozilla::pkix: support SHA-2 hashes in CertIDs in
    OCSP responses
  * bmo#1553612 - Ensure clients offer consistent ciphersuites after HRR
  * bmo#1721426 - NSS does not properly restrict server keys based on policy
  * bmo#1733003 - Set nssckbi version number to 2.54
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R4 root certificate
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R3 root certificate
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R2 root certificate
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R1 root certificate
  * bmo#1735407 - Replace GlobalSign ECC Root CA R4
  * bmo#1733560 - Remove Expired Root Certificates - DST Root CA X3
  * bmo#1740807 - Remove Expiring Cybertrust Global Root and GlobalSign root
    certificates
  * bmo#1741930 - Add renewed Autoridad de Certificacion Firmaprofesional
    CIF A62634068 root certificate
  * bmo#1740095 - Add iTrusChina ECC root certificate
  * bmo#1740095 - Add iTrusChina RSA root certificate
  * bmo#1738805 - Add ISRG Root X2 root certificate
  * bmo#1733012 - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
  * bmo#1738028 - Avoid a clang 13 unused variable warning in opt build
  * bmo#1735028 - Check for missing signedData field
  * bmo#1737470 - Ensure DER encoded signatures are within size limits
- enable key logging option (boo#1195040)
- update to NSS 3.73.1:
  * Add SHA-2 support to mozilla::pkix's OSCP implementation
- update to NSS 3.73
  * bmo#1735028 - check for missing signedData field.
  * bmo#1737470 - Ensure DER encoded signatures are within size limits.
  * bmo#1729550 - NSS needs FiPS 140-3 version indicators.
  * bmo#1692132 - pkix_CacheCert_Lookup doesn't return cached certs
  * bmo#1738600 - sunset Coverity from NSS
  MFSA 2021-51 (bsc#1193170)
  * CVE-2021-43527 (bmo#1737470)
    Memory corruption via DER-encoded DSA and RSA-PSS signatures
- update to NSS 3.72
  * Remove newline at the end of coreconf.dep
  * bmo#1731911 - Fix nsinstall parallel failure.
  * bmo#1729930 - Increase KDF cache size to mitigate perf
    regression in about:logins
- update to NSS 3.71
  * bmo#1717716 - Set nssckbi version number to 2.52.
  * bmo#1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
  * bmo#1373716 - Import of PKCS#12 files with Camellia encryption is not supported
  * bmo#1717707 - Add HARICA Client ECC Root CA 2021.
  * bmo#1717707 - Add HARICA Client RSA Root CA 2021.
  * bmo#1717707 - Add HARICA TLS ECC Root CA 2021.
  * bmo#1717707 - Add HARICA TLS RSA Root CA 2021.
  * bmo#1728394 - Add TunTrust Root CA certificate to NSS.
- update to NSS 3.70
  * bmo#1726022 - Update test case to verify fix.
  * bmo#1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
  * bmo#1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
  * bmo#1681975 - Avoid using a lookup table in nssb64d.
  * bmo#1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
  * bmo#1714579 - Change default value of enableHelloDowngradeCheck to true.
  * bmo#1726022 - Cache additional PBE entries.
  * bmo#1709750 - Read HPKE vectors from official JSON.
- Update to NSS 3.69.1
  * bmo#1722613 (Backout) - Disable DTLS 1.0 and 1.1 by default
  * bmo#1720226 (Backout) - integrity checks in key4.db not happening
    on private components with AES_CBC
  NSS 3.69
  * bmo#1722613 - Disable DTLS 1.0 and 1.1 by default (backed out again)
  * bmo#1720226 - integrity checks in key4.db not happening on private
    components with AES_CBC (backed out again)
  * bmo#1720235 - SSL handling of signature algorithms ignores
    environmental invalid algorithms.
  * bmo#1721476 - sqlite 3.34 changed it's open semantics, causing
    nss failures.
    (removed obsolete nss-btrfs-sqlite.patch)
  * bmo#1720230 - Gtest update changed the gtest reports, losing gtest
    details in all.sh reports.
  * bmo#1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode
  * bmo#1720232 - SQLite calls could timeout in starvation situations.
  * bmo#1720225 - Coverity/cpp scanner errors found in nss 3.67
  * bmo#1709817 - Import the NSS documentation from MDN in nss/doc.
  * bmo#1720227 - NSS using a tempdir to measure sql performance not active
- add nss-fips-stricter-dh.patch
- updated existing patches with latest SLE
- Mozilla NSS 3.68.4 (bsc#1200027)
  * Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
    (bmo#1767590)
- Update nss-fips-constructor-self-tests.patch to scan
  LD_LIBRARY_PATH for external libraries to be checksummed.
- Run test suite at build time, and make it pass (bsc#1198486).
  Based on work by Marcus Meissner.
- Add nss-fips-tests-skip.patch to skip algorithms that are hard
  disabled in FIPS mode.
- Add nss-fips-tests-pin-paypalee-cert.patch to prevent expired
  PayPalEE cert from failing the tests.
- Add nss-fips-tests-enable-fips.patch, which enables FIPS during
  test certificate creation and disables the library checksum
  validation during same.
- Update nss-fips-constructor-self-tests.patch to allow
  checksumming to be disabled, but only if we entered FIPS mode
  due to NSS_FIPS being set, not if it came from /proc.
- Add nss-fips-pbkdf-kat-compliance.patch (bsc#1192079). This
  makes the PBKDF known answer test compliant with NIST SP800-132.
- Update FIPS validation string to version-release format.
- Update nss-fips-approved-crypto-non-ec.patch to remove XCBC MAC
  from list of FIPS approved algorithms.
- Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID
  for build.
- Update nss-fips-approved-crypto-non-ec.patch to claim 3DES
  unapproved in FIPS mode (bsc#1192080).
- Update nss-fips-constructor-self-tests.patch to allow testing
  of unapproved algorithms (bsc#1192228).
- Add nss-fips-version-indicators.patch (bmo#1729550, bsc#1192086).
  This adds FIPS version indicators.
- Add nss-fips-180-3-csp-clearing.patch (bmo#1697303, bsc#1192087).
  Most of the relevant changes are already upstream since NSS 3.60.
mvel2
- Declare the LICENSE file as license and not doc
ncurses
- Add patch ncurses-bnc1198627.patch
  * Fix bsc#1198627: CVE-2022-29458: ncurses: segfaulting OOB read
netty
- Security update
  * The ZlibDecoders allow for unbounded memory allocation while
    decoding a byte stream (bsc#1168932 CVE-2020-11612)
  * Information disclosure via the local system temporary
    directory (bsc#1182103 CVE-2021-21290)
  * Bzip2Decoder doesn't allow setting size restrictions for
    decompressed data (bsc#1190610 CVE-2021-37136)
  * Snappy frame decoder doesn't restrict the chunk length
    and may buffer skippable chunks (bsc#1190613 CVE-2021-37137)
- Added:
  * netty-CVE-2020-11612.patch
  * netty-CVE-2021-21290.patch
  * netty-CVE-2021-37136.patch
  * netty-CVE-2021-37137.patch
ongres-scram
- update to version 2.1
  * Added standard SASLPrep (bsc#1196693)(jsc#SLE-23993, jsc#SLE-23994)
  * Failover to bouncy castle implementation of
    PBKDF2WithHmacSHA256 to support Oracle JDK 7
  * Updated saslprep to version 1.1 to remove a build dependency
    coming from stringprep module
open-iscsi
- Modify SPEC file so systemd unit files are mode 644 (not 755)
  (bsc#1200570)
- For Tumbleweed, moved logrotate files from user-specific
  directory /etc/logrotate.d to vendor-specific
  /usr/etc/logrotate.d
  (for Stefan Schubert <schubi@suse.com>)
openldap2
- bsc#1198341 - Prevent memory reuse which may lead to instability
  * 0243-Change-malloc-to-use-calloc-to-prevent-memory-reuse-.patch
optaplanner
- Declare the LICENSE file as license and not doc
patterns-suse-manager
- Strictly require OpenJDK 11 (bsc#1202142)
pcre2
- Added pcre2-bsc1199235-CVE-2022-1587.patch
  * CVE-2022-1587 / bsc#1199235
  * Fix out-of-bounds read due to bug in recursions
  * Sourced from:
  - https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0
- Added pcre2-Fix_crash_when_X_is_used_without_UTF_in_JIT.patch
  * CVE-2019-20454 / bsc#1164384
  * Fix crash when X is used in non-UTF mode on certain inputs.
  * Sourced from:
  - https://github.com/PCRE2Project/pcre2/commit/342c16ecd31bd12fc350ee31d2dcc041832ebb3f
  - https://github.com/PCRE2Project/pcre2/commit/e118e60a68f03f38dd2ff3d16ca2e2e0d800e1d9
perl
- fix File::Path rmtree/remove_tree race condition
  [bnc#1047178] [CVE-2017-6512]
  new patch: perl-file_path_rmtree_fchmod.diff
perl-DBD-Pg
- fix testsuite [bsc#1197797]
- added patches
  fix https://github.com/bucardo/dbdpg/commit/e01ade96d9e6676385df37d2d8f1907bb68417f2
  + perl-DBD-Pg-fix-tests.patch
perl-HTTP-Daemon
- Fix request smuggling in HTTP::Daemon
  (CVE-2022-31081, bsc#1201157)
  * CVE-2022-31081.patch
  * CVE-2022-31081-2.patch
  * CVE-2022-31081-Add-new-test-for-Content-Length-issues.patch
permissions
  * Revert "/drop ping capabilities in favor of ICMP_PROTO sockets"/. Older
    SLE-15 versions don't properly support this feature yet (bsc#1204137)
- Update to version 20181225:
  * fix regression introduced by backport of security fix (bsc#1203911)
- Update to version 20181225:
  * chkstat: also consider group controlled paths (bsc#1203018, CVE-2022-31252)
- Update to version 20181225:
postgresql-jdbc
- Address SQL Injection Vulnerability CVE-2022-31197
  (bsc#1202170)
  * Add: fix-SQL-Injection-CVE-2022-31197.patch
- Address arbitrary File Write Vulnerability CVE-2022-26520
  (bsc#1197356)
  * Add: CVE-2022-26520.patch
- Upgrade to upstream version 42.2.25
  * uses SASLprep normalization for SCRAM authentication fixing
    some issues with spaces in passwords. (bsc#1196693)
    (jsc#SLE-23993, jsc#SLE-23994)
  * https://jdbc.postgresql.org/documentation/changelog.html
postgresql13
- Update to 13.8:
  * bsc#1202368, CVE-2022-2625: Extension scripts replace objects
    not belonging to the extension.
  * https://www.postgresql.org/docs/release/13.8/
- bsc#1198166: Pin to llvm13 until the next patchlevel update.
postgresql14
-  Update to 14.5:
  * bsc#1202368, CVE-2022-2625: Extension scripts replace objects
    not belonging to the extension.
  * https://www.postgresql.org/docs/release/14.5/
- bsc#1200437: Upgrade to 14.4:
  * Prevent possible corruption of indexes created or rebuilt with
    the CONCURRENTLY option.
  * https://www.postgresql.org/docs/release/14.4/
  * https://www.postgresql.org/about/news/p-2470/
- bsc#1198166: Pin to llvm13 until the next patchlevel update.
procps
- Add the patches
  * procps-3.3.17-library-bsc1181475.patch
  * procps-3.3.17-top-bsc1181475.patch
  which are backports of current newlib tree to solve bug bsc#1181475
  * 'free' command reports misleading "/used"/ value
py27-compat-salt
- Fix state.apply in test mode with file state module
  on user/group checking (bsc#1202167)
- Added:
  * fix-state.apply-in-test-mode-with-file-state-module-.patch
- Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596)
- Added:
  * retry-if-rpm-lock-is-temporarily-unavailable-547-552.patch
- Add support for gpgautoimport in zypperpkg module
- Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372)
- Added:
  * fix-salt.states.file.managed-for-follow_symlinks-tru.patch
  * add-support-for-gpgautoimport-to-refresh_db-in-the-z.patch
- Add support for name, pkgs and diff_attr parameters to upgrade
  function for zypper and yum (bsc#1198489)
- Added:
  * add-support-for-name-pkgs-and-diff_attr-parameters-t.patch
- Unify logic on using multiple requisites and add onfail_all (bsc#1198738)
- Normalize package names once with pkg.installed/removed using yum (bsc#1195895)
- Added:
  * unify-logic-on-using-multiple-requisites-and-add-onf.patch
  * normalize-package-names-once-with-pkg.installed-remo.patch
- Remove redundant overrides causing confusing DEBUG logging (bsc#1189501)
- Added:
  * remove-redundand-overrides-causing-confusing-debug-l.patch
python
- Add patch CVE-2021-28861-double-slash-path.patch:
  * BaseHTTPServer: Fix an open redirection vulnerability in the HTTP server
    when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
python-M2Crypto
- Add CVE-2020-25657-Bleichenbacher-attack.patch (CVE-2020-25657,
  bsc#1178829), which mitigates the Bleichenbacher timing attacks
  in the RSA decryption API.
- Add python-M2Crypto.keyring to verify GPG signature of tarball.
python-base
- Add patch CVE-2021-28861-double-slash-path.patch:
  * BaseHTTPServer: Fix an open redirection vulnerability in the HTTP server
    when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
python-boto3
- Update to version 1.23.4 (bsc#1199716)
  * api-change:``gamesparks``: [``botocore``] This release adds an optional DeploymentResult field in
    the responses of GetStageDeploymentIntegrationTests and ListStageDeploymentIntegrationTests APIs.
  * enhancement:StreamingBody: [``botocore``] Allow StreamingBody to be used as a context manager
  * api-change:``lookoutmetrics``: [``botocore``] In this release we added SnsFormat to
    SNSConfiguration to support human readable alert.
- from version 1.23.3
  * api-change:``greengrassv2``: [``botocore``] This release adds the new DeleteDeployment API
    operation that you can use to delete deployment resources. This release also adds support for
    discontinued AWS-provided components, so AWS can communicate when a component has any issues that
    you should consider before you deploy it.
  * api-change:``quicksight``: [``botocore``] API UpdatePublicSharingSettings enables IAM admins to
    enable/disable account level setting for public access of dashboards. When enabled,
    owners/co-owners for dashboards can enable public access on their dashboards. These dashboards can
    only be accessed through share link or embedding.
  * api-change:``appmesh``: [``botocore``] This release updates the existing Create and Update APIs
    for meshes and virtual nodes by adding a new IP preference field. This new IP preference field can
    be used to control the IP versions being used with the mesh and allows for IPv6 support within App
    Mesh.
  * api-change:``batch``: [``botocore``] Documentation updates for AWS Batch.
  * api-change:``iotevents-data``: [``botocore``] Introducing new API for deleting detectors:
    BatchDeleteDetector.
  * api-change:``transfer``: [``botocore``] AWS Transfer Family now supports SetStat server
    configuration option, which provides the ability to ignore SetStat command issued by file transfer
    clients, enabling customers to upload files without any errors.
- from version 1.23.2
  * api-change:``kms``: [``botocore``] Add HMAC best practice tip, annual rotation of AWS managed
    keys.
  * api-change:``glue``: [``botocore``] This release adds a new optional parameter called
    codeGenNodeConfiguration to CRUD job APIs that allows users to manage visual jobs via APIs. The
    updated CreateJob and UpdateJob will create jobs that can be viewed in Glue Studio as a visual
    graph. GetJob can be used to get codeGenNodeConfiguration.
- Remove unnecessary version constraint for python3-pytest in BuildRequires
- Update BuildRequires and Requires from setup.py
- Update to version 1.23.1
  * api-change:``resiliencehub``: [``botocore``] In this release, we are introducing support for
    Amazon Elastic Container Service, Amazon Route 53, AWS Elastic Disaster Recovery, AWS Backup in
    addition to the existing supported Services.  This release also supports Terraform file input from
    S3 and scheduling daily assessments
  * api-change:``servicecatalog``: [``botocore``] Updated the descriptions for the
    ListAcceptedPortfolioShares API description and the PortfolioShareType parameters.
  * api-change:``discovery``: [``botocore``] Add Migration Evaluator Collector details to the
    GetDiscoverySummary API response
  * api-change:``sts``: [``botocore``] Documentation updates for AWS Security Token Service.
  * api-change:``workspaces-web``: [``botocore``] Amazon WorkSpaces Web now supports Administrator
    timeout control
  * api-change:``rekognition``: [``botocore``] Documentation updates for Amazon Rekognition.
  * api-change:``cloudfront``: [``botocore``] Introduced a new error
    (TooLongCSPInResponseHeadersPolicy) that is returned when the value of the Content-Security-Policy
    header in a response headers policy exceeds the maximum allowed length.
- from version 1.23.0
  * feature:Loaders: [``botocore``] Support for loading gzip compressed model files.
  * api-change:``grafana``: [``botocore``] This release adds APIs for creating and deleting API keys
    in an Amazon Managed Grafana workspace.
- from version 1.22.13
  * api-change:``ivschat``: [``botocore``] Documentation-only updates for IVS Chat API Reference.
  * api-change:``lambda``: [``botocore``] Lambda releases NodeJs 16 managed runtime to be available
    in all commercial regions.
  * api-change:``kendra``: [``botocore``] Amazon Kendra now provides a data source connector for
    Jira. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-jira.html
  * api-change:``transfer``: [``botocore``] AWS Transfer Family now accepts ECDSA keys for server
    host keys
  * api-change:``iot``: [``botocore``] Documentation update for China region ListMetricValues for IoT
  * api-change:``workspaces``: [``botocore``] Increased the character limit of the login message from
    600 to 850 characters.
  * api-change:``finspace-data``: [``botocore``] We've now deprecated CreateSnapshot permission for
    creating a data view, instead use CreateDataView permission.
  * api-change:``lightsail``: [``botocore``] This release adds support to include inactive database
    bundles in the response of the GetRelationalDatabaseBundles request.
  * api-change:``outposts``: [``botocore``] Documentation updates for AWS Outposts.
  * api-change:``ec2``: [``botocore``] This release introduces a target type Gateway Load Balancer
    Endpoint for mirrored traffic. Customers can now specify GatewayLoadBalancerEndpoint option during
    the creation of a traffic mirror target.
  * api-change:``ssm-incidents``: [``botocore``] Adding support for dynamic SSM Runbook parameter
    values. Updating validation pattern for engagements. Adding ConflictException to
    UpdateReplicationSet API contract.
- from version 1.22.12
  * api-change:``secretsmanager``: [``botocore``] Doc only update for Secrets Manager that fixes
    several customer-reported issues.
  * api-change:``ec2``: [``botocore``] This release updates AWS PrivateLink APIs to support IPv6 for
    PrivateLink Services and Endpoints of type 'Interface'.
- Update BuildRequires and Requires from setup.py
- Update to version 1.22.11
  * api-change:``migration-hub-refactor-spaces``: [``botocore``] AWS Migration Hub Refactor Spaces
    documentation only update to fix a formatting issue.
  * api-change:``ec2``: [``botocore``] Added support for using NitroTPM and UEFI Secure Boot on EC2
    instances.
  * api-change:``emr``: [``botocore``] Update emr client to latest version
  * api-change:``compute-optimizer``: [``botocore``] Documentation updates for Compute Optimizer
  * api-change:``eks``: [``botocore``] Adds BOTTLEROCKET_ARM_64_NVIDIA and BOTTLEROCKET_x86_64_NVIDIA
    AMI types to EKS managed nodegroups
- from version 1.22.10
  * api-change:``evidently``: [``botocore``] Add detail message inside GetExperimentResults API
    response to indicate experiment result availability
  * api-change:``ssm-contacts``: [``botocore``] Fixed an error in the DescribeEngagement example for
    AWS Incident Manager.
  * api-change:``cloudcontrol``: [``botocore``] SDK release for Cloud Control API to include
    paginators for Python SDK.
- from version 1.22.9
  * api-change:``rds``: [``botocore``] Various documentation improvements.
  * api-change:``redshift``: [``botocore``] Introduces new field 'LoadSampleData' in CreateCluster
    operation. Customers can now specify 'LoadSampleData' option during creation of a cluster, which
    results in loading of sample data in the cluster that is created.
  * api-change:``ec2``: [``botocore``] Add new state values for IPAMs, IPAM Scopes, and IPAM Pools.
  * api-change:``mediapackage``: [``botocore``] This release adds Dvb Dash 2014 as an available
    profile option for Dash Origin Endpoints.
  * api-change:``securityhub``: [``botocore``] Documentation updates for Security Hub API reference
  * api-change:``location``: [``botocore``] Amazon Location Service now includes a MaxResults
    parameter for ListGeofences requests.
- from version 1.22.8
  * api-change:``ec2``: [``botocore``] Amazon EC2 I4i instances are powered by 3rd generation Intel
    Xeon Scalable processors and feature up to 30 TB of local AWS Nitro SSD storage
  * api-change:``kendra``: [``botocore``] AWS Kendra now supports hierarchical facets for a query.
    For more information, see https://docs.aws.amazon.com/kendra/latest/dg/filtering.html
  * api-change:``iot``: [``botocore``] AWS IoT Jobs now allows you to create up to 100,000 active
    continuous and snapshot jobs by using concurrency control.
  * api-change:``datasync``: [``botocore``] AWS DataSync now supports a new ObjectTags Task API
    option that can be used to control whether Object Tags are transferred.
- from version 1.22.7
  * api-change:``ssm``: [``botocore``] This release adds the TargetMaps parameter in SSM State
    Manager API.
  * api-change:``backup``: [``botocore``] Adds support to 2 new filters about job complete time for 3
    list jobs APIs in AWS Backup
  * api-change:``lightsail``: [``botocore``] Documentation updates for Lightsail
  * api-change:``iotsecuretunneling``: [``botocore``] This release introduces a new API
    RotateTunnelAccessToken that allow revoking the existing tokens and generate new tokens
- from version 1.22.6
  * api-change:``ec2``: [``botocore``] Adds support for allocating Dedicated Hosts on AWS  Outposts.
    The AllocateHosts API now accepts an OutpostArn request  parameter, and the DescribeHosts API now
    includes an OutpostArn response parameter.
  * api-change:``s3``: [``botocore``] Documentation only update for doc bug fixes for the S3 API docs.
  * api-change:``kinesisvideo``: [``botocore``] Add support for multiple image feature related APIs
    for configuring image generation and notification of a video stream. Add "/GET_IMAGES"/ to the list
    of supported API names for the GetDataEndpoint API.
  * api-change:``sagemaker``: [``botocore``] SageMaker Autopilot adds new metrics for all candidate
    models generated by Autopilot experiments; RStudio on SageMaker now allows users to bring your own
    development environment in a custom image.
  * api-change:``kinesis-video-archived-media``: [``botocore``] Add support for GetImages API  for
    retrieving images from a video stream
- from version 1.22.5
  * api-change:``organizations``: [``botocore``] This release adds the INVALID_PAYMENT_INSTRUMENT as
    a fail reason and an error message.
  * api-change:``synthetics``: [``botocore``] CloudWatch Synthetics has introduced a new feature to
    provide customers with an option to delete the underlying resources that Synthetics canary creates
    when the user chooses to delete the canary.
  * api-change:``outposts``: [``botocore``] This release adds a new API called ListAssets to the
    Outposts SDK, which lists the hardware assets in an Outpost.
- from version 1.22.4
  * api-change:``rds``: [``botocore``] Feature - Adds support for Internet Protocol Version 6 (IPv6)
    on RDS database instances.
  * api-change:``codeguru-reviewer``: [``botocore``] Amazon CodeGuru Reviewer now supports
    suppressing recommendations from being generated on specific files and directories.
  * api-change:``ssm``: [``botocore``] Update the StartChangeRequestExecution, adding TargetMaps to
    the Runbook parameter
  * api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK nows supports creation
    of Dolby Vision profile 8.1, the ability to generate black frames of video, and introduces
    audio-only DASH and CMAF support.
  * api-change:``wafv2``: [``botocore``] You can now inspect all request headers and all cookies. You
    can now specify how to handle oversize body contents in your rules that inspect the body.
- from version 1.22.3
  * api-change:``auditmanager``: [``botocore``] This release adds documentation updates for Audit
    Manager. We provided examples of how to use the Custom_ prefix for the keywordValue attribute. We
    also provided more details about the DeleteAssessmentReport operation.
  * api-change:``network-firewall``: [``botocore``] AWS Network Firewall adds support for stateful
    threat signature AWS managed rule groups.
  * api-change:``ec2``: [``botocore``] This release adds support to query the public key and creation
    date of EC2 Key Pairs. Additionally, the format (pem or ppk) of a key pair can be specified when
    creating a new key pair.
  * api-change:``braket``: [``botocore``] This release enables Braket Hybrid Jobs with Embedded
    Simulators to have multiple instances.
  * api-change:``guardduty``: [``botocore``] Documentation update for API description.
  * api-change:``connect``: [``botocore``] This release introduces an API for changing the current
    agent status of a user in Connect.
- from version 1.22.2
  * api-change:``rekognition``: [``botocore``] This release adds support to configure
    stream-processor resources for label detections on streaming-videos. UpateStreamProcessor API is
    also launched with this release, which could be used to update an existing stream-processor.
  * api-change:``cloudtrail``: [``botocore``] Increases the retention period maximum to 2557 days.
    Deprecates unused fields of the ListEventDataStores API response. Updates documentation.
  * api-change:``lookoutequipment``: [``botocore``] This release adds the following new features: 1)
    Introduces an option for automatic schema creation 2) Now allows for Ingestion of data containing
    most common errors and allows automatic data cleaning 3) Introduces new API ListSensorStatistics
    that gives further information about the ingested data
  * api-change:``iotwireless``: [``botocore``] Add list support for event configurations, allow to
    get and update event configurations by resource type, support LoRaWAN events; Make
    NetworkAnalyzerConfiguration as a resource, add List, Create, Delete API support; Add FCntStart
    attribute support for ABP WirelessDevice.
  * api-change:``amplify``: [``botocore``] Documentation only update to support the Amplify GitHub
    App feature launch
  * api-change:``chime-sdk-media-pipelines``: [``botocore``] For Amazon Chime SDK meetings, the
    Amazon Chime Media Pipelines SDK allows builders to capture audio, video, and content share
    streams. You can also capture meeting events, live transcripts, and data messages. The pipelines
    save the artifacts to an Amazon S3 bucket that you designate.
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Autopilot adds support for custom
    validation dataset and validation ratio through the CreateAutoMLJob and DescribeAutoMLJob APIs.
- Update BuildRequires and Requires from setup.py
- Update to version 1.22.1
  * api-change:``lightsail``: [``botocore``] This release adds support for Lightsail load balancer
    HTTP to HTTPS redirect and TLS policy configuration.
  * api-change:``sagemaker``: [``botocore``] SageMaker Inference Recommender now accepts customer KMS
    key ID for encryption of endpoints and compilation outputs created during inference recommendation.
  * api-change:``pricing``: [``botocore``] Documentation updates for Price List API
  * api-change:``glue``: [``botocore``] This release adds documentation for the APIs to create, read,
    delete, list, and batch read of AWS Glue custom patterns, and for Lake Formation configuration
    settings in the AWS Glue crawler.
  * api-change:``cloudfront``: [``botocore``] CloudFront now supports the Server-Timing header in
    HTTP responses sent from CloudFront. You can use this header to view metrics that help you gain
    insights about the behavior and performance of CloudFront. To use this header, enable it in a
    response headers policy.
  * api-change:``ivschat``: [``botocore``] Adds new APIs for IVS Chat, a feature for building
    interactive chat experiences alongside an IVS broadcast.
  * api-change:``network-firewall``: [``botocore``] AWS Network Firewall now enables customers to use
    a customer managed AWS KMS key for the encryption of their firewall resources.
- from version 1.22.0
  * api-change:``gamelift``: [``botocore``] Documentation updates for Amazon GameLift.
  * api-change:``mq``: [``botocore``] This release adds the CRITICAL_ACTION_REQUIRED broker state and
    the ActionRequired API property. CRITICAL_ACTION_REQUIRED informs you when your broker is degraded.
    ActionRequired provides you with a code which you can use to find instructions in the Developer
    Guide on how to resolve the issue.
  * feature:IMDS: [``botocore``] Added resiliency mechanisms to IMDS Credential Fetcher
  * api-change:``securityhub``: [``botocore``] Security Hub now lets you opt-out of auto-enabling the
    defaults standards (CIS and FSBP) in accounts that are auto-enabled with Security Hub via Security
    Hub's integration with AWS Organizations.
  * api-change:``connect``: [``botocore``] This release adds SearchUsers API which can be used to
    search for users with a Connect Instance
  * api-change:``rds-data``: [``botocore``] Support to receive SQL query results in the form of a
    simplified JSON string. This enables developers using the new JSON string format to more easily
    convert it to an object using popular JSON string parsing libraries.
- from version 1.21.46
  * api-change:``chime-sdk-meetings``: [``botocore``] Include additional exceptions types.
  * api-change:``ec2``: [``botocore``] Adds support for waiters that automatically poll for a deleted
    NAT Gateway until it reaches the deleted state.
- from version 1.21.45
  * api-change:``wisdom``: [``botocore``] This release updates the GetRecommendations API to include
    a trigger event list for classifying and grouping recommendations.
  * api-change:``elasticache``: [``botocore``] Doc only update for ElastiCache
  * api-change:``iottwinmaker``: [``botocore``] General availability (GA) for AWS IoT TwinMaker. For
    more information, see https://docs.aws.amazon.com/iot-twinmaker/latest/apireference/Welcome.html
  * api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
  * api-change:``mediatailor``: [``botocore``] This release introduces tiered channels and adds
    support for live sources. Customers using a STANDARD channel can now create programs using live
    sources.
  * api-change:``storagegateway``: [``botocore``] This release adds support for minimum of 5
    character length virtual tape barcodes.
  * api-change:``lookoutmetrics``: [``botocore``] Added DetectMetricSetConfig API for detecting
    configuration required for creating metric set from provided S3 data source.
  * api-change:``iotsitewise``: [``botocore``] This release adds 3 new batch data query APIs :
    BatchGetAssetPropertyValue, BatchGetAssetPropertyValueHistory and BatchGetAssetPropertyAggregates
  * api-change:``glue``: [``botocore``] This release adds APIs to create, read, delete, list, and
    batch read of Glue custom entity types
- from version 1.21.44
  * api-change:``macie2``: [``botocore``] Sensitive data findings in Amazon Macie now indicate how
    Macie found the sensitive data that produced a finding (originType).
  * api-change:``rds``: [``botocore``] Added a new cluster-level attribute to set the capacity range
    for Aurora Serverless v2 instances.
  * api-change:``mgn``: [``botocore``] Removed required annotation from input fields in Describe
    operations requests. Added quotaValue to ServiceQuotaExceededException
  * api-change:``connect``: [``botocore``] This release adds APIs to search, claim, release, list,
    update, and describe phone numbers. You can also use them to associate and disassociate contact
    flows to phone numbers.
- from version 1.21.43
  * api-change:``textract``: [``botocore``] This release adds support for specifying and extracting
    information from documents using the Queries feature within Analyze Document API
  * api-change:``worklink``: [``botocore``] Amazon WorkLink is no longer supported. This will be
    removed in a future version of the SDK.
  * api-change:``ssm``: [``botocore``] Added offset support for specifying the number of days to wait
    after the date and time specified by a CRON expression when creating SSM association.
  * api-change:``autoscaling``: [``botocore``] EC2 Auto Scaling now adds default instance warm-up
    times for all scaling activities, health check replacements, and other replacement events in the
    Auto Scaling instance lifecycle.
  * api-change:``personalize``: [``botocore``] Adding StartRecommender and StopRecommender APIs for
    Personalize.
  * api-change:``kendra``: [``botocore``] Amazon Kendra now provides a data source connector for
    Quip. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-quip.html
  * api-change:``polly``: [``botocore``] Amazon Polly adds new Austrian German voice - Hannah. Hannah
    is available as Neural voice only.
  * api-change:``transfer``: [``botocore``] This release contains corrected HomeDirectoryMappings
    examples for several API functions: CreateAccess, UpdateAccess, CreateUser, and UpdateUser,.
  * api-change:``kms``: [``botocore``] Adds support for KMS keys and APIs that generate and verify
    HMAC codes
  * api-change:``redshift``: [``botocore``] Introduces new fields for LogDestinationType and
    LogExports on EnableLogging requests and Enable/Disable/DescribeLogging responses. Customers can
    now select CloudWatch Logs as a destination for their Audit Logs.
- from version 1.21.42
  * api-change:``lightsail``: [``botocore``] This release adds support to describe the
    synchronization status of the account-level block public access feature for your Amazon Lightsail
    buckets.
  * api-change:``rds``: [``botocore``] Removes Amazon RDS on VMware with the deletion of APIs related
    to Custom Availability Zones and Media installation
  * api-change:``athena``: [``botocore``] This release adds subfields, ErrorMessage, Retryable, to
    the AthenaError response object in the GetQueryExecution API when a query fails.
- from version 1.21.41
  * api-change:``batch``: [``botocore``] Enables configuration updates for compute environments with
    BEST_FIT_PROGRESSIVE and SPOT_CAPACITY_OPTIMIZED allocation strategies.
  * api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
  * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
  * api-change:``appstream``: [``botocore``] Includes updates for create and update fleet APIs to
    manage the session scripts locations for Elastic fleets.
  * api-change:``glue``: [``botocore``] Auto Scaling for Glue version 3.0 and later jobs to
    dynamically scale compute resources. This SDK change provides customers with the auto-scaled DPU
    usage
  * api-change:``appflow``: [``botocore``] Enables users to pass custom token URL parameters for
    Oauth2 authentication during create connector profile
- from version 1.21.40
  * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
  * api-change:``fsx``: [``botocore``] This release adds support for deploying FSx for ONTAP file
    systems in a single Availability Zone.
- from version 1.21.39
  * api-change:``ec2``: [``botocore``] X2idn and X2iedn instances are powered by 3rd generation Intel
    Xeon Scalable processors with an all-core turbo frequency up to 3.5 GHzAmazon EC2. C6a instances
    are powered by 3rd generation AMD EPYC processors.
  * api-change:``devops-guru``: [``botocore``] This release adds new APIs DeleteInsight to deletes
    the insight along with the associated anomalies, events and recommendations.
  * api-change:``efs``: [``botocore``] Update efs client to latest version
  * api-change:``iottwinmaker``: [``botocore``] This release adds the following new features: 1)
    ListEntities API now supports search using ExternalId. 2) BatchPutPropertyValue and
    GetPropertyValueHistory API now allows users to represent time in sub-second level precisions.
- from version 1.21.38
  * api-change:``amplifyuibuilder``: [``botocore``] In this release, we have added the ability to
    bind events to component level actions.
  * api-change:``apprunner``: [``botocore``] This release adds tracing for App Runner services with
    X-Ray using AWS Distro for OpenTelemetry. New APIs: CreateObservabilityConfiguration,
    DescribeObservabilityConfiguration, ListObservabilityConfigurations, and
    DeleteObservabilityConfiguration. Updated APIs: CreateService and UpdateService.
  * api-change:``workspaces``: [``botocore``] Added API support that allows customers to create
    GPU-enabled WorkSpaces using EC2 G4dn instances.
- from version 1.21.37
  * api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has added support for
    the pass-through of WebVTT styling to WebVTT outputs, pass-through of KLV metadata to supported
    formats, and improved filter support for processing 444/RGB content.
  * api-change:``wafv2``: [``botocore``] Add a new CurrentDefaultVersion field to
    ListAvailableManagedRuleGroupVersions API response; add a new VersioningSupported boolean to each
    ManagedRuleGroup returned from ListAvailableManagedRuleGroups API response.
  * api-change:``mediapackage-vod``: [``botocore``] This release adds ScteMarkersSource as an
    available field for Dash Packaging Configurations. When set to MANIFEST, MediaPackage will source
    the SCTE-35 markers from the manifest. When set to SEGMENTS, MediaPackage will source the SCTE-35
    markers from the segments.
- from version 1.21.36
  * api-change:``apigateway``: [``botocore``] ApiGateway CLI command get-usage now includes
    usagePlanId, startDate, and endDate fields in the output to match documentation.
  * api-change:``personalize``: [``botocore``] This release provides tagging support in AWS
    Personalize.
  * api-change:``pi``: [``botocore``] Adds support for DocumentDB to the Performance Insights API.
  * api-change:``events``: [``botocore``] Update events client to latest version
  * api-change:``docdb``: [``botocore``] Added support to enable/disable performance insights when
    creating or modifying db instances
  * api-change:``sagemaker``: [``botocore``] Amazon Sagemaker Notebook Instances now supports G5
    instance types
- from version 1.21.35
  * bugfix:Proxy: [``botocore``] Fix failure case for IP proxy addresses using TLS-in-TLS.
    `boto/botocore#2652 <https://github.com/boto/botocore/pull/2652>`__
  * api-change:``config``: [``botocore``] Add resourceType enums for AWS::EMR::SecurityConfiguration
    and AWS::SageMaker::CodeRepository
  * api-change:``panorama``: [``botocore``] Added Brand field to device listings.
  * api-change:``lambda``: [``botocore``] This release adds new APIs for creating and managing Lambda
    Function URLs and adds a new FunctionUrlAuthType parameter to the AddPermission API. Customers can
    use Function URLs to create built-in HTTPS endpoints on their functions.
  * api-change:``kendra``: [``botocore``] Amazon Kendra now provides a data source connector for Box.
    For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-box.html
- from version 1.21.34
  * api-change:``securityhub``: [``botocore``] Added additional ASFF details for RdsSecurityGroup
    AutoScalingGroup, ElbLoadBalancer, CodeBuildProject and RedshiftCluster.
  * api-change:``fsx``: [``botocore``] Provide customers more visibility into file system status by
    adding new "/Misconfigured Unavailable"/ status for Amazon FSx for Windows File Server.
  * api-change:``s3control``: [``botocore``] Documentation-only update for doc bug fixes for the S3
    Control API docs.
  * api-change:``datasync``: [``botocore``] AWS DataSync now supports Amazon FSx for OpenZFS
    locations.
- from version 1.21.33
  * api-change:``iot``: [``botocore``] AWS IoT - AWS IoT Device Defender adds support to list metric
    datapoints collected for IoT devices through the ListMetricValues API
  * api-change:``servicecatalog``: [``botocore``] This release adds ProvisioningArtifictOutputKeys to
    DescribeProvisioningParameters to reference the outputs of a Provisioned Product and deprecates
    ProvisioningArtifactOutputs.
  * api-change:``sms``: [``botocore``] Revised product update notice for SMS console deprecation.
  * api-change:``proton``: [``botocore``] SDK release to support tagging for AWS Proton Repository
    resource
  * enhancement:AWSCRT: [``botocore``] Upgrade awscrt version to 0.13.8
- Update BuildRequires and Requires from setup.py
- Update to version 1.21.32
  * api-change:``connect``: [``botocore``] This release updates these APIs: UpdateInstanceAttribute,
    DescribeInstanceAttribute and ListInstanceAttributes. You can use it to programmatically
    enable/disable multi-party conferencing using attribute type MULTI_PARTY_CONFERENCING on the
    specified Amazon Connect instance.
- from version 1.21.31
  * api-change:``cloudcontrol``: [``botocore``] SDK release for Cloud Control API in Amazon Web
    Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia)
    Region, operated by NWCD
  * api-change:``pinpoint-sms-voice-v2``: [``botocore``] Amazon Pinpoint now offers a version 2.0
    suite of SMS and voice APIs, providing increased control over sending and configuration. This
    release is a new SDK for sending SMS and voice messages called PinpointSMSVoiceV2.
  * api-change:``workspaces``: [``botocore``] Added APIs that allow you to customize the logo, login
    message, and help links in the WorkSpaces client login page. To learn more, visit
    https://docs.aws.amazon.com/workspaces/latest/adminguide/customize-branding.html
  * api-change:``route53-recovery-cluster``: [``botocore``] This release adds a new API
    "/ListRoutingControls"/ to list routing control states using the highly reliable Route 53 ARC data
    plane endpoints.
  * api-change:``databrew``: [``botocore``] This AWS Glue Databrew release adds feature to support
    ORC as an input format.
  * api-change:``auditmanager``: [``botocore``] This release adds documentation updates for Audit
    Manager. The updates provide data deletion guidance when a customer deregisters Audit Manager or
    deregisters a delegated administrator.
  * api-change:``grafana``: [``botocore``] This release adds tagging support to the Managed Grafana
    service. New APIs: TagResource, UntagResource and ListTagsForResource. Updates: add optional field
    tags to support tagging while calling CreateWorkspace.
- from version 1.21.30
  * api-change:``iot-data``: [``botocore``] Update the default AWS IoT Core Data Plane endpoint from
    VeriSign signed to ATS signed. If you have firewalls with strict egress rules, configure the rules
    to grant you access to data-ats.iot.[region].amazonaws.com or
    data-ats.iot.[region].amazonaws.com.cn.
  * api-change:``ec2``: [``botocore``] This release simplifies the auto-recovery configuration
    process enabling customers to set the recovery behavior to disabled or default
  * api-change:``fms``: [``botocore``] AWS Firewall Manager now supports the configuration of
    third-party policies that can use either the centralized or distributed deployment models.
  * api-change:``fsx``: [``botocore``] This release adds support for modifying throughput capacity
    for FSx for ONTAP file systems.
  * api-change:``iot``: [``botocore``] Doc only update for IoT that fixes customer-reported issues.
- from version 1.21.29
  * api-change:``organizations``: [``botocore``] This release provides the new CloseAccount API that
    enables principals in the management account to close any member account within an organization.
- from version 1.21.28
  * api-change:``medialive``: [``botocore``] This release adds support for selecting a maintenance
    window.
  * api-change:``acm-pca``: [``botocore``] Updating service name entities
- from version 1.21.27
  * api-change:``ec2``: [``botocore``] This is release adds support for Amazon VPC Reachability
    Analyzer to analyze path through a Transit Gateway.
  * api-change:``ssm``: [``botocore``] This Patch Manager release supports creating, updating, and
    deleting Patch Baselines for Rocky Linux OS.
  * api-change:``batch``: [``botocore``] Bug Fix: Fixed a bug where shapes were marked as unboxed and
    were not serialized and sent over the wire, causing an API error from the service.
- from version 1.21.26
  * api-change:``lambda``: [``botocore``] Adds support for increased ephemeral storage (/tmp) up to
    10GB for Lambda functions. Customers can now provision up to 10 GB of ephemeral storage per
    function instance, a 20x increase over the previous limit of 512 MB.
  * api-change:``config``: [``botocore``] Added new APIs GetCustomRulePolicy and
    GetOrganizationCustomRulePolicy, and updated existing APIs PutConfigRule, DescribeConfigRule,
    DescribeConfigRuleEvaluationStatus, PutOrganizationConfigRule, DescribeConfigRule to support a new
    feature for building AWS Config rules with AWS CloudFormation Guard
  * api-change:``transcribe``: [``botocore``] This release adds an additional parameter for
    subtitling with Amazon Transcribe batch jobs: outputStartIndex.
- from version 1.21.25
  * api-change:``redshift``: [``botocore``] This release adds a new [--encrypted | --no-encrypted]
    field in restore-from-cluster-snapshot API. Customers can now restore an unencrypted snapshot to a
    cluster encrypted with AWS Managed Key or their own KMS key.
  * api-change:``ebs``: [``botocore``] Increased the maximum supported value for the Timeout
    parameter of the StartSnapshot API from 60 minutes to 4320 minutes.  Changed the HTTP error code
    for ConflictException from 503 to 409.
  * api-change:``gamesparks``: [``botocore``] Released the preview of Amazon GameSparks, a fully
    managed AWS service that provides a multi-service backend for game developers.
  * api-change:``elasticache``: [``botocore``] Doc only update for ElastiCache
  * api-change:``transfer``: [``botocore``] Documentation updates for AWS Transfer Family to describe
    how to remove an associated workflow from a server.
  * api-change:``auditmanager``: [``botocore``] This release updates 1 API parameter, the SnsArn
    attribute. The character length and regex pattern for the SnsArn attribute have been updated, which
    enables you to deselect an SNS topic when using the UpdateSettings operation.
  * api-change:``ssm``: [``botocore``] Update AddTagsToResource, ListTagsForResource, and
    RemoveTagsFromResource APIs to reflect the support for tagging Automation resources. Includes other
    minor documentation updates.
- from version 1.21.24
  * api-change:``location``: [``botocore``] Amazon Location Service now includes a MaxResults
    parameter for GetDevicePositionHistory requests.
  * api-change:``polly``: [``botocore``] Amazon Polly adds new Catalan voice - Arlet. Arlet is
    available as Neural voice only.
  * api-change:``lakeformation``: [``botocore``] The release fixes the incorrect permissions called
    out in the documentation - DESCRIBE_TAG, ASSOCIATE_TAG, DELETE_TAG, ALTER_TAG. This trebuchet
    release fixes the corresponding SDK and documentation.
  * api-change:``ecs``: [``botocore``] Documentation only update to address tickets
  * api-change:``ce``: [``botocore``] Added three new APIs to support tagging and resource-level
    authorization on Cost Explorer resources: TagResource, UntagResource, ListTagsForResource.  Added
    optional parameters to CreateCostCategoryDefinition, CreateAnomalySubscription and
    CreateAnomalyMonitor APIs to support Tag On Create.
- from version 1.21.23
  * api-change:``ram``: [``botocore``] Document improvements to the RAM API operations and parameter
    descriptions.
  * api-change:``ecr``: [``botocore``] This release includes a fix in the DescribeImageScanFindings
    paginated output.
  * api-change:``quicksight``: [``botocore``] AWS QuickSight Service Features - Expand public API
    support for group management.
  * api-change:``chime-sdk-meetings``: [``botocore``] Add support for media replication to link
    multiple WebRTC media sessions together to reach larger and global audiences. Participants
    connected to a replica session can be granted access to join the primary session and can switch
    sessions with their existing WebRTC connection
  * api-change:``mediaconnect``: [``botocore``] This release adds support for selecting a maintenance
    window.
- from version 1.21.22
  * enhancement:jmespath: [``botocore``] Add env markers to get working version of jmespath for
    python 3.6
  * api-change:``glue``: [``botocore``] Added 9 new APIs for AWS Glue Interactive Sessions:
    ListSessions, StopSession, CreateSession, GetSession, DeleteSession, RunStatement, GetStatement,
    ListStatements, CancelStatement
- from version 1.21.21
  * enhancement:Dependency: [``botocore``] Added support for jmespath 1.0
  * api-change:``amplifybackend``: [``botocore``] Adding the ability to customize Cognito
    verification messages for email and SMS in CreateBackendAuth and UpdateBackendAuth. Adding
    deprecation documentation for ForgotPassword in CreateBackendAuth and UpdateBackendAuth
  * api-change:``acm-pca``: [``botocore``] AWS Certificate Manager (ACM) Private Certificate
    Authority (CA) now supports customizable certificate subject names and extensions.
  * api-change:``ssm-incidents``: [``botocore``] Removed incorrect validation pattern for
    IncidentRecordSource.invokedBy
  * enhancement:Dependency: Added support for jmespath 1.0
  * api-change:``billingconductor``: [``botocore``] This is the initial SDK release for AWS Billing
    Conductor. The AWS Billing Conductor is a customizable billing service, allowing you to customize
    your billing data to match your desired business structure.
  * api-change:``s3outposts``: [``botocore``] S3 on Outposts is releasing a new API,
    ListSharedEndpoints, that lists all endpoints associated with S3 on Outpost, that has been shared
    by Resource Access Manager (RAM).
- from version 1.21.20
  * api-change:``robomaker``: [``botocore``] This release deprecates ROS, Ubuntu and Gazbeo from
    RoboMaker Simulation Service Software Suites in favor of user-supplied containers and Relaxed
    Software Suites.
  * api-change:``dataexchange``: [``botocore``] This feature enables data providers to use the
    RevokeRevision operation to revoke subscriber access to a given revision. Subscribers are unable to
    interact with assets within a revoked revision.
  * api-change:``ec2``: [``botocore``] Adds the Cascade parameter to the DeleteIpam API. Customers
    can use this parameter to automatically delete their IPAM, including non-default scopes, pools,
    cidrs, and allocations. There mustn't be any pools provisioned in the default public scope to use
    this parameter.
  * api-change:``cognito-idp``: [``botocore``] Updated EmailConfigurationType and
    SmsConfigurationType to reflect that you can now choose Amazon SES and Amazon SNS resources in the
    same Region.
  * enhancement:AWSCRT: [``botocore``] Upgrade awscrt extra to 0.13.5
  * api-change:``location``: [``botocore``] New HERE style "/VectorHereExplore"/ and
    "/VectorHereExploreTruck"/.
  * api-change:``ecs``: [``botocore``] Documentation only update to address tickets
  * api-change:``keyspaces``: [``botocore``] Fixing formatting issues in CLI and SDK documentation
  * api-change:``rds``: [``botocore``] Various documentation improvements
- from version 1.21.19
  * api-change:``kendra``: [``botocore``] Amazon Kendra now provides a data source connector for
    Slack. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-slack.html
  * api-change:``timestream-query``: [``botocore``] Amazon Timestream Scheduled Queries now support
    Timestamp datatype in a multi-measure record.
  * enhancement:Stubber: [``botocore``] Added support for modeled exception fields when adding errors
    to a client stub. Implements boto/boto3`#3178 <https://github.com/boto/botocore/issues/3178>`__.
  * api-change:``elasticache``: [``botocore``] Doc only update for ElastiCache
  * api-change:``config``: [``botocore``] Add resourceType enums for AWS::ECR::PublicRepository and
    AWS::EC2::LaunchTemplate
- from version 1.21.18
  * api-change:``outposts``: [``botocore``] This release adds address filters for listSites
  * api-change:``lambda``: [``botocore``] Adds PrincipalOrgID support to AddPermission API. Customers
    can use it to manage permissions to lambda functions at AWS Organizations level.
  * api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager.
  * api-change:``connect``: [``botocore``] This release adds support for enabling Rich Messaging when
    starting a new chat session via the StartChatContact API. Rich Messaging enables the following
    formatting options: bold, italics, hyperlinks, bulleted lists, and numbered lists.
  * api-change:``chime``: [``botocore``] Chime VoiceConnector Logging APIs will now support
    MediaMetricLogs. Also CreateMeetingDialOut now returns AccessDeniedException.
- from version 1.21.17
  * api-change:``transcribe``: [``botocore``] Documentation fix for API
    `StartMedicalTranscriptionJobRequest`, now showing min sample rate as 16khz
  * api-change:``transfer``: [``botocore``] Adding more descriptive error types for managed workflows
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
- from version 1.21.16
  * api-change:``comprehend``: [``botocore``] Amazon Comprehend now supports extracting the sentiment
    associated with entities such as brands, products and services from text documents.
- from version 1.21.15
  * api-change:``eks``: [``botocore``] Introducing a new enum for NodeGroup error code:
    Ec2SubnetMissingIpv6Assignment
  * api-change:``keyspaces``: [``botocore``] Adding link to CloudTrail section in Amazon Keyspaces
    Developer Guide
  * api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has added support for
    reading timecode from AVCHD sources and now provides the ability to segment WebVTT at the same
    interval as the video and audio in HLS packages.
- from version 1.21.14
  * api-change:``chime-sdk-meetings``: [``botocore``] Adds support for Transcribe language
    identification feature to the StartMeetingTranscription API.
  * api-change:``ecs``: [``botocore``] Amazon ECS UpdateService API now supports additional
    parameters: loadBalancers, propagateTags, enableECSManagedTags, and serviceRegistries
  * api-change:``migration-hub-refactor-spaces``: [``botocore``] AWS Migration Hub Refactor Spaces
    documentation update.
- from version 1.21.13
  * api-change:``synthetics``: [``botocore``] Allow custom handler function.
  * api-change:``transfer``: [``botocore``] Add waiters for server online and offline.
  * api-change:``devops-guru``: [``botocore``] Amazon DevOps Guru now integrates with Amazon CodeGuru
    Profiler. You can view CodeGuru Profiler recommendations for your AWS Lambda function in DevOps
    Guru. This feature is enabled by default for new customers as of 3/4/2022. Existing customers can
    enable this feature with UpdateEventSourcesConfig.
  * api-change:``macie``: [``botocore``] Amazon Macie Classic (macie) has been discontinued and is no
    longer available. A new Amazon Macie (macie2) is now available with significant design improvements
    and additional features.
  * api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
  * api-change:``sts``: [``botocore``] Documentation updates for AWS Security Token Service.
  * api-change:``connect``: [``botocore``] This release updates the *InstanceStorageConfig APIs so
    they support a new ResourceType: REAL_TIME_CONTACT_ANALYSIS_SEGMENTS. Use this resource type to
    enable streaming for real-time contact analysis and to associate the Kinesis stream where real-time
    contact analysis segments will be published.
- from version 1.21.12
  * api-change:``greengrassv2``: [``botocore``] Doc only update that clarifies Create Deployment
    section.
  * api-change:``fsx``: [``botocore``] This release adds support for data repository associations to
    use root ("//"/) as the file system path
  * api-change:``kendra``: [``botocore``] Amazon Kendra now suggests spell corrections for a query.
    For more information, see https://docs.aws.amazon.com/kendra/latest/dg/query-spell-check.html
  * api-change:``appflow``: [``botocore``] Launching Amazon AppFlow Marketo as a destination
    connector SDK.
  * api-change:``timestream-query``: [``botocore``] Documentation only update for SDK and CLI
- from version 1.21.11
  * api-change:``gamelift``: [``botocore``] Minor updates to address errors.
  * api-change:``cloudtrail``: [``botocore``] Add bytesScanned field into responses of DescribeQuery
    and GetQueryResults.
  * api-change:``athena``: [``botocore``] This release adds support for S3 Object Ownership by
    allowing the S3 bucket owner full control canned ACL to be set when Athena writes query results to
    S3 buckets.
  * api-change:``keyspaces``: [``botocore``] This release adds support for data definition language
    (DDL) operations
  * api-change:``ecr``: [``botocore``] This release adds support for tracking images
    lastRecordedPullTime.
- Update BuildRequires and Requires from setup.py
- Update to version 1.21.10
  * api-change:``mediapackage``: [``botocore``] This release adds Hybridcast as an available profile
    option for Dash Origin Endpoints.
  * api-change:``rds``: [``botocore``] Documentation updates for Multi-AZ DB clusters.
  * api-change:``mgn``: [``botocore``] Add support for GP3 and IO2 volume types. Add bootMode to
    LaunchConfiguration object (and as a parameter to UpdateLaunchConfigurationRequest).
  * api-change:``kafkaconnect``: [``botocore``] Adds operation for custom plugin deletion
    (DeleteCustomPlugin) and adds new StateDescription field to DescribeCustomPlugin and
    DescribeConnector responses to return errors from asynchronous resource creation.
- from version 1.21.9
  * api-change:``finspace-data``: [``botocore``] Add new APIs for managing Users and Permission
    Groups.
  * api-change:``amplify``: [``botocore``] Add repositoryCloneMethod field for hosting an Amplify
    app. This field shows what authorization method is used to clone the repo: SSH, TOKEN, or SIGV4.
  * api-change:``fsx``: [``botocore``] This release adds support for the following FSx for OpenZFS
    features: snapshot lifecycle transition messages, force flag for deleting file systems with child
    resources, LZ4 data compression, custom record sizes, and unsetting volume quotas and reservations.
  * api-change:``fis``: [``botocore``] This release adds logging support for AWS Fault Injection
    Simulator experiments. Experiment templates can now be configured to send experiment activity logs
    to Amazon CloudWatch Logs or to an S3 bucket.
  * api-change:``route53-recovery-cluster``: [``botocore``] This release adds a new API option to
    enable overriding safety rules to allow routing control state updates.
  * api-change:``amplifyuibuilder``: [``botocore``] We are adding the ability to configure workflows
    and actions for components.
  * api-change:``athena``: [``botocore``] This release adds support for updating an existing named
    query.
  * api-change:``ec2``: [``botocore``] This release adds support for new AMI property
    'lastLaunchedTime'
  * api-change:``servicecatalog-appregistry``: [``botocore``] AppRegistry is deprecating Application
    and Attribute-Group Name update feature. In this release, we are marking the name attributes for
    Update APIs as deprecated to give a heads up to our customers.
- from version 1.21.8
  * api-change:``elasticache``: [``botocore``] Doc only update for ElastiCache
  * api-change:``panorama``: [``botocore``] Added NTP server configuration parameter to
    ProvisionDevice operation. Added alternate software fields to DescribeDevice response
- from version 1.21.7
  * api-change:``route53``: [``botocore``] SDK doc update for Route 53 to update some parameters with
    new information.
  * api-change:``databrew``: [``botocore``] This AWS Glue Databrew release adds feature to merge job
    outputs into a max number of files for S3 File output type.
  * api-change:``transfer``: [``botocore``] Support automatic pagination when listing AWS Transfer
    Family resources.
  * api-change:``s3control``: [``botocore``] Amazon S3 Batch Operations adds support for new
    integrity checking capabilities in Amazon S3.
  * api-change:``s3``: [``botocore``] This release adds support for new integrity checking
    capabilities in Amazon S3. You can choose from four supported checksum algorithms for data
    integrity checking on your upload and download requests. In addition, AWS SDK can automatically
    calculate a checksum as it streams data into S3
  * api-change:``fms``: [``botocore``] AWS Firewall Manager now supports the configuration of AWS
    Network Firewall policies with either centralized or distributed deployment models. This release
    also adds support for custom endpoint configuration, where you can choose which Availability Zones
    to create firewall endpoints in.
  * api-change:``lightsail``: [``botocore``] This release adds support to delete and create Lightsail
    default key pairs that you can use with Lightsail instances.
  * api-change:``autoscaling``: [``botocore``] You can now hibernate instances in a warm pool to stop
    instances without deleting their RAM contents. You can now also return instances to the warm pool
    on scale in, instead of always terminating capacity that you will need later.
- from version 1.21.6
  * api-change:``transfer``: [``botocore``] The file input selection feature provides the ability to
    use either the originally uploaded file or the output file from the previous workflow step,
    enabling customers to make multiple copies of the original file while keeping the source file
    intact for file archival.
  * api-change:``lambda``: [``botocore``] Lambda releases .NET 6 managed runtime to be available in
    all commercial regions.
  * api-change:``textract``: [``botocore``] Added support for merged cells and column header for
    table response.
- from version 1.21.5
  * api-change:``translate``: [``botocore``] This release enables customers to use translation
    settings for formality customization in their synchronous translation output.
  * api-change:``wafv2``: [``botocore``] Updated descriptions for logging configuration.
  * api-change:``apprunner``: [``botocore``] AWS App Runner adds a Java platform (Corretto 8,
    Corretto 11 runtimes) and a Node.js 14 runtime.
- from version 1.21.4
  * api-change:``imagebuilder``: [``botocore``] This release adds support to enable faster launching
    for Windows AMIs created by EC2 Image Builder.
  * api-change:``customer-profiles``: [``botocore``] This release introduces apis
    CreateIntegrationWorkflow, DeleteWorkflow, ListWorkflows, GetWorkflow and GetWorkflowSteps. These
    apis are used to manage and view integration workflows.
  * api-change:``dynamodb``: [``botocore``] DynamoDB ExecuteStatement API now supports Limit as a
    request parameter to specify the maximum number of items to evaluate. If specified, the service
    will process up to the Limit and the results will include a LastEvaluatedKey value to continue the
    read in a subsequent operation.
- from version 1.21.3
  * api-change:``transfer``: [``botocore``] Properties for Transfer Family used with SFTP, FTP, and
    FTPS protocols. Display Banners are bodies of text that can be displayed before and/or after a user
    authenticates onto a server using one of the previously mentioned protocols.
  * api-change:``gamelift``: [``botocore``] Increase string list limit from 10 to 100.
  * api-change:``budgets``: [``botocore``] This change introduces
    DescribeBudgetNotificationsForAccount API which returns budget notifications for the specified
    account
- from version 1.21.2
  * api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management
    (IAM).
  * api-change:``redshift``: [``botocore``] SDK release for Cross region datasharing and cost-control
    for cross region datasharing
  * api-change:``evidently``: [``botocore``] Add support for filtering list of experiments and
    launches by status
  * api-change:``backup``: [``botocore``] AWS Backup add new S3_BACKUP_OBJECT_FAILED and
    S3_RESTORE_OBJECT_FAILED event types in BackupVaultNotifications events list.
- from version 1.21.1
  * api-change:``ec2``: [``botocore``] Documentation updates for EC2.
  * api-change:``budgets``: [``botocore``] Adds support for auto-adjusting budgets, a new budget
    method alongside fixed and planned. Auto-adjusting budgets introduces new metadata to configure a
    budget limit baseline using a historical lookback average or current period forecast.
  * api-change:``ce``: [``botocore``] AWS Cost Anomaly Detection now supports SNS FIFO topic
    subscribers.
  * api-change:``glue``: [``botocore``] Support for optimistic locking in UpdateTable
  * api-change:``ssm``: [``botocore``] Assorted ticket fixes and updates for AWS Systems Manager.
- Update BuildRequires and Requires from setup.py
- actually does not require python-mock for build
- Update to version 1.21.0
  * api-change:``appflow``: [``botocore``] Launching Amazon AppFlow SAP as a destination connector
    SDK.
  * feature:Parser: [``botocore``] Adding support for parsing int/long types in rest-json response
    headers.
  * api-change:``rds``: [``botocore``] Adds support for determining which Aurora PostgreSQL versions
    support Babelfish.
  * api-change:``athena``: [``botocore``] This release adds a subfield, ErrorType, to the AthenaError
    response object in the GetQueryExecution API when a query fails.
- from version 1.20.54
  * api-change:``ssm``: [``botocore``] Documentation updates for AWS Systems Manager.
- from version 1.20.53
  * api-change:``cloudformation``: [``botocore``] This SDK release adds AWS CloudFormation Hooks
    HandlerErrorCodes
  * api-change:``lookoutvision``: [``botocore``] This release makes CompilerOptions in Lookout for
    Vision's StartModelPackagingJob's Configuration object optional.
  * api-change:``pinpoint``: [``botocore``] This SDK release adds a new paramater creation date for
    GetApp and GetApps Api call
  * api-change:``sns``: [``botocore``] Customer requested typo fix in API documentation.
  * api-change:``wafv2``: [``botocore``] Adds support for AWS WAF Fraud Control account takeover
    prevention (ATP), with configuration options for the new managed rule group
    AWSManagedRulesATPRuleSet and support for application integration SDKs for Android and iOS mobile
    apps.
- from version 1.20.52
  * api-change:``cloudformation``: [``botocore``] This SDK release is for the feature launch of AWS
    CloudFormation Hooks.
- from version 1.20.51
  * api-change:``kendra``: [``botocore``] Amazon Kendra now provides a data source connector for
    Amazon FSx. For more information, see
    https://docs.aws.amazon.com/kendra/latest/dg/data-source-fsx.html
  * api-change:``apprunner``: [``botocore``] This release adds support for App Runner to route
    outbound network traffic of a service through an Amazon VPC. New API: CreateVpcConnector,
    DescribeVpcConnector, ListVpcConnectors, and DeleteVpcConnector. Updated API: CreateService,
    DescribeService, and UpdateService.
  * api-change:``s3control``: [``botocore``] This release adds support for S3 Batch Replication.
    Batch Replication lets you replicate existing objects, already replicated objects to new
    destinations, and objects that previously failed to replicate. Customers will receive object-level
    visibility of progress and a detailed completion report.
  * api-change:``sagemaker``: [``botocore``] Autopilot now generates an additional report with
    information on the performance of the best model, such as a Confusion matrix and  Area under the
    receiver operating characteristic (AUC-ROC). The path to the report can be found in
    CandidateArtifactLocations.
- from version 1.20.50
  * api-change:``auditmanager``: [``botocore``] This release updates 3 API parameters.
    UpdateAssessmentFrameworkControlSet now requires the controls attribute, and
    CreateAssessmentFrameworkControl requires the id attribute. Additionally, UpdateAssessmentFramework
    now has a minimum length constraint for the controlSets attribute.
  * api-change:``synthetics``: [``botocore``] Adding names parameters to the Describe APIs.
  * api-change:``ssm-incidents``: [``botocore``] Update RelatedItem enum to support SSM Automation
  * api-change:``events``: [``botocore``] Update events client to latest version
  * enhancement:Lambda Request Header: [``botocore``] Adding request header for Lambda recursion
    detection.
- from version 1.20.49
  * api-change:``athena``: [``botocore``] You can now optionally specify the account ID that you
    expect to be the owner of your query results output location bucket in Athena. If the account ID of
    the query results bucket owner does not match the specified account ID, attempts to output to the
    bucket will fail with an S3 permissions error.
  * api-change:``rds``: [``botocore``] updates for RDS Custom for Oracle 12.1 support
  * api-change:``lakeformation``: [``botocore``] Add support for calling Update Table Objects without
    a TransactionId.
- from version 1.20.48
  * api-change:``ec2``: [``botocore``] adds support for AMIs in Recycle Bin
  * api-change:``robomaker``: [``botocore``] The release deprecates the use various APIs of RoboMaker
    Deployment Service in favor of AWS IoT GreenGrass v2.0.
  * api-change:``meteringmarketplace``: [``botocore``] Add CustomerAWSAccountId to ResolveCustomer
    API response and increase UsageAllocation limit to 2500.
  * api-change:``rbin``: [``botocore``] Add EC2 Image recycle bin support.
- from version 1.20.47
  * api-change:``emr``: [``botocore``] Update emr client to latest version
  * api-change:``personalize``: [``botocore``] Adding minRecommendationRequestsPerSecond attribute to
    recommender APIs.
  * enhancement:Request headers: [``botocore``] Adding request headers with retry information.
  * api-change:``appflow``: [``botocore``] Launching Amazon AppFlow Custom Connector SDK.
  * api-change:``dynamodb``: [``botocore``] Documentation update for DynamoDB Java SDK.
  * api-change:``iot``: [``botocore``] This release adds support for configuring AWS IoT logging
    level per client ID, source IP, or principal ID.
  * api-change:``comprehend``: [``botocore``] Amazon Comprehend now supports sharing and importing
    custom trained models from one AWS account to another within the same region.
  * api-change:``ce``: [``botocore``] Doc-only update for Cost Explorer API that adds
    INVOICING_ENTITY dimensions
  * api-change:``fis``: [``botocore``] Added GetTargetResourceType and ListTargetResourceTypesAPI
    actions. These actions return additional details about resource types and parameters that can be
    targeted by FIS actions. Added a parameters field for the targets that can be specified in
    experiment templates.
  * api-change:``es``: [``botocore``] Allows customers to get progress updates for blue/green
    deployments
  * api-change:``glue``: [``botocore``] Launch Protobuf support for AWS Glue Schema Registry
  * api-change:``elasticache``: [``botocore``] Documentation update for AWS ElastiCache
- Update BuildRequires and Requires from setup.py
- Update to version 1.20.46
  * api-change:``appconfigdata``: [``botocore``] Documentation updates for AWS AppConfig Data.
  * api-change:``athena``: [``botocore``] This release adds a field, AthenaError, to the
    GetQueryExecution response object when a query fails.
  * api-change:``appconfig``: [``botocore``] Documentation updates for AWS AppConfig
  * api-change:``cognito-idp``: [``botocore``] Doc updates for Cognito user pools API Reference.
  * api-change:``secretsmanager``: [``botocore``] Feature are ready to release on Jan 28th
  * api-change:``sagemaker``: [``botocore``] This release added a new NNA accelerator compilation
    support for Sagemaker Neo.
- from version 1.20.45
  * api-change:``ec2``: [``botocore``] X2ezn instances are powered by Intel Cascade Lake CPUs that
    deliver turbo all core frequency of up to 4.5 GHz and up to 100 Gbps of networking bandwidth
  * api-change:``kafka``: [``botocore``] Amazon MSK has updated the CreateCluster and
    UpdateBrokerStorage API that allows you to specify volume throughput during cluster creation and
    broker volume updates.
  * api-change:``connect``: [``botocore``] This release adds support for configuring a custom chat
    duration when starting a new chat session via the StartChatContact API. The default value for chat
    duration is 25 hours, minimum configurable value is 1 hour (60 minutes) and maximum configurable
    value is 7 days (10,080 minutes).
  * api-change:``amplify``: [``botocore``] Doc only update to the description of basicauthcredentials
    to describe the required encoding and format.
  * api-change:``opensearch``: [``botocore``] Allows customers to get progress updates for blue/green
    deployments
- from version 1.20.44
  * api-change:``frauddetector``: [``botocore``] Added new APIs for viewing past predictions and
    obtaining prediction metadata including prediction explanations: ListEventPredictions and
    GetEventPredictionMetadata
  * api-change:``ebs``: [``botocore``] Documentation updates for Amazon EBS Direct APIs.
  * api-change:``codeguru-reviewer``: [``botocore``] Added failure state and adjusted timeout in
    waiter
  * api-change:``securityhub``: [``botocore``] Adding top level Sample boolean field
  * api-change:``sagemaker``: [``botocore``] API changes relating to Fail steps in model building
    pipeline and add PipelineExecutionFailureReason in PipelineExecutionSummary.
- from version 1.20.43
  * api-change:``fsx``: [``botocore``] This release adds support for growing SSD storage capacity and
    growing/shrinking SSD IOPS for FSx for ONTAP file systems.
  * api-change:``efs``: [``botocore``] Update efs client to latest version
  * api-change:``connect``: [``botocore``] This release adds support for custom vocabularies to be
    used with Contact Lens. Custom vocabularies improve transcription accuracy for one or more specific
    words.
  * api-change:``guardduty``: [``botocore``] Amazon GuardDuty expands threat detection coverage to
    protect Amazon Elastic Kubernetes Service (EKS) workloads.
- from version 1.20.42
  * api-change:``route53-recovery-readiness``: [``botocore``] Updated documentation for Route53
    Recovery Readiness APIs.
- from version 1.20.41
  * enhancement:Exceptions: [``botocore``] ProxyConnectionError previously provided the full proxy
    URL. User info will now be appropriately masked if needed.
  * api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has added support for
    4K AV1 output resolutions & 10-bit AV1 color, the ability to ingest sidecar Dolby Vision XML
    metadata files, and the ability to flag WebVTT and IMSC tracks for accessibility in HLS.
  * api-change:``transcribe``: [``botocore``] Add support for granular PIIEntityTypes when using
    Batch ContentRedaction.
- Update to version 1.20.40
  * api-change:``guardduty``: [``botocore``] Amazon GuardDuty findings now include
    remoteAccountDetails under AwsApiCallAction section if instance credential is exfiltrated.
  * api-change:``connect``: [``botocore``] This release adds tagging support for UserHierarchyGroups
    resource.
  * api-change:``mediatailor``: [``botocore``] This release adds support for multiple Segment
    Delivery Configurations. Users can provide a list of names and URLs when creating or editing a
    source location. When retrieving content, users can send a header to choose which URL should be
    used to serve content.
  * api-change:``fis``: [``botocore``] Added action startTime and action endTime timestamp fields to
    the ExperimentAction object
  * api-change:``ec2``: [``botocore``] C6i, M6i and R6i instances are powered by a third-generation
    Intel Xeon Scalable processor (Ice Lake) delivering all-core turbo frequency of 3.5 GHz
- from version 1.20.39
  * api-change:``macie2``: [``botocore``] This release of the Amazon Macie API introduces stricter
    validation of requests to create custom data identifiers.
  * api-change:``ec2-instance-connect``: [``botocore``] Adds support for ED25519 keys.
    PushSSHPublicKey Availability Zone parameter is now optional. Adds EC2InstanceStateInvalidException
    for instances that are not running. This was previously a service exception, so this may require
    updating your code to handle this new exception.
- from version 1.20.38
  * api-change:``ivs``: [``botocore``] This release adds support for the new Thumbnail Configuration
    property for Recording Configurations. For more information see
    https://docs.aws.amazon.com/ivs/latest/userguide/record-to-s3.html
  * api-change:``storagegateway``: [``botocore``] Documentation update for adding bandwidth
    throttling support for S3 File Gateways.
  * api-change:``location``: [``botocore``] This release adds the CalculateRouteMatrix API which
    calculates routes for the provided departure and destination positions. The release also deprecates
    the use of pricing plan across all verticals.
  * api-change:``cloudtrail``: [``botocore``] This release fixes a documentation bug in the
    description for the readOnly field selector in advanced event selectors. The description now
    clarifies that users omit the readOnly field selector to select both Read and Write management
    events.
  * api-change:``ec2``: [``botocore``] Add support for AWS Client VPN client login banner and session
    timeout.
- from version 1.20.37
  * enhancement:Configuration: [``botocore``] Adding support for `defaults_mode` configuration. The
    `defaults_mode` will be used to determine how certain default configuration options are resolved in
    the SDK.
- from version 1.20.36
  * api-change:``config``: [``botocore``] Update ResourceType enum with values for CodeDeploy, EC2
    and Kinesis resources
  * api-change:``application-insights``: [``botocore``] Application Insights support for Active
    Directory and SharePoint
  * api-change:``honeycode``: [``botocore``] Added read and write api support for multi-select
    picklist. And added errorcode field to DescribeTableDataImportJob API output, when import job fails.
  * api-change:``ram``: [``botocore``] This release adds the ListPermissionVersions API which lists
    the versions for a given permission.
  * api-change:``lookoutmetrics``: [``botocore``] This release adds a new DeactivateAnomalyDetector
    API operation.
- Update BuildRequires and Requires from setup.py
- Update to version 1.20.35
  * api-change:``pinpoint``: [``botocore``] Adds JourneyChannelSettings to WriteJourneyRequest
  * api-change:``lexv2-runtime``: [``botocore``] Update lexv2-runtime client to latest version
  * api-change:``nimble``: [``botocore``] Amazon Nimble Studio now supports validation for Launch
    Profiles. Launch Profiles now report static validation results after create/update to detect errors
    in network or active directory configuration.
  * api-change:``glue``: [``botocore``] This SDK release adds support to pass run properties when
    starting a workflow run
  * api-change:``ssm``: [``botocore``] AWS Systems Manager adds category support for DescribeDocument
    API
  * api-change:``elasticache``: [``botocore``] AWS ElastiCache for Redis has added a new Engine Log
    LogType in LogDelivery feature. You can now publish the Engine Log from your Amazon ElastiCache for
    Redis clusters to Amazon CloudWatch Logs and Amazon Kinesis Data Firehose.
- from version 1.20.34
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
  * api-change:``elasticache``: [``botocore``] Doc only update for ElastiCache
  * api-change:``honeycode``: [``botocore``] Honeycode is releasing new APIs to allow user to create,
    delete and list tags on resources.
  * api-change:``ec2``: [``botocore``] Hpc6a instances are powered by a third-generation AMD EPYC
    processors (Milan) delivering all-core turbo frequency of 3.4 GHz
  * api-change:``fms``: [``botocore``] Shield Advanced policies for Amazon CloudFront resources now
    support automatic application layer DDoS mitigation. The max length for SecurityServicePolicyData
    ManagedServiceData is now 8192 characters, instead of 4096.
  * api-change:``pi``: [``botocore``] This release adds three Performance Insights APIs. Use
    ListAvailableResourceMetrics to get available metrics, GetResourceMetadata to get feature metadata,
    and ListAvailableResourceDimensions to list available dimensions. The AdditionalMetrics field in
    DescribeDimensionKeys retrieves per-SQL metrics.
- from version 1.20.33
  * api-change:``finspace-data``: [``botocore``] Documentation updates for FinSpace.
  * api-change:``rds``: [``botocore``] This release adds the db-proxy event type to support
    subscribing to RDS Proxy events.
  * api-change:``ce``: [``botocore``] Doc only update for Cost Explorer API that fixes missing
    clarifications for MatchOptions definitions
  * api-change:``kendra``: [``botocore``] Amazon Kendra now supports advanced query language and
    query-less search.
  * api-change:``workspaces``: [``botocore``] Introducing new APIs for Workspaces audio optimization
    with Amazon Connect: CreateConnectClientAddIn, DescribeConnectClientAddIns,
    UpdateConnectClientAddIn and DeleteConnectClientAddIn.
  * api-change:``iotevents-data``: [``botocore``] This release provides documentation updates for
    Timer.timestamp in the IoT Events API Reference Guide.
  * api-change:``ec2``: [``botocore``] EC2 Capacity Reservations now supports RHEL instance platforms
    (RHEL with SQL Server Standard, RHEL with SQL Server Enterprise, RHEL with SQL Server Web, RHEL
    with HA, RHEL with HA and SQL Server Standard, RHEL with HA and SQL Server Enterprise)
- from version 1.20.32
  * api-change:``ec2``: [``botocore``] New feature: Updated EC2 API to support faster launching for
    Windows images. Optimized images are pre-provisioned, using snapshots to launch instances up to 65%
    faster.
  * api-change:``compute-optimizer``: [``botocore``] Adds support for new Compute Optimizer
    capability that makes it easier for customers to optimize their EC2 instances by leveraging
    multiple CPU architectures.
  * api-change:``lookoutmetrics``: [``botocore``] This release adds FailureType in the response of
    DescribeAnomalyDetector.
  * api-change:``databrew``: [``botocore``] This SDK release adds support for specifying a Bucket
    Owner for an S3 location.
  * api-change:``transcribe``: [``botocore``] Documentation updates for Amazon Transcribe.
- from version 1.20.31
  * api-change:``medialive``: [``botocore``] This release adds support for selecting the Program Date
    Time (PDT) Clock source algorithm for HLS outputs.
- from version 1.20.30
  * api-change:``ec2``: [``botocore``] This release introduces On-Demand Capacity Reservation support
    for Cluster Placement Groups, adds Tags on instance Metadata, and includes documentation updates
    for Amazon EC2.
  * api-change:``mediatailor``: [``botocore``] This release adds support for filler slate when
    updating MediaTailor channels that use the linear playback mode.
  * api-change:``opensearch``: [``botocore``] Amazon OpenSearch Service adds support for Fine Grained
    Access Control for existing domains running Elasticsearch version 6.7 and above
  * api-change:``iotwireless``: [``botocore``] Downlink Queue Management feature provides APIs for
    customers to manage the queued messages destined to device inside AWS IoT Core for LoRaWAN.
    Customer can view, delete or purge the queued message(s). It allows customer to preempt the queued
    messages and let more urgent messages go through.
  * api-change:``es``: [``botocore``] Amazon OpenSearch Service adds support for Fine Grained Access
    Control for existing domains running Elasticsearch version 6.7 and above
  * api-change:``mwaa``: [``botocore``] This release adds a "/Source"/ field that provides the
    initiator of an update, such as due to an automated patch from AWS or due to modification via
    Console or API.
  * api-change:``appsync``: [``botocore``] AppSync: AWS AppSync now supports configurable batching
    sizes for AWS Lambda resolvers, Direct AWS Lambda resolvers and pipeline functions
- from version 1.20.29
  * api-change:``cloudtrail``: [``botocore``] This release adds support for CloudTrail Lake, a new
    feature that lets you run SQL-based queries on events that you have aggregated into event data
    stores. New APIs have been added for creating and managing event data stores, and creating,
    running, and managing queries in CloudTrail Lake.
  * api-change:``iot``: [``botocore``] This release adds an automatic retry mechanism for AWS IoT
    Jobs. You can now define a maximum number of retries for each Job rollout, along with the criteria
    to trigger the retry for FAILED/TIMED_OUT/ALL(both FAILED an TIMED_OUT) job.
  * api-change:``ec2``: [``botocore``] This release adds a new API called
    ModifyVpcEndpointServicePayerResponsibility which allows VPC endpoint service owners to take payer
    responsibility of their VPC Endpoint connections.
  * api-change:``snowball``: [``botocore``] Updating validation rules for interfaces used in the
    Snowball API to tighten security of service.
  * api-change:``lakeformation``: [``botocore``] Add new APIs for 3rd Party Support for Lake Formation
  * api-change:``appstream``: [``botocore``] Includes APIs for App Entitlement management regarding
    entitlement and entitled application association.
  * api-change:``eks``: [``botocore``] Amazon EKS now supports running applications using IPv6
    address space
  * api-change:``quicksight``: [``botocore``] Multiple Doc-only updates for Amazon QuickSight.
  * api-change:``ecs``: [``botocore``] Documentation update for ticket fixes.
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker now supports running training jobs on
    ml.g5 instance types.
  * api-change:``glue``: [``botocore``] Add Delta Lake target support for Glue Crawler and 3rd Party
    Support for Lake Formation
- Update BuildRequires and Requires from setup.py
- Update to version 1.20.28
  * api-change:``rekognition``: [``botocore``] This release introduces a new field
    IndexFacesModelVersion, which is the version of the face detect and storage model that was used
    when indexing the face vector.
  * api-change:``s3``: [``botocore``] Minor doc-based updates based on feedback bugs received.
  * enhancement:JSONFileCache: [``botocore``] Add support for __delitem__ in JSONFileCache
  * api-change:``s3control``: [``botocore``] Documentation updates for the renaming of Glacier to
    Glacier Flexible Retrieval.
- from version 1.20.27
  * api-change:``sagemaker``: [``botocore``] The release allows users to pass pipeline definitions as
    Amazon S3 locations and control the pipeline execution concurrency using ParallelismConfiguration.
    It also adds support of EMR jobs as pipeline steps.
  * api-change:``rds``: [``botocore``] Multiple doc-only updates for Relational Database Service (RDS)
  * api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has added strength
    levels to the Sharpness Filter and now permits OGG files to be specified as sidecar audio inputs.
  * api-change:``greengrassv2``: [``botocore``] This release adds the API operations to manage the
    Greengrass role associated with your account and to manage the core device connectivity
    information. Greengrass V2 customers can now depend solely on Greengrass V2 SDK for all the API
    operations needed to manage their fleets.
  * api-change:``detective``: [``botocore``] Added and updated API operations to support the
    Detective integration with AWS Organizations. New actions are used to manage the delegated
    administrator account and the integration configuration.
- from version 1.20.26
  * api-change:``nimble``: [``botocore``] Amazon Nimble Studio adds support for users to upload files
    during a streaming session using NICE DCV native client or browser.
  * api-change:``chime-sdk-messaging``: [``botocore``] The Amazon Chime SDK now supports updating
    message attributes via channel flows
  * api-change:``imagebuilder``: [``botocore``] Added a note to infrastructure configuration actions
    and data types concerning delivery of Image Builder event messages to encrypted SNS topics. The key
    that's used to encrypt the SNS topic must reside in the account that Image Builder runs under.
  * api-change:``workmail``: [``botocore``] This release allows customers to change their email
    monitoring configuration in Amazon WorkMail.
  * api-change:``transfer``: [``botocore``] Property for Transfer Family used with the FTPS protocol.
    TLS Session Resumption provides a mechanism to resume or share a negotiated secret key between the
    control and data connection for an FTPS session.
  * api-change:``lookoutmetrics``: [``botocore``] This release adds support for Causal Relationships.
    Added new ListAnomalyGroupRelatedMetrics API operation and InterMetricImpactDetails API data type
  * api-change:``mediaconnect``: [``botocore``] You can now use the Fujitsu-QoS protocol for your
    MediaConnect sources and outputs to transport content to and from Fujitsu devices.
  * api-change:``qldb``: [``botocore``] Amazon QLDB now supports journal exports in JSON and Ion
    Binary formats. This release adds an optional OutputFormat parameter to the ExportJournalToS3 API.
- from version 1.20.25
  * api-change:``customer-profiles``: [``botocore``] This release adds an optional parameter,
    ObjectTypeNames to the PutIntegration API to support multiple object types per integration option.
    Besides, this release introduces Standard Order Objects which contain data from third party systems
    and each order object belongs to a specific profile.
  * api-change:``sagemaker``: [``botocore``] This release adds a new ContentType field in
    AutoMLChannel for SageMaker CreateAutoMLJob InputDataConfig.
  * api-change:``forecast``: [``botocore``] Adds ForecastDimensions field to the
    DescribeAutoPredictorResponse
  * api-change:``securityhub``: [``botocore``] Added new resource details objects to ASFF, including
    resources for Firewall, and RuleGroup, FirewallPolicy Added additional details for
    AutoScalingGroup, LaunchConfiguration, and S3 buckets.
  * api-change:``location``: [``botocore``] Making PricingPlan optional as part of create resource
    API.
  * api-change:``redshift``: [``botocore``] This release adds API support for managed Redshift
    datashares. Customers can now interact with a Redshift datashare that is managed by a different
    service, such as AWS Data Exchange.
  * api-change:``apigateway``: [``botocore``] Documentation updates for Amazon API Gateway
  * api-change:``devops-guru``: [``botocore``] Adds Tags support to
    DescribeOrganizationResourceCollectionHealth
  * api-change:``imagebuilder``: [``botocore``] This release adds support for importing and exporting
    VM Images as part of the Image Creation workflow via EC2 VM Import/Export.
  * api-change:``datasync``: [``botocore``] AWS DataSync now supports FSx Lustre Locations.
  * api-change:``finspace-data``: [``botocore``] Make dataset description optional and allow s3
    export for dataviews
- Update BuildRequires and Requires from setup.py
- Update to version 1.20.24
  * api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
- from version 1.20.23
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
  * api-change:``network-firewall``: [``botocore``] This release adds support for managed rule groups.
  * api-change:``route53-recovery-control-config``: [``botocore``] This release adds tagging supports
    to Route53 Recovery Control Configuration. New APIs: TagResource, UntagResource and
    ListTagsForResource. Updates: add optional field `tags` to support tagging while calling
    CreateCluster, CreateControlPanel and CreateSafetyRule.
  * api-change:``ec2``: [``botocore``] Adds waiters support for internet gateways.
  * api-change:``sms``: [``botocore``] This release adds SMS discontinuation information to the API
    and CLI references.
  * api-change:``route53domains``: [``botocore``] Amazon Route 53 domain registration APIs now
    support filtering and sorting in the ListDomains API, deleting a domain by using the DeleteDomain
    API and getting domain pricing information by using the ListPrices API.
  * api-change:``savingsplans``: [``botocore``] Adds the ability to specify Savings Plans hourly
    commitments using five digits after the decimal point.
- from version 1.20.22
  * api-change:``lookoutvision``: [``botocore``] This release adds new APIs for packaging an Amazon
    Lookout for Vision model as an AWS IoT Greengrass component.
  * api-change:``sagemaker``: [``botocore``] This release added a new Ambarella device(amba_cv2)
    compilation support for Sagemaker Neo.
  * api-change:``comprehendmedical``: [``botocore``] This release adds a new set of APIs (synchronous
    and batch) to support the SNOMED-CT ontology.
  * api-change:``health``: [``botocore``] Documentation updates for AWS Health
  * api-change:``logs``: [``botocore``] This release adds AWS Organizations support as condition key
    in destination policy for cross account Subscriptions in CloudWatch Logs.
  * api-change:``outposts``: [``botocore``] This release adds the UpdateOutpost API.
  * api-change:``support``: [``botocore``] Documentation updates for AWS Support.
  * api-change:``iot``: [``botocore``] This release allows customer to enable caching of custom
    authorizer on HTTP protocol for clients that use persistent or Keep-Alive connection in order to
    reduce the number of Lambda invocations.
- from version 1.20.21
  * api-change:``location``: [``botocore``] This release adds support for Accuracy position
    filtering, position metadata and autocomplete for addresses and points of interest based on partial
    or misspelled free-form text.
  * api-change:``appsync``: [``botocore``] AWS AppSync now supports custom domain names, allowing you
    to associate a domain name that you own with an AppSync API in your account.
  * api-change:``route53``: [``botocore``] Add PriorRequestNotComplete exception to
    UpdateHostedZoneComment API
- from version 1.20.20
  * api-change:``rekognition``: [``botocore``] This release added new KnownGender types for Celebrity
    Recognition.
- from version 1.20.19
  * api-change:``ram``: [``botocore``] This release adds the ability to use the new
    ResourceRegionScope parameter on List operations that return lists of resources or resource types.
    This new parameter filters the results by letting you differentiate between global or regional
    resource types.
  * api-change:``networkmanager``: [``botocore``] This release adds API support for AWS Cloud WAN.
  * api-change:``amplifyuibuilder``: [``botocore``] This release introduces the actions and data
    types for the new Amplify UI Builder API. The Amplify UI Builder API provides a programmatic
    interface for creating and configuring user interface (UI) component libraries and themes for use
    in Amplify applications.
- from version 1.20.18
  * api-change:``sagemaker``: [``botocore``] This release enables - 1/ Inference endpoint
    configuration recommendations and ability to run custom load tests to meet performance needs. 2/
    Deploy serverless inference endpoints. 3/ Query, filter and retrieve end-to-end ML lineage graph,
    and incorporate model quality/bias detection in ML workflow.
  * api-change:``kendra``: [``botocore``] Experience Builder allows customers to build search
    applications without writing code. Analytics Dashboard provides quality and usability metrics for
    Kendra indexes. Custom Document Enrichment allows customers to build a custom ingestion pipeline to
    pre-process documents and generate metadata.
  * api-change:``directconnect``: [``botocore``] Adds SiteLink support to private and transit virtual
    interfaces. SiteLink is a new Direct Connect feature that allows routing between Direct Connect
    points of presence.
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
  * api-change:``ec2``: [``botocore``] This release adds support for Amazon VPC IP Address Manager
    (IPAM), which enables you to plan, track, and monitor IP addresses for your workloads. This release
    also adds support for VPC Network Access Analyzer, which enables you to analyze network access to
    resources in your Virtual Private Clouds.
  * api-change:``shield``: [``botocore``] This release adds API support for Automatic Application
    Layer DDoS Mitigation for AWS Shield Advanced. Customers can now enable automatic DDoS mitigation
    in count or block mode for layer 7 protected resources.
  * api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-runtime client to latest version
  * api-change:``devops-guru``: [``botocore``] DevOps Guru now provides detailed, database-specific
    analyses of performance issues and recommends corrective actions for Amazon Aurora database
    instances with Performance Insights turned on. You can also use AWS tags to choose which resources
    to analyze and define your applications.
  * api-change:``dynamodb``: [``botocore``] Add support for Table Classes and introduce the Standard
    Infrequent Access table class.
- from version 1.20.17
  * api-change:``s3``: [``botocore``] Introduce Amazon S3 Glacier Instant Retrieval storage class and
    a new setting in S3 Object Ownership to disable ACLs for bucket and the objects in it.
  * api-change:``backup-gateway``: [``botocore``] Initial release of AWS Backup gateway which enables
    you to centralize and automate protection of on-premises VMware and VMware Cloud on AWS workloads
    using AWS Backup.
  * api-change:``iot``: [``botocore``] Added the ability to enable/disable IoT Fleet Indexing for
    Device Defender and Named Shadow information, and search them through IoT Fleet Indexing APIs.
  * api-change:``ec2``: [``botocore``] This release adds support for Is4gen and Im4gn instances. This
    release also adds a new subnet attribute, enableLniAtDeviceIndex, to support local network
    interfaces, which are logical networking components that connect an EC2 instance to your
    on-premises network.
  * api-change:``outposts``: [``botocore``] This release adds the SupportedHardwareType parameter to
    CreateOutpost.
  * api-change:``storagegateway``: [``botocore``] Added gateway type VTL_SNOW. Added new SNOWBALL
    HostEnvironment for gateways running on a Snowball device. Added new field HostEnvironmentId to
    serve as an identifier for the HostEnvironment on which the gateway is running.
  * api-change:``kinesis``: [``botocore``] Amazon Kinesis Data Streams now supports on demand streams.
  * api-change:``glue``: [``botocore``] Support for DataLake transactions
  * api-change:``accessanalyzer``: [``botocore``] AWS IAM Access Analyzer now supports policy
    validation for resource policies attached to S3 buckets and access points. You can run additional
    policy checks by specifying the S3 resource type you want to attach to your resource policy.
  * api-change:``lakeformation``: [``botocore``] This release adds support for row and cell-based
    access control in Lake Formation. It also adds support for Lake Formation Governed Tables, which
    support ACID transactions and automatic storage optimizations.
  * api-change:``kafka``: [``botocore``] This release adds three new V2 APIs. CreateClusterV2 for
    creating both provisioned and serverless clusters. DescribeClusterV2 for getting information about
    provisioned and serverless clusters and ListClustersV2 for listing all clusters (both provisioned
    and serverless) in your account.
  * api-change:``redshift-data``: [``botocore``] Data API now supports serverless queries.
  * api-change:``snowball``: [``botocore``] Tapeball is to integrate tape gateway onto snowball, it
    enables customer to transfer local data on the tape to snowball,and then ingest the data into tape
    gateway on the cloud.
  * api-change:``workspaces-web``: [``botocore``] This is the initial SDK release for Amazon
    WorkSpaces Web. Amazon WorkSpaces Web is a low-cost, fully managed WorkSpace built to deliver
    secure web-based workloads and software-as-a-service (SaaS) application access to users within
    existing web browsers.
  * api-change:``iottwinmaker``: [``botocore``] AWS IoT TwinMaker makes it faster and easier to
    create, visualize and monitor digital twins of real-world systems like buildings, factories and
    industrial equipment to optimize operations. Learn more:
    https://docs.aws.amazon.com/iot-twinmaker/latest/apireference/Welcome.html (New Service) (Preview)
  * api-change:``fsx``: [``botocore``] This release adds support for the FSx for OpenZFS file system
    type, FSx for Lustre file systems with the Persistent_2 deployment type, and FSx for Lustre file
    systems with Amazon S3 data repository associations and automatic export policies.
- from version 1.20.16
  * api-change:``s3``: [``botocore``] Amazon S3 Event Notifications adds Amazon EventBridge as a
    destination and supports additional event types. The PutBucketNotificationConfiguration API can now
    skip validation of Amazon SQS, Amazon SNS and AWS Lambda destinations.
  * api-change:``wellarchitected``: [``botocore``] This update provides support for Well-Architected
    API users to use custom lens features.
  * api-change:``rum``: [``botocore``] This is the first public release of CloudWatch RUM
  * api-change:``rbin``: [``botocore``] This release adds support for Recycle Bin.
  * api-change:``iotsitewise``: [``botocore``] AWS IoT SiteWise now supports retention configuration
    for the hot tier storage.
  * api-change:``compute-optimizer``: [``botocore``] Adds support for the enhanced infrastructure
    metrics paid feature. Also adds support for two new sets of resource efficiency metrics, including
    savings opportunity metrics and performance improvement opportunity metrics.
  * api-change:``ecr``: [``botocore``] This release adds supports for pull through cache rules and
    enhanced scanning.
  * api-change:``evidently``: [``botocore``] Introducing Amazon CloudWatch Evidently. This is the
    first public release of Amazon CloudWatch Evidently.
  * api-change:``inspector2``: [``botocore``] This release adds support for the new Amazon Inspector
    API. The new Amazon Inspector can automatically discover and scan Amazon EC2 instances and Amazon
    ECR container images for software vulnerabilities and unintended network exposure, and report
    centralized findings across multiple AWS accounts.
  * api-change:``ssm``: [``botocore``] Added two new attributes to DescribeInstanceInformation called
    SourceId and SourceType along with new string filters SourceIds and SourceTypes to filter instance
    records.
  * api-change:``ec2``: [``botocore``] This release adds support for G5g and M6a instances. This
    release also adds support for Amazon EBS Snapshots Archive, a feature that enables you to archive
    your EBS snapshots; and Recycle Bin, a feature that enables you to protect your EBS snapshots
    against accidental deletion.
  * api-change:``dataexchange``: [``botocore``] This release enables providers and subscribers to use
    Data Set, Job, and Asset operations to work with API assets from Amazon API Gateway. In addition,
    this release enables subscribers to use the SendApiAsset operation to invoke a provider's Amazon
    API Gateway API that they are entitled to.
- from version 1.20.15
  * api-change:``migration-hub-refactor-spaces``: [``botocore``] This is the initial SDK release for
    AWS Migration Hub Refactor Spaces
  * api-change:``textract``: [``botocore``] This release adds support for synchronously analyzing
    identity documents through a new API: AnalyzeID
  * api-change:``personalize-runtime``: [``botocore``] This release adds inference support for
    Recommenders.
  * api-change:``personalize``: [``botocore``] This release adds API support for Recommenders and
    BatchSegmentJobs.
- from version 1.20.14
  * api-change:``autoscaling``: [``botocore``] Documentation updates for Amazon EC2 Auto Scaling.
  * api-change:``mgn``: [``botocore``] Application Migration Service now supports an additional
    replication method that does not require agent installation on each source server. This option is
    available for source servers running on VMware vCenter versions 6.7 and 7.0.
  * api-change:``ec2``: [``botocore``] Documentation updates for EC2.
  * api-change:``iotdeviceadvisor``: [``botocore``] Documentation update for Device Advisor
    GetEndpoint API
  * api-change:``pinpoint``: [``botocore``] Added a One-Time Password (OTP) management feature. You
    can use the Amazon Pinpoint API to generate OTP codes and send them to your users as SMS messages.
    Your apps can then call the API to verify the OTP codes that your users input
  * api-change:``outposts``: [``botocore``] This release adds new APIs for working with Outpost sites
    and orders.
- from version 1.20.13
  * api-change:``timestream-query``: [``botocore``] Releasing Amazon Timestream Scheduled Queries. It
    makes real-time analytics more performant and cost-effective for customers by calculating and
    storing frequently accessed aggregates, and other computations, typically used in operational
    dashboards, business reports, and other analytics applications
  * api-change:``elasticache``: [``botocore``] Doc only update for ElastiCache
  * api-change:``proton``: [``botocore``] This release adds APIs for getting the outputs and
    provisioned stacks for Environments, Pipelines, and ServiceInstances.  You can now add tags to
    EnvironmentAccountConnections.  It also adds APIs for working with PR-based provisioning.  Also, it
    adds APIs for syncing templates with a git repository.
  * api-change:``translate``: [``botocore``] This release enables customers to use translation
    settings to mask profane words and phrases in their translation output.
  * api-change:``lambda``: [``botocore``] Remove Lambda function url apis
  * api-change:``imagebuilder``: [``botocore``] This release adds support for sharing AMIs with
    Organizations within an EC2 Image Builder Distribution Configuration.
  * api-change:``customer-profiles``: [``botocore``] This release introduces a new auto-merging
    feature for profile matching. The auto-merging configurations can be set via CreateDomain API or
    UpdateDomain API. You can use GetIdentityResolutionJob API and ListIdentityResolutionJobs API to
    fetch job status.
  * api-change:``autoscaling``: [``botocore``] Customers can now configure predictive scaling
    policies to proactively scale EC2 Auto Scaling groups based on any CloudWatch metrics that more
    accurately represent the load on the group than the four predefined metrics. They can also use math
    expressions to further customize the metrics.
  * api-change:``timestream-write``: [``botocore``] This release adds support for multi-measure
    records and magnetic store writes. Multi-measure records allow customers to store multiple measures
    in a single table row. Magnetic store writes enable customers to write late arrival data (data with
    timestamp in the past) directly into the magnetic store.
  * api-change:``iotsitewise``: [``botocore``] AWS IoT SiteWise now accepts data streams that aren't
    associated with any asset properties. You can organize data by updating data stream associations.
- from version 1.20.12
  * api-change:``redshift``: [``botocore``] This release adds support for reserved node exchange with
    restore/resize
  * api-change:``elasticache``: [``botocore``] Adding support for r6gd instances for Redis with data
    tiering. In a cluster with data tiering enabled, when available memory capacity is exhausted, the
    least recently used data is automatically tiered to solid state drives for cost-effective capacity
    scaling with minimal performance impact.
  * api-change:``opensearch``: [``botocore``] This release adds an optional parameter dry-run for the
    UpdateDomainConfig API to perform basic validation checks, and detect the deployment type that will
    be required for the configuration change, without actually applying the change.
  * api-change:``backup``: [``botocore``] This release adds new opt-in settings for advanced features
    for DynamoDB backups
  * api-change:``iot``: [``botocore``] This release introduces a new feature, Managed Job Template,
    for AWS IoT Jobs Service. Customers can now use service provided managed job templates to easily
    create jobs for supported standard job actions.
  * api-change:``iotwireless``: [``botocore``] Two new APIs, GetNetworkAnalyzerConfiguration and
    UpdateNetworkAnalyzerConfiguration, are added for the newly released Network Analyzer feature which
    enables customers to view real-time frame information and logs from LoRaWAN devices and gateways.
  * api-change:``workspaces``: [``botocore``] Documentation updates for Amazon WorkSpaces
  * api-change:``s3``: [``botocore``] Introduce two new Filters to S3 Lifecycle configurations -
    ObjectSizeGreaterThan and ObjectSizeLessThan. Introduce a new way to trigger actions on noncurrent
    versions by providing the number of newer noncurrent versions along with noncurrent days.
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
  * api-change:``macie2``: [``botocore``] Documentation updates for Amazon Macie
  * api-change:``ec2``: [``botocore``] This release adds a new parameter ipv6Native to the allow
    creation of IPv6-only subnets using the CreateSubnet operation, and the operation
    ModifySubnetAttribute includes new parameters to modify subnet attributes to use resource-based
    naming and enable DNS resolutions for Private DNS name.
  * api-change:``sqs``: [``botocore``] Amazon SQS adds a new queue attribute, SqsManagedSseEnabled,
    which enables server-side queue encryption using SQS owned encryption keys.
  * api-change:``ecs``: [``botocore``] Documentation update for ARM support on Amazon ECS.
  * api-change:``sts``: [``botocore``] Documentation updates for AWS Security Token Service.
  * api-change:``finspace-data``: [``botocore``] Update documentation for createChangeset API.
  * api-change:``dynamodb``: [``botocore``] DynamoDB PartiQL now supports ReturnConsumedCapacity,
    which returns capacity units consumed by PartiQL APIs if the request specified
    returnConsumedCapacity parameter. PartiQL APIs include ExecuteStatement, BatchExecuteStatement, and
    ExecuteTransaction.
  * api-change:``lambda``: [``botocore``] Release Lambda event source filtering for SQS, Kinesis
    Streams, and DynamoDB Streams.
  * api-change:``iotdeviceadvisor``: [``botocore``] This release introduces a new feature for Device
    Advisor: ability to execute multiple test suites in parallel for given customer account. You can
    use GetEndpoint API to get the device-level test endpoint and call StartSuiteRun with
    "/parallelRun=true"/ to run suites in parallel.
  * api-change:``rds``: [``botocore``] Adds support for Multi-AZ DB clusters for RDS for MySQL and
    RDS for PostgreSQL.
- from version 1.20.11
  * api-change:``connect``: [``botocore``] This release adds support for UpdateContactFlowMetadata,
    DeleteContactFlow and module APIs. For details, see the Release Notes in the Amazon Connect
    Administrator Guide.
  * api-change:``dms``: [``botocore``] Added new S3 endpoint settings to allow to convert the current
    UTC time into a specified time zone when a date partition folder is created. Using with
    'DatePartitionedEnabled'.
  * api-change:``es``: [``botocore``] This release adds an optional parameter dry-run for the
    UpdateElasticsearchDomainConfig API to perform basic validation checks, and detect the deployment
    type that will be required for the configuration change, without actually applying the change.
  * api-change:``ssm``: [``botocore``] Adds new parameter to CreateActivation API . This parameter is
    for "/internal use only"/.
  * api-change:``chime-sdk-meetings``: [``botocore``] Added new APIs for enabling Echo Reduction with
    Voice Focus.
  * api-change:``eks``: [``botocore``] Adding missing exceptions to RegisterCluster operation
  * api-change:``quicksight``: [``botocore``] Add support for Exasol data source, 1 click enterprise
    embedding and email customization.
  * api-change:``cloudformation``: [``botocore``] This release include SDK changes for the feature
    launch of Stack Import to Service Managed StackSet.
  * api-change:``rds``: [``botocore``] Adds local backup support to Amazon RDS on AWS Outposts.
  * api-change:``braket``: [``botocore``] This release adds support for Amazon Braket Hybrid Jobs.
  * api-change:``s3control``: [``botocore``] Added Amazon CloudWatch publishing option for S3 Storage
    Lens metrics.
  * api-change:``finspace-data``: [``botocore``] Add new APIs for managing Datasets, Changesets, and
    Dataviews.
- from version 1.20.10
  * api-change:``lexv2-runtime``: [``botocore``] Update lexv2-runtime client to latest version
  * api-change:``cloudformation``: [``botocore``] The StackSets ManagedExecution feature will allow
    concurrency for non-conflicting StackSet operations and queuing the StackSet operations that
    conflict at a given time for later execution.
  * api-change:``redshift``: [``botocore``] Added support of default IAM role for CreateCluster,
    RestoreFromClusterSnapshot and ModifyClusterIamRoles APIs
  * api-change:``lambda``: [``botocore``] Add support for Lambda Function URLs. Customers can use
    Function URLs to create built-in HTTPS endpoints on their functions.
  * api-change:``appstream``: [``botocore``] Includes APIs for managing resources for Elastic fleets:
    applications, app blocks, and application-fleet associations.
  * api-change:``medialive``: [``botocore``] This release adds support for specifying a SCTE-35 PID
    on input. MediaLive now supports SCTE-35 PID selection on inputs containing one or more active
    SCTE-35 PIDs.
  * api-change:``batch``: [``botocore``] Documentation updates for AWS Batch.
  * api-change:``application-insights``: [``botocore``] Application Insights now supports monitoring
    for HANA
- from version 1.20.9
  * api-change:``ivs``: [``botocore``] Add APIs for retrieving stream session information and support
    for filtering live streams by health.  For more information, see
    https://docs.aws.amazon.com/ivs/latest/userguide/stream-health.html
  * api-change:``lambda``: [``botocore``] Added support for CLIENT_CERTIFICATE_TLS_AUTH and
    SERVER_ROOT_CA_CERTIFICATE as SourceAccessType for MSK and Kafka event source mappings.
  * api-change:``chime``: [``botocore``] Adds new Transcribe API parameters to
    StartMeetingTranscription, including support for content identification and redaction (PII & PHI),
    partial results stabilization, and custom language models.
  * api-change:``chime-sdk-meetings``: [``botocore``] Adds new Transcribe API parameters to
    StartMeetingTranscription, including support for content identification and redaction (PII & PHI),
    partial results stabilization, and custom language models.
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
  * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
  * api-change:``auditmanager``: [``botocore``] This release introduces a new feature for Audit
    Manager: Dashboard views. You can now view insights data for your active assessments, and quickly
    identify non-compliant evidence that needs to be remediated.
  * api-change:``databrew``: [``botocore``] This SDK release adds the following new features: 1) PII
    detection in profile jobs, 2) Data quality rules, enabling validation of data quality in profile
    jobs, 3) SQL query-based datasets for Amazon Redshift and Snowflake data sources, and 4) Connecting
    DataBrew datasets with Amazon AppFlow flows.
  * api-change:``redshift-data``: [``botocore``] Rolling back Data API serverless features until
    dependencies are live.
  * api-change:``kafka``: [``botocore``] Amazon MSK has added a new API that allows you to update the
    connectivity settings for an existing cluster to enable public accessibility.
  * api-change:``forecast``: [``botocore``] NEW CreateExplanability API that helps you understand how
    attributes such as price, promotion, etc. contributes to your forecasted values; NEW
    CreateAutoPredictor API that trains up to 40% more accurate forecasting model, saves up to 50% of
    retraining time, and provides model level explainability.
  * api-change:``appconfig``: [``botocore``] Add Type to support feature flag configuration profiles
- from version 1.20.8
  * api-change:``appconfigdata``: [``botocore``] AWS AppConfig Data is a new service that allows you
    to retrieve configuration deployed by AWS AppConfig. See the AppConfig user guide for more details
    on getting started. https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html
  * api-change:``drs``: [``botocore``] Introducing AWS Elastic Disaster Recovery (AWS DRS), a new
    service that minimizes downtime and data loss with fast, reliable recovery of on-premises and
    cloud-based applications using affordable storage, minimal compute, and point-in-time recovery.
  * api-change:``apigateway``: [``botocore``] Documentation updates for Amazon API Gateway.
  * api-change:``sns``: [``botocore``] Amazon SNS introduces the PublishBatch API, which enables
    customers to publish up to 10 messages per API request. The new API is valid for Standard and FIFO
    topics.
  * api-change:``redshift-data``: [``botocore``] Data API now supports serverless requests.
  * api-change:``amplifybackend``: [``botocore``] New APIs to support the Amplify Storage category.
    Add and manage file storage in your Amplify app backend.
- from version 1.20.7
  * api-change:``location``: [``botocore``] This release adds the support for Relevance, Distance,
    Time Zone, Language and Interpolated Address for Geocoding and Reverse Geocoding.
  * api-change:``cloudtrail``: [``botocore``] CloudTrail Insights now supports ApiErrorRateInsight,
    which enables customers to identify unusual activity in their AWS account based on API error codes
    and their rate.
- from version 1.20.6
  * api-change:``migrationhubstrategy``: [``botocore``] AWS SDK for Migration Hub Strategy
    Recommendations. It includes APIs to start the portfolio assessment, import portfolio data for
    assessment, and to retrieve recommendations. For more information, see the AWS Migration Hub
    documentation at https://docs.aws.amazon.com/migrationhub/index.html
  * api-change:``ec2``: [``botocore``] Adds a new VPC Subnet attribute "/EnableDns64."/ When enabled on
    IPv6 Subnets, the Amazon-Provided DNS Resolver returns synthetic IPv6 addresses for IPv4-only
    destinations.
  * api-change:``wafv2``: [``botocore``] Your options for logging web ACL traffic now include Amazon
    CloudWatch Logs log groups and Amazon S3 buckets.
  * api-change:``dms``: [``botocore``] Add Settings in JSON format for the source GCP MySQL endpoint
  * api-change:``ssm``: [``botocore``] Adds support for Session Reason and Max Session Duration for
    Systems Manager Session Manager.
  * api-change:``appstream``: [``botocore``] This release includes support for images of AmazonLinux2
    platform type.
  * api-change:``eks``: [``botocore``] Adding Tags support to Cluster Registrations.
  * api-change:``transfer``: [``botocore``] AWS Transfer Family now supports integrating a custom
    identity provider using AWS Lambda
- from version 1.20.5
  * api-change:``ec2``: [``botocore``] C6i instances are powered by a third-generation Intel Xeon
    Scalable processor (Ice Lake) delivering all-core turbo frequency of 3.5 GHz. G5 instances feature
    up to 8 NVIDIA A10G Tensor Core GPUs and second generation AMD EPYC processors.
  * api-change:``ssm``: [``botocore``] This Patch Manager release supports creating Patch Baselines
    for RaspberryPi OS (formerly Raspbian)
  * api-change:``devops-guru``: [``botocore``] Add support for cross account APIs.
  * api-change:``connect``: [``botocore``] This release adds APIs for creating and managing scheduled
    tasks. Additionally, adds APIs to describe and update a contact and list associated references.
  * api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has added automatic
    modes for GOP configuration and added the ability to ingest screen recordings generated by Safari
    on MacOS 12 Monterey.
- from version 1.20.4
  * api-change:``dynamodb``: [``botocore``] Updated Help section for "/dynamodb
    update-contributor-insights"/ API
  * api-change:``ec2``: [``botocore``] This release provides an additional route target for the VPC
    route table.
  * api-change:``translate``: [``botocore``] This release enables customers to import
    Multi-Directional Custom Terminology and use Multi-Directional Custom Terminology in both real-time
    translation and asynchronous batch translation.
- from version 1.20.3
  * api-change:``backup``: [``botocore``] AWS Backup SDK provides new options when scheduling
    backups: select supported services and resources that are assigned to a particular tag, linked to a
    combination of tags, or can be identified by a partial tag value, and exclude resources from their
    assignments.
  * api-change:``ecs``: [``botocore``] This release adds support for container instance health.
  * api-change:``resiliencehub``: [``botocore``] Initial release of AWS Resilience Hub, a managed
    service that enables you to define, validate, and track the resilience of your applications on AWS
- from version 1.20.2
  * api-change:``batch``: [``botocore``] Adds support for scheduling policy APIs.
  * api-change:``health``: [``botocore``] Documentation updates for AWS Health.
  * api-change:``greengrassv2``: [``botocore``] This release adds support for Greengrass core devices
    running Windows. You can now specify name of a Windows user to run a component.
- from version 1.20.1
  * bugfix:urllib3: [``botocore``] Fix NO_OP_TICKET import bug in older versions of urllib3
- from version 1.20.0
  * feature:EndpointResolver: [``botocore``] Adding support for resolving modeled FIPS and Dualstack
    endpoints.
  * feature:``six``: [``botocore``] Updated vendored version of ``six`` from 1.10.0 to 1.16.0
  * api-change:``sagemaker``: [``botocore``] SageMaker CreateEndpoint and UpdateEndpoint APIs now
    support additional deployment configuration to manage traffic shifting options and automatic
    rollback monitoring. DescribeEndpoint now shows new in-progress deployment details with stage
    status.
  * api-change:``chime-sdk-meetings``: [``botocore``] Updated format validation for ids and regions.
  * api-change:``wafv2``: [``botocore``] You can now configure rules to run a CAPTCHA check against
    web requests and, as needed, send a CAPTCHA challenge to the client.
  * api-change:``ec2``: [``botocore``] This release adds internal validation on the
    GatewayAssociationState field
- from version 1.19.12
  * api-change:``ec2``: [``botocore``] DescribeInstances now returns customer-owned IP addresses for
    instances running on an AWS Outpost.
  * api-change:``translate``: [``botocore``] This release enable customers to use their own KMS keys
    to encrypt output files when they submit a batch transform job.
  * api-change:``resourcegroupstaggingapi``: [``botocore``] Documentation updates and improvements.
- from version 1.19.11
  * api-change:``chime-sdk-meetings``: [``botocore``] The Amazon Chime SDK Meetings APIs allow
    software developers to create meetings and attendees for interactive audio, video, screen and
    content sharing in custom meeting applications which use the Amazon Chime SDK.
  * api-change:``sagemaker``: [``botocore``] ListDevices and DescribeDevice now show Edge Manager
    agent version.
  * api-change:``connect``: [``botocore``] This release adds CRUD operation support for Security
    profile resource in Amazon Connect
  * api-change:``iotwireless``: [``botocore``] Adding APIs for the FUOTA (firmware update over the
    air) and multicast for LoRaWAN devices and APIs to support event notification opt-in feature for
    Sidewalk related events. A few existing APIs need to be modified for this new feature.
  * api-change:``ec2``: [``botocore``] This release adds a new instance replacement strategy for EC2
    Fleet, Spot Fleet. Now you can select an action to perform when your instance gets a rebalance
    notification. EC2 Fleet, Spot Fleet can launch a replacement then terminate the instance that
    received notification after a termination delay
- from version 1.19.10
  * api-change:``finspace``: [``botocore``] Adds superuser and data-bundle parameters to
    CreateEnvironment API
  * api-change:``connectparticipant``: [``botocore``] This release adds a new boolean attribute -
    Connect Participant - to the CreateParticipantConnection API, which can be used to mark the
    participant as connected.
  * api-change:``datasync``: [``botocore``] AWS DataSync now supports Hadoop Distributed File System
    (HDFS) Locations
  * api-change:``macie2``: [``botocore``] This release adds support for specifying the severity of
    findings that a custom data identifier produces, based on the number of occurrences of text that
    matches the detection criteria.
- from version 1.19.9
  * api-change:``cloudfront``: [``botocore``] CloudFront now supports response headers policies to
    add HTTP headers to the responses that CloudFront sends to viewers. You can use these policies to
    add CORS headers, control browser caching, and more, without modifying your origin or writing any
    code.
  * api-change:``connect``: [``botocore``] Amazon Connect Chat now supports real-time message
    streaming.
  * api-change:``nimble``: [``botocore``] Amazon Nimble Studio adds support for users to stop and
    start streaming sessions.
- from version 1.19.8
  * api-change:``rekognition``: [``botocore``] This Amazon Rekognition Custom Labels release
    introduces the management of datasets with  projects
  * api-change:``networkmanager``: [``botocore``] This release adds API support to aggregate
    resources, routes, and telemetry data across a Global Network.
  * api-change:``lightsail``: [``botocore``] This release adds support to enable access logging for
    buckets in the Lightsail object storage service.
  * api-change:``neptune``: [``botocore``] Adds support for major version upgrades to ModifyDbCluster
    API
- from version 1.19.7
  * api-change:``transcribe``: [``botocore``] Transcribe and Transcribe Call Analytics now support
    automatic language identification along with custom vocabulary, vocabulary filter, custom language
    model and PII redaction.
  * api-change:``application-insights``: [``botocore``] Added Monitoring support for SQL Server
    Failover Cluster Instance. Additionally, added a new API to allow one-click monitoring of
    containers resources.
  * api-change:``rekognition``: [``botocore``] This release added new attributes to Rekognition Video
    GetCelebrityRecognition API operations.
  * api-change:``connect``: [``botocore``] Amazon Connect Chat now supports real-time message
    streaming.
  * api-change:``ec2``: [``botocore``] Support added for AMI sharing with organizations and
    organizational units in ModifyImageAttribute API
- Update BuildRequires and Requires from setup.py
- Update to version 1.19.6
  * api-change:``gamelift``: [``botocore``] Added support for Arm-based AWS
    Graviton2 instances, such as M6g, C6g, and R6g.
  * api-change:``ecs``: [``botocore``] Amazon ECS now supports running Fargate
    tasks on Windows Operating Systems Families which includes Windows Server
    2019 Core and Windows Server 2019 Full.
  * api-change:``sagemaker``: [``botocore``] This release adds support for
    RStudio on SageMaker.
  * api-change:``connectparticipant``: [``botocore``] This release adds a new
    boolean attribute - Connect Participant - to the CreateParticipantConnection
    API, which can be used to mark the participant as connected.
  * api-change:``ec2``: [``botocore``] Added new read-only DenyAllIGWTraffic
    network interface attribute. Added support for DL1 24xlarge instances
    powered by Habana Gaudi Accelerators for deep learning model training
    workloads
  * api-change:``ssm-incidents``: [``botocore``] Updating documentation, adding
    new field to ConflictException to indicate earliest retry timestamp for some
    operations, increase maximum length of nextToken fields
- from version 1.19.5
  * api-change:``autoscaling``: [``botocore``] This release adds support for
    attribute-based instance type selection, a new EC2 Auto Scaling feature
    that lets customers express their instance requirements as a set of attributes,
    such as vCPU, memory, and storage.
  * api-change:``ec2``: [``botocore``] This release adds: attribute-based instance
    type selection for EC2 Fleet, Spot Fleet, a feature that lets customers express
    instance requirements as attributes like vCPU, memory, and storage; and Spot
    placement score, a feature that helps customers identify an optimal location
    to run Spot workloads.
  * enhancement:Session: Added `get_partition_for_region` to lookup partition for
    a given region_name
  * api-change:``eks``: [``botocore``] EKS managed node groups now support
    BOTTLEROCKET_x86_64 and BOTTLEROCKET_ARM_64 AMI types.
  * api-change:``sagemaker``: [``botocore``] This release allows customers to
    describe one or more versioned model packages through BatchDescribeModelPackage,
    update project via UpdateProject, modify and read customer metadata properties
    using Create, Update and Describe ModelPackage and enables cross account
    registration of model packages.
  * enhancement:Session: [``botocore``] Added `get_partition_for_region` allowing
    partition lookup by region name.
  * api-change:``textract``: [``botocore``] This release adds support for asynchronously
    analyzing invoice and receipt documents through two new APIs: StartExpenseAnalysis
    and GetExpenseAnalysis
  * enchancement:``s3``: TransferConfig now supports the `max_bandwidth` argument.
- from version 1.19.4
  * api-change:``emr-containers``: [``botocore``] This feature enables auto-generation
    of certificate  to secure the managed-endpoint and removes the need for customer
    provided certificate-arn during managed-endpoint setup.
  * api-change:``chime-sdk-messaging``: [``botocore``] The Amazon Chime SDK now supports
    push notifications through Amazon Pinpoint
  * api-change:``chime-sdk-identity``: [``botocore``] The Amazon Chime SDK now supports
    push notifications through Amazon Pinpoint
- from version 1.19.3
  * api-change:``rds``: [``botocore``] This release adds support for Amazon RDS Custom,
    which is a new RDS management type that gives you full access to your database and
    operating system.
    For more information, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-custom.html
  * api-change:``auditmanager``: [``botocore``] This release introduces a new feature for
    Audit Manager: Custom framework sharing. You can now share your custom frameworks with
    another AWS account, or replicate them into another AWS Region under your own account.
  * api-change:``ec2``: [``botocore``] This release adds support to create a VPN Connection
    that is not attached to a Gateway at the time of creation. Use this to create VPNs
    associated with Core Networks, or modify your VPN and attach a gateway using the modify
    API after creation.
  * api-change:``route53resolver``: [``botocore``] New API for ResolverConfig, which allows
    autodefined rules for reverse DNS resolution to be disabled for a VPC
- from version 1.19.2
  * api-change:``quicksight``: [``botocore``] Added QSearchBar option for
    GenerateEmbedUrlForRegisteredUser ExperienceConfiguration to support
    Q search bar embedding
  * api-change:``auditmanager``: [``botocore``] This release introduces character restrictions
    for ControlSet names. We updated regex patterns for the following attributes: ControlSet,
    CreateAssessmentFrameworkControlSet, and UpdateAssessmentFrameworkControlSet.
  * api-change:``chime``: [``botocore``] Chime VoiceConnector and VoiceConnectorGroup
    APIs will now return an ARN.
- from version 1.19.1
  * api-change:``connect``: [``botocore``] Released Amazon Connect hours of operation API
    for general availability (GA). This API also supports AWS CloudFormation. For more
    information, see Amazon Connect Resource Type Reference in the AWS CloudFormation
    User Guide.
- from version 1.19.0
  * api-change:``appflow``: [``botocore``] Feature to add support for  JSON-L format
    for S3 as a source.
  * api-change:``mediapackage-vod``: [``botocore``] MediaPackage passes through digital
    video broadcasting (DVB) subtitles into the output.
  * api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has added
    support for specifying caption time delta in milliseconds and the ability to apply
    color range legalization to source content other than AVC video.
  * api-change:``mediapackage``: [``botocore``] When enabled, MediaPackage passes through
    digital video broadcasting (DVB) subtitles into the output.
  * api-change:``panorama``: [``botocore``] General availability for AWS Panorama. AWS
    SDK for Panorama includes APIs to manage your devices and nodes, and deploy computer
    vision applications to the edge. For more information, see the AWS Panorama
    documentation at http://docs.aws.amazon.com/panorama
  * feature:Serialization: [``botocore``] rest-json serialization defaults
    aligned across AWS SDKs
  * api-change:``directconnect``: [``botocore``] This release adds 4 new APIS,
    which needs to be public able
  * api-change:``securityhub``: [``botocore``] Added support for cross-Region finding
    aggregation, which replicates findings from linked Regions to a single aggregation
    Region. Added operations to view, enable, update, and delete the finding aggregation.
- from version 1.18.65
  * api-change:``dataexchange``: [``botocore``] This release adds support for our public
    preview of AWS Data Exchange for Amazon Redshift. This enables data providers to list
    products including AWS Data Exchange datashares for Amazon Redshift, giving subscribers
    read-only access to provider data in Amazon Redshift.
  * api-change:``chime-sdk-messaging``: [``botocore``] The Amazon Chime SDK now allows
    developers to execute business logic on in-flight messages before they are delivered
    to members of a messaging channel with channel flows.
- from version 1.18.64
  * api-change:``quicksight``: [``botocore``] AWS QuickSight Service  Features - Add IP
    Restriction UI and public APIs support.
  * enchancement:AWSCRT: [``botocore``] Upgrade awscrt extra to 0.12.5
  * api-change:``ivs``: [``botocore``] Bug fix: remove unsupported maxResults and
    nextToken pagination parameters from ListTagsForResource
- from version 1.18.63
  * api-change:``efs``: [``botocore``] Update efs client to latest version
  * api-change:``glue``: [``botocore``] Enable S3 event base crawler API.
- from version 1.18.62
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
  * api-change:``autoscaling``: [``botocore``] Amazon EC2 Auto Scaling now supports
    filtering describe Auto Scaling groups API using tags
  * api-change:``sagemaker``: [``botocore``] This release updates the provisioning
    artifact ID to an optional parameter in CreateProject API. The provisioning
    artifact ID defaults to the latest provisioning artifact ID of the product
    if you don't provide one.
  * api-change:``robomaker``: [``botocore``] Adding support to GPU simulation jobs
    as well as non-ROS simulation jobs.
- from version 1.18.61
  * api-change:``config``: [``botocore``] Adding Config support for AWS::OpenSearch::Domain
  * api-change:``ec2``: [``botocore``] This release adds support for additional
    VPC Flow Logs delivery options to S3, such as Apache Parquet formatted files,
    Hourly partitions and Hive-compatible S3 prefixes
  * api-change:``storagegateway``: [``botocore``] Adding support for Audit Logs
    on NFS shares and Force Closing Files on SMB shares.
  * api-change:``workmail``: [``botocore``] This release adds APIs for adding,
    removing and retrieving details of mail domains
  * api-change:``kinesisanalyticsv2``: [``botocore``] Support for Apache Flink 1.13
    in Kinesis Data Analytics. Changed the required status of some Update properties
    to better fit the corresponding Create properties.
- from version 1.18.60
  * api-change:``cloudsearch``: [``botocore``] Adds an additional validation exception
    for Amazon CloudSearch configuration APIs for better error handling.
  * api-change:``ecs``: [``botocore``] Documentation only update to address tickets.
  * api-change:``mediatailor``: [``botocore``] MediaTailor now supports ad prefetching.
  * api-change:``ec2``: [``botocore``] EncryptionSupport for InstanceStorageInfo added
    to DescribeInstanceTypes API
- from version 1.18.59
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
  * bugfix:Signing: [``botocore``] SigV4QueryAuth and CrtSigV4QueryAuth now properly
    respect AWSRequest.params while signing boto/botocore (#2521)
  * api-change:``medialive``: [``botocore``] This release adds support for Transport
    Stream files as an input type to MediaLive encoders.
  * api-change:``ec2``: [``botocore``] Documentation update for Amazon EC2.
  * api-change:``frauddetector``: [``botocore``] New model type: Transaction Fraud
    Insights, which is optimized for online transaction fraud. Stored Events, which
    allows customers to send and store data directly within Amazon Fraud Detector.
    Batch Import, which allows customers to upload a CSV file of historic event
    data for processing and storage
- from version 1.18.58
  * api-change:``lexv2-runtime``: [``botocore``] Update lexv2-runtime client to latest version
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
  * api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
  * api-change:``securityhub``: [``botocore``] Added new resource details objects to
    ASFF, including resources for WAF rate-based rules, EC2 VPC endpoints, ECR repositories,
    EKS clusters, X-Ray encryption, and OpenSearch domains. Added additional details for
    CloudFront distributions, CodeBuild projects, ELB V2 load balancers, and S3 buckets.
  * api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert has added the
    ability to set account policies which control access restrictions for HTTP, HTTPS,
    and S3 content sources.
  * api-change:``ec2``: [``botocore``] This release removes a requirement for filters
    on SearchLocalGatewayRoutes operations.
- from version 1.18.57
  * api-change:``kendra``: [``botocore``] Amazon Kendra now supports indexing and
    querying documents in different languages.
  * api-change:``grafana``: [``botocore``] Initial release of the SDK for Amazon
    Managed Grafana API.
  * api-change:``firehose``: [``botocore``] Allow support for Amazon Opensearch
    Service(successor to Amazon Elasticsearch Service) as a Kinesis Data Firehose
    delivery destination.
  * api-change:``backup``: [``botocore``] Launch of AWS Backup Vault Lock, which protects
    your backups from malicious and accidental actions, works with existing backup policies,
    and helps you meet compliance requirements.
  * api-change:``schemas``: [``botocore``] Removing unused request/response objects.
  * api-change:``chime``: [``botocore``] This release enables customers to configure
    Chime MediaCapturePipeline via API.
- from version 1.18.56
  * api-change:``sagemaker``: [``botocore``] This release adds a new TrainingInputMode
    FastFile for SageMaker Training APIs.
  * api-change:``amplifybackend``: [``botocore``] Adding a new field 'AmplifyFeatureFlags'
    to the response of the GetBackend operation. It will return a stringified version of
    the cli.json file for the given Amplify project.
  * api-change:``fsx``: [``botocore``] This release adds support for Lustre 2.12 to FSx for Lustre.
  * api-change:``kendra``: [``botocore``] Amazon Kendra now supports integration with AWS SSO
- from version 1.18.55
  * api-change:``workmail``: [``botocore``] This release allows customers to change their
    inbound DMARC settings in Amazon WorkMail.
  * api-change:``location``: [``botocore``] Add support for PositionFiltering.
  * api-change:``application-autoscaling``: [``botocore``] With this release, Application
    Auto Scaling adds support for Amazon Neptune. Customers can now automatically add or
    remove Read Replicas of their Neptune clusters to keep the average CPU Utilization at
    the target value specified by the customers.
  * api-change:``ec2``: [``botocore``] Released Capacity Reservation Fleet, a feature of
    Amazon EC2 Capacity Reservations, which provides a way to manage reserved capacity
    across instance types.
    For more information: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cr-fleets.html
  * api-change:``glue``: [``botocore``] This release adds tag as an input of CreateConnection
  * api-change:``backup``: [``botocore``] AWS Backup Audit Manager framework report.
- from version 1.18.54
  * api-change:``codebuild``: [``botocore``] CodeBuild now allows you to select how batch
    build statuses are sent to the source provider for a project.
  * api-change:``efs``: [``botocore``] Update efs client to latest version
  * api-change:``kms``: [``botocore``] Added SDK examples for ConnectCustomKeyStore,
    CreateCustomKeyStore, CreateKey, DeleteCustomKeyStore, DescribeCustomKeyStores,
    DisconnectCustomKeyStore, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext,
    GetPublicKey, ReplicateKey, Sign, UpdateCustomKeyStore and Verify APIs
- from version 1.18.53
  * api-change:``synthetics``: [``botocore``] CloudWatch Synthetics now enables customers
    to choose a customer managed AWS KMS key or an Amazon S3-managed key instead of an
    AWS managed key (default) for the encryption of artifacts that the canary stores
    in Amazon S3. CloudWatch Synthetics also supports artifact S3 location updation now.
  * api-change:``ssm``: [``botocore``] When "/AutoApprovable"/ is true for a Change Template,
    then specifying --auto-approve (boolean) in Start-Change-Request-Execution will create
    a change request that bypasses approver review. (except for change calendar restrictions)
  * api-change:``apprunner``: [``botocore``] This release contains several minor bug fixes.
- from version 1.18.52
  * api-change:``network-firewall``: [``botocore``] This release adds support for strict
    ordering for stateful rule groups. Using strict ordering, stateful rules are evaluated
    in the exact order in which you provide them.
  * api-change:``dataexchange``: [``botocore``] This release enables subscribers to set up
    automatic exports of newly published revisions using the new EventAction API.
  * api-change:``workmail``: [``botocore``] This release adds support for mobile device
    access overrides management in Amazon WorkMail.
  * api-change:``account``: [``botocore``] This release of the Account Management API enables
    customers to manage the alternate contacts for their AWS accounts.
    For more information, see https://docs.aws.amazon.com/accounts/latest/reference/accounts-welcome.html
  * api-change:``workspaces``: [``botocore``] Added CreateUpdatedWorkspaceImage API to update
    WorkSpace images with latest software and drivers. Updated DescribeWorkspaceImages API to
    display if there are updates available for WorkSpace images.
  * api-change:``cloudcontrol``: [``botocore``] Initial release of the SDK for AWS Cloud Control API
  * api-change:``macie2``: [``botocore``] Amazon S3 bucket metadata now indicates whether an
    error or a bucket's permissions settings prevented Amazon Macie from retrieving data about
    the bucket or the bucket's objects.
- from version 1.18.51
  * api-change:``lambda``: [``botocore``] Adds support for Lambda functions powered by AWS Graviton2
    processors. Customers can now select the CPU architecture for their functions.
  * api-change:``sesv2``: [``botocore``] This release includes the ability to use 2048 bits RSA key
    pairs for DKIM in SES, either with Easy DKIM or Bring Your Own DKIM.
  * api-change:``amp``: [``botocore``] This release adds alert manager and rule group namespace APIs
- from version 1.18.50
  * api-change:``transfer``: [``botocore``] Added changes for managed workflows feature APIs.
  * api-change:``imagebuilder``: [``botocore``] Fix description for AmiDistributionConfiguration
    Name property, which actually refers to the output AMI name. Also updated for consistent
    terminology to use "/base"/ image, and another update to fix description text.
- from version 1.18.49
  * api-change:``appintegrations``: [``botocore``] The Amazon AppIntegrations service enables you
    to configure and reuse connections to external applications.
  * api-change:``wisdom``: [``botocore``] Released Amazon Connect Wisdom, a feature of Amazon Connect,
    which provides real-time recommendations and search functionality in general availability (GA).
    For more information, see https://docs.aws.amazon.com/wisdom/latest/APIReference/Welcome.html.
  * api-change:``pinpoint``: [``botocore``] Added support for journey with contact center activity
  * api-change:``voice-id``: [``botocore``] Released the Amazon Voice ID SDK, for usage with the
    Amazon Connect Voice ID feature released for Amazon Connect.
  * api-change:``connect``: [``botocore``] This release updates a set of APIs: CreateIntegrationAssociation,
    ListIntegrationAssociations, CreateUseCase, and StartOutboundVoiceContact. You can use it to create
    integrations with Amazon Pinpoint for the Amazon Connect Campaigns use case, Amazon Connect Voice ID,
    and Amazon Connect Wisdom.
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
- from version 1.18.48
  * api-change:``license-manager``: [``botocore``] AWS License Manager now allows customers to get
    the LicenseArn in the Checkout API Response.
  * api-change:``ec2``: [``botocore``] DescribeInstances now returns Platform Details, Usage Operation,
    and Usage Operation Update Time.
- from version 1.18.47
  * api-change:``mediaconvert``: [``botocore``] This release adds style and positioning support for
    caption or subtitle burn-in from rich text sources such as TTML. This release also introduces
    configurable image-based trick play track generation.
  * api-change:``appsync``: [``botocore``] Documented the new OpenSearchServiceDataSourceConfig data
    type. Added deprecation notes to the ElasticsearchDataSourceConfig data type.
  * api-change:``ssm``: [``botocore``] Added cutoff behavior support for preventing new task invocations
    from starting when the maintenance window cutoff time is reached.
- from version 1.18.46
  * api-change:``imagebuilder``: [``botocore``] This feature adds support for specifying GP3 volume
    throughput and configuring instance metadata options for instances launched by EC2 Image Builder.
  * api-change:``wafv2``: [``botocore``] Added the regex match rule statement, for matching web requests
    against a single regular expression.
  * api-change:``mediatailor``: [``botocore``] This release adds support to configure logs
    for playback configuration.
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
  * api-change:``iam``: [``botocore``] Added changes to OIDC API about not using port
    numbers in the URL.
  * api-change:``license-manager``: [``botocore``] AWS License Manager now allows customers to change
    their Windows Server or SQL license types from Bring-Your-Own-License (BYOL) to License Included
    or vice-versa (using the customer's media).
  * api-change:``mediapackage-vod``: [``botocore``] MediaPackage VOD will now return the current
    processing statuses of an asset's endpoints. The status can be QUEUED, PROCESSING, PLAYABLE,
    or FAILED.
- from version 1.18.45
  * api-change:``comprehend``: [``botocore``] Amazon Comprehend now supports versioning of custom
    models, improved training with ONE_DOC_PER_FILE text documents for custom entity recognition,
    ability to provide specific test sets during training, and live migration to new model endpoints.
  * api-change:``iot``: [``botocore``] This release adds support for verifying, viewing and filtering
    AWS IoT Device Defender detect violations with four verification states.
  * api-change:``ecr``: [``botocore``] This release adds additional support for repository replication
  * api-change:``ec2``: [``botocore``] This update adds support for downloading configuration templates
    using new APIs (GetVpnConnectionDeviceTypes and GetVpnConnectionDeviceSampleConfiguration) and
    Internet Key Exchange version 2 (IKEv2) parameters for many popular CGW devices.
- from version 1.18.44
  * api-change:``opensearch``: [``botocore``] This release adds an optional parameter in the
    ListDomainNames API to filter domains based on the engine type (OpenSearch/Elasticsearch).
  * api-change:``es``: [``botocore``] This release adds an optional parameter in the ListDomainNames API
    to filter domains based on the engine type (OpenSearch/Elasticsearch).
  * api-change:``dms``: [``botocore``] Optional flag force-planned-failover added to
    reboot-replication-instance API call. This flag can be used to test a planned failover
    scenario used during some maintenance operations.
- from version 1.18.43
  * api-change:``kafkaconnect``: [``botocore``] This is the initial SDK release for Amazon
    Managed Streaming for Apache Kafka Connect (MSK Connect).
  * api-change:``macie2``: [``botocore``] This release adds support for specifying which
    managed data identifiers are used by a classification job, and retrieving a list of
    managed data identifiers that are available.
  * api-change:``robomaker``: [``botocore``] Adding support to create container based
    Robot and Simulation applications by introducing an environment field
  * api-change:``s3``: [``botocore``] Add support for access point arn filtering in
    S3 CW Request Metrics
  * api-change:``transcribe``: [``botocore``] This release adds support for subtitling
    with Amazon Transcribe batch jobs.
  * api-change:``sagemaker``: [``botocore``] Add API for users to retry a failed pipeline
    execution or resume a stopped one.
  * api-change:``pinpoint``: [``botocore``] This SDK release adds a new feature for
    Pinpoint campaigns, in-app messaging.
- from versionm 1.18.42
  * api-change:``sagemaker``: [``botocore``] This release adds support for "/Project Search"/
  * api-change:``ec2``: [``botocore``] This release adds support for vt1 3xlarge, 6xlarge
    and 24xlarge instances powered by Xilinx Alveo U30 Media Accelerators for video
    transcoding workloads
  * api-change:``wafv2``: [``botocore``] This release adds support for including rate
    based rules in a rule group.
  * api-change:``chime``: [``botocore``] Adds support for SipHeaders parameter for
    CreateSipMediaApplicationCall.
  * api-change:``comprehend``: [``botocore``] Amazon Comprehend now allows you to train
    and run PDF and Word documents for custom entity recognition. With PDF and Word formats,
    you can extract information from documents containing headers, lists and tables.
- from version 1.18.41
  * api-change:``iot``: [``botocore``] AWS IoT Rules Engine adds OpenSearch action. The
    OpenSearch rule action lets you stream data from IoT sensors and applications to Amazon
    OpenSearch Service which is a successor to Amazon Elasticsearch Service.
  * api-change:``ec2``: [``botocore``] Adds support for T3 instances on Amazon EC2 Dedicated Hosts.
  * enhancement:Tagged Unions: [``botocore``] Introducing support for the `union` trait
    on structures in request and response objects.
- from version 1.18.40
  * api-change:``cloudformation``: [``botocore``] Doc only update for CloudFormation that
    fixes several customer-reported issues.
  * api-change:``rds``: [``botocore``] This release adds support for providing a custom timeout
    value for finding a scaling point during autoscaling in Aurora Serverless v1.
  * api-change:``ecr``: [``botocore``] This release updates terminology around KMS keys.
  * api-change:``sagemaker``: [``botocore``] This release adds support for
    "/Lifecycle Configurations"/ to SageMaker Studio
  * api-change:``transcribe``: [``botocore``] This release adds an API option for
    startTranscriptionJob and startMedicalTranscriptionJob that allows the user to
    specify encryption context key value pairs for batch jobs.
  * api-change:``quicksight``: [``botocore``] Add new data source type for Amazon
    OpenSearch (successor to Amazon ElasticSearch).
- from version 1.18.39
  * api-change:``emr``: [``botocore``] Update emr client to latest version
  * api-change:``codeguru-reviewer``: [``botocore``] The Amazon CodeGuru Reviewer API
    now includes the RuleMetadata data object and a Severity attribute on a
    RecommendationSummary object. A RuleMetadata object contains information about a
    rule that generates a recommendation. Severity indicates how severe the issue
    associated with a recommendation is.
  * api-change:``lookoutequipment``: [``botocore``] Added OffCondition parameter to CreateModel API
- from version 1.18.38
  * api-change:``opensearch``: [``botocore``] Updated Configuration APIs for Amazon
    OpenSearch Service (successor to Amazon Elasticsearch Service)
  * api-change:``ram``: [``botocore``] A minor text-only update that fixes several
    customer issues.
  * api-change:``kafka``: [``botocore``] Amazon MSK has added a new API that allows
    you to update the encrypting and authentication settings for an existing cluster.
- from version 1.18.37
  * api-change:``elasticache``: [``botocore``] Doc only update for ElastiCache
  * api-change:``amp``: [``botocore``] This release adds tagging support for
    Amazon Managed Service for Prometheus workspace.
  * api-change:``forecast``: [``botocore``] Predictor creation now supports selecting
    an accuracy metric to optimize in AutoML and hyperparameter optimization. This
    release adds additional accuracy metrics for predictors - AverageWeightedQuantileLoss,
    MAPE and MASE.
  * api-change:``xray``: [``botocore``] Updated references to AWS KMS keys and customer
    managed keys to reflect current terminology.
  * api-change:``ssm-contacts``: [``botocore``] Added SDK examples for SSM-Contacts.
  * api-change:``mediapackage``: [``botocore``] SPEKE v2 support for live CMAF packaging
    type. SPEKE v2 is an upgrade to the existing SPEKE API to support multiple encryption
    keys, it supports live DASH currently.
  * api-change:``eks``: [``botocore``] Adding RegisterCluster and DeregisterCluster operations,
    to support connecting external clusters to EKS.
- from version 1.18.36
  * api-change:``chime-sdk-identity``: [``botocore``] Documentation updates for Chime
  * api-change:``chime-sdk-messaging``: [``botocore``] Documentation updates for Chime
  * api-change:``outposts``: [``botocore``] This release adds a new API CreateOrder.
  * api-change:``frauddetector``: [``botocore``] Enhanced GetEventPrediction API response
    to include risk scores from imported SageMaker models
  * api-change:``codeguru-reviewer``: [``botocore``] Added support for CodeInconsistencies
    detectors
- from version 1.18.35
  * api-change:``acm-pca``: [``botocore``] Private Certificate Authority Service now allows
    customers to enable an online certificate status protocol (OCSP) responder service on
    their private certificate authorities. Customers can also optionally configure a custom
    CNAME for their OCSP responder.
  * api-change:``s3control``: [``botocore``] S3 Multi-Region Access Points provide a single
    global endpoint to access a data set that spans multiple S3 buckets in different AWS Regions.
  * api-change:``accessanalyzer``: [``botocore``] Updates service API, documentation, and
    paginators to support multi-region access points from Amazon S3.
  * api-change:``schemas``: [``botocore``] This update include the support for Schema Discoverer
    to discover the events sent to the bus from another account. The feature will be enabled by
    default when discoverer is created or updated but can also be opt-in or opt-out by specifying
    the value for crossAccount.
  * api-change:``securityhub``: [``botocore``] New ASFF Resources: AwsAutoScalingLaunchConfiguration,
    AwsEc2VpnConnection, AwsEcrContainerImage. Added KeyRotationStatus to AwsKmsKey. Added
    AccessControlList, BucketLoggingConfiguration,BucketNotificationConfiguration and
    BucketNotificationConfiguration to AwsS3Bucket.
  * enhancement:s3: [``botocore``] Added support for S3 Multi-Region Access Points
  * api-change:``efs``: [``botocore``] Update efs client to latest version
  * api-change:``transfer``: [``botocore``] AWS Transfer Family introduces Managed Workflows
    for creating, executing, monitoring, and standardizing post file transfer processing
  * api-change:``ebs``: [``botocore``] Documentation updates for Amazon EBS direct APIs.
  * api-change:``quicksight``: [``botocore``] This release adds support for referencing parent
    datasets as sources in a child dataset.
  * api-change:``fsx``: [``botocore``] Announcing Amazon FSx for NetApp ONTAP, a new service
    that provides fully managed shared storage in the AWS Cloud with the data access and
    management capabilities of ONTAP.
  * enhancement:Signers: [``botocore``] Added support for Sigv4a Signing Algorithm
  * api-change:``lex-models``: [``botocore``] Lex now supports Korean (ko-KR) locale.
- from version 1.18.34
  * api-change:``ec2``: [``botocore``] Added LaunchTemplate support for the IMDS IPv6 endpoint
  * api-change:``cloudtrail``: [``botocore``] Documentation updates for CloudTrail
  * api-change:``mediatailor``: [``botocore``] This release adds support for wall
    clock programs in LINEAR channels.
  * api-change:``config``: [``botocore``] Documentation updates for config
  * api-change:``servicecatalog-appregistry``: [``botocore``] Introduction of
    GetAssociatedResource API and GetApplication response extension for Resource
    Groups support.
- Switch tests from nose to pytest
- Update BuildRequires and Requires from setup.py
- Update to version 1.18.33
  * sync python-botocore dependency with setup.py
  * api-change:``iot``: [``botocore``] Added
  Create/Update/Delete/Describe/List APIs for a new IoT resource named
  FleetMetric. Added a new Fleet Indexing query API named
  GetBucketsAggregation. Added a new field named DisconnectedReason in
  Fleet Indexing query response. Updated their related documentations.
  * api-change:``polly``: [``botocore``] Amazon Polly adds new South
  African English voice - Ayanda. Ayanda is available as Neural voice
  only.
  * api-change:``compute-optimizer``: [``botocore``] Documentation
  updates for Compute Optimizer
  * api-change:``sqs``: [``botocore``] Amazon SQS adds a new queue
  attribute, RedriveAllowPolicy, which includes the dead-letter queue
  redrive permission parameters. It defines which source queues can
  specify dead-letter queues as a JSON object.
  * api-change:``memorydb``: [``botocore``] Documentation updates for
  MemoryDB
- from version 1.18.32
  * api-change:``codebuild``: [``botocore``] Documentation updates for
  CodeBuild
  * api-change:``firehose``: [``botocore``] This release adds the
  Dynamic Partitioning feature to Kinesis Data Firehose service for S3
  destinations.
  * api-change:``kms``: [``botocore``] This release has changes to KMS
  nomenclature to remove the word master from both the "/Customer master
  key"/ and "/CMK"/ abbreviation and replace those naming conventions with
  "/KMS key"/.
  * api-change:``cloudformation``: [``botocore``] AWS CloudFormation
  allows you to iteratively develop your applications when failures are
  encountered without rolling back successfully provisioned resources.
  By specifying stack failure options, you can troubleshoot resources in
  a CREATE_FAILED or UPDATE_FAILED status.
- from version 1.18.31
  * api-change:``s3``: [``botocore``] Documentation updates for Amazon
  S3.
  * api-change:``emr``: [``botocore``] Update emr client to latest
  version
  * api-change:``ec2``: [``botocore``] This release adds the BootMode
  flag to the ImportImage API and showing the detected BootMode of an
  ImportImage task.
- from version 1.18.30
  * api-change:``transcribe``: [``botocore``] This release adds support
  for batch transcription in six new languages - Afrikaans, Danish,
  Mandarin Chinese (Taiwan), New Zealand English, South African English,
  and Thai.
  * api-change:``rekognition``: [``botocore``] This release added new
  attributes to Rekognition RecognizeCelebities and GetCelebrityInfo API
  operations.
  * api-change:``ec2``: [``botocore``] Support added for resizing VPC
  prefix lists
  * api-change:``compute-optimizer``: [``botocore``] Adds support for 1)
  the AWS Graviton (AWS_ARM64) recommendation preference for Amazon EC2
  instance and Auto Scaling group recommendations, and 2) the ability to
  get the enrollment statuses for all member accounts of an
  organization.
- from version 1.18.29
  * api-change:``fms``: [``botocore``] AWS Firewall Manager now supports
  triggering resource cleanup workflow when account or resource goes out
  of policy scope for AWS WAF, Security group, AWS Network Firewall, and
  Amazon Route 53 Resolver DNS Firewall policies.
  * api-change:``ec2``: [``botocore``] Support added for IMDS IPv6
  endpoint
  * api-change:``datasync``: [``botocore``] Added include filters to
  CreateTask and UpdateTask, and added exclude filters to
  StartTaskExecution, giving customers more granular control over how
  DataSync transfers files, folders, and objects.
  * api-change:``events``: [``botocore``] AWS CWEvents adds an enum of
  EXTERNAL for EcsParameters LaunchType for PutTargets API
- from version 1.18.28
  * api-change:``mediaconvert``: [``botocore``] AWS Elemental
  MediaConvert SDK has added MBAFF encoding support for AVC video and
  the ability to pass encryption context from the job settings to S3.
  * api-change:``polly``: [``botocore``] Amazon Polly adds new New
  Zealand English voice - Aria. Aria is available as Neural voice only.
  * api-change:``transcribe``: [``botocore``] This release adds support
  for feature tagging with Amazon Transcribe batch jobs.
  * api-change:``ssm``: [``botocore``] Updated Parameter Store property
  for logging improvements.
  * api-change:``iot-data``: [``botocore``] Updated Publish with support
  for new Retain flag and added two new API operations:
  GetRetainedMessage, ListRetainedMessages.
- from version 1.18.27
  * api-change:``dms``: [``botocore``] Amazon AWS DMS service now
  support Redis target endpoint migration. Now S3 endpoint setting is
  capable to setup features which are used to be configurable only in
  extract connection attributes.
  * api-change:``frauddetector``: [``botocore``] Updated an element of
  the DescribeModelVersion API response (LogitMetrics -> logOddsMetrics)
  for clarity. Added new exceptions to several APIs to protect against
  unlikely scenarios.
  * api-change:``iotsitewise``: [``botocore``] Documentation updates for
  AWS IoT SiteWise
  * api-change:``dlm``: [``botocore``] Added AMI deprecation support for
  Amazon Data Lifecycle Manager EBS-backed AMI policies.
  * api-change:``glue``: [``botocore``] Add support for Custom
  Blueprints
  * api-change:``apigateway``: [``botocore``] Adding some of the pending
  releases (1) Adding WAF Filter to GatewayResponseType enum (2)
  Ensuring consistent error model for all operations (3) Add missing BRE
  to GetVpcLink operation
  * api-change:``backup``: [``botocore``] AWS Backup - Features:
  Evaluate your backup activity and generate audit reports.
- from version 1.18.26
  * api-change:``eks``: [``botocore``] Adds support for EKS add-ons
  "/preserve"/ flag, which allows customers to maintain software on their
  EKS clusters after removing it from EKS add-ons management.
  * api-change:``comprehend``: [``botocore``] Add tagging support for
  Comprehend async inference job.
  * api-change:``robomaker``: [``botocore``] Documentation updates for
  RoboMaker
  * api-change:``ec2``: [``botocore``] encryptionInTransitSupported
  added to DescribeInstanceTypes API
- from version 1.18.25
  * api-change:``ec2``: [``botocore``] The ImportImage API now supports
  the ability to create AMIs with AWS-managed licenses for Microsoft SQL
  Server for both Windows and Linux.
  * api-change:``memorydb``: [``botocore``] AWS MemoryDB  SDK now
  supports all APIs for newly launched MemoryDB service.
  * api-change:``application-autoscaling``: [``botocore``] This release
  extends Application Auto Scaling support for replication group of
  Amazon ElastiCache Redis clusters. Auto Scaling monitors and
  automatically expands node group count and number of replicas per node
  group when a critical usage threshold is met or according to customer-
  defined schedule.
  * api-change:``appflow``: [``botocore``] This release adds support for
  SAPOData connector and extends Veeva connector for document
  extraction.
- from version 1.18.24
  * api-change:``codebuild``: [``botocore``] CodeBuild now allows you to
  make the build results for your build projects available to the public
  without requiring access to an AWS account.
  * api-change:``route53``: [``botocore``] Documentation updates for
  route53
  * api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-
  runtime client to latest version
  * api-change:``route53resolver``: [``botocore``] Documentation updates
  for Route 53 Resolver
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker now
  supports Asynchronous Inference endpoints. Adds PlatformIdentifier
  field that allows Notebook Instance creation with different platform
  selections. Increases the maximum number of containers in multi-
  container endpoints to 15. Adds more instance types to InstanceType
  field.
- from version 1.18.23
  * api-change:``cloud9``: [``botocore``] Added DryRun parameter to
  CreateEnvironmentEC2 API. Added ManagedCredentialsActions parameter to
  UpdateEnvironment API
  * api-change:``ec2``: [``botocore``] This release adds support for EC2
  ED25519 key pairs for authentication
  * api-change:``clouddirectory``: [``botocore``] Documentation updates
  for clouddirectory
  * api-change:``ce``: [``botocore``] This release is a new feature for
  Cost Categories: Split charge rules. Split charge rules enable you to
  allocate shared costs between your cost category values.
  * api-change:``logs``: [``botocore``] Documentation-only update for
  CloudWatch Logs
- from version 1.18.22
  * api-change:``iotsitewise``: [``botocore``] AWS IoT SiteWise added
  query window for the interpolation interval. AWS IoT SiteWise computes
  each interpolated value by using data points from the timestamp of
  each interval minus the window to the timestamp of each interval plus
  the window.
  * api-change:``s3``: [``botocore``] Documentation updates for Amazon
  S3
  * api-change:``codebuild``: [``botocore``] CodeBuild now allows you to
  select how batch build statuses are sent to the source provider for a
  project.
  * api-change:``ds``: [``botocore``] This release adds support for
  describing client authentication settings.
  * api-change:``config``: [``botocore``] Update ResourceType enum with
  values for Backup Plan, Selection, Vault, RecoveryPoint; ECS Cluster,
  Service, TaskDefinition; EFS AccessPoint, FileSystem; EKS Cluster; ECR
  Repository resources
  * api-change:``license-manager``: [``botocore``] AWS License Manager
  now allows end users to call CheckoutLicense API using new
  CheckoutType PERPETUAL. Perpetual checkouts allow sellers to check out
  a quantity of entitlements to be drawn down for consumption.
- from version 1.18.21
  * api-change:``quicksight``: [``botocore``] Documentation updates for
  QuickSight.
  * api-change:``emr``: [``botocore``] Update emr client to latest
  version
  * api-change:``customer-profiles``: [``botocore``] This release
  introduces Standard Profile Objects, namely Asset and Case which
  contain values populated by data from third party systems and belong
  to a specific profile. This release adds an optional parameter,
  ObjectFilter to the ListProfileObjects API in order to search for
  these Standard Objects.
  * api-change:``elasticache``: [``botocore``] This release adds
  ReplicationGroupCreateTime field to ReplicationGroup which indicates
  the UTC time when ElastiCache ReplicationGroup is created
- from version 1.18.20
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Autopilot
  adds new metrics for all candidate models generated by Autopilot
  experiments.
  * api-change:``apigatewayv2``: [``botocore``] Adding support for ACM
  imported or private CA certificates for mTLS enabled domain names
  * api-change:``apigateway``: [``botocore``] Adding support for ACM
  imported or private CA certificates for mTLS enabled domain names
  * api-change:``databrew``: [``botocore``] This SDK release adds
  support for the output of a recipe job results to Tableau Hyper
  format.
  * api-change:``lambda``: [``botocore``] Lambda Python 3.9 runtime
  launch
- from version 1.18.19
  * api-change:``snow-device-management``: [``botocore``] AWS Snow
  Family customers can remotely monitor and operate their connected AWS
  Snowcone devices.
  * api-change:``ecs``: [``botocore``] Documentation updates for ECS.
  * api-change:``nimble``: [``botocore``] Add new attribute 'ownedBy' in
  Streaming Session APIs. 'ownedBy' represents the AWS SSO Identity
  Store User ID of the owner of the Streaming Session resource.
  * api-change:``codebuild``: [``botocore``] CodeBuild now allows you to
  make the build results for your build projects available to the public
  without requiring access to an AWS account.
  * api-change:``ebs``: [``botocore``] Documentation updates for Amazon
  EBS direct APIs.
  * api-change:``route53``: [``botocore``] Documentation updates for
  route53
- from version 1.18.18
  * api-change:``chime``: [``botocore``] Add support for "/auto"/ in
  Region field of StartMeetingTranscription API request.
  * enchancement:Client: [``botocore``] Improve client performance by
  caching _alias_event_name on EventAliaser
- from version 1.18.17
  * api-change:``wafv2``: [``botocore``] This release adds APIs to
  support versioning feature of AWS WAF Managed rule groups
  * api-change:``rekognition``: [``botocore``] This release adds support
  for four new types of segments (opening credits, content segments,
  slates, and studio logos), improved accuracy for credits and shot
  detection and new filters to control black frame detection.
  * api-change:``ssm``: [``botocore``] Documentation updates for AWS
  Systems Manager.
- from version 1.18.16
  * api-change:``synthetics``: [``botocore``] Documentation updates for
  Visual Monitoring feature and other doc ticket fixes.
  * api-change:``chime-sdk-identity``: [``botocore``] The Amazon Chime
  SDK Identity APIs allow software developers to create and manage
  unique instances of their messaging applications.
  * api-change:``chime-sdk-messaging``: [``botocore``] The Amazon Chime
  SDK Messaging APIs allow software developers to send and receive
  messages in custom messaging applications.
  * api-change:``connect``: [``botocore``] This release adds support for
  agent status and hours of operation. For details, see the Release
  Notes in the Amazon Connect Administrator Guide.
  * api-change:``lightsail``: [``botocore``] This release adds support
  to track when a bucket access key was last used.
  * api-change:``athena``: [``botocore``] Documentation updates for
  Athena.
- from version 1.18.15
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models
  client to latest version
  * api-change:``autoscaling``: [``botocore``] EC2 Auto Scaling adds
  configuration checks and Launch Template validation to Instance
  Refresh.
- from version 1.18.14
  * api-change:``rds``: [``botocore``] This release adds
  AutomaticRestartTime to the DescribeDBInstances and DescribeDBClusters
  operations. AutomaticRestartTime indicates the time when a stopped DB
  instance or DB cluster is restarted automatically.
  * api-change:``imagebuilder``: [``botocore``] Updated list actions to
  include a list of valid filters that can be used in the request.
  * api-change:``transcribe``: [``botocore``] This release adds support
  for call analytics (batch) within Amazon Transcribe.
  * api-change:``events``: [``botocore``] Update events client to latest
  version
  * api-change:``ssm-incidents``: [``botocore``] Documentation updates
  for Incident Manager.
- from version 1.18.13
  * api-change:``redshift``: [``botocore``] API support for Redshift
  Data Sharing feature.
  * api-change:``iotsitewise``: [``botocore``] My AWS Service
  (placeholder) - This release introduces custom Intervals and offset
  for tumbling window in metric for AWS IoT SiteWise.
  * api-change:``glue``: [``botocore``] Add
  ConcurrentModificationException to create-table, delete-table, create-
  database, update-database, delete-database
  * api-change:``mediaconvert``: [``botocore``] AWS Elemental
  MediaConvert SDK has added control over the passthrough of XDS
  captions metadata to outputs.
  * api-change:``proton``: [``botocore``] Docs only add idempotent
  create apis
- from version 1.18.12
  * api-change:``ssm-contacts``: [``botocore``] Added new attribute in
  AcceptCode API. AcceptCodeValidation takes in two values - ENFORCE,
  IGNORE. ENFORCE forces validation of accept code and IGNORE ignores it
  which is also the default behavior; Corrected TagKeyList length from
  200 to 50
  * api-change:``greengrassv2``: [``botocore``] This release adds
  support for component system resource limits and idempotent Create
  operations. You can now specify the maximum amount of CPU and memory
  resources that each component can use.
- from version 1.18.11
  * api-change:``appsync``: [``botocore``] AWS AppSync now supports a
  new authorization mode allowing you to define your own authorization
  logic using an AWS Lambda function.
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest
  version
  * api-change:``secretsmanager``: [``botocore``] Add support for
  KmsKeyIds in the ListSecretVersionIds API response
  * api-change:``sagemaker``: [``botocore``] API changes with respect to
  Lambda steps in model building pipelines. Adds several waiters to
  async Sagemaker Image APIs. Add more instance types to AppInstanceType
  field
- from version 1.18.10
  * api-change:``savingsplans``: [``botocore``] Documentation update for
  valid Savings Plans offering ID pattern
  * api-change:``ec2``: [``botocore``] This release adds support for
  G4ad xlarge and 2xlarge instances powered by AMD Radeon Pro V520 GPUs
  and AMD 2nd Generation EPYC processors
  * api-change:``chime``: [``botocore``] Adds support for live
  transcription of meetings with Amazon Transcribe and Amazon Transcribe
  Medical.  The new APIs, StartMeetingTranscription and
  StopMeetingTranscription, control the generation of user-attributed
  transcriptions sent to meeting clients via Amazon Chime SDK data
  messages.
  * api-change:``iotsitewise``: [``botocore``] Added support for AWS IoT
  SiteWise Edge. You can now create an AWS IoT SiteWise gateway that
  runs on AWS IoT Greengrass V2. With the gateway,  you can collect
  local server and equipment data, process the data, and export the
  selected data from the edge to the AWS Cloud.
  * api-change:``iot``: [``botocore``] Increase maximum credential
  duration of role alias to 12 hours.
- from version 1.18.9
  * api-change:``sso-admin``: [``botocore``] Documentation updates for
  arn:aws:trebuchet:::service:v1:03a2216d-1cda-4696-9ece-1387cb6f6952
  * api-change:``cloudformation``: [``botocore``] SDK update to support
  Importing existing Stacks to new/existing Self Managed StackSet -
  Stack Import feature.
- from version 1.18.8
  * api-change:``route53``: [``botocore``] This release adds support for
  the RECOVERY_CONTROL health check type to be used in conjunction with
  Route53 Application Recovery Controller.
  * api-change:``iotwireless``: [``botocore``] Add
  SidewalkManufacturingSn as an identifier to allow Customer to query
  WirelessDevice, in the response, AmazonId is added in the case that
  Sidewalk device is return.
  * api-change:``route53-recovery-control-config``: [``botocore``]
  Amazon Route 53 Application Recovery Controller's routing control -
  Routing Control Configuration APIs help you create and delete
  clusters, control panels, routing controls and safety rules. State
  changes (On/Off) of routing controls are not part of configuration
  APIs.
  * api-change:``route53-recovery-readiness``: [``botocore``] Amazon
  Route 53 Application Recovery Controller's readiness check capability
  continually monitors resource quotas, capacity, and network routing
  policies to ensure that the recovery environment is scaled and
  configured to take over when needed.
  * api-change:``quicksight``: [``botocore``] Add support to use row-
  level security with tags when embedding dashboards for users not
  provisioned in QuickSight
  * api-change:``iotanalytics``: [``botocore``] IoT Analytics now
  supports creating a dataset resource with IoT SiteWise
  MultiLayerStorage data stores, enabling customers to query industrial
  data within the service. This release includes adding JOIN
  functionality for customers to query multiple data sources in a
  dataset.
  * api-change:``shield``: [``botocore``] Change name of DDoS Response
  Team (DRT) to Shield Response Team (SRT)
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models
  client to latest version
  * api-change:``redshift-data``: [``botocore``] Added structures to
  support new Data API operation BatchExecuteStatement, used to execute
  multiple SQL statements within a single transaction.
  * api-change:``route53-recovery-cluster``: [``botocore``] Amazon Route
  53 Application Recovery Controller's routing control - Routing Control
  Data Plane APIs help you update the state (On/Off) of the routing
  controls to reroute traffic across application replicas in a 100%
  available manner.
  * api-change:``batch``: [``botocore``] Add support for ListJob filters
python-botocore
- Update to 1.26.4 (bsc#1199716)
  * api-change:``gamesparks``: This release adds an optional DeploymentResult field in the responses
    of GetStageDeploymentIntegrationTests and ListStageDeploymentIntegrationTests APIs.
  * enhancement:StreamingBody: Allow StreamingBody to be used as a context manager
  * api-change:``lookoutmetrics``: In this release we added SnsFormat to SNSConfiguration to support
    human readable alert.
- from version 1.26.3
  * api-change:``greengrassv2``: This release adds the new DeleteDeployment API operation that you
    can use to delete deployment resources. This release also adds support for discontinued
    AWS-provided components, so AWS can communicate when a component has any issues that you should
    consider before you deploy it.
  * api-change:``quicksight``: API UpdatePublicSharingSettings enables IAM admins to enable/disable
    account level setting for public access of dashboards. When enabled, owners/co-owners for
    dashboards can enable public access on their dashboards. These dashboards can only be accessed
    through share link or embedding.
  * api-change:``appmesh``: This release updates the existing Create and Update APIs for meshes and
    virtual nodes by adding a new IP preference field. This new IP preference field can be used to
    control the IP versions being used with the mesh and allows for IPv6 support within App Mesh.
  * api-change:``batch``: Documentation updates for AWS Batch.
  * api-change:``iotevents-data``: Introducing new API for deleting detectors: BatchDeleteDetector.
  * api-change:``transfer``: AWS Transfer Family now supports SetStat server configuration option,
    which provides the ability to ignore SetStat command issued by file transfer clients, enabling
    customers to upload files without any errors.
- from version 1.26.2
  * api-change:``kms``: Add HMAC best practice tip, annual rotation of AWS managed keys.
  * api-change:``glue``: This release adds a new optional parameter called codeGenNodeConfiguration
    to CRUD job APIs that allows users to manage visual jobs via APIs. The updated CreateJob and
    UpdateJob will create jobs that can be viewed in Glue Studio as a visual graph. GetJob can be used
    to get codeGenNodeConfiguration.
- Update to 1.26.1
  * api-change:``resiliencehub``: In this release, we are introducing support for Amazon Elastic
    Container Service, Amazon Route 53, AWS Elastic Disaster Recovery, AWS Backup in addition to the
    existing supported Services.  This release also supports Terraform file input from S3 and
    scheduling daily assessments
  * api-change:``servicecatalog``: Updated the descriptions for the ListAcceptedPortfolioShares API
    description and the PortfolioShareType parameters.
  * api-change:``discovery``: Add Migration Evaluator Collector details to the GetDiscoverySummary
    API response
  * api-change:``sts``: Documentation updates for AWS Security Token Service.
  * api-change:``workspaces-web``: Amazon WorkSpaces Web now supports Administrator timeout control
  * api-change:``rekognition``: Documentation updates for Amazon Rekognition.
  * api-change:``cloudfront``: Introduced a new error (TooLongCSPInResponseHeadersPolicy) that is
    returned when the value of the Content-Security-Policy header in a response headers policy exceeds
    the maximum allowed length.
- from version 1.26.0
  * feature:Loaders: Support for loading gzip compressed model files.
  * api-change:``grafana``: This release adds APIs for creating and deleting API keys in an Amazon
    Managed Grafana workspace.
- from version 1.25.13
  * api-change:``ivschat``: Documentation-only updates for IVS Chat API Reference.
  * api-change:``lambda``: Lambda releases NodeJs 16 managed runtime to be available in all
    commercial regions.
  * api-change:``kendra``: Amazon Kendra now provides a data source connector for Jira. For more
    information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-jira.html
  * api-change:``transfer``: AWS Transfer Family now accepts ECDSA keys for server host keys
  * api-change:``iot``: Documentation update for China region ListMetricValues for IoT
  * api-change:``workspaces``: Increased the character limit of the login message from 600 to 850
    characters.
  * api-change:``finspace-data``: We've now deprecated CreateSnapshot permission for creating a data
    view, instead use CreateDataView permission.
  * api-change:``lightsail``: This release adds support to include inactive database bundles in the
    response of the GetRelationalDatabaseBundles request.
  * api-change:``outposts``: Documentation updates for AWS Outposts.
  * api-change:``ec2``: This release introduces a target type Gateway Load Balancer Endpoint for
    mirrored traffic. Customers can now specify GatewayLoadBalancerEndpoint option during the creation
    of a traffic mirror target.
  * api-change:``ssm-incidents``: Adding support for dynamic SSM Runbook parameter values. Updating
    validation pattern for engagements. Adding ConflictException to UpdateReplicationSet API contract.
- from version 1.25.12
  * api-change:``secretsmanager``: Doc only update for Secrets Manager that fixes several
    customer-reported issues.
  * api-change:``ec2``: This release updates AWS PrivateLink APIs to support IPv6 for PrivateLink
    Services and Endpoints of type 'Interface'.
- Update to 1.25.11
  * api-change:``migration-hub-refactor-spaces``: AWS Migration Hub Refactor Spaces documentation
    only update to fix a formatting issue.
  * api-change:``ec2``: Added support for using NitroTPM and UEFI Secure Boot on EC2 instances.
  * api-change:``emr``: Update emr client to latest version
  * api-change:``compute-optimizer``: Documentation updates for Compute Optimizer
  * api-change:``eks``: Adds BOTTLEROCKET_ARM_64_NVIDIA and BOTTLEROCKET_x86_64_NVIDIA AMI types to
    EKS managed nodegroups
- from version 1.25.10
  * api-change:``evidently``: Add detail message inside GetExperimentResults API response to indicate
    experiment result availability
  * api-change:``ssm-contacts``: Fixed an error in the DescribeEngagement example for AWS Incident
    Manager.
  * api-change:``cloudcontrol``: SDK release for Cloud Control API to include paginators for Python
    SDK.
- from version 1.25.9
  * api-change:``rds``: Various documentation improvements.
  * api-change:``redshift``: Introduces new field 'LoadSampleData' in CreateCluster operation.
    Customers can now specify 'LoadSampleData' option during creation of a cluster, which results in
    loading of sample data in the cluster that is created.
  * api-change:``ec2``: Add new state values for IPAMs, IPAM Scopes, and IPAM Pools.
  * api-change:``mediapackage``: This release adds Dvb Dash 2014 as an available profile option for
    Dash Origin Endpoints.
  * api-change:``securityhub``: Documentation updates for Security Hub API reference
  * api-change:``location``: Amazon Location Service now includes a MaxResults parameter for
    ListGeofences requests.
- from version 1.25.8
  * api-change:``ec2``: Amazon EC2 I4i instances are powered by 3rd generation Intel Xeon Scalable
    processors and feature up to 30 TB of local AWS Nitro SSD storage
  * api-change:``kendra``: AWS Kendra now supports hierarchical facets for a query. For more
    information, see https://docs.aws.amazon.com/kendra/latest/dg/filtering.html
  * api-change:``iot``: AWS IoT Jobs now allows you to create up to 100,000 active continuous and
    snapshot jobs by using concurrency control.
  * api-change:``datasync``: AWS DataSync now supports a new ObjectTags Task API option that can be
    used to control whether Object Tags are transferred.
- from version 1.25.7
  * api-change:``ssm``: This release adds the TargetMaps parameter in SSM State Manager API.
  * api-change:``backup``: Adds support to 2 new filters about job complete time for 3 list jobs APIs
    in AWS Backup
  * api-change:``lightsail``: Documentation updates for Lightsail
  * api-change:``iotsecuretunneling``: This release introduces a new API RotateTunnelAccessToken that
    allow revoking the existing tokens and generate new tokens
- from version 1.25.6
  * api-change:``ec2``: Adds support for allocating Dedicated Hosts on AWS  Outposts. The
    AllocateHosts API now accepts an OutpostArn request  parameter, and the DescribeHosts API now
    includes an OutpostArn response parameter.
  * api-change:``s3``: Documentation only update for doc bug fixes for the S3 API docs.
  * api-change:``kinesisvideo``: Add support for multiple image feature related APIs for configuring
    image generation and notification of a video stream. Add "/GET_IMAGES"/ to the list of supported API
    names for the GetDataEndpoint API.
  * api-change:``sagemaker``: SageMaker Autopilot adds new metrics for all candidate models generated
    by Autopilot experiments; RStudio on SageMaker now allows users to bring your own development
    environment in a custom image.
  * api-change:``kinesis-video-archived-media``: Add support for GetImages API  for retrieving images
    from a video stream
- from version 1.25.5
  * api-change:``organizations``: This release adds the INVALID_PAYMENT_INSTRUMENT as a fail reason
    and an error message.
  * api-change:``synthetics``: CloudWatch Synthetics has introduced a new feature to provide
    customers with an option to delete the underlying resources that Synthetics canary creates when the
    user chooses to delete the canary.
  * api-change:``outposts``: This release adds a new API called ListAssets to the Outposts SDK, which
    lists the hardware assets in an Outpost.
- from version 1.25.4
  * api-change:``rds``: Feature - Adds support for Internet Protocol Version 6 (IPv6) on RDS database
    instances.
  * api-change:``codeguru-reviewer``: Amazon CodeGuru Reviewer now supports suppressing
    recommendations from being generated on specific files and directories.
  * api-change:``ssm``: Update the StartChangeRequestExecution, adding TargetMaps to the Runbook
    parameter
  * api-change:``mediaconvert``: AWS Elemental MediaConvert SDK nows supports creation of Dolby
    Vision profile 8.1, the ability to generate black frames of video, and introduces audio-only DASH
    and CMAF support.
  * api-change:``wafv2``: You can now inspect all request headers and all cookies. You can now
    specify how to handle oversize body contents in your rules that inspect the body.
- from version 1.25.3
  * api-change:``auditmanager``: This release adds documentation updates for Audit Manager. We
    provided examples of how to use the Custom_ prefix for the keywordValue attribute. We also provided
    more details about the DeleteAssessmentReport operation.
  * api-change:``network-firewall``: AWS Network Firewall adds support for stateful threat signature
    AWS managed rule groups.
  * api-change:``ec2``: This release adds support to query the public key and creation date of EC2
    Key Pairs. Additionally, the format (pem or ppk) of a key pair can be specified when creating a new
    key pair.
  * api-change:``braket``: This release enables Braket Hybrid Jobs with Embedded Simulators to have
    multiple instances.
  * api-change:``guardduty``: Documentation update for API description.
  * api-change:``connect``: This release introduces an API for changing the current agent status of a
    user in Connect.
- from version 1.25.2
  * api-change:``rekognition``: This release adds support to configure stream-processor resources for
    label detections on streaming-videos. UpateStreamProcessor API is also launched with this release,
    which could be used to update an existing stream-processor.
  * api-change:``cloudtrail``: Increases the retention period maximum to 2557 days. Deprecates unused
    fields of the ListEventDataStores API response. Updates documentation.
  * api-change:``lookoutequipment``: This release adds the following new features: 1) Introduces an
    option for automatic schema creation 2) Now allows for Ingestion of data containing most common
    errors and allows automatic data cleaning 3) Introduces new API ListSensorStatistics that gives
    further information about the ingested data
  * api-change:``iotwireless``: Add list support for event configurations, allow to get and update
    event configurations by resource type, support LoRaWAN events; Make NetworkAnalyzerConfiguration as
    a resource, add List, Create, Delete API support; Add FCntStart attribute support for ABP
    WirelessDevice.
  * api-change:``amplify``: Documentation only update to support the Amplify GitHub App feature launch
  * api-change:``chime-sdk-media-pipelines``: For Amazon Chime SDK meetings, the Amazon Chime Media
    Pipelines SDK allows builders to capture audio, video, and content share streams. You can also
    capture meeting events, live transcripts, and data messages. The pipelines save the artifacts to an
    Amazon S3 bucket that you designate.
  * api-change:``sagemaker``: Amazon SageMaker Autopilot adds support for custom validation dataset
    and validation ratio through the CreateAutoMLJob and DescribeAutoMLJob APIs.
- Update to 1.25.1
  * api-change:``lightsail``: This release adds support for Lightsail load balancer HTTP to HTTPS
    redirect and TLS policy configuration.
  * api-change:``sagemaker``: SageMaker Inference Recommender now accepts customer KMS key ID for
    encryption of endpoints and compilation outputs created during inference recommendation.
  * api-change:``pricing``: Documentation updates for Price List API
  * api-change:``glue``: This release adds documentation for the APIs to create, read, delete, list,
    and batch read of AWS Glue custom patterns, and for Lake Formation configuration settings in the
    AWS Glue crawler.
  * api-change:``cloudfront``: CloudFront now supports the Server-Timing header in HTTP responses
    sent from CloudFront. You can use this header to view metrics that help you gain insights about the
    behavior and performance of CloudFront. To use this header, enable it in a response headers policy.
  * api-change:``ivschat``: Adds new APIs for IVS Chat, a feature for building interactive chat
    experiences alongside an IVS broadcast.
  * api-change:``network-firewall``: AWS Network Firewall now enables customers to use a customer
    managed AWS KMS key for the encryption of their firewall resources.
- from version 1.25.0
  * api-change:``gamelift``: Documentation updates for Amazon GameLift.
  * api-change:``mq``: This release adds the CRITICAL_ACTION_REQUIRED broker state and the
    ActionRequired API property. CRITICAL_ACTION_REQUIRED informs you when your broker is degraded.
    ActionRequired provides you with a code which you can use to find instructions in the Developer
    Guide on how to resolve the issue.
  * feature:IMDS: Added resiliency mechanisms to IMDS Credential Fetcher
  * api-change:``securityhub``: Security Hub now lets you opt-out of auto-enabling the defaults
    standards (CIS and FSBP) in accounts that are auto-enabled with Security Hub via Security Hub's
    integration with AWS Organizations.
  * api-change:``connect``: This release adds SearchUsers API which can be used to search for users
    with a Connect Instance
  * api-change:``rds-data``: Support to receive SQL query results in the form of a simplified JSON
    string. This enables developers using the new JSON string format to more easily convert it to an
    object using popular JSON string parsing libraries.
- from version 1.24.46
  * api-change:``chime-sdk-meetings``: Include additional exceptions types.
  * api-change:``ec2``: Adds support for waiters that automatically poll for a deleted NAT Gateway
    until it reaches the deleted state.
- from version 1.24.45
  * api-change:``wisdom``: This release updates the GetRecommendations API to include a trigger event
    list for classifying and grouping recommendations.
  * api-change:``elasticache``: Doc only update for ElastiCache
  * api-change:``iottwinmaker``: General availability (GA) for AWS IoT TwinMaker. For more
    information, see https://docs.aws.amazon.com/iot-twinmaker/latest/apireference/Welcome.html
  * api-change:``secretsmanager``: Documentation updates for Secrets Manager
  * api-change:``mediatailor``: This release introduces tiered channels and adds support for live
    sources. Customers using a STANDARD channel can now create programs using live sources.
  * api-change:``storagegateway``: This release adds support for minimum of 5 character length
    virtual tape barcodes.
  * api-change:``lookoutmetrics``: Added DetectMetricSetConfig API for detecting configuration
    required for creating metric set from provided S3 data source.
  * api-change:``iotsitewise``: This release adds 3 new batch data query APIs :
    BatchGetAssetPropertyValue, BatchGetAssetPropertyValueHistory and BatchGetAssetPropertyAggregates
  * api-change:``glue``: This release adds APIs to create, read, delete, list, and batch read of Glue
    custom entity types
- from version 1.24.44
  * api-change:``macie2``: Sensitive data findings in Amazon Macie now indicate how Macie found the
    sensitive data that produced a finding (originType).
  * api-change:``rds``: Added a new cluster-level attribute to set the capacity range for Aurora
    Serverless v2 instances.
  * api-change:``mgn``: Removed required annotation from input fields in Describe operations
    requests. Added quotaValue to ServiceQuotaExceededException
  * api-change:``connect``: This release adds APIs to search, claim, release, list, update, and
    describe phone numbers. You can also use them to associate and disassociate contact flows to phone
    numbers.
- from version 1.24.43
  * api-change:``textract``: This release adds support for specifying and extracting information from
    documents using the Queries feature within Analyze Document API
  * api-change:``worklink``: Amazon WorkLink is no longer supported. This will be removed in a future
    version of the SDK.
  * api-change:``ssm``: Added offset support for specifying the number of days to wait after the date
    and time specified by a CRON expression when creating SSM association.
  * api-change:``autoscaling``: EC2 Auto Scaling now adds default instance warm-up times for all
    scaling activities, health check replacements, and other replacement events in the Auto Scaling
    instance lifecycle.
  * api-change:``personalize``: Adding StartRecommender and StopRecommender APIs for Personalize.
  * api-change:``kendra``: Amazon Kendra now provides a data source connector for Quip. For more
    information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-quip.html
  * api-change:``polly``: Amazon Polly adds new Austrian German voice - Hannah. Hannah is available
    as Neural voice only.
  * api-change:``transfer``: This release contains corrected HomeDirectoryMappings examples for
    several API functions: CreateAccess, UpdateAccess, CreateUser, and UpdateUser,.
  * api-change:``kms``: Adds support for KMS keys and APIs that generate and verify HMAC codes
  * api-change:``redshift``: Introduces new fields for LogDestinationType and LogExports on
    EnableLogging requests and Enable/Disable/DescribeLogging responses. Customers can now select
    CloudWatch Logs as a destination for their Audit Logs.
- from version 1.24.42
  * api-change:``lightsail``: This release adds support to describe the synchronization status of the
    account-level block public access feature for your Amazon Lightsail buckets.
  * api-change:``rds``: Removes Amazon RDS on VMware with the deletion of APIs related to Custom
    Availability Zones and Media installation
  * api-change:``athena``: This release adds subfields, ErrorMessage, Retryable, to the AthenaError
    response object in the GetQueryExecution API when a query fails.
- from version 1.24.41
  * api-change:``batch``: Enables configuration updates for compute environments with
    BEST_FIT_PROGRESSIVE and SPOT_CAPACITY_OPTIMIZED allocation strategies.
  * api-change:``ec2``: Documentation updates for Amazon EC2.
  * api-change:``cloudwatch``: Update cloudwatch client to latest version
  * api-change:``appstream``: Includes updates for create and update fleet APIs to manage the session
    scripts locations for Elastic fleets.
  * api-change:``glue``: Auto Scaling for Glue version 3.0 and later jobs to dynamically scale
    compute resources. This SDK change provides customers with the auto-scaled DPU usage
  * api-change:``appflow``: Enables users to pass custom token URL parameters for Oauth2
    authentication during create connector profile
- from version 1.24.40
  * api-change:``cloudwatch``: Update cloudwatch client to latest version
  * api-change:``fsx``: This release adds support for deploying FSx for ONTAP file systems in a
    single Availability Zone.
- from version 1.24.39
  * api-change:``ec2``: X2idn and X2iedn instances are powered by 3rd generation Intel Xeon Scalable
    processors with an all-core turbo frequency up to 3.5 GHzAmazon EC2. C6a instances are powered by
    3rd generation AMD EPYC processors.
  * api-change:``devops-guru``: This release adds new APIs DeleteInsight to deletes the insight along
    with the associated anomalies, events and recommendations.
  * api-change:``efs``: Update efs client to latest version
  * api-change:``iottwinmaker``: This release adds the following new features: 1) ListEntities API
    now supports search using ExternalId. 2) BatchPutPropertyValue and GetPropertyValueHistory API now
    allows users to represent time in sub-second level precisions.
- from version 1.24.38
  * api-change:``amplifyuibuilder``: In this release, we have added the ability to bind events to
    component level actions.
  * api-change:``apprunner``: This release adds tracing for App Runner services with X-Ray using AWS
    Distro for OpenTelemetry. New APIs: CreateObservabilityConfiguration,
    DescribeObservabilityConfiguration, ListObservabilityConfigurations, and
    DeleteObservabilityConfiguration. Updated APIs: CreateService and UpdateService.
  * api-change:``workspaces``: Added API support that allows customers to create GPU-enabled
    WorkSpaces using EC2 G4dn instances.
- from version 1.24.37
  * api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has added support for the
    pass-through of WebVTT styling to WebVTT outputs, pass-through of KLV metadata to supported
    formats, and improved filter support for processing 444/RGB content.
  * api-change:``wafv2``: Add a new CurrentDefaultVersion field to
    ListAvailableManagedRuleGroupVersions API response; add a new VersioningSupported boolean to each
    ManagedRuleGroup returned from ListAvailableManagedRuleGroups API response.
  * api-change:``mediapackage-vod``: This release adds ScteMarkersSource as an available field for
    Dash Packaging Configurations. When set to MANIFEST, MediaPackage will source the SCTE-35 markers
    from the manifest. When set to SEGMENTS, MediaPackage will source the SCTE-35 markers from the
    segments.
- from version 1.24.36
  * api-change:``apigateway``: ApiGateway CLI command get-usage now includes usagePlanId, startDate,
    and endDate fields in the output to match documentation.
  * api-change:``personalize``: This release provides tagging support in AWS Personalize.
  * api-change:``pi``: Adds support for DocumentDB to the Performance Insights API.
  * api-change:``events``: Update events client to latest version
  * api-change:``docdb``: Added support to enable/disable performance insights when creating or
    modifying db instances
  * api-change:``sagemaker``: Amazon Sagemaker Notebook Instances now supports G5 instance types
- from version 1.24.35
  * bugfix:Proxy: Fix failure case for IP proxy addresses using TLS-in-TLS. `boto/botocore#2652
    <https://github.com/boto/botocore/pull/2652>`__
  * api-change:``config``: Add resourceType enums for AWS::EMR::SecurityConfiguration and
    AWS::SageMaker::CodeRepository
  * api-change:``panorama``: Added Brand field to device listings.
  * api-change:``lambda``: This release adds new APIs for creating and managing Lambda Function URLs
    and adds a new FunctionUrlAuthType parameter to the AddPermission API. Customers can use Function
    URLs to create built-in HTTPS endpoints on their functions.
  * api-change:``kendra``: Amazon Kendra now provides a data source connector for Box. For more
    information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-box.html
- from version 1.24.34
  * api-change:``securityhub``: Added additional ASFF details for RdsSecurityGroup AutoScalingGroup,
    ElbLoadBalancer, CodeBuildProject and RedshiftCluster.
  * api-change:``fsx``: Provide customers more visibility into file system status by adding new
    "/Misconfigured Unavailable"/ status for Amazon FSx for Windows File Server.
  * api-change:``s3control``: Documentation-only update for doc bug fixes for the S3 Control API docs.
  * api-change:``datasync``: AWS DataSync now supports Amazon FSx for OpenZFS locations.
- from version 1.24.33
  * api-change:``iot``: AWS IoT - AWS IoT Device Defender adds support to list metric datapoints
    collected for IoT devices through the ListMetricValues API
  * api-change:``servicecatalog``: This release adds ProvisioningArtifictOutputKeys to
    DescribeProvisioningParameters to reference the outputs of a Provisioned Product and deprecates
    ProvisioningArtifactOutputs.
  * api-change:``sms``: Revised product update notice for SMS console deprecation.
  * api-change:``proton``: SDK release to support tagging for AWS Proton Repository resource
  * enhancement:AWSCRT: Upgrade awscrt version to 0.13.8
- Update to 1.24.32
  * api-change:``connect``: This release updates these APIs: UpdateInstanceAttribute,
    DescribeInstanceAttribute and ListInstanceAttributes. You can use it to programmatically
    enable/disable multi-party conferencing using attribute type MULTI_PARTY_CONFERENCING on the
    specified Amazon Connect instance.
- from version 1.24.31
  * api-change:``cloudcontrol``: SDK release for Cloud Control API in Amazon Web Services China
    (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by
    NWCD
  * api-change:``pinpoint-sms-voice-v2``: Amazon Pinpoint now offers a version 2.0 suite of SMS and
    voice APIs, providing increased control over sending and configuration. This release is a new SDK
    for sending SMS and voice messages called PinpointSMSVoiceV2.
  * api-change:``workspaces``: Added APIs that allow you to customize the logo, login message, and
    help links in the WorkSpaces client login page. To learn more, visit
    https://docs.aws.amazon.com/workspaces/latest/adminguide/customize-branding.html
  * api-change:``route53-recovery-cluster``: This release adds a new API "/ListRoutingControls"/ to
    list routing control states using the highly reliable Route 53 ARC data plane endpoints.
  * api-change:``databrew``: This AWS Glue Databrew release adds feature to support ORC as an input
    format.
  * api-change:``auditmanager``: This release adds documentation updates for Audit Manager. The
    updates provide data deletion guidance when a customer deregisters Audit Manager or deregisters a
    delegated administrator.
  * api-change:``grafana``: This release adds tagging support to the Managed Grafana service. New
    APIs: TagResource, UntagResource and ListTagsForResource. Updates: add optional field tags to
    support tagging while calling CreateWorkspace.
- from version 1.24.30
  * api-change:``iot-data``: Update the default AWS IoT Core Data Plane endpoint from VeriSign signed
    to ATS signed. If you have firewalls with strict egress rules, configure the rules to grant you
    access to data-ats.iot.[region].amazonaws.com or data-ats.iot.[region].amazonaws.com.cn.
  * api-change:``ec2``: This release simplifies the auto-recovery configuration process enabling
    customers to set the recovery behavior to disabled or default
  * api-change:``fms``: AWS Firewall Manager now supports the configuration of third-party policies
    that can use either the centralized or distributed deployment models.
  * api-change:``fsx``: This release adds support for modifying throughput capacity for FSx for ONTAP
    file systems.
  * api-change:``iot``: Doc only update for IoT that fixes customer-reported issues.
- from version 1.24.29
  * api-change:``organizations``: This release provides the new CloseAccount API that enables
    principals in the management account to close any member account within an organization.
- from version 1.24.28
  * api-change:``medialive``: This release adds support for selecting a maintenance window.
  * api-change:``acm-pca``: Updating service name entities
- from version 1.24.27
  * api-change:``ec2``: This is release adds support for Amazon VPC Reachability Analyzer to analyze
    path through a Transit Gateway.
  * api-change:``ssm``: This Patch Manager release supports creating, updating, and deleting Patch
    Baselines for Rocky Linux OS.
  * api-change:``batch``: Bug Fix: Fixed a bug where shapes were marked as unboxed and were not
    serialized and sent over the wire, causing an API error from the service.
- from version 1.24.26
  * api-change:``lambda``: Adds support for increased ephemeral storage (/tmp) up to 10GB for Lambda
    functions. Customers can now provision up to 10 GB of ephemeral storage per function instance, a
    20x increase over the previous limit of 512 MB.
  * api-change:``config``: Added new APIs GetCustomRulePolicy and GetOrganizationCustomRulePolicy,
    and updated existing APIs PutConfigRule, DescribeConfigRule, DescribeConfigRuleEvaluationStatus,
    PutOrganizationConfigRule, DescribeConfigRule to support a new feature for building AWS Config
    rules with AWS CloudFormation Guard
  * api-change:``transcribe``: This release adds an additional parameter for subtitling with Amazon
    Transcribe batch jobs: outputStartIndex.
- from version 1.24.25
  * api-change:``redshift``: This release adds a new [--encrypted | --no-encrypted] field in
    restore-from-cluster-snapshot API. Customers can now restore an unencrypted snapshot to a cluster
    encrypted with AWS Managed Key or their own KMS key.
  * api-change:``ebs``: Increased the maximum supported value for the Timeout parameter of the
    StartSnapshot API from 60 minutes to 4320 minutes.  Changed the HTTP error code for
    ConflictException from 503 to 409.
  * api-change:``gamesparks``: Released the preview of Amazon GameSparks, a fully managed AWS service
    that provides a multi-service backend for game developers.
  * api-change:``elasticache``: Doc only update for ElastiCache
  * api-change:``transfer``: Documentation updates for AWS Transfer Family to describe how to remove
    an associated workflow from a server.
  * api-change:``auditmanager``: This release updates 1 API parameter, the SnsArn attribute. The
    character length and regex pattern for the SnsArn attribute have been updated, which enables you to
    deselect an SNS topic when using the UpdateSettings operation.
  * api-change:``ssm``: Update AddTagsToResource, ListTagsForResource, and RemoveTagsFromResource
    APIs to reflect the support for tagging Automation resources. Includes other minor documentation
    updates.
- from version 1.24.24
  * api-change:``location``: Amazon Location Service now includes a MaxResults parameter for
    GetDevicePositionHistory requests.
  * api-change:``polly``: Amazon Polly adds new Catalan voice - Arlet. Arlet is available as Neural
    voice only.
  * api-change:``lakeformation``: The release fixes the incorrect permissions called out in the
    documentation - DESCRIBE_TAG, ASSOCIATE_TAG, DELETE_TAG, ALTER_TAG. This trebuchet release fixes
    the corresponding SDK and documentation.
  * api-change:``ecs``: Documentation only update to address tickets
  * api-change:``ce``: Added three new APIs to support tagging and resource-level authorization on
    Cost Explorer resources: TagResource, UntagResource, ListTagsForResource.  Added optional
    parameters to CreateCostCategoryDefinition, CreateAnomalySubscription and CreateAnomalyMonitor APIs
    to support Tag On Create.
- from version 1.24.23
  * api-change:``ram``: Document improvements to the RAM API operations and parameter descriptions.
  * api-change:``ecr``: This release includes a fix in the DescribeImageScanFindings paginated output.
  * api-change:``quicksight``: AWS QuickSight Service Features - Expand public API support for group
    management.
  * api-change:``chime-sdk-meetings``: Add support for media replication to link multiple WebRTC
    media sessions together to reach larger and global audiences. Participants connected to a replica
    session can be granted access to join the primary session and can switch sessions with their
    existing WebRTC connection
  * api-change:``mediaconnect``: This release adds support for selecting a maintenance window.
- Update to 1.24.22
  * enhancement:jmespath: Add env markers to get working version of jmespath for python 3.6
  * api-change:``glue``: Added 9 new APIs for AWS Glue Interactive Sessions: ListSessions,
    StopSession, CreateSession, GetSession, DeleteSession, RunStatement, GetStatement, ListStatements,
    CancelStatement
- from version 1.24.21
  * enhancement:Dependency: Added support for jmespath 1.0
  * api-change:``amplifybackend``: Adding the ability to customize Cognito verification messages for
    email and SMS in CreateBackendAuth and UpdateBackendAuth. Adding deprecation documentation for
    ForgotPassword in CreateBackendAuth and UpdateBackendAuth
  * api-change:``acm-pca``: AWS Certificate Manager (ACM) Private Certificate Authority (CA) now
    supports customizable certificate subject names and extensions.
  * api-change:``ssm-incidents``: Removed incorrect validation pattern for
    IncidentRecordSource.invokedBy
  * api-change:``billingconductor``: This is the initial SDK release for AWS Billing Conductor. The
    AWS Billing Conductor is a customizable billing service, allowing you to customize your billing
    data to match your desired business structure.
  * api-change:``s3outposts``: S3 on Outposts is releasing a new API, ListSharedEndpoints, that lists
    all endpoints associated with S3 on Outpost, that has been shared by Resource Access Manager (RAM).
- from version 1.24.20
  * api-change:``robomaker``: This release deprecates ROS, Ubuntu and Gazbeo from RoboMaker
    Simulation Service Software Suites in favor of user-supplied containers and Relaxed Software Suites.
  * api-change:``dataexchange``: This feature enables data providers to use the RevokeRevision
    operation to revoke subscriber access to a given revision. Subscribers are unable to interact with
    assets within a revoked revision.
  * api-change:``ec2``: Adds the Cascade parameter to the DeleteIpam API. Customers can use this
    parameter to automatically delete their IPAM, including non-default scopes, pools, cidrs, and
    allocations. There mustn't be any pools provisioned in the default public scope to use this
    parameter.
  * api-change:``cognito-idp``: Updated EmailConfigurationType and SmsConfigurationType to reflect
    that you can now choose Amazon SES and Amazon SNS resources in the same Region.
  * enhancement:AWSCRT: Upgrade awscrt extra to 0.13.5
  * api-change:``location``: New HERE style "/VectorHereExplore"/ and "/VectorHereExploreTruck"/.
  * api-change:``ecs``: Documentation only update to address tickets
  * api-change:``keyspaces``: Fixing formatting issues in CLI and SDK documentation
  * api-change:``rds``: Various documentation improvements
- from version 1.24.19
  * api-change:``kendra``: Amazon Kendra now provides a data source connector for Slack. For more
    information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-slack.html
  * api-change:``timestream-query``: Amazon Timestream Scheduled Queries now support Timestamp
    datatype in a multi-measure record.
  * enhancement:Stubber: Added support for modeled exception fields when adding errors to a client
    stub. Implements boto/boto3`#3178 <https://github.com/boto/botocore/issues/3178>`__.
  * api-change:``elasticache``: Doc only update for ElastiCache
  * api-change:``config``: Add resourceType enums for AWS::ECR::PublicRepository and
    AWS::EC2::LaunchTemplate
- from version 1.24.18
  * api-change:``outposts``: This release adds address filters for listSites
  * api-change:``lambda``: Adds PrincipalOrgID support to AddPermission API. Customers can use it to
    manage permissions to lambda functions at AWS Organizations level.
  * api-change:``secretsmanager``: Documentation updates for Secrets Manager.
  * api-change:``connect``: This release adds support for enabling Rich Messaging when starting a new
    chat session via the StartChatContact API. Rich Messaging enables the following formatting options:
    bold, italics, hyperlinks, bulleted lists, and numbered lists.
  * api-change:``chime``: Chime VoiceConnector Logging APIs will now support MediaMetricLogs. Also
    CreateMeetingDialOut now returns AccessDeniedException.
- from version 1.24.17
  * api-change:``transcribe``: Documentation fix for API `StartMedicalTranscriptionJobRequest`, now
    showing min sample rate as 16khz
  * api-change:``transfer``: Adding more descriptive error types for managed workflows
  * api-change:``lexv2-models``: Update lexv2-models client to latest version
- from version 1.24.16
  * api-change:``comprehend``: Amazon Comprehend now supports extracting the sentiment associated
    with entities such as brands, products and services from text documents.
- from version 1.24.15
  * api-change:``eks``: Introducing a new enum for NodeGroup error code:
    Ec2SubnetMissingIpv6Assignment
  * api-change:``keyspaces``: Adding link to CloudTrail section in Amazon Keyspaces Developer Guide
  * api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has added support for reading
    timecode from AVCHD sources and now provides the ability to segment WebVTT at the same interval as
    the video and audio in HLS packages.
- from version 1.24.14
  * api-change:``chime-sdk-meetings``: Adds support for Transcribe language identification feature to
    the StartMeetingTranscription API.
  * api-change:``ecs``: Amazon ECS UpdateService API now supports additional parameters:
    loadBalancers, propagateTags, enableECSManagedTags, and serviceRegistries
  * api-change:``migration-hub-refactor-spaces``: AWS Migration Hub Refactor Spaces documentation
    update.
- from version 1.24.13
  * api-change:``synthetics``: Allow custom handler function.
  * api-change:``transfer``: Add waiters for server online and offline.
  * api-change:``devops-guru``: Amazon DevOps Guru now integrates with Amazon CodeGuru Profiler. You
    can view CodeGuru Profiler recommendations for your AWS Lambda function in DevOps Guru. This
    feature is enabled by default for new customers as of 3/4/2022. Existing customers can enable this
    feature with UpdateEventSourcesConfig.
  * api-change:``macie``: Amazon Macie Classic (macie) has been discontinued and is no longer
    available. A new Amazon Macie (macie2) is now available with significant design improvements and
    additional features.
  * api-change:``ec2``: Documentation updates for Amazon EC2.
  * api-change:``sts``: Documentation updates for AWS Security Token Service.
  * api-change:``connect``: This release updates the *InstanceStorageConfig APIs so they support a
    new ResourceType: REAL_TIME_CONTACT_ANALYSIS_SEGMENTS. Use this resource type to enable streaming
    for real-time contact analysis and to associate the Kinesis stream where real-time contact analysis
    segments will be published.
- from version 1.24.12
  * api-change:``greengrassv2``: Doc only update that clarifies Create Deployment section.
  * api-change:``fsx``: This release adds support for data repository associations to use root ("//"/)
    as the file system path
  * api-change:``kendra``: Amazon Kendra now suggests spell corrections for a query. For more
    information, see https://docs.aws.amazon.com/kendra/latest/dg/query-spell-check.html
  * api-change:``appflow``: Launching Amazon AppFlow Marketo as a destination connector SDK.
  * api-change:``timestream-query``: Documentation only update for SDK and CLI
- from version 1.24.11
  * api-change:``gamelift``: Minor updates to address errors.
  * api-change:``cloudtrail``: Add bytesScanned field into responses of DescribeQuery and
    GetQueryResults.
  * api-change:``athena``: This release adds support for S3 Object Ownership by allowing the S3
    bucket owner full control canned ACL to be set when Athena writes query results to S3 buckets.
  * api-change:``keyspaces``: This release adds support for data definition language (DDL) operations
  * api-change:``ecr``: This release adds support for tracking images lastRecordedPullTime.
- Version update to 1.24.10
  * api-change:``mediapackage``: This release adds Hybridcast as an available profile option for Dash
    Origin Endpoints.
  * api-change:``rds``: Documentation updates for Multi-AZ DB clusters.
  * api-change:``mgn``: Add support for GP3 and IO2 volume types. Add bootMode to LaunchConfiguration
    object (and as a parameter to UpdateLaunchConfigurationRequest).
  * api-change:``kafkaconnect``: Adds operation for custom plugin deletion (DeleteCustomPlugin) and
    adds new StateDescription field to DescribeCustomPlugin and DescribeConnector responses to return
    errors from asynchronous resource creation.
- from version 1.24.9
  * api-change:``finspace-data``: Add new APIs for managing Users and Permission Groups.
  * api-change:``amplify``: Add repositoryCloneMethod field for hosting an Amplify app. This field
    shows what authorization method is used to clone the repo: SSH, TOKEN, or SIGV4.
  * api-change:``fsx``: This release adds support for the following FSx for OpenZFS features:
    snapshot lifecycle transition messages, force flag for deleting file systems with child resources,
    LZ4 data compression, custom record sizes, and unsetting volume quotas and reservations.
  * api-change:``fis``: This release adds logging support for AWS Fault Injection Simulator
    experiments. Experiment templates can now be configured to send experiment activity logs to Amazon
    CloudWatch Logs or to an S3 bucket.
  * api-change:``route53-recovery-cluster``: This release adds a new API option to enable overriding
    safety rules to allow routing control state updates.
  * api-change:``amplifyuibuilder``: We are adding the ability to configure workflows and actions for
    components.
  * api-change:``athena``: This release adds support for updating an existing named query.
  * api-change:``ec2``: This release adds support for new AMI property 'lastLaunchedTime'
  * api-change:``servicecatalog-appregistry``: AppRegistry is deprecating Application and
    Attribute-Group Name update feature. In this release, we are marking the name attributes for Update
    APIs as deprecated to give a heads up to our customers.
- from version 1.24.8
  * api-change:``elasticache``: Doc only update for ElastiCache
  * api-change:``panorama``: Added NTP server configuration parameter to ProvisionDevice operation.
    Added alternate software fields to DescribeDevice response
- from version 1.24.7
  * api-change:``route53``: SDK doc update for Route 53 to update some parameters with new
    information.
  * api-change:``databrew``: This AWS Glue Databrew release adds feature to merge job outputs into a
    max number of files for S3 File output type.
  * api-change:``transfer``: Support automatic pagination when listing AWS Transfer Family resources.
  * api-change:``s3control``: Amazon S3 Batch Operations adds support for new integrity checking
    capabilities in Amazon S3.
  * api-change:``s3``: This release adds support for new integrity checking capabilities in Amazon
    S3. You can choose from four supported checksum algorithms for data integrity checking on your
    upload and download requests. In addition, AWS SDK can automatically calculate a checksum as it
    streams data into S3
  * api-change:``fms``: AWS Firewall Manager now supports the configuration of AWS Network Firewall
    policies with either centralized or distributed deployment models. This release also adds support
    for custom endpoint configuration, where you can choose which Availability Zones to create firewall
    endpoints in.
  * api-change:``lightsail``: This release adds support to delete and create Lightsail default key
    pairs that you can use with Lightsail instances.
  * api-change:``autoscaling``: You can now hibernate instances in a warm pool to stop instances
    without deleting their RAM contents. You can now also return instances to the warm pool on scale
    in, instead of always terminating capacity that you will need later.
- from version 1.24.6
  * api-change:``transfer``: The file input selection feature provides the ability to use either the
    originally uploaded file or the output file from the previous workflow step, enabling customers to
    make multiple copies of the original file while keeping the source file intact for file archival.
  * api-change:``lambda``: Lambda releases .NET 6 managed runtime to be available in all commercial
    regions.
  * api-change:``textract``: Added support for merged cells and column header for table response.
- from version 1.24.5
  * api-change:``translate``: This release enables customers to use translation settings for
    formality customization in their synchronous translation output.
  * api-change:``wafv2``: Updated descriptions for logging configuration.
  * api-change:``apprunner``: AWS App Runner adds a Java platform (Corretto 8, Corretto 11 runtimes)
    and a Node.js 14 runtime.
- from version 1.24.4
  * api-change:``imagebuilder``: This release adds support to enable faster launching for Windows
    AMIs created by EC2 Image Builder.
  * api-change:``customer-profiles``: This release introduces apis CreateIntegrationWorkflow,
    DeleteWorkflow, ListWorkflows, GetWorkflow and GetWorkflowSteps. These apis are used to manage and
    view integration workflows.
  * api-change:``dynamodb``: DynamoDB ExecuteStatement API now supports Limit as a request parameter
    to specify the maximum number of items to evaluate. If specified, the service will process up to
    the Limit and the results will include a LastEvaluatedKey value to continue the read in a
    subsequent operation.
- from version 1.24.3
  * api-change:``transfer``: Properties for Transfer Family used with SFTP, FTP, and FTPS protocols.
    Display Banners are bodies of text that can be displayed before and/or after a user authenticates
    onto a server using one of the previously mentioned protocols.
  * api-change:``gamelift``: Increase string list limit from 10 to 100.
  * api-change:``budgets``: This change introduces DescribeBudgetNotificationsForAccount API which
    returns budget notifications for the specified account
- from version 1.24.2
  * api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
  * api-change:``redshift``: SDK release for Cross region datasharing and cost-control for cross
    region datasharing
  * api-change:``evidently``: Add support for filtering list of experiments and launches by status
  * api-change:``backup``: AWS Backup add new S3_BACKUP_OBJECT_FAILED and S3_RESTORE_OBJECT_FAILED
    event types in BackupVaultNotifications events list.
- from version 1.24.1
  * api-change:``ec2``: Documentation updates for EC2.
  * api-change:``budgets``: Adds support for auto-adjusting budgets, a new budget method alongside
    fixed and planned. Auto-adjusting budgets introduces new metadata to configure a budget limit
    baseline using a historical lookback average or current period forecast.
  * api-change:``ce``: AWS Cost Anomaly Detection now supports SNS FIFO topic subscribers.
  * api-change:``glue``: Support for optimistic locking in UpdateTable
  * api-change:``ssm``: Assorted ticket fixes and updates for AWS Systems Manager.
- Version update to 1.24.0
  * api-change:``appflow``: Launching Amazon AppFlow SAP as a destination connector SDK.
  * feature:Parser: Adding support for parsing int/long types in rest-json response headers.
  * api-change:``rds``: Adds support for determining which Aurora PostgreSQL versions support
    Babelfish.
  * api-change:``athena``: This release adds a subfield, ErrorType, to the AthenaError response
    object in the GetQueryExecution API when a query fails.
- from version 1.23.54
  * api-change:``ssm``: Documentation updates for AWS Systems Manager.
- from version 1.23.53
  * api-change:``cloudformation``: This SDK release adds AWS CloudFormation Hooks HandlerErrorCodes
  * api-change:``lookoutvision``: This release makes CompilerOptions in Lookout for Vision's
    StartModelPackagingJob's Configuration object optional.
  * api-change:``pinpoint``: This SDK release adds a new paramater creation date for GetApp and
    GetApps Api call
  * api-change:``sns``: Customer requested typo fix in API documentation.
  * api-change:``wafv2``: Adds support for AWS WAF Fraud Control account takeover prevention (ATP),
    with configuration options for the new managed rule group AWSManagedRulesATPRuleSet and support for
    application integration SDKs for Android and iOS mobile apps.
- from version 1.23.52
  * api-change:``cloudformation``: This SDK release is for the feature launch of AWS CloudFormation
    Hooks.
- from version 1.23.51
  * api-change:``kendra``: Amazon Kendra now provides a data source connector for Amazon FSx. For
    more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-fsx.html
  * api-change:``apprunner``: This release adds support for App Runner to route outbound network
    traffic of a service through an Amazon VPC. New API: CreateVpcConnector, DescribeVpcConnector,
    ListVpcConnectors, and DeleteVpcConnector. Updated API: CreateService, DescribeService, and
    UpdateService.
  * api-change:``s3control``: This release adds support for S3 Batch Replication. Batch Replication
    lets you replicate existing objects, already replicated objects to new destinations, and objects
    that previously failed to replicate. Customers will receive object-level visibility of progress and
    a detailed completion report.
  * api-change:``sagemaker``: Autopilot now generates an additional report with information on the
    performance of the best model, such as a Confusion matrix and  Area under the receiver operating
    characteristic (AUC-ROC). The path to the report can be found in CandidateArtifactLocations.
- from version 1.23.50
  * api-change:``auditmanager``: This release updates 3 API parameters.
    UpdateAssessmentFrameworkControlSet now requires the controls attribute, and
    CreateAssessmentFrameworkControl requires the id attribute. Additionally, UpdateAssessmentFramework
    now has a minimum length constraint for the controlSets attribute.
  * api-change:``synthetics``: Adding names parameters to the Describe APIs.
  * api-change:``ssm-incidents``: Update RelatedItem enum to support SSM Automation
  * api-change:``events``: Update events client to latest version
  * enhancement:Lambda Request Header: Adding request header for Lambda recursion detection.
- from version 1.23.49
  * api-change:``athena``: You can now optionally specify the account ID that you expect to be the
    owner of your query results output location bucket in Athena. If the account ID of the query
    results bucket owner does not match the specified account ID, attempts to output to the bucket will
    fail with an S3 permissions error.
  * api-change:``rds``: updates for RDS Custom for Oracle 12.1 support
  * api-change:``lakeformation``: Add support for calling Update Table Objects without a
    TransactionId.
- from version 1.23.48
  * api-change:``ec2``: adds support for AMIs in Recycle Bin
  * api-change:``robomaker``: The release deprecates the use various APIs of RoboMaker Deployment
    Service in favor of AWS IoT GreenGrass v2.0.
  * api-change:``meteringmarketplace``: Add CustomerAWSAccountId to ResolveCustomer API response and
    increase UsageAllocation limit to 2500.
  * api-change:``rbin``: Add EC2 Image recycle bin support.
- from version 1.23.47
  * api-change:``emr``: Update emr client to latest version
  * api-change:``personalize``: Adding minRecommendationRequestsPerSecond attribute to recommender
    APIs.
  * enhancement:Request headers: Adding request headers with retry information.
  * api-change:``appflow``: Launching Amazon AppFlow Custom Connector SDK.
  * api-change:``dynamodb``: Documentation update for DynamoDB Java SDK.
  * api-change:``iot``: This release adds support for configuring AWS IoT logging level per client
    ID, source IP, or principal ID.
  * api-change:``comprehend``: Amazon Comprehend now supports sharing and importing custom trained
    models from one AWS account to another within the same region.
  * api-change:``ce``: Doc-only update for Cost Explorer API that adds INVOICING_ENTITY dimensions
  * api-change:``fis``: Added GetTargetResourceType and ListTargetResourceTypesAPI actions. These
    actions return additional details about resource types and parameters that can be targeted by FIS
    actions. Added a parameters field for the targets that can be specified in experiment templates.
  * api-change:``es``: Allows customers to get progress updates for blue/green deployments
  * api-change:``glue``: Launch Protobuf support for AWS Glue Schema Registry
  * api-change:``elasticache``: Documentation update for AWS ElastiCache
- Version update to 1.23.46
  * api-change:``appconfigdata``: Documentation updates for AWS AppConfig Data.
  * api-change:``athena``: This release adds a field, AthenaError, to the GetQueryExecution response
    object when a query fails.
  * api-change:``appconfig``: Documentation updates for AWS AppConfig
  * api-change:``cognito-idp``: Doc updates for Cognito user pools API Reference.
  * api-change:``secretsmanager``: Feature are ready to release on Jan 28th
  * api-change:``sagemaker``: This release added a new NNA accelerator compilation support for
    Sagemaker Neo.
- from version 1.23.45
  * api-change:``ec2``: X2ezn instances are powered by Intel Cascade Lake CPUs that deliver turbo all
    core frequency of up to 4.5 GHz and up to 100 Gbps of networking bandwidth
  * api-change:``kafka``: Amazon MSK has updated the CreateCluster and UpdateBrokerStorage API that
    allows you to specify volume throughput during cluster creation and broker volume updates.
  * api-change:``connect``: This release adds support for configuring a custom chat duration when
    starting a new chat session via the StartChatContact API. The default value for chat duration is 25
    hours, minimum configurable value is 1 hour (60 minutes) and maximum configurable value is 7 days
    (10,080 minutes).
  * api-change:``amplify``: Doc only update to the description of basicauthcredentials to describe
    the required encoding and format.
  * api-change:``opensearch``: Allows customers to get progress updates for blue/green deployments
- from version 1.23.44
  * api-change:``frauddetector``: Added new APIs for viewing past predictions and obtaining
    prediction metadata including prediction explanations: ListEventPredictions and
    GetEventPredictionMetadata
  * api-change:``ebs``: Documentation updates for Amazon EBS Direct APIs.
  * api-change:``codeguru-reviewer``: Added failure state and adjusted timeout in waiter
  * api-change:``securityhub``: Adding top level Sample boolean field
  * api-change:``sagemaker``: API changes relating to Fail steps in model building pipeline and add
    PipelineExecutionFailureReason in PipelineExecutionSummary.
- from version 1.23.43
  * api-change:``fsx``: This release adds support for growing SSD storage capacity and
    growing/shrinking SSD IOPS for FSx for ONTAP file systems.
  * api-change:``efs``: Update efs client to latest version
  * api-change:``connect``: This release adds support for custom vocabularies to be used with Contact
    Lens. Custom vocabularies improve transcription accuracy for one or more specific words.
  * api-change:``guardduty``: Amazon GuardDuty expands threat detection coverage to protect Amazon
    Elastic Kubernetes Service (EKS) workloads.
- from version 1.23.42
  * api-change:``route53-recovery-readiness``: Updated documentation for Route53 Recovery Readiness
    APIs.
- from version 1.23.41
  * enhancement:Exceptions: ProxyConnectionError previously provided the full proxy URL. User info
    will now be appropriately masked if needed.
  * api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has added support for 4K AV1 output
    resolutions & 10-bit AV1 color, the ability to ingest sidecar Dolby Vision XML metadata files, and
    the ability to flag WebVTT and IMSC tracks for accessibility in HLS.
  * api-change:``transcribe``: Add support for granular PIIEntityTypes when using Batch
    ContentRedaction.
- Version update to 1.23.40
  * api-change:``guardduty``: Amazon GuardDuty findings now include remoteAccountDetails under
    AwsApiCallAction section if instance credential is exfiltrated.
  * api-change:``connect``: This release adds tagging support for UserHierarchyGroups resource.
  * api-change:``mediatailor``: This release adds support for multiple Segment Delivery
    Configurations. Users can provide a list of names and URLs when creating or editing a source
    location. When retrieving content, users can send a header to choose which URL should be used to
    serve content.
  * api-change:``fis``: Added action startTime and action endTime timestamp fields to the
    ExperimentAction object
  * api-change:``ec2``: C6i, M6i and R6i instances are powered by a third-generation Intel Xeon
    Scalable processor (Ice Lake) delivering all-core turbo frequency of 3.5 GHz
- from version 1.23.39
  * api-change:``macie2``: This release of the Amazon Macie API introduces stricter validation of
    requests to create custom data identifiers.
  * api-change:``ec2-instance-connect``: Adds support for ED25519 keys. PushSSHPublicKey Availability
    Zone parameter is now optional. Adds EC2InstanceStateInvalidException for instances that are not
    running. This was previously a service exception, so this may require updating your code to handle
    this new exception.
- from version 1.23.38
  * api-change:``ivs``: This release adds support for the new Thumbnail Configuration property for
    Recording Configurations. For more information see
    https://docs.aws.amazon.com/ivs/latest/userguide/record-to-s3.html
  * api-change:``storagegateway``: Documentation update for adding bandwidth throttling support for
    S3 File Gateways.
  * api-change:``location``: This release adds the CalculateRouteMatrix API which calculates routes
    for the provided departure and destination positions. The release also deprecates the use of
    pricing plan across all verticals.
  * api-change:``cloudtrail``: This release fixes a documentation bug in the description for the
    readOnly field selector in advanced event selectors. The description now clarifies that users omit
    the readOnly field selector to select both Read and Write management events.
  * api-change:``ec2``: Add support for AWS Client VPN client login banner and session timeout.
- from version 1.23.37
  * enhancement:Configuration: Adding support for `defaults_mode` configuration. The `defaults_mode`
    will be used to determine how certain default configuration options are resolved in the SDK.
- from version 1.23.36
  * api-change:``config``: Update ResourceType enum with values for CodeDeploy, EC2 and Kinesis
    resources
  * api-change:``application-insights``: Application Insights support for Active Directory and
    SharePoint
  * api-change:``honeycode``: Added read and write api support for multi-select picklist. And added
    errorcode field to DescribeTableDataImportJob API output, when import job fails.
  * api-change:``ram``: This release adds the ListPermissionVersions API which lists the versions for
    a given permission.
  * api-change:``lookoutmetrics``: This release adds a new DeactivateAnomalyDetector API operation.
- Version update to 1.23.35
  * api-change:``pinpoint``: Adds JourneyChannelSettings to WriteJourneyRequest
  * api-change:``lexv2-runtime``: Update lexv2-runtime client to latest version
  * api-change:``nimble``: Amazon Nimble Studio now supports validation for Launch Profiles. Launch
    Profiles now report static validation results after create/update to detect errors in network or
    active directory configuration.
  * api-change:``glue``: This SDK release adds support to pass run properties when starting a
    workflow run
  * api-change:``ssm``: AWS Systems Manager adds category support for DescribeDocument API
  * api-change:``elasticache``: AWS ElastiCache for Redis has added a new Engine Log LogType in
    LogDelivery feature. You can now publish the Engine Log from your Amazon ElastiCache for Redis
    clusters to Amazon CloudWatch Logs and Amazon Kinesis Data Firehose.
- from version 1.23.34
  * api-change:``lexv2-models``: Update lexv2-models client to latest version
  * api-change:``elasticache``: Doc only update for ElastiCache
  * api-change:``honeycode``: Honeycode is releasing new APIs to allow user to create, delete and
    list tags on resources.
  * api-change:``ec2``: Hpc6a instances are powered by a third-generation AMD EPYC processors (Milan)
    delivering all-core turbo frequency of 3.4 GHz
  * api-change:``fms``: Shield Advanced policies for Amazon CloudFront resources now support
    automatic application layer DDoS mitigation. The max length for SecurityServicePolicyData
    ManagedServiceData is now 8192 characters, instead of 4096.
  * api-change:``pi``: This release adds three Performance Insights APIs. Use
    ListAvailableResourceMetrics to get available metrics, GetResourceMetadata to get feature metadata,
    and ListAvailableResourceDimensions to list available dimensions. The AdditionalMetrics field in
    DescribeDimensionKeys retrieves per-SQL metrics.
- from version 1.23.33
  * api-change:``finspace-data``: Documentation updates for FinSpace.
  * api-change:``rds``: This release adds the db-proxy event type to support subscribing to RDS Proxy
    events.
  * api-change:``ce``: Doc only update for Cost Explorer API that fixes missing clarifications for
    MatchOptions definitions
  * api-change:``kendra``: Amazon Kendra now supports advanced query language and query-less search.
  * api-change:``workspaces``: Introducing new APIs for Workspaces audio optimization with Amazon
    Connect: CreateConnectClientAddIn, DescribeConnectClientAddIns, UpdateConnectClientAddIn and
    DeleteConnectClientAddIn.
  * api-change:``iotevents-data``: This release provides documentation updates for Timer.timestamp in
    the IoT Events API Reference Guide.
  * api-change:``ec2``: EC2 Capacity Reservations now supports RHEL instance platforms (RHEL with SQL
    Server Standard, RHEL with SQL Server Enterprise, RHEL with SQL Server Web, RHEL with HA, RHEL with
    HA and SQL Server Standard, RHEL with HA and SQL Server Enterprise)
- from version 1.23.32
  * api-change:``ec2``: New feature: Updated EC2 API to support faster launching for Windows images.
    Optimized images are pre-provisioned, using snapshots to launch instances up to 65% faster.
  * api-change:``compute-optimizer``: Adds support for new Compute Optimizer capability that makes it
    easier for customers to optimize their EC2 instances by leveraging multiple CPU architectures.
  * api-change:``lookoutmetrics``: This release adds FailureType in the response of
    DescribeAnomalyDetector.
  * api-change:``databrew``: This SDK release adds support for specifying a Bucket Owner for an S3
    location.
  * api-change:``transcribe``: Documentation updates for Amazon Transcribe.
- from version 1.23.31
  * api-change:``medialive``: This release adds support for selecting the Program Date Time (PDT)
    Clock source algorithm for HLS outputs.
- from version 1.23.30
  * api-change:``ec2``: This release introduces On-Demand Capacity Reservation support for Cluster
    Placement Groups, adds Tags on instance Metadata, and includes documentation updates for Amazon EC2.
  * api-change:``mediatailor``: This release adds support for filler slate when updating MediaTailor
    channels that use the linear playback mode.
  * api-change:``opensearch``: Amazon OpenSearch Service adds support for Fine Grained Access Control
    for existing domains running Elasticsearch version 6.7 and above
  * api-change:``iotwireless``: Downlink Queue Management feature provides APIs for customers to
    manage the queued messages destined to device inside AWS IoT Core for LoRaWAN. Customer can view,
    delete or purge the queued message(s). It allows customer to preempt the queued messages and let
    more urgent messages go through.
  * api-change:``es``: Amazon OpenSearch Service adds support for Fine Grained Access Control for
    existing domains running Elasticsearch version 6.7 and above
  * api-change:``mwaa``: This release adds a "/Source"/ field that provides the initiator of an update,
    such as due to an automated patch from AWS or due to modification via Console or API.
  * api-change:``appsync``: AppSync: AWS AppSync now supports configurable batching sizes for AWS
    Lambda resolvers, Direct AWS Lambda resolvers and pipeline functions
- from version 1.23.29
  * api-change:``cloudtrail``: This release adds support for CloudTrail Lake, a new feature that lets
    you run SQL-based queries on events that you have aggregated into event data stores. New APIs have
    been added for creating and managing event data stores, and creating, running, and managing queries
    in CloudTrail Lake.
  * api-change:``iot``: This release adds an automatic retry mechanism for AWS IoT Jobs. You can now
    define a maximum number of retries for each Job rollout, along with the criteria to trigger the
    retry for FAILED/TIMED_OUT/ALL(both FAILED an TIMED_OUT) job.
  * api-change:``ec2``: This release adds a new API called
    ModifyVpcEndpointServicePayerResponsibility which allows VPC endpoint service owners to take payer
    responsibility of their VPC Endpoint connections.
  * api-change:``snowball``: Updating validation rules for interfaces used in the Snowball API to
    tighten security of service.
  * api-change:``lakeformation``: Add new APIs for 3rd Party Support for Lake Formation
  * api-change:``appstream``: Includes APIs for App Entitlement management regarding entitlement and
    entitled application association.
  * api-change:``eks``: Amazon EKS now supports running applications using IPv6 address space
  * api-change:``quicksight``: Multiple Doc-only updates for Amazon QuickSight.
  * api-change:``ecs``: Documentation update for ticket fixes.
  * api-change:``sagemaker``: Amazon SageMaker now supports running training jobs on ml.g5 instance
    types.
  * api-change:``glue``: Add Delta Lake target support for Glue Crawler and 3rd Party Support for
    Lake Formation
- Version update to 1.23.28
  * api-change:``rekognition``: This release introduces a new field IndexFacesModelVersion, which is
    the version of the face detect and storage model that was used when indexing the face vector.
  * api-change:``s3``: Minor doc-based updates based on feedback bugs received.
  * enhancement:JSONFileCache: Add support for __delitem__ in JSONFileCache
  * api-change:``s3control``: Documentation updates for the renaming of Glacier to Glacier Flexible
    Retrieval.
- from version 1.23.27
  * api-change:``sagemaker``: The release allows users to pass pipeline definitions as Amazon S3
    locations and control the pipeline execution concurrency using ParallelismConfiguration. It also
    adds support of EMR jobs as pipeline steps.
  * api-change:``rds``: Multiple doc-only updates for Relational Database Service (RDS)
  * api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has added strength levels to the
    Sharpness Filter and now permits OGG files to be specified as sidecar audio inputs.
  * api-change:``greengrassv2``: This release adds the API operations to manage the Greengrass role
    associated with your account and to manage the core device connectivity information. Greengrass V2
    customers can now depend solely on Greengrass V2 SDK for all the API operations needed to manage
    their fleets.
  * api-change:``detective``: Added and updated API operations to support the Detective integration
    with AWS Organizations. New actions are used to manage the delegated administrator account and the
    integration configuration.
- from version 1.23.26
  * api-change:``nimble``: Amazon Nimble Studio adds support for users to upload files during a
    streaming session using NICE DCV native client or browser.
  * api-change:``chime-sdk-messaging``: The Amazon Chime SDK now supports updating message attributes
    via channel flows
  * api-change:``imagebuilder``: Added a note to infrastructure configuration actions and data types
    concerning delivery of Image Builder event messages to encrypted SNS topics. The key that's used to
    encrypt the SNS topic must reside in the account that Image Builder runs under.
  * api-change:``workmail``: This release allows customers to change their email monitoring
    configuration in Amazon WorkMail.
  * api-change:``transfer``: Property for Transfer Family used with the FTPS protocol. TLS Session
    Resumption provides a mechanism to resume or share a negotiated secret key between the control and
    data connection for an FTPS session.
  * api-change:``lookoutmetrics``: This release adds support for Causal Relationships. Added new
    ListAnomalyGroupRelatedMetrics API operation and InterMetricImpactDetails API data type
  * api-change:``mediaconnect``: You can now use the Fujitsu-QoS protocol for your MediaConnect
    sources and outputs to transport content to and from Fujitsu devices.
  * api-change:``qldb``: Amazon QLDB now supports journal exports in JSON and Ion Binary formats.
    This release adds an optional OutputFormat parameter to the ExportJournalToS3 API.
- from version 1.23.25
  * api-change:``customer-profiles``: This release adds an optional parameter, ObjectTypeNames to the
    PutIntegration API to support multiple object types per integration option. Besides, this release
    introduces Standard Order Objects which contain data from third party systems and each order object
    belongs to a specific profile.
  * api-change:``sagemaker``: This release adds a new ContentType field in AutoMLChannel for
    SageMaker CreateAutoMLJob InputDataConfig.
  * api-change:``forecast``: Adds ForecastDimensions field to the DescribeAutoPredictorResponse
  * api-change:``securityhub``: Added new resource details objects to ASFF, including resources for
    Firewall, and RuleGroup, FirewallPolicy Added additional details for AutoScalingGroup,
    LaunchConfiguration, and S3 buckets.
  * api-change:``location``: Making PricingPlan optional as part of create resource API.
  * api-change:``redshift``: This release adds API support for managed Redshift datashares. Customers
    can now interact with a Redshift datashare that is managed by a different service, such as AWS Data
    Exchange.
  * api-change:``apigateway``: Documentation updates for Amazon API Gateway
  * api-change:``devops-guru``: Adds Tags support to DescribeOrganizationResourceCollectionHealth
  * api-change:``imagebuilder``: This release adds support for importing and exporting VM Images as
    part of the Image Creation workflow via EC2 VM Import/Export.
  * api-change:``datasync``: AWS DataSync now supports FSx Lustre Locations.
  * api-change:``finspace-data``: Make dataset description optional and allow s3 export for dataviews
- Version update to 1.23.24
  * api-change:``secretsmanager``: Documentation updates for Secrets Manager
- from version 1.23.23
  * api-change:``lexv2-models``: Update lexv2-models client to latest version
  * api-change:``network-firewall``: This release adds support for managed rule groups.
  * api-change:``route53-recovery-control-config``: This release adds tagging supports to Route53
    Recovery Control Configuration. New APIs: TagResource, UntagResource and ListTagsForResource.
    Updates: add optional field `tags` to support tagging while calling CreateCluster,
    CreateControlPanel and CreateSafetyRule.
  * api-change:``ec2``: Adds waiters support for internet gateways.
  * api-change:``sms``: This release adds SMS discontinuation information to the API and CLI
    references.
  * api-change:``route53domains``: Amazon Route 53 domain registration APIs now support filtering and
    sorting in the ListDomains API, deleting a domain by using the DeleteDomain API and getting domain
    pricing information by using the ListPrices API.
  * api-change:``savingsplans``: Adds the ability to specify Savings Plans hourly commitments using
    five digits after the decimal point.
- from version 1.23.22
  * api-change:``lookoutvision``: This release adds new APIs for packaging an Amazon Lookout for
    Vision model as an AWS IoT Greengrass component.
  * api-change:``sagemaker``: This release added a new Ambarella device(amba_cv2) compilation support
    for Sagemaker Neo.
  * api-change:``comprehendmedical``: This release adds a new set of APIs (synchronous and batch) to
    support the SNOMED-CT ontology.
  * api-change:``health``: Documentation updates for AWS Health
  * api-change:``logs``: This release adds AWS Organizations support as condition key in destination
    policy for cross account Subscriptions in CloudWatch Logs.
  * api-change:``outposts``: This release adds the UpdateOutpost API.
  * api-change:``support``: Documentation updates for AWS Support.
  * api-change:``iot``: This release allows customer to enable caching of custom authorizer on HTTP
    protocol for clients that use persistent or Keep-Alive connection in order to reduce the number of
    Lambda invocations.
- from version 1.23.21
  * api-change:``location``: This release adds support for Accuracy position filtering, position
    metadata and autocomplete for addresses and points of interest based on partial or misspelled
    free-form text.
  * api-change:``appsync``: AWS AppSync now supports custom domain names, allowing you to associate a
    domain name that you own with an AppSync API in your account.
  * api-change:``route53``: Add PriorRequestNotComplete exception to UpdateHostedZoneComment API
- from version 1.23.20
  * api-change:``rekognition``: This release added new KnownGender types for Celebrity Recognition.
- from version 1.23.19
  * api-change:``ram``: This release adds the ability to use the new ResourceRegionScope parameter on
    List operations that return lists of resources or resource types. This new parameter filters the
    results by letting you differentiate between global or regional resource types.
  * api-change:``networkmanager``: This release adds API support for AWS Cloud WAN.
  * api-change:``amplifyuibuilder``: This release introduces the actions and data types for the new
    Amplify UI Builder API. The Amplify UI Builder API provides a programmatic interface for creating
    and configuring user interface (UI) component libraries and themes for use in Amplify applications.
- from version 1.23.18
  * api-change:``sagemaker``: This release enables - 1/ Inference endpoint configuration
    recommendations and ability to run custom load tests to meet performance needs. 2/ Deploy
    serverless inference endpoints. 3/ Query, filter and retrieve end-to-end ML lineage graph, and
    incorporate model quality/bias detection in ML workflow.
  * api-change:``kendra``: Experience Builder allows customers to build search applications without
    writing code. Analytics Dashboard provides quality and usability metrics for Kendra indexes. Custom
    Document Enrichment allows customers to build a custom ingestion pipeline to pre-process documents
    and generate metadata.
  * api-change:``directconnect``: Adds SiteLink support to private and transit virtual interfaces.
    SiteLink is a new Direct Connect feature that allows routing between Direct Connect points of
    presence.
  * api-change:``lexv2-models``: Update lexv2-models client to latest version
  * api-change:``ec2``: This release adds support for Amazon VPC IP Address Manager (IPAM), which
    enables you to plan, track, and monitor IP addresses for your workloads. This release also adds
    support for VPC Network Access Analyzer, which enables you to analyze network access to resources
    in your Virtual Private Clouds.
  * api-change:``shield``: This release adds API support for Automatic Application Layer DDoS
    Mitigation for AWS Shield Advanced. Customers can now enable automatic DDoS mitigation in count or
    block mode for layer 7 protected resources.
  * api-change:``sagemaker-runtime``: Update sagemaker-runtime client to latest version
  * api-change:``devops-guru``: DevOps Guru now provides detailed, database-specific analyses of
    performance issues and recommends corrective actions for Amazon Aurora database instances with
    Performance Insights turned on. You can also use AWS tags to choose which resources to analyze and
    define your applications.
  * api-change:``dynamodb``: Add support for Table Classes and introduce the Standard Infrequent
    Access table class.
- from version 1.23.17
  * api-change:``s3``: Introduce Amazon S3 Glacier Instant Retrieval storage class and a new setting
    in S3 Object Ownership to disable ACLs for bucket and the objects in it.
  * api-change:``backup-gateway``: Initial release of AWS Backup gateway which enables you to
    centralize and automate protection of on-premises VMware and VMware Cloud on AWS workloads using
    AWS Backup.
  * api-change:``iot``: Added the ability to enable/disable IoT Fleet Indexing for Device Defender
    and Named Shadow information, and search them through IoT Fleet Indexing APIs.
  * api-change:``ec2``: This release adds support for Is4gen and Im4gn instances. This release also
    adds a new subnet attribute, enableLniAtDeviceIndex, to support local network interfaces, which are
    logical networking components that connect an EC2 instance to your on-premises network.
  * api-change:``outposts``: This release adds the SupportedHardwareType parameter to CreateOutpost.
  * api-change:``storagegateway``: Added gateway type VTL_SNOW. Added new SNOWBALL HostEnvironment
    for gateways running on a Snowball device. Added new field HostEnvironmentId to serve as an
    identifier for the HostEnvironment on which the gateway is running.
  * api-change:``kinesis``: Amazon Kinesis Data Streams now supports on demand streams.
  * api-change:``glue``: Support for DataLake transactions
  * api-change:``accessanalyzer``: AWS IAM Access Analyzer now supports policy validation for
    resource policies attached to S3 buckets and access points. You can run additional policy checks by
    specifying the S3 resource type you want to attach to your resource policy.
  * api-change:``lakeformation``: This release adds support for row and cell-based access control in
    Lake Formation. It also adds support for Lake Formation Governed Tables, which support ACID
    transactions and automatic storage optimizations.
  * api-change:``kafka``: This release adds three new V2 APIs. CreateClusterV2 for creating both
    provisioned and serverless clusters. DescribeClusterV2 for getting information about provisioned
    and serverless clusters and ListClustersV2 for listing all clusters (both provisioned and
    serverless) in your account.
  * api-change:``redshift-data``: Data API now supports serverless queries.
  * api-change:``snowball``: Tapeball is to integrate tape gateway onto snowball, it enables customer
    to transfer local data on the tape to snowball,and then ingest the data into tape gateway on the
    cloud.
  * api-change:``workspaces-web``: This is the initial SDK release for Amazon WorkSpaces Web. Amazon
    WorkSpaces Web is a low-cost, fully managed WorkSpace built to deliver secure web-based workloads
    and software-as-a-service (SaaS) application access to users within existing web browsers.
  * api-change:``iottwinmaker``: AWS IoT TwinMaker makes it faster and easier to create, visualize
    and monitor digital twins of real-world systems like buildings, factories and industrial equipment
    to optimize operations. Learn more:
    https://docs.aws.amazon.com/iot-twinmaker/latest/apireference/Welcome.html (New Service) (Preview)
  * api-change:``fsx``: This release adds support for the FSx for OpenZFS file system type, FSx for
    Lustre file systems with the Persistent_2 deployment type, and FSx for Lustre file systems with
    Amazon S3 data repository associations and automatic export policies.
- from version 1.23.16
  * api-change:``s3``: Amazon S3 Event Notifications adds Amazon EventBridge as a destination and
    supports additional event types. The PutBucketNotificationConfiguration API can now skip validation
    of Amazon SQS, Amazon SNS and AWS Lambda destinations.
  * api-change:``wellarchitected``: This update provides support for Well-Architected API users to
    use custom lens features.
  * api-change:``rum``: This is the first public release of CloudWatch RUM
  * api-change:``rbin``: This release adds support for Recycle Bin.
  * api-change:``iotsitewise``: AWS IoT SiteWise now supports retention configuration for the hot
    tier storage.
  * api-change:``compute-optimizer``: Adds support for the enhanced infrastructure metrics paid
    feature. Also adds support for two new sets of resource efficiency metrics, including savings
    opportunity metrics and performance improvement opportunity metrics.
  * api-change:``ecr``: This release adds supports for pull through cache rules and enhanced scanning.
  * api-change:``evidently``: Introducing Amazon CloudWatch Evidently. This is the first public
    release of Amazon CloudWatch Evidently.
  * api-change:``inspector2``: This release adds support for the new Amazon Inspector API. The new
    Amazon Inspector can automatically discover and scan Amazon EC2 instances and Amazon ECR container
    images for software vulnerabilities and unintended network exposure, and report centralized
    findings across multiple AWS accounts.
  * api-change:``ssm``: Added two new attributes to DescribeInstanceInformation called SourceId and
    SourceType along with new string filters SourceIds and SourceTypes to filter instance records.
  * api-change:``ec2``: This release adds support for G5g and M6a instances. This release also adds
    support for Amazon EBS Snapshots Archive, a feature that enables you to archive your EBS snapshots;
    and Recycle Bin, a feature that enables you to protect your EBS snapshots against accidental
    deletion.
  * api-change:``dataexchange``: This release enables providers and subscribers to use Data Set, Job,
    and Asset operations to work with API assets from Amazon API Gateway. In addition, this release
    enables subscribers to use the SendApiAsset operation to invoke a provider's Amazon API Gateway API
    that they are entitled to.
- from version 1.23.15
  * api-change:``migration-hub-refactor-spaces``: This is the initial SDK release for AWS Migration
    Hub Refactor Spaces
  * api-change:``textract``: This release adds support for synchronously analyzing identity documents
    through a new API: AnalyzeID
  * api-change:``personalize-runtime``: This release adds inference support for Recommenders.
  * api-change:``personalize``: This release adds API support for Recommenders and BatchSegmentJobs.
- from version 1.23.14
  * api-change:``autoscaling``: Documentation updates for Amazon EC2 Auto Scaling.
  * api-change:``mgn``: Application Migration Service now supports an additional replication method
    that does not require agent installation on each source server. This option is available for source
    servers running on VMware vCenter versions 6.7 and 7.0.
  * api-change:``ec2``: Documentation updates for EC2.
  * api-change:``iotdeviceadvisor``: Documentation update for Device Advisor GetEndpoint API
  * api-change:``pinpoint``: Added a One-Time Password (OTP) management feature. You can use the
    Amazon Pinpoint API to generate OTP codes and send them to your users as SMS messages. Your apps
    can then call the API to verify the OTP codes that your users input
  * api-change:``outposts``: This release adds new APIs for working with Outpost sites and orders.
- from version 1.23.13
  * api-change:``timestream-query``: Releasing Amazon Timestream Scheduled Queries. It makes
    real-time analytics more performant and cost-effective for customers by calculating and storing
    frequently accessed aggregates, and other computations, typically used in operational dashboards,
    business reports, and other analytics applications
  * api-change:``elasticache``: Doc only update for ElastiCache
  * api-change:``proton``: This release adds APIs for getting the outputs and provisioned stacks for
    Environments, Pipelines, and ServiceInstances.  You can now add tags to
    EnvironmentAccountConnections.  It also adds APIs for working with PR-based provisioning.  Also, it
    adds APIs for syncing templates with a git repository.
  * api-change:``translate``: This release enables customers to use translation settings to mask
    profane words and phrases in their translation output.
  * api-change:``lambda``: Remove Lambda function url apis
  * api-change:``imagebuilder``: This release adds support for sharing AMIs with Organizations within
    an EC2 Image Builder Distribution Configuration.
  * api-change:``customer-profiles``: This release introduces a new auto-merging feature for profile
    matching. The auto-merging configurations can be set via CreateDomain API or UpdateDomain API. You
    can use GetIdentityResolutionJob API and ListIdentityResolutionJobs API to fetch job status.
  * api-change:``autoscaling``: Customers can now configure predictive scaling policies to
    proactively scale EC2 Auto Scaling groups based on any CloudWatch metrics that more accurately
    represent the load on the group than the four predefined metrics. They can also use math
    expressions to further customize the metrics.
  * api-change:``timestream-write``: This release adds support for multi-measure records and magnetic
    store writes. Multi-measure records allow customers to store multiple measures in a single table
    row. Magnetic store writes enable customers to write late arrival data (data with timestamp in the
    past) directly into the magnetic store.
  * api-change:``iotsitewise``: AWS IoT SiteWise now accepts data streams that aren't associated with
    any asset properties. You can organize data by updating data stream associations.
- from version 1.23.12
  * api-change:``redshift``: This release adds support for reserved node exchange with restore/resize
  * api-change:``elasticache``: Adding support for r6gd instances for Redis with data tiering. In a
    cluster with data tiering enabled, when available memory capacity is exhausted, the least recently
    used data is automatically tiered to solid state drives for cost-effective capacity scaling with
    minimal performance impact.
  * api-change:``opensearch``: This release adds an optional parameter dry-run for the
    UpdateDomainConfig API to perform basic validation checks, and detect the deployment type that will
    be required for the configuration change, without actually applying the change.
  * api-change:``backup``: This release adds new opt-in settings for advanced features for DynamoDB
    backups
  * api-change:``iot``: This release introduces a new feature, Managed Job Template, for AWS IoT Jobs
    Service. Customers can now use service provided managed job templates to easily create jobs for
    supported standard job actions.
  * api-change:``iotwireless``: Two new APIs, GetNetworkAnalyzerConfiguration and
    UpdateNetworkAnalyzerConfiguration, are added for the newly released Network Analyzer feature which
    enables customers to view real-time frame information and logs from LoRaWAN devices and gateways.
  * api-change:``workspaces``: Documentation updates for Amazon WorkSpaces
  * api-change:``s3``: Introduce two new Filters to S3 Lifecycle configurations -
    ObjectSizeGreaterThan and ObjectSizeLessThan. Introduce a new way to trigger actions on noncurrent
    versions by providing the number of newer noncurrent versions along with noncurrent days.
  * api-change:``elbv2``: Update elbv2 client to latest version
  * api-change:``macie2``: Documentation updates for Amazon Macie
  * api-change:``ec2``: This release adds a new parameter ipv6Native to the allow creation of
    IPv6-only subnets using the CreateSubnet operation, and the operation ModifySubnetAttribute
    includes new parameters to modify subnet attributes to use resource-based naming and enable DNS
    resolutions for Private DNS name.
  * api-change:``sqs``: Amazon SQS adds a new queue attribute, SqsManagedSseEnabled, which enables
    server-side queue encryption using SQS owned encryption keys.
  * api-change:``ecs``: Documentation update for ARM support on Amazon ECS.
  * api-change:``sts``: Documentation updates for AWS Security Token Service.
  * api-change:``finspace-data``: Update documentation for createChangeset API.
  * api-change:``dynamodb``: DynamoDB PartiQL now supports ReturnConsumedCapacity, which returns
    capacity units consumed by PartiQL APIs if the request specified returnConsumedCapacity parameter.
    PartiQL APIs include ExecuteStatement, BatchExecuteStatement, and ExecuteTransaction.
  * api-change:``lambda``: Release Lambda event source filtering for SQS, Kinesis Streams, and
    DynamoDB Streams.
  * api-change:``iotdeviceadvisor``: This release introduces a new feature for Device Advisor:
    ability to execute multiple test suites in parallel for given customer account. You can use
    GetEndpoint API to get the device-level test endpoint and call StartSuiteRun with
    "/parallelRun=true"/ to run suites in parallel.
  * api-change:``rds``: Adds support for Multi-AZ DB clusters for RDS for MySQL and RDS for
    PostgreSQL.
- from version 1.23.11
  * api-change:``connect``: This release adds support for UpdateContactFlowMetadata,
    DeleteContactFlow and module APIs. For details, see the Release Notes in the Amazon Connect
    Administrator Guide.
  * api-change:``dms``: Added new S3 endpoint settings to allow to convert the current UTC time into
    a specified time zone when a date partition folder is created. Using with 'DatePartitionedEnabled'.
  * api-change:``es``: This release adds an optional parameter dry-run for the
    UpdateElasticsearchDomainConfig API to perform basic validation checks, and detect the deployment
    type that will be required for the configuration change, without actually applying the change.
  * api-change:``ssm``: Adds new parameter to CreateActivation API . This parameter is for "/internal
    use only"/.
  * api-change:``chime-sdk-meetings``: Added new APIs for enabling Echo Reduction with Voice Focus.
  * api-change:``eks``: Adding missing exceptions to RegisterCluster operation
  * api-change:``quicksight``: Add support for Exasol data source, 1 click enterprise embedding and
    email customization.
  * api-change:``cloudformation``: This release include SDK changes for the feature launch of Stack
    Import to Service Managed StackSet.
  * api-change:``rds``: Adds local backup support to Amazon RDS on AWS Outposts.
  * api-change:``braket``: This release adds support for Amazon Braket Hybrid Jobs.
  * api-change:``s3control``: Added Amazon CloudWatch publishing option for S3 Storage Lens metrics.
  * api-change:``finspace-data``: Add new APIs for managing Datasets, Changesets, and Dataviews.
- from version 1.23.10
  * api-change:``lexv2-runtime``: Update lexv2-runtime client to latest version
  * api-change:``cloudformation``: The StackSets ManagedExecution feature will allow concurrency for
    non-conflicting StackSet operations and queuing the StackSet operations that conflict at a given
    time for later execution.
  * api-change:``redshift``: Added support of default IAM role for CreateCluster,
    RestoreFromClusterSnapshot and ModifyClusterIamRoles APIs
  * api-change:``lambda``: Add support for Lambda Function URLs. Customers can use Function URLs to
    create built-in HTTPS endpoints on their functions.
  * api-change:``appstream``: Includes APIs for managing resources for Elastic fleets: applications,
    app blocks, and application-fleet associations.
  * api-change:``medialive``: This release adds support for specifying a SCTE-35 PID on input.
    MediaLive now supports SCTE-35 PID selection on inputs containing one or more active SCTE-35 PIDs.
  * api-change:``batch``: Documentation updates for AWS Batch.
  * api-change:``application-insights``: Application Insights now supports monitoring for HANA
- from version 1.23.9
  * api-change:``ivs``: Add APIs for retrieving stream session information and support for filtering
    live streams by health.  For more information, see
    https://docs.aws.amazon.com/ivs/latest/userguide/stream-health.html
  * api-change:``lambda``: Added support for CLIENT_CERTIFICATE_TLS_AUTH and
    SERVER_ROOT_CA_CERTIFICATE as SourceAccessType for MSK and Kafka event source mappings.
  * api-change:``chime``: Adds new Transcribe API parameters to StartMeetingTranscription, including
    support for content identification and redaction (PII & PHI), partial results stabilization, and
    custom language models.
  * api-change:``chime-sdk-meetings``: Adds new Transcribe API parameters to
    StartMeetingTranscription, including support for content identification and redaction (PII & PHI),
    partial results stabilization, and custom language models.
  * api-change:``lexv2-models``: Update lexv2-models client to latest version
  * api-change:``cloudwatch``: Update cloudwatch client to latest version
  * api-change:``auditmanager``: This release introduces a new feature for Audit Manager: Dashboard
    views. You can now view insights data for your active assessments, and quickly identify
    non-compliant evidence that needs to be remediated.
  * api-change:``databrew``: This SDK release adds the following new features: 1) PII detection in
    profile jobs, 2) Data quality rules, enabling validation of data quality in profile jobs, 3) SQL
    query-based datasets for Amazon Redshift and Snowflake data sources, and 4) Connecting DataBrew
    datasets with Amazon AppFlow flows.
  * api-change:``redshift-data``: Rolling back Data API serverless features until dependencies are
    live.
  * api-change:``kafka``: Amazon MSK has added a new API that allows you to update the connectivity
    settings for an existing cluster to enable public accessibility.
  * api-change:``forecast``: NEW CreateExplanability API that helps you understand how attributes
    such as price, promotion, etc. contributes to your forecasted values; NEW CreateAutoPredictor API
    that trains up to 40% more accurate forecasting model, saves up to 50% of retraining time, and
    provides model level explainability.
  * api-change:``appconfig``: Add Type to support feature flag configuration profiles
- from version 1.23.8
  * api-change:``appconfigdata``: AWS AppConfig Data is a new service that allows you to retrieve
    configuration deployed by AWS AppConfig. See the AppConfig user guide for more details on getting
    started. https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html
  * api-change:``drs``: Introducing AWS Elastic Disaster Recovery (AWS DRS), a new service that
    minimizes downtime and data loss with fast, reliable recovery of on-premises and cloud-based
    applications using affordable storage, minimal compute, and point-in-time recovery.
  * api-change:``apigateway``: Documentation updates for Amazon API Gateway.
  * api-change:``sns``: Amazon SNS introduces the PublishBatch API, which enables customers to
    publish up to 10 messages per API request. The new API is valid for Standard and FIFO topics.
  * api-change:``redshift-data``: Data API now supports serverless requests.
  * api-change:``amplifybackend``: New APIs to support the Amplify Storage category. Add and manage
    file storage in your Amplify app backend.
- from version 1.23.7
  * api-change:``location``: This release adds the support for Relevance, Distance, Time Zone,
    Language and Interpolated Address for Geocoding and Reverse Geocoding.
  * api-change:``cloudtrail``: CloudTrail Insights now supports ApiErrorRateInsight, which enables
    customers to identify unusual activity in their AWS account based on API error codes and their rate.
- from version 1.23.6
  * api-change:``migrationhubstrategy``: AWS SDK for Migration Hub Strategy Recommendations. It
    includes APIs to start the portfolio assessment, import portfolio data for assessment, and to
    retrieve recommendations. For more information, see the AWS Migration Hub documentation at
    https://docs.aws.amazon.com/migrationhub/index.html
  * api-change:``ec2``: Adds a new VPC Subnet attribute "/EnableDns64."/ When enabled on IPv6 Subnets,
    the Amazon-Provided DNS Resolver returns synthetic IPv6 addresses for IPv4-only destinations.
  * api-change:``wafv2``: Your options for logging web ACL traffic now include Amazon CloudWatch Logs
    log groups and Amazon S3 buckets.
  * api-change:``dms``: Add Settings in JSON format for the source GCP MySQL endpoint
  * api-change:``ssm``: Adds support for Session Reason and Max Session Duration for Systems Manager
    Session Manager.
  * api-change:``appstream``: This release includes support for images of AmazonLinux2 platform type.
  * api-change:``eks``: Adding Tags support to Cluster Registrations.
  * api-change:``transfer``: AWS Transfer Family now supports integrating a custom identity provider
    using AWS Lambda
- from version 1.23.5
  * api-change:``ec2``: C6i instances are powered by a third-generation Intel Xeon Scalable processor
    (Ice Lake) delivering all-core turbo frequency of 3.5 GHz. G5 instances feature up to 8 NVIDIA A10G
    Tensor Core GPUs and second generation AMD EPYC processors.
  * api-change:``ssm``: This Patch Manager release supports creating Patch Baselines for RaspberryPi
    OS (formerly Raspbian)
  * api-change:``devops-guru``: Add support for cross account APIs.
  * api-change:``connect``: This release adds APIs for creating and managing scheduled tasks.
    Additionally, adds APIs to describe and update a contact and list associated references.
  * api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has added automatic modes for GOP
    configuration and added the ability to ingest screen recordings generated by Safari on MacOS 12
    Monterey.
- from version 1.23.4
  * api-change:``dynamodb``: Updated Help section for "/dynamodb update-contributor-insights"/ API
  * api-change:``ec2``: This release provides an additional route target for the VPC route table.
  * api-change:``translate``: This release enables customers to import Multi-Directional Custom
    Terminology and use Multi-Directional Custom Terminology in both real-time translation and
    asynchronous batch translation.
- from version 1.23.3
  * api-change:``backup``: AWS Backup SDK provides new options when scheduling backups: select
    supported services and resources that are assigned to a particular tag, linked to a combination of
    tags, or can be identified by a partial tag value, and exclude resources from their assignments.
  * api-change:``ecs``: This release adds support for container instance health.
  * api-change:``resiliencehub``: Initial release of AWS Resilience Hub, a managed service that
    enables you to define, validate, and track the resilience of your applications on AWS
- from version 1.23.2
  * api-change:``batch``: Adds support for scheduling policy APIs.
  * api-change:``health``: Documentation updates for AWS Health.
  * api-change:``greengrassv2``: This release adds support for Greengrass core devices running
    Windows. You can now specify name of a Windows user to run a component.
- from version 1.23.1
  * bugfix:urllib3: Fix NO_OP_TICKET import bug in older versions of urllib3
- from version 1.23.0
  * feature:EndpointResolver: Adding support for resolving modeled FIPS and Dualstack endpoints.
  * feature:``six``: Updated vendored version of ``six`` from 1.10.0 to 1.16.0
  * api-change:``sagemaker``: SageMaker CreateEndpoint and UpdateEndpoint APIs now support additional
    deployment configuration to manage traffic shifting options and automatic rollback monitoring.
    DescribeEndpoint now shows new in-progress deployment details with stage status.
  * api-change:``chime-sdk-meetings``: Updated format validation for ids and regions.
  * api-change:``wafv2``: You can now configure rules to run a CAPTCHA check against web requests
    and, as needed, send a CAPTCHA challenge to the client.
  * api-change:``ec2``: This release adds internal validation on the GatewayAssociationState field
- from version 1.22.12
  * api-change:``ec2``: DescribeInstances now returns customer-owned IP addresses for instances
    running on an AWS Outpost.
  * api-change:``translate``: This release enable customers to use their own KMS keys to encrypt
    output files when they submit a batch transform job.
  * api-change:``resourcegroupstaggingapi``: Documentation updates and improvements.
- from version 1.22.11
  * api-change:``chime-sdk-meetings``: The Amazon Chime SDK Meetings APIs allow software developers
    to create meetings and attendees for interactive audio, video, screen and content sharing in custom
    meeting applications which use the Amazon Chime SDK.
  * api-change:``sagemaker``: ListDevices and DescribeDevice now show Edge Manager agent version.
  * api-change:``connect``: This release adds CRUD operation support for Security profile resource in
    Amazon Connect
  * api-change:``iotwireless``: Adding APIs for the FUOTA (firmware update over the air) and
    multicast for LoRaWAN devices and APIs to support event notification opt-in feature for Sidewalk
    related events. A few existing APIs need to be modified for this new feature.
  * api-change:``ec2``: This release adds a new instance replacement strategy for EC2 Fleet, Spot
    Fleet. Now you can select an action to perform when your instance gets a rebalance notification.
    EC2 Fleet, Spot Fleet can launch a replacement then terminate the instance that received
    notification after a termination delay
- from version 1.22.10
  * api-change:``finspace``: Adds superuser and data-bundle parameters to CreateEnvironment API
  * api-change:``connectparticipant``: This release adds a new boolean attribute - Connect
    Participant - to the CreateParticipantConnection API, which can be used to mark the participant as
    connected.
  * api-change:``datasync``: AWS DataSync now supports Hadoop Distributed File System (HDFS) Locations
  * api-change:``macie2``: This release adds support for specifying the severity of findings that a
    custom data identifier produces, based on the number of occurrences of text that matches the
    detection criteria.
- from version 1.22.9
  * api-change:``cloudfront``: CloudFront now supports response headers policies to add HTTP headers
    to the responses that CloudFront sends to viewers. You can use these policies to add CORS headers,
    control browser caching, and more, without modifying your origin or writing any code.
  * api-change:``connect``: Amazon Connect Chat now supports real-time message streaming.
  * api-change:``nimble``: Amazon Nimble Studio adds support for users to stop and start streaming
    sessions.
- from version 1.22.8
  * api-change:``rekognition``: This Amazon Rekognition Custom Labels release introduces the
    management of datasets with  projects
  * api-change:``networkmanager``: This release adds API support to aggregate resources, routes, and
    telemetry data across a Global Network.
  * api-change:``lightsail``: This release adds support to enable access logging for buckets in the
    Lightsail object storage service.
  * api-change:``neptune``: Adds support for major version upgrades to ModifyDbCluster API
- from version 1.22.7
  * api-change:``transcribe``: Transcribe and Transcribe Call Analytics now support automatic
    language identification along with custom vocabulary, vocabulary filter, custom language model and
    PII redaction.
  * api-change:``application-insights``: Added Monitoring support for SQL Server Failover Cluster
    Instance. Additionally, added a new API to allow one-click monitoring of containers resources.
  * api-change:``rekognition``: This release added new attributes to Rekognition Video
    GetCelebrityRecognition API operations.
  * api-change:``connect``: Amazon Connect Chat now supports real-time message streaming.
  * api-change:``ec2``: Support added for AMI sharing with organizations and organizational units in
    ModifyImageAttribute API
- Version update to 1.22.6
  * api-change:``gamelift``: Added support for Arm-based AWS Graviton2 instances,
    such as M6g, C6g, and R6g.
  * api-change:``ecs``: Amazon ECS now supports running Fargate tasks on Windows
    Operating Systems Families which includes Windows Server 2019 Core and Windows
    Server 2019 Full.
  * api-change:``sagemaker``: This release adds support for RStudio on SageMaker.
  * api-change:``connectparticipant``: This release adds a new boolean attribute
  - Connect Participant - to the CreateParticipantConnection API, which can be
    used to mark the participant as connected.
  * api-change:``ec2``: Added new read-only DenyAllIGWTraffic network interface
    attribute. Added support for DL1 24xlarge instances powered by Habana Gaudi
    Accelerators for deep learning model training workloads
  * api-change:``ssm-incidents``: Updating documentation, adding new field to
    ConflictException to indicate earliest retry timestamp for some operations,
    increase maximum length of nextToken fields
- from version 1.22.5
  * api-change:``autoscaling``: This release adds support for attribute-based
    instance type selection, a new EC2 Auto Scaling feature that lets customers
    express their instance requirements as a set of attributes, such as vCPU,
    memory, and storage.
  * api-change:``ec2``: This release adds: attribute-based instance type selection
    for EC2 Fleet, Spot Fleet, a feature that lets customers express instance
    requirements as attributes like vCPU, memory, and storage; and Spot placement
    score, a feature that helps customers identify an optimal location to run
    Spot workloads.
  * api-change:``eks``: EKS managed node groups now support BOTTLEROCKET_x86_64
    and BOTTLEROCKET_ARM_64 AMI types.
  * api-change:``sagemaker``: This release allows customers to describe one or
    more versioned model packages through BatchDescribeModelPackage, update
    project via UpdateProject, modify and read customer metadata properties
    using Create, Update and Describe ModelPackage and enables cross account
    registration of model packages.
  * enhancement:Session: Added `get_partition_for_region` allowing partition
    lookup by region name.
  * api-change:``textract``: This release adds support for asynchronously analyzing
    invoice and receipt documents through two new APIs: StartExpenseAnalysis and
    GetExpenseAnalysis
- from version 1.22.4
  * api-change:``emr-containers``: This feature enables auto-generation of certificate
    to secure the managed-endpoint and removes the need for customer provided
    certificate-arn during managed-endpoint setup.
  * api-change:``chime-sdk-messaging``: The Amazon Chime SDK now supports push
    notifications through Amazon Pinpoint
  * api-change:``chime-sdk-identity``: The Amazon Chime SDK now supports push
    notifications through Amazon Pinpoint
- from version 1.22.3
  * api-change:``rds``: This release adds support for Amazon RDS Custom, which
    is a new RDS management type that gives you full access to your database
    and operating system.
    For more information, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-custom.html
  * api-change:``auditmanager``: This release introduces a new feature for Audit
    Manager: Custom framework sharing. You can now share your custom frameworks
    with another AWS account, or replicate them into another AWS Region under
    your own account.
  * api-change:``ec2``: This release adds support to create a VPN Connection
    that is not attached to a Gateway at the time of creation. Use this to
    create VPNs associated with Core Networks, or modify your VPN and attach
    a gateway using the modify API after creation.
  * api-change:``route53resolver``: New API for ResolverConfig, which allows
    autodefined rules for reverse DNS resolution to be disabled for a VPC
- from version 1.22.2
  * api-change:``quicksight``: Added QSearchBar option for GenerateEmbedUrlForRegisteredUser
    ExperienceConfiguration to support Q search bar embedding
  * api-change:``auditmanager``: This release introduces character restrictions for
    ControlSet names. We updated regex patterns for the following attributes:
    ControlSet, CreateAssessmentFrameworkControlSet, and UpdateAssessmentFrameworkControlSet.
  * api-change:``chime``: Chime VoiceConnector and VoiceConnectorGroup APIs
    will now return an ARN.
- from version 1.22.1
  * api-change:``connect``: Released Amazon Connect hours of operation API for
    general availability (GA). This API also supports AWS CloudFormation. For
    more information, see Amazon Connect Resource Type Reference in the AWS
    CloudFormation User Guide.
- from version 1.22.0
  * api-change:``appflow``: Feature to add support for  JSON-L format
    for S3 as a source.
  * api-change:``mediapackage-vod``: MediaPackage passes through digital
    video broadcasting (DVB) subtitles into the output.
  * api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has added
    support for specifying caption time delta in milliseconds and the ability
    to apply color range legalization to source content other than AVC video.
  * api-change:``mediapackage``: When enabled, MediaPackage passes through
    digital video broadcasting (DVB) subtitles into the output.
  * api-change:``panorama``: General availability for AWS Panorama. AWS SDK
    for Panorama includes APIs to manage your devices and nodes, and deploy
    computer vision applications to the edge. For more information, see the
    AWS Panorama documentation at http://docs.aws.amazon.com/panorama
  * feature:Serialization: rest-json serialization defaults aligned across AWS SDKs
  * api-change:``directconnect``: This release adds 4 new APIS, which needs to be public able
  * api-change:``securityhub``: Added support for cross-Region finding aggregation,
    which replicates findings from linked Regions to a single aggregation Region.
    Added operations to view, enable, update, and delete the finding aggregation.
- from version 1.21.65
  * api-change:``dataexchange``: This release adds support for our public preview
    of AWS Data Exchange for Amazon Redshift. This enables data providers to list
    products including AWS Data Exchange datashares for Amazon Redshift, giving
    subscribers read-only access to provider data in Amazon Redshift.
  * api-change:``chime-sdk-messaging``: The Amazon Chime SDK now allows developers
    to execute business logic on in-flight messages before they are delivered to
    members of a messaging channel with channel flows.
- from version 1.21.64
  * api-change:``quicksight``: AWS QuickSight Service  Features - Add IP Restriction
    UI and public APIs support.
  * enchancement:AWSCRT: Upgrade awscrt extra to 0.12.5
  * api-change:``ivs``: Bug fix: remove unsupported maxResults and nextToken
    pagination parameters from ListTagsForResource
- from version 1.21.63
  * api-change:``efs``: Update efs client to latest version
  * api-change:``glue``: Enable S3 event base crawler API.
- from version 1.21.62
  * api-change:``elbv2``: Update elbv2 client to latest version
  * api-change:``autoscaling``: Amazon EC2 Auto Scaling now supports filtering
    describe Auto Scaling groups API using tags
  * api-change:``sagemaker``: This release updates the provisioning artifact ID
    to an optional parameter in CreateProject API. The provisioning artifact ID
    defaults to the latest provisioning artifact ID of the product if you don't
    provide one.
  * api-change:``robomaker``: Adding support to GPU simulation jobs as well
    as non-ROS simulation jobs.
- from version 1.21.61
  * api-change:``config``: Adding Config support for AWS::OpenSearch::Domain
  * api-change:``ec2``: This release adds support for additional VPC Flow Logs
    delivery options to S3, such as Apache Parquet formatted files, Hourly
    partitions and Hive-compatible S3 prefixes
  * api-change:``storagegateway``: Adding support for Audit Logs on NFS shares
    and Force Closing Files on SMB shares.
  * api-change:``workmail``: This release adds APIs for adding, removing and
    retrieving details of mail domains
  * api-change:``kinesisanalyticsv2``: Support for Apache Flink 1.13 in Kinesis
    Data Analytics. Changed the required status of some Update properties to better
    fit the corresponding Create properties.
- from version 1.21.60
  * api-change:``cloudsearch``: Adds an additional validation exception for
    Amazon CloudSearch configuration APIs for better error handling.
  * api-change:``ecs``: Documentation only update to address tickets.
  * api-change:``mediatailor``: MediaTailor now supports ad prefetching.
  * api-change:``ec2``: EncryptionSupport for InstanceStorageInfo added
    to DescribeInstanceTypes API
- from version 1.21.59
  * api-change:``elbv2``: Update elbv2 client to latest version
  * bugfix:Signing: SigV4QueryAuth and CrtSigV4QueryAuth now properly respect
    AWSRequest.params while signing boto/botocore (#2521)
  * api-change:``medialive``: This release adds support for Transport Stream
    files as an input type to MediaLive encoders.
  * api-change:``ec2``: Documentation update for Amazon EC2.
  * api-change:``frauddetector``: New model type: Transaction Fraud Insights,
    which is optimized for online transaction fraud. Stored Events, which allows
    customers to send and store data directly within Amazon Fraud Detector.
    Batch Import, which allows customers to upload a CSV file of historic
    event data for processing and storage
- from version 1.21.58
  * api-change:``lexv2-runtime``: Update lexv2-runtime client to latest version
  * api-change:``lexv2-models``: Update lexv2-models client to latest version
  * api-change:``secretsmanager``: Documentation updates for Secrets Manager
  * api-change:``securityhub``: Added new resource details objects to ASFF,
    including resources for WAF rate-based rules, EC2 VPC endpoints, ECR
    repositories, EKS clusters, X-Ray encryption, and OpenSearch domains.
    Added additional details for CloudFront distributions, CodeBuild projects,
    ELB V2 load balancers, and S3 buckets.
  * api-change:``mediaconvert``: AWS Elemental MediaConvert has added the ability
    to set account policies which control access restrictions for HTTP, HTTPS,
    and S3 content sources.
  * api-change:``ec2``: This release removes a requirement for filters on
    SearchLocalGatewayRoutes operations.
- from version 1.21.57
  * api-change:``kendra``: Amazon Kendra now supports indexing and querying
    documents in different languages.
  * api-change:``grafana``: Initial release of the SDK for Amazon Managed Grafana API.
  * api-change:``firehose``: Allow support for Amazon Opensearch Service(successor
    to Amazon Elasticsearch Service) as a Kinesis Data Firehose delivery destination.
  * api-change:``backup``: Launch of AWS Backup Vault Lock, which protects your
    backups from malicious and accidental actions, works with existing backup policies,
    and helps you meet compliance requirements.
  * api-change:``schemas``: Removing unused request/response objects.
  * api-change:``chime``: This release enables customers to configure Chime
    MediaCapturePipeline via API.
- from version 1.21.56
  * api-change:``sagemaker``: This release adds a new TrainingInputMode FastFile
    for SageMaker Training APIs.
  * api-change:``amplifybackend``: Adding a new field 'AmplifyFeatureFlags' to the
    response of the GetBackend operation. It will return a stringified version of
    the cli.json file for the given Amplify project.
  * api-change:``fsx``: This release adds support for Lustre 2.12 to FSx for Lustre.
  * api-change:``kendra``: Amazon Kendra now supports integration with AWS SSO
- from version 1.21.55
  * api-change:``workmail``: This release allows customers to change their inbound
    DMARC settings in Amazon WorkMail.
  * api-change:``location``: Add support for PositionFiltering.
  * api-change:``application-autoscaling``: With this release, Application Auto
    Scaling adds support for Amazon Neptune. Customers can now automatically add
    or remove Read Replicas of their Neptune clusters to keep the average CPU
    Utilization at the target value specified by the customers.
  * api-change:``ec2``: Released Capacity Reservation Fleet, a feature of Amazon
    EC2 Capacity Reservations, which provides a way to manage reserved capacity
    across instance types.
    For more information: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cr-fleets.html
  * api-change:``glue``: This release adds tag as an input of CreateConnection
  * api-change:``backup``: AWS Backup Audit Manager framework report.
- Remove unnecessary dependencies from BuildRequires
- Skip integration tests as these require an internet connection
- Switch package to multibuild and split tests into separate package
- Switch tests from nose to pytest
- Version update to 1.21.54
  * api-change:``codebuild``: CodeBuild now allows you to select how batch
    build statuses are sent to the source provider for a project.
  * api-change:``efs``: Update efs client to latest version
  * api-change:``kms``: Added SDK examples for ConnectCustomKeyStore, CreateCustomKeyStore,
    CreateKey, DeleteCustomKeyStore, DescribeCustomKeyStores, DisconnectCustomKeyStore,
    GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GetPublicKey, ReplicateKey,
    Sign, UpdateCustomKeyStore and Verify APIs
- from version 1.21.53
  * api-change:``synthetics``: CloudWatch Synthetics now enables customers to choose a customer
    managed AWS KMS key or an Amazon S3-managed key instead of an AWS managed key (default)
    for the encryption of artifacts that the canary stores in Amazon S3. CloudWatch Synthetics
    also supports artifact S3 location updation now.
  * api-change:``ssm``: When "/AutoApprovable"/ is true for a Change Template, then specifying
  - -auto-approve (boolean) in Start-Change-Request-Execution will create a change request
    that bypasses approver review. (except for change calendar restrictions)
  * api-change:``apprunner``: This release contains several minor bug fixes.
- from version 1.21.52
  * api-change:``network-firewall``: This release adds support for strict ordering for stateful
    rule groups. Using strict ordering, stateful rules are evaluated in the exact order in which
    you provide them.
  * api-change:``dataexchange``: This release enables subscribers to set up automatic exports of
    newly published revisions using the new EventAction API.
  * api-change:``workmail``: This release adds support for mobile device access overrides management
    in Amazon WorkMail.
  * api-change:``account``: This release of the Account Management API enables customers to manage
    the alternate contacts for their AWS accounts.
    For more information, see https://docs.aws.amazon.com/accounts/latest/reference/accounts-welcome.html
  * api-change:``workspaces``: Added CreateUpdatedWorkspaceImage API to update WorkSpace images with
    latest software and drivers. Updated DescribeWorkspaceImages API to display if there are updates
    available for WorkSpace images.
  * api-change:``cloudcontrol``: Initial release of the SDK for AWS Cloud Control API
  * api-change:``macie2``: Amazon S3 bucket metadata now indicates whether an error or a bucket's
    permissions settings prevented Amazon Macie from retrieving data about the bucket or the bucket's
    objects.
- from version 1.21.51
  * api-change:``lambda``: Adds support for Lambda functions powered by AWS Graviton2 processors.
    Customers can now select the CPU architecture for their functions.
  * api-change:``sesv2``: This release includes the ability to use 2048 bits RSA key pairs for DKIM
    in SES, either with Easy DKIM or Bring Your Own DKIM.
  * api-change:``amp``: This release adds alert manager and rule group namespace APIs
- from version 1.21.50
  * api-change:``transfer``: Added changes for managed workflows feature APIs.
  * api-change:``imagebuilder``: Fix description for AmiDistributionConfiguration Name property,
    which actually refers to the output AMI name. Also updated for consistent terminology to use
    "/base"/ image, and another update to fix description text.
- from version 1.21.49
  * api-change:``appintegrations``: The Amazon AppIntegrations service enables you to configure
    and reuse connections to external applications.
  * api-change:``wisdom``: Released Amazon Connect Wisdom, a feature of Amazon Connect, which provides
    real-time recommendations and search functionality in general availability (GA).
    For more information, see https://docs.aws.amazon.com/wisdom/latest/APIReference/Welcome.html.
  * api-change:``pinpoint``: Added support for journey with contact center activity
  * api-change:``voice-id``: Released the Amazon Voice ID SDK, for usage with the Amazon Connect
    Voice ID feature released for Amazon Connect.
  * api-change:``connect``: This release updates a set of APIs: CreateIntegrationAssociation,
    ListIntegrationAssociations, CreateUseCase, and StartOutboundVoiceContact. You can use it to
    create integrations with Amazon Pinpoint for the Amazon Connect Campaigns use case, Amazon
    Connect Voice ID, and Amazon Connect Wisdom.
  * api-change:``elbv2``: Update elbv2 client to latest version
- from version 1.21.48
  * api-change:``license-manager``: AWS License Manager now allows customers to get the LicenseArn
    in the Checkout API Response.
  * api-change:``ec2``: DescribeInstances now returns Platform Details, Usage Operation, and Usage
    Operation Update Time.
- from version 1.21.47
  * api-change:``mediaconvert``: This release adds style and positioning support for caption or
    subtitle burn-in from rich text sources such as TTML. This release also introduces configurable
    image-based trick play track generation.
  * api-change:``appsync``: Documented the new OpenSearchServiceDataSourceConfig data type. Added
    deprecation notes to the ElasticsearchDataSourceConfig data type.
  * api-change:``ssm``: Added cutoff behavior support for preventing new task invocations from
    starting when the maintenance window cutoff time is reached.
- from version 1.21.46
  * api-change:``imagebuilder``: This feature adds support for specifying GP3 volume throughput and
    configuring instance metadata options for instances launched by EC2 Image Builder.
  * api-change:``wafv2``: Added the regex match rule statement, for matching web requests against
    a single regular expression.
  * api-change:``mediatailor``: This release adds support to configure logs for playback configuration.
  * api-change:``lexv2-models``: Update lexv2-models client to latest version
  * api-change:``iam``: Added changes to OIDC API about not using port numbers in the URL.
  * api-change:``license-manager``: AWS License Manager now allows customers to change their Windows
    Server or SQL license types from Bring-Your-Own-License (BYOL) to License Included or vice-versa
    (using the customer's media).
  * api-change:``mediapackage-vod``: MediaPackage VOD will now return the current processing statuses
    of an asset's endpoints. The status can be QUEUED, PROCESSING, PLAYABLE, or FAILED.
- from version 1.21.45
  * api-change:``comprehend``: Amazon Comprehend now supports versioning of custom models, improved
    training with ONE_DOC_PER_FILE text documents for custom entity recognition, ability to provide
    specific test sets during training, and live migration to new model endpoints.
  * api-change:``iot``: This release adds support for verifying, viewing and filtering AWS IoT Device
    Defender detect violations with four verification states.
  * api-change:``ecr``: This release adds additional support for repository replication
  * api-change:``ec2``: This update adds support for downloading configuration templates using new
    APIs (GetVpnConnectionDeviceTypes and GetVpnConnectionDeviceSampleConfiguration) and Internet
    Key Exchange version 2 (IKEv2) parameters for many popular CGW devices.
- from version 1.21.44
  * api-change:``opensearch``: This release adds an optional parameter in the ListDomainNames API to
    filter domains based on the engine type (OpenSearch/Elasticsearch).
  * api-change:``es``: This release adds an optional parameter in the ListDomainNames API to filter
    domains based on the engine type (OpenSearch/Elasticsearch).
  * api-change:``dms``: Optional flag force-planned-failover added to reboot-replication-instance
    API call. This flag can be used to test a planned failover scenario used during some maintenance
    operations.
- from version 1.21.43
  * api-change:``kafkaconnect``: This is the initial SDK release for Amazon Managed Streaming for
    Apache Kafka Connect (MSK Connect).
  * api-change:``macie2``: This release adds support for specifying which managed data identifiers
    are used by a classification job, and retrieving a list of managed data identifiers that are
    available.
  * api-change:``robomaker``: Adding support to create container based Robot and Simulation
    applications by introducing an environment field
  * api-change:``s3``: Add support for access point arn filtering in S3 CW Request Metrics
  * api-change:``transcribe``: This release adds support for subtitling with Amazon
    Transcribe batch jobs.
  * api-change:``sagemaker``: Add API for users to retry a failed pipeline execution
    or resume a stopped one.
  * api-change:``pinpoint``: This SDK release adds a new feature for Pinpoint campaigns,
    in-app messaging.
- from version 1.21.42
  * api-change:``sagemaker``: This release adds support for "/Project Search"/
  * api-change:``ec2``: This release adds support for vt1 3xlarge, 6xlarge and 24xlarge instances
    powered by Xilinx Alveo U30 Media Accelerators for video transcoding workloads
  * api-change:``wafv2``: This release adds support for including rate based rules in a rule group.
  * api-change:``chime``: Adds support for SipHeaders parameter for CreateSipMediaApplicationCall.
  * api-change:``comprehend``: Amazon Comprehend now allows you to train and run PDF and Word
    documents for custom entity recognition. With PDF and Word formats, you can extract information
    from documents containing headers, lists and tables.
- from version 1.21.41
  * api-change:``iot``: AWS IoT Rules Engine adds OpenSearch action. The OpenSearch rule action
    lets you stream data from IoT sensors and applications to Amazon OpenSearch Service which
    is a successor to Amazon Elasticsearch Service.
  * api-change:``ec2``: Adds support for T3 instances on Amazon EC2 Dedicated Hosts.
  * enhancement:Tagged Unions: Introducing support for the `union` trait on structures in request
    and response objects.
- from version 1.21.40
  * api-change:``cloudformation``: Doc only update for CloudFormation that fixes several
    customer-reported issues.
  * api-change:``rds``: This release adds support for providing a custom timeout value for
    finding a scaling point during autoscaling in Aurora Serverless v1.
  * api-change:``ecr``: This release updates terminology around KMS keys.
  * api-change:``sagemaker``: This release adds support for "/Lifecycle Configurations"/ to
    SageMaker Studio
  * api-change:``transcribe``: This release adds an API option for startTranscriptionJob and
    startMedicalTranscriptionJob that allows the user to specify encryption context key value
    pairs for batch jobs.
  * api-change:``quicksight``: Add new data source type for Amazon OpenSearch
    (successor to Amazon ElasticSearch).
- from version 1.21.39
  * api-change:``emr``: Update emr client to latest version
  * api-change:``codeguru-reviewer``: The Amazon CodeGuru Reviewer API now includes the
    RuleMetadata data object and a Severity attribute on a RecommendationSummary object.
    A RuleMetadata object contains information about a rule that generates a recommendation.
    Severity indicates how severe the issue associated with a recommendation is.
  * api-change:``lookoutequipment``: Added OffCondition parameter to CreateModel API
- from version 1.21.38
  * api-change:``opensearch``: Updated Configuration APIs for Amazon OpenSearch Service
    (successor to Amazon Elasticsearch Service)
  * api-change:``ram``: A minor text-only update that fixes several customer issues.
  * api-change:``kafka``: Amazon MSK has added a new API that allows you to update the
    encrypting and authentication settings for an existing cluster.
- from version 1.21.37
  * api-change:``elasticache``: Doc only update for ElastiCache
  * api-change:``amp``: This release adds tagging support for Amazon Managed Service
    for Prometheus workspace.
  * api-change:``forecast``: Predictor creation now supports selecting an accuracy metric
    to optimize in AutoML and hyperparameter optimization. This release adds additional
    accuracy metrics for predictors - AverageWeightedQuantileLoss, MAPE and MASE.
  * api-change:``xray``: Updated references to AWS KMS keys and customer managed
    keys to reflect current terminology.
  * api-change:``ssm-contacts``: Added SDK examples for SSM-Contacts.
  * api-change:``mediapackage``: SPEKE v2 support for live CMAF packaging type. SPEKE v2
    is an upgrade to the existing SPEKE API to support multiple encryption keys, it supports
    live DASH currently.
  * api-change:``eks``: Adding RegisterCluster and DeregisterCluster operations, to support
    connecting external clusters to EKS.
- from version 1.21.36
  * api-change:``chime-sdk-identity``: Documentation updates for Chime
  * api-change:``chime-sdk-messaging``: Documentation updates for Chime
  * api-change:``outposts``: This release adds a new API CreateOrder.
  * api-change:``frauddetector``: Enhanced GetEventPrediction API response to include
    risk scores from imported SageMaker models
  * api-change:``codeguru-reviewer``: Added support for CodeInconsistencies detectors
- from version 1.21.35
  * api-change:``acm-pca``: Private Certificate Authority Service now allows customers
    to enable an online certificate status protocol (OCSP) responder service on their
    private certificate authorities. Customers can also optionally configure a custom
    CNAME for their OCSP responder.
  * api-change:``s3control``: S3 Multi-Region Access Points provide a single global
    endpoint to access a data set that spans multiple S3 buckets in different AWS Regions.
  * api-change:``accessanalyzer``: Updates service API, documentation, and paginators to
    support multi-region access points from Amazon S3.
  * api-change:``schemas``: This update include the support for Schema Discoverer to
    discover the events sent to the bus from another account. The feature will be enabled
    by default when discoverer is created or updated but can also be opt-in or opt-out
    by specifying the value for crossAccount.
  * api-change:``securityhub``: New ASFF Resources: AwsAutoScalingLaunchConfiguration,
    AwsEc2VpnConnection, AwsEcrContainerImage. Added KeyRotationStatus to AwsKmsKey.
    Added AccessControlList, BucketLoggingConfiguration,BucketNotificationConfiguration
    and BucketNotificationConfiguration to AwsS3Bucket.
  * enhancement:s3: Added support for S3 Multi-Region Access Points
  * api-change:``efs``: Update efs client to latest version
  * api-change:``transfer``: AWS Transfer Family introduces Managed Workflows for creating,
    executing, monitoring, and standardizing post file transfer processing
  * api-change:``ebs``: Documentation updates for Amazon EBS direct APIs.
  * api-change:``quicksight``: This release adds support for referencing parent
    datasets as sources in a child dataset.
  * api-change:``fsx``: Announcing Amazon FSx for NetApp ONTAP, a new service that provides
    fully managed shared storage in the AWS Cloud with the data access and management
    capabilities of ONTAP.
  * enhancement:Signers: Added support for Sigv4a Signing Algorithm
  * api-change:``lex-models``: Lex now supports Korean (ko-KR) locale.
- from version 1.21.34
  * api-change:``ec2``: Added LaunchTemplate support for the IMDS IPv6 endpoint
  * api-change:``cloudtrail``: Documentation updates for CloudTrail
  * api-change:``mediatailor``: This release adds support for wall clock
    programs in LINEAR channels.
  * api-change:``config``: Documentation updates for config
  * api-change:``servicecatalog-appregistry``: Introduction of GetAssociatedResource
    API and GetApplication response extension for Resource Groups support.
- Version update to 1.21.33
  * api-change:iot: Added Create/Update/Delete/Describe/List APIs for a new
    IoT resource named FleetMetric. Added a new Fleet Indexing query API named
    GetBucketsAggregation. Added a new field named DisconnectedReason in Fleet
    Indexing query response. Updated their related documentations.
  * api-change:polly: Amazon Polly adds new South African English voice -
    Ayanda. Ayanda is available as Neural voice only.
  * api-change:compute-optimizer: Documentation updates for Compute Optimizer
  * api-change:sqs: Amazon SQS adds a new queue attribute, RedriveAllowPolicy,
    which includes the dead-letter queue redrive permission parameters. It defines
    which source queues can specify dead-letter queues as a JSON object.
  * api-change:memorydb: Documentation updates for MemoryDB
- from version 1.21.32
  * api-change:codebuild: Documentation updates for CodeBuild
  * api-change:firehose: This release adds the Dynamic Partitioning feature to
    Kinesis Data Firehose service for S3 destinations.
  * api-change:kms: This release has changes to KMS nomenclature to remove the
    word master from both the "/Customer master key"/ and "/CMK"/ abbreviation and
    replace those naming conventions with "/KMS key"/.
  * api-change:cloudformation: AWS CloudFormation allows you to iteratively
    develop your applications when failures are encountered without rolling back
    successfully provisioned resources. By specifying stack failure options, you
    can troubleshoot resources in a CREATE_FAILED or UPDATE_FAILED status.
- from version 1.21.31
  * api-change:s3: Documentation updates for Amazon S3.
  * api-change:emr: Update emr client to latest version
  * api-change:ec2: This release adds the BootMode flag to the ImportImage API
    and showing the detected BootMode of an ImportImage task.
- from version 1.21.30
  * api-change:transcribe: This release adds support for batch transcription
    in six new languages - Afrikaans, Danish, Mandarin Chinese (Taiwan), New
    Zealand English, South African English, and Thai.
  * api-change:rekognition: This release added new attributes to Rekognition
    RecognizeCelebities and GetCelebrityInfo API operations.
  * api-change:ec2: Support added for resizing VPC prefix lists
  * api-change:compute-optimizer: Adds support for 1) the AWS Graviton
    (AWS_ARM64) recommendation preference for Amazon EC2 instance and Auto Scaling
    group recommendations, and 2) the ability to get the enrollment statuses for
    all member accounts of an organization.
- from version 1.21.29
  * api-change:fms: AWS Firewall Manager now supports triggering resource
    cleanup workflow when account or resource goes out of policy scope for AWS WAF,
    Security group, AWS Network Firewall, and Amazon Route 53 Resolver DNS Firewall
    policies.
  * api-change:ec2: Support added for IMDS IPv6 endpoint
  * api-change:datasync: Added include filters to CreateTask and UpdateTask,
    and added exclude filters to StartTaskExecution, giving customers more granular
    control over how DataSync transfers files, folders, and objects.  *
    api-change:events: AWS CWEvents adds an enum of EXTERNAL for EcsParameters
    LaunchType for PutTargets API
- from version 1.21.28
  * api-change:mediaconvert: AWS Elemental MediaConvert SDK has added MBAFF
    encoding support for AVC video and the ability to pass encryption context from
    the job settings to S3.
  * api-change:polly: Amazon Polly adds new New Zealand English voice - Aria.
    Aria is available as Neural voice only.  * api-change:transcribe: This release
    adds support for feature tagging with Amazon Transcribe batch jobs.
  * api-change:ssm: Updated Parameter Store property for logging improvements.
  * api-change:iot-data: Updated Publish with support for new Retain flag and
    added two new API operations: GetRetainedMessage, ListRetainedMessages.
- from version 1.21.27
  * api-change:dms: Amazon AWS DMS service now support Redis target endpoint
    migration. Now S3 endpoint setting is capable to setup features which are used
    to be configurable only in extract connection attributes.
  * api-change:frauddetector: Updated an element of the DescribeModelVersion
    API response (LogitMetrics -> logOddsMetrics) for clarity. Added new exceptions
    to several APIs to protect against unlikely scenarios.
  * api-change:iotsitewise: Documentation updates for AWS IoT SiteWise
  * api-change:dlm: Added AMI deprecation support for Amazon Data Lifecycle
    Manager EBS-backed AMI policies.
  * api-change:glue: Add support for Custom Blueprints
  * api-change:apigateway: Adding some of the pending releases (1) Adding WAF
    Filter to GatewayResponseType enum (2) Ensuring consistent error model for all
    operations (3) Add missing BRE to GetVpcLink operation
  * api-change:backup: AWS Backup - Features: Evaluate your backup activity
    and generate audit reports.
- from version 1.21.26
  * api-change:eks: Adds support for EKS add-ons "/preserve"/ flag, which allows
    customers to maintain software on their EKS clusters after removing it from EKS
    add-ons management.
  * api-change:comprehend: Add tagging support for Comprehend async inference job.
  * api-change:robomaker: Documentation updates for RoboMaker
  * api-change:ec2: encryptionInTransitSupported added to DescribeInstanceTypes API
- from version 1.21.25
  * api-change:ec2: The ImportImage API now supports the ability to create
    AMIs with AWS-managed licenses for Microsoft SQL Server for both Windows and
    Linux.
  * api-change:memorydb: AWS MemoryDB SDK now supports all APIs for newly launched MemoryDB service.
  * api-change:application-autoscaling: This release extends Application Auto
    Scaling support for replication group of Amazon ElastiCache Redis clusters.
    Auto Scaling monitors and automatically expands node group count and number of
    replicas per node group when a critical usage threshold is met or according to
    customer-defined schedule.
  * api-change:appflow: This release adds support for SAPOData connector and
    extends Veeva connector for document extraction.
- from version 1.21.24
  * api-change:codebuild: CodeBuild now allows you to make the build results
    for your build projects available to the public without requiring access to an
    AWS account.
  * api-change:route53: Documentation updates for route53
  * api-change:sagemaker-runtime: Update sagemaker-runtime client to latest version
  * api-change:route53resolver: Documentation updates for Route 53 Resolver
  * api-change:sagemaker: Amazon SageMaker now supports Asynchronous Inference
    endpoints. Adds PlatformIdentifier field that allows Notebook Instance creation
    with different platform selections. Increases the maximum number of containers
    in multi-container endpoints to 15. Adds more instance types to InstanceType
    field.
- from version 1.21.23
  * api-change:cloud9: Added DryRun parameter to CreateEnvironmentEC2 API.
    Added ManagedCredentialsActions parameter to UpdateEnvironment API
  * api-change:ec2: This release adds support for EC2 ED25519 key pairs for authentication
  * api-change:clouddirectory: Documentation updates for clouddirectory
  * api-change:ce: This release is a new feature for Cost Categories: Split
    charge rules. Split charge rules enable you to allocate shared costs between
    your cost category values.
  * api-change:logs: Documentation-only update for CloudWatch Logs
- from version 1.21.22
  * api-change:iotsitewise: AWS IoT SiteWise added query window for the
    interpolation interval. AWS IoT SiteWise computes each interpolated value by
    using data points from the timestamp of each interval minus the window to the
    timestamp of each interval plus the window.
  * api-change:s3: Documentation updates for Amazon S3
  * api-change:codebuild: CodeBuild now allows you to select how batch build
    statuses are sent to the source provider for a project.
  * api-change:ds: This release adds support for describing client authentication settings.
  * api-change:config: Update ResourceType enum with values for Backup Plan,
    Selection, Vault, RecoveryPoint; ECS Cluster, Service, TaskDefinition; EFS
    AccessPoint, FileSystem; EKS Cluster; ECR Repository resources
  * api-change:license-manager: AWS License Manager now allows end users to
    call CheckoutLicense API using new CheckoutType PERPETUAL. Perpetual checkouts
    allow sellers to check out a quantity of entitlements to be drawn down for
    consumption.
- from version 1.21.21
  * api-change:quicksight: Documentation updates for QuickSight.
  * api-change:emr: Update emr client to latest version
  * api-change:customer-profiles: This release introduces Standard Profile
    Objects, namely Asset and Case which contain values populated by data from
    third party systems and belong to a specific profile. This release adds an
    optional parameter, ObjectFilter to the ListProfileObjects API in order to
    search for these Standard Objects.
  * api-change:elasticache: This release adds ReplicationGroupCreateTime field
    to ReplicationGroup which indicates the UTC time when ElastiCache
    ReplicationGroup is created
- from version 1.21.20
  * api-change:sagemaker: Amazon SageMaker Autopilot adds new metrics for all
    candidate models generated by Autopilot experiments.
  * api-change:apigatewayv2: Adding support for ACM imported or private CA
    certificates for mTLS enabled domain names
  * api-change:apigateway: Adding support for ACM imported or private CA
    certificates for mTLS enabled domain names
  * api-change:databrew: This SDK release adds support for the output of a
    recipe job results to Tableau Hyper format.
  * api-change:lambda: Lambda Python 3.9 runtime launch
- from version 1.21.19
  * api-change:snow-device-management: AWS Snow Family customers can remotely
    monitor and operate their connected AWS Snowcone devices.
  * api-change:ecs: Documentation updates for ECS.
  * api-change:nimble: Add new attribute 'ownedBy' in Streaming Session APIs.
    'ownedBy' represents the AWS SSO Identity Store User ID of the owner of the
    Streaming Session resource.
  * api-change:codebuild: CodeBuild now allows you to make the build results
    for your build projects available to the public without requiring access to an
    AWS account.
  * api-change:ebs: Documentation updates for Amazon EBS direct APIs.
  * api-change:route53: Documentation updates for route53
- from version 1.21.18
  * api-change:chime: Add support for "/auto"/ in Region field of StartMeetingTranscription API request.
  * enchancement:Client: Improve client performance by caching _alias_event_name on EventAliaser
- from version 1.21.17
  * api-change:wafv2: This release adds APIs to support versioning
    feature of AWS WAF Managed rule groups
  * api-change:rekognition: This release adds support for four new types of
    segments (opening credits, content segments, slates, and studio logos),
    improved accuracy for credits and shot detection and new filters to control
    black frame detection.
  * api-change:ssm: Documentation updates for AWS Systems Manager.
  - from version 1.21.16
  * api-change:synthetics: Documentation updates for Visual Monitoring feature
    and other doc ticket fixes.
  * api-change:chime-sdk-identity: The Amazon Chime SDK Identity APIs allow
    software developers to create and manage unique instances of their messaging
    applications.
  * api-change:chime-sdk-messaging: The Amazon Chime SDK Messaging APIs allow
    software developers to send and receive messages in custom messaging
    applications.
  * api-change:connect: This release adds support for agent status and hours
    of operation. For details, see the Release Notes in the Amazon Connect
    Administrator Guide.
  * api-change:lightsail: This release adds support to track when a bucket
    access key was last used.
  * api-change:athena: Documentation updates for Athena.
- from version 1.21.15
  * api-change:lexv2-models: Update lexv2-models client to latest version
  * api-change:autoscaling: EC2 Auto Scaling adds configuration checks and
    Launch Template validation to Instance Refresh.
- from version 1.21.14
  * api-change:rds: This release adds AutomaticRestartTime to the
    DescribeDBInstances and DescribeDBClusters operations. AutomaticRestartTime
    indicates the time when a stopped DB instance or DB cluster is restarted
    automatically.
  * api-change:imagebuilder: Updated list actions to include a list of valid
    filters that can be used in the request.
  * api-change:transcribe: This release adds support for call analytics
    (batch) within Amazon Transcribe.
  * api-change:events: Update events client to latest version
  * api-change:ssm-incidents: Documentation updates for Incident Manager.
- from version 1.21.13
  * api-change:redshift: API support for Redshift Data Sharing feature.
  * api-change:iotsitewise: My AWS Service (placeholder) - This release
    introduces custom Intervals and offset for tumbling window in metric for AWS
    IoT SiteWise.
  * api-change:glue: Add ConcurrentModificationException to create-table,
    delete-table, create-database, update-database, delete-database
  * api-change:mediaconvert: AWS Elemental MediaConvert SDK has added control
    over the passthrough of XDS captions metadata to outputs.
  * api-change:proton: Docs only add idempotent create apis
- from version 1.21.12
  * api-change:ssm-contacts: Added new attribute in AcceptCode API.
    AcceptCodeValidation takes in two values - ENFORCE, IGNORE. ENFORCE forces
    validation of accept code and IGNORE ignores it which is also the default
    behavior; Corrected TagKeyList length from 200 to 50
  * api-change:greengrassv2: This release adds support for component system
    resource limits and idempotent Create operations. You can now specify the
    maximum amount of CPU and memory resources that each component can use.
- from version 1.21.11
  * api-change:appsync: AWS AppSync now supports a new authorization mode
    allowing you to define your own authorization logic using an AWS Lambda
    function.
  * api-change:elbv2: Update elbv2 client to latest version
  * api-change:secretsmanager: Add support for KmsKeyIds in the
    ListSecretVersionIds API response
  * api-change:sagemaker: API changes with respect to Lambda steps in model
    building pipelines. Adds several waiters to async Sagemaker Image APIs. Add
    more instance types to AppInstanceType field
- from version 1.21.10
  * api-change:savingsplans: Documentation update for valid Savings Plans offering ID pattern
  * api-change:ec2: This release adds support for G4ad xlarge and 2xlarge
    instances powered by AMD Radeon Pro V520 GPUs and AMD 2nd Generation EPYC
    processors
  * api-change:chime: Adds support for live transcription of meetings with
    Amazon Transcribe and Amazon Transcribe Medical. The new APIs,
    StartMeetingTranscription and StopMeetingTranscription, control the generation
    of user-attributed transcriptions sent to meeting clients via Amazon Chime SDK
    data messages.
  * api-change:iotsitewise: Added support for AWS IoT SiteWise Edge. You can
    now create an AWS IoT SiteWise gateway that runs on AWS IoT Greengrass V2. With
    the gateway, you can collect local server and equipment data, process the data,
    and export the selected data from the edge to the AWS Cloud.
  * api-change:iot: Increase maximum credential duration of role alias to 12 hours.
- from version 1.21.9
  * api-change:sso-admin: Documentation updates for
    arn:aws:trebuchet:::service:v1:03a2216d-1cda-4696-9ece-1387cb6f6952
  * api-change:cloudformation: SDK update to support Importing existing Stacks
    to new/existing Self Managed StackSet - Stack Import feature.
- from version 1.21.8
  * api-change:route53: This release adds support for the RECOVERY_CONTROL
    health check type to be used in conjunction with Route53 Application Recovery
    Controller.
  * api-change:iotwireless: Add SidewalkManufacturingSn as an identifier to
    allow Customer to query WirelessDevice, in the response, AmazonId is added in
    the case that Sidewalk device is return.
  * api-change:route53-recovery-control-config: Amazon Route 53 Application
    Recovery Controller's routing control - Routing Control Configuration APIs help
    you create and delete clusters, control panels, routing controls and safety
    rules. State changes (On/Off) of routing controls are not part of configuration
    APIs.
  * api-change:route53-recovery-readiness: Amazon Route 53 Application
    Recovery Controller's readiness check capability continually monitors resource
    quotas, capacity, and network routing policies to ensure that the recovery
    environment is scaled and configured to take over when needed.
  * api-change:quicksight: Add support to use row-level security with tags
    when embedding dashboards for users not provisioned in QuickSight
  * api-change:iotanalytics: IoT Analytics now supports creating a dataset
    resource with IoT SiteWise MultiLayerStorage data stores, enabling customers to
    query industrial data within the service. This release includes adding JOIN
    functionality for customers to query multiple data sources in a dataset.
  * api-change:shield: Change name of DDoS Response Team (DRT) to Shield Response Team (SRT)
  * api-change:lexv2-models: Update lexv2-models client to latest version
  * api-change:redshift-data: Added structures to support new Data API
    operation BatchExecuteStatement, used to execute multiple SQL statements within
    a single transaction.
  * api-change:route53-recovery-cluster: Amazon Route 53 Application Recovery
    Controller's routing control - Routing Control Data Plane APIs help you update
    the state (On/Off) of the routing controls to reroute traffic across
    application replicas in a 100% available manner.
  * api-change:batch: Add support for ListJob filters
python-hwdata
- Declare the LICENSE file as license and not doc
python-libxml2-python
- Security fixes:
  * [CVE-2022-40303, bsc#1204366] Fix integer overflows with
    XML_PARSE_HUGE
    + Added patch libxml2-CVE-2022-40303.patch
  * [CVE-2022-40304, bsc#1204367] Fix dict corruption caused by
    entity reference cycles
    + Added patch libxml2-CVE-2022-40304.patch
- Security fix: [bsc#1201978, CVE-2016-3709]
  * Cross-site scripting vulnerability after commit 960f0e2
  * Add libxml2-CVE-2016-3709.patch
python-lxml
- add CVE-2022-2309.patch (bsc#1201253, CVE-2022-2309)
python-paramiko
- update to 2.4.3
  * Fix Ed25519 key handling so certain key comment lengths don't cause
    SSHException("/Invalid key"/) (bsc#1200603)
  * Add support for the modern (as of Python 3.3) import location of
    MutableMapping (used in host key management) to avoid the old location
    becoming deprecated in Python 3.8.
- refresh add-support-for-new-OpenSSH-private-key-format.patch
- refresh paramiko-test_extend_timeout.patch
- refresh support-cryptography-25-and-above.patch
  * Fix exploit (CVE-2018-1000805) in Paramiko's server mode (not client mode)
    (bsc#1111151)
python-psutil
- Add patch mem-used-bsc1181475.patch (bsc#1181475)
  * Adopt change of used memory calculation from upstream of procps
python-py
- Update in SLE-15 (bsc#1195916, bsc#1196696, jsc#PM-3356, jsc#SLE-23972)
- Drop CVE-2020-29651.patch, issue fixed upstream in 1.10.0
- Update to 1.10.0
  * Fix a regular expression DoS vulnerability in the py.path.svnwc
    SVN blame functionality (CVE-2020-29651)
- Devendor apipkg and iniconfig
- Add pr_222.patch to activate test suite
- Update to 1.9.0
  * Add type annotation stubs
python-pytz
- update to 2022.1
  * matches tzdata 2022a
  * declare python 3.10 compatibility
- update to 2021.3
  * matches tzdata 2021c
python-urlgrabber
- Fix wrong logic on find_proxy method causing proxy not being used
  (bsc#1201788)
- Added:
  * fix_find_proxy_logic.patch
python3
- Add patch CVE-2021-28861-double-slash-path.patch:
  * http.server: Fix an open redirection vulnerability in the HTTP server
    when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
regionServiceClientConfigEC2
- Update to version 4.1.0 (bsc#1203215)
  + New certs for 52.79.82.165 and 54.247.166.75
rpm
- Support Ed25519 signatures [jsc#SLE-24714]
  * new patch: ed25519.diff
rsync
- Add support for --trust-sender parameter (patch by Jie Gong in
  bsc#1202970). (related to CVE-2022-29154, bsc#1201840)
  * Added patch rsync-CVE-2022-29154-trust-sender-1.patch
  * Added patch rsync-CVE-2022-29154-trust-sender-2.patch
- Apply "/rsync-CVE-2022-29154.patch"/ to fix a security vulnerability
  in the do_server_recv() function. [bsc#1201840, CVE-2022-29154]
rsyslog
- - fix segfault in qDeqLinkedList during shutdown (bsc#1199283)
  * add 0001-queue-Add-NULL-check-in-qDeqLinkedList.patch
ruby2
- Update suse.patch to 41adc98ad1:
  - Cookie Prefix Spoofing in CGI::Cookie.parse (boo#1193081 CVE-2021-41819)
- add back some lost chunks to the suse.patch
runc
- Update to runc v1.1.4. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.4.
  * Fix mounting via wrong proc fd. When the user and mount namespaces are
    used, and the bind mount is followed by the cgroup mount in the spec,
    the cgroup was mounted using the bind mount's mount fd.
  * Switch kill() in libcontainer/nsenter to sane_kill().
  * Fix "/permission denied"/ error from runc run on noexec fs.
  * Fix failed exec after systemctl daemon-reload. Due to a regression
    in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and
    was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded.
    (boo#1202821)
salt
- Handle non-UTF-8 bytes in core grains generation (bsc#1202165)
- Fix Syndic authentication errors (bsc#1199562)
- Add Amazon EC2 detection for virtual grains (bsc#1195624)
- Fix the regression in schedule module releasded in 3004 (bsc#1202631)
- Fix state.apply in test mode with file state module on user/group checking (bsc#1202167)
- Change the delimeters to prevent possible tracebacks on some packages with dpkg_lowpkg
- Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596)
- Fix test_ipc unit test
- Added:
  * fix-the-regression-in-schedule-module-releasded-in-3.patch
  * ignore-non-utf8-characters-while-reading-files-with-.patch
  * backport-syndic-auth-fixes.patch
  * retry-if-rpm-lock-is-temporarily-unavailable-547.patch
  * change-the-delimeters-to-prevent-possible-tracebacks.patch
  * fix-state.apply-in-test-mode-with-file-state-module-.patch
  * fix-test_ipc-unit-tests.patch
  * add-amazon-ec2-detection-for-virtual-grains-bsc-1195.patch
- Add support for gpgautoimport in zypperpkg module
- Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744)
- Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372)
- Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082)
- Add support for name, pkgs and diff_attr parameters to upgrade function for zypper and yum (bsc#1198489)
- Fix ownership of salt thin directory when using the Salt Bundle
- Set default target for pip from VENV_PIP_TARGET environment variable
- Normalize package names once with pkg.installed/removed using yum (bsc#1195895)
- Save log to logfile with docker.build
- Use Salt Bundle in dockermod
- Ignore erros on reading license files with dpkg_lowpkg (bsc#1197288)
- Added:
  * fix-ownership-of-salt-thin-directory-when-using-the-.patch
  * ignore-erros-on-reading-license-files-with-dpkg_lowp.patch
  * save-log-to-logfile-with-docker.build.patch
  * add-support-for-name-pkgs-and-diff_attr-parameters-t.patch
  * fix-salt.states.file.managed-for-follow_symlinks-tru.patch
  * normalize-package-names-once-with-pkg.installed-remo.patch
  * set-default-target-for-pip-from-venv_pip_target-envi.patch
  * fix-jinja2-contextfuntion-base-on-version-bsc-119874.patch
  * use-salt-bundle-in-dockermod.patch
  * fix-62092-catch-zmq.error.zmqerror-to-set-hwm-for-zm.patch
  * add-support-for-gpgautoimport-539.patch
- Fix PAM auth issue due missing check for PAM_ACCT_MGM return value (CVE-2022-22967) (bsc#1200566)
salt-netapi-client
- Declare the LICENSE file as license and not doc
- Adapted for Enterprise Linux 9.
- Version 0.20.0
  * See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.20.0
- Remove:
  * 0001-enable-arrays-in-StateApplyResult-name-bsc-1192550.patch
samba
- CVE-2022-32746: samba: Use-after-free occurring in database
  audit logging; (bso#15009); (bso#15096); (bsc#1201490).
- CVE-2022-32745: samba: ldb: AD users can crash the server
  process with an LDAP add or modify request; (bso#15008);
  (bso#15096); (bsc#1201492).
- CVE-2022-2031: samba, ldb: AD users can bypass certain
  restrictions associated with changing passwords; (bso#15047);
  (bsc#1201495);
- CVE-2022-32742:SMB1 code does not correct verify SMB1write,
  SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
  (bsc#1201496).
- CVE-2022-32744: samba, ldb: AD users can forge password change
  requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- Update to 4.15.8
  * Use pathref fd instead of io fd in vfs_default_durable_cookie;
    (bso#15042);
  * Setting fruit:resource = stream in vfs_fruit causes a panic;
    (bso#15099);
  * Add support for bind 9.18; (bso#14986);
  * logging dsdb audit to specific files does not work; (bso#15076);
  * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
    file had been deleted; (bso#15069);
  * netgroups support removed; (bso#15087); (bsc#1199247);
  * net ads info shows LDAP Server: 0.0.0.0 depending on contacted
    server; (bso#14674); (bsc#1199734);
  * waf produces incorrect names for python extensions with Python
    3.11; (bso#15071);
  * smbclient commands del & deltree fail with
    NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
    (bsc#1200556);
  * vfs_gpfs recalls=no option prevents listing files; (bso#15055);
  * waf produces incorrect names for python extensions with Python
    3.11; (bso#15071);
  * Compile error in source3/utils/regedit_hexedit.c; (bso#15091);
  * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link;
    (bso#15108);
  * smbd doesn't handle UPNs for looking up names; (bso#15054);
  * Out-by-4 error in smbd read reply max_send clamp; (bso#14443);
- Move pdb backends from package samba-libs to package
  samba-client-libs and remove samba-libs requirement from
  samba-winbind; (bsc#1200964); (bsc#1198255);
- Use the canonical realm name to refresh the Kerberos tickets;
  (bsc#1196224); (bso#14979);
- Fix  smbclient commands del & deltree failing with
  NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
  (bsc#1200556).
sg3_utils
- Update to version 1.44~763+22.a121545:
  * Add systemd service files for LUN masking
  (bsc#1099278, bsc#954600)
- Update to version 1.44~763+21.3d16f61:
  * sg_turs: fix exit status when not ready in single case
    (boo#1095671)
- Update to version 1.44~763+20.81dc714:
  * rescan-scsi-bus.sh: add timeout parameter (bsc#1199248)
smdba
- Declare the LICENSE file as license and not doc
- Make EL egginfo removal more generic
snakeyaml
- Upgrade to upstream release 1.31
  * Fixes
    + bsc#1202932 (CVE-2022-25857)
    + bsc#1203149 (CVE-2022-38749)
    + bsc#1203153 (CVE-2022-38751)
    + bsc#1203154 (CVE-2022-38752)
    + bsc#1203158 (CVE-2022-38750)
  * Changes of 1.31
    + Fix #539: false positive CVE-2020-13936 (bsc#1183360)
    + Fix #537: Improved RE for integers
    + Improve restrictions against DoS attacks
    + Fix #525: Restrict nested depth for collections to avoid DoS
    attacks
    + Fix #522: De-serializing key "/on"/ fails with Exception
    + Example with Lombok and ENV variable substitution was added
    + reported issue with trailing TAB
    + fixes for reading and writing comments
  * Changes of 1.30
    + Migrate to new home: snakeyaml/snakeyaml
    + fixes for reading and writing comments
    + Fix #506: Improve parsing a number starting with 0x
  * Changes of 1.29
    + fixes for reading and writing comments
- Modified patches:
  * 0001-replace-bundled-base64coder-with-java.util.Base64.patch
  * 0002-Replace-bundled-gdata-java-client-classes-with-commo.patch
    + rebase
  * Changes of 1.28
    + Add possibility to construct enum with case sensitivity
    + Fix #493: substitution default can contain special characters
    + Add possibility to read and write comments
    + Fix #485: Alias names are too permissive compared to libyaml
    and future spec
  * Changes of 1.27
    + Update #307: add example
    + Add: build with CI on github
    + Fix #481: Serialize anchors that are not used by any alias
    + Fix #416: Improve dumping sequences
    + Fix #480: Anchor allows non ASCII characters while dumping
    + Fix #476: Make constructor of EnvScalarConstructor public
    + Fix #474: Parse the value of byte and short after a narrowing
    primitive conversion
    + Fix yet another OWASP false positive. It complains that the
    Spring controller makes SnakeYAML insecure even though
    SnakeYAML does not use Spring controller and does not depend
    on Spring (but the tests do). Bump spring.version from
    3.2.17.RELEASE to 5.2.4.RELEASE
    + Migrated from hg to git
  * Changes of 1.26
    + Fix #377: Allow configuration for preventing billion laughs
    attack
    + Add: parse ENV variables similar to how it works for
    docker-compose
    + Fix #468: Allow non ASCII characters in the anchor names
    + Add: expose Event.ID in Event via a getter
    + Fix #454: Add example for integer without time pattern
  * Changes of 1.25
    + Fix #441: Restore the way to get anchor for a Node
    + Fix #437: Introduce setting to keep !!str tag for String even
    when it contains non-printable chars
    + Update plugin versions
  * Changes of 1.24
    + BaseConstructor: Factored out postponed mapping logic so
    subclasses can effectively override constructMapping2ndStep()
    and delegate to the postponed mapping logic
    + Fix #431: Customize simple key length when dumping
    + Fix #430: Wrap runtime exceptions into YAMLException.
    + Fix: Null tag constructor not called when parsing top-level
    null value.
    + Fix #429: Provide "/Automatic-Module-Name"/ entry in MANIFEST
    + Fix #426: Fix NPE when duplicate keys are not allowed and the
    key is null
    + Apply pull request #41: Support java.sql classes without the
    need to depend on java.sql module in java9+
    + Update: Java 7 is required.
    + Fix #423: Date Serialization Fails for TimeZones on Daylight
    Savings Time
  * Changes of 1.23
    + Update: run tests under Java 11. This is the last release to
    support Java 6. As of the next release Java 7 will be required.
    + Fix #412: Restore the Boolean constructors for Events and
    Nodes for binary compatibility of dependent projects
    + Fix #411: System Property "/java.runtime.name"/ is not required
    to be defined
    + Fix #409: Dumping Enum breaks when Enum value is Anonymous
    inner class
  * Changes of 1.21
    + Update: Scanner.peekToken() and Scanner.getToken() throw
    exception instead of returning null
    + Update: Enhance output of token IDs
    + Update: Mark - expose buffer and pointer
    + Update: Improvements in the Bitbucket pipeline
    + Fix #397: Plain scalars with colons in flow sequences/mappings
    are valid YAML. This change follows what happens with PyYAML
    and libyaml (thanks to developers from the YAML community)
  * Changes of 1.20
    + Fix #393: Improve reflective access operation to avoid warning
    under Java 9
    + Hold #397: because of the inconsistent corner cases the ':' is
    not yet allowed in a flow context
    + Refactor nodes and events - use enum FlowStyle instead of
    Boolean (minor backwards-incompatible change)
    + Refactor ScalarToken, ScalarNode and ScalarEvent - use enum
    ScalarStyle instead of Character (minor backwards-incompatible
    change)
    + Refactor Mark - remove unused code (minor
    backwards-incompatible change)
    + Fix #395 and #394: Introduce DuplicateKeyException and report
    line number for duplicate keys when creating non-Javabeans
  * Changes of 1.19
    + Apply pull request #22: Only use FIELD access for Android in
    PropertyUtils
    + Apply pull request #27: Add getAnnotations() and
    getAnnotation() methods to Property.
    + Apply pull request #26 and fix #383: Some configuration
    properties of Representer were ignored.
    + Fix issue #386:Fix order of duplicate keys indices to prevent
    wrong removals.
    + Update: major improvement when parsing JavaBeans.
    + Fix issue #382 and #322: MethodProperty should check for
    generic type in getters and setters.
    + Fix issue #377: Add test for billion laughs attack.
    + Fix issue #368: Relax final restriction on TypeDescription.
    + Fix issue #375: Empty YAML file must return null instead of
    throwing an exception when loading a JavaBean.
    + Fix issue #374: Localization settings (e.g. fr_CA) convert
    Number type floats to ints.
    + Apply pull request #20: Provide access to node's anchor
    + Fix issue #370: Remove redundant
    "/Bundle-RequiredExecutionEnvironment: J2SE-1.5"/
    + Fix issue #364: Serializing Calendar objects with certain
    timezone offsets renders invalid YAML
  * Changes of 1.18
    + Add: create Android artifact with android classifier
    + Fix issue #358: Validate DumperOptions to prevent invalid YAML
    to be dumped.
    + Fix issue #355: Fix for emitter to split long plain string
    scalars over multiple lines.
    + Apply pull request #13: Let Mark implement Serializable so
    that ParserException can be serialized
    + Fix issue #337: Throw exception in case of duplicate keys when
    LoaderOptions.allowDuplicateKeys is false.
    + Fix issue #351: Keep same nodes order on merge (preprocess
    keys for MappingNode and remove duplicates keeping the last
    one).
    + Fix issue #349: Ignore white spaces for base64 encoded scalar
    + Fix issue #348: Not removing parent object when composed
    object is an anchor
    + Fix issue #323: Support "/Miscellaneous Symbols and
    Pictographs"/. This fix introduces minor backwards-incompatible
    changes - some of the methods have been renamed. This fixes
    also long standing issue with iOS emoji
    + Fix issue #341: Fix NPE in BaseRepresenter.multiRepresenters
    if it contains 'null' as a key
    + Update plugin versions
spacecmd
- version 4.2.20-1
  * Remove "/Undefined return code"/ from debug messages (bsc#1203283)
- version 4.2.19-1
  * Process date values in spacecmd api calls (bsc#1198903)
  * Show correct help on calling kickstart_importjson with no arguments
  * Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
- version 4.2.18-1
  * on full system update call schedulePackageUpdate API (bsc#1197507)
spacewalk-admin
- version 4.2.12-1
  * Add --help option to mgr-monitoring-ctl
- version 4.2.11-1
  * clarify schema upgrade check message (bsc#1198999)
spacewalk-backend
- version 4.2.25-1
  * Enhance passwords cleanup and add extra files in spacewalk-debug (bsc#1201059)
  * Prevent mixing credentials for proxy and repository server
    while using basic authentication and avoid hiding errors
    i.e. timeouts while having proxy settings issues
    with extra logging in verbose mode (bsc#1201788)
- version 4.2.24-1
  * Make reposync use the configured http proxy with mirrorlist (bsc#1198168)
  * Revert proxy listChannels token caching pr#4548
  * cleanup leftovers from removing unused xmlrpc endpoint
- version 4.2.23-1
  * Fix traceback on calling spacewalk-repo-sync --show-packages
    (bsc#1193238)
  * Fix virt_notify SQL syntax error (bsc#1199528)
  * store create-bootstrap logs in spacewalk-debug
spacewalk-branding
- version 4.2.14-1
  * Stylesheets and relevant assets are now provided by spacewalk-web
spacewalk-certs-tools
- version 4.2.18-1
  * traditional stack bootstrap: install product packages (bsc#1201142)
- version 4.2.17-1
  * use RES bootstrap repo as a fallback for Red Hat downstream OS (bsc#1200087)
spacewalk-client-tools
- version 4.2.21-1
  * Update translation strings
- version 4.2.20-1
  * Update translation strings
- version 4.2.19-1
  * Update translation strings
spacewalk-java
- version 4.2.43-1
  * Fix directory path traversal vulnerability CVE-2022-31255 (bsc#1204543)
  * Fix reflected cross site scripting vulnerability CVE-2022-43754 (bsc#1204741)
  * Fix arbitrary file disclosure vulnerability CVE-2022-43753 (bsc#1204716)
- version 4.2.42-1
  * Properly pass allow vendor change to salt state (bsc#1204203)
  * add ongres requirements to spec file (bsc#1203898)
  * Refresh pillar data (bsc#1197724)
  * Fix hardware update where there is no DNS FQDN changes (bsc#1203611)
  * Use mgrnet.dns_fqdns module to improve FQDN detection (bsc#1199726)
  * Support Pay-as-you-go new CA location for SLES15SP4
    and higher (bsc#1202729)
  * Detect the clients running on Amazon EC2 (bsc#1195624)
- version 4.2.41-1
  * Fixed date format on scheduler related messages (bsc#1195455)
  * Support inherited values for kernel options from Cobbler API (bsc#1199913)
  * Add channel availability check for product migration (bsc#1200296)
  * Check if system has all formulas correctly assigned
    (bsc#1201607)
  * Remove group formula assignements and data on group delete
    (bsc#1201606)
  * Fix sync for external repositories (bsc#1201753)
  * fix state.apply result parsing in test mode (bsc#1201913)
  * Reduce the length of image channel URL (bsc#1201220)
  * Calculate dependencies between cloned channels of vendor channels (bsc#1201626)
  * fix symlinks pointing to ongres-stringprep
  * Modify parameter type when communicating with the search server (bsc#1187028)
  * Fix initial profile and build host on Image Build page (bsc#1199659)
  * Fix the confirm message on the refresh action by adding a link
    to pending actions on it (bsc#1172705)
  * require new salt-netapi-client version
  * Clean grub2 reinstall entry in autoyast snippet (bsc#1199950)
- version 4.2.40-1
  * Fix conflict when system is assigned to multiple instances of
    the same formula (bsc#1194394)
- version 4.2.39-1
  * Keep the websocket connections alive with ping/pong frames (bsc#1199874)
  * Fix missing remote command history events for big output (bsc#1199656)
  * Improve CLM channel cloning performance (bsc#1199523)
  * fix api log message references the wrong user (bsc#1179962)
  * Show patch as installed in CVE Audit even if successor patch affects
    additional packages (bsc#1199646)
  * fix download of packages with caret sign in the version due
    to missing url decode
  * Prefer the Salt Bundle with Cobbler snippets configuration
    (minion_script and redhat_register_using_salt) (bsc#1198646)
  * During re-activation, recalculate grains if
    contact method has been changed (bsc#1199677)
  * Hide authentication data in PAYG UI (bsc#1199679)
  * autoinstallation: missing whitespace after install URL (bsc#1199888)
  * Improved handling of error messages during bootstrapping
  * skip forwarding data to scc if no credentials are available
  * Change system details lock tab name to lock/unlock (bsc#1193032)
  * Added a notification to inform the administrators about the product end-of-life
  * Set profile tag has no-mandatory in XCCDF result (bsc#1194262)
  * provisioning thought proxy should use proxy for self_update (bsc#1199036)
  * Allow removing duplicated packages names in the same Salt action (bsc#1198686)
  * fix NoSuchElementException when pkg install date is missing
  * Improve API documentation
  * Fix outdated documentation and release notes links
  * Fix error message in Kubernetes VHM creation dialog
  * Add createAppStreamFilters() XMLRPC function
  * Correct concurrency error on payg taskomatic task
    for updating certificates (#17783)
  * Fix ACL rules for config diff download for SLS files (bsc#1198914)
  * fix package selection for ubuntu errata install (bsc#1199049)
  * fix invalid link to action schedule
  * add schedulePackageUpdate() XMLRPC function (bsc#1197507)
  * update server needed cache after adding Ubuntu Errata (bsc#1196977)
  * check if file exists before sending it to xsendfile (bsc#1198191)
  * Display usertime instead of server time for clm issue date filter (bsc#1198429)
  * Redesign the auto errata task to schedule combined actions (bsc#1197429)
  * Fix send login(s) and send password actions to avoid user
    enumeration (bsc#1199629) (CVE-2022-31248)
spacewalk-search
- version 4.2.8-1
  * Add methods to handle session id as String
- version 4.2.7-1
  * Update development configuration file
spacewalk-setup
- version 4.2.11-1
  * spacewalk-setup-cobbler assumes /etc/apache2/conf.d now as a
    default instead of /etc/httpd/conf.d (bsc#1198356)
spacewalk-utils
- version 4.2.18-1
  * Make spacewalk-hostname-rename working with settings.yaml
    cobbler config file (bsc#1203564)
- version 4.2.17-1
  * spacewalk-hostname-rename now correctly replaces the hostname for
    the mgr-sync configuration file (bsc#1198356)
  * spacewalk-hostname-rename now utilizes the "/--apache2-conf-dir"/
    flag for spacewalk-setup-cobbler (bsc#1198356)
spacewalk-web
- version 4.2.30-1
  * Upgrade moment-timezone
- version 4.2.29-1
  * Fix packaging issues to address CVE-2021-43138 (bsc#1200480)
  * Upgrade shell-quote to fix CVE-2021-42740, upgrade moment to fix
    CVE-2022-31129
  * Fix table header layout for unselectable tables
  * Fix initial profile and build host on Image Build page (bsc#1199659)
- version 4.2.28-1
  * Stylesheets and relevant assets are now provided by spacewalk-web
  * Remove nodejs-packaging as a build requirement
  * Hide authentication data in PAYG UI (bsc#1199679)
  * Improved handling of error messages during bootstrapping
  * Added support for end of life notifications
  * Improved test integration for dropdowns
  * Upgrade moment to 2.29.2
  * Fix outdated documentation and release notes links
  * Fix mimetype in kubeconfig validation request (bsc#1199019)
sqlite3
- update to 3.39.3:
  * Use a statement journal on DML statement affecting two or more
    database rows if the statement makes use of a SQL functions
    that might abort.
  * Use a mutex to protect the PRAGMA temp_store_directory and
    PRAGMA data_store_directory statements, even though they are
    decremented and documented as not being threadsafe.
- update to 3.39.2:
  * Fix a performance regression in the query planner associated
    with rearranging the order of FROM clause terms in the
    presences of a LEFT JOIN.
  * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
    1345947, forum post 3607259d3c, and other minor problems
    discovered by internal testing. [boo#1201783]
- update to 3.39.1:
  * Fix an incorrect result from a query that uses a view that
    contains a compound SELECT in which only one arm contains a
    RIGHT JOIN and where the view is not the first FROM clause term
    of the query that contains the view
  * Fix a long-standing problem with ALTER TABLE RENAME that can
    only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set
    to a very small value.
  * Fix a long-standing problem in FTS3 that can only arise when
    compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time
    option.
  * Fix the initial-prefix optimization for the REGEXP extension so
    that it works correctly even if the prefix contains characters
    that require a 3-byte UTF8 encoding.
  * Enhance the sqlite_stmt virtual table so that it buffers all of
    its output.
- update to 3.39.0:
  * Add (long overdue) support for RIGHT and FULL OUTER JOIN
  * Add new binary comparison operators IS NOT DISTINCT FROM and
    IS DISTINCT FROM that are equivalent to IS and IS NOT,
    respective, for compatibility with PostgreSQL and SQL standards
  * Add a new return code (value "/3"/) from the sqlite3_vtab_distinct()
    interface that indicates a query that has both DISTINCT and
    ORDER BY clauses
  * Added the sqlite3_db_name() interface
  * The unix os interface resolves all symbolic links in database
    filenames to create a canonical name for the database before
    the file is opened
  * Defer materializing views until the materialization is actually
    needed, thus avoiding unnecessary work if the materialization
    turns out to never be used
  * The HAVING clause of a SELECT statement is now allowed on any
    aggregate query, even queries that do not have a GROUP BY
    clause
  * Many microoptimizations collectively reduce CPU cycles by about
    2.3%.
- drop sqlite-src-3380100-atof1.patch, included upstream
- add sqlite-src-3390000-func7-pg-181.patch to skip float precision
  related test failures on 32 bit
- update to 3.38.5:
  * Fix a blunder in the CLI of the 3.38.4 release
- includes changes from 3.38.4:
  * fix a byte-code problem in the Bloom filter pull-down
    optimization added by release 3.38.0 in which an error in the
    byte code causes the byte code engine to enter an infinite loop
    when the pull-down optimization encounters a NULL key
- update to 3.38.3:
  * Fix a case of the query planner be overly aggressive with
    optimizing automatic-index and Bloom-filter construction,
    using inappropriate ON clause terms to restrict the size of the
    automatic-index or Bloom filter, and resulting in missing rows
    in the output.
  * Other minor patches. See the timeline for details.
- update to 3.38.2:
  * Fix a problem with the Bloom filter optimization that might
    cause an incorrect answer when doing a LEFT JOIN with a WHERE
    clause constraint that says that one of the columns on the
    right table of the LEFT JOIN is NULL.
  * Other minor patches.
- Remove obsolete configure flags
- Package the Tcl bindings here again so that we only ship one copy
  of SQLite (bsc#1195773).
- update to 3.38.1:
  * Fix problems with the new Bloom filter optimization that might
    cause some obscure queries to get an incorrect answer.
  * Fix the localtime modifier of the date and time functions so
    that it preserves fractional seconds.
  * Fix the sqlite_offset SQL function so that it works correctly
    even in corner cases such as when the argument is a virtual
    column or the column of a view.
  * Fix row value IN operator constraints on virtual tables so that
    they work correctly even if the virtual table implementation
    relies on bytecode to filter rows that do not satisfy the
    constraint.
  * Other minor fixes to assert() statements, test cases, and
    documentation. See the source code timeline for details.
- add upstream patch to run atof1 tests only on x86_64
  sqlite-src-3380100-atof1.patch
- update to 3.38.0
  * Add the -> and ->> operators for easier processing of JSON
  * The JSON functions are now built-ins
  * Enhancements to date and time functions
  * Rename the printf() SQL function to format() for better
    compatibility, with alias for backwards compatibility.
  * Add the sqlite3_error_offset() interface for helping localize
    an SQL error to a specific character in the input SQL text
  * Enhance the interface to virtual tables
  * CLI columnar output modes are enhanced to correctly handle tabs
    and newlines embedded in text, and add options like "/--wrap N"/,
    "/--wordwrap on"/, and "/--quote"/ to the columnar output modes.
  * Query planner enhancements using a Bloom filter to speed up
    large analytic queries, and a balanced merge tree to evaluate
    UNION or UNION ALL compound SELECT statements that have an
    ORDER BY clause.
  * The ALTER TABLE statement is changed to silently ignores
    entries in the sqlite_schema table that do not parse when
    PRAGMA writable_schema=ON
- update to 3.37.2:
  * Fix a bug introduced in version 3.35.0 (2021-03-12) that can
    cause database corruption if a SAVEPOINT is rolled back while
    in PRAGMA temp_store=MEMORY mode, and other changes are made,
    and then the outer transaction commits
  * Fix a long-standing problem with ON DELETE CASCADE and ON
    UPDATE CASCADE in which a cache of the bytecode used to
    implement the cascading change was not being reset following a
    local DDL change
- update to 3.37.1:
  * Fix a bug introduced by the UPSERT enhancements of version
    3.35.0 that can cause incorrect byte-code to be generated for
    some obscure but valid SQL, possibly resulting in a NULL-
    pointer dereference.
  * Fix an OOB read that can occur in FTS5 when reading corrupt
    database files.
  * Improved robustness of the --safe option in the CLI.
  * Other minor fixes to assert() statements and test cases.
- SQLite3 3.37.0:
  * STRICT tables provide a prescriptive style of data type
    management, for developers who prefer that kind of thing.
  * When adding columns that contain a CHECK constraint or a
    generated column containing a NOT NULL constraint, the
    ALTER TABLE ADD COLUMN now checks new constraints against
    preexisting rows in the database and will only proceed if no
    constraints are violated.
  * Added the PRAGMA table_list statement.
  * Add the .connection command, allowing the CLI to keep multiple
    database connections open at the same time.
  * Add the --safe command-line option that disables dot-commands
    and SQL statements that might cause side-effects that extend
    beyond the single database file named on the command-line.
  * CLI: Performance improvements when reading SQL statements that
    span many lines.
  * Added the sqlite3_autovacuum_pages() interface.
  * The sqlite3_deserialize() does not and has never worked
    for the TEMP database. That limitation is now noted in the
    documentation.
  * The query planner now omits ORDER BY clauses on subqueries and
    views if removing those clauses does not change the semantics
    of the query.
  * The generate_series table-valued function extension is modified
    so that the first parameter ("/START"/) is now required. This is
    done as a way to demonstrate how to write table-valued
    functions with required parameters. The legacy behavior is
    available using the -DZERO_ARGUMENT_GENERATE_SERIES
    compile-time option.
  * Added new sqlite3_changes64() and sqlite3_total_changes64()
    interfaces.
  * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
  * Use less memory to hold the database schema.
  * bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert
    extension when a column has no collating sequence.
subscription-matcher
- Added Guava maximum version requirement (jsc#SLE-23217)
- Declare the LICENSE file as license and not doc
susemanager
- version 4.2.38-1
  * add venv-salt-minion to bootstrap repo (bsc#1204146)
- version 4.2.37-1
  * mark new dependencies for python-py optional in bootstrap repo
    to fix generation for older service packs (bsc#1203449)
- version 4.2.36-1
  * add missing packages on SLES 15
  * remove server-migrator.sh from SUSE Manager installations (bsc#1202728)
  * mgr-create-bootstrap-repo: flush directory also when called
    for a specific label (bsc#1200573)
  * add missing packages on SLES 12 SP5 bootstrap repo (bsc#1201918)
  * remove python-tornado from bootstrap repo, since no longer
    required for salt version >= 3000
  * add openSUSE 15.4 product (bsc#1201527)
  * add clients tool product to generate bootstrap repo on openSUSE 15.x
    (bsc#1201189)
- version 4.2.35-1
  * Add missing python3-gnupg to Debian10 bootstrap repo (bsc#1201842)
- version 4.2.34-1
  * mgr-sync: Raise a proper exception when duplicated lines exist in a config file (bsc#1182742)
  * add SLED 12 SP3 bootstrap repo definition (bsc#1199438)
- version 4.2.33-1
  * Fix issue with bootstrap repo definitions for RHEL/RES8 variants (bsc#1200863)
susemanager-doc-indexes
- Documented that only SUSE clients are supported as monitoring servers
  in the Administration Guide
- Fixed description of default notification settings (bsc#1203422)
- Added missing Debian 11 references
- Removed references to Debian 9, as it is EoL, and therefore
  unsupported by SUSE Manager
- Document Helm deployment of the proxy on k3s and MetalLB in Installation
  and Upgrade Guide
- Added secure mail communication settings in Administration Guide
- Fixed the incorrect path to state and pillar files in Salt Guide
- Documented how pxeboot works with Secure Boot enabled in Client
  Configuration Guide
- Added SLE Micro 5.2 and 5.3 as available as a technology preview in
  the Client Configuration Guide, and the IBM Z architecture for 5.1,
  5.2, and 5.3
- Documented mandatory channels in the Disconnected Setup chapter of the
  Administration Guide (bsc#1202464)
- Documented how to onboard Ubuntu clients with the Salt bundle as a
  regular user
- Documented how to onboard Debian clients with the Salt bundle or plain Salt
  as a regular user
- Fixed the names of updates channels for Leap
- Fixed errors in OpenSCAP chapter of Administration Guide
- Added exact command to create the bootstrap repo for Salt bundle and about how to disable salt-thin
- Removed CentOS 8 from the list of supported client systems
- Extend the notes about using noexec option for /tmp and /var/tmp (bsc#1201210)
- Reverted single snippet change for two separate books
- Added extend Salt Bundle functionality with Python packages using pip
- Add missing part of the description to enable optional support of the Salt Bundle with Salt SSH
- Added exact command to create the bootstrap repo for salt bundle and about how to disable salt-thin
- Salt Configuration Modules are no longer Technology Preview in Salt Guide.
- Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224)
- Added ports 1232 and 1233 in the Ports section of the Installation and
  Upgrade Guide; required for Salt SSH Push (bnc#1200532)
- In the Custom Channel section of the Administration Guide add a note
  about synchronizing repositories regularly.
- Removed SUSE Linux Enterprise 11 from the list of supported client systems
- Fixed the 'fast' switch ('-f') of the database migration script in
  the Installation and Upgrade Guides
- Updated the Virtualization chapter in the Client Configuration Guide
- Added information about registering RHEL clients on Azure in the Import
  Entitlements and Certificates section of the Client Configuration Guide
  (bsc#1198944)
- In the Client Configuration Guide, package locking is now supported for
  Ubuntu and Debian
- Fixed VisibleIf documentation in the Formula section of the Salt Guide
- Added note about importing CA certifcates in the Installation and Upgrade
  Guide (bsc#1198358)
- Documented how to define monitored targets using the file-based service
  discovery provided in the Prometheus formula of the Salt Guide
- Add note about OpenSCAP security profile support in OpenSCAP section of
  the Administration Guide
- Fixed spacewalk-remove-channel command in Delete Channels section of the
  Administration Guide (bsc#1199596)
- Large deployments guide now includes a mention of the proxy (bsc#1199577)
- Enhanced the Product Migration chapter of the Client Configuration Guide
  with a SUSE Linux Enterprise example
susemanager-docs_en
- Documented that only SUSE clients are supported as monitoring servers
  in the Administration Guide
- Fixed description of default notification settings (bsc#1203422)
- Added missing Debian 11 references
- Removed references to Debian 9, as it is EoL, and therefore
  unsupported by SUSE Manager
- Document Helm deployment of the proxy on k3s and MetalLB in Installation
  and Upgrade Guide
- Added secure mail communication settings in Administration Guide
- Fixed the incorrect path to state and pillar files in Salt Guide
- Documented how pxeboot works with Secure Boot enabled in Client
  Configuration Guide
- Added SLE Micro 5.2 and 5.3 as available as a technology preview in
  the Client Configuration Guide, and the IBM Z architecture for 5.1,
  5.2, and 5.3
- Documented mandatory channels in the Disconnected Setup chapter of the
  Administration Guide (bsc#1202464)
- Documented how to onboard Ubuntu clients with the Salt bundle as a
  regular user
- Documented how to onboard Debian clients with the Salt bundle or plain Salt
  as a regular user
- Fixed the names of updates channels for Leap
- Fixed errors in OpenSCAP chapter of Administration Guide
- Added exact command to create the bootstrap repo for Salt bundle and about how to disable salt-thin
- Removed CentOS 8 from the list of supported client systems
- Extend the notes about using noexec option for /tmp and /var/tmp (bsc#1201210)
- Reverted single snippet change for two separate books
- Added extend Salt Bundle functionality with Python packages using pip
- Add missing part of the description to enable optional support of the Salt Bundle with Salt SSH
- Added exact command to create the bootstrap repo for salt bundle and about how to disable salt-thin
- Salt Configuration Modules are no longer Technology Preview in Salt Guide.
- Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224)
- Added ports 1232 and 1233 in the Ports section of the Installation and
  Upgrade Guide; required for Salt SSH Push (bnc#1200532)
- In the Custom Channel section of the Administration Guide add a note
  about synchronizing repositories regularly.
- Removed SUSE Linux Enterprise 11 from the list of supported client systems
- Fixed the 'fast' switch ('-f') of the database migration script in
  the Installation and Upgrade Guides
- Updated the Virtualization chapter in the Client Configuration Guide
- Added information about registering RHEL clients on Azure in the Import
  Entitlements and Certificates section of the Client Configuration Guide
  (bsc#1198944)
- In the Client Configuration Guide, package locking is now supported for
  Ubuntu and Debian
- Fixed VisibleIf documentation in the Formula section of the Salt Guide
- Added note about importing CA certifcates in the Installation and Upgrade
  Guide (bsc#1198358)
- Documented how to define monitored targets using the file-based service
  discovery provided in the Prometheus formula of the Salt Guide
- Add note about OpenSCAP security profile support in OpenSCAP section of
  the Administration Guide
- Fixed spacewalk-remove-channel command in Delete Channels section of the
  Administration Guide (bsc#1199596)
- Large deployments guide now includes a mention of the proxy (bsc#1199577)
- Enhanced the Product Migration chapter of the Client Configuration Guide
  with a SUSE Linux Enterprise example
susemanager-schema
- version 4.2.25-1
  * Add subtypes for Amazon EC2 virtual instances (bsc#1195624)
- version 4.2.24-1
  * Fix migration of image actions (bsc#1202272)
- version 4.2.23-1
  * Add schema directory for susemanager-schema-4.2.22
susemanager-sls
- version 4.2.28-1
  * Fix mgrnet availability check
  * Remove dependence on Kiwi libraries
  * Use mgrnet.dns_fqdns module to improve FQDN detection (bsc#1199726)
  * Add mgrnet salt module with mgrnet.dns_fqnd function implementation
    allowing to get all possible FQDNs from DNS (bsc#1199726)
- version 4.2.27-1
  * Copy grains file with util.mgr_switch_to_venv_minion state apply
  * Remove the message 'rpm: command not found' on using Salt SSH
    with Debian based systems which has no Salt Bundle
  * Prevent possible tracebacks on calling module.run from mgrcompat
    by setting proper globals with using LazyLoader
  * Fix deploy of SLE Micro CA Certificate (bsc#1200276)
- version 4.2.26-1
  * Fix issue bootstrap issue with Debian 9 because missing python3-contextvars (bsc#1201782)
- version 4.2.25-1
  * use RES bootstrap repo as a fallback for Red Hat downstream OS (bsc#1200087)
  * Add support to packages.pkgremove to deal with duplicated pkg names (bsc#1198686)
  * do not install products and gpg keys when performing distupgrade
    dry-run (bsc#1199466)
  * Fix deprecated warning when getting pillar data (bsc#1192850)
  * remove unknown repository flags on EL
  * add packages.pkgupdate state (bsc#1197507)
- version 4.2.24-1
  * Manage the correct minion config file when venv-salt-minion is installed (bsc#1200703)
  * Fix bootstrapping for Ubuntu 18.04 with classic Salt package (bsc#1200707)
susemanager-sync-data
- version 4.2.13-1
  * change release status of Debian 11 to released
sysconfig
- version 0.85.9
- spec: revert to recommend wicked-service on <= 15.4
- netconfig: remove sed dependency
- netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093)
- netconfig: cleanup /var/run leftovers (bsc#1194557)
- netconfig: update ntp man page documentation, fix typos
- spec: drop legacy migration (from sle11) and rpm-utils
- version 0.85.8
- netconfig: revert NM default policy change change (boo#1185882)
  With the change to the default policy, netconfig with NetworkManager
  as network.service accepted settings from all services/programs
  directly instead only from NetworkManager, where plugins/services
  have to deliver their settings to apply them.
- version 0.85.7
- spec: Drop hard dependency on /sbin/ifup
- spec: Suggest instead of recommend wicked-service
- spec: Mention that the .spec file is in git as well
- Also support service(network) provides
systemd
- Update 1009-Drop-or-soften-some-of-the-deprecation-warnings.patch (jsc#PED-944)
  To decrease log level of messages about use of KillMode=none from warning to
  debug. SAP still uses this deprecated option and the warnings emitted by PID1
  confuse both SAP customers and support.
- Import commit e7211d27e1bd26b976aa74ff620cc22a0267b5b8
  1300e134a0 tmpfiles: check the directory we were supposed to create, not its parent
  e4bb32dc65 stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call
  d8d0c083bd logind: don't delay login for root even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Import commit 0fb88066f5fa4695467e930559776cc3444773ec
  90740ae2aa string-util: explicitly cast character to unsigned
  ca1455c5b9 string-util: fix build error on aarch64
  c0829f98fc basic/escape: escape control characters, but not utf-8, in shell quoting
  387a2e1fbf basic/string-util: simplify how str_realloc() is used
  cdc4d55d22 basic/string-util: inline iterator variable declarations
  d435514c85 basic/string-util: split out helper function
  bdbc4faff5 basic/escape: always escape newlines in shell_escape()
  3eb13063d1 basic/escape: add mode where empty arguments are still shown as "/"/
  08fd20d8fb Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
  ec07c1c46c basic/escape: use consistent location for "/*"/ in function declarations
  074e1b622e Allow control characters in environment variable values (bsc#1200170)
  44e419dcb0 Revert "/basic/env-util: (mostly) follow POSIX for what variable names are allowed"/
  d5756f6f71 test-env-util: Verify that r is disallowed in env var values
  d02bac33d3 basic/env-util: make function shorter
  c68d5f0ba6 basic/env-util: (mostly) follow POSIX for what variable names are allowed
  887c150a04 test-env-util: print function headers
- Import commit 40960e1ccb15071355fd3ee922877ef51f34bdbc
  e6354ebb34 core/device: device_coldplug(): don't set DEVICE_DEAD
  b593249c00 core/device: do not downgrade device state if it is already enumerated
  7b47b3c306 core/device: ignore DEVICE_FOUND_UDEV bit on switching root (bsc#1137373 bsc#1181658 bsc#1194708 bsc#1195157 bsc#1197570)
  912c07c281 core/device: drop unnecessary condition
- fix parsing error in s390 udev rules conversion script (bsc#1198732)
- Call pam_loginuid when creating user@.service (bsc#1198507)
  It's a backport of upstream commit 1000522a60ceade446773c67031b47a566d4a70d.
systemd-presets-common-SUSE
- enable ignition-delete-config by default (bsc#1199524)
- Modify branding-preset-states to fix systemd-presets-common-SUSE
  not enabling new user systemd service preset configuration just
  as it handles system service presets. By passing an (optional)
  second parameter "/user"/, the save/apply-changes commands now
  work with user services instead of system ones (boo#1200485)
- Add the wireplumber user service preset to enable it by default
  in SLE15-SP4 where it replaced pipewire-media-session, but keep
  pipewire-media-session preset so we don't have to branch the
  systemd-presets-common-SUSE package for SP4 (boo#1200485)
tar
- bsc1200657.patch was previously incomplete leading to deadlocks
  * bsc#1202436
  * bsc1200657.patch updated
- Fix race condition while creating intermediate subdirectories,
  bsc#1200657
  * bsc1200657.patch
telnet
- Fix CVE-2022-39028, NULL pointer dereference in telnetd
  (CVE-2022-39028, bsc#1203759)
  CVE-2022-39028.patch
tika-core
- fix new regex DoS in StandardsExtractingContentHandler
  CVE-2022-33879 (bsc#1201217)
- Added: CVE-2022-33879.patch
- fix Regular Expression Denial of Service in Standards Extractor
  CVE-2022-30973, CVE-2022-30126 (bsc#1199604, bsc#1200283)
- Added: CVE-2022-30126.patch
timezone
- Update to reflect new Chile DST change, bsc#1202310
  * bsc1202310.patch
unzip
- Fix CVE-2022-0530, SIGSEGV during the conversion of an utf-8 string
  to a local string (CVE-2022-0530, bsc#1196177)
  * CVE-2022-0530.patch
- Fix CVE-2022-0529, Heap out-of-bound writes and reads during
  conversion of wide string to local string (CVE-2022-0529, bsc#1196180)
  * CVE-2022-0529.patch
util-linux
- su: Change owner and mode for pty (bsc#1200842,
  util-linux-login-move-generic-setting-to-ttyutils.patch,
  util-linux-su-change-owner-and-mode-for-pty.patch).
- mesg: use only stat() to get the current terminal status
  (bsc#1200842, util-linux-mesg-use-only-stat.patch).
- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
  util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
- libmount: When moving a mount point, update all sub mount entries
  in utab (bsc#1198731,
  util-linux-libmount-moving-mount-point-sub-mounts.patch,
  util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
util-linux-systemd
- su: Change owner and mode for pty (bsc#1200842,
  util-linux-login-move-generic-setting-to-ttyutils.patch,
  util-linux-su-change-owner-and-mode-for-pty.patch).
- mesg: use only stat() to get the current terminal status
  (bsc#1200842, util-linux-mesg-use-only-stat.patch).
- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
  util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
- libmount: When moving a mount point, update all sub mount entries
  in utab (bsc#1198731,
  util-linux-libmount-moving-mount-point-sub-mounts.patch,
  util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
uyuni-common-libs
- version 4.2.7-1
  * Do not allow creating path if nonexistent user or group in fileutils.
vim
- Updated to version 9.0 with patch level 0313, fixes the following problems
  * Fixing bsc#1200884 Vim: Error on startup
  * Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32
  * Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37
  * Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37
  * Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl()
  * Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044
  * Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045
  * Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046.
  * Fixing bsc#1201620 PUBLIC SUSE Linux Enterprise Server 15 SP4 Basesystem zbalogh@suse.com NEW --- SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue
  * Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock()
  * Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar()
  * Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char
  * Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote()
  * Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent()
  * Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk()
  * Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both()
  * Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name()
  * Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc()
  * Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len()
  * Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow
  * Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes()
  * Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk()
  * Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite()
  * Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int()
  * Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check()
  * Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs()
  * Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special()
  * Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr()
  * Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand
  * Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line()
  * Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string()
  * Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr()
  * Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput()
  * Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails()
  * Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet()
  * Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function()
  * Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len()
  * Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar()
  * Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c
  * Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240
  * Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval
  * Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00
virtual-host-gatherer
- Declare the LICENSE file as license and not doc
woodstox
- Declare the LICENSE file as license and not doc
xen
- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may
  take excessively long (XSA-410)
  xsa410-01.patch
  xsa410-02.patch
  xsa410-03.patch
  xsa410-04.patch
  xsa410-05.patch
  xsa410-06.patch
  xsa410-07.patch
  xsa410-08.patch
  xsa410-09.patch
  xsa410-10.patch
- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in
  transitive grant copy handling (XSA-411)
  xsa411.patch
- bsc#1197081 - dom0 fails to boot with constrained vcpus and nodes
  62f4cfee-sched-setup-dom0-vCPU-affinity-once.patch
- Upstream bug fixes (bsc#1027519)
  62d65105-x86-spec-ctrl-MD_CLEAR-reporting.patch
  62d807c1-x86-suppress-MMX.patch
  62ecfc08-VMX-use-IST-RSB-protection.patch
  62f27ebd-x86-expose-more-MSR_ARCH_CAPS-to-hwdom.patch
  62f51e16-x86-spec-ctrl-enum-PBRSB_NO.patch
  62f523da-AMD-setup_force_cpu_cap-BSP-only.patch
- bsc#1200762 - VUL-0: CVE-2022-26365,CVE-2022-33740,
  CVE-2022-33741,CVE-2022-33742: xen: Linux disk/nic frontends data
  leaks (XSA-403)
  xsa403.patch
- bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush
  for x86 PV guests in shadow mode (XSA-408)
  62dfe40a-x86-mm-gpt-TLB-flush-condition.patch
- Drop patch replaced by upstream version
  xsa408.patch
- bsc#1185104 - VUL-0: CVE-2021-28689: xen: x86: Speculative
  vulnerabilities with bare (non-shim) 32-bit PV guests (XSA-370)
  Part of already released 4.14.5 tarball
- bsc#1167608, bsc#1201631 - fix built-in default of max_event_channels
  A previous change to the built-in default had a logic error,
  effectively restoring the upstream limit of 1023 channels per domU.
  Fix the logic to calculate the default based on the number of vcpus.
  adjust libxl.max_event_channels.patch
- bsc#1199965 - VUL-0: CVE-2022-26362: xen: Race condition
  in typeref acquisition
  62a1e594-x86-clean-up-_get_page_type.patch
  62a1e5b0-x86-ABAC-race-in-_get_page_type.patch
- bsc#1199966 - VUL-0: CVE-2022-26363,CVE-2022-26364: xen:
  Insufficient care with non-coherent mappings
  62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch
  62a1e5f0-x86-dont-change-cacheability-of-directmap.patch
  62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch
  62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch
  62a1e649-x86-track-and-flush-non-coherent.patch
- bsc#1200549 VUL-0: CVE-2022-21123,CVE-2022-21125,CVE-2022-21166:
  xen: x86: MMIO Stale Data vulnerabilities (XSA-404)
  62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch
  62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch
  62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch
- bsc#1201469 - VUL-0: CVE-2022-23816,CVE-2022-23825,CVE-2022-29900:
  xen: retbleed - arbitrary speculative code execution with return
  instructions (XSA-407)
  62cc31ee-cmdline-extend-parse_boolean.patch
  62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch
  62cd91d0-x86-spec-ctrl-rework-context-switching.patch
  62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch
  62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch
  62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
  62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch
  62cd91d5-x86-cpuid-BTC_NO-enum.patch
  62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch
  62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch
- Upstream bug fixes (bsc#1027519)
  62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch
  62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch
- Drop patches replaced by upstream versions
  xsa401-1.patch
  xsa401-2.patch
  xsa402-1.patch
  xsa402-2.patch
  xsa402-3.patch
  xsa402-4.patch
  xsa402-5.patch
- bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush
  for x86 PV guests in shadow mode (XSA-408)
  xsa408.patch
xmlpull-api
- Declare the LICENSE file as license and not doc
yast2-update
- Use the "/norecovery"/ mount option when searching the root
  partitions (bsc#1195894)
- 4.3.4
zlib
- Fix heap-based buffer over-read or buffer overflow in inflate via
  large gzip header extra field (bsc#1202175, CVE-2022-37434,
  CVE-2022-37434-extra-header-1.patch,
  CVE-2022-37434-extra-header-2.patch).
zypper
- BuildRequires:  libzypp-devel >= 17.31.2.
- Fix --[no]-allow-vendor-change feedback in install command
  (bsc#1201972)
- version 1.14.57
- UsrEtc: Store logrotate files in %{_distconfdir} if defined
  (fixes #441, fixes #444)
- Remove unneeded code to compute the PPP status.
  Since libzypp 17.23.0 the PPP status is auto established. No
  extra solver run is needed.
- Make sure 'up' respects solver related CLI options (bsc#1201972)
- Fix tests to use locale "/C.UTF-8"/ rather than "/en_US"/.
- Fix man page (fixes #451)
- version 1.14.56
- lr: Allow shortening the Name column if table is wider than the
  terminal (bsc#1201638)
- Don't accepts install/remove modifier without argument
  (bsc#1201576)
- zypper-download: Set correct ExitInfoCode when failing to
  resolve argument.
- zypper-download: Handle unresolvable arguments as error.
  This commit changes zypper-download such that it behaves more
  consistent to zypper-install when an argument can't be resolved.
- version 1.14.55
- Fix building with GCC 13 (fixes #448)
- Put signing key supplying repository name in quotes.
- version 1.14.54
- Basic JobReport for "/cmdout/monitor"/.
- versioncmp: if verbose, also print the edition 'parts' which are
  compared.
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally (fixes #433)
- Honor the NO_COLOR environment variable when auto-detecting
  whether to use color (fixes #432)
- Define table columns which should be sorted natural [case
  insensitive] (fixes #391, closes #396, fixes #424)
- lr/ls: Use highlight color on name and alias as well.
- version 1.14.53