aaa_base
- modify git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
  to also fix the typo to set JAVA_BINDIR in the csh variant
  of the alljava profile script (bsc#1221361)
apache2
- security update
- added patches
  fix CVE-2023-38709 [bsc#1222330], HTTP response splitting
  + apache2-CVE-2023-38709.patch
  fix CVE-2024-24795 [bsc#1222332], HTTP Response Splitting in multiple modules
  + apache2-CVE-2024-24795.patch
  fix CVE-2024-27316 [bsc#1221401], HTTP/2 CONTINUATION frames can be utilized for DoS attacks
  + apache2-CVE-2024-27316.patch
coreutils
- ls: avoid triggering automounts (bsc#1221632)
  - add coreutils-ls-avoid-triggering-automounts.patch
csp-billing-adapter
- Update to version 0.10.0:
  * Add free trial feature
dom4j
- Use %patch -P N instead of deprecated %patchN.

- The license is actually Plexus

- JPMS: Add the Automatic-Module-Name attribute to the manifest.

- Make a separate flavour for a minimal dom4j-bootstrap package
  used to build jaxen and full dom4j
- Added patch:
  * 0001-no-jaxen-dom4.patch
  * for the bootstrap package, patch out the code that requires
    jaxen with dom4j support to build

- Upgrade to upstream version 2.1.4
  * Improvements and potentially breaking changes
    + Added new factory method
    org.dom4j.io.SAXReader.createDefault(). It has more secure
    defaults than new SAXReader(), which uses system
    XMLReaderFactory.createXMLReader() or
    SAXParserFactory.newInstance().newSAXParser().
    + If you use some optional dependency of dom4j (for example
    Jaxen, xsdlib etc.), you need to specify an explicit
    dependency on it in your project. They are no longer marked as
    a mandatory transitive dependency by dom4j.
    + Following SAX parser features are disabled by default in
    DocumentHelper.parse() for security reasons (they were enabled
    in previous versions):
    ° http://xml.org/sax/properties/external-general-entities
    ° http://xml.org/sax/properties/external-parameter-entities
  * Other changes:
    + updated pull-parser version
    + Reuse the writeAttribute method in writeAttributes
    + support build on OS with non-UTF8 as default charset
    + Gradle: add an automatic module name
    + Use Correct License Name "Plexus"
    + Possible vulnerability of DocumentHelper.parseText() to XML
    injection
    + CVS directories left in the source tree
    + XMLWriter does not escape supplementary unicode characters
    correctly
    + writer.writeOpen(x) doesn't write namespaces
    + concurrency problem with QNameCache
    + all dependencies are optional
    + SAXReader: hardcoded namespace features
    + validate QNames
    + StringIndexOutOfBoundsException in
    XMLWriter.writeElementContent()
    + TreeNode has grown some generics
    + QName serialization fix
    + DocumentException initialize with nested exception
    + Accidentally occurring error in a multi-threaded test
    + compatibility with W3C DOM Level 3
    + use Java generics
- Removed patches:
  * dom4j-1.6.1-bug1618750.patch
  * dom4j-CVE-2018-1000632.patch
  * dom4j-CVE-2020-10683.patch
  * dom4j-enable-stax-datatypes.patch
  * dom4j-javadoc.patch
  * dom4j-sourcetarget.patch
    + not needed with this version

- Do not depend on jtidy, since it is not used during build
dwz
- Add dwz-0.12-clean-up-temporary-file-in-hardlink-mode.patch to
  cleanup left-over temporary file (swo#24275, bsc#1221634).
- Replace "%doc COPYING" with "%license COPYING".
e2fsprogs
EA Inode handling fixes:
- ext2fs-avoid-re-reading-inode-multiple-times.patch: ext2fs: avoid re-reading
  inode multiple times (bsc#1223596)
- e2fsck-fix-potential-out-of-bounds-read-in-inc_ea_in.patch: e2fsck: fix
  potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596)
- e2fsck-add-more-checks-for-ea-inode-consistency.patch: e2fsck: add more
  checks for ea inode consistency (bsc#1223596)
- e2fsck-fix-golden-output-of-several-tests.patch: e2fsck: fix golden output of
  several tests (bsc#1223596)
fdupes
- Do not use sqlite, as this pulls sqlite into Ring0 at no real
  benefit performance wise: the cache is not reused between runs.
  + Drop sqlite-devel BuildRequires
  + Pass --without-sqlite to configure

- Update to 2.3.0:
  * Add --cache option to speed up file comparisons.
  * Use nanosecond precision for file times, if available.
  * Fix compilation issue on OpenBSD.
  * Other changes like fixing typos, wording, etc.

- update to 2.2.1:
  * Fix bug in code meant to skip over the current log file when --log option is given.
  * Updates to copyright notices in source code.
  * Add --deferconfirmation option.
  * Check that files marked as duplicates haven't changed during program execution before deleting them.
  * Update documentation to indicate units for SIZE in command-line options.
  * Move some configuration settings to configure.ac file.

- Fixes for the new wrapper:
  * Order duplicates by name, to get a reproducible file set
    (boo#1197484).
  * Remove redundant order parameter from fdupes invocation.
  * Modernize code, significantly reduce allocations.
  * Exit immediately when mandatory parameters are missing.
  * Remove obsolete buildroot parameter
  * Add some tests for the wrapper

- A more correct approach to creating symlinks (old bug actually):
  Do not link the files as given by fdupes, but turn them into
  relative links (it works by chance if given a buildroot, but
  fails if running on a subdirectory)
- Support multiple directories given (as glob to the macro)

- Handle symlinks (-s argument) correctly

- Simplify macros.fdupes with a call to a C++ program that does
  the same within a fraction of a second what the shell loop did
  in many seconds (bsc#1195709)
glib2
- Add patches to fix CVE-2024-34397 (boo#1224044):
  glib2-CVE-2024-34397.patch (glgo#GNOME/glib#3268).
  glib2-fix-ibus-regression.patch (glgo#GNOME/glib#3353)
glibc
- nscd-netgroup-cache-timeout.patch: Use time_t for return type of
  addgetnetgrentX (CVE-2024-33602, bsc#1223425)

- ulp-prologue-into-asm-functions.patch: Avoid creating ULP prologue
  for _start routine (bsc#1221940)

- glibc-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch:
  nscd: Stack-based buffer overflow in netgroup cache
  (CVE-2024-33599, bsc#1223423, BZ #31677)
- glibc-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch:
  nscd: Avoid null pointer crashes after notfound response
  (CVE-2024-33600, bsc#1223424, BZ #31678)
- glibc-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch:
  nscd: Do not send missing not-found response in addgetnetgrentX
  (CVE-2024-33600, bsc#1223424, BZ #31678)
- glibc-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two.patch:
  netgroup: Use two buffers in addgetnetgrentX (CVE-2024-33601,
  CVE-2024-33602, bsc#1223425, BZ #31680)
ipset
- Fix build with latest kernel, bsc#1223370
  * bsc1223370.patch
iputils
- Backport proposed fix for regression in upstream commit 4db1de6 (bsc#1224877)
  0002-arping-Fix-unsolicited-ARP-regressions-on-c-1.patch

- Backport upstream fix for bsc#1224877
  4db1de6 ("arping: Fix 1s delay on exit for unsolicited arpings")
  0001-arping-Fix-1s-delay-on-exit-for-unsolicited-arpings.patch
jackson-annotations
- Update to 2.16.1
  * no substantial changes from 2.16.0
  * 2.16.0 (15-Nov-2023)
    + #223: Add new OptBoolean valued property in @JsonTypeInfo to
    allow per-type configuration of strict type id handling
    + #229: Add JsonTypeInfo.Value object (backport from 3.0)
    + #234: Add new JsonTypeInfo.Id.SIMPLE_NAME
jackson-core
- Update to 2.16.1
  * 2.16.1 (24-Dec-2023)
    + #1141: NPE in Version.equals() if snapshot-info null
    + #1161: NPE in "FastDoubleParser", method "JavaBigDecimalParser.parseBigDecimal()"
    + #1168: JsonPointer.append(JsonPointer.tail()) includes the original pointer
  * 2.16.0 (15-Nov-2023)
    + #991: Change StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION default to false in Jackson 2.16
    + #1007: Improve error message for StreamReadConstraints violations
    + #1015: JsonFactory implementations should respect CANONICALIZE_FIELD_NAMES
    + #1035: Root cause for failing test for testMangledIntsBytes() in ParserErrorHandlingTest
    + #1036: Allow all array elements in JsonPointerBasedFilter
    + #1039: Indicate explicitly blocked sources as "REDACTED" instead of "UNKNOWN" in JsonLocation
    + #1041: Start using AssertJ in unit tests
    + #1042: Allow configuring spaces before and/or after the colon in DefaultPrettyPrinter (for Canonical JSON)
    + #1046: Add configurable limit for the maximum number of bytes/chars of content to parse before failing
    + #1047: Add configurable limit for the maximum length of Object property names to parse before failing
    + #1048: Add configurable processing limits for JSON generator (StreamWriteConstraints)
    + #1050: Compare _snapshotInfo in Version
    + #1051: Add JsonGeneratorDecorator to allow decorating JsonGenerators
    + #1064: Add full set of BufferRecyclerPool implementations
    + #1066: Add configurable error report behavior via ErrorReportConfiguration
    + #1081: Make ByteSourceJsonBootstrapper use StringReader for < 8KiB byte[] inputs
    + #1089: Allow pluggable buffer recycling via new RecyclerPool extension point
    + #1136: Change parsing error message to mention -INF

- Use %patch -P N instead of deprecated %patchN.
jackson-databind
- Update to 2.16.1
  * 2.16.1 (24-Dec-2023)
    + #4200: JsonSetter(contentNulls = FAIL) is ignored in
    delegating @JsonCreator argument
    + #4216: Primitive array deserializer not being captured by
    DeserializerModifier
    + #4219: JsonNode.findValues() and findParents() missing
    expected values in 2.16.0
  * 2.16.0 (15-Nov-2023)
    + #1770: Incorrect deserialization for BigDecimal numbers
    + #2502: Add a way to configure caches Jackson uses
    + #2787: Mix-ins do not work for Enums
    + #3133: Map deserialization results in different numeric
    classes based on json ordering (BigDecimal / Double) when
    used in combination with @JsonSubTypes
    + #3251: Generic class with generic field of runtime type
    Double is deserialized as BigDecimal when used with
    @JsonTypeInfo and JsonTypeInfo.As.EXISTING_PROPERTY
    + #3277: Combination of @JsonUnwrapped and @JsonAnySetter
    results in BigDecimal instead of Double
    + #3647: @JsonIgnoreProperties not working with @JsonValue
    + #3780: Deprecated JsonNode.with(String) suggests using
    JsonNode.withObject(String) but it is not the same thing
    + #3838: Difference in the handling of ObjectId-property in
    JsonIdentityInfo depending on the deserialization route
    + #3877: Add new OptBoolean valued property in @JsonTypeInfo,
    handling, to allow per-polymorphic type loose Type Id
    handling
    + #3906: Regression: 2.15.0 breaks deserialization for records
    when
    mapper.setVisibility(PropertyAccessor.ALL, Visibility.NONE)
    + #3924: Incorrect target type when disabling coercion, trying
    to deserialize String from Array/Object
    + #3928: @JsonProperty on constructor parameter changes default
    field serialization order
    + #3950: Create new JavaType subtype IterationType
    (extending SimpleType)
    + #3953: Use JsonTypeInfo.Value for annotation handling
    + #3965: Add JsonNodeFeature.WRITE_PROPERTIES_SORTED for
    sorting ObjectNode properties on serialization
    (for Canonical JSON)
    + #4008: Optimize ObjectNode findValue(s) and findParent(s)
    fast paths
    + #4009: Locale "" is deserialised as null if
    ACCEPT_EMPTY_STRING_AS_NULL_OBJECT is enabled
    + #4011: Add guardrail setting for TypeParser handling of type
    parameters
    + #4036: Use @JsonProperty for Enum values also when READ_ENUMS
    USING_TO_STRING enabled
    + #4037: Fix Enum deserialization to use @JsonProperty,
    @JsonAlias even if EnumNamingStrategy used
    + #4039: Use @JsonProperty and lowercase feature when
    serializing Enums despite using toString()
    + #4040: Use @JsonProperty over EnumNamingStrategy for Enum
    serialization
    + #4041: Actually cache EnumValues#internalMap
    + #4047: ObjectMapper.valueToTree() will ignore the
    configuration SerializationFeature.WRAP_ROOT_VALUE
    + #4056: Provide the "ObjectMapper.treeToValue(TreeNode,
    TypeReference)" method
    + #4060: Expose NativeImageUtil.isRunningInNativeImage() method
    + #4061: Add JsonTypeInfo.Id.SIMPLE_NAME which defaults type id
    to Class.getSimpleName()
    + #4071: Impossible to deserialize custom Throwable sub-classes
    that do not have single-String constructors
    + #4078: java.desktop module is no longer optional
    + #4082: ClassUtil fails with
    java.lang.reflect.InaccessibleObjectException trying to
    setAccessible on OptionalInt with JDK 17+
    + #4090: Support sequenced collections (JDK 21)
    + #4095: Add withObjectProperty(String),
    withArrayProperty(String) in JsonNode
    + #4096: Change JsonNode.withObject(String) to work similar to
    withArray() wrt argument
    + #4144: Log WARN if deprecated subclasses of
    PropertyNamingStrategy is used
    + #4145: NPE when transforming a tree to a model class object,
    at ArrayNode.elements()
    + #4153: Deprecated ObjectReader.withType(Type) has no direct
    replacement; need forType(Type)
    + #4159: Add new DefaultTyping.NON_FINAL_AND_ENUMS to allow
    Default Typing for Enums
    + #4164: Do not rewind position when serializing direct
    ByteBuffer
    + #4175: Exception when deserialization of private record with
    default constructor
    + #4184: BeanDeserializer updates currentValue incorrectly when
    deserialising empty Object
kernel-default
- pstore: inode: Only d_invalidate() is needed (bsc#1223705
  CVE-2024-27389).
- commit bbe965a

- media: edia: dvbdev: fix a use-after-free (CVE-2024-27043
  bsc#1223824).
- commit e3d9ce5

- Update
  patches.suse/ext4-fix-bug-in-extents-parsing-when-eh_entries-0-an.patch
  (bsc#1206881 bsc#1223475 CVE-2022-48631).
- commit 718df1c

- md/raid5: fix atomicity violation in raid5_cache_count
  (bsc#1219169, CVE-2024-23307).
- commit d2d22f0

- kABI workaround for cec_adapter (CVE-2024-23848 bsc#1219104).
- media: cec: core: avoid confusing "transmit timed out" message
  (CVE-2024-23848 bsc#1219104).
- media: cec: core: avoid recursive cec_claim_log_addrs
  (CVE-2024-23848 bsc#1219104).
- media: cec: cec-api: add locking in cec_release()
  (CVE-2024-23848 bsc#1219104).
- media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
  (CVE-2024-23848 bsc#1219104).
- commit 5f84bce

- media: cec: abort if the current transmit was canceled
  (CVE-2024-23848 bsc#1219104).
- commit f23b730

- Update
  patches.suse/gpio-mockup-fix-NULL-pointer-dereference-when-removi.patch
  (git-fixes CVE-2022-48663 bsc#1223523).
- commit fb50f4d

- Update
  patches.suse/cgroup-cgroup_get_from_id-must-check-the-looked-up-kn-is-a-directory.patch
  (bsc#1203906 CVE-2022-48638 bsc#1223522).
- commit 1b1d545

- Update
  patches.suse/sfc-fix-TX-channel-offset-when-using-legacy-interrup.patch
  (git-fixes CVE-2022-48647 bsc#1223519).
- commit 2df3009

- Update
  patches.suse/smb3-fix-temporary-data-corruption-in-insert-range.patch
  (bsc#1193629 CVE-2022-48667 bsc#1223518).
- commit 2544640

- Update
  patches.suse/bnxt-prevent-skb-UAF-after-handing-over-to-PTP-worke.patch
  (jsc#SLE-18978 CVE-2022-48637 bsc#1223517).
- commit 8af9f52

- Update
  patches.suse/smb3-fix-temporary-data-corruption-in-collapse-range.patch
  (bsc#1193629 CVE-2022-48668 bsc#1223516).
- commit ea57df6

- drm/i915/gem: Really move i915_gem_context.link under ref
  protection (CVE-2022-48662 bsc#1223505).
- commit 1ea0422

- Update
  patches.suse/scsi-qla2xxx-Fix-memory-leak-in-__qlt_24xx_handle_ab.patch
  (bsc#1203935 CVE-2022-48650 bsc#1223509).
- commit ecd523c

- Update
  patches.suse/sfc-fix-null-pointer-dereference-in-efx_hard_start_x.patch
  (git-fixes CVE-2022-48648 bsc#1223503).
- commit 2cd307a

- Update
  patches.suse/gpiolib-cdev-Set-lineevent_state-irq-after-IRQ-regis.patch
  (git-fixes CVE-2022-48660 bsc#1223487).
- commit 30d7811

- Update
  patches.suse/arm64-topology-fix-possible-overflow-in-amu_fie_setu.patch
  (git-fixes CVE-2022-48657 bsc#1223484).
- commit d7e1659

- Update
  patches.suse/netfilter-nfnetlink_osf-fix-possible-bogus-match-in-.patch
  (bsc#1204614 CVE-2022-48654 bsc#1223482).
- commit a8a2952

- Update
  patches.suse/dmaengine-ti-k3-udma-private-Fix-refcount-leak-bug-i.patch
  (git-fixes CVE-2022-48656 bsc#1223479).
- commit 90546f3

- Update
  patches.suse/ice-Don-t-double-unplug-aux-on-peer-initiated-reset.patch
  (git-fixes CVE-2022-48653 bsc#1223474).
- commit dba84ad

- ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
  (bsc#1223513 CVE-2022-48651).
- commit c96a663

- Update patches.suse/firmware-arm_scmi-Harden-accesses-to-the-reset-domai.patch (git-fixes CVE-2022-48655 bsc#1223477)
- commit 2dabafb

- Call flush_delayed_fput() from nfsd main-loop (bsc#1223380).
- commit 18e662b

- Update
  patches.suse/spi-spi-zynqmp-gqspi-Handle-error-for-dma_set_mask.patch
  (git-fixes CVE-2021-47047 bsc#1220761).
- commit 1f6461d

- crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
  (CVE-2023-52616 bsc#1221612).
- commit 6fa74bc

- x86/boot: Ignore relocations in .notes sections in walk_relocs() too (bsc#1222624 CVE-2024-26816).
- commit 9c9dbbd

- x86, relocs: Ignore relocations in .notes section (bsc#1222624 CVE-2024-26816).
- commit 9bcfc48

- Update
  patches.suse/aoe-fix-the-potential-use-after-free-problem-in-aoec.patch
  (bsc#1218562 CVE-2023-6270 CVE-2024-26898 bsc#1223016).
- commit 5a56f33

- Update
  patches.suse/Bluetooth-rfcomm-Fix-null-ptr-deref-in-rfcomm_check_.patch
  (bsc#1219170 CVE-2024-22099 CVE-2024-26903 bsc#1223187).
- commit 1a4ee0a

- Update
  patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch
  (bsc#1219264 CVE-2024-0841 CVE-2024-26688 bsc#1222482).
- Update
  patches.suse/btrfs-fix-double-free-of-anonymous-device-after-snap.patch
  (bsc#1219126 CVE-2024-23850 CVE-2024-26792 bsc#1222430).
- Update
  patches.suse/net-sched-act_mirred-don-t-override-retval-if-we-alr.patch
  (CVE-2024-26733 bsc#1222585 CVE-2024-26739 bsc#1222559).
- commit ac0df3e

- Update
  patches.suse/ALSA-gus-fix-null-pointer-dereference-on-pointer-blo.patch
  (git-fixes CVE-2021-47207 bsc#1222790).
- Update
  patches.suse/ALSA-usb-audio-fix-null-pointer-dereference-on-point.patch
  (bsc#1192354 CVE-2021-47211 bsc#1222869).
- Update
  patches.suse/RDMA-core-Set-send-and-receive-CQ-before-forwarding-.patch
  (jsc#SLE-19249 CVE-2021-47196 bsc#1222773).
- Update
  patches.suse/arm64-dts-qcom-msm8998-Fix-CPU-L2-idle-state-latency.patch
  (git-fixes CVE-2021-47187 bsc#1222703).
- Update
  patches.suse/cfg80211-call-cfg80211_stop_ap-when-switch-from-P2P_.patch
  (git-fixes CVE-2021-47194 bsc#1222829).
- Update
  patches.suse/clk-sunxi-ng-Unregister-clocks-resets-when-unbinding.patch
  (git-fixes CVE-2021-47205 bsc#1222888).
- Update
  patches.suse/drm-prime-Fix-use-after-free-in-mmap-with-drm_gem_tt.patch
  (git-fixes CVE-2021-47200 bsc#1222838).
- Update
  patches.suse/i40e-Fix-NULL-ptr-dereference-on-VSI-filter-sync.patch
  (jsc#SLE-18378 CVE-2021-47184 bsc#1222666).
- Update
  patches.suse/iavf-free-q_vectors-before-queues-in-iavf_disable_vf.patch
  (jsc#SLE-18385 CVE-2021-47201 bsc#1222792).
- Update
  patches.suse/msft-hv-2480-x86-hyperv-Fix-NULL-deref-in-set_hv_tscchange_cb-if-.patch
  (git-fixes CVE-2021-47217 bsc#1222836).
- Update
  patches.suse/net-dpaa2-eth-fix-use-after-free-in-dpaa2_eth_remove.patch
  (git-fixes CVE-2021-47204 bsc#1222787).
- Update
  patches.suse/net-mlx5-Update-error-handler-for-UCTX-and-UMEM.patch
  (jsc#SLE-19253 CVE-2021-47212 bsc#1222709).
- Update
  patches.suse/net-mlx5e-CT-Fix-multiple-allocations-and-memleak-of.patch
  (jsc#SLE-19253 CVE-2021-47199 bsc#1222785).
- Update
  patches.suse/net-mlx5e-kTLS-Fix-crash-in-RX-resync-flow.patch
  (jsc#SLE-19253 CVE-2021-47215 bsc#1222704).
- Update
  patches.suse/net-mlx5e-nullify-cq-dbg-pointer-in-mlx5_debug_cq_re.patch
  (jsc#SLE-19253 CVE-2021-47197 bsc#1222776).
- Update
  patches.suse/sched-fair-Prevent-dead-task-groups-from-regaining-cfs_rq-s.patch
  (bsc#1192837 CVE-2021-47209 bsc#1222796).
- Update patches.suse/scsi-advansys-Fix-kernel-pointer-leak.patch
  (git-fixes CVE-2021-47216 bsc#1222876).
- Update
  patches.suse/scsi-core-sysfs-Fix-hang-when-device-state-is-set-via-sysfs
  (git-fixes CVE-2021-47192 bsc#1222867).
- Update
  patches.suse/scsi-lpfc-Fix-list_add-corruption-in-lpfc_drain_txq.patch
  (bsc#1190576 CVE-2021-47203 bsc#1222881).
- Update
  patches.suse/scsi-lpfc-Fix-use-after-free-in-lpfc_unreg_rpi-routi.patch
  (bsc#1192145 CVE-2021-47198 bsc#1222883).
- Update
  patches.suse/scsi-pm80xx-Fix-memory-leak-during-rmmod.patch
  (git-fixes CVE-2021-47193 bsc#1222879).
- Update
  patches.suse/scsi-scsi_debug-Fix-out-of-bound-read-in-resp_readcap16.patch
  (git-fixes CVE-2021-47191 bsc#1222866).
- Update
  patches.suse/scsi-scsi_debug-Fix-out-of-bound-read-in-resp_report_tgtpgs.patch
  (git-fixes CVE-2021-47219 bsc#1222824).
- Update patches.suse/scsi-ufs-core-Improve-SCSI-abort-handling
  (git-fixes CVE-2021-47188 bsc#1222671).
- Update
  patches.suse/selinux-fix-NULL-pointer-dereference-when-hashtab-al.patch
  (git-fixes CVE-2021-47218 bsc#1222791).
- Update
  patches.suse/thermal-Fix-NULL-pointer-dereferences-in-of_thermal_.patch
  (stable-5.14.21 CVE-2021-47202 bsc#1222878).
- Update
  patches.suse/tty-tty_buffer-Fix-the-softlockup-issue-in-flush_to_.patch
  (git-fixes CVE-2021-47185 bsc#1222669).
- Update
  patches.suse/usb-host-ohci-tmio-check-return-value-after-calling-.patch
  (git-fixes CVE-2021-47206 bsc#1222894).
- Update
  patches.suse/usb-typec-tipd-Remove-WARN_ON-in-tps6598x_block_read.patch
  (git-fixes CVE-2021-47210 bsc#1222901).
- commit 48b69db

- wifi: iwlwifi: fix a memory corruption (CVE-2024-26610
  bsc#1221299).
- commit e7967c5

- xen/events: close evtchn after mapping cleanup (CVE-2024-26687,
  bsc#1222435).
- commit eb41ab9

- Update patches.suse/arp-Prevent-overflow-in-arp_req_get.patch
- fix build warning
- commit b98055d

- ext4: regenerate buddy after block freeing failed if under fc
  replay (bsc#1220342 CVE-2024-26601).
- commit c12e20f

- blacklist.conf: Blacklist 83e80a6e3543f3
- commit 62a580e

- fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
  (bsc#1222721 CVE-2024-26764).
- commit b81d662

- fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via
  libaio (bsc#1222721 CVE-2024-26764).
- commit 6f0ed6e

- ext4: avoid allocating blocks from corrupted group in
  ext4_mb_try_best_found() (bsc#1222618 CVE-2024-26773).
- commit 821043d

- Update patches.suse/thermal-Fix-NULL-pointer-dereferences-in-of_thermal_.patch (stable-5.14.21 CVE-2021-47202 bsc#1222878)
- commit 9b2ed28

- Update references in
  patches.suse/ocfs2-Avoid-touching-renamed-directory-if-parent-doe.patch
  (bsc#1221044 bsc#1221088 CVE-2023-52591 CVE-2023-52590).
- commit 6a6852e

- Update patches.suse/spi-fix-use-after-free-of-the-add_lock-mutex.patch (git-fixes CVE-2021-47195 bsc#1222832)
- commit e8d48f1

- IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (bsc#1222726 CVE-2024-26766)
- commit dc4bba0

- scsi: Update max_hw_sectors on rescan (bsc#1216223).
- ibmvfc: make 'max_sectors' a module option (bsc#1216223).
- commit af79c3f

- md/raid5: fix atomicity violation in raid5_cache_count
  (bsc#1219169, CVE-2024-23307).
- commit 7709383

- Update
  patches.suse/btrfs-fix-memory-ordering-between-normal-and-ordered-work-functions.patch
  (git-fixes CVE-2021-47189 bsc#1222706).
- commit 95bc72d

- Update
  patches.suse/tty-tty_buffer-Fix-the-softlockup-issue-in-flush_to_.patch
  (git-fixes CVE-2021-47185).
- commit de9e1db

- Update
  patches.suse/scsi-lpfc-Fix-link-down-processing-to-address-NULL-p.patch
  (bsc#1192145 CVE-2021-47183 bsc#1222664).
- commit 720685d

- Update
  patches.suse/scsi-core-Fix-scsi_mode_sense-buffer-length-handling.patch
  (git-fixes CVE-2021-47182 bsc#1222662).
- commit 641c737

- Update
  patches.suse/usb-musb-tusb6010-check-return-value-after-calling-p.patch
  (git-fixes CVE-2021-47181 bsc#1222660).
- commit 27da195

- ceph: prevent use-after-free in encode_cap_msg() (CVE-2024-26689
  bsc#1222503).
- commit c307f9b
postgresql16
- Upgrade to 16.3 (bsc#1224051):
  * bsc#1224038, CVE-2024-4317: Restrict visibility of pg_stats_ext
    and pg_stats_ext_exprs entries to the table owner. See the
    release notes for the steps that have to be taken to fix
    existing PostgreSQL instances.
  * Fix incompatibility with LLVM 18.
  * https://www.postgresql.org/docs/release/16.3/
- Prepare for PostgreSQL 17.
- Make sure all compilation and doc generation happens in %build.

- Require LLVM <= 17 for now, because LLVM 18 doesn't seem to work.

- Remove constraints file because improved memory usage for s390x

- Use %patch -P N instead of deprecated %patchN.
objectweb-asm
- Upgrade to version 9.7
  * new Opcodes.V23 constant for Java 23
  * bug fixes
    + 318009: Unit test regression in dex2jar.
    + 318007: 'ClassNode#outerClass' has incorrect JavaDocs.
    + 318006: asm-bom packaging should be 'pom'.
    + 318003: The Textifier prints a supplementary space at the end
    of each method that throws at least one exception.
perl
- fix space calculation issues in pp_pack.c [bnc#1082216]
  [CVE-2018-6913]
  * new patch: perl-pack-overflow.diff
- fix heap buffer overflow in regexec.c [bnc#1082233]
  [CVE-2018-6798]
  new patch: perl-regexec-heap-overflow.diff
- make Net::FTP work with TLS 1.3 [bnc#1213638]
  new patch: perl-net-ftp-tls13.diff
postgresql14
- Upgrade to 14.12 (bsc#1224051):
  * bsc#1224038, CVE-2024-4317: Restrict visibility of pg_stats_ext
    and pg_stats_ext_exprs entries to the table owner. See the
    release notes for the steps that have to be taken to fix
    existing PostgreSQL instances.
  * Fix incompatibility with LLVM 18.
  * https://www.postgresql.org/docs/release/14.12/
- Prepare for PostgreSQL 17.
- Make sure all compilation and doc generation happens in %build.

- Require LLVM <= 17 for now, because LLVM 18 doesn't seem to work.

- Remove constraints file because improved memory usage for s390x

- Use %patch -P N instead of deprecated %patchN.
python-Jinja2
- Add CVE-2024-34064.patch upstream patch
  (CVE-2024-34064, bsc#1223980, gh#pallets/jinja@0668239dc6b4)
  Also fixes (CVE-2024-22195, bsc#1218722)
python-requests
- Add CVE-2024-35195.patch (CVE-2024-35195, bsc#1224788)
- Add httpbin.patch to fix a test failure caused by the previous patch.
000release-packages:sle-module-basesystem-release
n/a
000release-packages:sle-module-containers-release
n/a
000release-packages:sle-module-desktop-applications-release
n/a
000release-packages:sle-module-development-tools-release
n/a
000release-packages:sle-module-public-cloud-release
n/a
000release-packages:sle-module-python3-release
n/a
000release-packages:sle-module-server-applications-release
n/a
000release-packages:sle-module-web-scripting-release
n/a
supportutils
- Changes in version 3.1.30
  + Added -V key:value pair option (bsc#1222021, PED-8211)
  + Avoid getting duplicate kernel verifications in boot.text (pr#193)
  + Suppress file descriptor leak warnings from lvm commands (pr#192, bsc#1220082)
  + Includes container log timestamps (pr#197)
systemd-presets-branding-SLE
- Enable sysctl-logger (jsc#PED-5024)
wicked
- client: fix ifreload to pull UP ports/links again when the config
  of their master/lower changed (bsc#1224100,gh#openSUSE/wicked#1014).
  [+ 0001-ifreload-pull-UP-again-on-master-lower-changes-bsc1224100.patch]

- Update to version 0.6.75:
  - cleanup: fix ni_fsm_state_t enum-int-mismatch warnings
  - cleanup: fix overflow warnings in a socket testcase on i586
  - ifcheck: report new and deleted configs as changed (bsc#1218926)
  - man: improve ARP configuration options in the wicked-config.5
  - bond: add ports when master is UP to avoid port MTU revert (bsc#1219108)
  - cleanup: fix interface dependencies and shutdown order (bsc#1205604)
  - Remove port arrays from bond,team,bridge,ovs-bridge (redundant)
    and consistently use config and state info attached to the port
    interface as in rtnetlink(7).
  - Cleanup ifcfg parsing, schema configuration and service properties
  - Migrate ports in xml config and policies already applied in nanny
  - Remove "missed config" generation from finite state machine, which
    is completed while parsing the config or while xml config migration.
  - Issue a warning when "lower" interface (e.g. eth0) config is missed
    while parsing config depending on it (e.g. eth0.42 vlan).
  - Resolve ovs master to the effective bridge in config and wickedd
  - Implement netif-check-state require checks using system relations
    from wickedd/kernel instead of config relations for ifdown and add
    linkDown and deleteDevice checks to all master and lower references.
  - Add a `wicked <ifup|ifdown|ifreload> --dry-run …` option to show the
    system/config interface hierarchies as notice with +/- marked
    interfaces to setup and/or shutdown.
- Removed patches included in the source archive:
  [- 0001-addrconf-fix-fallback-lease-drop-bsc-1220996.patch]
  [- 0002-extensions-nbft-replace-nvme-show-nbft-with-nvme-nbf.patch]
  [- 0003-move-all-attribute-definitions-to-compiler-h.patch]
  [- 0004-hide-secrets-in-debug-log-bsc-1221194.patch]
  [- 0005-client-do-to-not-convert-sec-to-msec-twice-bsc-1222105.patch]