amazon-ssm-agent
- Add patch to fix proxy bypass using IPv6 zone IDs in golang.org/x/net
  * CVE-2025-22870.patch (bsc#1238702, CVE-2025-22870)
apache-commons-cli
- Update to 1.9.0
  * New features
    + Add OptionGroup.isSelected().
    + You can now extend HelpFormatter.Builder.
    + Add 'since' attribute to Option to track when an Option was
    introduced #292
  * Fixed bugs
    + CLI-334:  Fix Javadoc pathing #280.
    + CLI-335:  Updated properties documentation #285.
    + CLI-336:  Deprecation not always reported #284.
    + Replace internal StringBuffer with StringBuilder.
  * Updates
    + Bump org.apache.commons:commons-parent from 70 to 72 #283.

- Update to 1.8.0
  * Fix Javadoc pathing #280. Fixes CLI-334.
- Revised CLI-253-workaround.patch for compatibility with 1.8.0

- Rebased patch CLI-253-workaround.patch to new version.
- Updated apache-commons-cli-build.xml to new version.
- Update to 1.7:
  * New features:
  - Add and use a Converter interface and implementations without
    using BeanUtils #216. Fixes CLI-321. Thanks to Claude Warren,
    Gary Gregory.
  - Add Maven property project.build.outputTimestamp for build
    reproducibility. Thanks to Gary Gregory.
  - Add '-' as an option char and implemented extensive tests
    [#217]. Fixes CLI-322. Thanks to Claude Warren, Gary Gregory.
  - Make adding OptionGroups and Options to existing Options
    easier #230. Fixes CLI-324. Thanks to Claude Warren, Gary
    Gregory.
  - Added Supplier<T> defaults for getParsedOptionValue #229.
    Fixes CLI-323. Thanks to Claude Warren, Gary Gregory.
  - Make Option.getKey() public #239. Fixes CLI-326. Thanks to
    Claude Warren, Gary Gregory.
  - Add builder factory CommandLine#builder(). Thanks to Claude
    Warren, Gary Gregory.
  * Fixes:
  - Inconsistent behavior in key/value pairs (Java property
    style). Fixes CLI-312. Thanks to Claude Warren, Gary Gregory.
  - Avoid NullPointerException in
    Util.stripLeadingAndTrailingQuotes(String). Thanks to Gary
    Gregory.
  - Awkward behavior of Option.builder() for multiple optional
    args. Fixes CLI-320. Thanks to Paul King, Claude Warren.
  - Properties from multiple arguments with value separator.
    [#237]. Fixes CLI-325. Thanks to Claude Warren.
  - Fix for expected textual date values. #244. Fixes CLI-327.
    Thanks to Claude Warren, Gary Gregory.
  - Option.Builder.option("") should throw
    IllegalArgumentException instead of
    ArrayIndexOutOfBoundsException. Thanks to Gary Gregory.
  - Avoid NullPointerException in
    CommandLine.getOptionValues(Option|String). Thanks to Gary
    Gregory.
  * Updates:
  - Bump commons-parent from 64 to 69 #256. Thanks to Gary
    Gregory.
  - Update the tests to JUnit 5 #238. Thanks to Elric, Gary
    Gregory.
  - Bump tests commons-io:commons-io from 2.16.0 to 2.16.1 #258.
    Thanks to Dependabot, Gary Gregory.
- Includes changes from version 1.6:
  * Fixes:
  - [StepSecurity] ci: Harden GitHub Actions #176. Thanks to
    step-security-bot, Gary Gregory.
  - Inconsistent date format in changes report. Fixes CLI-318.
    Thanks to Alexander Veit, Gary Gregory.
  - Fix NPE in CommandLine.resolveOption(String). Fixes CLI-283.
    Thanks to Dilraj Singh, Gary Gregory.
  - CommandLine.addOption(Option) should not allow a null Option.
    Fixes CLI-283. Thanks to Dilraj Singh, Gary Gregory.
  - CommandLine.addArgs(String) should not allow a null String.
    Fixes CLI-283. Thanks to Gary Gregory.
  - Site docs: "Usage Scenarios" refers to deprecated methods.
    Fixes CLI-303. Thanks to Julian Schilling, Gary Gregory.
  - NullPointerException thrown by CommandLineParser.parse().
    Fixes CLI-317. Thanks to Philippe Bastiani, Sruteesh Kumar
    Paramata, Gary Gregory.
  - StringIndexOutOfBoundsException thrown by
    CommandLineParser.parse(). Fixes CLI-313. Thanks to Dominik
    Stadler, HUNG LU, Sruteesh Kumar Paramata.
  * Updates:
  - Fix SpotBugs Error: Medium: Method intentionally throws
    RuntimeException. [org.apache.commons.cli.Option] At
    Option.java:[lines 417-423]
    THROWS_METHOD_THROWS_RUNTIMEEXCEPTION Thanks to Gary Gregory.
  - Fix SpotBugs Error: Medium: Method intentionally throws
    RuntimeException. [org.apache.commons.cli.Option] At
    Option.java:[lines 446-450]
    THROWS_METHOD_THROWS_RUNTIMEEXCEPTION Thanks to Gary Gregory.
  - Fix SpotBugs Error: Medium: Method intentionally throws
    RuntimeException. [org.apache.commons.cli.Option] At
    Option.java:[lines 474-478]
    THROWS_METHOD_THROWS_RUNTIMEEXCEPTION Thanks to Gary Gregory.
  - Use EMPTY_STRING_ARRAY constant. #102. Thanks to Ken Dombeck.
  - Fix site links that are broken #155. Thanks to Arturo Bernal.
  - Use Math.max() #111. Delete unused assignment #112. Thanks to
    Arturo Bernal.
  - Add github/codeql-action. Thanks to Dependabot, Gary Gregory.
  - Bump Java from 7 to 8. Thanks to Gary Gregory.
  - Bump actions/cache from 2.1.7 to 3.0.10 #97, #130, #132.
    Thanks to Dependabot, Gary Gregory.
  - Bump actions/checkout from 3 to 3.1.0 #133. Thanks to Gary
    Gregory, Dependabot.
  - Bump actions/setup-java from 2 to 3.6.0 #136. Thanks to Gary
    Gregory.
  - Bump spotbugs from 4.5.3 to 4.7.3 #96, #107, #113, #125,
    [#138]. Thanks to Gary Gregory, Dependabot.
  - Bump spotbugs-maven-plugin from 4.5.3.0 to 4.7.3.0 #98, #108,
    [#115], #117, #126, #145. Thanks to Dependabot.
  - Bump commons-parent from 52 to 64 #100, #128, #151, #158.
    Thanks to Dependabot, Gary Gregory.
  - Bump maven-antrun-plugin from 3.0.0 to 3.1.0 #103. Thanks to
    Dependabot.
  - Bump maven-javadoc-plugin from 3.3.2 to 3.4.1 #105, #120.
    Thanks to Dependabot.
  - Bump maven-pmd-plugin from 3.16.0 to 3.19.0 #110, #124.
    Thanks to Dependabot.
  - Bump jacoco-maven-plugin from 0.8.7 to 0.8.8. Thanks to Gary
    Gregory.
  - Bump maven-checkstyle-plugin from 3.1.2 to 3.2.0 #121. Thanks
    to Gary Gregory.
  - Bump japicmp-maven-plugin from 0.15.4 to 0.16.0. Thanks to
    Gary Gregory.
  - Update JUnit 4 to 5 vintage. Thanks to Gary Gregory.

- Use %patch -P N instead of deprecated %patchN.

- Build with java source/target levels 8
apache-commons-daemon
- Upgrade to 1.4.0
  * Fixes:
    + [StepSecurity] ci: Harden GitHub Actions #95.
    + Procrun. Enable Control Flow Guard for Windows binaries.
    Fixes DAEMON-429.
    + Procrun. Better label for command used to start service shown
    in Prunmgr.exe. Fixes DAEMON-461.
    + jsvc. Fix warnings when running support/buildconf.sh
    + jsvc. Fix compilation issue with newer compilers. Fixes
    + Procrun. Refactor UAC support so that elevation is only
    requested for actions that require administrator privileges.
  * New Features:
    + Procrun. Add support for hybrid CRT builds.
    + jsvc. Add support for LoongArch64 support #92.
  * Update dependencies:
    + Bump commons-parent from 57 to 69 #155.
    + The minimum support Java version has been upgraded from Java
    7 to Java 8.
    + Bump commons-parent from 69 to 70.
- Revise apache-commons-daemon-gcc14-compat.patch for compatibility
  with version 1.4.0

- Add apache-commons-daemon-gcc14-compat.patch for GCC 14
  compatibility.
- Correct offset in apache-commons-daemon-JAVA_OS.patch.

- Use %patch -P N instead of deprecated %patchN.

- Disable LTO to avoid undefined symbols on some platforms
apache-commons-io
- Upgrade to 2.18.0
  * New features
    + Add @FunctionalInterface to ClassNameMatcher.
    + Add ValidatingObjectInputStream.Builder and
    ValidatingObjectInputStream.builder().
    + Add a "Safe Deserialization" section to the User Guide for
    the site.
    + Add IORandomAccessFile.
    + Add RandomAccessFileMode.io(String).
    + Add FileAlterationObserver.Builder() and deprecate most
    constructors.
    + Add IOUtils.readLines(CharSequence).
    + Add ValidatingObjectInputStream.ObjectStreamClassPredicate to
    allow configuration reuse.
    + Add RandomAccessFileMode.accept(Path,
    IOConsumer<RandomAccessFile>).
    + Add RandomAccessFileMode.apply(Path,
    IOFunction<RandomAccessFile>, T).
    + Add IOIntConsumer.
    + Add ProxyInputStream.AbstractBuilder. Supports setting a
    consumer for ProxyInputStream.afterRead(int).
    + Add support to AutoCloseInputStream for setting a consumer
    for ProxyInputStream.afterRead(int).
    + Add support to BOMInputStream for setting a consumer for
    ProxyInputStream.afterRead(int).
    + Add support to BoundedInputStream for setting a consumer for
    ProxyInputStream.afterRead(int).
    + Add support to BoundedInputStream for setting a consumer for
    BoundedInputStream.onMaxLength(long, long).
    + Add support to ChecksumInputStream for setting a consumer for
    ProxyInputStream.afterRead(int).
    + Add support to ThrottledInputStream for setting a consumer
    for ProxyInputStream.afterRead(int).
    + Add support to ObservableInputStream for setting a consumer
    for ProxyInputStream.afterRead(int).
    + Add support to MessageDigestCalculatingInputStream for
    setting a consumer for ProxyInputStream.afterRead(int).
    + Add support to MessageDigestInputStream for setting a
    consumer for ProxyInputStream.afterRead(int).
  * Fixed Bugs
    + Clean ups in unit tests.
    + Fix some Javadoc issues.
    + RandomAccessFileMode.toString() is more helpful for debugging
    when it inherits from Enum.
    + Fix implicit narrowing conversion in compound assignment in
    UnsynchronizedBufferedReader.skip(long).
    + IO-860:  Missing reserved file names in FileSystem.WINDOWS
    (superscript digits for COM and LPT).
    + IO-856:  FileUtils.listFiles(final File, String[], boolean)
    can throw NoSuchFileException #697, #699.
    + IO-859:  FileUtils.forceDelete on non-existent file on Windows
    throws IOException rather than FileNotFoundException.
    + Use Unicode escapes for superscript characters. #701.
    + IO-863:  Recent incompatible change to FileUtils.listFiles re
    extensions, see also IO-856.
    + IO-857:  Javadoc: Update details for PathUtils "clean"
    behavior.
  * Changes
    + Bump org.apache.commons:commons-parent from 74 to 78 #670,
    [#676], #679, #688.
    + Bump commons.bytebuddy.version from 1.15.1 to 1.15.10 #672,
    [#673], #685, #686, #694, #696, #698.
    + Update AbstractStreamBuilder getters from protected to
    public.

- Upgrade to 2.17.0
  * New features:
    + Add IOIterator.adapt(Iterable)
    + Add getInputStream() for 'https' and 'http' in URIOrigin
    [#630]. Fixes IO-831
    + Add IOSupplier.getUnchecked()
    + Add CloseShieldInputStream.systemIn(InputStream)
    + Add NullInputStream.init()
    + Add AbstractInputStream and refactor duplicate code
    + Add UnsynchronizedReader
    + Add UnsynchronizedBufferedReader
  * Fixes:
    + FileUtilsWaitForTest does not test anything useful.
    Fixes IO-858.
    + Add missing unit tests
    + FileUtils.lastModifiedFileTime(File) calls
    Objects.requireNonNull() on the wrong object
    + PathUtils.deleteOnExit(Path) calls Objects.requireNonNull()
    on the wrong object
    + Deprecate LineIterator.nextLine() in favor of next()
    + Fix PMD UnnecessaryFullyQualifiedName
    + Add test for CircularByteBuffer clear() #620
    + PathUtils.isPosix(Path, LinkOption...) should return false on
    null input
    + AutoCloseInputStream(InputStream) uses
    ClosedInputStream.INSTANCE when its input is null
    + Avoid NullPointerException in ProxyInputStream.available()
    when the underlying input stream is null
    + Avoid NullPointerException in ProxyInputStream.markSupported()
    when the underlying input stream is null
    + Avoid NullPointerException in ProxyInputStream.mark(int) when
    the underlying input stream is null
    + BufferedFileChannelInputStream.available() returns 0 before
    any reads
    + BufferedFileChannelInputStream.available() should return 0
    instead of -1 at the end of the stream
    + BufferedFileChannelInputStream.available() should return 0
    when the stream is closed instead of throwing an exception
    + CharSequenceInputStream.available() should return 0 after the
    stream is closed
    + BoundedInputStream.available() should return 0 when the
    stream is closed
    + CircularInputStream.available() should return 0 when the
    stream is closed
    + InfiniteCircularInputStream.available() should return 0 when
    the stream is closed
    + ChecksumInputStream(InputStream, Checksum, long, long) should
    fail-fast on null Checksum input
    + Deprecate NullInputStream.INSTANCE in favor of constructors
    + NullInputStream.available() should return 0 after the stream
    is closed
    + MemoryMappedFileInputStream.available() should return 0 after
    the stream is closed
    + RandomAccessFileInputStream.available() should return 0 after
    the stream is closed
    + ReaderInputStream.available() should return 0 after the
    stream is closed
    + AutoCloseInputStream does not call handleIOException() on
    close() when the proxied stream throws an IOException
    + BoundedInputStream does not call handleIOException() on
    close() when the proxied stream throws an IOException
    + NullInputStream.read(*) should throw IOException when it is
    closed
    + NullInputStream.read(byte[]) should return 0 when the input
    byte array in length 0
    + NullInputStream.read(byte[], int, int) should return 0 when
    the input byte array in length 0 or requested length is 0
    + MarkShieldInputStream.read(*) should throw IOException when
    it is closed
    + Replace deprecated constant FileFileFilter.FILE in Javadoc
    [#657]
    + Pick up exec-maven-plugin version from parent POM
  * Updates:
    + Bump tests commons.bytebuddy.version from 1.14.13 to 1.15.1
    [#615], #621, #631, #635, #642, #658, #663, #665
    + Bump tests commons-codec:commons-codec from 1.16.1 to 1.17.1
    [#644]
    + Bump org.codehaus.mojo:exec-maven-plugin from 3.2.0 to 3.4.1
    [#632], #652, #659
    + Bump org.apache.commons:commons-parent from 69 to 74 #628,
    [#637], #649, #661, #664
    + Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.17.0
    [#645], #653, #666

- Upgrade to 2.16.1
  * Fixes:
    + Reimplement FileSystemUtils using NIO.
    + FileSystemUtils no longer throws IllegalStateException. Fixes
    IO-851.
    + Avoid possible NullPointerException in
    FileUtils.listAccumulate(File, IOFileFilter, IOFileFilter,
    FileVisitOption...).
    + BoundedInputStream.reset() not updating count. Fixes IO-853.
    + ThresholdingOutputStream: a negative threshold should behave
    like a zero threshold and trigger the event on the first
    write #609. Fixes IO-854.
  * Updates:
    + Bump commons.bytebuddy.version from 1.14.12 to 1.14.13 #605.
    + Bump org.apache.commons:commons-parent from 67 to 69 #608.
- Update apache-commons-io-build.xml for new version
- Includes changes from 2.16.0
  * Fixes:
    + Fix and re-enable testSkip_RequiredCharsets #518.
    + SymbolicLineFileFilter documentation fixes. Fixes IO-824.
    + CharSequenceInputStream.reset() only works once #520. Fixes
    IO-795.
    + Finish TODO on CharSequenceInputStream #540. Fixes IO-795.
    + Add byte array size validation for methods in EndianUtils
    [#521]. Fixes IO-825.
    + Add missing test case CircularByteBufferTest. Fixes IO-825.
    + Make CharSequenceInputStream.available() more correct in the
    face of multibyte encodings #525. Fixes IO-781.
    + Remove unreachable code in AbstractIOFileFilterTest #526.
    Fixes IO-781.
    + Rationalize and unify checking for existence of files and
    directories #529. Fixes IO-808.
    + Avoid NullPointerException in IOCase.checkEquals(String,
    String) on null input.
    + Avoid NullPointerException in
    CanExecuteFileFilter.accept(File) on null input.
    + Avoid NullPointerException in
    CanExecuteFileFilter.accept(Path, BasicFileAttributes) on
    null input.
    + Avoid NullPointerException in CanReadFileFilter.accept(File)
    on null input.
    + Avoid NullPointerException in CanReadFileFilter.accept(Path,
    BasicFileAttributes) on null input.
    + Avoid NullPointerException in CanWriteFileFilter.accept(File)
    on null input.
    + Avoid NullPointerException in CanWriteFileFilter.accept(Path,
    BasicFileAttributes) on null input.
    + Avoid NullPointerException in
    DirectoryFileFilter.accept(File) on null input.
    + Avoid NullPointerException in
    DirectoryFileFilter.accept(Path, BasicFileAttributes) on null
    input.
    + Avoid NullPointerException in EmptyFileFilter.accept(File) on
    null input.
    + Avoid NullPointerException in EmptyFileFilter.accept(Path,
    BasicFileAttributes) on null input.
    + Avoid NullPointerException in FileFileFilter.accept(File) on
    null input.
    + Avoid NullPointerException in FileFileFilter.accept(Path,
    BasicFileAttributes) on null input.
    + Avoid NullPointerException in HiddenFileFilter.accept(File)
    on null input.
    + Avoid NullPointerException in HiddenFileFilter.accept(Path,
    BasicFileAttributes) on null input.
    + Avoid NullPointerException in IOCase.checkIndexOf(String,
    int, String) on null input.
    + Avoid NullPointerException in
    IOCase.checkRegionMatches(String, int, String) on null input.
    + BoundedInputStream.getCount() should not count EOF.
    + Modernize temporary file creation and deletion in
    DeferredFileOutputStreamTest #535.
    + Add PathMatcher to IOFileFilter class Javadoc #536.
    + Fix CharSequenceInputStream coding exception handling #537.
    Fixes IO-781.
    + Deprecate int CountingInputStream#getCount() in favor of long
    CountingInputStream#getByteCount(). Fixes IO-781.
    + Deprecate CountingInputStream.resetCount() in favor of
    resetByteCount(). Fixes IO-828.
    + Deprecate CountingInputStream.getMaxLength() in favor of
    getMaxCount()). Fixes IO-828.
    + NullInputStream breaks InputStream's read method contract.
    Fixes IO-818.
    + Javadoc shouldn't reference 1.x behavior #539.
    + Don't decode and reencode characters in a potentially
    different charset in
    AbstractOrigin.CharSequenceOrigin.getReader(Charset). Fixes
    IO-829.
    + Let subclasses of CountingInputStream.afterRead(int) throw
    IOException.
    + Characterization test for broken symlinks when copying
    directories #547. Fixes IO-807.
    + ClosedInputStream.read(byte[], int, int) does not always
    return -1.
    + ClosedOutputStream.write(byte[], int, int) does not always
    throw IOException.
    + XmlStreamReader can't parse an XML document with a multi-line
    prolog #550.
    + XmlStreamReader can't parse XML an document with an external
    parsed entity prolog.
    + Update FileNameUtils Javadoc #554. Fixes IO-836.
    + Copy symlinks, not the files the symlinks point to #558.
    Fixes IO-807.
    + Pickup apache-rat-plugin version from parent POM.
    + Add test for copying a symlink
    FileUtilsTest#testCopyFile_symLink() #564.
    + Make copyFile copy symbolic links by value rather than
    reference #565.
    + Deprecate CopyUtils 0-argument constructor.
    + Deprecate EndianUtils 0-argument constructor. Fixes IO-843.
    + Deprecate FileSystemUtils 0-argument constructor.
    + Deprecate FilenameUtils 0-argument constructor.
    + Deprecate RandomAccessFiles 0-argument constructor.
    + Clarify and correct EndianUtils and SwappedDataInputStream
    API doc #566.
    + Add characterization test for copying a symlinked directory
    [#570].
    + RandomAccessFileInputStream.builder().get() now throws ISE
    instead of NPE.
    + Test links to targets outside the source directory #571.
    Fixes IO-845.
    + Focus Javadoc on current version rather than past versions
    [#573], #574.
    + "Self-suppression not permitted" while using BrokenOutput and
    BrokenInput streams with try-with-resources. Fixes IO-469.
    + Handle zero and negative thresholds #587. Fixes IO-405.
    + Deprecate CountingInputStream in favor of BoundedInputStream.
    + PathUtils.setPosixPermissions(...) only sets permissions if
    needed.
    + PathUtils.setReadOnly(...) only sets permissions if needed.
    + PathUtils.deleteFile(..., DeleteOption...) only sets
    permissions if needed.
    + CleaningPathVisitor only sets permissions if needed.
    + DeletingPathVisitor only sets permissions if needed.
  * New features:
    + Add and use PathUtils.getFileName(Path, Function<Path, R>).
    + Add and use PathUtils.getFileNameString().
    + Make public Erase.rethrow(Throwable).
    + Add BrokenInputStream.BrokenInputStream(Throwable). Fixes
    IO-826.
    + Add BrokenReader.BrokenReader(Throwable). Fixes IO-826.
    + Add BrokenOutputStream.BrokenOutputStream(Throwable). Fixes
    IO-826.
    + Add BrokenWriter.BrokenWriter(Throwable). Fixes IO-826.
    + Add BoundedInputStream.getRemaining().
    + Add FileTimes.toNtfsTime(long).
    + Add FileTimes.fromUnixTime(long).
    + Add FileTimes.isUnixTime(FileTime).
    + Add FileTimes.isUnixTime(long).
    + Add FileTimes.toUnixTime(FileTime).
    + Add BrokenInputStream.Builder.
    + Add PathUtils.getExtension(Path).
    + Add PathUtils.getBaseName(Path).
    + Add ThrottledInputStream.
    + Add IORunnable.noop().
    + Add ChecksumInputStream and test #548.
    + Add AbstractStreamBuilder.getReader().
    + Add Maven property project.build.outputTimestamp for build
    reproducibility.
    + Add ProxyInputStream.unwrap().
    + Add a running count and builder to BoundedInputStream.
  * Updates:
    + Bump commons.bytebuddy.version from 1.14.10 to 1.14.12 #534,
    [#592].
    + Bump org.apache.commons:commons-parent from 65 to 67.
    + Bump commons-codec:commons-codec from 1.16.0 to 1.16.1 #583.
    + Bump org.codehaus.mojo:exec-maven-plugin from 3.1.1 to 3.2.0
    [#593].
apache-commons-logging
- Upgrade to 1.3.4
  * Bug fix:
    + LOGGING-192: Fix factory loading from context class
    loader #280, #281.

- Upgrade to 1.3.3
  * Bug Fixes:
    + * LOGGING-193: Update Log4j 2 OSGi imports #268.
    + * Fix PMD UnnecessaryFullyQualifiedName in SimpleLog.
    + * Fix NullPointerException in SimpleLog#write(Object) on null
    input.
    + Fix NullPointerException in SimpleLog#write(StringBuffer) on
    null input.
- Includes changes from 1.3.2
  * Fixed Bugs
    + LOGGING-190: Add OSGi metadata to enable Service Loader
    Mediator #234.
    + LOGGING-191: Apache commons logging shows 1.4 as latest
    release instead of 1.3.1.
    + Deprecate
    org.apache.commons.logging.LogSource.jdk14IsAvailable.
- Includes changes from 1.3.1
  * New features
    + Add Maven property project.build.outputTimestamp for build
    reproducibility.
  * Fixed Bugs
    + Remove references to very old JDK and Commons Logging
    versions #201.
    + Update from Logj 1 to the Log4j 2 API compatibility layer
    [#231].
    + Allow Servlet 4 in OSGi environment #191.
    + Fix generics warnings #213.
    + LOGGING-189: Fix Import-Package entry for org.slf4j #188.
- Includes changes from 1.3.0
  * New Features:
    + Add support for Log4j API and SLF4J #177.
    + Deprecate org.apache.commons.logging.impl.WeakHashtable
    without replacement.  LOGGING-188: Deprecate and disable
    `Jdk13LumberjackLogger` and `Log4JLogger`.  LOGGING-173:
    + Deprecate and disable `AvalonLogger` and `LogKitLogger`.
    + LOGGING-165: Add Automatic-Module-Name Manifest Header for
    Java 9 compatibility.
  * Fixed Bugs:
    + LOGGING-163: BufferedReader is not closed properly.
    + LOGGING-177: Remove redundant initializer #46
    + Use a weak reference for the cached class loader #71.
    + Add more entries to .gitignore file #25.
    + Minor Improvements #34.
    + [StepSecurity] ci: Harden GitHub Actions #145.
    + LOGGING-185: Replace custom code with `ServiceLoader` call.
    + Fix possible NPEs in LogFactoryImpl.
    + LOGGING-185: Fix failing tests #180.
    + Deprecate LogConfigurationException.cause in favor of
    getCause().
    + Fix SpotBugs [ERROR] High: Found reliance on default encoding
    in org.apache.commons.logging.LogFactory.initDiagnostics():
    new java.io.PrintStream(OutputStream)
    [org.apache.commons.logging.LogFactory] At
    LogFactory.java:[line 1205] DM_DEFAULT_ENCODING.
    + Fix SpotBugs [ERROR] Medium: Class
    org.apache.commons.logging.impl.WeakHashtable defines
    non-transient non-serializable instance field queue
    [org.apache.commons.logging.impl.WeakHashtable] In
    WeakHashtable.java SE_BAD_FIELD.
    + Set java.logging as optional module #183.
    + Fix SpotBugs [ERROR] Medium: Switch statement found in
    org.apache.commons.logging.impl.SimpleLog.log(int, Object,
    Throwable) where default case is missing
    [org.apache.commons.logging.impl.SimpleLog] At
    SimpleLog.java:[lines 505-522] SF_SWITCH_NO_DEFAULT.
    + Deprecate
    org.apache.commons.logging.impl.Jdk13LumberjackLogger.dummyLevel
    without replacement.
- Remove deprecated patch files:
  * commons-logging-1.1.3-src-junit.diff
  * commons-logging-1.2-sourcetarget.patch
  * commons-logging-manifests.patch
  * no-tests.patch
- Reinstate ant build (removed upstream)
  * add build.xml
  * add build.properties
- Remove unnecessary dependencies
  * add commons-logging-1.3.3-dependencies.patch
- Add upstream dev's public key to apache-commons-logging.keyring

- Use %autosetup macro. Allows to eliminate the usage of deprecated
  %patchN.
bind
- Limit additional section processing for large RDATA sets.
  When answering queries, don’t add data to the additional
  section if the answer has more than 13 names in the RDATA. This
  limits the number of lookups into the database(s) during a
  single client query, reducing the query-processing load.
  (CVE-2024-11187)
  [bsc#1236596, bind-9.16-CVE-2024-11187.patch]
ca-certificates-mozilla
- explit remove distruted certs, as the distrust does not get exported
  correctly and the SSL certs are still trusted. (bsc#1240343)
  - Entrust.net Premium 2048 Secure Server CA
  - Entrust Root Certification Authority
  - AffirmTrust Commercial
  - AffirmTrust Networking
  - AffirmTrust Premium
  - AffirmTrust Premium ECC
  - Entrust Root Certification Authority - G2
  - Entrust Root Certification Authority - EC1
  - GlobalSign Root E46
  - GLOBALTRUST 2020
- remove-distrusted.patch: apply to certdata.txt

- Fix awk to compare (missing a =) and give the following output:
  [#] NSS_BUILTINS_LIBRARY_VERSION "2.74"

- pass file argument to awk (bsc#1240009)

- update to 2.74 state of Mozilla SSL root CAs:
  Removed:
  * SwissSign Silver CA - G2
  Added:
  * D-TRUST BR Root CA 2 2023
  * D-TRUST EV Root CA 2 2023

- remove extensive signature printing in comments of the cert
  bundle

- Define two macros to break a build cycle with p11-kit.

- Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798)
  Removed:
  - SecureSign RootCA11
  - Security Communication RootCA3
  Added:
  - TWCA CYBER Root CA
  - TWCA Global Root CA G2
  - SecureSign Root CA12
  - SecureSign Root CA14
  - SecureSign Root CA15
cobbler
- remove xmlrpc_privilege_escalation_prevention.patch: patch has
  been merged upstream
- Remove unused patch file and mention cobbler.rpmlintrc file in spec

- Let users specify ESP for the buildiso command (bsc#1220902)
gcc7
- Add gcc7-pr82463.patch to fix vec_madd and vec_msub vector
  intrinsics on s390x.  [bsc#1236267]

- Remove epiphany build, newlib no longer builds for it.

- Use %patch -P N instead of %patchN.
curl
- Security fix: [bsc#1236590, CVE-2025-0725]
  * content_encoding: drop support for zlib before 1.2.0.4
  * content_encoding: put the decomp buffers into the writer structs
  * Add curl-CVE-2025-0725.patch

- Security fix: [bsc#1236588, CVE-2025-0167]
  * netrc: 'default' with no credentials is not a match
  * Add curl-CVE-2025-0167.patch
docker
- Don't use the new container-selinux conditional requires on SLE-12, as the
  RPM version there doesn't support it. Arguably the change itself is a bit
  suspect but we can fix that later. bsc#1237367

- Add backport for golang.org/x/oauth2 CVE-2025-22868 fix. bsc#1239185
  + 0006-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- Add backport for golang.org/x/crypto CVE-2025-22869 fix. bsc#1239322
  + 0007-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- Refresh patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch

- Make container-selinux requirement conditional on selinux-policy
  (bsc#1237367)

- Update to Docker 27.5.1-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/27/#2741> bsc#1237335
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
  * cli-0001-docs-include-required-tools-in-source-tree.patch
- Update to docker-buildx 0.20.1. See upstream changelog online at
  <https://github.com/docker/buildx/releases/tag/v0.20.1>

- Update to Docker 27.4.1-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/27/#2741>
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
  * cli-0001-docs-include-required-tools-in-source-tree.patch

- Update to docker-buildx 0.19.3. See upstream changelog online at
  <https://github.com/docker/buildx/releases/tag/v0.19.3>

- Update to Docker 27.4.0-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/27/#274>
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
  * cli-0001-docs-include-required-tools-in-source-tree.patch
- Remove upstreamed patches:
  - 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
  - 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
findutils
- do not crash when file system loop was encountered [bsc#1231472]
- added patches
  fix https://git.savannah.gnu.org/cgit/findutils.git/commit/?id=e5d6eb919b9
  + findutils-avoid-crash-system-loop.patch
- modified patches
  % findutils-xautofs.patch (p1)
glibc
- assert-message-allocation.patch: Fix underallocation of abort_msg_s
  struct (CVE-2025-0395, bsc#1236282, BZ #32582))
grub2
- Fix zfs.mo not found message when booting on legacy BIOS (bsc#1237865)
  * 0001-autofs-Ignore-zfs-not-found.patch

- Security fixes for 2024
  * 0001-misc-Implement-grub_strlcpy.patch
- Fix CVE-2024-45781 (bsc#1233617)
  * 0002-fs-ufs-Fix-a-heap-OOB-write.patch
- Fix CVE-2024-56737 (bsc#1234958)
- Fix CVE-2024-45782 (bsc#1233615)
  * 0003-fs-hfs-Fix-stack-OOB-write-with-grub_strcpy.patch
- Fix CVE-2024-45780 (bsc#1233614)
  * 0004-fs-tar-Integer-overflow-leads-to-heap-OOB-write.patch
- Fix CVE-2024-45783 (bsc#1233616)
  * 0005-fs-hfsplus-Set-a-grub_errno-if-mount-fails.patch
  * 0006-kern-file-Ensure-file-data-is-set.patch
  * 0007-kern-file-Implement-filesystem-reference-counting.patch
- Fix CVE-2025-0624 (bsc#1236316)
  * 0008-net-Fix-OOB-write-in-grub_net_search_config_file.patch
- Fix CVE-2024-45774 (bsc#1233609)
  * 0009-video-readers-jpeg-Do-not-permit-duplicate-SOF0-mark.patch
- Fix CVE-2024-45775 (bsc#1233610)
  * 0010-commands-extcmd-Missing-check-for-failed-allocation.patch
- Fix CVE-2025-0622 (bsc#1236317)
  * 0011-commands-pgp-Unregister-the-check_signatures-hooks-o.patch
- Fix CVE-2025-0622 (bsc#1236317)
  * 0012-normal-Remove-variables-hooks-on-module-unload.patch
- Fix CVE-2025-0622 (bsc#1236317)
  * 0013-gettext-Remove-variables-hooks-on-module-unload.patch
- Fix CVE-2024-45776 (bsc#1233612)
  * 0014-gettext-Integer-overflow-leads-to-heap-OOB-write-or-.patch
- Fix CVE-2024-45777 (bsc#1233613)
  * 0015-gettext-Integer-overflow-leads-to-heap-OOB-write.patch
- Fix CVE-2025-0690 (bsc#1237012)
  * 0016-commands-read-Fix-an-integer-overflow-when-supplying.patch
- Fix CVE-2025-1118 (bsc#1237013)
  * 0017-commands-minicmd-Block-the-dump-command-in-lockdown-.patch
- Fix CVE-2024-45778 (bsc#1233606)
- Fix CVE-2024-45779 (bsc#1233608)
  * 0018-fs-bfs-Disable-under-lockdown.patch
- Fix CVE-2025-0677 (bsc#1237002)
- Fix CVE-2025-0684 (bsc#1237008)
- Fix CVE-2025-0685 (bsc#1237009)
- Fix CVE-2025-0686 (bsc#1237010)
- Fix CVE-2025-0689 (bsc#1237011)
  * 0019-fs-Disable-many-filesystems-under-lockdown.patch
- Fix CVE-2025-1125 (bsc#1237014)
- Fix CVE-2025-0678 (bsc#1237006)
  * 0020-fs-Prevent-overflows-when-allocating-memory-for-arra.patch
- Bump upstream SBAT generation to 5
open-iscsi
- Moved this patch upstream, so now it's part of
  open-iscsi-SUSE-latest.diff, and no longer needed here:
  * iscsid-clear-scanning-thread-pr_set_io_flusher-flag.patch

- iscsid-clear-scanning-thread-pr_set_io_flusher-flag.patch: fix
  device discovery failure on systems with a large number of
  devices (bsc#1235606).

- Fix issue with yast restarting the iscsid service without
  first restarting the iscsid socket, which upsets systemd
  (bsc#1206132). This is already fixed upstream.

- Branched SLE-15-SP3 from Factory. No longer in sync with
  Tumbleweed.
- Backported upstream commit, which sets 'safe_logout' and
  'startup' in iscsid.conf, to address bsc#1207157
- Updated year in SPEC file
java-11-openjdk
- Upgrade to upstream tag jdk-11.0.26+4 (January 2025 CPU)
  * Security fix
    + JDK-8330045, CVE-2025-21502, bsc#1236278: Enhance array
    handling
  * Changes
    + JDK-8224624: Inefficiencies in CodeStrings::add_comment cause
    timeouts
    + JDK-8225045: javax/swing/JInternalFrame/8146321/
    /JInternalFrameIconTest.java fails on linux-x64
    + JDK-8232367: Update Reactive Streams to 1.0.3 -- tests only
    + JDK-8247706: Unintentional use of new Date(year...) with
    absolute year
    + JDK-8299254: Support dealing with standard assert macro
    + JDK-8303920: Avoid calling out to python in
    DataDescriptorSignatureMissing test
    + JDK-8315936: Parallelize gc/stress/TestStressG1Humongous.java
    test
    + JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java
    java.lang.Exception: Could not find leak
    + JDK-8328300: Convert PrintDialogsTest.java from Applet to
    main program
    + JDK-8328642: Convert applet test
    MouseDraggedOutCauseScrollingTest.html to main
    + JDK-8334332: TestIOException.java fails if run by root
    + JDK-8335428: Enhanced Building of Processes
    + JDK-8335801: [11u] Backport of 8210988 to 11u removes gcc
    warnings
    + JDK-8335912, JDK-8337499: Add an operation mode to the jar
    command when extracting to not overwriting existing files
    + JDK-8336564: Enhance mask blit functionality redux
    + JDK-8338402: GHA: some of bundles may not get removed
    + JDK-8339082: Bump update version for OpenJDK: jdk-11.0.26
    + JDK-8339180: Enhanced Building of Processes: Follow-on Issue
    + JDK-8339470: [17u] More defensive fix for 8163921
    + JDK-8339637: (tz) Update Timezone Data to 2024b
    + JDK-8339644: Improve parsing of Day/Month in tzdata rules
    + JDK-8339803: Acknowledge case insensitive unambiguous
    keywords in tzdata files
    + JDK-8340552: Harden TzdbZoneRulesCompiler against missing
    zone names
    + JDK-8340671: GHA: Bump macOS and Xcode versions to macos-12
    and XCode 13.4.1
    + JDK-8340815: Add SECURITY.md file
    + JDK-8342426: [11u] javax/naming/module/RunBasic.java javac
    compile fails
    + JDK-8342629: [11u] Properly message out that shenandoah is
    disabled
    + JDK-8347483: [11u] Remove designator
    DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.26
kernel-default
- crypto: ecdh - explicitly zeroize private_key
  (CVE-2024-42098 bsc#1228779).
- commit b69238c

- crypto: aead,cipher - zeroize key buffer after use
  (CVE-2024-42229 bsc#1228708).
- commit 15d760d

- Update
  patches.suse/x86-bhi-Avoid-warning-in-DB-handler-due-to-BHI-mitigation.patch
  (git-fixes CVE-2024-42240 bsc#1228966).
- commit b914598

- drm/i915/gt: Fix potential UAF by revoke of fence registers
  (git-fixes CVE-2024-41092 bsc#1228483).
- commit 8041e33

- Update
  patches.suse/net-usb-aqc111-Fix-out-of-bounds-accesses-in-RX-fixu.patch
  (bsc#1237903 CVE-2022-49051).
  Added CVE reference
- commit 3c47ace

- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115 CVE-2025-21780)
- commit 698625c

- Update
  patches.suse/0001-be2net-Fix-buffer-overflow-in-be_get_module_eeprom.patch
  (bsc#1201323 CVE-2022-49581 bsc#1238540).
- Update
  patches.suse/0004-dm-fix-use-after-free-in-dm_cleanup_zoned_dev.patch
  (git-fixes CVE-2022-49270 bsc#1238459).
- Update
  patches.suse/0005-drm-mediatek-Add-vblank-register-unregister-callback.patch
  (bsc#1190768 CVE-2022-49506 bsc#1238804).
- Update
  patches.suse/0006-dm-integrity-fix-memory-corruption-when-tag_size-is-.patch
  (git-fixes CVE-2022-49044 bsc#1237840).
- Update patches.suse/0009-block-bfq-don-t-move-oom_bfqq.patch
  (git-fixes CVE-2022-49179 bsc#1238092).
- Update
  patches.suse/0010-bfq-fix-use-after-free-in-bfq_dispatch_request.patch
  (git-fixes CVE-2022-49176 bsc#1238097).
- Update
  patches.suse/0011-dm-raid-fix-accesses-beyond-end-of-raid-member-array.patch
  (git-fixes CVE-2022-49674 bsc#1239041).
- Update
  patches.suse/0012-dm-ioctl-prevent-potential-spectre-v1-gadget.patch
  (git-fixes CVE-2022-49122 bsc#1237983).
- Update
  patches.suse/0014-drm-dp-Fix-OOB-read-when-handling-Post-Cursor2-regis.patch
  (bsc#1190786 CVE-2022-49218 bsc#1237785).
- Update
  patches.suse/0015-bcache-avoid-journal-no-space-deadlock-by-reserving-.patch
  (git-fixes CVE-2022-49327 bsc#1238662).
- Update
  patches.suse/0017-nbd-call-genl_unregister_family-first-in-nbd_cleanup.patch
  (git-fixes CVE-2022-49295 bsc#1238707).
- Update
  patches.suse/0018-dm-mirror-log-round-up-region-bitmap-size-to-BITS_PE.patch
  (git-fixes CVE-2022-49710 bsc#1238417).
- Update
  patches.suse/0018-nbd-fix-race-between-nbd_alloc_config-and-module-removal.patch
  (git-fixes CVE-2022-49300 bsc#1238183).
- Update
  patches.suse/0019-block-Fix-handling-of-offline-queues-in-blk_mq_alloc.patch
  (git-fixes CVE-2022-49720 bsc#1238281).
- Update
  patches.suse/0019-nbd-fix-io-hung-while-disconnecting-device.patch
  (git-fixes CVE-2022-49297 bsc#1238469).
- Update
  patches.suse/9p-fix-fid-refcount-leak-in-v9fs_vfs_atomic_open_dot.patch
  (git-fixes CVE-2022-49705 bsc#1237990).
- Update
  patches.suse/9p-fix-fid-refcount-leak-in-v9fs_vfs_get_link.patch
  (git-fixes CVE-2022-49704 bsc#1237780).
- Update
  patches.suse/ACPI-CPPC-Avoid-out-of-bounds-access-when-parsing-_C.patch
  (git-fixes CVE-2022-49145 bsc#1238162).
- Update
  patches.suse/ALSA-firewire-lib-fix-uninitialized-flag-for-AV-C-de.patch
  (git-fixes CVE-2022-49248 bsc#1238284).
- Update
  patches.suse/ALSA-oss-Fix-PCM-OSS-buffer-allocation-overflow.patch
  (git-fixes CVE-2022-49292 bsc#1238625).
- Update
  patches.suse/ALSA-pcm-Check-for-null-pointer-of-pointer-substream.patch
  (git-fixes CVE-2022-49498 bsc#1238825).
- Update
  patches.suse/ALSA-pcm-Fix-potential-AB-BA-lock-with-buffer_mutex-.patch
  (CVE-2022-1048 bsc#1197331 CVE-2022-49272 bsc#1238272).
- Update
  patches.suse/ALSA-pcm-Fix-races-among-concurrent-hw_params-and-hw.patch
  (CVE-2022-1048 bsc#1197331 git-fixes CVE-2022-49291
  bsc#1238705).
- Update
  patches.suse/ALSA-pcm-Fix-races-among-concurrent-prealloc-proc-wr.patch
  (CVE-2022-1048 bsc#1197331 git-fixes CVE-2022-49288
  bsc#1238271).
- Update
  patches.suse/ALSA-pcm-oss-Fix-race-at-SNDCTL_DSP_SYNC.patch
  (CVE-2022-3303 bsc#1203769 git-fixes CVE-2022-49733
  bsc#1238454).
- Update
  patches.suse/ALSA-usb-audio-Cancel-pending-work-at-closing-a-MIDI.patch
  (git-fixes CVE-2022-49545 bsc#1238729).
- Update
  patches.suse/ARM-Fix-refcount-leak-in-axxia_boot_secondary.patch
  (git-fixes CVE-2022-49679 bsc#1238418).
- Update
  patches.suse/ARM-cns3xxx-Fix-refcount-leak-in-cns3xxx_init.patch
  (git-fixes CVE-2022-49677 bsc#1238601).
- Update
  patches.suse/ARM-exynos-Fix-refcount-leak-in-exynos_map_pmu.patch
  (git-fixes CVE-2022-49680 bsc#1238415).
- Update
  patches.suse/ARM-hisi-Add-missing-of_node_put-after-of_find_compa.patch
  (git-fixes CVE-2022-49447 bsc#1238956).
- Update
  patches.suse/ARM-meson-Fix-refcount-leak-in-meson_smp_prepare_cpu.patch
  (git-fixes CVE-2022-49656 bsc#1237812).
- Update
  patches.suse/ASoC-Intel-sof_sdw-handle-errors-on-card-registratio.patch
  (git-fixes CVE-2022-49617 bsc#1238902).
- Update
  patches.suse/ASoC-SOF-Intel-Fix-NULL-ptr-dereference-when-ENOMEM.patch
  (git-fixes CVE-2022-49268 bsc#1238090).
- Update
  patches.suse/ASoC-atmel-Add-missing-of_node_put-in-at91sam9g20ek_.patch
  (git-fixes CVE-2022-49243 bsc#1238337).
- Update
  patches.suse/ASoC-atmel-Fix-error-handling-in-sam9x5_wm8731_drive.patch
  (git-fixes CVE-2022-49241 bsc#1238116).
- Update
  patches.suse/ASoC-atmel-Fix-error-handling-in-snd_proto_probe.patch
  (git-fixes CVE-2022-49246 bsc#1238302).
- Update
  patches.suse/ASoC-codecs-rx-macro-fix-accessing-array-out-of-boun.patch
  (git-fixes CVE-2022-49252 bsc#1237787).
- Update
  patches.suse/ASoC-codecs-rx-macro-fix-accessing-compander-for-aux.patch
  (git-fixes CVE-2022-49250 bsc#1238389).
- Update
  patches.suse/ASoC-codecs-va-macro-fix-accessing-array-out-of-boun.patch
  (git-fixes CVE-2022-49251 bsc#1237835).
- Update
  patches.suse/ASoC-codecs-wc938x-fix-accessing-array-out-of-bounds.patch
  (git-fixes CVE-2022-49249 bsc#1238339).
- Update
  patches.suse/ASoC-codecs-wcd934x-Add-missing-of_node_put-in-wcd93.patch
  (git-fixes CVE-2022-49239 bsc#1238334).
- Update
  patches.suse/ASoC-cs35l41-Fix-an-out-of-bounds-access-in-otp_pack.patch
  (bsc#1203699 CVE-2022-49515 bsc#1237817).
- Update
  patches.suse/ASoC-fsl-Fix-refcount-leak-in-imx_sgtl5000_probe.patch
  (git-fixes CVE-2022-49486 bsc#1237946).
- Update
  patches.suse/ASoC-imx-hdmi-Fix-refcount-leak-in-imx_hdmi_probe.patch
  (git-fixes CVE-2022-49480 bsc#1238799).
- Update
  patches.suse/ASoC-mediatek-Fix-error-handling-in-mt8173_max98090_.patch
  (git-fixes CVE-2022-49514 bsc#1238429).
- Update
  patches.suse/ASoC-mediatek-Fix-missing-of_node_put-in-mt2701_wm89.patch
  (git-fixes CVE-2022-49517 bsc#1237996).
- Update
  patches.suse/ASoC-mediatek-mt8192-mt6359-Fix-error-handling-in-mt.patch
  (git-fixes CVE-2022-49244 bsc#1238176).
- Update
  patches.suse/ASoC-mxs-Fix-error-handling-in-mxs_sgtl5000_probe.patch
  (git-fixes CVE-2022-49242 bsc#1238126).
- Update
  patches.suse/ASoC-mxs-saif-Fix-refcount-leak-in-mxs_saif_probe.patch
  (git-fixes CVE-2022-49482 bsc#1238543).
- Update
  patches.suse/ASoC-rt5645-Fix-errorenous-cleanup-order.patch
  (git-fixes CVE-2022-49493 bsc#1238939).
- Update
  patches.suse/ASoC-rt7-sdw-harden-jack_detect_handler.patch
  (git-fixes CVE-2022-49616 bsc#1238898).
- Update
  patches.suse/ASoC-rt711-sdca-fix-kernel-NULL-pointer-dereference-.patch
  (git-fixes CVE-2022-49615 bsc#1238897).
- Update
  patches.suse/ASoC-samsung-Fix-refcount-leak-in-aries_audio_probe.patch
  (git-fixes CVE-2022-49477 bsc#1238295).
- Update
  patches.suse/ASoC-ti-j721e-evm-Fix-refcount-leak-in-j721e_soc_pro.patch
  (git-fixes CVE-2022-49473 bsc#1238135).
- Update
  patches.suse/Bluetooth-Fix-use-after-free-in-hci_send_acl.patch
  (git-fixes CVE-2022-49111 bsc#1237984).
- Update
  patches.suse/Bluetooth-btmtksdio-Fix-kernel-oops-in-btmtksdio_int.patch
  (git-fixes CVE-2022-49200 bsc#1237958).
- Update
  patches.suse/Bluetooth-fix-dangling-sco_conn-and-use-after-free-i.patch
  (git-fixes CVE-2022-49474 bsc#1238071).
- Update
  patches.suse/Bluetooth-hci_qca-Use-del_timer_sync-before-freeing.patch
  (git-fixes CVE-2022-49555 bsc#1238231).
- Update
  patches.suse/Bluetooth-use-memset-avoid-memory-leaks.patch
  (git-fixes CVE-2022-49116 bsc#1237922).
- Update
  patches.suse/HID-elan-Fix-potential-double-free-in-elan_input_con.patch
  (git-fixes CVE-2022-49508 bsc#1237940).
- Update
  patches.suse/IB-rdmavt-add-lock-to-call-to-rvt_error_qp-to-preven.patch
  (git-fixes CVE-2022-49089 bsc#1238041).
- Update
  patches.suse/Input-gpio-keys-cancel-delayed-work-only-in-case-of-.patch
  (git-fixes CVE-2022-49430 bsc#1238870).
- Update
  patches.suse/Input-sparcspkr-fix-refcount-leak-in-bbc_beep_probe.patch
  (git-fixes CVE-2022-49438 bsc#1238242).
- Update patches.suse/KVM-Don-t-null-dereference-ops-destroy.patch
  (git-fixes CVE-2022-49568 bsc#1238792).
- Update
  patches.suse/KVM-SVM-Use-kzalloc-for-sev-ioctl-interfaces-to-prev.patch
  (git-fixes CVE-2022-49556 bsc#1238134).
- Update
  patches.suse/KVM-SVM-fix-panic-on-out-of-bounds-guest-IRQ.patch
  (git-fixes CVE-2022-49154 bsc#1238167).
- Update
  patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901 CVE-2022-49610
  bsc#1238952).
- Update
  patches.suse/KVM-x86-Drop-WARNs-that-assert-a-triple-fault-never-.patch
  (git-fixes CVE-2022-49559 bsc#1237942).
- Update
  patches.suse/KVM-x86-Use-__try_cmpxchg_user-to-update-guest-PTE-A.patch
  (git-fixes CVE-2022-49562 bsc#1238309).
- Update
  patches.suse/LSM-general-protection-fault-in-legacy_parse_param.patch
  (git-fixes CVE-2022-49180 bsc#1238110).
- Update
  patches.suse/NFC-NULL-out-the-dev-rfkill-to-prevent-UAF.patch
  (git-fixes CVE-2022-49505 bsc#1238615).
- Update
  patches.suse/NFS-Avoid-writeback-threads-getting-stuck-in-mempool.patch
  (git-fixes CVE-2022-49097 bsc#1237729).
- Update
  patches.suse/NFSD-prevent-integer-overflow-on-32-bit-systems.patch
  (git-fixes CVE-2022-49279 bsc#1238655).
- Update
  patches.suse/NFSD-prevent-underflow-in-nfssvc_decode_writeargs.patch
  (git-fixes CVE-2022-49280 bsc#1238630).
- Update
  patches.suse/NFSv4-Don-t-hold-the-layoutget-locks-across-multiple.patch
  (git-fixes CVE-2022-49316 bsc#1238386).
- Update
  patches.suse/NFSv4-Fix-free-of-uninitialized-nfs4_label-on-referr.patch
  (git-fixes CVE-2022-49418 bsc#1238878).
- Update
  patches.suse/NFSv4.2-fix-reference-count-leaks-in-_nfs42_proc_cop.patch
  (git-fixes CVE-2022-49103 bsc#1238080).
- Update
  patches.suse/PCI-Avoid-pci_dev_lock-AB-BA-deadlock-with-sriov_num.patch
  (git-fixes CVE-2022-49434 bsc#1238916).
- Update patches.suse/PCI-endpoint-Fix-misused-goto-label.patch
  (git-fixes CVE-2022-49115 bsc#1237961).
- Update
  patches.suse/PM-core-keep-irq-flags-in-device_pm_check_callbacks.patch
  (git-fixes CVE-2022-49175 bsc#1238099).
- Update
  patches.suse/PM-devfreq-exynos-ppmu-Fix-refcount-leak-in-of_get_d.patch
  (git-fixes CVE-2022-49668 bsc#1237957).
- Update
  patches.suse/PM-devfreq-rk3399_dmc-Disable-edev-on-remove.patch
  (git-fixes CVE-2022-49460 bsc#1238892).
- Update
  patches.suse/PM-domains-Fix-sleep-in-atomic-bug-caused-by-genpd_d.patch
  (git-fixes CVE-2022-49265 bsc#1238432).
- Update
  patches.suse/RDMA-cm-Fix-memory-leak-in-ib_cm_insert_listen.patch
  (git-fixes CVE-2022-49671 bsc#1238823).
- Update
  patches.suse/RDMA-hfi1-Fix-potential-integer-multiplication-overf.patch
  (git-fixes CVE-2022-49404 bsc#1238430).
- Update
  patches.suse/RDMA-hfi1-Fix-use-after-free-bug-for-mm-struct.patch
  (git-fixes CVE-2022-49076 bsc#1237738).
- Update
  patches.suse/RDMA-hfi1-Prevent-panic-when-SDMA-is-disabled.patch
  (git-fixes CVE-2022-49429 bsc#1238889).
- Update
  patches.suse/RDMA-hfi1-Prevent-use-of-lock-before-it-is-initializ.patch
  (git-fixes CVE-2022-49433 bsc#1238268).
- Update
  patches.suse/RDMA-irdma-Fix-sleep-from-invalid-context-BUG.patch
  (git-fixes CVE-2022-49606 bsc#1238410).
- Update
  patches.suse/RDMA-irdma-Prevent-some-integer-underflows.patch
  (git-fixes CVE-2022-49208 bsc#1238345).
- Update
  patches.suse/RDMA-mlx5-Fix-memory-leak-in-error-flow-for-subscrib.patch
  (git-fixes CVE-2022-49206 bsc#1238343).
- Update
  patches.suse/RDMA-nldev-Prevent-underflow-in-nldev_stat_set_count.patch
  (jsc#SLE-19249 CVE-2022-49199 bsc#1238234).
- Update
  patches.suse/SUNRPC-Fix-the-svc_deferred_event-trace-class.patch
  (git-fixes CVE-2022-49065 bsc#1237739).
- Update patches.suse/SUNRPC-Trap-RDMA-segment-overflows.patch
  (git-fixes CVE-2022-49356 bsc#1238444).
- Update
  patches.suse/USB-host-isp116x-check-return-value-after-calling-pl.patch
  (git-fixes CVE-2022-49302 bsc#1238653).
- Update patches.suse/afs-Fix-dynamic-root-getattr.patch
  (git-fixes CVE-2022-49688 bsc#1238423).
- Update
  patches.suse/arch-arm64-Fix-topology-initialization-for-core-sche.patch
  (git-fixes CVE-2022-49090 bsc#1238021).
- Update
  patches.suse/arm64-compat-Do-not-treat-syscall-number-as-ESR_ELx-.patch
  (git-fixes CVE-2022-49520 bsc#1238836).
- Update patches.suse/arm64-ftrace-consistently-handle-PLTs.patch
  (git-fixes CVE-2022-49721 bsc#1237789).
- Update
  patches.suse/ata-libata-core-fix-NULL-pointer-deref-in-ata_host_a.patch
  (git-fixes CVE-2022-49731 bsc#1239071).
- Update
  patches.suse/ata-pata_octeon_cf-Fix-refcount-leak-in-octeon_cf_pr.patch
  (git-fixes CVE-2022-49354 bsc#1238636).
- Update
  patches.suse/ata-sata_dwc_460ex-Fix-crash-due-to-OOB-write.patch
  (git-fixes CVE-2022-49073 bsc#1237746).
- Update
  patches.suse/ath10k-Fix-error-handling-in-ath10k_setup_msa_resour.patch
  (git-fixes CVE-2022-49213 bsc#1238327).
- Update
  patches.suse/ath10k-skip-ath10k_halt-during-suspend-for-driver-st.patch
  (git-fixes CVE-2022-49519 bsc#1238943).
- Update
  patches.suse/ath11k-disable-spectral-scan-during-spectral-deinit.patch
  (git-fixes CVE-2022-49523 bsc#1238557).
- Update
  patches.suse/ath11k-fix-kernel-panic-during-unload-load-ath11k-mo.patch
  (git-fixes CVE-2022-49131 bsc#1237966).
- Update patches.suse/ath11k-mhi-use-mhi_sync_power_up.patch
  (git-fixes CVE-2022-49130 bsc#1237978).
- Update
  patches.suse/ath11k-pci-fix-crash-on-suspend-if-board-file-is-not.patch
  (git-fixes CVE-2022-49132 bsc#1237976).
- Update
  patches.suse/ath9k_htc-fix-potential-out-of-bounds-access-with-in.patch
  (git-fixes CVE-2022-49503 bsc#1238868).
- Update patches.suse/ath9k_htc-fix-uninit-value-bugs.patch
  (git-fixes CVE-2022-49235 bsc#1238333).
- Update
  patches.suse/bfq-Avoid-merging-queues-with-different-parents.patch
  (bsc#1197926 CVE-2022-49412 bsc#1238436).
- Update
  patches.suse/bfq-Make-sure-bfqg-for-which-we-are-queueing-request.patch
  (bsc#1197926 CVE-2022-49411 bsc#1238307).
- Update
  patches.suse/bfq-Update-cgroup-information-before-merging-bio.patch
  (bsc#1197926 CVE-2022-49413 bsc#1238710).
- Update
  patches.suse/blk-iolatency-Fix-inflight-count-imbalances-and-IO-h.patch
  (bsc#1200825 CVE-2022-49394 bsc#1238712).
- Update
  patches.suse/blk-mq-don-t-touch-tagset-in-blk_mq_get_sq_hctx.patch
  (bsc#1200824 CVE-2022-49377 bsc#1238545).
- Update
  patches.suse/block-Fix-the-maximum-minor-value-is-blk_alloc_ext_m.patch
  (bsc#1198021 CVE-2022-49147 bsc#1237960).
- Update
  patches.suse/block-don-t-delete-queue-kobject-before-its-children.patch
  (bsc#1198019 CVE-2022-49259 bsc#1238413).
- Update
  patches.suse/block-fix-rq-qos-breakage-from-skipping-rq_qos_done_.patch
  (bsc#1202781 CVE-2022-49266 bsc#1238465).
- Update
  patches.suse/bpf-Fix-UAF-due-to-race-between-btf_try_get_module-a.patch
  (git-fixes CVE-2022-49236 bsc#1238120).
- Update
  patches.suse/bpf-arm64-Clear-prog-jited_len-along-prog-jited.patch
  (git-fixes CVE-2022-49341 bsc#1238381).
- Update
  patches.suse/brcmfmac-pcie-Release-firmwares-in-the-brcmf_pcie_se.patch
  (git-fixes CVE-2022-49263 bsc#1238267).
- Update
  patches.suse/bus-fsl-mc-bus-fix-KASAN-use-after-free-in-fsl_mc_bu.patch
  (git-fixes CVE-2022-49711 bsc#1238416).
- Update
  patches.suse/can-gs_usb-gs_usb_open-close-fix-memory-leak.patch
  (git-fixes CVE-2022-49661 bsc#1237788).
- Update
  patches.suse/can-isotp-sanitize-CAN-ID-checks-in-isotp_bind.patch
  (git-fixes CVE-2022-49269 bsc#1238533).
- Update
  patches.suse/can-m_can-m_can_tx_handler-fix-use-after-free-of-skb.patch
  (git-fixes CVE-2022-49275 bsc#1238719).
- Update
  patches.suse/can-mcba_usb-properly-check-endpoint-type.patch
  (git-fixes CVE-2022-49151 bsc#1237778).
- Update
  patches.suse/ceph-fix-inode-reference-leakage-in-ceph_get_snapdir.patch
  (bsc#1206048 CVE-2022-49109 bsc#1237836).
- Update
  patches.suse/ceph-fix-memory-leak-in-ceph_readdir-when-note_last_dentry-returns-error.patch
  (bsc#1206049 CVE-2022-49107 bsc#1237973).
- Update
  patches.suse/cgroup-Use-separate-src-dst-nodes-when-preloading-css_sets-for-migration.patch
  (bsc#1201610 CVE-2022-49647 bsc#1238805).
- Update
  patches.suse/char-xillybus-fix-a-refcount-leak-in-cleanup_dev.patch
  (git-fixes CVE-2022-49310 bsc#1238642).
- Update patches.suse/cifs-fix-handlecache-and-multiuser.patch
  (bsc#1193629 CVE-2022-49281 bsc#1238635).
- Update
  patches.suse/cifs-fix-potential-double-free-during-failed-mount.patch
  (bsc#1193629 CVE-2022-49541 bsc#1238727).
- Update
  patches.suse/cifs-potential-buffer-overflow-in-handling-symlinks.patch
  (bsc#1193629 CVE-2022-49058 bsc#1237814).
- Update
  patches.suse/cifs-prevent-bad-output-lengths-in-smb2_ioctl_query_info-.patch
  (CVE-2022-0168 bsc#1197472 CVE-2022-49271 bsc#1238626).
- Update
  patches.suse/clk-Fix-clk_hw_get_clk-when-dev-is-NULL.patch
  (git-fixes CVE-2022-49187 bsc#1238011).
- Update
  patches.suse/clk-qcom-clk-rcg2-Update-logic-to-calculate-D-value-.patch
  (git-fixes CVE-2022-49189 bsc#1238150).
- Update
  patches.suse/clocksource-hyper-v-unexport-__init-annotated-hv_ini.patch
  (bsc#1201218 CVE-2022-49726 bsc#1238808).
- Update
  patches.suse/cpufreq-pmac32-cpufreq-Fix-refcount-leak-bug.patch
  (git-fixes CVE-2022-49621 bsc#1239051).
- Update
  patches.suse/crypto-ccree-Fix-use-after-free-in-cc_cipher_exit.patch
  (git-fixes CVE-2022-49258 bsc#1237952).
- Update
  patches.suse/crypto-hisilicon-sec-fix-the-aead-software-fallback-.patch
  (bsc#1198240 CVE-2022-49260 bsc#1238458).
- Update
  patches.suse/crypto-octeontx2-remove-CONFIG_DM_CRYPT-check.patch
  (git-fixes CVE-2022-49262 bsc#1238463).
- Update patches.suse/crypto-qat-add-param-check-for-DH.patch
  (jsc#PED-1073 CVE-2022-49564 bsc#1238789).
- Update patches.suse/crypto-qat-add-param-check-for-RSA.patch
  (jsc#PED-1073 CVE-2022-49563 bsc#1238787).
- Update patches.suse/crypto-qat-fix-memory-leak-in-RSA.patch
  (git-fixes CVE-2022-49566 bsc#1238266).
- Update patches.suse/dlm-fix-plock-invalid-read.patch (git-fixes
  CVE-2022-49407 bsc#1238180).
- Update
  patches.suse/dm-raid-fix-KASAN-warning-in-raid5_add_disks.patch
  (git-fixes CVE-2022-49673 bsc#1238933).
- Update
  patches.suse/dmaengine-idxd-Fix-the-error-handling-path-in-idxd_c.patch
  (git-fixes CVE-2022-49422 bsc#1237784).
- Update
  patches.suse/dmaengine-ti-Fix-refcount-leak-in-ti_dra7_xbar_route.patch
  (git-fixes CVE-2022-49652 bsc#1238871).
- Update
  patches.suse/dmaengine-zynqmp_dma-In-struct-zynqmp_dma_chan-fix-d.patch
  (git-fixes CVE-2022-49320 bsc#1238394).
- Update
  patches.suse/dpaa2-ptp-Fix-refcount-leak-in-dpaa2_ptp_probe.patch
  (git-fixes CVE-2022-49088 bsc#1237724).
- Update
  patches.suse/drbd-Fix-five-use-after-free-bugs-in-get_initial_state
  (git-fixes CVE-2022-49085 bsc#1238036).
- Update
  patches.suse/driver-base-fix-UAF-when-driver_attach-failed.patch
  (git-fixes CVE-2022-49385 bsc#1237951).
- Update
  patches.suse/driver-core-Fix-wait_for_device_probe-deferred_probe.patch
  (git-fixes CVE-2022-49379 bsc#1238446).
- Update
  patches.suse/driver-core-fix-deadlock-in-__device_attach.patch
  (git-fixes CVE-2022-49371 bsc#1238546).
- Update
  patches.suse/drivers-base-node.c-fix-compaction-sysfs-file-leak.patch
  (git-fixes CVE-2022-49442 bsc#1238243).
- Update
  patches.suse/drivers-staging-rtl8192bs-Fix-deadlock-in-rtw_joinbs.patch
  (git-fixes CVE-2022-49311 bsc#1238632).
- Update
  patches.suse/drivers-staging-rtl8192e-Fix-deadlock-in-rtllib_beac.patch
  (git-fixes CVE-2022-49315 bsc#1238638).
- Update
  patches.suse/drivers-staging-rtl8192u-Fix-deadlock-in-ieee80211_b.patch
  (git-fixes CVE-2022-49305 bsc#1238645).
- Update
  patches.suse/drivers-staging-rtl8723bs-Fix-deadlock-in-rtw_survey.patch
  (git-fixes CVE-2022-49309 bsc#1238640).
- Update
  patches.suse/drivers-tty-serial-Fix-deadlock-in-sa1100_set_termio.patch
  (git-fixes CVE-2022-49304 bsc#1238639).
- Update
  patches.suse/drivers-usb-host-Fix-deadlock-in-oxu_bus_suspend.patch
  (git-fixes CVE-2022-49313 bsc#1238633).
- Update
  patches.suse/drm-amd-amdgpu-amdgpu_cs-fix-refcount-leak-of-a-dma_.patch
  (git-fixes CVE-2022-49137 bsc#1238155).
- Update
  patches.suse/drm-amd-display-Check-if-modulo-is-0-before-dividing.patch
  (git-fixes CVE-2022-49294 bsc#1238147).
- Update
  patches.suse/drm-amd-display-Fix-a-NULL-pointer-dereference-in-am.patch
  (git-fixes CVE-2022-49232 bsc#1238139).
- Update patches.suse/drm-amd-display-Fix-memory-leak.patch
  (git-fixes CVE-2022-49135 bsc#1238006).
- Update
  patches.suse/drm-amdgpu-cs-make-commands-with-0-chunks-illegal-be.patch
  (git-fixes CVE-2022-49335 bsc#1238377).
- Update
  patches.suse/drm-amdkfd-Check-for-potential-null-return-of-kmallo.patch
  (git-fixes CVE-2022-49055 bsc#1237868).
- Update
  patches.suse/drm-bridge-Add-missing-pm_runtime_put_sync.patch
  (git-fixes CVE-2022-49128 bsc#1237970).
- Update
  patches.suse/drm-bridge-anx7625-Fix-overflow-issue-on-reading-EDI.patch
  (git-fixes CVE-2022-49222 bsc#1238328).
- Update
  patches.suse/drm-etnaviv-check-for-reaped-mapping-in-etnaviv_iomm.patch
  (git-fixes CVE-2022-49336 bsc#1238397).
- Update
  patches.suse/drm-i915-fix-a-possible-refcount-leak-in-intel_dp_ad.patch
  (git-fixes CVE-2022-49644 bsc#1238235).
- Update
  patches.suse/drm-i915-gem-add-missing-boundary-check-in-vm_access.patch
  (git-fixes bsc#1211263 CVE-2023-28410 CVE-2022-49261
  bsc#1238462).
- Update
  patches.suse/drm-i915-reset-Fix-error_state_read-ptr-offset-use.patch
  (git-fixes CVE-2022-49723 bsc#1237997).
- Update
  patches.suse/drm-imx-Fix-memory-leak-in-imx_pd_connector_get_mode.patch
  (git-fixes CVE-2022-49091 bsc#1237726).
- Update
  patches.suse/drm-msm-a6xx-Fix-refcount-leak-in-a6xx_gpu_init.patch
  (git-fixes CVE-2022-49462 bsc#1238123).
- Update
  patches.suse/drm-msm-disp-dpu1-set-vbif-hw-config-to-NULL-to-avoi.patch
  (git-fixes CVE-2022-49489 bsc#1238244).
- Update
  patches.suse/drm-msm-dp-populate-connector-of-struct-dp_panel.patch
  (git-fixes CVE-2022-49221 bsc#1238326).
- Update
  patches.suse/drm-msm-fix-possible-memory-leak-in-mdp5_crtc_cursor.patch
  (git-fixes CVE-2022-49467 bsc#1238815).
- Update
  patches.suse/drm-msm-hdmi-check-return-value-after-calling-platfo.patch
  (git-fixes CVE-2022-49495 bsc#1237932).
- Update
  patches.suse/drm-msm-mdp4-Fix-refcount-leak-in-mdp4_modeset_init_.patch
  (git-fixes CVE-2022-49693 bsc#1237954).
- Update
  patches.suse/drm-msm-mdp5-Return-error-code-in-mdp5_mixer_release.patch
  (git-fixes CVE-2022-49488 bsc#1238600).
- Update
  patches.suse/drm-msm-mdp5-Return-error-code-in-mdp5_pipe_release-.patch
  (git-fixes CVE-2022-49490 bsc#1238275).
- Update
  patches.suse/drm-panfrost-Fix-shrinker-list-corruption-by-madvise.patch
  (git-fixes CVE-2022-49645 bsc#1238435).
- Update
  patches.suse/drm-rockchip-vop-fix-possible-null-ptr-deref-in-vop_.patch
  (git-fixes CVE-2022-49491 bsc#1238539).
- Update
  patches.suse/drm-tegra-Fix-reference-leak-in-tegra_dsi_ganged_pro.patch
  (git-fixes CVE-2022-49216 bsc#1238338).
- Update
  patches.suse/drm-virtio-fix-NULL-pointer-dereference-in-virtio_gp.patch
  (git-fixes CVE-2022-49532 bsc#1238925).
- Update
  patches.suse/efi-Do-not-import-certificates-from-UEFI-Secure-Boot.patch
  (git-fixes CVE-2022-49357 bsc#1238631).
- Update
  patches.suse/exec-Force-single-empty-string-when-argv-is-empty.patch
  (bsc#1200571 CVE-2022-49264 bsc#1237815).
- Update patches.suse/ext4-add-reserved-GDT-blocks-check.patch
  (bsc#1202712 CVE-2022-49707 bsc#1239035).
- Update patches.suse/ext4-avoid-cycles-in-directory-h-tree.patch
  (bsc#1198577 CVE-2022-1184 CVE-2022-49343 bsc#1238382).
- Update
  patches.suse/ext4-filter-out-EXT4_FC_REPLAY-from-on-disk-superblo.patch
  (bsc#1202771 CVE-2022-49348 bsc#1238383).
- Update patches.suse/ext4-fix-bug_on-ext4_mb_use_inode_pa.patch
  (bsc#1200810 CVE-2022-49708 bsc#1238599).
- Update patches.suse/ext4-fix-bug_on-in-__es_tree_search.patch
  (bsc#1200809 CVE-2022-49409 bsc#1238279).
- Update patches.suse/ext4-fix-bug_on-in-ext4_writepages.patch
  (bsc#1200872 CVE-2022-49347 bsc#1238393).
- Update
  patches.suse/ext4-fix-ext4_mb_mark_bb-with-flex_bg-with-fast_comm.patch
  (bsc#1207593 CVE-2022-49174 bsc#1238091).
- Update
  patches.suse/ext4-fix-race-condition-between-ext4_write-and-ext4_.patch
  (bsc#1200807 CVE-2022-49414 bsc#1238623).
- Update
  patches.suse/ext4-fix-use-after-free-in-ext4_rename_dir_prepare.patch
  (bsc#1200871 CVE-2022-49349 bsc#1238372).
- Update
  patches.suse/ext4-fix-warning-in-ext4_handle_inode_extension.patch
  (bsc#1202711 CVE-2022-49352 bsc#1238395).
- Update
  patches.suse/extcon-Modify-extcon-device-to-be-created-after-driv.patch
  (git-fixes CVE-2022-49308 bsc#1238654).
- Update
  patches.suse/filemap-Handle-sibling-entries-in-filemap_get_read_b.patch
  (bsc#1202774 CVE-2022-49699 bsc#1238248).
- Update
  patches.suse/firmware-arm_scmi-Fix-list-protocols-enumeration-in-.patch
  (git-fixes CVE-2022-49451 bsc#1238177).
- Update
  patches.suse/firmware-dmi-sysfs-Fix-memory-leak-in-dmi_sysfs_regi.patch
  (git-fixes CVE-2022-49370 bsc#1238467).
- Update
  patches.suse/firmware-sysfb-fix-platform-device-leak-in-error-pat.patch
  (git-fixes CVE-2022-49283 bsc#1238012).
- Update
  patches.suse/ftrace-Clean-up-hash-direct_functions-on-register-failures.patch
  (git-fixes CVE-2022-49402 bsc#1238255).
- Update patches.suse/gpio-gpio-xilinx-Fix-integer-overflow.patch
  (git-fixes CVE-2022-49570 bsc#1238298).
- Update
  patches.suse/habanalabs-fix-possible-memory-leak-in-MMU-DR-fini.patch
  (git-fixes CVE-2022-49102 bsc#1238018).
- Update
  patches.suse/hwrng-cavium-fix-NULL-but-dereferenced-coccicheck-er.patch
  (jsc#SLE-24682 CVE-2022-49177 bsc#1238010).
- Update
  patches.suse/i2c-piix4-Fix-a-memory-leak-in-the-EFCH-MMIO-support.patch
  (git-fixes CVE-2022-49653 bsc#1238664).
- Update
  patches.suse/i40e-Fix-call-trace-in-setup_tx_descriptors.patch
  (git-fixes CVE-2022-49725 bsc#1238016).
- Update
  patches.suse/iavf-Fix-handling-of-dummy-receive-descriptors.patch
  (git-fixes CVE-2022-49583 bsc#1237818).
- Update
  patches.suse/ibmvnic-fix-race-between-xmit-and-reset.patch
  (bsc#1197302 ltc#197259 CVE-2022-49201 bsc#1238256).
- Update patches.suse/ice-Fix-memory-corruption-in-VF-driver.patch
  (git-fixes CVE-2022-49722 bsc#1238301).
- Update
  patches.suse/ice-arfs-fix-use-after-free-when-freeing-rx_cpu_rmap.patch
  (git-fixes CVE-2022-49063 bsc#1237846).
- Update
  patches.suse/ice-fix-scheduling-while-atomic-on-aux-critical-err-.patch
  (git-fixes CVE-2022-49193 bsc#1238283).
- Update
  patches.suse/igb-fix-a-use-after-free-issue-in-igb_clean_tx_ring.patch
  (git-fixes CVE-2022-49695 bsc#1238556).
- Update
  patches.suse/igc-Reinstate-IGC_REMOVED-logic-and-implement-it-pro.patch
  (jsc#SLE-18377 CVE-2022-49605 bsc#1238433).
- Update
  patches.suse/igc-avoid-kernel-warning-when-changing-RX-ring-param.patch
  (git-fixes CVE-2022-49227 bsc#1237786).
- Update
  patches.suse/iio-accel-mma8452-use-the-correct-logic-to-get-mma84.patch
  (git-fixes CVE-2022-49285 bsc#1238641).
- Update
  patches.suse/iio-adc-adi-axi-adc-Fix-refcount-leak-in-adi_axi_adc.patch
  (git-fixes CVE-2022-49683 bsc#1238308).
- Update
  patches.suse/iio-trigger-sysfs-fix-use-after-free-on-remove.patch
  (git-fixes CVE-2022-49685 bsc#1237963).
- Update
  patches.suse/ima-Fix-a-potential-integer-overflow-in-ima_appraise.patch
  (git-fixes CVE-2022-49643 bsc#1238663).
- Update
  patches.suse/ima-Fix-potential-memory-leak-in-ima_init_crypto.patch
  (git-fixes CVE-2022-49627 bsc#1237798).
- Update
  patches.suse/iommu-arm-smmu-fix-possible-null-ptr-deref-in-arm_smmu_device_pr
  (git-fixes CVE-2022-49323 bsc#1238400).
- Update
  patches.suse/iommu-arm-smmu-v3-check-return-value-after-calling-platform_get_
  (git-fixes CVE-2022-49319 bsc#1238374).
- Update patches.suse/iommu-arm-smmu-v3-sva-Fix-mm-use-after-free
  (git-fixes CVE-2022-49426 bsc#1238445).
- Update
  patches.suse/iommu-mediatek-Fix-NULL-pointer-dereference-when-printing-dev_na
  (git-fixes CVE-2022-49424 bsc#1238247).
- Update
  patches.suse/iommu-mediatek-Remove-clk_disable-in-mtk_iommu_remove
  (git-fixes CVE-2022-49427 bsc#1238246).
- Update
  patches.suse/iommu-omap-Fix-regression-in-probe-for-NULL-pointer-dereference
  (git-fixes CVE-2022-49083 bsc#1237723).
- Update
  patches.suse/ip-Fix-data-races-around-sysctl_ip_fwd_update_priori.patch
  (git-fixes CVE-2022-49603 bsc#1238867).
- Update
  patches.suse/ipv4-Fix-data-races-around-sysctl_fib_multipath_hash.patch
  (git-fixes CVE-2022-49579 bsc#1238014).
- Update
  patches.suse/ipw2x00-Fix-potential-NULL-dereference-in-libipw_xmi.patch
  (git-fixes CVE-2022-49544 bsc#1238721).
- Update
  patches.suse/irqchip-gic-realview-Fix-refcount-leak-in-realview_g.patch
  (git-fixes CVE-2022-49719 bsc#1238262).
- Update
  patches.suse/irqchip-gic-v3-Fix-GICR_CTLR.RWP-polling.patch
  (git-fixes CVE-2022-49074 bsc#1237728).
- Update
  patches.suse/irqchip-gic-v3-Fix-error-handling-in-gic_populate_pp.patch
  (git-fixes CVE-2022-49716 bsc#1238288).
- Update
  patches.suse/irqchip-gic-v3-Fix-refcount-leak-in-gic_populate_ppi.patch
  (git-fixes CVE-2022-49715 bsc#1238818).
- Update
  patches.suse/irqchip-realtek-rtl-Fix-refcount-leak-in-map_interru.patch
  (git-fixes CVE-2022-49714 bsc#1238538).
- Update
  patches.suse/ixgbe-Add-locking-to-prevent-panic-when-setting-srio.patch
  (git-fixes CVE-2022-49584 bsc#1237933).
- Update
  patches.suse/jffs2-fix-memory-leak-in-jffs2_do_fill_super.patch
  (git-fixes CVE-2022-49381 bsc#1238112).
- Update
  patches.suse/jffs2-fix-memory-leak-in-jffs2_do_mount_fs.patch
  (git-fixes CVE-2022-49277 bsc#1238144).
- Update
  patches.suse/jffs2-fix-memory-leak-in-jffs2_scan_medium.patch
  (git-fixes CVE-2022-49276 bsc#1238142).
- Update patches.suse/linux-dim-Fix-divide-by-0-in-RDMA-DIM.patch
  (git-fixes CVE-2022-49670 bsc#1238809).
- Update patches.suse/list-fix-a-data-race-around-ep-rdllist.patch
  (git-fixes CVE-2022-49443 bsc#1238434).
- Update
  patches.suse/lz4-fix-LZ4_decompress_safe_partial-read-out-of-boun.patch
  (git-fixes CVE-2022-49078 bsc#1237736).
- Update
  patches.suse/mac80211-fix-potential-double-free-on-mesh-join.patch
  (git-fixes CVE-2022-49290 bsc#1238156).
- Update
  patches.suse/md-Don-t-set-mddev-private-to-NULL-in-raid0-pers-fre.patch
  (git-fixes CVE-2022-49400 bsc#1238125).
- Update
  patches.suse/md-bitmap-don-t-set-sb-values-if-can-t-pass-sanity-c.patch
  (bsc#1197158 CVE-2022-49526 bsc#1238030).
- Update
  patches.suse/md-fix-double-free-of-io_acct_set-bioset.patch
  (git-fixes CVE-2022-49384 bsc#1237959).
- Update
  patches.suse/media-cx25821-Fix-the-warning-when-removing-the-modu.patch
  (git-fixes CVE-2022-49525 bsc#1238022).
- Update
  patches.suse/media-i2c-max9286-fix-kernel-oops-when-removing-modu.patch
  (git-fixes CVE-2022-49509 bsc#1238650).
- Update
  patches.suse/media-imx-jpeg-Prevent-decoding-NV12M-jpegs-into-sin.patch
  (git-fixes CVE-2022-49165 bsc#1238106).
- Update
  patches.suse/media-imx-jpeg-fix-a-bug-of-accessing-array-out-of-b.patch
  (git-fixes CVE-2022-49163 bsc#1238105).
- Update
  patches.suse/media-pci-cx23885-Fix-the-error-handling-in-cx23885_.patch
  (git-fixes CVE-2022-49524 bsc#1238949).
- Update
  patches.suse/media-pvrusb2-fix-array-index-out-of-bounds-in-pvr2_.patch
  (git-fixes CVE-2022-49478 bsc#1238000).
- Update
  patches.suse/media-rga-fix-possible-memory-leak-in-rga_probe.patch
  (git-fixes CVE-2022-49502 bsc#1238834).
- Update
  patches.suse/media-stk1160-If-start-stream-fails-return-buffers-w.patch
  (git-fixes CVE-2022-49247 bsc#1237783).
- Update
  patches.suse/media-ti-vpe-cal-Fix-a-NULL-pointer-dereference-in-c.patch
  (git-fixes CVE-2022-49254 bsc#1238089).
- Update
  patches.suse/media-usb-go7007-s2250-board-fix-leak-in-probe.patch
  (git-fixes CVE-2022-49253 bsc#1238420).
- Update
  patches.suse/media-venus-hfi-avoid-null-dereference-in-deinit.patch
  (git-fixes CVE-2022-49527 bsc#1238013).
- Update
  patches.suse/memory-renesas-rpc-if-fix-platform-device-leak-in-er.patch
  (git-fixes CVE-2022-49050 bsc#1237892).
- Update
  patches.suse/memory-samsung-exynos5422-dmc-Fix-refcount-leak-in-o.patch
  (git-fixes CVE-2022-49676 bsc#1237821).
- Update
  patches.suse/mfd-davinci_voicecodec-Fix-possible-null-ptr-deref-d.patch
  (git-fixes CVE-2022-49435 bsc#1238292).
- Update
  patches.suse/misc-ocxl-fix-possible-double-free-in-ocxl_file_regi.patch
  (git-fixes CVE-2022-49455 bsc#1238229).
- Update
  patches.suse/mm-slub-add-missing-TID-updates-on-slab-deactivation.patch
  (git-fixes CVE-2022-49700 bsc#1238249).
- Update
  patches.suse/mmc-jz4740-Apply-DMA-engine-limits-to-maximum-segmen.patch
  (git-fixes CVE-2022-49522 bsc#1238948).
- Update
  patches.suse/module-fix-e_shstrndx-.sh_size-0-OOB-access.patch
  (git-fixes CVE-2022-49444 bsc#1238127).
- Update
  patches.suse/msft-hv-2554-Drivers-hv-vmbus-Deactivate-sysctl_record_panic_msg-.patch
  (bsc#1183682 CVE-2022-49054 bsc#1237931).
- Update
  patches.suse/msft-hv-2555-Drivers-hv-vmbus-Fix-initialization-of-device-object.patch
  (git-fixes CVE-2022-49099 bsc#1237727).
- Update
  patches.suse/msft-hv-2556-Drivers-hv-vmbus-Fix-potential-crash-on-module-unloa.patch
  (git-fixes CVE-2022-49098 bsc#1238079).
- Update
  patches.suse/mt76-fix-monitor-mode-crash-with-sdio-driver.patch
  (git-fixes CVE-2022-49112 bsc#1237971).
- Update
  patches.suse/mt76-fix-use-after-free-by-removing-a-non-RCU-wcid-p.patch
  (git-fixes CVE-2022-49328 bsc#1238391).
- Update
  patches.suse/mt76-mt7921-fix-crash-when-startup-fails.patch
  (git-fixes CVE-2022-49129 bsc#1237968).
- Update
  patches.suse/mtd-rawnand-atmel-fix-refcount-issue-in-atmel_nand_c.patch
  (git-fixes CVE-2022-49212 bsc#1238331).
- Update
  patches.suse/mtd-rawnand-cadence-fix-possible-null-ptr-deref-in-c.patch
  (git-fixes CVE-2022-49494 bsc#1237955).
- Update
  patches.suse/mtd-rawnand-denali-Use-managed-device-resources.patch
  (git-fixes CVE-2022-49512 bsc#1237986).
- Update
  patches.suse/mtd-rawnand-intel-fix-possible-null-ptr-deref-in-ebu.patch
  (git-fixes CVE-2022-49487 bsc#1238115).
- Update
  patches.suse/net-altera-Fix-refcount-leak-in-altera_tse_mdio_crea.patch
  (git-fixes CVE-2022-49351 bsc#1237939).
- Update
  patches.suse/net-asix-add-proper-error-handling-of-usb-read-error.patch
  (git-fixes CVE-2022-49226 bsc#1238336).
- Update
  patches.suse/net-bcmgenet-Use-stronger-register-read-writes-to-as.patch
  (git-fixes CVE-2022-49194 bsc#1238453).
- Update
  patches.suse/net-bonding-fix-use-after-free-after-802.3ad-slave-u.patch
  (git-fixes CVE-2022-49667 bsc#1238282).
- Update
  patches.suse/net-dsa-lantiq_gswip-Fix-refcount-leak-in-gswip_gphy.patch
  (git-fixes CVE-2022-49346 bsc#1238392).
- Update
  patches.suse/net-dsa-microchip-ksz_common-Fix-refcount-leak-bug.patch
  (git-fixes CVE-2022-49591 bsc#1238666).
- Update
  patches.suse/net-dsa-mv88e6xxx-Fix-refcount-leak-in-mv88e6xxx_mdi.patch
  (git-fixes CVE-2022-49367 bsc#1238447).
- Update
  patches.suse/net-ethernet-bgmac-Fix-refcount-leak-in-bcma_mdio_mi.patch
  (git-fixes CVE-2022-49342 bsc#1238390).
- Update
  patches.suse/net-ethernet-mtk_eth_soc-out-of-bounds-read-in-mtk_h.patch
  (git-fixes CVE-2022-49368 bsc#1237808).
- Update
  patches.suse/net-ethernet-stmmac-fix-altr_tse_pcs-function-when-u.patch
  (git-fixes CVE-2022-49061 bsc#1238024).
- Update
  patches.suse/net-ethernet-ti-am65-cpsw-nuss-Fix-some-refcount-lea.patch
  (git-fixes CVE-2022-49386 bsc#1237826).
- Update
  patches.suse/net-hns3-add-vlan-list-lock-to-protect-vlan-list.patch
  (git-fixes CVE-2022-49182 bsc#1238260).
- Update
  patches.suse/net-ipv4-fix-route-with-nexthop-object-delete-warnin.patch
  (bsc#1204171 CVE-2022-3435 CVE-2022-49092 bsc#1237779).
- Update
  patches.suse/net-ipv6-unexport-__init-annotated-seg6_hmac_init.patch
  (bsc#1201218 CVE-2022-49339 bsc#1238388).
- Update
  patches.suse/net-mdio-unexport-__init-annotated-mdio_bus_init.patch
  (bsc#1201218 CVE-2022-49350 bsc#1238387).
- Update
  patches.suse/net-openvswitch-fix-leak-of-nested-actions.patch
  (git-fixes CVE-2022-49086 bsc#1238037).
- Update
  patches.suse/net-phy-micrel-Allow-probing-without-.driver_data.patch
  (git-fixes CVE-2022-49472 bsc#1238951).
- Update
  patches.suse/net-sfc-add-missing-xdp-queue-reinitialization.patch
  (git-fixes CVE-2022-49096 bsc#1238077).
- Update
  patches.suse/net-smc-Fix-NULL-pointer-dereference-in-smc_pnet_find_ib
  (git-fixes CVE-2022-49060 bsc#1237845).
- Update
  patches.suse/net-stmmac-dwc-qos-Disable-split-header-for-Tegra194.patch
  (bsc#1194904 CVE-2022-49642 bsc#1238437).
- Update
  patches.suse/net-stmmac-fix-dma-queue-left-shift-overflow-issue.patch
  (git-fixes CVE-2022-49592 bsc#1238311).
- Update patches.suse/net-stmmac-fix-leaks-in-probe.patch
  (git-fixes CVE-2022-49628 bsc#1238619).
- Update
  patches.suse/net-tun-unlink-NAPI-from-device-on-destruction.patch
  (git-fixes CVE-2022-49672 bsc#1238816).
- Update
  patches.suse/net-usb-aqc111-Fix-out-of-bounds-accesses-in-RX-fixu.patch
  (git-fixes CVE-2022-49051 bsc#1237903).
- Update
  patches.suse/net-xfrm-unexport-__init-annotated-xfrm4_protocol_in.patch
  (bsc#1201218 CVE-2022-49345 bsc#1238238).
- Update
  patches.suse/nfc-nci-add-flush_workqueue-to-prevent-uaf.patch
  (git-fixes CVE-2022-49059 bsc#1238007).
- Update
  patches.suse/nfc-nfcmrvl-Fix-memory-leak-in-nfcmrvl_play_deferred.patch
  (git-fixes CVE-2022-49729 bsc#1239060).
- Update
  patches.suse/nfc-st21nfca-fix-memory-leaks-in-EVT_TRANSACTION-han.patch
  (git-fixes CVE-2022-49331 bsc#1237813).
- Update
  patches.suse/nvme-pci-fix-a-NULL-pointer-dereference-in-nvme_allo.patch
  (git-fixes CVE-2022-49492 bsc#1238954).
- Update
  patches.suse/ocfs2-dlmfs-fix-error-handling-of-user_dlm_destroy_l.patch
  (bsc#1202778 CVE-2022-49337 bsc#1238376).
- Update
  patches.suse/ocfs2-fix-crash-when-mount-with-quota-enabled.patch
  (bsc#1207640 CVE-2022-49274 bsc#1238668).
- Update
  patches.suse/perf-core-Fix-data-race-between-perf_event_set_output-and-perf_mmap_close.patch
  (git fixes CVE-2022-49607 bsc#1238817).
- Update
  patches.suse/phy-qcom-qmp-fix-reset-controller-leak-on-probe-erro.patch
  (git-fixes CVE-2022-49396 bsc#1238289).
- Update
  patches.suse/phy-qcom-qmp-fix-struct-clk-leak-on-probe-errors.patch
  (git-fixes CVE-2022-49397 bsc#1237823).
- Update
  patches.suse/pinctrl-aspeed-Fix-potential-NULL-dereference-in-asp.patch
  (git-fixes CVE-2022-49618 bsc#1238957).
- Update
  patches.suse/pinctrl-nomadik-Add-missing-of_node_put-in-nmk_pinct.patch
  (git-fixes CVE-2022-49185 bsc#1238111).
- Update
  patches.suse/pinctrl-renesas-core-Fix-possible-null-ptr-deref-in-.patch
  (git-fixes CVE-2022-49445 bsc#1238019).
- Update
  patches.suse/pinctrl-renesas-rzn1-Fix-possible-null-ptr-deref-in-.patch
  (git-fixes CVE-2022-49449 bsc#1238936).
- Update
  patches.suse/platform-x86-thinkpad_acpi-Fix-a-memory-leak-of-EFCH.patch
  (bsc#1210050 CVE-2022-49665 bsc#1238017).
- Update
  patches.suse/power-reset-arm-versatile-Fix-refcount-leak-in-versa.patch
  (git-fixes CVE-2022-49609 bsc#1238241).
- Update
  patches.suse/power-supply-ab8500-Fix-memory-leak-in-ab8500_fg_sys.patch
  (git-fixes CVE-2022-49224 bsc#1237998).
- Update
  patches.suse/powerpc-64s-Don-t-use-DSISR-for-SLB-faults.patch
  (bsc#1194869 CVE-2022-49214 bsc#1238003).
- Update
  patches.suse/powerpc-iommu-Add-missing-of_node_put-in-iommu_init_.patch
  (bsc#1194869 CVE-2022-49431 bsc#1238899).
- Update
  patches.suse/powerpc-pseries-Fix-use-after-free-in-remove_phb_dyn.patch
  (bsc#1065729 bsc#1198660 ltc#197803 CVE-2022-49196 bsc#1238274).
- Update
  patches.suse/powerpc-rtas-Keep-MSR-RI-set-when-calling-RTAS.patch
  (bsc#1197174 ltc#196362 CVE-2022-49440 bsc#1238945).
- Update
  patches.suse/powerpc-secvar-fix-refcount-leak-in-format_show.patch
  (bsc#1194869 CVE-2022-49113 bsc#1237967).
- Update
  patches.suse/powerpc-tm-Fix-more-userspace-r13-corruption.patch
  (bsc#1065729 CVE-2022-49164 bsc#1238108).
- Update
  patches.suse/powerpc-xics-fix-refcount-leak-in-icp_opal_init.patch
  (bsc#1194869 CVE-2022-49432 bsc#1238950).
- Update
  patches.suse/powerpc-xive-Fix-refcount-leak-in-xive_spapr_init.patch
  (fate#322438 git-fixes CVE-2022-49437 bsc#1238443).
- Update
  patches.suse/powerpc-xive-spapr-correct-bitmap-allocation-size.patch
  (fate#322438 git-fixes CVE-2022-49623 bsc#1239040).
- Update
  patches.suse/qede-confirm-skb-is-allocated-before-using.patch
  (git-fixes CVE-2022-49084 bsc#1237751).
- Update
  patches.suse/raw-Fix-a-data-race-around-sysctl_raw_l3mdev_accept.patch
  (git-fixes CVE-2022-49631 bsc#1238814).
- Update
  patches.suse/regulator-da9121-Fix-uninit-value-in-da9121_assign_c.patch
  (git-fixes CVE-2022-49507 bsc#1238811).
- Update
  patches.suse/regulator-pfuze100-Fix-refcount-leak-in-pfuze_parse_.patch
  (git-fixes CVE-2022-49481 bsc#1238264).
- Update
  patches.suse/regulator-scmi-Fix-refcount-leak-in-scmi_regulator_p.patch
  (git-fixes CVE-2022-49466 bsc#1238287).
- Update
  patches.suse/remoteproc-Fix-count-check-in-rproc_coredump_write.patch
  (git-fixes CVE-2022-49278 bsc#1238253).
- Update
  patches.suse/remoteproc-qcom_q6v5_mss-Fix-some-leaks-in-q6v5_allo.patch
  (git-fixes CVE-2022-49188 bsc#1238138).
- Update
  patches.suse/rtc-mt6397-check-return-value-after-calling-platform.patch
  (git-fixes CVE-2022-49375 bsc#1238228).
- Update
  patches.suse/rtc-pl031-fix-rtc-features-null-pointer-dereference.patch
  (git-fixes CVE-2022-49273 bsc#1238140).
- Update
  patches.suse/rtl818x-Prevent-using-not-initialized-queues.patch
  (git-fixes CVE-2022-49326 bsc#1238646).
- Update
  patches.suse/scsi-hisi_sas-Free-irq-vectors-in-order-for-v3-HW.patch
  (git-fixes CVE-2022-49118 bsc#1237979).
- Update
  patches.suse/scsi-ibmvfc-Allocate-free-queue-resource-only-during.patch
  (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes CVE-2022-49701
  bsc#1237810).
- Update
  patches.suse/scsi-ibmvfc-Store-vhost-pointer-during-subcrq-alloca.patch
  (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes CVE-2022-49703
  bsc#1238131).
- Update
  patches.suse/scsi-libfc-Fix-use-after-free-in-fc_exch_abts_resp.patch
  (git-fixes CVE-2022-49114 bsc#1238146).
- Update
  patches.suse/scsi-lpfc-Address-NULL-pointer-dereference-after-sta.patch
  (bsc#1201193 CVE-2022-49332 bsc#1238236).
- Update
  patches.suse/scsi-lpfc-Fix-SCSI-I-O-completion-and-abort-handler-.patch
  (bsc#1200045 CVE-2022-49536 bsc#1238838).
- Update
  patches.suse/scsi-lpfc-Fix-call-trace-observed-during-I-O-with-CM.patch
  (bsc#1200045 CVE-2022-49537 bsc#1238930).
- Update
  patches.suse/scsi-lpfc-Fix-null-pointer-dereference-after-failing.patch
  (bsc#1200045 CVE-2022-49535 bsc#1238937).
- Update
  patches.suse/scsi-lpfc-Fix-resource-leak-in-lpfc_sli4_send_seq_to.patch
  (bsc#1200045 CVE-2022-49521 bsc#1238938).
- Update
  patches.suse/scsi-lpfc-Inhibit-aborts-if-external-loopback-plug-i.patch
  (bsc#1200045 CVE-2022-49504 bsc#1238835).
- Update
  patches.suse/scsi-lpfc-Move-cfg_log_verbose-check-before-calling-.patch
  (bsc#1200045 CVE-2022-49542 bsc#1238722).
- Update
  patches.suse/scsi-lpfc-Protect-memory-leak-for-NPIV-ports-sending.patch
  (bsc#1200045 CVE-2022-49534 bsc#1238893).
- Update
  patches.suse/scsi-lpfc-Resolve-NULL-ptr-dereference-after-an-ELS-.patch
  (bsc#1201193 CVE-2022-49730 bsc#1239070).
- Update patches.suse/scsi-mpi3mr-Fix-memory-leaks.patch
  (git-fixes CVE-2022-49126 bsc#1237929).
- Update
  patches.suse/scsi-mpt3sas-Fix-use-after-free-in-_scsih_expander_node_remove
  (git-fixes CVE-2022-49082 bsc#1237740).
- Update
  patches.suse/scsi-pm8001-Fix-abort-all-task-initialization.patch
  (git-fixes CVE-2022-49217 bsc#1238313).
- Update
  patches.suse/scsi-pm8001-Fix-memory-leak-in-pm8001_chip_fw_flash_update_req.patch
  (git-fixes CVE-2022-49119 bsc#1237925).
- Update patches.suse/scsi-pm8001-Fix-tag-leaks-on-error.patch
  (git-fixes CVE-2022-49121 bsc#1237926).
- Update
  patches.suse/scsi-pm8001-Fix-task-leak-in-pm8001_send_abort_all.patch
  (git-fixes CVE-2022-49120 bsc#1237969).
- Update
  patches.suse/scsi-qla2xxx-Fix-crash-during-module-load-unload-tes.patch
  (bsc#1197661 CVE-2022-49160 bsc#1238172).
- Update
  patches.suse/scsi-qla2xxx-Fix-premature-hw-access-after-PCI-error.patch
  (bsc#1195823 CVE-2022-49157 bsc#1238169).
- Update
  patches.suse/scsi-qla2xxx-Fix-scheduling-while-atomic.patch
  (bsc#1195823 CVE-2022-49156 bsc#1238168).
- Update
  patches.suse/scsi-qla2xxx-Fix-warning-message-due-to-adisc-being-.patch
  (bsc#1195823 CVE-2022-49158 bsc#1238170).
- Update
  patches.suse/scsi-qla2xxx-Implement-ref-count-for-SRB.patch
  (bsc#1195823 CVE-2022-49159 bsc#1238171).
- Update
  patches.suse/scsi-qla2xxx-Suppress-a-kernel-complaint-in-qla_crea.patch
  (bsc#1195823 CVE-2022-49155 bsc#1237941).
- Update
  patches.suse/scsi-sd-Fix-potential-NULL-pointer-dereference.patch
  (git-fixes CVE-2022-49376 bsc#1238103).
- Update
  patches.suse/scsi-zorro7xx-Fix-a-resource-leak-in-zorro7xx_remove_one
  (git-fixes CVE-2022-49095 bsc#1237752).
- Update
  patches.suse/serial-8250-Fix-PM-usage_count-for-console-handover.patch
  (git-fixes CVE-2022-49613 bsc#1238440).
- Update
  patches.suse/serial-8250_aspeed_vuart-Fix-potential-NULL-derefere.patch
  (git-fixes CVE-2022-49392 bsc#1238113).
- Update
  patches.suse/sfc-fix-considering-that-all-channels-have-TX-queues.patch
  (git-fixes CVE-2022-49378 bsc#1238286).
- Update patches.suse/sfc-fix-kernel-panic-when-creating-VF.patch
  (git-fixes CVE-2022-49625 bsc#1238411).
- Update
  patches.suse/sfc-fix-use-after-free-when-disabling-sriov.patch
  (git-fixes CVE-2022-49626 bsc#1238270).
- Update
  patches.suse/skbuff-fix-coalescing-for-page_pool-fragment-recycli.patch
  (bsc#1190336 CVE-2022-49093 bsc#1237737).
- Update
  patches.suse/soc-bcm-Check-for-NULL-return-of-devm_kzalloc.patch
  (git-fixes CVE-2022-49448 bsc#1238536).
- Update
  patches.suse/soc-bcm-brcmstb-pm-pm-arm-Fix-refcount-leak-in-brcms.patch
  (git-fixes CVE-2022-49678 bsc#1238821).
- Update
  patches.suse/soc-rockchip-Fix-refcount-leak-in-rockchip_grf_init.patch
  (git-fixes CVE-2022-49382 bsc#1238306).
- Update
  patches.suse/soc-ti-ti_sci_pm_domains-Check-for-null-return-of-de.patch
  (git-fixes CVE-2022-49453 bsc#1239004).
- Update
  patches.suse/spi-bcm2835-bcm2835_spi_handle_err-fix-NULL-pointer-.patch
  (git-fixes CVE-2022-49569 bsc#1238605).
- Update
  patches.suse/spi-spi-fsl-qspi-check-return-value-after-calling-pl.patch
  (git-fixes CVE-2022-49475 bsc#1238617).
- Update
  patches.suse/staging-rtl8712-fix-a-potential-memory-leak-in-r871x.patch
  (git-fixes CVE-2022-49312 bsc#1238157).
- Update
  patches.suse/staging-rtl8712-fix-uninit-value-in-r871xu_drv_init.patch
  (git-fixes CVE-2022-49298 bsc#1238718).
- Update
  patches.suse/staging-rtl8712-fix-uninit-value-in-usb_read8-and-fr.patch
  (git-fixes CVE-2022-49301 bsc#1238643).
- Update
  patches.suse/staging-vchiq_arm-Avoid-NULL-ptr-deref-in-vchiq_dump.patch
  (git-fixes CVE-2022-49106 bsc#1237965).
- Update
  patches.suse/staging-vchiq_core-handle-NULL-result-of-find_servic.patch
  (git-fixes CVE-2022-49104 bsc#1237999).
- Update
  patches.suse/staging-wfx-fix-an-error-handling-in-wfx_init_common.patch
  (git-fixes CVE-2022-49105 bsc#1237975).
- Update
  patches.suse/sysctl-Fix-data-races-in-proc_dou8vec_minmax.patch
  (git-fixes CVE-2022-49634 bsc#1237937).
- Update
  patches.suse/sysctl-Fix-data-races-in-proc_douintvec.patch
  (git-fixes CVE-2022-49641 bsc#1237831).
- Update
  patches.suse/sysctl-Fix-data-races-in-proc_douintvec_minmax.patch
  (git-fixes CVE-2022-49640 bsc#1237782).
- Update
  patches.suse/thermal-core-Fix-memory-leak-in-__thermal_cooling_de.patch
  (git-fixes CVE-2022-49468 bsc#1238047).
- Update
  patches.suse/thermal-drivers-broadcom-Fix-potential-NULL-derefere.patch
  (git-fixes CVE-2022-49459 bsc#1238046).
- Update
  patches.suse/thermal-drivers-imx_sc_thermal-Fix-refcount-leak-in-.patch
  (git-fixes CVE-2022-49463 bsc#1238428).
- Update
  patches.suse/tick-nohz-unexport-__init-annotated-tick_nohz_full_s.patch
  (bsc#1201218 CVE-2022-49675 bsc#1238431).
- Update
  patches.suse/tpm-fix-reference-counting-for-struct-tpm_chip.patch
  (CVE-2022-2977 bsc#1202672 CVE-2022-49287 bsc#1238276).
- Update patches.suse/tpm-use-try_get_ops-in-tpm-space.c.patch
  (git-fixes CVE-2022-49286 bsc#1238647).
- Update
  patches.suse/tracing-Fix-potential-double-free-in-create_var_ref.patch
  (git-fixes CVE-2022-49410 bsc#1238441).
- Update
  patches.suse/tracing-Fix-sleeping-function-called-from-invalid-context-on-RT-kernel.patch
  (git-fixes CVE-2022-49322 bsc#1238396).
- Update
  patches.suse/tracing-histograms-Fix-memory-leak-problem.patch
  (git-fixes CVE-2022-49648 bsc#1238278).
- Update
  patches.suse/tty-Fix-a-possible-resource-leak-in-icom_probe.patch
  (git-fixes CVE-2022-49314 bsc#1238158).
- Update
  patches.suse/tty-fix-deadlock-caused-by-calling-printk-under-tty_.patch
  (git-fixes CVE-2022-49441 bsc#1238263).
- Update patches.suse/tty-goldfish-Fix-free_irq-on-remove.patch
  (git-fixes CVE-2022-49724 bsc#1238869).
- Update
  patches.suse/tty-goldfish-Use-tty_port_destroy-to-destroy-port.patch
  (git-fixes CVE-2022-49399 bsc#1237829).
- Update
  patches.suse/tty-synclink_gt-Fix-null-pointer-dereference-in-slgt.patch
  (git-fixes CVE-2022-49307 bsc#1238149).
- Update
  patches.suse/tunnels-do-not-assume-mac-header-is-set-in-skb_tunne.patch
  (git-fixes CVE-2022-49663 bsc#1238442).
- Update
  patches.suse/usb-dwc2-Fix-memory-leak-in-dwc2_hcd_init.patch
  (git-fixes CVE-2022-49713 bsc#1238419).
- Update
  patches.suse/usb-dwc2-gadget-don-t-reset-gadget-s-driver-bus.patch
  (git-fixes CVE-2022-49299 bsc#1238184).
- Update
  patches.suse/usb-dwc3-gadget-Replace-list_for_each_entry_safe-if-.patch
  (git-fixes CVE-2022-49398 bsc#1238621).
- Update
  patches.suse/usb-gadget-lpc32xx_udc-Fix-refcount-leak-in-lpc32xx_.patch
  (git-fixes CVE-2022-49712 bsc#1238239).
- Update
  patches.suse/usb-isp1760-Fix-out-of-bounds-array-access.patch
  (git-fixes CVE-2022-49551 bsc#1237795).
- Update
  patches.suse/usb-usbip-fix-a-refcount-leak-in-stub_probe.patch
  (git-fixes CVE-2022-49389 bsc#1238257).
- Update
  patches.suse/usbnet-Run-unregister_netdev-before-unbind-again.patch
  (git-fixes CVE-2022-49501 bsc#1238830).
- Update patches.suse/usbnet-fix-memory-leak-in-error-case.patch
  (git-fixes CVE-2022-49657 bsc#1238269).
- Update
  patches.suse/veth-Ensure-eth-header-is-in-skb-s-linear-part.patch
  (git-fixes CVE-2022-49066 bsc#1237722).
- Update
  patches.suse/video-fbdev-clcdfb-Fix-refcount-leak-in-clcdfb_of_vr.patch
  (git-fixes CVE-2022-49421 bsc#1238819).
- Update
  patches.suse/video-fbdev-sm712fb-Fix-crash-in-smtcfb_write.patch
  (git-fixes CVE-2022-49162 bsc#1238096).
- Update
  patches.suse/virtio_console-eliminate-anonymous-module_init-modul.patch
  (git-fixes CVE-2022-49100 bsc#1237735).
- Update
  patches.suse/virtio_net-fix-xdp_rxq_info-bug-after-suspend-resume.patch
  (git-fixes CVE-2022-49687 bsc#1238181).
- Update patches.suse/watch_queue-Actually-free-the-watch.patch
  (CVE-2022-0995 bsc#1197246 CVE-2022-49256 bsc#1238277).
- Update
  patches.suse/watch_queue-Fix-NULL-dereference-in-error-cleanup.patch
  (CVE-2022-0995 bsc#1197246 CVE-2022-49257 bsc#1237987).
- Update
  patches.suse/watch_queue-Free-the-page-array-when-watch_queue-is-.patch
  (git-fixes CVE-2022-49148 bsc#1237797).
- Update
  patches.suse/watchdog-ts4800_wdt-Fix-refcount-leak-in-ts4800_wdt_.patch
  (git-fixes CVE-2022-49373 bsc#1238175).
- Update
  patches.suse/wifi-mac80211-fix-queue-selection-for-mesh-OCB-inter.patch
  (git-fixes CVE-2022-49646 bsc#1239001).
- Update
  patches.suse/wifi-mac80211-fix-use-after-free-in-chanctx-code.patch
  (git-fixes CVE-2022-49416 bsc#1238293).
- Update
  patches.suse/wireguard-socket-free-skb-in-send6-when-ipv6-is-disa.patch
  (git-fixes CVE-2022-49153 bsc#1238166).
- Update
  patches.suse/x86-MCE-AMD-Fix-memory-leak-when-threshold_create_ba.patch
  (git-fixes CVE-2022-49549 bsc#1238602).
- Update
  patches.suse/x86-kexec-fix-memory-leak-of-elf-header-buffer.patch
  (bsc#1196444 CVE-2022-49546 bsc#1238750).
- Update
  patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901 CVE-2022-49611
  bsc#1238618).
- Update
  patches.suse/xen-netback-avoid-entering-xenvif_rx_next_skb-with-a.patch
  (bsc#1201381 CVE-2022-49649 bsc#1238612).
- Update
  patches.suse/xprtrdma-treat-all-calls-not-a-bcall-when-bc_serv-is.patch
  (git-fixes CVE-2022-49321 bsc#1238373).
- commit a27d758

- Update
  patches.suse/0011-Revert-Revert-block-bfq-honor-already-setup-queue-merges.patch
  (git-fixes CVE-2021-47646 bsc#1237774).
- Update
  patches.suse/ARM-davinci-da850-evm-Avoid-NULL-pointer-dereference.patch
  (git-fixes CVE-2021-47631 bsc#1237718).
- Update
  patches.suse/ASoC-soc-compress-prevent-the-potentially-use-of-nul.patch
  (git-fixes CVE-2021-47650 bsc#1237742).
- Update
  patches.suse/KVM-x86-mmu-Zap-_all_-roots-when-unmapping-gfn-range.patch
  (git-fixes CVE-2021-47639 bsc#1237824).
- Update
  patches.suse/ath5k-fix-OOB-in-ath5k_eeprom_read_pcal_info_5111.patch
  (git-fixes CVE-2021-47633 bsc#1237768).
- Update patches.suse/clk-qcom-ipq8074-fix-PCI-E-clock-oops.patch
  (git-fixes CVE-2021-47647 bsc#1237775).
- Update
  patches.suse/drm-amd-pm-fix-a-potential-gpu_metrics_table-memory-.patch
  (git-fixes CVE-2021-4453 bsc#1237753).
- Update
  patches.suse/drm-plane-Move-range-check-for-format_count-earlier.patch
  (git-fixes CVE-2021-47659 bsc#1237839).
- Update
  patches.suse/drm-virtio-Ensure-that-objs-is-not-NULL-in-virtio_gp.patch
  (git-fixes CVE-2021-47657 bsc#1237837).
- Update
  patches.suse/gpu-host1x-Fix-a-memory-leak-in-host1x_remove.patch
  (git-fixes CVE-2021-47648 bsc#1237725).
- Update
  patches.suse/jffs2-fix-use-after-free-in-jffs2_clear_xattr_subsystem.patch
  (git-fixes CVE-2021-47656 bsc#1237827).
- Update
  patches.suse/media-davinci-vpif-fix-use-after-free-on-driver-unbi.patch
  (git-fixes CVE-2021-47653 bsc#1237748).
- Update patches.suse/media-ir_toy-free-before-error-exiting.patch
  (git-fixes CVE-2021-47643 bsc#1237743).
- Update
  patches.suse/media-staging-media-zoran-calculate-the-right-buffer.patch
  (git-fixes CVE-2021-47645 bsc#1237767).
- Update
  patches.suse/media-staging-media-zoran-move-videodev-alloc.patch
  (git-fixes CVE-2021-47644 bsc#1237766).
- Update
  patches.suse/powerpc-set_memory-Avoid-spinlock-recursion-in-chang.patch
  (bsc#1194869 CVE-2021-47632 bsc#1237755).
- Update
  patches.suse/samples-landlock-Fix-path_list-memory-leak.patch
  (git-fixes CVE-2021-47654 bsc#1237807).
- Update
  patches.suse/soc-qcom-rpmpd-Check-for-null-return-of-devm_kcalloc.patch
  (git-fixes CVE-2021-47651 bsc#1237872).
- Update
  patches.suse/ubifs-Fix-deadlock-in-concurrent-rename-whiteout-and-inode-writeback.patch
  (git-fixes CVE-2021-47637 bsc#1237761).
- Update
  patches.suse/ubifs-Fix-read-out-of-bounds-in-ubifs_wbuf_write_nolock.patch
  (git-fixes CVE-2021-47636 bsc#1237904).
- Update
  patches.suse/ubifs-Fix-to-add-refcount-once-page-is-set-private.patch
  (git-fixes CVE-2021-47635 bsc#1237759).
- Update
  patches.suse/ubifs-rename_whiteout-Fix-double-free-for-whiteout_ui-data.patch
  (git-fixes CVE-2021-47638 bsc#1237763).
- Update patches.suse/udmabuf-validate-ubuf-pagecount.patch
  (git-fixes CVE-2021-47649 bsc#1237745).
- Update
  patches.suse/video-fbdev-cirrusfb-check-pixclock-to-avoid-divide-.patch
  (git-fixes CVE-2021-47641 bsc#1237734).
- Update
  patches.suse/video-fbdev-nvidiafb-Use-strscpy-to-prevent-buffer-o.patch
  (git-fixes CVE-2021-47642 bsc#1237916).
- Update
  patches.suse/video-fbdev-smscufx-Fix-null-ptr-deref-in-ufx_usb_pr.patch
  (git-fixes CVE-2021-47652 bsc#1237721).
- commit e92be69

- net: rose: fix timer races against user threads (CVE-2025-21718
  bsc#1239073).
- commit 0089650

- net_sched: sch_sfq: don't allow 1 packet limit (CVE-2024-57996
  bsc#1239076).
- commit 1575e37

- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (CVE-2024-58014 bsc#1239109)
- commit a0ab5c3

- initcall_blacklist: Does not allow kernel_lockdown be
  blacklisted (bsc#1237521).
- commit 248ffca

- x86/bugs: Fix BHI retpoline check (git-fixes).
- commit 083fa08

- Sort BHI mitigation patches
- Refresh patches.suse/KVM-x86-Add-BHI_NO.patch.
- Refresh patches.suse/x86-bhi-Add-BHI-mitigation-knob.patch.
- Refresh
  patches.suse/x86-bhi-Add-support-for-clearing-branch-history-at-syscall.patch.
- Refresh patches.suse/x86-bhi-Define-SPEC_CTRL_BHI_DIS_S.patch.
- Refresh
  patches.suse/x86-bhi-Enumerate-Branch-History-Injection-BHI-bug.patch.
- Refresh patches.suse/x86-bhi-Mitigate-KVM-by-default.patch.
- commit 2ed304e

- KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (bsc#1217339 CVE-2024-2201).
- commit 3e06375

- mm/mempolicy: fix mpol_new leak in shared_policy_replace
  (CVE-2022-49080 bsc#1238033).
- commit ee261e8

- KVM: VMX: Bury Intel PT virtualization (guest/host mode)
  behind CONFIG_BROKEN (CVE-2024-53135 bsc#1234154).
- commit c33dbae

- net: wwan: fix global oob in wwan_rtnl_policy (CVE-2024-50128
  bsc#1232905).
- commit b1050a1

- ipv4/tcp: do not use per netns ctl sockets (bsc#1237693).
- commit f950ad1

- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- commit e70ee83

- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx
  (git-fixes).
- commit 2ad21f6

- idpf: call set_real_num_queues in idpf_open (bsc#1236661
  bsc#1237316).
- commit 67a5892

- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
  (bsc#1237139 CVE-2025-21699).
- commit 94ceb50

- scsi: storvsc: Ratelimit warning logs to prevent VM denial of
  service (bsc#1237025 CVE-2025-21690).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
  (git-fixes).
- commit f3c7eea

- Update
  patches.suse/cifs-Fix-UAF-in-cifs_demultiplex_thread-.patch
  (bsc#1208995 CVE-2023-1192 CVE-2023-52572 bsc#1220946).
  Move to the sorted section.
- commit bb08640

- net: sched: fix ets qdisc OOB Indexing (bsc#1237028
  CVE-2025-21692).
- commit 947f160

- net: mana: Cleanup "mana" debugfs dir after cleanup of all
  children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: mana: Add get_link and get_link_ksettings in ethtool
  (bsc#1236761).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- commit dd59602

- Update
  patches.suse/ALSA-6fire-Release-resources-at-card-release.patch
  (CVE-2024-53239 bsc#1235054 bsc#1234853).
- Update
  patches.suse/Bluetooth-L2CAP-do-not-leave-dangling-sk-pointer-on-.patch
  (CVE-2024-56605 bsc#1235061 bsc#1234853).
- Update
  patches.suse/KVM-nSVM-Ignore-nCR3-4-0-when-loading-PDPTEs-from-me.patch
  (CVE-2024-50115 bsc#1232919 bsc#1225742).
- Update
  patches.suse/NFSv4.0-Fix-a-use-after-free-problem-in-the-asynchronous-open.patch
  (CVE-2024-53173 bsc#1234891 bsc#1234853).
- Update
  patches.suse/hfsplus-don-t-query-the-device-logical-block-size-multiple-times.patch
  (bsc#1235073 CVE-2024-56548 bsc#1234853).
- Update
  patches.suse/wifi-mwifiex-Fix-memcpy-field-spanning-write-warning-in-mwifiex_config_scan.patch
  (CVE-2024-56539 bsc#1234963 bsc#1234853).
- commit c3c2bf8

- mac802154: check local interfaces before deleting sdata list
  (CVE-2024-57948 bsc#1236677).
- commit 4de21f7

- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED
  in uvc_parse_format (CVE-2024-53104 bsc#1234025).
- commit a0c98f3

- Fix sorting error
  ```
  Error: Current series.conf is not sorted. Please run series_sort.py first and commit the result before adding new patches.
  ```
- commit a81b3e9

- kABI fix for net: defer final 'struct net' free in netns dismantle (CVE-2024-56658 bsc#1235441).
  Upstream commit 0f6ede9fbc74 ("net: defer final 'struct
  net' free in netns dismantle") introduced a new struct element
  `defer_free_list` into `struct net`. In order to preserve the kABI, move
  the newly added element into a hole.
  ```
    struct netns_nexthop       nexthop;              /*   560    72 */
    /* XXX 8 bytes hole, try to pack */
    /* --- cacheline 10 boundary (640 bytes) --- */
    struct netns_ipv4          ipv4 __attribute__((__aligned__(64))); /*   640   704 */
  ```
- commit 3fc1183

- net: defer final 'struct net' free in netns dismantle (CVE-2024-56658 bsc#1235441).
- commit 8694248

- NFS: Trigger the "ls -l" readdir heuristic sooner (bsc#1231847).
- commit eadd17e

- NFS: Improve heuristic for readdirplus (bsc#1231847).
- commit ea10ca2

- NFS: Adjust the amount of readahead performed by NFS readdir
  (bsc#1231847).
- commit ec8e677

- NFS: Do not flush the readdir cache in nfs_dentry_iput()
  (bsc#1231847).
- commit ac72a63

- smb: prevent use-after-free due to open_cached_dir error paths
  (CVE-2024-53177 bsc#1234896).
- commit 43156cd

- net: inet6: do not leave a dangling sk pointer in inet6_create()
  (CVE-2024-56600 bsc#1235217).
- commit 4f3d37a

- blacklist.conf: Not affected byy CVE-2024-44932 and CVE-2024-44964
- Delete
  patches.suse/idpf-fix-UAFs-when-destroying-the-queues.patch.
- Delete
  patches.suse/idpf-fix-memory-leaks-and-crashes-while-performing-a.patch.
  This fixes bsc#1236628
- commit 6ceedf0

- netfilter: x_tables: fix LED ID check in led_tg_check()
  (CVE-2024-56650 bsc#1235430).
- commit a130a9c

- drm/amdkfd: Correct the migration DMA map direction (bsc#1235969 CVE-2024-57897)
- commit e14ed1e

- Refresh patches.suse/drm-dp_mst-Ensure-mst_primary-pointer-is-valid-in-dr.patch.
  Fix warning by removing unused label out_put_primary
- commit 354b3cb

- Update patches.suse/tipc-fix-NULL-deref-in-cleanup_bearer.patch
  (bsc#1235433 CVE-2024-56661 bsc#1234931).
- commit cb91989

- Update
  patches.suse/Bluetooth-hci_event-Align-BR-EDR-JUST_WORKS-paring-w.patch
  (git-fixes bsc#1230697 CVE-2024-8805 CVE-2024-53144
  bsc#1234690).
- commit ea9bf7d

- net: inet: do not leave a dangling sk pointer in inet_create()
  (CVE-2024-56601 bsc#1235230).
- commit b4769c0

- btrfs: fix use-after-free when COWing tree bock and tracing
  is enabled (bsc#1235645 CVE-2024-56759).
- commit e811c1c

- scsi: qla2xxx: Fix use after free on unload (CVE-2024-56623
  bsc#1235466).
- block, bfq: fix bfqq uaf in bfq_limit_depth() (CVE-2024-53166
  bsc#1234884).
- commit 894e940

- Refresh
  patches.suse/x86-xen-don-t-do-PV-iret-hypercall-through-hypercall.patch.
- commit df281af

- x86/static-call: Remove early_boot_irqs_disabled check to fix
  Xen PVH dom0 (git-fixes).
- commit 2c0880a

- ALSA: seq: oss: Fix races at processing SysEx messages
  (CVE-2024-57893 bsc#1235920).
- commit f05049d

- drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (CVE-2024-57798 bsc#1235818).
- commit bfdad42

- drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (CVE-2024-57798 bsc#1235818).
- commit 15490f2

- net/smc: check return value of sock_recvmsg when draining clc
  data (CVE-2024-57791 bsc#1235759).
- commit b879d55

- power: supply: gpio-charger: Fix set charge current limits
  (git-fixes CVE-2024-57792 bsc#1235764).
- commit 80ed527

- bpf, sockmap: Fix race between element replace and close()
  (CVE-2024-56664 bsc#1235249).
- commit 03e2626

- s390/cpum_sf: Handle CPU hotplug remove during sampling
  (CVE-2024-57849 bsc#1235814).
- commit e03f9af

- Update
  patches.suse/smb-client-fix-TCP-timers-deadlock-after-rmmod.patch
  (CVE-2024-53095 bsc#1233642 CVE-2024-54680 bsc#1235723).
- commit 6deb1aa

- mm/swapfile: skip HugeTLB pages for unuse_vma (CVE-2024-50199
  bsc#1233112).
- commit 63ec06b

- tipc: fix NULL deref in cleanup_bearer() (bsc#1235433).
- commit a0043a3

- scsi: sg: Fix slab-use-after-free read in sg_release()
  (CVE-2024-56631 bsc#1235480).
- commit 9399f03

- 9p/xen: fix release of IRQ (CVE-2024-56704 bsc#1235584).
- commit 614e74c

- net: ieee802154: do not leave a dangling sk pointer in
  ieee802154_create() (CVE-2024-56602 bsc#1235521).
- commit 4049cc5

- net: hsr: avoid potential out-of-bound access in
  fill_frame_info() (CVE-2024-56648 bsc#1235451).
- commit 0a88cb0
krb5
- Prevent overflow when calculating ulog block size. An authenticated
  attacker can cause kadmind to write beyond the end of the mapped
  region for the iprop log file, likely causing a process crash;
  (CVE-2025-24528); (bsc#1236619).
- Add patch 0014-Prevent-overflow-when-calculating-ulog-block-size.patch
libX11
-  U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch
  * Buffer overflow in XkbChangeTypesOfKey()
    (CVE-2025-26597, bsc#1237431)
libarchive
- Fix CVE-2025-25724, Buffer Overflow vulnerability in libarchive
  (CVE-2025-25724, bsc#1238610)
  * CVE-2025-25724.patch
mozilla-nss
- Updated nss-fips-approved-crypto-non-ec.patch to not pass in
  bad targetKeyLength parameters when checking for FIPS approval
  after keygen. This was causing false rejections.

- Updated nss-fips-approved-crypto-non-ec.patch to approve
  RSA signature verification  mechanisms with PKCS padding and
  legacy moduli (bsc#1222834).
freetype2
- Added patch:
  * CVE-2025-27363.patch
    + fixes bsc#1239465, CVE-2025-27363: out-of-bounds write when
    attempting to parse font subglyph structures related to
    TrueType GX and variable font files
giflib
- Added patch:
  * giflib-bsc1240416.patch
    + fixing bsc#1240416: buffer overflow in function DumpScreen2RGB
gnutls
- Security fix [bsc#1236974, CVE-2024-12243]
  * gnutls: inefficient DER Decoding in libtasn1 could lead to remote DoS
  * Add gnutls-CVE-2024-12243.patch
openssl-1_1
- Security fix: [bsc#1236136, CVE-2024-13176]
  * timing side-channel in the ECDSA signature computation
  * Add openssl-CVE-2024-13176.patch
postgresql17
- Upgrade to 17.4:
  * Improve behavior of libpq's quoting functions:
    The changes made for CVE-2025-1094 had one serious oversight:
    PQescapeLiteral() and PQescapeIdentifier() failed to honor
    their string length parameter, instead always reading to the
    input string's trailing null. This resulted in including
    unwanted text in the output, if the caller intended to
    truncate the string via the length parameter. With very bad
    luck it could cause a crash due to reading off the end of
    memory.
    In addition, modify all these quoting functions so that when
    invalid encoding is detected, an invalid sequence is
    substituted for just the first byte of the presumed
    character, not all of it. This reduces the risk of problems
    if a calling application performs additional processing on
    the quoted string.
  * Fix small memory leak in pg_createsubscriber.
  * https://www.postgresql.org/docs/release/17.4/

- Upgrade to 17.3:
  * bsc#1237093, CVE-2025-1094: Harden PQescapeString and allied
    functions against invalidly-encoded input strings.
  * obsoletes postgresql-tzdata2025a.patch
  * https://www.postgresql.org/docs/release/17.3/
  * https://www.postgresql.org/about/news/-3015/

- Apply postgresql-tzdata2025a.patch regardless of
  whether LLVM JIT is enabled

- Fix build, add postgresql-tzdata2025a.patch

- Disable LLVM JIT on loongarch64
procps
- Add patch CVE-2023-4016-part2.patch
  * Fix the ps command segfaults when pid argument has a leading space (bsc#1236842)
python3
- Update CVE-2024-11168-validation-IPv6-addrs.patch
  according to the Debian version
  (gh#python/cpython#103848#issuecomment-2708135083).

- Add CVE-2025-0938-sq-brackets-domain-names.patch which
  disallows square brackets ([ and ]) in domain names for parsed
  URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704)
ruby2.5
- remove rexml-test.patch as it is included in suse.patch now
- update suse.patch to f0660edeba
  - fix HTTP request smuggling in WEBrick
    bsc#1230930 CVE-2024-47220
  - update REXML to 3.3.9 to fix ReDOS vulnerability
    bsc#1232440 CVE-2024-49761
  - [ruby/uri] Fix quadratic backtracking on invalid relative URI
  - [ruby/time] Make RFC2822 regexp linear
  - [ruby/time] Fix quadratic backtracking on invalid time
  - merge some parts of CGI 0.1.1
libtasn1
- Security fix: [bsc#1236878, CVE-2024-12133]
  * Potential DoS in handling of numerous SEQUENCE OF or SET OF elements
  * Add libtasn1-CVE-2024-12133.patch
libxml2
- security update
- added patches
  fix CVE-2024-56171 [bsc#1237363], use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c
  + libxml2-CVE-2024-56171.patch
  fix CVE-2025-24928 [bsc#1237370], stack-based buffer overflow in xmlSnprintfElements in valid.c
  + libxml2-CVE-2025-24928.patch
  fix CVE-2025-27113 [bsc#1237418], NULL Pointer Dereference in libxml2 xmlPatMatch
  + libxml2-CVE-2025-27113.patch

- security update
- added patches
  fix CVE-2022-49043 [bsc#1236460], use-after-free in xmlXIncludeAddNode
  + libxml2-CVE-2022-49043.patch
libxslt
- Security fixes:
  * Fix use-after-free of XPath context node [bsc#1239625, CVE-2025-24855]
  * Fix UAF related to excluded namespaces [bsc#1239637, CVE-2024-55549]
  * Make generate-id() deterministic [bsc#1238591, CVE-2023-40403]
    Just adding the reference here as this CVE was already fixed
    in 0009-Make-generate-id-deterministic.patch
  * Rebase patches to use autosetup:
  - libxslt-1.1.24-no-net-autobuild.patch
  - libxslt-config-fixes.patch
  * Add patches:
  - libxslt-CVE-2024-55549.patch
  - libxslt-CVE-2025-24855.patch
libzypp
- Disable zypp.conf:download.use_deltarpm by default (fixes #620)
  Measurements show that you don't benefit from using deltarpms
  unless your network connection is very slow. That's why most
  distributions even stop offering deltarpms. The default remains
  unchanged on SUSE-15.6 and older.
- Make sure repo variables are evaluated in the right context
  (bsc#1237044)
- Introducing MediaCurl2 a alternative HTTP backend.
  This patch adds MediaCurl2 as a testbed for experimenting with a
  more simple way to download files. Set ZYPP_CURL2=1 in the
  environment to use it.
- version 17.36.3 (35)

- Filesystem usrmerge must not be done in singletrans mode
  (bsc#1236481, bsc#1189788)
  Commit will amend the backend in case the transaction would
  perform a filesystem usrmerge.
- Workaround bsc#1216091 on Code16.
- version 17.36.2 (35)

- Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983)
  Released libyui packages compile with -Werror=deprecated-declarations
  so we can't add deprecated warnings without breaking them.
- make gcc15 happy (fixes #613)
- version 17.36.1 (35)

- Drop zypp-CheckAccessDeleted in favor of 'zypper ps'.
- Fix Repoverification plugin not being executed (fixes #614)
- Refresh: Fetch the master index file before key and signature
  (bsc#1236820)
- Allow libzypp to compile with C++20.
- Deprecate RepoReports we do not trigger.
- version 17.36.0 (35)

- Create '.keep_packages' in the package cache dir to enforce
  keeping downloaded packages of all repos cahed there (bsc#1232458)
- version 17.35.19 (35)

- Fix missing UID checks in repomanager workflow (fixes #603)
- version 17.35.18 (35)

- Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp (fixes #28)
- Fix 'zypper ps' when running in incus container (bsc#1229106)
  Should apply to lxc and lxd containers as well.
- Re-enable 'rpm --runposttrans' usage for chrooted systems
  (bsc#1216091)
- version 17.35.17 (35)
openssh
- Backported patch to fix a MitM attack against OpenSSH's
  VerifyHostKeyDNS-enabled client (bsc#1237040, CVE-2025-26465):
  * fix-CVE-2025-26465.patch
postgresql14
- Upgrade to 14.17:
  * Improve behavior of libpq's quoting functions:
    The changes made for CVE-2025-1094 had one serious oversight:
    PQescapeLiteral() and PQescapeIdentifier() failed to honor
    their string length parameter, instead always reading to the
    input string's trailing null. This resulted in including
    unwanted text in the output, if the caller intended to
    truncate the string via the length parameter. With very bad
    luck it could cause a crash due to reading off the end of
    memory.
    In addition, modify all these quoting functions so that when
    invalid encoding is detected, an invalid sequence is
    substituted for just the first byte of the presumed
    character, not all of it. This reduces the risk of problems
    if a calling application performs additional processing on
    the quoted string.
  * Fix small memory leak in pg_createsubscriber.
  * https://www.postgresql.org/docs/release/14.17/

- Upgrade to 14.16:
  * bsc#1237093, CVE-2025-1094: Harden PQescapeString and allied
    functions against invalidly-encoded input strings.
  * obsoletes postgresql-tzdata2025a.patch
  * https://www.postgresql.org/docs/release/14.16/
  * https://www.postgresql.org/about/news/-3015/
- Disable LLVM JIT on loongarch64

- Fix build, add postgresql-tzdata2025a.patch
python-instance-billing-flavor-check
- Update to version 1.0.0 (jsc#PCT-531)
  + API incompatibility: The check_payg_byos function no longer exits, it now
    returns a tuple of (flavor, exit_code). This makes the function reusable.
  + Update the build setup to work with the system interpreter of
    upcoming SLE releases. SLE 12 stays with the Python 3.4 interpreter
    and SLE 15 with the Python 3.6 interpreter.

- Version 0.1.2 (bsc#1234444)
  + Improve detection of IPv4 and IPv6 network setup and use appropriate
    IP version for access the update servers
  + Improve reliability of flavor detection. Try an update server multiple
    times to get an answer, if we hit timeouts return the value flavor
    value from a cache file.

- Version 0.1.1 (bsc#1235991, bsc#1235992)
  + Add time stamp to log
- From version 0.1.0
  + Doc improvements clarifying exit staus codes
python-Jinja2
- Add security patch CVE-2025-27516.patch (bsc#1238879)
python3-M2Crypto
- Change macro to %{?sle15allpythons} so we build both Python 3.6
  and Python 3.11 on SLE-15.

- Fix spelling of BSD-2-Clause license.
- Add rpmlintrc … overflow of ignorable rpmlint warnings caused
  me not to see the previous problem.

- Update to 0.44.0:
  - fix(rsa): introduce internal cache for rsa.check_key()
    (bsc#1236664, srht#mcepl/m2crypto#369)
  - fix[authcookie]: modernize the module
  - fix(_lib): add missing #include for windows
  - ci: relax fedora crypto policy to legacy.
  - enhance setup.py for macos compatibility
  - prefer packaging.version over distutils.version
  - fix segfault with openssl 3.4.0
  - fix[ec]: raise ioerror instead when load_key_bio() cannot read
    the file.
  - doc: update installation instructions for windows.
  - fix setting x509.verify_* variables
  - fix building against openssl in non-standard location
  - test_x509: use only x509_version_1 (0) as version for csr.

- The real license is BSD 2-Clause, not MIT.

- Update to 0.43.0:
  - feat[m2]: add m2.time_t_bits to checking for 32bitness.
  - fix[tests]: Use only X509_VERSION_1 (0) as version for CSR.
  - fix[EC]: raise ValueError when load_key_bio() cannot read the
    file (bsc#1231589).
  - ci: use -mpip wheel instead of -mbuild
  - fix: use PyMem_Malloc() instead of malloc()
  - fix[hints]: more work on conversion of type hints to the py3k ones
  - fix: make the package build even on Python 3.6
  - ci[local]: skip freezing local tests
  - fix[hints]: remove AnyStr type
  - test: add suggested test for RSA.{get,set}_ex_data
  - fix: implement interfaces for RSA_{get,set}_ex_new_{data,index}
  - fix: generate src/SWIG/x509_v_flag.h to overcome weaknesses of
    swig
  - fix: replace literal enumeration of all VERIFY_ constants by a
    cycle
  - test: unify various test cases in test_ssl related to ftpslib
  - fix: replace deprecated url keyword in setup.cfg with complete
    project_urls map

- Update 0.42.0:
  - allow ASN1_{Integer,String} be initialized directly
  - minimal infrastructure for type hints for a C extension and
    some type hints for some basic modules
  - time_t on 32bit Linux is 32bit (integer) not 64bit (long)
  - EOS for CentOS 7
  - correct checking for OpenSSL version number on Windows
  - make compatible with Python 3.13 (replace PyEval_CallObject
    with PyObject_CallObject)
  - fix typo in extern function signature (and proper type of
    engine_ctrl_cmd_string())
  - move the package to Sorucehut
  - setup CI to use Sourcehut CI
  - setup CI on GitLab for Windows as well (remove Appveyor)
  - initial draft of documentation for migration to
    pyca/cryptography
  - fix Read the Docs configuration (contributed kindly by Facundo
    Tuesca)
- Remove upstreamed 32bit_ASN1_Time.patch
- Remove python-M2Crypto.keyring, because PyPI broke GPG support

- Build for modern python stack on SLE/Leap
python-cheroot
- Skip test_http_over_https_error which fails on Python 2.
python3-dmidecode
- Add patch fix-loglevel.patch to fix invalid log level error.
  gh#nima/python-dmidecode#60 bsc#1237685
python3-numpy
- Add 20049-pcg-emu-int128.patch to correct incorrect
  implemetation of carry in PCG64 and PCG64DXSM when advancing
  more than 2**64 steps.

- Add CVE-2021-41495-retval-PyArray_DescrNew.patch fixing
  CVE-2021-41495 (bsc#1193911): "Null Pointer Dereference
  vulnerability exists in numpy.sort in NumPy > and 1.19 in
  the PyArray_DescrNew function due to missing return-value
  validation, which allows attackers to conduct DoS attacks by
  repetitively creating sort arrays." by reviewing return values
  for PyArray_DescrNew.
  bsc#1236787
salt
- Revert setting SELinux context for minion service (bsc#1233667)
- Remove System V init support
  - Make systemd the only supported init system by removing System V init
    and insserv references
  - Ensure package builds with no init system dependencies if built
    without systemd (for example for use in containers)
  - Apply some spec-cleaner suggestions (update copyright year, sort
    requirements, adjust spacing)
  Signed-off-by: Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
- Fix the condition of alternatives for Tumbleweed and Leap 16
- Use update-alternatives for salt-call and fix builing on EL8
- Build all python bindings for all flavors
- Make minion reconnecting on changing master IP (bsc#1228182)
- Handle logger exception when flushing already closed file
- Include passlib as a recommended dependency
- Make Salt Bundle more tolerant to long running jobs (bsc#1228690)
- Fix additional x509 tests and test_suse tests for SLE12
- Added:
  * enhance-cleanup-mechanism-after-salt-bundle-upgrade-.patch
  * fix-x509-private-key-tests-and-test_suse-on-sle12-68.patch
  * handle-logger-flushing-already-closed-file-686.patch
  * revert-setting-selinux-context-for-minion-service-bs.patch
  * make-minion-reconnecting-on-changing-master-ip-bsc-1.patch
spacewalk-client-tools
- version 4.3.22-0
  * Allow translation to wrap strings as weblate forces it
  * Show Source String change for translations
zypp-plugin
- version 0.6.5

- Build package for multiple Python flavors on the SLE15 family
  (fixes #4)
release-notes-susemanager
- Update to SUSE Manager 4.3.15
  * SL Micro 6.1 support as client
  * Add MAC based terminal naming option
  * POS image templates updates
  * SCC Data forwarding enhancements
  * End of Debian 11 clients support
  * Bugs mentioned:
    bsc#1027642, bsc#1212161, bsc#1213437, bsc#1216553, bsc#1216744
    bsc#1216946, bsc#1216968, bsc#1219450, bsc#1219935, bsc#1219978
    bsc#1220494, bsc#1220902, bsc#1221219, bsc#1222820, bsc#1225287
    bsc#1226958, bsc#1227118, bsc#1227374, bsc#1227578, bsc#1227644
    bsc#1227660, bsc#1227759, bsc#1227852, bsc#1227882, bsc#1228232
    bsc#1228856, bsc#1228956, bsc#1229000, bsc#1229437, bsc#1229848
    bsc#1230585, bsc#1230745, bsc#1231053, bsc#1231404, bsc#1231430
    bsc#1232042, bsc#1232530, bsc#1232713, bsc#1233258, bsc#1233400
    bsc#1233431, bsc#1233450, bsc#1233595, bsc#1233724, bsc#1233761
    bsc#1233884, bsc#1234033, bsc#1234202, bsc#1234226, bsc#1234233
    bsc#1234251, bsc#1234441, bsc#1234994, bsc#1235145, bsc#1235696
    bsc#1235970, bsc#1236212, bsc#1236234
rsync
- Fix bsc#1237187 - broken rsyncd
  * Lists digests available in greeting line
  * Add rsync-fix-daemon-proto-32.patch

- Bump protocol version to 32 - make it easier to show server is patched.
  * Add rsync-protocol-version-32.patch
000release-packages:sle-module-basesystem-release
n/a
000release-packages:sle-module-containers-release
n/a
000release-packages:sle-module-public-cloud-release
n/a
000release-packages:sle-module-server-applications-release
n/a
000release-packages:sle-module-web-scripting-release
n/a
spacecmd
- version 4.3.30-0
  * Fix error in 'kickstart_delete' when using wildcards
    (bsc#1227578)
  * Allow translation to wrap strings as weblate forces it
  * Show Source String change for translations
  * Spacecmd bootstrap now works with specified port (bsc#1229437)
  * Fix sls backup creation as directory with spacecmd (bsc#1230745)
spacewalk-backend
- version 4.3.31-0
  * Make spacewalk-data-fsck aware of orphaned RPMs (bsc#1227882)
  * Detect and update errata when not all repository packages are
    linked (bsc#1227644)
  * Rename table suseProductSCCRepository to the more meaningful
    name suseChannelTemplate (bsc#1234994)
  * Add dependency to libzypp to support new token style
  * Fix mgr-sign-metadata-ctl check-channels when checking for
    signatures in repomd metadata (bsc#1233884)
  * Allow translation to wrap strings as weblate forces it
  * Show Source String change for translations
  * Set default RPM package summary if it's missing (bsc#1232530)
  * Allow spacewalk-repo-sync filtering using NEVRA
    instead of package name only (bsc#1234226)
  * Fix wrong timestamp when importing packages
    with rhnpush (bsc#1235970)
spacewalk-web
- version 4.3.44-0
  * Adjust login page theme to align with branding

- version 4.3.43-0
  * Fixed misleading error while waiting for SCC credentials
    synchronisation (bsc#1227374)
  * Allow translation to wrap strings as weblate forces it
  * Show Source String change for translations
  * Add notification for users with disabled SCC data forwarding
    (jsc#SUMA-431)
  * Bump the WebUI version to 4.3.15
spacewalk-config
- version 4.3.15-0
  * Add new config: reposync_nevra_filter (bsc#1234226)
spacewalk-java
- version 4.3.84-0
  * Prevent class cast exceptions when getting cobbler profiles
    (bsc#1227759)
  * Correct reference to 4.4 as the next major version
  * Remove disabled stylesheet reference
  * Do not explicitly trigger Cobbler sync when adding a system via
    SUMA API (bsc#1219450)
  * Allow the listing of already included patches when importing
    them into a custom channel (bsc#1228856)
  * Filter away Debian12 boostrap extra log messages (bsc#1216553)
  * Update UI tip pointing to new kickstarts template directory
    (bsc#1221219)
  * Re-wording 'Monitoring' to 'Monitor this host' on the UI
    systems properties page (bsc#1212161)
  * Fix bug when accessing menu Systems | System Set Manager |
    Misc | Reboot with no system selected (bsc#1222820)
  * Fix migration options after migrating a minion to
    Liberty Linux 9 (bsc#1233258)
  * Fix updated packages list when a SLE Micro gets
    updated (bsc#1227118)
  * Fix formatting in 'contentmanagement' API docs (bsc#1225287)
  * Only show versions for 'kernel-default' in CLM Live Patching
    template (bsc#1233400)
  * Ensure channel lists are reliably sorted by name (bsc#1233724)
  * More robust parsing of max memory configuration (bsc#1229000)
  * Fix All Managed packages list (bsc#1233450)
  * Use dots instead of underscores in apidoc (bsc#1233761)
  * Fix missing FROM-clause entry for table 'pn' in managed software
    list (bsc#1233450)
  * Ensure reporting database uses lowercase usernames (bsc#1220494)
  * Fix NPE if child channel has no parent (bsc#1231053)
  * Show an error notification only when we invalidate the
    PAYG credentials (bsc#1228956)
  * Make the list for package actions unique so it can be passed
    to Salt (bsc#1232042)
  * SUSE CDN token identifier changed
  * Fix Monitoring detection on Oracle Linux (bsc#1234033)
  * Handle new kind of auth tokens
  * Support new official SUSE update hosts
  * Check consistence of base and child channels (bsc#1232713)
  * Set a send date when preparing emails
  * saltboot: add MAC based terminal naming (jsc#SUMA-314)
  * Fix enabled flag for users listed via API (bsc#1233431)
  * Prevent return duplicated packages on XML-RPC API endpoint
    `listLatestUpgradablePackages` (bsc#1231430)
  * Better logging during SP migration
  * Add notification for users with disabled SCC data forwarding
    (jsc#SUMA-431)
  * Send additional data to SCC (jsc#SUMA-406)
  * Rename SUSEProductSCCRepository to the more meaningful name
    ChannelTemplate
  * Various improvements for ContentSyncManager in regard of
    hibernate schema and performance (bsc#1236212)
spacewalk-search
- version 4.3.11-0
  * More robust parsing of max memory configuration (bsc#1229000)
spacewalk-utils
- version 4.3.23-0
  * Force login to spacecmd from spacewalk-hostname-rename (bsc#1229848)
supportutils-plugin-susemanager
- version 4.3.14-0
  * Adjust requires for plugin to allow compatibility with
    supportutils 3.2.9 release (bsc#1235145)
suse-build-key
- changed keys to use SHA256 UIDs instead of SHA1. (bsc#1237294
  bsc#1236779 jsc#PED-12321)
  - gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc
  - gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc
  - suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted
susemanager-build-keys
- Version 15.4.11
  * Add 4096-bit RSA GPG key for third-party NVIDIA graphics drivers repository.
- Added:
  * nvidia-linux-driver-B1D0D788DB27FD5A.asc
- Refresh extended Uyuni GPG public key
  * Modified: gpg-pubkey-0d20833e.asc
susemanager-docs_en
- Corrected server SSL self-signed certificates renewal procedure in
  Administration Guide (bsc#1235696)
- Clarify functionality of CLM package/patch allow filters
  (bsc#1236234)
- Improved documentation on CLM filters in Administration Guide
  (bsc#1234202)
- Added retail MAC based terminal naming in Retail Guide
  (jsc#SUMA-314)
- Improved SSL certificate setup description in Administration Guide
  (bsc#1216968)
- Added external link for creating virtual network peer for Azure in
  Specialized Gudes (bsc#1234441)
- Documented onboarding SSH connected Ubuntu clients with
  install-created user in Client Configuration Guide (bsc#1213437)
- Corrected metadata signing section in Administration Guide
- Added Open Enterprise Server 24.4 and 23.4 as supported client
  systems (bsc#1230585)
- Added VMware image deployment documentation for Proxy in the
  Installation and Upgrade Guide (bsc#1227852)
- Added information about package source in Installation and Upgrade
  Guide (bsc#1219935)
- Documented Cobbler option to enable boot ISOs with Secure Boot in
  Client Configuration Guide
- Added admonition about disabling data synchronization with SCC in
  Administration Guide
- Added note about case sensitivity of organization name to
  Inter-Server Synchronization chapter in Administration Guide
- Added reminder note to de-register before registration to Client
  Configuration Guide (bsc#1216946)
- Higlighted the requirement for public cloud in Installation and
  Upgrade Guide (bsc#1219978)
- Added section about Ignition in Installation and Upgrade Guide
- Updated KVM and VMware server image deployment with first boot in
  Installation and Upgrade Guide
- Added documentation about orphaned packages in Client Configuration
  Guide (bsc#1227882)
- After database migration the old version of PostgreSQL no longer
  needed in Installation and Upgrade Guide (bsc#1216744)
  — Documented migrating clients such as AlmaLinux, CentOS, Oracle Linux,
  and Rocky Linux to SUSE Liberty Linux and SUSE Liberty Linux 7 to
  SUSE Liberty Linux 7 LTSS
susemanager-schema
- version 4.3.28-0
  * Execute the cobbler-sync-default task every 5 minutes by default
    (bsc#1219450)
  * Ensure reporting database uses lowercase usernames (bsc#1220494)
  * Rename table suseProductSCCRepository to the more meaningful
    name suseChannelTemplate
  * Add table and columns to store additional telemetry data
    (jsc#SUMA-406)
susemanager-sls
- version 4.3.46-0
  * suma_minion: prevent issues when calling Salt runners (bsc#1228232)
  * Prevent a crash on "reboot_info" module for Liberty 6,
    RHEL 6 & clones (bsc#1231404)
  * Require spacewalk-config installed before this package to have
    the CA certificate moved to the correct place (bsc#1227660)
  * Prevent warning message for unsigned Debian repositories
    when using new deb822 format (bsc#1234251)
  * Do not set "Trusted" for Debian repositories when the repo
    should be signed
  * Remove unnecessary Salt minion upgrade cleanup from highstate
  * Collect uname, SAP workloads and container runtime data
    on hardware profile update (jsc#SUMA-406)
susemanager-sync-data
- version 4.3.22-0
  * Add support for OES 24.4 (bsc#1230585)
  * Set Ubuntu 24.04 as released
susemanager
- version 4.3.40-0
  * Create SLE15SP7 bootstrap repo definitions
  * Remove unsupported Salt 3000 from bootstrap repo package list
    (bsc#1226958)
  * Rename table suseProductSCCRepository to the more meaningful
    name suseChannelTemplate (bsc#1234994)
  * Fix generating bootstrap repository for SUMA-43-SERVER (bsc#1234233)
  * Add bootstrap repo definitions for SL Micro 6.1 (bsc#1233595)
  * Allow translation to wrap strings as weblate forces it
  * Show Source String change for translations
tcsh
- Do not interfere Meta with Carriage Return (boo#1170527)

- Key-binding: support also other variants of terminals like xterm-256color
timezone
- Update to 2025a:
  * Paraguay adopts permanent -03 starting spring 2024
  * Improve pre-1991 data for the Philippines
  * Etc/Unknown is now reserved
- Update to 2024b:
  * Improve historical data for Mexico, Mongolia, and Portugal.
  * System V names are now obsolescent.
  * The main data form now uses %z.
  * The code now conforms to RFC 8536 for early timestamps.
  * Support POSIX.1-2024, which removes asctime_r and ctime_r.
  * Assume POSIX.2-1992 or later for shell scripts.
  * SUPPORT_C89 now defaults to 1.
- Add revert-philippines-historical-data.patch, revert-systemv-deprecation.patch
  * Fixes testsuite failures for other packages
tomcat
- Update to Tomcat 9.0.102
  * Fixes:
    + launch with java 17 (bsc#1239676)
  * Catalina
    + Fix: Weak etags in the If-Range header should not match as strong etags
    are required. (remm)
    + Fix: When looking up class loader resources by resource name, the resource
    name should not start with '/'. If the resource name does start with '/',
    Tomcat is lenient and looks it up as if the '/' was not present. When the
    web application class loader was configured with external repositories and
    names starting with '/' were used for lookups, it was possible that cached
    'not found' results could effectively hide lookup results using the
    correct resource name. (markt)
    + Fix: Enable the JNDIRealm to validate credentials provided to
    HttpServletRequest.login(String username, String password) when the realm
    is configured to use GSSAPI authentication. (markt)
    + Fix: Fix a bug in the JRE compatibility detection that incorrectly
    identified Java 19 and Java 20 as supporting Java 21 features. (markt)
    + Fix: Improve the checks for exposure to and protection against
    CVE-2024-56337 so that reflection is not used unless required. The checks
    for whether the file system is case sensitive or not have been removed.
    (markt)
    + Fix: Avoid scenarios where temporary files used for partial PUT would not
    be deleted. (remm)
    + Fix: 69602: Fix regression in releases from 12-2024 that were too strict
    and rejected weak etags in the If-Range header. (remm)
    + Fix: 69576: Avoid possible failure initializing JreCompat due to uncaught
    exception introduced for the check for CVE-2024-56337. (remm)
  * Cluster
    + Add: 69598: Add detection of service account token changes to the
    KubernetesMembershipProvider implementation and reload the token if it
    changes. Based on a patch by Miroslav Jezbera. (markt)
  * Coyote
    + Fix: 69575: Avoid using compression if a response is already compressed
    using compress, deflate or zstd. (remm)
    + Update: Use Transfer-Encoding for compression rather than Content-Encoding
    if the client submits a TE header containing gzip. (remm)
    + Fix: Fix a race condition in the handling of HTTP/2 stream reset that
    could cause unexpected 500 responses. (markt)
  * Other
    + Add: Add makensis as an option for building the Installer for Windows on
    non-Windows platforms. (rjung/markt)
    + Update: Update Byte Buddy to 1.17.1. (markt)
    + Update: Update Checkstyle to 10.21.3. (markt)
    + Update: Update SpotBugs to 4.9.1. (markt)
    + Update: Update JSign to 7.1. (markt)
    + Add: Improvements to French translations. (remm)
    + Add: Improvements to Japanese translations by tak7iji. (markt)
    + Add: Add org.apache.juli.JsonFormatter to format log as one line JSON
    documents. (remm)

- Update to Tomcat 9.0.99
  * Fixed CVE:
    + CVE-2025-24813: potential RCE and/or information disclosure/corruption with
    partial PUT (bsc#1239302)
  * Catalina
    + Update: Add tableName configuration on the DataSourcePropertyStore that
    may be used by the WebDAV Servlet. (remm)
    + Update: Improve HTTP If headers processing according to RFC 9110. Based on
    pull request #796 by Chenjp. (remm/markt)
    + Update: Allow readOnly attribute configuration on the Resources element
    and allow configure the readOnly attribute value of the main resources.
    The attribute value will also be used by the default and WebDAV Servlets.
    (remm)
    + Fix: 69285: Optimise the creation of the parameter map for included
    requests. Based on sample code and test cases provided by John
    Engebretson. (markt)
    + Fix: 69527: Avoid rare cases where a cached resource could be set with 0
    content length, or could be evicted immediately. (remm)
    + Fix: Fix possible edge cases (such as HTTP/1.0) with trying to detect
    requests without body for WebDAV LOCK and PROPFIND. (remm)
    + Fix: 69528: Add multi-release JAR support for the bloom
    archiveIndexStrategy of the Resources. (remm)
    + Fix: Improve checks for WEB-INF and META-INF in the WebDAV servlet. Based
    on a patch submitted by Chenjp. (remm)
    + Add: Add a check to ensure that, if one or more web applications are
    potentially vulnerable to CVE-2024-56337, the JVM has been configured to
    protect against the vulnerability and to configure the JVM correctly if
    not. Where one or more web applications are potentially vulnerable to
    CVE-2024-56337 and the JVM cannot be correctly configured or it cannot be
    confirmed that the JVM has been correctly configured, prevent the impacted
    web applications from starting. (markt)
    + Fix: Remove unused session to client map from CrawlerSessionManagerValve.
    Submitted by Brian Matzon. (remm)
    + Fix: When using the WebDAV servlet with serveSubpathOnly set to true,
    ensure that the destination for any requested WebDAV operation is also
    restricted to the sub-path. (markt)
    + Fix: Generate an appropriate Allow HTTP header when the Default servlet
    returns a 405 (method not allowed) response in response to a DELETE
    request because the target resource cannot be deleted. Pull request #802
    provided by Chenjp. (markt)
    + Code: Refactor creation of RequestDispatcher instances so that the
    processing of the provided path is consistent with normal request
    processing. (markt)
    + Add: Add encodedReverseSolidusHandling and encodedSolidusHandling
    attributes to Context to provide control over the handling of the path
    used to created a RequestDispatcher. (markt)
    + Fix: Handle a potential NullPointerException after an IOException occurs
    on a non-container thread during asynchronous processing. (markt)
    + Fix: Enhance lifecycle of temporary files used by partial PUT. (remm)
  * Coyote
    + Fix: Don't log warnings for registered HTTP/2 settings that Tomcat does
    not support. These settings are now silently ignored. (markt)
    + Fix: Avoid a rare NullPointerException when recycling the
    Http11InputBuffer. (markt)
    + Fix: Lower the log level to debug for logging an invalid socket channel
    when processing poller events for the NIO Connector as this may occur in
    normal usage. (markt)
    + Code: Clean-up references to the HTTP/2 stream once request processing has
    completed to aid GC and reduce the size of the HTTP/2 recycled request and
    response cache. (markt)
    + Add: Add a new Connector configuration attribute,
    encodedReverseSolidusHandling, to control how %5c sequences in URLs are
    handled. The default behaviour is unchanged (decode) keeping in mind that
    the allowBackslash attribute determines how the decoded URI is processed.
    (markt)
    + Fix: 69545: Improve CRLF skipping for the available method of the
    ChunkedInputFilter. (remm)
    + Fix: Improve the performance of repeated calls to getHeader(). Pull
    request #813 provided by Adwait Kumar Singh. (markt)
    + Fix: 69559: Ensure that the Java 24 warning regarding the use of
    sun.misc.Unsafe::invokeCleaner is only reported by the JRE when the code
    will be used. (markt)
  * Jasper
    + Fix: 69508: Correct a regression in the fix for 69382 that broke JSP
    include actions if both the page attribute and the body contained
    parameters. Pull request #803 provided by Chenjp. (markt)
    + Fix: 69521: Update the EL Parser to allow the full range of valid
    characters in an EL identifier as defined by the Java Language
    Specification. (markt)
    + Fix: 69532: Optimise the creation of ExpressionFactory instances. Patch
    provided by John Engebretson. (markt)
  * Web applications
    + Add: Documentation. Expand the description of the security implications of
    setting mapperContextRootRedirectEnabled and/or
    mapperDirectoryRedirectEnabled to true. (markt)
    + Fix: Documentation. Better document the default for the truststoreProvider
    attribute of a SSLHostConfig element. (markt)
  * Other
    + Update: Update to Commons Daemon 1.4.1. (markt)
    + Update: Update the internal fork of Commons Pool to 2.12.1. (markt)
    + Update: Update Byte Buddy to 1.16.1. (markt)
    + Update: Update UnboundID to 7.0.2. (markt)
    + Update: Update Checkstyle to 10.21.2. (markt)
    + Update: Update SpotBugs to 4.9.0. (markt)
    + Add: Improvements to French translations. (remm)
    + Add: Improvements to Chinese translations by leeyazhou. (markt)
    + Add: Improvements to Japanese translations by tak7iji. (markt)
vim
- Introduce patch to fix bsc#1235751 (regression).
  * vim-9.1.1134-revert-putty-terminal-colors.patch
- Update to 9.1.1176. Changes:
  * 9.1.1176: wrong indent when expanding multiple lines
  * 9.1.1175: inconsistent behaviour with exclusive selection and motion commands
  * 9.1.1174: tests: Test_complete_cmdline() may fail
  * 9.1.1173: filetype: ABNF files are not detected
  * 9.1.1172: [security]: overflow with 'nostartofline' and Ex command in tag file
  * 9.1.1171: tests: wrong arguments passed to assert_equal()
  * 9.1.1170: wildmenu highlighting in popup can be improved
  * 9.1.1169: using global variable for get_insert()/get_lambda_name()
  * 9.1.1168: wrong flags passed down to nextwild()
  * 9.1.1167: mark '] wrong after copying text object
  * 9.1.1166: command-line auto-completion hard with wildmenu
  * 9.1.1165: diff: regression with multi-file diff blocks
  * 9.1.1164: [security]: code execution with tar.vim and special crafted tar files
  * 9.1.1163: $MYVIMDIR is set too late
  * 9.1.1162: completion popup not cleared in cmdline
  * 9.1.1161: preinsert requires bot "menu" and "menuone" to be set
  * 9.1.1160: Ctrl-Y does not work well with "preinsert" when completing items
  * 9.1.1159: $MYVIMDIR may not always be set
  * 9.1.1158: :verbose set has wrong file name with :compiler!
  * 9.1.1157: command completion wrong for input()
  * 9.1.1156: tests: No test for what patch 9.1.1152 fixes
  * 9.1.1155: Mode message not cleared after :silent message
  * 9.1.1154: Vim9: not able to use autoload class accross scripts
  * 9.1.1153: build error on Haiku
  * 9.1.1152: Patch v9.1.1151 causes problems
  * 9.1.1151: too many strlen() calls in getchar.c
  * 9.1.1150: :hi completion may complete to wrong value
  * 9.1.1149: Unix Makefile does not support Brazilian lang for the installer
  * 9.1.1148: Vim9: finding imported scripts can be further improved
  * 9.1.1147: preview-window does not scroll correctly
  * 9.1.1146: Vim9: wrong context being used when evaluating class member
  * 9.1.1145: multi-line completion has wrong indentation for last line
  * 9.1.1144: no way to create raw strings from a blob
  * 9.1.1143: illegal memory access when putting a register
  * 9.1.1142: tests: test_startup fails if $HOME/$XDG_CONFIG_HOME is defined
  * 9.1.1141: Misplaced comment in readfile()
  * 9.1.1140: filetype: m17ndb files are not detected
  * 9.1.1139: [fifo] is not displayed when editing a fifo
  * 9.1.1138: cmdline completion for :hi is too simplistic
  * 9.1.1137: ins_str() is inefficient by calling STRLEN()
  * 9.1.1136: Match highlighting marks a buffer region as changed
  * 9.1.1135: 'suffixesadd' doesn't work with multiple items
  * 9.1.1134: filetype: Guile init file not recognized
  * 9.1.1133: filetype: xkb files not recognized everywhere
  * 9.1.1132: Mark positions wrong after triggering multiline completion
  * 9.1.1131: potential out-of-memory issue in search.c
  * 9.1.1130: 'listchars' "precedes" is not drawn on Tabs.
  * 9.1.1129: missing out-of-memory test in buf_write()
  * 9.1.1128: patch 9.1.1119 caused a regression with imports
  * 9.1.1127: preinsert text is not cleaned up correctly
  * 9.1.1126: patch 9.1.1121 used a wrong way to handle enter
  * 9.1.1125: cannot loop through pum menu with multiline items
  * 9.1.1124: No test for 'listchars' "precedes" with double-width char
  * 9.1.1123: popup hi groups not falling back to defaults
  * 9.1.1122: too many strlen() calls in findfile.c
  * 9.1.1121: Enter does not insert newline with "noselect"
  * 9.1.1120: tests: Test_registers fails
  * 9.1.1119: Vim9: Not able to use an autoloaded class from another autoloaded script
  * 9.1.1118: tests: test_termcodes fails
  * 9.1.1117: there are a few minor style issues
  * 9.1.1116: Vim9: super not supported in lambda expressions
  * 9.1.1115: [security]: use-after-free in str_to_reg()
  * 9.1.1114: enabling termguicolors automatically confuses users
  * 9.1.1113: tests: Test_terminal_builtin_without_gui waits 2 seconds
  * 9.1.1112: Inconsistencies in get_next_or_prev_match()
  * 9.1.1111: Vim9: variable not found in transitive import
  * 9.1.1110: Vim tests are slow and flaky
  * 9.1.1109: cmdexpand.c hard to read
  * 9.1.1108: 'smoothscroll' gets stuck with 'listchars' "eol"
  * 9.1.1107: cannot loop through completion menu with fuzzy
  * 9.1.1106: tests: Test_log_nonexistent() causes asan failure
  * 9.1.1105: Vim9: no support for protected new() method
  * 9.1.1104: CI: using Ubuntu 22.04 Github runners
  * 9.1.1103: if_perl: still some compile errors with Perl 5.38
  * 9.1.1102: tests: Test_WinScrolled_Resized_eiw() uses wrong filename

- 9.1.1101 is a fix for:
  bsc#1229685 (CVE-2024-43790)
  bsc#1229822 (CVE-2024-43802)
  bsc#1230078 (CVE-2024-45306)
  bsc#1235695 (CVE-2025-22134)
  bsc#1236151 (CVE-2025-24014)
  bsc#1237137 (CVE-2025-1215)
- Remove obsoleted patch:
  * vim-7.3-mktemp_tutor.patch
- update to 9.1.1101
  * insexpand.c hard to read
  * tests: Test_log_nonexistent only works on Linux
  * Update base-syntax, improve variable matching
  * Vim9: import with extends may crash
  * leaking memory with completing multi lines
  * --log with non-existent path causes a crash
  * if_perl: Perl 5.38 adds new symbols causing link failure
  * tests: matchparen plugin test wrongly named
  * Vim9: problem finding implemented method in type hierarchy
  * runtime(qf): Update syntax file, match second delimiter
  * tests: output of test ...win32_ctrl_z depends on python version
  * tests: fix expected return code for python 3.13 on Windows
  * tests: timeout might be a bit too small
  * tests: test_terminwscroll_topline2 unreliable
  * tests: No check when tests are run under Github actions
  * tests: plugin tests are named inconsistently
  * Vim9: import with extends may crash
  * completion doesn't work with multi lines
  * filetype: cmmt files are not recognized
  * Unable to persistently ignore events in a window and its buffers
  * improve syntax highlighting
  * setreg() doesn't correctly handle mbyte chars in blockwise mode
  * unexpected DCS responses may cause out of bounds reads
  * has('bsd') is true for GNU/Hurd
  * filetype: Mill files are not recognized
  * GUI late startup leads to uninitialized scrollbars
  * Add support for lz4 to tar & gzip plugin
  * Terminal ansi colors off by one after tgc reset
  * included syntax items do not understand contains=TOP
  * vim_strnchr() is strange and unnecessary
  * Vim9: len variable not used in compile_load()
  * runtime(vim): Update base-syntax, match :debuggreedy count prefix
  * Strange error when heredoc marker starts with "trim"
  * tests: test_compiler fails on Windows without Maven
  * 'diffopt' "linematch" cannot be used with {n} less than 10
  * args missing after failing to redefine a function
  * Cannot control cursor positioning of getchar()
  * preinsert text completions not deleted with <C-W>/<C-U>
  * getchar() can't distinguish between C-I and Tab
  * tests: Test_termwinscroll_topline2 fails on MacOS
  * heap-use-after-free and stack-use-after-scope with :14verbose
  * no digraph for "Approaches the limit"
  * not possible to use plural forms with gettext()
  * too many strlen() calls in userfunc.c
  * terminal: E315 when dragging the terminal with the mouse
  * runtime(openPlugin): fix unclosed parenthesis in GetWordUnderCursor()
  * runtime(doc): Tweak documentation style a bit
  * tests: test_glvs fails when unarchiver not available
  * Vim always enables 'termguicolors' in a terminal
  * completion: input text deleted with preinsert when adding leader
  * translation(sr): Missing Serbian translation for the tutor
  * Superfluous cleanup steps in test_ins_complete.vim
  * runtime(netrw): correct wrong version check
  * Vim doesn't highlight to be inserted text when completing
  * runtime(netrw): upstream snapshot of v176
  * runtime(dist/vim9): fix regressions in dist#vim9#Open
  * runtime(hyprlang): fix string recognition
  * make install fails because of a missing dependency
  * runtime(asm): add byte directives to syntax script
  * Vim doesn't work well with TERM=xterm-direct
  * runtime(filetype): commit 99181205c5f8284a3 breaks V lang detection
  * runtime: decouple Open and Launch commands and gx mapping from netrw
  * "nosort" enables fuzzy filtering even if "fuzzy" isn't in 'completeopt'
  * runtime(just): fix typo in syntax file
  * runtime(filetype): Improve Verilog detection by checking for modules definition
  * tests: off-by-one error in CheckCWD in test_debugger.vim
  * tests: no support for env variables when running Vim in terminal
  * too many strlen() calls in os_unix.c
  * insert-completed items are always sorted
  * crash after scrolling and pasting in silent Ex mode
  * Makefiles uses non-portable syntax
  * fuzzymatching doesn't prefer matching camelcase
  * filetype: N-Tripels and TriG files are not recognized
  * Vim9: Patch 9.1.1014 causes regressions
  * translation(sr): Update Serbian messages translation
- updade to 9.1.1043
  * [security]: segfault in win_line()
  * update helptags
  * filetype: just files are not recognized
  * Update base-syntax, match ternary and falsy operators
  * Vim9: out-of-bound access when echoing an enum
  * Vim9: imported type cannot be used as func return type
  * runtime(kconfig): updated ftplugin and syntax script
  * runtime(doc): rename last t_BG reference to t_RB
  * Vim9: comments are outdated
  * tests: test_channel.py fails with IPv6
  * runtime(vim): Update base-syntax, fix is/isnot operator matching
  * Vim9: confusing error when using abstract method via super
  * make install fails when using shadowdir
  * Vim9: memory leak with blob2str()
  * runtime(tex): add texEmphStyle to texMatchGroup in syntax script
  * runtime(netrw): upstream snapshot of v175
  * Vim9: compiling abstract method fails without return
  * runtime(c): add new constexpr keyword to syntax file (C23)
  * tests: shaderslang was removed from test_filetype erroneously
  * link error when FEAT_SPELL not defined
  * Coverity complains about insecure data handling
  * runtime(sh): update syntax script
  * runtime(c): Add missing syntax test files
  * filetype: setting bash filetype is backwards incompatible
  * runtime(c): Update syntax and ftplugin files
  * the installer can be improved
  * too many strlen() calls in screen.c
  * no sanitize check when running linematch
  * filetype: swc configuration files are not recognized
  * runtime(netrw): change netrw maintainer
  * wrong return type of blob2str()
  * blob2str/str2blob() do not support list of strings
  * runtime(doc): fix typo in usr_02.txt
  * Coverity complains about dereferencing NULL pointer
  * linematch option value not completed
  * string might be used without a trailing NUL
  * no way to get current selected item in a async context
  * filetype: fd ignore files are not recognized
  * v9.1.0743 causes regression with diff mode
  * runtime(doc): fix base64 encode/decode examples
  * Vim9: Patch 9.1.1013 causes a few problems
  * Not possible to convert string2blob and blob2string
  * Coverity complains about dereferencing NULL value
  * Vim9: variable not found in transitive import
  * runtime(colors): Update colorschemes, include new unokai colorscheme
  * Vim9: Regression caused by patch v9.1.0646
  * runtime(lyrics): support milliseconds in syntax script
  * runtime(vim): Split Vim legacy and Vim9 script indent tests
  * Vim9: class interface inheritance not correctly working
  * popupmenu internal error with some abbr in completion item
  * filetype: VisualCode setting file not recognized
  * diff feature can be improved
  * tests: test for patch 9.1.1006 doesn't fail without the patch
  * filetype: various ignore are not recognized
  * tests: Load screendump files with "git vimdumps"
  * PmenuMatch completion highlight can be combined
  * completion text is highlighted even with no pattern found
  * tests: a few termdebug tests are flaky
  * [security]: heap-buffer-overflow with visual mode
  * runtime(doc): add package-<name> helptags for included packages
  * Vim9: unknown func error with interface declaring func var
  * runtime(filetype): don't detect string interpolation as angular
  * ComplMatchIns highlight hard to read on light background
  * runtime(vim): Update base-syntax, highlight literal string quote escape
  * runtime(editorconfig): set omnifunc to syntaxcomplete func
  * tests: ruby tests fail with Ruby 3.4
  * Vim9: leaking finished exception
  * runtime(tiasm):  use correct syntax name tiasm in syntax script
  * filetype: TI assembly files are not recognized
  * too many strlen() calls in drawscreen.c
  * runtime(xf86conf): add section name OutputClass to syntax script
  * ComplMatchIns may highlight wrong text
  * runtime(vim): Update base-syntax, improve ex-bang matching
  * runtime(doc): clarify buffer deletion on popup_close()
  * filetype: shaderslang files are not detected
  * Vim9: not able to use comment after opening curly brace
- update to 9.1.0993
  * 9.1.0993: New 'cmdheight' behavior may be surprising
  * runtime(sh): fix typo in Last Change header
  * 9.1.0992: Vim9: double-free after v9.1.0988
  * 9.1.0991: v:stacktrace has wrong type in Vim9 script
  * runtime(sh): add PS0 to bashSpecialVariables in syntax script
  * runtime(vim): Remove trailing comma from match_words
  * runtime(zsh): sync syntax script with upstream repo
  * runtime(doc): Capitalise the mnemonic "Zero" for the 'z' flag of search()
  * 9.1.0990: Inconsistent behavior when changing cmdheight
  * 9.1.0989: Vim9: Whitespace after the final enum value causes a syntax error
  * runtime(java): Quietly opt out for unsupported markdown.vim versions
  * runtime(vim): fix failing vim syntax test
  * 9.1.0988: Vim9: no error when using uninitialized var in new()
  * runtime(doc): update index.txt
  * 9.1.0987: filetype: cake files are not recognized
  * 9.1.0986: filetype: 'jj' filetype is a bit imprecise
  * runtime(jj): Support diffs in jj syntax
  * runtime(vim): Update matchit pattern, no Vim9 short names
  * 9.1.0985: Vim9: some ex commands can be shortened
  * 9.1.0984: exception handling can be improved
  * runtime(doc): update doc for :horizontal
  * runtime(doc): update index.txt, windows.txt and version9.txt
  * runtime(doc): Tweak documentation about base64 function
  * runtime(chordpro): update syntax script
  * 9.1.0983: not able to get the displayed items in complete_info()
  * runtime(doc): use standard SGR format at :h xterm-true-color
  * 9.1.0982: TI linker files are not recognized
  * runtime(vim): update vim generator syntax script
  * 9.1.0981: tests: typo in test_filetype.vim
  * 9.1.0980: no support for base64 en-/decoding functions in Vim Script
  * syntax(sh): Improve the recognition of bracket expressions
  * runtime(doc): mention how NUL bytes are handled
  * 9.1.0979: VMS: type warning with $XDG_VIMRC_FILE
  * 9.1.0978: GUI tests sometimes fail when setting 'scroll' options
  * 9.1.0977: filetype: msbuild filetypes are not recognized
  * 9.1.0976: Vim9: missing return statement with throw
  * 9.1.0975: Vim9: interpolated string expr not working in object methods
  * 9.1.0974: typo in change of commit v9.1.0873
  * 9.1.0973: too many strlen() calls in fileio.c
  * runtime(sh): set shellcheck as the compiler for supported shells
  * runtime(doc): Fix enum example syntax
  * 9.1.0972: filetype: TI linker map files are not recognized
  * runtime(vim): Improve syntax script generator for Vim Script
  * 9.1.0971: filetype: SLNX files are not recognized
  * 9.1.0970: VMS: build errors on VMS architecture
  * runtime(doc): Fix documentation typos
  * runtime(doc): update for new keyprotocol option value (after v9.1.0969)
  * 9.1.0969: ghostty not using kitty protocol by default
  * 9.1.0968: tests: GetFileNameChecks() isn't fully sorted by filetype name
  * runtime(doc): update version9.txt for bash filetype
  * runtime(netrw): update last change header for #16265
  * runtime(doc): fix doc error in :r behaviour
  * 9.1.0967: SpotBugs compiler setup can be further improved
  * 9.1.0966: Vim9: :enum command can be shortened
  * runtime(compiler): include a basic bash syntax checker compiler
  * 9.1.0965: filetype: sh filetype set when detecting the use of bash
  * runtime(doc): clarify ARCH value for 32-bit in INSTALLpc.txt
  * 9.1.0963: fuzzy-matching does not prefer full match
  * 9.1.0962: filetype: bun.lock file is not recognized
  * runtime(vim): update indentation plugin for Vim script
  * runtime(doc): tweak documentation style in helphelp.txt
  * runtime(vim): Update base-syntax, allow parens in default arguments
  * runtime(doc): mention auto-format using clang-format for sound.c/sign.c
  * runtime(help): fix typo s/additional/arbitrary/
  * runtime(help): Add better support for language annotation highlighting
  * 9.1.0961: filetype: TI gel files are not recognized
  * 9.1.0960: filetype: hy history files are not recognized
  * translation(fi): Fix typoes in Finish menu translation
  * 9.1.0959: Coverity complains about type conversion
  * runtime(vim): Use supported syntax in indent tests
  * 9.1.0958: filetype: supertux2 config files detected as lisp
  * 9.1.0956: completion may crash, completion highlight wrong with preview window
  * 9.1.0955: Vim9: vim9compile.c can be further improved
  * runtime(doc): move help tag E1182
  * runtime(graphql): contribute vim-graphql to Vim core
  * 9.1.0954: popupmenu.c can be improved
  * 9.1.0953: filetype: APKBUILD files not correctly detected
  * 9.1.0952: Vim9: missing type checking for any type assignment
  * 9.1.0951: filetype: jshell files are not recognized
  * runtime(dockerfile): do not set commentstring in syntax script
  * 9.1.0950: filetype: fennelrc files are not recognized
  * runtime(netrw): do not double escape Vim special characters
  * git: ignore reformatting change of netrw plugin
  * runtime(netrw): more reformating #16248
  * runtime(doc): Add a note about handling symbolic links in starting.txt
  * 9.1.0949: popups inconsistently shifted to the left
  * git: ignore reformatting change of netrw plugin
  * runtime(netrw): change indent size from 1 to 2
  * 9.1.0948: Missing cmdline completion for :pbuffer
  * runtime(tutor): Reformat tutor1
  * 9.1.0947: short-description
  * 9.1.0946: cross-compiling fails on osx-arm64
  * 9.1.0945: ComplMatchIns highlight doesn't end after inserted text
  * translation(sv): re-include the change from #16240
  * 9.1.0944: tests: test_registers fails when not run under X11
  * 9.1.0943: Vim9: vim9compile.c can be further improved
  * runtime(doc): Update README and mention make check to verify
  * translation(sv): partly revert commit 98874dca6d0b60ccd6fc3a140b3ec
  * runtime(vim): update base-syntax after v9.1.0936
  * 9.1.0942: a few typos were found
  * 9.1.0941: ComplMatchIns doesn't work after multibyte chars
  * runtime(doc): Fix style in fold.txt
  * translation(sv): Fix typo in Swedish translation
  * 9.1.0940: Wrong cursor shape with "gq" and 'indentexpr' executes :normal
  * runtime(doc): fix some small errors
  * 9.1.0939: make installtutor fails
  * 9.1.0938: exclusive selection not respected when re-selecting block mode
  * 9.1.0937: test_undolist() is flaky
  * 9.1.0936: cannot highlight completed text
  * 9.1.0935: SpotBugs compiler can be improved
  * 9.1.0934: hard to view an existing buffer in the preview window
  * runtime(doc): document how to minimize fold computation costs
  * 9.1.0933: Vim9: vim9compile.c can be further improved
  * 9.1.0932: new Italian tutor not installed
  * runtime(doc): fix a few minor errors from the last doc updates
  * translation(it): add Italian translation for the interactive tutor
  * runtime(doc): update the change.txt help file
  * runtime(help): Add Vim lang annotation support for codeblocks
  * 9.1.0931: ml_get error in terminal buffer
  * 9.1.0930: tests: test_terminal2 may hang in GUI mode
  * 9.1.0929: filetype: lalrpop files are not recognized
  * 9.1.0928: tests: test_popupwin fails because the filter command fails
  * editorconfig: set trim_trailing_whitespace = false for src/testdir/test*.vim
  * 9.1.0927: style issues in insexpand.c
  * 9.1.0926: filetype: Pixi lock files are not recognized
  * runtime(doc): Add a reference to |++opt| and |+cmd| at `:h :pedit`
  * runtime(doc): add a note about inclusive motions and exclusive selection
  * 9.1.0925: Vim9: expression compiled when not necessary
  * 9.1.0924: patch 9.1.0923 causes issues
  * 9.1.0923: too many strlen() calls in filepath.c
  * 9.1.0923: wrong MIN macro in popupmenu.c
  * 9.1.0921: popupmenu logic is a bit convoluted
  * 9.1.0920: Vim9: compile_assignment() too long
  * 9.1.0919: filetype: some assembler files are not recognized
  * runtime(netrw): do not pollute search history with symlinks
  * 9.1.0918: tiny Vim crashes with fuzzy buffer completion
  * 9.1.0917: various vartabstop and shiftround bugs when shifting lines
  * runtime(typst): add definition lists to formatlistpat, update maintainer
  * 9.1.0916: messages.c is exceeding 80 columns
  * runtime(proto): include filetype plugin for protobuf
  * 9.1.0915: GVim: default font size a bit too small
  * 9.1.0914: Vim9: compile_assignment() is too long
  * 9.1.0913: no error check for neg values for 'messagesopt'
  * runtime(netrw): only check first arg of netrw_browsex_viewer for being executable
  * 9.1.0912: xxd: integer overflow with sparse files and -autoskip
  * 9.1.0911: Variable name for 'messagesopt' doesn't match short name
  * 9.1.0910: 'messagesopt' does not check max wait time
  * runtime(doc): update wrong Vietnamese localization tag
  * 9.1.0909: Vim9: crash when calling instance method
- update to 9.1.0908
  * refresh vim-7.3-mktemp_tutor.patch
  * 9.1.0908: not possible to configure :messages
  * 9.1.0907: printoptions:portrait does not change postscript Orientation
  * runtime(doc): Add vietnamese.txt to helps main TOC
  * 9.1.0906: filetype: Nvidia PTX files are not recognized
  * runtime(doc): updated version9.txt with changes from v9.1.0905
  * 9.1.0905: Missing information in CompleteDone event
  * 9.1.0904: Vim9: copy-paste error in class_defining_member()
  * 9.1.0903: potential overflow in spell_soundfold_wsal()
  * runtime(netrw): do not detach when launching external programs in gvim
  * runtime(doc): make tag alignment more consistent in filetype.txt
  * runtime(doc): fix wrong syntax and style of vietnamese.txt
  * translation(it): update Italian manpage for vimtutor
  * runtime(lua): add optional lua function folding
  * Filelist: include translations for Chapter 2 tutor
  * translation(vi): Update Vietnamese translation
  * runtime(doc): include vietnamese.txt
  * runtime(tutor): fix another typo in tutor2
  * runtime(doc): fix typo in vimtutor manpage
  * translation(it): update Italian manpage for vimtutor
  * translation(it): include Italian version of tutor chapter 2
  * runtime(tutor): regenerated some translated tutor1 files
  * runtime(tutor): fix typo in Chapter 2
  * 9.1.0902: filetype: Conda configuration files are not recognized
  * runtime(doc): Tweak documentation style a bit
  * runtime(tutor): update the tutor files and re-number the chapters
  * runtime(tutor): Update the makefiles for tutor1 and tutor2 files
  * 9.1.0901: MS-Windows: vimtutor batch script can be improved
  * runtime(doc): remove buffer-local completeopt todo item
  * 9.1.0900: Vim9: digraph_getlist() does not accept bool arg
  * runtime(typst): provide a formatlistpat in ftplugin
  * runtime(doc): Update documentation for "noselect" in 'completeopt'
  * 9.1.0899: default for 'backspace' can be set in C code
  * runtime(helptoc): reload cached g:helptoc.shell_prompt when starting toc
  * translation(ru): Updated messages translation
  * 9.1.0898: runtime(compiler): pytest compiler not included
  * 9.1.0897: filetype: pyrex files are not detected
  * runtime(compiler): update eslint compiler
  * 9.1.0896: completion list wrong after v9.1.0891
  * runtime(doc): document changed default value for 'history'
  * 9.1.0895: default history value is too small
  * 9.1.0894: No test for what the spotbug compiler parses
  * 9.1.0893: No test that undofile format does not regress
  * translation(de): update German manpages
  * runtime(compiler): include spotbugs Java linter
  * 9.1.0892: the max value of 'tabheight' is limited by other tabpages
  * runtime(po): remove poDiffOld/New, add po-format flags to syntax file
  * 9.1.0891: building the completion list array is inefficient
  * patch 9.1.0890: %! item not allowed for 'rulerformat'
  * runtime(gzip): load undofile if there exists one
  * 9.1.0889: Possible unnecessary redraw after adding/deleting lines
  * 9.1.0888: leftcol property not available in getwininfo()
  * 9.1.0887: Wrong expression in sign.c
  * 9.1.0886: filetype: debian control file not detected
  * runtime(c3): include c3 filetype plugin
  * 9.1.0885: style of sign.c can be improved
  * 9.1.0884: gcc warns about uninitialized variable
  * runtime(apache): Update syntax directives for apache server 2.4.62
  * translation(ru): updated vimtutor translation, update MAINTAINERS file
  * 9.1.0883: message history cleanup is missing some tests
  * runtime(doc): Expand docs on :! vs. :term
  * runtime(netrw): Fixing powershell execution issues on Windows
  * 9.1.0882: too many strlen() calls in insexpand.c
  * 9.1.0881: GUI: message dialog may not get focus
  * runtime(netrw): update netrw's decompress logic
  * runtime(apache): Update syntax keyword definition
  * runtime(misc): add Italian LICENSE and (top-level) README file
  * 9.1.0880: filetype: C3 files are not recognized
  * runtime(doc): add helptag for :HelpToc command
  * 9.1.0879: source is not consistently formatted
  * Add clang-format config file
  * runtime(compiler): fix escaping of arguments passed to :CompilerSet
  * 9.1.0878: termdebug: cannot enable DEBUG mode
  * 9.1.0877: tests: missing test for termdebug + decimal signs
  * 9.1.0876: filetype: openCL files are not recognized
  * 9.1.0875: filetype: hyprlang detection can be improved
  * 9.1.0874: filetype: karel files are not detected
  * 9.1.0873: filetype: Vivado files are not recognized
  * 9.1.0872: No test for W23 message
  * 9.1.0871: getcellpixels() can be further improved
  * 9.1.0870: too many strlen() calls in eval.c
  * 9.1.0869: Problem: curswant not set on gm in folded line
  * 9.1.0868: the warning about missing clipboard can be improved
  * runtime(doc): Makefile does not clean up all temporary files
  * 9.1.0867: ins_compl_add() has too many args
  * editorconfig: don't trim trailing whitespaces in runtime/doc
  * translation(am): Remove duplicate keys in desktop files
  * runtime(doc): update helptags
  * runtime(filetype): remove duplicated *.org file pattern
  * runtime(cfg): only consider leading // as starting a comment
  * 9.1.0866: filetype: LLVM IR files are not recognized
  * 9.1.0865: filetype: org files are not recognized
  * 9.1.0864: message history is fixed to 200
  * 9.1.0863: getcellpixels() can be further improved
  * runtime(sh): better function support for bash/zsh in indent script
  * runtime(netrw): small fixes to netrw#BrowseX
  * 9.1.0862: 'wildmenu' not enabled by default in nocp mode
  * runtime(doc): update how to report issues for mac Vim
  * runtime(doc): mention option-backslash at :h CompilerSet
  * runtime(compiler): include a Java Maven compiler plugin
  * runtime(racket): update Racket runtime files
  * runtime(doc): improve indentation in examples for netrw-handler
  * runtime(doc): improve examples for netrw-handler functions
  * runtime(idris2): include filetype,indent+syntax plugins for (L)Idris2 + ipkg
  * runtime(doc): clarify the use of filters and external commands
  * 9.1.0861: Vim9: no runtime check for object member access of any var
  * runtime(compiler): update pylint linter
  * 9.1.0860: tests: mouse_shape tests use hard code sleep value
  * 9.1.0859: several problems with the GLVS plugin
  * 9.1.0858: Coverity complains about dead code
  * runtime(tar): Update tar.vim to support permissions
  * 9.1.0857: xxd: --- is incorrectly recognized as end-of-options
  * 9.1.0851: too many strlen() calls in getchar.c
  * 9.1.0850: Vim9: cannot access nested object inside objects
  * runtime(tex): extra Number highlighting causes issues
  * runtime(vim): Fix indent after :silent! function
  * 9.1.0849: there are a few typos in the source
  * runtime(netrw): directory symlink not resolved in tree view
  * runtime(doc): add a table of supported Operating Systems
  * runtime(tex): update Last Change header in syntax script
  * runtime(doc): fix typo in g:termdebug_config
  * runtime(vim): Update base-syntax, improve :normal highlighting
  * runtime(tex): add Number highlighting to syntax file
  * runtime(doc): Tweak documentation style a bit
  * 9.1.0848: if_lua: v:false/v:true are not evaluated to boolean
  * runtime(dune): use :setl instead of :set in ftplugin
  * runtime(termdebug): allow to use decimal signs
  * translation(it): Updated Italian vimtutor
  * runtime(compiler): improve cppcheck
  * git: git-blame-ignore-revs shown as an error on Github
  * 9.1.0847: tests: test_popupwin fails because of updated help file
  * 9.1.0846: debug symbols for xxd are not cleaned in Makefile
  * runtime(structurizr): Update structurizr syntax
  * runtime(8th): updated 8th syntax
  * runtime(doc): Add pi_tutor.txt to help TOC
  * runtime(compiler): add mypy and ruff compiler; update pylint linter
  * runtime(netrw): fix several bugs in netrw tree listing
  * runtime(netrw): prevent polluting the search history
  * 9.1.0845: vimtutor shell script can be improved
  * 9.1.0844: if_python: no way to pass local vars to python
  * 9.1.0843: too many strlen() calls in undo.c
  * runtime(doc): update default value for fillchars option
  * runtime(compiler): fix typo in cppcheck compiler plugin
  * runtime(doc): simplify vimtutor manpage a bit more
  * runtime(matchparen): Add matchparen_disable_cursor_hl config option
  * 9.1.0842: not checking for the sync() systemcall
  * 9.1.0841: tests: still preferring python2 over python3
  * 9.1.0840: filetype: idris2 files are not recognized
  * 9.1.0839: filetype: leo files are not recognized
  * runtime(cook): include cook filetype plugin
  * runtime(debversions): Update Debian versions
  * patch 9.1.0838: vimtutor is bash-specific
  * runtime(doc): add help specific modeline to pi_tutor.txt
  * Filelist: vimtutor chapter 2 is missing in Filelist
  * 9.1.0837: cross-compiling has some issues
  * runtime(vimtutor): Add a second chapter
wget
- If wget for an http URL is redirected to a different site (hostname
  parts of URLs differ), then any "Authenticate" and "Cookie" header
  entries are discarded.
  [bsc#1185551, wget-do-not-propagate-credentials.patch,
  bsc#1230795, CVE-2021-31879]
zypper
- Annonunce --root in commands not launching a Target
  (bsc#1237044)
- BuildRequires:  libzypp-devel >= 17.36.3.
- version 1.14.85

- Let zypper dup fail in case of (temporarily) unaccessible repos
  (bsc#1228434, bsc#1236939, fixes #446)
- version 1.14.84

- New system-architecture command (bsc#1236384)
  Prints the detected system architecture.
- version 1.14.83

- requires: libzypp >= 17.36.0.
- Change versioncmp command to return exit code according to the
  comparison result (#593)
- version 1.14.82

- lr: show the repositories keep-packages flag (bsc#1232458)
  It is shown in the  details view or by using -k,--keep-packages.
  In addition libyzpp supports to enforce keeping downloaded
  packages of all repos within a package cache by creating a
  '.keep_packages' file there.
- version 1.14.81

- Try to refresh update repos first to have updated GPG keys on
  the fly (bsc#1234752)
  An update repo may contain a prolonged GPG key for the GA repo.
  Refreshing the update repo first updates a trusted key on the fly
  and avoids a 'key has expired' warning being issued when
  refreshing the GA repo.
- Refresh: restore legacy behavior and suppress Exception
  reporting as non-root (bsc#1235636)
- version 1.14.80