aaa_base
- modify git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
  to also fix the typo to set JAVA_BINDIR in the csh variant
  of the alljava profile script (bsc#1221361)

- modify git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
  drop the stderr redirection for csh (bsc#1221361)
- add git-49-3f8f26123d91f70c644677a323134fc79318c818.patch
  drop sysctl.d/50-default-s390.conf (bsc#1211721)
- add aaa_base-preinstall.patch
  make sure the script does not exit with 1 if a file
  with content is found (bsc#1222547)

- add patch git-48-477bc3c05fcdabf9319e84278a1cba2c12c9ed5a.patch
  home and end button not working from ssh client (bsc#1221407)
- use autosetup in prep stage of specfile

- silence the output in the case of broken symlinks (bsc#1218232)

- fix git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
  to actually apply

- replace git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
  by git-47-056fc66c699a8544c7692a03c905fca568f5390b.patch
  * fix the issues from bsc#1107342 and bsc#1215434 and just
    use the settings from update-alternatives to set JAVA_HOME

- Add patch git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
  * respect /etc/update-alternatives/java when setting JAVA_HOME
    (bsc#1215434,bsc#1107342)
autofs
- autofs-5.1.6-remove-intr-hosts-map-mount-option.patch
  Don't use the intr option on NFS mounts by default, it's been
  ignored by the kernel for a long time now. (bsc#1225130)

- autofs-5.1.8-dont-use-initgroups-at-spawn.patch
  Don't use initgroups at spawn (bsc#1214710, bsc#1221181)

- autofs-5.1.3-revert-fix-argc-off-by-one-in-mount_aut.patch
  Fix off-by-one error in recursive map handling. (bsc#1209653)
autoyast2
- Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565)
- 4.3.106

- Properly install the selected products, do not lose them after
  resetting the package manager internally (bsc#1202234)
- 4.3.105

- Process the <ask-list/> section in an installed system once the
  <general/> section is imported in the (bsc#1201953).
- 4.3.104

- Revert the modification done in version 4.3.97 running the
  initscripts before systed-user-sessions service again once
  systemd fixed logind (bsc#1195059, bsc#1200780)
- 4.3.103
aws-cli
- Update in SLE-15 (bsc#1209255, jsc#PED-3780)

- Update to version 1.27.89
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.89/CHANGELOG.rst
- Update Requires in spec file from setup.py

- Update to version 1.27.78
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.78/CHANGELOG.rst
- Update Requires in spec file from setup.py

- Update to version 1.27.71
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.71/CHANGELOG.rst
- Update Requires in spec file from setup.py

- Update to version 1.27.66
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.66/CHANGELOG.rst
- Update Requires in spec file from setup.py

- Update to version 1.27.60
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.60/CHANGELOG.rst
- Update Requires in spec file from setup.py

- Update to version 1.27.58
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.58/CHANGELOG.rst
- Update Requires in spec file from setup.py

- Update to version 1.27.52
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.52/CHANGELOG.rst
- Update Requires in spec file from setup.py

- Update to version 1.27.41
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.41/CHANGELOG.rst
- Update Requires in spec file from setup.py

- Update to version 1.27.26
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.26/CHANGELOG.rst
- Update Requires in spec file from setup.py

- Update to version 1.27.21
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.21/CHANGELOG.rst
- Update Requires in spec file from setup.py

- Update to version 1.27.8
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.8/CHANGELOG.rst
- Update Requires in spec file from setup.py

- Update to version 1.27.2
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.2/CHANGELOG.rst
- Relax upper version constraint for python-colorama in
  BuildRequires and Requires to 0.5.0 (bsc#1204917)
- Update Requires in spec file from setup.py

- Update in SLE-15 (bsc#1204537, jsc#PED-2333)

- Update to version 1.26.0
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.26.0/CHANGELOG.rst
- Update Requires in spec file from setup.py

- Update to version 1.25.91
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.25.91/CHANGELOG.rst
- Update Requires in spec file from setup.py

- Update to version 1.25.85
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.25.85/CHANGELOG.rst
- Update Requires in spec file from setup.py

- Update to version 1.25.76
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.25.76/CHANGELOG.rst
- Update Requires in spec file from setup.py

- Update to version 1.25.72
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.25.72/CHANGELOG.rst
- Update Requires in spec file from setup.py

- Update to version 1.25.64
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.25.64/CHANGELOG.rst
- Update Requires in spec file from setup.py

- Update to version 1.25.60
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.25.60/CHANGELOG.rst
- Update Requires in spec file from setup.py

- Update to version 1.25.55
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.25.55/CHANGELOG.rst
- Update Requires in spec file from setup.py

- Update to version 1.25.45
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.25.45/CHANGELOG.rst
- Update Requires in spec file from setup.py

- Update to version 1.25.37
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.25.37/CHANGELOG.rst
- Update Requires in spec file from setup.py

- Update to version 1.25.20
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.25.20/CHANGELOG.rst
- Update Requires in spec file from setup.py

- Update to version 1.25.2
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.25.2/CHANGELOG.rst
- Update Requires in spec file from setup.py
bind
- Security Fixes:
  * It is possible to craft excessively large numbers of resource
    record types for a given owner name, which has the effect of
    slowing down database processing. This has been addressed by
    adding a configurable limit to the number of records that can
    be stored per name and type in a cache or zone database. The
    default is 100, which can be tuned with the new
    max-types-per-name option. (CVE-2024-1737)
    [bsc#1228256, bind-9.16-CVE-2024-1737.patch]
  * Validating DNS messages signed using the SIG(0) protocol (RFC
    2931) could cause excessive CPU load, leading to a
    denial-of-service condition. Support for SIG(0) message
    validation was removed from this version of named.
    (CVE-2024-1975)
    [bsc#1228257, bind-9.16-CVE-2024-1975.patch]

- Security Fixes:
  * Validating DNS messages containing a lot of DNSSEC signatures
    could cause excessive CPU load, leading to a denial-of-service
    condition. This has been fixed. (CVE-2023-50387)
    [bsc#1219823, bind-CVE-2023-50387-CVE-2023-50868.patch]
  * Preparing an NSEC3 closest encloser proof could cause excessiv
    CPU load, leading to a denial-of-service condition. This has
    been fixed. (CVE-2023-50868)
    [bsc#1219826, bind-CVE-2023-50387-CVE-2023-50868.patch]
  * Parsing DNS messages with many different names could cause
    excessive CPU load. This has been fixed. (CVE-2023-4408)
    [bsc#1219851, bind-CVE-2023-4408.patch]
  * Specific queries could cause named to crash with an assertion
    failure when nxdomain-redirect was enabled. This has been
    fixed. (CVE-2023-5517)
    [bsc#1219852, bind-CVE-2023-5517.patch]
  * Query patterns that continuously triggered cache database
    maintenance could cause an excessive amount of memory to be
    allocated, exceeding max-cache-size and potentially leading to
    all available memory on the host running named being exhausted
    This has been fixed. (CVE-2023-6516)
    [bsc#1219854, bind-CVE-2023-6516.patch]

- Security Fix:
  * Previously, sending a specially crafted message over the
    control channel could cause the packet-parsing code to run out
    of available stack memory, causing named to terminate
    unexpectedly. This has been fixed.
  [bsc#1215472, CVE-2023-3341, bind-CVE-2023-3341.patch]

- Add libs as requires because they may need to be updated when
  installing bind
  [bsc#1213748]

- Add dnstap support
  [jsc#PED-4852]

- Security Fix:
  * The overmem cleaning process has been improved, to prevent the
    cache from significantly exceeding the configured
    max-cache-size limit.
  [bsc#1212544, CVE-2023-2828, bind-CVE-2023-2828.patch]

- Security Fix:
  * An UPDATE message flood could cause named to exhaust all
    available memory. This flaw was addressed by adding a new
    update-quota option that controls the maximum number of
    outstanding DNS UPDATE messages that named can hold in a queue
    at any given time (default: 100).
  [bsc#1207471, CVE-2022-3094, bind-CVE-2022-3094.patch]

- Add systemd drop-in directory for named service
  [bsc#1201689, bind.spec]
binutils
- Update to version 2.41 [PED-5778]:
  * The MIPS port now supports the Sony Interactive Entertainment Allegrex
  processor, used with the PlayStation Portable, which implements the MIPS
  II ISA along with a single-precision FPU and a few implementation-specific
  integer instructions.
  * Objdump's --private option can now be used on PE format files to display the
  fields in the file header and section headers.
  * New versioned release of libsframe: libsframe.so.1.  This release introduces
  versioned symbols with version node name LIBSFRAME_1.0.  This release also
  updates the ABI in an incompatible way: this includes removal of
  sframe_get_funcdesc_with_addr API, change in the behavior of
  sframe_fre_get_ra_offset and sframe_fre_get_fp_offset APIs.
  * SFrame Version 2 is now the default (and only) format version supported by
  gas, ld, readelf and objdump.
  * Add command-line option, --strip-section-headers, to objcopy and strip to
  remove ELF section header from ELF file.
  * The RISC-V port now supports the following new standard extensions:
  - Zicond (conditional zero instructions)
  - Zfa (additional floating-point instructions)
  - Zvbb, Zvbc, Zvkg, Zvkned, Zvknh[ab], Zvksed, Zvksh, Zvkn, Zvknc, Zvkng,
    Zvks, Zvksc, Zvkg, Zvkt (vector crypto instructions)
  * The RISC-V port now supports the following vendor-defined extensions:
  - XVentanaCondOps
  * Add support for Intel FRED, LKGS and AMX-COMPLEX instructions.
  * A new .insn directive is recognized by x86 gas.
  * Add SME2 support to the AArch64 port.
  * The linker now accepts a command line option of --remap-inputs
  <PATTERN>=<FILE> to relace any input file that matches <PATTERN> with
  <FILE>.  In addition the option --remap-inputs-file=<FILE> can be used to
  specify a file containing any number of these remapping directives.
  * The linker command line option --print-map-locals can be used to include
  local symbols in a linker map.  (ELF targets only).
  * For most ELF based targets, if the --enable-linker-version option is used
  then the version of the linker will be inserted as a string into the .comment
  section.
  * The linker script syntax has a new command for output sections: ASCIZ "string"
  This will insert a zero-terminated string at the current location.
  * Add command-line option, -z nosectionheader, to omit ELF section
  header.
- Removed obsolete patches: binutils-2.40-branch.diff.gz,
  riscv-dynamic-tls-reloc-pie.patch, riscv-pr22263-1.patch,
  extensa-gcc-4_3-fix.diff .
- Add binutils-2.41-branch.diff.gz .
- Add binutils-old-makeinfo.diff for SLE-12 and older.
- Rebased aarch64-common-pagesize.patch and binutils-revert-rela.diff .
- Contains fixes for these non-CVEs (not security bugs per upstreams
  SECURITY.md):
  * bsc#1209642 aka CVE-2023-1579 aka PR29988
  * bsc#1210297 aka CVE-2023-1972 aka PR30285
  * bsc#1210733 aka CVE-2023-2222 aka PR29936
  * bsc#1213458 aka CVE-2021-32256 aka PR105039 (gcc)
  * bsc#1214565 aka CVE-2020-19726 aka PR26240
  * bsc#1214567 aka CVE-2022-35206 aka PR29290
  * bsc#1214579 aka CVE-2022-35205 aka PR29289
  * bsc#1214580 aka CVE-2022-44840 aka PR29732
  * bsc#1214604 aka CVE-2022-45703 aka PR29799
  * bsc#1214611 aka CVE-2022-48065 aka PR29925
  * bsc#1214619 aka CVE-2022-48064 aka PR29922
  * bsc#1214620 aka CVE-2022-48063 aka PR29924
  * bsc#1214623 aka CVE-2022-47696 aka PR29677
  * bsc#1214624 aka CVE-2022-47695 aka PR29846
  * bsc#1214625 aka CVE-2022-47673 aka PR29876

- Add binutils-disable-dt-relr.sh for an compatibility problem
  caused by binutils-revert-rela.diff in SLE codestreams.
  Needed for update of glibc as that would otherwise pick up
  the broken relative relocs support.  [bsc#1213282, PED-1435]
- This only existed only for a very short while in SLE-15, as the main
  variant in devel:gcc subsumed this in binutils-revert-rela.diff.
  Hence:
- Remove binutils-disable-dt-relr.sh as subsumed.

- riscv-dynamic-tls-reloc-pie.patch: Backport for PR ld/22263 and PR
  ld/25694
- riscv-pr22263-1.patch: Backport for PR ld/22263

- Rebase branch patch (includes fix for PR30281).

- Document fixed CVEs:
  * bnc#1208037 aka CVE-2023-25588 aka PR29677
  * bnc#1208038 aka CVE-2023-25587 aka PR29846
  * bnc#1208040 aka CVE-2023-25585 aka PR29892
  * bnc#1208409 aka CVE-2023-0687 aka PR29444

- Enable bpf-none cross target and add bpf-none to the multitarget
  set of supported targets.

- Disable packed-relative-relocs for old codestreams.  They generate
  buggy relocations when binutils-revert-rela.diff is active.
  [bsc#1206556]

- Disable ZSTD debug section compress by default.

- Enable zstd compression algorithm (instead of zlib)
  for debug info sections by default.

- Pack libgprofng only for supported platforms.

- Remove upstreamed patch binutils-maxpagesize.diff.

- Rebase binutils-2.40-branch.diff.gz as it includes fix for PR30043.
- Move libgprofng-related libraries to the proper locations (packages).
- Add --without=bootstrap for skipping of bootstrap (faster testing
  of the package).

- Remove broken arm32-avoid-copyreloc.patch to fix [gcc#108515]

- Update to version 2.40:
  * Objdump has a new command line option --show-all-symbols which will make it
  display all symbols that match a given address when disassembling.  (Normally
  only the first symbol that matches an address is shown).
  * Add --enable-colored-disassembly configure time option to enable colored
  disassembly output by default, if the output device is a terminal.  Note,
  this configure option is disabled by default.
  * DCO signed contributions are now accepted.
  * objcopy --decompress-debug-sections now supports zstd compressed debug
  sections.  The new option --compress-debug-sections=zstd compresses debug
  sections with zstd.
  * addr2line and objdump --dwarf now support zstd compressed debug sections.
  * The dlltool program now accepts --deterministic-libraries and
  - -non-deterministic-libraries as command line options to control whether or
  not it generates deterministic output libraries.  If neither of these options
  are used the default is whatever was set when the binutils were configured.
  * readelf and objdump now have a newly added option --sframe which dumps the
  SFrame section.
  * Add support for Intel RAO-INT instructions.
  * Add support for Intel AVX-NE-CONVERT instructions.
  * Add support for Intel MSRLIST instructions.
  * Add support for Intel WRMSRNS instructions.
  * Add support for Intel CMPccXADD instructions.
  * Add support for Intel AVX-VNNI-INT8 instructions.
  * Add support for Intel AVX-IFMA instructions.
  * Add support for Intel PREFETCHI instructions.
  * Add support for Intel AMX-FP16 instructions.
  * gas now supports --compress-debug-sections=zstd to compress
  debug sections with zstd.
  * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd}
  that selects the default compression algorithm
  for --enable-compressed-debug-sections.
  * Add support for various T-Head extensions (XTheadBa, XTheadBb, XTheadBs,
  XTheadCmo, XTheadCondMov, XTheadFMemIdx, XTheadFmv, XTheadInt, XTheadMemIdx,
  XTheadMemPair, XTheadMac, and XTheadSync) from version 2.0 of the T-Head
  ISA manual, which are implemented in the Allwinner D1.
  * Add support for the RISC-V Zawrs extension, version 1.0-rc4.
  * Add support for Cortex-X1C for Arm.
  * New command line option --gsframe to generate SFrame unwind information
  on x86_64 and aarch64 targets.
  * The linker has a new command line option to suppress the generation of any
  warning or error messages.  This can be useful when there is a need to create
  a known non-working binary.  The option is -w or --no-warnings.
  * ld now supports zstd compressed debug sections.  The new option
  - -compress-debug-sections=zstd compresses debug sections with zstd.
  * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd}
  that selects the default compression algorithm
  for --enable-compressed-debug-sections.
  * Remove support for -z bndplt (MPX prefix instructions).
- Rebased patches: add-ulp-section.diff, ld-relro.diff, binutils-revert-plt32-in-branches.diff,
  cross-avr-size.patch.
- Removed patch: binutils-pr29482.diff.
- New patch: extensa-gcc-4_3-fix.diff.
- Includes fixes for these CVEs:
  * bnc#1206080 aka CVE-2022-4285 aka PR29699
- Enable by default: --enable-colored-disassembly.

- fix build on x86_64_vX platforms

- Add binutils-maxpagesize.diff for a problem on old code
  streams, where we would generate too large binaries.

- s390-pic-dso.diff: use %pB instead of %B

- SLE toolchain update of binutils.  Update to 2.39 from 2.37,
  which means obsoleting and hence removing these patches:
  binutils-add-efi-aarch64-1.diff, binutils-add-efi-aarch64-2.diff,
  binutils-add-efi-aarch64-3.diff, binutils-fix-keepdebug.diff,
  binutils-add-z16-name.diff.
  Implements [jsc#SLE-25046, jsc#PED-2029, jsc#PED-2035, jsc#PED-2033,
  jsc#PED-2030, jsc#PED-2038, jsc#PED-2032, jsc#PED-2034, jsc#PED-2031,
  jsc#SLE-25047]
- This fixes these CVEs relative to 2.37:
  [bsc#1188374, bsc#1185597] aka (GCC) PR99935 aka CVE-2021-3648
  [bsc#1193929] aka PR28694 aka CVE-2021-45078
  [bsc#1194783] aka (GCC) PR98886 aka CVE-2021-46195
  [bsc#1197592] aka (GCC) PR105039 aka CVE-2022-27943
  [bsc#1202966] aka PR29289 aka CVE-2022-38126
  [bsc#1202967] aka PR29290 aka CVE-2022-38127
  [bsc#1202969] aka CVE-2021-3826

- add arm32-avoid-copyreloc.patch for PR16177 (bsc#1200962)

- Add binutils-pr29482.diff for PR29482, aka CVE-2022-38533
  [bsc#1202816]

- Rebase binutils-2.39-branch.diff.gz that contains fix for PR29451.

- Add binutils-2.39-branch.diff.gz.
- Explicitly enable --enable-warn-execstack=yes and	--enable-warn-rwx-segments=yes.
- Add gprofng subpackage.

- Update to binutils 2.39:
  * The ELF linker will now generate a warning message if the stack is made
    executable.  Similarly it will warn if the output binary contains a
    segment with all three of the read, write and execute permission
    bits set.  These warnings are intended to help developers identify
    programs which might be vulnerable to attack via these executable
    memory regions.
    The warnings are enabled by default but can be disabled via a command
    line option.  It is also possible to build a linker with the warnings
    disabled, should that be necessary.
  * The ELF linker now supports a --package-metadata option that allows
    embedding a JSON payload in accordance to the Package Metadata
    specification.
  * In linker scripts it is now possible to use TYPE=<type> in an output
    section description to set the section type value.
  * The objdump program now supports coloured/colored syntax
    highlighting of its disassembler output for some architectures.
    (Currently: AVR, RiscV, s390, x86, x86_64).
  * The nm program now supports a --no-weak/-W option to make it ignore
    weak symbols.
  * The readelf and objdump programs now support a -wE option to prevent
    them from attempting to access debuginfod servers when following
    links.
  * The objcopy program's --weaken, --weaken-symbol, and
  - -weaken-symbols options now works with unique symbols as well.
- Rebase binutils-compat-old-behaviour.diff, binutils-revert-hlasm-insns.diff,
  binutils-revert-plt32-in-branches.diff and remove binutils-2.38-branch.diff.gz.
- For now use --disable-gprofng.
- Includes fixes for these CVEs:
  bnc#1142579 aka CVE-2019-1010204 aka PR23765

(Fake entry from SLE for tracking purposes:)
blog
- Add patch blog.dif
  * Fix big endian cast problems to be able to read commands
    and ansers (blogctl) as well as passphrases (blogd)
ca-certificates-mozilla
- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
  Added:
  - Atos TrustedRoot Root CA ECC G2 2020
  - Atos TrustedRoot Root CA ECC TLS 2021
  - Atos TrustedRoot Root CA RSA G2 2020
  - Atos TrustedRoot Root CA RSA TLS 2021
  - BJCA Global Root CA1
  - BJCA Global Root CA2
  - LAWtrust Root CA2 (4096)
  - Sectigo Public Email Protection Root E46
  - Sectigo Public Email Protection Root R46
  - Sectigo Public Server Authentication Root E46
  - Sectigo Public Server Authentication Root R46
  - SSL.com Client ECC Root CA 2022
  - SSL.com Client RSA Root CA 2022
  - SSL.com TLS ECC Root CA 2022
  - SSL.com TLS RSA Root CA 2022
  Removed CAs:
  - Chambers of Commerce Root
  - E-Tugra Certification Authority
  - E-Tugra Global Root CA ECC v3
  - E-Tugra Global Root CA RSA v3
  - Hongkong Post Root CA 1

- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
  Removed CAs:
  - Global Chambersign Root
  - EC-ACC
  - Network Solutions Certificate Authority
  - Staat der Nederlanden EV Root CA
  - SwissSign Platinum CA - G2
  Added CAs:
  - DIGITALSIGN GLOBAL ROOT ECDSA CA
  - DIGITALSIGN GLOBAL ROOT RSA CA
  - Security Communication ECC RootCA1
  - Security Communication RootCA3
  Changed trust:
  - TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle "valid before nov 30 2022"
  and it is not clear how many certs were issued for SSL middleware by TrustCor:
  - TrustCor RootCert CA-1
  - TrustCor RootCert CA-2
  - TrustCor ECA-1
  Patch: remove-trustcor.patch
ca-certificates
- Update to version 2+git20240416.98ae794 (bsc#1221184):
  * Use flock to serialize calls (boo#1188500)
  * Make certbundle.run container friendly
  * Create /var/lib/ca-certificates if needed
catatonit
- Update to catatonit v0.2.0.
  * Change license to GPL-2.0-or-later.
- Remove upstreamed patches:
  - 99bb9048f.patch

- Update to catatont v0.1.7
- This release adds the ability for catatonit to be used as the only
  process in a pause container, by passing the -P flag (in this mode no
  subprocess is spawned and thus no signal forwarding is done).

- Add 99bb9048f.patch: configure.ac: call AM_INIT_AUTOMAKE only
  once. Fix build with autocnf 2.71 / automake 1.16.5.

- Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to
  socket activation or features somewhat adjacent to socket activation (such as
  passing file descriptors).
- Update catatonit-rpmlintrc in order to cover that static binaries are now an
  error not a warning.
chrony
- Use make quickcheck instead of make check to avoid >1h build
  times and failures due to timeouts. This was the default before
  3.2 but it changed to make tests more reliable. Here a seed is
  already set to get deterministic execution.

- Use shorter NTS-KE retry interval when network is down
  (bsc#1213551, chrony-burst_total_samples_to_go.patch,
  chrony-retry_interval_ke_start.patch).
cloud-init
- Add cloud-init-skip-rename.patch (bsc#1219680)
  + Brute force appraoch to skip renames if the device is already present

- Add cloud-init-usr-sudoers.patch (bsc#1223469)
  + Handle the existence of /usr/etc/sudoers to search for the expected
    include location

- Update cloud-init-no-openstack-guess.patch
  + Do not enable cloud-init on systems where there is no DMI just
    because no data source has been found. No data source means
    cloud-init will not run.

- Add cloud-init-no-nmcfg-needed.patch (bsc#1221726)
  + Do not require a NetworkManager config file in order to detect
    NetworkManager as the renderer

- Add cloud-init-no-openstack-guess.patch (bsc#1222113)
  + Do not guess if we are running on OpenStack or not. Only recognize
    the known markers and enable cloud-init if we know for sure.

- Add  cloud-init-ds-deterministic.patch (bsc#1221132)
  + Do not guess a data source when checking for a CloudStack
    environment

- Hardcode distribution to suse for proper cloud.cfg generation
  (bsc#1220132).

- Prepare for RPM 4.20 switch patch syntax

- Add cloud-init-skip-empty-conf.patch
  + Skip tests with empty config

- Add cloud-init-pckg-reboot.patch (boo#1198533, bsc#1218952,  jsc#SMO-326)
  + Support reboot on package update/upgrade via the cloud-init config

- Switch build dependency to the generic distribution-release package

- Move fdupes call back to %install (boo#1214169)

- Update to version 23.3 (bsc#1216011, bsc#1215794, bsc#1215740)
  + Remove patches included upstream:
  - cloud-init-fix-ca-test.patch
  - cloud-init-cve-2023-1786-redact-instance-data-json-main.patch
  - cloud-init-power-rhel-only.patch
  - cloud-init-flake8-fixes.patch
  + Add
  - cloud-init-keep-flake.patch
  - cloud-init-lint-fixes.patch
  + Update
  - cloud-init-write-routes.patch (bsc#1216007)
  + Bump pycloudlib to 1!5.1.0 for ec2 mantic daily image support (#4390)
  + Fix cc_keyboard in mantic (LP: #2030788)
  + ec2: initialize get_instance_userdata return value to bytes (#4387)
    [Noah Meyerhans]
  + cc_users_groups: Add doas/opendoas support (#4363) [dermotbradley]
  + Fix pip-managed ansible
  + status: treat SubState=running and MainPID=0 as service exited
  + azure/imds: increase read-timeout to 30s (#4372) [Chris Patterson]
  + collect-logs fix memory usage (SC-1590) (#4289)
    [Alec Warren] (LP: #1980150)
  + cc_mounts: Use fallocate to create swapfile on btrfs (#4369) [王煎饼]
  + Undocument nocloud-net (#4318)
  + feat(akamai): add akamai to settings.py and apport.py (#4370)
  + read-version: fallback to get_version when git describe fails (#4366)
  + apt: fix cloud-init status --wait blocking on systemd v 253 (#4364)
  + integration tests: Pass username to pycloudlib (#4324)
  + Bump pycloudlib to 1!5.1.0 (#4353)
  + cloud.cfg.tmpl: reorganise, minimise/reduce duplication (#4272)
    [dermotbradley]
  + analyze: fix (unexpected) timestamp parsing (#4347) [Mina Galić]
  + cc_growpart: fix tests to run on FreeBSD (#4351) [Mina Galić]
  + subp: Fix spurious test failure on FreeBSD (#4355) [Mina Galić]
  + cmd/clean: fix tests on non-Linux platforms (#4352) [Mina Galić]
  + util: Fix get_proc_ppid() on non-Linux systems (#4348) [Mina Galić]
  + cc_wireguard: make tests pass on FreeBSD (#4346) [Mina Galić]
  + unittests: fix breakage in test_read_cfg_paths_fetches_cached_datasource
    (#4328) [Ani Sinha]
  + Fix test_tools.py collection (#4315)
  + cc_keyboard: add Alpine support (#4278) [dermotbradley]
  + Flake8 fixes (#4340) [Robert Schweikert]
  + cc_mounts: Fix swapfile not working on btrfs (#4319) [王煎饼] (LP: #1884127)
  + ds-identify/CloudStack: $DS_MAYBE if vm running on vmware/xen (#4281)
    [Wei Zhou]
  + ec2: Support double encoded userdata (#4276) [Noah Meyerhans]
  + cc_mounts: xfs is a Linux only FS (#4334) [Mina Galić]
  + tests/net: fix TestGetInterfaces' mock coverage for get_master (#4336)
    [Chris Patterson]
  + change openEuler to openeuler and fix some bugs in openEuler (#4317)
    [sxt1001]
  + Replace flake8 with ruff (#4314)
  + NM renderer: set default IPv6 addr-gen-mode for all interfaces to eui64
    (#4291) [Ani Sinha]
  + cc_ssh_import_id: add Alpine support and add doas support (#4277)
    [dermotbradley]
  + sudoers not idempotent (SC-1589)  (#4296) [Alec Warren] (LP: #1998539)
  + Added support for Akamai Connected Cloud (formerly Linode) (#4167)
    [Will Smith]
  + Fix reference before assignment (#4292)
  + Overhaul module reference page (#4237) [Sally]
  + replaced spaces with commas for setting passenv (#4269) [Alec Warren]
  + DS VMware: modify a few log level (#4284) [PengpengSun]
  + tools/read-version refactors and unit tests (#4268)
  + Ensure get_features() grabs all features (#4285)
  + Don't always require passlib dependency (#4274)
  + tests: avoid leaks into host system checking of ovs-vsctl cmd (#4275)
  + Fix NoCloud kernel commandline key parsing (#4273)
  + testing: Clear all LRU caches after each test (#4249)
  + Remove the crypt dependency (#2139) [Gonéri Le Bouder]
  + logging: keep current file mode of log file if its stricter than the
    new mode (#4250) [Ani Sinha]
  + Remove default membership in redundant groups (#4258)
    [Dave Jones] (LP: #1923363)
  + doc: improve datasource_creation.rst (#4262)
  + Remove duplicate Integration testing button (#4261) [Rishita Shaw]
  + tools/read-version: fix the tool so that it can handle version parsing
    errors (#4234) [Ani Sinha]
  + net/dhcp: add udhcpc support (#4190) [Jean-François Roche]
  + DS VMware: add i386 arch dir to deployPkg plugin search path
    [PengpengSun]
  + LXD moved from linuxcontainers.org to Canonical [Simon Deziel]
  + cc_mounts.py: Add note about issue with creating mounts inside mounts
    (#4232) [dermotbradley]
  + lxd: install lxd from snap, not deb if absent in image
  + landscape: use landscape-config to write configuration
  + Add deprecation log during init of DataSourceDigitalOcean (#4194)
    [tyb-truth]
  + doc: fix typo on apt.primary.arches (#4238) [Dan Bungert]
  + Inspect systemd state for cloud-init status (#4230)
  + instance-data: add system-info and features to combined-cloud-config
    (#4224)
  + systemd: Block login until config stage completes (#2111) (LP: #2013403)
  + tests: proposed should invoke apt-get install -t=<release>-proposed
    (#4235)
  + cloud.cfg.tmpl: reinstate ca_certs entry (#4236) [dermotbradley]
  + Remove feature flag override ability (#4228)
  + tests: drop stray unrelated file presence test (#4227)
  + Update LXD URL (#4223) [Sally]
  + schema: add network v1 schema definition and validation functions
  + tests: daily PPA for devel series is version 99.daily update tests to
    match (#4225)
  + instance-data: write /run/cloud-init/combined-cloud-config.json
  + mount parse: Fix matching non-existent directories (#4222) [Mina Galić]
  + Specify build-system for pep517 (#4218)
  + Fix network v2 metric rendering (#4220)
  + Migrate content out of FAQ page (SD-1187) (#4205) [Sally]
  + setup: fix generation of init templates (#4209) [Mina Galić]
  + docs: Correct some bootcmd example wording
  + fix changelog
  + tests: reboot client to assert x-shellscript-per-boot is triggered
  + nocloud: parse_cmdline no longer detects nocloud-net datasource (#4204)
    (LP: 4203, #2025180)
  + Add docstring and typing to mergemanydict (#4200)
  + BSD: add dsidentify to early startup scripts (#4182) [Mina Galić]
  + handler: report errors on skipped merged cloud-config.txt parts
    (LP: #1999952)
  + Add cloud-init summit writeups (#4179) [Sally]
  + tests: Update test_clean_log for oci (#4187)
  + gce: improve ephemeral fallback NIC selection (CPC-2578) (#4163)
  + tests: pin pytest 7.3.1 to avoid adverse testpaths behavior (#4184)
  + Ephemeral Networking for FreeBSD (#2165) [Mina Galić]
  + Clarify directory syntax for nocloud local filesystem. (#4178)
  + Set default renderer as sysconfig for centos/rhel (#4165) [Ani Sinha]
  + Test static routes and netplan 0.106
  + FreeBSD fix parsing of mount and mount options (#2146) [Mina Galić]
  + test: add tracking bug id (#4164)
  + tests: can't match MAC for LXD container veth due to netplan 0.106
    (#4162)
  + Add kaiwalyakoparkar as a contributor (#4156) [Kaiwalya Koparkar]
  + BSD: remove datasource_list from cloud.cfg template (#4159) [Mina Galić]
  + launching salt-minion in masterless mode (#4110) [Denis Halturin]
  + tools: fix run-container builds for rockylinux/8 git hash mismatch
    (#4161)
  + fix doc lint: spellchecker tripped up (#4160) [Mina Galić]
  + Support Ephemeral Networking for BSD (#2127)
  + Added / fixed support for static routes on OpenBSD and FreeBSD (#2157)
    [Kadir Mueller]
  + cc_rsyslog: Refactor for better multi-platform support (#4119)
    [Mina Galić] (LP: #1798055)
  + tests: fix test_lp1835584 (#4154)
  + cloud.cfg mod names: docs and rename salt_minion and set_password (#4153)
  + tests: apt support for deb822 format .sources files on mantic
  + vultr: remove check_route check (#2151) [Jonas Chevalier]
  + Update SECURITY.md (#4150) [Indrranil Pawar]
  + Update CONTRIBUTING.rst (#4149) [Indrranil Pawar]
  + Update .github-cla-signers (#4151) [Indrranil Pawar]
  + Standardise module names in cloud.cfg.tmpl to only use underscore
    (#4128) [dermotbradley]
  + tests: update test_webhook_reporting
  + Modify PR template so autoclose works
  + doc: add missing semi-colon to nocloud cmdline docs (#4120)
  + .gitignore: extend coverage pattern (#4143) [Mina Galić]
  From 23.2.2
  + Fix NoCloud kernel commandline key parsing (#4273) (Fixes: #4271)
    (LP: #2028562)
  + Fix reference before assignment (#4292) (Fixes: #4288) (LP: #2028784)
  From 23.2.1
  + nocloud: Fix parse_cmdline detection of nocloud-net datasource (#4204)
    (Fixes: 4203) (LP: #2025180)
  From 23.2
  + BSD: simplify finding MBR partitions by removing duplicate code
  [Mina Galić]
  + tests: bump pycloudlib version for mantic builds
  + network-manager: Set higher autoconnect priority for nm keyfiles (#3671)
    [Ani Sinha]
  + alpine.py: change the locale file used (#4139) [dermotbradley]
  + cc_ntp: Sync up with current FreeBSD ntp.conf (#4122) [Mina Galić]
  + config: drop refresh_rmc_and_interface as RHEL 7 no longer supported
    [Robert Schweikert]
  + docs: Add feedback button to docs
  + net/sysconfig: enable sysconfig renderer if network manager has ifcfg-rh
    plugin (#4132) [Ani Sinha]
  + For Alpine use os-release PRETTY_NAME (#4138) [dermotbradley]
  + network_manager: add a method for ipv6 static IP configuration (#4127)
    [Ani Sinha]
  + correct misnamed template file host.mariner.tmpl (#4124) [dermotbradley]
  + nm: generate ipv6 stateful dhcp config at par with sysconfig (#4115)
    [Ani Sinha]
  + Add templates for GitHub Issues
  + Add 'peers' and 'allow' directives in cc_ntp (#3124) [Jacob Salmela]
  + FreeBSD: Fix user account locking (#4114) [Mina Galić] (GH: #1854594)
  + FreeBSD: add ResizeGrowFS class to cc_growpart (#2334) [Mina Galić]
  + Update tests in Azure TestCanDevBeReformatted class (#2771)
    [Ksenija Stanojevic]
  + Replace Launchpad references with GitHub Issues
  + Fix KeyError in iproute pformat (#3287) [Dmitry Zykov]
  + schema: read_cfg_paths call init.fetch to lookup /v/l/c/instance
  + azure/errors: introduce reportable errors for imds (#3647)
    [Chris Patterson]
  + FreeBSD (and friends): better identify MBR slices (#2168)
    [Mina Galić] (LP: #2016350)
  + azure/errors: add host reporting for dhcp errors (#2167)
    [Chris Patterson]
  + net: purge blacklist_drivers across net and azure (#2160)
    [Chris Patterson]
  + net: refactor hyper-v VF filtering and apply to get_interfaces() (#2153)
    [Chris Patterson]
  + tests: avoid leaks to underlying filesystem for /etc/cloud/clean.d
    (#2251)
  + net: refactor find_candidate_nics_on_linux() to use get_interfaces()
    (#2159) [Chris Patterson]
  + resolv_conf: Allow > 3 nameservers (#2152) [Major Hayden]
  + Remove mount NTFS error message (#2134) [Ksenija Stanojevic]
  + integration tests: fix image specification parsing (#2166)
  + ci: add hypothesis scheduled GH check (#2149)
  + Move supported distros list to docs (#2162)
  + Fix logger, use instance rather than module function (#2163)
  + README: Point to Github Actions build status (#2158)
  + Revert "fix linux-specific code on bsd (#2143)" (#2161)
  + Do not generate dsa and ed25519 key types when crypto FIPS mode is
    enabled (#2142) [Ani Sinha] (LP: 2017761)
  + Add documentation label automatically (#2156)
  + sources/azure: report success to host and introduce kvp module (#2141)
    [Chris Patterson]
  + setup.py: use pkg-config for udev/rules path (#2137) [dankm]
  + openstack/static: honor the DNS servers associated with a network
    (#2138) [Gonéri Le Bouder]
  + fix linux-specific code on bsd (#2143)
  + cli: schema validation of jinja template user-data (SC-1385) (#2132)
    (LP: #1881925)
  + gce: activate network discovery on every boot (#2128)
  + tests: update integration test to assert 640 across reboots (#2145)
  + Make user/vendor data sensitive and remove log permissions (#2144)
    (LP: #2013967)
  + Update kernel command line docs (SC-1457) (#2133)
  + docs: update network configuration path links (#2140) [d1r3ct0r]
  + sources/azure: report failures to host via kvp (#2136) [Chris Patterson]
  + net: Document use of `ip route append` to add routes (#2130)
  + dhcp: Add missing mocks (#2135)
  + azure/imds: retry fetching metadata up to 300 seconds (#2121)
    [Chris Patterson]
  + [1/2] DHCP: Refactor dhcp client code  (#2122)
  + azure/errors: treat traceback_base64 as string (#2131) [Chris Patterson]
  + azure/errors: introduce reportable errors (#2129) [Chris Patterson]
  + users: schema permit empty list to indicate create no users
  + azure: introduce identity module (#2116) [Chris Patterson]
  + Standardize disabling cloud-init on non-systemd (#2112)
  + Update .github-cla-signers (#2126) [Rob Tongue]
  + NoCloud: Use seedfrom protocol to determine mode (#2107)
  + rhel: Remove sysvinit files. (#2114)
  + tox.ini: set -vvvv --showlocals for pytest (#2104) [Chris Patterson]
  + Fix NoCloud kernel commandline semi-colon args
  + run-container: make the container/VM timeout configurable (#2118)
    [Paride Legovini]
  + suse: Remove sysvinit files. (#2115)
  + test: Backport assert_call_count for old requests (#2119)
  + Add "licebmi" as contributor (#2113) [Mark Martinez]
  + Adapt DataSourceScaleway to upcoming IPv6 support (#2033)
    [Louis Bouchard]
  + rhel: make sure previous-hostname file ends with a new line (#2108)
    [Ani Sinha]
  + Adding contributors for DataSourceAkamai (#2110) [acourdavAkamai]
  + Cleanup ephemeral IP routes on exception (#2100) [sxt1001]
  + commit 09a64badfb3f51b1b391fa29be19962381a4bbeb [sxt1001] (LP: #2011291)
  + Standardize kernel commandline user interface (#2093)
  + config/cc_resizefs: fix do_resize arguments (#2106) [Chris Patterson]
  + Fix test_dhclient_exits_with_error (#2105)
  + net/dhcp: catch dhclient failures and raise NoDHCPLeaseError (#2083)
    [Chris Patterson]
  + sources/azure: move pps handling out of _poll_imds() (#2075)
    [Chris Patterson]
  + tests: bump pycloudlib version (#2102)
  + schema: do not manipulate draft4 metaschema for jsonschema 2.6.0 (#2098)
  + sources/azure/imds: don't count timeout errors as connection errors
    (#2074) [Chris Patterson]
  + Fix Python 3.12 unit test failures (#2099)
  + integration tests: Refactor instance checking (#1989)
  + ci: migrate remaining jobs from travis to gh (#2085)
  + missing ending quote in instancedata docs(#2094) [Hong L]
  + refactor: stop passing log instances to cc_* handlers (#2016) [d1r3ct0r]
  + tests/vmware: fix test_no_data_access_method failure (#2092)
    [Chris Patterson]
  + Don't change permissions of netrules target (#2076) (LP: #2011783)
  + tests/sources: patch util.get_cmdline() for datasource tests (#2091)
    [Chris Patterson]
  + macs: ignore duplicate MAC for devs with driver driver qmi_wwan (#2090)
    (LP: #2008888)
  + Fedora: Enable CA handling (#2086) [František Zatloukal]
  + Send dhcp-client-identifier for InfiniBand ports (#2043) [Waleed Mousa]
  + cc_ansible: complete the examples and doc (#2082) [Yves]
  + bddeb: for dev package, derive debhelper-compat from host system
  + apport: only prompt for cloud_name when instance-data.json is absent
  + datasource: Optimize datasource detection, fix bugs (#2060)
  + Handle non existent ca-cert-config situation (#2073) [Shreenidhi Shedi]
  + sources/azure: add networking check for all source PPS (#2061)
    [Chris Patterson]
  + do not attempt dns resolution on ip addresses (#2040)
  + chore: fix style tip (#2071)
  + Fix metadata IP in instancedata.rst (#2063) [Brian Haley]
  + util: Pass deprecation schedule in deprecate_call() (#2064)
  + config: Update grub-dpkg docs (#2058)
  + docs: Cosmetic improvements and styling (#2057) [s-makin]
  + cc_grub_dpkg: Added UEFI support (#2029) [Alexander Birkner]
  + tests: Write to /var/spool/rsyslog to adhere to apparmor profile (#2059)
  + oracle-ds: prefer system_cfg over ds network config source (#1998)
    (LP: #1956788)
  + Remove dead code (#2038)
  + source: Force OpenStack when it is only option (#2045) (LP: #2008727)
  + cc_ubuntu_advantage: improve UA logs discovery
  + sources/azure: fix regressions in IMDS behavior (#2041) [Chris Patterson]
  + tests: fix test_schema (#2042)
  + dhcp: Cleanup unused kwarg (#2037)
  + sources/vmware/imc: fix-missing-catch-few-negtive-scenarios (#2027)
    [PengpengSun]
  + dhclient_hook: remove vestigal dhclient_hook command (#2015)
  + log: Add standardized deprecation tooling (SC-1312) (#2026)
  + Enable SUSE based distros for ca handling (#2036) [Robert Schweikert]
  From 23.1.2
  + Make user/vendor data sensitive and remove log permissions
    (LP: #2013967) (CVE-2023-1786)
  From 23.1.1
  + source: Force OpenStack when it is only option (#2045)
  + sources/azure: fix regressions in IMDS behavior (#2041)
    [Chris Patterson]

- Add cloud-init-flake8-fixes.patch
- Revert chnages from previous commit
  + Disabling checks the primary maintainer enabled for specific reasons
    is not a fix.

- update to 23.1.2:
  * Make user/vendor data sensitive and remove log permissions
  * source: Force OpenStack when it is only option (#2045)
  * sources/azure: fix regressions in IMDS behavior
- drop
  cloud-init-cve-2023-1786-redact-instance-data-json-main.patch (upstream)
- spec-file cleanups, including dropping flake8 (as build fails
  with newer flake8 versions)

- Update cloud-init-write-routes.patch (bsc#1212879)
  + Add necessary import statement
- Enable flake8 linting, fix up patches
  + cloud-init-cve-2023-1786-redact-instance-data-json-main.patch
  + cloud-init-power-rhel-only.patch
  + cloud-init-write-routes.patch
  + datasourceLocalDisk.patch

- Add cloud-init-power-rhel-only.patch (bsc#1210273)
  + Config module cc_refresh_rmc_and_interface is implemented such that
    it will only work on RH distros. Set the module availability accordingly.

- Sensitive data exposure (bsc#1210277, CVE-2023-1786)
  + Add hidesensitivedata
  + Add cloud-init-cve-2023-1786-redact-inst-data.patch
  + Do not expose sensitive data gathered from the CSP

- Update to version 23.1
  + Remove patches included upstream:
  - cloud-init-btrfs-queue-resize.patch
  - cloud-init-micro-is-suse.patch
  - cloud-init-suse-afternm.patch
  - cloud-init-prefer-nm.patch
  - cloud-init-transact-up.patch
  + Forward port
  - cloud-init-write-routes.patch
  + Added
  - cloud-init-fix-ca-test.patch
  + Support transactional-updates for SUSE based distros (#1997)
    [Robert Schweikert]
  + Set ownership for new folders in Write Files Module (#1980)
    [Jack] (LP: #1990513)
  + add OpenCloudOS and TencentOS support (#1964) [wynnfeng]
  + lxd: Retry if the server isn't ready (#2025)
  + test: switch pycloudlib source to pypi (#2024)
  + test: Fix integration test deprecation message (#2023)
  + Recognize opensuse-microos, dev tooling fixes [Robert Schweikert]
  + sources/azure: refactor imds handler into own module (#1977)
    [Chris Patterson]
  + docs: deprecation generation support [1/2] (#2013)
  + add function is_virtual to distro/FreeBSD (#1957) [Mina Galić]
  + cc_ssh: support multiple hostcertificates (#2018) (LP: #1999164)
  + Fix minor schema validation regression and fixup typing (#2017)
  + doc: Reword user data debug section (#2019)
  + Overhaul/rewrite of certificate handling as follows: (#1962)
    [dermotbradley] (LP: #1931174)
  + disk_setup: use byte string when purging the partition table (#2012)
    [Stefan Prietl]
  + cli: schema also validate vendordata*.
  + ci: sort and add checks for cla signers file [Stefan Prietl]
  + Add "ederst" as contributor (#2010) [Stefan Prietl]
  + readme: add reference to packages dir (#2001)
  + docs: update downstream package list (#2002)
  + docs: add google search verification (#2000) [s-makin]
  + docs: fix 404 render use default notfound_urls_prefix in RTD conf (#2004)
  + Fix OpenStack datasource detection on bare metal (#1923)
    [Alexander Birkner] (LP: #1815990)
  + docs: add themed RTD 404 page and pointer to readthedocs-hosted (#1993)
  + schema: fix gpt labels, use type string for GUID (#1995)
  + cc_disk_setup: code cleanup (#1996)
  + netplan: keep custom strict perms when 50-cloud-init.yaml exists
  + cloud-id: better handling of change in datasource files
    [d1r3ct0r] (LP: #1998998)
  + tests: Remove restart check from test
  + Ignore duplicate macs from mscc_felix and fsl_enetc (LP: #1997922)
  + Warn on empty network key (#1990)
  + Fix Vultr cloud_interfaces usage (#1986) [eb3095]
  + cc_puppet: Update puppet service name (#1970) [d1r3ct0r] (LP: #2002969)
  + docs: Clarify networking docs (#1987)
  + lint: remove httpretty (#1985) [sxt1001]
  + cc_set_passwords: Prevent traceback when restarting ssh (#1981)
  + tests: fix lp1912844 (#1978)
  + tests: Skip ansible test on bionic (#1984)
  + Wait for NetworkManager (#1983) [Robert Schweikert]
  + docs: minor polishing (#1979) [s-makin]
  + CI: migrate integration-test to GH actions (#1969)
  + Fix permission of SSH host keys (#1971) [Ron Gebauer]
  + Fix default route rendering on v2 ipv6 (#1973) (LP: #2003562)
  + doc: fix path in net_convert command (#1975)
  + docs: update net_convert docs (#1974)
  + doc: fix dead link
  + cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if it's empty
    (#1967) [Emanuele Giuseppe Esposito]
  + distros/rhel.py: _read_hostname() missing strip on "hostname" (#1941)
    [Mark Mielke]
  + integration tests: add  IBM VPC support (SC-1352) (#1915)
  + machine-id: set to uninitialized to trigger regeneration on clones
    (LP: #1999680)
  + sources/azure: retry on connection error when fetching metdata (#1968)
    [Chris Patterson]
  + Ensure ssh state accurately obtained (#1966)
  + bddeb: drop dh-systemd dependency on newer deb-based releases [d1r3ct0r]
  + doc: fix `config formats` link in cloudsigma.rst (#1960)
  + Fix wrong subp syntax in cc_set_passwords.py (#1961)
  + docs: update the PR template link to readthedocs (#1958) [d1r3ct0r]
  + ci: switch unittests to gh actions (#1956)
  + Add mount_default_fields for PhotonOS. (#1952) [Shreenidhi Shedi]
  + sources/azure: minor refactor for metadata source detection logic
    (#1936) [Chris Patterson]
  + add "CalvoM" as contributor (#1955) [d1r3ct0r]
  + ci: doc to gh actions (#1951)
  + lxd: handle 404 from missing devices route for LXD 4.0 (LP: #2001737)
  + docs: Diataxis overhaul (#1933) [s-makin]
  + vultr: Fix issue regarding cache and region codes (#1938) [eb3095]
  + cc_set_passwords: Move ssh status checking later (SC-1368) (#1909)
    (LP: #1998526)
  + Improve Wireguard module idempotency (#1940) [Fabian Lichtenegger-Lukas]
  + network/netplan: add gateways as on-link when necessary (#1931)
    [Louis Sautier] (LP: #2000596)
  + tests: test_lxd assert features.networks.zones when present (#1939)
  + Use btrfs enquque when available (#1926) [Robert Schweikert]
  + sources/azure: drop description for report_failure_to_fabric() (#1934)
    [Chris Patterson]
  + cc_disk_setup.py: fix MBR single partition creation (#1932)
    [dermotbradley] (LP: #1851438)
  + Fix typo with package_update/package_upgrade (#1927) [eb3095]
  + sources/azure: fix device driver matching for net config (#1914)
    [Chris Patterson]
  + BSD: fix duplicate macs in Ifconfig parser (#1917) [Mina Galić]
  + test: mock dns calls (#1922)
  + pycloudlib: add lunar support for integration tests (#1928)
  + nocloud: add support for dmi variable expansion for seedfrom URL
    (LP: #1994980)
  + tools: read-version drop extra call to git describe --long
  + doc: improve cc_write_files doc (#1916)
  + read-version: When insufficient tags, use cloudinit.version.get_version
  + mounts: document weird prefix in schema (#1913)
  + add utility function test cases (#1910) [sxt1001]
  + test: mock file deletion in dhcp tests (#1911)
  + Ensure network ready before cloud-init service runs on RHEL (#1893)
    (LP: #1998655)
  + docs: add copy button to code blocks (#1890) [s-makin]
  + netplan: define features.NETPLAN_CONFIG_ROOT_READ_ONLY flag
  + azure: fix support for systems without az command installed (#1908)
  + Networking Clarification (#1892)
  + Fix the distro.osfamily output problem in the openEuler system. (#1895)
    [sxt1001] (LP: #1999042)
  + pycloudlib: bump commit dropping azure api smoke test
  + net: netplan config root read-only as wifi config can contain creds
  + autoinstall: clarify docs for users
  + sources/azure: encode health report as utf-8 (#1897) [Chris Patterson]
  + Add back gateway4/6 deprecation to docs (#1898)
  + networkd: Add support for multiple [Route] sections (#1868)
    [Nigel Kukard]
  + doc: add qemu tutorial (#1863)
  + lint: fix tip-flake8 and tip-mypy (#1896)
  + Add support for setting uid when creating users on FreeBSD (#1888)
    [einsibjarni]
  + Fix exception in BSD networking code-path (#1894) [Mina Galić]
  + Append derivatives to is_rhel list in cloud.cfg.tmpl (#1887) [Louis Abel]
  + FreeBSD init: use cloudinit_enable as only rcvar (#1875) [Mina Galić]
  + feat: add support aliyun metadata security harden mode (#1865)
    [Manasseh Zhou]
  + docs: uprate analyze to performance page [s-makin]
  + test: fix lxd preseed managed network config (#1881)
  + Add support for static IPv6 addresses for FreeBSD (#1839) [einsibjarni]
  + Make 3.12 failures not fail the build (#1873)
  + Docs: adding relative links [s-makin]
  + Update read-version
  + Fix setup.py to align with PEP 440 versioning replacing trailing
  + travis: promote 3.11-dev to 3.11 (#1866)
  + test_cloud_sigma: delete useless test (#1828) [sxt1001]
  + Add "nkukard" as contributor (#1864) [Nigel Kukard]
  + tests: ds-id mocks for vmware-rpctool as utility may not exist in env
  + doc: add how to render new module doc (#1855)
  + doc: improve module creation explanation (#1851)
  + Add Support for IPv6 metadata to OpenStack (#1805)
    [Marvin Vogt] (LP: #1906849)
  + add xiaoge1001 to .github-cla-signers (#1854) [sxt1001]
  + network: Deprecate gateway{4,6} keys in network config v2 (#1794)
    (LP: #1992512)
  + VMware: Move Guest Customization transport from OVF to VMware (#1573)
    [PengpengSun]
  + doc: home page links added (#1852) [s-makin]
  From 22.4.2
  + status: handle ds not defined in status.json (#1876) (LP: #1997559)
  From 22.4.1
  + net: skip duplicate mac check for netvsc nic and its VF (#1853)
    [Anh Vo] (LP: #1844191)
  + ChangeLog: whitespace cleanup (#1850)
  + changelog: capture 22.3.1-4 releases

- Add cloud-init-transact-up.patch to support transactional-updates

- Add cloud-init-prefer-nm.patch
  + Prefer NetworkManager of sysconfig when available
- Remove six dependency (bsc#1198269)

- Update to version 22.4 (bsc#1201010)
  + Remove patches included upstream:
  - cloud-init-vmware-test.patch
  - cloud-init-sysctl-not-in-bin.patch
  + Forward port:
  - cloud-init-write-routes.patch
  - cloud-init-break-resolv-symlink.patch
  - cloud-init-sysconf-path.patch
  - cloud-init-no-tempnet-oci.patch
  + Add cloud-init-btrfs-queue-resize.patch (bsc#1171511)
  + Add cloud-init-micro-is-suse.patch (bsc#1203393) [Martin Petersen]
  + Add cloud-init-suse-afternm.patch
  + test: fix pro integration test [Alberto Contreras]
  + cc_disk_setup: pass options in correct order to utils (#1829)
    [dermotbradley]
  + tests: text_lxd basic_preseed verify_clean_log (#1826)
  + docs: switch sphinx theme to furo (SC-1327) (#1821) [Alberto Contreras]
  + tests: activate Ubuntu Pro tests (only on Jenkins) (#1777)
    [Alberto Contreras]
  + tests: test_lxd assert features.storage.buckets when present (#1827)
  + tests: replace missed ansible install-method with underscore (#1825)
  + tests: replace ansible install-method with underscore
  + ansible: standardize schema keys
  + ci: run json tool on 22.04 rather than 20.04 (#1823)
  + Stop using devices endpoint for LXD network config (#1819)
  + apport: address new curtin log and config locations (#1812)
  + cc_grub: reword docs for clarity (#1818)
  + tests: Fix preseed test (#1820)
  + Auto-format schema (#1810)
  + Ansible Control Module (#1778)
  + Fix last reported event possibly not being sent (#1796) (LP: #1993836)
  + tests: Ignore unsupported lxd project keys (#1817) [Alberto Contreras]
  + udevadm settle should handle non-udev system gracefully (#1806)
    [dermotbradley]
  + add mariner support (#1780) [Minghe Ren]
  + Net: add BSD ifconfig(8) parser and state class (#1779) [Mina Galić]
  + adding itjamie to .github-cla-signers [Jamie (Bear) Murphy]
  + Fix inconsistency between comment and statement (#1809) [Guillaume Gay]
  + Update .github-cla-signers (#1811) [Guillaume Gay]
  + alpine.py: Add Alpine-specific manage_service function and update tests
    (#1804) [dermotbradley]
  + test: add 3.12-dev to Travis CI (#1798) [Alberto Contreras]
  + add NWCS datasource (#1793) [shell-skrimp]
  + Adding myself as CLA signer (#1799) [s-makin]
  + apport: fix some data collection failures due to symlinks (#1797)
    [Dan Bungert]
  + read-version: Make it compatible with bionic (#1795) [Alberto Contreras]
  + lxd: add support for lxd preseed config(#1789)
  + Enable hotplug for LXD datasource (#1787)
  + cli: collect logs and apport subiquity support
  + add support for Container-Optimized OS (#1748) [vteratipally]
  + test: temporarily disable failing integration test (#1792)
  + Fix LXD/nocloud detection on lxd vm tests (#1791)
  + util: Implement __str__ and __iter__ for Version (#1790)
  + cc_ua: consume ua json api for enable commands [Alberto Contreras]
  + Add clarity to cc_final_message docs (#1788)
  + cc_ntp: add support for BSDs (#1759) [Mina Galić] (LP: #1990041)
  + make Makefile make agnostic (#1786) [Mina Galić]
  + Remove hardcoding and unnecessary overrides in Makefile (#1783)
    [Joseph Mingrone]
  + Add my username (Jehops) to .github-cla-signers (#1784) [Joseph Mingrone]
  + Temporarily remove broken test (#1781)
  + Create reference documentation for base config
  + cc_ansible: add support for galaxy install (#1736)
  + distros/manage_services: add support to disable service (#1772)
    [Mina Galić] (LP: #1991024)
  + OpenBSD: remove pkg_cmd_environ function (#1773)
    [Mina Galić] (LP: 1991567)
  + docs: Correct typo in the FAQ (#1774) [Maximilian Wörner]
  + tests: Use LXD metadata to determine NoCloud status (#1776)
  + analyze: use init-local as start of boot record (#1767) [Chris Patterson]
  + docs: use opensuse for distro name in package doc (#1771)
  + doc: clarify packages as dev only (#1769) [Alberto Contreras]
  + Distro manage service: Improve BSD support (#1758)
    [Mina Galić] (LP: #1990070)
  + testing: check logs for critical errors (#1765) [Chris Patterson]
  + cc_ubuntu_advantage: Handle already attached on Pro [Alberto Contreras]
  + doc: Add configuration explanation (SC-1169)
  + Fix Oracle DS primary interface when using IMDS (#1757) (LP: #1989686)
  + style: prefer absolute imports over relative imports [Mina Galić]
  + tests: Fix ip log during instance destruction (#1755) [Alberto Contreras]
  + cc_ubuntu_advantage: add ua_config in auto-attach [Alberto Contreras]
  + apt configure: sources write/append mode (#1738)
    [Fabian Lichtenegger-Lukas]
  + networkd: Add test and improve typing. (#1747) [Alberto Contreras]
  + pycloudlib: bump commit for gce cpu architecture support (#1750)
  + commit ffcb29bc8315d1e1d6244eeb1cbd8095958f7bad (LP: #1307667)
  + testing: workaround LXD vendor data (#1740)
  + support dhcp{4,6}-overrides in networkd renderer (#1710) [Aidan Obley]
  + tests: Drop httpretty in favor of responses (#1720) [Alberto Contreras]
  + cc_ubuntu_advantage: Implement custom auto-attach behaviors (#1583)
    [Alberto Contreras]
  + Fix Oracle DS not setting subnet when using IMDS (#1735) (LP: #1989686)
  + testing: focal lxd datasource discovery (#1734)
  + cc_ubuntu_advantage: Redact token from logs (#1726) [Alberto Contreras]
  + docs: make sure echo properly evaluates the string (#1733) [Mina Galić]
  + net: set dhclient lease and pid files (#1715)
  + cli: status machine-readable output --format yaml/json (#1663)
    (LP: #1883122)
  + tests: Simplify does_not_raise (#1731) [Alberto Contreras]
  + Refactor: Drop inheritance from object (#1728) [Alberto Contreras]
  + testing: LXD datasource now supported on Focal (#1732)
  + Allow jinja templating in /etc/cloud (SC-1170) (#1722) (LP: #1913461)
  + sources/azure: ensure instance id is always correct (#1727)
    [Chris Patterson]
  + azure: define new attribute for pre-22.3 pickles (#1725)
  + doc: main page Diátaxis rewording (SC-967) (#1701)
  + ubuntu advantage: improved idempotency, enable list is now strict
  + [Fabian Lichtenegger-Lukas]
  + test: bump pycloudlib (#1724) [Alberto Contreras]
  + cloud.cfg.tmpl: make sure "centos" settings are identical to "rhel"
    (#1639) [Emanuele Giuseppe Esposito]
  + lxd: fetch 1.0/devices content (#1712) [Alberto Contreras]
  + Update docs according to ad8f406a (#1719)
  + testing: Port unittests/analyze to pytest (#1708) [Alberto Contreras]
  + doc: Fix rtd builds. (#1718) [Alberto Contreras]
  + testing: fully mock noexec calls (#1717) [Alberto Contreras]
  + typing: Add types to cc_<module>.handle (#1700) [Alberto Contreras]
  + Identify 3DS Outscale Datasource as Ec2 (#1686) [Maxime Dufour]
  + config: enable bootstrapping pip in ansible (#1707)
  + Fix cc_chef typing issue (#1716)
  + Refactor instance json files to use Paths (SC-1238) (#1709)
  + tools: read-version check GITHUB_REF and git branch --show-current
    (#1677)
  + net: Ensure a tmp with exec permissions for dhcp (#1690)
    [Alberto Contreras] (LP: #1962343)
  + testing: Fix test regression in test_combined (#1713) [Alberto Contreras]
  + Identify Huawei Cloud as OpenStack (#1689) [huang xinjie]
  + doc: add reporting suggestion to FAQ (SC-1236) (#1698)
  From 22.3
  + sources: obj.pkl cache should be written anyime get_data is run (#1669)
  + schema: drop release number from version file (#1664)
  + pycloudlib: bump to quiet azure HTTP info logs (#1668)
  + test: fix wireguard integration tests (#1666)
  + Github is deprecating the 18.04 runner starting 12.1 (#1665)
  + integration tests: Ensure one setup for all tests (#1661)
  + tests: ansible test fixes (#1660)
  + Prevent concurrency issue in test_webhook_hander.py (#1658)
  + Workaround net_setup_link race with udev (#1655) (LP: #1983516)
  + test: drop erroneous lxd assertion, verify command succeeded (#1657)
  + Fix Chrony usage on Centos Stream (#1648) [Sven Haardiek] (LP: #1885952)
  + sources/azure: handle network unreachable errors for savable PPS (#1642)
    [Chris Patterson]
  + Return cc_set_hostname to PER_INSTANCE frequency (#1651) (LP: #1983811)
  + test: Collect integration test time by default (#1638)
  + test: Drop forced package install hack in lxd integration test (#1649)
  + schema: Resolve user-data if --system given (#1644)
    [Alberto Contreras] (LP: #1983306)
  + test: use fake filesystem to avoid file removal (#1647)
    [Alberto Contreras]
  + tox: Fix tip-flake8 and tip-mypy (#1635) [Alberto Contreras]
  + config: Add wireguard config module (#1570) [Fabian Lichtenegger-Lukas]
  + tests: can run without azure-cli, tests expect inactive ansible (#1643)
  + typing: Type UrlResponse.contents (#1633) [Alberto Contreras]
  + testing: fix references to `DEPRECATED.` (#1641) [Alberto Contreras]
  + ssh_util: Handle sshd_config.d folder [Alberto Contreras] (LP: #1968873)
  + schema: Enable deprecations in cc_update_etc_hosts (#1631)
    [Alberto Contreras]
  + Add Ansible Config Module (#1579)
  + util: Support Idle process state in get_proc_ppid() (#1637)
  + schema: Enable deprecations in cc_growpart (#1628) [Alberto Contreras]
  + schema: Enable deprecations in cc_users_groups (#1627)
    [Alberto Contreras]
  + util: Fix error path and parsing in get_proc_ppid()
  + main: avoid downloading full contents cmdline urls (#1606)
    [Alberto Contreras] (LP: #1937319)
  + schema: Enable deprecations in cc_scripts_vendor (#1629)
    [Alberto Contreras]
  + schema: Enable deprecations in cc_set_passwords (#1630)
    [Alberto Contreras]
  + sources/azure: add experimental support for preprovisioned os disks
    (#1622) [Chris Patterson]
  + Remove configobj a_to_u calls (#1632) [Stefano Rivera]
  + cc_debug: Drop this module (#1614) [Alberto Contreras]
  + schema: add aggregate descriptions in anyOf/oneOf (#1636)
  + testing: migrate test_sshutil to pytest (#1617) [Alberto Contreras]
  + testing: Fix test_ca_certs integration test (#1626) [Alberto Contreras]
  + testing: add support for pycloudlib's pro images (#1604)
    [Alberto Contreras]
  + testing: migrate test_cc_set_passwords to pytest (#1615)
    [Alberto Contreras]
  + network: add system_info network activator cloud.cfg overrides (#1619)
    (LP: #1958377)
  + docs: Align git remotes with uss-tableflip setup (#1624)
    [Alberto Contreras]
  + testing: cover active config module checks (#1609) [Alberto Contreras]
  + lxd: lvm avoid thinpool when kernel module absent
  + lxd: enable MTU configuration in cloud-init
  + doc: pin doc8 to last passing version
  + cc_set_passwords fixes (#1590)
  + Modernise importer.py and type ModuleDetails (#1605) [Alberto Contreras]
  + config: Def activate_by_schema_keys for t-z (#1613) [Alberto Contreras]
  + config: define activate_by_schema_keys for p-r mods (#1611)
    [Alberto Contreras]
  + clean: add param to remove /etc/machine-id for golden image creation
  + config: define `activate_by_schema_keys` for a-f mods (#1608)
    [Alberto Contreras]
  + config: define activate_by_schema_keys for s mods (#1612)
    [Alberto Contreras]
  + sources/azure: reorganize tests for network config (#1586)
  + [Chris Patterson]
  + config: Define activate_by_schema_keys for g-n mods (#1610)
    [Alberto Contreras]
  + meta-schema: add infra to skip inapplicable modules [Alberto Contreras]
  + sources/azure: don't set cfg["password"] for default user pw (#1592)
    [Chris Patterson]
  + schema: activate grub-dpkg deprecations (#1600) [Alberto Contreras]
  + docs: clarify user password purposes (#1593)
  + cc_lxd: Add btrfs and lvm lxd storage options (SC-1026) (#1585)
  + archlinux: Fix distro naming[1] (#1601) [Kristian Klausen]
  + cc_ubuntu_autoinstall: support live-installer autoinstall config
  + clean: allow third party cleanup scripts in /etc/cloud/clean.d (#1581)
  + sources/azure: refactor chassis asset tag handling (#1574)
    [Chris Patterson]
  + Add "netcho" as contributor (#1591) [Kaloyan Kotlarski]
  + testing: drop impish support (#1596) [Alberto Contreras]
  + black: fix missed formatting issue which landed in main (#1594)
  + bsd: Don't assume that root user is in root group (#1587)
  + docs: Fix comment typo regarding use of packages (#1582)
    [Peter Mescalchin]
  + Update govc command in VMWare walkthrough (#1576) [manioo8]
  + Update .github-cla-signers (#1588) [Daniel Mullins]
  + Rename the openmandriva user to omv (#1575) [Bernhard Rosenkraenzer]
  + sources/azure: increase read-timeout to 60 seconds for wireserver
    (#1571) [Chris Patterson]
  + Resource leak cleanup (#1556)
  + testing: remove appereances of FakeCloud (#1584) [Alberto Contreras]
  + Fix expire passwords for hashed passwords (#1577)
    [Sadegh Hayeri] (LP: #1979065)
  + mounts: fix suggested_swapsize for > 64GB hosts (#1569) [Steven Stallion]
  + Update chpasswd schema to deprecate password parsing (#1517)
  + tox: Remove entries from default envlist (#1578) (LP: #1980854)
  + tests: add test for parsing static dns for existing devices (#1557)
    [Jonas Konrad]
  + testing: port cc_ubuntu_advantage test to pytest (#1559)
    [Alberto Contreras]
  + Schema deprecation handling (#1549) [Alberto Contreras]
  + Enable pytest to run in parallel (#1568)
  + sources/azure: refactor ovf-env.xml parsing (#1550) [Chris Patterson]
  + schema: Force stricter validation (#1547)
  + ubuntu advantage config: http_proxy, https_proxy (#1512)
    [Fabian Lichtenegger-Lukas]
  + net: fix interface matching support (#1552) (LP: #1979877)
  + Fuzz testing jsonchema (#1499) [Alberto Contreras]
  + testing: Wait for changed boot-id in test_status.py (#1548)
  + CI: Fix GH pinned-format jobs (#1558) [Alberto Contreras]
  + Typo fix (#1560) [Jaime Hablutzel]
  + tests: mock dns lookup that causes long timeouts (#1555)
  + tox: add unpinned env for do_format and check_format (#1554)
  + cc_ssh_import_id: Substitute deprecated warn (#1553) [Alberto Contreras]
  + Remove schema errors from log (#1551) (LP: #1978422) (CVE-2022-2084)
  + Update WebHookHandler to run as background thread (SC-456) (#1491)
    (LP: #1910552)
  + testing: Don't run custom cloud dir test on Bionic (#1542)
  + bash completion: update schema command (#1543) (LP: #1979547)
  + CI: add non-blocking run against the linters tip versions (#1531)
    [Paride Legovini]
  + Change groups within the users schema to support lists and strings
    (#1545) [RedKrieg]
  + make it clear which username should go in the contributing doc (#1546)
  + Pin setuptools for Travis (SC-1136) (#1540)
  + Fix LXD datasource crawl when BOOT enabled (#1537)
  + testing: Fix wrong path in dual stack test (#1538)
  + cloud-config: honor cloud_dir setting (#1523)
    [Alberto Contreras] (LP: #1976564)
  + Add python3-debconf to pkg-deps.json Build-Depends (#1535)
    [Alberto Contreras]
  + redhat spec: udev/rules.d lives under /usr/lib on rhel-based systems
    (#1536)
  + tests/azure: add test coverage for DisableSshPasswordAuthentication
    (#1534) [Chris Patterson]
  + summary: Add david-caro to the cla signers (#1527) [David Caro]
  + Add support for OpenMandriva (https://openmandriva.org/) (#1520)
    [Bernhard Rosenkraenzer]
  + tests/azure: refactor ovf creation (#1533) [Chris Patterson]
  + Improve DataSourceOVF error reporting when script disabled (#1525) [rong]
  + tox: integration-tests-jenkins: softfail if only some test failed
    (#1528) [Paride Legovini]
  + CI: drop linters from Travis CI (moved to GH Actions) (#1530)
    [Paride Legovini]
  + sources/azure: remove unused encoding support for customdata (#1526)
    [Chris Patterson]
  + sources/azure: remove unused metadata captured when parsing ovf (#1524)
    [Chris Patterson]
  + sources/azure: remove dscfg parsing from ovf-env.xml (#1522)
    [Chris Patterson]
  + Remove extra space from ec2 dual stack crawl message (#1521)
  + tests/azure: use namespaces in generated ovf-env.xml documents (#1519)
    [Chris Patterson]
  + setup.py: adjust udev/rules default path (#1513)
    [Emanuele Giuseppe Esposito]
  + Add python3-deconf dependency (#1506) [Alberto Contreras]
  + Change match macadress param for network v2 config (#1518)
    [Henrique Caricatti Capozzi]
  + sources/azure: remove unused userdata property from ovf (#1516)
    [Chris Patterson]
  + sources/azure: minor refactoring to network config generation (#1497)
    [Chris Patterson]
  + net: Implement link-local ephemeral ipv6
  + Rename function to avoid confusion (#1501)
  + Fix cc_phone_home requiring 'tries' (#1500) (LP: #1977952)
  + datasources: replace networking functions with stdlib and cloudinit.net
  + code
  + Remove xenial references (#1472) [Alberto Contreras]
  + Oracle ds changes (#1474) [Alberto Contreras] (LP: #1967942)
  + improve runcmd docs (#1498)
  + add 3.11-dev to Travis CI (#1493)
  + Only run github actions on pull request (#1496)
  + Fix integration test client creation (#1494) [Alberto Contreras]
  + tox: add link checker environment, fix links (#1480)
  + cc_ubuntu_advantage: Fix doc (#1487) [Alberto Contreras]
  + cc_yum_add_repo: Fix repo id canonicalization (#1489)
    [Alberto Contreras] (LP: #1975818)
  + Add linitio as contributor in the project (#1488) [Kevin Allioli]
  + net-convert: use yaml.dump for debugging python NetworkState obj (#1484)
    (LP: #1975907)
  + test_schema: no relative $ref URLs, replace $ref with local path (#1486)
  + cc_set_hostname: do not write "localhost" when no hostname is given
  + (#1453) [Emanuele Giuseppe Esposito]
  + Update .github-cla-signers (#1478) [rong]
  + schema: write_files defaults, versions $ref full URL and add vscode
    (#1479)
  + docs: fix external links, add one more to the list (#1477)
  + doc: Document how to change module frequency (#1481)
  + tests: bump pycloudlib (#1482)
  + tests: bump pycloudlib pinned commit for kinetic Azure (#1476)
  + testing: fix test_status.py (#1475)
  + integration tests: If KEEP_INSTANCE = True, log IP (#1473)
  + Drop mypy excluded files (#1454) [Alberto Contreras]
  + Docs additions (#1470)
  + Add "formatting tests" to Github Actions
  + Remove unused arguments in function signature (#1471)
  + Changelog: correct errant classification of LP issues as GH (#1464)
  + Use Network-Manager and Netplan as default renderers for RHEL and Fedora
    (#1465) [Emanuele Giuseppe Esposito]
  From 22.2
  + Fix test due to caplog incompatibility (#1461) [Alberto Contreras]
  + Align rhel custom files with upstream (#1431)
    [Emanuele Giuseppe Esposito]
  + cc_write_files: Improve schema. (#1460) [Alberto Contreras]
  + cli: Redact files with permission errors in commands (#1440)
  + [Alberto Contreras] (LP: #1953430)
  + Improve cc_set_passwords. (#1456) [Alberto Contreras]
  + testing: make fake cloud-init wait actually wait (#1459)
  + Scaleway: Fix network configuration for netplan 0.102 and later (#1455)
    [Maxime Corbin]
  + Fix 'ephmeral' typos in disk names(#1452) [Mike Hucka]
  + schema: version schema-cloud-config-v1.json (#1424)
  + cc_modules: set default meta frequency value when no config available
    (#1457)
  + Log generic warning on non-systemd systems. (#1450) [Alberto Contreras]
  + cc_snap.maybe_install_squashfuse no longer needed in Bionic++. (#1448)
    [Alberto Contreras]
  + Drop support of *-sk keys in cc_ssh (#1451) [Alberto Contreras]
  + testing: Fix console_log tests (#1437)
  + tests: cc_set_passoword update for systemd, non-systemd distros  (#1449)
  + Fix bug in url_helper/dual_stack() logging (#1426)
  + schema: render schema paths from _CustomSafeLoaderWithMarks (#1391)
  + testing: Make integration tests kinetic friendly (#1441)
  + Handle error if SSH service no present. (#1422)
    [Alberto Contreras] (LP: #1969526)
  + Fix network-manager activator availability and order (#1438)
  + sources/azure: remove reprovisioning marker (#1414) [Chris Patterson]
  + upstart: drop vestigial support for upstart (#1421)
  + testing: Ensure NoCloud detected in test (#1439)
  + Update .github-cla-signers kallioli [Kevin Allioli]
  + Consistently strip top-level network key (#1417) (LP: #1906187)
  + testing: Fix LXD VM metadata test (#1430)
  + testing: Add NoCloud setup for NoCloud test (#1425)
  + Update linters and adapt code for compatibility (#1434) [Paride Legovini]
  + run-container: add support for LXD VMs (#1428) [Paride Legovini]
  + integration-reqs: bump pycloudlib pinned commit (#1427) [Paride Legovini]
  + Fix NoCloud docs (#1423)
  + Docs fixes (#1406)
  + docs: Add docs for module creation (#1415)
  + Remove cheetah from templater (#1416)
  + tests: verify_ordered_items fallback to re.escape if needed (#1420)
  + Misc module cleanup (#1418)
  + docs: Fix doc warnings and enable errors (#1419)
    [Alberto Contreras] (LP: #1876341)
  + Refactor cloudinit.sources.NetworkConfigSource to enum (#1413)
    [Alberto Contreras] (LP: #1874875)
  + Don't fail if IB and Ethernet devices 'collide' (#1411)
  + Use cc_* module meta defintion over hardcoded vars (SC-888) (#1385)
  + Fix cc_rsyslog.py initialization (#1404) [Alberto Contreras]
  + Promote cloud-init schema from devel to top level subcommand (#1402)
  + mypy: disable missing imports warning for httpretty (#1412)
    [Chris Patterson]
  + users: error when home should not be created AND ssh keys provided
    [Jeffrey 'jf' Lim]
  + Allow growpart to resize encrypted partitions (#1316)
  + Fix typo in integration_test.rst (#1405) [Alberto Contreras]
  + cloudinit.net refactor: apply_network_config_names (#1388)
    [Alberto Contreras] (LP: #1884602)
  + tests/azure: add fixtures for hardcoded paths (markers and data_dir)
    (#1399) [Chris Patterson]
  + testing: Add responses workaround for focal/impish (#1403)
  + cc_ssh_import_id: fix is_key_in_nested_dict to avoid early False
  + Fix ds-identify not detecting NoCloud seed in config (#1381)
    (LP: #1876375)
  + sources/azure: retry dhcp for failed processes (#1401) [Chris Patterson]
  + Move notes about refactorization out of CONTRIBUTING.rst (#1389)
  + Shave ~8ms off generator runtime (#1387)
  + Fix provisioning dhcp timeout to 20 minutes (#1394) [Chris Patterson]
  + schema: module example strict testing fix seed_random
  + cc_set_hostname: examples small typo (perserve vs preserve)
    [Wouter Schoot]
  + sources/azure: refactor http_with_retries to remove **kwargs (#1392)
    [Chris Patterson]
  + declare dependency on ssh-import-id (#1334)
  + drop references to old dependencies and old centos script
  + sources/azure: only wait for primary nic to be attached during restore
    (#1378) [Anh Vo]
  + cc_ntp: migrated legacy schema to cloud-init-schema.json (#1384)
  + Network functions refactor and bugfixes (#1383)
  + schema: add JSON defs for modules cc_users_groups (#1379)
    (LP: #1858930)
  + Fix doc typo (#1382) [Alberto Contreras]
  + Add support for dual stack IPv6/IPv4 IMDS to Ec2 (#1160)
  + Fix KeyError when rendering sysconfig IPv6 routes (#1380) (LP: #1958506)
  + Return a namedtuple from subp() (#1376)
  + Mypy stubs and other tox maintenance (SC-920) (#1374)
  + Distro Compatibility Fixes (#1375)
  + Pull in Gentoo patches (#1372)
  + schema: add json defs for modules U-Z (#1360)
    (LP: #1858928, #1858929, #1858931, #1858932)
  + util: atomically update sym links to avoid Suppress FileNotFoundError
  + when reading status (#1298) [Adam Collard] (LP: #1962150)
  + schema: add json defs for modules scripts-timezone (SC-801) (#1365)
  + docs: Add first tutorial (SC-900) (#1368)
  + BUG 1473527: module ssh-authkey-fingerprints fails Input/output error…
    (#1340) [Andrew Lee] (LP: #1473527)
  + add arch hosts template (#1371)
  + ds-identify: detect LXD for VMs launched from host with > 5.10 kernel
    (#1370) (LP: #1968085)
  + Support EC2 tags in instance metadata (#1309) [Eduardo Dobay]
  + schema: add json defs for modules e-install (SC-651) (#1366)
  + Improve "(no_create_home|system): true" test (#1367) [Jeffrey 'jf' Lim]
  + Expose https_proxy env variable to ssh-import-id cmd (#1333)
    [Michael Rommel]
  + sources/azure: remove bind/unbind logic for hot attached nic (#1332)
    [Chris Patterson]
  + tox: add types-* packages to check_format env (#1362)
  + tests: python 3.10 is showing up in cloudimages (#1364)
  + testing: add additional mocks to test_net tests (#1356) [yangzz-97]
  + schema: add JSON schema for mcollective, migrator and mounts modules
    (#1358)
  + Honor system locale for RHEL (#1355) [Wei Shi]
  + doc: Fix typo in cloud-config-run-cmds.txt example (#1359) [Ali Shirvani]
  + ds-identify: also discover LXD by presence from DMI board_name = LXD
    (#1311)
  + black: bump pinned version to 22.3.0 to avoid click dependency issues
    (#1357)
  + Various doc fixes (#1330)
  + testing: Add missing is_FreeBSD mock to networking test (#1353)
  + Add --no-update to add-apt-repostory call (SC-880) (#1337)
  + schema: add json defs for modules K-L (#1321)
    (LP: #1858899, #1858900, #1858901, #1858902)
  + docs: Re-order readthedocs install (#1354)
  + Stop cc_ssh_authkey_fingerprints from ALWAYS creating home (#1343)
    [Jeffrey 'jf' Lim]
  + docs: add jinja2 pin (#1352)
  + Vultr: Use find_candidate_nics, use ipv6 dns (#1344) [eb3095]
  + sources/azure: move get_ip_from_lease_value out of shim (#1324)
    [Chris Patterson]
  + Fix cloud-init status --wait when no datasource found (#1349)
    (LP: #1966085)
  + schema: add JSON defs for modules resize-salt (SC-654) (#1341)
  + Add myself as a future contributor (#1345) [Neal Gompa (ニール・ゴンパ)]
  + Update .github-cla-signers (#1342) [Jeffrey 'jf' Lim]
  + add Requires=cloud-init-hotplugd.socket in cloud-init-hotplugd.service
  + file (#1335) [yangzz-97]
  + Fix sysconfig render when set-name is missing (#1327)
    [Andrew Kutz] (LP: #1855945)
  + Refactoring helper funcs out of NetworkState (#1336) [Andrew Kutz]
  + url_helper: add tuple support for readurl timeout (#1328)
    [Chris Patterson]
  + Make fs labels match for ds-identify and docs (#1329)
  + Work around bug in LXD VM detection (#1325)
  + Remove redundant generator logs (#1318)
  + tox: set verbose flags for integration tests (#1323) [Chris Patterson]
  + net: introduce find_candidate_nics() (#1313) [Chris Patterson]
  + Revert "Ensure system_cfg read before ds net config on Oracle (#1174)"
    (#1326)
  + Add vendor_data2 support for ConfigDrive source (#1307) [cvstealth]
  + Make VMWare data source test host independent and expand testing (#1308)
    [Robert Schweikert]
  + Add json schemas for modules starting with P
  + sources/azure: remove lease file parsing (#1302) [Chris Patterson]
  + remove flaky test from ci (#1322)
  + ci: Switch to python 3.10 in Travis CI (#1320)
  + Better interface handling for Vultr, expect unexpected DHCP servers
    (#1297) [eb3095]
  + Remove unused init local artifact (#1315)
  + Doc cleanups (#1317)
  + docs improvements (#1312)
  + add support for jinja do statements, add unit test (#1314)
    [Paul Bruno] (LP: #1962759)
  + sources/azure: prevent tight loops for DHCP retries (#1285)
    [Chris Patterson]
  + net/dhcp: surface type of DHCP lease failure to caller (#1276)
    [Chris Patterson]
  + Stop hardcoding systemctl location (#1278) [Robert Schweikert]
  + Remove python2 syntax from docs (#1310)
  + [tools/migrate-lp-user-to-github] Rename master branch to main (#1301)
    [Adam Collard]
  + redhat: Depend on "hostname" package (#1288) [Lubomir Rintel]
  + Add native NetworkManager support (#1224) [Lubomir Rintel]
  + Fix link in CLA check to point to contribution guide. (#1299)
    [Adam Collard]
  + check for existing symlink while force creating symlink (#1281)
    [Shreenidhi Shedi]
  + Do not silently ignore integer uid (#1280) (LP: #1875772)
  + tests: create a IPv4/IPv6 VPC in Ec2 integration tests (#1291)
  + Integration test fix ppa  (#1296)
  + tests: on official EC2. cloud-id actually startswith aws not ec2 (#1289)
  + test_ppa_source: accept both http and https URLs (#1292)
    [Paride Legovini]
  + Fix apt test on azure
  + add "lkundrak" as contributor [Lubomir Rintel]
  + Holmanb/integration test fix ppa (#1287)
  + Include missing subcommand in manpage (#1279)
  + Clean up artifacts from pytest, packaging, release with make clean
    (#1277)
  + sources/azure: ensure retries on IMDS request failure (#1271)
    [Chris Patterson]
  + sources/azure: removed unused savable PPS paths (#1268) [Chris Patterson]
  + integration tests: fix Azure failures (#1269)
  From 22.1
  + sources/azure: report ready in local phase (#1265) [Chris Patterson]
  + sources/azure: validate IMDS network configuration metadata (#1257)
    [Chris Patterson]
  + docs: Add more details to runcmd docs (#1266)
  + use PEP 589 syntax for TypeDict (#1253)
  + mypy: introduce type checking (#1254) [Chris Patterson]
  + Fix extra ipv6 issues, code reduction and simplification (#1243) [eb3095]
  + tests: when generating crypted password, generate in target env (#1252)
  + sources/azure: address mypy/pyright typing complaints (#1245)
    [Chris Patterson]
  + Docs for x-shellscript* userdata (#1260)
  + test_apt_security: azure platform has specific security URL overrides
    (#1263)
  + tests: lsblk --json output changes mountpoint key to mountpoinst []
    (#1261)
  + mounts: fix mount opts string for ephemeral disk (#1250)
    [Chris Patterson]
  + Shell script handlers by freq (#1166) [Chris Lalos]
  + minor improvements to documentation (#1259) [Mark Esler]
  + cloud-id: publish /run/cloud-init/cloud-id-<cloud-type> files (#1244)
  + add "eslerm" as contributor (#1258) [Mark Esler]
  + sources/azure: refactor ssh key handling (#1248) [Chris Patterson]
  + bump pycloudlib (#1256)
  + sources/hetzner: Use EphemeralDHCPv4 instead of static configuration
    (#1251) [Markus Schade]
  + bump pycloudlib version (#1255)
  + Fix IPv6 netmask format for sysconfig (#1215) [Harald] (LP: #1959148)
  + sources/azure: drop debug print (#1249) [Chris Patterson]
  + tests: do not check instance.pull_file().ok() (#1246)
  + sources/azure: consolidate ephemeral DHCP configuration (#1229)
    [Chris Patterson]
  + cc_salt_minion freebsd fix for rc.conf (#1236)
  + sources/azure: fix metadata check in _check_if_nic_is_primary() (#1232)
    [Chris Patterson]
  + Add _netdev option to mount Azure ephemeral disk (#1213) [Eduardo Otubo]
  + testing: stop universally overwriting /etc/cloud/cloud.cfg.d (#1237)
  + Integration test changes (#1240)
  + Fix Gentoo Locales (#1205)
  + Add "slingamn" as contributor (#1235) [Shivaram Lingamneni]
  + integration: do not LXD bind mount /etc/cloud/cloud.cfg.d (#1234)
  + Integration testing docs and refactor (#1231)
  + vultr: Return metadata immediately when found (#1233) [eb3095]
  + spell check docs with spellintian (#1223)
  + docs: include upstream python version info (#1230)
  + Schema a d (#1211)
  + Move LXD to end ds-identify DSLIST (#1228) (LP: #1959118)
  + fix parallel tox execution (#1214)
  + sources/azure: refactor _report_ready_if_needed and _poll_imds (#1222)
    [Chris Patterson]
  + Do not support setting up archive.canonical.com as a source (#1219)
    [Steve Langasek] (LP: #1959343)
  + Vultr: Fix lo being used for DHCP, try next on cmd fail (#1208) [eb3095]
  + sources/azure: refactor _should_reprovision[_after_nic_attach]() logic
    (#1206) [Chris Patterson]
  + update ssh logs to show ssh private key gens pub and simplify code
    (#1221) [Steve Weber]
  + Remove mitechie from stale PR github action (#1217)
  + Include POST format in cc_phone_home docs (#1218) (LP: #1959149)
  + Add json parsing of ip addr show (SC-723) (#1210)
  + cc_rsyslog: fix typo in docstring (#1207) [Louis Sautier]
  + Update .github-cla-signers (#1204) [Chris Lalos]
  + sources/azure: drop unused case in _report_failure() (#1200)
    [Chris Patterson]
  + sources/azure: always initialize _ephemeral_dhcp_ctx on unpickle (#1199)
    [Chris Patterson]
  + Add support for gentoo templates and cloud.cfg (#1179) [vteratipally]
  + sources/azure: unpack ret tuple in crawl_metadata() (#1194)
    [Chris Patterson]
  + tests: focal caplog has whitespace indentation for multi-line logs
    (#1201)
  + Seek interfaces, skip dummy interface, fix region codes (#1192) [eb3095]
  + integration: test against the Ubuntu daily images (#1198)
    [Paride Legovini]
  + cmd: status and cloud-id avoid change in behavior for 'not run' (#1197)
  + tox: pass PYCLOUDLIB_* env vars into integration tests when present
    (#1196)
  + sources/azure: set ovf_is_accessible when OVF is read successfully
    (#1193) [Chris Patterson]
  + Enable OVF environment transport via ISO in example (#1195) [Megian]
  + sources/azure: consolidate DHCP variants to EphemeralDHCPv4WithReporting
    (#1190) [Chris Patterson]
  + Single JSON schema validation in early boot (#1175)
  + Add DatasourceOVF network-config propery to Ubuntu OVF example (#1184)
    [Megian]
  + testing: support pycloudlib config file (#1189)
  + Ensure system_cfg read before ds net config on Oracle (SC-720) (#1174)
    (LP: #1956788)
  + Test Optimization Proposal (SC-736) (#1188)
  + cli: cloud-id report not-run or disabled state as cloud-id (#1162)
  + Remove distutils usage (#1177) [Shreenidhi Shedi]
  + add .python-version to gitignore (#1186)
  + print error if datasource import fails (#1170)
    [Emanuele Giuseppe Esposito]
  + Add new config module to set keyboard layout (#1176)
    [maxnet] (LP: #1951593)
  + sources/azure: rename metadata_type -> MetadataType (#1181)
    [Chris Patterson]
  + Remove 3.5 and xenial support (SC-711) (#1167)
  + tests: mock LXD datasource detection in ds-identify on LXD containers
    (#1178)
  + pylint: silence errors on compat code for old jsonschema (#1172)
    [Paride Legovini]
  + testing: Add 3.10 Test Coverage (#1173)
  + Remove unittests from integration test job in travis (#1141)
  + Don't throw exceptions for empty cloud config (#1130)
  + bsd/resolv.d/ avoid duplicated entries (#1163) [Gonéri Le Bouder]
  + sources/azure: do not persist failed_desired_api_version flag (#1159)
    [Chris Patterson]
  + Update cc_ubuntu_advantage calls to assume-yes (#1158)
    [John Chittum] (LP: #1954842)
  + openbsd: properly restart the network on 7.0 (#1150) [Gonéri Le Bouder]
  + Add .git-blame-ignore-revs (#1161)
  + Adopt Black and isort (SC-700) (#1157)
  + Include dpkg frontend lock in APT_LOCK_FILES (#1153)
  + tests/cmd/query: fix test run as root and add coverage for defaults
    (#1156) [Chris Patterson] (LP: #1825027)
  + Schema processing changes (SC-676) (#1144)
  + Add dependency workaround for impish in bddeb (#1148)
  + netbsd: install new dep packages (#1151) [Gonéri Le Bouder]
  + find_devs_with_openbsd: ensure we return the last entry (#1149)
    [Gonéri Le Bouder]
  + sources/azure: remove unnecessary hostname bounce (#1143)
    [Chris Patterson]
  + find_devs/openbsd: accept ISO on disk (#1132)
    [Gonéri Le Bouder]
  + Improve error log message when mount failed (#1140) [Ksenija Stanojevic]
  + add KsenijaS as a contributor (#1145) [Ksenija Stanojevic]
  + travis - don't run integration tests if no deb (#1139)
  + factor out function for getting top level directory of cloudinit (#1136)
  + testing: Add deterministic test id (#1138)
  + mock sleep() in azure test (#1137)
  + Add miraclelinux support (#1128) [Haruki TSURUMOTO]
  + docs: Make MACs lowercase in network config (#1135) (LP: #1876941)
  + Add Strict Metaschema Validation (#1101)
  + update dead link (#1133)
  + cloudinit/net: handle two different routes for the same ip (#1124)
    [Emanuele Giuseppe Esposito]
  + docs: pin mistune dependency (#1134)
  + Reorganize unit test locations under tests/unittests (#1126)
  + Fix exception when no activator found (#1129) (LP: #1948681)
  + jinja: provide and document jinja-safe key aliases in instance-data
    (SC-622) (#1123)
  + testing: Remove date from final_message test (SC-638) (#1127)
  + Move GCE metadata fetch to init-local (SC-502) (#1122)
  + Fix missing metadata routes for vultr (#1125) [eb3095]
  + cc_ssh_authkey_fingerprints.py: prevent duplicate messages on console
    (#1081) [dermotbradley]
  + sources/azure: remove unused remnants related to agent command (#1119)
    [Chris Patterson]
  + github: update PR template's contributing URL (#1120) [Chris Patterson]
  + docs: Rename HACKING.rst to CONTRIBUTING.rst (#1118)
  + testing: monkeypatch system_info call in unit tests (SC-533) (#1117)
  + Fix Vultr timeout and wait values (#1113) [eb3095]
  + lxd: add preference for LXD cloud-init.* config keys over user keys
    (#1108)
  + VMware: source /etc/network/interfaces.d/* on Debian
    [chengcheng-chcheng] (LP: #1950136)
  + Add cjp256 as contributor (#1109) [Chris Patterson]
  + integration_tests: Ensure log directory exists before symlinking to it
    (#1110)
  + testing: add growpart integration test (#1104)
  + integration_test: Speed up CI run time (#1111)
  + Some miscellaneous integration test fixes (SC-606) (#1103)
  + tests: specialize lxd_discovery test for lxd_vm vendordata (#1106)
  + Add convenience symlink to integration test output (#1105)
  + Fix for set-name bug in networkd renderer (#1100)
    [Andrew Kutz] (LP: #1949407)
  + Wait for apt lock (#1034) (LP: #1944611)
  + testing: stop chef test from running on openstack (#1102)
  + alpine.py: add options to the apk upgrade command (#1089) [dermotbradley]
cloud-netconfig
- Update to version 1.14
  + Use '-s' instead of '--no-progress-meter' for curl (bsc#1221757)

- Add version settings to Provides/Obsoletes

- Update to version 1.12 (bsc#1221202)
  + If token access succeeds using IPv4 do not use the IPv6 endpoint
    only use the IPv6 IMDS endpoint if IPv4 access fails.

- Add Provides/Obsoletes for dropped cloud-netconfig-nm
- Install dispatcher script into /etc/NetworkManager/dispatcher.d
  on older distributions
- Add BuildReqires: NetworkManager to avoid owning dispatcher.d
  parent directory

- Update to version 1.11:
  + Revert address metadata lookup in GCE to local lookup (bsc#1219454)
  + Fix hang on warning log messages
  + Check whether getting IPv4 addresses from metadata failed and abort
    if true
  + Only delete policy rules if they exist
  + Skip adding/removing IPv4 ranges if metdata lookup failed
  + Improve error handling and logging in Azure
  + Set SCRIPTDIR when installing netconfig wrapper

- Update to version 1.10:
  + Drop cloud-netconfig-nm sub package and include NM dispatcher
    script in main packages (bsc#1219007)
  + Spec file cleanup

- Update to version 1.9:
  + Drop package dependency on sysconfig-netconfig
  + Improve log level handling
  + Support IPv6 IMDS endpoint in EC2 (bsc#1218069)

- Update to version 1.8:
  + Fix Azure metadata check (bsc#1214715)
  + Fix cleanup on ifdown

- Update to version 1.7:
  + Overhaul policy routing setup (issue #19)
  + Support alias IPv4 ranges (issue #14)
  + Add support for NetworkManager (bsc#1204549)
  + Remove dependency on netconfig
  + Install into libexec directory
  + Clear stale ifcfg files for accelerated NICs (bsc#1199853)
  + More debug messages
  + Documentation update

- /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in
  Tumbleweed, update path (poo#116221)
cloud-regionsrv-client
- Update to version 10.1.7 (bsc#1220164, bsc#1220165)
  + Fix the failover path to a new target update server. At present a new
    server is not found since credential validation fails. We targeted
    the server detected in down condition to verify the credentials instead
    of the replacement server.

- Update EC2 plugin to 1.0.4 (bsc#1219156, bsc#1219159)
  + Fix the algorithm to determine the region from the availability zone
    information retrieved from IMDS.
- Update to version 10.1.6
  + Support specifying an IPv6 address for a manually configured target
    update server.

- Update to version 10.1.5 (bsc#1217583)
  + Fix fallback path when IPv6 network path is not usable
  + Enable an IPv6 fallback path in IMDS access if it cannot be accessed
    over IPv4
  + Enable IMDS access over IPv6

- Update to version 10.1.4 (bsc#1217451)
  + Fetch cert for new update server during failover

- Update to version 10.1.3 (bsc#1214801)
  + Add a warning if we detect a Python package cert bundle for certifi
    This will help with debugging and point to potential issues when
    using SUSE images in AWS, Azure, and GCE

- Update to version 10.1.2 (bsc#1211282)
  + Properly handle Ipv6 when checking update server responsiveness. If not
    available fall back and use IPv4 information
  + Use systemd_ordered to allow use in a container without pulling systemd
    into the container as a requirement

- Update to version 10.1.1 (bsc#1210020, bsc#1210021)
  + Clean up the system if baseproduct registraion fails to leave the
    system in prestine state
  + Log when the registercloudguest command is invoked with --clean

- Update to version 10.1.0 (bsc#1207133, bsc#1208097, bsc#1208099 )
  - Removes a warning about system_token entry present in the credentials
  file.
  - Adds logrotate configuration for log rotation.

- Update to version 10.1.0 (bsc#1207133, bsc#1208097, bsc#1208099 )
  - Removes a warning about system_token entry present in the credentials
  file.
  - Adds logrotate configuration for log rotation.

- Update to version 10.0.8 (bsc#1206428)
  - Fix regression introduced by 10.0.7. When the hosts file was modified
    such that there is no empty line at the end of the file the content
    after removing the registration data does not match the content prior
    to registration. The update fixes the issue triggered by an index
    logic error.

- Guard dmidecode dependency (bsc#1206082)

- Update to version 10.0.7 (bsc#1191880, bsc#1195925, bsc#1195924)
  - Implement functionality to detect if an update server has a new cert.
    Import the new cert when it is detected.
  - Forward port fix-for-sles12-disable-ipv6.patch
- From 10.0.6 (bsc#1205089)
  - Credentials are equal when username and password are the same ignore
    other entries in the credentials file
  - Handle multiple zypper names in process table, zypper and Zypp-main
    to properly detect the running process

- Add patch to block IPv6 on SLE12 (bsc#1203382)
containerd
- Revert noarch for devel subpackage
  Switching to noarch causes issues on SLES maintenance updates, reverting it
  fixes our image builds

- Update to containerd v1.7.17. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.17>
- Switch back to using tar_scm service. Aside from obs_scm using more bandwidth
  and storage than a locally-compressed tar.xz, it seems there's some weird
  issue with paths in obscpio that break our SLE-12-only patch.
- Rebase patches:
  * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.16. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.16>
  CVE-2023-45288 bsc#1221400

- Use obs_scm service instead of tar_scm
- Removed patch 0002-shim-Create-pid-file-with-0644-permissions.patch
  (merged upstream at
  <https://github.com/containerd/containerd/pull/9571>)
- Update to containerd v1.7.15. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.15>
- Update to containerd v1.7.14. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.14>
- Update to containerd v1.7.13. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.13>
- Update to containerd v1.7.12. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.12>
- Update to containerd v1.7.11. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.11>
  GHSA-jq35-85cj-fj4p bsc#1224323

- Use %patch -P N instead of deprecated %patchN.

- Enable manpage generation
- Make devel package noarch
- adjust rpmlint filters

- Add patch for bsc#1217952:
  + 0002-shim-Create-pid-file-with-0644-permissions.patch

- Update to containerd v1.7.10. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.10>
- Rebase patches:
  * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch

- Update to containerd v1.7.8. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.8> bsc#1200528
- Rebase patches:
  * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch

- Update to containerd v1.7.7. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.7>
- Add patch to fix build on SLE-12:
  + 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch

- Update to containerd v1.7.6 for Docker v24.0.6-ce. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.6> bsc#1215323

- Add `Provides: cri-runtime` to use containerd as container runtime in Factory
  Kubernetes packages

- Update to containerd v1.6.21 for Docker v23.0.6-ce. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.21> bsc#1211578
- Require a minimum Go version explicitly rather than using golang(API).
  Fixes the change for bsc#1210298.

[ This was only released in SLE. ]
- unversion to golang requires to always use the current default go.
  (bsc#1210298)

- Update to containerd v1.6.20 for Docker v23.0.4-ce. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.20>

- Update to containerd v1.6.19 for Docker v23.0.2-ce. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.19>
  Includes fixes for:
  - CVE-2023-25153 bsc#1208423
  - CVE-2023-25173 bsc#1208426

- Re-build containerd to use updated golang-packaging. jsc#1342

- Update to containerd v1.6.16 for Docker v23.0.1-ce. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.16>

- Update to containerd v1.6.12 to fix CVE-2022-23471 bsc#1206235. Upstream
  release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.12>

- Update to containerd v1.6.11. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.11>

- Update to containerd v1.6.9 for Docker v20.10.21-ce. Also includes a fix for
  CVE-2022-27191. boo#1206065 bsc#1197284 Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.9>

- add devel subpackage, which is needed by open-vm-tools
coreutils
- coreutils-ls-avoid-triggering-automounts.patch
  ls: avoid triggering automounts (bsc#1221632)
cpio
- Fix cpio not working after the fix in bsc#1218571, fixes bsc#1219238
  * fix-bsc1219238.patch

- Fix CVE-2023-7207, path traversal vulnerability (bsc#1218571)
  * fix-CVE-2023-7207.patch
gcc7
- Add gcc7-pr88345-min-func-alignment.diff to add support for
  - fmin-function-alignment.  [bsc#1214934]

- Use %{_target_cpu} to determine host and build.

- Add gcc7-pr87723.patch to avoid ICE when hitting a broken pattern
  in the s390 backend.

- Add gcc7-bsc1216488.patch to avoid creating recursive DIE references
  through DW_AT_abstract_origin when using LTO.  [bsc#1216488]

- Add gcc7-aarch64-bsc1214052.patch to fix -fstack-protector issues
  with variable length stack allocations on aarch64.
  Fixes CVE-2023-4039.  [bsc#1214052]
- Add gcc7-aarch64-untyped_call.patch to fix issue with __builtin_apply
- Add gcc7-lra-elim.patch to fix internal compiler error when forming
  paired loads and stores on aarch64.

- Disable multilib and go on riscv64
- libgcc-riscv-div.patch: Backport of r12-5799-g45116f342057b7 to fix
  build with current binutils

- Backport _multibuild auto-generation.  Remove redundant
  .changes files.

- Add _multibuild to define 2nd spec file as additional flavor.
  Eliminates the need for source package links in OBS.

- Add gcc7-pr89124.patch to fix KASAN kernel compile.  [bsc#1205145]

- Add gcc7-pr72764.patch to fix ICE with C++17 code as reported
  in [bsc#1204505]

- Add gcc7-libsanitizer-cherry-pick-9cf13067cb5088626ba7-from-u.patch
  and gcc7-libgo-don-t-include-linux-fs.h-when-building-gen-sys.patch
  in order to support glibc 2.36.
- Enable format_spec_file otherwise one gets huge diff after
  running change_spec.
- Remove fixed sys/mount.h.

- Add patch from upstream to fix altivec.h redefining bool in C++
  which makes bool unusable (boo#1195517):
  * gcc7-pr78263.patch

- Add gcc7-ada-Target_Name.patch to adjust gnats idea of the
  target, fixing the build of gprbuild.  [bsc#1196861]

- Remove include-fixed/sys/rseq.h to fix build on openSUSE:Factory.
- Avoid duplicate license in cross packages.
cups
- Require the exact matching version-release of all libcups*
  sub-packages (bsc#1226192)

- cups-2.2.7-CVE-2024-35235.patch is derived
  from the upstream patch against master (CUPS 2.5)
  to behave backward compatible for CUPS 2.2.7
  in SLE15 and openSUSE Leap 15 to fix CVE-2024-35235
  "cupsd Listen port arbitrary chmod 0140777"
  without the more secure but backward-incompatible behaviour
  of the upstream patch for CUPS 2.5
  that ignores domain sockets specified in 'Listen' entries
  in /etc/cups/cupsd.conf when cupsd is lauched via systemd
  (in particular when launched on-demand by systemd)
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f
  bsc#1225365

- cups-2.2.7-web-ui-kerberos-authentication.patch, update
  patch to handle local 'Negotiate' authentication response
  for cli clients. (bsc#1223179).

- Remove '--enable-debug-printfs' from configure options, see
  https://github.com/OpenPrinting/cups/issues/875
  (bsc#1217119).

- cups-2.2.7-CVE-2023-4504.patch fixes CVE-2023-4504
  "CUPS PostScript Parsing Heap Overflow"
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h
  bsc#1215204

- cups-2.2.7-CVE-2023-32360.patch fixes CVE-2023-32360
  "Information leak through Cups-Get-Document operation"
  by requiring authentication for CUPS-Get-Document in cupsd.conf
  https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-7pv4-hx8c-gr4g
  bsc#1214254
- cups-2.2.7-additional_policies.patch is an updated version
  of cups-2.0.3-additional_policies.patch that replaces it
  to add the 'allowallforanybody' policy to cupsd.conf
  after cups-2.2.7-CVE-2023-32360.patch was applied

- cups-2.2.7-CVE-2023-34241.patch fixes CVE-2023-34241
  "use-after-free in cupsdAcceptClient()"
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25
  bsc#1212230

- cups-2.2.7-CVE-2023-32324.patch fixes CVE-2023-32324
  "Heap buffer overflow in cupsd"
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
  bsc#1211643

- 0001-cups-dests.c-cupsGetNamedDest-set-IPP_STATUS_ERROR_N.patch
  improves logging on 'IPP_STATUS_ERROR_NOT_FOUND' error
  that fixes bsc#1191467, bsc#1198932:
  "lpr reports 'No such file or directory' for missing catalogue files"
  "/usr/bin/lpr: No such file or directory"
- after-network_target-sssd_service.patch
  is derived from https://github.com/apple/cups/issues/5550 with its
  https://github.com/apple/cups/commit/aaebca5660fdd7f7b6f30461f0788d91ef6e2fee
  and SUSE PTF:24471 cups.SUSE_SLE-15_Update cups-2.2.7-wait-for-network.patch
  to add "After=network.target sssd.service" to the systemd unit
  source files cupsd.service.in and cups.cups-lpdAT.service.in
  to fix bsc#1201234, bsc#1200321:
  "Missing network dependency in systemd unit for cups-2.2.7"
  "CUPS may not always start if sssd is in use"

- cups-branch-2.2-commit-876fdc1c90a885a58644c8757bc1283c9fd5bcb7.diff
  is https://github.com/OpenPrinting/cups/commit/876fdc1c90a885a58644c8757bc1283c9fd5bcb7
  which belongs to https://github.com/OpenPrinting/cups/issues/308
  that fixes bsc#1191525, bsc#1203446:
  "Print jobs on cups.sock return with EAGAIN (Resource temporarily unavailable)"
  "/usr/bin/lpr: Error - The printer or class does not exist."
curl
- regression fix [bsc#1219273]
  https://github.com/curl/curl/commit/91b53efa4b6854dc3688f55bfb329b0cafcf5325
- added patches
  + curl-CVE-2023-27534-tilde-back.patch

- Security fix: [bsc#1221667, CVE-2024-2398]
  * curl: HTTP/2 push headers memory-leak
  * Add curl-CVE-2024-2398.patch

- Fix: libssh: Implement SFTP packet size limit (bsc#1216987)
  * Add curl-libssh_Implement_SFTP_packet_size_limit.patch

- Security fixes:
  * [bsc#1217573, CVE-2023-46218] cookie mixed case PSL bypass
  * Add patches:
  - curl-http-lowercase-headernames-for-HTTP-2-and-HTTP-3.patch
  - curl-CVE-2023-46218.patch

- Security fix: [bsc#1215889, CVE-2023-38546]
  * Cookie injection with none file
  * Add curl-CVE-2023-38546.patch

- Security fixes:
  * [bsc#1211231, CVE-2023-28320] siglongjmp race condition
  - Add curl-CVE-2023-28320.patch
  * [bsc#1211232, CVE-2023-28321] IDN wildcard matching
  - Add curl-CVE-2023-28321.patch [bsc#1211339]
  * [bsc#1211233, CVE-2023-28322] POST-after-PUT confusion
  - Add curl-CVE-2023-28322.patch

- Security fixes:
  * [bsc#1209209, CVE-2023-27533] TELNET option IAC injection
    Add curl-CVE-2023-27533-no-sscanf.patch curl-CVE-2023-27533.patch
  * [bsc#1209210, CVE-2023-27534] SFTP path ~ resolving discrepancy
    Add curl-CVE-2023-27534.patch curl-CVE-2023-27534-dynbuf.patch
  * [bsc#1209211, CVE-2023-27535] FTP too eager connection reuse
    Add curl-CVE-2023-27535.patch
  * [bsc#1209212, CVE-2023-27536] GSS delegation too eager connection re-use
    Add curl-CVE-2023-27536.patch
  * [bsc#1209214, CVE-2023-27538] SSH connection too eager reuse still
    Add curl-CVE-2023-27538.patch

- Security Fix: [bsc#1207992, CVE-2023-23916]
  * HTTP multi-header compression denial of service
  * Add curl-CVE-2023-23916.patch

- Security Fix: [bsc#1206309, CVE-2022-43552]
  * HTTP Proxy deny use-after-free
  * Add curl-CVE-2022-43552.patch
dbus-1
- Sometimes unprivileged users were able to crash dbus-daemon
  (CVE-2023-34969, bsc#1212126)
  * fix-upstream-CVE-2023-34969.patch
lvm2
- blkdeactivate calls wrong mountpoint cmd (bsc#1214071)
  + bug-1214071-blkdeactivate_calls_wrong_mountpoint.patch

- killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216)
  - bug-1203216_lvmlockd-purge-the-lock-resources-left-in-previous-l.patch

- dracut-initqueue timeouts with 5.3.18-150300.59.63 kernel on ppc64le (bsc#1199074)
  - in lvm2.spec, change device_mapper_version from 1.02.163 to %{lvm2_version}_1.02.163

- lvm2.spec %post deletes libdevmapper and triggers kernel panic (bsc#1198523)
  - change %post behaviour, only do deleting job for non-link folder
dhcp
- bsc#1203988, CVE-2022-2928, dhcp-CVE-2022-2928.patch:
  An option refcount overflow exists in dhcpd
- bsc#1203989, CVE-2022-2929, dhcp-CVE-2022-2929.patch:
  DHCP memory leak
dmidecode
- use-read_file-to-read-from-dump.patch: Fix an old harmless bug
  which would prevent root from using the --from-dump option since
  the latest security fixes (bsc#1210418).

Security fixes (CVE-2023-30630)
- dmidecode-split-table-fetching-from-decoding.patch: dmidecode:
  Clean up function dmi_table so that it does only one thing
  (bsc#1210418).
- dmidecode-write-the-whole-dump-file-at-once.patch: When option
  - -dump-bin is used, write the whole dump file at once, instead of
  opening and closing the file separately for the table and then
  for the entry point (bsc#1210418).
- dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch:
  Make sure that the file passed to option --dump-bin does not
  already exist (bsc#1210418).
- ensure-dev-mem-is-a-character-device-file.patch: Add a safety
  check on the type of the mem device file we are asked to read
  from, if we are root (bsc#1210418).
  3 recommended fixes from upstream:
- dmidecode-fortify-entry-point-length-checks.patch: Ensure that
  the SMBIOS entry point is long enough to include all the fields
  we need.
- dmidecode-fix-the-alignment-of-type-25-name.patch: Drop a stray
  tabulation before the name of DMI record type 25.
- dmidecode-print-type-33-name-unconditionally.patch: Display the
  name of DMI record type 33 even if we can't decode it.
docker
[NOTE: This update was only ever released in SLES and Leap.]
- Update to Docker 25.0.6-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/25.0/#2506>
- This update includes a fix for CVE-2024-41110. bsc#1228324
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
  * 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
  * 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch

- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
  symlinks. Backport of <https://github.com/moby/buildkit/pull/4896> and
  <https://github.com/moby/buildkit/pull/5060>. bsc#1221916
  + 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
- Write volume options atomically so sudden system crashes won't result in
  future Docker starts failing due to empty files. Backport of
  <https://github.com/moby/moby/pull/48034>. bsc#1214855
  + 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch

[NOTE: This update was only ever released in SLES and Leap.]
- Update to Docker 25.0.5-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/25.0/#2505> bsc#1223409
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
  * cli-0001-docs-include-required-tools-in-source-tree.patch
- Remove upstreamed patches:
  - 0007-daemon-overlay2-remove-world-writable-permission-fro.patch
- Update --add-runtime to point to correct binary path.

[NOTE: This update was only ever released in SLES and Leap.]
- Add patch to fix bsc#1220339
  * 0007-daemon-overlay2-remove-world-writable-permission-fro.patch
- rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
  * 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch

- Allow to disable apparmor support (ALP supports only SELinux)

- Update to Docker 25.0.3-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/25.0/#2503>
- Fixes:
  * bsc#1219267 - CVE-2024-23651
  * bsc#1219268 - CVE-2024-23652
  * bsc#1219438 - CVE-2024-23653
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
  * cli-0001-docs-include-required-tools-in-source-tree.patch
- Remove upstreamed patches:
  - 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch

- Vendor latest buildkit v0.11:
  Add patch 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch that
  vendors in the latest v0.11 buildkit branch including bugfixes for the following:
  * bsc#1219438: CVE-2024-23653
  * bsc#1219268: CVE-2024-23652
  * bsc#1219267: CVE-2024-23651
- rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- switch from %patchN to %patch -PN syntax
- remove unused rpmlint filters and add filters to silence pointless bash & zsh
  completion warnings

- Update to Docker 24.0.7-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513
  * Deny containers access to /sys/devices/virtual/powercap by default.
  - CVE-2020-8694 bsc#1170415
  - CVE-2020-8695 bsc#1170446
  - CVE-2020-12912 bsc#1178760
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
  * cli-0001-docs-include-required-tools-in-source-tree.patch

- Add a patch to fix apparmor on SLE-12, reverting the upstream removal of
  version-specific templating for the default apparmor profile. bsc#1213500
  + 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch

- Update to Docker 24.0.6-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2406>. bsc#1215323
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * cli-0001-docs-include-required-tools-in-source-tree.patch
- Switch from disabledrun to manualrun in _service.
- Add a docker.socket unit file, but with socket activation effectively
  disabled to ensure that Docker will always run even if you start the socket
  individually. Users should probably just ignore this unit file. bsc#1210141

- Update to Docker 24.0.5-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2405>. bsc#1213229

- Update to Docker 24.0.4-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500

- Update to Docker 24.0.3-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120
- Rebase patches:
  * cli-0001-docs-include-required-tools-in-source-tree.patch

- Recommend docker-rootless-extras instead of Require(ing) it, given
  it's an additional functionality and not inherently required for
  docker to function.

- Add docker-rootless-extras subpackage
  (https://docs.docker.com/engine/security/rootless)

- Update to Docker 24.0.2-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368
  * Includes the upstreamed fix for the mount table pollution issue.
    bsc#1210797
- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
  being provided by this package.
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * cli-0001-docs-include-required-tools-in-source-tree.patch

- Update to Docker 23.0.6-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/23.0/#2306>. bsc#1211578
- Rebase patches:
  * cli-0001-docs-include-required-tools-in-source-tree.patch
- Re-unify packaging for SLE-12 and SLE-15.
- Add patch to fix build on SLE-12 by switching back to libbtrfs-devel headers
  (the uapi headers in SLE-12 are too old).
  + 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- Re-numbered patches:
  - 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  + 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch`

- Update to Docker 23.0.5-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/23.0/#2305>.
- Rebase patches:
  * cli-0001-docs-include-required-tools-in-source-tree.patch

- Update to Docker 23.0.4-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/23.0/#2304>. bsc#1208074
- Fixes:
  * bsc#1214107 - CVE-2023-28840
  * bsc#1214108 - CVE-2023-28841
  * bsc#1214109 - CVE-2023-28842
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Renumbered patches:
  - 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Remove upstreamed patches:
  - 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
  - 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
  - 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- Backport <https://github.com/docker/cli/pull/4228> to allow man pages to be
  built without internet access in OBS.
  + cli-0001-docs-include-required-tools-in-source-tree.patch

- update to 20.10.23-ce.
  * see upstream changelog at https://docs.docker.com/engine/release-notes/#201023
- drop kubic flavor as kubic is EOL. this removes:
  kubelet.env docker-kubic-service.conf 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch

- Update to Docker 20.10.21-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/#201021>. bsc#1206065
  bsc#1205375 CVE-2022-36109
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
  * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
  * 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- The PRIVATE-REGISTRY patch will now output a warning if it is being used (in
  preparation for removing the feature). This feature was never meant to be
  used by users directly (and is only available in the -kubic/CaaSP version of
  the package anyway) and thus should not affect any users.

- Fix wrong After: in docker.service, fixes bsc#1188447

- Add apparmor-parser as a Recommends to make sure that most users will end up
  with it installed even if they are primarily running SELinux.

- Fix syntax of boolean dependency

- Allow to install container-selinux instead of apparmor-parser.

- Change to using systemd-sysusers
dracut
- Update to version 049.1+suse.257.gf94c3fd1:
  * fix(udev-rules): Correct network device naming (bsc#1192986)

- Update to version 049.1+suse.255.g19bd61fd:
  * fix(dracut.sh): exit if resolving executable dependencies fails (bsc#1214081)

- Update to version 049.1+suse.253.g1008bf13:
  * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640)

- Update to version 049.1+suse.251.g0b8dad5:
  * fix(dracut.sh): omission is an addition to other omissions in conf files (bsc#1208929)
  * fix(nfs): chown using rpc default group (bsc#1204929)

- Update to version 049.1+suse.247.gfb7df05c:
  * fix(systemd): add missing modprobe@.service (bsc#1203749)
  * fix(i18n): do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267)
  * fix(drm): consider also drm_dev_register when looking for gpu driver (bsc#1195618)
  * fix(integrity): do not display any error if there is no IMA certificate (bsc#1187654)
elfutils
- 0001-libelf-Fixup-SHF_COMPRESSED-sh_addralign-in-elf_upda.patch:
  make debuginfo extraction from go1.19 built binaries work again.
  (bsc#1203599)
fonts-config
- get the homedir from getpwuid when no $ENV{"HOME"} set
- added patches
  fix bsc#1210700
  + fonts-config-homedir-getpwuid.patch
gawk
- format-tree-positional-arg.patch: Validate index into argument list
  (CVE-2023-4156, bsc#1214025)
glib2
- Add patches to fix CVE-2024-34397 (boo#1224044):
  glib2-allocate-SignalSubscriber-structs-individually.patch
  glib2-CVE-2024-34397.patch (glgo#GNOME/glib#3268).
  glib2-fix-ibus-regression.patch (glgo#GNOME/glib#3353)

- Update glib2-fix-normal-form-handling-in-gvariant.patch:
  Backported from upstream to fix regression on s390x.
  (bsc#1210135, glgo#GNOME/glib!2978)

- Add glib2-fix-normal-form-handling-in-gvariant.patch: Backported
  from upstream to fix normal form handling in GVariant.
  (CVE-2023-24593, CVE-2023-25180, bsc#1209714, bsc#1209713,
  glgo#GNOME/glib!3125)
glibc
- nscd-netgroup-cache-timeout.patch: Use time_t for return type of
  addgetnetgrentX (CVE-2024-33602, bsc#1223425)

- ulp-prologue-into-asm-functions.patch: Avoid creating ULP prologue
  for _start routine (bsc#1221940)

- glibc-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch:
  nscd: Stack-based buffer overflow in netgroup cache
  (CVE-2024-33599, bsc#1223423, BZ #31677)
- glibc-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch:
  nscd: Avoid null pointer crashes after notfound response
  (CVE-2024-33600, bsc#1223424, BZ #31678)
- glibc-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch:
  nscd: Do not send missing not-found response in addgetnetgrentX
  (CVE-2024-33600, bsc#1223424, BZ #31678)
- glibc-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two.patch:
  netgroup: Use two buffers in addgetnetgrentX (CVE-2024-33601,
  CVE-2024-33602, bsc#1223425, BZ #31680)

- iconv-iso-2022-cn-ext.patch: iconv: ISO-2022-CN-EXT: fix out-of-bound
  writes when writing escape sequence (CVE-2024-2961, bsc#1222992)

- duplocale-global-locale.patch: duplocale: protect use of global locale
  (bsc#1220441, BZ #23970)

- qsort-invalid-cmp.patch: qsort: handle degenerated compare function
  (bsc#1218866)

- getaddrinfo-eai-memory.patch: getaddrinfo: translate ENOMEM to
  EAI_MEMORY (bsc#1217589, BZ #31163)

- aarch64-rawmemchr-unwind.patch: aarch64: correct CFI in rawmemchr
  (bsc#1217445, BZ #31113)

- dl-map-segment-align-munmap.patch: elf: Align argument of __munmap to
  page size (bsc#1215891, BZ #28676)

- gai-merge-continue-actions.patch: Simplify allocations and fix merge and
  continue actions (CVE-2023-4813, bsc#1215286, BZ #28931)

- gb18030-2022.patch: add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)

- nscd-netlink-cache-invalidation.patch: nscd: Fix netlink cache
  invalidation if epoll is used (bsc#1212910, BZ #29415)

- nss-files-hosts-v4mapped.patch: Restore lookup of IPv4 mapped addresses
  in files database (bsc#1212819, BZ #25457)

- remove-excessive-p-align-check.patch: elf: Remove excessive p_align
  check on PT_LOAD segments (bsc#1211829, BZ #28688)
- segment-align.patch: elf: Properly align PT_LOAD segments (bsc#1211829,
  BZ #28676)
- ld-so-always-use-map-copy.patch: ld.so: Always use MAP_COPY to map the
  first segment (BZ #30452)

- resolv-conf-lock.patch: resolv_conf: release lock on allocation failure
  (bsc#1211828, BZ #30527)

- ulp-prologue-into-asm-functions.patch: Add support for livepatches
  in ASM written functions (bsc#1211726)

- getlogin-no-loginuid.patch: getlogin_r: fix missing fallback if loginuid
  is unset (bsc#1209229, BZ #30235)

- Exclude static archives from preparation for live patching (bnc#1208721)

- amd-cacheinfo.patch: x86: Cache computation for AMD architecture
  (bsc#1207957)

- gmon-hash-table-size.patch: gmon: Fix allocated buffer overflow
  (CVE-2023-0687, bsc#1207975, BZ #29444)

- strncmp-avx2-boundary.patch: Fix avx2 strncmp offset compare condition
  check (bsc#1208358, BZ #25933)

- dlopen-filter-object.patch: elf: Allow dlopen of filter object to work
  (bsc#1207571, BZ #16272)
- powerpc-tst-ucontext.patch: powerpc: Fix unrecognized instruction errors
  with recent GCC
gnu-compilers-hpc
- Create correct links for cc and c++ and make sure failure of last
  test in %posttrans is not returned as status of scriptlet
  (bsc#1214816).

- Fix %posttrans script (`done` instead of `fi`) (bsc#1212351).

- Add support for gcc13

- Fix compatibility for SLE-12: define _rpmmacrodir after hpc_init.

- Add support for gcc12 (jsc#PED-2834).

- fix _multibuild with a correct list of gcc version

- Use %_rpmmacrodir instead of %{_sysconfdir}/rpm (boo#1191381).
gpg2
- Suppress error message on trial reading as PEM format when using
  dirmngr to validate broken DER encoded files (bsc#1217212)
  * Add patches:
  - gnupg-dirmngr-Suppress-error-message-on-trial-reading-as-PEM.patch
  - gnupg-dirmngr-Clear-the-error-count-to-try-certificate-as-binary.patch
grub2
- Fix CVE-2023-4692 (bsc#1215935)
- Fix CVE-2023-4693 (bsc#1215936)
  * 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch
  * 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch
  * 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch
  * 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch
  * 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
  * 0006-fs-ntfs-Make-code-more-readable.patch
- Bump upstream SBAT generation to 4

- grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563)

- Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064)
  (bsc#1209234)
  * 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch
- Fix installation over serial console ends up in infinite boot loop
  (bsc#1187810) (bsc#1209667) (bsc#1209372)
  * 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch

- Fix aarch64 kiwi image's file not found due to '/@' prepended to path in
  btrfs filesystem. (bsc#1209165)
  * grub2-btrfs-05-grub2-mkconfig.patch

- Make grub more robust against storage race condition causing system boot
  failures (bsc#1189036)
  * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch

- Make grub.cfg invariant to efi and legacy platforms (bsc#1205200)
- Removed patch linuxefi
  * grub2-secureboot-provide-linuxefi-config.patch
  * grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch
  * grub2-secureboot-use-linuxefi-on-uefi.patch
- Rediff
  * grub2-btrfs-05-grub2-mkconfig.patch
  * grub2-efi-xen-cmdline.patch
  * grub2-s390x-05-grub2-mkconfig.patch
  * grub2-suse-remove-linux-root-param.patch

- Move unsupported zfs modules into 'extras' packages
  (bsc#1205554) (PED-2947)

- Security fixes and hardenings
  * 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
  * 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
- Fix CVE-2022-2601 (bsc#1205178)
  * 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch
  * 0004-font-Remove-grub_font_dup_glyph.patch
  * 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch
  * 0006-font-Fix-integer-overflow-in-BMP-index.patch
  * 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch
  * 0008-fbutil-Fix-integer-overflow.patch
- Fix CVE-2022-3775 (bsc#1205182)
  * 0009-font-Fix-an-integer-underflow-in-blit_comb.patch
  * 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
  * 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
  * 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
- Bump upstream SBAT generation to 3
hwinfo
- merge gh#openSUSE/hwinfo#132
- avoid linking problems with libsamba (bsc#1212756)
- 21.85

- merge gh#openSUSE/hwinfo#127
- create xen usb controller device if necessary (bsc#1204294)
- 21.84

- merge gh#openSUSE/hwinfo#115
- improve treatment of NVME devices (bsc#1200975)
- fix compiler warnings
- 21.83
irqbalance
- Last changes log was wrong, this part has been added to SP4
  changes but were missing in SP2/SP3 and are added now (bsc#1208717):
  Fix segfault from previous update (bsc#1206668)
  A Fix-uninitialized-variable.patch

- Fix segfault from previous update (bsc#1206668)
- Fix version - Maintainer forgot to increase version to 1.4.0
  A fix_version_1_4_0
- Add mainline fixes (bnc#1204961):
  The first 2 patches are cleanup patches which should not have any
  functional change, but make life easier to backport the real fix.
  All patches are mainline:
  A    Update-classify.c.patch
  A    irqbalance-properly-check-if-irq-is-banned.patch
  A    remove-unused-path-in-check_for_irq_ban.patch
open-iscsi
- Branched SLE-15-SP3 from Factory. No longer in sync with
  Tumbleweed.
- Backported upstream commit, which sets 'safe_logout' and
  'startup' in iscsid.conf, to address bsc#1207157
- Updated year in SPEC file
issue-generator
- Update to version 1.13
  - SELinux: Do not call agetty --reload [bsc#1186178]

- Update to version 1.12
  - Update manual page
  - Use python3 instead of python 2.x

- Update to version 1.11
  - Don't display issue.d/*.issue files, agetty will do that [bsc#1177891]
  - Ignore /run/issue.d in issue-generator.path, else issue-generator will
    be called too fast too often [bsc#1177865]
  - Ignore *.bak, *~ and *.rpm* files [bsc#1118862]

- Handle the .path unit in scriptlets as well

- Update to version 1.10
  - Display wlan interfaces [bsc#1169070]

- Update to version 1.9
  - Fix path for systemd files

- Update to version 1.8
  - Handle network interface renames
kernel-default
- Update
  patches.suse/0020-dm-btree-remove-fix-use-after-free-in-rebalance_chil.patch
  (git-fixes CVE-2021-47600 bsc#1226575).
- Update
  patches.suse/0022-block-Fix-wrong-offset-in-bio_truncate.patch
  (git-fixes CVE-2022-48747 bsc#1226643).
- Update
  patches.suse/ARM-9170-1-fix-panic-when-kasan-and-kprobe-are-enabled.patch
  (git-fixes CVE-2021-47618 bsc#1226644).
- Update
  patches.suse/ASoC-max9759-fix-underflow-in-speaker_gain_control_p.patch
  (git-fixes CVE-2022-48717 bsc#1226679).
- Update
  patches.suse/ASoC-ops-Reject-out-of-bounds-values-in-snd_soc_put_-4cf28e9ae6e2.patch
  (git-fixes CVE-2022-48736 bsc#1226721).
- Update
  patches.suse/ASoC-ops-Reject-out-of-bounds-values-in-snd_soc_put_-4f1e50d6a9cf.patch
  (git-fixes CVE-2022-48737 bsc#1226762).
- Update
  patches.suse/ASoC-ops-Reject-out-of-bounds-values-in-snd_soc_put_.patch
  (git-fixes CVE-2022-48738 bsc#1226674).
- Update
  patches.suse/Bluetooth-refactor-malicious-adv-data-check.patch
  (git-fixes CVE-2021-47620 bsc#1226669).
- Update patches.suse/IB-hfi1-Fix-AIP-early-init-panic.patch
  (jsc#SLE-13208 CVE-2022-48728 bsc#1226691).
- Update
  patches.suse/PCI-pciehp-Fix-infinite-loop-in-IRQ-handler-upon-pow.patch
  (git-fixes CVE-2021-47617 bsc#1226614).
- Update
  patches.suse/RDMA-ucma-Protect-mc-during-concurrent-multicast-lea.patch
  (bsc#1181147 CVE-2022-48726 bsc#1226686).
- Update
  patches.suse/ceph-properly-put-ceph_string-reference-after-async-create-attempt.patch
  (bsc#1195798 CVE-2022-48767 bsc#1226715).
- Update
  patches.suse/dma-buf-heaps-Fix-potential-spectre-v1-gadget.patch
  (git-fixes CVE-2022-48730 bsc#1226713).
- Update
  patches.suse/drm-msm-dpu-invalid-parameter-check-in-dpu_setup_dsp.patch
  (git-fixes CVE-2022-48749 bsc#1226650).
- Update
  patches.suse/drm-msm-dsi-invalid-parameter-check-in-msm_dsi_phy_e.patch
  (git-fixes CVE-2022-48756 bsc#1226698).
- Update
  patches.suse/drm-nouveau-fix-off-by-one-in-BIOS-boundary-checking.patch
  (git-fixes CVE-2022-48732 bsc#1226716).
- Update
  patches.suse/firmware-arm_scpi-Fix-string-overflow-in-SCPI-genpd-.patch
  (git-fixes CVE-2021-47609 bsc#1226562).
- Update patches.suse/i40e-Fix-queues-reservation-for-XDP.patch
  (git-fixes CVE-2021-47619 bsc#1226645).
- Update patches.suse/igbvf-fix-double-free-in-igbvf_probe.patch
  (git-fixes CVE-2021-47589 bsc#1226557).
- Update
  patches.suse/iommu-vt-d-fix-potential-memory-leak-in-intel_setup_irq_remapping
  (git-fixes CVE-2022-48724 bsc#1226624).
- Update
  patches.suse/mac80211-track-only-QoS-data-frames-for-admission-co.patch
  (git-fixes CVE-2021-47602 bsc#1226554).
- Update
  patches.suse/mac80211-validate-extended-element-ID-is-present.patch
  (git-fixes CVE-2021-47611 bsc#1226583).
- Update
  patches.suse/net-bridge-vlan-fix-memory-leak-in-__allowed_ingress.patch
  (bsc#1176447 CVE-2022-48748 bsc#1226647).
- Update
  patches.suse/net-hns3-fix-use-after-free-bug-in-hclgevf_send_mbx_.patch
  (jsc#SLE-14777 CVE-2021-47596 bsc#1226558).
- Update
  patches.suse/net-ieee802154-ca8210-Stop-leaking-skb-s.patch
  (git-fixes CVE-2022-48722 bsc#1226619).
- Update
  patches.suse/net-mlx5e-Fix-handling-of-wrong-devices-during-bond-.patch
  (jsc#SLE-15172 CVE-2022-48746 bsc#1226703).
- Update
  patches.suse/net-sched-sch_ets-don-t-remove-idle-classes-from-the.patch
  (bsc#1176774 CVE-2021-47595 bsc#1226552).
- Update
  patches.suse/nfc-fix-segfault-in-nfc_genl_dump_devices_done.patch
  (git-fixes CVE-2021-47612 bsc#1226585).
- Update patches.suse/phylib-fix-potential-use-after-free.patch
  (git-fixes CVE-2022-48754 bsc#1226692).
- Update
  patches.suse/powerpc-perf-Fix-power_pmu_disable-to-call-clear_pmi.patch
  (bsc#1156395 CVE-2022-48752 bsc#1226709).
- Update
  patches.suse/rpmsg-char-Fix-race-between-the-release-of-rpmsg_ctr.patch
  (git-fixes CVE-2022-48759 bsc#1226711).
- Update
  patches.suse/scsi-bnx2fc-Flush-destroy_work-queue-before-calling-bnx2fc_interface_put
  (git-fixes CVE-2022-48758 bsc#1226708).
- Update patches.suse/scsi-bnx2fc-Make-bnx2fc_recv_frame-mp-safe
  (git-fixes CVE-2022-48715 bsc#1226621).
- Update
  patches.suse/scsi-scsi_debug-Sanity-check-block-descriptor-length-in-resp_mode_select.patch
  (git-fixes CVE-2021-47576 bsc#1226537).
- Update
  patches.suse/smb-client-set-correct-id-uid-and-cruid-for-multiuser-automounts.patch
  (git-fixes CVE-2024-26822 bsc#1223011).
- Update
  patches.suse/tracing-histogram-Fix-a-potential-memory-leak-for-kstrdup.patch
  (git-fixes CVE-2022-48768 bsc#1226720).
- commit 3239c2b

- Update
  patches.suse/drm-vmwgfx-Fix-stale-file-descriptors-on-failed-user.patch
  (CVE-2022-22942 bsc#1195065 CVE-2022-48771 bsc#1226732).
- Update
  patches.suse/isdn-cpai-check-ctr-cnr-to-avoid-array-index-out-of-.patch
  (CVE-2021-43389 CVE-2021-3896 bsc#1191958 git-fixes
  CVE-2021-4439 bsc#1226670).
- Update
  patches.suse/media-mxl111sf-change-mutex_init-location.patch
  (git-fixes CVE-2021-47583 bsc#1226563).
- Update
  patches.suse/of-module-prevent-NULL-pointer-dereference-in-vsnprintf.patch
  (bsc#1226587 CVE-2024-38541 CVE-2024-35878 bsc#1224671).
- Update
  patches.suse/tipc-improve-size-validations-for-received-domain-re.patch
  (bsc#1195254 CVE-2022-0435 CVE-2022-48711 bsc#1226672).
- commit 4e385ef

- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()
  (CVE-2024-36904 bsc#1225732).
- commit 80f0f47

- tcp: do not accept ACK of bytes we never sent (CVE-2023-52881
  bsc#1225611).
- commit 874a2d3

- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
  (bsc#1222015 bsc#1226962).
- commit c8cabcf

- USB: core: Fix hang in usb_kill_urb by adding memory barriers
  (CVE-2022-48760 bsc#1226712).
- commit da8ec3e

- scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758
  CVE-2024-38559).
- scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786
  CVE-2024-38560).
- commit 0e33f69

- Update References tag
  patches.suse/Bluetooth-Disconnect-if-E0-is-used-for-Level-4.patch
  (bsc#1171988 CVE-2020-10135 bsc#1218148 CVE-2023-24023).
- commit 906dfa6

- RDMA/hns: Fix UAF for cq async event (bsc#1226595 CVE-2024-38545)
- commit d57d06d

- of: module: prevent NULL pointer dereference in vsnprintf() (bsc#1226587 CVE-2024-38541)
- commit c381bb4

- of: module: add buffer overflow check in of_modalias() (bsc#1226587 CVE-2024-38541)
- commit 212b607

- net/mlx5e: Fix use-after-free of encap entry in neigh update
  handler (bsc#1224865 CVE-2021-47247).
- commit 91cae43

- net: qcom/emac: fix UAF in emac_remove (bsc#1225010
  CVE-2021-47311).
- commit 5533443

- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633
  bsc#1226226).
- commit 1b48f4e

- net: macb: fix use after free on rmmod (CVE-2021-47372
  bsc#1225184).
- commit c9f62c2

- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high
  (bsc#1219224).
- commit 124c57b

- smb: client: fix potential UAF in smb2_is_network_name_deleted()
  (bsc#1224764, CVE-2024-35862).
- commit 8a40236

- smb: client: fix potential UAF in smb2_is_valid_lease_break()
  (bsc#1224765, CVE-2024-35864).
- commit 8030dd8

- smb: client: fix potential UAF in
  cifs_signal_cifsd_for_reconnect() (bsc#1224766, CVE-2024-35861).
- commit d1384a0

- smb: client: fix use-after-free bug in
  cifs_debug_data_proc_show() (bsc#1225487, CVE-2023-52752).
- commit c058f4e

- blacklist.conf: bsc#1225047 CVE-2021-47328
  breaks kABI and does not apply
- commit 8d10b79

- blk-cgroup: fix UAF by grabbing blkcg lock before destroying
  blkg pd (CVE-2021-47379 bsc#1225203).
- commit af72a45

- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN
  changes (CVE-2024-35789 bsc#1224749).
- commit 7707dc6

- fs/9p: only translate RWX permissions for plain 9P2000
  (bsc#1225866 CVE-2024-36964).
- commit c4d4f4c

- pinctrl: core: delete incorrect free in pinctrl_enable()
  (CVE-2024-36940 bsc#1225840).
- commit 6932105

- staging: rtl8192e: Fix use after free in
  _rtl92e_pci_disconnect() (CVE-2021-47571 bsc#1225518).
- commit b52b9d0

- enetc: Fix illegal access when reading affinity_hint
  (CVE-2021-47368 bsc#1225161).
- commit cde762c

- Bluetooth: Add more enc key size check (bsc#1218148
  CVE-2023-24023).
- commit 529bf5d

- Bluetooth: Normalize HCI_OP_READ_ENC_KEY_SIZE cmdcmplt
  (bsc#1218148 CVE-2023-24023).
- commit 4ac624b

- blacklist.conf: Add 1971d13ffa84a "af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc()."
- commit 1f2871b

- usb: gadget: f_fs: Fix race between aio_cancel() and AIO
  request complete (CVE-2024-36894 bsc#1225749).
- commit 99fc30d

- net: preserve kabi for sk_buff (CVE-2024-26921 bsc#1223138).
- commit 62989dd

- inet: inet_defrag: prevent sk release while still in use
  (CVE-2024-26921 bsc#1223138).
- commit 599b2eb

- drm/client: Fully protect modes with dev->mode_config.mutex (CVE-2024-35950 bsc#1224703).
- commit f5de9d8

- smb: client: set correct id, uid and cruid for multiuser
  automounts (git-fixes).
- commit 548a1f6

- smb: client: fix dfs link mount against w2k8 (git-fixes).
- commit ffabd7c

- cifs: use tcon allocation functions even for dummy tcon
  (bsc#1213476).
- commit 8a18c8c

- cifs: avoid race conditions with parallel reconnects
  (bsc#1213476).
- commit 0156937

- cifs: check only tcon status on tcon related functions
  (bsc#1213476).
- commit 3ee757c

- cifs: return DFS root session id in DebugData (bsc#1213476).
- commit 40d8689

- cifs: fix use-after-free bug in refresh_cache_worker()
  (bsc#1213476).
- Refresh
  patches.suse/cifs-avoid-dup-prefix-path-in-dfs_get_automount_devname-.patch.
- commit efddc92

- cifs: set DFS root session in cifs_get_smb_ses() (bsc#1213476).
- commit 249b33f

- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too
  (bsc#1213476).
- commit c221add

- cifs: match even the scope id for ipv6 addresses (bsc#1213476).
- commit 376b929

- cifs: get rid of dns resolve worker (bsc#1213476).
- commit 36fdff3

- nvme-rdma: destroy cm id before destroy qp to avoid use after
  free (CVE-2021-47378 bsc#1225201).
- commit 132f56c

- net/tls: Fix flipped sign in tls_err_abort() calls
  (CVE-2021-47496 bsc#1225354)
- commit c2b236a

- net: sched: flower: protect fl_walk() with rcu
  (CVE-2021-47402 bsc#1225301)
- commit 5275989

- Update
  patches.suse/0001-x86-ioremap-Map-efi_mem_reserve-memory-as-encrypted-.patch
  (bsc#1186885 bsc#1224826 CVE-2021-47228).
- Update
  patches.suse/0002-bcache-avoid-oversized-read-request-in-cache-miss.patch
  (bsc#1187357 bsc#1185570 bsc#1184631 bsc#1224965
  CVE-2021-47275).
- Update
  patches.suse/0002-ocfs2-fix-race-between-searching-chunks-and-release-.patch
  (bsc#1199304 bsc#1225439 CVE-2021-47493).
- Update
  patches.suse/0003-drm-prime-Fix-use-after-free-in-mmap-with-drm_gem_tt.patch
  (bsc#1152472 bsc#1222838 CVE-2021-47200).
- Update
  patches.suse/0015-dm-btree-remove-assign-new_root-only-when-removal-su.patch
  (git-fixes bsc#1225155 CVE-2021-47343).
- Update
  patches.suse/0019-dm-fix-mempool-NULL-pointer-race-when-completing-IO.patch
  (git-fixes bsc#1225247 CVE-2021-47435).
- Update patches.suse/ACPI-fix-NULL-pointer-dereference.patch
  (git-fixes bsc#1224984 CVE-2021-47289).
- Update
  patches.suse/ALSA-pcm-oss-Limit-the-period-size-to-16MB.patch
  (git-fixes bsc#1225409 CVE-2021-47509).
- Update
  patches.suse/ALSA-seq-Fix-race-of-snd_seq_timer_open.patch
  (git-fixes bsc#1224983 CVE-2021-47281).
- Update
  patches.suse/ALSA-usx2y-Don-t-call-free_pages_exact-with-NULL-add.patch
  (git-fixes bsc#1225091 CVE-2021-47332).
- Update
  patches.suse/ASoC-SOF-Fix-DSP-oops-stack-dump-output-contents.patch
  (git-fixes bsc#1225206 CVE-2021-47381).
- Update
  patches.suse/ASoC-codecs-wcd934x-handle-channel-mappping-list-cor.patch
  (git-fixes bsc#1225369 CVE-2021-47502).
- Update
  patches.suse/HID-betop-fix-slab-out-of-bounds-Write-in-betop_prob.patch
  (git-fixes bsc#1225303 CVE-2021-47404).
- Update
  patches.suse/HID-bigbenff-prevent-null-pointer-dereference.patch
  (CVE-2022-20132 bsc#1200619 bsc#1225437 CVE-2021-47522).
- Update
  patches.suse/HID-usbhid-free-raw_report-buffers-in-usbhid_stop.patch
  (git-fixes bsc#1225238 CVE-2021-47405).
- Update
  patches.suse/IB-hfi1-Fix-leak-of-rcvhdrtail_dummy_kvaddr.patch
  (git-fixes bsc#1225438 CVE-2021-47523).
- Update
  patches.suse/IB-qib-Fix-memory-leak-in-qib_user_sdma_queue_pkts.patch
  (CVE-2021-47485 bsc#1224904 bsc#1220960 CVE-2021-47104).
- Update
  patches.suse/KVM-PPC-Book3S-HV-Fix-stack-handling-in-idle_kvm_sta.patch
  (bko#206669 bsc#1174585 bsc#1192107 CVE-2021-43056 bsc#1225341
  CVE-2021-47465).
- Update
  patches.suse/KVM-mmio-Fix-use-after-free-Read-in-kvm_vm_ioctl_unr.patch
  (git-fixes bsc#1224923 CVE-2021-47341).
- Update
  patches.suse/KVM-x86-Immediately-reset-the-MMU-context-when-the-S.patch
  (git-fixes bsc#1224853 CVE-2021-47230).
- Update
  patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_in_s.patch
  (git-fixes bsc#1225263 CVE-2021-47442).
- Update
  patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_tg_l.patch
  (git-fixes bsc#1225262 CVE-2021-47443).
- Update
  patches.suse/NFS-Fix-use-after-free-in-nfs4_init_client.patch
  (git-fixes bsc#1224953 CVE-2021-47259).
- Update
  patches.suse/RDMA-Verify-port-when-creating-flow-rule.patch
  (git-fixes bsc#1224957 CVE-2021-47265).
- Update
  patches.suse/RDMA-cma-Ensure-rdma_addr_cancel-happens-before-issu.patch
  (git-fixes bsc#1210629 CVE-2023-2176 bsc#1225318
  CVE-2021-47391).
- Update
  patches.suse/RDMA-cma-Fix-listener-leak-in-rdma_cma_listen_on_all.patch
  (bsc#1181147 bsc#1225320 CVE-2021-47392).
- Update
  patches.suse/aio-fix-use-after-free-due-to-missing-POLLFREE-handl.patch
  (CVE-2021-39698 bsc#1196956 bsc#1225400 CVE-2021-47505).
- Update
  patches.suse/audit-fix-possible-null-pointer-dereference-in-audit.patch
  (git-fixes bsc#1225393 CVE-2021-47464).
- Update
  patches.suse/blktrace-Fix-uaf-in-blk_trace-access-after-removing-.patch
  (bsc#1191452 bsc#1225193 CVE-2021-47375).
- Update
  patches.suse/bpf-s390-Fix-potential-memory-leak-about-jit_data.patch
  (git-fixes bsc#1225370 CVE-2021-47426).
- Update patches.suse/can-peak_pci-peak_pci_remove-fix-UAF.patch
  (git-fixes bsc#1225256 CVE-2021-47456).
- Update
  patches.suse/can-sja1000-fix-use-after-free-in-ems_pcmcia_add_car.patch
  (git-fixes bsc#1225435 CVE-2021-47521).
- Update
  patches.suse/cfg80211-fix-management-registrations-locking.patch
  (git-fixes bsc#1225450 CVE-2021-47494).
- Update
  patches.suse/cifs-prevent-NULL-deref-in-cifs_compose_mount_options-.patch
  (bsc#1185902 bsc#1224961 CVE-2021-47307).
- Update
  patches.suse/cpufreq-schedutil-Use-kobject-release-method-to-free.patch
  (git-fixes bsc#1225316 CVE-2021-47387).
- Update
  patches.suse/dm-rq-don-t-queue-request-to-blk-mq-during-DM-suspen.patch
  (bsc#1221113 bsc#1225357 CVE-2021-47498).
- Update
  patches.suse/dma-buf-sync_file-Don-t-leak-fences-on-merge-failure.patch
  (git-fixes bsc#1224968 CVE-2021-47305).
- Update
  patches.suse/drm-Fix-use-after-free-read-in-drm_getunique.patch
  (git-fixes bsc#1224982 CVE-2021-47280).
- Update
  patches.suse/drm-amd-display-Avoid-HDCP-over-read-and-corruption.patch
  (git-fixes bsc#1225178 CVE-2021-47348).
- Update
  patches.suse/drm-amd-display-Fix-potential-memory-leak-in-DMUB-hw.patch
  (git-fixes bsc#1224886 CVE-2021-47253).
- Update patches.suse/drm-amdgpu-fix-gart.bo-pin_count-leak.patch
  (git-fixes bsc#1225390 CVE-2021-47431).
- Update
  patches.suse/drm-edid-In-connector_bad_edid-cap-num_of_ext-by-num.patch
  (git-fixes bsc#1225243 CVE-2021-47444).
- Update
  patches.suse/drm-msm-Fix-null-pointer-dereference-on-pointer-edp.patch
  (git-fixes bsc#1225261 CVE-2021-47445).
- Update
  patches.suse/drm-msm-a6xx-Allocate-enough-space-for-GMU-registers.patch
  (git-fixes bsc#1225446 CVE-2021-47535).
- Update
  patches.suse/drm-nouveau-avoid-a-use-after-free-when-BO-init-fail.patch
  (bsc#1152472 bsc#1224816 CVE-2020-36788).
- Update
  patches.suse/drm-nouveau-debugfs-fix-file-release-memory-leak.patch
  (git-fixes bsc#1225366 CVE-2021-47423).
- Update
  patches.suse/drm-nouveau-kms-nv50-fix-file-release-memory-leak.patch
  (git-fixes bsc#1225233 CVE-2021-47422).
- Update
  patches.suse/drm-radeon-fix-a-possible-null-pointer-dereference.patch
  (git-fixes bsc#1225230 CVE-2022-48710).
- Update patches.suse/drm-sched-Avoid-data-corruptions.patch
  (git-fixes bsc#1225140 CVE-2021-47354).
- Update
  patches.suse/ethtool-strset-fix-message-length-calculation.patch
  (bsc#1176447 bsc#1224842 CVE-2021-47241).
- Update
  patches.suse/fbmem-Do-not-delete-the-mode-that-is-still-in-use.patch
  (git-fixes bsc#1224924 CVE-2021-47338).
- Update
  patches.suse/ftrace-Do-not-blindly-read-the-ip-address-in-ftrace_bug.patch
  (git-fixes bsc#1224966 CVE-2021-47276).
- Update
  patches.suse/gpio-wcd934x-Fix-shift-out-of-bounds-error.patch
  (git-fixes bsc#1224955 CVE-2021-47263).
- Update
  patches.suse/hwmon-mlxreg-fan-Return-non-zero-value-when-fan-curr.patch
  (git-fixes bsc#1225321 CVE-2021-47393).
- Update
  patches.suse/i2c-acpi-fix-resource-leak-in-reconfiguration-device.patch
  (git-fixes bsc#1225223 CVE-2021-47425).
- Update
  patches.suse/i40e-Fix-NULL-pointer-dereference-in-i40e_dbg_dump_d.patch
  (git-fixes bsc#1225361 CVE-2021-47501).
- Update
  patches.suse/i40e-Fix-freeing-of-uninitialized-misc-IRQ-vector.patch
  (git-fixes bsc#1225367 CVE-2021-47424).
- Update patches.suse/ice-avoid-bpf_prog-refcount-underflow.patch
  (jsc#SLE-7926 bsc#1225500 CVE-2021-47563).
- Update patches.suse/ice-fix-vsi-txq_map-sizing.patch
  (jsc#SLE-7926 bsc#1225499 CVE-2021-47562).
- Update
  patches.suse/igb-Fix-use-after-free-error-during-reset.patch
  (git-fixes bsc#1224916 CVE-2021-47301).
- Update
  patches.suse/igc-Fix-use-after-free-error-during-reset.patch
  (git-fixes bsc#1224917 CVE-2021-47302).
- Update
  patches.suse/iio-accel-kxcjk-1013-Fix-possible-memory-leak-in-pro.patch
  (git-fixes bsc#1225358 CVE-2021-47499).
- Update
  patches.suse/isdn-mISDN-Fix-sleeping-function-called-from-invalid.patch
  (git-fixes bsc#1225346 CVE-2021-47468).
- Update
  patches.suse/isdn-mISDN-netjet-Fix-crash-in-nj_probe.patch
  (git-fixes bsc#1224987 CVE-2021-47284).
- Update
  patches.suse/isofs-Fix-out-of-bound-access-for-corrupted-isofs-im.patch
  (bsc#1194591 bsc#1225198 CVE-2021-47478).
- Update
  patches.suse/ixgbe-Fix-NULL-pointer-dereference-in-ixgbe_xdp_setu.patch
  (git-fixes bsc#1225328 CVE-2021-47399).
- Update patches.suse/jfs-fix-GPF-in-diFree.patch (bsc#1203389
  bsc#1225148 CVE-2021-47340).
- Update
  patches.suse/mISDN-fix-possible-use-after-free-in-HFC_cleanup.patch
  (git-fixes bsc#1225143 CVE-2021-47356).
- Update
  patches.suse/mac80211-fix-use-after-free-in-CCMP-GCMP-RX.patch
  (git-fixes bsc#1225214 CVE-2021-47388).
- Update
  patches.suse/mac80211-hwsim-fix-late-beacon-hrtimer-handling.patch
  (git-fixes bsc#1225327 CVE-2021-47396).
- Update
  patches.suse/mac80211-limit-injected-vht-mcs-nss-in-ieee80211_par.patch
  (git-fixes bsc#1225326 CVE-2021-47395).
- Update
  patches.suse/media-zr364xx-fix-memory-leak-in-zr364xx_start_readp.patch
  (git-fixes bsc#1224922 CVE-2021-47344).
- Update
  patches.suse/misc-alcor_pci-fix-null-ptr-deref-when-there-is-no-P.patch
  (git-fixes bsc#1225113 CVE-2021-47333).
- Update
  patches.suse/misc-libmasm-module-Fix-two-use-after-free-in-ibmasm.patch
  (git-fixes bsc#1225112 CVE-2021-47334).
- Update
  patches.suse/mlxsw-thermal-Fix-out-of-bounds-memory-accesses.patch
  (git-fixes bsc#1225224 CVE-2021-47441).
- Update
  patches.suse/mt76-mt7915-fix-NULL-pointer-dereference-in-mt7915_g.patch
  (git-fixes bsc#1225386 CVE-2021-47540).
- Update patches.suse/net-batman-adv-fix-error-handling.patch
  (git-fixes bsc#1224909 CVE-2021-47482).
- Update
  patches.suse/net-ethernet-fix-potential-use-after-free-in-ec_bhf_.patch
  (git-fixes bsc#1224844 CVE-2021-47235).
- Update
  patches.suse/net-hamradio-fix-memory-leak-in-mkiss_close.patch
  (CVE-2022-1195 bsc#1198029 bsc#1224830 CVE-2021-47237).
- Update
  patches.suse/net-mlx4_en-Fix-an-use-after-free-bug-in-mlx4_en_try.patch
  (git-fixes bsc#1225453 CVE-2021-47541).
- Update
  patches.suse/net-nfc-rawsock.c-fix-a-permission-check-bug.patch
  (git-fixes bsc#1224981 CVE-2021-47285).
- Update
  patches.suse/net-qlogic-qlcnic-Fix-a-NULL-pointer-dereference-in-.patch
  (git-fixes bsc#1225455 CVE-2021-47542).
- Update
  patches.suse/net-sched-fq_pie-prevent-dismantle-issue.patch
  (jsc#SLE-15172 bsc#1225424 CVE-2021-47512).
- Update
  patches.suse/net-sched-sch_ets-don-t-peek-at-classes-beyond-nband.patch
  (bsc#1176774 bsc#1225468 CVE-2021-47557).
- Update
  patches.suse/net-smc-fix-wrong-list_del-in-smc_lgr_cleanup_early
  (git-fixes bsc#1225447 CVE-2021-47536).
- Update
  patches.suse/netfilter-xt_IDLETIMER-fix-panic-that-occurs-when-ti.patch
  (bsc#1176447 bsc#1225237 CVE-2021-47451).
- Update
  patches.suse/nfc-fix-potential-NULL-pointer-deref-in-nfc_genl_dum.patch
  (git-fixes bsc#1225372 CVE-2021-47518).
- Update
  patches.suse/nfp-Fix-memory-leak-in-nfp_cpp_area_cache_add.patch
  (git-fixes bsc#1225427 CVE-2021-47516).
- Update
  patches.suse/nfs-fix-acl-memory-leak-of-posix_acl_create.patch
  (git-fixes bsc#1225058 CVE-2021-47320).
- Update patches.suse/nfsd-Fix-nsfd-startup-race-again.patch
  (git-fixes bsc#1225405 CVE-2021-47507).
- Update
  patches.suse/nfsd-fix-use-after-free-due-to-delegation-race.patch
  (git-fixes bsc#1225404 CVE-2021-47506).
- Update
  patches.suse/ocfs2-fix-data-corruption-after-conversion-from-inli.patch
  (bsc#1190795 bsc#1225251 CVE-2021-47460).
- Update
  patches.suse/ocfs2-mount-fails-with-buffer-overflow-in-strlen.patch
  (bsc#1197760 bsc#1225252 CVE-2021-47458).
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
  bsc#1225336 CVE-2021-47416).
- Update
  patches.suse/powerpc-64s-fix-program-check-interrupt-emergency-st.patch
  (bsc#1156395 bsc#1225387 CVE-2021-47428).
- Update
  patches.suse/powerpc-mm-Fix-lockup-on-kernel-exec-fault.patch
  (bsc#1156395 bsc#1225181 CVE-2021-47350).
- Update
  patches.suse/regmap-Fix-possible-double-free-in-regcache_rbtree_e.patch
  (git-fixes bsc#1224907 CVE-2021-47483).
- Update
  patches.suse/rxrpc-Fix-rxrpc_local-leak-in-rxrpc_lookup_peer.patch
  (bsc#1154353 bnc#1151927 5.3.9 bsc#1225448 CVE-2021-47538).
- Update
  patches.suse/s390-dasd-fix-Oops-in-dasd_alias_get_start_dev-due-to-missing-pavgroup
  (git-fixes bsc#1223512 CVE-2022-48636).
- Update
  patches.suse/s390-qeth-fix-NULL-deref-in-qeth_clear_working_pool_list
  (git-fixes bsc#1225164 CVE-2021-47369).
- Update
  patches.suse/s390-qeth-fix-deadlock-during-failing-recovery
  (git-fixes bsc#1225207 CVE-2021-47382).
- Update
  patches.suse/sata_fsl-fix-UAF-in-sata_fsl_port_stop-when-rmmod-sa.patch
  (git-fixes bsc#1225508 CVE-2021-47549).
- Update
  patches.suse/scsi-core-Fix-bad-pointer-dereference-when-ehandler-kthread-is-invalid.patch
  (git-fixes bsc#1224926 CVE-2021-47337).
- Update
  patches.suse/scsi-core-Fix-error-handling-of-scsi_host_alloc.patch
  (git-fixes bsc#1224899 CVE-2021-47258).
- Update
  patches.suse/scsi-core-Put-LLD-module-refcnt-after-SCSI-device-is-released.patch
  (git-fixes bsc#1225322 CVE-2021-47480).
- Update
  patches.suse/scsi-core-sysfs-Fix-hang-when-device-state-is-set-via-sysfs.patch
  (git-fixes bsc#1222867 CVE-2021-47192).
- Update
  patches.suse/scsi-libfc-Fix-array-index-out-of-bound-exception.patch
  (bsc#1188616 bsc#1224963 CVE-2021-47308).
- Update
  patches.suse/scsi-megaraid_sas-Fix-resource-leak-in-case-of-probe-failure.patch
  (git-fixes bsc#1225083 CVE-2021-47329).
- Update
  patches.suse/scsi-mpt3sas-Fix-kernel-panic-during-drive-powercycle-test
  (git-fixes bsc#1225384 CVE-2021-47565).
- Update
  patches.suse/scsi-pm80xx-Do-not-call-scsi_remove_host-in-pm8001_alloc
  (git-fixes bsc#1225374 CVE-2021-47503).
- Update
  patches.suse/scsi-qla2xxx-Fix-a-memory-leak-in-an-error-path-of-qla2x00_process_els
  (git-fixes bsc#1225192 CVE-2021-47473).
- Update
  patches.suse/serial-core-fix-transmit-buffer-reset-and-memleak.patch
  (git-fixes bsc#1194288 CVE-2021-47527).
- Update
  patches.suse/tracing-Correct-the-length-check-which-causes-memory-corruption.patch
  (git-fixes bsc#1224990 CVE-2021-47274).
- Update
  patches.suse/tty-n_gsm-require-CAP_NET_ADMIN-to-attach-N_GSM0710-.patch
  (bsc#1222619 CVE-2023-52880).
- Update
  patches.suse/tty-serial-8250-serial_cs-Fix-a-memory-leak-in-error.patch
  (git-fixes bsc#1225084 CVE-2021-47330).
- Update
  patches.suse/udf-Fix-NULL-pointer-dereference-in-udf_symlink-func.patch
  (bsc#1206646 bsc#1225128 CVE-2021-47353).
- Update
  patches.suse/usb-chipidea-ci_hdrc_imx-Also-search-for-phys-phandl.patch
  (git-fixes bsc#1225333 CVE-2021-47413).
- Update
  patches.suse/usb-dwc2-check-return-value-after-calling-platform_g.patch
  (git-fixes bsc#1225330 CVE-2021-47409).
- Update
  patches.suse/usb-dwc3-ep0-fix-NULL-pointer-exception.patch
  (git-fixes bsc#1224996 CVE-2021-47269).
- Update
  patches.suse/usb-fix-various-gadget-panics-on-10gbps-cabling.patch
  (git-fixes bsc#1224993 CVE-2021-47267).
- Update
  patches.suse/usb-fix-various-gadgets-null-ptr-deref-on-10gbps-cab.patch
  (git-fixes bsc#1224997 CVE-2021-47270).
- Update patches.suse/usb-musb-dsps-Fix-the-probe-error-path.patch
  (git-fixes bsc#1225244 CVE-2021-47436).
- Update patches.suse/usbnet-sanity-check-for-maxpacket.patch
  (git-fixes bsc#1225351 CVE-2021-47495).
- Update
  patches.suse/watchdog-Fix-possible-use-after-free-by-calling-del_.patch
  (git-fixes bsc#1225060 CVE-2021-47321).
- Update
  patches.suse/watchdog-Fix-possible-use-after-free-in-wdt_startup.patch
  (git-fixes bsc#1225030 CVE-2021-47324).
- Update
  patches.suse/watchdog-sc520_wdt-Fix-possible-use-after-free-in-wd.patch
  (git-fixes bsc#1225026 CVE-2021-47323).
- Update
  patches.suse/wl1251-Fix-possible-buffer-overflow-in-wl1251_cmd_sc.patch
  (git-fixes bsc#1225177 CVE-2021-47347).
- Update
  patches.suse/x86-fpu-prevent-state-corruption-in-_fpu__restore_sig.patch
  (bsc#1178134 bsc#1224852 CVE-2021-47227).
- Update
  patches.suse/xhci-Fix-command-ring-pointer-corruption-while-abort.patch
  (git-fixes bsc#1225232 CVE-2021-47434).
- commit 0b290f8

- Update
  patches.suse/0002-bcache-avoid-oversized-read-request-in-cache-miss.patch
  (bsc#1184631 bsc#1224965 CVE-2021-47275).
- Update patches.suse/ACPI-fix-NULL-pointer-dereference.patch
  (git-fixes bsc#1224984 CVE-2021-47289).
- Update
  patches.suse/ALSA-usx2y-Don-t-call-free_pages_exact-with-NULL-add.patch
  (git-fixes bsc#1225091 CVE-2021-47332).
- Update
  patches.suse/ASoC-SOF-Fix-DSP-oops-stack-dump-output-contents.patch
  (git-fixes bsc#1225206 CVE-2021-47381).
- Update
  patches.suse/HID-betop-fix-slab-out-of-bounds-Write-in-betop_prob.patch
  (git-fixes bsc#1225303 CVE-2021-47404).
- Update
  patches.suse/HID-bigbenff-prevent-null-pointer-dereference.patch
  (CVE-2022-20132 bsc#1200619 bsc#1225437 CVE-2021-47522).
- Update
  patches.suse/HID-usbhid-free-raw_report-buffers-in-usbhid_stop.patch
  (git-fixes bsc#1225238 CVE-2021-47405).
- Update
  patches.suse/IB-qib-Fix-memory-leak-in-qib_user_sdma_queue_pkts.patch
  (CVE-2021-47485 bsc#1224904 bsc#1220960 CVE-2021-47104).
- Update
  patches.suse/KVM-PPC-Book3S-HV-Fix-stack-handling-in-idle_kvm_sta.patch
  (bko#206669 bsc#1174585 bsc#1192107 CVE-2021-43056 bsc#1225341
  CVE-2021-47465).
- Update
  patches.suse/KVM-mmio-Fix-use-after-free-Read-in-kvm_vm_ioctl_unr.patch
  (git-fixes bsc#1224923 CVE-2021-47341).
- Update
  patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_in_s.patch
  (git-fixes bsc#1225263 CVE-2021-47442).
- Update
  patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_tg_l.patch
  (git-fixes bsc#1225262 CVE-2021-47443).
- Update
  patches.suse/NFS-Fix-use-after-free-in-nfs4_init_client.patch
  (git-fixes bsc#1224953 CVE-2021-47259).
- Update
  patches.suse/RDMA-cma-Ensure-rdma_addr_cancel-happens-before-issu.patch
  (bsc#1210629 CVE-2023-2176 bsc#1225318 CVE-2021-47391).
- Update
  patches.suse/aio-fix-use-after-free-due-to-missing-POLLFREE-handl.patch
  (CVE-2021-39698 bsc#1196956 bsc#1225400 CVE-2021-47505).
- Update
  patches.suse/audit-fix-possible-null-pointer-dereference-in-audit.patch
  (git-fixes bsc#1225393 CVE-2021-47464).
- Update
  patches.suse/blktrace-Fix-uaf-in-blk_trace-access-after-removing-.patch
  (bsc#1191452 bsc#1225193 CVE-2021-47375).
- Update patches.suse/can-peak_pci-peak_pci_remove-fix-UAF.patch
  (git-fixes bsc#1225256 CVE-2021-47456).
- Update
  patches.suse/cifs-prevent-NULL-deref-in-cifs_compose_mount_options-.patch
  (bsc#1185902 bsc#1224961 CVE-2021-47307).
- Update
  patches.suse/dma-buf-sync_file-Don-t-leak-fences-on-merge-failure.patch
  (git-fixes bsc#1224968 CVE-2021-47305).
- Update
  patches.suse/drm-Fix-use-after-free-read-in-drm_getunique.patch
  (git-fixes bsc#1224982 CVE-2021-47280).
- Update patches.suse/drm-amdgpu-fix-gart.bo-pin_count-leak.patch
  (git-fixes bsc#1225390 CVE-2021-47431).
- Update
  patches.suse/drm-msm-Fix-null-pointer-dereference-on-pointer-edp.patch
  (git-fixes bsc#1225261 CVE-2021-47445).
- Update
  patches.suse/drm-nouveau-debugfs-fix-file-release-memory-leak.patch
  (git-fixes bsc#1225366 CVE-2021-47423).
- Update patches.suse/drm-sched-Avoid-data-corruptions.patch
  (git-fixes bsc#1225140 CVE-2021-47354).
- Update
  patches.suse/fbmem-Do-not-delete-the-mode-that-is-still-in-use.patch
  (git-fixes bsc#1224924 CVE-2021-47338).
- Update
  patches.suse/ftrace-Do-not-blindly-read-the-ip-address-in-ftrace_bug.patch
  (git-fixes bsc#1224966 CVE-2021-47276).
- Update
  patches.suse/hwmon-mlxreg-fan-Return-non-zero-value-when-fan-curr.patch
  (git-fixes bsc#1225321 CVE-2021-47393).
- Update
  patches.suse/i2c-acpi-fix-resource-leak-in-reconfiguration-device.patch
  (git-fixes bsc#1225223 CVE-2021-47425).
- Update
  patches.suse/i40e-Fix-freeing-of-uninitialized-misc-IRQ-vector.patch
  (git-fixes bsc#1225367 CVE-2021-47424).
- Update patches.suse/ice-avoid-bpf_prog-refcount-underflow.patch
  (jsc#SLE-7926 bsc#1225500 CVE-2021-47563).
- Update patches.suse/ice-fix-vsi-txq_map-sizing.patch
  (jsc#SLE-7926 bsc#1225499 CVE-2021-47562).
- Update
  patches.suse/igb-Fix-use-after-free-error-during-reset.patch
  (git-fixes bsc#1224916 CVE-2021-47301).
- Update
  patches.suse/igc-Fix-use-after-free-error-during-reset.patch
  (git-fixes bsc#1224917 CVE-2021-47302).
- Update
  patches.suse/isdn-mISDN-Fix-sleeping-function-called-from-invalid.patch
  (git-fixes bsc#1225346 CVE-2021-47468).
- Update
  patches.suse/isdn-mISDN-netjet-Fix-crash-in-nj_probe.patch
  (git-fixes bsc#1224987 CVE-2021-47284).
- Update
  patches.suse/ixgbe-Fix-NULL-pointer-dereference-in-ixgbe_xdp_setu.patch
  (git-fixes bsc#1225328 CVE-2021-47399).
- Update
  patches.suse/mISDN-fix-possible-use-after-free-in-HFC_cleanup.patch
  (git-fixes bsc#1225143 CVE-2021-47356).
- Update
  patches.suse/mac80211-fix-use-after-free-in-CCMP-GCMP-RX.patch
  (git-fixes bsc#1225214 CVE-2021-47388).
- Update
  patches.suse/mac80211-hwsim-fix-late-beacon-hrtimer-handling.patch
  (git-fixes bsc#1225327 CVE-2021-47396).
- Update
  patches.suse/mac80211-limit-injected-vht-mcs-nss-in-ieee80211_par.patch
  (git-fixes bsc#1225326 CVE-2021-47395).
- Update
  patches.suse/media-zr364xx-fix-memory-leak-in-zr364xx_start_readp.patch
  (git-fixes bsc#1224922 CVE-2021-47344).
- Update
  patches.suse/misc-alcor_pci-fix-null-ptr-deref-when-there-is-no-P.patch
  (git-fixes bsc#1225113 CVE-2021-47333).
- Update
  patches.suse/misc-libmasm-module-Fix-two-use-after-free-in-ibmasm.patch
  (git-fixes bsc#1225112 CVE-2021-47334).
- Update
  patches.suse/mlxsw-thermal-Fix-out-of-bounds-memory-accesses.patch
  (git-fixes bsc#1225224 CVE-2021-47441).
- Update patches.suse/net-batman-adv-fix-error-handling.patch
  (git-fixes bsc#1224909 CVE-2021-47482).
- Update
  patches.suse/net-mlx4_en-Fix-an-use-after-free-bug-in-mlx4_en_try.patch
  (git-fixes bsc#1225453 CVE-2021-47541).
- Update
  patches.suse/net-nfc-rawsock.c-fix-a-permission-check-bug.patch
  (git-fixes bsc#1224981 CVE-2021-47285).
- Update
  patches.suse/net-qlogic-qlcnic-Fix-a-NULL-pointer-dereference-in-.patch
  (git-fixes bsc#1225455 CVE-2021-47542).
- Update
  patches.suse/nfp-Fix-memory-leak-in-nfp_cpp_area_cache_add.patch
  (git-fixes bsc#1225427 CVE-2021-47516).
- Update
  patches.suse/nfs-fix-acl-memory-leak-of-posix_acl_create.patch
  (git-fixes bsc#1225058 CVE-2021-47320).
- Update
  patches.suse/ocfs2-fix-data-corruption-after-conversion-from-inli.patch
  (bsc#1190795 bsc#1225251 CVE-2021-47460).
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
  bsc#1225336 CVE-2021-47416).
- Update
  patches.suse/powerpc-mm-Fix-lockup-on-kernel-exec-fault.patch
  (bsc#1156395 bsc#1225181 CVE-2021-47350).
- Update
  patches.suse/regmap-Fix-possible-double-free-in-regcache_rbtree_e.patch
  (git-fixes bsc#1224907 CVE-2021-47483).
- Update
  patches.suse/rxrpc-Fix-rxrpc_local-leak-in-rxrpc_lookup_peer.patch
  (bsc#1154353 bnc#1151927 5.3.9 bsc#1225448 CVE-2021-47538).
- Update
  patches.suse/s390-qeth-fix-NULL-deref-in-qeth_clear_working_pool_list
  (git-fixes bsc#1225164 CVE-2021-47369).
- Update
  patches.suse/s390-qeth-fix-deadlock-during-failing-recovery
  (git-fixes bsc#1225207 CVE-2021-47382).
- Update
  patches.suse/scsi-libfc-Fix-array-index-out-of-bound-exception.patch
  (bsc#1188616 bsc#1224963 CVE-2021-47308).
- Update
  patches.suse/scsi-mpt3sas-Fix-kernel-panic-during-drive-powercycle-test
  (git-fixes bsc#1225384 CVE-2021-47565).
- Update
  patches.suse/scsi-qla2xxx-Fix-a-memory-leak-in-an-error-path-of-qla2x00_process_els
  (git-fixes bsc#1225192 CVE-2021-47473).
- Update
  patches.suse/serial-core-fix-transmit-buffer-reset-and-memleak.patch
  (git-fixes bsc#1194288 CVE-2021-47527).
- Update
  patches.suse/tracing-Correct-the-length-check-which-causes-memory-corruption.patch
  (git-fixes bsc#1224990 CVE-2021-47274).
- Update
  patches.suse/tty-n_gsm-require-CAP_NET_ADMIN-to-attach-N_GSM0710-.patch
  (bsc#1222619 CVE-2023-52880).
- Update
  patches.suse/tty-serial-8250-serial_cs-Fix-a-memory-leak-in-error.patch
  (git-fixes bsc#1225084 CVE-2021-47330).
- Update
  patches.suse/usb-dwc3-ep0-fix-NULL-pointer-exception.patch
  (git-fixes bsc#1224996 CVE-2021-47269).
- Update
  patches.suse/usb-fix-various-gadget-panics-on-10gbps-cabling.patch
  (git-fixes bsc#1224993 CVE-2021-47267).
- Update
  patches.suse/usb-fix-various-gadgets-null-ptr-deref-on-10gbps-cab.patch
  (git-fixes bsc#1224997 CVE-2021-47270).
- Update patches.suse/usb-musb-dsps-Fix-the-probe-error-path.patch
  (git-fixes bsc#1225244 CVE-2021-47436).
- Update patches.suse/usbnet-sanity-check-for-maxpacket.patch
  (git-fixes bsc#1225351 CVE-2021-47495).
- Update
  patches.suse/watchdog-Fix-possible-use-after-free-by-calling-del_.patch
  (git-fixes bsc#1225060 CVE-2021-47321).
- Update
  patches.suse/watchdog-Fix-possible-use-after-free-in-wdt_startup.patch
  (git-fixes bsc#1225030 CVE-2021-47324).
- Update
  patches.suse/watchdog-sc520_wdt-Fix-possible-use-after-free-in-wd.patch
  (git-fixes bsc#1225026 CVE-2021-47323).
- Update
  patches.suse/wl1251-Fix-possible-buffer-overflow-in-wl1251_cmd_sc.patch
  (git-fixes bsc#1225177 CVE-2021-47347).
- Update
  patches.suse/xhci-Fix-command-ring-pointer-corruption-while-abort.patch
  (git-fixes bsc#1225232 CVE-2021-47434).
- commit 37dba5a

- net/smc: kABI workarounds for struct smc_link (CVE-2022-48673
  bsc#1223934).
- net/smc: Fix possible access to freed memory in link clear
  (CVE-2022-48673 bsc#1223934).
- commit 0f509bf

- soc: qcom: llcc: Handle a second device without data corruption (bsc#1225534 CVE-2023-52871)
- commit f6adad8

- x86/xen: Drop USERGS_SYSRET64 paravirt call (git-fixes).
- Refresh
  patches.suse/x86-entry_64-Add-VERW-just-before-userspace-transition.patch.
- Refresh
  patches.suse/x86-xen-add-xenpv_restore_regs_and_return_to_usermode.patch.
- commit fa16bf8

- cifs: fix underflow in parse_server_interfaces() (bsc#1223084,
  CVE-2024-26828).
- commit 8a48c12

- nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells
  (bsc#1225355 CVE-2021-47497).
- commit 33cab00

- Refresh
  patches.suse/firmware-raspberrypi-introduce-vl805-init-routine.patch.
- Refresh
  patches.suse/pci-brcmstb-wait-for-raspberry-pi-s-firmware-when-present.patch.
- Refresh
  patches.suse/usb-pci-quirks-add-raspberry-pi-4-quirk.patch.
- Rename to
  patches.suse/soc-bcm2835-add-notify-xhci-reset-property.patch.
  Add upstream references, sync with upstream and move to the sorted
  section.
  3 of these patches were later reverted, but only because they were
  replaced by a different implementation, not because they were wrong.
  Add the reverts to blacklist.conf.
- commit ebed050

- iio: mma8452: Fix trigger reference couting (bsc#1225360
  CVE-2021-47500).
- commit 8ee9c73

- efi/capsule-loader: fix incorrect allocation size (bsc#1224438
  CVE-2024-27413).
- commit 66f7463

- tty: Fix out-of-bound vmalloc access in imageblit
  (CVE-2021-47383 bsc#1225208).
- commit aa2473d

- ALSA: pcm: oss: Fix negative period/buffer sizes (CVE-2021-47511
  bsc#1225411).
- commit 094796a

- Update tags in
  patches.suse/ext4-Fix-check-for-block-being-out-of-directory-size.patch.
  And move to the sorted section of series.conf.
- commit dc0df73

- Refresh patches.suse/x86-cpu-amd-add-a-zenbleed-fix.patch.
- Refresh
  patches.suse/x86-cpu-amd-move-the-errata-checking-functionality-up.patch.
  Move 2 upstream arch-specific patches to the sorted section.
- commit d5f36cd

- Input: synaptics-rmi4 - fix use after free in
  rmi_unregister_function() (CVE-2023-52840 bsc#1224928).
- commit 3a1b2ed

- IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() (CVE-2021-47485 bsc#1224904)
- commit 7e99b42

- af_unix: annote lockless accesses to unix_tot_inflight &
  gc_in_progress (bsc#1223384).
- Refresh
  patches.suse/io_uring-af_unix-defer-registered-files-gc-to-io_uri.patch.
- commit 03fbb54

- IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (CVE-2021-47485 bsc#1224904)
- commit c9482fe

- IB/mlx5: Fix initializing CQ fragments buffer (bsc#1224954 CVE-2021-47261)
- commit 77cbada

- Move powerpc patches to their specific section
  They are apparently not going upstream.
- commit eea93a0

- Move upstream patches to the sorted section
- commit 757eb5a

- Update
  patches.suse/bpf-sockmap-Prevent-lock-inversion-deadlock-in-map-d.patch
  (bsc#1209657 CVE-2023-0160 CVE-2024-35895 bsc#1224511).
- Update
  patches.suse/nfsd-Fix-error-cleanup-path-in-nfsd_rename.patch
  (bsc#1221044 CVE-2023-52591 CVE-2024-35914 bsc#1224482).
- Update
  patches.suse/wifi-brcmfmac-Fix-use-after-free-bug-in-brcmf_cfg802.patch
  (CVE-2023-47233 bsc#1216702 CVE-2024-35811 bsc#1224592).
- commit e0bcd81

- Update
  patches.suse/KVM-PPC-Fix-kvm_arch_vcpu_ioctl-vcpu_load-leak.patch
  (bsc#1156395 CVE-2021-47296 bsc#1224891).
- Update
  patches.suse/NFS-Fix-a-potential-NULL-dereference-in-nfs_get_clie.patch
  (git-fixes CVE-2021-47260 bsc#1224834).
- Update
  patches.suse/PCI-aardvark-Fix-kernel-panic-during-PIO-transfer.patch
  (git-fixes CVE-2021-47229 bsc#1224854).
- Update
  patches.suse/batman-adv-Avoid-WARN_ON-timing-related-checks.patch
  (git-fixes CVE-2021-47252 bsc#1224882).
- Update
  patches.suse/can-mcba_usb-fix-memory-leak-in-mcba_usb.patch
  (git-fixes CVE-2021-47231 bsc#1224849).
- Update
  patches.suse/kvm-lapic-restore-guard-to-prevent-illegal-apic-regi.patch
  (bsc#1188772 CVE-2021-47255 bsc#1224832).
- Update
  patches.suse/media-ngene-Fix-out-of-bounds-bug-in-ngene_command_c.patch
  (git-fixes CVE-2021-47288 bsc#1224889).
- Update
  patches.suse/memory-fsl_ifc-fix-leak-of-IO-mapping-on-probe-failu.patch
  (git-fixes CVE-2021-47315 bsc#1224892).
- Update
  patches.suse/memory-fsl_ifc-fix-leak-of-private-memory-on-probe-f.patch
  (git-fixes CVE-2021-47314 bsc#1224893).
- Update patches.suse/net-cdc_eem-fix-tx-fixup-skb-leak.patch
  (git-fixes CVE-2021-47236 bsc#1224841).
- Update
  patches.suse/net-mlx5e-Fix-page-reclaim-for-dead-peer-hairpin.patch
  (git-fixes CVE-2021-47246 bsc#1224831).
- Update
  patches.suse/net-qrtr-fix-OOB-Read-in-qrtr_endpoint_post.patch
  (CVE-2021-3743 bsc#1189883 CVE-2021-47240 bsc#1224843).
- Update
  patches.suse/net-usb-fix-possible-use-after-free-in-smsc75xx_bind.patch
  (git-fixes CVE-2021-47239 bsc#1224846).
- Update
  patches.suse/usb-dwc3-core-fix-kernel-panic-when-do-reboot.patch
  (git-fixes CVE-2021-47220 bsc#1224859).
- commit 5376688

- gfs2: Fix use-after-free in gfs2_glock_shrink_scan (bsc#1224888
  CVE-2021-47254).
- commit bf82ce3

- btrfs: do not start relocation until in progress drops are  done
  (bsc#1222251).
- commit a41ddb4

- btrfs: do not start relocation until in progress drops are  done
  (bsc#1222251).
- commit 0f3d5ec

- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
  (bsc#1224174 CVE-2024-27398).
- commit 2d99726

- af_unix: Fix garbage collector racing against connect()
  (CVE-2024-26923 bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- commit 9a2eeaf

- blacklist.conf: Fix for code not present (CVE-2024-26929)
- commit 3d9e5d9

- Refresh
  patches.suse/NFS-don-t-store-struct-cred-in-struct-nfs_access_ent.patch.
- Refresh
  patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch.
- Refresh
  patches.suse/rpadlpar_io-Add-MODULE_DESCRIPTION-entries-to-kernel.patch.
  Adjust headers to minimize merge conflicts.
- commit 0300a69

- Refresh
  patches.suse/ext4-Avoid-trim-error-on-fs-with-small-groups.patch.
  Swap headers to avoid a conflict when merging into consumer branches.
- commit 1510229

- Refresh
  patches.suse/wifi-brcmfmac-Fix-use-after-free-bug-in-brcmf_cfg802.patch.
  Update Patch-mainline tag and move to sorted section.
- commit 81abd64

- Refresh patches.suse/Bluetooth-L2CAP-Fix-u8-overflow.patch.
  Add upstream commit ID and move to sorted section.
- commit 5c72346

- Refresh
  patches.suse/wifi-brcmfmac-Fix-potential-buffer-overflow-in-brcmf.patch.
  Update Patch-mainline tag and move to sorted section.
- commit 684103a

- Refresh
  patches.suse/misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch.
  Update Patch-mainline tag and move to sorted section.
- commit a75fb60

- Refresh
  patches.suse/char-pcmcia-synclink_cs-Fix-use-after-free-in-mgslpc.patch.
  Driver was deleted upstream so this fix will stay out-of-tree
  forever. Move to the appropriate section.
- commit bce6652

- Refresh
  patches.suse/media-dvb-core-Fix-UAF-due-to-refcount-races-at-rele.patch.
  Add upstream commit ID and move to sorted section.
- commit 39ecedd

- Refresh
  patches.suse/netfilter-nf_conntrack_irc-Tighten-matching-on-DCC-m.patch.
  Add upstream commit ID and move to sorted section.
- commit 6754ecb

- Refresh
  patches.suse/ext4-Avoid-trim-error-on-fs-with-small-groups.patch.
  Add upstream commit ID and move to sorted section.
- commit 92fa4c5

- Refresh
  patches.suse/SUNRPC-auth-async-tasks-mustn-t-block-waiting-for-me.patch.
- Refresh
  patches.suse/SUNRPC-call_alloc-async-tasks-mustn-t-block-waiting-.patch.
- Refresh
  patches.suse/SUNRPC-improve-swap-handling-scheduling-and-PF_MEMAL.patch.
- Refresh
  patches.suse/SUNRPC-remove-scheduling-boost-for-SWAPPER-tasks.patch.
- Refresh
  patches.suse/SUNRPC-xprt-async-tasks-mustn-t-block-waiting-for-me.patch.
  Add upstream commit IDs and move to sorted section.
- commit 245a308

- Refresh
  patches.suse/NFS-change-nfs_access_get_cached-to-only-report-the-.patch.
- Refresh
  patches.suse/NFS-don-t-store-struct-cred-in-struct-nfs_access_ent.patch.
- Refresh
  patches.suse/NFS-pass-cred-explicitly-for-access-tests.patch.
  Add upstream commit IDs and move to sorted section.
- commit 8f85449

- Refresh
  patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch.
  Add upstream commit ID and move to sorted section.
- commit 0e0054f

- NFC: nxp: add NXP1002 (bsc#1185589).
  Add upstream commit ID and subject, and move to sorted section.
- commit 01c3222

- series.conf: Move block-genhd-use-atomic_t-for-disk_event-block.patch
  Patch was never accepted upstream and was dropped from later products
  as it had problematic side effects. Move it to the appropriate
  out-of-tree section.
- commit 9199401

- PCI: rpaphp: Add MODULE_DESCRIPTION (bsc#1176869 ltc#188243).
  Add upstream commit ID and subject, and move to sorted section.
- commit 4630de9

- Refresh
  patches.suse/drivers-base-memory.c-cache-blocks-in-radix-tree-to-.patch.
  Document why this commit will never go upstream and move it to its
  specific section.
- commit f30bed3

- Refresh
  patches.suse/x86-boot-Ignore-relocations-in-.notes-sections-in-walk_rel.patch.
  Move to sorted section.
- commit 9bdf9d5

- blacklist.conf: add fix for code not present (CVE-2024-26930)
- commit 19f6175

- Update
  patches.suse/netfilter-nf_tables-mark-set-as-dead-when-unbinding-.patch
  (git-fixes CVE-2024-26643 bsc#1221829).
- Update
  patches.suse/netfilter-nf_tables-release-mutex-after-nft_gc_seq_e.patch
  (git-fixes CVE-2024-26925 bsc#1223390).
- Update
  patches.suse/netfilter-nft_set_rbtree-skip-end-interval-element-f.patch
  (git-fixes CVE-2024-26581 bsc#1220144).
- commit 5b5ef95

- Update
  patches.suse/io_uring-af_unix-disable-sending-io_uring-over-socke.patch
  (bsc#1220754 CVE-2023-6531 CVE-2023-52654 bsc#1224099).
- Update
  patches.suse/netfilter-nf_tables-fix-memleak-when-more-than-255-e.patch
  (git-fixes CVE-2023-52581 bsc#1220877).
- Update
  patches.suse/netfilter-nft_set_rbtree-skip-sync-GC-for-new-elemen.patch
  (git-fixes CVE-2023-52433 bsc#1220137).
- commit ab7595e

- blacklist.conf: Add 9474c62ab65f net/sched: Add module alias for sch_fq_pie
- commit 0f0d88e

- usb: aqc111: check packet for fixup for true limit (bsc#1217169
  CVE-2023-52655).
- commit 1678228

- Update
  patches.suse/drm-radeon-add-a-force-flush-to-delay-work-when-rade.patch
  (git-fixes CVE-2022-48704 bsc#1223932).
- commit d602686

- netfilter: nf_tables: release mutex after nft_gc_seq_end from
  abort path (git-fixes).
- commit 453d60a

- netfilter: nf_tables: mark set as dead when unbinding anonymous
  set with timeout (git-fixes).
- commit a3b6f2c

- netfilter: nft_set_rbtree: skip end interval element from gc
  (git-fixes).
- commit f941d80

- netfilter: nf_tables: skip dead set elements in netlink dump
  (git-fixes).
- commit 11672cf

- netfilter: nf_tables: mark newset as dead on transaction abort
  (git-fixes).
- commit deeefa0

- blacklist.conf: update blacklist
- commit d111502

- blacklist.conf: update blacklist
- commit c053707

- netfilter: nf_tables: nft_set_rbtree: fix spurious insertion
  failure (git-fixes).
- commit 787a388

- Refresh patches.kabi/netfilter-preserve-nf_tables-kabi.patch.
- commit f69dce7

- netfilter: nf_tables: fix memleak when more than 255 elements
  expired (git-fixes).
- commit 55db444

- blacklist.conf: update blacklist
- commit 3075338

- netfilter: nft_set_hash: try later when GC hits EAGAIN on
  iteration (git-fixes).
- commit bc13e9b

- netfilter: nft_set_rbtree: use read spinlock to avoid datapath
  contention (git-fixes).
- commit 9ed8e71

- netfilter: nft_set_rbtree: skip sync GC for new elements in
  this transaction (git-fixes).
- commit 0d564a0

- netfilter: nf_tables: defer gc run if previous batch is still
  pending (git-fixes).
- commit 1cb21d0

- netfilter: nf_tables: use correct lock to protect gc_list
  (git-fixes).
- commit f315c4c

- netfilter: nf_tables: GC transaction race with abort path
  (git-fixes).
- commit ce0642f

- netfilter: nf_tables: GC transaction race with netns dismantle
  (git-fixes).
- commit d9e442c

- blacklist.conf: update blacklist
- commit 51055c8

- netfilter: nf_tables: fix GC transaction races with netns and
  netlink event exit path (git-fixes).
- commit eacca32

- netfilter: nf_tables: fix kdoc warnings after gc rework
  (git-fixes).
- commit f86c22d

- Update
  patches.suse/scsi-mpt3sas-Fix-use-after-free-warning.patch
  (git-fixes CVE-2022-48695 bsc#1223941).
- commit 033821b

- Update
  patches.suse/ALSA-emu10k1-Fix-out-of-bounds-access-in-snd_emu10k1.patch
  (git-fixes CVE-2022-48702 bsc#1223923).
- commit c521d4a

- Update
  patches.suse/of-fdt-fix-off-by-one-error-in-unflatten_dt_nodes.patch
  (git-fixes CVE-2022-48672 bsc#1223931).
- commit e3fefd5

- cachefiles: fix memory leak in cachefiles_add_cache()
  (bsc#1222976 CVE-2024-26840).
- commit aa1fa99

- netfilter: nf_tables: adapt set backend to use GC transaction
  API (bsc#1215420 CVE-2023-4244).
- commit 2a5fb01

- btrfs: abort in rename_exchange if we fail to insert the second ref (CVE-2021-47113 bsc#1221543)
  Refresh patches.suse/btrfs-prevent-rename2-from-exchanging-a-subvol-with-a-directory-from-different-parents.patch
- commit cc57e15

- Update
  patches.suse/net-sched-act_mirred-don-t-override-retval-if-we-alr.patch
  references (CVE-2024-26739 bsc#1222559, drop incorrect references).
- commit 8b3f599

- net/tls: Remove the context from the list in tls_device_down
  (bsc#1221545).
- commit aca4b2e

- blacklist.conf: add 94ce3b64c62d
  Blacklist commit 94ce3b64c62d ("net/tls: Use RCU API to access
  tls_ctx->netdev"). This is a follow-up to c55dcdd435aa which addresses an
  issue which is rather theoretical and the backport would be quite
  intrusive.
- commit 64bbcaf

- tls: Fix context leak on tls_device_down (bsc#1221545).
- commit 23bab3f

- Update
  patches.suse/nvme-tcp-fix-uaf-when-detecting-digest-errors.patch
  (bsc#1200313 bsc#1201489 CVE-2022-48686 bsc#1223948).
- commit 5e5f9fe

- Update
  patches.suse/ALSA-usb-audio-Fix-an-out-of-bounds-bug-in-__snd_usb.patch
  (git-fixes CVE-2022-48701 bsc#1223921).
- commit 5de225e

- Update
  patches.suse/soc-brcmstb-pm-arm-Fix-refcount-leak-and-__iomem-lea.patch
  (git-fixes CVE-2022-48693 bsc#1223963).
- commit 0e4cd62

- kabi: hide new member of struct tls_context (CVE-2021-47131
  bsc#1221545).
- net/tls: Fix use-after-free after the TLS device goes down
  and up (CVE-2021-47131 bsc#1221545).
- commit c19ff47

- Update
  patches.suse/ipv6-sr-fix-out-of-bounds-read-when-setting-HMAC-dat.patch
  (bsc#1211592 CVE-2023-2860 CVE-2022-48687 bsc#1223952).
- commit 94a1c44

- net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
  (CVE-2024-26852 bsc#1223057).
- commit f51e744

- openvswitch: fix stack OOB read while fragmenting IPv4 packets
  (CVE-2021-46955 bsc#1220513).
- commit 37faff4

- packet: annotate data-races around ignore_outgoing
  (CVE-2024-26862 bsc#1223111).
- commit 9b14c5d

- sctp: fix potential deadlock on &net->sctp.addr_wq_lock
  (CVE-2024-0639 bsc#1218917).
- commit c0f421c

- netfilter: preserve nf_tables kabi (bsc#1215420 CVE-2023-424).
- commit e6ab556

- media: edia: dvbdev: fix a use-after-free (CVE-2024-27043
  bsc#1223824).
- commit 1c01fe0

- ext4: fix bug in extents parsing when eh_entries == 0 and
  eh_depth >  0 (bsc#1223475 CVE-2022-48631).
- commit 911e181

- md/raid5: fix atomicity violation in raid5_cache_count
  (bsc#1219169, CVE-2024-23307).
- commit b804891

- Update
  patches.suse/cgroup-cgroup_get_from_id-must-check-the-looked-up-kn-is-a-directory.patch
  (bsc#1203906 CVE-2022-48638 bsc#1223522).
- commit 3bd7c2d

- netfilter: nf_tables: GC transaction API to avoid race with
  control plane (bsc#1215420 CVE-2023-4244).
- commit 361e5a0

- netfilter: nf_tables: don't skip expired elements during walk
  (bsc#1215420 CVE-2023-4244).
- commit 47ee234

- Update
  patches.suse/scsi-qla2xxx-Fix-memory-leak-in-__qlt_24xx_handle_ab.patch
  (bsc#1203935 CVE-2022-48650 bsc#1223509).
- commit c5c2590

- Update
  patches.suse/netfilter-nfnetlink_osf-fix-possible-bogus-match-in-.patch
  (bsc#1204614 CVE-2022-48654 bsc#1223482).
- commit 1221e0a

- netfilter: nft_set_rbtree: fix overlap expiration walk
  (git-fixes).
- commit 90d7112

- netfilter: nft_set_rbtree: fix null deref on element insertion
  (git-fixes).
- commit f25e27c

- netfilter: nft_set_rbtree: skip elements in transaction from
  garbage collection (git-fixes).
- commit 845bbc6

- netfilter: nft_set_rbtree: Switch to node list walk for overlap
  detection (git-fixes).
- commit bd48625

- netfilter: nft_set_rbtree: overlap detection with element
  re-addition after deletion (git-fixes).
- commit d362ed4

- netfilter: nft_set_rbtree: Detect partial overlap with start
  endpoint match (git-fixes).
- commit 4970ce9

- netfilter: nft_set_rbtree: Handle outcomes of tree rotations
  in overlap detection (git-fixes).
- commit bc0387c

- netfilter: nft_set_rbtree: Don't account for expired elements
  on insertion (git-fixes).
- commit c90c848

- netfilter: nft_set_rbtree: Add missing expired checks
  (git-fixes).
- commit 0d65e63

- netfilter: nft_set_rbtree: Drop spurious condition for overlap
  detection on insertion (git-fixes).
- commit a64c352

- netfilter: nft_set_rbtree: Detect partial overlaps on insertion
  (git-fixes).
- commit 39167a3

- netfilter: nft_set_rbtree: Introduce and use
  nft_rbtree_interval_start() (git-fixes).
- commit 9b991e8

- netfilter: nft_set_rbtree: bogus lookup/get on consecutive
  elements in named sets (git-fixes).
- commit 1a2cbfc

- ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
  (bsc#1223513 CVE-2022-48651).
- commit 0325bf2

- x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (bsc#1223202 CVE-2024-26906).
- commit 4dcafb9

- x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h (bsc#1223202 CVE-2024-26906).
- commit 4e61cac

- x86/boot: Ignore relocations in .notes sections in walk_relocs() too (bsc#1222624 CVE-2024-26816).
- commit 8d2e301

- x86, relocs: Ignore relocations in .notes section (bsc#1222624 CVE-2024-26816).
- commit b1ed209

- Update
  patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch
  (bsc#1219264 CVE-2024-0841 CVE-2024-26688 bsc#1222482).
- Update
  patches.suse/Bluetooth-rfcomm-Fix-null-ptr-deref-in-rfcomm_check_.patch
  (bsc#1219170 CVE-2024-22099 CVE-2024-26903 bsc#1223187).
- Update
  patches.suse/net-sched-act_mirred-don-t-override-retval-if-we-alr.patch
  (CVE-2024-26733 bsc#1222585 CVE-2024-26739 bsc#1222559).
- commit edcb3fa

- Update
  patches.suse/ALSA-gus-fix-null-pointer-dereference-on-pointer-blo.patch
  (git-fixes CVE-2021-47207 bsc#1222790).
- Update
  patches.suse/cfg80211-call-cfg80211_stop_ap-when-switch-from-P2P_.patch
  (git-fixes CVE-2021-47194 bsc#1222829).
- Update
  patches.suse/i40e-Fix-NULL-ptr-dereference-on-VSI-filter-sync.patch
  (git-fixes CVE-2021-47184 bsc#1222666).
- Update
  patches.suse/iavf-free-q_vectors-before-queues-in-iavf_disable_vf.patch
  (git-fixes CVE-2021-47201 bsc#1222792).
- Update
  patches.suse/net-mlx5-Update-error-handler-for-UCTX-and-UMEM.patch
  (git-fixes CVE-2021-47212 bsc#1222709).
- Update
  patches.suse/scsi-lpfc-Fix-list_add-corruption-in-lpfc_drain_txq.patch
  (bsc#1190576 CVE-2021-47203 bsc#1222881).
- Update
  patches.suse/scsi-lpfc-Fix-use-after-free-in-lpfc_unreg_rpi-routi.patch
  (bsc#1192145 CVE-2021-47198 bsc#1222883).
- Update
  patches.suse/tty-tty_buffer-Fix-the-softlockup-issue-in-flush_to_.patch
  (git-fixes CVE-2021-47185 bsc#1222669).
- Update
  patches.suse/usb-host-ohci-tmio-check-return-value-after-calling-.patch
  (git-fixes CVE-2021-47206 bsc#1222894).
- commit 8d3f18a

- Update
  patches.suse/aoe-fix-the-potential-use-after-free-problem-in-aoec.patch
  (bsc#1218562 CVE-2023-6270 CVE-2024-26898 bsc#1223016).
- commit 8d6a724

- Update patches.suse/scsi-advansys-Fix-kernel-pointer-leak.patch
  (git-fixes CVE-2021-47216 bsc#1222876).
- commit 1856476

- wifi: iwlwifi: fix a memory corruption (CVE-2024-26610
  bsc#1221299).
- commit cceba2c

- Update patches.suse/arp-Prevent-overflow-in-arp_req_get.patch
- fix build warning
- commit d969104

- ceph: prevent use-after-free in encode_cap_msg() (CVE-2024-26689
  bsc#1222503).
- commit c431df1

- Update patches.suse/thermal-Fix-NULL-pointer-dereferences-in-of_thermal_.patch (git-fixes CVE-2021-47202 bsc#1222878)
- commit 94c254a

- nvme-tcp: can't set sk_user_data without write_lock
  (CVE-2021-47041 bsc#1220755).
- commit c3bc01a

- nvme-loop: fix memory leak in nvme_loop_create_ctrl()
  (CVE-2021-47074 bsc#1220854).
- nvme-loop: don't put ctrl on nvme_init_ctrl error
  (CVE-2021-47074 bsc#1220854).
- commit 8101361

- nvmet-tcp: fix incorrect locking in state_change sk callback
  (CVE-2021-47041 bsc#1220755).
- commit ee0c72d

- RDMA/srpt: Support specifying the srpt_service_guid parameter (bsc#1222449 CVE-2024-26744)
- commit 12241af

- Refresh
  patches.suse/bpf-sockmap-Prevent-lock-inversion-deadlock-in-map-d.patch.
- commit ea3cbb2

- Update patches.suse/bpf-Fix-integer-overflow-involving-bucket_size.patch
  Fix CVE refence format.
- commit 86e8797

- Update
  patches.suse/btrfs-fix-memory-ordering-between-normal-and-ordered-work-functions.patch
  (git-fixes CVE-2021-47189 bsc#1222706).
- commit ed3e4bc

- Update
  patches.suse/tty-tty_buffer-Fix-the-softlockup-issue-in-flush_to_.patch
  (git-fixes CVE-2021-47185).
- commit 972d0f6

- Update
  patches.suse/scsi-lpfc-Fix-link-down-processing-to-address-NULL-p.patch
  (bsc#1192145 CVE-2021-47183 bsc#1222664).
- commit add99e0

- Update
  patches.suse/usb-musb-tusb6010-check-return-value-after-calling-p.patch
  (git-fixes CVE-2021-47181 bsc#1222660).
- commit 87eb148

- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
  (bsc#1222619).
- commit 7db5139

- arp: Prevent overflow in arp_req_get() (CVE-2024-26733
  bsc#1222585).
- commit 0a4c958

- net/sched: act_mirred: don't override retval if we already
  lost the skb (CVE-2024-26733 bsc#1222585).
- commit cc1339b

- ext4: fix double-free of blocks due to wrong extents moved_len
  (bsc#1222422 CVE-2024-26704).
- commit d1a6e8f

- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
  (bsc#1219264).
- commit bc51f7b

- nfsd: Fix error cleanup path in nfsd_rename() (bsc#1221044
  CVE-2023-52591).
- commit 24c2d2e

- Update
  patches.suse/nvme-fc-Prevent-null-pointer-dereference-in-nvme_fc_.patch
  (bsc#1214842 CVE-2023-52508 bsc#1221015).
- Update
  patches.suse/x86-srso-fix-sbpb-enablement-for-spec_rstack_overflow-off.patch
  (git-fixes CVE-2023-52575 bsc#1220871).
- commit 61a8300

- Update
  patches.suse/Bluetooth-avoid-deadlock-between-hci_dev-lock-and-so.patch
  (git-fixes CVE-2021-47038 bsc#1220753).
- Update
  patches.suse/Input-elantech-fix-stack-out-of-bound-access-in-elan.patch
  (git-fixes CVE-2021-47097 bsc#1220982).
- Update
  patches.suse/KEYS-trusted-Fix-TPM-reservation-for-seal-unseal.patch
  (git-fixes CVE-2021-46922 bsc#1220475).
- Update
  patches.suse/KEYS-trusted-Fix-memory-leak-on-object-td.patch
  (git-fixes CVE-2021-47009 bsc#1220733).
- Update
  patches.suse/RDMA-rtrs-clt-destroy-sysfs-after-removing-session-f.patch
  (jsc#SLE-15176 CVE-2021-47026 bsc#1220685).
- Update
  patches.suse/asix-fix-uninit-value-in-asix_mdio_read.patch
  (git-fixes CVE-2021-47101 bsc#1220987).
- Update
  patches.suse/ath10k-Fix-a-use-after-free-in-ath10k_htc_send_bundl.patch
  (git-fixes CVE-2021-47017 bsc#1220678).
- Update patches.suse/ch_ktls-Fix-kernel-panic.patch
  (jsc#SLE-15131 CVE-2021-46911 bsc#1220400).
- Update
  patches.suse/dmaengine-idxd-Fix-clobbering-of-SWERR-overflow-bit-.patch
  (git-fixes CVE-2021-46920 bsc#1220426).
- Update
  patches.suse/dmaengine-idxd-Fix-potential-null-dereference-on-poi.patch
  (git-fixes CVE-2021-47003 bsc#1220677).
- Update
  patches.suse/dmaengine-idxd-clear-MSIX-permission-entry-on-shutdo.patch
  (git-fixes CVE-2021-46918 bsc#1220429).
- Update
  patches.suse/dmaengine-idxd-fix-wq-cleanup-of-WQCFG-registers.patch
  (git-fixes CVE-2021-46917 bsc#1220432).
- Update
  patches.suse/dmaengine-idxd-fix-wq-size-store-permission-state.patch
  (git-fixes CVE-2021-46919 bsc#1220414).
- Update
  patches.suse/drm-amd-display-Fix-off-by-one-in-hdmi_14_process_tr.patch
  (git-fixes CVE-2021-47046 bsc#1220758).
- Update patches.suse/drm-i915-Fix-crash-in-auto_retire.patch
  (git-fixes CVE-2021-46976 bsc#1220621).
- Update
  patches.suse/iommu-vt-d-remove-wo-permissions-on-second-level-paging-entries
  (bsc#1187346 CVE-2021-47035 bsc#1220688).
- Update
  patches.suse/ipmi-Fix-UAF-when-uninstall-ipmi_si-and-ipmi_msghand.patch
  (git-fixes CVE-2021-47100 bsc#1220985).
- Update
  patches.suse/ipmi-ssif-initialize-ssif_info-client-early.patch
  (git-fixes CVE-2021-47095 bsc#1220979).
- Update
  patches.suse/ixgbe-fix-unbalanced-device-enable-disable-in-suspen.patch
  (jsc#SLE-13706 CVE-2021-46914 bsc#1220465).
- Update patches.suse/net-dsa-mt7530-fix-VLAN-traffic-leaks.patch
  (git-fixes CVE-2021-47160 bsc#1221974).
- Update
  patches.suse/net-fec-fix-the-potential-memory-leak-in-fec_enet_in.patch
  (git-fixes CVE-2021-47150 bsc#1221973).
- Update
  patches.suse/net-lantiq-fix-memory-corruption-in-RX-ring.patch
  (git-fixes CVE-2021-47137 bsc#1221932).
- Update
  patches.suse/net-mlx5e-Fix-null-deref-accessing-lag-dev.patch
  (jsc#SLE-15172 CVE-2021-47164 bsc#1221978).
- Update
  patches.suse/net-mlx5e-Wrap-the-tx-reporter-dump-callback-to-extr.patch
  (jsc#SLE-15172 CVE-2021-46931 bsc#1220486).
- Update
  patches.suse/net-sched-act_ct-fix-wild-memory-access-when-clearin.patch
  (bsc#1176447 CVE-2021-47014 bsc#1220630).
- Update
  patches.suse/net-sched-fq_pie-fix-OOB-access-in-the-traffic-path.patch
  (jsc#SLE-15172 CVE-2021-47175 bsc#1222003).
- Update
  patches.suse/netfilter-nft_set_pipapo_avx2-Add-irq_fpu_usable-che.patch
  (bsc#1176447 CVE-2021-47174 bsc#1221990).
- Update patches.suse/nvmet-fix-freeing-unallocated-p2pmem.patch
  (git-fixes CVE-2021-47130 bsc#1221552).
- Update
  patches.suse/nvmet-rdma-Fix-NULL-deref-when-SEND-is-completed-wit.patch
  (git-fixes CVE-2021-46983 bsc#1220639).
- Update patches.suse/s390-dasd-add-missing-discipline-function
  (bsc#1188130 ltc#193581 CVE-2021-47176 bsc331221996
  bsc#1221996).
- Update
  patches.suse/s390-zcrypt-fix-zcard-and-zqueue-hot-unplug-memleak
  (git-fixes CVE-2021-46968 bsc#1220689).
- Update
  patches.suse/sched-fair-Fix-shift-out-of-bounds-in-load_balance.patch
  (git fixes (sched) CVE-2021-47044 bsc#1220759).
- Update
  patches.suse/spi-Fix-use-after-free-with-devm_spi_alloc_.patch
  (git-fixes CVE-2021-46959 bsc#1220734).
- Update patches.suse/tee-optee-Fix-incorrect-page-free-bug.patch
  (git-fixes CVE-2021-47087 bsc#1220954).
- Update
  patches.suse/usb-gadget-f_fs-Clear-ffs_eventfd-in-ffs_data_clear.patch
  (git-fixes CVE-2021-46933 bsc#1220487).
- Update
  patches.suse/usb-typec-ucsi-Retrieve-all-the-PDOs-instead-of-just.patch
  (git-fixes CVE-2021-46980 bsc#1220663).
- Update
  patches.suse/virtiofs-fix-memory-leak-in-virtio_fs_probe.patch
  (bsc#1185558 CVE-2021-46956 bsc#1220516).
- Update patches.suse/xprtrdma-Fix-cwnd-update-ordering.patch
  (git-fixes CVE-2021-47001 bsc#1220670).
- commit d6fc0df

- Update
  patches.suse/i2c-imx-fix-reference-leak-when-pm_runtime_get_sync-.patch
  (git-fixes CVE-2020-36781 bsc#1220557).
- commit c903cb8

- Update
  patches.suse/netfilter-nftables-exthdr-fix-4-byte-stack-OOB-write.patch
  (CVE-2023-4881 bsc#1215221 CVE-2023-52628 bsc#1222117).
- Update
  patches.suse/scsi-pm80xx-Avoid-leaking-tags-when-processing-OPC_INB_SET_CONTROLLER_CONFIG-command.patch
  (bsc#1220883 CVE-2023-52500).
- commit 81ec1ab

- scsi: pm80xx: Avoid leaking tags when processing
  OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883
  cve-2023-52500).
- commit a52992b

- Fixup NULL ptr dereference due to mistake in backporting in
  patches.suse/ext2-Avoid-reading-renamed-directory-if-parent-does-.patch.
- commit f07130b

- bpf, sockmap: Prevent lock inversion deadlock in map delete elem
  (bsc#1209657 CVE-2023-0160).
- commit 299921b

- blacklist.conf: omit reverted sockmap deadlock fix
- commit 66facc4

- netfilter: nf_tables: disallow anonymous set with timeout flag
  (CVE-2024-26642 bsc#1221830).
- commit ca89796

- netfilter: ctnetlink: fix possible refcount leak in
  ctnetlink_create_conntrack() (CVE-2023-7192 bsc#1218479).
- commit c40a2c4

- README.BRANCH: Remove copy of branch name
- commit 27396e8

- README.BRANCH: Remove copy of branch name
- commit 757f48f

- Update
  patches.suse/net-zero-initialize-tc-skb-extension-on-allocation.patch
  (bsc#1176447 CVE-2021-47136 bsc#1221931).
- commit adea53b

- ipv6: init the accept_queue's spinlocks in inet6_create
  (bsc#1221293 CVE-2024-26614).
- commit 0cf80b2

- tcp: make sure init the accept_queue's spinlocks once
  (bsc#1221293 CVE-2024-26614).
- commit d27abbc

- userfaultfd: release page in error path to avoid BUG_ON
  (CVE-2021-46988 bsc#1220706).
- commit 37b27a1

- powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
  (CVE-2023-52607 bsc#1221061).
- commit 37ce65f

- perf/core: Fix unconditional security_locked_down() call
  (bsc#1220697, CVE-2021-46971).
- commit b2c4fe7

- Update
  patches.suse/cifs-Fix-UAF-in-cifs_demultiplex_thread-.patch
  (bsc#1208995 CVE-2023-1192 CVE-2023-52572 bsc#1220946).
- Update
  patches.suse/nvmet-tcp-Fix-a-kernel-panic-when-host-sends-an-inva.patch
  (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536
  CVE-2023-6356 CVE-2023-52454 bsc#1220320).
- Update
  patches.suse/ocfs2-Avoid-touching-renamed-directory-if-parent-doe.patch
  (bsc#1221044 CVE-2023-52591 CVE-2023-52590 bsc#1221088).
- Update
  patches.suse/ravb-Fix-use-after-free-issue-in-ravb_tx_timeout_wor.patch
  (bsc#1212514 CVE-2023-35827 CVE-2023-52509 bsc#1220836).
- Update
  patches.suse/usb-hub-Guard-against-accesses-to-uninitialized-BOS-.patch
  (git-fixes CVE-2023-52477 bsc#1220790).
- commit 807fa36

- Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch
  (bsc#1194516 CVE-2022-0487 CVE-2022-48626 bsc#1220366).
- commit 32e1ae4

- Update
  patches.suse/0005-dm-rq-fix-double-free-of-blk_mq_tag_set-in-dev-remov.patch
  (git-fixes CVE-2021-46938 bsc#1220554).
- Update
  patches.suse/0005-drm-bridge-panel-Cleanup-connector-on-bridge-detach.patch
  (bsc#1152489 CVE-2021-47063 bsc#1220777).
- Update
  patches.suse/0006-nbd-Fix-NULL-pointer-in-flush_workqueue.patch
  (git-fixes CVE-2021-46981 bsc#1220611).
- Update
  patches.suse/ARM-9064-1-hw_breakpoint-Do-not-directly-check-the-event-s-overflow_handler-hook.patch
  (git-fixes CVE-2021-47006 bsc#1220751).
- Update
  patches.suse/ARM-footbridge-fix-PCI-interrupt-mapping.patch
  (git-fixes CVE-2021-46909 bsc#1220442).
- Update
  patches.suse/HID-magicmouse-fix-NULL-deref-on-disconnect.patch
  (git-fixes CVE-2021-47120 bsc#1221606).
- Update
  patches.suse/KVM-Destroy-I-O-bus-devices-on-unregister-failure-_a.patch
  (bsc#git-fixes CVE-2021-47061 bsc#1220745).
- Update
  patches.suse/NFC-nci-fix-memory-leak-in-nci_allocate_device.patch
  (git-fixes CVE-2021-47180 bsc#1221999).
- Update
  patches.suse/NFS-Don-t-corrupt-the-value-of-pg_bytes_written-in-n.patch
  (git-fixes CVE-2021-47166 bsc#1221998).
- Update
  patches.suse/NFS-Fix-an-Oopsable-condition-in-__nfs_pageio_add_re.patch
  (git-fixes CVE-2021-47167 bsc#1221991).
- Update
  patches.suse/NFS-fix-an-incorrect-limit-in-filelayout_decode_layo.patch
  (git-fixes CVE-2021-47168 bsc#1222002).
- Update
  patches.suse/NFSv4-Fix-a-NULL-pointer-dereference-in-pnfs_mark_ma.patch
  (git-fixes CVE-2021-47179 bsc#1222001).
- Update
  patches.suse/USB-usbfs-Don-t-WARN-about-excessively-large-memory-.patch
  (git-fixes CVE-2021-47170 bsc#1222004).
- Update
  patches.suse/bnxt_en-Fix-RX-consumer-index-logic-in-the-error-pat.patch
  (git-fixes CVE-2021-47015 bsc#1220794).
- Update
  patches.suse/btrfs-fix-race-between-transaction-aborts-and-fsyncs.patch
  (bsc#1186441 CVE-2021-46958 bsc#1220521).
- Update
  patches.suse/ceph-fix-inode-leak-on-getattr-error-in-_fh_to_dentry.patch
  (bsc#1186501 CVE-2021-47000 bsc#1220669).
- Update
  patches.suse/cifs-Return-correct-error-code-from-smb2_get_enc_key.patch
  (git-fixes CVE-2021-46960 bsc#1220528).
- Update
  patches.suse/crypto-qat-ADF_STATUS_PF_RUNNING-should-be-set-after.patch
  (git-fixes CVE-2021-47056 bsc#1220769).
- Update
  patches.suse/cxgb4-avoid-accessing-registers-when-clearing-filter.patch
  (git-fixes CVE-2021-47138 bsc#1221934).
- Update patches.suse/drm-amd-amdgpu-fix-refcount-leak.patch
  (git-fixes CVE-2021-47144 bsc#1221989).
- Update patches.suse/drm-amdgpu-Fix-a-use-after-free.patch
  (git-fixes CVE-2021-47142 bsc#1221952).
- Update
  patches.suse/drm-meson-fix-shutdown-crash-when-component-not-prob.patch
  (git-fixes CVE-2021-47165 bsc#1221965).
- Update
  patches.suse/ethernet-enic-Fix-a-use-after-free-bug-in-enic_hard_.patch
  (git-fixes CVE-2021-46998 bsc#1220625).
- Update
  patches.suse/ext4-fix-bug-on-in-ext4_es_cache_extent-as-ext4_spli.patch
  (bsc#1187408 CVE-2021-47117 bsc#1221575).
- Update
  patches.suse/ext4-fix-memory-leak-in-ext4_fill_super.patch
  (bsc#1187409 CVE-2021-47119 bsc#1221608).
- Update
  patches.suse/gve-Add-NULL-pointer-checks-when-freeing-irqs.patch
  (git-fixes CVE-2021-47141 bsc#1221949).
- Update
  patches.suse/i2c-i801-Don-t-generate-an-interrupt-on-bus-reset.patch
  (git-fixes CVE-2021-47153 bsc#1221969).
- Update
  patches.suse/i40e-Fix-use-after-free-in-i40e_client_subtask.patch
  (git-fixes CVE-2021-46991 bsc#1220575).
- Update
  patches.suse/iio-adc-ad7124-Fix-potential-overflow-due-to-non-seq.patch
  (git-fixes CVE-2021-47172 bsc#1221992).
- Update patches.suse/iommu-vt-d-fix-sysfs-leak-in-alloc_iommu
  (bsc#1189218 CVE-2021-47177 bsc#1221997).
- Update
  patches.suse/ipc-mqueue-msg-sem-Avoid-relying-on-a-stack-reference.patch
  (bsc#1185988 bsc1220826 CVE-2021-47069 bsc#1220826).
- Update
  patches.suse/kyber-fix-out-of-bounds-access-when-preempted.patch
  (bsc#1187403 CVE-2021-46984 bsc#1220631).
- Update
  patches.suse/locking-qrwlock-Fix-ordering-in-queued_write_lock_sl.patch
  (bsc#1185041 CVE-2021-46921 bsc#1220468).
- Update
  patches.suse/md-raid1-properly-indicate-failure-when-ending-a-fai.patch
  (bsc#1185680 CVE-2021-46950 bsc#1220662).
- Update
  patches.suse/media-staging-intel-ipu3-Fix-memory-leak-in-imu_fmt.patch
  (git-fixes CVE-2021-46944 bsc#1220566).
- Update
  patches.suse/media-staging-intel-ipu3-Fix-set_fmt-error-handling.patch
  (git-fixes CVE-2021-46943 bsc#1220583).
- Update
  patches.suse/misc-uss720-fix-memory-leak-in-uss720_probe.patch
  (git-fixes CVE-2021-47173 bsc#1221993).
- Update
  patches.suse/mmc-uniphier-sd-Fix-a-resource-leak-in-the-remove-fu.patch
  (git-fixes CVE-2021-46962 bsc#1220532).
- Update
  patches.suse/msft-hv-2305-Drivers-hv-vmbus-Use-after-free-in-__vmbus_open.patch
  (git-fixes CVE-2021-47049 bsc#1220692).
- Update
  patches.suse/msft-hv-2316-uio_hv_generic-Fix-a-memory-leak-in-error-handling-p.patch
  (git-fixes CVE-2021-47071 bsc#1220846).
- Update
  patches.suse/msft-hv-2317-uio_hv_generic-Fix-another-memory-leak-in-error-hand.patch
  (git-fixes CVE-2021-47070 bsc#1220829).
- Update
  patches.suse/mtd-require-write-permissions-for-locking-and-badblo.patch
  (git-fixes CVE-2021-47055 bsc#1220768).
- Update
  patches.suse/net-hns3-put-off-calling-register_netdev-until-clien.patch
  (bsc#1154353 CVE-2021-47139 bsc#1221935).
- Update
  patches.suse/net-nfc-fix-use-after-free-llcp_sock_bind-connect.patch
  (CVE-2021-23134 bsc#1186060 CVE-2021-47068 bsc#1220739).
- Update
  patches.suse/net-usb-fix-memory-leak-in-smsc75xx_bind.patch
  (git-fixes CVE-2021-47171 bsc#1221994).
- Update
  patches.suse/netfilter-nftables-avoid-overflows-in-nft_hash_bucke.patch
  (CVE-2021-47013 bsc#1220641 CVE-2021-46992 bsc#1220638).
- Update patches.suse/ocfs2-fix-data-corruption-by-fallocate.patch
  (bsc#1187412 CVE-2021-47114 bsc#1221548).
- Update
  patches.suse/pid-take-a-reference-when-initializing-cad_pid.patch
  (bsc#1152489 CVE-2021-47118 bsc#1221605).
- Update
  patches.suse/platform-x86-dell-smbios-wmi-Fix-oops-on-rmmod-dell_.patch
  (git-fixes CVE-2021-47073 bsc#1220850).
- Update
  patches.suse/powerpc-64s-Fix-crashes-when-toggling-entry-flush-ba.patch
  (bsc#1177666 git-fixes bsc#1186460 ltc#192531 CVE-2021-46990
  bsc#1220743).
- Update
  patches.suse/powerpc-64s-Fix-pte-update-for-kernel-memory-on-radi.patch
  (bsc#1055117 git-fixes CVE-2021-47034 bsc#1220687).
- Update
  patches.suse/regmap-set-debugfs_name-to-NULL-after-it-is-freed.patch
  (git-fixes CVE-2021-47058 bsc#1220779).
- Update
  patches.suse/rtw88-Fix-array-overrun-in-rtw_get_tx_power_params.patch
  (git-fixes CVE-2021-47065 bsc#1220749).
- Update
  patches.suse/scsi-lpfc-Fix-null-pointer-dereference-in-lpfc_prep_.patch
  (bsc#1182574 CVE-2021-47045 bsc#1220640).
- Update
  patches.suse/scsi-qedf-Add-pointer-checks-in-qedf_update_link_speed
  (git-fixes CVE-2021-47077 bsc#1220861).
- Update
  patches.suse/scsi-qla2xxx-Fix-crash-in-qla2xxx_mqueuecommand.patch
  (bsc#1185491 CVE-2021-46963 bsc#1220536).
- Update
  patches.suse/serial-rp2-use-request_firmware-instead-of-request_f.patch
  (git-fixes CVE-2021-47169 bsc#1222000).
- Update
  patches.suse/soundwire-stream-fix-memory-leak-in-stream-config-er.patch
  (git-fixes CVE-2021-47020 bsc#1220785).
- Update
  patches.suse/spi-fsl-lpspi-Fix-PM-reference-leak-in-lpspi_prepare.patch
  (git-fixes CVE-2021-47051 bsc#1220764).
- Update
  patches.suse/spi-spi-fsl-dspi-Fix-a-resource-leak-in-an-error-han.patch
  (git-fixes CVE-2021-47161 bsc#1221966).
- Update
  patches.suse/tpm-efi-Use-local-variable-for-calculating-final-log.patch
  (git-fixes CVE-2021-46951 bsc#1220615).
- Update
  patches.suse/tracing-Restructure-trace_clock_global-to-never-block.patch
  (git-fixes CVE-2021-46939 bsc#1220580).
- Update
  patches.suse/tun-avoid-double-free-in-tun_free_netdev.patch
  (bsc#1209635 CVE-2022-4744 CVE-2021-47082 bsc#1220969).
- Update
  patches.suse/x86-kvm-Disable-kvmclock-on-all-CPUs-on-shutdown.patch
  (bsc#1185308 CVE-2021-47110 bsc#1221532).
- Update
  patches.suse/x86-kvm-Teardown-PV-features-on-boot-CPU-as-well.patch
  (bsc#1185308 CVE-2021-47112 bsc#1221541).
- commit 563b877

- Update
  patches.suse/i2c-img-scb-fix-reference-leak-when-pm_runtime_get_s.patch
  (git-fixes CVE-2020-36783 bsc#1220561).
- Update
  patches.suse/i2c-imx-lpi2c-fix-reference-leak-when-pm_runtime_get.patch
  (git-fixes CVE-2020-36782 bsc#1220560).
- Update
  patches.suse/i2c-sprd-fix-reference-leak-when-pm_runtime_get_sync.patch
  (git-fixes CVE-2020-36780 bsc#1220556).
- commit 33b0d9d

- IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445 CVE-2023-52474)
- commit bdb2e0c

- Update patches.suse/s390-dasd-add-missing-discipline-function
  (bsc#1188130 ltc#193581 CVE-2021-47176 bsc331221996).
- commit d918596

- wifi: ath10k: fix NULL pointer dereference in
  ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336
  CVE-2023-7042).
- commit 22d99d7

- dmaengine: fix NULL pointer in channel unregistration function (bsc#1221276 CVE-2023-52492)
- commit b24663f

- Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
  (bsc#1219170 CVE-2024-22099).
- commit b8c2f38

- aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
  (bsc#1218562 CVE-2023-6270).
- commit 0e87477

- fs: no need to check source (bsc#1221044 CVE-2023-52591).
- commit df2f811

- rename(): avoid a deadlock in the case of parents having no
  common ancestor (bsc#1221044 CVE-2023-52591).
- commit faa6432

- kill lock_two_inodes() (bsc#1221044 CVE-2023-52591).
- commit d6f6371

- rename(): fix the locking of subdirectories (bsc#1221044
  CVE-2023-52591).
- commit 063df0d

- f2fs: Avoid reading renamed directory if parent does not change
  (bsc#1221044 CVE-2023-52591).
- commit 4dfa62d

- ext4: don't access the source subdirectory content on
  same-directory rename (bsc#1221044 CVE-2023-52591).
- commit 80ff66b

- ext2: Avoid reading renamed directory if parent does not change
  (bsc#1221044 CVE-2023-52591).
- commit 03d3930

- udf_rename(): only access the child content on cross-directory
  rename (bsc#1221044 CVE-2023-52591).
- commit 4bff17c

- ocfs2: Avoid touching renamed directory if parent does not
  change (bsc#1221044 CVE-2023-52591).
- commit 74fc5ec

- reiserfs: Avoid touching renamed directory if parent does not
  change (git-fixes bsc#1221044 CVE-2023-52591).
  Refresh patches.suse/reiserfs-add-check-to-detect-corrupted-directory-entry.patch
  Refresh patches.suse/reiserfs-don-t-panic-on-bad-directory-entries.patch
- commit f392df9

- fs: don't assume arguments are non-NULL (bsc#1221044
  CVE-2023-52591).
- commit a11eadd

- fs: Restrict lock_two_nondirectories() to non-directory inodes
  (bsc#1221044 CVE-2023-52591).
- commit 6ad8632

- fs: ocfs2: check status values (bsc#1221044 CVE-2023-52591).
- commit 696c231

- fs: Lock moved directories (bsc#1221044 CVE-2023-52591).
- commit c14fbaa

- fs: Establish locking order for unrelated directories
  (bsc#1221044 CVE-2023-52591).
- commit b424ded

- fs: introduce lock_rename_child() helper (bsc#1221044
  CVE-2023-52591).
- commit 02e4cc0

- dm: rearrange core declarations for extended use from dm-zone.c
  (bsc#1221113).
- Refresh
  patches.kabi/kABI-dm-fix-deadlock-when-swapping-to-encrypted-device.patch.
- commit 741eac7

- perf/x86/lbr: Filter vsyscall addresses (bsc#1220703,
  CVE-2023-52476).
- commit c46d003

- dm rq: don't queue request to blk-mq during DM suspend
  (bsc#1221113).
- commit b77fc22

- neighbour: allow NUD_NOARP entries to be forced GCed
  (bsc#1221534 CVE-2021-47109).
- commit d36f6ec

- net/sched: Add module alias for sch_fq_pie (bsc#1210335 CVE-2023-1829).
- commit d985f7c

- net/sched: Remove alias of sch_clsact (bsc#1210335 CVE-2023-1829).
- net/sched: Load modules via their alias (bsc#1210335 CVE-2023-1829).
- net/sched: Add module aliases for cls_,sch_,act_ modules
  (bsc#1210335 CVE-2023-1829).
- net/sched: Add helper macros with module names (bsc#1210335 CVE-2023-1829).
- net/sched: Remove alias of sch_clsact (bsc#1210335 CVE-2023-1829).
- net/sched: Load modules via their alias (bsc#1210335 CVE-2023-1829).
- net/sched: Add module aliases for cls_,sch_,act_ modules
  (bsc#1210335 CVE-2023-1829).
- net/sched: Add helper macros with module names (bsc#1210335 CVE-2023-1829).
- commit 6a5afc3

- x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set (bsc#1213456 CVE-2023-28746).
- commit 15a7f43

- Sort already upstream patches
- Refresh
  patches.suse/Documentation-hw-vuln-Add-documentation-for-RFDS.patch.
- Refresh
  patches.suse/KVM-VMX-Move-VERW-closer-to-VMentry-for-MDS-mitigation.patch.
- Refresh
  patches.suse/KVM-VMX-Use-BT-JNC-i.e.-EFLAGS.CF-to-select-VMRESUME-vs.-V.patch.
- Refresh
  patches.suse/KVM-x86-Export-RFDS_NO-and-RFDS_CLEAR-to-guests.patch.
- Refresh
  patches.suse/x86-bugs-Add-asm-helpers-for-executing-VERW.patch.
- Refresh
  patches.suse/x86-bugs-Use-ALTERNATIVE-instead-of-mds_user_clear-static-.patch.
- Refresh
  patches.suse/x86-entry_32-Add-VERW-just-before-userspace-transition.patch.
- Refresh
  patches.suse/x86-entry_64-Add-VERW-just-before-userspace-transition.patch.
- Refresh
  patches.suse/x86-rfds-Mitigate-Register-File-Data-Sampling-RFDS.patch.
- commit 851bcbe

- perf/core: Fix unconditional security_locked_down() call
  (bsc#1220697, CVE-2021-46971).
- commit 0b7f805

- io_uring/af_unix: disable sending io_uring over sockets
  (bsc#1220754 CVE-2023-6531).
- commit a0d28a2

- usb: mtu3: fix list_head check warning (bsc#1220484
  CVE-2021-46930).
- commit b548734

- Refresh patches.kabi/team-Hide-new-member-header-ops.patch.
  Fix for kABI workaround.
- commit ff68767

- ceph: fix deadlock or deadcode of misusing dget() (bsc#1221058
  CVE-2023-52583).
- commit 5c7a950

- usb: hub: Guard against accesses to uninitialized BOS
  descriptors (git-fixes).
  Altered because 5.3 does not do SSP
- commit 6d423f3

- Update
  patches.suse/scsi-qla2xxx-Fix-SRB-leak-on-switch-command-timeout.patch
  added CVE reference to: (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334
  bnc#1151927 5.3.17 cve-2021-46963).
- commit bac1eb3

- Update reference of bpf-Use-correct-permission-flag-for-mixed-signed-bou.patch
  (bsc#1184942 bsc#1220425 CVE-2021-29155 CVE-2021-46908).
- commit 787c408

- drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (bsc#1220413 CVE-2023-52470).
- commit d61356a

- drivers/amd/pm: fix a use-after-free in kv_parse_power_table (bsc#1220411 CVE-2023-52469).
- commit 10972e5

- irqchip/gic-v3: Do not enable irqs when handling spurious interrups (bsc#1220529,CVE-2021-46961)
- commit 83fe0b1

- group-source-files.pl: Quote filenames (boo#1221077).
  The kernel source now contains a file with a space in the name.
  Add quotes in group-source-files.pl to avoid splitting the filename.
  Also use -print0 / -0 when updating timestamps.
- commit a005e42

- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (bsc#1220340,CVE-2024-26600)
- commit c4890bf

- mm: fix gup_pud_range (bsc#1220824).
- commit d0caaa5

- RDMA/rxe: Clear all QP fields if creation failed (bsc#1220863 CVE-2021-47078)
- commit 23bba26

- RDMA/rxe: Return CQE error if invalid lkey was supplied (bsc#1220860 CVE-2021-47076)
- commit 1171085

- ACPI: extlog: fix NULL pointer dereference check (bsc#1221039
  CVE-2023-52605).
- commit a37794c

- Update
  patches.suse/net-hso-fix-NULL-deref-on-disconnect-regression.patch
  (bsc#1220416 bsc#1220418 CVE-2021-46904 CVE-2021-46905).
  Added second CVE reference
- commit 6b7d257

- Update
  patches.suse/net-hso-fix-NULL-deref-on-disconnect-regression.patch
  (bsc#1220416 CVE-2021-46904).
- Update
  patches.suse/net-hso-fix-null-ptr-deref-during-tty-device-unregis.patch
  (bsc#1220416 CVE-2021-46904).
  Added CVE references
- commit ce2a61e

- kernel-binary: Fix i386 build
  Fixes: 89eaf4cdce05 ("rpm templates: Move macro definitions below buildrequires")
- commit f7c6351

- KVM: x86: Export RFDS_NO and RFDS_CLEAR to guests (bsc#1213456 CVE-2023-28746).
- commit d0c95ff

- x86/rfds: Mitigate Register File Data Sampling (RFDS) (bsc#1213456 CVE-2023-28746).
- commit 7725a96

- net: nfc: fix races in nfc_llcp_sock_get() and
  nfc_llcp_sock_get_sn() (CVE-2023-52502 bsc#1220831).
- commit 3983469

- btrfs: remove BUG() after failure to insert delayed dir index
  item (bsc#1220918 CVE-2023-52569).
- commit ff844fd

- btrfs: improve error message after failure to add delayed dir
  index item (bsc#1220918 CVE-2023-52569).
- commit f310611

- Documentation/hw-vuln: Add documentation for RFDS (bsc#1213456 CVE-2023-28746).
- commit bff3e02

- x86/srso: Add SRSO mitigation for Hygon processors (bsc#1220735
  CVE-2023-52482).
- commit 1f25b34

- KVM: s390: fix setting of fpc register (bsc#1221040
  CVE-2023-52597).
- commit 8155006

- vt: fix memory overlapping when deleting chars in the buffer
  (bsc#1220845 CVE-2022-48627).
- commit b8e8505

- kernel-binary: vdso: fix filelist for non-usrmerged kernel
  Fixes: a6ad8af207e6 ("rpm templates: Always define usrmerged")
- commit fb3f221

- kabi: team: Hide new member header_ops (bsc#1220870
  CVE-2023-52574).
- commit 04e32d4

- i2c: validate user data in compat ioctl (git-fixes bsc#1220469
  CVE-2021-46934).
- commit 554cd35

- ravb: Fix use-after-free issue in ravb_tx_timeout_work()
  (bsc#1212514 CVE-2023-35827).
- net: mana: Fix TX CQE error handling (bsc#1220932
  CVE-2023-52532).
- team: fix null-ptr-deref when team device type is changed
  (bsc#1220870 CVE-2023-52574).
- commit 5631a0c

- Update reference of bpf-Fix-masking-negation-logic-upon-negative-dst-reg.patch
  (bsc#1155518 bsc#1220700 CVE-2021-46974).
- commit 5f6c988

- wifi: mac80211: fix potential key use-after-free (CVE-2023-52530
  bsc#1220930).
- wifi: iwlwifi: mvm: Fix a memory corruption issue
  (CVE-2023-52531 bsc#1220931).
- commit 7072ac0

- pinctrl: mediatek: fix global-out-of-bounds issue
  (CVE-2021-47083 bsc#1220917).
- commit f54296c

- drm/bridge: sii902x: Fix probing race issue (bsc#1220736 CVE-2024-26607).
- commit 470c611

- KVM: Destroy target device if coalesced MMIO unregistration
  fails (git-fixes).
- commit c99d976

- KVM: mmio: Fix use-after-free Read in
  kvm_vm_ioctl_unregister_coalesced_mmio (git-fixes).
- commit f7f8d3b

- bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255
  CVE-2024-26589).
- commit 84782c1

- PCI: endpoint: Fix NULL pointer dereference for ->get_features()
  (bsc#1220660 CVE-2021-47005).
- commit 4cda383

- tls: fix race between tx work scheduling and socket close
  (CVE-2024-26585 bsc#1220187).
- commit 7207999

- kabi: restore return type of dst_ops::gc() callback
  (CVE-2023-52340 bsc#1219295).
- ipv6: remove max_size check inline with ipv4 (CVE-2023-52340
  bsc#1219295).
- commit 077e12d

- netfilter: nf_tables: fix 64-bit load issue in
  nft_byteorder_eval() (CVE-2024-0607 bsc#1218915).
- netfilter: nf_tables: fix pointer math issue in
  nft_byteorder_eval() (CVE-2024-0607 bsc#1218915).
- commit b02bdeb

- netfilter: nf_tables: fix 64-bit load issue in
  nft_byteorder_eval() (CVE-2024-0607 bsc#1218915).
- netfilter: nf_tables: fix pointer math issue in
  nft_byteorder_eval() (CVE-2024-0607 bsc#1218915).
- commit 67cfeec

- Update patches.suse/sctp-use-call_rcu-to-free-endpoint.patch
  (CVE-2022-20154 CVE-2021-46929 bsc#1200599 bsc#1220482).
- commit 8d1b35f

- Update patches.suse/scsi-qla2xxx-Reserve-extra-IRQ-vectors.patch
  (bsc#1184436 bsc#1186286 bsc#1220538 CVE-2021-46964).
- commit e5c6db2

- KVM: Stop looking for coalesced MMIO zones if the bus is
  destroyed (bsc#1220742 CVE-2021-47060).
- commit 7287801

- netfilter: nft_set_pipapo: skip inactive elements during set
  walk (CVE-2023-6817 bsc#1218195).
- commit ba8530f

- tomoyo: fix UAF write bug in tomoyo_write_control() (bsc#1220825
  CVE-2024-26622).
- commit 6d24f8e

- Update
  patches.suse/s390-zcrypt-fix-zcard-and-zqueue-hot-unplug-memleak
  (git-fixes CVE-2021-46968).
- commit a63feba

- doc/README.SUSE: Update information about module support status
  (jsc#PED-5759)
  Following the code change in SLE15-SP6 to have externally supported
  modules no longer taint the kernel, update the respective documentation
  in README.SUSE:
  * Describe that support status can be obtained at runtime for each
  module from /sys/module/$MODULE/supported and for the entire system
  from /sys/kernel/supported. This provides a way how to now check that
  the kernel has any externally supported modules loaded.
  * Remove a mention that externally supported modules taint the kernel,
  but keep the information about bit 16 (X) and add a note that it is
  still tracked per module and can be read from
  /sys/module/$MODULE/taint. This per-module information also appears in
  Oopses.
- commit 9ed8107

- powerpc/pseries/memhp: Fix access beyond end of drmem array
  (bsc#1220250,CVE-2023-52451).
- commit 9865154

- Input: appletouch - initialize work before device registration
  (CVE-2021-46932 bsc#1220444).
- commit 8f106a8

- Update
  patches.suse/ipc-mqueue-msg-sem-Avoid-relying-on-a-stack-reference.patch
  (bsc#1185988, bsc1220826, CVE-2021-47069).
- commit f01183e

- Update References
  patches.suse/ACPI-GTDT-Don-t-corrupt-interrupt-mappings-on-watchd.patch
  (git-fixes bsc#1220599 CVE-2021-46953).
- commit 5b10499

- Update References
  patches.suse/ACPI-custom_method-fix-potential-use-after-free-issu.patch
  (git-fixes bsc#1220572 CVE-2021-46966).
- commit 8eecec3

- efivarfs: force RO when remounting if SetVariable is not
  supported (bsc#1220328 CVE-2023-52463).
- commit 0c76724

- RDMA/siw: Fix a use after free in siw_alloc_mr (bsc#1220627
  CVE-2021-47012).
- commit 96f4478

- mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
  (bsc#1220238 CVE-2023-52449).
- commit d23e49b

- Input: powermate - fix use-after-free in
  powermate_config_complete (CVE-2023-52475 bsc#1220649).
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
  (CVE-2023-52478 bsc#1220796).
- commit 92ea315

- hfsplus: prevent corruption in shrinking truncate (bsc#1220737
  CVE-2021-46989).
- commit cc37c78

- Update patch reference for qcom bus fix (CVE-2021-47054 bsc#1220767)
- commit 024411a

- netfilter: nft_limit: avoid possible divide error in
  nft_limit_init (bsc#1220436 CVE-2021-46915).
- commit 291b0ff

- NFC: st21nfca: Fix memory leak in device probe and remove
  (CVE-2021-46924 bsc#1220459).
- commit 2b46faa

- Update patch reference for HID fix (CVE-2021-46906 bsc#1220421)
- commit 89e5504

- i2c: Fix a potential use after free (bsc#1220409
  CVE-2019-25162).
- commit 6421697

- i2c: cadence: fix reference leak when pm_runtime_get_sync fails
  (bsc#1220570 CVE-2020-36784).
- commit 5fa02fa

- KVM: Destroy I/O bus devices on unregister failure _after_
  sync'ing SRCU (bsc#git-fixes, CVE-2021-47061).
- commit b2a896d

- Update patch reference for media usb fix (CVE-2020-36777 bsc#1220526)
- commit f0fcd0d

- media: pvrusb2: fix use after free on context disconnection
  (CVE-2023-52445 bsc#1220241).
- commit 3f02f88

- nfc: nci: fix possible NULL pointer dereference in
  send_acknowledge() (bsc#1219125 CVE-2023-46343).
- commit 9371a32

- uio: Fix use-after-free in uio_open (bsc#1220140
  CVE-2023-52439).
- commit 758615f

- apparmor: avoid crash when parsed profile name is empty
  (CVE-2023-52443 bsc#1220240).
- commit 9d07817

- sched/membarrier: reduce the ability to hammer on sys_membarrier
  (git-fixes, bsc#1220398, CVE-2024-26602).
- commit b645222

- i2c: i801: Fix block process call transactions (bsc#1220009
  CVE-2024-26593).
- commit c348c97

- netfilter: nftables: avoid overflows in nft_hash_buckets()
  (CVE-2021-47013 bsc#1220641).
- commit f0d286e

- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
  (CVE-2021-47013 bsc#1220641).
- commit 378bb67

- mlxsw: spectrum_acl_tcam: Fix stack corruption (bsc#1220243
  CVE-2024-26586).
- mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in
  error path (bsc#1220344 CVE-2024-26595).
- commit 76ed3a3

- EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330)
- commit 5f2e003

- gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
  (bsc#1220253 CVE-2023-52448).
- commit a731316

- rpm templates: Always define usrmerged
  usrmerged is now defined in kernel-spec-macros and not the distribution.
  Only check if it's defined in kernel-spec-macros, not everywhere where
  it's used.
- commit a6ad8af

- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- commit fda6073

- blacklist.conf: Blacklist a clang fix
- commit 6540830

- rpm templates: Move macro definitions below buildrequires
  Many of the rpm macros defined in the kernel packages depend directly or
  indirectly on script execution. OBS cannot execute scripts which means
  values of these macros cannot be used in tags that are required for OBS
  to see such as package name, buildrequires or buildarch.
  Accumulate macro definitions that are not directly expanded by mkspec
  below buildrequires and buildarch to make this distinction clear.
- commit 89eaf4c

- net: openvswitch: limit the number of recursions from action
  sets (bsc#1219835 CVE-2024-1151).
- commit 5a5045f

- rpm/check-for-config-changes: add GCC_ASM_GOTO_OUTPUT_WORKAROUND to IGNORED_CONFIGS_RE
  Introduced by commit 68fb3ca0e408 ("update workarounds for gcc "asm
  goto" issue").
- commit be1bdab

- compute-PATCHVERSION: Do not produce output when awk fails
  compute-PATCHVERSION uses awk to produce a shell script that is
  subsequently executed to update shell variables which are then printed
  as the patchversion.
  Some versions of awk, most notably bysybox-gawk do not understand the
  awk program and fail to run. This results in no script generated as
  output, and printing the initial values of the shell variables as
  the patchversion.
  When the awk program fails to run produce 'exit 1' as the shell script
  to run instead. That prevents printing the stale values, generates no
  output, and generates invalid rpm spec file down the line. Then the
  problem is flagged early and should be easier to diagnose.
- commit 8ef8383

- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes).
- commit 6d2e676

- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation  code (git-fixes).
- commit 1f3dbeb

- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes).
- commit 2581a0e

- KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes).
- commit 79ab1f6

- x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
- commit 26d80bf

- KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
- KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes).
- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes).
  Also add the removed mds_user_clear symbol to kABI severities as it is
  exposed just for KVM module and is generally a core kernel component so
  removing it is low risk.
- x86/entry_32: Add VERW just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).
- x86/bugs: Add asm helpers for executing VERW (git-fixes).
- commit 8f33ff8

- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653 bsc#1219915).
- commit 52b181f

- ext4: fix deadlock due to mbcache entry corruption
  (bsc#1207653 bsc#1219915).
- commit 14e0a9c

- net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
  (bsc#1219127 CVE-2024-23849).
- commit 75b4a5b

- cifs: fix missing unload_nls() in smb2_reconnect()
  (bsc#1213476).
- commit 7236d05

- cifs: fix status checks in cifs_tree_connect (bsc#1213476).
- commit a4a76da

- smb: client: fix null auth (bsc#1213476).
- commit 08d9d59

- kernel-binary: Move build script to the end
  All other spec templates have the build script at the end, only
  kernel-binary has it in the middle. Align with the other templates.
- commit 98cbdd0

- rpm templates: Aggregate subpackage descriptions
  While in some cases the package tags, description, scriptlets and
  filelist are located together in other cases they are all across the
  spec file. Aggregate the information related to a subpackage in one
  place.
- commit 8eeb08c

- rpm templates: sort rpm tags
  The rpm tags in kernel spec files are sorted at random.
  Make the order of rpm tags somewhat more consistent across rpm spec
  templates.
- commit 8875c35

- Update to add CVE-2024-23851 tag,
  patches.suse/dm-limit-the-number-of-targets-and-parameter-size-ar.patch
  (bsc#1219827, bsc#1219146, CVE-2023-52429, CVE-2024-23851).
- commit ef15d5e

- dm: limit the number of targets and parameter size area
  (bsc#1219827, bsc#1219146, CVE-2023-52429).
- commit 2431307

- vhost: use kzalloc() instead of kmalloc() followed by memset()
  (CVE-2024-0340, bsc#1218689).
- commit aa86ef0

- kernel-binary: certs: Avoid trailing space
- commit bc7dc31

- rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config
  (bsc#1219653)
  They are put into -devel subpackage. And a proper link to
  /usr/share/gdb/auto-load/ is created.
- commit 1dccf2a

- Refresh
  patches.suse/cifs-Fix-UAF-in-cifs_demultiplex_thread-.patch.
  Add the upstream commit ID.
- commit d9857fd

- netfilter: nf_tables: reject QUEUE/DROP verdict parameters
  (CVE-2024-1086 bsc#1219434).
- commit 33a2cdd

- drm/amdgpu: Fix potential fence use-after-free v2 (bsc#1219128
  CVE-2023-51042).
- commit 2e8464f

- rpm/mkspec: sort entries in _multibuild
  Otherwise it creates unnecessary diffs when tar-up-ing. It's of course
  due to readdir() using "random" order as served by the underlying
  filesystem.
  See for example:
  https://build.opensuse.org/request/show/1144457/changes
- commit d1155de

- atm: Fix Use-After-Free in do_vcc_ioctl (CVE-2023-51780
  bsc#1218730).
- commit 6405c59

- xen-netback: don't produce zero-size SKB frags (CVE-2023-46838,
  XSA-448, bsc#1218836).
- commit 7d3a106

- ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
  (CVE-2021-33631 bsc#1219412).
- commit 792d624

- kernel-source: Fix description typo
- commit 8abff35

- nvmet-tcp: Fix the H2C expected PDU len calculation
  (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536
  CVE-2023-6356).
- nvmet-tcp: remove boilerplate code (bsc#1217987 bsc#1217988
  bsc#1217989 CVE-2023-6535 CVE-2023-6536 CVE-2023-6356).
- nvmet-tcp: fix a crash in nvmet_req_complete() (bsc#1217987
  bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536
  CVE-2023-6356).
- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C
  PDU length (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535
  CVE-2023-6536 CVE-2023-6356).
- commit e2033e6

- wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
  (CVE-2023-47233 bsc#1216702).
- commit 6452010

- rpm/constraints.in: set jobs for riscv to 8
  The same workers are used for x86 and riscv and the riscv builds take
  ages. So align the riscv jobs count to x86.
- commit b2c82b9

- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
- commit 8395685

- net: sched: sch_qfq: Use non-work-conserving warning handler
  (CVE-2023-4921 bsc#1215275).
- commit aabd893

- mkspec: Use variant in constraints template
  Constraints are not applied consistently with kernel package variants.
  Add variant to the constraints template as appropriate, and expand it
  in mkspec.
- commit cc68ab9

- rpm/constraints.in: add static multibuild packages
  Commit 841012b049a5 (rpm/mkspec: use kernel-source: prefix for
  constraints on multibuild) added "kernel-source:" prefix to the
  dynamically generated kernels. But there are also static ones like
  kernel-docs. Those fail to build as the constraints are still not
  applied.
  So add the prefix also to the static ones.
  Note kernel-docs-rt is given kernel-source-rt prefix. I am not sure it
  will ever be multibuilt...
- commit c2e0681

- drm/atomic: Fix potential use-after-free in nonblocking commits
  (bsc#1219120 CVE-2023-51043).
- commit 1f381b4

- Revert "Limit kernel-source build to architectures for which the kernel binary"
  This reverts commit 08a9e44c00758b5f3f3b641830ab6affff041132.
  The fix for bsc#1108281 directly causes bsc#1218768, revert.
- commit 2943b8a

- mkspec: Include constraints for both multibuild and plain package always
  There is no need to check for multibuild flag, the constraints can be
  always generated for both cases.
- commit 308ea09

- rpm/mkspec: use kernel-source: prefix for constraints on multibuild
  Otherwise the constraints are not applied with multibuild enabled.
- commit 841012b

- rpm/kernel-source.rpmlintrc: add action-ebpf
  Upstream commit a79d8ba734bd (selftests: tc-testing: remove buildebpf
  plugin) added this precompiled binary blob. Adapt rpmlintrc for
  kernel-source.
- commit b5ccb33

- ext4: improve error recovery code paths in __ext4_remount()
  (bsc#1219053 CVE-2024-0775).
- commit f053871

- scripts/tar-up.sh: don't add spurious entry from kernel-sources.changes.old
  The previous change added the manual entry from kernel-sources.change.old
  to old_changelog.txt unnecessarily.  Let's fix it.
- commit fb033e8

- rpm/kernel-docs.spec.in: fix build with 6.8
  Since upstream commit f061c9f7d058 (Documentation: Document each netlink
  family), the build needs python yaml.
- commit 6a7ece3

- smb: client: fix OOB in receive_encrypted_standard()
  (bsc#1218832 CVE-2024-0565).
- commit 59d97af

- ida: Fix crash in ida_free when the bitmap is empty (bsc#1218804
  CVE-2023-6915).
- commit e0cf5bf

- netfilter: nf_tables: Reject tables of unsupported family
  (bsc#1218752 CVE-2023-6040).
- commit 9fd7b64

- net/rose: Fix Use-After-Free in rose_ioctl (CVE-2023-51782
  bsc#1218757).
- commit 1ba2d82

- powerpc/powernv: Add a null pointer check in opal_event_init()
  (bsc#1065729 CVE-2023-52686).
- commit 0f57a9b

- Store the old kernel changelog entries in kernel-docs package (bsc#1218713)
  The old entries are found in kernel-docs/old_changelog.txt in docdir.
  rpm/old_changelog.txt can be an optional file that stores the similar
  info like rpm/kernel-sources.changes.old.  It can specify the commit
  range that have been truncated.  scripts/tar-up.sh expands from the
  git log accordingly.
- commit c9a2566

- smb: client: fix potential OOB in smb2_dump_detail()
  (bsc#1217946 CVE-2023-6610).
- commit 838930f

- Limit kernel-source build to architectures for which the kernel binary
  is built (bsc#1108281).
- commit 08a9e44

- Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
  (CVE-2023-51779 bsc#1218559).
- commit 10b8efc

- clocksource: Suspend the watchdog temporarily when high read
  latency detected (bsc#1218105).
- commit 683a4c2

- clocksource: Avoid accidental unstable marking of clocksources
  (bsc#1218105).
- commit 0d50b3e

- mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184)
  When MULTIBUILD option in config.sh is enabled generate a _multibuild
  file listing all spec files.
- commit f734347

- Build in the correct KOTD repository with multibuild
  (JSC-SLE#5501, boo#1211226, bsc#1218184)
  With multibuild setting repository flags is no longer supported for
  individual spec files - see
  https://github.com/openSUSE/open-build-service/issues/3574
  Add ExclusiveArch conditional that depends on a macro set up by
  bs-upload-kernel instead. With that each package should build only in
  one repository - either standard or QA.
  Note: bs-upload-kernel does not interpret rpm conditionals, and only
  uses the first ExclusiveArch line to determine the architectures to
  enable.
- commit aa5424d

- Bluetooth: avoid memcmp() out of bounds warning (bsc#1215237
  CVE-2020-26555).
- Bluetooth: hci_event: Fix coding style (bsc#1215237
  CVE-2020-26555).
- Bluetooth: hci_event: Fix using memcmp when comparing keys
  (bsc#1215237 CVE-2020-26555).
- commit bb86106

- Bluetooth: Reject connection with the device which has same
  BD_ADDR (bsc#1215237 CVE-2020-26555).
- commit 360840a

- Bluetooth: hci_event: Ignore NULL link key (bsc#1215237
  CVE-2020-26555).
- commit 13b41ce

- perf: Fix perf_event_validate_size() lockdep splat
  (CVE-2023-6931 bsc#1218258).
- perf: Fix perf_event_validate_size() (CVE-2023-6931
  bsc#1218258).
- commit e551d3d

- smb: client: fix OOB in smbCalcSize() (bsc#1217947
  CVE-2023-6606).
- commit bba90ea

- ipv4: igmp: fix refcnt uaf issue when receiving igmp query
  packet (bsc#1218253 CVE-2023-6932).
- commit 1240db6

- io_uring: fix 32-bit compatability with sendmsg/recvmsg (bsc#1217709).
  This was originally blacklisted for no good reason.  Since now we have
  an actual bug report that breaks LTP, drop from blacklist and backport.
- commit 8a7380f

- efi/mokvar: Reserve the table only if it is in boot services
  data (bsc#1215375).
- commit 2c6d22d

- nvmet: nul-terminate the NQNs passed in the connect command
  (bsc#1217250 CVE-2023-6121).
- commit 3b11907

- kernel-source: Remove config-options.changes (jsc#PED-5021)
  The file doc/config-options.changes was used in the past to document
  kernel config changes. It was introduced in 2010 but haven't received
  any updates on any branch since 2015. The file is renamed by tar-up.sh
  to config-options.changes.txt and shipped in the kernel-source RPM
  package under /usr/share/doc. As its content now only contains outdated
  information, retaining it can lead to confusion for users encountering
  this file.
  Config changes are nowadays described in associated Git commit messages,
  which get automatically collected and are incorporated into changelogs
  of kernel RPM packages.
  Drop then this obsolete file, starting with its packaging logic.
  For branch maintainers: Upon merging this commit on your branch, please
  correspondingly delete the file doc/config-options.changes.
- commit adedbd2

- doc/README.SUSE: Simplify the list of references (jsc#PED-5021)
  Reduce indentation in the list of references, make the style consistent
  with README.md.
- commit 70e3c33

- doc/README.SUSE: Add how to update the config for module signing
  (jsc#PED-5021)
  Configuration files for SUSE kernels include settings to integrate with
  signing support provided by the Open Build Service. This creates
  problems if someone tries to use such a configuration file to build
  a "standalone" kernel as described in doc/README.SUSE:
  * Default configuration files available in the kernel-source repository
  unset CONFIG_MODULE_SIG_ALL to leave module signing to
  pesign-obs-integration. In case of a "standalone" build, this
  integration is not available and the modules don't get signed.
  * The kernel spec file overrides CONFIG_MODULE_SIG_KEY to
  ".kernel_signing_key.pem" which is a file populated by certificates
  provided by OBS but otherwise not available. The value ends up in
  /boot/config-$VERSION-$RELEASE-$FLAVOR and /proc/config.gz. If someone
  decides to use one of these files as their base configuration then the
  build fails with an error because the specified module signing key is
  missing.
  Add information on how to enable module signing and where to find the
  relevant upstream documentation.
- commit a699dc3

- doc/README.SUSE: Remove how to build modules using kernel-source
  (jsc#PED-5021)
  Remove the first method how to build kernel modules from the readme. It
  describes a process consisting of the kernel-source installation,
  configuring this kernel and then performing an ad-hoc module build.
  This method is not ideal as no modversion data is involved in the
  process. It results in a module with no symbol CRCs which can be wrongly
  loaded on an incompatible kernel.
  Removing the method also simplifies the readme because only two main
  methods how to build the modules are then described, either doing an
  ad-hoc build using kernel-devel, or creating a proper Kernel Module
  Package.
- commit 9285bb8

- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: mana: Fix MANA VF unload when hardware is unresponsive
  (bsc#1214764).
- commit b006ee9

- Call flush_delayed_fput() from nfsd main-loop (bsc#1217408).
- commit f407bf4

- powerpc: Don't clobber f0/vs0 during fp|altivec register save
  (bsc#1217780).
- commit 96932d7

- netfilter: conntrack: dccp: copy entire header to stack buffer,
  not just basic one (CVE-2023-39197 bsc#1216976).
- commit 5e51ad1

- kernel-binary: suse-module-tools is also required when installed
  Requires(pre) adds dependency for the specific sciptlet.
  However, suse-module-tools also ships modprobe.d files which may be
  needed at posttrans time or any time the kernel is on the system for
  generating ramdisk. Add plain Requires as well.
- commit 8c12816

- rpm: Use run_if_exists for all external scriptlets
  With that the scriptlets do not need to be installed for build.
- commit 25edd65

- net/tls: do not free tls_rec on async operation in
  bpf_exec_tx_verdict() (bsc#1217332 CVE-2023-6176).
- commit 20678d9

- ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
- commit ad1e507

- README.SUSE: fix patches.addon use
  It's series, not series.conf in there.
  And make it more precise on when the patches are applied.
- commit cb8969c

- Do not store build host name in initrd
  Without this patch, kernel-obs-build stored the build host name
  in its .build.initrd.kvm
  This patch allows for reproducible builds of kernel-obs-build and thus
  avoids re-publishing the kernel-obs-build.rpm when nothing changed.
  Note that this has no influence on the /etc/hosts file
  that is used during other OBS builds.
  https://bugzilla.opensuse.org/show_bug.cgi?id=1084909
- commit fd3a75e

- Ensure ia32_emulation is always enabled for kernel-obs-build
  If ia32_emulation is disabled by default, ensure it is enabled
  back for OBS kernel to allow building 32bit binaries (jsc#PED-3184)
  [ms: Always pass the parameter, no need to grep through the config which
  may not be very reliable]
- commit 56a2c2f

- kobject: Fix slab-out-of-bounds in fill_kobj_path() (bsc#1216058
  CVE-2023-45863).
- commit 1b6a097

- rpm: Define git commit as macro
- commit bcc92c8

- kernel-source: Move provides after sources
- commit dbbf742

- patches.suse/0003-btrfs-tree-checker-Refactor-prev_key-check-for-ino-i.patch:
  (bsc#1215371).
- commit 39aefaa

- patches.suse/0002-btrfs-tree-checker-Add-check-for-INODE_REF.patch:
  (bsc#1215371).
- commit d3fc74a

- patches.suse/0001-btrfs-tree-checker-Try-to-detect-missing-INODE_ITEM.patch:
  (bsc#1215371).
- commit b772e7a

- rpm/check-for-config-changes: add HAVE_SHADOW_CALL_STACK to IGNORED_CONFIGS_RE
  Not supported by our compiler.
- commit eb32b5a

- igb: set max size RX buffer when store bad packet is enabled
  (bsc#1216259 CVE-2023-45871).
- commit 9445d70

- drm/qxl: fix UAF on handle creation (CVE-2023-39198
  bsc#1216965).
- commit a0819bc

- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in
  HCIUARTGETPROTO (bsc#1210780 CVE-2023-31083).
- commit 7f7eb62

- perf/core: Fix potential NULL deref (bsc#1216584 CVE-2023-5717).
- commit dbf3f79

- perf: Disallow mis-matched inherited group reads (bsc#1216584 CVE-2023-5717).
  Implement KABI fix for above
- commit c397b9e

- rpm/check-for-config-changes: add AS_WRUSS to IGNORED_CONFIGS_RE
  Add AS_WRUSS as an IGNORED_CONFIGS_RE entry in check-for-config-changes
  to fix build on x86_32.
  There was a fix submitted to upstream but it was not accepted:
  https://lore.kernel.org/all/20231031140504.GCZUEJkMPXSrEDh3MA@fat_crate.local/
  So carry this in IGNORED_CONFIGS_RE instead.
- commit 7acca37

- Fix patches.suse/io_uring-used-cached-copies-of-sq-dropped-and-cq-ove.patch. (bsc#1214344)
  To protect itself against userspace corrupting the counter of io_uring
  dropped submission entries, the kernel relies on a cache of the counter
  instead of reading the counter directly.  But, the stable patch that was
  brought to SP3 implementing the this mechanism was done incorrectly, and
  let's the kernel read from the userspace value instead of the cache in
  one situation. This allows userspace to subvert the counter, hanging the
  application forever. Fix the backport to read from the cached value.
  5.3 stable is long dead, so there is nothing to fix upstream or in
  - stable.
- commit 2f88408

- ibmvfc: make 'max_sectors' a module option (bsc#1216223).
- commit ecc46dc

- scsi: Update max_hw_sectors on rescan (bsc#1216223).
- commit 2c4e392

- nvme-fc: Prevent null pointer dereference in
  nvme_fc_io_getuuid() (bsc#1214842).
- commit b96c59b

- ubi: Refuse attaching if mtd's erasesize is 0 (CVE-2023-31085
  bsc#1210778).
- commit cf2c572

- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- commit 3cd9fd7

- USB: ene_usb6250: Allocate enough memory for full object
  (bsc#1216051 CVE-2023-45862).
- commit 850ea88

- bpf: Fix incorrect verifier pruning due to missing register
  precision taints (bsc#1215518 CVE-2023-2163).
- commit 37a3998

- netfilter: nf_tables: skip bound chain on rule flush
  (CVE-2023-3777 bsc#1215095).
- commit 5558be6

- xen/events: replace evtchn_rwlock with RCU (bsc#1215745,
  xsa-441, cve-2023-34324).
- commit 4227b23

- KVM: x86: fix sending PV IPI (git-fixes, bsc#1210853,
  bsc#1216134).
- commit 8704b8e

- netfilter: nfnetlink_osf: avoid OOB read (bsc#1216046
  CVE-2023-39189).
- commit c154d64

- btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() (bsc#1212051 CVE-2023-3111).
- commit 2048118

- doc/README.PATCH-POLICY.SUSE: Convert the document to Markdown
  (jsc#PED-5021)
- commit c05cfc9

- doc/README.SUSE: Convert the document to Markdown (jsc#PED-5021)
- commit bff5e3e

- Update
  patches.suse/ipv6-sr-fix-out-of-bounds-read-when-setting-HMAC-dat.patch
  (bsc#1211592 CVE-2023-2860).
- commit 267cf38

- net: xfrm: Fix xfrm_address_filter OOB read (CVE-2023-39194
  bsc#1215861).
- commit 1bf7dab

- netfilter: xt_sctp: validate the flag_info count (CVE-2023-39193
  bsc#1215860).
- commit 6fc23b4

- netfilter: xt_u32: validate user space input (CVE-2023-39192
  bsc#1215858).
- commit 5f8a021

- ipv4: fix null-deref in ipv4_link_failure (CVE-2023-42754
  bsc#1215467).
- commit ecc7c7a

- btrfs: fix root ref counts in error handling in
  btrfs_get_root_ref (bsc#1214351 CVE-2023-4389).
- commit 14e72e8

- Revert rwsem backport (bsc#1207270 jsc#PED-4567)
  The rwsem backport enabled database software to run on largest VMs in
  Azure (M416v2, M832v2). It is reportedly no longer needed:
- Delete patches.suse/lockdep-Add-preemption-enabled-disabled-assertion-AP.patch.
- Delete patches.suse/locking-Add-missing-__sched-attributes.patch.
- Delete patches.suse/locking-Remove-rcu_read_-un-lock-for-preempt_-dis-en.patch.
- Delete patches.suse/locking-rwsem-Add-__always_inline-annotation-to-__do.patch.
- Delete patches.suse/locking-rwsem-Allow-slowpath-writer-to-ignore-handof.patch.
- Delete patches.suse/locking-rwsem-Always-try-to-wake-waiters-in-out_nolo.patch.
- Delete patches.suse/locking-rwsem-Better-collate-rwsem_read_trylock.patch.
- Delete patches.suse/locking-rwsem-Conditionally-wake-waiters-in-reader-w.patch.
- Delete patches.suse/locking-rwsem-Disable-preemption-for-spinning-region.patch.
- Delete patches.suse/locking-rwsem-Disable-preemption-in-all-down_read-an.patch.
- Delete patches.suse/locking-rwsem-Disable-preemption-in-all-down_write-a.patch.
- Delete patches.suse/locking-rwsem-Disable-preemption-while-trying-for-rw.patch.
- Delete patches.suse/locking-rwsem-Enable-reader-optimistic-lock-stealing.patch.
- Delete patches.suse/locking-rwsem-Fix-comment-typo.patch.
- Delete patches.suse/locking-rwsem-Fix-comments-about-reader-optimistic-l.patch.
- Delete patches.suse/locking-rwsem-Fold-__down_-read-write.patch.
- Delete patches.suse/locking-rwsem-Introduce-rwsem_write_trylock.patch.
- Delete patches.suse/locking-rwsem-Make-handoff-bit-handling-more-consist.patch.
- Delete patches.suse/locking-rwsem-No-need-to-check-for-handoff-bit-if-wa.patch.
- Delete patches.suse/locking-rwsem-Optimize-down_read_trylock-under-highl.patch.
- Delete patches.suse/locking-rwsem-Pass-the-current-atomic-count-to-rwsem.patch.
- Delete patches.suse/locking-rwsem-Prevent-non-first-waiter-from-spinning.patch.
- Delete patches.suse/locking-rwsem-Prevent-potential-lock-starvation.patch.
- Delete patches.suse/locking-rwsem-Remove-an-unused-parameter-of-rwsem_wa.patch.
- Delete patches.suse/locking-rwsem-Remove-reader-optimistic-spinning.patch.
- Delete patches.suse/rwsem-Implement-down_read_interruptible.patch.
- Delete patches.suse/rwsem-Implement-down_read_killable_nested.patch.
- blacklist.conf: add a rwsem patch that causes lockups
  Restore the patch disabling optimistic spinning for readers:
- locking/rwsem: Disable reader optimistic spinning (bnc#1176588).
  Add down_read_interruptible and down_read_killable_nested, which were
  exported symbols added by the patchset being reverted, to kabi/severities.
- commit ae06a1f

- doc/README.PATCH-POLICY.SUSE: Remove the list of links (jsc#PED-5021)
  All links have been incorporated into the text. Remove now unnecessary
  list at the end of the document.
- commit 43d62b1

- doc/README.SUSE: Adjust heading style (jsc#PED-5021)
  * Underscore all headings as a preparation for Markdown conversion.
  * Use title-style capitalization for the document name and
  sentence-style capitalization for section headings, as recommended in
  the current SUSE Documentation Style Guide.
- commit 11e3267

- netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro
  for ip_set_hash_netportnet.c (CVE-2023-42753 bsc#1215150).
- commit c0f449e

- tcp: Reduce chance of collisions in inet6_hashfn()
  (CVE-2023-1206 bsc#1212703).
- commit fdc3ce8

- scsi: qedf: Add synchronization between I/O completions and
  abort (bsc#1210658).
- commit 9be81b4

- Refresh
  patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch.
- commit dc11875

- doc/README.PATCH-POLICY.SUSE: Reflow text to 80-column width
  (jsc#PED-5021)
- commit be0158c

- doc/README.PATCH-POLICY.SUSE: Update information about the tools
  (jsc#PED-5021)
  * Replace bugzilla.novell.com with bugzilla.suse.com and FATE with Jira.
  * Limit the range of commits in the exportpatch example to prevent it
  from running for too long.
  * Incorporate URLs directly into the text.
  * Fix typos and improve some wording, in particular avoid use of "there
  is/are" and prefer the present tense over the future one.
- commit c0bea0c

- doc/README.PATCH-POLICY.SUSE: Update information about the patch
  format (jsc#PED-5021)
  * Replace bugzilla.novell.com with bugzilla.suse.com and FATE with Jira.
  * Remove references to links to the patchtools and kernel source. They
  are incorporated in other parts of the text.
  * Use sentence-style capitalization for section headings, as recommended
  in the current SUSE Documentation Style Guide.
  * Fix typos and some wording, in particular avoid use of "there is/are".
- commit ce98345

- doc/README.PATCH-POLICY.SUSE: Update the summary and background
  (jsc#PED-5021)
  * Drop information about patches being split into directories per
  a subsystem because that is no longer the case.
  * Remove the mention that the expanded tree is present since SLE11-SP2
  as that is now only a historical detail.
  * Incorporate URLs and additional information in parenthenses directly
  into the text.
  * Fix typos and improve some wording.
- commit 640988f

- net: sched: sch_qfq: Fix UAF in qfq_dequeue() (CVE-2023-4921
  bsc#1215275).
- commit b3e4331

- kernel-binary: Move build-time definitions together
  Move source list and build architecture to buildrequires to aid in
  future reorganization of the spec template.
- commit 30e2cef

- bnx2x: new flag for track HW resource allocation (bsc#1202845
  bsc#1215322).
- commit 9c9c729

- x86/srso: Fix srso_show_state() side effect (git-fixes).
- commit a76a23f

- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- commit 184fe4b

- x86/srso: Don't probe microcode in a guest (git-fixes).
- commit 1dd85db

- x86/srso: Set CPUID feature bits independently of bug or mitigation  status (git-fixes).
- commit 4dac766

- Update
  patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch.
  (bsc#1207036 CVE-2023-23454)
  Fold downstream fixup of caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12.
- commit bd0b138

- kernel-binary: python3 is needed for build
  At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18
  Other simimlar scripts may exist.
- commit c882efa

- netfilter: nft_set_pipapo: fix improper element removal
  (bsc#1213812 CVE-2023-4004).
- commit 593f458

- af_unix: Fix null-ptr-deref in unix_stream_sendpage()
  (CVE-2023-4622 bsc#1215117).
- commit bd1d942

- net/sched: sch_hfsc: Ensure inner classes have fsc curve
  (CVE-2023-4623 bsc#1215115).
- commit 0cd315e

- cec-api: prevent leaking memory through hole in structure
  (CVE-2020-36766 bsc#1215299).
- commit d226bc0

- doc/README.SUSE: Reflow text to 80-column width (jsc#PED-5021)
- commit e8f2c67

- doc/README.SUSE: Minor content clean up (jsc#PED-5021)
  * Mark the user's build directory as a variable, not a command:
  'make -C $(your_build_dir)' -> 'make -C $YOUR_BUILD_DIR'.
  * Unify how to get the current directory: 'M=$(pwd)' -> 'M=$PWD'.
  * 'GIT' / 'git' -> 'Git'.
- commit 1cb4ec8

- doc/README.SUSE: Update information about module paths
  (jsc#PED-5021)
  * Use version variables to describe names of the
  /lib/modules/$VERSION-$RELEASE-$FLAVOR/... directories
  instead of using specific example versions which get outdated quickly.
  * Note: Keep the /lib/modules/ prefix instead of using the new
  /usr/lib/modules/ location for now. The updated README is expected to
  be incorporated to various branches that are not yet usrmerged.
- commit 7eba2f0

- doc/README.SUSE: Update information about custom patches
  (jsc#PED-5021)
  * Replace mention of various patches.* directories with only
  patches.suse as the typical location for patches.
  * Replace i386 with x86_64 in the example how to define a config addon.
  * Fix some typos and wording.
- commit 2997d22

- x86/pkeys: Revert a5eff7259790 ("x86/pkeys: Add PKRU value to init_fpstate") (bsc#1215356).
- commit 012d8e6

- 9p/xen : Fix use after free bug in xen_9pfs_front_remove due
  to race condition (bsc#1215206, CVE-2023-1859).
- commit fe5b126

- doc/README.SUSE: Update information about config files
  (jsc#PED-5021)
  * Use version variables to describe a name of the /boot/config-... file
  instead of using specific example versions which get outdated quickly.
  * Replace removed silentoldconfig with oldconfig.
  * Mention that oldconfig can automatically pick a base config from
  "/boot/config-$(uname -r)".
  * Avoid writing additional details in parentheses, incorporate them
  instead properly in the text.
- commit cba5807

- sctp: leave the err path free in sctp_stream_init to
  sctp_stream_free (CVE-2023-2177 bsc#1210643).
- commit 2ef1e9d

- netfilter: nftables: exthdr: fix 4-byte stack OOB write
  (CVE-2023-4881 bsc#1215221).
- commit 780699b

- doc/README.SUSE: Update the patch selection section
  (jsc#PED-5021)
  * Make the steps how to obtain expanded kernel source more generic in
  regards to version numbers.
  * Use '#' instead of '$' as the command line indicator to signal that
  the steps need to be run as root.
  * Update the format of linux-$SRCVERSION.tar.bz2 to xz.
  * Improve some wording.
- commit e14852c

- doc/README.SUSE: Update information about (un)supported modules
  (jsc#PED-5021)
  * Update the list of taint flags. Convert it to a table that matches the
  upstream documentation format and describe specifically flags that are
  related to module support status.
  * Fix some typos and wording.
- commit e46f0df

- doc/README.SUSE: Bring information about compiling up to date
  (jsc#PED-5021)
  * When building the kernel, don't mention to initially change the
  current directory to /usr/src/linux because later description
  discourages it and specifies to use 'make -C /usr/src/linux'.
  * Avoid writing additional details in parentheses, incorporate them
  instead properly in the text.
  * Fix the obsolete name of /etc/modprobe.d/unsupported-modules ->
  /etc/modprobe.d/10-unsupported-modules.conf.
  * Drop a note that a newly built kernel should be added to the boot
  manager because that normally happens automatically when running
  'make install'.
  * Update a link to the Kernel Module Packages Manual.
  * When preparing a build for external modules, mention use of the
  upstream recommended 'make modules_prepare' instead of a pair of
  'make prepare' + 'make scripts'.
  * Fix some typos+grammar.
- commit b9b7e79

- cifs: add missing spinlock around tcon refcount (bsc#1213476).
- commit 1a00f64

- cifs: avoid dup prefix path in dfs_get_automount_devname()
  (bsc#1213476).
- commit c1a52f2

- cifs: split out ses and tcon retrieval from mount_get_conns()
  (bsc#1213476).
- commit ebada2a

- cifs: remove unused smb3_fs_context::mount_options
  (bsc#1213476).
- commit af50097

- cifs: set resolved ip in sockaddr (bsc#1213476).
- commit c2e848a

- doc/README.SUSE: Bring the overview section up to date
  (jsc#PED-5021)
  * Update information in the overview section that was no longer
  accurate.
  * Improve wording and fix some typos+grammar.
- commit 798c075

- cifs: prevent data race in smb2_reconnect() (bsc#1213476).
- commit eafa010

- cifs: remove unused function (bsc#1213476).
- commit fde895d

- cifs: fix return of uninitialized rc in
  dfs_cache_update_tgthint() (bsc#1213476).
- commit 924ead8

- cifs: handle cache lookup errors different than -ENOENT
  (bsc#1213476).
- commit c0a1798

- cifs: remove duplicate code in __refresh_tcon() (bsc#1213476).
- commit fbf8b77

- cifs: don't take exclusive lock for updating target hints
  (bsc#1213476).
- commit 9fca9a3

- cifs: avoid re-lookups in dfs_cache_find() (bsc#1213476).
- commit 3b10c1a

- cifs: fix potential deadlock in cache_refresh_path()
  (bsc#1213476).
- commit 15d2508

- cifs: ignore ipc reconnect failures during dfs failover
  (bsc#1213476).
- commit f1aa7e2

- cifs: use origin fullpath for automounts (bsc#1213476).
- commit 49eaf17

- cifs: set correct status of tcon ipc when reconnecting
  (bsc#1213476).
- commit f0a500e

- cifs: optimize reconnect of nested links (bsc#1213476).
- commit 6b7513b

- cifs: fix source pathname comparison of dfs supers
  (bsc#1213476).
- commit b6c447e

- cifs: fix confusing debug message (bsc#1213476).
- commit e408d5b

- cifs: don't block in dfs_cache_noreq_update_tgthint()
  (bsc#1213476).
- commit a33b3ed

- cifs: refresh root referrals (bsc#1213476).
- commit 9e232c2

- cifs: fix refresh of cached referrals (bsc#1213476).
- commit fcfdfe6

- doc/README.SUSE: Update the references list (jsc#PED-5021)
  * Remove the reference to Linux Documentation Project. It has been
  inactive for years and mostly contains old manuals that aren't
  relevant for contemporary systems and hardware.
  * Update the name and link to LWN.net. The original name "Linux Weekly
  News" has been deemphasized over time by its authors.
  * Update the link to Kernel newbies website.
  * Update the reference to The Linux Kernel Module Programming Guide. The
  document has not been updated for over a decade but it looks its
  content is still relevant for today.
  * Point Kernel Module Packages Manual to the current version.
  * Add a reference to SUSE SolidDriver Program.
- commit 0edac75

- doc/README.SUSE: Update title information (jsc#PED-5021)
  * Drop the mention of kernel versions from the readme title.
  * Remove information about the original authors of the document. Rely as
  in case of other readmes on Git metadata to get information about all
  contributions.
  * Strip the table of contents. The document is short and easy to
  navigate just by scrolling through it.
- commit 06f5139

- doc/README.SUSE: Update information about DUD (jsc#PED-5021)
  Remove a dead link to description of Device Update Disks found
  previously on novell.com. Replace it with a short section summarizing
  what DUD is and reference the mkdud + mksusecd tools and their
  documentation for more information.
- commit 7eeba4e

- cifs: don't refresh cached referrals from unactive mounts
  (bsc#1213476).
- commit 13ea817

- cifs: share dfs connections and supers (bsc#1213476).
- commit d01493c

- Delete patches.suse/genksyms-add-override-flag.diff.
  The override flag is no longer used in kernel-binary.
- commit 79d5655

- rpm/kernel-binary.spec.in: Drop use of KBUILD_OVERRIDE=1
  Genksyms has functionality to specify an override for each type in
  a symtypes reference file. This override is then used instead of an
  actual type and allows to preserve modversions (CRCs) of symbols that
  reference the type. It is kind of an alternative to doing kABI fix-ups
  with '#ifndef __GENKSYMS__'. The functionality is hidden behind the
  genksyms --preserve option which primarily tells the tool to strictly
  verify modversions against a given reference file or fail.
  Downstream patch patches.suse/genksyms-add-override-flag.diff which is
  present in various kernel-source branches separates the override logic.
  It allows it to be enabled with a new --override flag and used without
  specifying the --preserve option. Setting KBUILD_OVERRIDE=1 in the spec
  file is then a way how the build is told that --override should be
  passed to all invocations of genksyms. This was needed for SUSE kernels
  because their build doesn't use --preserve but instead resulting CRCs
  are later checked by scripts/kabi.pl.
  However, this override functionality was not utilized much in practice
  and the only use currently to be found is in SLE11-SP1-LTSS. It means
  that no one should miss this option and KBUILD_OVERRIDE=1 together with
  patches.suse/genksyms-add-override-flag.diff can be removed.
  Notes for maintainers merging this commit to their branches:
  * Downstream patch patches.suse/genksyms-add-override-flag.diff can be
  dropped after merging this commit.
  * Branch SLE11-SP1-LTSS uses the mentioned override functionality and
  this commit should not be merged to it, or needs to be reverted
  afterwards.
- commit 4aa02b8

- cifs: do all necessary checks for credits within or before
  locking (bsc#1213476).
- commit ce2dc27

- cifs: avoid use of global locks for high contention data
  (bsc#1213476).
- Refresh patches.suse/cifs-set-resolved-ip-in-sockaddr.patch.
- Refresh patches.suse/cifs-Fix-UAF-in-cifs_demultiplex_thread-.patch.
- commit 7ce18a4

- cifs: get rid of mount options string parsing (bsc#1213476).
- commit a615bd3

- cifs: use fs_context for automounts (bsc#1213476).
- commit 231aad6

- cifs: set correct ipc status after initial tree connect
  (bsc#1213476).
- Refresh
  patches.suse/cifs-set-correct-tcon-status-after-initial-tree-connect.patch.
- commit abf3572

- cifs: set correct tcon status after initial tree connect
  (bsc#1213476).
- commit a4030d4

- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
  (bsc#1214233 CVE-2023-40283).
- commit 11dc4cc

- Refresh patches.suse/powerpc-Move-DMA64_PROPNAME-define-to-a-header.patch.
- commit d263157

- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
- commit a3ff58c

- drm/vmwgfx: Test shader type against SVGA3d_SHADERTYPE_MIN (bsc#1203517 CVE-2022-36402)
- commit 5b2dbae

- cifs: Fix UAF in cifs_demultiplex_thread() (bsc#1208995
  CVE-2023-1192).
- commit 87f52bf

- powerpc/rtas: remove ibm_suspend_me_token (bsc#1023051).
- commit 4f01e57

- Do not add and remove genksyms ifdefs
- Refresh patches.kabi/lockdown-kABI-workaround-for-lockdown_reason-changes.patch.
- Refresh patches.suse/lockdown-also-lock-down-previous-kgdb-use.patch.
- commit e497b88

- powerpc/rtas: move syscall filter setup into separate function
  (bsc#1023051).
- commit a36442d

- rpm/mkspec-dtb: support for nested subdirs
  Commit 724ba6751532 ("ARM: dts: Move .dts files to vendor
  sub-directories") moved the dts to nested subdirs, add a support for
  that. That is, generate a %dir entry in %files for them.
- commit 6484eda

- x86/speculation: Add cpu_show_gds() prototype (git-fixes).
- commit 5d94fff

- x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
- commit 5ab0096

- blacklist.conf: Blacklist redundant docu patch
- commit 1c6d737

- Sort recent hw security-related patches
  Move them to the sorted section and adjust patches accordingly.
- Refresh patches.suse/kvm-add-gds_no-support-to-kvm.patch.
- Refresh
  patches.suse/x86-speculation-add-force-option-to-gds-mitigation.patch.
- Refresh
  patches.suse/x86-speculation-add-gather-data-sampling-mitigation.patch.
- Refresh
  patches.suse/x86-speculation-add-kconfig-option-for-gds.patch.
- Refresh
  patches.suse/x86-srso-add-a-speculative-ras-overflow-mitigation.patch.
- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
- commit 5c87dd7

- Input: cyttsp4_core - change del_timer_sync() to
  timer_shutdown_sync() (bsc#1213971 CVE-2023-4134).
- commit 3ffe891

- powerpc/rtas: block error injection when locked down
  (bsc#1023051).
  Refresh patches.kabi/lockdown-kABI-workaround-for-lockdown_reason-changes.patch
- commit 3bd253d

- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- commit 3251f7a

- powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297
  ltc#197503).
- commit c36e5b8

- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (bsc#1213927, CVE-2023-20588).
- commit 48fc5d8

- x86/CPU/AMD: Do not leak quotient data after a division by 0 (bsc#1213927, CVE-2023-20588).
- commit 5e5738e

- old-flavors: Drop 2.6 kernels.
  2.6 based kernels are EOL, upgrading from them is no longer suported.
- commit 7bb5087

- net: vmxnet3: fix possible NULL pointer dereference in
  vmxnet3_rq_cleanup() (bsc#1214451 CVE-2023-4459).
- commit 1ac9015

- net: nfc: Fix use-after-free caused by nfc_llcp_find_local
  (bsc#1213601 CVE-2023-3863).
- nfc: llcp: simplify llcp_sock_connect() error paths (bsc#1213601
  CVE-2023-3863).
- nfc: llcp: nullify llcp_sock->dev on connect() error paths
  (bsc#1213601 CVE-2023-3863).
- commit 9d4529d

- kabi/severities: Ignore newly added SRSO mitigation functions
- commit 95ed32f

- x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
- commit 309af7f

- x86/srso: Explain the untraining sequences a bit more (git-fixes).
- commit fa09ab7

- x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
- commit 5038558

- x86/cpu: Cleanup the untrain mess (git-fixes).
- commit eda7e6d

- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- commit 6e5dea6

- xfrm: add NULL check in xfrm_update_ae_params (bsc#1213666
  CVE-2023-3772).
- commit fdc40c6

- x86/cpu: Rename original retbleed methods (git-fixes).
- commit 554babe

- x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
- commit a99796e

- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (git-fixes).
- commit 2b91cd9

- Update config files. Drop the dpt_i2o kernel module.
  For: jsc#PED-4579, CVE-2023-2007
- commit 6a43698

- fs: jfs: fix possible NULL pointer dereference in dbFree() (bsc#1214348 CVE-2023-4385).
- commit ee83171

- xfs: fix sb write verify for lazysbcount (bsc#1214275).
- commit 37c728c

- xfs: update superblock counters correctly for !lazysbcount
  (bsc#1214275).
- commit 2b6e01d

- xfs: gut error handling in xfs_trans_unreserve_and_mod_sb()
  (bsc#1214275).
- commit e55f7c6

- mkspec: Allow unsupported KMPs (bsc#1214386)
- commit 55d8b82

- pseries/iommu/ddw: Fix kdump to work in absence of
  ibm,dma-window (bsc#1214297 ltc#197503).
- commit ea499bc

- check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380).
  gcc7 on SLE 15 does not support this while later gcc does.
- commit 5b41c27

- net: vmxnet3: fix possible use-after-free bugs in
  vmxnet3_rq_alloc_rx_buf() (bsc#1214350 CVE-2023-4387).
- commit 0fa208f

- e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738).
- commit dfa3fd7

- intel/e1000:fix repeated words in comments (jsc#PED-5738).
- commit e5d93d0

- e1000: Fix typos in comments (jsc#PED-5738).
- commit 64fd6bc

- e1000: switch to napi_consume_skb() (jsc#PED-5738).
- commit 1ad8d9c

- intel: remove checker warning (jsc#PED-5738).
- commit c3ad152

- net: e1000: remove repeated words for e1000_hw.c (jsc#PED-5738).
- commit ace3bf9

- net: e1000: remove repeated word "slot" for e1000_main.c
  (jsc#PED-5738).
- commit cfd4849

- e1000: Fix fall-through warnings for Clang (jsc#PED-5738).
- commit 7817f78

- e1000: drop unneeded assignment in e1000_set_itr()
  (jsc#PED-5738).
- commit d2ba4db

- io_uring: Acquire completion_lock around io_get_deferred_req
  (bsc#1213272 CVE-2023-21400).
- commit 84db304

- kernel-binary: Common dependencies cleanup
  Common dependencies are copied to a subpackage, there is no need for
  copying defines or build dependencies there.
- commit 254b03c

- kernel-binary: Drop code for kerntypes support
  Kerntypes was a SUSE-specific feature dropped before SLE 12.
- commit 2c37773

- md/raid0: Fix performance regression for large sequential writes
  (bsc#1213916).
- md/raid0: Factor out helper for mapping and submitting a bio
  (bsc#1213916).
- commit b0544bd

- media: usb: siano: Fix warning due to null work_func_t function
  pointer (bsc#1213969 CVE-2023-4132).
- commit c44d7c3

- media: usb: siano: Fix use after free bugs caused by
  do_submit_urb (bsc#1213969 CVE-2023-4132).
- commit a27f430

- net/sched: cls_route: No longer copy tcf_result on update  to
  avoid use-after-free (bsc#1214149 CVE-2023-4128).
- net/sched: cls_fw: No longer copy tcf_result on update to
  avoid use-after-free (bsc#1214149 CVE-2023-4128).
- net/sched: cls_u32: No longer copy tcf_result on update  to
  avoid use-after-free (bsc#1214149 CVE-2023-4128).
- commit ea3bad4

- exfat: check if filename entries exceeds max filename length
  (bsc#1214120 CVE-2023-4273).
- commit d8c4244

- series.conf: resort
- commit b2ee92a

- netfilter: nf_tables: disallow rule addition to bound chain
  via NFTA_RULE_CHAIN_ID (CVE-2023-4147 bsc#1213968).
- commit 1258138

- cxgb4: fix use after free bugs caused by circular dependency
  problem (bsc#1213970 CVE-2023-4133).
- timers: Provide timer_shutdown[_sync]() (bsc#1213970).
- timers: Add shutdown mechanism to the internal functions
  (bsc#1213970).
- timers: Split [try_to_]del_timer[_sync]() to prepare for
  shutdown mode (bsc#1213970).
- timers: Silently ignore timers with a NULL function
  (bsc#1213970).
- timers: Rename del_timer() to timer_delete() (bsc#1213970).
- timers: Rename del_timer_sync() to timer_delete_sync()
  (bsc#1213970).
- timers: Use del_timer_sync() even on UP (bsc#1213970).
- timers: Update kernel-doc for various functions (bsc#1213970).
- timers: Replace BUG_ON()s (bsc#1213970).
- clocksource/drivers/sp804: Do not use timer namespace for
  timer_shutdown() function (bsc#1213970).
- clocksource/drivers/arm_arch_timer: Do not use timer namespace
  for timer_shutdown() function (bsc#1213970).
- ARM: spear: Do not use timer namespace for timer_shutdown()
  function (bsc#1213970).
- commit 6a1c404

- xen/netback: Fix buffer overrun triggered by unusual packet
  (CVE-2023-34319, XSA-432, bsc#1213546).
- commit 3617080

- x86/srso: Tie SBPB bit setting to microcode patch detection (bsc#1213287, CVE-2023-20569).
- commit 3f35ab4

- net: tun_chr_open(): set sk_uid from current_fsuid()
  (CVE-2023-4194 bsc#1214019).
- commit 25c979d

- net: tap_open(): set sk_uid from current_fsuid() (CVE-2023-4194
  bsc#1214019).
- commit b03d1d8

- x86/microcode/AMD: Make stub function static inline
  (bsc#1213868).
- Refresh patches.suse/x86-cpu-amd-add-a-zenbleed-fix.patch.
- commit f587833

- mm: Move mm_cachep initialization to mm_init() (bsc#1206418, CVE-2022-40982).
- commit 487512d

- bpf: add missing header file include (bsc#1211738
  CVE-2023-0459).
- commit 0e6ab49

- locking/rwsem: Add __always_inline annotation to
  __down_read_common() and inlined callers (bsc#1207270
  jsc#PED-4567).
- commit 9e46337

- locking/rwsem: Disable preemption in all down_write*() and
  up_write() code paths (bsc#1207270 jsc#PED-4567).
- commit e8b39d0

- locking/rwsem: Disable preemption in all down_read*() and
  up_read() code paths (bsc#1207270 jsc#PED-4567).
- commit f20a53f

- locking/rwsem: Prevent non-first waiter from spinning in
  down_write() slowpath (bsc#1207270 jsc#PED-4567).
- commit 9c40fdf

- locking/rwsem: Disable preemption while trying for rwsem lock
  (bsc#1207270 jsc#PED-4567).
- commit d6741e8

- locking/rwsem: Allow slowpath writer to ignore handoff bit if
  not set by first waiter (bsc#1207270 jsc#PED-4567).
- commit 22681e5

- locking/rwsem: Always try to wake waiters in out_nolock path
  (bsc#1207270 jsc#PED-4567).
- commit 2dd13e8

- locking/rwsem: Conditionally wake waiters in reader/writer
  slowpaths (bsc#1207270 jsc#PED-4567).
- commit c20a7d3

- locking/rwsem: No need to check for handoff bit if wait queue
  empty (bsc#1207270 jsc#PED-4567).
- commit 7d6a2e9

- locking: Add missing __sched attributes (bsc#1207270
  jsc#PED-4567).
- commit 0f7a2d1

- locking/rwsem: Optimize down_read_trylock() under highly
  contended case (bsc#1207270 jsc#PED-4567).
- commit 46658e6

- locking/rwsem: Make handoff bit handling more consistent
  (bsc#1207270 jsc#PED-4567).
- commit e47427d

- locking/rwsem: Fix comments about reader optimistic lock
  stealing conditions (bsc#1207270 jsc#PED-4567).
- commit 4a0d7cf

- locking: Remove rcu_read_{,un}lock() for preempt_{dis,en}able()
  (bsc#1207270 jsc#PED-4567).
- commit ee007db

- lockdep: Add preemption enabled/disabled assertion APIs
  (bsc#1207270 jsc#PED-4567).
- commit 1386d93

- locking/rwsem: Disable preemption for spinning region
  (bsc#1207270 jsc#PED-4567).
- commit 0fad749

- locking/rwsem: Remove an unused parameter of rwsem_wake()
  (bsc#1207270 jsc#PED-4567).
- commit b255b46

- locking/rwsem: Fix comment typo (bsc#1207270 jsc#PED-4567).
- commit 0ac673a

- locking/rwsem: Remove reader optimistic spinning (bsc#1207270
  jsc#PED-4567).
- commit 4b129c1

- locking/rwsem: Enable reader optimistic lock stealing
  (bsc#1207270 jsc#PED-4567).
- commit 7c0e82a

- locking/rwsem: Prevent potential lock starvation (bsc#1207270
  jsc#PED-4567).
- commit 00b076e

- locking/rwsem: Pass the current atomic count to
  rwsem_down_read_slowpath() (bsc#1207270 jsc#PED-4567).
- commit 1d2b5fa

- locking/rwsem: Fold __down_{read,write}*() (bsc#1207270
  jsc#PED-4567).
- commit fd0b8b5

- locking/rwsem: Introduce rwsem_write_trylock() (bsc#1207270
  jsc#PED-4567).
- commit daa9d5f

- locking/rwsem: Better collate rwsem_read_trylock() (bsc#1207270
  jsc#PED-4567).
- commit 23252c2

- rwsem: Implement down_read_interruptible (bsc#1207270
  jsc#PED-4567).
- commit 07e26fd

- rwsem: Implement down_read_killable_nested (bsc#1207270
  jsc#PED-4567).
- commit 42f4ca4

- locking/rwsem: Prepare for a rwsem backport
  The rwsem backport will enable the kernel to run on large VMs in Azure
  (M416v2, M832v2). The rwsem code is going to be updated with newest
  features one of which disables optimistic spinning for readers.
- blacklist.conf: Remove an entry that is part of the backported
  patch set.
- Delete
  patches.suse/locking-rwsem-Disable-reader-optimistic-spinning.patch.
- commit d354394

- ipv6: rpl: Fix Route of Death (CVE-2023-2156 bsc#1211131).
- commit 5601bfa

- x86/srso: Add IBPB on VMEXIT (bsc#1213287, CVE-2023-20569).
- commit f2c709c

- x86/srso: Add IBPB (bsc#1213287, CVE-2023-20569).
- commit ef6bc71

- x86/srso: Add SRSO_NO support (bsc#1213287, CVE-2023-20569).
- commit a905016

- x86/cpu, kvm: Add support for CPUID_80000021_EAX (bsc#1213287, CVE-2023-20569).
- Refresh patches.suse/x86-cpufeatures-add-kabi-padding.patch.
- commit f39cd8f

- x86/srso: Add IBPB_BRTYPE support (bsc#1213287, CVE-2023-20569).
- commit 5d6a6a0

- x86: Sanitize linker script (bsc#1213287, CVE-2023-20569).
- commit 8ff4f99

- x86/retbleed: Add __x86_return_thunk alignment checks (bsc#1213287, CVE-2023-20569).
- commit e623809

- x86/srso: Add a Speculative RAS Overflow mitigation (bsc#1213287, CVE-2023-20569).
- commit 707be59

- kernel-binary.spec.in: Remove superfluous %% in Supplements
  Fixes: 02b7735e0caf ("rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs")
- commit 264db74

- net/sched: sch_qfq: account for stab overhead in qfq_enqueue
  (CVE-2023-3611 bsc#1213585).
- net/sched: sch_qfq: refactor parsing of netlink parameters
  (bsc#1213585).
- blacklist follow-up commit 158810b261d0 ("net/sched: sch_qfq: reintroduce
  lmax bound check for MTU") as unlike the original upstream commit, our
  backport does not remove the check
- commit 609da2e

- net/sched: cls_u32: Fix reference counter leak leading to
  overflow (CVE-2023-3609 bsc#1213586).
- commit b22e9b9

- net/sched: cls_fw: Fix improper refcount update leads to
  use-after-free (CVE-2023-3776 bsc#1213588).
- commit b7fc513

- vc_screen: don't clobber return value in vcs_read (bsc#1213167
  CVE-2023-3567).
- vc_screen: modify vcs_size() handling in vcs_read() (bsc#1213167
  CVE-2023-3567).
- vc_screen: move load of struct vc_data pointer in vcs_read()
  to avoid UAF (bsc#1213167 CVE-2023-3567).
- commit da930b7

- block, bfq: Fix division by zero error on zero wsum
  (bsc#1213653).
- commit 67879a5

- x86/xen: Fix secondary processors' FPU initialization (bsc#1206418, CVE-2022-40982).
- commit 8a9c409

- x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1206418, CVE-2022-40982).
- commit d9e45bd

- x86/fpu: Mark init functions __init (bsc#1206418, CVE-2022-40982).
- commit 613212d

- x86/fpu: Remove cpuinfo argument from init functions (bsc#1206418).
- commit 82c61db

- init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418).
- commit 6fb5f8f

- init: Invoke arch_cpu_finalize_init() earlier (bsc#1206418).
- commit 8ef61c6

- init: Remove check_bugs() leftovers (bsc#1206418).
- commit a639423

- ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1206418).
- commit cbb96e9

- x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1206418).
- commit 7fa4777

- x86/mm: Initialize text poking earlier (bsc#1206418, CVE-2022-40982).
- Refresh patches.suse/init-provide-arch_cpu_finalize_init.patch.
- commit 9784a5e

- init: Provide arch_cpu_finalize_init() (bsc#1206418).
- commit f81d332

- x86/mm: fix poking_init() for Xen PV guests (bsc#1206418, CVE-2022-40982).
- commit b12d1bf

- x86/mm: Use mm_alloc() in poking_init() (bsc#1206418, CVE-2022-40982).
- commit 9a1d45f

- rpm/mkspec-dtb: add riscv64 dtb-allwinner subpackage
- commit ec82ffc

- net: tun: fix bugs for oversize packet when napi frags enabled
  (bsc#1213543 CVE-2023-3812).
- commit 5e9be17

- netfilter: nf_tables: do not ignore genmask when looking up
  chain by id (CVE-2023-31248 bsc#1213061).
- commit 414921d

- netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
  (CVE-2023-35001 bsc#1213059).
- commit b0acbe2

- uaccess: Add speculation barrier to copy_from_user()
  (bsc#1211738 CVE-2023-0459).
- commit 93eec59

- netfilter: nf_tables: incorrect error path handling with
  NFT_MSG_NEWRULE (CVE-2023-3390 CVE-2023-3117 bsc#1212846
  bsc#1213245).
- commit 176a7df

- KVM: Add GDS_NO support to KVM (bsc#1206418, CVE-2022-40982).
- commit 6550823

- x86/speculation: Add Kconfig option for GDS (bsc#1206418, CVE-2022-40982).
- commit eb94624

- x86/speculation: Add force option to GDS mitigation (bsc#1206418, CVE-2022-40982).
- commit 79691d3

- x86/speculation: Add Gather Data Sampling mitigation (bsc#1206418, CVE-2022-40982).
- commit 74a70bc

- ocfs2: fix defrag path triggering jbd2 ASSERT (bsc#1199304).
- ocfs2: fix a deadlock when commit trans (bsc#1199304).
- jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304).
- ocfs2: fix race between searching chunks and release
  journal_head from buffer_head (bsc#1199304).
- commit f86bdfe

- Refresh
  patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s-asso.patch.
- commit d8b8cf8

- x86/cpu/amd: Add a Zenbleed fix (bsc#1213286, CVE-2023-20593).
- commit c2a9155

- x86/cpu/amd: Move the errata checking functionality up (bsc#1213286, CVE-2023-20593).
- commit d7a9bc3

- rpm: Update dependency to match current kmod.
- commit d687dc3

- keys: Do not cache key in task struct if key is requested from
  kernel thread (bsc#1213354).
- commit 0121b9a

- net: mana: Add support for vlan tagging (bsc#1212301).
- commit 613e87e

- fs: hfsplus: fix UAF issue in hfsplus_put_super  (bsc#1211867, CVE-2023-2985).
- commit e01b911

- rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME
  They depend on CONFIG_TOOLCHAIN_HAS_*.
- commit 1007103

- ubi: Fix failure attaching when vid_hdr offset equals to
  (sub)page size (bsc#1210584).
- ubi: ensure that VID header offset + VID header size <= alloc,
  size (bsc#1210584).
- commit 8f5f025

- Remove more packaging cruft for SLE < 12 SP3
- commit a16781c

- Get module prefix from kmod (bsc#1212835).
- commit f6691b0

- rpm/check-for-config-changes: ignore also PAHOLE_HAS_*
  We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE.
- commit 86b52c1

- usrmerge: Adjust module path in the kernel sources (bsc#1212835).
  With the module path adjustment applied as source patch only
  ALP/Tumbleweed kernel built on SLE/Leap needs the path changed back to
  non-usrmerged.
- commit dd9a820

- ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842
  CVE-2023-3090).
- commit ddb6922

- x86/build: Avoid relocation information in final vmlinux
  (bsc#1187829).
- commit 88b515e

- Refresh
  patches.suse/cifs-fix-open-leaks-in-open_cached_dir.patch.
  s/sync_hdr/hdr/ - fix build breakage on CONFIG_CIFS_DEBUG2=y.
- commit c3cb631

- kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
- commit 95a40a6

- HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes
  bsc#1212606 CVE-2023-3358).
- commit 7077c4f

- usb: gadget: udc: renesas_usb3: Fix use after free bug
  in renesas_usb3_remove due to race condition (bsc#1212513
  CVE-2023-35828).
- commit 1f06f62

- binfmt_elf: Take the mmap lock when walking the VMA list
  (bsc#1209039 CVE-2023-1249).
- commit 3f46ff2

- bluetooth: Perform careful capability checks in hci_sock_ioctl()
  (bsc#1210533 CVE-2023-2002).
- commit cb86eb0

- relayfs: fix out-of-bounds access in relay_file_read
  (bsc#1212502 CVE-2023-3268).
- kernel/relay.c: fix read_pos error when multiple readers
  (bsc#1212502 CVE-2023-3268).
- commit 73e4027

- media: dm1105: Fix use after free bug in dm1105_remove due to
  race condition (bsc#1212501 CVE-2023-35824).
- commit 0c9d507

- media: saa7134: fix use after free bug in saa7134_finidev due
  to race condition (bsc#1212494 CVE-2023-35823).
- commit 61b38d8

- net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
  (CVE-2023-35788 bsc#1212504).
- commit 865936b

- Drop a buggy dvb-core fix patch (bsc#1205758)
  Also the kabi workaround is dropped, too
- commit 7ace3fb

- cifs: fix open leaks in open_cached_dir() (bsc#1209342).
- commit 82c30e2

- kernel-docs: Add buildrequires on python3-base when using python3
  The python3 binary is provided by python3-base.
- commit c5df526

- fbcon: Check font dimension limits (CVE-2023-3161 bsc#1212154).
- commit 6f6d21f

- Move setting %%build_html to config.sh
- commit 3f65cd5

- memstick: r592: Fix UAF bug in r592_remove due to race condition
  (CVE-2023-3141 bsc#1212129 bsc#1211449).
- commit 4d760e7

- firewire: fix potential uaf in outbound_phy_packet_callback()
  (CVE-2023-3159 bsc#1212128).
- commit 444321d

- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- commit 7ebcbd5

- Move setting %%split_optional to config.sh
- commit 4519250

- Move setting %%supported_modules_check to config.sh
- commit d9c64aa

- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- commit 799f050

- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- commit 334fb4d

- Also include kernel-docs build requirements for ALP
- commit 114d088

- Move the kernel-binary conflicts out of the spec file.
  Thie list of conflicting packages varies per release.
  To reduce merge conflicts move the list out of the spec file.
- commit 4d81125

- sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077)
- commit a8f82d0

- Avoid unsuported tar parameter on SLE12
- commit f11765a

- gve: Remove the code of clearing PBA bit (bsc#1211519).
- gve: Secure enough bytes in the first TX desc for all TCP pkts
  (bsc#1211519).
- gve: Cache link_speed value from device (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Fix error return code in gve_prefill_rx_pages()
  (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path
  (bsc#1211519).
- gve: Fix GFP flags when allocing pages (bsc#1211519).
- google/gve:fix repeated words in comments (bsc#1211519).
- gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519).
- gve: enhance no queue page list detection (bsc#1211519).
- commit 5088617

- Move obsolete KMP list into a separate file.
  The list of obsoleted KMPs varies per release, move it out of the spec
  file.
- commit 016bc55

- Trim obsolete KMP list.
  SLE11 is out of support, we do not need to handle upgrading from SLE11
  SP1.
- commit 08819bb

- Generalize kernel-doc build requirements.
- commit 23b058f

- kernel-binary: Add back kernel-default-base guarded by option
  Add configsh option for splitting off kernel-default-base, and for
  not signing the kernel on non-efi
- commit 28c22af

- net: rpl: fix rpl header size calculation (CVE-2023-2156
  bsc#1211131).
- commit 884cd15

- Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622).
- commit 6cf7013

- usrmerge: Compatibility with earlier rpm (boo#1211796)
- commit 2191d32

- Fix usrmerge error (boo#1211796)
- commit da84579

- Update References
  patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch
  (bsc#1198400 bsc#1209779 CVE-2023-1637).
- commit 23e11e7

- tcp: Fix data races around icsk->icsk_af_ops (bsc#1204405
  CVE-2022-3566).
- commit d1f836b

- Remove usrmerge compatibility symlink in buildroot (boo#1211796)
  Besides Makefile depmod.sh needs to be patched to prefix /lib/modules.
  Requires corresponding patch to kmod.
- commit b8e00c5

- Update
  patches.suse/netfilter-x_tables-use-correct-memory-barriers.patch
  (bsc#1184208 CVE-2021-29650 bsc#1211596 CVE-2020-36694).
- commit 0092ed2

- HID: asus: use spinlock to safely schedule workers (bsc#1208604
  CVE-2023-1079).
- commit df4ce9a

- HID: asus: use spinlock to protect concurrent accesses
  (bsc#1208604 CVE-2023-1079).
- commit 4b7a2e4

- ipv6: sr: fix out-of-bounds read when setting HMAC data
  (bsc#1211592).
- commit f37c1a1

- power: supply: bq24190: Fix use after free bug in bq24190_remove
  due to race condition (CVE-2023-33288 bsc#1211590).
- commit 3e2047c

- kernel-source: Remove unused macro variant_symbols
- commit 915ac72

- media: dvb_net: kABI workaround (CVE-2022-45886 bsc#1205760).
- media: dvb_frontend: kABI workaround (CVE-2022-45885
  bsc#1205758).
- commit c99685c

- media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
  (CVE-2022-45887 bsc#1205762).
- media: dvb-core: Fix use-after-free due to race condition at
  dvb_ca_en50221 (CVE-2022-45919 bsc#1205803).
- media: dvb-core: Fix use-after-free due to race at
  dvb_register_device() (CVE-2022-45884 bsc#1205756).
- media: dvb-core: Fix use-after-free due on race condition at
  dvb_net (CVE-2022-45886 bsc#1205760).
- media: dvb-core: Fix kernel WARNING for blocking operation in
  wait_event*() (CVE-2023-31084 bsc#1210783).
- media: dvb-core: Fix use-after-free on race condition at
  dvb_frontend (CVE-2022-45885 bsc#1205758).
- commit f5d1bea

- media: dvbdev: fix error logic at dvb_register_device()
  (CVE-2022-45884 bsc#1205756).
- media: dvbdev: Fix memleak in dvb_register_device
  (CVE-2022-45884 bsc#1205756).
- media: media/dvb: Use kmemdup rather than duplicating its
  implementation (CVE-2022-45884 bsc#1205756).
- commit fa580d0

- net: sched: sch_qfq: prevent slab-out-of-bounds in
  qfq_activate_agg (bsc#1210940 CVE-2023-31436).
- commit eeb865d

- i2c: xgene-slimpro: Fix out-of-bounds bug in
  xgene_slimpro_i2c_xfer() (bsc#1210715 CVE-2023-2194).
- commit e9b03ca

- netrom: Fix use-after-free caused by accept on already
  connected socket (bsc#1211186 CVE-2023-32269).
- commit e76516d

- SUNRPC: Ensure the transport backchannel association
  (bsc#1211203).
- commit db18275

- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- commit 1c1a4cd

- netfilter: nf_tables: deactivate anonymous set from preparation
  phase (CVE-2023-32233 bsc#1211043).
- commit 8d253dc

- act_mirred: use the backlog for nested calls to mirred ingress
  (CVE-2022-4269 bsc#1206024).
- net/sched: act_mirred: better wording on protection against
  excessive stack growth (CVE-2022-4269 bsc#1206024).
- net/sched: act_mirred: refactor the handle of xmit
  (CVE-2022-4269 bsc#1206024).
- commit c36d39a

- wifi: brcmfmac: slab-out-of-bounds read in
  brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380).
- commit 238a208

- Remove obsolete rpm spec constructs
  defattr does not need to be specified anymore
  buildroot does not need to be specified anymore
- commit c963185

- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate
  obsoletes correctly (boo#1172073 bsc#1191731).
  rpm only supports full length release, no provides
- commit c9b5bc4

- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
  (bsc#1206878 bsc#1211105 CVE-2023-2513).
- commit 2a8658b

- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878
  bsc#1211105 CVE-2023-2513).
- commit 880db90

- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- commit d6c8c20

- net: qcom/emac: Fix use after free bug in emac_remove due to
  race condition (bsc#1211037 CVE-2023-2483).
- commit d3abec2

- Update patches.suse/io_uring-prevent-race-on-registering-fixed-files.patch
  Fix the missing the bsc# prefix for the bug number in the References tag.
- commit 704a6c4

- timens: Forbid changing time namespace for an io_uring process
  (bsc#1208474 CVE-2023-23586).
- commit 89cf4b3

- s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk
  driver (bsc#1199636).
- commit 6a9faa3

- xfs: verify buffer contents when we skip log replay (bsc#1210498
  CVE-2023-2124).
- commit 8eed3d3

- io_uring: prevent race on registering fixed files (1210414
  CVE-2023-1872).
- commit e53cfa3

- KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS
  (bsc#1206992 CVE-2022-2196).
- commit f66a218

- keys: Fix linking a duplicate key to a keyring's assoc_array
  (bsc#1207088).
- commit 527a5be

- xirc2ps_cs: Fix use after free bug in xirc2ps_detach
  (bsc#1209871 CVE-2023-1670).
- commit cfec974

- Drivers: vmbus: Check for channel allocation before looking
  up relids (git-fixes).
- commit de13f74

- scsi: iscsi_tcp: Fix UAF during login when accessing the shost
  ipaddress (bsc#1210647 CVE-2023-2162).
- commit d0a859e

- RDMA/core: Refactor rdma_bind_addr (bsc#1210629 CVE-2023-2176)
- commit 5886145

- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (bsc#1210629 CVE-2023-2176)
- commit 8b6288f

- RDMA/cma: Do not change route.addr.src_addr outside state checks (bsc#1210629 CVE-2023-2176)
- commit c706a03

- RDMA/cma: Make the locking for automatic state transition more clear (bsc#1210629 CVE-2023-2176)
- commit 7a43827

- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
- commit f513a6e

- x86/speculation: Allow enabling STIBP with legacy IBRS
  (bsc#1210506 CVE-2023-1998).
- commit d03ef09

- cifs: fix negotiate context parsing (bsc#1210301).
- commit 5d87bbe

- power: supply: da9150: Fix use after free bug in
  da9150_charger_remove due to race condition (CVE-2023-30772
  bsc#1210329).
- commit 61aa622

- k-m-s: Drop Linux 2.6 support
- commit 22b2304

- Remove obsolete KMP obsoletes (bsc#1210469).
- commit 7f325c6

- udmabuf: add back sanity check (git-fixes bsc#1210453
  CVE-2023-2008).
- commit b2b9158

- hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove
  due to race condition (CVE-2023-1855 bsc#1210202).
- commit 4401c6f

- netlink: limit recursion depth in policy validation
  (CVE-2020-36691 bsc#1209613).
- Refresh
  patches.suse/netlink-prevent-potential-spectre-v1-gadgets.patch.
- commit 374a1af

- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
  condition (git-fixes bsc#1210337 CVE-2023-1990).
- commit 775e632

- Bluetooth: btsdio: fix use after free bug in btsdio_remove
  due to unfinished work (CVE-2023-1989 bsc#1210336).
- commit e27c00d

- Update
  patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv2-R.patch
  (bsc#1205128 CVE-2022-43945 bsc#1210124).
- Update
  patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv3-R.patch
  (bsc#1205128 CVE-2022-43945 bsc#1210124).
- Update
  patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv3-Rdir.patch
  (bsc#1205128 CVE-2022-43945 bsc#1210124).
  Fix performance problem with these patches - bsc@1210124
- commit 4dbd22d

- btrfs: fix race between quota disable and quota assign ioctls
  (CVE-2023-1611 bsc#1209687).
- commit 3fdcd22

- Fix double fget() in vhost_net_set_backend() (bsc#1210203
  CVE-2023-1838).
- commit 7e671a8

- Define kernel-vanilla as source variant
  The vanilla_only macro is overloaded. It is used for determining if
  there should be two kernel sources built as well as for the purpose of
  determmioning if vanilla kernel should be used for kernel-obs-build.
  While the former can be determined at build time the latter needs to be
  baked into the spec file template. Separate the two while also making
  the latter more generic.
  $build_dtbs is enabled on every single rt and azure branch since 15.3
  when the setting was introduced, gate on the new $obs_build_variant
  setting as well.
- commit 36ba909

- series.conf: cleanup
- update upstream references and resort:
  - patches.suse/wifi-cfg80211-avoid-nontransmitted-BSS-list-corrupti.patch
- commit 9bae747

- net/ulp: use consistent error code when blocking ULP
  (CVE-2023-0461 bsc#1208787).
- net/ulp: prevent ULP without clone op from entering the LISTEN
  status (CVE-2023-0461 bsc#1208787).
- commit 028f0fd

- rpm/constraints.in: increase the disk size for armv6/7 to 24GB
  It grows and the build fails recently on SLE15-SP4/5.
- commit 41ac816

- rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE
  This new form was added in commit e89c2e815e76 ("riscv: Handle
  zicsr/zifencei issues between clang and binutils").
- commit 234baea

- seq_buf: Fix overflow in seq_buf_putmem_hex() (bsc#1209549
  CVE-2023-28772).
- commit 5c5e4d3

- PCI: hv: Add a per-bus mutex state_lock (bsc#1209785).
- Revert "PCI: hv: Fix a timing issue which causes kdump to fail
  occasionally" (bsc#1209785).
- PCI: hv: Remove the useless hv_pcichild_state from struct
  hv_pci_dev (bsc#1209785).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can
  cause panic (bsc#1209785).
- PCI: hv: fix a race condition bug in hv_pci_query_relations()
  (bsc#1209785).
- commit 6b9e385

- kvm: initialize all of the kvm_debugregs structure before
  sending it to userspace (bsc#1209532 CVE-2023-1513).
- commit bd9c11d

- Bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052
  CVE-2023-28464).
- commit 677d920

- net: tls: fix possible race condition between
  do_tls_getsockopt_conf() and do_tls_setsockopt_conf()
  (bsc#1209366 CVE-2023-28466).
- commit 5f7c4a6

- Move ENA upstream fix to sorted section.
- commit aff6c71

- RDMA/core: Don't infoleak GRH fields (bsc#1209778 CVE-2021-3923)
- commit 50ba48b

- sched/psi: Fix use-after-free in ep_remove_wait_queue()
  (CVE-2023-52707 bsc#1225109).
- commit 25893f2

- tipc: fix NULL deref in tipc_link_xmit() (bsc#1209289
  CVE-2023-1390).
- commit b2c1533

- tun: avoid double free in tun_free_netdev (bsc#1209635
  CVE-2022-4744).
- commit c5cf205

- net/sched: tcindex: update imperfect hash filters respecting
  rcu (CVE-2023-1281 bsc#1209634).
- commit 97b3f9d

- fs/proc: task_mmu.c: don't read mapcount for migration entry
  (CVE-2023-1582, bsc#1209636).
- commit 35d5c42

- af_unix: Get user_ns from in_skb in unix_diag_get_exact()
  (bsc#1209290 CVE-2023-28327).
- commit 000517c

- netlink: prevent potential spectre v1 gadgets (bsc#1209547
  CVE-2017-5753).
- commit cec3f24

- tipc: add an extra conn_get in tipc_conn_alloc (bsc#1209288
  CVE-2023-1382).
- commit 6a58da4

- tipc: set con sock in tipc_conn_alloc (bsc#1209288
  CVE-2023-1382).
- commit 06eaf34

- Refresh
  patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch.
- commit 890554b

- media: dvb-usb: az6027: fix null-ptr-deref in  az6027_i2c_xfer()
  (bsc#1209291 CVE-2023-28328).
- commit af7b7eb

- rpm/group-source-files.pl: Fix output difference when / is in location
  While previous attempt to fix group-source-files.pl in 6d651362c38
  "rpm/group-source-files.pl: Deal with {pre,post}fixed / in location"
  breaks the infinite loop, it does not properly address the issue. Having
  prefixed and/or postfixed forward slash still result in different
  output.
  This commit changes the script to use the Perl core module File::Spec
  for proper path manipulation to give consistent output.
- commit 4161bf9

- Require suse-kernel-rpm-scriptlets at all times.
  The kernel packages call scriptlets for each stage, add the dependency
  to make it clear to libzypp that the scriptlets are required.
  There is no special dependency for posttrans, these scriptlets run when
  transactions are resolved. The plain dependency has to be used to
  support posttrans.
- commit 56c4dbe

- Replace mkinitrd dependency with dracut (bsc#1202353).
  Also update mkinitrd refrences in documentation and comments.
- commit e356c9b

- prlimit: do_prlimit needs to have a speculation check
  (bsc#1209256 CVE-2017-5753).
- commit a2ac7fb

- rpm/kernel-obs-build.spec.in: Remove SLE11 cruft
- commit 871eeb4

- rds: rds_rm_zerocopy_callback() correct order for
  list_add_tail() (CVE-2023-1078 bsc#1208601).
- rds: rds_rm_zerocopy_callback() use list_first_entry()
  (CVE-2023-1078 bsc#1208601).
- commit ec0c93c

- net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075
  bsc#1208598).
- commit d651270

- tap: tap_open(): correctly initialize socket uid (CVE-2023-1076
  bsc#1208599).
- tun: tun_chr_open(): correctly initialize socket uid
  (CVE-2023-1076 bsc#1208599).
- net: add sock_init_data_uid() (CVE-2023-1076 bsc#1208599).
- netfilter: nf_tables: fix null deref due to zeroed list head
  (CVE-2023-1095 bsc#1208777).
- commit b65b67b

- cifs: fix use-after-free caused by invalid pointer `hostname`
  (bsc#1208971).
- commit d1a37f1

- HID: bigben: use spinlock to safely schedule workers
  (CVE-2023-25012 bsc#1207560).
- HID: bigben_worker() remove unneeded check on report_field
  (CVE-2023-25012 bsc#1207560).
- HID: bigben: use spinlock to protect concurrent accesses
  (CVE-2023-25012 bsc#1207560).
- commit 3c79258

- malidp: Fix NULL vs IS_ERR() checking (bsc#1208843
  CVE-2023-23004).
- commit a8f9557

- Do not sign the vanilla kernel (bsc#1209008).
- commit cee4d89

- rpm/group-source-files.pl: Deal with {pre,post}fixed / in location
  When the source file location provided with -L is either prefixed or
  postfixed with forward slash, the script get stuck in a infinite loop
  inside calc_dirs() where $path is an empty string.
  user@localhost:/tmp> perl "$HOME/group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/
  ...
  path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig
  path = /usr/src/linux-5.14.21-150500.41/Documentation
  path = /usr/src/linux-5.14.21-150500.41
  path = /usr/src
  path = /usr
  path =
  path =
  path =
  ... # Stuck in an infinite loop
  This workarounds the issue by breaking out the loop once path is an
  empty string. For a proper fix we'd want something that
  filesystem-aware, but this workaround should be enough for the rare
  occation that this script is ran manually.
  Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html
- commit 6d65136

- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
  (CVE-2023-1118 bsc#1208837).
- phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node
  function (CVE-2023-23000 bsc#1208816).
- commit 52c897a

- scsi: qla2xxx: Add option to disable FC2 Target support
  (bsc#1198438 bsc#1206103).
- Delete
  patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch.
- commit 5959f82

- drm/virtio: Fix NULL vs IS_ERR checking in
  virtio_gpu_object_shmem_init (bsc#1208776 CVE-2023-22998).
- commit 2fd8a08

- net/mlx5: DR, Fix NULL vs IS_ERR checking in
  dr_domain_init_resources (bsc#1208845 CVE-2023-23006).
- commit 14082ec

- mm/slub: fix panic in slab_alloc_node() (bsc#1208023).
- commit b092aa9

- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).
  When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1
  which sets the variable for a simple command.
  However, the script is no longer a simple command. Export the variable
  instead.
- commit 152a069

- README.BRANCH: Update
  Relieve Ivan Ivanov of his duties as branch maintainer as I am back.
- commit 1da55f1

- usb: dwc3: dwc3-qcom: Add missing platform_device_put() in
  dwc3_qcom_acpi_register_core (bsc#1208741 CVE-2023-22995).
- commit 7a31d48

- net: mpls: fix stale pointer if allocation fails during device
  rename (bsc#1208700 CVE-2023-26545).
- commit 18d9ec7

- s390/kexec: fix ipl report address for kdump (bsc#1207575).
- commit 7a62f13

- x86/mm: Randomize per-cpu entry area (bsc#1207845
  CVE-2023-0597).
- commit 3a695c7

- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
- commit f589074

- usb: rndis_host: Secure rndis_query check against int overflow
  (CVE-2023-23559 bsc#1207051).
- commit d9a137b

- net: mana: Assign interrupts to CPUs based on NUMA nodes
  (bsc#1208153).
- Refresh
  patches.suse/net-mana-Fix-IRQ-name-add-PCI-and-queue-number.patch.
- commit 342fb4d

- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- commit 4d24191

- drm/vmwgfx: Avoid NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331 CVE-2022-38096)
- commit 1f21d95

- module: Don't wait for GOING modules (bsc#1196058, bsc#1186449,
  bsc#1204356, bsc#1204662).
- commit 77af0b0

- drm/vmwgfx: Validate the box size for the snooped cursor (bsc#1203332 CVE-2022-36280)
- commit f246cad

- Refresh
  patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd.patch (bsc#1206351).
  The former kABI fix only move the newly added member to scsi_host_template to
  the end of the struct. But that is usually allocated statically, even by 3rd
  party modules relying on kABI. Before we use the member we need to signalize
  that it is to be expected. As we only expect it to be allocated by in-tree
  modules that we can control, we can use a space in the bitfield to signalize
  that.
- commit 0e772e8

- net: mana: Fix IRQ name - add PCI and queue number
  (bsc#1207875).
- commit f2c8c19

- x86/bugs: Flush IBP in ib_prctl_set() (bsc#1207773
  CVE-2023-0045).
- commit baf6bec

- net: ena: optimize data access in fast-path code (bsc#1208137).
- commit 09cfdc0

- net: sched: fix race condition in qdisc_graft() (CVE-2023-0590
  bsc#1207795).
- net_sched: add __rcu annotation to netdev->qdisc (CVE-2023-0590
  bsc#1207795).
- commit c6f042b

- Update
  patches.suse/net-mlx5-Allocate-individual-capability.patch
  (bsc#1195175).
- Update
  patches.suse/net-mlx5-Dynamically-resize-flow-counters-query-buff.patch
  (bsc#1195175).
- Update
  patches.suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len.patch
  (bsc#1195175).
- Update
  patches.suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size.patch
  (bsc#1195175).
- Update
  patches.suse/net-mlx5-Reorganize-current-and-maximal-capabilities.patch
  (bsc#1195175).
- Update
  patches.suse/net-mlx5-Use-order-0-allocations-for-EQs.patch
  (bsc#1195175).
  Fixed bugzilla reference.
- commit e56868b

- watchdog: diag288_wdt: do not use stack buffers for hardware
  data (bsc#1207497).
- commit f31eb64

- watchdog: diag288_wdt: fix __diag288() inline assembly
  (bsc#1207497).
- commit 2f246cf

- RDMA/core: Fix ib block iterator counter overflow (bsc#1207878).
- commit 64f6682

- libbpf: Fix null-pointer dereference in find_prog_by_sec_insn()
  (bsc#1204502 CVE-2022-3606).
- commit eef9e8d

- cifs: do not include page data when checking signature
  (bsc#1200217).
- commit 89d2457

- config.conf: Drop armv7l, Leap 15.3 is EOL.
- Delete config/armv7hl/default.
- Delete config/armv7hl/lpae.
- commit 022c807

- mm: /proc/pid/smaps_rollup: fix no vma's null-deref
  (bsc#1207769).
- commit be9727c

- scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes).
- scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
- scsi: fcoe: Fix transport not deattached when fcoe_if_init()
  fails (git-fixes).
- scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
- scsi: scsi_debug: Fix possible name leak in
  sdebug_add_host_helper() (git-fixes).
- scsi: fcoe: Fix possible name leak when device_register()
  fails (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
  (git-fixes).
- scsi: hpsa: Fix error handling in hpsa_add_sas_host()
  (git-fixes).
- scsi: mpt3sas: Fix possible resource leaks in
  mpt3sas_transport_port_add() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_init_one()
  (git-fixes).
- scsi: scsi_debug: Fix a warning in resp_write_scat()
  (git-fixes).
- scsi: core: Fix a race between scsi_done() and scsi_timeout()
  (git-fixes).
- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
  (git-fixes).
- scsi: core: Restrict legal sdev_state transitions via sysfs
  (git-fixes).
- scsi: 3w-9xxx: Avoid disabling device if failing to enable it
  (git-fixes).
- scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes).
- scsi: megaraid_sas: Fix double kfree() (git-fixes).
- scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover"
  (git-fixes).
- commit 25cb1e4

- dm thin: Use last transaction's pmd->root when commit failed
  (git-fixes).
- dm thin: resume even if in FAIL mode (git-fixes).
- dm cache: set needs_check flag after aborting metadata
  (git-fixes).
- dm cache: Fix ABBA deadlock between shrink_slab and
  dm_cache_metadata_abort (git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and
  dm_pool_abort_metadata (git-fixes).
- dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm clone: Fix UAF in clone_dtr() (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option
  enabled (git-fixes).
- dm integrity: flush the journal on suspend (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module
  loading (git-fixes).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- bcache: fix set_at_max_writeback_rate() for multiple attached
  devices (git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
  (git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- md: Notify sysfs sync_completed in md_reap_sync_thread()
  (git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal
  (git-fixes).
- nbd: call genl_unregister_family() first in nbd_cleanup()
  (git-fixes).
- md: protect md_unregister_thread from reentrancy (git-fixes).
- nbd: Fix hung on disconnect request if socket is closed before
  (git-fixes).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap()
  (git-fixes).
- dm btree: add a defensive bounds check to insert_at()
  (git-fixes).
- commit 223b9c6

- nbd: Fix incorrect error handle when first_minor is illegal
  in nbd_dev_add (git-fixes).
- Refresh for the above change,
  patches.suse/0019-nbd-fix-possible-overflow-on-first_minor-in-nbd_dev_.patch.
- commit 9c00c1c

- nbd: fix max value for 'first_minor' (git-fixes).
- Refresh for the above change,
  patches.suse/0012-nbd-fix-possible-overflow-for-first_minor-in-nbd_dev.patch.
- commit dd126a5

- dm space maps: don't reset space map allocation cursor when
  committing (git-fixes).
- dm verity: fix require_signatures module_param permissions
  (git-fixes).
- dm integrity: fix flush with external metadata device
  (git-fixes).
- dm integrity: select CRYPTO_SKCIPHER (git-fixes).
- dm verity: skip verity work if I/O error when system is shutting
  down (git-fixes).
- dm table: Remove BUG_ON(in_interrupt()) (git-fixes).
- nbd: make the config put is called before the notifying the
  waiter (git-fixes).
- nbd: restore default timeout when setting it to zero
  (git-fixes).
- loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes).
- blktrace: ensure our debugfs dir exists (git-fixes).
- commit 50ca764

- rbd: work around -Wuninitialized warning (git-fixes).
- Refresh for the above change,
  patches.suse/rbd-export-some-functions-used-by-lio-rbd-backend.patch.
- commit e923159

- blacklist.conf: add git-fixes commits which won't be backported
- commit 4601d33

- blacklist.conf: removing SCSI git-fix mistakenly added
  This fix was labelled as already present in our
  code base, but it was not.
- commit bcd8cfe

- scsi: pmcraid: Fix missing resource cleanup in error case
  (git-fixes).
- scsi: ipr: Fix missing/incorrect resource cleanup in error case
  (git-fixes).
- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
- scsi: myrb: Fix up null pointer access on myrb_cleanup()
  (git-fixes).
- scsi: megaraid: Fix error check return value of
  register_chrdev() (git-fixes).
- scsi: qedi: Fix failed disconnect handling (git-fixes).
- scsi: megaraid_sas: Target with invalid LUN ID is deleted
  during scan (git-fixes).
- scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
- scsi: libfc: Fix use after free in fc_exch_abts_resp()
  (git-fixes).
- scsi: aha152x: Fix aha152x_setup() __setup handler return value
  (git-fixes).
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
- scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: myrs: Fix crash in error case (git-fixes).
- scsi: qedf: Fix refcount issue when LOGO is received during TMF
  (git-fixes).
- scsi: sr: Don't use GFP_DMA (git-fixes).
- scsi: vmw_pvscsi: Set residual data length conditionally
  (git-fixes).
- scsi: libiscsi: Fix UAF in
  iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).
- scsi: core: sysfs: Fix setting device state to SDEV_RUNNING
  (git-fixes).
- scsi: core: sysfs: Fix hang when device state is set via sysfs
  (git-fixes).
- scsi: iscsi: Unblock session then wake up error handler
  (git-fixes).
- scsi: advansys: Fix kernel pointer leak (git-fixes).
- scsi: core: Fix shost->cmd_per_lun calculation in
  scsi_add_host_with_dma() (git-fixes).
- scsi: virtio_scsi: Fix spelling mistake "Unsupport" ->
  "Unsupported" (git-fixes).
- scsi: ses: Fix unsigned comparison with less than zero
  (git-fixes).
- scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes).
- scsi: ses: Retry failed Send/Receive Diagnostic commands
  (git-fixes).
- scsi: sd: Free scsi_disk device via put_device() (git-fixes).
- scsi: core: Fix hang of freezing queue between blocking and
  running device (git-fixes).
- scsi: core: Fix capacity set to zero after offlinining device
  (git-fixes).
- scsi: sr: Return correct event when media event code is 3
  (git-fixes).
- scsi: core: Avoid printing an error if target_alloc() returns
  - ENXIO (git-fixes).
- scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
  (git-fixes).
- scsi: megaraid_mm: Fix end of loop tests for
  list_for_each_entry() (git-fixes).
- scsi: qedf: Add check to synchronize abort and flush
  (git-fixes).
- scsi: libsas: Add LUN number check in .slave_alloc callback
  (git-fixes).
- scsi: aic7xxx: Fix unintentional sign extension issue on left
  shift of u8 (git-fixes).
- scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg()
  (git-fixes).
- scsi: scsi_dh_alua: Check for negative result value (git-fixes).
- scsi: qedi: Fix null ref during abort handling (git-fixes).
- scsi: iscsi: Fix shost->max_id use (git-fixes).
- scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes).
- scsi: megaraid_sas: Handle missing interrupts while re-enabling
  IRQs (git-fixes).
- scsi: megaraid_sas: Early detection of VD deletion through
  RaidMap update (git-fixes).
- scsi: megaraid_sas: Fix resource leak in case of probe failure
  (git-fixes).
- scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes).
- scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw()
  (git-fixes).
- scsi: sr: Return appropriate error code when disk is ejected
  (git-fixes).
- scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated
  irq (git-fixes).
- scsi: vmw_pvscsi: Set correct residual data length (git-fixes).
- scsi: bnx2fc: Return failure if io_req is already in ABTS
  processing (git-fixes).
- scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
  (git-fixes).
- scsi: libfc: Fix a format specifier (git-fixes).
- scsi: mpt3sas: Block PCI config access from userspace during
  reset (git-fixes).
- scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
  (git-fixes).
- scsi: st: Fix a use after free in st_open() (git-fixes).
- scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
  (git-fixes).
- scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes).
- scsi: ufs: Fix tm request when non-fatal error happens
  (git-fixes).
- scsi: sd: Suppress spurious errors when WRITE SAME is being
  disabled (git-fixes).
- scsi: scsi_transport_spi: Set RQF_PM for domain validation
  commands (git-fixes).
- scsi: ufs-pci: Ensure UFS device is in PowerDown mode for
  suspend-to-disk ->poweroff() (git-fixes).
- scsi: ufs: Fix wrong print message in dev_err() (git-fixes).
- scsi: mpt3sas: Increase IOCInit request timeout to 30s
  (git-fixes).
- commit cf6a959

- scsi: ufs: Make sure clk scaling happens only when HBA is
  runtime ACTIVE (git-fixes).
- scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by
  ufshcd_hold() (git-fixes).
- scsi: mpt3sas: Fix timeouts observed while reenabling IRQ
  (git-fixes).
- scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes).
- scsi: core: Don't start concurrent async scan on same host
  (git-fixes).
- scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes).
- scsi: qedf: Return SUCCESS if stale rport is encountered
  (git-fixes).
- scsi: qedi: Protect active command list to avoid list corruption
  (git-fixes).
- scsi: qedi: Fix list_del corruption while removing active I/O
  (git-fixes).
- scsi: ufs: ufs-qcom: Fix race conditions caused by
  ufs_qcom_testbus_config() (git-fixes).
- commit 0335e79

- sctp: fail if no bound addresses can be used for a given scope
  (bsc#1206677).
- commit dcee4fd

- scsi: ufs: Clean up completed request without interrupt
  notification (git-fixes).
- Refresh
  patches.suse/scsi-ufs-Properly-release-resources-if-a-task-is-aborted-successfully.
- commit 0e26434

- KVM: VMX: fix crash cleanup when KVM wasn't used (bsc#1207508).
- Refresh
  patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch.
- commit 8d5e108

- scsi: ufs: Improve interrupt handling for shared interrupts
  (git-fixes).
- scsi: ufs: Fix interrupt error message for shared interrupts
  (git-fixes).
- scsi: ufs: Fix possible infinite loop in ufshcd_hold
  (git-fixes).
- scsi: iscsi: Do not put host in iscsi_set_flashnode_param()
  (git-fixes).
- scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices
  (git-fixes).
- scsi: scsi_transport_spi: Fix function pointer check
  (git-fixes).
- scsi: sr: Fix sr_probe() missing deallocate of device minor
  (git-fixes).
- scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
  (git-fixes).
- scsi: hisi_sas: Do not reset phy timer to wait for stray phy up
  (git-fixes).
- scsi: cxlflash: Fix error return code in cxlflash_probe()
  (git-fixes).
- scsi: core: free sgtables in case command setup fails
  (git-fixes).
- scsi: pm: Balance pm_only counter of request queue during
  system resume (git-fixes).
- scsi: iscsi: Report unbind session event when the target has
  been removed (git-fixes).
- scsi: iscsi: Don't destroy session if there are outstanding
  connections (git-fixes).
- scsi: ufs: Fix a race condition in the tracing code (git-fixes).
- scsi: ufs: Make ufshcd_add_command_trace() easier to read
  (git-fixes).
- scsi: aic7xxx: Adjust indentation in ahc_find_syncrate
  (git-fixes).
- scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func
  (git-fixes).
- scsi: iscsi: Don't send data to unbound connection (git-fixes).
- scsi: NCR5380: Add disconnect_mask module parameter (git-fixes).
- scsi: scsi_debug: num_tgts must be >= 0 (git-fixes).
- scsi: ufs: Fix error handing during hibern8 enter (git-fixes).
- scsi: ufs: Fix irq return code (git-fixes).
- scsi: ufs: Fix up auto hibern8 enablement (git-fixes).
- scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of
  SG_NONE (git-fixes).
- scsi: ufs: fix potential bug which ends in system hang
  (git-fixes).
- scsi: hisi_sas: Check sas_port before using it (git-fixes).
- scsi: fnic: fix use after free (git-fixes).
- scsi: ufs: delete redundant function ufshcd_def_desc_sizes()
  (git-fixes).
- scsi: hisi_sas: Delete the debugfs folder of hisi_sas when
  the probe fails (git-fixes).
- commit e77b62a

- scsi: hisi_sas: Replace in_softirq() check in
  hisi_sas_task_exec() (git-fixes).
- Refresh patches.suse/scsi-hisi_sas-Remove-preemptible.
- commit ce7bed3

- blacklist.conf: add git-fixes to be skipped
- commit cb4a471

- netfilter: nft_payload: incorrect arithmetics when fetching
  VLAN header bits (CVE-2023-0179 bsc#1207034).
- commit 9fe77eb

- HID: check empty report_list in hid_validate_values()
  (git-fixes, bsc#1206784).
- commit 028641d

- HID: check empty report_list in bigben_probe() (git-fixes,
  bsc#1206784).
- commit c479b33

- HID: betop: check shape of output reports (git-fixes,
  bsc#1207186).
- commit f6860d6

- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent
  UAF (CVE-2023-0266 bsc#1207134).
- commit 9014493

- sctp: sysctl: make extra pointers netns aware (bsc#1204760).
- commit 580597a

- net: sched: disallow noqueue for qdisc classes (bsc#1207237
  CVE-2022-47929).
- commit e015217

- blacklist.conf: 461ab10ef7e6 ("ceph: switch to vfs_inode_has_locks() to fix file lock bug")
- commit b165b65

- ceph: avoid putting the realm twice when decoding snaps fails
  (bsc#1207198).
- ceph: do not update snapshot context when there is no new
  snapshot (bsc#1207218).
- commit 2f13b5a

- ipv6: raw: Deduct extension header length in
  rawv6_push_pending_frames (bsc#1207168).
- commit ad4a091

- rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
- commit 6020754

- Update
  patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch
  (bsc#1207036 CVE-2023-23454).
- commit 88c4e72

- Update
  patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch
  (bsc#1207125 CVE-2023-23455).
- commit e595908

- SLE15-SP3 went to LTSS, hand over to L3
- commit c5e6bf0

- mm/memcg: optimize memory.numa_stat like memory.stat
  (bsc#1206663).
- commit d7619da

- drbd: destroy workqueue when drbd device was freed (git-fixes).
- drbd: use after free in drbd_create_device() (git-fixes).
- drbd: remove usage of list iterator variable after loop
  (git-fixes).
- commit ebdddc5

- powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
- powerpc/rtas: avoid device tree lookups in rtas_os_term()
  (bsc#1065729).
- commit da7ea39

- net: sched: atm: dont intepret cls results when asked to drop
  (bsc#1207036).
- commit 49dc51c

- net: sched: cbq: dont intepret cls results when asked to drop
  (bsc#1207036).
- commit 0726009

- ibmveth: Always stop tx queues during close (bsc#1065729).
- commit 8b8572d

- Refresh
  patches.suse/btrfs-avoid-unnecessary-lock-and-leaf-splits-when-up.patch.
  For bsc#1206904, see:
  https://bugzilla.suse.com/show_bug.cgi?id=1206904#c6
- commit dfcd116

- README.BRANCH: Added myself as co-maintainer
  And drop Oscars name.
- commit 0607a55

- ipv4: Handle attempt to delete multipath route when fib_info
  contains an nh reference (bsc#1204171 CVE-2022-3435).
- commit d2a1bb2

- net: ipv4: fix route with nexthop object delete warning
  (bsc#1204171 CVE-2022-3435).
- commit 51fb670

- module: avoid *goto*s in module_sig_check() (git-fixes).
- commit 95dc2c1

- module: merge repetitive strings in module_sig_check()
  (git-fixes).
- commit e890371

- module: set MODULE_STATE_GOING state when a module fails to load
  (git-fixes).
- commit bbf8a43

- modules: lockdep: Suppress suspicious RCU usage warning
  (git-fixes).
- commit a75abac

- module: Remove accidental change of module_enable_x()
  (git-fixes).
- commit c1799c7

- tracing: Verify if trace array exists before destroying it
  (git-fixes).
- commit 484ce03

- powerpc/powernv: add missing of_node_put (bsc#1065729).
- powerpc/boot: Fixup device-tree on little endian (bsc#1065729).
- powerpc/pseries: Stop calling printk in rtas_stop_self()
  (bsc#1065729).
- powerpc: Force inlining of cpu_has_feature() to avoid build
  failure (bsc#1065729).
- powerpc: improve handling of unrecoverable system reset
  (bsc#1065729).
- powerpc: sysdev: add missing iounmap() on error in
  mpic_msgr_probe() (bsc#1065729).
- powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729).
- powerpc/crashkernel: Take "mem=" option into account
  (bsc#1065729).
- powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729).
- powerpc/eeh: Only dump stack once if an MMIO loop is detected
  (bsc#1065729).
- powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV
  (bsc#1065729).
- powerpc/powernv/iov: Ensure the pdn for VFs always contains
  a valid PE number (bsc#1065729).
- commit f1282a1

- blacklist.conf: Add reverted commit
- commit 1048706

- powerpc: Ensure that swiotlb buffer is allocated from low memory
  (bsc#1156395).
- commit 6657d5f

- powerpc/powernv: Avoid re-registration of imc debugfs directory
  (bsc#1156395).
- powerpc/book3s/mm: Update Oops message to print the correct
  translation in use (bsc#1156395).
- commit 1967b85

- powerpc/pseries/cmm: Implement release() function for sysfs
  device (bsc#1065729).
- commit eef87f7

- rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs
  This makes in-tree KMPs more consistent with externally built KMPs and
  silences several rpmlint warnings.
- commit 02b7735

- mm: fix race between MADV_FREE reclaim and blkdev direct IO read
  (bsc#1204989,bsc#1205601).
- commit b1fad8e

- rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_*
  Dummy gcc pretends to support -mrecord-mcount option but actual gcc on
  ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS
  enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in
  check failure.
  As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT
  in the exception list, replace them with a general pattern. And add OBJTOOL
  as well.
- commit 887416f

- powerpc/xive/spapr: correct bitmap allocation size (fate#322438
  git-fixes).
- powerpc/xive: Add a check for memory allocation failure
  (fate#322438 git-fixes).
- commit 2423c59

- arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes)
- commit 5dff1e5

- arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes)
- commit 822d824

- blacklist.conf: ("arm64: lse: Fix LSE atomics with LLVM")
- commit 22e012e

- arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes)
- commit 82f0058

- arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes)
- commit 2d24fe0

- arm64: dts: allwinner: H5: Add PMU node (git-fixes)
- commit 5f7b503

- arm64: dts: allwinner: H6: Add PMU mode (git-fixes)
- commit 3c56f93

- arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes)
- commit 10890a5

- blacklist.conf: ("arm64: fix alternatives with LLVM's integrated assembler")
- commit a642f3b

- blacklist.conf: ("arm64: lse: fix LSE atomics with LLVM's integrated assembler")
- commit 76593cf

- blacklist.conf: ("arm64: dts: allwinner: a64: olinuxino: Fix eMMC supply regulator")
- commit 1caef50

- Refresh
  patches.suse/NFS-Handle-missing-attributes-in-OPEN-reply.patch.
  Update commit log to prevent patch and quilt from thinking it should apply the
  example hunks and fail.
- commit 78fab3f

- NFS: Handle missing attributes in OPEN reply (bsc#1203740).
- commit 75c0f21

- NFSv4.x: Fail client initialisation if state manager thread
  can't run (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname()
  (git-fixes).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()
  (git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper()
  and delegreturn (git-fixes).
- NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4.2: Fix a memory stomp in decode_attr_security_label
  (git-fixes).
- NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
  (git-fixes).
- SUNRPC: Don't leak netobj memory when gss_read_proxy_verf()
  fails (git-fixes).
- nfsd: don't call nfsd_file_put from client states seqfile
  display (git-fixes).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- NFSv4.2: Fixup CLONE dest file size for zero-length count
  (git-fixes).
- NFSv4: Retry LOCK on OLD_STATEID during delegation return
  (git-fixes).
- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
  (git-fixes).
- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- NFSv4/pNFS: Always return layout stats on layout return for
  flexfiles (git-fixes).
- NFSD: Return nfserr_serverfault if splice_ok but buf->pages
  have data (git-fixes).
- NFSD: Fix handling of oversized NFSv4 COMPOUND requests
  (git-fixes).
- NFSv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- xprtrdma: treat all calls not a bcall when bc_serv is NULL
  (git-fixes).
- NFSv4: Don't hold the layoutget locks across multiple RPC calls
  (git-fixes).
- SUNRPC: Fix socket waits for write buffer space (git-fixes).
- NFSv4: Protect the state recovery thread against direct reclaim
  (git-fixes).
- NFSv4 expose nfs_parse_server_name function (git-fixes).
- NFSv4 remove zero number of fs_locations entries error check
  (git-fixes).
- NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup()
  (git-fixes).
- NFSv4 only print the label when its queried (git-fixes).
- NFSD: Keep existing listeners on portlist error (git-fixes).
- lockd: lockd server-side shouldn't set fl_ops (git-fixes).
- rpc: fix gss_svc_init cleanup on failure (git-fixes).
- NFS: nfs_find_open_context() may only select open files
  (git-fixes).
- NFSD: fix error handling in NFSv4.0 callbacks (git-fixes).
- rpc: fix NULL dereference on kmalloc failure (git-fixes).
- fs: nfsd: fix kconfig dependency warning for NFSD_V4
  (git-fixes).
- nfs: we don't support removing system.nfs4_acl (git-fixes).
- nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes).
- SUNRPC: Handle 0 length opaque XDR object data properly
  (git-fixes).
- SUNRPC: Move simple_get_bytes and simple_get_netobj into
  private header (git-fixes).
- pNFS/NFSv4: Try to return invalid layout in
  pnfs_layout_process() (git-fixes).
- NFSv4: Fix a pNFS layout related use-after-free race when
  freeing the inode (git-fixes).
- NFS4: Fix oops when copy_file_range is attempted with NFS4.0
  source (git-fixes).
- SUNRPC: Mitigate cond_resched() in xprt_transmit() (git-fixes).
- SUNRPC: stop printk reading past end of string (git-fixes).
- NFS: Zero-stateid SETATTR should first return delegation
  (git-fixes).
- NFSv4.1 handle ERR_DELAY error reclaiming locking state on
  delegation recall (git-fixes).
- svcrdma: Fix another Receive buffer leak (git-fixes).
- NFS: nfs_xdr_status should record the procedure name
  (git-fixes).
- net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes).
- nfsd: safer handling of corrupted c_type (git-fixes).
- nfsd: Fix svc_xprt refcnt leak when setup callback client failed
  (git-fixes).
- sunrpc: check that domain table is empty at module unload
  (git-fixes).
- svcrdma: Fix backchannel return code (git-fixes).
- SUNRPC: Don't start a timer on an already queued rpc task
  (git-fixes).
- NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
  (git-fixes).
- NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context
  fails (git-fixes).
- NFSv4.2: error out when relink swapfile (git-fixes).
- NFSv4: Fix races between open and dentry revalidation
  (git-fixes).
- sunrpc: Fix potential leaks in sunrpc_cache_unhash()
  (git-fixes).
- nfsd: Clone should commit src file metadata too (git-fixes).
- NFS: Fix memory leaks (git-fixes).
- commit 5b3ba89

- memcg, kmem: further deprecate kmem.limit_in_bytes
  (bsc#1206896).
- commit c8d19aa

- blacklist.conf: blacklist 6fcbcec9cfc7
- commit de669f1

- arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes)
- commit b310aa7

- blacklist.conf: ("arm64: dts: ls1028a: fix typo in TMU calibration data")
- commit 716a28c

- blacklist.conf: ("arm64: Validate tagged addresses in access_ok() called from kernel")
- commit 9dd7e12

- blacklist.conf: ("arm64: insn: consistently handle exit text")
- commit f816334

- blacklist.conf: blacklist 5c099c4fd
- commit 5b0fa49

- blacklist.conf: blacklist c3497fd009ef
- commit 359f3b8

- blacklist.conf: blacklist c915fb80eaa
- commit 02b35f9

- ext4: avoid BUG_ON when creating xattrs (bsc#1205496).
- commit b1bfe2a

- ext4: fix uninititialized value in 'ext4_evict_inode'
  (bsc#1206893).
- commit ff976a4

- ext4: fix corruption when online resizing a 1K bigalloc fs
  (bsc#1206891).
- commit 140cef5

- ext4: fix undefined behavior in bit shift for
  ext4_check_flag_values (bsc#1206890).
- commit 0696f69

- ext4: silence the warning when evicting inode with
  dioread_nolock (bsc#1206889).
- commit 8d66379

- ext4: fix use-after-free in ext4_ext_shift_extents
  (bsc#1206888).
- commit 027bd53

- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- commit 5134642

- ext4: fix BUG_ON() when directory entry has invalid rec_len
  (bsc#1206886).
- commit 7d14bba

- Update tags in
  patches.suse/ext4-Fix-check-for-block-being-out-of-directory-size.patch.
- commit b651ac6

- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- commit f8a1109

- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- commit 100f2b7

- ext4: avoid crash when inline data creation follows DIO write
  (bsc#1206883).
- commit 05e8ed4

- ext4: continue to expand file system when the target size
  doesn't reach (bsc#1206882).
- commit 1b01bae

- ext4: fix bug in extents parsing when eh_entries == 0 and
  eh_depth > 0 (bsc#1206881).
- commit f1f3d4f

- blacklist.conf: blacklist 613c5a85898d
- commit 48dfb5e

- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- commit f96243f

- blacklist.conf: blacklist b24e77ef1c6d
- commit 7ecc9d3

- ext4: correct the misjudgment in ext4_iget_extra_inode
  (bsc#1206878).
- commit b931654

- ext4: correct max_inline_xattr_value_size computing
  (bsc#1206878).
- commit fde0a78

- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- commit a4c76a4

- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
  (bsc#1206878).
- commit ecac58a

- ext4: fix extent status tree race in writeback error recovery
  path (bsc#1206877).
- commit 35c3734

- ext4: update s_overhead_clusters in the superblock during an
  on-line resize (bsc#1206876).
- commit 4ca9666

- ext4: correct the error path of ext4_write_inline_data_end()
  (bsc#1206875).
- commit 9ad9468

- blacklist.conf: blacklist 5dccdc5a1916
- commit 8417a93

- blacklist.conf: blacklist efc61345274d
- commit 8078536

- blacklist.conf: blacklist 5a3b590d4b2d
- commit 5590cb0

- ext4: Detect already used quota file early (bsc#1206873).
- commit 0136eeb

- blacklist.conf: Blacklist 0f5bde1db174
- commit 66ece1b

- blacklist.conf: blacklist f25391ebb475
- commit b3ab927

- ext4: avoid race conditions when remounting with options that
  change dax (bsc#1206860).
  Refresh patches.suse/ext4-dont-warn-when-enabling-DAX.patch
- commit 89b7d84

- blacklist.conf: Add ppc ddw fix only applicable to 5.15
- commit ce185e4

- ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859).
- commit c933ca2

- blacklist.conf: blacklist a17a9d935dc4
- commit 267ec30

- ext4: use matching invalidatepage in ext4_writepage
  (bsc#1206858).
- commit 9adbb3f

- ext4: mark block bitmap corrupted when found instead of BUGON
  (bsc#1206857).
- commit 0b7c7d5

- ext4: fix a data race at inode->i_disksize (bsc#1206855).
- commit 6032d35

- ext4: choose hardlimit when softlimit is larger than hardlimit
  in ext4_statfs_project() (bsc#1206854).
- commit 1fdf2d9

- blacklist.conf: blacklist 4068664e3cd2
- commit 3a30037

- blacklist.conf: Add active memory.high throttling fixups
- d397a45fc741 mm, memcg: fix corruption on 64-bit divisor in memory.high throttling
- e26733e0d0ec mm, memcg: throttle allocators based on ancestral memory.high
- 9b8b17541f13 mm, memcg: do not high throttle allocators based on wraparound
- commit 0508c0b

- sched/psi: Fix sampling error and rare div0 crashes with
  cgroups and high uptime (bsc#1206841).
- commit d518fcd

- scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445).
- scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445).
- scsi: lpfc: Fix crash involving race between FLOGI timeout
  and devloss handler (jsc#PED-1445).
- scsi: lpfc: Fix MI capability display in cmf_info sysfs
  attribute (jsc#PED-1445).
- scsi: lpfc: Correct bandwidth logging during receipt of
  congestion sync WCQE (jsc#PED-1445).
- scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445).
- scsi: lpfc: Use memset_startat() helper (jsc#PED-1445).
- scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445).
- string.h: Introduce memset_startat() for wiping trailing
  members and padding (jsc#PED-1445).
- commit 76decfc

- scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
- scsi: qla2xxx: Initialize vha->unknown_atio_[list, work]
  for NPIV hosts (jsc#PED-568).
- scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization
  (jsc#PED-568).
- scsi: qla2xxx: Remove unused variable 'found_devs'
  (jsc#PED-568).
- scsi: qla2xxx: Fix set-but-not-used variable warnings
  (jsc#PED-568).
- commit b04c714

- blacklist.conf: pSeries and powernv get dt from firmware
- commit 47ec098

- powerpc/pseries/eeh: use correct API for error log size
  (bsc#1065729).
- powerpc/perf: callchain validate kernel stack pointer bounds
  (bsc#1065729).
- powerpc/xive: add missing iounmap() in error path in
  xive_spapr_populate_irq_data() (fate#322438 git-fixes).
- powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
- powerpc/64: Init jump labels before parse_early_param()
  (bsc#1065729).
- commit 3405c6d

- powerpc/pseries: unregister VPA when hot unplugging a CPU
  (bsc#1205695 ltc#200603).
- commit 3d8dab2

- Fix kABI breakage in usb.h: struct usb_device:
  hide new member (bsc#1206664 CVE-2022-4662).
- commit a53ec27

- USB: core: Prevent nested device-reset calls (bsc#1206664
  CVE-2022-4662).
- commit 2d03a85

- drm: mali-dp: potential dereference of null pointer
  (CVE-2022-3115 bsc#1206393).
- commit 9246c67

- wifi: wilc1000: validate pairwise and authentication suite
  offsets (CVE-2022-47520 bsc#1206515).
- commit 10a48d9

- kabi/severities: ignore kABI change for meson driver fix (CVE-2022-3112 bsc#1206399)
- commit cecc04a

- media: meson: vdec: potential dereference of null pointer
  (CVE-2022-3112 bsc#1206399).
- commit 32c7d25

- Bluetooth: L2CAP: Fix use-after-free caused by
  l2cap_reassemble_sdu (CVE-2022-3564 bsc#1206073).
- commit 5495793

- Update patch reference for BT fix (CVE-2022-3564 bsc#1206073)
- commit a5136f0

- udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
  (bsc#1206649).
- commit 81eb278

- udf_get_extendedattr() had no boundary checks (bsc#1206648).
- commit 2ff0ceb

- udf: Fix iocharset=utf8 mount option (bsc#1206647).
- commit 6d30f6e

- udf: Fix NULL pointer dereference in udf_symlink function
  (bsc#1206646).
- commit aa42b50

- udf: fix silent AED tagLocation corruption (bsc#1206645).
- commit a3bf788

- udf: fix the problem that the disc content is not displayed
  (bsc#1206644).
- commit baed6fa

- udf: Limit sparing table size (bsc#1206643).
- commit 10a39e1

- udf: Avoid accessing uninitialized data on failed inode read
  (bsc#1206642).
- commit 8c98e30

- udf: Fix free space reporting for metadata and virtual
  partitions (bsc#1206641).
- commit 0743d18

- quota: Check next/prev free block number after reading from
  quota file (bsc#1206640).
- commit f8fb63e

- blacklist.conf: Blacklist dd5532a4994b
- commit 836bdfa

- blacklist.conf: Blacklist dfc2d2594e4a
- commit dd5297d

- blacklist.conf: Blacklist f4c2d372b89a
- commit fc7d11b

- ext4: iomap that extends beyond EOF should be marked dirty
  (bsc#1206637).
- commit e1b2dad

- blacklist.conf: Blacklist 02f03c4206c1
- commit bb8f69f

- isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636).
- commit 9374be1

- mm/filemap.c: clear page error before actual read (bsc#1206635).
- commit 5e80ff2

- lib/notifier-error-inject: fix error when writing -errno to
  debugfs file (bsc#1206634).
- commit dea9978

- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
  (bsc#1206634).
- commit 2504e98

- blacklist.conf: Blacklist 9066e151c379
- commit 966d217

- sbitmap: fix lockup while swapping (bsc#1206602).
- commit 008171d

- struct usbnet: move new members to end (git-fixes).
- commit f647bb2

- net: usb: cdc_ncm: don't spew notifications (git-fixes).
- Refresh
  patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch.
- commit 6bb9cb6

- blacklist.conf: ("arm64: dts: armada-3720-turris-mox: add firmware node")
- commit 77ea716

- arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes)
- commit 954a96f

- blacklist.conf: ("crypto: arm64/aes-neonbs - add return value of skcipher_walk_done()")
- commit 8dcdb26

- arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes)
- commit c3c7089

- arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes).
- commit ae4388c

- net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
- commit 47e48bc

- rtc: pcf85063: Fix reading alarm (git-fixes).
- commit 3b1fc33

- efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes).
- commit 1dc7c8f
krb5
- Fix vulnerabilities in GSS message token handling, add patch
  0013-Fix-vulnerabilities-in-GSS-message-token-handling.patch
  * CVE-2024-37370, bsc#1227186
  * CVE-2024-37371, bsc#1227187

- Fix memory leaks, add patch 0012-Fix-two-unlikely-memory-leaks.patch
  * CVE-2024-26458, bsc#1220770
  * CVE-2024-26461, bsc#1220771

- Ensure array count consistency in kadm5 RPC; (bsc#1214054);
  (CVE-2023-36054);
- Added patches:
  * 0011-Ensure-array-count-consistency-in-kadm5-RPC.patch

- Fix integer overflows in PAC parsing; (CVE-2022-42898);
  (bso#15203), (bsc#1205126).
- Added patches:
  * 0010-Fix-integer-overflows-in-PAC-parsing.patch
less
- Fix CVE-2024-32487, mishandling of \n character in paths when
  LESSOPEN is set leads to OS command execution
  (CVE-2024-32487, bsc#1222849)
  * CVE-2024-32487.patch

- Fix CVE-2022-48624, LESSCLOSE handling in less does not quote shell
  metacharacters, bsc#1219901
  * CVE-2022-48624.patch
libX11
- U_0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch
  U_0002-CVE-2023-43786-stack-exhaustion-from-infinite-recurs.patch
  U_0003-XPutImage-clip-images-to-maximum-height-width-allowe.patch
  U_0004-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch
  U_0005-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch
  * CVE-2023-43785 libX11: out-of-bounds memory access in
    _XkbReadKeySyms() (boo#1215683)
  * CVE-2023-43786 libX11: stack exhaustion from infinite recursion
  in PutSubImage() (boo#1215684)
  * CVE-2023-43787 libX11: integer overflow in XCreateImage()
    leading to a heap overflow (boo#1215685)

- U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch
  * Buffer overflows in InitExt.c (boo#1212102, CVE-2023-3138)

- U_Don-t-try-to-destroy-NULL-condition-variables.patch
  * fixes regression introduced with security update for
    CVE-2022-3555 (bsc#1204425, bsc#1208881)

- U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
  * security update for CVE-2022-3554 (bsc#1204422)
- U_Fix-two-memory-leaks-in-_XFreeX11XCBStructure.patch
  * security update for CVE-2022-3555 (bsc#1204425)
avahi
- Add avahi-CVE-2023-38472.patch: Fix reachable assertion in
  avahi_rdata_parse (bsc#1216853, CVE-2023-38472).

- Add avahi-CVE-2023-38471.patch: Extract host name using
  avahi_unescape_label (bsc#1216594, CVE-2023-38471).
- Add avahi-CVE-2023-38469.patch: Reject overly long TXT resource
  records (bsc#1216598, CVE-2023-38469).

- Add avahi-CVE-2023-38470.patch: Ensure each label is at least one
  byte long (bsc#1215947, CVE-2023-38470).

- Add avahi-CVE-2023-38473.patch: derive alternative host name from
  its unescaped version (bsc#1216419 CVE-2023-38473).

- Add avahi-CVE-2023-1981.patch: emit error if requested service
  is not found (boo#1210328 CVE-2023-1981).

- Add avahi-bsc1163683.patch: do not cache responses generated
  locally (bsc#1163683).
util-linux
- fix Xen virtualization type misidentification bsc#1215918
  lscpu-fix-parameter-order-for-ul_prefix_fopen.patch

- Properly neutralize escape sequences in wall
  (util-linux-CVE-2024-28085.patch, bsc#1221831, CVE-2024-28085,
  and its prerequisites: util-linux-fputs_careful1.patch,
  util-linux-wall-migrate-to-memstream.patch
  util-linux-fputs_careful2.patch).

- Add upstream patch
  util-linux-libuuid-avoid-truncate-clocks.txt-to-improve-perform.patch
  bsc#1207987 gh#util-linux/util-linux@1d98827edde4

- Add upstream patch fix-lib-internal-cache-size.patch
  bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9

- Fix tests not passing when '@' character is in build path:
  Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
- Add util-linux-fix-tests-when-at-symbol-in-path.patch

- libuuid continuous clock handling for time based UUIDs:
  Prevent use of the new libuuid ABI by uuidd %post before update
  of libuuid1 (bsc#1205646).
- util-linux-uuidd-prevent-root-owning.patch: Use chown --quiet
  to prevent error message if /var/lib/libuuid/clock.txt does not
  exist.

- Fix file conflict during upgrade (boo#1204211).

- libuuid improvements (bsc#1201959, PED-1150):
  * libuuid: Fix range when parsing UUIDs
    (util-linux-libuuid-uuid_parse-overrun.patch).
  * Improve cache handling for short running applications-increment
    the cache size over runtime
    (util-linux-libuuid-improve-cache-handling.patch).
  * Implement continuous clock handling for time based UUIDs
    (util-linux-libuuid-continuous-clock-handling.patch).
  * Check clock value from clock file to provide seamless libuuid
    update (util-linux-libuuid-check-clock-value.patch).
libcap
- Fixed integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup()
  (bsc#1211419 / CVE-2023-2603) CVE-2023-2603.patch
c-ares
- CVE-2024-25629.patch: fix out of bounds read in ares__read_line()
  (bsc#1220279, CVE-2024-25629)

- Update to version 1.19.1
  Security:
  * CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
    (bsc#1211604)
  * CVE-2023-31147 Moderate. Insufficient randomness in generation
    of DNS query IDs (bsc#1211605)
  * CVE-2023-31130. Moderate. Buffer Underwrite in
    ares_inet_net_pton() (bsc#1211606)
  * CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE
    during cross compilation (bsc#1211607)
  Bug fixes:
  * Fix uninitialized memory warning in test
  * ares_getaddrinfo() should allow a port of 0
  * Fix memory leak in ares_send() on error
  * Fix comment style in ares_data.h
  * Fix typo in ares_init_options.3
  * Sync ax_pthread.m4 with upstream
  * Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support

- Update to version 1.19.0
  Security:
  * Low. Stack overflow in ares_set_sortlist() which is used
    during c-ares initialization and typically provided by an
    administrator and not an end user.
    (bsc#1208067, CVE-2022-4904)
  Changes:
  * Add ARES_OPT_HOSTS_FILE similar to ARES_OPT_RESOLVCONF for
    specifying a custom hosts file location.
  Bug fixes:
  * Fix memory leak in reading /etc/hosts when using localhost
    fallback.
  * Fix chain building c-ares when libresolv is already included by
    another project.
  * File lookup should not immediately abort as there may be other
    tries due to search criteria.
  * Asterisks should be allowed in host validation as CNAMEs may
    reference wildcard domains.
  * AutoTools build system referenced bad STDC_HEADERS macro.
  * Even if one address class returns a failure for
    ares_getaddrinfo() we should still return the results we have.
  * Fix ares_getaddrinfo() numerical address resolution with
    AF_UNSPEC
  * Fix tools and help information.
  * Various documentation fixes and cleanups.
  * Add include guards to ares_data.h
  * c-ares could try to exceed maximum number of iovec entries
    supported by system.
  * The RFC6761 6.3 states localhost subdomains must be offline too

- update to 1.18.1. Changes since 1.17.2:
  * Allow '/' as a valid character for a returned name for
    CNAME in-addr.arpa delegation
  * no longer forwards requests for localhost resolution per RFC6761
  * During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so
    that the search process will continue to the next domain
    in the search.
  * Provide ares_nameser.h as a public interface as needed by NodeJS
  * Add support for URI(Uniform Resource Identifier) records via
    ares_parse_uri_reply()
- disable unit tests for SLE12 since GCC compiler too old to build
  unit tests
- 5c995d5.patch: upstreamed
- disable-live-tests.patch: refreshed

- new upstream website
- drop multibuild - tests do not require static library anymore
- spec file cleanup
- drop sources that were re-added to upstream distibution
  (c-ares-config.cmake.in ares_dns.h libcares.pc.cmake)
libxcrypt
- fix variable name for datamember in 'struct crypt_data' [bsc#1215496]
- added patches
  fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2
  + libxcrypt-man-fix-variable-name.patch
cryptsetup
- luksFormat: Handle system with low memory and no swap space [bsc#1211079]
  * Check for physical memory available also in PBKDF benchmark.
  * Try to avoid OOM killer on low-memory systems without swap.
  * Use only half of detected free memory on systems without swap.
  * Add patches:
  - cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
  - cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
  - cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
libeconf
- Additional info for version 0.5.2:
  * Fixed a stack-buffer-overflow vulnerability in "econf_writeFile"
    function. (CVE-2023-30078, CVE-2023-32181, bsc#1211078)
  * Fixed a stack-buffer-overflow vulnerability in "read_file"
    function. (CVE-2023-30079, CVE-2023-22652, bsc#1211078)

- Update to version 0.5.2:
  * Fixed build for aarch64 and gcc13.
  * Making the output verbose when a test fails.
  * Fixed a stack-buffer-overflow vulnerability in "econf_writeFile"
    function.
  * Fixed a stack-buffer-overflow vulnerability in "read_file"
    function.
  * Added new feature: econf_set_conf_dirs (const char **dir_postfix_list)
    Sets a list of directory structures (with order) which describes
    the directories in which the files have to be parsed.
    E.G. with the given list: {"/conf.d/", ".d/", "/", NULL} files in following
    directories will be parsed:
    "<default_dirs>/<project_name>.<suffix>.d/"
    "<default_dirs>/<project_name>/conf.d/"
    "<default_dirs>/<project_name>.d/"
    "<default_dirs>/<project_name>/"
    The entry "<default_dirs>/<project_name>.<suffix>.d/" will be added
    automatically.
  * General code cleanup.

- Update to version 0.5.1:
  * Reading files in /usr/_vendor_/_example_._suffix_.d/* regardless
    there is a /etc/_example_._suffix_ file. (#175)

- Update to version 0.5.0:
  * API calls econf_read*WithCallback supporting a general (void *)
    argument for user defined data with which the callback function is
    called.
  * Tagged following functions deprecated:
    econf_requireOwner, econf_requireGroup, econf_requirePermissions,
    econf_followSymlinks, econf_reset_security_settings
    Use one of the econf_read*WithCallback functions instead.

- Update to version 0.4.9:
  * libeconf.h: added missing sys/types.h header (#171)
  * new API calls: econf_readFileWithCallback,
    econf_readDirsWithCallback, econf_readDirsHistoryWithCallback (#172)
  * Checking NULL comment parameter in the parsing functions.

- Update to version 0.4.8+git20221114.7ff7704:
  * Parsing files which are containing keys only (#170)
    All delimiters are allowed now : "", " =", " ", "=". But the
    user should use "" in order to be distinct.
  * /usr/etc/shells.d/<file_name> will not be parsed if
    /etc/shells.d/<file_name> is defined too.
  * Lto build fixed (#168)
  * New calls: econf_comment_tag, econf_delimiter_tag, econf_set_comment_tag,
    econf_set_delimiter_tag
  * Checking UID,GroupID, permissions,... of the parsed files (#165)
    New calls: econf_requireOwner, econf_requireGroup, econf_requirePermissions,
    econf_followSymlinks
  * Ignoring Group without brackets; Do not hold brackets in the internal data structure. (#164)
  * Error handling improved for nums and booleans (#163)

- Update to version 0.4.6+git20220427.3016f4e:
  * econftool:
  * * Parsing error: Reporting file and line nr.
  * * --delimeters=spaces Taking all kind of spaces for delimiter
  * libeconf:
    Fixed bsc#1198165: Parsing files correctly which have space characters
    AND none space characters as delimiters.

- Update to version 0.4.5+git20220406.c9658f2:
  * econftool:
  * * New call "syntax" for checking the configuration files only.
    Returns an error string with line number if an error occurs.
  * * New options "--comment" and "--delimeters"
  * * Parsing one file only if needed.
libfastjson
- fix CVE-2020-12762 integer overflow and out-of-bounds write via a
  large JSON file (bsc#1171479)
  add 0001-Fix-CVE-2020-12762.patch
freetype2
- Added patch:
  * CVE-2023-2004.patch
    + fixes bsc#1210419, CVE-2023-2004: Integer overflow
gnutls
- Security fix: [bsc#1218865, CVE-2024-0553]
  * Incomplete fix for CVE-2023-5981.
  * The response times to malformed ciphertexts in RSA-PSK
    ClientKeyExchange differ from response times of ciphertexts
    with correct PKCS#1 v1.5 padding.
  * Add gnutls-CVE-2024-0553.patch

- Security fix: [bsc#1217277, CVE-2023-5981]
  * Fix timing side-channel inside RSA-PSK key exchange.
  * auth/rsa_psk: side-step potential side-channel
  * Add curl-CVE-2023-5981.patch

- Security Fix: [bsc#1208143, CVE-2023-0361]
  * Bleichenbacher oracle in TLS RSA key exchange
  * Add gnutls-CVE-2023-0361.patch

- Validate input when calling fmemopen() [bsc#1204511]
  * Add gnutls-check-system_priority_buf-input.patch
libjansson
- Update to 2.14 (boo#1201817):
  * New Features:
    + Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the
    corresponding `nocheck` functions.
    + Add jansson_version_str() and jansson_version_cmp() for runtime
    version checking
    + Add json_object_update_new(), json_object_update_existing_new()
    and json_object_update_missing_new() functions
    + Add json_object_update_recursive()
    + Add `json_pack()` format specifiers s*, o* and O* for values
    that can be omitted if null (#339).
    + Add `json_error_code()` to retrieve numeric error codes
    (#365, #380, #381).
    + Enable thread safety for `json_dump()` on all systems.
    Enable thread safe `json_decref()` and `json_incref()` for
    modern compilers (#389).
    + Add `json_sprintf()` and `json_vsprintf()` (#393).
  * Fixes:
    + Handle `sprintf` corner cases.
    + Add infinite loop check in json_deep_copy()
    + Enhance JANSSON_ATTRS macro to support earlier C standard(C89)
    + Update version detection for sphinx-build
    + Fix error message in `json_pack()` for NULL object (#409).
    + Avoid invalid memory read in `json_pack()` (#421).
    + Call va_end after va_copy in `json_vsprintf()` (#427).
    + Improve handling of formats with '?' and '*' in `json_pack()`
    (#438).
    + Remove inappropriate `jsonp_free()` which caused
    segmentation fault in error handling (#444).
    + Fix incorrect report of success from `json_dump_file()` when
    an error is returned by `fclose()` (#359).
    + Make json_equal() const-correct (#344).
    + Fix incomplete stealing of references by `json_pack()` (#374)
- Use GitHub as source URLs: Release hasn't been uploaded to digip.org.
- Add check section.
libksba
- Security fix: [bsc#1206579, CVE-2022-47629]
  * Integer overflow in the CRL signature parser.
  * Add libksba-CVE-2022-47629.patch
openldap2
- bsc#1212260 - crash in libldap when non-ldap data responds
  * 0245-ITS-9803-Drop-connection-when-receiving-non-LDAP-dat.patch

- bsc#1211795 - CVE-2023-2953 - Null pointer deref in ber_memalloc_x
  * 0244-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch
ldb
- Remove no longer needed ldb-memory-bug-15096-4.15-ldbonly.patch
- Add cve-2023-0614.patch: Address CVE-2023-0614
- CVE-2023-0614: samba: Access controlled AD LDAP attributes can be
  discovered; (bsc#1209485); (bso#15270);
- Update to version 2.4.4
  + CVE-2022-32746 ldb: db: Use-after-free occurring in
    database audit logging module; (bso#15009); (bsc#1201490).
liblognorm
- Upgrade to liblognorm v2.0.6 (jsc#PED-4883)
  * 2018-11-02: nitfixes: issues deteced by CodeFactor.com
  * 2018-11-01: more cleanup of shell scripting
  * 2018-10-31: cleanup shell scripting
  * 2018-10-26: implement Checkpoint LEA transfer format
  * 2018-10-31: fix mising shebangs in test scripts
  * 2018-10-30: fix some bash style nits
  * 2018-07-15: fix very theoretic misadressing (gcc-8 warning)
  * 2018-06-26: string parser: add "lazy" matching mode
  * 2018-05-30: Update lognormalizer.c
  * 2018-05-30: Update lognormalizer.c to support case fallthrough
  * 2018-05-30: Update README
  * 2018-05-10: Fix for #229 (cisco-interface-spec at end of line)
  * 2018-03-21: Suppress invalid param error for name to fix #270
- Upgrade to liblognorm v2.0.5
  * 2018-04-25: fix potential NULL pointer addressing
  * 2018-04-07: Add test for nested user types
  * 2018-04-07: Fix use after free with nested user types (#235)
  * 2018-04-25: build system: fix gcc warning
  * 2018-04-25: make "make check" "succeed" on solaris 10
  * 2018-04-16: fix build warnings with some newer compilers
  * 2018-04-16: remove dead code
  * 2018-04-16: fix potential memory leaks during config processing
  * 2018-04-16: fix memory leak during config processing
  * 2018-04-16: csv encoder: fix format error when processing arrays
  * 2018-03-29: Explicitly list supported whitespace characters
  * 2018-03-28: "fix" return type of unused dummy function
  - replaces liblognorm-2.0.4-no-return-in-nonvoid-function.patch
  * 2018-03-21: Suppress invalid param error for name to fix #270
  * 2018-03-19: fix header guard
  * 2018-03-06: Correct CLI options in the docs
  * 2018-01-13: AIX port : added compatibility and modified lognormalizer for AIX.
  * 2017-11-29: codestyle: correct line length to 120
  * 2017-11-29: codestyle: set max line length to 120
  * 2017-11-25: fix some very bad line length violations
  * 2017-11-25: travis: temporarily permit longer line length
  * 2017-10-19: make build with gcc7
  * 2017-10-05: es_str2cstr leak in string-to v1 parse
ncurses
- Add patch ncurses-6.1-bsc1220061.patch (bsc#1220061, CVE-2023-45918)
  * Backport from ncurses-6.4-20230615.patch
    improve checks in convert_string() for corrupt terminfo entry

- Add patch bsc1218014-cve-2023-50495.patch
  * Fix CVE-2023-50495: segmentation fault via _nc_wrap_entry()
    (bsc#1218014)

- Add patch boo1201384.patch
  * Do not fully reset serial lines

- Modify patch ncurses-6.1.dif
  * Secure writing terminfo entries by setfs[gu]id in s[gu]id
    (boo#1210434, CVE-2023-29491)
  * Reading is done since 2000/01/17
nghttp2
- security update
- added patches
  fix CVE-2024-28182 [bsc#1221399], HTTP/2 CONTINUATION frames can be utilized for DoS attacks
  + nghttp2-CVE-2024-28182-1.patch
  fix CVE-2024-28182-2 [bsc#1221399], HTTP/2 CONTINUATION frames can be utilized for DoS attacks
  + nghttp2-CVE-2024-28182-2.patch

- security update
- added patches
  fix CVE-2023-44487 [bsc#1216123], HTTP/2 Rapid Reset Attack
  + nghttp2-CVE-2023-44487.patch

- Fixes memory leak that happens when PUSH_PROMISE or HEADERS frame cannot be
  sent, and nghttp2_on_stream_close_callback fails with a fatal error.
  [CVE-2023-35945 bsc#1215713]
  + nghttp2-CVE-2023-35945.patch
openssl-1_1
- Apply "openssl-CVE-2024-4741.patch" to fix a use-after-free
  security vulnerability. Calling the function SSL_free_buffers()
  potentially caused memory to be accessed that was previously
  freed in some situations and a malicious attacker could attempt
  to engineer a stituation where this occurs to facilitate a
  denial-of-service attack. [CVE-2024-4741, bsc#1225551]

- Security fix: [bsc#1222548, CVE-2024-2511]
  * Fix unconstrained session cache growth in TLSv1.3
  * Add openssl-CVE-2024-2511.patch

- Security fix: [bsc#1219243, CVE-2024-0727]
  * Add NULL checks where ContentInfo data can be NULL
  * Add openssl-CVE-2024-0727.patch

- Security fix: [bsc#1216922, CVE-2023-5678]
  * Fix excessive time spent in DH check / generation with large Q
    parameter value.
  * Applications that use the functions DH_generate_key() to generate
    an X9.42 DH key may experience long delays. Likewise,
    applications that use DH_check_pub_key(), DH_check_pub_key_ex
    () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
    DH parameters may experience long delays. Where the key or
    parameters that are being checked have been obtained from an
    untrusted source this may lead to a Denial of Service.
  * Add openssl-CVE-2023-5678.patch

- Displays "fips" in the version string (bsc#1215215)
  * Add openssl-1_1-fips-bsc1215215_fips_in_version_string.patch

- Security fix: (bsc#1213853, CVE-2023-3817)
  * Fix excessive time spent checking DH q parameter value
    (bsc#1213853, CVE-2023-3817). The function DH_check() performs
    various checks on DH parameters. After fixing CVE-2023-3446 it
    was discovered that a large q parameter value can also trigger
    an overly long computation during some of these checks. A
    correct q value, if present, cannot be larger than the modulus
    p parameter, thus it is unnecessary to perform these checks if
    q is larger than p. If DH_check() is called with such q parameter
    value, DH_CHECK_INVALID_Q_VALUE return flag is set and the
    computationally intensive checks are skipped.
  * Add openssl-1_1-CVE-2023-3817.patch

- Dont pass zero length input to EVP_Cipher because assembler
  optimized AES cannot handle zero size. [bsc#1213517]
  * Add openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch

- Security fix: [bsc#1213487, CVE-2023-3446]
  * Fix DH_check() excessive time with over sized modulus.
  * The function DH_check() performs various checks on DH parameters.
    One of those checks confirms that the modulus ("p" parameter) is
    not too large. Trying to use a very large modulus is slow and
    OpenSSL will not normally use a modulus which is over 10,000 bits
    in length.
    However the DH_check() function checks numerous aspects of the
    key or parameters that have been supplied. Some of those checks
    use the supplied modulus value even if it has already been found
    to be too large.
    A new limit has been added to DH_check of 32,768 bits. Supplying
    a key/parameters with a modulus over this size will simply cause
    DH_check() to fail.
  * Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch

- Security Fix: [bsc#1207534, CVE-2022-4304]
  * Reworked the Fix for the Timing Oracle in RSA Decryption
    The previous fix for this timing side channel turned out to cause
    a severe 2-3x performance regression in the typical use case
    compared to 1.1.1s.
  * Add openssl-CVE-2022-4304.patch
  * Removed patches:
  - openssl-CVE-2022-4304-1of2.patch
  - openssl-CVE-2022-4304-2of2.patch
  * Refreshed openssl-CVE-2023-0286.patch

- Update further expiring certificates that affect tests [bsc#1201627]
  * Add openssl-Update-further-expiring-certificates.patch

- Security Fix: [CVE-2023-2650, bsc#1211430]
  * Possible DoS translating ASN.1 object identifiers
  * Add openssl-CVE-2023-2650.patch

- Security Fix: [CVE-2023-0465, bsc#1209878]
  * Invalid certificate policies in leaf certificates are silently ignored
  * Add openssl-CVE-2023-0465.patch
- Security Fix: [CVE-2023-0466, bsc#1209873]
  * Certificate policy check not enabled
  * Add openssl-CVE-2023-0466.patch

- Security Fix: [CVE-2023-0464, bsc#1209624]
  * Excessive Resource Usage Verifying X.509 Policy Constraints
  * Add openssl-CVE-2023-0464.patch

- Security Fix: [bsc#1207533, CVE-2023-0286]
  * Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp
    for x400Address
  * Add openssl-CVE-2023-0286.patch
- Security Fix: [bsc#1207536, CVE-2023-0215]
  * Use-after-free following BIO_new_NDEF()
  * Add patches:
  - openssl-CVE-2023-0215-1of4.patch
  - openssl-CVE-2023-0215-2of4.patch
  - openssl-CVE-2023-0215-3of4.patch
  - openssl-CVE-2023-0215-4of4.patch
- Security Fix: [bsc#1207538, CVE-2022-4450]
  * Double free after calling PEM_read_bio_ex()
  * Add patches:
  - openssl-CVE-2022-4450-1of2.patch
  - openssl-CVE-2022-4450-2of2.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
  * Timing Oracle in RSA Decryption
  * Add patches:
  - openssl-CVE-2022-4304-1of2.patch
  - openssl-CVE-2022-4304-2of2.patch

- FIPS: list only FIPS approved public key algorithms
  [bsc#1121365, bsc#1198472]
  * Add openssl-1_1-fips-list-only-approved-pubkey-algorithms.patch
parted
- fix null pointer dereference (bsc#1193412)
  - add: parted-fix-check-diskp-in-do_name.patch
- update mkpart options in manpage (bsc#1182142)
  - add: parted-mkpart-manpage.patch
pciutils
- Apply "lspci-Fixed-buffer-overflows-in-ls-tree.c.patch" to fix a
  buffer overflow error that would cause lspci to crash on systems
  with complex topologies. [bsc#1215265]
- Add "pciutils.keyring" so that the tarball's signature can be
  verified at build time.
- Use "%license" tag instead of "%doc" to install the package's
  license file.
pcre2
- Security fix: [bsc#1213514, CVE-2022-41409]
  * Integer overflow vulnerability in pcre2test before 10.41
    allows attackers to cause a denial of service or other
    unspecified impacts via negative input.
  * Add pcre2-CVE-2022-41409.patch
polkit
- Change permissions for rules folders (bsc#1209282)
procps
- Submit latest procps 3.3.17 to SLE-15 tree for jira#PED-3244
  and jira#PED-6369
- The patches now upstream had been dropped meanwhile
  * procps-vmstat-1b9ea611.patch (bsc#1185417)
  - For support up to 2048 CPU as well
  * bsc1209122-a6c0795d.patch (bnc#1209122)
  - allow `-´ as leading character to ignore possible errors
    on systctl entries
  * patch procps-ng-3.3.9-bsc1121753-Cpus.patch (bsc#1121753)
  - was a backport of an upstream fix to get the first CPU
    summary correct
- Enable pidof for SLE-15 as this is provided by sysvinit-tools
- Use a check on syscall __NR_pidfd_open to decide if
  the pwait tool and its manual page will be build

- Modify patches
  * procps-ng-3.3.9-w-notruncate.diff
  * procps-ng-3.3.17-logind.patch
  to real to not truncate output of w with option -n

- procps-ng-3.3.17-logind.patch: Backport from 4.x git, prefer
  logind over utmp (jsc#PED-3144)

- Add patch CVE-2023-4016.patch
  * CVE-2023-4016: ps buffer overflow (bsc#1214290)

- Replace transitional %usrmerged macro with regular version check (boo#1206798)

- Extend patch procps-3.3.17-library-bsc1181475.patch (bsc#1206412)
- Make sure that correct library version is installed (bsc#1206412)

- Some older products do not know about /usr/share/man/uk
protobuf
- Fix a potential DoS issue in protobuf-cpp and protobuf-python,
  CVE-2022-1941, bsc#1203681
  * Add protobuf-CVE-2022-1941.patch
- Fix a potential DoS issue when parsing with binary data in
  protobuf-java, CVE-2022-3171, bsc#1204256
  * Add protobuf-CVE-2022-3171.patch
- Refresh protobuf-CVE-2021-22570.patch
- Backport changes from 3.16.x tree for apply recent CVE patches
  * Add protobuf-51026d922970e06475f005b39287963594134b96.patch
  * Add protobuf-6ee16a9c60e734104aeb738503fe3f411c97bd88.patch
  * Add protobuf-73e0d748b9acdc40b693f2879ce82ecb1a849b81.patch
  * Add protobuf-7bff8393cab939bfbb9b5c69b3fe76b4d83c41ee.patch
  * Add protobuf-4f02f056b5cea99052bfdfb6698afe47a3cf2964.patch
  * Add protobuf-763c3588740b97e8e80b1b1a1a2dc4f417647133.patch
  * Add protobuf-6c92f9dff1807c142edf6780d775b58a3b078591.patch
  * Add protobuf-4e93585e8bb234efeacb7737b8d080968c5ab91e.patch
  * Add protobuf-58d4420e2dd8a3cd354fff9db0052881c25369ce.patch
- Reorganize patch set ordering

- Fix potential Denial of Service in protobuf-java in the parsing procedure
  for binary data, CVE-2021-22569, bsc#1194530
  * Add protobuf-improve-performance-of-parsing-unknown-fields-in-Java.patch
python3
- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448
  (CVE-2024-4032) rearranging definition of private v global IP
  addresses.

- Add CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch
  fixing bsc#1226447 (CVE-2024-0397) by removing memory race
  condition in ssl.SSLContext certificate store methods.

- Add bpo38361-syslog-no-slash-ident.patch (bsc#1222109,
  gh#python/cpython!16557) fixes syslog making default "ident"
  from sys.argv[0].
- Update CVE-2023-52425-libexpat-2.6.0-backport.patch so that
  it uses features sniffing, not just comparing version number
  (bsc#1220664, bsc#1219559, bsc#1221563, bsc#1222075).
- Remove support-expat-CVE-2022-25236-patched.patch, which was
  the previous name of this patch.
- Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping
  failing tests.
- Refresh patches:
  - CVE-2023-27043-email-parsing-errors.patch
  - fix_configure_rst.patch
  - skip_if_buildbot-extend.patch

- bsc#1221854 (CVE-2024-0450) Add
  CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch
  detecting the vulnerability of the "quoted-overlap" zipbomb
  (from gh#python/cpython!110016).
- Add bh42369-thread-safety-zipfile-SharedFile.patch (from
  gh#python/cpython!26974) required by the previous patch.
- Add expat-260-test_xml_etree-reparse-deferral.patch to make the
  interpreter work with patched libexpat in our distros.
- Move all patches from locally sourced to the branch
  opensuse-3.6 branch at GitHub repo, and move all metadata to
  commits themselves (readable in the headers of each patch).
- Add bpo-41675-modernize-siginterrupt.patch to make Python build
  cleanly even on more recent SPs of SLE-15
  (gh#python/cpython#85841).
- Remove patches:
  - bpo36263-Fix_hashlib_scrypt.patch - fix against bug in
    OpenSSL fixed in 1.1.1c (gh#openssl/openssl!8483), so this
    patch is redundant on all SUSE-supported distros
  - python-3.3.0b1-test-posix_fadvise.patch - protection
    against the kernel issues which has been fixed in
    gh#torvalds/linux@3d3727cdb07f, which has been included in
    all our kernels more recent than SLE-11.
  - python-3.3.3-skip-distutils-test_sysconfig_module.patch -
    skips a test, which should be relevant only for testing on
    Mac OS X systems with universal builds. I have no valid
    record, that this test would be ever problematic on Linux.
  - bpo-36576-skip_tests_for_OpenSSL-111.patch, which was
    included already in Python 3.5.

- (bsc#1219666, CVE-2023-6597) Add
  CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from
  gh#python/cpython!99930) fixing symlink bug in cleanup of
  tempfile.TemporaryDirectory.
- Merge together bpo-36576-skip_tests_for_OpenSSL-111.patch into
  skip_SSL_tests.patch, and make them include all conditionals.

- Refresh CVE-2023-27043-email-parsing-errors.patch to
  gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).

- Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing
  gh#python/cpython#108310, backport from upstream patch
  gh#python/cpython#108315
  (bsc#1214692, CVE-2023-40217)

- Add 99366-patch.dict-can-decorate-async.patch fixing
  gh#python/cpython#98086 (backport from Python 3.10 patch in
  gh#python/cpython!99366), fixing bsc#1211158.

- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
  CVE-2007-4559 (bsc#1203750) by adding the filter for
  tarfile.extractall (PEP 706).

- Use python3 modules to build the documentation.

- Add bpo-44434-libgcc_s-for-pthread_cancel.patch
  which eliminates unnecessary and dangerous calls to
  PyThread_exit_thread() (bsc#1203355).

- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
  bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters

- Add bpo27321-email-no-replace-header.patch to stop
  email.generator.py from replacing a non-existent header
  (bsc#1208443, gh#python/cpython#71508).

- Add bsc1188607-pythreadstate_clear-decref.patch to fix crash in
  the garbage collection (bsc#1188607).

- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
  CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.

- Add CVE-2022-37454-sha3-buffer-overflow.patch to fix
  bsc#1204577 (CVE-2022-37454, gh#python/cpython#98517) buffer
  overflow in hashlib.sha3_* implementations (originally from the
  XKCP library).

- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
  CVE-2020-10735 (bsc#1203125) to limit amount of digits
  converting text to int and vice vera (potential for DoS).
  Originally by Victor Stinner of Red Hat.
qrencode
- update to 4.1.1 (jsc#PED-7296):
  * Some minor bugs in Micro QR Code generation have been fixed.
  * The data capacity calculations are now correct. These bugs probably did not
    affect the Micro QR Code generation.

- update to 4.1.0:
  * Command line tool "qrencode" has been improved:
  * New option "--inline" has been added. (Thanks to @jp-bennett)
  * New option "--strict-version" has been added.
  * UTF8 mode now supports ANSI256 color. (Thanks to András Veres-
    Szentkirályi)
  * Micro QR Code no longer requires to specify the version number.
  * 'make check' allows to run the test programs. (Thanks to Jan Tojnar)
  * Some compile time warnings have been fixed.
  * Various CMake support improvements. (Thanks to @mgorny and @sdf5)
  * Some minor bug fixes. (Thanks to Lonnie Abelbeck and Frédéric Wang)
  * Some documentation/manpage improvements. (Thanks to Dan Jacobson)
  * Some performance improvements. (Thanks to @4061N and Mika Lindqvist)
- remove qrencode-fix-installation.patch (upstream)

- Update to version 4.0.2
  * Build script fixes. (Thanks to @mgorny)
  version 4.0.1
  * CMake support improved.
  * New test scripts have been added.
  * Some compile time warnings have been fixed.
- Refreshed qrencode-fix-installation.patch
libsodium
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

-  Revert previous change about cpuid as previous change rejected
  in https://build.opensuse.org/request/show/724809
-  Disable LTO as bypass boo#1148184

-  Add libsodium_configure_cpuid_chg.patch and call autoconf
  to regenerate configure script with proper CPUID checking.
  Required at least for PowerPC and ARM now that LTO enabled.

- Update to 1.0.18
  - Enterprise versions of Visual Studio are now supported.
  - Visual Studio 2019 is now supported.
  - 32-bit binaries for Visual Studio 2010 are now provided.
  - A test designed to trigger an OOM condition didn't work on
    Linux systems with memory overcommit turned on. It has been
    removed in order to fix Ansible builds.
  - Emscripten: print and printErr functions are overridden to send
    errors to the console, if there is one.
  - Emscripten: UTF8ToString() is now exported since
    Pointer_stringify() has been deprecated.
  - Libsodium version detection has been fixed in the CMake recipe.
  - Generic hashing got a 10% speedup on AVX2.
  - New target: WebAssembly/WASI
    (compile with dist-builds/wasm32-wasi.sh).
  - New functions to map a hash to an edwards25519 point
    or get a random point:
    core_ed25519_from_hash() and core_ed25519_random().
  - crypto_core_ed25519_scalar_mul() has been implemented for
    scalar*scalar (mod L) multiplication.
  - Support for the Ristretto group has been implemented for
    interoperability with wasm-crypto.
  - Improvements have been made to the test suite.
  - Portability improvements have been made.
  - getentropy() is now used on systems providing this system call.
  - randombytes_salsa20 has been renamed to randombytes_internal.
  - Support for NativeClient has been removed.
  - Most ((nonnull)) attributes have been relaxed to allow 0-length
    inputs to be NULL.
  - The -ftree-vectorize and -ftree-slp-vectorize compiler switches
    are now used, if available, for optimized builds.

- Update to 1.0.17
  - Bug fix: sodium_pad() didn't properly support block sizes
    >= 256 bytes.
  - JS/WebAssembly: some old iOS versions can't instantiate the
    WebAssembly module; fall back to Javascript on these.
  - JS/WebAssembly: compatibility with newer Emscripten versions.
  - Bug fix: crypto_pwhash_scryptsalsa208sha256_str_verify() and
    crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()didn't
    returnEINVAL` on input strings with a short length, unlike
    their high-level counterpart.
  - Added a workaround for Visual Studio 2010 bug causing CPU
    features not to be detected.
  - Portability improvements.
  - Test vectors from Project Wycheproof have been added.
  - New low-level APIs for arithmetic mod the order of the prime
    order group:
  - crypto_core_ed25519_scalar_random(),
    crypto_core_ed25519_scalar_reduce(),
  - crypto_core_ed25519_scalar_invert(),
    crypto_core_ed25519_scalar_negate(),
  - crypto_core_ed25519_scalar_complement(),
    crypto_core_ed25519_scalar_add() and
    crypto_core_ed25519_scalar_sub().
  - New low-level APIs for scalar multiplication without clamping:
    crypto_scalarmult_ed25519_base_noclamp() and
    crypto_scalarmult_ed25519_noclamp().
    These new APIs are especially useful for blinding.
  - sodium_sub() has been implemented.
  - Support for WatchOS has been added.
  - getrandom(2) is now used on FreeBSD 12+.
  - The nonnull attribute has been added to all relevant
    prototypes.
  - More reliable AVX512 detection.
  - Javascript/Webassembly builds now use dynamic memory growth.
libsolv
- add a conflict to older libsolv-tools to libsolv-tools-base

- improve updating of installed multiversion packages
- fix decision introspection going into an endless loop in some
  cases
- added experimental lua bindings
- bump version to 0.7.29

- split libsolv-tools into libsolv-tools-base [jsc#PED-8153]

- build for multiple python versions [jsc#PED-6218]
- bump version to 0.7.28

- add zstd support for the installcheck tool
- add putinowndirpool cache to make file list handling in
  repo_write much faster
- bump version to 0.7.27

- fix evr roundtrip in testcases
- do not use deprecated headerUnload with newer rpm versions
- bump version to 0.7.26

- support complex deps in SOLVABLE_PREREQ_IGNOREINST
- fix minimization not prefering installed packages in some cases
- reduce memory usage in repo_updateinfoxml
- fix lock-step interfering with architecture selection
- fix choice rule handing for package downgrades
- fix complex dependencies with an "else" part sometimes leading
  to unsolved dependencies
- bump version to 0.7.25

- handle learnt rules in solver_alternativeinfo()
- support x86_64_v[234] architecture levels
- implement decision sorting for package decisionlists
- add back findutils requires for the libsolv-tools packagse
  [bsc#1195633]
- bump version to 0.7.24

- fix "keep installed" jobs not disabling "best update" rules
- do not autouninstall suse ptf packages
- ensure duplinvolvedmap_all is reset when a solver is reused
- special case file dependencies in the testcase writer
- support stringification of multiple solvables
- new weakdep introspection interface similar to ruleinfos
- support decision reason queries
- support merging of related decissions
- support stringification of ruleinfo, decisioninfo and decision reasons
- support better info about alternatives
- new '-P' and '-W' options for testsolv
- bump version to 0.7.23
sqlite3
- Sync version 3.44.0 from Factory
  * Fixes bsc#1210660, CVE-2023-2137: Heap buffer overflow
  * sqlite3-rtree-i686.patch: temporary build fix for 32-bit x86.
  * Obsoletes sqlite-CVE-2022-46908.patch
  * Obsoletes sqlite-src-3390000-func7-pg-181.patch

- bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch:
  relying on --safe for execution of an untrusted CLI script
libssh
- Fix regression parsing IPv6 addresses provided as hostname (bsc#1227396)
  - added libssh-fix-ipv6-hostname-regression.patch

- Update to 0.9.8: [jsc#PED-7719, bsc#1218126, CVE-2023-48795]
  * Rebase 0001-disable-timeout-test-on-slow-buildsystems.patch
  * Remove patches fixed in the update:
  - CVE-2019-14889.patch
  - 0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-A.patch

- Update to version 0.9.8
  * Fix CVE-2023-6004: Command injection using proxycommand (bsc#1218209)
  * Fix CVE-2023-48795: Potential downgrade attack using strict kex (bsc#1218126)
  * Fix CVE-2023-6918: Missing checks for return values of MD functions (bsc#1218186)
  * Allow @ in usernames when parsing from URI composes
- Update to version 0.9.7
  * Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm
    guessing (bsc#1211188)
  * Fix CVE-2023-2283: a possible authorization bypass in
    pki_verify_data_signature under low-memory conditions (bsc#1211190)
  * Fix several memory leaks in GSSAPI handling code

- Update to version 0.9.6 (bsc#1189608, CVE-2021-3634)
  * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.9.6

- Add missing BR for openssh needed for tests

- update to 0.9.5 (bsc#1174713, CVE-2020-16135):
  * CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232)
  * Improve handling of library initialization (T222)
  * Fix parsing of subsecond times in SFTP (T219)
  * Make the documentation reproducible
  * Remove deprecated API usage in OpenSSL
  * Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN
  * Define version in one place (T226)
  * Prevent invalid free when using different C runtimes than OpenSSL (T229)
  * Compatibility improvements to testsuite

- Update to version 0.9.4
  * https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/
  * Fix possible Denial of Service attack when using AES-CTR-ciphers
    CVE-2020-1730 (bsc#1168699)
systemd
- Fix systemd-coredump to not allow user to access coredumps with changed
  uid/gid/capabilities (bsc#1205000 CVE-2022-4415)
  Add 5000-coredump-Fix-format-string-type-mismatch.patch
  Add 5001-coredump-drop-an-unused-variable.patch
  Add 5002-coredump-adjust-whitespace.patch
  Add 5003-coredump-do-not-allow-user-to-access-coredumps-with-.patch

- Import commit b83846dc8a5db633cc6cf05a33ddc054f725214e
  4d53a5440f udev/net_id: show the correct identifier in the debug output of dev_pci_onboard()
  f70647a7b7 udev/net_id: add debug logging for construction of device names
  48f40fbc8e pid1: set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857)
  7e4434d883 docs: $SYSTEMD_NSS_BYPASS_BUS is not honoured anymore, don't document it
  2bdfc2d8cf pid1: lookup owning PID of BusName= name of services asynchronously
  dba888a4d3 pid1: watch bus name always when we have it
  f524807b89 udev: add one more assertion
  8558101c73 udev: drop assertion which is always false
  566a66dc5c udev: support by-path devlink for multipath nvme block devices (bsc#1200723)
  b4c4edaada tests: minor simplification in test-execute
  76d510c625 tests: make test-execute pass on openSUSE
- Drop the following patches which are part of 'SUSE/v246' now:
    6000-udev-net_id-add-debug-logging-for-construction-of-de.patch
    6001-udev-net_id-show-the-correct-identifier-in-the-debug.patch

- 80-hotplug-cpu-mem.rules: restrict cpu rule to x86_64 (bsc#1204423)
  Also update the rule files to make use of the "CONST{arch}" syntax (available
  since v244).

- Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2
  42a26330fc time-util: fix buffer-over-run (bsc#1204968 CVE-2022-3821)
  8a70235d8a core: Add trigger limit for path units
  93e544f3a0 core/mount: also add default before dependency for automount mount units
  5916a7748c logind: fix crash in logind on user-specified message string

- Add 1010-man-describe-the-net-naming-schemes-specific-to-SLE.patch (bsc#1204179)
libtirpc
- fix sed parsing for libtirpc.pc.in in specfile (boo#1216862)

-  update to 1.3.4 (bsc#1199467)
  * binddynport.c honor ip_local_reserved_ports
  - replaces: binddynport-honor-ip_local_reserved_ports.patch
  * gss-api: expose gss major/minor error in authgss_refresh()
  * rpcb_clnt.c: Eliminate double frees in delete_cache()
  * rpcb_clnt.c: memory leak in destroy_addr
  * portmapper: allow TCP-only portmapper
  * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep
  * clnt_raw.c: fix a possible null pointer dereference
  * bindresvport.c: fix a potential resource leakage
- update to 1.3.3 (bsc#1201680, CVE-2021-46828):
  * Fix DoS vulnerability in libtirpc
  - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch
  * _rpc_dtablesize: use portable system call
  * libtirpc: Fix use-after-free accessing the error number
  * Fix potential memory leak of parms.r_addr
  - replaces 0001-fix-parms.r_addr-memory-leak.patch
  * rpcb_clnt.c add mechanism to try v2 protocol first
  - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
  * Eliminate deadlocks in connects with an MT environment
  * clnt_dg_freeres() uncleared set active state may deadlock
  * thread safe clnt destruction
  * SUNRPC: mutexed access blacklist_read state variable
  * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c
- drop 0001-Fix-DoS-vulnerability-in-libtirpc.patch (upstream)
- update to 1.3.2:
  * Replace the final SunRPC licenses with BSD licenses
  * blacklist: Add a few more well known ports
  * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS
- Update to libtirpc 1.3.1
  * Remove AUTH_DES interfaces from auth_des.h
    The unsupported  AUTH_DES authentication has be
    compiled out since commit d918e41d889 (Wed Oct 9 2019)
    replaced by API routines that return errors.
  * svc_dg: Free xp_netid during destroy
  * Fix memory management issues of fd locks
  * libtirpc: replace array with list for per-fd locks
  * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf
  * __rpc_dtbsize: rlim_cur instead of rlim_max
  * pkg-config: use the correct replacements for libdir/includedir
  Patches replaced by update:
  binddynport-honor-ip_local_reserved_ports.patch (bsc#1199467)
  0001-Fix-DoS-vulnerability-in-libtirpc.patch (bsc#1201680)
  0001-fix-parms.r_addr-memory-leak.patch (bsc#1198752)
  0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
  (bsc#1196647), (bsc#1200800), (bsc#1198176)
  * replaces /etc/netconfig-try-2-first by the environment variable
  RPCB_V2FIRST

- consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding
  to a random port (bsc#1199467)
  - add binddynport-honor-ip_local_reserved_ports.patch
libxml2
- Security fix (CVE-2024-34459, bsc#1224282) buffer over-read in
  xmlHTMLPrintFileContext in xmllint.c
  * Added libxml2-CVE-2024-34459.patch

- Security fix (CVE-2024-25062, bsc#1219576) use-after-free in XMLReader
  * Added libxml2-CVE-2024-25062.patch

- Security update:
  * [CVE-2023-45322, bsc#1216129] use-after-free in xmlUnlinkNode()
    in tree.c
  - Added file libxml2-CVE-2023-45322.patch

- Security update:
  * [CVE-2023-39615, bsc#1214768] Crafted xml can cause global
    buffer overflow
  - Added file libxml2-CVE-2023-39615.patch

- Security update:
  * [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings
    isn't deterministic
  - Added patch libxml2-CVE-2023-29469.patch
  * [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in
    xmlSchemaFixupComplexType
  - Added patch libxml2-CVE-2023-28484-1.patch
  - Added patch libxml2-CVE-2023-28484-2.patch
- Fix changelog entries in both .changes files.
- Apply al patches correctly for libxml2 and python-libxml2.

- Add W3C conformance tests to the testsuite (bsc#1204585):
  * Added file xmlts20080827.tar.gz
libxslt
- Security Fix: [bsc#1208574, CVE-2021-30560]
  * Use after free in Blink XSLT
  * Add libxslt-CVE-2021-30560.patch

- Fix broken license symlink for libxslt-tools [bsc#1203669]
libyajl
- add libyajl-CVE-2023-33460.patch (CVE-2023-33460, bsc#1212928)
zlib
- Fix CVE-2023-45853, integer overflow and resultant heap-based buffer
  overflow in zipOpenNewFileInZip4_6, bsc#1216378
  * CVE-2023-45853.patch

- Fix deflateBound() before deflateInit(), bsc#1210593
  bsc1210593.patch

- Add DFLTCC support for using inflate() with a small window,
  fixes bsc#1206513
  * bsc1206513.patch

- Follow up fix for bsc#1203652 due to libxml2 breakage
  * bsc1203652-2.patch

- Fix bsc#1203652, inflate() does not update strm.adler if DFLTCC is used
  * bsc1203652.patch
zstd
- Fix CVE-2022-4899, bsc#1209533
  * Disallow empty --output-dir-flat=
- Added patch:
  * Disallow-empty-output-directory.patch
libzypp
- zypp-tui: Make sure translated texts use the correct textdomain
  (fixes #551)
- Skip libproxy1 requires for tumbleweed.
- version 17.34.1 (34)

- don't require libproxy1 on tumbleweed, it is optional now

- version 17.34.0 (34)
- Fix versioning scheme

- version 17.33.4 (35)

- add one more missing export for libyui-qt-pkg

- Revert eintrSafeCall behavior to setting errno to 0.
- version 17.33.3 (34)

- fix up requires_eq usage for libsolv-tools-base
- add one more missing export for PackageKit
- version 17.33.2

- version 17.33.1 (33)

- switch to reduced size libsolv-tools-base (jsc#PED-8153)

- Fixed check for outdated repo metadata as non-root user
  (bsc#1222086)
- Add ZYPP_API for exported functions and switch to
  visibility=hidden (jsc#PED-8153)
- Dynamically resolve libproxy (jsc#PED-8153)
- version 17.33.0 (33)

- Fix download from gpgkey URL (bsc#1223430, fixes openSUSE/zypper#546)
- version 17.32.6 (32)

- Don't try to refresh volatile media as long as raw metadata are
  present (bsc#1223094)
- version 17.32.5 (32)

- Fix creation of sibling cache dirs with too restrictive mode
  (bsc#1222398)
  Some install workflows in YAST may lead to too restrictive (0700)
  raw cache directories in case of newly created repos. Later
  commands running with user privileges may not be able to access
  these repos.
- version 17.32.4 (32)

- Update RepoStatus fromCookieFile according to the files mtime
  (bsc#1222086)
- TmpFile: Don't call chmod if makeSibling failed.
- version 17.32.3 (32)

- Fixup New VendorSupportOption flag VendorSupportSuperseded
  (jsc#OBS-301, jsc#PED-8014)
  Fixed the name of the keyword to "support_superseded" as it was
  agreed on in jsc#OBS-301.
- version 17.32.2 (32)

- Add resolver option 'removeUnneeded' to file weak remove jobs
  for unneeded packages (bsc#1175678)
- version 17.32.1 (32)

- Add resolver option 'removeOrphaned' for distupgrade
  (bsc#1221525)
- New VendorSupportOption flag VendorSupportSuperseded
  (jsc#OBS-301, jsc#PED-8014)
- Tests: fix vsftpd.conf where SUSE and Fedora use different
  defaults (fixes #522)
- Add default stripe minimum (#529)
- Don't expose std::optional where YAST/PK explicitly use c++11.
- Digest: Avoid using the deprecated OPENSSL_config.
- version 17.32.0 (32)

- ProblemSolution::skipsPatchesOnly overload to handout the
  patches.
- Remove https->http redirection exceptions for
  download.opensuse.org.
- version 17.31.32 (22)

- tui: allow to access the underlying ostream of out::Info.
- Add MLSep: Helper to produce not-NL-terminated multi line
  output.
- version 17.31.31 (22)

- applydeltaprm: Create target directory if it does not exist
  (bsc#1219442)
- Add ProblemSolution::skipsPatchesOnly (for openSUSE/zypper#514)
- Fix problems with EINTR in ExternalDataSource::getline (fixes
  bsc#1215698)
- version 17.31.30 (22)

- CheckAccessDeleted: fix running_in_container detection
  (bsc#1218782)
- Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime
  (bsc#1218831)
- Make Wakeup class EINTR safe.
- Add a way to cancel media operations on shutdown
  (openSUSE/zypper#522)
  This patch adds a mechanism to signal libzypp that a shutdown was
  requested, usually when CTRL+C was pressed by the user. Currently
  only the media backend will utilize this, but can be extended to
  all code paths that use g_poll() to wait for events.
- Manually poll fds for curl in MediaCurl.
  Using curl_easy_perform does not give us the required control on
  when we want to cancel a download. Switching to the MultiCurl
  implementation with a external poll() event loop will give us
  much more freedom and helps us to improve our Ctrl+C handling.
- Move reusable curl poll code to curlhelper.h.
- version 17.31.29 (22)

- Fix to build with libxml 2.12.x (fixes #505)
- version 17.31.28 (22)

- CheckAccessDeleted: fix 'running in container' filter
  (bsc#1218291)
- version 17.31.27 (22)

- Call zypp commit plugins during transactional update (fixes #506)
- Add support for loongarch64 (fixes #504)
- Teach MediaMultiCurl to download HTTP Multibyte ranges.
- Teach zsync downloads to MultiCurl.
- Expand RepoVars in URLs downloading a .repo file (bsc#1212160)
  Convenient and helps documentation as it may refer to a single
  command for a bunch of distributions. Like e.g. "zypper ar
  'https://server.my/$releasever/my.repo'".
- version 17.31.26 (22)

- Fix build issue with zchunk build flags (fixes #500)
- version 17.31.25 (22)

- Open rpmdb just once during execution of %posttrans scripts
  (bsc#1216412)
- Avoid using select() since it does not support fd numbers >
  1024 (fixes #447)
- tools/DownloadFiles: use standard zypp progress bar (fixes #489)
- Revert "Color download progress bar" (fixes #475)
  Cyan is already used for the output of RPM scriptlets. Avoid this
  colorific collision between download progress bar and scriptlet
  output.
- Fix ProgressBar's calculation of the printed tag position (fixes #494)
- Switch zypp::Digest to Openssl 3.0 Provider API (fixes #144)
- Fix usage of deprecated CURL features (fixes #486)
- version 17.31.24 (22)

- Stop using boost version 1 timer library (fixes #489,
  bsc#1215294)
- version 17.31.23 (22)

- Preliminary disable 'rpm --runposttrans' usage for chrooted
  systems (bsc#1216091)
  This limits the %transfiletrigger(postun|in) support in the
  default installer if --root is used (as described in bsc#1041742).
  The chrooted execution of the scripts in 'rpm --runposttrans'
  broke in rpm-4.18. It's expected to be fixed in rpm-4.19.
  Then we'll enable the feature again.
- fix comment typo on zypp.conf (boo#1215979)
- version 17.31.22 (22)

- Attempt to delay %transfiletrigger(postun|in) execution if rpm
  supports it (bsc#1041742)
  Decide during installation whether rpm is capable of delayed
  %posttrans %transfiletrigger(postun|in) execution or whether we
  can just handle the packages %posttrans. On TW a delayed
  %transfiletrigger handling is possible since rpm-4.17.
- Make sure the old target is deleted before a new one is created
  (bsc#1203760)
- version 17.31.21 (22)

- Fixup changes for 17.31.16. Remove faulty reference to a bug
  actually fixed in 2019.
- version 17.31.20 (22)

- Fix zypp-tui/output/Out.h to build with clang.
- Fix zypp/Arch.h for clang (fixes #478)
  Clang seems to have issues with picking the overload in
  std::men_fn if there is a static overload of a member function.
  We need to explicitely specify the correct type of the function
  pointer. To make sure this would not break compiling a
  application with clang that builds against libzypp this patch
  works around the problem.
- version 17.31.19 (22)

- SINGLE_RPMTRANS: Respect ZYPP_READONLY_HACK when checking the
  zypp-rpm lock (fixes openSUSE/openSUSE-repos#29)
- version 17.31.18 (22)

- Fix wrong filesize exceeded dl abort in zyppng::Downloader
  (bsc#1213673)
  In some cases when downloading very small files we can run into
  issues when the URL is protected by credentials.
- version 17.31.17 (22)

- Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231)
- Don't cleanup orphaned dirs if read-only mode was promised
  (bsc#1210740)
- version 17.31.16 (22)

- Fix build against protobuf >= 22 (fixes #465, closes #466)
  Port away from protobuf_generate_cpp. Upstream protobuf does not
  export protobuf_generate_cpp by default anymore.
  Use protobuf_generate instead, which is also available on older
  versions.
- Remove SUSE < SLE11 constructs (fixes #464).
- version 17.31.15 (22)

- build: honor libproxy.pc's includedir (bsc#1212222)
- Curl: trim all custom headers (bsc#1212187)
  HTTP/2 RFC 9113 forbids fields ending with a space. So we make
  sure all custom headers are trimmed. This also includes headers
  returned by URL-Resolver plugins.
- version 17.31.14 (22)

- curl: Trim user agent string (bsc#1212187)
  HTTP/2 RFC 9113 forbids fields ending with a space. Violation
  results in curl error: 92: HTTP/2 PROTOCOL_ERROR.
- version 17.31.13 (22)

- Do not unconditionally release a medium if provideFile failed
  (bsc#1211661)
- libzypp.spec.cmake: remove duplicate file listing.
- version 17.31.12 (22)

- MediaCurl: Fix endless loop if wrong credentials are stored in
  credentials.cat (bsc#1210870)
  Since libzypp-17.31.7 wrong credentials stored in credentials.cat
  may lead to an endless loop. Rather than asking for the right
  credentials, the stored ones are used again and again.
- zypp.conf: Introduce 'download.connect_timeout' [60 sec.]
  (bsc#1208329)
  Maximum time in seconds that you allow the connection phase to
  the server to take. This only limits the connection phase, it has
  no impact once it has connected. (see also CURLOPT_CONNECTTIMEOUT)
- commit: Try to provide /dev fs if not present (fixes #444)
- fix build with boost 1.82.
- version 17.31.11 (22)

- fix build with boost 1.82

- BuildRequires: libsolv-devel >= 0.7.24 for x86_64_v[234]
  support.
- version 17.31.10 (22)

- Workround bsc#1195633 while libsolv <= 0.7.23 is used.
- Fix potential endless loop in new ZYPP_MEDIANETWORK.
- ZYPP_METALINK_DEBUG=1: Log URL and priority of the mirrors
  parsed from a metalink file.
- multicurl: propagate ssl settings stored in repo url
  (boo#1127591)
  Closes #335.
- Teach MediaNetwork to retry on HTTP2 errors.
- fix CapDetail to return Rel::NONE if an EXPRESSION is used as a
  NAMED cap.
- Capability: support parsing richdeps from string.
- defaultLoadSystem: default to LS_NOREFRESH if not root.
- Detect x86_64_v[234]: Fix LZCNT bit used in detection (fixes
  [#439])
  Merges rpm-software-management/rpm#2412: The bit for LZCNT is in
  CPUID 0x80000001, not 1.
- Detect x86_64_v[234] architecture levels (fixes #439)
- Support x86_64_v[234] architecture levels (for #439)
- version 17.31.9 (22)

- ProgressData: enforce reporting the INIT||END state
  (bsc#1206949)
- ps: fix service detection on newer Tumbleweed systems
  (bsc#1205636)
- version 17.31.8 (22)

- Hint to "zypper removeptf" to remove PTFs.
- Removing a PTF without enabled repos should always fail
  (bsc#1203248)
  Without enabled repos, the dependent PTF-packages would be
  removed (not replaced!) as well. To remove a PTF "zypper install
  - - -PTF" or a dedicated "zypper removeptf PTF" should be used.
  This will update the installed PTF packages to theit latest
  version.
- version 17.31.7 (22)

- Avoid calling getsockopt when we know the info already.
  This patch hopefully fixes logging on WSL, getsockopt seems to
  not be fully supported but the code required it when accepting
  new socket connections. (for bsc#1178233)
- Enhance yaml-cpp detection (fixes #428)
- No need to redirect 'history.logfile=/dev/null' into the target.
- MultiCurl: Make sure to reset the progress function when
  falling back.
- version 17.31.6 (22)

- Create '.no_auto_prune' in the package cache dir to prevent auto
  cleanup of orphaned repositories (bsc#1204956)
- properly reset range requests (bsc#1204548)
- version 17.31.5 (22)

- Do not clean up MediaSetAccess before using the geoip file
  (fixes #424)
- version 17.31.4 (22)

- Improve download of optional files (fixes #416)
- Do not use geoip rewrites if the repo has explicit country
  settings.
- Implement geoIP feature for zypp.
  This patch adds a feature to rewrite request URLs to the repo
  servers by querying a geoIP file from download.opensuse.org. This
  file can return a redirection target depending on the clients IP
  adress, this way we can directly contact a local mirror of d.o.o
  instead. The redir target stays valid for 24hrs.
  This feature can be disabled in zypp.conf by setting
  'download.use_geoip_mirror = false'.
- Use a dynamic fallback for BLKSIZE in downloads.
  When not receiving a blocklist via metalink file from the server
  MediaMultiCurl used to fallback to a fixed, relatively small
  BLKSIZE. This patch changes the fallback into a dynamic value
  based on the filesize using a similar metric as the MirrorCache
  implementation on the server side.
- Skip media.1/media download for http repo status calc.
  This patch allows zypp to skip a extra media.1/media download to
  calculate if a repository needs to be refreshed. This
  optimisation only takes place if the repo does specify only
  downloading base urls.
- version 17.31.3 (22)
shadow
- bsc#1228770: Fix not copying of skel files
  Update shadow-CVE-2013-4235.patch

- bsc#916845 (CVE-2013-4235): Fix TOCTOU race condition
  Add shadow-CVE-2013-4235.patch

- bsc#1214806 (CVE-2023-4641):
  Fix potential password leak
- Add shadow-CVE-2023-4641.patch

- bsc#1213189: Change lock mechanism to file locking to prevent
  lock files after power interruptions
- Add shadow-4.8.1-lock-mechanism.patch

- bsc#1206627: Add --prefix support to passwd, chpasswd and chage
  Needed for YaST
- Add shadow-4.8.1-add-prefix-passwd-chpasswd-chage.patch

- bsc#1210507 (CVE-2023-29383):
  Check for control characters
- Add shadow-CVE-2023-29383.patch
man
- Use inverted exit status in exec option of find command to
  avoid refreshing man database (boo#1155879)

- Minor corrections on %ghost /var/cache/man
mozilla-nspr
- update to version 4.35
  * fixes for building with clang
  * use the number of online processors for the
    PR_GetNumberOfProcessors() API on some platforms
  * fix build on mips+musl libc
  * Add support for the LoongArch 64-bit architecture
mozilla-nss
- Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh
  depends on it and will create a broken, empty config, if sed is
  missing (bsc#1227918)

- update to NSS 3.101.2
  * bmo#1905691 - ChaChaXor to return after the function

- Added nss-fips-safe-memset.patch, fixing bsc#1222811.
- Removed some dead code from nss-fips-constructor-self-tests.patch.
- Rebased nss-fips-approved-crypto-non-ec.patch on above changes.
- Added nss-fips-aes-gcm-restrict.patch, fixing bsc#1222830.
- Updated nss-fips-approved-crypto-non-ec.patch, fixing bsc#1222813,
  bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118.
- Updated nss-fips-approved-crypto-non-ec.patch and
  nss-fips-constructor-self-tests.patch, fixing bsc#1222807,
  bsc#1222828, bsc#1222834.
- Updated nss-fips-approved-crypto-non-ec.patch, fixing bsc#1222804,
  bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116.

- update to NSS 3.101.1
  * bmo#1901932 - missing sqlite header.
  * bmo#1901080 - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
- update to NSS 3.101
  * bmo#1900413 - add diagnostic assertions for SFTKObject refcount.
  * bmo#1899759 - freeing the slot in DeleteCertAndKey if authentication failed
  * bmo#1899883 - fix formatting issues.
  * bmo#1889671 - Add Firmaprofesional CA Root-A Web to NSS.
  * bmo#1899593 - remove invalid acvp fuzz test vectors.
  * bmo#1898830 - pad short P-384 and P-521 signatures gtests.
  * bmo#1898627 - remove unused FreeBL ECC code.
  * bmo#1898830 - pad short P-384 and P-521 signatures.
  * bmo#1898825 - be less strict about ECDSA private key length.
  * bmo#1854439 - Integrate HACL* P-521.
  * bmo#1854438 - Integrate HACL* P-384.
  * bmo#1898074 - memory leak in create_objects_from_handles.
  * bmo#1898858 - ensure all input is consumed in a few places in mozilla::pkix
  * bmo#1884444 - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
  * bmo#1748105 - clean up escape handling
  * bmo#1896353 - Use lib::pkix as default validator instead of the old-one
  * bmo#1827444 - Need to add high level support for PQ signing.
  * bmo#1548723 - Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation
  * bmo#1884444 - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
  * bmo#1893404 - Allow for non-full length ecdsa signature when using softoken
  * bmo#1830415 - Modification of .taskcluster.yml due to mozlint indent defects
  * bmo#1793811 - Implement support for PBMAC1 in PKCS#12
  * bmo#1897487 - disable VLA warnings for fuzz builds.
  * bmo#1895032 - remove redundant AllocItem implementation.
  * bmo#1893334 - add PK11_ReadDistrustAfterAttribute.
  * bmo#215997  - Clang-formatting of SEC_GetMgfTypeByOidTag update
  * bmo#1895012 - Set SEC_ERROR_LIBRARY_FAILURE on self-test failure
  * bmo#1894572 - sftk_getParameters(): Fix fallback to default variable after error with configfile.
  * bmo#1830415 - Switch to the mozillareleases/image_builder image
- Follow upstream changes in nss-fips-constructor-self-tests.patch (switch from ec_field_GFp to ec_field_plain)
- Remove part of nss-fips-zeroization.patch that got removed upstream
- update to NSS 3.100
  - bmo#1893029 - merge pk11_kyberSlotList into pk11_ecSlotList for
    faster Xyber operations.
  - bmo#1893752 - remove ckcapi.
  - bmo#1893162 - avoid a potential PK11GenericObject memory leak.
  - bmo#671060  - Remove incomplete ESDH code.
  - bmo#215997  - Decrypt RSA OAEP encrypted messages.
  - bmo#1887996 - Fix certutil CRLDP URI code.
  - bmo#1890069 - Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys.
  - bmo#676118  - Add ability to encrypt and decrypt CMS messages using ECDH.
  - bmo#676100  - Correct Templates for key agreement in smime/cmsasn.c.
  - bmo#1548723 - Moving the decodedCert allocation to NSS.
  - bmo#1885404 - Allow developers to speed up repeated local execution
    of NSS tests that depend on certificates.
- update to NSS 3.99
  * Removing check for message len in ed25519 (bmo#1325335)
  * add ed25519 to SECU_ecName2params. (bmo#1884276)
  * add EdDSA wycheproof tests. (bmo#1325335)
  * nss/lib layer code for EDDSA. (bmo#1325335)
  * Adding EdDSA implementation. (bmo#1325335)
  * Exporting Certificate Compression types (bmo#1881027)
  * Updating ACVP docker to rust 1.74 (bmo#1880857)
  * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335)
  * Add NSS_CMSRecipient_IsSupported. (bmo#1877730)
- update to NSS 3.98
  * bmo#1780432 - (CVE-2023-5388) Timing attack against RSA decryption
    in TLS
  * bmo#1879513 - Certificate Compression: enabling the check that
    the compression was advertised
  * bmo#1831552 - Move Windows workers to nss-1/b-win2022-alpha
  * bmo#1879945 - Remove Email trust bit from OISTE WISeKey
    Global Root GC CA
  * bmo#1877344 - Replace `distutils.spawn.find_executable` with
    `shutil.which` within `mach` in `nss`
  * bmo#1548723 - Certificate Compression: Updating nss_bogo_shim to
    support Certificate compression
  * bmo#1548723 - TLS Certificate Compression (RFC 8879) Implementation
  * bmo#1875356 - Add valgrind annotations to freebl kyber operations
    for constant-time execution tests
  * bmo#1870673 - Set nssckbi version number to 2.66
  * bmo#1874017 - Add Telekom Security roots
  * bmo#1873095 - Add D-Trust 2022 S/MIME roots
  * bmo#1865450 - Remove expired Security Communication RootCA1 root
  * bmo#1876179 - move keys to a slot that supports concatenation in
    PK11_ConcatSymKeys
  * bmo#1876800 - remove unmaintained tls-interop tests
  * bmo#1874937 - bogo: add support for the -ipv6 and -shim-id shim
    flags
  * bmo#1874937 - bogo: add support for the -curves shim flag and
    update Kyber expectations
  * bmo#1874937 - bogo: adjust expectation for a key usage bit test
  * bmo#1757758 - mozpkix: add option to ignore invalid subject
    alternative names
  * bmo#1841029 - Fix selfserv not stripping `publicname:` from -X value
  * bmo#1876390 - take ownership of ecckilla shims
  * bmo#1874458 - add valgrind annotations to freebl/ec.c
  * bmo#864039  - PR_INADDR_ANY needs PR_htonl before assignment to inet.ip
  * bmo#1875965 - Update zlib to 1.3.1
- Use %patch -P N instead of deprecated %patchN.
- update to NSS 3.97
  * bmo#1875506 - make Xyber768d00 opt-in by policy
  * bmo#1871631 - add libssl support for xyber768d00
  * bmo#1871630 - add PK11_ConcatSymKeys
  * bmo#1775046 - add Kyber and a PKCS#11 KEM interface to softoken
  * bmo#1871152 - add a FreeBL API for Kyber
  * bmo#1826451 - part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff
  * bmo#1826451 - part 1: add a script for vendoring kyber from pq-crystals repo
  * bmo#1835828 - Removing the calls to RSA Blind from loader.*
  * bmo#1874111 - fix worker type for level3 mac tasks
  * bmo#1835828 - RSA Blind implementation
  * bmo#1869642 - Remove DSA selftests
  * bmo#1873296 - read KWP testvectors from JSON
  * bmo#1822450 - Backed out changeset dcb174139e4f
  * bmo#1822450 - Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation
  * bmo#1871219 - Wrap CC shell commands in gyp expansions
- update to NSS 3.96.1
  * bmo#1869408 - Use pypi dependencies for MacOS worker in ./build_gyp.sh
  * bmo#1830978 - p7sign: add -a hash and -u certusage (also p7verify cleanups)
  * bmo#1867408 - add a defensive check for large ssl_DefSend return values
  * bmo#1869378 - Add dependency to the taskcluster script for Darwin
  * bmo#1869378 - Upgrade version of the MacOS worker for the CI
- add nss-allow-slow-tests-s390x.patch: "certutil dump keys with
  explicit default trust flags" test needs longer than the allowed
  6 seconds on s390x
- update to NSS 3.95
  * bmo#1842932 - Bump builtins version number.
  * bmo#1851044 - Remove Email trust bit from Autoridad de Certificacion
    Firmaprofesional CIF A62634068 root cert.
  * bmo#1855318 - Remove 4 DigiCert (Symantec/Verisign) Root Certificates
  * bmo#1851049 - Remove 3 TrustCor Root Certificates from NSS.
  * bmo#1850982 - Remove Camerfirma root certificates from NSS.
  * bmo#1842935 - Remove old Autoridad de Certificacion Firmaprofesional
    Certificate.
  * bmo#1860670 - Add four Commscope root certificates to NSS.
  * bmo#1850598 - Add TrustAsia Global Root CA G3 and G4 root certificates.
  * bmo#1863605 - Include P-384 and P-521 Scalar Validation from HACL*
  * bmo#1861728 - Include P-256 Scalar Validation from HACL*.
  * bmo#1861265 - After the HACL 256 ECC patch, NSS incorrectly encodes
    256 ECC without DER wrapping at the softoken level
  * bmo#1837987 - Add means to provide library parameters to C_Initialize
  * bmo#1573097 - clang format
  * bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
  * bmo#1858241 - Typo in ssl3_AppendHandshakeNumber
  * bmo#1858241 - Introducing input check of ssl3_AppendHandshakeNumber
  * bmo#1573097 - Fix Invalid casts in instance.c
- update to NSS 3.94
  * bmo#1853737 - Updated code and commit ID for HACL*
  * bmo#1840510 - update ACVP fuzzed test vector: refuzzed with
    current NSS
  * bmo#1827303 - Softoken C_ calls should use system FIPS setting
    to select NSC_ or FC_ variants
  * bmo#1774659 - NSS needs a database tool that can dump the low level
    representation of the database
  * bmo#1852179 - declare string literals using char in pkixnames_tests.cpp
  * bmo#1852179 - avoid implicit conversion for ByteString
  * bmo#1818766 - update rust version for acvp docker
  * bmo#1852011 - Moving the init function of the mpi_ints before
    clean-up in ec.c
  * bmo#1615555 - P-256 ECDH and ECDSA from HACL*
  * bmo#1840510 - Add ACVP test vectors to the repository
  * bmo#1849077 - Stop relying on std::basic_string<uint8_t>
  * bmo#1847845 - Transpose the PPC_ABI check from Makefile to gyp
- rebased patches
- added nss-fips-test.patch to fix broken test
- Update to NSS 3.93:
  * bmo#1849471 - Update zlib in NSS to 1.3.
  * bmo#1848183 - softoken: iterate hashUpdate calls for long inputs.
  * bmo#1813401 - regenerate NameConstraints test certificates (boo#1214980).
- Rebase nss-fips-pct-pubkeys.patch.
- update to NSS 3.92
  * bmo#1822935 - Set nssckbi version number to 2.62
  * bmo#1833270 - Add 4 Atos TrustedRoot Root CA certificates to NSS
  * bmo#1839992 - Add 4 SSL.com Root CA certificates
  * bmo#1840429 - Add Sectigo E46 and R46 Root CA certificates
  * bmo#1840437 - Add LAWtrust Root CA2 (4096)
  * bmo#1822936 - Remove E-Tugra Certification Authority root
  * bmo#1827224 - Remove Camerfirma Chambers of Commerce Root.
  * bmo#1840505 - Remove Hongkong Post Root CA 1
  * bmo#1842928 - Remove E-Tugra Global Root CA ECC v3 and RSA v3
  * bmo#1842937 - Avoid redefining BYTE_ORDER on hppa Linux
- update to NSS 3.91
  * bmo#1837431 - Implementation of the HW support check for ADX instruction
  * bmo#1836925 - Removing the support of Curve25519
  * bmo#1839795 - Fix comment about the addition of ticketSupportsEarlyData
  * bmo#1839327 - Adding args to enable-legacy-db build
  * bmo#1835357 - dbtests.sh failure in "certutil dump keys with explicit
    default trust flags"
  * bmo#1837617 - Initialize flags in slot structures
  * bmo#1835425 - Improve the length check of RSA input to avoid heap overflow
  * bmo#1829112 - Followup Fixes
  * bmo#1784253 - avoid processing unexpected inputs by checking for
    m_exptmod base sign
  * bmo#1826652 - add a limit check on order_k to avoid infinite loop
  * bmo#1834851 - Update HACL* to commit 5f6051d2
  * bmo#1753026 - add SHA3 to cryptohi and softoken
  * bmo#1753026 - HACL SHA3
  * bmo#1836781 - Disabling ASM C25519 for A but X86_64
- removed upstreamed patch nss-fix-bmo1836925.patch

- update to NSS 3.90.3
  * bmo#1901080 - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
  * bmo#1748105 - clean up escape handling.
  * bmo#1895032 - remove redundant AllocItem implementation.
  * bmo#1836925 - Disable ASM support for Curve25519.
  * bmo#1836781 - Disable ASM support for Curve25519 for all but X86_64.
- remove upstreamed nss-fix-bmo1836925.patch

- Adding nss-fips-bsc1223724.patch to fix startup crash of Firefox
  when using FIPS-mode (bsc#1223724).

- Added "Provides: nss" so other RPMs that require 'nss' can
  be installed (jira PED-6358).

- update to NSS 3.90.2
  * bmo#1780432 - (CVE-2023-5388) Timing attack against RSA
    decryption in TLS. (bsc#1216198)
  * bmo#1867408 - add a defensive check for large ssl_DefSend
    return values.

- update to NSS 3.90.1
  * bmo#1813401 - regenerate NameConstraints test certificates.
  * bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
- Remove nss-fix-bmo1813401.patch which is now upstream.

- Add nss-fix-bmo1813401.patch to fix bsc#1214980

- update to NSS 3.90
  * bmo#1623338 - ride along: remove a duplicated doc page
  * bmo#1623338 - remove a reference to IRC
  * bmo#1831983 - clang-format lib/freebl/stubs.c
  * bmo#1831983 - Add a constant time select function
  * bmo#1774657 - Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access.
  * bmo#1830973 - output early build errors by default
  * bmo#1804505 - Update the technical constraints for KamuSM
  * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates
  * bmo#1790763 - Enable default UBSan Checks
  * bmo#1786018 - Add explicit handling of zero length records
  * bmo#1829391 - Tidy up DTLS ACK Error Handling Path
  * bmo#1786018 - Refactor zero length record tests
  * bmo#1829112 - Fix compiler warning via correct assert
  * bmo#1755267 - run linux tests on nss-t/t-linux-xlarge-gcp
  * bmo#1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator
  * bmo#1784163 - Fix reading raw negative numbers
  * bmo#1748237 - Repairing unreachable code in clang built with gyp
  * bmo#1783647 - Integrate Vale Curve25519
  * bmo#1799468 - Removing unused flags for Hacl*
  * bmo#1748237 - Adding a better error message
  * bmo#1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6
  * bmo#1782980 - Fall back to the softokn when writing certificate trust
  * bmo#1806010 - FIPS-104-3 requires we restart post programmatically
  * bmo#1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13
  * bmo#1818766 - Update ACVP dockerfile for compatibility with debian package changes
  * bmo#1815796 - Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files
  * bmo#1819958 - Removed deprecated sprintf function and replaced with snprintf
  * bmo#1822076 - fix rst warnings in nss doc
  * bmo#1821997 - Fix incorrect pygment style
  * bmo#1821292 - Change GYP directive to apply across platforms
  * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag
- Add nss-fix-bmo1836925.patch to fix build-errors
- Merge the libfreebl3-hmac and libsoftokn3-hmac packages
  into the respective libraries. (bsc#1185116)
- update to NSS 3.89.1
  * bmo#1804505 - Update the technical constraints for KamuSM.
  * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates.
- update to NSS 3.89
  * bmo#1820834 - revert freebl/softoken RSA_MIN_MODULUS_BITS increase
  * bmo#1820175 - PR_STATIC_ASSERT is cursed
  * bmo#1767883 - Need to add policy control to keys lengths for signatures
  * bmo#1820175 - Fix unreachable code warning in fuzz builds
  * bmo#1820175 - Fix various compiler warnings in NSS
  * bmo#1820175 - Enable various compiler warnings for clang builds
  * bmo#1815136 - set PORT error after sftk_HMACCmp failure
  * bmo#1767883 - Need to add policy control to keys lengths for signatures
  * bmo#1804662 - remove data length assertion in sec_PKCS7Decrypt
  * bmo#1804660 - Make high tag number assertion failure an error
  * bmo#1817513 - CKM_SHA384_KEY_DERIVATION correction maximum key
    length from 284 to 384
  * bmo#1815167 - Tolerate certificate_authorities xtn in ClientHello
  * bmo#1789436 - Fix build failure on Windows
  * bmo#1811337 - migrate Win 2012 tasks to Azure
  * bmo#1810702 - fix title length in doc
  * bmo#1570615 - Add interop tests for HRR and PSK to GREASE suite
  * bmo#1570615 - Add presence/absence tests for TLS GREASE
  * bmo#1804688 - Correct addition of GREASE value to ALPN xtn
  * bmo#1789436 - CH extension permutation
  * bmo#1570615 - TLS GREASE (RFC8701)
  * bmo#1804640 - improve handling of unknown PKCS#12 safe bag types
  * bmo#1815870 - use a different treeherder symbol for each docker
    image build task
  * bmo#1815868 - pin an older version of the ubuntu:18.04 and
    20.04 docker images
  * bmo#1810702 - remove nested table in rst doc
  * bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag
  * bmo#1812671 - build failure while implicitly casting SECStatus
    to PRUInt32
- update to NSS 3.88.1
  * bmo#1804640 - improve handling of unknown PKCS#12 safe bag types
- update to NSS 3.88
  * bmo#1815870 - use a different treeherder symbol for each docker
    image build task
  * bmo#1815868 - pin an older version of the ubuntu:18.04 and
    20.04 docker images
  * bmo#1810702 - remove nested table in rst doc
  * bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag.
  * bmo#1812671 - build failure while implicitly casting SECStatus
    to PRUInt32
  * bmo#1212915 - Add check for ClientHello SID max length
  * bmo#1771100 - Added EarlyData ALPN test support to BoGo shim
  * bmo#1790357 - ECH client - Discard resumption TLS < 1.3
    Session(IDs|Tickets) if ECH configs are setup
  * bmo#1714245 - On HRR skip PSK incompatible with negotiated
    ciphersuites hash algorithm
  * bmo#1789410 - ECH client: Send ech_required alert on server
    negotiating TLS 1.2. Fixed misleading Gtest,
    enabled corresponding BoGo test
  * bmo#1771100 - Added Bogo ECH rejection test support
  * bmo#1771100 - Added ECH 0Rtt support to BoGo shim
  * bmo#1747957 - RSA OAEP Wycheproof JSON
  * bmo#1747957 - RSA decrypt Wycheproof JSON
  * bmo#1747957 - ECDSA Wycheproof JSON
  * bmo#1747957 - ECDH Wycheproof JSON
  * bmo#1747957 - PKCS#1v1.5 wycheproof json
  * bmo#1747957 - Use X25519 wycheproof json
  * bmo#1766767 - Move scripts to python3
  * bmo#1809627 - Properly link FuzzingEngine for oss-fuzz.
  * bmo#1805907 - Extending RSA-PSS bltest test coverage
    (Adding SHA-256 and SHA-384)
  * bmo#1804091 - NSS needs to move off of DSA for integrity checks
  * bmo#1805815 - Add initial testing with ACVP vector sets using
    acvp-rust
  * bmo#1806369 - Don't clone libFuzzer, rely on clang instead
- update to NSS 3.87
  * bmo#1803226 - NULL password encoding incorrect
  * bmo#1804071 - Fix rng stub signature for fuzzing builds
  * bmo#1803595 - Updating the compiler parsing for build
  * bmo#1749030 - Modification of supported compilers
  * bmo#1774654 - tstclnt crashes when accessing gnutls server
    without a user cert in the database.
  * bmo#1751707 - Add configuration option to enable source-based
    coverage sanitizer
  * bmo#1751705 - Update ECCKiila generated files.
  * bmo#1730353 - Add support for the LoongArch 64-bit architecture
  * bmo#1798823 - add checks for zero-length RSA modulus to avoid
    memory errors and failed assertions later
  * bmo#1798823 - Additional zero-length RSA modulus checks
- Remove nss-fix-bmo1774654.patch which is now upstream
- update to NSS 3.86
  * bmo#1803190 - conscious language removal in NSS
  * bmo#1794506 - Set nssckbi version number to 2.60
  * bmo#1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
    CKA_NSS_EMAIL_DISTRUST_AFTER for 3
    TrustCor Root Certificates
  * bmo#1799038 - Remove Staat der Nederlanden EV Root CA from NSS
  * bmo#1797559 - Remove EC-ACC root cert from NSS
  * bmo#1794507 - Remove SwissSign Platinum CA - G2 from NSS
  * bmo#1794495 - Remove Network Solutions Certificate Authority
  * bmo#1802331 - compress docker image artifact with zstd
  * bmo#1799315 - Migrate nss from AWS to GCP
  * bmo#1800989 - Enable static builds in the CI
  * bmo#1765759 - Removing SAW docker from the NSS build system
  * bmo#1783231 - Initialising variables in the rsa blinding code
  * bmo#320582 - Implementation of the double-signing of the message
    for ECDSA
  * bmo#1783231 - Adding exponent blinding for RSA.
- update to NSS 3.85
  * bmo#1792821 - Modification of the primes.c and dhe-params.c in
    order to have better looking tables
  * bmo#1796815 - Update zlib in NSS to 1.2.13
  * bmo#1796504 - Skip building modutil and shlibsign when building
    in Firefox
  * bmo#1796504 - Use __STDC_VERSION__ rather than __STDC__ as a guard
  * bmo#1796407 - Fix -Wunused-but-set-variable warning from clang 15
  * bmo#1796308 - Fix -Wtautological-constant-out-of-range-compare
    and -Wtype-limits warnings
  * bmo#1796281 - Followup: add missing stdint.h include
  * bmo#1796281 - Fix -Wint-to-void-pointer-cast warnings
  * bmo#1796280 - Fix -Wunused-{function,variable,but-set-variable}
    warnings on Windows
  * bmo#1796079 - Fix -Wstring-conversion warnings
  * bmo#1796075 - Fix -Wempty-body warnings
  * bmo#1795242 - Fix unused-but-set-parameter warning
  * bmo#1795241 - Fix unreachable-code warnings
  * bmo#1795222 - Mark _nss_version_c unused on clang-cl
  * bmo#1795668 - Remove redundant variable definitions in lowhashtest
  * Add note about python executable to build instructions.
- update to NSS 3.84
  * bmo#1791699 - Bump minimum NSPR version to 4.35
  * bmo#1792103 - Add a flag to disable building libnssckbi.
- update to NSS 3.83
  * bmo#1788875 - Remove set-but-unused variables from
    SEC_PKCS12DecoderValidateBags
  * bmo#1563221 - remove older oses that are unused part3/ BeOS
  * bmo#1563221 - remove older unix support in NSS part 3 Irix
  * bmo#1563221 - remove support for older unix in NSS part 2 DGUX
  * bmo#1563221 - remove support for older unix in NSS part 1 OSF
  * bmo#1778413 - Set nssckbi version number to 2.58
  * bmp#1785297 - Add two SECOM root certificates to NSS
  * bmo#1787075 - Add two DigitalSign root certificates to NSS
  * bmo#1778412 - Remove Camerfirma Global Chambersign Root from NSS
  * bmo#1771100 - Added bug reference and description to disabled
    UnsolicitedServerNameAck bogo ECH test
  * bmo#1779361 - Removed skipping of ECH on equality of private and
    public server name
  * bmo#1779357 - Added comment and bug reference to
    ECHRandomHRRExtension bogo test
  * bmo#1779370 - Added Bogo shim client HRR test support. Fixed
    overwriting of CHInner.random on HRR
  * bmo#1779234 - Added check for server only sending ECH extension
    with retry configs in EncryptedExtensions and if not
    accepting ECH. Changed config setting behavior to
    skip configs with unsupported mandatory extensions
    instead of failing
  * bmo# 1771100 - Added ECH client support to BoGo shim. Changed
    CHInner creation to skip TLS 1.2 only extensions to
    comply with BoGo
  * bmo#1771100 - Added ECH server support to BoGo shim. Fixed NSS ECH
    server accept_confirmation bugs
  * bmo#1771100 - Update BoGo tests to recent BoringSSL version
  * bmo#1785846 - Bump minimum NSPR version to 4.34.1
- update to NSS 3.82
  * bmo#1330271 - check for null template in sec_asn1{d,e}_push_state
  * bmo#1735925 - QuickDER: Forbid NULL tags with non-zero length
  * bmo#1784724 - Initialize local variables in
    TlsConnectTestBase::ConnectAndCheckCipherSuite
  * bmo#1784191 - Cast the result of GetProcAddress
  * bmo#1681099 - pk11wrap: Tighten certificate lookup based on
    PKCS #11 URI.
- update to NSS 3.81
  * bmo#1762831 - Enable aarch64 hardware crypto support on OpenBSD
  * bmo#1775359 - make NSS_SecureMemcmp 0/1 valued
  * bmo#1779285 - Add no_application_protocol alert handler and
    test client error code is set
  * bmo#1777672 - Gracefully handle null nickname in
    CERT_GetCertNicknameWithValidity
  * required for Firefox 104
- raised NSPR requirement to 4.34.1
- changing some Requires from (pre) to generic as (pre) is not
  sufficient (boo#1202118)
- update to NSS 3.80
  * bmo#1774720 - Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h.
  * bmo#1617956 - Add support for asynchronous client auth hooks.
  * bmo#1497537 - nss-policy-check: make unknown keyword check optional.
  * bmo#1765383 - GatherBuffer: Reduced plaintext buffer allocations
    by allocating it on initialization. Replaced
    redundant code with assert. Debug builds: Added
    buffer freeing/allocation for each record.
  * bmo#1773022 - Mark 3.79 as an ESR release.
  * bmo#1764206 - Bump nssckbi version number for June.
  * bmo#1759815 - Remove Hellenic Academic 2011 Root.
  * bmo#1770267 - Add E-Tugra Roots.
  * bmo#1768970 - Add Certainly Roots.
  * bmo#1764392 - Add DigitCert Roots.
  * bmo#1759794 - Protect SFTKSlot needLogin with slotLock.
  * bmo#1366464 - Compare signature and signatureAlgorithm fields in
    legacy certificate verifier.
  * bmo#1771497 - Uninitialized value in cert_VerifyCertChainOld.
  * bmo#1771495 - Unchecked return code in sec_DecodeSigAlg.
  * bmo#1771498 - Uninitialized value in cert_ComputeCertType.
  * bmo#1760998 - Avoid data race on primary password change.
  * bmo#1769063 - Replace ppc64 dcbzl intrinisic.
  * bmo#1771036 - Allow LDFLAGS override in makefile builds.

- Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) with
  fixes to PBKDF2 parameter validation.

- Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) to
  validate extra PBKDF2 parameters according to FIPS 140-3.

- Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546) to
  update session->lastOpWasFIPS before destroying the key after
  derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE,
  CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256,
  CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases.
- Update nss-fips-pct-pubkeys.patch (bsc#1207209) to remove some
  excess code.

- Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546).

- Add nss-fips-pct-pubkeys.patch (bsc#1207209) for pairwise consistency
  checks. Thanks to Martin for the DHKey parts.

- Add manpages to mozilla-nss-tools (bsc#1208242)

- update to NSS 3.79.4 (bsc#1208138)
  * Bug 1804640 - improve handling of unknown PKCS#12 safe bag types.
    (CVE-2023-0767)

- Add upstream patch nss-fix-bmo1774654.patch to fix CVE-2022-3479
  (bsc#1204272)

- update to NSS 3.79.3 (bsc#1207038)
  * Bug 1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
    CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates
    (CVE-2022-23491)

- Update nss-fips-approved-crypto-non-ec.patch to disapprove the
  creation of DSA keys, i.e. mark them as not-fips (bsc#1201298)

- Update nss-fips-approved-crypto-non-ec.patch to allow the use SHA
  keygen mechs (bsc#1191546).
- Update nss-fips-constructor-self-tests.patch to ensure abort() is
  called when the repeat integrity check fails (bsc#1198980).
netcfg
- Add krb-prop entry, fix for bsc#1211886.
nfs-utils
- Add 0032-exportfs-Ingnore-export-failures-in-nfs-server.seriv.patch
  Inconsistencies in /etc/exports shouldn't be fatal.
  (bsc#1212594)

- Add 0030-systemd-use-correct-modprobe-d-directory
  SLE15-SP5 an earlier don't use /usr/lib/modprobe.d
  (bsc#1200710)
- Add 0031-mountd-don-t-advertise-krb5-for-v4root-when-not-conf.patch
  Avoid unhelpful warning if rpcsec_gss_krb5.ko not installed

- Add 0028-mount.nfs-always-include-mountpoint-or-spec-if-error.patch
  boo#1157881
- Add 0029-nfsd.man-fix-typo-in-section-on-scope.patch
  bsc#1209859
- Allow scope to be set in sysconfig: NFSD_SCOPE

- Rename all drop-in options.conf files as 10-options.conf
  This makes it easier for other packages to over-ride
  with a drop-in with a later sequence number.
  resource-agents does this.
  (bsc#1207843)

- 0026-modprobe-avoid-error-messages-if-sbin-sysctl-fail.patch
  Avoid modprobe errors when sysctl is not installed.
  (bsc#1200710 bsc#1207022 bsc#1206781)
- 0027-nfsd-allow-server-scope-to-be-set-with-config-or-com.patch
  Add "-S scope" option to rpc.nfsd to simplify fail-over cluster
  config.
  (bsc#1203746)

- add 0025-nfsdcltrack-getopt_long-fails-on-a-non-x86_64-archs.patch
  Fix nfsdcltrack bug that affected non-x86 archs.
  (bsc#1202627)

- 0024-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch
  Ensure sysctl setting work (bsc#1199856)
nfsidmap
- 0001-Removed-some-unused-and-set-but-not-used-warnings.patch
  0002-Handle-NULL-names-better.patch
  0003-Strip-newlines-out-of-IDMAP_LOG-messages.patch
  0004-onf_parse_line-Ignore-whitespace-at-the-beginning-of.patch
  0005-nss.c-wrong-check-of-return-value.patch
  0006-Fixed-a-memory-leak-nss_name_to_gid.patch
  Various bugfixes and improvemes from upstream
  In particular, 0001 fixes a crash that can happen when
  a 'static' mapping is configured.
  (bnc#1200901)
openssh
- Add patches from upstream to change the default value of
  UpdateHostKeys to Yes (unless VerifyHostKeyDNS is enabled).
  This makes ssh update the known_hosts stored keys with all
  published versions by the server (after it's authenticated
  with an existing key), which will allow to identify the
  server with a different key if the existing key is considered
  insecure at some point in the future (bsc#1222831).
  * 0001-upstream-enable-UpdateHostkeys-by-default-when-the.patch
  * 0002-upstream-disable-UpdateHostkeys-by-default-if.patch

- Add patches openssh-7.7p1-seccomp_getuid.patch and
  openssh-bsc1216474-s390-leave-fds-open.patch
  (bsc#1216474, bsc#1218871)

- Fix hostbased ssh login failing occasionally with "signature
  unverified: incorrect signature" by fixing a typo in patch
  (bsc#1221123):
  * openssh-7.8p1-role-mls.patch

- Added openssh-cve-2023-51385.patch (bsc#1218215, CVE-2023-51385).
  This limits the use of shell metacharacters in host- and
  user names.

- Added openssh-cve-2023-48795.patch (bsc#1217950, CVE-2023-48795).
  This mitigates a prefix truncation attack that could be used to
  undermine channel security.

- Enhanced SELinux functionality. Added
  * openssh-7.8p1-role-mls.patch
    Proper handling of MLS systems and basis for other SELinux
    improvements
  * openssh-6.6p1-privsep-selinux.patch
    Properly set contexts during privilege separation
  * openssh-6.6p1-keycat.patch
    Add ssh-keycat command to allow retrival of authorized_keys
    on MLS setups with polyinstantiation
  * openssh-6.6.1p1-selinux-contexts.patch
    Additional changes to set the proper context during privilege
    separation
  * openssh-7.6p1-cleanup-selinux.patch
    Various changes and putting the pieces together
  For now we don't ship the ssh-keycat command, but we need the patch
  for the other SELinux infrastructure
  This change fixes issues like bsc#1214788, where the ssh daemon
  needs to act on behalf of a user and needs a proper context for this

- Add openssh-CVE-2023-38408-PKCS11-execution.patch, Abort if
  requested to load a PKCS#11 provider that isnt a PKCS#11
  provider (bsc#1213504,CVE-2023-38408)

- openssh-7.7p1-fips_checks.patch: close the right filedescriptor
  to avoid fd leads, and also close fdh in read_hmac (bsc#1209536)

- Revert addition of openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish:
  This caused invalid and irrelevant environment assignments (bsc#1207014).

- Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish: Make ssh
  connections update their dbus environment (bsc#1179465).
pam-config
- Fix pam_gnome_keyring module for AUTH.
  [pam-config-fix-pam_gnome_keyring.patch, bsc#1219767]
pam
- Add missing O_DIRECTORY flag in `protect_dir()` for pam_namespace module.
  [bsc#1218475, pam-bsc1218475-pam_namespace-O_DIRECTORY-flag.patch]

- pam_lastlog: check localtime_r() return value (bsc#1217000)
  * Added: pam-bsc1217000-pam_lastlog-check-localtime_r-return-value.patch
perl-Bootloader
- merge gh#openSUSE/perl-bootloader#157
- bootloader_entry script can have an optional 'force-default'
  argument (bsc#1215064)
- skip warning about unsupported options when in compat mode
- 0.945

- merge gh#openSUSE/perl-bootloader#152
- use signed grub EFI binary when updating grub in default EFI
  location (bsc#1210799)
- check whether grub2-install supports --suse-force-signed option
- 0.944

- merge gh#openSUSE/perl-bootloader#147
- UEFI: update also default location, if it is controlled by SUSE
  (bsc#1210799, bsc#1201399)
- 0.943

- merge gh#openSUSE/perl-bootloader#142
- use fw_platform_size to distinguish between 32 bit and 64 bit
  UEFI platforms (bsc#1208003)
- 0.942

- merge gh#openSUSE/perl-bootloader#141
- systemd-boot: easier initial setup
- 0.941

- merge gh#openSUSE/perl-bootloader#140
- add basic support for systemd-boot
- 0.940
perl
- fix space calculation issues in pp_pack.c [bnc#1082216]
  [CVE-2018-6913]
  * new patch: perl-pack-overflow.diff
- fix heap buffer overflow in regexec.c [bnc#1082233]
  [CVE-2018-6798]
  new patch: perl-regexec-heap-overflow.diff
- make Net::FTP work with TLS 1.3 [bnc#1213638]
  new patch: perl-net-ftp-tls13.diff

- enable TLS cert verification in CPAN [bnc#1210999] [CVE-2023-31484]
  new patch: perl-cpan_verify_cert.diff
permissions
- Update to version 20181225:
  * Backport postfix to SLE-15-SP2 (bsc#1206738)
psmisc
- Fix version at configure time as there was no .tarball-version
purge-kernels-service
- Change service type to exec (boo#1198668).
python-Jinja2
- Add CVE-2024-34064.patch upstream patch
  (CVE-2024-34064, bsc#1223980, gh#pallets/jinja@0668239dc6b4)
  Also fixes (CVE-2024-22195, bsc#1218722)
python-PyJWT
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Drop CVE-2022-29217-non-blocked-pubkeys.patch since the issue
  was fixed upstream in version 2.4.0
python-PyNaCl
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

- six is needed by testsuite

- Update to 1.4.0
  * Update ``libsodium`` to 1.0.18.
  * **BACKWARDS INCOMPATIBLE:** We no longer distribute 32-bit ``manylinux1``
    wheels. Continuing to produce them was a maintenance burden.
  * Added support for Python 3.8, and removed support for Python 3.4.
  * Add low level bindings for extracting the seed and the public key
    from crypto_sign_ed25519 secret key
  * Add low level bindings for deterministic random generation.
  * Add ``wheel`` and ``setuptools`` setup_requirements in ``setup.py`` (#485)
  * Fix checks on very slow builders (#481, #495)
  * Add low-level bindings to ed25519 arithmetic functions
  * Update low-level blake2b state implementation
  * Fix wrong short-input behavior of SealedBox.decrypt() (#517)
  * Raise CryptPrefixError exception instead of InvalidkeyError when trying
    to check a password against a verifier stored in a unknown format (#519)
  * Add support for minimal builds of libsodium. Trying to call functions
    not available in a minimal build will raise an UnavailableError
    exception. To compile a minimal build of the bundled libsodium, set
    the SODIUM_INSTALL_MINIMAL environment variable to any non-empty
    string (e.g. ``SODIUM_INSTALL_MINIMAL=1``) for setup.
- removed obsolete back-port patch:
  * fix_tests.patch
  * hypothesis-no-unilmited.patch
  * python-PyNaCl-hypothesis-remove-average_size.patch

- Fix tests with latest hypothesis:
  * hypothesis-no-unilmited.patch
python-boto3
- Update in SLE-15 (bsc#1209255, jsc#PED-3780)
- Add python-python-dateutil and python-jmespath to BuildRequires

- Update to 1.26.89
  * api-change:``ivschat``: [``botocore``] This release adds a new exception returned when calling
    AWS IVS chat UpdateLoggingConfiguration. Now UpdateLoggingConfiguration can return
    ConflictException when invalid updates are made in sequence to Logging Configurations.
  * api-change:``secretsmanager``: [``botocore``] The type definitions of SecretString and
    SecretBinary now have a minimum length of 1 in the model to match the exception thrown when you
    pass in empty values.
- from version 1.26.88
  * api-change:``codeartifact``: [``botocore``] This release introduces the generic package format, a
    mechanism for storing arbitrary binary assets. It also adds a new API, PublishPackageVersion, to
    allow for publishing generic packages.
  * api-change:``connect``: [``botocore``] This release adds a new API, GetMetricDataV2, which
    returns metric data for Amazon Connect.
  * api-change:``evidently``: [``botocore``] Updated entity override documentation
  * api-change:``networkmanager``: [``botocore``] This update provides example usage for
    TransitGatewayRouteTableArn.
  * api-change:``quicksight``: [``botocore``] This release has two changes: add state persistence
    feature for embedded dashboard and console in GenerateEmbedUrlForRegisteredUser API; add properties
    for hidden collapsed row dimensions in PivotTableOptions.
  * api-change:``redshift-data``: [``botocore``] Added support for Redshift Serverless workgroup-arn
    wherever the WorkgroupName parameter is available.
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Inference now allows SSM access to
    customer's model container by setting the "EnableSSMAccess" parameter for a ProductionVariant in
    CreateEndpointConfig API.
  * api-change:``servicediscovery``: [``botocore``] Updated all AWS Cloud Map APIs to provide
    consistent throttling exception (RequestLimitExceeded)
  * api-change:``sesv2``: [``botocore``] This release introduces a new recommendation in Virtual
    Deliverability Manager Advisor, which detects missing or misconfigured Brand Indicator for Message
    Identification (BIMI) DNS records for customer sending identities.
- from version 1.26.87
  * api-change:``athena``: [``botocore``] A new field SubstatementType is added to GetQueryExecution
    API, so customers have an error free way to detect the query type and interpret the result.
  * api-change:``dynamodb``: [``botocore``] Adds deletion protection support to DynamoDB tables.
    Tables with deletion protection enabled cannot be deleted. Deletion protection is disabled by
    default, can be enabled via the CreateTable or UpdateTable APIs, and is visible in
    TableDescription. This setting is not replicated for Global Tables.
  * api-change:``ec2``: [``botocore``] Introducing Amazon EC2 C7g, M7g and R7g instances, powered by
    the latest generation AWS Graviton3 processors and deliver up to 25% better performance over
    Graviton2-based instances.
  * api-change:``lakeformation``: [``botocore``] This release adds two new API support
    "GetDataCellsFiler" and "UpdateDataCellsFilter", and also updates the corresponding documentation.
  * api-change:``mediapackage-vod``: [``botocore``] This release provides the date and time VOD
    resources were created.
  * api-change:``mediapackage``: [``botocore``] This release provides the date and time live
    resources were created.
  * api-change:``route53resolver``: [``botocore``] Add dual-stack and IPv6 support for Route 53
    Resolver Endpoint,Add IPv6 target IP in Route 53 Resolver Forwarding Rule
  * api-change:``sagemaker``: [``botocore``] There needs to be a user identity to specify the
    SageMaker user who perform each action regarding the entity. However, these is a not a unified
    concept of user identity across SageMaker service that could be used today.
- from version 1.26.86
  * api-change:``dms``: [``botocore``] This release adds DMS Fleet Advisor Target Recommendation APIs
    and exposes functionality for DMS Fleet Advisor. It adds functionality to start Target
    Recommendation calculation.
  * api-change:``location``: [``botocore``] Documentation update for the release of 3 additional map
    styles for use with Open Data Maps: Open Data Standard Dark, Open Data Visualization Light & Open
    Data Visualization Dark.
- from version 1.26.85
  * api-change:``account``: [``botocore``] AWS Account alternate contact email addresses can now have
    a length of 254 characters and contain the character "|".
  * api-change:``ivs``: [``botocore``] Updated text description in DeleteChannel, Stream, and
    StreamSummary.
- from version 1.26.84
  * api-change:``dynamodb``: [``botocore``] Documentation updates for DynamoDB.
  * api-change:``ec2``: [``botocore``] This release adds support for a new boot mode for EC2
    instances called 'UEFI Preferred'.
  * api-change:``macie2``: [``botocore``] Documentation updates for Amazon Macie
  * api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has improved
    handling for different input and output color space combinations.
  * api-change:``medialive``: [``botocore``] AWS Elemental MediaLive adds support for Nielsen
    watermark timezones.
  * api-change:``transcribe``: [``botocore``] Amazon Transcribe now supports role access for these
    API operations: CreateVocabulary, UpdateVocabulary, CreateVocabularyFilter, and
    UpdateVocabularyFilter.
- from version 1.26.83
  * api-change:``iot``: [``botocore``] A recurring maintenance window is an optional configuration
    used for rolling out the job document to all devices in the target group observing a predetermined
    start time, duration, and frequency that the maintenance window occurs.
  * api-change:``migrationhubstrategy``: [``botocore``] This release updates the File Import API to
    allow importing servers already discovered by customers with reduced pre-requisites.
  * api-change:``organizations``: [``botocore``] This release introduces a new reason code,
    ACCOUNT_CREATION_NOT_COMPLETE, to ConstraintViolationException in CreateOrganization API.
  * api-change:``pi``: [``botocore``] This release adds a new field PeriodAlignment to allow the
    customer specifying the returned timestamp of time periods to be either the start or end time.
  * api-change:``pipes``: [``botocore``] This release fixes some input parameter range and patterns.
  * api-change:``sagemaker``: [``botocore``] Add a new field "EndpointMetrics" in SageMaker Inference
    Recommender "ListInferenceRecommendationsJobSteps" API response.
- from version 1.26.82
  * api-change:``codecatalyst``: [``botocore``] Published Dev Environments StopDevEnvironmentSession
    API
  * api-change:``pricing``: [``botocore``] This release adds 2 new APIs - ListPriceLists which
    returns a list of applicable price lists, and GetPriceListFileUrl which outputs a URL to retrieve
    your price lists from the generated file from ListPriceLists
  * api-change:``s3outposts``: [``botocore``] S3 on Outposts introduces a new API ListOutpostsWithS3,
    with this API you can list all your Outposts with S3 capacity.
- from version 1.26.81
  * enhancement:Documentation: Splits service documentation into multiple sub-pages for better
    organization and faster loading time.
  * enhancement:Documentation: [``botocore``] Splits service documentation into multiple sub-pages
    for better organization and faster loading time.
  * api-change:``comprehend``: [``botocore``] Amazon Comprehend now supports flywheels to help you
    train and manage new model versions for custom models.
  * api-change:``ec2``: [``botocore``] This release allows IMDS support to be set to v2-only on an
    existing AMI, so that all future instances launched from that AMI will use IMDSv2 by default.
  * api-change:``kms``: [``botocore``] AWS KMS is deprecating the RSAES_PKCS1_V1_5 wrapping algorithm
    option in the GetParametersForImport API that is used in the AWS KMS Import Key Material feature.
    AWS KMS will end support for this wrapping algorithm by October 1, 2023.
  * api-change:``lightsail``: [``botocore``] This release adds Lightsail for Research feature
    support, such as GUI session access, cost estimates, stop instance on idle, and disk auto mount.
  * api-change:``managedblockchain``: [``botocore``] This release adds support for tagging to the
    accessor resource in Amazon Managed Blockchain
  * api-change:``omics``: [``botocore``] Minor model changes to accomodate batch imports feature
- from version 1.26.80
  * api-change:``devops-guru``: [``botocore``] This release adds the description field on
    ListAnomaliesForInsight and DescribeAnomaly API responses for proactive anomalies.
  * api-change:``drs``: [``botocore``] New fields were added to reflect availability zone data in
    source server and recovery instance description commands responses, as well as source server launch
    status.
  * api-change:``internetmonitor``: [``botocore``] CloudWatch Internet Monitor is a a new service
    within CloudWatch that will help application developers and network engineers continuously monitor
    internet performance metrics such as availability and performance between their AWS-hosted
    applications and end-users of these applications
  * api-change:``lambda``: [``botocore``] This release adds the ability to create ESMs with Document
    DB change streams as event source. For more information see
    https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html.
  * api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has added support
    for HDR10 to SDR tone mapping, and animated GIF video input sources.
  * api-change:``timestream-write``: [``botocore``] This release adds the ability to ingest batched
    historical data or migrate data in bulk from S3 into Timestream using CSV files.
- from version 1.26.79
  * api-change:``connect``: [``botocore``] StartTaskContact API now supports linked task creation
    with a new optional RelatedContactId parameter
  * api-change:``connectcases``: [``botocore``] This release adds the ability to delete domains
    through the DeleteDomain API. For more information see
    https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
  * api-change:``redshift``: [``botocore``] Documentation updates for Redshift API bringing it in
    line with IAM best practices.
  * api-change:``securityhub``: [``botocore``] New Security Hub APIs and updates to existing APIs
    that help you consolidate control findings and enable and disable controls across all supported
    standards
  * api-change:``servicecatalog``: [``botocore``] Documentation updates for Service Catalog
- Update BuildRequires and Requires from setup.py

- Update to 1.26.78
  * api-change:``appflow``: [``botocore``] This release enables the customers to choose whether to
    use Private Link for Metadata and Authorization call when using a private Salesforce connections
  * api-change:``ecs``: [``botocore``] This release supports deleting Amazon ECS task definitions
    that are in the INACTIVE state.
  * api-change:``grafana``: [``botocore``] Doc-only update. Updated information on attached role
    policies for customer provided roles
  * api-change:``guardduty``: [``botocore``] Updated API and data types descriptions for
    CreateFilter, UpdateFilter, and TriggerDetails.
  * api-change:``iotwireless``: [``botocore``] In this release, we add additional capabilities for
    the FUOTA which allows user to configure the fragment size, the sending interval and the redundancy
    ratio of the FUOTA tasks
  * api-change:``location``: [``botocore``] This release adds support for using Maps APIs with an API
    Key in addition to AWS Cognito. This includes support for adding, listing, updating and deleting
    API Keys.
  * api-change:``macie2``: [``botocore``] This release adds support for a new finding type,
    Policy:IAMUser/S3BucketSharedWithCloudFront, and S3 bucket metadata that indicates if a bucket is
    shared with an Amazon CloudFront OAI or OAC.
  * api-change:``wafv2``: [``botocore``] You can now associate an AWS WAF v2 web ACL with an AWS App
    Runner service.
- from version 1.26.77
  * api-change:``chime-sdk-voice``: [``botocore``] This release introduces support for Voice
    Connector media metrics in the Amazon Chime SDK Voice namespace
  * api-change:``cloudfront``: [``botocore``] CloudFront now supports block lists in origin request
    policies so that you can forward all headers, cookies, or query string from viewer requests to the
    origin *except* for those specified in the block list.
  * api-change:``datasync``: [``botocore``] AWS DataSync has relaxed the minimum length constraint of
    AccessKey for Object Storage locations to 1.
  * api-change:``opensearch``: [``botocore``] This release lets customers configure Off-peak window
    and software update related properties for a new/existing domain. It enhances the capabilities of
    StartServiceSoftwareUpdate API; adds 2 new APIs - ListScheduledActions & UpdateScheduledAction; and
    allows Auto-tune to make use of Off-peak window.
  * api-change:``rum``: [``botocore``] CloudWatch RUM now supports CloudWatch Custom Metrics
  * api-change:``ssm``: [``botocore``] Document only update for Feb 2023
- from version 1.26.76
  * api-change:``quicksight``: [``botocore``] S3 data sources now accept a custom IAM role.
  * api-change:``resiliencehub``: [``botocore``] In this release we improved resilience hub
    application creation and maintenance by introducing new resource and app component crud APIs,
    improving visibility and maintenance of application input sources and added support for additional
    information attributes to be provided by customers.
  * api-change:``securityhub``: [``botocore``] Documentation updates for AWS Security Hub
  * api-change:``tnb``: [``botocore``] This is the initial SDK release for AWS Telco Network Builder
    (TNB). AWS Telco Network Builder is a network automation service that helps you deploy and manage
    telecom networks.
- from version 1.26.75
  * bugfix:SSO: [``botocore``] Fixes aws/aws-cli`#7496
    <https://github.com/aws/aws-cli/issues/7496>`__ by using the correct profile name rather than the
    one set in the session.
  * api-change:``auditmanager``: [``botocore``] This release introduces a
    ServiceQuotaExceededException to the UpdateAssessmentFrameworkShare API operation.
  * api-change:``connect``: [``botocore``] Reasons for failed diff has been approved by SDK Reviewer
- from version 1.26.74
  * api-change:``apprunner``: [``botocore``] This release supports removing MaxSize limit for
    AutoScalingConfiguration.
  * api-change:``glue``: [``botocore``] Release of Delta Lake Data Lake Format for Glue Studio Service
- from version 1.26.73
  * api-change:``emr``: [``botocore``] Update emr client to latest version
  * api-change:``grafana``: [``botocore``] With this release Amazon Managed Grafana now supports
    inbound Network Access Control that helps you to restrict user access to your Grafana workspaces
  * api-change:``ivs``: [``botocore``] Doc-only update. Updated text description in DeleteChannel,
    Stream, and StreamSummary.
  * api-change:``wafv2``: [``botocore``] Added a notice for account takeover prevention (ATP). The
    interface incorrectly lets you to configure ATP response inspection in regional web ACLs in Region
    US East (N. Virginia), without returning an error. ATP response inspection is only available in web
    ACLs that protect CloudFront distributions.
- from version 1.26.72
  * api-change:``cloudtrail``: [``botocore``] This release adds an
    InsufficientEncryptionPolicyException type to the StartImport endpoint
  * api-change:``efs``: [``botocore``] Update efs client to latest version
  * api-change:``frauddetector``: [``botocore``] This release introduces Lists feature which allows
    customers to reference a set of values in Fraud Detector's rules. With Lists, customers can
    dynamically manage these attributes in real time. Lists can be created/deleted and its contents can
    be modified using the Fraud Detector API.
  * api-change:``glue``: [``botocore``] Fix DirectJDBCSource not showing up in CLI code gen
  * api-change:``privatenetworks``: [``botocore``] This release introduces a new
    StartNetworkResourceUpdate API, which enables return/replacement of hardware from a NetworkSite.
  * api-change:``rds``: [``botocore``] Database Activity Stream support for RDS for SQL Server.
  * api-change:``wafv2``: [``botocore``] For protected CloudFront distributions, you can now use the
    AWS WAF Fraud Control account takeover prevention (ATP) managed rule group to block new login
    attempts from clients that have recently submitted too many failed login attempts.
- Update BuildRequires and Requires from setup.py

- Update to 1.26.71
  * api-change:``appconfig``: [``botocore``] AWS AppConfig now offers the option to set a version
    label on hosted configuration versions. Version labels allow you to identify specific hosted
    configuration versions based on an alternate versioning scheme that you define.
  * api-change:``datasync``: [``botocore``] With this launch, we are giving customers the ability to
    use older SMB protocol versions, enabling them to use DataSync to copy data to and from their
    legacy storage arrays.
  * api-change:``ec2``: [``botocore``] With this release customers can turn host maintenance on or
    off when allocating or modifying a supported dedicated host. Host maintenance is turned on by
    default for supported hosts.
- from version 1.26.70
  * api-change:``account``: [``botocore``] This release of the Account Management API enables
    customers to view and manage whether AWS Opt-In Regions are enabled or disabled for their Account.
    For more information, see
    https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html
  * api-change:``appconfigdata``: [``botocore``] AWS AppConfig now offers the option to set a version
    label on hosted configuration versions. If a labeled hosted configuration version is deployed, its
    version label is available in the GetLatestConfiguration response.
  * api-change:``snowball``: [``botocore``] Adds support for EKS Anywhere on Snowball. AWS Snow
    Family customers can now install EKS Anywhere service on Snowball Edge Compute Optimized devices.
- from version 1.26.69
  * api-change:``autoscaling``: [``botocore``] You can now either terminate/replace, ignore, or wait
    for EC2 Auto Scaling instances on standby or protected from scale in. Also, you can also roll back
    changes from a failed instance refresh.
  * api-change:``connect``: [``botocore``] This update provides the Wisdom session ARN for contacts
    enabled for Wisdom in the chat channel.
  * api-change:``ec2``: [``botocore``] Adds support for waiters that automatically poll for an
    imported snapshot until it reaches the completed state.
  * api-change:``polly``: [``botocore``] Amazon Polly adds two new neural Japanese voices - Kazuha,
    Tomoko
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Autopilot adds support for selecting
    algorithms in CreateAutoMLJob API.
  * api-change:``sns``: [``botocore``] This release adds support for SNS X-Ray active tracing as well
    as other updates.
- from version 1.26.68
  * api-change:``chime-sdk-meetings``: [``botocore``] Documentation updates for Chime Meetings SDK
  * api-change:``emr-containers``: [``botocore``] EMR on EKS allows configuring retry policies for
    job runs through the StartJobRun API. Using retry policies, a job cause a driver pod to be
    restarted automatically if it fails or is deleted. The job's status can be seen in the
    DescribeJobRun and ListJobRun APIs and monitored using CloudWatch events.
  * api-change:``evidently``: [``botocore``] Updated entity overrides parameter to accept up to 2500
    overrides or a total of 40KB.
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
  * api-change:``lexv2-runtime``: [``botocore``] Update lexv2-runtime client to latest version
  * api-change:``lightsail``: [``botocore``] Documentation updates for Lightsail
  * api-change:``migration-hub-refactor-spaces``: [``botocore``] This release adds support for
    creating environments with a network fabric type of NONE
  * api-change:``workdocs``: [``botocore``] Doc only update for the WorkDocs APIs.
  * api-change:``workspaces``: [``botocore``] Removed Windows Server 2016 BYOL and made changes based
    on IAM campaign.
- from version 1.26.67
  * api-change:``backup``: [``botocore``] This release added one attribute (resource name) in the
    output model of our 9 existing APIs in AWS backup so that customers will see the resource name at
    the output. No input required from Customers.
  * api-change:``cloudfront``: [``botocore``] CloudFront Origin Access Control extends support to AWS
    Elemental MediaStore origins.
  * api-change:``glue``: [``botocore``] DirectJDBCSource + Glue 4.0 streaming options
  * api-change:``lakeformation``: [``botocore``] This release removes the LFTagpolicyResource
    expression limits.
- Update BuildRequires and Requires from setup.py

- Update to 1.26.66
  * api-change:``transfer``: [``botocore``] Updated the documentation for the ImportCertificate API
    call, and added examples.
- from version 1.26.65
  * api-change:``compute-optimizer``: [``botocore``] AWS Compute optimizer can now infer if Kafka is
    running on an instance.
  * api-change:``customer-profiles``: [``botocore``] This release deprecates the PartyType and Gender
    enum data types from the Profile model and replaces them with new PartyTypeString and GenderString
    attributes, which accept any string of length up to 255.
  * api-change:``frauddetector``: [``botocore``] My AWS Service (Amazon Fraud Detector) - This
    release introduces Cold Start Model Training which optimizes training for small datasets and adds
    intelligent methods for treating unlabeled data. You can now train Online Fraud Insights or
    Transaction Fraud Insights models with minimal historical-data.
  * api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has added improved
    scene change detection capabilities and a bandwidth reduction filter, along with video quality
    enhancements, to the AVC encoder.
  * api-change:``outposts``: [``botocore``] Adds OrderType to Order structure. Adds PreviousOrderId
    and PreviousLineItemId to LineItem structure. Adds new line item status REPLACED. Increases maximum
    length of pagination token.
- from version 1.26.64
  * enhancement:AWSCRT: [``botocore``] Upgrade awscrt version to 0.16.9
  * api-change:``proton``: [``botocore``] Add new GetResourcesSummary API
  * api-change:``redshift``: [``botocore``] Corrects descriptions of the parameters for the API
    operations RestoreFromClusterSnapshot, RestoreTableFromClusterSnapshot, and CreateCluster.
- from version 1.26.63
  * api-change:``appconfig``: [``botocore``] AWS AppConfig introduces KMS customer-managed key (CMK)
    encryption of configuration data, along with AWS Secrets Manager as a new configuration data
    source. S3 objects using SSE-KMS encryption and SSM Parameter Store SecureStrings are also now
    supported.
  * api-change:``connect``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``ec2``: [``botocore``] Documentation updates for EC2.
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
  * api-change:``keyspaces``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``quicksight``: [``botocore``] QuickSight support for Radar Chart and Dashboard
    Publish Options
  * api-change:``redshift``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``sso-admin``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
- from version 1.26.62
  * bugfix:``s3``: [``botocore``] boto3 no longer overwrites user supplied `Content-Encoding` with
    `aws-chunked` when user also supplies `ChecksumAlgorithm`.
  * api-change:``devops-guru``: [``botocore``] This release adds filter support ListAnomalyForInsight
    API.
  * api-change:``forecast``: [``botocore``] This release will enable customer select INCREMENTAL as
    ImportModel in Forecast's CreateDatasetImportJob API. Verified latest SDK containing required
    attribute, following https://w.amazon.com/bin/view/AWS-Seer/Launch/Trebuchet/
  * api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management
    (IAM).
  * api-change:``mediatailor``: [``botocore``] The AWS Elemental MediaTailor SDK for Channel Assembly
    has added support for program updates, and the ability to clip the end of VOD sources in programs.
  * api-change:``sns``: [``botocore``] Additional attributes added for set-topic-attributes.
- from version 1.26.61
  * api-change:``accessanalyzer``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in
    SDK.
  * api-change:``appsync``: [``botocore``] This release introduces the feature to support EventBridge
    as AppSync data source.
  * api-change:``cloudtrail-data``: [``botocore``] Add CloudTrail Data Service to enable users to
    ingest activity events from non-AWS sources into CloudTrail Lake.
  * api-change:``cloudtrail``: [``botocore``] Add new "Channel" APIs to enable users to manage
    channels used for CloudTrail Lake integrations, and "Resource Policy" APIs to enable users to
    manage the resource-based permissions policy attached to a channel.
  * api-change:``codeartifact``: [``botocore``] This release introduces a new DeletePackage API,
    which enables deletion of a package and all of its versions from a repository.
  * api-change:``connectparticipant``: [``botocore``] Enabled FIPS endpoints for GovCloud (US)
    regions in SDK.
  * api-change:``ec2``: [``botocore``] This launch allows customers to associate up to 8 IP addresses
    to their NAT Gateways to increase the limit on concurrent connections to a single destination by
    eight times from 55K to 440K.
  * api-change:``groundstation``: [``botocore``] DigIF Expansion changes to the Customer APIs.
  * api-change:``iot``: [``botocore``] Added support for IoT Rules Engine Cloudwatch Logs action
    batch mode.
  * api-change:``kinesis``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``opensearch``: [``botocore``] Amazon OpenSearch Service adds the option for a VPC
    endpoint connection between two domains when the local domain uses OpenSearch version 1.3 or 2.3.
    You can now use remote reindex to copy indices from one VPC domain to another without a reverse
    proxy.
  * api-change:``outposts``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``polly``: [``botocore``] Amazon Polly adds two new neural American English voices -
    Ruth, Stephen
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Automatic Model Tuning now supports
    more completion criteria for Hyperparameter Optimization.
  * api-change:``securityhub``: [``botocore``] New fields have been added to the AWS Security Finding
    Format. Compliance.SecurityControlId is a unique identifier for a security control across
    standards. Compliance.AssociatedStandards contains all enabled standards in which a security
    control is enabled.
  * api-change:``support``: [``botocore``] This fixes incorrect endpoint construction when a customer
    is explicitly setting a region.
- Update BuildRequires and Requires from setup.py

- Update to 1.26.60
  * api-change:``clouddirectory``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in
    SDK.
  * api-change:``cloudformation``: [``botocore``] This feature provides a method of obtaining which
    regions a stackset has stack instances deployed in.
  * api-change:``discovery``: [``botocore``] Update ImportName validation to 255 from the current
    length of 100
  * api-change:``dlm``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``ec2``: [``botocore``] We add Prefix Lists as a new route destination option for
    LocalGatewayRoutes. This will allow customers to create routes to Prefix Lists. Prefix List routes
    will allow customers to group individual CIDR routes with the same target into a single route.
  * api-change:``imagebuilder``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in
    SDK.
  * api-change:``kafka``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``mediaconvert``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in
    SDK.
  * api-change:``swf``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
- from version 1.26.59
  * api-change:``application-autoscaling``: [``botocore``] Enabled FIPS endpoints for GovCloud (US)
    regions in SDK.
  * api-change:``appstream``: [``botocore``] Fixing the issue where Appstream waiters hang for
    fleet_started and fleet_stopped.
  * api-change:``elasticbeanstalk``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions
    in SDK.
  * api-change:``fis``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``glacier``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``greengrass``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``greengrassv2``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) in SDK.
  * api-change:``mediatailor``: [``botocore``] This release introduces the As Run logging type, along
    with API and documentation updates.
  * api-change:``outposts``: [``botocore``] Adding support for payment term in GetOrder, CreateOrder
    responses.
  * api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-runtime client to latest version
  * api-change:``sagemaker``: [``botocore``] This release supports running SageMaker Training jobs
    with container images that are in a private Docker registry.
  * api-change:``serverlessrepo``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in
    SDK.
- Update BuildRequires and Requires from setup.py

- Update to 1.26.58
  * api-change:``events``: [``botocore``] Update events client to latest version
  * api-change:``iotfleetwise``: [``botocore``] Add model validation to BatchCreateVehicle and
    BatchUpdateVehicle operations that invalidate requests with an empty vehicles list.
  * api-change:``s3``: [``botocore``] Allow FIPS to be used with path-style URLs.
- from version 1.26.57
  * api-change:``cloudformation``: [``botocore``] Enabled FIPS aws-us-gov endpoints in SDK.
  * api-change:``ec2``: [``botocore``] This release adds new functionality that allows customers to
    provision IPv6 CIDR blocks through Amazon VPC IP Address Manager (IPAM) as well as allowing
    customers to utilize IPAM Resource Discovery APIs.
  * api-change:``m2``: [``botocore``] Add returnCode, batchJobIdentifier in GetBatchJobExecution
    response, for user to view the batch job execution result & unique identifier from engine. Also
    removed unused headers from REST APIs
  * api-change:``polly``: [``botocore``] Add 5 new neural voices - Sergio (es-ES), Andres (es-MX),
    Remi (fr-FR), Adriano (it-IT) and Thiago (pt-BR).
  * api-change:``redshift-serverless``: [``botocore``] Added query monitoring rules as possible
    parameters for create and update workgroup operations.
  * api-change:``s3control``: [``botocore``] Add additional endpoint tests for S3 Control. Fix
    missing endpoint parameters for PutBucketVersioning and GetBucketVersioning. Prior to this fix,
    those operations may have resulted in an invalid endpoint being resolved.
  * api-change:``sagemaker``: [``botocore``] SageMaker Inference Recommender now decouples from Model
    Registry and could accept Model Name to invoke inference recommendations job; Inference Recommender
    now provides CPU/Memory Utilization metrics data in recommendation output.
  * api-change:``sts``: [``botocore``] Doc only change to update wording in a key topic
- from version 1.26.56
  * api-change:``databrew``: [``botocore``] Enabled FIPS us-gov-west-1 endpoints in SDK.
  * api-change:``route53``: [``botocore``] Amazon Route 53 now supports the Asia Pacific (Melbourne)
    Region (ap-southeast-4) for latency records, geoproximity records, and private DNS for Amazon VPCs
    in that region.
  * api-change:``ssm-sap``: [``botocore``] This release provides updates to documentation and support
    for listing operations performed by AWS Systems Manager for SAP.
- from version 1.26.55
  * api-change:``lambda``: [``botocore``] Release Lambda RuntimeManagementConfig, enabling customers
    to better manage runtime updates to their Lambda functions. This release adds two new APIs,
    GetRuntimeManagementConfig and PutRuntimeManagementConfig, as well as support on existing
    Create/Get/Update function APIs.
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Inference now supports P4de instance
    types.
- from version 1.26.54
  * api-change:``ec2``: [``botocore``] C6in, M6in, M6idn, R6in and R6idn instances are powered by 3rd
    Generation Intel Xeon Scalable processors (code named Ice Lake) with an all-core turbo frequency of
    3.5 GHz.
  * api-change:``ivs``: [``botocore``] API and Doc update. Update to arns field in BatchGetStreamKey.
    Also updates to operations and structures.
  * api-change:``quicksight``: [``botocore``] This release adds support for data bars in QuickSight
    table and increases pivot table field well limit.
- from version 1.26.53
  * api-change:``appflow``: [``botocore``] Adding support for Salesforce Pardot connector in Amazon
    AppFlow.
  * api-change:``codeartifact``: [``botocore``] Documentation updates for CodeArtifact
  * api-change:``connect``: [``botocore``] Amazon Connect Chat introduces Persistent Chat, allowing
    customers to resume previous conversations with context and transcripts carried over from previous
    chats, eliminating the need to repeat themselves and allowing agents to provide personalized
    service with access to entire conversation history.
  * api-change:``connectparticipant``: [``botocore``] This release updates Amazon Connect
    Participant's GetTranscript api to provide transcripts of past chats on a persistent chat session.
  * api-change:``ec2``: [``botocore``] Adds SSM Parameter Resource Aliasing support to EC2 Launch
    Templates. Launch Templates can now store parameter aliases in place of AMI Resource IDs.
    CreateLaunchTemplateVersion and DescribeLaunchTemplateVersions now support a convenience flag,
    ResolveAlias, to return the resolved parameter value.
  * api-change:``glue``: [``botocore``] Release Glue Studio Hudi Data Lake Format for SDK/CLI
  * api-change:``groundstation``: [``botocore``] Add configurable prepass and postpass times for
    DataflowEndpointGroup. Add Waiter to allow customers to wait for a contact that was reserved
    through ReserveContact
  * api-change:``logs``: [``botocore``] Bug fix - Removed the regex pattern validation from
    CoralModel to avoid potential security issue.
  * api-change:``medialive``: [``botocore``] AWS Elemental MediaLive adds support for SCTE 35
    preRollMilliSeconds.
  * api-change:``opensearch``: [``botocore``] This release adds the enhanced dry run option, that
    checks for validation errors that might occur when deploying configuration changes and provides a
    summary of these errors, if any. The feature will also indicate whether a blue/green deployment
    will be required to apply a change.
  * api-change:``panorama``: [``botocore``] Added AllowMajorVersionUpdate option to OTAJobConfig to
    make appliance software major version updates opt-in.
  * api-change:``sagemaker``: [``botocore``] HyperParameterTuningJobs now allow passing environment
    variables into the corresponding TrainingJobs
- Update BuildRequires and Requires from setup.py

- Update to 1.26.52
  * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
  * api-change:``efs``: [``botocore``] Update efs client to latest version
  * api-change:``ivschat``: [``botocore``] Updates the range for a Chat Room's
    maximumMessageRatePerSecond field.
  * api-change:``wafv2``: [``botocore``] Improved the visibility of the guidance for updating AWS WAF
    resources, such as web ACLs and rule groups.
- from version 1.26.51
  * api-change:``billingconductor``: [``botocore``] This release adds support for SKU Scope for
    pricing plans.
  * api-change:``cloud9``: [``botocore``] Added minimum value to AutomaticStopTimeMinutes parameter.
  * api-change:``imagebuilder``: [``botocore``] Add support for AWS Marketplace product IDs as input
    during CreateImageRecipe for the parent-image parameter. Add support for listing third-party
    components.
  * api-change:``network-firewall``: [``botocore``] Network Firewall now allows creation of dual
    stack endpoints, enabling inspection of IPv6 traffic.
- from version 1.26.50
  * api-change:``connect``: [``botocore``] This release updates the responses of
    UpdateContactFlowContent, UpdateContactFlowMetadata, UpdateContactFlowName and DeleteContactFlow
    API with empty responses.
  * api-change:``ec2``: [``botocore``] Documentation updates for EC2.
  * api-change:``outposts``: [``botocore``] This release adds POWER_30_KVA as an option for
    PowerDrawKva. PowerDrawKva is part of the RackPhysicalProperties structure in the CreateSite
    request.
  * api-change:``resource-groups``: [``botocore``] AWS Resource Groups customers can now turn on
    Group Lifecycle Events in their AWS account. When you turn this on, Resource Groups monitors your
    groups for changes to group state or membership. Those changes are sent to Amazon EventBridge as
    events that you can respond to using rules you create.
- from version 1.26.49
  * api-change:``cleanrooms``: [``botocore``] Initial release of AWS Clean Rooms
  * api-change:``lambda``: [``botocore``] Add support for MaximumConcurrency parameter for SQS event
    source. Customers can now limit the maximum concurrent invocations for their SQS Event Source
    Mapping.
  * api-change:``logs``: [``botocore``] Bug fix: logGroupName is now not a required field in
    GetLogEvents, FilterLogEvents, GetLogGroupFields, and DescribeLogStreams APIs as logGroupIdentifier
    can be provided instead
  * api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has added support
    for compact DASH manifest generation, audio normalization using TruePeak measurements, and the
    ability to clip the sample range in the color corrector.
  * api-change:``secretsmanager``: [``botocore``] Update documentation for new ListSecrets and
    DescribeSecret parameters
- from version 1.26.48
  * api-change:``kendra``: [``botocore``] This release adds support to new document types - RTF, XML,
    XSLT, MS_EXCEL, CSV, JSON, MD
- from version 1.26.47
  * api-change:``location``: [``botocore``] This release adds support for two new route travel
    models, Bicycle and Motorcycle which can be used with Grab data source.
  * api-change:``rds``: [``botocore``] This release adds support for configuring allocated storage on
    the CreateDBInstanceReadReplica, RestoreDBInstanceFromDBSnapshot, and
    RestoreDBInstanceToPointInTime APIs.
- from version 1.26.46
  * api-change:``ecr-public``: [``botocore``] This release for Amazon ECR Public makes several change
    to bring the SDK into sync with the API.
  * api-change:``kendra-ranking``: [``botocore``] Introducing Amazon Kendra Intelligent Ranking, a
    new set of Kendra APIs that leverages Kendra semantic ranking capabilities to improve the quality
    of search results from other search services (i.e. OpenSearch, ElasticSearch, Solr).
  * api-change:``network-firewall``: [``botocore``] Network Firewall now supports the Suricata rule
    action reject, in addition to the actions pass, drop, and alert.
  * api-change:``ram``: [``botocore``] Enabled FIPS aws-us-gov endpoints in SDK.
  * api-change:``workspaces-web``: [``botocore``] This release adds support for a new portal
    authentication type: AWS IAM Identity Center (successor to AWS Single Sign-On).
- from version 1.26.45
  * api-change:``acm-pca``: [``botocore``] Added revocation parameter validation: bucket names must
    match S3 bucket naming rules and CNAMEs conform to RFC2396 restrictions on the use of special
    characters in URIs.
  * api-change:``auditmanager``: [``botocore``] This release introduces a new data retention option
    in your Audit Manager settings. You can now use the DeregistrationPolicy parameter to specify if
    you want to delete your data when you deregister Audit Manager.
- from version 1.26.44
  * api-change:``amplifybackend``: [``botocore``] Updated GetBackendAPIModels response to include
    ModelIntrospectionSchema json string
  * api-change:``apprunner``: [``botocore``] This release adds support of securely referencing
    secrets and configuration data that are stored in Secrets Manager and SSM Parameter Store by adding
    them as environment secrets in your App Runner service.
  * api-change:``connect``: [``botocore``] Documentation update for a new Initiation Method value in
    DescribeContact API
  * api-change:``emr-serverless``: [``botocore``] Adds support for customized images. You can now
    provide runtime images when creating or updating EMR Serverless Applications.
  * api-change:``lightsail``: [``botocore``] Documentation updates for Amazon Lightsail.
  * api-change:``mwaa``: [``botocore``] MWAA supports Apache Airflow version 2.4.3.
  * api-change:``rds``: [``botocore``] This release adds support for specifying which certificate
    authority (CA) to use for a DB instance's server certificate during DB instance creation, as well
    as other CA enhancements.
- from version 1.26.43
  * api-change:``application-autoscaling``: [``botocore``] Customers can now use the existing
    DescribeScalingActivities API to also see the detailed and machine-readable reasons for Application
    Auto Scaling not scaling their resources and, if needed, take the necessary corrective actions.
  * api-change:``logs``: [``botocore``] Update to remove sequenceToken as a required field in
    PutLogEvents calls.
  * api-change:``ssm``: [``botocore``] Adding support for QuickSetup Document Type in Systems Manager
- Update BuildRequires and Requires from setup.py

- update to 1.26.42:
  * api-change:``securitylake``: [``botocore``] Allow CreateSubscriber API
    to take string input that allows setting more descriptive
    SubscriberDescription field. Make souceTypes field required in model
    level for UpdateSubscriberRequest as it is required for every API call
    on the backend. Allow ListSubscribers take any String as nextToken
    param.

- Update to version 1.26.41
  * api-change:``cloudfront``: [``botocore``] Extend response headers policy to support removing
    headers from viewer responses
  * api-change:``iotfleetwise``: [``botocore``] Update documentation - correct the epoch constant
    value of default value for expiryTime field in CreateCampaign request.
- from version 1.26.40
  * api-change:``apigateway``: [``botocore``] Documentation updates for Amazon API Gateway
  * api-change:``emr``: [``botocore``] Update emr client to latest version
  * api-change:``secretsmanager``: [``botocore``] Added owning service filter, include planned
    deletion flag, and next rotation date response parameter in ListSecrets.
  * api-change:``wisdom``: [``botocore``] This release extends Wisdom CreateContent and
    StartContentUpload APIs to support PDF and MicrosoftWord docx document uploading.
- from version 1.26.39
  * api-change:``elasticache``: [``botocore``] This release allows you to modify the encryption in
    transit setting, for existing Redis clusters. You can now change the TLS configuration of your
    Redis clusters without the need to re-build or re-provision the clusters or impact application
    availability.
  * api-change:``network-firewall``: [``botocore``] AWS Network Firewall now provides status messages
    for firewalls to help you troubleshoot when your endpoint fails.
  * api-change:``rds``: [``botocore``] This release adds support for Custom Engine Version (CEV) on
    RDS Custom SQL Server.
  * api-change:``route53-recovery-control-config``: [``botocore``] Added support for Python
    paginators in the route53-recovery-control-config List* APIs.
- from version 1.26.38
  * api-change:``memorydb``: [``botocore``] This release adds support for MemoryDB Reserved nodes
    which provides a significant discount compared to on-demand node pricing. Reserved nodes are not
    physical nodes, but rather a billing discount applied to the use of on-demand nodes in your account.
  * api-change:``transfer``: [``botocore``] Add additional operations to throw ThrottlingExceptions
- from version 1.26.37
  * api-change:``connect``: [``botocore``] Support for Routing Profile filter, SortCriteria, and
    grouping by Routing Profiles for GetCurrentMetricData API. Support for RoutingProfiles,
    UserHierarchyGroups, and Agents as filters, NextStatus and AgentStatusName for GetCurrentUserData.
    Adds ApproximateTotalCount to both APIs.
  * api-change:``connectparticipant``: [``botocore``] Amazon Connect Chat introduces the Message
    Receipts feature. This feature allows agents and customers to receive message delivered and read
    receipts after they send a chat message.
  * api-change:``detective``: [``botocore``] This release adds a missed AccessDeniedException type to
    several endpoints.
  * api-change:``fsx``: [``botocore``] Fix a bug where a recent release might break certain existing
    SDKs.
  * api-change:``inspector2``: [``botocore``] Amazon Inspector adds support for scanning NodeJS 18.x
    and Go 1.x AWS Lambda function runtimes.
- from version 1.26.36
  * api-change:``compute-optimizer``: [``botocore``] This release enables AWS Compute Optimizer to
    analyze and generate optimization recommendations for ecs services running on Fargate.
  * api-change:``connect``: [``botocore``] Amazon Connect Chat introduces the Idle
    Participant/Autodisconnect feature, which allows users to set timeouts relating to the activity of
    chat participants, using the new UpdateParticipantRoleConfig API.
  * api-change:``iotdeviceadvisor``: [``botocore``] This release adds the following new features: 1)
    Documentation updates for IoT Device Advisor APIs. 2) Updated required request parameters for IoT
    Device Advisor APIs. 3) Added new service feature: ability to provide the test endpoint when
    customer executing the StartSuiteRun API.
  * api-change:``kinesis-video-webrtc-storage``: [``botocore``] Amazon Kinesis Video Streams offers
    capabilities to stream video and audio in real-time via WebRTC to the cloud for storage, playback,
    and analytical processing. Customers can use our enhanced WebRTC SDK and cloud APIs to enable
    real-time streaming, as well as media ingestion to the cloud.
  * api-change:``rds``: [``botocore``] Add support for managing master user password in AWS Secrets
    Manager for the DBInstance and DBCluster.
  * api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
- from version 1.26.35
  * api-change:``connect``: [``botocore``] Amazon Connect Chat now allows for JSON (application/json)
    message types to be sent as part of the initial message in the StartChatContact API.
  * api-change:``connectparticipant``: [``botocore``] Amazon Connect Chat now allows for JSON
    (application/json) message types to be sent in the SendMessage API.
  * api-change:``license-manager-linux-subscriptions``: [``botocore``] AWS License Manager now offers
    cross-region, cross-account tracking of commercial Linux subscriptions on AWS. This includes
    subscriptions purchased as part of EC2 subscription-included AMIs, on the AWS Marketplace, or
    brought to AWS via Red Hat Cloud Access Program.
  * api-change:``macie2``: [``botocore``] This release adds support for analyzing Amazon S3 objects
    that use the S3 Glacier Instant Retrieval (Glacier_IR) storage class.
  * api-change:``sagemaker``: [``botocore``] This release enables adding RStudio Workbench support to
    an existing Amazon SageMaker Studio domain. It allows setting your RStudio on SageMaker environment
    configuration parameters and also updating the RStudioConnectUrl and RStudioPackageManagerUrl
    parameters for existing domains
  * api-change:``scheduler``: [``botocore``] Updated the ListSchedules and ListScheduleGroups APIs to
    allow the NamePrefix field to start with a number. Updated the validation for executionRole field
    to support any role name.
  * api-change:``ssm``: [``botocore``] Doc-only updates for December 2022.
  * api-change:``support``: [``botocore``] Documentation updates for the AWS Support API
  * api-change:``transfer``: [``botocore``] This release adds support for Decrypt as a workflow step
    type.
- from version 1.26.34
  * api-change:``batch``: [``botocore``] Adds isCancelled and isTerminated to DescribeJobs response.
  * api-change:``ec2``: [``botocore``] Adds support for pagination in the EC2 DescribeImages API.
  * api-change:``lookoutequipment``: [``botocore``] This release adds support for listing inference
    schedulers by status.
  * api-change:``medialive``: [``botocore``] This release adds support for two new features to AWS
    Elemental MediaLive. First, you can now burn-in timecodes to your MediaLive outputs. Second, we now
    now support the ability to decode Dolby E audio when it comes in on an input.
  * api-change:``nimble``: [``botocore``] Amazon Nimble Studio now supports configuring session
    storage volumes and persistence, as well as backup and restore sessions through launch profiles.
  * api-change:``resource-explorer-2``: [``botocore``] Documentation updates for AWS Resource
    Explorer.
  * api-change:``route53domains``: [``botocore``] Use Route 53 domain APIs to change owner,
    create/delete DS record, modify IPS tag, resend authorization. New:
    AssociateDelegationSignerToDomain, DisassociateDelegationSignerFromDomain, PushDomain,
    ResendOperationAuthorization. Updated: UpdateDomainContact, ListOperations,
    CheckDomainTransferability.
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Autopilot adds support for new
    objective metrics in CreateAutoMLJob API.
  * api-change:``transcribe``: [``botocore``] Enable our batch transcription jobs for Swedish and
    Vietnamese.
- from version 1.26.33
  * api-change:``athena``: [``botocore``] Add missed InvalidRequestException in
    GetCalculationExecutionCode,StopCalculationExecution APIs. Correct required parameters (Payload and
    Type) in UpdateNotebook API. Change Notebook size from 15 Mb to 10 Mb.
  * api-change:``ecs``: [``botocore``] This release adds support for alarm-based rollbacks in ECS, a
    new feature that allows customers to add automated safeguards for Amazon ECS service rolling
    updates.
  * api-change:``kinesis-video-webrtc-storage``: [``botocore``] Amazon Kinesis Video Streams offers
    capabilities to stream video and audio in real-time via WebRTC to the cloud for storage, playback,
    and analytical processing. Customers can use our enhanced WebRTC SDK and cloud APIs to enable
    real-time streaming, as well as media ingestion to the cloud.
  * api-change:``kinesisvideo``: [``botocore``] Amazon Kinesis Video Streams offers capabilities to
    stream video and audio in real-time via WebRTC to the cloud for storage, playback, and analytical
    processing. Customers can use our enhanced WebRTC SDK and cloud APIs to enable real-time streaming,
    as well as media ingestion to the cloud.
  * api-change:``rds``: [``botocore``] Add support for --enable-customer-owned-ip to RDS
    create-db-instance-read-replica API for RDS on Outposts.
  * api-change:``sagemaker``: [``botocore``] AWS Sagemaker - Sagemaker Images now supports Aliases as
    secondary identifiers for ImageVersions. SageMaker Images now supports additional metadata for
    ImageVersions for better images management.
- from version 1.26.32
  * enhancement:s3: s3.transfer methods accept path-like objects as input
  * api-change:``appflow``: [``botocore``] This release updates the ListConnectorEntities API action
    so that it returns paginated responses that customers can retrieve with next tokens.
  * api-change:``cloudfront``: [``botocore``] Updated documentation for CloudFront
  * api-change:``datasync``: [``botocore``] AWS DataSync now supports the use of tags with task
    executions. With this new feature, you can apply tags each time you execute a task, giving you
    greater control and management over your task executions.
  * api-change:``efs``: [``botocore``] Update efs client to latest version
  * api-change:``guardduty``: [``botocore``] This release provides the valid characters for the
    Description and Name field.
  * api-change:``iotfleetwise``: [``botocore``] Updated error handling for empty resource names in
    "UpdateSignalCatalog" and "GetModelManifest" operations.
  * api-change:``sagemaker``: [``botocore``] AWS sagemaker - Features: This release adds support for
    random seed, it's an integer value used to initialize a pseudo-random number generator. Setting a
    random seed will allow the hyperparameter tuning search strategies to produce more consistent
    configurations for the same tuning job.
- from version 1.26.31
  * api-change:``backup-gateway``: [``botocore``] This release adds support for VMware vSphere tags,
    enabling customer to protect VMware virtual machines using tag-based policies for AWS tags mapped
    from vSphere tags. This release also adds support for customer-accessible gateway-hypervisor
    interaction log and upload bandwidth rate limit schedule.
  * api-change:``connect``: [``botocore``] Added support for "English - New Zealand" and "English -
    South African" to be used with Amazon Connect Custom Vocabulary APIs.
  * api-change:``ecs``: [``botocore``] This release adds support for container port ranges in ECS, a
    new capability that allows customers to provide container port ranges to simplify use cases where
    multiple ports are in use in a container. This release updates TaskDefinition mutation APIs and the
    Task description APIs.
  * api-change:``eks``: [``botocore``] Add support for Windows managed nodes groups.
  * api-change:``glue``: [``botocore``] This release adds support for AWS Glue Crawler with native
    DeltaLake tables, allowing Crawlers to classify Delta Lake format tables and catalog them for query
    engines to query against.
  * api-change:``kinesis``: [``botocore``] Added StreamARN parameter for Kinesis Data Streams APIs.
    Added a new opaque pagination token for ListStreams. SDKs will auto-generate Account Endpoint when
    accessing Kinesis Data Streams.
  * api-change:``location``: [``botocore``] This release adds support for a new style,
    "VectorOpenDataStandardLight" which can be used with the new data source, "Open Data Maps
    (Preview)".
  * api-change:``m2``: [``botocore``] Adds an optional create-only `KmsKeyId` property to Environment
    and Application resources.
  * api-change:``sagemaker``: [``botocore``] SageMaker Inference Recommender now allows customers to
    load tests their models on various instance types using private VPC.
  * api-change:``securityhub``: [``botocore``] Added new resource details objects to ASFF, including
    resources for AwsEc2LaunchTemplate, AwsSageMakerNotebookInstance, AwsWafv2WebAcl and
    AwsWafv2RuleGroup.
  * api-change:``translate``: [``botocore``] Raised the input byte size limit of the Text field in
    the TranslateText API to 10000 bytes.
- from version 1.26.30
  * api-change:``ce``: [``botocore``] This release supports percentage-based thresholds on Cost
    Anomaly Detection alert subscriptions.
  * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
  * api-change:``networkmanager``: [``botocore``] Appliance Mode support for AWS Cloud WAN.
  * api-change:``redshift-data``: [``botocore``] This release adds a new --client-token field to
    ExecuteStatement and BatchExecuteStatement operations. Customers can now run queries with the
    additional client token parameter to ensures idempotency.
  * api-change:``sagemaker-metrics``: [``botocore``] Update SageMaker Metrics documentation.
- from version 1.26.29
  * api-change:``cloudtrail``: [``botocore``] Merging mainline branch for service model into mainline
    release branch. There are no new APIs.
  * api-change:``rds``: [``botocore``] This deployment adds ClientPasswordAuthType field to the Auth
    structure of the DBProxy.
- from version 1.26.28
  * bugfix:Endpoint provider: [``botocore``] Updates ARN parsing ``resourceId`` delimiters
  * api-change:``customer-profiles``: [``botocore``] This release allows custom strings in PartyType
    and Gender through 2 new attributes in the CreateProfile and UpdateProfile APIs: PartyTypeString
    and GenderString.
  * api-change:``ec2``: [``botocore``] This release updates DescribeFpgaImages to show supported
    instance types of AFIs in its response.
  * api-change:``kinesisvideo``: [``botocore``] This release adds support for public preview of
    Kinesis Video Stream at Edge enabling customers to provide configuration for the Kinesis Video
    Stream EdgeAgent running on an on-premise IoT device. Customers can now locally record from cameras
    and stream videos to the cloud on configured schedule.
  * api-change:``lookoutvision``: [``botocore``] This documentation update adds kms:GenerateDataKey
    as a required permission to StartModelPackagingJob.
  * api-change:``migration-hub-refactor-spaces``: [``botocore``] This release adds support for Lambda
    alias service endpoints. Lambda alias ARNs can now be passed into CreateService.
  * api-change:``rds``: [``botocore``] Update the RDS API model to support copying option groups
    during the CopyDBSnapshot operation
  * api-change:``rekognition``: [``botocore``] Adds support for "aliases" and "categories", inclusion
    and exclusion filters for labels and label categories, and aggregating labels by video segment
    timestamps for Stored Video Label Detection APIs.
  * api-change:``sagemaker-metrics``: [``botocore``] This release introduces support SageMaker
    Metrics APIs.
  * api-change:``wafv2``: [``botocore``] Documents the naming requirement for logging destinations
    that you use with web ACLs.
- from version 1.26.27
  * api-change:``iotfleetwise``: [``botocore``] Deprecated assignedValue property for actuators and
    attributes.  Added a message to invalid nodes and invalid decoder manifest exceptions.
  * api-change:``logs``: [``botocore``] Doc-only update for CloudWatch Logs, for Tagging Permissions
    clarifications
  * api-change:``medialive``: [``botocore``] Link devices now support buffer size (latency)
    configuration. A higher latency value means a longer delay in transmitting from the device to
    MediaLive, but improved resiliency. A lower latency value means a shorter delay, but less
    resiliency.
  * api-change:``mediapackage-vod``: [``botocore``] This release provides the approximate number of
    assets in a packaging group.
- Update BuildRequires and Requires from setup.py

- Update to version 1.26.26
  * enhancement:Endpoint Provider Standard Library: [``botocore``] Correct spelling of 'library' in
    ``StandardLibrary`` class
  * api-change:``autoscaling``: [``botocore``] Adds support for metric math for target tracking
    scaling policies, saving you the cost and effort of publishing a custom metric to CloudWatch. Also
    adds support for VPC Lattice by adding the Attach/Detach/DescribeTrafficSources APIs and a new
    health check type to the CreateAutoScalingGroup API.
  * api-change:``iottwinmaker``: [``botocore``] This release adds the following new features: 1) New
    APIs for managing a continuous sync of assets and asset models from AWS IoT SiteWise. 2) Support
    user friendly names for component types (ComponentTypeName) and properties (DisplayName).
  * api-change:``migrationhubstrategy``: [``botocore``] This release adds known application
    filtering, server selection for assessments, support for potential recommendations, and indications
    for configuration and assessment status. For more information, see the AWS Migration Hub
    documentation at https://docs.aws.amazon.com/migrationhub/index.html
- from version 1.26.25
  * api-change:``ce``: [``botocore``] This release adds the LinkedAccountName field to the
    GetAnomalies API response under RootCause
  * api-change:``cloudfront``: [``botocore``] Introducing UpdateDistributionWithStagingConfig that
    can be used to promote the staging configuration to the production.
  * api-change:``eks``: [``botocore``] Adds support for EKS add-ons configurationValues fields and
    DescribeAddonConfiguration function
  * api-change:``kms``: [``botocore``] Updated examples and exceptions for External Key Store (XKS).
- from version 1.26.24
  * api-change:``billingconductor``: [``botocore``] This release adds the Tiering Pricing Rule
    feature.
  * api-change:``connect``: [``botocore``] This release provides APIs that enable you to
    programmatically manage rules for Contact Lens conversational analytics and third party
    applications. For more information, see
    https://docs.aws.amazon.com/connect/latest/APIReference/rules-api.html
  * api-change:``dynamodb``: [``botocore``] Endpoint Ruleset update: Use http instead of https for
    the "local" region.
  * api-change:``dynamodbstreams``: [``botocore``] Update dynamodbstreams client to latest version
  * api-change:``rds``: [``botocore``] This release adds the BlueGreenDeploymentNotFoundFault to the
    AddTagsToResource, ListTagsForResource, and RemoveTagsFromResource operations.
  * api-change:``sagemaker-featurestore-runtime``: [``botocore``] For online + offline Feature
    Groups, added ability to target PutRecord and DeleteRecord actions to only online store, or only
    offline store. If target store parameter is not specified, actions will apply to both stores.
- from version 1.26.23
  * api-change:``ce``: [``botocore``] This release introduces two new APIs that offer a 1-click
    experience to refresh Savings Plans recommendations. The two APIs are
    StartSavingsPlansPurchaseRecommendationGeneration and
    ListSavingsPlansPurchaseRecommendationGeneration.
  * api-change:``ec2``: [``botocore``] Documentation updates for EC2.
  * api-change:``ivschat``: [``botocore``] Adds PendingVerification error type to messaging APIs to
    block the resource usage for accounts identified as being fraudulent.
  * api-change:``rds``: [``botocore``] This release adds the InvalidDBInstanceStateFault to the
    RestoreDBClusterFromSnapshot operation.
  * api-change:``transcribe``: [``botocore``] Amazon Transcribe now supports creating custom language
    models in the following languages: Japanese (ja-JP) and German (de-DE).
- from version 1.26.22
  * api-change:``appsync``: [``botocore``] Fixes the URI for the evaluatecode endpoint to include the
    /v1 prefix (ie. "/v1/dataplane-evaluatecode").
  * api-change:``ecs``: [``botocore``] Documentation updates for Amazon ECS
  * api-change:``fms``: [``botocore``] AWS Firewall Manager now supports Fortigate Cloud Native
    Firewall as a Service as a third-party policy type.
  * api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has added support
    for configurable ID3 eMSG box attributes and the ability to signal them with InbandEventStream tags
    in DASH and CMAF outputs.
  * api-change:``medialive``: [``botocore``] Updates to Event Signaling and Management (ESAM) API and
    documentation.
  * api-change:``polly``: [``botocore``] Add language code for Finnish (fi-FI)
  * api-change:``proton``: [``botocore``] CreateEnvironmentAccountConnection RoleArn input is now
    optional
  * api-change:``redshift-serverless``: [``botocore``] Add Table Level Restore operations for Amazon
    Redshift Serverless. Add multi-port support for Amazon Redshift Serverless endpoints. Add Tagging
    support to Snapshots and Recovery Points in Amazon Redshift Serverless.
  * api-change:``sns``: [``botocore``] This release adds the message payload-filtering feature to the
    SNS Subscribe, SetSubscriptionAttributes, and GetSubscriptionAttributes API actions
- Update BuildRequires and Requires from setup.py

- Update to version 1.26.21
  * api-change:``codecatalyst``: [``botocore``] This release adds operations that support customers
    using the AWS Toolkits and Amazon CodeCatalyst, a unified software development service that helps
    developers develop, deploy, and maintain applications in the cloud. For more information, see the
    documentation.
  * api-change:``comprehend``: [``botocore``] Comprehend now supports semi-structured documents (such
    as PDF files or image files) as inputs for custom analysis using the synchronous APIs
    (ClassifyDocument and DetectEntities).
  * api-change:``gamelift``: [``botocore``] GameLift introduces a new feature, GameLift Anywhere.
    GameLift Anywhere allows you to integrate your own compute resources with GameLift. You can also
    use GameLift Anywhere to iteratively test your game servers without uploading the build to GameLift
    for every iteration.
  * api-change:``pipes``: [``botocore``] AWS introduces new Amazon EventBridge Pipes which allow you
    to connect sources (SQS, Kinesis, DDB, Kafka, MQ) to Targets (14+ EventBridge Targets) without any
    code, with filtering, batching, input transformation, and an optional Enrichment stage (Lambda,
    StepFunctions, ApiGateway, ApiDestinations)
  * api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version
- from version 1.26.20
  * api-change:``accessanalyzer``: [``botocore``] This release adds support for S3 cross account
    access points. IAM Access Analyzer will now produce public or cross account findings when it
    detects bucket delegation to external account access points.
  * api-change:``athena``: [``botocore``] This release includes support for using Apache Spark in
    Amazon Athena.
  * api-change:``dataexchange``: [``botocore``] This release enables data providers to license direct
    access to data in their Amazon S3 buckets or AWS Lake Formation data lakes through AWS Data
    Exchange. Subscribers get read-only access to the data and can use it in downstream AWS services,
    like Amazon Athena, without creating or managing copies.
  * api-change:``docdb-elastic``: [``botocore``] Launched Amazon DocumentDB Elastic Clusters. You can
    now use the SDK to create, list, update and delete Amazon DocumentDB Elastic Cluster resources
  * api-change:``glue``: [``botocore``] This release adds support for AWS Glue Data Quality, which
    helps you evaluate and monitor the quality of your data and includes the API for creating,
    deleting, or updating data quality rulesets, runs and evaluations.
  * api-change:``s3control``: [``botocore``] Amazon S3 now supports cross-account access points. S3
    bucket owners can now allow trusted AWS accounts to create access points associated with their
    bucket.
  * api-change:``sagemaker-geospatial``: [``botocore``] This release provides Amazon SageMaker
    geospatial APIs to build, train, deploy and visualize geospatial models.
  * api-change:``sagemaker``: [``botocore``] Added Models as part of the Search API. Added Model
    shadow deployments in realtime inference, and shadow testing in managed inference. Added support
    for shared spaces, geospatial APIs, Model Cards, AutoMLJobStep in pipelines, Git repositories on
    user profiles and domains, Model sharing in Jumpstart.
- from version 1.26.19
  * api-change:``ec2``: [``botocore``] This release adds support for AWS Verified Access and the
    Hpc6id Amazon EC2 compute optimized instance type, which features 3rd generation Intel Xeon
    Scalable processors.
  * api-change:``firehose``: [``botocore``] Allow support for the Serverless offering for Amazon
    OpenSearch Service as a Kinesis Data Firehose delivery destination.
  * api-change:``kms``: [``botocore``] AWS KMS introduces the External Key Store (XKS), a new feature
    for customers who want to protect their data with encryption keys stored in an external key
    management system under their control.
  * api-change:``omics``: [``botocore``] Amazon Omics is a new, purpose-built service that can be
    used by healthcare and life science organizations to store, query, and analyze omics data. The
    insights from that data can be used to accelerate scientific discoveries and improve healthcare.
  * api-change:``opensearchserverless``: [``botocore``] Publish SDK for Amazon OpenSearch Serverless
  * api-change:``securitylake``: [``botocore``] Amazon Security Lake automatically centralizes
    security data from cloud, on-premises, and custom sources into a purpose-built data lake stored in
    your account. Security Lake makes it easier to analyze security data, so you can improve the
    protection of your workloads, applications, and data
  * api-change:``simspaceweaver``: [``botocore``] AWS SimSpace Weaver is a new service that helps
    customers build spatial simulations at new levels of scale - resulting in virtual worlds with
    millions of dynamic entities. See the AWS SimSpace Weaver developer guide for more details on how
    to get started. https://docs.aws.amazon.com/simspaceweaver
- from version 1.26.18
  * api-change:``arc-zonal-shift``: [``botocore``] Amazon Route 53 Application Recovery Controller
    Zonal Shift is a new service that makes it easy to shift traffic away from an Availability Zone in
    a Region. See the developer guide for more information:
    https://docs.aws.amazon.com/r53recovery/latest/dg/what-is-route53-recovery.html
  * api-change:``compute-optimizer``: [``botocore``] Adds support for a new recommendation preference
    that makes it possible for customers to optimize their EC2 recommendations by utilizing an external
    metrics ingestion service to provide metrics.
  * api-change:``config``: [``botocore``] With this release, you can use AWS Config to evaluate your
    resources for compliance with Config rules before they are created or updated. Using Config rules
    in proactive mode enables you to test and build compliant resource templates or check resource
    configurations at the time they are provisioned.
  * api-change:``ec2``: [``botocore``] Introduces ENA Express, which uses AWS SRD and dynamic routing
    to increase throughput and minimize latency, adds support for trust relationships between
    Reachability Analyzer and AWS Organizations to enable cross-account analysis, and adds support for
    Infrastructure Performance metric subscriptions.
  * api-change:``eks``: [``botocore``] Adds support for additional EKS add-ons metadata and filtering
    fields
  * api-change:``fsx``: [``botocore``] This release adds support for 4GB/s / 160K PIOPS FSx for ONTAP
    file systems and 10GB/s / 350K PIOPS FSx for OpenZFS file systems (Single_AZ_2). For FSx for ONTAP,
    this also adds support for DP volumes, snapshot policy, copy tags to backups, and Multi-AZ route
    table updates.
  * api-change:``glue``: [``botocore``] This release allows the creation of Custom Visual Transforms
    (Dynamic Transforms) to be created via AWS Glue CLI/SDK.
  * api-change:``inspector2``: [``botocore``] This release adds support for Inspector to scan AWS
    Lambda.
  * api-change:``lambda``: [``botocore``] Adds support for Lambda SnapStart, which helps improve the
    startup performance of functions. Customers can now manage SnapStart based functions via
    CreateFunction and UpdateFunctionConfiguration APIs
  * api-change:``license-manager-user-subscriptions``: [``botocore``] AWS now offers fully-compliant,
    Amazon-provided licenses for Microsoft Office Professional Plus 2021 Amazon Machine Images (AMIs)
    on Amazon EC2. These AMIs are now available on the Amazon EC2 console and on AWS Marketplace to
    launch instances on-demand without any long-term licensing commitments.
  * api-change:``macie2``: [``botocore``] Added support for configuring Macie to continually sample
    objects from S3 buckets and inspect them for sensitive data. Results appear in statistics,
    findings, and other data that Macie provides.
  * api-change:``quicksight``: [``botocore``] This release adds new Describe APIs and updates Create
    and Update APIs to support the data model for Dashboards, Analyses, and Templates.
  * api-change:``s3control``: [``botocore``] Added two new APIs to support Amazon S3 Multi-Region
    Access Point failover controls: GetMultiRegionAccessPointRoutes and
    SubmitMultiRegionAccessPointRoutes. The failover control APIs are supported in the following
    Regions: us-east-1, us-west-2, eu-west-1, ap-southeast-2, and ap-northeast-1.
  * api-change:``securityhub``: [``botocore``] Adding StandardsManagedBy field to DescribeStandards
    API response
- from version 1.26.17
  * bugfix:dynamodb: Fixes duplicate serialization issue in DynamoDB BatchWriter
  * api-change:``backup``: [``botocore``] AWS Backup introduces support for legal hold and
    application stack backups. AWS Backup Audit Manager introduces support for cross-Region,
    cross-account reports.
  * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
  * api-change:``drs``: [``botocore``] Non breaking changes to existing APIs, and additional APIs
    added to support in-AWS failing back using AWS Elastic Disaster Recovery.
  * api-change:``ecs``: [``botocore``] This release adds support for ECS Service Connect, a new
    capability that simplifies writing and operating resilient distributed applications. This release
    updates the TaskDefinition, Cluster, Service mutation APIs with Service connect constructs and also
    adds a new ListServicesByNamespace API.
  * api-change:``efs``: [``botocore``] Update efs client to latest version
  * api-change:``iot-data``: [``botocore``] This release adds support for MQTT5 properties to AWS IoT
    HTTP Publish API.
  * api-change:``iot``: [``botocore``] Job scheduling enables the scheduled rollout of a Job with
    start and end times and a customizable end behavior when end time is reached. This is available for
    continuous and snapshot jobs. Added support for MQTT5 properties to AWS IoT TopicRule Republish
    Action.
  * api-change:``iotwireless``: [``botocore``] This release includes a new feature for customers to
    calculate the position of their devices by adding three new APIs: UpdateResourcePosition,
    GetResourcePosition, and GetPositionEstimate.
  * api-change:``kendra``: [``botocore``] Amazon Kendra now supports preview of table information
    from HTML tables in the search results. The most relevant cells with their corresponding rows,
    columns are displayed as a preview in the search result. The most relevant table cell or cells are
    also highlighted in table preview.
  * api-change:``logs``: [``botocore``] Updates to support CloudWatch Logs data protection and
    CloudWatch cross-account observability
  * api-change:``mgn``: [``botocore``] This release adds support for Application and Wave management.
    We also now support custom post-launch actions.
  * api-change:``oam``: [``botocore``] Amazon CloudWatch Observability Access Manager is a new
    service that allows configuration of the CloudWatch cross-account observability feature.
  * api-change:``organizations``: [``botocore``] This release introduces delegated administrator for
    AWS Organizations, a new feature to help you delegate the management of your Organizations
    policies, enabling you to govern your AWS organization in a decentralized way. You can now allow
    member accounts to manage Organizations policies.
  * api-change:``rds``: [``botocore``] This release enables new Aurora and RDS feature called
    Blue/Green Deployments that makes updates to databases safer, simpler and faster.
  * api-change:``textract``: [``botocore``] This release adds support for classifying and splitting
    lending documents by type, and extracting information by using the Analyze Lending APIs. This
    release also includes support for summarized information of the processed lending document package,
    in addition to per document results.
  * api-change:``transcribe``: [``botocore``] This release adds support for 'inputType' for post-call
    and real-time (streaming) Call Analytics within Amazon Transcribe.
- from version 1.26.16
  * api-change:``grafana``: [``botocore``] This release includes support for configuring a Grafana
    workspace to connect to a datasource within a VPC as well as new APIs for configuring Grafana
    settings.
  * api-change:``rbin``: [``botocore``] This release adds support for Rule Lock for Recycle Bin,
    which allows you to lock retention rules so that they can no longer be modified or deleted.
- from version 1.26.15
  * bugfix:Endpoints: [``botocore``] Resolve endpoint with default partition when no region is set
  * bugfix:s3: [``botocore``] fixes missing x-amz-content-sha256 header for s3 object lambda
  * api-change:``appflow``: [``botocore``] Adding support for Amazon AppFlow to transfer the data to
    Amazon Redshift databases through Amazon Redshift Data API service. This feature will support the
    Redshift destination connector on both public and private accessible Amazon Redshift Clusters and
    Amazon Redshift Serverless.
  * api-change:``kinesisanalyticsv2``: [``botocore``] Support for Apache Flink 1.15 in Kinesis Data
    Analytics.
- from version 1.26.14
  * api-change:``route53``: [``botocore``] Amazon Route 53 now supports the Asia Pacific (Hyderabad)
    Region (ap-south-2) for latency records, geoproximity records, and private DNS for Amazon VPCs in
    that region.
- from version 1.26.13
  * api-change:``appflow``: [``botocore``] AppFlow provides a new API called
    UpdateConnectorRegistration to update a custom connector that customers have previously registered.
    With this API, customers no longer need to unregister and then register a connector to make an
    update.
  * api-change:``auditmanager``: [``botocore``] This release introduces a new feature for Audit
    Manager: Evidence finder. You can now use evidence finder to quickly query your evidence, and add
    the matching evidence results to an assessment report.
  * api-change:``chime-sdk-voice``: [``botocore``] Amazon Chime Voice Connector, Voice Connector
    Group and PSTN Audio Service APIs are now available in the Amazon Chime SDK Voice namespace. See
    https://docs.aws.amazon.com/chime-sdk/latest/dg/sdk-available-regions.html for more details.
  * api-change:``cloudfront``: [``botocore``] CloudFront API support for staging distributions and
    associated traffic management policies.
  * api-change:``connect``: [``botocore``] Added AllowedAccessControlTags and TagRestrictedResource
    for Tag Based Access Control on Amazon Connect Webpage
  * api-change:``dynamodb``: [``botocore``] Updated minor fixes for DynamoDB documentation.
  * api-change:``dynamodbstreams``: [``botocore``] Update dynamodbstreams client to latest version
  * api-change:``ec2``: [``botocore``] This release adds support for copying an Amazon Machine
    Image's tags when copying an AMI.
  * api-change:``glue``: [``botocore``] AWSGlue Crawler - Adding support for Table and Column level
    Comments with database level datatypes for JDBC based crawler.
  * api-change:``iot-roborunner``: [``botocore``] AWS IoT RoboRunner is a new service that makes it
    easy to build applications that help multi-vendor robots work together seamlessly. See the IoT
    RoboRunner developer guide for more details on getting started.
    https://docs.aws.amazon.com/iotroborunner/latest/dev/iotroborunner-welcome.html
  * api-change:``quicksight``: [``botocore``] This release adds the following: 1) Asset management
    for centralized assets governance 2) QuickSight Q now supports public embedding 3) New Termination
    protection flag to mitigate accidental deletes 4) Athena data sources now accept a custom IAM role
    5) QuickSight supports connectivity to Databricks
  * api-change:``sagemaker``: [``botocore``] Added DisableProfiler flag as a new field in
    ProfilerConfig
  * api-change:``servicecatalog``: [``botocore``] This release 1. adds support for Principal Name
    Sharing with Service Catalog portfolio sharing. 2. Introduces repo sourced products which are
    created and managed with existing SC APIs. These products are synced to external repos and auto
    create new product versions based on changes in the repo.
  * api-change:``ssm-sap``: [``botocore``] AWS Systems Manager for SAP provides simplified operations
    and management of SAP applications such as SAP HANA. With this release, SAP customers and partners
    can automate and simplify their SAP system administration tasks such as backup/restore of SAP HANA.
  * api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version
  * api-change:``transfer``: [``botocore``] Adds a NONE encryption algorithm type to AS2 connectors,
    providing support for skipping encryption of the AS2 message body when a HTTPS URL is also
    specified.
- from version 1.26.12
  * api-change:``amplify``: [``botocore``] Adds a new value (WEB_COMPUTE) to the Platform enum that
    allows customers to create Amplify Apps with Server-Side Rendering support.
  * api-change:``appflow``: [``botocore``] AppFlow simplifies the preparation and cataloging of SaaS
    data into the AWS Glue Data Catalog where your data can be discovered and accessed by AWS analytics
    and ML services. AppFlow now also supports data field partitioning and file size optimization to
    improve query performance and reduce cost.
  * api-change:``appsync``: [``botocore``] This release introduces the APPSYNC_JS runtime, and adds
    support for JavaScript in AppSync functions and AppSync pipeline resolvers.
  * api-change:``dms``: [``botocore``] Adds support for Internet Protocol Version 6 (IPv6) on DMS
    Replication Instances
  * api-change:``ec2``: [``botocore``] This release adds a new optional parameter "privateIpAddress"
    for the CreateNatGateway API. PrivateIPAddress will allow customers to select a custom Private IPv4
    address instead of having it be auto-assigned.
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
  * api-change:``emr-serverless``: [``botocore``] Adds support for AWS Graviton2 based applications.
    You can now select CPU architecture when creating new applications or updating existing ones.
  * api-change:``ivschat``: [``botocore``] Adds LoggingConfiguration APIs for IVS Chat - a feature
    that allows customers to store and record sent messages in a chat room to S3 buckets, CloudWatch
    logs, or Kinesis firehose.
  * api-change:``lambda``: [``botocore``] Add Node 18 (nodejs18.x) support to AWS Lambda.
  * api-change:``personalize``: [``botocore``] This release provides support for creation and use of
    metric attributions in AWS Personalize
  * api-change:``polly``: [``botocore``] Add two new neural voices - Ola (pl-PL) and Hala (ar-AE).
  * api-change:``rum``: [``botocore``] CloudWatch RUM now supports custom events. To use custom
    events, create an app monitor or update an app monitor with CustomEvent Status as ENABLED.
  * api-change:``s3control``: [``botocore``] Added 34 new S3 Storage Lens metrics to support
    additional customer use cases.
  * api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager.
  * api-change:``securityhub``: [``botocore``] Added SourceLayerArn and SourceLayerHash field for
    security findings.  Updated AwsLambdaFunction Resource detail
  * api-change:``servicecatalog-appregistry``: [``botocore``] This release adds support for tagged
    resource associations, which allows you to associate a group of resources with a defined resource
    tag key and value to the application.
  * api-change:``sts``: [``botocore``] Documentation updates for AWS Security Token Service.
  * api-change:``textract``: [``botocore``] This release adds support for specifying and extracting
    information from documents using the Signatures feature within Analyze Document API
  * api-change:``workspaces``: [``botocore``] The release introduces CreateStandbyWorkspaces, an API
    that allows you to create standby WorkSpaces associated with a primary WorkSpace in another Region.
    DescribeWorkspaces now includes related WorkSpaces properties. DescribeWorkspaceBundles and
    CreateWorkspaceBundle now return more bundle details.
- from version 1.26.11
  * api-change:``batch``: [``botocore``] Documentation updates related to Batch on EKS
  * api-change:``billingconductor``: [``botocore``] This release adds a new feature BillingEntity
    pricing rule.
  * api-change:``cloudformation``: [``botocore``] Added UnsupportedTarget HandlerErrorCode for use
    with CFN Resource Hooks
  * api-change:``comprehendmedical``: [``botocore``] This release supports new set of entities and
    traits. It also adds new category (BEHAVIORAL_ENVIRONMENTAL_SOCIAL).
  * api-change:``connect``: [``botocore``] This release adds a new MonitorContact API for initiating
    monitoring of ongoing Voice and Chat contacts.
  * api-change:``eks``: [``botocore``] Adds support for customer-provided placement groups for
    Kubernetes control plane instances when creating local EKS clusters on Outposts
  * api-change:``elasticache``: [``botocore``] for Redis now supports AWS Identity and Access
    Management authentication access to Redis clusters starting with redis-engine version 7.0
  * api-change:``iottwinmaker``: [``botocore``] This release adds the following: 1) ExecuteQuery API
    allows users to query their AWS IoT TwinMaker Knowledge Graph 2) Pricing plan APIs allow users to
    configure and manage their pricing mode 3) Support for property groups and tabular property values
    in existing AWS IoT TwinMaker APIs.
  * api-change:``personalize-events``: [``botocore``] This release provides support for creation and
    use of metric attributions in AWS Personalize
  * api-change:``proton``: [``botocore``] Add support for sorting and filtering in
    ListServiceInstances
  * api-change:``rds``: [``botocore``] This release adds support for container databases (CDBs) to
    Amazon RDS Custom for Oracle. A CDB contains one PDB at creation. You can add more PDBs using
    Oracle SQL. You can also customize your database installation by setting the Oracle base, Oracle
    home, and the OS user name and group.
  * api-change:``ssm-incidents``: [``botocore``] Add support for PagerDuty integrations on
    ResponsePlan, IncidentRecord, and RelatedItem APIs
  * api-change:``ssm``: [``botocore``] This release adds support for cross account access in
    CreateOpsItem, UpdateOpsItem and GetOpsItem. It introduces new APIs to setup resource policies for
    SSM resources: PutResourcePolicy, GetResourcePolicies and DeleteResourcePolicy.
  * api-change:``transfer``: [``botocore``] Allow additional operations to throw ThrottlingException
  * api-change:``xray``: [``botocore``] This release adds new APIs - PutResourcePolicy,
    DeleteResourcePolicy, ListResourcePolicies for supporting resource based policies for AWS X-Ray.
- from version 1.26.10
  * bugfix:s3: [``botocore``] fixes missing x-amz-content-sha256 header for s3 on outpost
  * enhancement:sso: [``botocore``] Add support for loading sso-session profiles from the aws config
  * api-change:``connect``: [``botocore``] This release updates the APIs: UpdateInstanceAttribute,
    DescribeInstanceAttribute, and ListInstanceAttributes. You can use it to programmatically
    enable/disable enhanced contact monitoring using attribute type ENHANCED_CONTACT_MONITORING on the
    specified Amazon Connect instance.
  * api-change:``greengrassv2``: [``botocore``] Adds new parent target ARN paramater to
    CreateDeployment, GetDeployment, and ListDeployments APIs for the new subdeployments feature.
  * api-change:``route53``: [``botocore``] Amazon Route 53 now supports the Europe (Spain) Region
    (eu-south-2) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
    region.
  * api-change:``ssmsap``: [``botocore``] AWS Systems Manager for SAP provides simplified operations
    and management of SAP applications such as SAP HANA. With this release, SAP customers and partners
    can automate and simplify their SAP system administration tasks such as backup/restore of SAP HANA.
  * api-change:``workspaces``: [``botocore``] This release introduces
    ModifyCertificateBasedAuthProperties, a new API that allows control of certificate-based auth
    properties associated with a WorkSpaces directory. The DescribeWorkspaceDirectories API will now
    additionally return certificate-based auth properties in its responses.
- from version 1.26.9
  * api-change:``customer-profiles``: [``botocore``] This release enhances the SearchProfiles API by
    providing functionality to search for profiles using multiple keys and logical operators.
  * api-change:``lakeformation``: [``botocore``] This release adds a new parameter "Parameters" in
    the DataLakeSettings.
  * api-change:``managedblockchain``: [``botocore``] Updating the API docs data type:
    NetworkEthereumAttributes, and the operations DeleteNode, and CreateNode to also include the
    supported Goerli network.
  * api-change:``proton``: [``botocore``] Add support for CodeBuild Provisioning
  * api-change:``rds``: [``botocore``] This release adds support for restoring an RDS Multi-AZ DB
    cluster snapshot to a Single-AZ deployment or a Multi-AZ DB instance deployment.
  * api-change:``workdocs``: [``botocore``] Added 2 new document related operations,
    DeleteDocumentVersion and RestoreDocumentVersions.
  * api-change:``xray``: [``botocore``] This release enhances GetServiceGraph API to support new type
    of edge to represent links between SQS and Lambda in event-driven applications.
- Update BuildRequires and Requires from setup.py

- Update to version 1.26.8
  * api-change:``glue``: [``botocore``] Added links related to enabling job bookmarks.
  * api-change:``iot``: [``botocore``] This release add new api listRelatedResourcesForAuditFinding
    and new member type IssuerCertificates for Iot device device defender Audit.
  * api-change:``license-manager``: [``botocore``] AWS License Manager now supports onboarded
    Management Accounts or Delegated Admins to view granted licenses aggregated from all accounts in
    the organization.
  * api-change:``marketplace-catalog``: [``botocore``] Added three new APIs to support tagging and
    tag-based authorization: TagResource, UntagResource, and ListTagsForResource. Added optional
    parameters to the StartChangeSet API to support tagging a resource while making a request to create
    it.
  * api-change:``rekognition``: [``botocore``] Adding support for ImageProperties feature to detect
    dominant colors and image brightness, sharpness, and contrast, inclusion and exclusion filters for
    labels and label categories, new fields to the API response, "aliases" and "categories"
  * api-change:``securityhub``: [``botocore``] Documentation updates for Security Hub
  * api-change:``ssm-incidents``: [``botocore``] RelatedItems now have an ID field which can be used
    for referencing them else where. Introducing event references in TimelineEvent API and increasing
    maximum length of "eventData" to 12K characters.
- from version 1.26.7
  * api-change:``autoscaling``: [``botocore``] This release adds a new price capacity optimized
    allocation strategy for Spot Instances to help customers optimize provisioning of Spot Instances
    via EC2 Auto Scaling, EC2 Fleet, and Spot Fleet. It allocates Spot Instances based on both spare
    capacity availability and Spot Instance price.
  * api-change:``ec2``: [``botocore``] This release adds a new price capacity optimized allocation
    strategy for Spot Instances to help customers optimize provisioning of Spot Instances via EC2 Auto
    Scaling, EC2 Fleet, and Spot Fleet. It allocates Spot Instances based on both spare capacity
    availability and Spot Instance price.
  * api-change:``ecs``: [``botocore``] This release adds support for task scale-in protection with
    updateTaskProtection and getTaskProtection APIs. UpdateTaskProtection API can be used to protect a
    service managed task from being terminated by scale-in events and getTaskProtection API to get the
    scale-in protection status of a task.
  * api-change:``es``: [``botocore``] Amazon OpenSearch Service now offers managed VPC endpoints to
    connect to your Amazon OpenSearch Service VPC-enabled domain in a Virtual Private Cloud (VPC). This
    feature allows you to privately access OpenSearch Service domain without using public IPs or
    requiring traffic to traverse the Internet.
  * api-change:``resource-explorer-2``: [``botocore``] Text only updates to some Resource Explorer
    descriptions.
  * api-change:``scheduler``: [``botocore``] AWS introduces the new Amazon EventBridge Scheduler.
    EventBridge Scheduler is a serverless scheduler that allows you to create, run, and manage tasks
    from one central, managed service.
- from version 1.26.6
  * api-change:``connect``: [``botocore``] This release adds new fields SignInUrl, UserArn, and
    UserId to GetFederationToken response payload.
  * api-change:``connectcases``: [``botocore``] This release adds the ability to disable templates
    through the UpdateTemplate API. Disabling templates prevents customers from creating cases using
    the template. For more information see
    https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
  * api-change:``ec2``: [``botocore``] Amazon EC2 Trn1 instances, powered by AWS Trainium chips, are
    purpose built for high-performance deep learning training. u-24tb1.112xlarge and u-18tb1.112xlarge
    High Memory instances are purpose-built to run large in-memory databases.
  * api-change:``groundstation``: [``botocore``] This release adds the preview of customer-provided
    ephemeris support for AWS Ground Station, allowing space vehicle owners to provide their own
    position and trajectory information for a satellite.
  * api-change:``mediapackage-vod``: [``botocore``] This release adds "IncludeIframeOnlyStream" for
    Dash endpoints.
  * api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.26.5
  * api-change:``acm``: [``botocore``] Support added for requesting elliptic curve certificate key
    algorithm types P-256 (EC_prime256v1) and P-384 (EC_secp384r1).
  * api-change:``billingconductor``: [``botocore``] This release adds the Recurring Custom Line Item
    feature along with a new API ListCustomLineItemVersions.
  * api-change:``ec2``: [``botocore``] This release enables sharing of EC2 Placement Groups across
    accounts and within AWS Organizations using Resource Access Manager
  * api-change:``fms``: [``botocore``] AWS Firewall Manager now supports importing existing AWS
    Network Firewall firewalls into Firewall Manager policies.
  * api-change:``lightsail``: [``botocore``] This release adds support for Amazon Lightsail to
    automate the delegation of domains registered through Amazon Route 53 to Lightsail DNS management
    and to automate record creation for DNS validation of Lightsail SSL/TLS certificates.
  * api-change:``opensearch``: [``botocore``] Amazon OpenSearch Service now offers managed VPC
    endpoints to connect to your Amazon OpenSearch Service VPC-enabled domain in a Virtual Private
    Cloud (VPC). This feature allows you to privately access OpenSearch Service domain without using
    public IPs or requiring traffic to traverse the Internet.
  * api-change:``polly``: [``botocore``] Amazon Polly adds new voices: Elin (sv-SE), Ida (nb-NO),
    Laura (nl-NL) and Suvi (fi-FI). They are available as neural voices only.
  * api-change:``resource-explorer-2``: [``botocore``] This is the initial SDK release for AWS
    Resource Explorer. AWS Resource Explorer lets your users search for and discover your AWS resources
    across the AWS Regions in your account.
  * api-change:``route53``: [``botocore``] Amazon Route 53 now supports the Europe (Zurich) Region
    (eu-central-2) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
    region.
  * api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.26.4
  * api-change:``athena``: [``botocore``] Adds support for using Query Result Reuse
  * api-change:``autoscaling``: [``botocore``] This release adds support for two new attributes for
    attribute-based instance type selection - NetworkBandwidthGbps and AllowedInstanceTypes.
  * api-change:``cloudtrail``: [``botocore``] This release includes support for configuring a
    delegated administrator to manage an AWS Organizations organization CloudTrail trails and event
    data stores, and AWS Key Management Service encryption of CloudTrail Lake event data stores.
  * api-change:``ec2``: [``botocore``] This release adds support for two new attributes for
    attribute-based instance type selection - NetworkBandwidthGbps and AllowedInstanceTypes.
  * api-change:``elasticache``: [``botocore``] Added support for IPv6 and dual stack for Memcached
    and Redis clusters. Customers can now launch new Redis and Memcached clusters with IPv6 and dual
    stack networking support.
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
  * api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has added support
    for setting the SDR reference white point for HDR conversions and conversion of HDR10 to
    DolbyVision without mastering metadata.
  * api-change:``ssm``: [``botocore``] This release includes support for applying a CloudWatch alarm
    to multi account multi region Systems Manager Automation
  * api-change:``wafv2``: [``botocore``] The geo match statement now adds labels for country and
    region. You can match requests at the region level by combining a geo match statement with label
    match statements.
  * api-change:``wellarchitected``: [``botocore``] This release adds support for integrations with
    AWS Trusted Advisor and AWS Service Catalog AppRegistry to improve workload discovery and speed up
    your workload reviews.
  * api-change:``workspaces``: [``botocore``] This release adds protocols attribute to workspaces
    properties data type. This enables customers to migrate workspaces from PC over IP (PCoIP) to
    WorkSpaces Streaming Protocol (WSP) using create and modify workspaces public APIs.
  * api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.26.3
  * api-change:``ec2``: [``botocore``] This release adds API support for the recipient of an AMI
    account share to remove shared AMI launch permissions.
  * api-change:``emr-containers``: [``botocore``] Adding support for Job templates. Job templates
    allow you to create and store templates to configure Spark applications parameters. This helps you
    ensure consistent settings across applications by reusing and enforcing configuration overrides in
    data pipelines.
  * api-change:``logs``: [``botocore``] Doc-only update for bug fixes and support of export to
    buckets encrypted with SSE-KMS
  * api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- Update BuildRequires and Requires from setup.py

- Update to version 1.26.2
  * api-change:``memorydb``: [``botocore``] Adding support for r6gd instances for MemoryDB Redis with
    data tiering. In a cluster with data tiering enabled, when available memory capacity is exhausted,
    the least recently used data is automatically tiered to solid state drives for cost-effective
    capacity scaling with minimal performance impact.
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker now supports running training jobs on
    ml.trn1 instance types.
  * api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.26.1
  * api-change:``iotsitewise``: [``botocore``] This release adds the ListAssetModelProperties and
    ListAssetProperties APIs. You can list all properties that belong to a single asset model or asset
    using these two new APIs.
  * api-change:``s3control``: [``botocore``] S3 on Outposts launches support for Lifecycle
    configuration for Outposts buckets. With S3 Lifecycle configuration, you can mange objects so they
    are stored cost effectively. You can manage objects using size-based rules and specify how many
    noncurrent versions bucket will retain.
  * api-change:``sagemaker``: [``botocore``] This release updates Framework model regex for
    ModelPackage to support new Framework version xgboost, sklearn.
  * api-change:``ssm-incidents``: [``botocore``] Adds support for tagging replication-set on creation.
- from version 1.26.0
  * feature:Endpoints: [``botocore``] Migrate all services to use new AWS Endpoint Resolution
    framework
  * Enhancement:Endpoints: [``botocore``] Discontinued use of `sslCommonName` hosts as detailed in
    1.27.0 (see `#2705 <https://github.com/boto/botocore/issues/2705>`__ for more info)
  * api-change:``rds``: [``botocore``] Relational Database Service - This release adds support for
    configuring Storage Throughput on RDS database instances.
  * api-change:``textract``: [``botocore``] Add ocr results in AnalyzeIDResponse as blocks
- from version 1.25.5
  * api-change:``apprunner``: [``botocore``] This release adds support for private App Runner
    services. Services may now be configured to be made private and only accessible from a VPC. The
    changes include a new VpcIngressConnection resource and several new and modified APIs.
  * api-change:``connect``: [``botocore``] Amazon connect now support a new API DismissUserContact to
    dismiss or remove terminated contacts in Agent CCP
  * api-change:``ec2``: [``botocore``] Elastic IP transfer is a new Amazon VPC feature that allows
    you to transfer your Elastic IP addresses from one AWS Account to another.
  * api-change:``iot``: [``botocore``] This release adds the Amazon Location action to IoT Rules
    Engine.
  * api-change:``logs``: [``botocore``] SDK release to support tagging for destinations and log
    groups with TagResource. Also supports tag on create with PutDestination.
  * api-change:``sesv2``: [``botocore``] This release includes support for interacting with the
    Virtual Deliverability Manager, allowing you to opt in/out of the feature and to retrieve
    recommendations and metric data.
  * api-change:``textract``: [``botocore``] This release introduces additional support for 30+
    normalized fields such as vendor address and currency. It also includes OCR output in the response
    and accuracy improvements for the already supported fields in previous version
- from version 1.25.4
  * api-change:``apprunner``: [``botocore``] AWS App Runner adds .NET 6, Go 1, PHP 8.1 and Ruby 3.1
    runtimes.
  * api-change:``appstream``: [``botocore``] This release includes CertificateBasedAuthProperties in
    CreateDirectoryConfig and UpdateDirectoryConfig.
  * api-change:``cloud9``: [``botocore``] Update to the documentation section of the Cloud9 API
    Reference guide.
  * api-change:``cloudformation``: [``botocore``] This release adds more fields to improves
    visibility of AWS CloudFormation StackSets information in following APIs: ListStackInstances,
    DescribeStackInstance, ListStackSetOperationResults, ListStackSetOperations,
    DescribeStackSetOperation.
  * api-change:``gamesparks``: [``botocore``] Add LATEST as a possible GameSDK Version on snapshot
  * api-change:``mediatailor``: [``botocore``] This release introduces support for SCTE-35
    segmentation descriptor messages which can be sent within time signal messages.
- from version 1.25.3
  * api-change:``ec2``: [``botocore``] Feature supports the replacement of instance root volume using
    an updated AMI without requiring customers to stop their instance.
  * api-change:``fms``: [``botocore``] Add support NetworkFirewall Managed Rule Group Override flag
    in GetViolationDetails API
  * api-change:``glue``: [``botocore``] Added support for custom datatypes when using custom csv
    classifier.
  * api-change:``redshift``: [``botocore``] This release clarifies use for the ElasticIp parameter of
    the CreateCluster and RestoreFromClusterSnapshot APIs.
  * api-change:``sagemaker``: [``botocore``] This change allows customers to provide a custom
    entrypoint script for the docker container to be run while executing training jobs, and provide
    custom arguments to the entrypoint script.
  * api-change:``wafv2``: [``botocore``] This release adds the following: Challenge rule action, to
    silently verify client browsers; rule group rule action override to any valid rule action, not just
    Count; token sharing between protected applications for challenge/CAPTCHA token; targeted rules
    option for Bot Control managed rule group.
- from version 1.25.2
  * api-change:``iam``: [``botocore``] Doc only update that corrects instances of CLI not using an
    entity.
  * api-change:``kafka``: [``botocore``] This release adds support for Tiered Storage. UpdateStorage
    allows you to control the Storage Mode for supported storage tiers.
  * api-change:``neptune``: [``botocore``] Added a new cluster-level attribute to set the capacity
    range for Neptune Serverless instances.
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Automatic Model Tuning now supports
    specifying Grid Search strategy for tuning jobs, which evaluates all hyperparameter combinations
    exhaustively based on the categorical hyperparameters provided.
- from version 1.25.1
  * api-change:``accessanalyzer``: [``botocore``] This release adds support for six new resource
    types in IAM Access Analyzer to help you easily identify public and cross-account access to your
    AWS resources. Updated service API, documentation, and paginators.
  * api-change:``location``: [``botocore``] Added new map styles with satellite imagery for map
    resources using HERE as a data provider.
  * api-change:``mediatailor``: [``botocore``] This release is a documentation update
  * api-change:``rds``: [``botocore``] Relational Database Service - This release adds support for
    exporting DB cluster data to Amazon S3.
  * api-change:``workspaces``: [``botocore``] This release adds new enums for supporting Workspaces
    Core features, including creating Manual running mode workspaces, importing regular Workspaces Core
    images and importing g4dn Workspaces Core images.
- Update BuildRequires and Requires from setup.py

- Update in SLE-15 (bsc#1204537, jsc#PED-2333)

- Update to version 1.25.0
  * feature:Endpoints: [``botocore``] Implemented new endpoint ruleset system to dynamically derive
    endpoints and settings for services
  * api-change:``acm-pca``: [``botocore``] AWS Private Certificate Authority (AWS Private CA) now
    offers usage modes which are combination of features to address specific use cases.
  * api-change:``batch``: [``botocore``] This release adds support for AWS Batch on Amazon EKS.
  * api-change:``datasync``: [``botocore``] Added support for self-signed certificates when using
    object storage locations; added BytesCompressed to the TaskExecution response.
  * api-change:``sagemaker``: [``botocore``] SageMaker Inference Recommender now supports a new API
    ListInferenceRecommendationJobSteps to return the details of all the benchmark we create for an
    inference recommendation job.
- from version 1.24.96
  * api-change:``cognito-idp``: [``botocore``] This release adds a new "DeletionProtection" field to
    the UserPool in Cognito. Application admins can configure this value with either ACTIVE or INACTIVE
    value. Setting this field to ACTIVE will prevent a user pool from accidental deletion.
  * api-change:``sagemaker``: [``botocore``] CreateInferenceRecommenderjob API now supports passing
    endpoint details directly, that will help customers to identify the max invocation and max latency
    they can achieve for their model and the associated endpoint along with getting recommendations on
    other instances.
- from version 1.24.95
  * api-change:``devops-guru``: [``botocore``] This release adds information about the resources
    DevOps Guru is analyzing.
  * api-change:``globalaccelerator``: [``botocore``] Global Accelerator now supports AddEndpoints and
    RemoveEndpoints operations for standard endpoint groups.
  * api-change:``resiliencehub``: [``botocore``] In this release, we are introducing support for
    regional optimization for AWS Resilience Hub applications. It also includes a few documentation
    updates to improve clarity.
  * api-change:``rum``: [``botocore``] CloudWatch RUM now supports Extended CloudWatch Metrics with
    Additional Dimensions
- from version 1.24.94
  * api-change:``chime-sdk-messaging``: [``botocore``] Documentation updates for Chime Messaging SDK
  * api-change:``cloudtrail``: [``botocore``] This release includes support for exporting CloudTrail
    Lake query results to an Amazon S3 bucket.
  * api-change:``config``: [``botocore``] This release adds resourceType enums for AppConfig,
    AppSync, DataSync, EC2, EKS, Glue, GuardDuty, SageMaker, ServiceDiscovery, SES, Route53 types.
  * api-change:``connect``: [``botocore``] This release adds API support for managing phone numbers
    that can be used across multiple AWS regions through telephony traffic distribution.
  * api-change:``events``: [``botocore``] Update events client to latest version
  * api-change:``managedblockchain``: [``botocore``] Adding new Accessor APIs for Amazon Managed
    Blockchain
  * api-change:``s3``: [``botocore``] Updates internal logic for constructing API endpoints. We have
    added rule-based endpoints and internal model parameters.
  * api-change:``s3control``: [``botocore``] Updates internal logic for constructing API endpoints.
    We have added rule-based endpoints and internal model parameters.
  * api-change:``support-app``: [``botocore``] This release adds the
    RegisterSlackWorkspaceForOrganization API. You can use the API to register a Slack workspace for an
    AWS account that is part of an organization.
  * api-change:``workspaces-web``: [``botocore``] WorkSpaces Web now supports user access logging for
    recording session start, stop, and URL navigation.
- from version 1.24.93
  * api-change:``frauddetector``: [``botocore``] Documentation Updates for Amazon Fraud Detector
  * api-change:``sagemaker``: [``botocore``] This change allows customers to enable data capturing
    while running a batch transform job, and configure monitoring schedule to monitoring the captured
    data.
  * api-change:``servicediscovery``: [``botocore``] Updated the ListNamespaces API to support the
    NAME and HTTP_NAME filters, and the BEGINS_WITH filter condition.
  * api-change:``sesv2``: [``botocore``] This release allows subscribers to enable Dedicated IPs
    (managed) to send email via a fully managed dedicated IP experience. It also adds identities'
    VerificationStatus in the response of GetEmailIdentity and ListEmailIdentities APIs, and ImportJobs
    counts in the response of ListImportJobs API.
- from version 1.24.92
  * api-change:``greengrass``: [``botocore``] This change allows customers to specify
    FunctionRuntimeOverride in FunctionDefinitionVersion. This configuration can be used if the runtime
    on the device is different from the AWS Lambda runtime specified for that function.
  * api-change:``sagemaker``: [``botocore``] This release adds support for C7g, C6g, C6gd, C6gn, M6g,
    M6gd, R6g, and R6gn Graviton instance types in Amazon SageMaker Inference.
- Update BuildRequires and Requires from setup.py

- Remove version constraint for python-pytest in BuildRequires

- Update to version 1.24.91
  * api-change:``mediaconvert``: [``botocore``] MediaConvert now supports specifying the minimum
    percentage of the HRD buffer available at the end of each encoded video segment.
- from version 1.24.90
  * api-change:``amplifyuibuilder``: [``botocore``] We are releasing the ability for fields to be
    configured as arrays.
  * api-change:``appflow``: [``botocore``] With this update, you can choose which Salesforce API is
    used by Amazon AppFlow to transfer data to or from your Salesforce account. You can choose the
    Salesforce REST API or Bulk API 2.0. You can also choose for Amazon AppFlow to pick the API
    automatically.
  * api-change:``connect``: [``botocore``] This release adds support for a secondary email and a
    mobile number for Amazon Connect instance users.
  * api-change:``ds``: [``botocore``] This release adds support for describing and updating AWS
    Managed Microsoft AD set up.
  * api-change:``ecs``: [``botocore``] Documentation update to address tickets.
  * api-change:``guardduty``: [``botocore``] Add UnprocessedDataSources to CreateDetectorResponse
    which specifies the data sources that couldn't be enabled during the CreateDetector request. In
    addition, update documentations.
  * api-change:``iam``: [``botocore``] Documentation updates for the AWS Identity and Access
    Management API Reference.
  * api-change:``iotfleetwise``: [``botocore``] Documentation update for AWS IoT FleetWise
  * api-change:``medialive``: [``botocore``] AWS Elemental MediaLive now supports forwarding SCTE-35
    messages through the Event Signaling and Management (ESAM) API, and can read those SCTE-35 messages
    from an inactive source.
  * api-change:``mediapackage-vod``: [``botocore``] This release adds SPEKE v2 support for
    MediaPackage VOD. Speke v2 is an upgrade to the existing SPEKE API to support multiple encryption
    keys, based on an encryption contract selected by the customer.
  * api-change:``panorama``: [``botocore``] Pause and resume camera stream processing with
    SignalApplicationInstanceNodeInstances. Reboot an appliance with CreateJobForDevices. More
    application state information in DescribeApplicationInstance response.
  * api-change:``rds-data``: [``botocore``] Doc update to reflect no support for schema parameter on
    BatchExecuteStatement API
  * api-change:``ssm-incidents``: [``botocore``] Update RelatedItem enum to support Tasks
  * api-change:``ssm``: [``botocore``] Support of AmazonLinux2022 by Patch Manager
  * api-change:``transfer``: [``botocore``] This release adds an option for customers to configure
    workflows that are triggered when files are only partially received from a client due to premature
    session disconnect.
  * api-change:``translate``: [``botocore``] This release enables customers to specify multiple
    target languages in asynchronous batch translation requests.
  * api-change:``wisdom``: [``botocore``] This release updates the GetRecommendations API to include
    a trigger event list for classifying and grouping recommendations.
- from version 1.24.89
  * api-change:``codeguru-reviewer``: [``botocore``] Documentation update to replace broken link.
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
  * api-change:``greengrassv2``: [``botocore``] This release adds error status details for
    deployments and components that failed on a device and adds features to improve visibility into
    component installation.
  * api-change:``quicksight``: [``botocore``] Amazon QuickSight now supports SecretsManager Secret
    ARN in place of CredentialPair for DataSource creation and update. This release also has some minor
    documentation updates and removes CountryCode as a required parameter in GeoSpatialColumnGroup
- from version 1.24.88
  * api-change:``resiliencehub``: [``botocore``] Documentation change for AWS Resilience Hub.
    Doc-only update to fix Documentation layout
- from version 1.24.87
  * api-change:``glue``: [``botocore``] This SDK release adds support to sync glue jobs with source
    control provider. Additionally, a new parameter called SourceControlDetails will be added to Job
    model.
  * api-change:``network-firewall``: [``botocore``] StreamExceptionPolicy configures how AWS Network
    Firewall processes traffic when a network connection breaks midstream
  * api-change:``outposts``: [``botocore``] This release adds the Asset state information to the
    ListAssets response. The ListAssets request supports filtering on Asset state.
- from version 1.24.86
  * api-change:``connect``: [``botocore``] Updated the CreateIntegrationAssociation API to support
    the CASES_DOMAIN IntegrationType.
  * api-change:``connectcases``: [``botocore``] This release adds APIs for Amazon Connect Cases.
    Cases allows your agents to quickly track and manage customer issues that require multiple
    interactions, follow-up tasks, and teams in your contact center.  For more information, see
    https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
  * api-change:``ec2``: [``botocore``] Added EnableNetworkAddressUsageMetrics flag for
    ModifyVpcAttribute, DescribeVpcAttribute APIs.
  * api-change:``ecs``: [``botocore``] Documentation updates to address various Amazon ECS tickets.
  * api-change:``s3control``: [``botocore``] S3 Object Lambda adds support to allow customers to
    intercept HeadObject and ListObjects requests and introduce their own compute. These requests were
    previously proxied to S3.
  * api-change:``workmail``: [``botocore``] This release adds support for impersonation roles in
    Amazon WorkMail.
- Update BuildRequires and Requires from setup.py

- Update to version 1.24.85
  * api-change:``accessanalyzer``: [``botocore``] AWS IAM Access Analyzer policy validation
    introduces new checks for role trust policies. As customers author a policy, IAM Access Analyzer
    policy validation evaluates the policy for any issues to make it easier for customers to author
    secure policies.
  * api-change:``ec2``: [``botocore``] Adding an imdsSupport attribute to EC2 AMIs
  * api-change:``snowball``: [``botocore``] Adds support for V3_5C. This is a refreshed AWS Snowball
    Edge Compute Optimized device type with 28TB SSD, 104 vCPU and 416GB memory (customer usable).
- from version 1.24.84
  * api-change:``codedeploy``: [``botocore``] This release allows you to override the alarm
    configurations when creating a deployment.
  * api-change:``devops-guru``: [``botocore``] This release adds filter feature on
    AddNotificationChannel API, enable customer to configure the SNS notification messages by Severity
    or MessageTypes
  * api-change:``dlm``: [``botocore``] This release adds support for archival of single-volume
    snapshots created by Amazon Data Lifecycle Manager policies
  * api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-runtime client to latest version
  * api-change:``sagemaker``: [``botocore``] A new parameter called ExplainerConfig is added to
    CreateEndpointConfig API to enable SageMaker Clarify online explainability feature.
  * api-change:``sso-oidc``: [``botocore``] Documentation updates for the IAM Identity Center OIDC
    CLI Reference.
- from version 1.24.83
  * api-change:``acm``: [``botocore``] This update returns additional certificate details such as
    certificate SANs and allows sorting in the ListCertificates API.
  * api-change:``ec2``: [``botocore``] u-3tb1 instances are powered by Intel Xeon Platinum 8176M
    (Skylake) processors and are purpose-built to run large in-memory databases.
  * api-change:``emr-serverless``: [``botocore``] This release adds API support to debug Amazon EMR
    Serverless jobs in real-time with live application UIs
  * api-change:``fsx``: [``botocore``] This release adds support for Amazon File Cache.
  * api-change:``migrationhuborchestrator``: [``botocore``] Introducing AWS MigrationHubOrchestrator.
    This is the first public release of AWS MigrationHubOrchestrator.
  * api-change:``polly``: [``botocore``] Added support for the new Cantonese voice - Hiujin. Hiujin
    is available as a Neural voice only.
  * api-change:``proton``: [``botocore``] This release adds an option to delete pipeline provisioning
    repositories using the UpdateAccountSettings API
  * api-change:``sagemaker``: [``botocore``] SageMaker Training Managed Warm Pools let you retain
    provisioned infrastructure to reduce latency for repetitive training workloads.
  * api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
  * api-change:``translate``: [``botocore``] This release enables customers to access control rights
    on Translate resources like Parallel Data and Custom Terminology using Tag Based Authorization.
  * api-change:``workspaces``: [``botocore``] This release includes diagnostic log uploading feature.
    If it is enabled, the log files of WorkSpaces Windows client will be sent to Amazon WorkSpaces
    automatically for troubleshooting. You can use modifyClientProperty api to enable/disable this
    feature.
- from version 1.24.82
  * api-change:``ce``: [``botocore``] This release is to support retroactive Cost Categories. The new
    field will enable you to retroactively apply new and existing cost category rules to previous
    months.
  * api-change:``kendra``: [``botocore``] My AWS Service (placeholder) - Amazon Kendra now provides a
    data source connector for DropBox. For more information, see
    https://docs.aws.amazon.com/kendra/latest/dg/data-source-dropbox.html
  * api-change:``location``: [``botocore``] This release adds place IDs, which are unique identifiers
    of places, along with a new GetPlace operation, which can be used with place IDs to find a place
    again later. UnitNumber and UnitType are also added as new properties of places.
- from version 1.24.81
  * api-change:``cur``: [``botocore``] This release adds two new support
    regions(me-central-1/eu-south-2) for OSG.
  * api-change:``iotfleetwise``: [``botocore``] General availability (GA) for AWS IoT Fleetwise. It
    adds AWS IoT Fleetwise to AWS SDK. For more information, see
    https://docs.aws.amazon.com/iot-fleetwise/latest/APIReference/Welcome.html.
  * api-change:``ssm``: [``botocore``] This release includes support for applying a CloudWatch alarm
    to Systems Manager capabilities like Automation, Run Command, State Manager, and Maintenance
    Windows.
- from version 1.24.80
  * api-change:``apprunner``: [``botocore``] AWS App Runner adds a Node.js 16 runtime.
  * api-change:``ec2``: [``botocore``] Letting external AWS customers provide ImageId as a Launch
    Template override in FleetLaunchTemplateOverridesRequest
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
  * api-change:``lightsail``: [``botocore``] This release adds Instance Metadata Service (IMDS)
    support for Lightsail instances.
  * api-change:``nimble``: [``botocore``] Amazon Nimble Studio adds support for on-demand Amazon
    Elastic Compute Cloud (EC2) G3 and G5 instances, allowing customers to utilize additional GPU
    instance types for their creative projects.
  * api-change:``ssm``: [``botocore``] This release adds new SSM document types
    ConformancePackTemplate and CloudFormation
  * api-change:``wafv2``: [``botocore``] Add the default specification for ResourceType in
    ListResourcesForWebACL.
- from version 1.24.79
  * api-change:``backup-gateway``: [``botocore``] Changes include: new GetVirtualMachineApi to fetch
    a single user's VM, improving ListVirtualMachines to fetch filtered VMs as well as all VMs, and
    improving GetGatewayApi to now also return the gateway's MaintenanceStartTime.
  * api-change:``devicefarm``: [``botocore``] This release adds the support for VPC-ENI based
    connectivity for private devices on AWS Device Farm.
  * api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
  * api-change:``glue``: [``botocore``] Added support for S3 Event Notifications for Catalog Target
    Crawlers.
  * api-change:``identitystore``: [``botocore``] Documentation updates for the Identity Store CLI
    Reference.
- from version 1.24.78
  * api-change:``comprehend``: [``botocore``] Amazon Comprehend now supports synchronous mode for
    targeted sentiment API operations.
  * api-change:``s3control``: [``botocore``] S3 on Outposts launches support for object versioning
    for Outposts buckets. With S3 Versioning, you can preserve, retrieve, and restore every version of
    every object stored in your buckets. You can recover from both unintended user actions and
    application failures.
  * api-change:``sagemaker``: [``botocore``] SageMaker now allows customization on Canvas Application
    settings, including enabling/disabling time-series forecasting and specifying an Amazon Forecast
    execution role at both the Domain and UserProfile levels.
- from version 1.24.77
  * api-change:``ec2``: [``botocore``] This release adds support for blocked paths to Amazon VPC
    Reachability Analyzer.
- Update BuildRequires and Requires from setup.py

- Update to version 1.24.76
  * api-change:``cloudtrail``: [``botocore``] This release includes support for importing existing
    trails into CloudTrail Lake.
  * api-change:``ec2``: [``botocore``] This release adds CapacityAllocations field to
    DescribeCapacityReservations
  * api-change:``mediaconnect``: [``botocore``] This change allows the customer to use the SRT Caller
    protocol as part of their flows
  * api-change:``rds``: [``botocore``] This release adds support for Amazon RDS Proxy with SQL Server
    compatibility.
- from version 1.24.75
  * api-change:``codestar-notifications``: [``botocore``] This release adds tag based access control
    for the UntagResource API.
  * api-change:``ecs``: [``botocore``] This release supports new task definition sizes.
- from version 1.24.74
  * api-change:``dynamodb``: [``botocore``] Increased DynamoDB transaction limit from 25 to 100.
  * api-change:``ec2``: [``botocore``] This feature allows customers to create tags for
    vpc-endpoint-connections and vpc-endpoint-service-permissions.
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Automatic Model Tuning now supports
    specifying Hyperband strategy for tuning jobs, which uses a multi-fidelity based tuning strategy to
    stop underperforming hyperparameter configurations early.
- from version 1.24.73
  * api-change:``amplifyuibuilder``: [``botocore``] Amplify Studio UIBuilder is introducing forms
    functionality. Forms can be configured from Data Store models, JSON, or from scratch. These forms
    can then be generated in your project and used like any other React components.
  * api-change:``ec2``: [``botocore``] This update introduces API operations to manage and create
    local gateway route tables, CoIP pools, and VIF group associations.
- Update BuildRequires and Requires from setup.py

- Update to version 1.24.72
  * api-change:``customer-profiles``: [``botocore``] Added isUnstructured in response for Customer
    Profiles Integration APIs
  * api-change:``drs``: [``botocore``] Fixed the data type of lagDuration that is returned in
    Describe Source Server API
  * api-change:``ec2``: [``botocore``] Two new features for local gateway route tables: support for
    static routes targeting Elastic Network Interfaces and direct VPC routing.
  * api-change:``evidently``: [``botocore``] This release adds support for the client-side evaluation
  - powered by AWS AppConfig feature.
  * api-change:``kendra``: [``botocore``] This release enables our customer to choose the option of
    Sharepoint 2019 for the on-premise Sharepoint connector.
  * api-change:``transfer``: [``botocore``] This release introduces the ability to have multiple
    server host keys for any of your Transfer Family servers that use the SFTP protocol.
- from version 1.24.71
  * api-change:``eks``: [``botocore``] Adding support for local Amazon EKS clusters on Outposts
- from version 1.24.70
  * api-change:``cloudtrail``: [``botocore``] This release adds CloudTrail getChannel and
    listChannels APIs to allow customer to view the ServiceLinkedChannel configurations.
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
  * api-change:``lexv2-runtime``: [``botocore``] Update lexv2-runtime client to latest version
  * api-change:``pi``: [``botocore``] Increases the maximum values of two RDS Performance Insights
    APIs. The maximum value of the Limit parameter of DimensionGroup is 25. The MaxResult maximum is
    now 25 for the following APIs: DescribeDimensionKeys, GetResourceMetrics,
    ListAvailableResourceDimensions, and ListAvailableResourceMetrics.
  * api-change:``redshift``: [``botocore``] This release updates documentation for AQUA features and
    other description updates.
- from version 1.24.69
  * api-change:``ec2``: [``botocore``] This release adds support to send VPC Flow Logs to
    kinesis-data-firehose as new destination type
  * api-change:``emr-containers``: [``botocore``] EMR on EKS now allows running Spark SQL using the
    newly introduced Spark SQL Job Driver in the Start Job Run API
  * api-change:``lookoutmetrics``: [``botocore``] Release dimension value filtering feature to allow
    customers to define dimension filters for including only a subset of their dataset to be used by
    LookoutMetrics.
  * api-change:``medialive``: [``botocore``] This change exposes API settings which allow Dolby Atmos
    and Dolby Vision to be used when running a channel using Elemental Media Live
  * api-change:``route53``: [``botocore``] Amazon Route 53 now supports the Middle East (UAE) Region
    (me-central-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
    region.
  * api-change:``sagemaker``: [``botocore``] This release adds Mode to AutoMLJobConfig.
  * api-change:``ssm``: [``botocore``] This release adds support for Systems Manager State Manager
    Association tagging.
- from version 1.24.68
  * api-change:``dataexchange``: [``botocore``] Documentation updates for AWS Data Exchange.
  * api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
  * api-change:``eks``: [``botocore``] Adds support for EKS Addons ResolveConflicts "preserve" flag.
    Also adds new update failed status for EKS Addons.
  * api-change:``fsx``: [``botocore``] Documentation update for Amazon FSx.
  * api-change:``inspector2``: [``botocore``] This release adds new fields like fixAvailable,
    fixedInVersion and remediation to the finding model. The requirement to have vulnerablePackages in
    the finding model has also been removed. The documentation has been updated to reflect these
    changes.
  * api-change:``iotsitewise``: [``botocore``] Allow specifying units in Asset Properties
  * api-change:``sagemaker``: [``botocore``] SageMaker Hosting now allows customization on ML
    instance storage volume size, model data download timeout and inference container startup ping
    health check timeout for each ProductionVariant in CreateEndpointConfig API.
  * api-change:``sns``: [``botocore``] Amazon SNS introduces the Data Protection Policy APIs, which
    enable customers to attach a data protection policy to an SNS topic. This allows topic owners to
    enable the new message data protection feature to audit and block sensitive data that is exchanged
    through their topics.
- from version 1.24.67
  * api-change:``identitystore``: [``botocore``] Documentation updates for the Identity Store CLI
    Reference.
  * api-change:``sagemaker``: [``botocore``] This release adds HyperParameterTuningJob type in Search
    API.
- from version 1.24.66
  * api-change:``cognito-idp``: [``botocore``] This release adds a new "AuthSessionValidity" field to
    the UserPoolClient in Cognito. Application admins can configure this value for their users'
    authentication duration, which is currently fixed at 3 minutes, up to 15 minutes. Setting this
    field will also apply to the SMS MFA authentication flow.
  * api-change:``connect``: [``botocore``] This release adds search APIs for Routing Profiles and
    Queues, which can be used to search for those resources within a Connect Instance.
  * api-change:``mediapackage``: [``botocore``] Added support for AES_CTR encryption to CMAF origin
    endpoints
  * api-change:``sagemaker``: [``botocore``] This release enables administrators to attribute user
    activity and API calls from Studio notebooks, Data Wrangler and Canvas to specific users even when
    users share the same execution IAM role.  ExecutionRoleIdentityConfig at Sagemaker domain level
    enables this feature.
- from version 1.24.65
  * api-change:``codeguru-reviewer``: [``botocore``] Documentation updates to fix formatting issues
    in CLI and SDK documentation.
  * api-change:``controltower``: [``botocore``] This release contains the first SDK for AWS Control
    Tower. It introduces  a new set of APIs: EnableControl, DisableControl, GetControlOperation, and
    ListEnabledControls.
  * api-change:``route53``: [``botocore``] Documentation updates for Amazon Route 53.
- Update BuildRequires and Requires from setup.py

- Update to version 1.24.64
  * api-change:``cloudfront``: [``botocore``] Update API documentation for CloudFront origin access
    control (OAC)
  * api-change:``identitystore``: [``botocore``] Expand IdentityStore API to support Create, Read,
    Update, Delete and Get operations for User, Group and GroupMembership resources.
  * api-change:``iotthingsgraph``: [``botocore``] This release deprecates all APIs of the ThingsGraph
    service
  * api-change:``ivs``: [``botocore``] IVS Merge Fragmented Streams. This release adds support for
    recordingReconnectWindow field in IVS recordingConfigurations. For more information see
    https://docs.aws.amazon.com/ivs/latest/APIReference/Welcome.html
  * api-change:``rds-data``: [``botocore``] Documentation updates for RDS Data API
  * api-change:``sagemaker``: [``botocore``] SageMaker Inference Recommender now accepts Inference
    Recommender fields: Domain, Task, Framework, SamplePayloadUrl, SupportedContentTypes,
    SupportedInstanceTypes, directly in our CreateInferenceRecommendationsJob API through
    ContainerConfig
- from version 1.24.63
  * enhancement:Endpoints: [``botocore``] Deprecate SSL common name
  * api-change:``greengrassv2``: [``botocore``] Adds topologyFilter to ListInstalledComponentsRequest
    which allows filtration of components by ROOT or ALL (including root and dependency components).
    Adds lastStatusChangeTimestamp to ListInstalledComponents response to show the last time a
    component changed state on a device.
  * api-change:``identitystore``: [``botocore``] Documentation updates for the Identity Store CLI
    Reference.
  * api-change:``lookoutequipment``: [``botocore``] This release adds new apis for providing labels.
  * api-change:``macie2``: [``botocore``] This release of the Amazon Macie API adds support for using
    allow lists to define specific text and text patterns to ignore when inspecting data sources for
    sensitive data.
  * api-change:``sso-admin``: [``botocore``] Documentation updates for the AWS IAM Identity Center
    CLI Reference.
  * api-change:``sso``: [``botocore``] Documentation updates for the AWS IAM Identity Center Portal
    CLI Reference.
- from version 1.24.62
  * api-change:``fsx``: [``botocore``] Documentation updates for Amazon FSx for NetApp ONTAP.
  * api-change:``voice-id``: [``botocore``] Amazon Connect Voice ID now detects voice spoofing.  When
    a prospective fraudster tries to spoof caller audio using audio playback or synthesized speech,
    Voice ID will return a risk score and outcome to indicate the how likely it is that the voice is
    spoofed.
- from version 1.24.61
  * api-change:``mediapackage``: [``botocore``] This release adds Ads AdTriggers and
    AdsOnDeliveryRestrictions to describe calls for CMAF endpoints on MediaPackage.
  * api-change:``rds``: [``botocore``] Removes support for RDS Custom from DBInstanceClass in
    ModifyDBInstance
- Update BuildRequires and Requires from setup.py

- Update to version 1.24.60
  * enhancement:Identity: [``botocore``] TokenProvider added for bearer auth support
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
  * api-change:``gamelift``: [``botocore``] This release adds support for eight EC2 local zones as
    fleet locations; Atlanta, Chicago, Dallas, Denver, Houston, Kansas City (us-east-1-mci-1a), Los
    Angeles, and Phoenix. It also adds support for C5d, C6a, C6i, and R5d EC2 instance families.
  * api-change:``iotwireless``: [``botocore``] This release includes a new feature for the customers
    to enable the LoRa gateways to send out beacons for Class B devices and an option to select one or
    more gateways for Class C devices when sending the LoRaWAN downlink messages.
  * api-change:``ivschat``: [``botocore``] Documentation change for IVS Chat API Reference. Doc-only
    update to add a paragraph on ARNs to the Welcome section.
  * api-change:``panorama``: [``botocore``] Support sorting and filtering in ListDevices API, and add
    more fields to device listings and single device detail
  * api-change:``sso-oidc``: [``botocore``] Updated required request parameters on IAM Identity
    Center's OIDC CreateToken action.
- from version 1.24.59
  * api-change:``cloudfront``: [``botocore``] Adds support for CloudFront origin access control
    (OAC), making it possible to restrict public access to S3 bucket origins in all AWS Regions, those
    with SSE-KMS, and more.
  * api-change:``config``: [``botocore``] AWS Config now supports ConformancePackTemplate documents
    in SSM Docs for the deployment and update of conformance packs.
  * api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management
    (IAM).
  * api-change:``ivs``: [``botocore``] Documentation Change for IVS API Reference - Doc-only update
    to type field description for CreateChannel and UpdateChannel actions and for Channel data type.
    Also added Amazon Resource Names (ARNs) paragraph to Welcome section.
  * api-change:``quicksight``: [``botocore``] Added a new optional property DashboardVisual under
    ExperienceConfiguration parameter of GenerateEmbedUrlForAnonymousUser and
    GenerateEmbedUrlForRegisteredUser API operations. This supports embedding of specific visuals in
    QuickSight dashboards.
  * api-change:``transfer``: [``botocore``] Documentation updates for AWS Transfer Family
- from version 1.24.58
  * api-change:``rds``: [``botocore``] RDS for Oracle supports Oracle Data Guard switchover and read
    replica backups.
  * api-change:``sso-admin``: [``botocore``] Documentation updates to reflect service rename - AWS
    IAM Identity Center (successor to AWS Single Sign-On)
- from version 1.24.57
  * api-change:``docdb``: [``botocore``] Update document for volume clone
  * api-change:``ec2``: [``botocore``] R6a instances are powered by 3rd generation AMD EPYC (Milan)
    processors delivering all-core turbo frequency of 3.6 GHz. C6id, M6id, and R6id instances are
    powered by 3rd generation Intel Xeon Scalable processor (Ice Lake) delivering all-core turbo
    frequency of 3.5 GHz.
  * api-change:``forecast``: [``botocore``] releasing What-If Analysis APIs and update ARN regex
    pattern to be more strict in accordance with security recommendation
  * api-change:``forecastquery``: [``botocore``] releasing What-If Analysis APIs
  * api-change:``iotsitewise``: [``botocore``] Enable non-unique asset names under different
    hierarchies
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
  * api-change:``securityhub``: [``botocore``] Added new resource details objects to ASFF, including
    resources for AwsBackupBackupVault, AwsBackupBackupPlan and AwsBackupRecoveryPoint. Added
    FixAvailable, FixedInVersion and Remediation  to Vulnerability.
  * api-change:``support-app``: [``botocore``] This is the initial SDK release for the AWS Support
    App in Slack.
- from version 1.24.56
  * api-change:``connect``: [``botocore``] This release adds SearchSecurityProfiles API which can be
    used to search for Security Profile resources within a Connect Instance.
  * api-change:``ivschat``: [``botocore``] Documentation Change for IVS Chat API Reference - Doc-only
    update to change text/description for tags field.
  * api-change:``kendra``: [``botocore``] This release adds support for a new authentication type -
    Personal Access Token (PAT) for confluence server.
  * api-change:``lookoutmetrics``: [``botocore``] This release is to make GetDataQualityMetrics API
    publicly available.
- Update BuildRequires and Requires from setup.py

- Update to version 1.24.55
  * api-change:``chime-sdk-media-pipelines``: [``botocore``] The Amazon Chime SDK now supports live
    streaming of real-time video from the Amazon Chime SDK sessions to streaming platforms such as
    Amazon IVS and Amazon Elemental MediaLive. We have also added support for concatenation to create a
    single media capture file.
  * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
  * api-change:``cognito-idp``: [``botocore``] This change is being made simply to fix the public
    documentation based on the models. We have included the PasswordChange and ResendCode events, along
    with the Pass, Fail and InProgress status. We have removed the Success and Failure status which are
    never returned by our APIs.
  * api-change:``dynamodb``: [``botocore``] This release adds support for importing data from S3 into
    a new DynamoDB table
  * api-change:``ec2``: [``botocore``] This release adds support for VPN log options , a new feature
    allowing S2S VPN connections to send IKE activity logs to CloudWatch Logs
  * api-change:``networkmanager``: [``botocore``] Add TransitGatewayPeeringAttachmentId property to
    TransitGatewayPeering Model
- from version 1.24.54
  * api-change:``appmesh``: [``botocore``] AWS App Mesh release to support Multiple Listener and
    Access Log Format feature
  * api-change:``connectcampaigns``: [``botocore``] Updated exceptions for Amazon Connect Outbound
    Campaign api's.
  * api-change:``kendra``: [``botocore``] This release adds Zendesk connector (which allows you to
    specify Zendesk SAAS platform as data source), Proxy Support for Sharepoint and Confluence Server
    (which allows you to specify the proxy configuration if proxy is required to connect to your
    Sharepoint/Confluence Server as data source).
  * api-change:``lakeformation``: [``botocore``] This release adds a new API support
    "AssumeDecoratedRoleWithSAML" and also release updates the corresponding documentation.
  * api-change:``lambda``: [``botocore``] Added support for customization of Consumer Group ID for
    MSK and Kafka Event Source Mappings.
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
  * api-change:``rds``: [``botocore``] Adds support for Internet Protocol Version 6 (IPv6) for RDS
    Aurora database clusters.
  * api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager.
- from version 1.24.53
  * api-change:``rekognition``: [``botocore``] This release adds APIs which support copying an Amazon
    Rekognition Custom Labels model and managing project policies across AWS account.
  * api-change:``servicecatalog``: [``botocore``] Documentation updates for Service Catalog
- from version 1.24.52
  * enhancement:AWSCRT: [``botocore``] Upgrade awscrt version to 0.14.0
  * api-change:``cloudfront``: [``botocore``] Adds Http 3 support to distributions
  * api-change:``identitystore``: [``botocore``] Documentation updates to reflect service rename -
    AWS IAM Identity Center (successor to AWS Single Sign-On)
  * api-change:``sso``: [``botocore``] Documentation updates to reflect service rename - AWS IAM
    Identity Center (successor to AWS Single Sign-On)
  * api-change:``wisdom``: [``botocore``] This release introduces a new API PutFeedback that allows
    submitting feedback to Wisdom on content relevance.
- from version 1.24.51
  * api-change:``amp``: [``botocore``] This release adds log APIs that allow customers to manage
    logging for their Amazon Managed Service for Prometheus workspaces.
  * api-change:``chime-sdk-messaging``: [``botocore``] The Amazon Chime SDK now supports channels
    with up to one million participants with elastic channels.
  * api-change:``ivs``: [``botocore``] Updates various list api MaxResults ranges
  * api-change:``personalize-runtime``: [``botocore``] This release provides support for promotions
    in AWS Personalize runtime.
  * api-change:``rds``: [``botocore``] Adds support for RDS Custom to DBInstanceClass in
    ModifyDBInstance
- from version 1.24.50
  * api-change:``backupstorage``: [``botocore``] This is the first public release of AWS Backup
    Storage. We are exposing some previously-internal APIs for use by external services. These APIs are
    not meant to be used directly by customers.
  * api-change:``glue``: [``botocore``] Add support for Python 3.9 AWS Glue Python Shell jobs
  * api-change:``privatenetworks``: [``botocore``] This is the initial SDK release for AWS Private
    5G. AWS Private 5G is a managed service that makes it easy to deploy, operate, and scale your own
    private mobile network at your on-premises location.
- from version 1.24.49
  * api-change:``dlm``: [``botocore``] This release adds support for excluding specific data
    (non-boot) volumes from multi-volume snapshot sets created by snapshot lifecycle policies
  * api-change:``ec2``: [``botocore``] This release adds support for excluding specific data
    (non-root) volumes from multi-volume snapshot sets created from instances.
- from version 1.24.48
  * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
  * api-change:``location``: [``botocore``] Amazon Location Service now allows circular geofences in
    BatchPutGeofence, PutGeofence, and GetGeofence  APIs.
  * api-change:``sagemaker-a2i-runtime``: [``botocore``] Fix bug with parsing ISO-8601 CreationTime
    in Java SDK in DescribeHumanLoop
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Automatic Model Tuning now supports
    specifying multiple alternate EC2 instance types to make tuning jobs more robust when the preferred
    instance type is not available due to insufficient capacity.
- from version 1.24.47
  * api-change:``glue``: [``botocore``] Add an option to run non-urgent or non-time sensitive Glue
    Jobs on spare capacity
  * api-change:``identitystore``: [``botocore``] Documentation updates to reflect service rename -
    AWS IAM Identity Center (successor to AWS Single Sign-On)
  * api-change:``iotwireless``: [``botocore``] AWS IoT Wireless release support for sidewalk data
    reliability.
  * api-change:``pinpoint``: [``botocore``] Adds support for Advance Quiet Time in Journeys. Adds
    RefreshOnSegmentUpdate and WaitForQuietTime to JourneyResponse.
  * api-change:``quicksight``: [``botocore``] A series of documentation updates to the QuickSight API
    reference.
  * api-change:``sso-admin``: [``botocore``] Documentation updates to reflect service rename - AWS
    IAM Identity Center (successor to AWS Single Sign-On)
  * api-change:``sso-oidc``: [``botocore``] Documentation updates to reflect service rename - AWS IAM
    Identity Center (successor to AWS Single Sign-On)
  * api-change:``sso``: [``botocore``] Documentation updates to reflect service rename - AWS IAM
    Identity Center (successor to AWS Single Sign-On)
- from version 1.24.46
  * enhancement:Lambda: [``botocore``] Add support for Trace ID in Lambda environments
  * api-change:``chime-sdk-meetings``: [``botocore``] Adds support for Tags on Amazon Chime SDK
    WebRTC sessions
  * api-change:``config``: [``botocore``] Add resourceType enums for Athena, GlobalAccelerator,
    Detective and EC2 types
  * api-change:``dms``: [``botocore``] Documentation updates for Database Migration Service (DMS).
  * api-change:``iot``: [``botocore``] The release is to support attach a provisioning template to
    CACert for JITP function,  Customer now doesn't have to hardcode a roleArn and templateBody during
    register a CACert to enable JITP.
- Update BuildRequires and Requires from setup.py

- Update to version 1.24.45
  * api-change:``cognito-idp``: [``botocore``] Add a new exception type, ForbiddenException, that is
    returned when request is not allowed
  * api-change:``wafv2``: [``botocore``] You can now associate an AWS WAF web ACL with an Amazon
    Cognito user pool.
- from version 1.24.44
  * api-change:``license-manager-user-subscriptions``: [``botocore``] This release supports user
    based subscription for Microsoft Visual Studio Professional and Enterprise on EC2.
  * api-change:``personalize``: [``botocore``] This release adds support for incremental bulk
    ingestion for the Personalize CreateDatasetImportJob API.
- from version 1.24.43
  * api-change:``config``: [``botocore``] Documentation update for PutConfigRule and
    PutOrganizationConfigRule
  * api-change:``workspaces``: [``botocore``] This release introduces ModifySamlProperties, a new API
    that allows control of SAML properties associated with a WorkSpaces directory. The
    DescribeWorkspaceDirectories API will now additionally return SAML properties in its responses.
- from version 1.24.42
  * bugfix:TraceId: [``botocore``] Rollback bugfix for obeying _X_AMZN_TRACE_ID env var
- from version 1.24.41
  * bugfix:Config: [``botocore``] Obey _X_AMZN_TRACE_ID environment variable instead of
    _X_AMZ_TRACE_ID
  * api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
  * api-change:``fsx``: [``botocore``] Documentation updates for Amazon FSx
  * api-change:``shield``: [``botocore``] AWS Shield Advanced now supports filtering for
    ListProtections and ListProtectionGroups.
- from version 1.24.40
  * api-change:``ec2``: [``botocore``] Documentation updates for VM Import/Export.
  * api-change:``es``: [``botocore``] This release adds support for gp3 EBS (Elastic Block Store)
    storage.
  * api-change:``lookoutvision``: [``botocore``] This release introduces support for image
    segmentation models and updates CPU accelerator options for models hosted on edge devices.
  * api-change:``opensearch``: [``botocore``] This release adds support for gp3 EBS (Elastic Block
    Store) storage.
- from version 1.24.39
  * api-change:``auditmanager``: [``botocore``] This release adds an exceeded quota exception to
    several APIs. We added a ServiceQuotaExceededException for the following operations:
    CreateAssessment, CreateControl, CreateAssessmentFramework, and UpdateAssessmentStatus.
  * api-change:``chime``: [``botocore``] Chime VoiceConnector will now support ValidateE911Address
    which will allow customers to prevalidate their addresses included in their SIP invites for
    emergency calling
  * api-change:``config``: [``botocore``] This release adds ListConformancePackComplianceScores API
    to support the new compliance score feature, which provides a percentage of the number of compliant
    rule-resource combinations in a conformance pack compared to the number of total possible
    rule-resource combinations in the conformance pack.
  * api-change:``globalaccelerator``: [``botocore``] Global Accelerator now supports dual-stack
    accelerators, enabling support for IPv4 and IPv6 traffic.
  * api-change:``marketplace-catalog``: [``botocore``] The SDK for the StartChangeSet API will now
    automatically set and use an idempotency token in the ClientRequestToken request parameter if the
    customer does not provide it.
  * api-change:``polly``: [``botocore``] Amazon Polly adds new English and Hindi voice - Kajal. Kajal
    is available as Neural voice only.
  * api-change:``ssm``: [``botocore``] Adding doc updates for OpsCenter support in Service Setting
    actions.
  * api-change:``workspaces``: [``botocore``] Added CreateWorkspaceImage API to create a new
    WorkSpace image from an existing WorkSpace.
- from version 1.24.38
  * api-change:``appsync``: [``botocore``] Adds support for a new API to evaluate mapping templates
    with mock data, allowing you to remotely unit test your AppSync resolvers and functions.
  * api-change:``detective``: [``botocore``] Added the ability to get data source package information
    for the behavior graph. Graph administrators can now start (or stop) optional datasources on the
    behavior graph.
  * api-change:``guardduty``: [``botocore``] Amazon GuardDuty introduces a new Malware Protection
    feature that triggers malware scan on selected EC2 instance resources, after the service detects a
    potentially malicious activity.
  * api-change:``lookoutvision``: [``botocore``] This release introduces support for the automatic
    scaling of inference units used by Amazon Lookout for Vision models.
  * api-change:``macie2``: [``botocore``] This release adds support for retrieving (revealing) sample
    occurrences of sensitive data that Amazon Macie detects and reports in findings.
  * api-change:``rds``: [``botocore``] Adds support for using RDS Proxies with RDS for MariaDB
    databases.
  * api-change:``rekognition``: [``botocore``] This release introduces support for the automatic
    scaling of inference units used by Amazon Rekognition Custom Labels models.
  * api-change:``securityhub``: [``botocore``] Documentation updates for AWS Security Hub
  * api-change:``transfer``: [``botocore``] AWS Transfer Family now supports Applicability Statement
    2 (AS2), a network protocol used for the secure and reliable transfer of critical
    Business-to-Business (B2B) data over the public internet using HTTP/HTTPS as the transport
    mechanism.
- Update BuildRequires and Requires from setup.py

- Update to version 1.24.37
  * api-change:``autoscaling``: [``botocore``] Documentation update for Amazon EC2 Auto Scaling.
- from version 1.24.36
  * api-change:``account``: [``botocore``] This release enables customers to manage the primary
    contact information for their AWS accounts. For more information, see
    https://docs.aws.amazon.com/accounts/latest/reference/API_Operations.html
  * api-change:``ec2``: [``botocore``] Added support for EC2 M1 Mac instances. For more information,
    please visit aws.amazon.com/mac.
  * api-change:``iotdeviceadvisor``: [``botocore``] Added new service feature (Early access only) -
    Long Duration Test, where customers can test the IoT device to observe how it behaves when the
    device is in operation for longer period.
  * api-change:``medialive``: [``botocore``] Link devices now support remote rebooting. Link devices
    now support maintenance windows. Maintenance windows allow a Link device to install software
    updates without stopping the MediaLive channel. The channel will experience a brief loss of input
    from the device while updates are installed.
  * api-change:``rds``: [``botocore``] This release adds the "ModifyActivityStream" API with support
    for audit policy state locking and unlocking.
  * api-change:``transcribe``: [``botocore``] Remove unsupported language codes for
    StartTranscriptionJob and update VocabularyFileUri for UpdateMedicalVocabulary
- from version 1.24.35
  * api-change:``athena``: [``botocore``] This feature allows customers to retrieve runtime
    statistics for completed queries
  * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
  * api-change:``dms``: [``botocore``] Documentation updates for Database Migration Service (DMS).
  * api-change:``docdb``: [``botocore``] Enable copy-on-write restore type
  * api-change:``ec2-instance-connect``: [``botocore``] This release includes a new exception type
    "EC2InstanceUnavailableException" for SendSSHPublicKey and SendSerialConsoleSSHPublicKey APIs.
  * api-change:``frauddetector``: [``botocore``] The release introduces Account Takeover Insights
    (ATI) model. The ATI model detects fraud relating to account takeover. This release also adds
    support for new variable types: ARE_CREDENTIALS_VALID and SESSION_ID and adds new structures to
    Model Version APIs.
  * api-change:``iotsitewise``: [``botocore``] Added asynchronous API to ingest bulk historical and
    current data into IoT SiteWise.
  * api-change:``kendra``: [``botocore``] Amazon Kendra now provides Oauth2 support for SharePoint
    Online. For more information, see
    https://docs.aws.amazon.com/kendra/latest/dg/data-source-sharepoint.html
  * api-change:``network-firewall``: [``botocore``] Network Firewall now supports referencing dynamic
    IP sets from stateful rule groups, for IP sets stored in Amazon VPC prefix lists.
  * api-change:``rds``: [``botocore``] Adds support for creating an RDS Proxy for an RDS for MariaDB
    database.
- from version 1.24.34
  * api-change:``acm-pca``: [``botocore``] AWS Certificate Manager (ACM) Private Certificate
    Authority (PCA) documentation updates
  * api-change:``iot``: [``botocore``] GA release the ability to enable/disable IoT Fleet Indexing
    for Device Defender and Named Shadow information, and search them through IoT Fleet Indexing APIs.
    This includes Named Shadow Selection as a part of the UpdateIndexingConfiguration API.
- from version 1.24.33
  * api-change:``devops-guru``: [``botocore``] Added new APIs for log anomaly detection feature.
  * api-change:``glue``: [``botocore``] Documentation updates for AWS Glue Job Timeout and Autoscaling
  * api-change:``sagemaker-edge``: [``botocore``] Amazon SageMaker Edge Manager provides lightweight
    model deployment feature to deploy machine learning models on requested devices.
  * api-change:``sagemaker``: [``botocore``] Fixed an issue with cross account QueryLineage
  * api-change:``workspaces``: [``botocore``] Increased the character limit of the login message from
    850 to 2000 characters.
- from version 1.24.32
  * api-change:``discovery``: [``botocore``] Add AWS Agentless Collector details to the
    GetDiscoverySummary API response
  * api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
  * api-change:``elasticache``: [``botocore``] Adding AutoMinorVersionUpgrade in the
    DescribeReplicationGroups API
  * api-change:``kms``: [``botocore``] Added support for the SM2 KeySpec in China Partition Regions
  * api-change:``mediapackage``: [``botocore``] This release adds "IncludeIframeOnlyStream" for Dash
    endpoints and increases the number of supported video and audio encryption presets for Speke v2
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Edge Manager provides lightweight model
    deployment feature to deploy machine learning models on requested devices.
  * api-change:``sso-admin``: [``botocore``] AWS SSO now supports attaching customer managed policies
    and a permissions boundary to your permission sets. This release adds new API operations to manage
    and view the customer managed policies and the permissions boundary for a given permission set.
- from version 1.24.31
  * api-change:``datasync``: [``botocore``] Documentation updates for AWS DataSync regarding
    configuring Amazon FSx for ONTAP location security groups and SMB user permissions.
  * api-change:``drs``: [``botocore``] Changed existing APIs to allow choosing a dynamic volume type
    for replicating volumes, to reduce costs for customers.
  * api-change:``evidently``: [``botocore``] This release adds support for the new segmentation
    feature.
  * api-change:``wafv2``: [``botocore``] This SDK release provide customers ability to add
    sensitivity level for WAF SQLI Match Statements.
- Update BuildRequires and Requires from setup.py

- Update to version 1.24.30
  * api-change:``athena``: [``botocore``] This release updates data types that contain either
    QueryExecutionId, NamedQueryId or ExpectedBucketOwner. Ids must be between 1 and 128 characters and
    contain only non-whitespace characters. ExpectedBucketOwner must be 12-digit string.
  * api-change:``codeartifact``: [``botocore``] This release introduces Package Origin Controls, a
    mechanism used to counteract Dependency Confusion attacks. Adds two new APIs,
    PutPackageOriginConfiguration and DescribePackage, and updates the ListPackage,
    DescribePackageVersion and ListPackageVersion APIs in support of the feature.
  * api-change:``config``: [``botocore``] Update ResourceType enum with values for Route53Resolver,
    Batch, DMS, Workspaces, Stepfunctions, SageMaker, ElasticLoadBalancingV2, MSK types
  * api-change:``ec2``: [``botocore``] This release adds flow logs for Transit Gateway to  allow
    customers to gain deeper visibility and insights into network traffic through their Transit
    Gateways.
  * api-change:``fms``: [``botocore``] Adds support for strict ordering in stateful rule groups in
    Network Firewall policies.
  * api-change:``glue``: [``botocore``] This release adds an additional worker type for Glue
    Streaming jobs.
  * api-change:``inspector2``: [``botocore``] This release adds support for Inspector V2 scan
    configurations through the get and update configuration APIs. Currently this allows configuring ECR
    automated re-scan duration to lifetime or 180 days or 30 days.
  * api-change:``kendra``: [``botocore``] This release adds AccessControlConfigurations which allow
    you to redefine your document level access control without the need for content re-indexing.
  * api-change:``nimble``: [``botocore``] Amazon Nimble Studio adds support for IAM-based access to
    AWS resources for Nimble Studio components and custom studio components. Studio Component scripts
    use these roles on Nimble Studio workstation to mount filesystems, access S3 buckets, or other
    configured resources in the Studio's AWS account
  * api-change:``outposts``: [``botocore``] This release adds the ShipmentInformation and
    AssetInformationList fields to the GetOrder API response.
  * api-change:``sagemaker``: [``botocore``] This release adds support for G5, P4d, and C6i instance
    types in Amazon SageMaker Inference and increases the number of hyperparameters that can be
    searched from 20 to 30 in Amazon SageMaker Automatic Model Tuning
- from version 1.24.29
  * api-change:``appconfig``: [``botocore``] Adding Create, Get, Update, Delete, and List APIs for
    new two new resources: Extensions and ExtensionAssociations.
- from version 1.24.28
  * api-change:``networkmanager``: [``botocore``] This release adds general availability API support
    for AWS Cloud WAN.
- from version 1.24.27
  * api-change:``ec2``: [``botocore``] Build, manage, and monitor a unified global network that
    connects resources running across your cloud and on-premises environments using the AWS Cloud WAN
    APIs.
  * api-change:``redshift-serverless``: [``botocore``] Removed prerelease language for GA launch.
  * api-change:``redshift``: [``botocore``] This release adds a new --snapshot-arn field for
    describe-cluster-snapshots, describe-node-configuration-options, restore-from-cluster-snapshot,
    authorize-snapshot-acsess, and revoke-snapshot-acsess APIs. It allows customers to give a Redshift
    snapshot ARN or a Redshift Serverless ARN as input.
- from version 1.24.26
  * api-change:``backup``: [``botocore``] This release adds support for authentication using IAM user
    identity instead of passed IAM role, identified by excluding the IamRoleArn field in the
    StartRestoreJob API. This feature applies to only resource clients with a destructive restore
    nature (e.g. SAP HANA).
- from version 1.24.25
  * api-change:``chime-sdk-meetings``: [``botocore``] Adds support for AppKeys and TenantIds in
    Amazon Chime SDK WebRTC sessions
  * api-change:``dms``: [``botocore``] New api to migrate event subscriptions to event bridge rules
  * api-change:``iot``: [``botocore``] This release adds support to register a CA certificate without
    having to provide a verification certificate. This also allows multiple AWS accounts to register
    the same CA in the same region.
  * api-change:``iotwireless``: [``botocore``] Adds 5 APIs: PutPositionConfiguration,
    GetPositionConfiguration, ListPositionConfigurations, UpdatePosition, GetPosition for the new
    Positioning Service feature which enables customers to configure solvers to calculate position of
    LoRaWAN devices, or specify position of LoRaWAN devices & gateways.
  * api-change:``sagemaker``: [``botocore``] Heterogeneous clusters: the ability to launch training
    jobs with multiple instance types. This enables running component of the training job on the
    instance type that is most suitable for it. e.g. doing data processing and augmentation on CPU
    instances and neural network training on GPU instances
- from version 1.24.24
  * api-change:``cloudformation``: [``botocore``] My AWS Service (placeholder) - Add a new feature
    Account-level Targeting for StackSet operation
  * api-change:``synthetics``: [``botocore``] This release introduces Group feature, which enables
    users to group cross-region canaries.
- from version 1.24.23
  * api-change:``config``: [``botocore``] Updating documentation service limits
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
  * api-change:``quicksight``: [``botocore``] This release allows customers to programmatically
    create QuickSight accounts with Enterprise and Enterprise + Q editions. It also releases
    allowlisting domains for embedding QuickSight dashboards at runtime through the embedding APIs.
  * api-change:``rds``: [``botocore``] Adds waiters support for DBCluster.
  * api-change:``rolesanywhere``: [``botocore``] IAM Roles Anywhere allows your workloads such as
    servers, containers, and applications to obtain temporary AWS credentials and use the same IAM
    roles and policies that you have configured for your AWS workloads to access AWS resources.
  * api-change:``ssm-incidents``: [``botocore``] Adds support for tagging incident-record on creation
    by providing incident tags in the template within a response-plan.
- from version 1.24.22
  * api-change:``dms``: [``botocore``] Added new features for AWS DMS version 3.4.7 that includes new
    endpoint settings for S3, OpenSearch, Postgres, SQLServer and Oracle.
  * api-change:``rds``: [``botocore``] Adds support for additional retention periods to Performance
    Insights.
- from version 1.24.21
  * api-change:``athena``: [``botocore``] This feature introduces the API support for Athena's
    parameterized query and BatchGetPreparedStatement API.
  * api-change:``customer-profiles``: [``botocore``] This release adds the optional
    MinAllowedConfidenceScoreForMerging parameter to the CreateDomain, UpdateDomain, and
    GetAutoMergingPreview APIs in Customer Profiles. This parameter is used as a threshold to influence
    the profile auto-merging step of the Identity Resolution process.
  * api-change:``emr``: [``botocore``] Update emr client to latest version
  * api-change:``glue``: [``botocore``] This release adds tag as an input of CreateDatabase
  * api-change:``kendra``: [``botocore``] Amazon Kendra now provides a data source connector for
    alfresco
  * api-change:``mwaa``: [``botocore``] Documentation updates for Amazon Managed Workflows for Apache
    Airflow.
  * api-change:``pricing``: [``botocore``] Documentation update for GetProducts Response.
  * api-change:``wellarchitected``: [``botocore``] Added support for UpdateGlobalSettings API. Added
    status filter to ListWorkloadShares and ListLensShares.
  * api-change:``workmail``: [``botocore``] This release adds support for managing user availability
    configurations in Amazon WorkMail.
- Update BuildRequires and Requires from setup.py

- Update to version 1.24.20
  * api-change:``appstream``: [``botocore``] Includes support for StreamingExperienceSettings in
    CreateStack and UpdateStack APIs
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
  * api-change:``emr``: [``botocore``] Update emr client to latest version
  * api-change:``medialive``: [``botocore``] This release adds support for automatic renewal of
    MediaLive reservations at the end of each reservation term. Automatic renewal is optional. This
    release also adds support for labelling accessibility-focused audio and caption tracks in HLS
    outputs.
  * api-change:``redshift-serverless``: [``botocore``] Add new API operations for Amazon Redshift
    Serverless, a new way of using Amazon Redshift without needing to manually manage provisioned
    clusters. The new operations let you interact with Redshift Serverless resources, such as create
    snapshots, list VPC endpoints, delete resource policies, and more.
  * api-change:``sagemaker``: [``botocore``] This release adds: UpdateFeatureGroup,
    UpdateFeatureMetadata, DescribeFeatureMetadata APIs; FeatureMetadata type in Search API;
    LastModifiedTime, LastUpdateStatus, OnlineStoreTotalSizeBytes in DescribeFeatureGroup API.
  * api-change:``translate``: [``botocore``] Added ListLanguages API which can be used to list the
    languages supported by Translate.
- from version 1.24.19
  * api-change:``datasync``: [``botocore``] AWS DataSync now supports Amazon FSx for NetApp ONTAP
    locations.
  * api-change:``ec2``: [``botocore``] This release adds a new spread placement group to EC2
    Placement Groups: host level spread, which spread instances between physical hosts, available to
    Outpost customers only. CreatePlacementGroup and DescribePlacementGroups APIs were updated with a
    new parameter: SpreadLevel to support this feature.
  * api-change:``finspace-data``: [``botocore``] Release new API GetExternalDataViewAccessDetails
  * api-change:``polly``: [``botocore``] Add 4 new neural voices - Pedro (es-US), Liam (fr-CA),
    Daniel (de-DE) and Arthur (en-GB).
- from version 1.24.18
  * api-change:``iot``: [``botocore``] This release ease the restriction for the input of tag value
    to align with AWS standard, now instead of min length 1, we change it to min length 0.
- from version 1.24.17
  * api-change:``glue``: [``botocore``] This release enables the new ListCrawls API for viewing the
    AWS Glue Crawler run history.
  * api-change:``rds-data``: [``botocore``] Documentation updates for RDS Data API
- from version 1.24.16
  * api-change:``lookoutequipment``: [``botocore``] This release adds visualizations to the scheduled
    inference results. Users will be able to see interference results, including diagnostic results
    from their running inference schedulers.
  * api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has released support
    for automatic DolbyVision metadata generation when converting HDR10 to DolbyVision.
  * api-change:``mgn``: [``botocore``] New and modified APIs for the Post-Migration Framework
  * api-change:``migration-hub-refactor-spaces``: [``botocore``] This release adds the new API
    UpdateRoute that allows route to be updated to ACTIVE/INACTIVE state. In addition, CreateRoute API
    will now allow users to create route in ACTIVE/INACTIVE state.
  * api-change:``sagemaker``: [``botocore``] SageMaker Ground Truth now supports Virtual Private
    Cloud. Customers can launch labeling jobs and access to their private workforce in VPC mode.
- from version 1.24.15
  * api-change:``apigateway``: [``botocore``] Documentation updates for Amazon API Gateway
  * api-change:``pricing``: [``botocore``] This release introduces 1 update to the GetProducts API.
    The serviceCode attribute is now required when you use the GetProductsRequest.
  * api-change:``transfer``: [``botocore``] Until today, the service supported only RSA host keys and
    user keys. Now with this launch, Transfer Family has expanded the support for ECDSA and ED25519
    host keys and user keys, enabling customers to support a broader set of clients by choosing RSA,
    ECDSA, and ED25519 host and user keys.
- from version 1.24.14
  * api-change:``ec2``: [``botocore``] This release adds support for Private IP VPNs, a new feature
    allowing S2S VPN connections to use private ip addresses as the tunnel outside ip address over
    Direct Connect as transport.
  * api-change:``ecs``: [``botocore``] Amazon ECS UpdateService now supports the following
    parameters: PlacementStrategies, PlacementConstraints and CapacityProviderStrategy.
  * api-change:``wellarchitected``: [``botocore``] Adds support for lens tagging, Adds support for
    multiple helpful-resource urls and multiple improvement-plan urls.
- from version 1.24.13
  * api-change:``ds``: [``botocore``] This release adds support for describing and updating AWS
    Managed Microsoft AD settings
  * api-change:``kafka``: [``botocore``] Documentation updates to use Az Id during cluster creation.
  * api-change:``outposts``: [``botocore``] This release adds the AssetLocation structure to the
    ListAssets response. AssetLocation includes the RackElevation for an Asset.
- from version 1.24.12
  * api-change:``connect``: [``botocore``] This release updates these APIs: UpdateInstanceAttribute,
    DescribeInstanceAttribute and ListInstanceAttributes. You can use it to programmatically
    enable/disable High volume outbound communications using attribute type HIGH_VOLUME_OUTBOUND on the
    specified Amazon Connect instance.
  * api-change:``connectcampaigns``: [``botocore``] Added Amazon Connect high volume outbound
    communications SDK.
  * api-change:``dynamodb``: [``botocore``] Doc only update for DynamoDB service
  * api-change:``dynamodbstreams``: [``botocore``] Update dynamodbstreams client to latest version
- from version 1.24.11
  * api-change:``redshift-data``: [``botocore``] This release adds a new --workgroup-name field to
    operations that connect to an endpoint. Customers can now execute queries against their serverless
    workgroups.
  * api-change:``redshiftserverless``: [``botocore``] Add new API operations for Amazon Redshift
    Serverless, a new way of using Amazon Redshift without needing to manually manage provisioned
    clusters. The new operations let you interact with Redshift Serverless resources, such as create
    snapshots, list VPC endpoints, delete resource policies, and more.
  * api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
  * api-change:``securityhub``: [``botocore``] Added Threats field for security findings. Added new
    resource details for ECS Container, ECS Task, RDS SecurityGroup, Kinesis Stream, EC2
    TransitGateway, EFS AccessPoint, CloudFormation Stack, CloudWatch Alarm, VPC Peering Connection and
    WAF Rules
- from version 1.24.10
  * api-change:``finspace-data``: [``botocore``] This release adds a new set of APIs,
    GetPermissionGroup, DisassociateUserFromPermissionGroup, AssociateUserToPermissionGroup,
    ListPermissionGroupsByUser, ListUsersByPermissionGroup.
  * api-change:``guardduty``: [``botocore``] Adds finding fields available from GuardDuty Console.
    Adds FreeTrial related operations. Deprecates the use of various APIs related to Master Accounts
    and Replace them with Administrator Accounts.
  * api-change:``servicecatalog-appregistry``: [``botocore``] This release adds a new API
    ListAttributeGroupsForApplication that returns associated attribute groups of an application. In
    addition, the UpdateApplication and UpdateAttributeGroup APIs will not allow users to update the
    'Name' attribute.
  * api-change:``workspaces``: [``botocore``] Added new field "reason" to
    OperationNotSupportedException. Receiving this exception in the DeregisterWorkspaceDirectory API
    will now return a reason giving more context on the failure.
- from version 1.24.9
  * api-change:``budgets``: [``botocore``] Add a budgets ThrottlingException. Update the CostFilters
    value pattern.
  * api-change:``lookoutmetrics``: [``botocore``] Adding filters to Alert and adding new UpdateAlert
    API.
  * api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has added support for
    rules that constrain Automatic-ABR rendition selection when generating ABR package ladders.
- from version 1.24.8
  * api-change:``outposts``: [``botocore``] This release adds API operations AWS uses to install
    Outpost servers.
- from version 1.24.7
  * api-change:``frauddetector``: [``botocore``] Documentation updates for Amazon Fraud Detector
    (AWSHawksNest)
- from version 1.24.6
  * api-change:``chime-sdk-meetings``: [``botocore``] Adds support for live transcription in AWS
    GovCloud (US) Regions.
- from version 1.24.5
  * api-change:``dms``: [``botocore``] This release adds DMS Fleet Advisor APIs and exposes
    functionality for DMS Fleet Advisor. It adds functionality to create and modify fleet advisor
    instances, and to collect and analyze information about the local data infrastructure.
  * api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management
    (IAM).
  * api-change:``m2``: [``botocore``] AWS Mainframe Modernization service is a managed mainframe
    service and set of tools for planning, migrating, modernizing, and running mainframe workloads on
    AWS
  * api-change:``neptune``: [``botocore``] This release adds support for Neptune to be configured as
    a global database, with a primary DB cluster in one region, and up to five secondary DB clusters in
    other regions.
  * api-change:``redshift-serverless``: [``botocore``] Add new API operations for Amazon Redshift
    Serverless, a new way of using Amazon Redshift without needing to manually manage provisioned
    clusters. The new operations let you interact with Redshift Serverless resources, such as create
    snapshots, list VPC endpoints, delete resource policies, and more.
  * api-change:``redshift``: [``botocore``] Adds new API GetClusterCredentialsWithIAM to return
    temporary credentials.
- from version 1.24.4
  * api-change:``auditmanager``: [``botocore``] This release introduces 2 updates to the Audit
    Manager API. The roleType and roleArn attributes are now required when you use the CreateAssessment
    or UpdateAssessment operation. We also added a throttling exception to the RegisterAccount API
    operation.
  * api-change:``ce``: [``botocore``] Added two new APIs to support cost allocation tags operations:
    ListCostAllocationTags, UpdateCostAllocationTagsStatus.
- from version 1.24.3
  * api-change:``chime-sdk-messaging``: [``botocore``] This release adds support for searching
    channels by members via the SearchChannels API, removes required restrictions for Name and Mode in
    UpdateChannel API and enhances CreateChannel API by exposing member and moderator list as well as
    channel id as optional parameters.
  * api-change:``connect``: [``botocore``] This release adds a new API, GetCurrentUserData, which
    returns real-time details about users' current activity.
- Update BuildRequires and Requires from setup.py

- Update to version 1.24.2
  * api-change:``codeartifact``: [``botocore``] Documentation updates for CodeArtifact
  * api-change:``voice-id``: [``botocore``] Added a new attribute ServerSideEncryptionUpdateDetails
    to Domain and DomainSummary.
  * api-change:``proton``: [``botocore``] Add new "Components" API to enable users to Create, Delete
    and Update AWS Proton components.
  * api-change:``connect``: [``botocore``] This release adds the following features: 1) New APIs to
    manage (create, list, update) task template resources, 2) Updates to startTaskContact API to
    support task templates, and 3) new TransferContact API to programmatically transfer in-progress
    tasks via a contact flow.
  * api-change:``application-insights``: [``botocore``] Provide Account Level onboarding support
    through CFN/CLI
  * api-change:``kendra``: [``botocore``] Amazon Kendra now provides a data source connector for
    GitHub. For more information, see
    https://docs.aws.amazon.com/kendra/latest/dg/data-source-github.html
- from version 1.24.1
  * api-change:``backup-gateway``: [``botocore``] Adds GetGateway and UpdateGatewaySoftwareNow API
    and adds hypervisor name to UpdateHypervisor API
  * api-change:``forecast``: [``botocore``] Added Format field to Import and Export APIs in Amazon
    Forecast. Added TimeSeriesSelector to Create Forecast API.
  * api-change:``chime-sdk-meetings``: [``botocore``] Adds support for centrally controlling each
    participant's ability to send and receive audio, video and screen share within a WebRTC session.
    Attendee capabilities can be specified when the attendee is created and updated during the session
    with the new BatchUpdateAttendeeCapabilitiesExcept API.
  * api-change:``route53``: [``botocore``] Add new APIs to support Route 53 IP Based Routing
- from version 1.24.0
  * api-change:``iotsitewise``: [``botocore``] This release adds the following new optional field to
    the IoT SiteWise asset resource: assetDescription.
  * api-change:``lookoutmetrics``: [``botocore``] Adding backtest mode to detectors using the
    Cloudwatch data source.
  * api-change:``transcribe``: [``botocore``] Amazon Transcribe now supports automatic language
    identification for multi-lingual audio in batch mode.
  * feature:Python: Dropped support for Python 3.6
  * feature:Python: [``botocore``] Dropped support for Python 3.6
  * api-change:``cognito-idp``: [``botocore``] Amazon Cognito now supports IP Address propagation for
    all unauthenticated APIs (e.g. SignUp, ForgotPassword).
  * api-change:``drs``: [``botocore``] Changed existing APIs and added new APIs to accommodate using
    multiple AWS accounts with AWS Elastic Disaster Recovery.
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Notebook Instances now support Jupyter
    Lab 3.
- from version 1.23.10
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Notebook Instances now allows
    configuration of Instance Metadata Service version and Amazon SageMaker Studio now supports G5
    instance types.
  * api-change:``appflow``: [``botocore``] Adding the following features/changes: Parquet output that
    preserves typing from the source connector, Failed executions threshold before deactivation for
    scheduled flows, increasing max size of access and refresh token from 2048 to 4096
  * api-change:``datasync``: [``botocore``] AWS DataSync now supports TLS encryption in transit, file
    system policies and access points for EFS locations.
  * api-change:``emr-serverless``: [``botocore``] This release adds support for Amazon EMR
    Serverless, a serverless runtime environment that simplifies running analytics applications using
    the latest open source frameworks such as Apache Spark and Apache Hive.
- from version 1.23.9
  * api-change:``lightsail``: [``botocore``] Amazon Lightsail now supports the ability to configure a
    Lightsail Container Service to pull images from Amazon ECR private repositories in your account.
  * api-change:``emr-serverless``: [``botocore``] This release adds support for Amazon EMR
    Serverless, a serverless runtime environment that simplifies running analytics applications using
    the latest open source frameworks such as Apache Spark and Apache Hive.
  * api-change:``ec2``: [``botocore``] C7g instances, powered by the latest generation AWS Graviton3
    processors, provide the best price performance in Amazon EC2 for compute-intensive workloads.
  * api-change:``forecast``: [``botocore``] Introduced a new field in Auto Predictor as Time
    Alignment Boundary. It helps in aligning the timestamps generated during Forecast exports
- from version 1.23.8
  * api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
  * api-change:``fsx``: [``botocore``] This release adds root squash support to FSx for Lustre to
    restrict root level access from clients by mapping root users to a less-privileged user/group with
    limited permissions.
  * api-change:``lookoutmetrics``: [``botocore``] Adding AthenaSourceConfig for MetricSet APIs to
    support Athena as a data source.
  * api-change:``voice-id``: [``botocore``] VoiceID will now automatically expire Speakers if they
    haven't been accessed for Enrollment, Re-enrollment or Successful Auth for three years. The Speaker
    APIs now return a "LastAccessedAt" time for Speakers, and the EvaluateSession API returns
    "SPEAKER_EXPIRED" Auth Decision for EXPIRED Speakers.
  * api-change:``cloudformation``: [``botocore``] Add a new parameter statusReason to
    DescribeStackSetOperation output for additional details
  * api-change:``apigateway``: [``botocore``] Documentation updates for Amazon API Gateway
  * api-change:``apprunner``: [``botocore``] Documentation-only update added for CodeConfiguration.
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Autopilot adds support for manually
    selecting features from the input dataset using the CreateAutoMLJob API.
- from version 1.23.7
  * api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has added support for
    rules that constrain Automatic-ABR rendition selection when generating ABR package ladders.
  * api-change:``cognito-idp``: [``botocore``] Amazon Cognito now supports requiring attribute
    verification (ex. email and phone number) before update.
  * api-change:``networkmanager``: [``botocore``] This release adds Multi Account API support for a
    TGW Global Network, to enable and disable AWSServiceAccess with AwsOrganizations for Network
    Manager service and dependency CloudFormation StackSets service.
  * api-change:``ivschat``: [``botocore``] Doc-only update. For MessageReviewHandler structure, added
    timeout period in the description of the fallbackResult field
  * api-change:``ec2``: [``botocore``] Stop Protection feature enables customers to protect their
    instances from accidental stop actions.
- from version 1.23.6
  * api-change:``elasticache``: [``botocore``] Added support for encryption in transit for Memcached
    clusters. Customers can now launch Memcached cluster with encryption in transit enabled when using
    Memcached version 1.6.12 or later.
  * api-change:``forecast``: [``botocore``] New APIs for Monitor that help you understand how your
    predictors perform over time.
  * api-change:``personalize``: [``botocore``] Adding modelMetrics as part of DescribeRecommender API
    response for Personalize.
- from version 1.23.5
  * api-change:``comprehend``: [``botocore``] Comprehend releases 14 new entity types for
    DetectPiiEntities and ContainsPiiEntities APIs.
  * api-change:``logs``: [``botocore``] Doc-only update to publish the new valid values for log
    retention
- Update BuildRequires and Requires from setup.py
python-botocore
- Update in SLE-15 (bsc#1209255, jsc#PED-3780)
- Add python-python-dateutil and python-jmespath to BuildRequires
- Remove version constraint on python-pytest in BuildRequires
- Revert changes to Requires that introduced new incompatible syntax

- Update to 1.29.89
  * api-change:``ivschat``: This release adds a new exception returned when calling AWS IVS chat
    UpdateLoggingConfiguration. Now UpdateLoggingConfiguration can return ConflictException when
    invalid updates are made in sequence to Logging Configurations.
  * api-change:``secretsmanager``: The type definitions of SecretString and SecretBinary now have a
    minimum length of 1 in the model to match the exception thrown when you pass in empty values.
- from version 1.29.88
  * api-change:``codeartifact``: This release introduces the generic package format, a mechanism for
    storing arbitrary binary assets. It also adds a new API, PublishPackageVersion, to allow for
    publishing generic packages.
  * api-change:``connect``: This release adds a new API, GetMetricDataV2, which returns metric data
    for Amazon Connect.
  * api-change:``evidently``: Updated entity override documentation
  * api-change:``networkmanager``: This update provides example usage for TransitGatewayRouteTableArn.
  * api-change:``quicksight``: This release has two changes: add state persistence feature for
    embedded dashboard and console in GenerateEmbedUrlForRegisteredUser API; add properties for hidden
    collapsed row dimensions in PivotTableOptions.
  * api-change:``redshift-data``: Added support for Redshift Serverless workgroup-arn wherever the
    WorkgroupName parameter is available.
  * api-change:``sagemaker``: Amazon SageMaker Inference now allows SSM access to customer's model
    container by setting the "EnableSSMAccess" parameter for a ProductionVariant in
    CreateEndpointConfig API.
  * api-change:``servicediscovery``: Updated all AWS Cloud Map APIs to provide consistent throttling
    exception (RequestLimitExceeded)
  * api-change:``sesv2``: This release introduces a new recommendation in Virtual Deliverability
    Manager Advisor, which detects missing or misconfigured Brand Indicator for Message Identification
    (BIMI) DNS records for customer sending identities.
- from version 1.29.87
  * api-change:``athena``: A new field SubstatementType is added to GetQueryExecution API, so
    customers have an error free way to detect the query type and interpret the result.
  * api-change:``dynamodb``: Adds deletion protection support to DynamoDB tables. Tables with
    deletion protection enabled cannot be deleted. Deletion protection is disabled by default, can be
    enabled via the CreateTable or UpdateTable APIs, and is visible in TableDescription. This setting
    is not replicated for Global Tables.
  * api-change:``ec2``: Introducing Amazon EC2 C7g, M7g and R7g instances, powered by the latest
    generation AWS Graviton3 processors and deliver up to 25% better performance over Graviton2-based
    instances.
  * api-change:``lakeformation``: This release adds two new API support "GetDataCellsFiler" and
    "UpdateDataCellsFilter", and also updates the corresponding documentation.
  * api-change:``mediapackage-vod``: This release provides the date and time VOD resources were
    created.
  * api-change:``mediapackage``: This release provides the date and time live resources were created.
  * api-change:``route53resolver``: Add dual-stack and IPv6 support for Route 53 Resolver
    Endpoint,Add IPv6 target IP in Route 53 Resolver Forwarding Rule
  * api-change:``sagemaker``: There needs to be a user identity to specify the SageMaker user who
    perform each action regarding the entity. However, these is a not a unified concept of user
    identity across SageMaker service that could be used today.
- from version 1.29.86
  * api-change:``dms``: This release adds DMS Fleet Advisor Target Recommendation APIs and exposes
    functionality for DMS Fleet Advisor. It adds functionality to start Target Recommendation
    calculation.
  * api-change:``location``: Documentation update for the release of 3 additional map styles for use
    with Open Data Maps: Open Data Standard Dark, Open Data Visualization Light & Open Data
    Visualization Dark.
- from version 1.29.85
  * api-change:``account``: AWS Account alternate contact email addresses can now have a length of
    254 characters and contain the character "|".
  * api-change:``ivs``: Updated text description in DeleteChannel, Stream, and StreamSummary.
- from version 1.29.84
  * api-change:``dynamodb``: Documentation updates for DynamoDB.
  * api-change:``ec2``: This release adds support for a new boot mode for EC2 instances called 'UEFI
    Preferred'.
  * api-change:``macie2``: Documentation updates for Amazon Macie
  * api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has improved handling for
    different input and output color space combinations.
  * api-change:``medialive``: AWS Elemental MediaLive adds support for Nielsen watermark timezones.
  * api-change:``transcribe``: Amazon Transcribe now supports role access for these API operations:
    CreateVocabulary, UpdateVocabulary, CreateVocabularyFilter, and UpdateVocabularyFilter.
- from version 1.29.83
  * api-change:``iot``: A recurring maintenance window is an optional configuration used for rolling
    out the job document to all devices in the target group observing a predetermined start time,
    duration, and frequency that the maintenance window occurs.
  * api-change:``migrationhubstrategy``: This release updates the File Import API to allow importing
    servers already discovered by customers with reduced pre-requisites.
  * api-change:``organizations``: This release introduces a new reason code,
    ACCOUNT_CREATION_NOT_COMPLETE, to ConstraintViolationException in CreateOrganization API.
  * api-change:``pi``: This release adds a new field PeriodAlignment to allow the customer specifying
    the returned timestamp of time periods to be either the start or end time.
  * api-change:``pipes``: This release fixes some input parameter range and patterns.
  * api-change:``sagemaker``: Add a new field "EndpointMetrics" in SageMaker Inference Recommender
    "ListInferenceRecommendationsJobSteps" API response.
- from version 1.29.82
  * api-change:``codecatalyst``: Published Dev Environments StopDevEnvironmentSession API
  * api-change:``pricing``: This release adds 2 new APIs - ListPriceLists which returns a list of
    applicable price lists, and GetPriceListFileUrl which outputs a URL to retrieve your price lists
    from the generated file from ListPriceLists
  * api-change:``s3outposts``: S3 on Outposts introduces a new API ListOutpostsWithS3, with this API
    you can list all your Outposts with S3 capacity.
- from version 1.29.81
  * enhancement:Documentation: Splits service documentation into multiple sub-pages for better
    organization and faster loading time.
  * api-change:``comprehend``: Amazon Comprehend now supports flywheels to help you train and manage
    new model versions for custom models.
  * api-change:``ec2``: This release allows IMDS support to be set to v2-only on an existing AMI, so
    that all future instances launched from that AMI will use IMDSv2 by default.
  * api-change:``kms``: AWS KMS is deprecating the RSAES_PKCS1_V1_5 wrapping algorithm option in the
    GetParametersForImport API that is used in the AWS KMS Import Key Material feature. AWS KMS will
    end support for this wrapping algorithm by October 1, 2023.
  * api-change:``lightsail``: This release adds Lightsail for Research feature support, such as GUI
    session access, cost estimates, stop instance on idle, and disk auto mount.
  * api-change:``managedblockchain``: This release adds support for tagging to the accessor resource
    in Amazon Managed Blockchain
  * api-change:``omics``: Minor model changes to accomodate batch imports feature
- from version 1.29.80
  * api-change:``devops-guru``: This release adds the description field on ListAnomaliesForInsight
    and DescribeAnomaly API responses for proactive anomalies.
  * api-change:``drs``: New fields were added to reflect availability zone data in source server and
    recovery instance description commands responses, as well as source server launch status.
  * api-change:``internetmonitor``: CloudWatch Internet Monitor is a a new service within CloudWatch
    that will help application developers and network engineers continuously monitor internet
    performance metrics such as availability and performance between their AWS-hosted applications and
    end-users of these applications
  * api-change:``lambda``: This release adds the ability to create ESMs with Document DB change
    streams as event source. For more information see
    https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html.
  * api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has added support for HDR10 to
    SDR tone mapping, and animated GIF video input sources.
  * api-change:``timestream-write``: This release adds the ability to ingest batched historical data
    or migrate data in bulk from S3 into Timestream using CSV files.
- from version 1.29.79
  * api-change:``connect``: StartTaskContact API now supports linked task creation with a new
    optional RelatedContactId parameter
  * api-change:``connectcases``: This release adds the ability to delete domains through the
    DeleteDomain API. For more information see
    https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
  * api-change:``redshift``: Documentation updates for Redshift API bringing it in line with IAM best
    practices.
  * api-change:``securityhub``: New Security Hub APIs and updates to existing APIs that help you
    consolidate control findings and enable and disable controls across all supported standards
  * api-change:``servicecatalog``: Documentation updates for Service Catalog

- Update to 1.29.78
  * api-change:``appflow``: This release enables the customers to choose whether to use Private Link
    for Metadata and Authorization call when using a private Salesforce connections
  * api-change:``ecs``: This release supports deleting Amazon ECS task definitions that are in the
    INACTIVE state.
  * api-change:``grafana``: Doc-only update. Updated information on attached role policies for
    customer provided roles
  * api-change:``guardduty``: Updated API and data types descriptions for CreateFilter, UpdateFilter,
    and TriggerDetails.
  * api-change:``iotwireless``: In this release, we add additional capabilities for the FUOTA which
    allows user to configure the fragment size, the sending interval and the redundancy ratio of the
    FUOTA tasks
  * api-change:``location``: This release adds support for using Maps APIs with an API Key in
    addition to AWS Cognito. This includes support for adding, listing, updating and deleting API Keys.
  * api-change:``macie2``: This release adds support for a new finding type,
    Policy:IAMUser/S3BucketSharedWithCloudFront, and S3 bucket metadata that indicates if a bucket is
    shared with an Amazon CloudFront OAI or OAC.
  * api-change:``wafv2``: You can now associate an AWS WAF v2 web ACL with an AWS App Runner service.
- from version 1.29.77
  * api-change:``chime-sdk-voice``: This release introduces support for Voice Connector media metrics
    in the Amazon Chime SDK Voice namespace
  * api-change:``cloudfront``: CloudFront now supports block lists in origin request policies so that
    you can forward all headers, cookies, or query string from viewer requests to the origin *except*
    for those specified in the block list.
  * api-change:``datasync``: AWS DataSync has relaxed the minimum length constraint of AccessKey for
    Object Storage locations to 1.
  * api-change:``opensearch``: This release lets customers configure Off-peak window and software
    update related properties for a new/existing domain. It enhances the capabilities of
    StartServiceSoftwareUpdate API; adds 2 new APIs - ListScheduledActions & UpdateScheduledAction; and
    allows Auto-tune to make use of Off-peak window.
  * api-change:``rum``: CloudWatch RUM now supports CloudWatch Custom Metrics
  * api-change:``ssm``: Document only update for Feb 2023
- from version 1.29.76
  * api-change:``quicksight``: S3 data sources now accept a custom IAM role.
  * api-change:``resiliencehub``: In this release we improved resilience hub application creation and
    maintenance by introducing new resource and app component crud APIs, improving visibility and
    maintenance of application input sources and added support for additional information attributes to
    be provided by customers.
  * api-change:``securityhub``: Documentation updates for AWS Security Hub
  * api-change:``tnb``: This is the initial SDK release for AWS Telco Network Builder (TNB). AWS
    Telco Network Builder is a network automation service that helps you deploy and manage telecom
    networks.
- from version 1.29.75
  * bugfix:SSO: Fixes aws/aws-cli`#7496 <https://github.com/aws/aws-cli/issues/7496>`__ by using the
    correct profile name rather than the one set in the session.
  * api-change:``auditmanager``: This release introduces a ServiceQuotaExceededException to the
    UpdateAssessmentFrameworkShare API operation.
  * api-change:``connect``: Reasons for failed diff has been approved by SDK Reviewer
- from version 1.29.74
  * api-change:``apprunner``: This release supports removing MaxSize limit for
    AutoScalingConfiguration.
  * api-change:``glue``: Release of Delta Lake Data Lake Format for Glue Studio Service
- from version 1.29.73
  * api-change:``emr``: Update emr client to latest version
  * api-change:``grafana``: With this release Amazon Managed Grafana now supports inbound Network
    Access Control that helps you to restrict user access to your Grafana workspaces
  * api-change:``ivs``: Doc-only update. Updated text description in DeleteChannel, Stream, and
    StreamSummary.
  * api-change:``wafv2``: Added a notice for account takeover prevention (ATP). The interface
    incorrectly lets you to configure ATP response inspection in regional web ACLs in Region US East
    (N. Virginia), without returning an error. ATP response inspection is only available in web ACLs
    that protect CloudFront distributions.
- from version 1.29.72
  * api-change:``cloudtrail``: This release adds an InsufficientEncryptionPolicyException type to the
    StartImport endpoint
  * api-change:``efs``: Update efs client to latest version
  * api-change:``frauddetector``: This release introduces Lists feature which allows customers to
    reference a set of values in Fraud Detector's rules. With Lists, customers can dynamically manage
    these attributes in real time. Lists can be created/deleted and its contents can be modified using
    the Fraud Detector API.
  * api-change:``glue``: Fix DirectJDBCSource not showing up in CLI code gen
  * api-change:``privatenetworks``: This release introduces a new StartNetworkResourceUpdate API,
    which enables return/replacement of hardware from a NetworkSite.
  * api-change:``rds``: Database Activity Stream support for RDS for SQL Server.
  * api-change:``wafv2``: For protected CloudFront distributions, you can now use the AWS WAF Fraud
    Control account takeover prevention (ATP) managed rule group to block new login attempts from
    clients that have recently submitted too many failed login attempts.

- Update to 1.29.71
  * api-change:``appconfig``: AWS AppConfig now offers the option to set a version label on hosted
    configuration versions. Version labels allow you to identify specific hosted configuration versions
    based on an alternate versioning scheme that you define.
  * api-change:``datasync``: With this launch, we are giving customers the ability to use older SMB
    protocol versions, enabling them to use DataSync to copy data to and from their legacy storage
    arrays.
  * api-change:``ec2``: With this release customers can turn host maintenance on or off when
    allocating or modifying a supported dedicated host. Host maintenance is turned on by default for
    supported hosts.
- from version 1.29.70
  * api-change:``account``: This release of the Account Management API enables customers to view and
    manage whether AWS Opt-In Regions are enabled or disabled for their Account. For more information,
    see https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html
  * api-change:``appconfigdata``: AWS AppConfig now offers the option to set a version label on
    hosted configuration versions. If a labeled hosted configuration version is deployed, its version
    label is available in the GetLatestConfiguration response.
  * api-change:``snowball``: Adds support for EKS Anywhere on Snowball. AWS Snow Family customers can
    now install EKS Anywhere service on Snowball Edge Compute Optimized devices.
- from version 1.29.69
  * api-change:``autoscaling``: You can now either terminate/replace, ignore, or wait for EC2 Auto
    Scaling instances on standby or protected from scale in. Also, you can also roll back changes from
    a failed instance refresh.
  * api-change:``connect``: This update provides the Wisdom session ARN for contacts enabled for
    Wisdom in the chat channel.
  * api-change:``ec2``: Adds support for waiters that automatically poll for an imported snapshot
    until it reaches the completed state.
  * api-change:``polly``: Amazon Polly adds two new neural Japanese voices - Kazuha, Tomoko
  * api-change:``sagemaker``: Amazon SageMaker Autopilot adds support for selecting algorithms in
    CreateAutoMLJob API.
  * api-change:``sns``: This release adds support for SNS X-Ray active tracing as well as other
    updates.
- from version 1.29.68
  * api-change:``chime-sdk-meetings``: Documentation updates for Chime Meetings SDK
  * api-change:``emr-containers``: EMR on EKS allows configuring retry policies for job runs through
    the StartJobRun API. Using retry policies, a job cause a driver pod to be restarted automatically
    if it fails or is deleted. The job's status can be seen in the DescribeJobRun and ListJobRun APIs
    and monitored using CloudWatch events.
  * api-change:``evidently``: Updated entity overrides parameter to accept up to 2500 overrides or a
    total of 40KB.
  * api-change:``lexv2-models``: Update lexv2-models client to latest version
  * api-change:``lexv2-runtime``: Update lexv2-runtime client to latest version
  * api-change:``lightsail``: Documentation updates for Lightsail
  * api-change:``migration-hub-refactor-spaces``: This release adds support for creating environments
    with a network fabric type of NONE
  * api-change:``workdocs``: Doc only update for the WorkDocs APIs.
  * api-change:``workspaces``: Removed Windows Server 2016 BYOL and made changes based on IAM
    campaign.
- from version 1.29.67
  * api-change:``backup``: This release added one attribute (resource name) in the output model of
    our 9 existing APIs in AWS backup so that customers will see the resource name at the output. No
    input required from Customers.
  * api-change:``cloudfront``: CloudFront Origin Access Control extends support to AWS Elemental
    MediaStore origins.
  * api-change:``glue``: DirectJDBCSource + Glue 4.0 streaming options
  * api-change:``lakeformation``: This release removes the LFTagpolicyResource expression limits.

- Update to 1.29.66
  * api-change:``transfer``: Updated the documentation for the ImportCertificate API call, and added
    examples.
- from version 1.29.65
  * api-change:``compute-optimizer``: AWS Compute optimizer can now infer if Kafka is running on an
    instance.
  * api-change:``customer-profiles``: This release deprecates the PartyType and Gender enum data
    types from the Profile model and replaces them with new PartyTypeString and GenderString
    attributes, which accept any string of length up to 255.
  * api-change:``frauddetector``: My AWS Service (Amazon Fraud Detector) - This release introduces
    Cold Start Model Training which optimizes training for small datasets and adds intelligent methods
    for treating unlabeled data. You can now train Online Fraud Insights or Transaction Fraud Insights
    models with minimal historical-data.
  * api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has added improved scene change
    detection capabilities and a bandwidth reduction filter, along with video quality enhancements, to
    the AVC encoder.
  * api-change:``outposts``: Adds OrderType to Order structure. Adds PreviousOrderId and
    PreviousLineItemId to LineItem structure. Adds new line item status REPLACED. Increases maximum
    length of pagination token.
- from version 1.29.64
  * enhancement:AWSCRT: Upgrade awscrt version to 0.16.9
  * api-change:``proton``: Add new GetResourcesSummary API
  * api-change:``redshift``: Corrects descriptions of the parameters for the API operations
    RestoreFromClusterSnapshot, RestoreTableFromClusterSnapshot, and CreateCluster.
- from version 1.29.63
  * api-change:``appconfig``: AWS AppConfig introduces KMS customer-managed key (CMK) encryption of
    configuration data, along with AWS Secrets Manager as a new configuration data source. S3 objects
    using SSE-KMS encryption and SSM Parameter Store SecureStrings are also now supported.
  * api-change:``connect``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``ec2``: Documentation updates for EC2.
  * api-change:``elbv2``: Update elbv2 client to latest version
  * api-change:``keyspaces``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``quicksight``: QuickSight support for Radar Chart and Dashboard Publish Options
  * api-change:``redshift``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``sso-admin``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
- from version 1.29.62
  * bugfix:``s3``: boto3 no longer overwrites user supplied `Content-Encoding` with `aws-chunked`
    when user also supplies `ChecksumAlgorithm`.
  * api-change:``devops-guru``: This release adds filter support ListAnomalyForInsight API.
  * api-change:``forecast``: This release will enable customer select INCREMENTAL as ImportModel in
    Forecast's CreateDatasetImportJob API. Verified latest SDK containing required attribute, following
    https://w.amazon.com/bin/view/AWS-Seer/Launch/Trebuchet/
  * api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
  * api-change:``mediatailor``: The AWS Elemental MediaTailor SDK for Channel Assembly has added
    support for program updates, and the ability to clip the end of VOD sources in programs.
  * api-change:``sns``: Additional attributes added for set-topic-attributes.
- from version 1.29.61
  * api-change:``accessanalyzer``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``appsync``: This release introduces the feature to support EventBridge as AppSync
    data source.
  * api-change:``cloudtrail-data``: Add CloudTrail Data Service to enable users to ingest activity
    events from non-AWS sources into CloudTrail Lake.
  * api-change:``cloudtrail``: Add new "Channel" APIs to enable users to manage channels used for
    CloudTrail Lake integrations, and "Resource Policy" APIs to enable users to manage the
    resource-based permissions policy attached to a channel.
  * api-change:``codeartifact``: This release introduces a new DeletePackage API, which enables
    deletion of a package and all of its versions from a repository.
  * api-change:``connectparticipant``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``ec2``: This launch allows customers to associate up to 8 IP addresses to their NAT
    Gateways to increase the limit on concurrent connections to a single destination by eight times
    from 55K to 440K.
  * api-change:``groundstation``: DigIF Expansion changes to the Customer APIs.
  * api-change:``iot``: Added support for IoT Rules Engine Cloudwatch Logs action batch mode.
  * api-change:``kinesis``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``opensearch``: Amazon OpenSearch Service adds the option for a VPC endpoint
    connection between two domains when the local domain uses OpenSearch version 1.3 or 2.3. You can
    now use remote reindex to copy indices from one VPC domain to another without a reverse proxy.
  * api-change:``outposts``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``polly``: Amazon Polly adds two new neural American English voices - Ruth, Stephen
  * api-change:``sagemaker``: Amazon SageMaker Automatic Model Tuning now supports more completion
    criteria for Hyperparameter Optimization.
  * api-change:``securityhub``: New fields have been added to the AWS Security Finding Format.
    Compliance.SecurityControlId is a unique identifier for a security control across standards.
    Compliance.AssociatedStandards contains all enabled standards in which a security control is
    enabled.
  * api-change:``support``: This fixes incorrect endpoint construction when a customer is explicitly
    setting a region.

- Update to 1.29.60
  * api-change:``clouddirectory``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``cloudformation``: This feature provides a method of obtaining which regions a
    stackset has stack instances deployed in.
  * api-change:``discovery``: Update ImportName validation to 255 from the current length of 100
  * api-change:``dlm``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``ec2``: We add Prefix Lists as a new route destination option for LocalGatewayRoutes.
    This will allow customers to create routes to Prefix Lists. Prefix List routes will allow customers
    to group individual CIDR routes with the same target into a single route.
  * api-change:``imagebuilder``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``kafka``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``mediaconvert``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``swf``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
- from version 1.29.59
  * api-change:``application-autoscaling``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``appstream``: Fixing the issue where Appstream waiters hang for fleet_started and
    fleet_stopped.
  * api-change:``elasticbeanstalk``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``fis``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``glacier``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``greengrass``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``greengrassv2``: Enabled FIPS endpoints for GovCloud (US) in SDK.
  * api-change:``mediatailor``: This release introduces the As Run logging type, along with API and
    documentation updates.
  * api-change:``outposts``: Adding support for payment term in GetOrder, CreateOrder responses.
  * api-change:``sagemaker-runtime``: Update sagemaker-runtime client to latest version
  * api-change:``sagemaker``: This release supports running SageMaker Training jobs with container
    images that are in a private Docker registry.
  * api-change:``serverlessrepo``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.

- Update to 1.29.58
  * api-change:``events``: Update events client to latest version
  * api-change:``iotfleetwise``: Add model validation to BatchCreateVehicle and BatchUpdateVehicle
    operations that invalidate requests with an empty vehicles list.
  * api-change:``s3``: Allow FIPS to be used with path-style URLs.
- from version 1.29.57
  * api-change:``cloudformation``: Enabled FIPS aws-us-gov endpoints in SDK.
  * api-change:``ec2``: This release adds new functionality that allows customers to provision IPv6
    CIDR blocks through Amazon VPC IP Address Manager (IPAM) as well as allowing customers to utilize
    IPAM Resource Discovery APIs.
  * api-change:``m2``: Add returnCode, batchJobIdentifier in GetBatchJobExecution response, for user
    to view the batch job execution result & unique identifier from engine. Also removed unused headers
    from REST APIs
  * api-change:``polly``: Add 5 new neural voices - Sergio (es-ES), Andres (es-MX), Remi (fr-FR),
    Adriano (it-IT) and Thiago (pt-BR).
  * api-change:``redshift-serverless``: Added query monitoring rules as possible parameters for
    create and update workgroup operations.
  * api-change:``s3control``: Add additional endpoint tests for S3 Control. Fix missing endpoint
    parameters for PutBucketVersioning and GetBucketVersioning. Prior to this fix, those operations may
    have resulted in an invalid endpoint being resolved.
  * api-change:``sagemaker``: SageMaker Inference Recommender now decouples from Model Registry and
    could accept Model Name to invoke inference recommendations job; Inference Recommender now provides
    CPU/Memory Utilization metrics data in recommendation output.
  * api-change:``sts``: Doc only change to update wording in a key topic
- from version 1.29.56
  * api-change:``databrew``: Enabled FIPS us-gov-west-1 endpoints in SDK.
  * api-change:``route53``: Amazon Route 53 now supports the Asia Pacific (Melbourne) Region
    (ap-southeast-4) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
    region.
  * api-change:``ssm-sap``: This release provides updates to documentation and support for listing
    operations performed by AWS Systems Manager for SAP.
- from version 1.29.55
  * api-change:``lambda``: Release Lambda RuntimeManagementConfig, enabling customers to better
    manage runtime updates to their Lambda functions. This release adds two new APIs,
    GetRuntimeManagementConfig and PutRuntimeManagementConfig, as well as support on existing
    Create/Get/Update function APIs.
  * api-change:``sagemaker``: Amazon SageMaker Inference now supports P4de instance types.
- from version 1.29.54
  * api-change:``ec2``: C6in, M6in, M6idn, R6in and R6idn instances are powered by 3rd Generation
    Intel Xeon Scalable processors (code named Ice Lake) with an all-core turbo frequency of 3.5 GHz.
  * api-change:``ivs``: API and Doc update. Update to arns field in BatchGetStreamKey. Also updates
    to operations and structures.
  * api-change:``quicksight``: This release adds support for data bars in QuickSight table and
    increases pivot table field well limit.
- from version 1.29.53
  * api-change:``appflow``: Adding support for Salesforce Pardot connector in Amazon AppFlow.
  * api-change:``codeartifact``: Documentation updates for CodeArtifact
  * api-change:``connect``: Amazon Connect Chat introduces Persistent Chat, allowing customers to
    resume previous conversations with context and transcripts carried over from previous chats,
    eliminating the need to repeat themselves and allowing agents to provide personalized service with
    access to entire conversation history.
  * api-change:``connectparticipant``: This release updates Amazon Connect Participant's
    GetTranscript api to provide transcripts of past chats on a persistent chat session.
  * api-change:``ec2``: Adds SSM Parameter Resource Aliasing support to EC2 Launch Templates. Launch
    Templates can now store parameter aliases in place of AMI Resource IDs. CreateLaunchTemplateVersion
    and DescribeLaunchTemplateVersions now support a convenience flag, ResolveAlias, to return the
    resolved parameter value.
  * api-change:``glue``: Release Glue Studio Hudi Data Lake Format for SDK/CLI
  * api-change:``groundstation``: Add configurable prepass and postpass times for
    DataflowEndpointGroup. Add Waiter to allow customers to wait for a contact that was reserved
    through ReserveContact
  * api-change:``logs``: Bug fix - Removed the regex pattern validation from CoralModel to avoid
    potential security issue.
  * api-change:``medialive``: AWS Elemental MediaLive adds support for SCTE 35 preRollMilliSeconds.
  * api-change:``opensearch``: This release adds the enhanced dry run option, that checks for
    validation errors that might occur when deploying configuration changes and provides a summary of
    these errors, if any. The feature will also indicate whether a blue/green deployment will be
    required to apply a change.
  * api-change:``panorama``: Added AllowMajorVersionUpdate option to OTAJobConfig to make appliance
    software major version updates opt-in.
  * api-change:``sagemaker``: HyperParameterTuningJobs now allow passing environment variables into
    the corresponding TrainingJobs

- Update to 1.29.52
  * api-change:``cloudwatch``: Update cloudwatch client to latest version
  * api-change:``efs``: Update efs client to latest version
  * api-change:``ivschat``: Updates the range for a Chat Room's maximumMessageRatePerSecond field.
  * api-change:``wafv2``: Improved the visibility of the guidance for updating AWS WAF resources,
    such as web ACLs and rule groups.
- from version 1.29.51
  * api-change:``billingconductor``: This release adds support for SKU Scope for pricing plans.
  * api-change:``cloud9``: Added minimum value to AutomaticStopTimeMinutes parameter.
  * api-change:``imagebuilder``: Add support for AWS Marketplace product IDs as input during
    CreateImageRecipe for the parent-image parameter. Add support for listing third-party components.
  * api-change:``network-firewall``: Network Firewall now allows creation of dual stack endpoints,
    enabling inspection of IPv6 traffic.

- update to 1.29.50:
  * api-change:``connect``: This release updates the responses of
    UpdateContactFlowContent, UpdateContactFlowMetadata, UpdateContactFlowName
    and DeleteContactFlow API with empty responses.
  * api-change:``ec2``: Documentation updates for EC2.
  * api-change:``outposts``: This release adds POWER_30_KVA as an option for
    PowerDrawKva. PowerDrawKva is part of the RackPhysicalProperties structure
    in the CreateSite request.
  * api-change:``resource-groups``: AWS Resource Groups customers can now turn
    on Group Lifecycle Events in their AWS account. When you turn this on,
    Resource Groups monitors your groups for changes to group state or
    membership. Those changes are sent to Amazon EventBridge as events that you
    can respond to using rules you create.
  * api-change:``cleanrooms``: Initial release of AWS Clean Rooms
  * api-change:``lambda``: Add support for MaximumConcurrency parameter for SQS
    event source. Customers can now limit the maximum concurrent invocations
    for their SQS Event Source Mapping.
  * api-change:``logs``: Bug fix: logGroupName is now not a required field in
    GetLogEvents, FilterLogEvents, GetLogGroupFields, and DescribeLogStreams
    APIs as logGroupIdentifier can be provided instead
  * api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has added
    support for compact DASH manifest generation, audio normalization using
    TruePeak measurements, and the ability to clip the sample range in the
    color corrector.
  * api-change:``secretsmanager``: Update documentation for new ListSecrets and DescribeSecret parameters
  * api-change:``kendra``: This release adds support to new document types -
    RTF, XML, XSLT, MS_EXCEL, CSV, JSON, MD
  * api-change:``location``: This release adds support for two new route travel
    models, Bicycle and Motorcycle which can be used with Grab data source.
  * api-change:``rds``: This release adds support for configuring allocated
    storage on the CreateDBInstanceReadReplica,
    RestoreDBInstanceFromDBSnapshot, and RestoreDBInstanceToPointInTime APIs.
  * api-change:``ecr-public``: This release for Amazon ECR Public makes several
    change to bring the SDK into sync with the API.
  * api-change:``kendra-ranking``: Introducing Amazon Kendra Intelligent
    Ranking, a new set of Kendra APIs that leverages Kendra semantic ranking
    capabilities to improve the quality of search results from other search
    services (i.e. OpenSearch, ElasticSearch, Solr).
  * api-change:``network-firewall``: Network Firewall now supports the Suricata
    rule action reject, in addition to the actions pass, drop, and alert.
  * api-change:``ram``: Enabled FIPS aws-us-gov endpoints in SDK.
  * api-change:``workspaces-web``: This release adds support for a new portal
    authentication type: AWS IAM Identity Center (successor to AWS Single
    Sign-On).

- correct requires
- update to 1.29.45:
  * api-change:``acm-pca``: Added revocation parameter validation: bucket names
    must match S3 bucket naming rules and CNAMEs conform to RFC2396 restrictions
    on the use of special characters in URIs.
  * api-change:``auditmanager``: This release introduces a new data retention
    option in your Audit Manager settings. You can now use the
    DeregistrationPolicy parameter to specify if you want to delete your data
    when you deregister Audit Manager.
  * api-change:``amplifybackend``: Updated GetBackendAPIModels response to
    include ModelIntrospectionSchema json string
  * api-change:``apprunner``: This release adds support of securely referencing
    secrets and configuration data that are stored in Secrets Manager and SSM
    Parameter Store by adding them as environment secrets in your App Runner
    service.
  * api-change:``connect``: Documentation update for a new Initiation Method
    value in DescribeContact API
  * api-change:``emr-serverless``: Adds support for customized images. You can
    now provide runtime images when creating or updating EMR Serverless
    Applications.
  * api-change:``lightsail``: Documentation updates for Amazon Lightsail.
  * api-change:``mwaa``: MWAA supports Apache Airflow version 2.4.3.
  * api-change:``rds``: This release adds support for specifying which
    certificate authority (CA) to use for a DB instance's server certificate
    during DB instance creation, as well as other CA enhancements.
  * api-change:``application-autoscaling``: Customers can now use the existing
    DescribeScalingActivities API to also see the detailed and machine-readable
    reasons for Application Auto Scaling not scaling their resources and, if
    needed, take the necessary corrective actions.
  * api-change:``logs``: Update to remove sequenceToken as a required field in
    PutLogEvents calls.
  * api-change:``ssm``: Adding support for QuickSetup Document Type in Systems
    Manager
  * api-change:``securitylake``: Allow CreateSubscriber API to take string input
    that allows setting more descriptive SubscriberDescription field. Make
    souceTypes field required in model level for UpdateSubscriberRequest as it is
    required for every API call on the backend. Allow ListSubscribers take any
    String as nextToken param.

- Update to 1.29.41
  * api-change:``cloudfront``: Extend response headers policy to support removing headers from viewer
    responses
  * api-change:``iotfleetwise``: Update documentation - correct the epoch constant value of default
    value for expiryTime field in CreateCampaign request.
- from version 1.29.40
  * api-change:``apigateway``: Documentation updates for Amazon API Gateway
  * api-change:``emr``: Update emr client to latest version
  * api-change:``secretsmanager``: Added owning service filter, include planned deletion flag, and
    next rotation date response parameter in ListSecrets.
  * api-change:``wisdom``: This release extends Wisdom CreateContent and StartContentUpload APIs to
    support PDF and MicrosoftWord docx document uploading.
- from version 1.29.39
  * api-change:``elasticache``: This release allows you to modify the encryption in transit setting,
    for existing Redis clusters. You can now change the TLS configuration of your Redis clusters
    without the need to re-build or re-provision the clusters or impact application availability.
  * api-change:``network-firewall``: AWS Network Firewall now provides status messages for firewalls
    to help you troubleshoot when your endpoint fails.
  * api-change:``rds``: This release adds support for Custom Engine Version (CEV) on RDS Custom SQL
    Server.
  * api-change:``route53-recovery-control-config``: Added support for Python paginators in the
    route53-recovery-control-config List* APIs.
- from version 1.29.38
  * api-change:``memorydb``: This release adds support for MemoryDB Reserved nodes which provides a
    significant discount compared to on-demand node pricing. Reserved nodes are not physical nodes, but
    rather a billing discount applied to the use of on-demand nodes in your account.
  * api-change:``transfer``: Add additional operations to throw ThrottlingExceptions
- from version 1.29.37
  * api-change:``connect``: Support for Routing Profile filter, SortCriteria, and grouping by Routing
    Profiles for GetCurrentMetricData API. Support for RoutingProfiles, UserHierarchyGroups, and Agents
    as filters, NextStatus and AgentStatusName for GetCurrentUserData. Adds ApproximateTotalCount to
    both APIs.
  * api-change:``connectparticipant``: Amazon Connect Chat introduces the Message Receipts feature.
    This feature allows agents and customers to receive message delivered and read receipts after they
    send a chat message.
  * api-change:``detective``: This release adds a missed AccessDeniedException type to several
    endpoints.
  * api-change:``fsx``: Fix a bug where a recent release might break certain existing SDKs.
  * api-change:``inspector2``: Amazon Inspector adds support for scanning NodeJS 18.x and Go 1.x AWS
    Lambda function runtimes.
- from version 1.29.36
  * api-change:``compute-optimizer``: This release enables AWS Compute Optimizer to analyze and
    generate optimization recommendations for ecs services running on Fargate.
  * api-change:``connect``: Amazon Connect Chat introduces the Idle Participant/Autodisconnect
    feature, which allows users to set timeouts relating to the activity of chat participants, using
    the new UpdateParticipantRoleConfig API.
  * api-change:``iotdeviceadvisor``: This release adds the following new features: 1) Documentation
    updates for IoT Device Advisor APIs. 2) Updated required request parameters for IoT Device Advisor
    APIs. 3) Added new service feature: ability to provide the test endpoint when customer executing
    the StartSuiteRun API.
  * api-change:``kinesis-video-webrtc-storage``: Amazon Kinesis Video Streams offers capabilities to
    stream video and audio in real-time via WebRTC to the cloud for storage, playback, and analytical
    processing. Customers can use our enhanced WebRTC SDK and cloud APIs to enable real-time streaming,
    as well as media ingestion to the cloud.
  * api-change:``rds``: Add support for managing master user password in AWS Secrets Manager for the
    DBInstance and DBCluster.
  * api-change:``secretsmanager``: Documentation updates for Secrets Manager
- from version 1.29.35
  * api-change:``connect``: Amazon Connect Chat now allows for JSON (application/json) message types
    to be sent as part of the initial message in the StartChatContact API.
  * api-change:``connectparticipant``: Amazon Connect Chat now allows for JSON (application/json)
    message types to be sent in the SendMessage API.
  * api-change:``license-manager-linux-subscriptions``: AWS License Manager now offers cross-region,
    cross-account tracking of commercial Linux subscriptions on AWS. This includes subscriptions
    purchased as part of EC2 subscription-included AMIs, on the AWS Marketplace, or brought to AWS via
    Red Hat Cloud Access Program.
  * api-change:``macie2``: This release adds support for analyzing Amazon S3 objects that use the S3
    Glacier Instant Retrieval (Glacier_IR) storage class.
  * api-change:``sagemaker``: This release enables adding RStudio Workbench support to an existing
    Amazon SageMaker Studio domain. It allows setting your RStudio on SageMaker environment
    configuration parameters and also updating the RStudioConnectUrl and RStudioPackageManagerUrl
    parameters for existing domains
  * api-change:``scheduler``: Updated the ListSchedules and ListScheduleGroups APIs to allow the
    NamePrefix field to start with a number. Updated the validation for executionRole field to support
    any role name.
  * api-change:``ssm``: Doc-only updates for December 2022.
  * api-change:``support``: Documentation updates for the AWS Support API
  * api-change:``transfer``: This release adds support for Decrypt as a workflow step type.
- from version 1.29.34
  * api-change:``batch``: Adds isCancelled and isTerminated to DescribeJobs response.
  * api-change:``ec2``: Adds support for pagination in the EC2 DescribeImages API.
  * api-change:``lookoutequipment``: This release adds support for listing inference schedulers by
    status.
  * api-change:``medialive``: This release adds support for two new features to AWS Elemental
    MediaLive. First, you can now burn-in timecodes to your MediaLive outputs. Second, we now now
    support the ability to decode Dolby E audio when it comes in on an input.
  * api-change:``nimble``: Amazon Nimble Studio now supports configuring session storage volumes and
    persistence, as well as backup and restore sessions through launch profiles.
  * api-change:``resource-explorer-2``: Documentation updates for AWS Resource Explorer.
  * api-change:``route53domains``: Use Route 53 domain APIs to change owner, create/delete DS record,
    modify IPS tag, resend authorization. New: AssociateDelegationSignerToDomain,
    DisassociateDelegationSignerFromDomain, PushDomain, ResendOperationAuthorization. Updated:
    UpdateDomainContact, ListOperations, CheckDomainTransferability.
  * api-change:``sagemaker``: Amazon SageMaker Autopilot adds support for new objective metrics in
    CreateAutoMLJob API.
  * api-change:``transcribe``: Enable our batch transcription jobs for Swedish and Vietnamese.
- from version 1.29.33
  * api-change:``athena``: Add missed InvalidRequestException in
    GetCalculationExecutionCode,StopCalculationExecution APIs. Correct required parameters (Payload and
    Type) in UpdateNotebook API. Change Notebook size from 15 Mb to 10 Mb.
  * api-change:``ecs``: This release adds support for alarm-based rollbacks in ECS, a new feature
    that allows customers to add automated safeguards for Amazon ECS service rolling updates.
  * api-change:``kinesis-video-webrtc-storage``: Amazon Kinesis Video Streams offers capabilities to
    stream video and audio in real-time via WebRTC to the cloud for storage, playback, and analytical
    processing. Customers can use our enhanced WebRTC SDK and cloud APIs to enable real-time streaming,
    as well as media ingestion to the cloud.
  * api-change:``kinesisvideo``: Amazon Kinesis Video Streams offers capabilities to stream video and
    audio in real-time via WebRTC to the cloud for storage, playback, and analytical processing.
    Customers can use our enhanced WebRTC SDK and cloud APIs to enable real-time streaming, as well as
    media ingestion to the cloud.
  * api-change:``rds``: Add support for --enable-customer-owned-ip to RDS
    create-db-instance-read-replica API for RDS on Outposts.
  * api-change:``sagemaker``: AWS Sagemaker - Sagemaker Images now supports Aliases as secondary
    identifiers for ImageVersions. SageMaker Images now supports additional metadata for ImageVersions
    for better images management.
- from version 1.29.32
  * api-change:``appflow``: This release updates the ListConnectorEntities API action so that it
    returns paginated responses that customers can retrieve with next tokens.
  * api-change:``cloudfront``: Updated documentation for CloudFront
  * api-change:``datasync``: AWS DataSync now supports the use of tags with task executions. With
    this new feature, you can apply tags each time you execute a task, giving you greater control and
    management over your task executions.
  * api-change:``efs``: Update efs client to latest version
  * api-change:``guardduty``: This release provides the valid characters for the Description and Name
    field.
  * api-change:``iotfleetwise``: Updated error handling for empty resource names in
    "UpdateSignalCatalog" and "GetModelManifest" operations.
  * api-change:``sagemaker``: AWS sagemaker - Features: This release adds support for random seed,
    it's an integer value used to initialize a pseudo-random number generator. Setting a random seed
    will allow the hyperparameter tuning search strategies to produce more consistent configurations
    for the same tuning job.
- from version 1.29.31
  * api-change:``backup-gateway``: This release adds support for VMware vSphere tags, enabling
    customer to protect VMware virtual machines using tag-based policies for AWS tags mapped from
    vSphere tags. This release also adds support for customer-accessible gateway-hypervisor interaction
    log and upload bandwidth rate limit schedule.
  * api-change:``connect``: Added support for "English - New Zealand" and "English - South African"
    to be used with Amazon Connect Custom Vocabulary APIs.
  * api-change:``ecs``: This release adds support for container port ranges in ECS, a new capability
    that allows customers to provide container port ranges to simplify use cases where multiple ports
    are in use in a container. This release updates TaskDefinition mutation APIs and the Task
    description APIs.
  * api-change:``eks``: Add support for Windows managed nodes groups.
  * api-change:``glue``: This release adds support for AWS Glue Crawler with native DeltaLake tables,
    allowing Crawlers to classify Delta Lake format tables and catalog them for query engines to query
    against.
  * api-change:``kinesis``: Added StreamARN parameter for Kinesis Data Streams APIs. Added a new
    opaque pagination token for ListStreams. SDKs will auto-generate Account Endpoint when accessing
    Kinesis Data Streams.
  * api-change:``location``: This release adds support for a new style, "VectorOpenDataStandardLight"
    which can be used with the new data source, "Open Data Maps (Preview)".
  * api-change:``m2``: Adds an optional create-only `KmsKeyId` property to Environment and
    Application resources.
  * api-change:``sagemaker``: SageMaker Inference Recommender now allows customers to load tests
    their models on various instance types using private VPC.
  * api-change:``securityhub``: Added new resource details objects to ASFF, including resources for
    AwsEc2LaunchTemplate, AwsSageMakerNotebookInstance, AwsWafv2WebAcl and AwsWafv2RuleGroup.
  * api-change:``translate``: Raised the input byte size limit of the Text field in the TranslateText
    API to 10000 bytes.
- from version 1.29.30
  * api-change:``ce``: This release supports percentage-based thresholds on Cost Anomaly Detection
    alert subscriptions.
  * api-change:``cloudwatch``: Update cloudwatch client to latest version
  * api-change:``networkmanager``: Appliance Mode support for AWS Cloud WAN.
  * api-change:``redshift-data``: This release adds a new --client-token field to ExecuteStatement
    and BatchExecuteStatement operations. Customers can now run queries with the additional client
    token parameter to ensures idempotency.
  * api-change:``sagemaker-metrics``: Update SageMaker Metrics documentation.
- from version 1.29.29
  * api-change:``cloudtrail``: Merging mainline branch for service model into mainline release
    branch. There are no new APIs.
  * api-change:``rds``: This deployment adds ClientPasswordAuthType field to the Auth structure of
    the DBProxy.
- from version 1.29.28
  * bugfix:Endpoint provider: Updates ARN parsing ``resourceId`` delimiters
  * api-change:``customer-profiles``: This release allows custom strings in PartyType and Gender
    through 2 new attributes in the CreateProfile and UpdateProfile APIs: PartyTypeString and
    GenderString.
  * api-change:``ec2``: This release updates DescribeFpgaImages to show supported instance types of
    AFIs in its response.
  * api-change:``kinesisvideo``: This release adds support for public preview of Kinesis Video Stream
    at Edge enabling customers to provide configuration for the Kinesis Video Stream EdgeAgent running
    on an on-premise IoT device. Customers can now locally record from cameras and stream videos to the
    cloud on configured schedule.
  * api-change:``lookoutvision``: This documentation update adds kms:GenerateDataKey as a required
    permission to StartModelPackagingJob.
  * api-change:``migration-hub-refactor-spaces``: This release adds support for Lambda alias service
    endpoints. Lambda alias ARNs can now be passed into CreateService.
  * api-change:``rds``: Update the RDS API model to support copying option groups during the
    CopyDBSnapshot operation
  * api-change:``rekognition``: Adds support for "aliases" and "categories", inclusion and exclusion
    filters for labels and label categories, and aggregating labels by video segment timestamps for
    Stored Video Label Detection APIs.
  * api-change:``sagemaker-metrics``: This release introduces support SageMaker Metrics APIs.
  * api-change:``wafv2``: Documents the naming requirement for logging destinations that you use with
    web ACLs.
- from version 1.29.27
  * api-change:``iotfleetwise``: Deprecated assignedValue property for actuators and attributes.
    Added a message to invalid nodes and invalid decoder manifest exceptions.
  * api-change:``logs``: Doc-only update for CloudWatch Logs, for Tagging Permissions clarifications
  * api-change:``medialive``: Link devices now support buffer size (latency) configuration. A higher
    latency value means a longer delay in transmitting from the device to MediaLive, but improved
    resiliency. A lower latency value means a shorter delay, but less resiliency.
  * api-change:``mediapackage-vod``: This release provides the approximate number of assets in a
    packaging group.

- Update to 1.29.26
  * enhancement:Endpoint Provider Standard Library: Correct spelling of 'library' in
    ``StandardLibrary`` class
  * api-change:``autoscaling``: Adds support for metric math for target tracking scaling policies,
    saving you the cost and effort of publishing a custom metric to CloudWatch. Also adds support for
    VPC Lattice by adding the Attach/Detach/DescribeTrafficSources APIs and a new health check type to
    the CreateAutoScalingGroup API.
  * api-change:``iottwinmaker``: This release adds the following new features: 1) New APIs for
    managing a continuous sync of assets and asset models from AWS IoT SiteWise. 2) Support user
    friendly names for component types (ComponentTypeName) and properties (DisplayName).
  * api-change:``migrationhubstrategy``: This release adds known application filtering, server
    selection for assessments, support for potential recommendations, and indications for configuration
    and assessment status. For more information, see the AWS Migration Hub documentation at
    https://docs.aws.amazon.com/migrationhub/index.html
- from version 1.29.25
  * api-change:``ce``: This release adds the LinkedAccountName field to the GetAnomalies API response
    under RootCause
  * api-change:``cloudfront``: Introducing UpdateDistributionWithStagingConfig that can be used to
    promote the staging configuration to the production.
  * api-change:``eks``: Adds support for EKS add-ons configurationValues fields and
    DescribeAddonConfiguration function
  * api-change:``kms``: Updated examples and exceptions for External Key Store (XKS).
- from version 1.29.24
  * api-change:``billingconductor``: This release adds the Tiering Pricing Rule feature.
  * api-change:``connect``: This release provides APIs that enable you to programmatically manage
    rules for Contact Lens conversational analytics and third party applications. For more information,
    see   https://docs.aws.amazon.com/connect/latest/APIReference/rules-api.html
  * api-change:``dynamodb``: Endpoint Ruleset update: Use http instead of https for the "local"
    region.
  * api-change:``dynamodbstreams``: Update dynamodbstreams client to latest version
  * api-change:``rds``: This release adds the BlueGreenDeploymentNotFoundFault to the
    AddTagsToResource, ListTagsForResource, and RemoveTagsFromResource operations.
  * api-change:``sagemaker-featurestore-runtime``: For online + offline Feature Groups, added ability
    to target PutRecord and DeleteRecord actions to only online store, or only offline store. If target
    store parameter is not specified, actions will apply to both stores.
- from version 1.29.23
  * api-change:``ce``: This release introduces two new APIs that offer a 1-click experience to
    refresh Savings Plans recommendations. The two APIs are
    StartSavingsPlansPurchaseRecommendationGeneration and
    ListSavingsPlansPurchaseRecommendationGeneration.
  * api-change:``ec2``: Documentation updates for EC2.
  * api-change:``ivschat``: Adds PendingVerification error type to messaging APIs to block the
    resource usage for accounts identified as being fraudulent.
  * api-change:``rds``: This release adds the InvalidDBInstanceStateFault to the
    RestoreDBClusterFromSnapshot operation.
  * api-change:``transcribe``: Amazon Transcribe now supports creating custom language models in the
    following languages: Japanese (ja-JP) and German (de-DE).
- from version 1.29.22
  * api-change:``appsync``: Fixes the URI for the evaluatecode endpoint to include the /v1 prefix
    (ie. "/v1/dataplane-evaluatecode").
  * api-change:``ecs``: Documentation updates for Amazon ECS
  * api-change:``fms``: AWS Firewall Manager now supports Fortigate Cloud Native Firewall as a
    Service as a third-party policy type.
  * api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has added support for
    configurable ID3 eMSG box attributes and the ability to signal them with InbandEventStream tags in
    DASH and CMAF outputs.
  * api-change:``medialive``: Updates to Event Signaling and Management (ESAM) API and documentation.
  * api-change:``polly``: Add language code for Finnish (fi-FI)
  * api-change:``proton``: CreateEnvironmentAccountConnection RoleArn input is now optional
  * api-change:``redshift-serverless``: Add Table Level Restore operations for Amazon Redshift
    Serverless. Add multi-port support for Amazon Redshift Serverless endpoints. Add Tagging support to
    Snapshots and Recovery Points in Amazon Redshift Serverless.
  * api-change:``sns``: This release adds the message payload-filtering feature to the SNS Subscribe,
    SetSubscriptionAttributes, and GetSubscriptionAttributes API actions

- Update to 1.29.21
  * api-change:``codecatalyst``: This release adds operations that support customers using the AWS
    Toolkits and Amazon CodeCatalyst, a unified software development service that helps developers
    develop, deploy, and maintain applications in the cloud. For more information, see the
    documentation.
  * api-change:``comprehend``: Comprehend now supports semi-structured documents (such as PDF files
    or image files) as inputs for custom analysis using the synchronous APIs (ClassifyDocument and
    DetectEntities).
  * api-change:``gamelift``: GameLift introduces a new feature, GameLift Anywhere. GameLift Anywhere
    allows you to integrate your own compute resources with GameLift. You can also use GameLift
    Anywhere to iteratively test your game servers without uploading the build to GameLift for every
    iteration.
  * api-change:``pipes``: AWS introduces new Amazon EventBridge Pipes which allow you to connect
    sources (SQS, Kinesis, DDB, Kafka, MQ) to Targets (14+ EventBridge Targets) without any code, with
    filtering, batching, input transformation, and an optional Enrichment stage (Lambda, StepFunctions,
    ApiGateway, ApiDestinations)
  * api-change:``stepfunctions``: Update stepfunctions client to latest version
- from version 1.29.20
  * api-change:``accessanalyzer``: This release adds support for S3 cross account access points. IAM
    Access Analyzer will now produce public or cross account findings when it detects bucket delegation
    to external account access points.
  * api-change:``athena``: This release includes support for using Apache Spark in Amazon Athena.
  * api-change:``dataexchange``: This release enables data providers to license direct access to data
    in their Amazon S3 buckets or AWS Lake Formation data lakes through AWS Data Exchange. Subscribers
    get read-only access to the data and can use it in downstream AWS services, like Amazon Athena,
    without creating or managing copies.
  * api-change:``docdb-elastic``: Launched Amazon DocumentDB Elastic Clusters. You can now use the
    SDK to create, list, update and delete Amazon DocumentDB Elastic Cluster resources
  * api-change:``glue``: This release adds support for AWS Glue Data Quality, which helps you
    evaluate and monitor the quality of your data and includes the API for creating, deleting, or
    updating data quality rulesets, runs and evaluations.
  * api-change:``s3control``: Amazon S3 now supports cross-account access points. S3 bucket owners
    can now allow trusted AWS accounts to create access points associated with their bucket.
  * api-change:``sagemaker-geospatial``: This release provides Amazon SageMaker geospatial APIs to
    build, train, deploy and visualize geospatial models.
  * api-change:``sagemaker``: Added Models as part of the Search API. Added Model shadow deployments
    in realtime inference, and shadow testing in managed inference. Added support for shared spaces,
    geospatial APIs, Model Cards, AutoMLJobStep in pipelines, Git repositories on user profiles and
    domains, Model sharing in Jumpstart.
- from version 1.29.19
  * api-change:``ec2``: This release adds support for AWS Verified Access and the Hpc6id Amazon EC2
    compute optimized instance type, which features 3rd generation Intel Xeon Scalable processors.
  * api-change:``firehose``: Allow support for the Serverless offering for Amazon OpenSearch Service
    as a Kinesis Data Firehose delivery destination.
  * api-change:``kms``: AWS KMS introduces the External Key Store (XKS), a new feature for customers
    who want to protect their data with encryption keys stored in an external key management system
    under their control.
  * api-change:``omics``: Amazon Omics is a new, purpose-built service that can be used by healthcare
    and life science organizations to store, query, and analyze omics data. The insights from that data
    can be used to accelerate scientific discoveries and improve healthcare.
  * api-change:``opensearchserverless``: Publish SDK for Amazon OpenSearch Serverless
  * api-change:``securitylake``: Amazon Security Lake automatically centralizes security data from
    cloud, on-premises, and custom sources into a purpose-built data lake stored in your account.
    Security Lake makes it easier to analyze security data, so you can improve the protection of your
    workloads, applications, and data
  * api-change:``simspaceweaver``: AWS SimSpace Weaver is a new service that helps customers build
    spatial simulations at new levels of scale - resulting in virtual worlds with millions of dynamic
    entities. See the AWS SimSpace Weaver developer guide for more details on how to get started.
    https://docs.aws.amazon.com/simspaceweaver
- from version 1.29.18
  * api-change:``arc-zonal-shift``: Amazon Route 53 Application Recovery Controller Zonal Shift is a
    new service that makes it easy to shift traffic away from an Availability Zone in a Region. See the
    developer guide for more information:
    https://docs.aws.amazon.com/r53recovery/latest/dg/what-is-route53-recovery.html
  * api-change:``compute-optimizer``: Adds support for a new recommendation preference that makes it
    possible for customers to optimize their EC2 recommendations by utilizing an external metrics
    ingestion service to provide metrics.
  * api-change:``config``: With this release, you can use AWS Config to evaluate your resources for
    compliance with Config rules before they are created or updated. Using Config rules in proactive
    mode enables you to test and build compliant resource templates or check resource configurations at
    the time they are provisioned.
  * api-change:``ec2``: Introduces ENA Express, which uses AWS SRD and dynamic routing to increase
    throughput and minimize latency, adds support for trust relationships between Reachability Analyzer
    and AWS Organizations to enable cross-account analysis, and adds support for Infrastructure
    Performance metric subscriptions.
  * api-change:``eks``: Adds support for additional EKS add-ons metadata and filtering fields
  * api-change:``fsx``: This release adds support for 4GB/s / 160K PIOPS FSx for ONTAP file systems
    and 10GB/s / 350K PIOPS FSx for OpenZFS file systems (Single_AZ_2). For FSx for ONTAP, this also
    adds support for DP volumes, snapshot policy, copy tags to backups, and Multi-AZ route table
    updates.
  * api-change:``glue``: This release allows the creation of Custom Visual Transforms (Dynamic
    Transforms) to be created via AWS Glue CLI/SDK.
  * api-change:``inspector2``: This release adds support for Inspector to scan AWS Lambda.
  * api-change:``lambda``: Adds support for Lambda SnapStart, which helps improve the startup
    performance of functions. Customers can now manage SnapStart based functions via CreateFunction and
    UpdateFunctionConfiguration APIs
  * api-change:``license-manager-user-subscriptions``: AWS now offers fully-compliant,
    Amazon-provided licenses for Microsoft Office Professional Plus 2021 Amazon Machine Images (AMIs)
    on Amazon EC2. These AMIs are now available on the Amazon EC2 console and on AWS Marketplace to
    launch instances on-demand without any long-term licensing commitments.
  * api-change:``macie2``: Added support for configuring Macie to continually sample objects from S3
    buckets and inspect them for sensitive data. Results appear in statistics, findings, and other data
    that Macie provides.
  * api-change:``quicksight``: This release adds new Describe APIs and updates Create and Update APIs
    to support the data model for Dashboards, Analyses, and Templates.
  * api-change:``s3control``: Added two new APIs to support Amazon S3 Multi-Region Access Point
    failover controls: GetMultiRegionAccessPointRoutes and SubmitMultiRegionAccessPointRoutes. The
    failover control APIs are supported in the following Regions: us-east-1, us-west-2, eu-west-1,
    ap-southeast-2, and ap-northeast-1.
  * api-change:``securityhub``: Adding StandardsManagedBy field to DescribeStandards API response
- from version 1.29.17
  * api-change:``backup``: AWS Backup introduces support for legal hold and application stack
    backups. AWS Backup Audit Manager introduces support for cross-Region, cross-account reports.
  * api-change:``cloudwatch``: Update cloudwatch client to latest version
  * api-change:``drs``: Non breaking changes to existing APIs, and additional APIs added to support
    in-AWS failing back using AWS Elastic Disaster Recovery.
  * api-change:``ecs``: This release adds support for ECS Service Connect, a new capability that
    simplifies writing and operating resilient distributed applications. This release updates the
    TaskDefinition, Cluster, Service mutation APIs with Service connect constructs and also adds a new
    ListServicesByNamespace API.
  * api-change:``efs``: Update efs client to latest version
  * api-change:``iot-data``: This release adds support for MQTT5 properties to AWS IoT HTTP Publish
    API.
  * api-change:``iot``: Job scheduling enables the scheduled rollout of a Job with start and end
    times and a customizable end behavior when end time is reached. This is available for continuous
    and snapshot jobs. Added support for MQTT5 properties to AWS IoT TopicRule Republish Action.
  * api-change:``iotwireless``: This release includes a new feature for customers to calculate the
    position of their devices by adding three new APIs: UpdateResourcePosition, GetResourcePosition,
    and GetPositionEstimate.
  * api-change:``kendra``: Amazon Kendra now supports preview of table information from HTML tables
    in the search results. The most relevant cells with their corresponding rows, columns are displayed
    as a preview in the search result. The most relevant table cell or cells are also highlighted in
    table preview.
  * api-change:``logs``: Updates to support CloudWatch Logs data protection and CloudWatch
    cross-account observability
  * api-change:``mgn``: This release adds support for Application and Wave management. We also now
    support custom post-launch actions.
  * api-change:``oam``: Amazon CloudWatch Observability Access Manager is a new service that allows
    configuration of the CloudWatch cross-account observability feature.
  * api-change:``organizations``: This release introduces delegated administrator for AWS
    Organizations, a new feature to help you delegate the management of your Organizations policies,
    enabling you to govern your AWS organization in a decentralized way. You can now allow member
    accounts to manage Organizations policies.
  * api-change:``rds``: This release enables new Aurora and RDS feature called Blue/Green Deployments
    that makes updates to databases safer, simpler and faster.
  * api-change:``textract``: This release adds support for classifying and splitting lending
    documents by type, and extracting information by using the Analyze Lending APIs. This release also
    includes support for summarized information of the processed lending document package, in addition
    to per document results.
  * api-change:``transcribe``: This release adds support for 'inputType' for post-call and real-time
    (streaming) Call Analytics within Amazon Transcribe.
- from version 1.29.16
  * api-change:``grafana``: This release includes support for configuring a Grafana workspace to
    connect to a datasource within a VPC as well as new APIs for configuring Grafana settings.
  * api-change:``rbin``: This release adds support for Rule Lock for Recycle Bin, which allows you to
    lock retention rules so that they can no longer be modified or deleted.
- from version 1.29.15
  * bugfix:Endpoints: Resolve endpoint with default partition when no region is set
  * bugfix:s3: fixes missing x-amz-content-sha256 header for s3 object lambda
  * api-change:``appflow``: Adding support for Amazon AppFlow to transfer the data to Amazon Redshift
    databases through Amazon Redshift Data API service. This feature will support the Redshift
    destination connector on both public and private accessible Amazon Redshift Clusters and Amazon
    Redshift Serverless.
  * api-change:``kinesisanalyticsv2``: Support for Apache Flink 1.15 in Kinesis Data Analytics.
- from version 1.29.14
  * api-change:``route53``: Amazon Route 53 now supports the Asia Pacific (Hyderabad) Region
    (ap-south-2) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
    region.
- from version 1.29.13
  * api-change:``appflow``: AppFlow provides a new API called UpdateConnectorRegistration to update a
    custom connector that customers have previously registered. With this API, customers no longer need
    to unregister and then register a connector to make an update.
  * api-change:``auditmanager``: This release introduces a new feature for Audit Manager: Evidence
    finder. You can now use evidence finder to quickly query your evidence, and add the matching
    evidence results to an assessment report.
  * api-change:``chime-sdk-voice``: Amazon Chime Voice Connector, Voice Connector Group and PSTN
    Audio Service APIs are now available in the Amazon Chime SDK Voice namespace. See
    https://docs.aws.amazon.com/chime-sdk/latest/dg/sdk-available-regions.html for more details.
  * api-change:``cloudfront``: CloudFront API support for staging distributions and associated
    traffic management policies.
  * api-change:``connect``: Added AllowedAccessControlTags and TagRestrictedResource for Tag Based
    Access Control on Amazon Connect Webpage
  * api-change:``dynamodb``: Updated minor fixes for DynamoDB documentation.
  * api-change:``dynamodbstreams``: Update dynamodbstreams client to latest version
  * api-change:``ec2``: This release adds support for copying an Amazon Machine Image's tags when
    copying an AMI.
  * api-change:``glue``: AWSGlue Crawler - Adding support for Table and Column level Comments with
    database level datatypes for JDBC based crawler.
  * api-change:``iot-roborunner``: AWS IoT RoboRunner is a new service that makes it easy to build
    applications that help multi-vendor robots work together seamlessly. See the IoT RoboRunner
    developer guide for more details on getting started.
    https://docs.aws.amazon.com/iotroborunner/latest/dev/iotroborunner-welcome.html
  * api-change:``quicksight``: This release adds the following: 1) Asset management for centralized
    assets governance 2) QuickSight Q now supports public embedding 3) New Termination protection flag
    to mitigate accidental deletes 4) Athena data sources now accept a custom IAM role 5) QuickSight
    supports connectivity to Databricks
  * api-change:``sagemaker``: Added DisableProfiler flag as a new field in ProfilerConfig
  * api-change:``servicecatalog``: This release 1. adds support for Principal Name Sharing with
    Service Catalog portfolio sharing. 2. Introduces repo sourced products which are created and
    managed with existing SC APIs. These products are synced to external repos and auto create new
    product versions based on changes in the repo.
  * api-change:``ssm-sap``: AWS Systems Manager for SAP provides simplified operations and management
    of SAP applications such as SAP HANA. With this release, SAP customers and partners can automate
    and simplify their SAP system administration tasks such as backup/restore of SAP HANA.
  * api-change:``stepfunctions``: Update stepfunctions client to latest version
  * api-change:``transfer``: Adds a NONE encryption algorithm type to AS2 connectors, providing
    support for skipping encryption of the AS2 message body when a HTTPS URL is also specified.
- from version 1.29.12
  * api-change:``amplify``: Adds a new value (WEB_COMPUTE) to the Platform enum that allows customers
    to create Amplify Apps with Server-Side Rendering support.
  * api-change:``appflow``: AppFlow simplifies the preparation and cataloging of SaaS data into the
    AWS Glue Data Catalog where your data can be discovered and accessed by AWS analytics and ML
    services. AppFlow now also supports data field partitioning and file size optimization to improve
    query performance and reduce cost.
  * api-change:``appsync``: This release introduces the APPSYNC_JS runtime, and adds support for
    JavaScript in AppSync functions and AppSync pipeline resolvers.
  * api-change:``dms``: Adds support for Internet Protocol Version 6 (IPv6) on DMS Replication
    Instances
  * api-change:``ec2``: This release adds a new optional parameter "privateIpAddress" for the
    CreateNatGateway API. PrivateIPAddress will allow customers to select a custom Private IPv4 address
    instead of having it be auto-assigned.
  * api-change:``elbv2``: Update elbv2 client to latest version
  * api-change:``emr-serverless``: Adds support for AWS Graviton2 based applications. You can now
    select CPU architecture when creating new applications or updating existing ones.
  * api-change:``ivschat``: Adds LoggingConfiguration APIs for IVS Chat - a feature that allows
    customers to store and record sent messages in a chat room to S3 buckets, CloudWatch logs, or
    Kinesis firehose.
  * api-change:``lambda``: Add Node 18 (nodejs18.x) support to AWS Lambda.
  * api-change:``personalize``: This release provides support for creation and use of metric
    attributions in AWS Personalize
  * api-change:``polly``: Add two new neural voices - Ola (pl-PL) and Hala (ar-AE).
  * api-change:``rum``: CloudWatch RUM now supports custom events. To use custom events, create an
    app monitor or update an app monitor with CustomEvent Status as ENABLED.
  * api-change:``s3control``: Added 34 new S3 Storage Lens metrics to support additional customer use
    cases.
  * api-change:``secretsmanager``: Documentation updates for Secrets Manager.
  * api-change:``securityhub``: Added SourceLayerArn and SourceLayerHash field for security findings.
    Updated AwsLambdaFunction Resource detail
  * api-change:``servicecatalog-appregistry``: This release adds support for tagged resource
    associations, which allows you to associate a group of resources with a defined resource tag key
    and value to the application.
  * api-change:``sts``: Documentation updates for AWS Security Token Service.
  * api-change:``textract``: This release adds support for specifying and extracting information from
    documents using the Signatures feature within Analyze Document API
  * api-change:``workspaces``: The release introduces CreateStandbyWorkspaces, an API that allows you
    to create standby WorkSpaces associated with a primary WorkSpace in another Region.
    DescribeWorkspaces now includes related WorkSpaces properties. DescribeWorkspaceBundles and
    CreateWorkspaceBundle now return more bundle details.
- from version 1.29.11
  * api-change:``batch``: Documentation updates related to Batch on EKS
  * api-change:``billingconductor``: This release adds a new feature BillingEntity pricing rule.
  * api-change:``cloudformation``: Added UnsupportedTarget HandlerErrorCode for use with CFN Resource
    Hooks
  * api-change:``comprehendmedical``: This release supports new set of entities and traits. It also
    adds new category (BEHAVIORAL_ENVIRONMENTAL_SOCIAL).
  * api-change:``connect``: This release adds a new MonitorContact API for initiating monitoring of
    ongoing Voice and Chat contacts.
  * api-change:``eks``: Adds support for customer-provided placement groups for Kubernetes control
    plane instances when creating local EKS clusters on Outposts
  * api-change:``elasticache``: for Redis now supports AWS Identity and Access Management
    authentication access to Redis clusters starting with redis-engine version 7.0
  * api-change:``iottwinmaker``: This release adds the following: 1) ExecuteQuery API allows users to
    query their AWS IoT TwinMaker Knowledge Graph 2) Pricing plan APIs allow users to configure and
    manage their pricing mode 3) Support for property groups and tabular property values in existing
    AWS IoT TwinMaker APIs.
  * api-change:``personalize-events``: This release provides support for creation and use of metric
    attributions in AWS Personalize
  * api-change:``proton``: Add support for sorting and filtering in ListServiceInstances
  * api-change:``rds``: This release adds support for container databases (CDBs) to Amazon RDS Custom
    for Oracle. A CDB contains one PDB at creation. You can add more PDBs using Oracle SQL. You can
    also customize your database installation by setting the Oracle base, Oracle home, and the OS user
    name and group.
  * api-change:``ssm-incidents``: Add support for PagerDuty integrations on ResponsePlan,
    IncidentRecord, and RelatedItem APIs
  * api-change:``ssm``: This release adds support for cross account access in CreateOpsItem,
    UpdateOpsItem and GetOpsItem. It introduces new APIs to setup resource policies for SSM resources:
    PutResourcePolicy, GetResourcePolicies and DeleteResourcePolicy.
  * api-change:``transfer``: Allow additional operations to throw ThrottlingException
  * api-change:``xray``: This release adds new APIs - PutResourcePolicy, DeleteResourcePolicy,
    ListResourcePolicies for supporting resource based policies for AWS X-Ray.
- from version 1.29.10
  * bugfix:s3: fixes missing x-amz-content-sha256 header for s3 on outpost
  * enhancement:sso: Add support for loading sso-session profiles from the aws config
  * api-change:``connect``: This release updates the APIs: UpdateInstanceAttribute,
    DescribeInstanceAttribute, and ListInstanceAttributes. You can use it to programmatically
    enable/disable enhanced contact monitoring using attribute type ENHANCED_CONTACT_MONITORING on the
    specified Amazon Connect instance.
  * api-change:``greengrassv2``: Adds new parent target ARN paramater to CreateDeployment,
    GetDeployment, and ListDeployments APIs for the new subdeployments feature.
  * api-change:``route53``: Amazon Route 53 now supports the Europe (Spain) Region (eu-south-2) for
    latency records, geoproximity records, and private DNS for Amazon VPCs in that region.
  * api-change:``workspaces``: This release introduces ModifyCertificateBasedAuthProperties, a new
    API that allows control of certificate-based auth properties associated with a WorkSpaces
    directory. The DescribeWorkspaceDirectories API will now additionally return certificate-based auth
    properties in its responses.
- from version 1.29.9
  * api-change:``customer-profiles``: This release enhances the SearchProfiles API by providing
    functionality to search for profiles using multiple keys and logical operators.
  * api-change:``lakeformation``: This release adds a new parameter "Parameters" in the
    DataLakeSettings.
  * api-change:``managedblockchain``: Updating the API docs data type: NetworkEthereumAttributes, and
    the operations DeleteNode, and CreateNode to also include the supported Goerli network.
  * api-change:``proton``: Add support for CodeBuild Provisioning
  * api-change:``rds``: This release adds support for restoring an RDS Multi-AZ DB cluster snapshot
    to a Single-AZ deployment or a Multi-AZ DB instance deployment.
  * api-change:``workdocs``: Added 2 new document related operations, DeleteDocumentVersion and
    RestoreDocumentVersions.
  * api-change:``xray``: This release enhances GetServiceGraph API to support new type of edge to
    represent links between SQS and Lambda in event-driven applications.

- Update to 1.29.8
  * api-change:``glue``: Added links related to enabling job bookmarks.
  * api-change:``iot``: This release add new api listRelatedResourcesForAuditFinding and new member
    type IssuerCertificates for Iot device device defender Audit.
  * api-change:``license-manager``: AWS License Manager now supports onboarded Management Accounts or
    Delegated Admins to view granted licenses aggregated from all accounts in the organization.
  * api-change:``marketplace-catalog``: Added three new APIs to support tagging and tag-based
    authorization: TagResource, UntagResource, and ListTagsForResource. Added optional parameters to
    the StartChangeSet API to support tagging a resource while making a request to create it.
  * api-change:``rekognition``: Adding support for ImageProperties feature to detect dominant colors
    and image brightness, sharpness, and contrast, inclusion and exclusion filters for labels and label
    categories, new fields to the API response, "aliases" and "categories"
  * api-change:``securityhub``: Documentation updates for Security Hub
  * api-change:``ssm-incidents``: RelatedItems now have an ID field which can be used for referencing
    them else where. Introducing event references in TimelineEvent API and increasing maximum length of
    "eventData" to 12K characters.
- from version 1.29.7
  * api-change:``autoscaling``: This release adds a new price capacity optimized allocation strategy
    for Spot Instances to help customers optimize provisioning of Spot Instances via EC2 Auto Scaling,
    EC2 Fleet, and Spot Fleet. It allocates Spot Instances based on both spare capacity availability
    and Spot Instance price.
  * api-change:``ec2``: This release adds a new price capacity optimized allocation strategy for Spot
    Instances to help customers optimize provisioning of Spot Instances via EC2 Auto Scaling, EC2
    Fleet, and Spot Fleet. It allocates Spot Instances based on both spare capacity availability and
    Spot Instance price.
  * api-change:``ecs``: This release adds support for task scale-in protection with
    updateTaskProtection and getTaskProtection APIs. UpdateTaskProtection API can be used to protect a
    service managed task from being terminated by scale-in events and getTaskProtection API to get the
    scale-in protection status of a task.
  * api-change:``es``: Amazon OpenSearch Service now offers managed VPC endpoints to connect to your
    Amazon OpenSearch Service VPC-enabled domain in a Virtual Private Cloud (VPC). This feature allows
    you to privately access OpenSearch Service domain without using public IPs or requiring traffic to
    traverse the Internet.
  * api-change:``resource-explorer-2``: Text only updates to some Resource Explorer descriptions.
  * api-change:``scheduler``: AWS introduces the new Amazon EventBridge Scheduler. EventBridge
    Scheduler is a serverless scheduler that allows you to create, run, and manage tasks from one
    central, managed service.
- from version 1.29.6
  * api-change:``connect``: This release adds new fields SignInUrl, UserArn, and UserId to
    GetFederationToken response payload.
  * api-change:``connectcases``: This release adds the ability to disable templates through the
    UpdateTemplate API. Disabling templates prevents customers from creating cases using the template.
    For more information see https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
  * api-change:``ec2``: Amazon EC2 Trn1 instances, powered by AWS Trainium chips, are purpose built
    for high-performance deep learning training. u-24tb1.112xlarge and u-18tb1.112xlarge High Memory
    instances are purpose-built to run large in-memory databases.
  * api-change:``groundstation``: This release adds the preview of customer-provided ephemeris
    support for AWS Ground Station, allowing space vehicle owners to provide their own position and
    trajectory information for a satellite.
  * api-change:``mediapackage-vod``: This release adds "IncludeIframeOnlyStream" for Dash endpoints.
  * api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.29.5
  * api-change:``acm``: Support added for requesting elliptic curve certificate key algorithm types
    P-256 (EC_prime256v1) and P-384 (EC_secp384r1).
  * api-change:``billingconductor``: This release adds the Recurring Custom Line Item feature along
    with a new API ListCustomLineItemVersions.
  * api-change:``ec2``: This release enables sharing of EC2 Placement Groups across accounts and
    within AWS Organizations using Resource Access Manager
  * api-change:``endpoint-rules``: Update endpoint-rules client to latest version
  * api-change:``fms``: AWS Firewall Manager now supports importing existing AWS Network Firewall
    firewalls into Firewall Manager policies.
  * api-change:``lightsail``: This release adds support for Amazon Lightsail to automate the
    delegation of domains registered through Amazon Route 53 to Lightsail DNS management and to
    automate record creation for DNS validation of Lightsail SSL/TLS certificates.
  * api-change:``opensearch``: Amazon OpenSearch Service now offers managed VPC endpoints to connect
    to your Amazon OpenSearch Service VPC-enabled domain in a Virtual Private Cloud (VPC). This feature
    allows you to privately access OpenSearch Service domain without using public IPs or requiring
    traffic to traverse the Internet.
  * api-change:``polly``: Amazon Polly adds new voices: Elin (sv-SE), Ida (nb-NO), Laura (nl-NL) and
    Suvi (fi-FI). They are available as neural voices only.
  * api-change:``resource-explorer-2``: This is the initial SDK release for AWS Resource Explorer.
    AWS Resource Explorer lets your users search for and discover your AWS resources across the AWS
    Regions in your account.
  * api-change:``route53``: Amazon Route 53 now supports the Europe (Zurich) Region (eu-central-2)
    for latency records, geoproximity records, and private DNS for Amazon VPCs in that region.
- from version 1.29.4
  * api-change:``athena``: Adds support for using Query Result Reuse
  * api-change:``autoscaling``: This release adds support for two new attributes for attribute-based
    instance type selection - NetworkBandwidthGbps and AllowedInstanceTypes.
  * api-change:``cloudtrail``: This release includes support for configuring a delegated
    administrator to manage an AWS Organizations organization CloudTrail trails and event data stores,
    and AWS Key Management Service encryption of CloudTrail Lake event data stores.
  * api-change:``ec2``: This release adds support for two new attributes for attribute-based instance
    type selection - NetworkBandwidthGbps and AllowedInstanceTypes.
  * api-change:``elasticache``: Added support for IPv6 and dual stack for Memcached and Redis
    clusters. Customers can now launch new Redis and Memcached clusters with IPv6 and dual stack
    networking support.
  * api-change:``lexv2-models``: Update lexv2-models client to latest version
  * api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has added support for setting the
    SDR reference white point for HDR conversions and conversion of HDR10 to DolbyVision without
    mastering metadata.
  * api-change:``ssm``: This release includes support for applying a CloudWatch alarm to multi
    account multi region Systems Manager Automation
  * api-change:``wafv2``: The geo match statement now adds labels for country and region. You can
    match requests at the region level by combining a geo match statement with label match statements.
  * api-change:``wellarchitected``: This release adds support for integrations with AWS Trusted
    Advisor and AWS Service Catalog AppRegistry to improve workload discovery and speed up your
    workload reviews.
  * api-change:``workspaces``: This release adds protocols attribute to workspaces properties data
    type. This enables customers to migrate workspaces from PC over IP (PCoIP) to WorkSpaces Streaming
    Protocol (WSP) using create and modify workspaces public APIs.
  * api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.29.3
  * api-change:``ec2``: This release adds API support for the recipient of an AMI account share to
    remove shared AMI launch permissions.
  * api-change:``emr-containers``: Adding support for Job templates. Job templates allow you to
    create and store templates to configure Spark applications parameters. This helps you ensure
    consistent settings across applications by reusing and enforcing configuration overrides in data
    pipelines.
  * api-change:``logs``: Doc-only update for bug fixes and support of export to buckets encrypted
    with SSE-KMS
  * api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- Add psuffix on the name to have the multibuild flavor packages identify themselves by a different name

- Update to 1.29.2
  * api-change:``memorydb``: Adding support for r6gd instances for MemoryDB Redis with data tiering.
    In a cluster with data tiering enabled, when available memory capacity is exhausted, the least
    recently used data is automatically tiered to solid state drives for cost-effective capacity
    scaling with minimal performance impact.
  * api-change:``sagemaker``: Amazon SageMaker now supports running training jobs on ml.trn1 instance
    types.
  * api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.29.1
  * api-change:``iotsitewise``: This release adds the ListAssetModelProperties and
    ListAssetProperties APIs. You can list all properties that belong to a single asset model or asset
    using these two new APIs.
  * api-change:``s3control``: S3 on Outposts launches support for Lifecycle configuration for
    Outposts buckets. With S3 Lifecycle configuration, you can mange objects so they are stored cost
    effectively. You can manage objects using size-based rules and specify how many noncurrent versions
    bucket will retain.
  * api-change:``sagemaker``: This release updates Framework model regex for ModelPackage to support
    new Framework version xgboost, sklearn.
  * api-change:``ssm-incidents``: Adds support for tagging replication-set on creation.
- from version 1.29.0
  * feature:Endpoints: Migrate all services to use new AWS Endpoint Resolution framework
  * Enhancement:Endpoints: Discontinued use of `sslCommonName` hosts as detailed in 1.27.0 (see
    `#2705 <https://github.com/boto/botocore/issues/2705>`__ for more info)
  * api-change:``rds``: Relational Database Service - This release adds support for configuring
    Storage Throughput on RDS database instances.
  * api-change:``textract``: Add ocr results in AnalyzeIDResponse as blocks
- from version 1.28.5
  * api-change:``apprunner``: This release adds support for private App Runner services. Services may
    now be configured to be made private and only accessible from a VPC. The changes include a new
    VpcIngressConnection resource and several new and modified APIs.
  * api-change:``connect``: Amazon connect now support a new API DismissUserContact to dismiss or
    remove terminated contacts in Agent CCP
  * api-change:``ec2``: Elastic IP transfer is a new Amazon VPC feature that allows you to transfer
    your Elastic IP addresses from one AWS Account to another.
  * api-change:``iot``: This release adds the Amazon Location action to IoT Rules Engine.
  * api-change:``logs``: SDK release to support tagging for destinations and log groups with
    TagResource. Also supports tag on create with PutDestination.
  * api-change:``sesv2``: This release includes support for interacting with the Virtual
    Deliverability Manager, allowing you to opt in/out of the feature and to retrieve recommendations
    and metric data.
  * api-change:``textract``: This release introduces additional support for 30+ normalized fields
    such as vendor address and currency. It also includes OCR output in the response and accuracy
    improvements for the already supported fields in previous version
- from version 1.28.4
  * api-change:``apprunner``: AWS App Runner adds .NET 6, Go 1, PHP 8.1 and Ruby 3.1 runtimes.
  * api-change:``appstream``: This release includes CertificateBasedAuthProperties in
    CreateDirectoryConfig and UpdateDirectoryConfig.
  * api-change:``cloud9``: Update to the documentation section of the Cloud9 API Reference guide.
  * api-change:``cloudformation``: This release adds more fields to improves visibility of AWS
    CloudFormation StackSets information in following APIs: ListStackInstances, DescribeStackInstance,
    ListStackSetOperationResults, ListStackSetOperations, DescribeStackSetOperation.
  * api-change:``gamesparks``: Add LATEST as a possible GameSDK Version on snapshot
  * api-change:``mediatailor``: This release introduces support for SCTE-35 segmentation descriptor
    messages which can be sent within time signal messages.
- from version 1.28.3
  * api-change:``ec2``: Feature supports the replacement of instance root volume using an updated AMI
    without requiring customers to stop their instance.
  * api-change:``fms``: Add support NetworkFirewall Managed Rule Group Override flag in
    GetViolationDetails API
  * api-change:``glue``: Added support for custom datatypes when using custom csv classifier.
  * api-change:``redshift``: This release clarifies use for the ElasticIp parameter of the
    CreateCluster and RestoreFromClusterSnapshot APIs.
  * api-change:``sagemaker``: This change allows customers to provide a custom entrypoint script for
    the docker container to be run while executing training jobs, and provide custom arguments to the
    entrypoint script.
  * api-change:``wafv2``: This release adds the following: Challenge rule action, to silently verify
    client browsers; rule group rule action override to any valid rule action, not just Count; token
    sharing between protected applications for challenge/CAPTCHA token; targeted rules option for Bot
    Control managed rule group.
- from version 1.28.2
  * api-change:``iam``: Doc only update that corrects instances of CLI not using an entity.
  * api-change:``kafka``: This release adds support for Tiered Storage. UpdateStorage allows you to
    control the Storage Mode for supported storage tiers.
  * api-change:``neptune``: Added a new cluster-level attribute to set the capacity range for Neptune
    Serverless instances.
  * api-change:``sagemaker``: Amazon SageMaker Automatic Model Tuning now supports specifying Grid
    Search strategy for tuning jobs, which evaluates all hyperparameter combinations exhaustively based
    on the categorical hyperparameters provided.
- from version 1.28.1
  * api-change:``accessanalyzer``: This release adds support for six new resource types in IAM Access
    Analyzer to help you easily identify public and cross-account access to your AWS resources. Updated
    service API, documentation, and paginators.
  * api-change:``location``: Added new map styles with satellite imagery for map resources using HERE
    as a data provider.
  * api-change:``mediatailor``: This release is a documentation update
  * api-change:``rds``: Relational Database Service - This release adds support for exporting DB
    cluster data to Amazon S3.
  * api-change:``workspaces``: This release adds new enums for supporting Workspaces Core features,
    including creating Manual running mode workspaces, importing regular Workspaces Core images and
    importing g4dn Workspaces Core images.

- Update in SLE-15 (bsc#1204537, jsc#PED-2333)

- Update to 1.28.0
  * feature:Endpoints: Implemented new endpoint ruleset system to dynamically derive endpoints and
    settings for services
  * api-change:``acm-pca``: AWS Private Certificate Authority (AWS Private CA) now offers usage modes
    which are combination of features to address specific use cases.
  * api-change:``batch``: This release adds support for AWS Batch on Amazon EKS.
  * api-change:``datasync``: Added support for self-signed certificates when using object storage
    locations; added BytesCompressed to the TaskExecution response.
  * api-change:``sagemaker``: SageMaker Inference Recommender now supports a new API
    ListInferenceRecommendationJobSteps to return the details of all the benchmark we create for an
    inference recommendation job.
- from version 1.27.96
  * api-change:``cognito-idp``: This release adds a new "DeletionProtection" field to the UserPool in
    Cognito. Application admins can configure this value with either ACTIVE or INACTIVE value. Setting
    this field to ACTIVE will prevent a user pool from accidental deletion.
  * api-change:``sagemaker``: CreateInferenceRecommenderjob API now supports passing endpoint details
    directly, that will help customers to identify the max invocation and max latency they can achieve
    for their model and the associated endpoint along with getting recommendations on other instances.
- from version 1.27.95
  * api-change:``devops-guru``: This release adds information about the resources DevOps Guru is
    analyzing.
  * api-change:``globalaccelerator``: Global Accelerator now supports AddEndpoints and
    RemoveEndpoints operations for standard endpoint groups.
  * api-change:``resiliencehub``: In this release, we are introducing support for regional
    optimization for AWS Resilience Hub applications. It also includes a few documentation updates to
    improve clarity.
  * api-change:``rum``: CloudWatch RUM now supports Extended CloudWatch Metrics with Additional
    Dimensions
- from version 1.27.94
  * api-change:``chime-sdk-messaging``: Documentation updates for Chime Messaging SDK
  * api-change:``cloudtrail``: This release includes support for exporting CloudTrail Lake query
    results to an Amazon S3 bucket.
  * api-change:``config``: This release adds resourceType enums for AppConfig, AppSync, DataSync,
    EC2, EKS, Glue, GuardDuty, SageMaker, ServiceDiscovery, SES, Route53 types.
  * api-change:``connect``: This release adds API support for managing phone numbers that can be used
    across multiple AWS regions through telephony traffic distribution.
  * api-change:``events``: Update events client to latest version
  * api-change:``managedblockchain``: Adding new Accessor APIs for Amazon Managed Blockchain
  * api-change:``s3``: Updates internal logic for constructing API endpoints. We have added
    rule-based endpoints and internal model parameters.
  * api-change:``s3control``: Updates internal logic for constructing API endpoints. We have added
    rule-based endpoints and internal model parameters.
  * api-change:``support-app``: This release adds the RegisterSlackWorkspaceForOrganization API. You
    can use the API to register a Slack workspace for an AWS account that is part of an organization.
  * api-change:``workspaces-web``: WorkSpaces Web now supports user access logging for recording
    session start, stop, and URL navigation.
- from version 1.27.93
  * api-change:``frauddetector``: Documentation Updates for Amazon Fraud Detector
  * api-change:``sagemaker``: This change allows customers to enable data capturing while running a
    batch transform job, and configure monitoring schedule to monitoring the captured data.
  * api-change:``servicediscovery``: Updated the ListNamespaces API to support the NAME and HTTP_NAME
    filters, and the BEGINS_WITH filter condition.
  * api-change:``sesv2``: This release allows subscribers to enable Dedicated IPs (managed) to send
    email via a fully managed dedicated IP experience. It also adds identities' VerificationStatus in
    the response of GetEmailIdentity and ListEmailIdentities APIs, and ImportJobs counts in the
    response of ListImportJobs API.
- from version 1.27.92
  * api-change:``greengrass``: This change allows customers to specify FunctionRuntimeOverride in
    FunctionDefinitionVersion. This configuration can be used if the runtime on the device is different
    from the AWS Lambda runtime specified for that function.
  * api-change:``sagemaker``: This release adds support for C7g, C6g, C6gd, C6gn, M6g, M6gd, R6g, and
    R6gn Graviton instance types in Amazon SageMaker Inference.

- Remove version constraint for python-pytest in BuildRequires

- Update to 1.27.91
  * api-change:``mediaconvert``: MediaConvert now supports specifying the minimum percentage of the
    HRD buffer available at the end of each encoded video segment.
- from version 1.27.90
  * api-change:``amplifyuibuilder``: We are releasing the ability for fields to be configured as
    arrays.
  * api-change:``appflow``: With this update, you can choose which Salesforce API is used by Amazon
    AppFlow to transfer data to or from your Salesforce account. You can choose the Salesforce REST API
    or Bulk API 2.0. You can also choose for Amazon AppFlow to pick the API automatically.
  * api-change:``connect``: This release adds support for a secondary email and a mobile number for
    Amazon Connect instance users.
  * api-change:``ds``: This release adds support for describing and updating AWS Managed Microsoft AD
    set up.
  * api-change:``ecs``: Documentation update to address tickets.
  * api-change:``guardduty``: Add UnprocessedDataSources to CreateDetectorResponse which specifies
    the data sources that couldn't be enabled during the CreateDetector request. In addition, update
    documentations.
  * api-change:``iam``: Documentation updates for the AWS Identity and Access Management API
    Reference.
  * api-change:``iotfleetwise``: Documentation update for AWS IoT FleetWise
  * api-change:``medialive``: AWS Elemental MediaLive now supports forwarding SCTE-35 messages
    through the Event Signaling and Management (ESAM) API, and can read those SCTE-35 messages from an
    inactive source.
  * api-change:``mediapackage-vod``: This release adds SPEKE v2 support for MediaPackage VOD. Speke
    v2 is an upgrade to the existing SPEKE API to support multiple encryption keys, based on an
    encryption contract selected by the customer.
  * api-change:``panorama``: Pause and resume camera stream processing with
    SignalApplicationInstanceNodeInstances. Reboot an appliance with CreateJobForDevices. More
    application state information in DescribeApplicationInstance response.
  * api-change:``rds-data``: Doc update to reflect no support for schema parameter on
    BatchExecuteStatement API
  * api-change:``ssm-incidents``: Update RelatedItem enum to support Tasks
  * api-change:``ssm``: Support of AmazonLinux2022 by Patch Manager
  * api-change:``transfer``: This release adds an option for customers to configure workflows that
    are triggered when files are only partially received from a client due to premature session
    disconnect.
  * api-change:``translate``: This release enables customers to specify multiple target languages in
    asynchronous batch translation requests.
  * api-change:``wisdom``: This release updates the GetRecommendations API to include a trigger event
    list for classifying and grouping recommendations.
- from version 1.27.89
  * api-change:``codeguru-reviewer``: Documentation update to replace broken link.
  * api-change:``elbv2``: Update elbv2 client to latest version
  * api-change:``greengrassv2``: This release adds error status details for deployments and
    components that failed on a device and adds features to improve visibility into component
    installation.
  * api-change:``quicksight``: Amazon QuickSight now supports SecretsManager Secret ARN in place of
    CredentialPair for DataSource creation and update. This release also has some minor documentation
    updates and removes CountryCode as a required parameter in GeoSpatialColumnGroup
- from version 1.27.88
  * api-change:``resiliencehub``: Documentation change for AWS Resilience Hub. Doc-only update to fix
    Documentation layout
- from version 1.27.87
  * api-change:``glue``: This SDK release adds support to sync glue jobs with source control
    provider. Additionally, a new parameter called SourceControlDetails will be added to Job model.
  * api-change:``network-firewall``: StreamExceptionPolicy configures how AWS Network Firewall
    processes traffic when a network connection breaks midstream
  * api-change:``outposts``: This release adds the Asset state information to the ListAssets
    response. The ListAssets request supports filtering on Asset state.
- from version 1.27.86
  * api-change:``connect``: Updated the CreateIntegrationAssociation API to support the CASES_DOMAIN
    IntegrationType.
  * api-change:``connectcases``: This release adds APIs for Amazon Connect Cases. Cases allows your
    agents to quickly track and manage customer issues that require multiple interactions, follow-up
    tasks, and teams in your contact center.  For more information, see
    https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
  * api-change:``ec2``: Added EnableNetworkAddressUsageMetrics flag for ModifyVpcAttribute,
    DescribeVpcAttribute APIs.
  * api-change:``ecs``: Documentation updates to address various Amazon ECS tickets.
  * api-change:``s3control``: S3 Object Lambda adds support to allow customers to intercept
    HeadObject and ListObjects requests and introduce their own compute. These requests were previously
    proxied to S3.
  * api-change:``workmail``: This release adds support for impersonation roles in Amazon WorkMail.

- drop remove-six.patch, rejected by upstream and breaks
  all dependent projects of botocore

- Add remove-six.patch, which eliminates need for the six dependency.

- Update to 1.27.85
  * api-change:``accessanalyzer``: AWS IAM Access Analyzer policy validation introduces new checks
    for role trust policies. As customers author a policy, IAM Access Analyzer policy validation
    evaluates the policy for any issues to make it easier for customers to author secure policies.
  * api-change:``ec2``: Adding an imdsSupport attribute to EC2 AMIs
  * api-change:``snowball``: Adds support for V3_5C. This is a refreshed AWS Snowball Edge Compute
    Optimized device type with 28TB SSD, 104 vCPU and 416GB memory (customer usable).
- from version 1.27.84
  * api-change:``codedeploy``: This release allows you to override the alarm configurations when
    creating a deployment.
  * api-change:``devops-guru``: This release adds filter feature on AddNotificationChannel API,
    enable customer to configure the SNS notification messages by Severity or MessageTypes
  * api-change:``dlm``: This release adds support for archival of single-volume snapshots created by
    Amazon Data Lifecycle Manager policies
  * api-change:``sagemaker-runtime``: Update sagemaker-runtime client to latest version
  * api-change:``sagemaker``: A new parameter called ExplainerConfig is added to CreateEndpointConfig
    API to enable SageMaker Clarify online explainability feature.
  * api-change:``sso-oidc``: Documentation updates for the IAM Identity Center OIDC CLI Reference.
- from version 1.27.83
  * api-change:``acm``: This update returns additional certificate details such as certificate SANs
    and allows sorting in the ListCertificates API.
  * api-change:``ec2``: u-3tb1 instances are powered by Intel Xeon Platinum 8176M (Skylake)
    processors and are purpose-built to run large in-memory databases.
  * api-change:``emr-serverless``: This release adds API support to debug Amazon EMR Serverless jobs
    in real-time with live application UIs
  * api-change:``fsx``: This release adds support for Amazon File Cache.
  * api-change:``migrationhuborchestrator``: Introducing AWS MigrationHubOrchestrator. This is the
    first public release of AWS MigrationHubOrchestrator.
  * api-change:``polly``: Added support for the new Cantonese voice - Hiujin. Hiujin is available as
    a Neural voice only.
  * api-change:``proton``: This release adds an option to delete pipeline provisioning repositories
    using the UpdateAccountSettings API
  * api-change:``sagemaker``: SageMaker Training Managed Warm Pools let you retain provisioned
    infrastructure to reduce latency for repetitive training workloads.
  * api-change:``secretsmanager``: Documentation updates for Secrets Manager
  * api-change:``translate``: This release enables customers to access control rights on Translate
    resources like Parallel Data and Custom Terminology using Tag Based Authorization.
  * api-change:``workspaces``: This release includes diagnostic log uploading feature. If it is
    enabled, the log files of WorkSpaces Windows client will be sent to Amazon WorkSpaces automatically
    for troubleshooting. You can use modifyClientProperty api to enable/disable this feature.
- from version 1.27.82
  * api-change:``ce``: This release is to support retroactive Cost Categories. The new field will
    enable you to retroactively apply new and existing cost category rules to previous months.
  * api-change:``kendra``: My AWS Service (placeholder) - Amazon Kendra now provides a data source
    connector for DropBox. For more information, see
    https://docs.aws.amazon.com/kendra/latest/dg/data-source-dropbox.html
  * api-change:``location``: This release adds place IDs, which are unique identifiers of places,
    along with a new GetPlace operation, which can be used with place IDs to find a place again later.
    UnitNumber and UnitType are also added as new properties of places.
- from version 1.27.81
  * api-change:``cur``: This release adds two new support regions(me-central-1/eu-south-2) for OSG.
  * api-change:``iotfleetwise``: General availability (GA) for AWS IoT Fleetwise. It adds AWS IoT
    Fleetwise to AWS SDK. For more information, see
    https://docs.aws.amazon.com/iot-fleetwise/latest/APIReference/Welcome.html.
  * api-change:``ssm``: This release includes support for applying a CloudWatch alarm to Systems
    Manager capabilities like Automation, Run Command, State Manager, and Maintenance Windows.
- from version 1.27.80
  * api-change:``apprunner``: AWS App Runner adds a Node.js 16 runtime.
  * api-change:``ec2``: Letting external AWS customers provide ImageId as a Launch Template override
    in FleetLaunchTemplateOverridesRequest
  * api-change:``lexv2-models``: Update lexv2-models client to latest version
  * api-change:``lightsail``: This release adds Instance Metadata Service (IMDS) support for
    Lightsail instances.
  * api-change:``nimble``: Amazon Nimble Studio adds support for on-demand Amazon Elastic Compute
    Cloud (EC2) G3 and G5 instances, allowing customers to utilize additional GPU instance types for
    their creative projects.
  * api-change:``ssm``: This release adds new SSM document types ConformancePackTemplate and
    CloudFormation
  * api-change:``wafv2``: Add the default specification for ResourceType in ListResourcesForWebACL.
- from version 1.27.79
  * api-change:``backup-gateway``: Changes include: new GetVirtualMachineApi to fetch a single user's
    VM, improving ListVirtualMachines to fetch filtered VMs as well as all VMs, and improving
    GetGatewayApi to now also return the gateway's MaintenanceStartTime.
  * api-change:``devicefarm``: This release adds the support for VPC-ENI based connectivity for
    private devices on AWS Device Farm.
  * api-change:``ec2``: Documentation updates for Amazon EC2.
  * api-change:``glue``: Added support for S3 Event Notifications for Catalog Target Crawlers.
  * api-change:``identitystore``: Documentation updates for the Identity Store CLI Reference.
- from version 1.27.78
  * api-change:``comprehend``: Amazon Comprehend now supports synchronous mode for targeted sentiment
    API operations.
  * api-change:``s3control``: S3 on Outposts launches support for object versioning for Outposts
    buckets. With S3 Versioning, you can preserve, retrieve, and restore every version of every object
    stored in your buckets. You can recover from both unintended user actions and application failures.
  * api-change:``sagemaker``: SageMaker now allows customization on Canvas Application settings,
    including enabling/disabling time-series forecasting and specifying an Amazon Forecast execution
    role at both the Domain and UserProfile levels.
- from version 1.27.77
  * api-change:``ec2``: This release adds support for blocked paths to Amazon VPC Reachability
    Analyzer.

- Update to 1.27.76
  * api-change:``cloudtrail``: This release includes support for importing existing trails into
    CloudTrail Lake.
  * api-change:``ec2``: This release adds CapacityAllocations field to DescribeCapacityReservations
  * api-change:``mediaconnect``: This change allows the customer to use the SRT Caller protocol as
    part of their flows
  * api-change:``rds``: This release adds support for Amazon RDS Proxy with SQL Server compatibility.
- from version 1.27.75
  * api-change:``codestar-notifications``: This release adds tag based access control for the
    UntagResource API.
  * api-change:``ecs``: This release supports new task definition sizes.
- from version 1.27.74
  * api-change:``dynamodb``: Increased DynamoDB transaction limit from 25 to 100.
  * api-change:``ec2``: This feature allows customers to create tags for vpc-endpoint-connections and
    vpc-endpoint-service-permissions.
  * api-change:``sagemaker``: Amazon SageMaker Automatic Model Tuning now supports specifying
    Hyperband strategy for tuning jobs, which uses a multi-fidelity based tuning strategy to stop
    underperforming hyperparameter configurations early.
- from version 1.27.73
  * api-change:``amplifyuibuilder``: Amplify Studio UIBuilder is introducing forms functionality.
    Forms can be configured from Data Store models, JSON, or from scratch. These forms can then be
    generated in your project and used like any other React components.
  * api-change:``ec2``: This update introduces API operations to manage and create local gateway
    route tables, CoIP pools, and VIF group associations.

- Update to 1.27.72
  * api-change:``customer-profiles``: Added isUnstructured in response for Customer Profiles
    Integration APIs
  * api-change:``drs``: Fixed the data type of lagDuration that is returned in Describe Source Server
    API
  * api-change:``ec2``: Two new features for local gateway route tables: support for static routes
    targeting Elastic Network Interfaces and direct VPC routing.
  * api-change:``evidently``: This release adds support for the client-side evaluation - powered by
    AWS AppConfig feature.
  * api-change:``kendra``: This release enables our customer to choose the option of Sharepoint 2019
    for the on-premise Sharepoint connector.
  * api-change:``transfer``: This release introduces the ability to have multiple server host keys
    for any of your Transfer Family servers that use the SFTP protocol.
- from version 1.27.71
  * api-change:``eks``: Adding support for local Amazon EKS clusters on Outposts
- from version 1.27.70
  * api-change:``cloudtrail``: This release adds CloudTrail getChannel and listChannels APIs to allow
    customer to view the ServiceLinkedChannel configurations.
  * api-change:``lexv2-models``: Update lexv2-models client to latest version
  * api-change:``lexv2-runtime``: Update lexv2-runtime client to latest version
  * api-change:``pi``: Increases the maximum values of two RDS Performance Insights APIs. The maximum
    value of the Limit parameter of DimensionGroup is 25. The MaxResult maximum is now 25 for the
    following APIs: DescribeDimensionKeys, GetResourceMetrics, ListAvailableResourceDimensions, and
    ListAvailableResourceMetrics.
  * api-change:``redshift``: This release updates documentation for AQUA features and other
    description updates.
- from version 1.27.69
  * api-change:``ec2``: This release adds support to send VPC Flow Logs to kinesis-data-firehose as
    new destination type
  * api-change:``emr-containers``: EMR on EKS now allows running Spark SQL using the newly introduced
    Spark SQL Job Driver in the Start Job Run API
  * api-change:``lookoutmetrics``: Release dimension value filtering feature to allow customers to
    define dimension filters for including only a subset of their dataset to be used by LookoutMetrics.
  * api-change:``medialive``: This change exposes API settings which allow Dolby Atmos and Dolby
    Vision to be used when running a channel using Elemental Media Live
  * api-change:``route53``: Amazon Route 53 now supports the Middle East (UAE) Region (me-central-1)
    for latency records, geoproximity records, and private DNS for Amazon VPCs in that region.
  * api-change:``sagemaker``: This release adds Mode to AutoMLJobConfig.
  * api-change:``ssm``: This release adds support for Systems Manager State Manager Association
    tagging.
- from version 1.27.68
  * api-change:``dataexchange``: Documentation updates for AWS Data Exchange.
  * api-change:``ec2``: Documentation updates for Amazon EC2.
  * api-change:``eks``: Adds support for EKS Addons ResolveConflicts "preserve" flag. Also adds new
    update failed status for EKS Addons.
  * api-change:``fsx``: Documentation update for Amazon FSx.
  * api-change:``inspector2``: This release adds new fields like fixAvailable, fixedInVersion and
    remediation to the finding model. The requirement to have vulnerablePackages in the finding model
    has also been removed. The documentation has been updated to reflect these changes.
  * api-change:``iotsitewise``: Allow specifying units in Asset Properties
  * api-change:``sagemaker``: SageMaker Hosting now allows customization on ML instance storage
    volume size, model data download timeout and inference container startup ping health check timeout
    for each ProductionVariant in CreateEndpointConfig API.
  * api-change:``sns``: Amazon SNS introduces the Data Protection Policy APIs, which enable customers
    to attach a data protection policy to an SNS topic. This allows topic owners to enable the new
    message data protection feature to audit and block sensitive data that is exchanged through their
    topics.
- from version 1.27.67
  * api-change:``identitystore``: Documentation updates for the Identity Store CLI Reference.
  * api-change:``sagemaker``: This release adds HyperParameterTuningJob type in Search API.
- from version 1.27.66
  * api-change:``cognito-idp``: This release adds a new "AuthSessionValidity" field to the
    UserPoolClient in Cognito. Application admins can configure this value for their users'
    authentication duration, which is currently fixed at 3 minutes, up to 15 minutes. Setting this
    field will also apply to the SMS MFA authentication flow.
  * api-change:``connect``: This release adds search APIs for Routing Profiles and Queues, which can
    be used to search for those resources within a Connect Instance.
  * api-change:``mediapackage``: Added support for AES_CTR encryption to CMAF origin endpoints
  * api-change:``sagemaker``: This release enables administrators to attribute user activity and API
    calls from Studio notebooks, Data Wrangler and Canvas to specific users even when users share the
    same execution IAM role.  ExecutionRoleIdentityConfig at Sagemaker domain level enables this
    feature.
- from version 1.27.65
  * api-change:``codeguru-reviewer``: Documentation updates to fix formatting issues in CLI and SDK
    documentation.
  * api-change:``controltower``: This release contains the first SDK for AWS Control Tower. It
    introduces  a new set of APIs: EnableControl, DisableControl, GetControlOperation, and
    ListEnabledControls.
  * api-change:``route53``: Documentation updates for Amazon Route 53.

- Update to 1.27.64
  * api-change:``cloudfront``: Update API documentation for CloudFront origin access control (OAC)
  * api-change:``identitystore``: Expand IdentityStore API to support Create, Read, Update, Delete
    and Get operations for User, Group and GroupMembership resources.
  * api-change:``iotthingsgraph``: This release deprecates all APIs of the ThingsGraph service
  * api-change:``ivs``: IVS Merge Fragmented Streams. This release adds support for
    recordingReconnectWindow field in IVS recordingConfigurations. For more information see
    https://docs.aws.amazon.com/ivs/latest/APIReference/Welcome.html
  * api-change:``rds-data``: Documentation updates for RDS Data API
  * api-change:``sagemaker``: SageMaker Inference Recommender now accepts Inference Recommender
    fields: Domain, Task, Framework, SamplePayloadUrl, SupportedContentTypes, SupportedInstanceTypes,
    directly in our CreateInferenceRecommendationsJob API through ContainerConfig
- from version 1.27.63
  * enhancement:Endpoints: Deprecate SSL common name
  * api-change:``greengrassv2``: Adds topologyFilter to ListInstalledComponentsRequest which allows
    filtration of components by ROOT or ALL (including root and dependency components). Adds
    lastStatusChangeTimestamp to ListInstalledComponents response to show the last time a component
    changed state on a device.
  * api-change:``identitystore``: Documentation updates for the Identity Store CLI Reference.
  * api-change:``lookoutequipment``: This release adds new apis for providing labels.
  * api-change:``macie2``: This release of the Amazon Macie API adds support for using allow lists to
    define specific text and text patterns to ignore when inspecting data sources for sensitive data.
  * api-change:``sso-admin``: Documentation updates for the AWS IAM Identity Center CLI Reference.
  * api-change:``sso``: Documentation updates for the AWS IAM Identity Center Portal CLI Reference.
- from version 1.27.62
  * api-change:``fsx``: Documentation updates for Amazon FSx for NetApp ONTAP.
  * api-change:``voice-id``: Amazon Connect Voice ID now detects voice spoofing.  When a prospective
    fraudster tries to spoof caller audio using audio playback or synthesized speech, Voice ID will
    return a risk score and outcome to indicate the how likely it is that the voice is spoofed.
- from version 1.27.61
  * api-change:``mediapackage``: This release adds Ads AdTriggers and AdsOnDeliveryRestrictions to
    describe calls for CMAF endpoints on MediaPackage.
  * api-change:``rds``: Removes support for RDS Custom from DBInstanceClass in ModifyDBInstance

- Update to 1.27.60
  * enhancement:Identity: TokenProvider added for bearer auth support
  * api-change:``elbv2``: Update elbv2 client to latest version
  * api-change:``gamelift``: This release adds support for eight EC2 local zones as fleet locations;
    Atlanta, Chicago, Dallas, Denver, Houston, Kansas City (us-east-1-mci-1a), Los Angeles, and
    Phoenix. It also adds support for C5d, C6a, C6i, and R5d EC2 instance families.
  * api-change:``iotwireless``: This release includes a new feature for the customers to enable the
    LoRa gateways to send out beacons for Class B devices and an option to select one or more gateways
    for Class C devices when sending the LoRaWAN downlink messages.
  * api-change:``ivschat``: Documentation change for IVS Chat API Reference. Doc-only update to add a
    paragraph on ARNs to the Welcome section.
  * api-change:``panorama``: Support sorting and filtering in ListDevices API, and add more fields to
    device listings and single device detail
  * api-change:``sso-oidc``: Updated required request parameters on IAM Identity Center's OIDC
    CreateToken action.
- from version 1.27.59
  * api-change:``cloudfront``: Adds support for CloudFront origin access control (OAC), making it
    possible to restrict public access to S3 bucket origins in all AWS Regions, those with SSE-KMS, and
    more.
  * api-change:``config``: AWS Config now supports ConformancePackTemplate documents in SSM Docs for
    the deployment and update of conformance packs.
  * api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
  * api-change:``ivs``: Documentation Change for IVS API Reference - Doc-only update to type field
    description for CreateChannel and UpdateChannel actions and for Channel data type. Also added
    Amazon Resource Names (ARNs) paragraph to Welcome section.
  * api-change:``quicksight``: Added a new optional property DashboardVisual under
    ExperienceConfiguration parameter of GenerateEmbedUrlForAnonymousUser and
    GenerateEmbedUrlForRegisteredUser API operations. This supports embedding of specific visuals in
    QuickSight dashboards.
  * api-change:``transfer``: Documentation updates for AWS Transfer Family
- from version 1.27.58
  * api-change:``rds``: RDS for Oracle supports Oracle Data Guard switchover and read replica backups.
  * api-change:``sso-admin``: Documentation updates to reflect service rename - AWS IAM Identity
    Center (successor to AWS Single Sign-On)
- from version 1.27.57
  * api-change:``docdb``: Update document for volume clone
  * api-change:``ec2``: R6a instances are powered by 3rd generation AMD EPYC (Milan) processors
    delivering all-core turbo frequency of 3.6 GHz. C6id, M6id, and R6id instances are powered by 3rd
    generation Intel Xeon Scalable processor (Ice Lake) delivering all-core turbo frequency of 3.5 GHz.
  * api-change:``forecast``: releasing What-If Analysis APIs and update ARN regex pattern to be more
    strict in accordance with security recommendation
  * api-change:``forecastquery``: releasing What-If Analysis APIs
  * api-change:``iotsitewise``: Enable non-unique asset names under different hierarchies
  * api-change:``lexv2-models``: Update lexv2-models client to latest version
  * api-change:``securityhub``: Added new resource details objects to ASFF, including resources for
    AwsBackupBackupVault, AwsBackupBackupPlan and AwsBackupRecoveryPoint. Added FixAvailable,
    FixedInVersion and Remediation  to Vulnerability.
  * api-change:``support-app``: This is the initial SDK release for the AWS Support App in Slack.
- from version 1.27.56
  * api-change:``connect``: This release adds SearchSecurityProfiles API which can be used to search
    for Security Profile resources within a Connect Instance.
  * api-change:``ivschat``: Documentation Change for IVS Chat API Reference - Doc-only update to
    change text/description for tags field.
  * api-change:``kendra``: This release adds support for a new authentication type - Personal Access
    Token (PAT) for confluence server.
  * api-change:``lookoutmetrics``: This release is to make GetDataQualityMetrics API publicly
    available.

- Update to 1.27.55
  * api-change:``chime-sdk-media-pipelines``: The Amazon Chime SDK now supports live streaming of
    real-time video from the Amazon Chime SDK sessions to streaming platforms such as Amazon IVS and
    Amazon Elemental MediaLive. We have also added support for concatenation to create a single media
    capture file.
  * api-change:``cloudwatch``: Update cloudwatch client to latest version
  * api-change:``cognito-idp``: This change is being made simply to fix the public documentation
    based on the models. We have included the PasswordChange and ResendCode events, along with the
    Pass, Fail and InProgress status. We have removed the Success and Failure status which are never
    returned by our APIs.
  * api-change:``dynamodb``: This release adds support for importing data from S3 into a new DynamoDB
    table
  * api-change:``ec2``: This release adds support for VPN log options , a new feature allowing S2S
    VPN connections to send IKE activity logs to CloudWatch Logs
  * api-change:``networkmanager``: Add TransitGatewayPeeringAttachmentId property to
    TransitGatewayPeering Model
- from version 1.27.54
  * api-change:``appmesh``: AWS App Mesh release to support Multiple Listener and Access Log Format
    feature
  * api-change:``connectcampaigns``: Updated exceptions for Amazon Connect Outbound Campaign api's.
  * api-change:``kendra``: This release adds Zendesk connector (which allows you to specify Zendesk
    SAAS platform as data source), Proxy Support for Sharepoint and Confluence Server (which allows you
    to specify the proxy configuration if proxy is required to connect to your Sharepoint/Confluence
    Server as data source).
  * api-change:``lakeformation``: This release adds a new API support "AssumeDecoratedRoleWithSAML"
    and also release updates the corresponding documentation.
  * api-change:``lambda``: Added support for customization of Consumer Group ID for MSK and Kafka
    Event Source Mappings.
  * api-change:``lexv2-models``: Update lexv2-models client to latest version
  * api-change:``rds``: Adds support for Internet Protocol Version 6 (IPv6) for RDS Aurora database
    clusters.
  * api-change:``secretsmanager``: Documentation updates for Secrets Manager.
- from version 1.27.53
  * api-change:``rekognition``: This release adds APIs which support copying an Amazon Rekognition
    Custom Labels model and managing project policies across AWS account.
  * api-change:``servicecatalog``: Documentation updates for Service Catalog
- from version 1.27.52
  * enhancement:AWSCRT: Upgrade awscrt version to 0.14.0
  * api-change:``cloudfront``: Adds Http 3 support to distributions
  * api-change:``identitystore``: Documentation updates to reflect service rename - AWS IAM Identity
    Center (successor to AWS Single Sign-On)
  * api-change:``sso``: Documentation updates to reflect service rename - AWS IAM Identity Center
    (successor to AWS Single Sign-On)
  * api-change:``wisdom``: This release introduces a new API PutFeedback that allows submitting
    feedback to Wisdom on content relevance.
- from version 1.27.51
  * api-change:``amp``: This release adds log APIs that allow customers to manage logging for their
    Amazon Managed Service for Prometheus workspaces.
  * api-change:``chime-sdk-messaging``: The Amazon Chime SDK now supports channels with up to one
    million participants with elastic channels.
  * api-change:``ivs``: Updates various list api MaxResults ranges
  * api-change:``personalize-runtime``: This release provides support for promotions in AWS
    Personalize runtime.
  * api-change:``rds``: Adds support for RDS Custom to DBInstanceClass in ModifyDBInstance
- from version 1.27.50
  * api-change:``backupstorage``: This is the first public release of AWS Backup Storage. We are
    exposing some previously-internal APIs for use by external services. These APIs are not meant to be
    used directly by customers.
  * api-change:``glue``: Add support for Python 3.9 AWS Glue Python Shell jobs
  * api-change:``privatenetworks``: This is the initial SDK release for AWS Private 5G. AWS Private
    5G is a managed service that makes it easy to deploy, operate, and scale your own private mobile
    network at your on-premises location.
- from version 1.27.49
  * api-change:``dlm``: This release adds support for excluding specific data (non-boot) volumes from
    multi-volume snapshot sets created by snapshot lifecycle policies
  * api-change:``ec2``: This release adds support for excluding specific data (non-root) volumes from
    multi-volume snapshot sets created from instances.
- from version 1.27.48
  * api-change:``cloudwatch``: Update cloudwatch client to latest version
  * api-change:``location``: Amazon Location Service now allows circular geofences in
    BatchPutGeofence, PutGeofence, and GetGeofence  APIs.
  * api-change:``sagemaker-a2i-runtime``: Fix bug with parsing ISO-8601 CreationTime in Java SDK in
    DescribeHumanLoop
  * api-change:``sagemaker``: Amazon SageMaker Automatic Model Tuning now supports specifying
    multiple alternate EC2 instance types to make tuning jobs more robust when the preferred instance
    type is not available due to insufficient capacity.
- from version 1.27.47
  * api-change:``glue``: Add an option to run non-urgent or non-time sensitive Glue Jobs on spare
    capacity
  * api-change:``identitystore``: Documentation updates to reflect service rename - AWS IAM Identity
    Center (successor to AWS Single Sign-On)
  * api-change:``iotwireless``: AWS IoT Wireless release support for sidewalk data reliability.
  * api-change:``pinpoint``: Adds support for Advance Quiet Time in Journeys. Adds
    RefreshOnSegmentUpdate and WaitForQuietTime to JourneyResponse.
  * api-change:``quicksight``: A series of documentation updates to the QuickSight API reference.
  * api-change:``sso-admin``: Documentation updates to reflect service rename - AWS IAM Identity
    Center (successor to AWS Single Sign-On)
  * api-change:``sso-oidc``: Documentation updates to reflect service rename - AWS IAM Identity
    Center (successor to AWS Single Sign-On)
  * api-change:``sso``: Documentation updates to reflect service rename - AWS IAM Identity Center
    (successor to AWS Single Sign-On)
- from version 1.27.46
  * enhancement:Lambda: Add support for Trace ID in Lambda environments
  * api-change:``chime-sdk-meetings``: Adds support for Tags on Amazon Chime SDK WebRTC sessions
  * api-change:``config``: Add resourceType enums for Athena, GlobalAccelerator, Detective and EC2
    types
  * api-change:``dms``: Documentation updates for Database Migration Service (DMS).
  * api-change:``iot``: The release is to support attach a provisioning template to CACert for JITP
    function,  Customer now doesn't have to hardcode a roleArn and templateBody during register a
    CACert to enable JITP.

- Update to 1.27.45
  * api-change:``cognito-idp``: Add a new exception type, ForbiddenException, that is returned when
    request is not allowed
  * api-change:``wafv2``: You can now associate an AWS WAF web ACL with an Amazon Cognito user pool.
- from version 1.27.44
  * api-change:``license-manager-user-subscriptions``: This release supports user based subscription
    for Microsoft Visual Studio Professional and Enterprise on EC2.
  * api-change:``personalize``: This release adds support for incremental bulk ingestion for the
    Personalize CreateDatasetImportJob API.
- from version 1.27.43
  * api-change:``config``: Documentation update for PutConfigRule and PutOrganizationConfigRule
  * api-change:``workspaces``: This release introduces ModifySamlProperties, a new API that allows
    control of SAML properties associated with a WorkSpaces directory. The DescribeWorkspaceDirectories
    API will now additionally return SAML properties in its responses.
- from version 1.27.42
  * bugfix:TraceId: Rollback bugfix for obeying _X_AMZN_TRACE_ID env var
- from version 1.27.41
  * bugfix:Config: Obey _X_AMZN_TRACE_ID environment variable instead of _X_AMZ_TRACE_ID
  * api-change:``ec2``: Documentation updates for Amazon EC2.
  * api-change:``fsx``: Documentation updates for Amazon FSx
  * api-change:``shield``: AWS Shield Advanced now supports filtering for ListProtections and
    ListProtectionGroups.
- from version 1.27.40
  * api-change:``ec2``: Documentation updates for VM Import/Export.
  * api-change:``es``: This release adds support for gp3 EBS (Elastic Block Store) storage.
  * api-change:``lookoutvision``: This release introduces support for image segmentation models and
    updates CPU accelerator options for models hosted on edge devices.
  * api-change:``opensearch``: This release adds support for gp3 EBS (Elastic Block Store) storage.
- from version 1.27.39
  * api-change:``auditmanager``: This release adds an exceeded quota exception to several APIs. We
    added a ServiceQuotaExceededException for the following operations: CreateAssessment,
    CreateControl, CreateAssessmentFramework, and UpdateAssessmentStatus.
  * api-change:``chime``: Chime VoiceConnector will now support ValidateE911Address which will allow
    customers to prevalidate their addresses included in their SIP invites for emergency calling
  * api-change:``config``: This release adds ListConformancePackComplianceScores API to support the
    new compliance score feature, which provides a percentage of the number of compliant rule-resource
    combinations in a conformance pack compared to the number of total possible rule-resource
    combinations in the conformance pack.
  * api-change:``globalaccelerator``: Global Accelerator now supports dual-stack accelerators,
    enabling support for IPv4 and IPv6 traffic.
  * api-change:``marketplace-catalog``: The SDK for the StartChangeSet API will now automatically set
    and use an idempotency token in the ClientRequestToken request parameter if the customer does not
    provide it.
  * api-change:``polly``: Amazon Polly adds new English and Hindi voice - Kajal. Kajal is available
    as Neural voice only.
  * api-change:``ssm``: Adding doc updates for OpsCenter support in Service Setting actions.
  * api-change:``workspaces``: Added CreateWorkspaceImage API to create a new WorkSpace image from an
    existing WorkSpace.
- from version 1.27.38
  * api-change:``appsync``: Adds support for a new API to evaluate mapping templates with mock data,
    allowing you to remotely unit test your AppSync resolvers and functions.
  * api-change:``detective``: Added the ability to get data source package information for the
    behavior graph. Graph administrators can now start (or stop) optional datasources on the behavior
    graph.
  * api-change:``guardduty``: Amazon GuardDuty introduces a new Malware Protection feature that
    triggers malware scan on selected EC2 instance resources, after the service detects a potentially
    malicious activity.
  * api-change:``lookoutvision``: This release introduces support for the automatic scaling of
    inference units used by Amazon Lookout for Vision models.
  * api-change:``macie2``: This release adds support for retrieving (revealing) sample occurrences of
    sensitive data that Amazon Macie detects and reports in findings.
  * api-change:``rds``: Adds support for using RDS Proxies with RDS for MariaDB databases.
  * api-change:``rekognition``: This release introduces support for the automatic scaling of
    inference units used by Amazon Rekognition Custom Labels models.
  * api-change:``securityhub``: Documentation updates for AWS Security Hub
  * api-change:``transfer``: AWS Transfer Family now supports Applicability Statement 2 (AS2), a
    network protocol used for the secure and reliable transfer of critical Business-to-Business (B2B)
    data over the public internet using HTTP/HTTPS as the transport mechanism.

- Update to 1.27.37
  * api-change:``autoscaling``: Documentation update for Amazon EC2 Auto Scaling.
- from version 1.27.36
  * api-change:``account``: This release enables customers to manage the primary contact information
    for their AWS accounts. For more information, see
    https://docs.aws.amazon.com/accounts/latest/reference/API_Operations.html
  * api-change:``ec2``: Added support for EC2 M1 Mac instances. For more information, please visit
    aws.amazon.com/mac.
  * api-change:``iotdeviceadvisor``: Added new service feature (Early access only) - Long Duration
    Test, where customers can test the IoT device to observe how it behaves when the device is in
    operation for longer period.
  * api-change:``medialive``: Link devices now support remote rebooting. Link devices now support
    maintenance windows. Maintenance windows allow a Link device to install software updates without
    stopping the MediaLive channel. The channel will experience a brief loss of input from the device
    while updates are installed.
  * api-change:``rds``: This release adds the "ModifyActivityStream" API with support for audit
    policy state locking and unlocking.
  * api-change:``transcribe``: Remove unsupported language codes for StartTranscriptionJob and update
    VocabularyFileUri for UpdateMedicalVocabulary
- from version 1.27.35
  * api-change:``athena``: This feature allows customers to retrieve runtime statistics for completed
    queries
  * api-change:``cloudwatch``: Update cloudwatch client to latest version
  * api-change:``dms``: Documentation updates for Database Migration Service (DMS).
  * api-change:``docdb``: Enable copy-on-write restore type
  * api-change:``ec2-instance-connect``: This release includes a new exception type
    "EC2InstanceUnavailableException" for SendSSHPublicKey and SendSerialConsoleSSHPublicKey APIs.
  * api-change:``frauddetector``: The release introduces Account Takeover Insights (ATI) model. The
    ATI model detects fraud relating to account takeover. This release also adds support for new
    variable types: ARE_CREDENTIALS_VALID and SESSION_ID and adds new structures to Model Version APIs.
  * api-change:``iotsitewise``: Added asynchronous API to ingest bulk historical and current data
    into IoT SiteWise.
  * api-change:``kendra``: Amazon Kendra now provides Oauth2 support for SharePoint Online. For more
    information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-sharepoint.html
  * api-change:``network-firewall``: Network Firewall now supports referencing dynamic IP sets from
    stateful rule groups, for IP sets stored in Amazon VPC prefix lists.
  * api-change:``rds``: Adds support for creating an RDS Proxy for an RDS for MariaDB database.
- from version 1.27.34
  * api-change:``acm-pca``: AWS Certificate Manager (ACM) Private Certificate Authority (PCA)
    documentation updates
  * api-change:``iot``: GA release the ability to enable/disable IoT Fleet Indexing for Device
    Defender and Named Shadow information, and search them through IoT Fleet Indexing APIs. This
    includes Named Shadow Selection as a part of the UpdateIndexingConfiguration API.
- from version 1.27.33
  * api-change:``devops-guru``: Added new APIs for log anomaly detection feature.
  * api-change:``glue``: Documentation updates for AWS Glue Job Timeout and Autoscaling
  * api-change:``sagemaker-edge``: Amazon SageMaker Edge Manager provides lightweight model
    deployment feature to deploy machine learning models on requested devices.
  * api-change:``sagemaker``: Fixed an issue with cross account QueryLineage
  * api-change:``workspaces``: Increased the character limit of the login message from 850 to 2000
    characters.
- from version 1.27.32
  * api-change:``discovery``: Add AWS Agentless Collector details to the GetDiscoverySummary API
    response
  * api-change:``ec2``: Documentation updates for Amazon EC2.
  * api-change:``elasticache``: Adding AutoMinorVersionUpgrade in the DescribeReplicationGroups API
  * api-change:``kms``: Added support for the SM2 KeySpec in China Partition Regions
  * api-change:``mediapackage``: This release adds "IncludeIframeOnlyStream" for Dash endpoints and
    increases the number of supported video and audio encryption presets for Speke v2
  * api-change:``sagemaker``: Amazon SageMaker Edge Manager provides lightweight model deployment
    feature to deploy machine learning models on requested devices.
  * api-change:``sso-admin``: AWS SSO now supports attaching customer managed policies and a
    permissions boundary to your permission sets. This release adds new API operations to manage and
    view the customer managed policies and the permissions boundary for a given permission set.
- from version 1.27.31
  * api-change:``datasync``: Documentation updates for AWS DataSync regarding configuring Amazon FSx
    for ONTAP location security groups and SMB user permissions.
  * api-change:``drs``: Changed existing APIs to allow choosing a dynamic volume type for replicating
    volumes, to reduce costs for customers.
  * api-change:``evidently``: This release adds support for the new segmentation feature.
  * api-change:``wafv2``: This SDK release provide customers ability to add sensitivity level for WAF
    SQLI Match Statements.

- Update to 1.27.30
  * api-change:``athena``: This release updates data types that contain either QueryExecutionId,
    NamedQueryId or ExpectedBucketOwner. Ids must be between 1 and 128 characters and contain only
    non-whitespace characters. ExpectedBucketOwner must be 12-digit string.
  * api-change:``codeartifact``: This release introduces Package Origin Controls, a mechanism used to
    counteract Dependency Confusion attacks. Adds two new APIs, PutPackageOriginConfiguration and
    DescribePackage, and updates the ListPackage, DescribePackageVersion and ListPackageVersion APIs in
    support of the feature.
  * api-change:``config``: Update ResourceType enum with values for Route53Resolver, Batch, DMS,
    Workspaces, Stepfunctions, SageMaker, ElasticLoadBalancingV2, MSK types
  * api-change:``ec2``: This release adds flow logs for Transit Gateway to  allow customers to gain
    deeper visibility and insights into network traffic through their Transit Gateways.
  * api-change:``fms``: Adds support for strict ordering in stateful rule groups in Network Firewall
    policies.
  * api-change:``glue``: This release adds an additional worker type for Glue Streaming jobs.
  * api-change:``inspector2``: This release adds support for Inspector V2 scan configurations through
    the get and update configuration APIs. Currently this allows configuring ECR automated re-scan
    duration to lifetime or 180 days or 30 days.
  * api-change:``kendra``: This release adds AccessControlConfigurations which allow you to redefine
    your document level access control without the need for content re-indexing.
  * api-change:``nimble``: Amazon Nimble Studio adds support for IAM-based access to AWS resources
    for Nimble Studio components and custom studio components. Studio Component scripts use these roles
    on Nimble Studio workstation to mount filesystems, access S3 buckets, or other configured resources
    in the Studio's AWS account
  * api-change:``outposts``: This release adds the ShipmentInformation and AssetInformationList
    fields to the GetOrder API response.
  * api-change:``sagemaker``: This release adds support for G5, P4d, and C6i instance types in Amazon
    SageMaker Inference and increases the number of hyperparameters that can be searched from 20 to 30
    in Amazon SageMaker Automatic Model Tuning
- from version 1.27.29
  * api-change:``appconfig``: Adding Create, Get, Update, Delete, and List APIs for new two new
    resources: Extensions and ExtensionAssociations.
- from version 1.27.28
  * api-change:``networkmanager``: This release adds general availability API support for AWS Cloud
    WAN.
- from version 1.27.27
  * api-change:``ec2``: Build, manage, and monitor a unified global network that connects resources
    running across your cloud and on-premises environments using the AWS Cloud WAN APIs.
  * api-change:``redshift-serverless``: Removed prerelease language for GA launch.
  * api-change:``redshift``: This release adds a new --snapshot-arn field for
    describe-cluster-snapshots, describe-node-configuration-options, restore-from-cluster-snapshot,
    authorize-snapshot-acsess, and revoke-snapshot-acsess APIs. It allows customers to give a Redshift
    snapshot ARN or a Redshift Serverless ARN as input.
- from version 1.27.26
  * api-change:``backup``: This release adds support for authentication using IAM user identity
    instead of passed IAM role, identified by excluding the IamRoleArn field in the StartRestoreJob
    API. This feature applies to only resource clients with a destructive restore nature (e.g. SAP
    HANA).
- from version 1.27.25
  * api-change:``chime-sdk-meetings``: Adds support for AppKeys and TenantIds in Amazon Chime SDK
    WebRTC sessions
  * api-change:``dms``: New api to migrate event subscriptions to event bridge rules
  * api-change:``iot``: This release adds support to register a CA certificate without having to
    provide a verification certificate. This also allows multiple AWS accounts to register the same CA
    in the same region.
  * api-change:``iotwireless``: Adds 5 APIs: PutPositionConfiguration, GetPositionConfiguration,
    ListPositionConfigurations, UpdatePosition, GetPosition for the new Positioning Service feature
    which enables customers to configure solvers to calculate position of LoRaWAN devices, or specify
    position of LoRaWAN devices & gateways.
  * api-change:``sagemaker``: Heterogeneous clusters: the ability to launch training jobs with
    multiple instance types. This enables running component of the training job on the instance type
    that is most suitable for it. e.g. doing data processing and augmentation on CPU instances and
    neural network training on GPU instances
- from version 1.27.24
  * api-change:``cloudformation``: My AWS Service (placeholder) - Add a new feature Account-level
    Targeting for StackSet operation
  * api-change:``synthetics``: This release introduces Group feature, which enables users to group
    cross-region canaries.
- from version 1.27.23
  * api-change:``config``: Updating documentation service limits
  * api-change:``lexv2-models``: Update lexv2-models client to latest version
  * api-change:``quicksight``: This release allows customers to programmatically create QuickSight
    accounts with Enterprise and Enterprise + Q editions. It also releases allowlisting domains for
    embedding QuickSight dashboards at runtime through the embedding APIs.
  * api-change:``rds``: Adds waiters support for DBCluster.
  * api-change:``rolesanywhere``: IAM Roles Anywhere allows your workloads such as servers,
    containers, and applications to obtain temporary AWS credentials and use the same IAM roles and
    policies that you have configured for your AWS workloads to access AWS resources.
  * api-change:``ssm-incidents``: Adds support for tagging incident-record on creation by providing
    incident tags in the template within a response-plan.
- from version 1.27.22
  * api-change:``dms``: Added new features for AWS DMS version 3.4.7 that includes new endpoint
    settings for S3, OpenSearch, Postgres, SQLServer and Oracle.
  * api-change:``rds``: Adds support for additional retention periods to Performance Insights.
- from version 1.27.21
  * api-change:``athena``: This feature introduces the API support for Athena's parameterized query
    and BatchGetPreparedStatement API.
  * api-change:``customer-profiles``: This release adds the optional
    MinAllowedConfidenceScoreForMerging parameter to the CreateDomain, UpdateDomain, and
    GetAutoMergingPreview APIs in Customer Profiles. This parameter is used as a threshold to influence
    the profile auto-merging step of the Identity Resolution process.
  * api-change:``emr``: Update emr client to latest version
  * api-change:``glue``: This release adds tag as an input of CreateDatabase
  * api-change:``kendra``: Amazon Kendra now provides a data source connector for alfresco
  * api-change:``mwaa``: Documentation updates for Amazon Managed Workflows for Apache Airflow.
  * api-change:``pricing``: Documentation update for GetProducts Response.
  * api-change:``wellarchitected``: Added support for UpdateGlobalSettings API. Added status filter
    to ListWorkloadShares and ListLensShares.
  * api-change:``workmail``: This release adds support for managing user availability configurations
    in Amazon WorkMail.

- Update to 1.27.20
  * api-change:``appstream``: Includes support for StreamingExperienceSettings in CreateStack and
    UpdateStack APIs
  * api-change:``elbv2``: Update elbv2 client to latest version
  * api-change:``emr``: Update emr client to latest version
  * api-change:``medialive``: This release adds support for automatic renewal of MediaLive
    reservations at the end of each reservation term. Automatic renewal is optional. This release also
    adds support for labelling accessibility-focused audio and caption tracks in HLS outputs.
  * api-change:``redshift-serverless``: Add new API operations for Amazon Redshift Serverless, a new
    way of using Amazon Redshift without needing to manually manage provisioned clusters. The new
    operations let you interact with Redshift Serverless resources, such as create snapshots, list VPC
    endpoints, delete resource policies, and more.
  * api-change:``sagemaker``: This release adds: UpdateFeatureGroup, UpdateFeatureMetadata,
    DescribeFeatureMetadata APIs; FeatureMetadata type in Search API; LastModifiedTime,
    LastUpdateStatus, OnlineStoreTotalSizeBytes in DescribeFeatureGroup API.
  * api-change:``translate``: Added ListLanguages API which can be used to list the languages
    supported by Translate.
- from version 1.27.19
  * api-change:``datasync``: AWS DataSync now supports Amazon FSx for NetApp ONTAP locations.
  * api-change:``ec2``: This release adds a new spread placement group to EC2 Placement Groups: host
    level spread, which spread instances between physical hosts, available to Outpost customers only.
    CreatePlacementGroup and DescribePlacementGroups APIs were updated with a new parameter:
    SpreadLevel to support this feature.
  * api-change:``finspace-data``: Release new API GetExternalDataViewAccessDetails
  * api-change:``polly``: Add 4 new neural voices - Pedro (es-US), Liam (fr-CA), Daniel (de-DE) and
    Arthur (en-GB).
- from version 1.27.18
  * api-change:``iot``: This release ease the restriction for the input of tag value to align with
    AWS standard, now instead of min length 1, we change it to min length 0.
- from version 1.27.17
  * api-change:``glue``: This release enables the new ListCrawls API for viewing the AWS Glue Crawler
    run history.
  * api-change:``rds-data``: Documentation updates for RDS Data API
- from version 1.27.16
  * api-change:``lookoutequipment``: This release adds visualizations to the scheduled inference
    results. Users will be able to see interference results, including diagnostic results from their
    running inference schedulers.
  * api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has released support for automatic
    DolbyVision metadata generation when converting HDR10 to DolbyVision.
  * api-change:``mgn``: New and modified APIs for the Post-Migration Framework
  * api-change:``migration-hub-refactor-spaces``: This release adds the new API UpdateRoute that
    allows route to be updated to ACTIVE/INACTIVE state. In addition, CreateRoute API will now allow
    users to create route in ACTIVE/INACTIVE state.
  * api-change:``sagemaker``: SageMaker Ground Truth now supports Virtual Private Cloud. Customers
    can launch labeling jobs and access to their private workforce in VPC mode.
- from version 1.27.15
  * api-change:``apigateway``: Documentation updates for Amazon API Gateway
  * api-change:``pricing``: This release introduces 1 update to the GetProducts API. The serviceCode
    attribute is now required when you use the GetProductsRequest.
  * api-change:``transfer``: Until today, the service supported only RSA host keys and user keys. Now
    with this launch, Transfer Family has expanded the support for ECDSA and ED25519 host keys and user
    keys, enabling customers to support a broader set of clients by choosing RSA, ECDSA, and ED25519
    host and user keys.
- from version 1.27.14
  * api-change:``ec2``: This release adds support for Private IP VPNs, a new feature allowing S2S VPN
    connections to use private ip addresses as the tunnel outside ip address over Direct Connect as
    transport.
  * api-change:``ecs``: Amazon ECS UpdateService now supports the following parameters:
    PlacementStrategies, PlacementConstraints and CapacityProviderStrategy.
  * api-change:``wellarchitected``: Adds support for lens tagging, Adds support for multiple
    helpful-resource urls and multiple improvement-plan urls.
- from version 1.27.13
  * api-change:``ds``: This release adds support for describing and updating AWS Managed Microsoft AD
    settings
  * api-change:``kafka``: Documentation updates to use Az Id during cluster creation.
  * api-change:``outposts``: This release adds the AssetLocation structure to the ListAssets
    response. AssetLocation includes the RackElevation for an Asset.
- from version 1.27.12
  * api-change:``connect``: This release updates these APIs: UpdateInstanceAttribute,
    DescribeInstanceAttribute and ListInstanceAttributes. You can use it to programmatically
    enable/disable High volume outbound communications using attribute type HIGH_VOLUME_OUTBOUND on the
    specified Amazon Connect instance.
  * api-change:``connectcampaigns``: Added Amazon Connect high volume outbound communications SDK.
  * api-change:``dynamodb``: Doc only update for DynamoDB service
  * api-change:``dynamodbstreams``: Update dynamodbstreams client to latest version
- from version 1.27.11
  * api-change:``redshift-data``: This release adds a new --workgroup-name field to operations that
    connect to an endpoint. Customers can now execute queries against their serverless workgroups.
  * api-change:``secretsmanager``: Documentation updates for Secrets Manager
  * api-change:``securityhub``: Added Threats field for security findings. Added new resource details
    for ECS Container, ECS Task, RDS SecurityGroup, Kinesis Stream, EC2 TransitGateway, EFS
    AccessPoint, CloudFormation Stack, CloudWatch Alarm, VPC Peering Connection and WAF Rules
- from version 1.27.10
  * api-change:``finspace-data``: This release adds a new set of APIs, GetPermissionGroup,
    DisassociateUserFromPermissionGroup, AssociateUserToPermissionGroup, ListPermissionGroupsByUser,
    ListUsersByPermissionGroup.
  * api-change:``guardduty``: Adds finding fields available from GuardDuty Console. Adds FreeTrial
    related operations. Deprecates the use of various APIs related to Master Accounts and Replace them
    with Administrator Accounts.
  * api-change:``servicecatalog-appregistry``: This release adds a new API
    ListAttributeGroupsForApplication that returns associated attribute groups of an application. In
    addition, the UpdateApplication and UpdateAttributeGroup APIs will not allow users to update the
    'Name' attribute.
  * api-change:``workspaces``: Added new field "reason" to OperationNotSupportedException. Receiving
    this exception in the DeregisterWorkspaceDirectory API will now return a reason giving more context
    on the failure.
- from version 1.27.9
  * api-change:``budgets``: Add a budgets ThrottlingException. Update the CostFilters value pattern.
  * api-change:``lookoutmetrics``: Adding filters to Alert and adding new UpdateAlert API.
  * api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has added support for rules that
    constrain Automatic-ABR rendition selection when generating ABR package ladders.
- from version 1.27.8
  * api-change:``outposts``: This release adds API operations AWS uses to install Outpost servers.
- from version 1.27.7
  * api-change:``frauddetector``: Documentation updates for Amazon Fraud Detector (AWSHawksNest)
- from version 1.27.6
  * api-change:``chime-sdk-meetings``: Adds support for live transcription in AWS GovCloud (US)
    Regions.
- from version 1.27.5
  * api-change:``dms``: This release adds DMS Fleet Advisor APIs and exposes functionality for DMS
    Fleet Advisor. It adds functionality to create and modify fleet advisor instances, and to collect
    and analyze information about the local data infrastructure.
  * api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
  * api-change:``m2``: AWS Mainframe Modernization service is a managed mainframe service and set of
    tools for planning, migrating, modernizing, and running mainframe workloads on AWS
  * api-change:``neptune``: This release adds support for Neptune to be configured as a global
    database, with a primary DB cluster in one region, and up to five secondary DB clusters in other
    regions.
  * api-change:``redshift``: Adds new API GetClusterCredentialsWithIAM to return temporary
    credentials.
- from version 1.27.4
  * api-change:``auditmanager``: This release introduces 2 updates to the Audit Manager API. The
    roleType and roleArn attributes are now required when you use the CreateAssessment or
    UpdateAssessment operation. We also added a throttling exception to the RegisterAccount API
    operation.
  * api-change:``ce``: Added two new APIs to support cost allocation tags operations:
    ListCostAllocationTags, UpdateCostAllocationTagsStatus.
- from version 1.27.3
  * api-change:``chime-sdk-messaging``: This release adds support for searching channels by members
    via the SearchChannels API, removes required restrictions for Name and Mode in UpdateChannel API
    and enhances CreateChannel API by exposing member and moderator list as well as channel id as
    optional parameters.
  * api-change:``connect``: This release adds a new API, GetCurrentUserData, which returns real-time
    details about users' current activity.

- Update to 1.27.2
  * api-change:``codeartifact``: Documentation updates for CodeArtifact
  * api-change:``voice-id``: Added a new attribute ServerSideEncryptionUpdateDetails to Domain and
    DomainSummary.
  * api-change:``proton``: Add new "Components" API to enable users to Create, Delete and Update AWS
    Proton components.
  * api-change:``connect``: This release adds the following features: 1) New APIs to manage (create,
    list, update) task template resources, 2) Updates to startTaskContact API to support task
    templates, and 3) new TransferContact API to programmatically transfer in-progress tasks via a
    contact flow.
  * api-change:``application-insights``: Provide Account Level onboarding support through CFN/CLI
  * api-change:``kendra``: Amazon Kendra now provides a data source connector for GitHub. For more
    information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-github.html
- from version 1.27.1
  * api-change:``backup-gateway``: Adds GetGateway and UpdateGatewaySoftwareNow API and adds
    hypervisor name to UpdateHypervisor API
  * api-change:``forecast``: Added Format field to Import and Export APIs in Amazon Forecast. Added
    TimeSeriesSelector to Create Forecast API.
  * api-change:``chime-sdk-meetings``: Adds support for centrally controlling each participant's
    ability to send and receive audio, video and screen share within a WebRTC session.  Attendee
    capabilities can be specified when the attendee is created and updated during the session with the
    new BatchUpdateAttendeeCapabilitiesExcept API.
  * api-change:``route53``: Add new APIs to support Route 53 IP Based Routing
- from version 1.27.0
  * api-change:``iotsitewise``: This release adds the following new optional field to the IoT
    SiteWise asset resource: assetDescription.
  * api-change:``lookoutmetrics``: Adding backtest mode to detectors using the Cloudwatch data source.
  * api-change:``transcribe``: Amazon Transcribe now supports automatic language identification for
    multi-lingual audio in batch mode.
  * feature:Python: Dropped support for Python 3.6
  * api-change:``cognito-idp``: Amazon Cognito now supports IP Address propagation for all
    unauthenticated APIs (e.g. SignUp, ForgotPassword).
  * api-change:``drs``: Changed existing APIs and added new APIs to accommodate using multiple AWS
    accounts with AWS Elastic Disaster Recovery.
  * api-change:``sagemaker``: Amazon SageMaker Notebook Instances now support Jupyter Lab 3.
- from version 1.26.10
  * api-change:``sagemaker``: Amazon SageMaker Notebook Instances now allows configuration of
    Instance Metadata Service version and Amazon SageMaker Studio now supports G5 instance types.
  * api-change:``appflow``: Adding the following features/changes: Parquet output that preserves
    typing from the source connector, Failed executions threshold before deactivation for scheduled
    flows, increasing max size of access and refresh token from 2048 to 4096
  * api-change:``datasync``: AWS DataSync now supports TLS encryption in transit, file system
    policies and access points for EFS locations.
  * api-change:``emr-serverless``: This release adds support for Amazon EMR Serverless, a serverless
    runtime environment that simplifies running analytics applications using the latest open source
    frameworks such as Apache Spark and Apache Hive.
- from version 1.26.9
  * api-change:``lightsail``: Amazon Lightsail now supports the ability to configure a Lightsail
    Container Service to pull images from Amazon ECR private repositories in your account.
  * api-change:``emr-serverless``: This release adds support for Amazon EMR Serverless, a serverless
    runtime environment that simplifies running analytics applications using the latest open source
    frameworks such as Apache Spark and Apache Hive.
  * api-change:``ec2``: C7g instances, powered by the latest generation AWS Graviton3 processors,
    provide the best price performance in Amazon EC2 for compute-intensive workloads.
  * api-change:``forecast``: Introduced a new field in Auto Predictor as Time Alignment Boundary. It
    helps in aligning the timestamps generated during Forecast exports
- from version 1.26.8
  * api-change:``secretsmanager``: Documentation updates for Secrets Manager
  * api-change:``fsx``: This release adds root squash support to FSx for Lustre to restrict root
    level access from clients by mapping root users to a less-privileged user/group with limited
    permissions.
  * api-change:``lookoutmetrics``: Adding AthenaSourceConfig for MetricSet APIs to support Athena as
    a data source.
  * api-change:``voice-id``: VoiceID will now automatically expire Speakers if they haven't been
    accessed for Enrollment, Re-enrollment or Successful Auth for three years. The Speaker APIs now
    return a "LastAccessedAt" time for Speakers, and the EvaluateSession API returns "SPEAKER_EXPIRED"
    Auth Decision for EXPIRED Speakers.
  * api-change:``cloudformation``: Add a new parameter statusReason to DescribeStackSetOperation
    output for additional details
  * api-change:``apigateway``: Documentation updates for Amazon API Gateway
  * api-change:``apprunner``: Documentation-only update added for CodeConfiguration.
  * api-change:``sagemaker``: Amazon SageMaker Autopilot adds support for manually selecting features
    from the input dataset using the CreateAutoMLJob API.
- from version 1.26.7
  * api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has added support for rules that
    constrain Automatic-ABR rendition selection when generating ABR package ladders.
  * api-change:``cognito-idp``: Amazon Cognito now supports requiring attribute verification (ex.
    email and phone number) before update.
  * api-change:``networkmanager``: This release adds Multi Account API support for a TGW Global
    Network, to enable and disable AWSServiceAccess with AwsOrganizations for Network Manager service
    and dependency CloudFormation StackSets service.
  * api-change:``ivschat``: Doc-only update. For MessageReviewHandler structure, added timeout period
    in the description of the fallbackResult field
  * api-change:``ec2``: Stop Protection feature enables customers to protect their instances from
    accidental stop actions.
- from version 1.26.6
  * api-change:``elasticache``: Added support for encryption in transit for Memcached clusters.
    Customers can now launch Memcached cluster with encryption in transit enabled when using Memcached
    version 1.6.12 or later.
  * api-change:``forecast``: New APIs for Monitor that help you understand how your predictors
    perform over time.
  * api-change:``personalize``: Adding modelMetrics as part of DescribeRecommender API response for
    Personalize.
- from version 1.26.5
  * api-change:``comprehend``: Comprehend releases 14 new entity types for DetectPiiEntities and
    ContainsPiiEntities APIs.
  * api-change:``logs``: Doc-only update to publish the new valid values for log retention
python-certifi
- remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle
  certs (bsc#1206212 CVE-2022-23491)
  - TrustCor RootCert CA-1
  - TrustCor RootCert CA-2
  - TrustCor ECA-1
- Add removeTrustCor.patch
python-chardet
- Fix update-alternative in %postun, bsc#1218765
python-configobj
- Add CVE-2023-26112.patch (bsc#1210070)
python-cryptography
- Add CVE-2023-49083.patch to fix A null-pointer-dereference and
  segfault could occur when loading certificates from a PKCS#7 bundle.
  bsc#1217592

- Add patch CVE-2023-23931-dont-allow-update-into.patch (bsc#1208036, CVE-2023-23931)
  * Don't allow update_into to mutate immutable objects

- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

- Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)

- Refresh patches for new version
  + 5507-mitigate-Bleichenbacher-attacks.patch
python-docutils
- Use update-alternatives for all binary scripts and provide
  /usr/bin/docutils to avoid conflict with python311-docutils
  bsc#1219501
python3-ec2imgutils
- Update to version 10.0.1
  + Follow up fix to (bsc#1199722) allow the user a choice of 2.0 and v2.0 as
    tpm versions on the command line

- Update to version 10.0.0 (bsc#1199722)
  + Add --tpm-support as command line option and tpm_support to the API
    to register images that support NitroTPM
  + API change for ec2deprecateimg. It is now possible to deprecate
    an image without providing a successor image.

- Add rpm-macros to build requirements in spec.
python3-ec2metadata
- Update to version 5.0.0 (bsc#1214215)
  + Remove the --use-token command line option. Aws is deprecating access
    to instance metadata without authentication token. Ability to access
    metadat without token has been removed
  + Support access to the metadata server over IPv6. If the customer
    enables the IPv6 endpoint for an instance it will be preferred over the
    IPv4 endpoint

- Update to version 4.0.0 (bsc#1204066)
  + Disambiguate cli options for duplicate endpoints. This is an
    incompatible change for some API versions of IMDS. When a duplicate
    endpoint is detected the cli option for both endpoints is expanded to a
    unique name.
python-idna
- Add CVE-2024-3651.patch, backported from upstream commit
  gh#kjd/idna#172/commits/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7
  (bsc#1222842, CVE-2024-3651)
python-msgpack
- Loose the filelist for the package info to avoid FTBFS on
  SLE-15-SP5 (bsc#1203743).
python-packaging
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

- Add patch to fix testsuite on big-endian targets
  + fix-big-endian-build.patch

- Ignore python3.6.2 since the test doesn't support it.

- update to 21.3:
  * Add a pp3-none-any tag (gh#pypa/packaging#311)
  * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion
    (gh#pypa/packaging#481), (gh#pypa/packaging#486)
  * Fix a spelling mistake (gh#pypa/packaging#479)

- update to 21.2:
  * Update documentation entry for 21.1.
  * Update pin to pyparsing to exclude 3.0.0.
  * PEP 656: musllinux support
  * Drop support for Python 2.7, Python 3.4 and Python 3.5.
  * Replace distutils usage with sysconfig
  * Add support for zip files in ``parse_sdist_filename``
  * Use cached ``_hash`` attribute to short-circuit tag equality comparisons
  * Specify the default value for the ``specifier`` argument to ``SpecifierSet``
  * Proper keyword-only "warn" argument in packaging.tags
  * Correctly remove prerelease suffixes from ~= check
  * Fix type hints for ``Version.post`` and ``Version.dev``
  * Use typing alias ``UnparsedVersion``
  * Improve type inference for ``packaging.specifiers.filter()``
  * Tighten the return type of ``canonicalize_version()``

- Add Provides: for python*dist(packaging): work around boo#1186870
- skip tests failing because of no-legacyversion-warning.patch

- add no-legacyversion-warning.patch to restore compatibility with 20.4

- update to 20.9:
  * Run [isort](https://pypi.org/project/isort/) over the code base (:issue:`377`)
  * Add support for the ``macosx_10_*_universal2`` platform tags (:issue:`379`)
  * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()``

- update to 20.8:
  * Revert back to setuptools for compatibility purposes for some Linux distros (:issue:`363`)
  * Do not insert an underscore in wheel tags when the interpreter version number
    is more than 2 digits (:issue:`372`)
  * Fix flit configuration, to include LICENSE files (:issue:`357`)
  * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag (:issue:`361`)
  * Add some missing type hints to `packaging.requirements` (issue:`350`)
  * Officially support Python 3.9 (:issue:`343`)
  * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes (:issue:`321`)
  * Handle ``OSError`` on non-dynamic executables when attempting to resolve
    the glibc version string.

- update to 20.4:
  * Canonicalize version before comparing specifiers. (:issue:`282`)
  * Change type hint for ``canonicalize_name`` to return
  ``packaging.utils.NormalizedName``.
  This enables the use of static typing tools (like mypy) to detect mixing of
  normalized and un-normalized names.
python-paramiko
- Add rsa-key-loading-fix.patch (bsc#1205132) fixing loading RSA
  key.
python-psutil
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

- Fix tests: setuptools changed the builddir library path and does
  not find the module from it. Use the installed platlib instead
  and exclude psutil.tests only later.
- Refresh skip-obs.patch
python-pyasn1
- To avoid users of this package having to recompile bytecode
  files, change the mtime of any __init__.py. (bsc#1207805)
python-py
- Remove all traces of py._path.svn{url,wc}. (bsc#1204364, CVE-2022-42969)
- Add patch remove-svn-remants.patch to help with that goal.
- Refresh pr_222.patch as needed for above.
python-requests
- Update CVE-2024-35195.patch to allow the usage of "verify" parameter
  as a directory, bsc#1225912

- Add CVE-2024-35195.patch (CVE-2024-35195, bsc#1224788)
- Add httpbin.patch to fix a test failure caused by the previous patch.

- Add CVE-2023-32681.patch to fix unintended leak of
  Proxy-Authorization header (CVE-2023-32681, bsc#1211674)
  Upstream commit: gh#psf/requests@74ea7cf7a6a2

- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

- Don't pin idna<3 in the egg-info so that depending packages
  can install the new idna dropping python2

- update to 2.25.1:
  - Requests now treats `application/json` as `utf8` by default. Resolving
  inconsistencies between `r.text` and `r.json` output. (#5673)

- Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)

- update to 2.25.0:
  * Added support for NETRC environment variable. (#5643)
  * Requests now supports urllib3 v1.26.
  * Requests v2.25.x will be the last release series with support for Python 3.5.
- refreshed requests-no-hardcoded-version.patch
python-rsa
- Add cve_2020-25658.patch (CVE-2020-25658 bsc#1178676)
  + Reduce timing sensitivity on devryption for false ciphers
python-s3transfer
- Update in SLE-15 (bsc#1209255, jsc#PED-3780)
- Add python-python-dateutil and python-jmespath to BuildRequires

- Update in SLE-15 (bsc#1204537, jsc#PED-2333)

- Update to 0.6.0
  * feature:Python: Dropped support for Python 3.6
- from version 0.5.2
  * enhancement:``s3``: Added support for flexible checksums
    when uploading or downloading objects.
- from version 0.5.1
  * enhancement:Python: Officially add Python 3.10 support
- Drop unused python-mock dependency from BuildRequires
- Refresh patches for new version
  + no-bundled-packages.patch
salt
- Speed up salt.matcher.confirm_top by using __context__
- Do not call the async wrapper calls with the separate thread
- Prevent OOM with high amount of batch async calls (bsc#1216063)
- Add missing contextvars dependency in salt.version
- Skip tests for unsupported algorithm on old OpenSSL version
- Remove redundant `_file_find` call to the master
- Prevent possible exception in tornado.concurrent.Future._set_done
- Make reactor engine less blocking the EventPublisher
- Make salt-master self recoverable on killing EventPublisher
- Improve broken events catching and reporting
- Make logging calls lighter
- Remove unused import causing delays on starting salt-master
- Mark python3-CherryPy as recommended package for the testsuite
- Added:
  * add-missing-contextvars-dependency-in-salt.version.patch
  * make-reactor-engine-less-blocking-the-eventpublisher.patch
  * prevent-possible-exception-in-tornado.concurrent.fut.patch
  * skip-tests-for-unsupported-algorithm-on-old-openssl-.patch
  * remove-unused-import-causing-delays-on-starting-salt.patch
  * prevent-oom-with-high-amount-of-batch-async-calls-bs.patch
  * remove-redundant-_file_find-call-to-the-master.patch
  * make-logging-calls-lighter.patch
  * improve-broken-events-catching-and-reporting.patch
  * do-not-call-the-async-wrapper-calls-with-the-separat.patch
  * make-salt-master-self-recoverable-on-killing-eventpu.patch
  * speed-up-salt.matcher.confirm_top-by-using-__context.patch

- Make "man" a recommended package instead of required

- Convert oscap output to UTF-8
- Make Salt compatible with Python 3.11
- Ignore non-ascii chars in oscap output (bsc#1219001)
- Fix detected issues in Salt tests when running on VMs
- Make importing seco.range thread safe (bsc#1211649)
- Fix problematic tests and allow smooth tests executions
  on containers
- Discover Ansible playbook files as "*.yml" or "*.yaml"
  files (bsc#1211888)
- Provide user(salt)/group(salt) capabilities for RPM 4.19
- Extend dependencies for python3-salt-testsuite
  and python3-salt packages
- Improve Salt and testsuite packages multibuild
- Enable multibuilld and create test flavor
- Prevent exceptions with fileserver.update when called
  via state (bsc#1218482)
- Improve pip target override condition with VENV_PIP_TARGET
  environment variable (bsc#1216850)
- Fixed KeyError in logs when running a state that fails
- Added:
  * fixed-keyerror-in-logs-when-running-a-state-that-fai.patch
  * fix-salt-warnings-and-testuite-for-python-3.11-635.patch
  * discover-both-.yml-and-.yaml-playbooks-bsc-1211888.patch
  * decode-oscap-byte-stream-to-string-bsc-1219001.patch
  * fix-tests-failures-and-errors-when-detected-on-vm-ex.patch
  * allow-kwargs-for-fileserver-roots-update-bsc-1218482.patch
  * improve-pip-target-override-condition-with-venv_pip_.patch
  * make-importing-seco.range-thread-safe-bsc-1211649.patch
  * fix-problematic-tests-and-allow-smooth-tests-executi.patch
  * switch-oscap-encoding-to-utf-8-639.patch

- Prevent directory traversal when creating syndic cache directory
  on the master (CVE-2024-22231, bsc#1219430)
- Prevent directory traversal attacks in the master's serve_file
  method (CVE-2024-22232, bsc#1219431)
- Added:
  * fix-cve-2024-22231-and-cve-2024-22232-bsc-1219430-bs.patch

- Ensure that pillar refresh loads beacons from pillar without restart
- Fix the aptpkg.py unit test failure
- Prefer unittest.mock to python-mock in test suite
- Enable "KeepAlive" probes for Salt SSH executions (bsc#1211649)
- Revert changes to set Salt configured user early in the stack (bsc#1216284)
- Align behavior of some modules when using salt-call via symlink (bsc#1215963)
- Fix gitfs "__env__" and improve cache cleaning (bsc#1193948)
- Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed
- Added:
  * enable-keepalive-probes-for-salt-ssh-executions-bsc-.patch
  * update-__pillar__-during-pillar_refresh.patch
  * fix-gitfs-__env__-and-improve-cache-cleaning-bsc-119.patch
  * prefer-unittest.mock-for-python-versions-that-are-su.patch
  * revert-make-sure-configured-user-is-properly-set-by-.patch
  * fix-the-aptpkg.py-unit-test-failure.patch
  * dereference-symlinks-to-set-proper-__cli-opt-bsc-121.patch

- Randomize pre_flight_script path (CVE-2023-34049 bsc#1215157)
- Allow all primitive grain types for autosign_grains (bsc#1214477)
- Added:
  * allow-all-primitive-grain-types-for-autosign_grains-.patch
  * fix-cve-2023-34049-bsc-1215157.patch

- Fix optimization_order opt to prevent testsuite fails
- Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
- Use salt-call from salt bundle with transactional_update
- Only call native_str on curl_debug message in tornado when needed
- Implement the calling for batch async from the salt CLI
- Fix calculation of SLS context vars when trailing dots
  on targetted sls/state (bsc#1213518)
- Rename salt-tests to python3-salt-testsuite
- Added:
  * only-call-native_str-on-curl_debug-message-in-tornad.patch
  * fix-calculation-of-sls-context-vars-when-trailing-do.patch
  * use-salt-call-from-salt-bundle-with-transactional_up.patch
  * implement-the-calling-for-batch-async-from-the-salt-.patch
  * improve-salt.utils.json.find_json-bsc-1213293.patch
  * fix-optimization_order-opt-to-prevent-test-fails.patch

- Fix inconsistency in reported version by egg-info metadata (bsc#1215489)
- Added:
  * write-salt-version-before-building-when-using-with-s.patch

- Revert usage of long running REQ channel to prevent possible
  missing responses on requests and dublicated responses
  (bsc#1213960, bsc#1213630, bsc#1213257)
- Fix gitfs cachedir basename to avoid hash collisions
  (bsc#1193948, bsc#1214797, CVE-2023-20898)
- Added:
  * revert-usage-of-long-running-req-channel-bsc-1213960.patch
  * fixed-gitfs-cachedir_basename-to-avoid-hash-collisio.patch

- Make sure configured user is properly set by Salt (bsc#1210994)
- Do not fail on bad message pack message (bsc#1213441, CVE-2023-20897)
- Fix broken tests to make them running in the testsuite
- Prevent possible exceptions on salt.utils.user.get_group_dict (bsc#1212794)
- Create minion_id with reproducible mtime
- Fix detection of Salt codename by "salt_version" execution module
- Fix regression: multiple values for keyword argument 'saltenv' (bsc#1212844)
- Fix the regression of user.present state when group is unset (bsc#1212855)
- Fix zypper repositories always being reconfigured
- Fix utf8 handling in 'pass' renderer and make it more robust
- Added:
  * fix-regression-multiple-values-for-keyword-argument-.patch
  * fix-tests-to-make-them-running-with-salt-testsuite.patch
  * mark-salt-3006-as-released-586.patch
  * make-sure-configured-user-is-properly-set-by-salt-bs.patch
  * zypper-pkgrepo-alreadyconfigured-585.patch
  * prevent-possible-exceptions-on-salt.utils.user.get_g.patch
  * fix-the-regression-of-user.present-state-when-group-.patch
  * do-not-fail-on-bad-message-pack-message-bsc-1213441-.patch
  * fix-utf8-handling-in-pass-renderer-and-make-it-more-.patch

- Prevent _pygit2.GitError: error loading known_hosts when $HOME is not set (bsc#1210994)
- Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591)
- tornado: Fix an open redirect in StaticFileHandler (CVE-2023-28370, bsc#1211741)
- Added:
  * 3006.0-prevent-_pygit2.giterror-error-loading-known_.patch
  * fix-some-issues-detected-in-salt-support-cli-module-.patch
  * tornado-fix-an-open-redirect-in-staticfilehandler-cv.patch

- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516) (bsc#1212517)
- Added:
  * make-master_tops-compatible-with-salt-3000-and-older.patch

- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Added:
  * define-__virtualname__-for-transactional_update-modu.patch

- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Added:
  * avoid-conflicts-with-dependencies-versions-bsc-12116.patch

- Update to Salt release version 3006.0 (jsc#PED-4360)
  * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html
- Add missing patch after rebase to fix collections Mapping issues
- Add python3-looseversion as new dependency for salt
- Add python3-packaging as new dependency for salt
- Allow entrypoint compatibility for "importlib-metadata>=5.0.0" (bsc#1207071)
- Create new salt-tests subpackage containing Salt tests
- Drop conflictive patch dicarded from upstream
- Fix SLS rendering error when Jinja macros are used
- Fix version detection and avoid building and testing failures
- Prevent deadlocks in salt-ssh executions
- Require python3-jmespath runtime dependency (bsc#1209233)
- Added:
  * 3005.1-implement-zypper-removeptf-573.patch
  * control-the-collection-of-lvm-grains-via-config.patch
  * fix-version-detection-and-avoid-building-and-testing.patch
  * make-sure-the-file-client-is-destroyed-upon-used.patch
  * skip-package-names-without-colon-bsc-1208691-578.patch
  * use-rlock-to-avoid-deadlocks-in-salt-ssh.patch
- Modified:
  * activate-all-beacons-sources-config-pillar-grains.patch
  * add-custom-suse-capabilities-as-grains.patch
  * add-environment-variable-to-know-if-yum-is-invoked-f.patch
  * add-migrated-state-and-gpg-key-management-functions-.patch
  * add-publish_batch-to-clearfuncs-exposed-methods.patch
  * add-salt-ssh-support-with-venv-salt-minion-3004-493.patch
  * add-sleep-on-exception-handling-on-minion-connection.patch
  * add-standalone-configuration-file-for-enabling-packa.patch
  * add-support-for-gpgautoimport-539.patch
  * allow-vendor-change-option-with-zypper.patch
  * async-batch-implementation.patch
  * avoid-excessive-syslogging-by-watchdog-cronjob-58.patch
  * bsc-1176024-fix-file-directory-user-and-group-owners.patch
  * change-the-delimeters-to-prevent-possible-tracebacks.patch
  * debian-info_installed-compatibility-50453.patch
  * dnfnotify-pkgset-plugin-implementation-3002.2-450.patch
  * do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch
  * don-t-use-shell-sbin-nologin-in-requisites.patch
  * drop-serial-from-event.unpack-in-cli.batch_async.patch
  * early-feature-support-config.patch
  * enable-passing-a-unix_socket-for-mysql-returners-bsc.patch
  * enhance-openscap-module-add-xccdf_eval-call-386.patch
  * fix-bsc-1065792.patch
  * fix-for-suse-expanded-support-detection.patch
  * fix-issue-2068-test.patch
  * fix-missing-minion-returns-in-batch-mode-360.patch
  * fix-ownership-of-salt-thin-directory-when-using-the-.patch
  * fix-regression-with-depending-client.ssh-on-psutil-b.patch
  * fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch
  * fix-salt.utils.stringutils.to_str-calls-to-make-it-w.patch
  * fix-the-regression-for-yumnotify-plugin-456.patch
  * fix-traceback.print_exc-calls-for-test_pip_state-432.patch
  * fixes-for-python-3.10-502.patch
  * include-aliases-in-the-fqdns-grains.patch
  * info_installed-works-without-status-attr-now.patch
  * let-salt-ssh-use-platform-python-binary-in-rhel8-191.patch
  * make-aptpkg.list_repos-compatible-on-enabled-disable.patch
  * make-setup.py-script-to-not-require-setuptools-9.1.patch
  * pass-the-context-to-pillar-ext-modules.patch
  * prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch
  * prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch
  * prevent-shell-injection-via-pre_flight_script_args-4.patch
  * read-repo-info-without-using-interpolation-bsc-11356.patch
  * restore-default-behaviour-of-pkg-list-return.patch
  * return-the-expected-powerpc-os-arch-bsc-1117995.patch
  * revert-fixing-a-use-case-when-multiple-inotify-beaco.patch
  * run-salt-api-as-user-salt-bsc-1064520.patch
  * run-salt-master-as-dedicated-salt-user.patch
  * save-log-to-logfile-with-docker.build.patch
  * switch-firewalld-state-to-use-change_interface.patch
  * temporary-fix-extend-the-whitelist-of-allowed-comman.patch
  * update-target-fix-for-salt-ssh-to-process-targets-li.patch
  * use-adler32-algorithm-to-compute-string-checksums.patch
  * use-salt-bundle-in-dockermod.patch
  * x509-fixes-111.patch
  * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch
- Removed:
  * 3003.3-do-not-consider-skipped-targets-as-failed-for.patch
  * 3003.3-postgresql-json-support-in-pillar-423.patch
  * add-amazon-ec2-detection-for-virtual-grains-bsc-1195.patch
  * add-missing-ansible-module-functions-to-whitelist-in.patch
  * add-rpm_vercmp-python-library-for-version-comparison.patch
  * add-support-for-name-pkgs-and-diff_attr-parameters-t.patch
  * adds-explicit-type-cast-for-port.patch
  * align-amazon-ec2-nitro-grains-with-upstream-pr-bsc-1.patch
  * backport-syndic-auth-fixes.patch
  * batch.py-avoid-exception-when-minion-does-not-respon.patch
  * check-if-dpkgnotify-is-executable-bsc-1186674-376.patch
  * clarify-pkg.installed-pkg_verify-documentation.patch
  * detect-module.run-syntax.patch
  * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch
  * enhance-logging-when-inotify-beacon-is-missing-pyino.patch
  * fix-62092-catch-zmq.error.zmqerror-to-set-hwm-for-zm.patch
  * fix-crash-when-calling-manage.not_alive-runners.patch
  * fixes-pkg.version_cmp-on-openeuler-systems-and-a-few.patch
  * fix-exception-in-yumpkg.remove-for-not-installed-pac.patch
  * fix-for-cve-2022-22967-bsc-1200566.patch
  * fix-inspector-module-export-function-bsc-1097531-481.patch
  * fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch
  * fix-issues-with-salt-ssh-s-extra-filerefs.patch
  * fix-jinja2-contextfuntion-base-on-version-bsc-119874.patch
  * fix-multiple-security-issues-bsc-1197417.patch
  * fix-salt-call-event.send-call-with-grains-and-pillar.patch
  * fix-salt.states.file.managed-for-follow_symlinks-tru.patch
  * fix-state.apply-in-test-mode-with-file-state-module-.patch
  * fix-test_ipc-unit-tests.patch
  * fix-the-regression-in-schedule-module-releasded-in-3.patch
  * fix-wrong-test_mod_del_repo_multiline_values-test-af.patch
  * fixes-56144-to-enable-hotadd-profile-support.patch
  * fopen-workaround-bad-buffering-for-binary-mode-563.patch
  * force-zyppnotify-to-prefer-packages.db-than-packages.patch
  * ignore-erros-on-reading-license-files-with-dpkg_lowp.patch
  * ignore-extend-declarations-from-excluded-sls-files.patch
  * ignore-non-utf8-characters-while-reading-files-with-.patch
  * implementation-of-held-unheld-functions-for-state-pk.patch
  * implementation-of-suse_ip-execution-module-bsc-10999.patch
  * improvements-on-ansiblegate-module-354.patch
  * include-stdout-in-error-message-for-zypperpkg-559.patch
  * make-pass-renderer-configurable-other-fixes-532.patch
  * make-sure-saltcacheloader-use-correct-fileclient-519.patch
  * mock-ip_addrs-in-utils-minions.py-unit-test-443.patch
  * normalize-package-names-once-with-pkg.installed-remo.patch
  * notify-beacon-for-debian-ubuntu-systems-347.patch
  * refactor-and-improvements-for-transactional-updates-.patch
  * retry-if-rpm-lock-is-temporarily-unavailable-547.patch
  * set-default-target-for-pip-from-venv_pip_target-envi.patch
  * state.apply-don-t-check-for-cached-pillar-errors.patch
  * state.orchestrate_single-does-not-pass-pillar-none-4.patch
  * support-transactional-systems-microos.patch
  * wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch

- Fix problem with detecting PTF packages (bsc#1208691)
- Added:
  * skip-package-names-without-colon-bsc-1208691-578.patch

- Fixes pkg.version_cmp on openEuler systems and a few other OS flavors
- Make pkg.remove function from zypperpkg module to handle also PTF packages
- Added:
  * fixes-pkg.version_cmp-on-openeuler-systems-and-a-few.patch
  * 3004-implement-zypper-removeptf-574.patch

- Control the collection of lvm grains via config (bsc#1204939)
- Added:
  * control-the-collection-of-lvm-grains-via-config.patch

- Pass the context to pillar ext modules
- Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685)
- Detect module run syntax version
- Implement automated patches alignment for the Salt Bundle
- Ignore extend declarations from excluded SLS files (bsc#1203886)
- Clarify pkg.installed pkg_verify documentation
- Enhance capture of error messages for Zypper calls in zypperpkg module
- Make pass renderer configurable and fix detected issues
- Workaround fopen line buffering for binary mode (bsc#1203834)
- Added:
  * clarify-pkg.installed-pkg_verify-documentation.patch
  * make-pass-renderer-configurable-other-fixes-532.patch
  * fopen-workaround-bad-buffering-for-binary-mode-563.patch
  * align-amazon-ec2-nitro-grains-with-upstream-pr-bsc-1.patch
  * detect-module.run-syntax.patch
  * ignore-extend-declarations-from-excluded-sls-files.patch
  * include-stdout-in-error-message-for-zypperpkg-559.patch
  * pass-the-context-to-pillar-ext-modules.patch
python-setuptools
- Add CVE-2022-40897-ReDos.patch to fix Regular Expression Denial of Service
  (ReDoS) in package_index.py.
  bsc#1206667
python-urllib3
- Add CVE-2024-37891.patch (bsc#1226469, CVE-2024-37891)

- Add CVE-2023-45803.patch (bsc#1216377, CVE-2023-45803)
  gh#urllib3/urllib3@4e98d57809da

- Add CVE-2023-43804.patch (bsc#1215968, CVE-2023-43804)
  gh#urllib3/urllib3#3139
  * Added the Cookie header to the list of headers to strip from
    requests when redirecting to a different host. As before,
    different headers can be set via Retry.remove_headers_on_redirect.
regionServiceClientConfigEC2
- Update to version 4.1.1 (bsc#1217536)
  + Replace 54.247.166.75.pem and 54.253.118.149.pem old soon to expired certs
    with new generated ones that expire in 8 years and have longer length (4096)
release-notes-sle_hpc
- 15.3.20220930 (tracked in bsc#933411)
- Added note about SUSEConnect tracking (jsc#SLE-23312)
rsync
- Drop rsync-fix-external-compression.patch, rsync-iconv-segfault.patch

- Fix --delay-updates never updates after interruption [bsc#1204538]
  * Added patch rsync-fix-delay-updates-never-updates-after-interruption.patch
rsyslog
- fix rsyslog crash in imrelp (bsc#1210286)
  * add: 0001-Avoid-crash-on-restart-in-imrelp-SIGTTIN-handler.patch

- fix segfaults in modExit() of imklog.c (bsc#1211757)
  * add 0001-imklog-fix-invalid-memory-adressing-could-cause-abor.patch

- fix removal of imfile state files (bsc#1213212)
  * add 0001-fixing-the-deleteStateOnFileDelete-option.patch

-  fix parsing of legacy config syntax (bsc#1205275)
  * add:
    0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch
    0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch
rubygem-nokogiri
- add 003-CVE-2022-24836.patch (CVE-2022-24836, bsc#1198408)
    fixes possibility to DoS because of inefficient RE in HTML encoding
- add 004_CVE-2022-29181.patch (CVE-2022-29181, bsc#1199782)
    fixes Improper Handling of Unexpected Data Types
runc
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.13. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.12>.
- Rebase patches:
  * 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
  * 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
  * 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
- Backport <https://github.com/opencontainers/runc/pull/3931> to fix a
  performance issue when running lots of containers, caused by system getting
  too many mount notifications. bsc#1214960
  + 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch

- Add upstream patch <https://github.com/opencontainers/runc/pull/4219> to
  properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050
  + 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
  + 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
  + 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch

- Update to runc v1.1.12. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.12>. bsc#1218894
  * This release fixes a container breakout vulnerability (CVE-2024-21626). For
    more details, see the upstream security advisory:
    <https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv>
  * Remove upstreamed patches:
  - CVE-2024-21626.patch
  * Update runc.keyring to match upstream changes.

[ This was only ever released for SLES. ]
- Add upstream patch to fix embargoed issue CVE-2024-21626. bsc#1218894
  <https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv>
  + CVE-2024-21626.patch

- Update to runc v1.1.11. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.11>.

- Update to runc v1.1.10. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.10>.

- Update to runc v1.1.9. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.9>.

- Update to runc v1.1.8. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.8>.

- Update to runc v1.1.7. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.7>.
- Update runc.keyring to upstream version.

- Update to runc v1.1.6. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.6>.

- Update to runc v1.1.5. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.5>.
  Includes fixes for the following CVEs:
  - CVE-2023-25809 bsc#1209884
  - CVE-2023-27561 bsc#1208962
  - CVE-2023-28642 bsc#1209888
  * Fix the inability to use `/dev/null` when inside a container. bsc#1168481
  * Fix changing the ownership of host's `/dev/null` caused by fd redirection
    (a regression in 1.1.1). bsc#1207004
  * Fix rare runc exec/enter unshare error on older kernels.
  * nsexec: Check for errors in `write_log()`.
- Drop version-specific Go requirement.
samba
- Add "net offlinejoin composeodj" command; (bsc#1214076);

- CVE-2023-4091: samba: Client can truncate file with read-only
  permissions; (bsc#1215904); (bso#15439).
- CVE-2023-42669: samba: rpcecho, enabled and running in AD DC,
  allows blocking sleep on request; (bso#1215905); (bso#15474).
- CVE-2023-4154: samba: dirsync allows SYSTEM access with only
  "GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES;
  (bsc#1215908); (bso#15424).

- Move libcluster-samba4.so from samba-libs to samba-client-libs;
  (bsc#1213940);

- secure channel faulty since Windows 10/11 update 07/2023;
  (bso#15418); (bsc#1213384).

- CVE-2022-2127: lm_resp_len not checked properly in
  winbindd_pam_auth_crap_send; (bso#15072); (bsc#1213174).
- CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite
  Loop Denial-of-Service Vulnerability; (bso#15340); (bsc#1213173).
- CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type
  Confusion Denial-of-Service Vulnerability; (bso#15341); (bsc#1213172).
- CVE-2023-34968: Spotlight server-side Share Path Disclosure;
  (bso#15388); (bsc#1213171).

- CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords
  in cleartext; (bso#15315); (bsc#1209481).
- CVE-2023-0225: Samba AD DC "dnsHostname" attribute can be
  deleted by unprivileged authenticated users; (bso#15276);
  (bsc#1209483).
- CVE-2023-0614: samba: Access controlled AD LDAP attributes can
  be discovered; (bso#15270); (bsc#1209485).

- Prevent use after free of messaging_ctdb_fde_ev structs;
  (bso#15293); (bsc#1207416).

- CVE-2022-38023 Additional patches for the PDC role's netlogon
  server; (bso#15240); (bsc#1206504);

- CVE-2021-20251: samba: Bad password count not incremented
  atomically; (bso#14611); (bsc#1206546).

- Update to 4.15.13
  * CVE-2022-37966 rc4-hmac Kerberos session keys issued to
    modern servers; (bso#15237); (bsc#1205385);
  * CVE-2022-37967 Kerberos constrained delegation ticket forgery
    possible against Samba AD DC; (bso#15231); (bsc#1205386);
  * CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
    and should be avoided; (bso#15240); (bsc#1206504);
  * filter-subunit is inefficient with large numbers of
    knownfails; (bso#15258);
  * The KDC logic arround msDs-supportedEncryptionTypes differs
    from Windows; (bso#13135);
  * Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue;
    (bso#15197);
- Remove the systemd drop-in file for named service to allow
  read/write access to the DLZ directory as bind is not using
  systemd filesystem namespaces but bind-chrootenv; (bsc#1205946);

- Install a systemd drop-in file for named service to allow
  read/write access to the DLZ directory; (bsc#1201689);

- Update to 4.15.12
  * CVE-2022-42898: samba: heimdal: Samba buffer overflow
    vulnerabilities on 32-bit systems; (bso#15203); (bsc#1205126).
- Update to 4.15.11
  * Allow rebuild of Centos 8 images after move to vault for
    Samba 4.15; (bso#15193).
  * CVE-2022-3437: samba: Buffer overflow in Heimdal unwrap_des3();
    (bso#15134); (bsc#1204254)

- Update to 4.15.10
  * Possible use after free of connection_struct when iterating
    smbd_server_connection->connections; (bso#15128);
    (bsc#1200102).
  * smbXsrv_connection_shutdown_send result leaked; (bso#15174).
  * Spotlight RPC service returns wrong response when Spotlight
    is disabled on a share; (bso#15086).
  * acl_xattr VFS module may unintentionally use filesystem
    permissions instead of ACL from xattr; (bso#15126).
  * Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1;
    (bso#15153).
  * assert failed: !is_named_stream(smb_fname)") at
    ../../lib/util/fault.c:197; (bso#15161).
  * Missing READ_LEASE break could cause data corruption;
    (bso#15148).
  * rpcclient can crash using setuserinfo(2); (bso#15124).
  * Samba fails to build with glibc 2.36 caused by including
    <sys/mount.h> in libreplace; (bso#15132).
  * SMB1 negotiation can fail to handle connection errors;
    (bso#15152).
  * samba-tool domain join segfault when joining a samba ad
    domain; (bso#15078).
- Update to 4.15.9
  * CVE-2022-32742:SMB1 code does not correct verify SMB1write,
    SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
    (bsc#1201496).
  * CVE-2022-32746: samba: Use-after-free occurring in database
    audit logging; (bso#15009); (bso#15096); (bsc#1201490).
  * CVE-2022-2031: samba, ldb: AD users can bypass certain
    restrictions associated with changing passwords; (bso#15047);
    (bsc#1201495);
  * CVE-2022-32745: samba: ldb: AD users can crash the server
    process with an LDAP add or modify request; (bso#15008);
    (bso#15096); (bsc#1201492).
  * CVE-2022-2031: samba, ldb: AD users can bypass certain
    restrictions associated with changing passwords; (bso#15047);
    (bsc#1201495);
  * CVE-2022-32744: samba, ldb: AD users can forge password change
    requests for any user; (bso#15074); (bso#15047); (bsc#1201493).

- CVE-2022-1615: Do not ignore errors in random number generation;
  (bso#15103); (bsc#1202976);
- CVE-2022-32743: Implement validated dnsHostName write rights;
  (bso#14833); (bsc#1202803);

- Fix Use after free when iterating
  smbd_server_connection->connections after tree disconnect
  failure; (bso#15128); (bsc#1200102).
sed
- 0001-sed-set-correct-umask-on-temporary-files.patch
  Fix for bsc#1221218
000release-packages:sle-module-basesystem-release
n/a
000release-packages:sle-module-public-cloud-release
n/a
000release-packages:sle-module-server-applications-release
n/a
sudo
- Fix NOPASSWD issue introduced by patches for CVE-2023-42465
  [bsc#1221151, bsc#1221134]
  * Update sudo-CVE-2023-42465-1of2.patch sudo-CVE-2023-42465-2of2.patch
  * Enable running regression selftests during build time.

- Security fix: [bsc#1219026, bsc#1220389, CVE-2023-42465]
  * Try to make sudo less vulnerable to ROWHAMMER attacks.
  * Add sudo-CVE-2023-42465-1of2.patch sudo-CVE-2023-42465-2of2.patch

- Fix CVE-2023-28486, sudo does not escape control characters in
  log messages, (CVE-2023-28486, bsc#1209362)
  * Add sudo-CVE-2023-28486.patch
- Fix CVE-2023-28487, sudo does not escape control characters in
  sudoreplay output (CVE-2023-28487, bsc#1209361)

- sudo-dont-enable-read-after-pty_finish.patch
  * bsc#1203201
  * Do not re-enable the reader when flushing the buffers as part
    of pty_finish().
  * While sudo-observe-SIGCHLD patch applied earlier prevents a
    race condition from happening, this fixes a related buffer hang.

- Added sudo-fix_NULL_deref_RunAs.patch
  * bsc#1206483
  * Fix a situation where "sudo -U otheruser -l" would dereference
    a NULL pointer.

- Added sudo-CVE-2023-22809.patch
  * CVE-2023-22809
  * bsc#1207082
  * Prevent '--' in the EDITOR environment variable which can allow
    users to edit sensitive files as root.

- Added sudo-utf8-ldap-schema.patch
  * Change sudo-ldap schema from ASCII to UTF8.
  * Fixes bsc#1197998
  * Credit to William Brown <william.brown@suse.com>
  * https://github.com/sudo-project/sudo/pull/163

- Added sudo-observe-SIGCHLD.patch
  * Make sure SIGCHLD is not ignored when sudo is executed; fixes
    race condition.
  * bsc#1203201
  * Sourced from https://github.com/sudo-project/sudo/commit/727056e

- Added sudo-CVE-2022-43995.patch
  * CVE-2022-43995
  * bsc#1204986
  * Fixed a potential heap-based buffer over-read when entering a password
    of seven characters or fewer and using the crypt() password backend.

- Fixed an issue where some redundant entries in a sudo configuration
  file caused freed memory to be accessed in the error message thus
  wrong information was output in the error message.
  * [bsc#1190818]
  * Added [sudo-1.9.5p2-no_free_alias_name.patch]
    Sourced from the following git commit hashes:
    | 9ed14870c Add garbage collection to the sudoers parser to clean
    up on error. This makes it possible to avoid memory leaks when
    there is a parse error.
    | bdb02b1ef Got back to calling alias_free() on alias_add() failure.
    We now need to remove the name and members from the leak list
  * before* calling alias_add() since alias_add() will consume them
    for both success and failure.
    | b4cabdb39 Don't free the alias name in alias_add() if the alias
    already exists. We need to be able to display it using
    alias_error(). Only free what we actually allocated in alias_add()
    on error and let the caller handle cleanup.  Note that we cannot
    completely fill in the alias until it is inserted.  Otherwise,
    we will have modified the file and members parameters even if
    there was an error. As a result, we have to remove those from the
    leak list after alias_add(), not before.
supportutils-plugin-suse-public-cloud
- Update to version 1.0.9 (bsc#1218762, bsc#1218763)
  + Remove duplicate data collection for the plugin itself
  + Collect archive metering data when available
  + Query billing flavor status

- Update to version 1.0.8 (bsc#1213951)
  + Capture CSP billing adapter config and log (issue#13)
  + Accept upper case Amazon string in DMI table (issue#12)

- Update to version 1.0.7 (bsc#1209026)
  + Include information about the cached registration data
  + Collect the data that is sent to the update infrastructure during
    registration
supportutils
- Changes in version 3.1.30
  + Added -V key:value pair option (bsc#1222021, PED-8211)
  + Avoid getting duplicate kernel verifications in boot.text (pr#193)
  + Suppress file descriptor leak warnings from lvm commands (pr#192, bsc#1220082)
  + Includes container log timestamps (pr#197)

- Changes to version 3.1.29
  + Extended scaling for performance (bsc#1214713)
  + Fixed kdumptool output error (bsc#1218632)
  + Corrected podman ID errors (bsc#1218812)
  + Duplicate non root podman entries removed (bsc#1218814)
  + Corrected get_sles_ver for SLE Micro (bsc#1219241)
  + Check nvidida-persistenced state (bsc#1219639)

- Additional changes in version 3.1.28
  + ipset - List entries for all sets
  + ipvsadm - Inspect the virtual server table (pr#185)
  + Correctly detects Xen Dom0 (bsc#1218201)
  + Fixed smart disk error (bsc#1218282)

- Changes in version 3.1.28
  + Inhibit the conversion of port numbers to port names for network files (cherry picked from commit 55f5f716638fb15e3eb1315443949ed98723d250)
  + powerpc: collect rtas_errd.log and lp_diag.log files (pr#175)
  + Get list of pam.d file (cherry picked from commit eaf35c77fd4bc039fd7e3d779ec1c2c6521283e2)
  + Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173)
  + Added missing klp information to kernel-livepatch.txt (bsc#1216390)
  + Fixed plugins creating empty files when using supportconfig.rc (bsc#1216388)
  + Provides long listing for /etc/sssd/sssd.conf (bsc#1211547)
  + Optimize lsof usage (bsc#1183663)
  + Added mokutil commands for secureboot (pr#179)
  + Collects chrony or ntp as needed (bsc#1196293)

- Changes in version 3.1.27
  + Fixed podman display issue (bsc#1217287)
  + Added nvme-stas configuration to nvme.txt (bsc#1216049)
  + Added timed command to fs-files.txt (bsc#1216827)
  + Collects zypp history file issue#166 (bsc#1216522)
  + Changed -x OPTION to really be exclude only (issue#146)
  + Collect HA related rpm package versions in ha.txt (pr#169)

- Changes in version 3.1.26
  + powerpc plugin to collect the slots and active memory (bsc#1210950)
  + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
  + supportconfig: collect BPF information (pr#154)
  + Added additional iscsi information (pr#155)

- Added run time detection (bsc#1213127)

- ha_info sle15 uses /var/log/pacemaker/ (pq#153)

- Changes for supportutils version 3.1.25
  + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
  + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
  + powerpc: collect invscout logs (pr#150)
  + powerpc: collect RMC status logs (pr#151)
  + Added missing nvme nbft commands (bsc#1211599)
  + Fixed invalid nvme commands (bsc#1211598)
  + Added missing podman information (PED-1703, bsc#1181477)
  + Removed dependency on sysfstools
  + Check for systool use (bsc#1210015)
  + Added selinux checking (bsc#1209979)
  + Updated SLES_VER matrix

- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)

- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
  that `numactl --hardware` data is provided in supportconfigs

- Changes to supportconfig.rc version 3.1.11-35
  + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)

- Changes to supportconfig version 3.1.11-46.4
  + Added plymouth_info

- Changes to getappcore version 1.53.02
  + The location of chkbin was updated earlier. This documents that
    change (bsc#1205533, bsc#1204942)

- Changes to supportconfig version 3.1.11-46.3
  + Added missed sanitation check on crash.txt (bsc#1203818)
- Changes to supportconfig.rc version 3.1.11-30
  + Added check to _sanitize_file
  + Using variable for replement text in _sanitize_file

- Added lifecycle information (issue#140)

- Changes to version 3.1.21
  + Added type output with df command in fs-diskio.txt (issue#141)
  + Gather all files in /etc/security/limits.d/ (issue#142)
  + Fixed KVM virtualization detection on bare metal (bsc#1184689)
  + Added logging using journalctl (bsc#1200330)
  + Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818)
  + Added system logging configuration and checking in messages_config.txt (issue#103)
  + If rsyslog not installed collect more from journalctl (issue#120)
  + Added systemd-status.txt for the status of all service units (issue#125)
  + autofs includes files in (+dir:<path>) (issue#111)
  + Get current sar data before collecting files (bsc#1192648)
  + Collects everything in /etc/multipath/ (bsc#1192252)
  + Collects power management information in hardware.txt (bsc#1197428)
  + Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337)
  + Fixed conf_files and conf_text_files so y2log is gathered (issue#134, bsc#1202269)
  + Update to nvme_info and block_info #133 (bsc#1202417)
  + Added IO scheduler (issue#136)
  + Added includedir directories from /etc/sudoers (bsc#1188086)

- Added a listing to /dev/mapper/. #129
suse-build-key
- added missing ; in shell script (bsc#1227681)

- Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import
  them. (bsc#1227429)
  gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key
  gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key.

- Switch container key to be default RSA 4096bit. (jsc#PED-2777)

- run rpm commands in import script only when libzypp is not
  active. bsc#1219189 bsc#1219123

- run import script also in %posttrans section, but only when
  libzypp is not active. bsc#1219189 bsc#1219123

- replace libzypp-post-script based installation with a systemd timer
  and service.
  - suse-build-key-import.service
  - suse-build-key-import.timer

- add and run a import-suse-build-key scripts, this will be ran
  after installation with libzypp based installers. (jsc#PED-2777)

- Establish multiple new 4096 RSA keys that we will switch
  to mid of 2023. (jsc#PED-2777)
  - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SLE (RPM+repos).
  - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserver key for SLE (RPM+repos).
  - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF RPMs.
  - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem:
    new RSA 4096 key for the SUSE registry registry.suse.com, installed as
    suse-container-key-2023.pem and suse-container-key-2023.asc
  - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem:
    New PTF container signing key for registry.suse.com/ptf/ space.

- added /usr/share/pki/containers directory for container pem keys
  (cosign/sigstore style), put our PEM key there too (bsc#1204706)
suse-module-tools
- Update to version 15.3.18:
  * rpm-script: add symlink /boot/.vmlinuz.hmac (bsc#1217775)

- Update to version 15.3.17:
  * blacklist RNDIS modules (bsc#1205767, jsc#PED-5731, CVE-2023-23559)
  * modprobe.conf: Blacklist cls_tcindex module (bsc#1210335, CVE-2023-1829)

- Update to version 15.3.16:
  * modprobe.conf: s390x: remove softdep on fbcon (boo#1207853)
systemd-default-settings
- Import 0.10
  5088997 SLE: Disable pids controller limit under user instances (jsc#SLE-10123)

- Import 0.9
  bb859bf user@.service: Disable controllers by default (jsc#PED-2276)

- The usage of drop-ins is now the official way for configuring systemd and its
  various daemons on Factory/ALP. Hence the early drop-ins SUSE specific
  "feature" has been abandoned.

- Import 0.8
  f34372f User priority '26' for SLE-Micro
  c8b6f0a Revert "Convert more drop-ins into early ones"

- Import commit 6b8dde1d4f867aff713af6d6830510a84fad58d2
  6b8dde1 Convert more drop-ins into early ones
systemd-presets-branding-SLE
- Enable sysctl-logger (jsc#PED-5024)
systemd-presets-common-SUSE
- Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked
  (bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84)
  Support both the old and new service to avoid complex version interdependency.

- Enable systemd-pstore.service by default (jsc#PED-2663)
tar
- Fix CVE-2023-39804, Incorrectly handled extension attributes in
  PAX archives can lead to a crash, bsc#1217969
  * fix-CVE-2023-39804.patch

- Fix CVE-2022-48303, tar has a one-byte out-of-bounds read that
  results in use of uninitialized memory for a conditional jump
  (CVE-2022-48303, bsc#1207753)
  * fix-CVE-2022-48303.patch
- Fix hang when unpacking test tarball, bsc#1202436
  * remove bsc1202436.patch
  * bsc1202436-1.patch
  * bsc1202436-1.patch

- Fix hang when unpacking test tarball, bsc#1202436
  * bsc1202436.patch

- Fix unexpected inconsistency when making directory, bsc#1203600
  * tar-avoid-overflow-in-symlinks-tests.patch
  * tar-fix-extract-unlink.patch
- Update race condition fix, bsc#1200657
  * tar-fix-race-condition.patch
- Refresh bsc1200657.patch
tcl
- [bsc#1206623], tcl-string-compare.patch:
  Fix [string compare -length] on big endian and improve
  [string equal] on little endian.

- Fix a race condition in test socket-13.1
  (tcl-test-socket-13.1.patch).

- Remove the SQLite extension and package it as a subpackage of
  sqlite3 to have only a single copy and keep it more up to date
  (bsc#1195773).
- Clean up the lib dependencies in tclConfig.sh and tcl.pc.
timezone
- update to 2024a:
  * Kazakhstan unifies on UTC+5.  This affects Asia/Almaty and
    Asia/Qostanay which together represent the eastern portion of the
    country that will transition from UTC+6 on 2024-03-01 at 00:00 to
    join the western portion.  (Thanks to Zhanbolat Raimbekov.)
  * Palestine springs forward a week later than previously predicted
    in 2024 and 2025.  (Thanks to Heba Hamad.)  Change spring-forward
    predictions to the second Saturday after Ramadan, not the first;
    this also affects other predictions starting in 2039.
  * Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00
    not 00:00.  (Thanks to Đoàn Trần Công Danh.)
  * From 1947 through 1949, Toronto's transitions occurred at 02:00
    not 00:00.  (Thanks to Chris Walton.)
  * In 1911 Miquelon adopted standard time on June 15, not May 15.
  * The FROM and TO columns of Rule lines can no longer be "minimum"
    or an abbreviation of "minimum", because TZif files do not support
    DST rules that extend into the indefinite past - although these
    rules were supported when TZif files had only 32-bit data, this
    stopped working when 64-bit TZif files were introduced in 1995.
    This should not be a problem for realistic data, since DST was
    first used in the 20th century.  As a transition aid, FROM columns
    like "minimum" are now diagnosed and then treated as if they were
    the year 1900; this should suffice for TZif files on old systems
    with only 32-bit time_t, and it is more compatible with bugs in
    2023c-and-earlier localtime.c.  (Problem reported by Yoshito
    Umaoka.)
  * localtime and related functions no longer mishandle some
    timestamps that occur about 400 years after a switch to a time
    zone with a DST schedule.  In 2023d data this problem was visible
    for some timestamps in November 2422, November 2822, etc. in
    America/Ciudad_Juarez.  (Problem reported by Gilmore Davidson.)
  * strftime %s now uses tm_gmtoff if available.  (Problem and draft
    patch reported by Dag-Erling Smørgrav.)
  * The strftime man page documents which struct tm members affect
    which conversion specs, and that tzset is called.  (Problems
    reported by Robert Elz and Steve Summit.)

- update to 2023d:
  * Ittoqqortoormiit, Greenland changes time zones on
    2024-03-31.
  * Vostok, Antarctica changed time zones on 2023-12-18.
  * Casey, Antarctica changed time zones five times since
    2020.
  * Code and data fixes for Palestine timestamps starting in
    2072.
  * A new data file zonenow.tab for timestamps starting now.
  * Fix predictions for DST transitions in Palestine in
    2072-2075, correcting a typo introduced in 2023a.
  * Vostok, Antarctica changed to +05 on 2023-12-18.  It had
    been at +07 (not +06) for years.
  * Change data for Casey, Antarctica to agree with
    timeanddate.com, by adding five time zone changes since 2020.
    Casey is now at +08 instead of +11.
  * Much of Greenland, represented by America/Nuuk, changed
    its standard time from -03 to -02 on 2023-03-25, not on
    2023-10-28.
  * localtime.c no longer mishandles TZif files that contain
    a single transition into a DST regime.  Previously,
    it incorrectly assumed DST was in effect before the transition
    too.
  * tzselect no longer creates temporary files.
  * tzselect no longer mishandles the following:
  * Spaces and most other special characters in BUGEMAIL,
    PACKAGE, TZDIR, and VERSION.
  * TZ strings when using mawk 1.4.3, which mishandles
    regular expressions of the form /X{2,}/.
  * ISO 6709 coordinates when using an awk that lacks the
    GNU extension of newlines in -v option-arguments.
  * Non UTF-8 locales when using an iconv command that
    lacks the GNU //TRANSLIT extension.
  * zic no longer mishandles data for Palestine after the
    year 2075.
- Refresh tzdata-china.diff

- timezone update 2023c:
  * Revert changes made in 2023b
- timezone update 2023b:
  * Lebanon delays the start of DST this year.
- timezone update 2023a:
  * Egypt now uses DST again, from April through October.
  * This year Morocco springs forward April 23, not April 30.
  * Palestine delays the start of DST this year.
  * Much of Greenland still uses DST from 2024 on.
  * America/Yellowknife now links to America/Edmonton.
  * tzselect can now use current time to help infer timezone.
  * The code now defaults to C99 or later.
- Refresh tzdata-china.diff

- timezone update 2022g (bsc#1177460):
  * In the Mexican state of Chihuahua, the border strip near the US
    will change to agree with nearby US locations on 2022-11-30.
    The strip's western part, represented by Ciudad Juárez, switches
    from -06 all year to -07/-06 with US DST rules, like El Paso, TX.
    The eastern part, represented by Ojinaga, will observe US DST next
    year, like Presidio, TX.
    A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
  * Much of Greenland, represented by America/Nuuk, stops observing
    winter time after March 2023, so its daylight saving time becomes
    standard time.
  * Changes for pre-1996 northern Canada
  * Update to past DST transition in Colombia (1993), Singapore
    (1981)
  * timegm is now supported by default

- timezone update 2022f (bsc#1177460):
  * Mexico will no longer observe DST except near the US border
  * Chihuahua moves to year-round -06 on 2022-10-30
  * Fiji no longer observes DST
  * Move links to 'backward'
  * In vanguard form, GMT is now a Zone and Etc/GMT a link
  * zic now supports links to links, and vanguard form uses this
  * Simplify four Ontario zones
  * Fix a Y2438 bug when reading TZif data
  * Enable 64-bit time_t on 32-bit glibc platforms
  * Omit large-file support when no longer needed
  * In C code, use some C23 features if available
  * Remove no-longer-needed workaround for Qt bug 53071
- Refreshed patches:
  * fat.patch
  * tzdata-china.diff

- timezone update 2022e (bsc#1177460):
  * Jordan and Syria switch from +02/+03 with DST to year-round +03
- timezone update 2022d:
  * Palestine transitions are now Saturdays at 02:00
  * Simplify three Ukraine zones into one
- timezone update 2022c:
  * Work around awk bug
  * Improve tzselect on intercontinental Zones
- timezone update 2022b:
  * Chile's DST is delayed by a week in September 2022 boo#1202324
  * Iran no longer observes DST after 2022
  * Rename Europe/Kiev to Europe/Kyiv
  * New zic -R option
  * Vanguard form now uses %z
  * Finish moving duplicate-since-1970 zones to 'backzone'
- Refresh tzdata-china.diff
- Remove upstreamed bsc1202310.patch
util-linux-systemd
- Properly neutralize escape sequences in wall
  (util-linux-CVE-2024-28085.patch, bsc#1221831, CVE-2024-28085,
  and its prerequisites: util-linux-fputs_careful1.patch,
  util-linux-wall-migrate-to-memstream.patch
  util-linux-fputs_careful2.patch).

- Add upstream patch
  util-linux-libuuid-avoid-truncate-clocks.txt-to-improve-perform.patch
  bsc#1207987 gh#util-linux/util-linux@1d98827edde4

- Add upstream patch fix-lib-internal-cache-size.patch
  bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9

- Fix tests not passing when '@' character is in build path:
  Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
- Add util-linux-fix-tests-when-at-symbol-in-path.patch

- libuuid continuous clock handling for time based UUIDs:
  Prevent use of the new libuuid ABI by uuidd %post before update
  of libuuid1 (bsc#1205646).
- util-linux-uuidd-prevent-root-owning.patch: Use chown --quiet
  to prevent error message if /var/lib/libuuid/clock.txt does not
  exist.

- Fix file conflict during upgrade (boo#1204211).

- libuuid improvements (bsc#1201959, PED-1150):
  * libuuid: Fix range when parsing UUIDs
    (util-linux-libuuid-uuid_parse-overrun.patch).
  * Improve cache handling for short running applications-increment
    the cache size over runtime
    (util-linux-libuuid-improve-cache-handling.patch).
  * Implement continuous clock handling for time based UUIDs
    (util-linux-libuuid-continuous-clock-handling.patch).
  * Check clock value from clock file to provide seamless libuuid
    update (util-linux-libuuid-check-clock-value.patch).
vim
- Updated to version 9.1 with patch level 0330, fixes the following problems
  * Fixing bsc#1220763 - vim gets Segmentation fault after updating to version 9.1.0111-150500.20.9.1
- refreshed vim-7.3-filetype_spec.patch
- refreshed vim-7.3-filetype_ftl.patch
- Update spec.skeleton to use autosetup in place of setup macro.
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.1.0111...v9.1.0330

- Updated to version 9.1 with patch level 0111, fixes the following security problems
  * Fixing bsc#1217316 (CVE-2023-48231) - VUL-0: CVE-2023-48231: vim: Use-After-Free in win_close()
  * Fixing bsc#1217320 (CVE-2023-48232) - VUL-0: CVE-2023-48232: vim: Floating point Exception in adjust_plines_for_skipcol()
  * Fixing bsc#1217321 (CVE-2023-48233) - VUL-0: CVE-2023-48233: vim: overflow with count for :s command
  * Fixing bsc#1217324 (CVE-2023-48234) - VUL-0: CVE-2023-48234: vim: overflow in nv_z_get_count
  * Fixing bsc#1217326 (CVE-2023-48235) - VUL-0: CVE-2023-48235: vim: overflow in ex address parsing
  * Fixing bsc#1217329 (CVE-2023-48236) - VUL-0: CVE-2023-48236: vim: overflow in get_number
  * Fixing bsc#1217330 (CVE-2023-48237) - VUL-0: CVE-2023-48237: vim: overflow in shift_line
  * Fixing bsc#1217432 (CVE-2023-48706) - VUL-0: CVE-2023-48706: vim: heap-use-after-free in ex_substitute
  * Fixing bsc#1219581 (CVE-2024-22667) - VUL-0: CVE-2024-22667: vim: stack-based buffer overflow in did_set_langmap function in map.c
  * Fixing bsc#1215005 (CVE-2023-4750) - VUL-0: CVE-2023-4750: vim: Heap use-after-free in function bt_quickfix
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111

- Updated to version 9.0 with patch level 2103, fixes the following security problems
  * Fixing bsc#1215940 (CVE-2023-5344) - VUL-0: CVE-2023-5344: vim: Heap-based Buffer Overflow in vim prior to 9.0.1969.
  * Fixing bsc#1216001 (CVE-2023-5441) - VUL-0: CVE-2023-5441: vim: segfault in exmode when redrawing
  * Fixing bsc#1216167 (CVE-2023-5535) - VUL-0: CVE-2023-5535: vim: use-after-free from buf_contents_changed()
  * Fixing bsc#1216696 (CVE-2023-46246) - VUL-0: CVE-2023-46246: vim: Integer Overflow in :history command
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1894...v9.0.2103

- Updated to version 9.0 with patch level 1894, fixes the following security problems
  * Fixing bsc#1214922 (CVE-2023-4738) - VUL-0: CVE-2023-4738: vim: heap-buffer-overflow in vim_regsub_both
  * Fixing bsc#1214924 (CVE-2023-4735) - VUL-0: CVE-2023-4735: vim: OOB Write ops.c
  * Fixing bsc#1214925 (CVE-2023-4734) - VUL-0: CVE-2023-4734: vim: segmentation fault in function f_fullcommand
  * Fixing bsc#1215004 (CVE-2023-4733) - VUL-0: CVE-2023-4733: vim: use-after-free in function buflist_altfpos
  * Fixing bsc#1215006 (CVE-2023-4752) - VUL-0: CVE-2023-4752: vim: Heap Use After Free in function ins_compl_get_exp
  * Fixing bsc#1215033 (CVE-2023-4781) - VUL-0: CVE-2023-4781: vim: heap-buffer-overflow in function vim_regsub_both
- drop patches: disable-unreliable-tests.patch
    ignore-flaky-test-failure.patch
    vim-8.1.0297-dump3.patch
- dropped %check - most of tests didn't work correctly in OBS
    and maintenance burden of this was getting too big
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1632...v9.0.1894

- Use app icon generated from vimlogo.eps in source tarball; add
  higher res icons of sizes 128, 256, and 512px as png sources.
  Our current icons deviate from upstream flatpaks for example.
- Updated to version 9.0 with patch level 1632
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1443...v9.0.1632

- Updated to version 9.0 with patch level 1572, fixes the following security problems
  * Fixing bsc#1210996 (CVE-2023-2426) - VUL-0: CVE-2023-2426: vim: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
  * Fixing bsc#1211256 (CVE-2023-2609) - VUL-1: CVE-2023-2609: vim: NULL Pointer Dereference prior to 9.0.1531
  * Fixing bsc#1211257 (CVE-2023-2610) - VUL-1: CVE-2023-2610: vim: Integer Overflow or Wraparound prior to 9.0.1532
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1443...v9.0.1572

- Fixing bsc#1211461 - L3: vim "eats" first character from prompt in xterm
  * Add: reorder-exit-raw-mode.patch
  * Swaps out_str_t_TE() and cursor_on() during exit to prevent missing characters in xterm prompt on exit.

- Fixing bsc#1211144 - [Build 96.1] openQA test fails in zypper_migration - conflict between xxd and vim
  * Revert the creation standalone xxd packages

- Updated to version 9.0 with patch level 1443, fixes the following security problems
  * Fixing bsc#1209042 (CVE-2023-1264) - VUL-0: CVE-2023-1264: vim: NULL Pointer Dereference vim prior to 9.0.1392
  * Fixing bsc#1209187 (CVE-2023-1355) - VUL-0: CVE-2023-1355: vim: NULL Pointer Dereference prior to 9.0.1402.
  * Fixing bsc#1208828 (CVE-2023-1127) - VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- drop vim-8.0-ttytype-test.patch as it changes test_options.vim which we
  remove during %prep anyway. And this breaks quilt setup.
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1386...v9.0.1443

- Updated to version 9.0 with patch level 1386, fixes the following security problems
  * Fixing bsc#1207780 - (CVE-2023-0512) VUL-0: CVE-2023-0512: vim: Divide By Zero in GitHub repository vim/vim prior to 9.0.1247
  * Fixing bsc#1208957 - (CVE-2023-1175) VUL-0: CVE-2023-1175: vim: Incorrect Calculation of Buffer Size
  * Fixing bsc#1208959 - (CVE-2023-1170) VUL-0: CVE-2023-1170: vim: Heap-based Buffer Overflow in vim prior to 9.0.1376
  * Fixing bsc#1208828 - (CVE-2023-1127) VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386

- Updated to version 9.0 with patch level 1234, fixes the following security problems
  * Fixing bsc#1207396 VUL-0: CVE-2023-0433: vim: Heap-based Buffer Overflow in vim prior to 9.0.1225
  * Fixing bsc#1207162 VUL-1: CVE-2023-0288: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
  * Fixing bsc#1206868 VUL-1: CVE-2023-0054: vim: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
  * Fixing bsc#1206867 VUL-1: CVE-2023-0051: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
  * Fixing bsc#1206866 VUL-1: CVE-2023-0049: vim: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
- refreshed vim-7.4-highlight_fstab.patch
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1040...v9.0.1234

- Updated to version 9.0 with patch level 1040, fixes the following security problems
  * Fixing bsc#1206028 VUL-0: CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742
  * Fixing bsc#1206071 VUL-0: CVE-2022-3520: vim: Heap-based Buffer Overflow
  * Fixing bsc#1206072 VUL-0: CVE-2022-3591: vim: Use After Free
  * Fixing bsc#1206075 VUL-0: CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882.
  * Fixing bsc#1206077 VUL-0: CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
  * Fixing bsc#1205797 VUL-0: CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11
  * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.814...v9.0.1040

- Updated to version 9.0 with patch level 0814, fixes the following problems
  * Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
  * Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483.
  * Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490.
  * Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598.
  * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
  * Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer()
  * Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c
  * Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c
  * Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c
  * Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag()
  * Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
  * Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c
  * Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free
  * Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse()
  * Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321
- ignore-flaky-test-failure.patch: Ignore failure of flaky tests
- disable-unreliable-tests-arch.patch: Removed
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.0313...v9.0.0814
wget
- Fix mishandled semicolons in the userinfo subcomponent could lead to an
  insecure behavior in which data that was supposed to be in the userinfo
  subcomponent is misinterpreted to be part of the host subcomponent.
  [bsc#1226419, CVE-2024-38428, properly-re-implement-userinfo-parsing.patch]

- Update 0001-possibly-truncate-pathname-components.patch
  * Truncate file name even if no directory structure
  * [bsc#1204720]
wicked
- Update to version 0.6.76
  - compat-suse: warn user and create missing parent config of
    infiniband children (gh#openSUSE/wicked#1027)
  - client: fix origin in loaded xml-config with obsolete port
    references but missing port interface config, causing a
    no-carrier of master (bsc#1226125)
  - ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976)
  - wireless: add frequency-list in station mode (jsc#PED-8715)
  - client: fix crash while hierarchy traversing due to loop in
    e.g. systemd-nspawn containers (bsc#1226664)
  - man: add supported bonding options to ifcfg-bonding(5) man page
    (gh#openSUSE/wicked#1021)
  - arputil: Document minimal interval for getopts (gh#openSUSE/wicked#1019)
  - man: (re)generate man pages from md sources (gh#openSUSE/wicked#1018)
  - client: warn on interface wait time reached (gh#openSUSE/wicked#1017)
  - compat-suse: fix dummy type detection from ifname to not cause
    conflicts with e.g. correct vlan config on dummy0.42 interfaces
    (gh#openSUSE/wicked#1016)
  - compat-suse: fix infiniband and infiniband child type detection
    from ifname (gh#openSUSE/wicked#1015)
- Removed patches included in the source archive:
  [- 0001-ifreload-pull-UP-again-on-master-lower-changes-bsc1224100.patch]
  [- 0002-increase-arp-retry-attempts-on-sending-bsc1218668.patch]

- arp: increase arp-send retry value to avoid address configuration
  failure due to ENOBUF reported by kernel while duplicate address
  detection with underlying bonding in 802.3ad mode reporting link
  "up & running" too early (bsc#1218668, gh#openSUSE/wicked#1020,
  gh#openSUSE/wicked#1020).
  [+ 0002-increase-arp-retry-attempts-on-sending-bsc1218668.patch]

- client: fix ifreload to pull UP ports/links again when the config
  of their master/lower changed (bsc#1224100,gh#openSUSE/wicked#1014).
  [+ 0001-ifreload-pull-UP-again-on-master-lower-changes-bsc1224100.patch]

- Update to version 0.6.75:
  - cleanup: fix ni_fsm_state_t enum-int-mismatch warnings
  - cleanup: fix overflow warnings in a socket testcase on i586
  - ifcheck: report new and deleted configs as changed (bsc#1218926)
  - man: improve ARP configuration options in the wicked-config.5
  - bond: add ports when master is UP to avoid port MTU revert (bsc#1219108)
  - cleanup: fix interface dependencies and shutdown order (bsc#1205604)
  - Remove port arrays from bond,team,bridge,ovs-bridge (redundant)
    and consistently use config and state info attached to the port
    interface as in rtnetlink(7).
  - Cleanup ifcfg parsing, schema configuration and service properties
  - Migrate ports in xml config and policies already applied in nanny
  - Remove "missed config" generation from finite state machine, which
    is completed while parsing the config or while xml config migration.
  - Issue a warning when "lower" interface (e.g. eth0) config is missed
    while parsing config depending on it (e.g. eth0.42 vlan).
  - Resolve ovs master to the effective bridge in config and wickedd
  - Implement netif-check-state require checks using system relations
    from wickedd/kernel instead of config relations for ifdown and add
    linkDown and deleteDevice checks to all master and lower references.
  - Add a `wicked <ifup|ifdown|ifreload> --dry-run …` option to show the
    system/config interface hierarchies as notice with +/- marked
    interfaces to setup and/or shutdown.
- Removed patches included in the source archive:
  [- 0001-addrconf-fix-fallback-lease-drop-bsc-1220996.patch]
  [- 0002-extensions-nbft-replace-nvme-show-nbft-with-nvme-nbf.patch]
  [- 0003-move-all-attribute-definitions-to-compiler-h.patch]
  [- 0004-hide-secrets-in-debug-log-bsc-1221194.patch]
  [- 0005-client-do-to-not-convert-sec-to-msec-twice-bsc-1222105.patch]

- client: do not convert sec to msec twice (bsc#1222105)
  [+ 0005-client-do-to-not-convert-sec-to-msec-twice-bsc-1222105.patch]

- addrconf: fix fallback-lease drop (bsc#1220996)
  [+ 0001-addrconf-fix-fallback-lease-drop-bsc-1220996.patch]
- extensions/nbft: use upstream `nvme nbft show` (bsc#1221358)
  [+ 0002-extensions-nbft-replace-nvme-show-nbft-with-nvme-nbf.patch]
- hide secrets in debug log (bsc#1221194)
  [+ 0003-move-all-attribute-definitions-to-compiler-h.patch]
  [+ 0004-hide-secrets-in-debug-log-bsc-1221194.patch]

- update to version 0.6.74
  + team: add new options like link_watch_policy (jsc#PED-7183)
  + Fix memory leaks in dbus variant destroy and fsm free (gh#openSUSE/wicked#1001)
  + xpath: allow underscore in node identifier (gh#openSUSE/wicked#999)
  + vxlan: don't format unknown rtnl attrs (bsc#1219751)
- removed patches included in the source archive:
  [- 0009-ifreload-VLAN-changes-require-device-deletion-bsc-12.patch]
  [- 0008-ifcheck-fix-config-changed-check-bsc-1218926.patch]
  [- 0007-Fix-ifstatus-exit-code-for-NI_WICKED_ST_NO_CARRIER-s.patch]
  [- 0006-dhcp6-omit-the-SO_REUSEPORT-option-bsc-1215692.patch]
  [- 0005-duid-fix-comment-for-v6time.patch]
  [- 0004-rtnl-parse-peer-address-on-non-ptp-interfaces.patch]
  [- 0003-rtnl-pass-ifname-in-newaddr-parsing-and-logging.patch]
  [- 0002-system-updater-Parse-updater-format-from-XML-configu.patch]
  [- 0001-fix_arp_notify_loop_and_burst_sending.patch]

- ifreload: VLAN changes require device deletion (bsc#1218927)
  [+ 0009-ifreload-VLAN-changes-require-device-deletion-bsc-12.patch]
- ifcheck: fix config changed check (bsc#1218926)
  [+ 0008-ifcheck-fix-config-changed-check-bsc-1218926.patch]
- client: fix exit code for no-carrier status (bsc#1219265)
  [+ 0007-Fix-ifstatus-exit-code-for-NI_WICKED_ST_NO_CARRIER-s.patch]
- dhcp6: omit the SO_REUSEPORT option (bsc#1215692)
  [+ 0006-dhcp6-omit-the-SO_REUSEPORT-option-bsc-1215692.patch]
- duid: fix comment for v6time
  (https://github.com/openSUSE/wicked/pull/989)
  [+ 0005-duid-fix-comment-for-v6time.patch]
- rtnl: fix peer address parsing for non ptp-interfaces
  (https://github.com/openSUSE/wicked/pull/987,
  https://github.com/openSUSE/wicked/pull/988)
  [+ 0003-rtnl-pass-ifname-in-newaddr-parsing-and-logging.patch]
  [+ 0004-rtnl-parse-peer-address-on-non-ptp-interfaces.patch]
- system-updater: Parse updater format from XML configuration to
  ensure install calls can run.
  (https://github.com/openSUSE/wicked/pull/985)
  [+ 0002-system-updater-Parse-updater-format-from-XML-configu.patch]

- ifconfig: fix arp notify loop (boo#1212806) and burst sending
  [+ 0001-fix_arp_notify_loop_and_burst_sending.patch]

- update to version 0.6.73
- spec: cleanup artefacts and fix some rpmlint warnings
- arp: allow verify/notify counter and interval configuration
- arp: handle ENOBUFS sending errors (bsc#1203300)
- extensions: improve environment variable handling
- firmware: refactor firmware extension definition
- firmware: enable, disable and revert cli commands
- code cleanup: fix memory leaks, add array/list utils
- wireless: Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026)
- cleanup /var/run leftovers in extension scripts (bsc#1194557)
- json: output formatting improvements and Unicode support
- bond: workaround 6.1 kernel enslave regression (boo#1206674)
- update to version 0.6.72
- client: add `wicked firmware extensions|interfaces|enable|disable`
  command to improve `ibft`,`nbft`,`redfish` firmware extension and
  interface handling.
- client: improve error handling in netif firmware discovery
  extension execution and extension definition overrides in
  the wicked-config.
- nanny: fix use-after-free in debug mode (bsc#1206447)
- spec: replace transitional `%usrmerged` macro with regular
  version check (boo#1206798)
- client: improve to show `no-carrier` in ifstatus output
- linux: cleanup inclusions and update uapi header to 6.0
- ethtool: link mode nwords cleanup and new advertise mode names
- update to version 0.6.71
- dhcp: enable raw-ip support for wwan-qmi interfaces (jsc#PED-90)
- schema: fix the ip rule to-selector to handle network prefixes
- spec: Add /etc/sysconfig/network to file list, no longer in the
  default list of a cleaned up filesystem package on tumbleweed
  (https://github.com/openSUSE/wicked/pull/939).

- version 0.6.70
- build: Link as Position Independent Executable (bsc#1184124)
- dhcp4: Fix issues in reuse of last lease (bsc#1187655)
- dhcp6: Add option to refresh lease (jsc#SLE-9492,jsc#SLE-24307)
- dhcp6: Remove address before release (USGv6 DHCPv6_1_2_07b)
- dhcp6: Ignore lease release status (USGv6 DHCPv6_1_2_07e,1_3_03)
- dhcp6: Consider ppp interfaces supported (gh#openSUSE/wicked#924)
- team: Fix to configure port priority in teamd (bsc#1200505)
- firewall-ext: No config change on ifdown (bsc#1201053,bsc#118950)
- wireless: Fix SEGV on supplicant restart (gh#openSUSE/wicked#931)
- wireless: Add support for WPA3 and PMF (bsc#1198894)
- wireless: Remove libiw dependencies (gh#openSUSE/wicked#910)
- client: Fix SEGV on empty xpath results (gh#openSUSE/wicked#919)
- client: Add release options to ifdown/ifreload (jsc#SLE-10249)
- dbus: Clear string array before append (gh#openSUSE/wicked#913)
- socket: Fix SEGV on heavy socket restart errors (bsc#1192508)
- systemd: Remove systemd-udev-settle dependency (bsc#1186787)
- version 0.6.69
- redfish: decode smbios and setup host interface
  Add initial support to decode the SMBIOS Management Controller Host
  Interface (Type 42) structure and expose it as wicked `firmware:redfish`
  configuration to setup a Host Network Interface (to the BMC) using the
  `Redfish over IP` protocol allowing access to the Redfish Service (via
  redfish-localhost in /etc/hosts) used to manage the computer system.
  Tech Preview (jsc#SLE-17762).
- buffer: fix size_t length downcast to uint, add guards to init functions
- wireless: fix to not expect colons in 64byte long wpa-psk hex hash string
- xml-schema: reference counting fix to not crash at exit on schema errors
- compat-suse: match sysctl.d /etc vs. /run read order with systemd-sysctl,
  remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5.
- compat-suse: fix reading of sysctl addr_gen_mode to wrong variable
- auto6: fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429)
- removed obsolete patch included in the master sources (bsc#1194392)
  [- 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch]
xen
- bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86
  guest IRQ handling (XSA-458)
  xsa458.patch

- bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch
  History Injection (XSA-456)
  Corrections to the following patches
  xsa456-5.patch
  xsa456-6.patch

- bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch
  History Injection (XSA-456)
  xsa456-0a.patch
  xsa456-0b.patch
  xsa456-0c.patch
  xsa456-0d.patch
  xsa456-0e.patch
  xsa456-0f.patch
  xsa456-0g.patch
  xsa456-0h.patch
  xsa456-0i.patch
  xsa456-0j.patch
  xsa456-0k.patch
  xsa456-0l.patch
  xsa456-0m.patch
  xsa456-0n.patch
  xsa456-0o.patch
  xsa456-0p.patch
  xsa456-1.patch
  xsa456-2.patch
  xsa456-3.patch
  xsa456-4.patch
  xsa456-5.patch
  xsa456-6.patch
  xsa456-7.patch

- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
  trigger Xen bug check (XSA-454)
  xsa454-1.patch
  xsa454-2.patch
- bsc#1222302 - VUL-0: CVE-2024-31142: xen: x86: Incorrect logic
  for BTC/SRSO mitigations (XSA-455)
  xsa455.patch

- bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data
  Sampling (XSA-452)
  xsa452-1.patch
  xsa452-2.patch
  xsa452-3.patch
  xsa452-4.patch
  xsa452-5.patch
  xsa452-6.patch
  xsa452-7.patch
- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative
  Race Conditions (XSA-453)
  xsa453-1.patch
  xsa453-2.patch
  xsa453-3.patch
  xsa453-4.patch
  xsa453-5.patch
  xsa453-6.patch
  xsa453-7.patch
  xsa453-8.patch
- Modified xsa451.patch (bsc#1219885)

- bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs
  exceptions from emulation stubs (XSA-451)
  xsa451.patch

- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
  assigned to incorrect contexts (XSA-449)
  xsa449.patch

- bsc#1216807 - VUL-0: CVE-2023-46836: xen: x86: BTC/SRSO fixes not
  fully effective (XSA-446)
  xsa446.patch

- bsc#1216654 - VUL-0: CVE-2023-46835: xen: x86/AMD: mismatch in
  IOMMU quarantine page table levels (XSA-445)
  xsa445.patch

- bsc#1215744 - VUL-0: CVE-2023-34323: xen: xenstored: A
  transaction conflict can crash C Xenstored (XSA-440)
  xsa440.patch
- bsc#1215746 - VUL-0: CVE-2023-34326: xen: x86/AMD: missing IOMMU
  TLB flushing (XSA-442)
  xsa442.patch
- bsc#1215747 - VUL-0: CVE-2023-34325: xen: Multiple
  vulnerabilities in libfsimage disk handling (XSA-443)
  xsa443-01.patch
  xsa443-02.patch
  xsa443-03.patch
  xsa443-04.patch
  xsa443-05.patch
  xsa443-06.patch
  xsa443-07.patch
  xsa443-08.patch
  xsa443-09.patch
  xsa443-10.patch
  xsa443-11.patch
- bsc#1215748 - VUL-0: CVE-2023-34327,CVE-2023-34328: xen: x86/AMD:
  Debug Mask handling (XSA-444)
  xsa444-1.patch
  xsa444-2.patch

- bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional
  execution leak via division by zero (XSA-439)
  xsa439-01.patch
  xsa439-02.patch
  xsa439-03.patch
  xsa439-04.patch
  xsa439-05.patch
  xsa439-06.patch
  xsa439-07.patch
  xsa439-08.patch
  xsa439-09.patch
- bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow
  reference dropped too early for 64-bit PV guests (XSA-438)
  xsa438.patch
- bsc#1213616 - VUL-0: CVE-2023-20593: xen: x86/AMD: Zenbleed
  (XSA-433)
  64e5b4ac-x86-AMD-extend-Zenbleed-check.patch

- Handle potential unaligned access to bitmap in
  libxc-sr-restore-hvm-legacy-superpage.patch
  If setting BITS_PER_LONG at once, the initial bit must be aligned

- Update to Xen 4.14.6 bug fix release (bsc#1027519)
  xen-4.14.6-testing-src.tar.bz2
  * No upstream changelog found in sources or webpage
- bsc#1214082 - VUL-0: CVE-2023-20569: xen: x86/AMD: Speculative
  Return Stack Overflow (XSA-434)
- bsc#1214083 - VUL-0: CVE-2022-40982: xen: x86/Intel: Gather Data
  Sampling (XSA-435)
- Dropped patches contained in new tarball
  62a1e594-x86-clean-up-_get_page_type.patch
  62a1e5b0-x86-ABAC-race-in-_get_page_type.patch
  62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch
  62a1e5f0-x86-dont-change-cacheability-of-directmap.patch
  62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch
  62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch
  62a1e649-x86-track-and-flush-non-coherent.patch
  62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch
  62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch
  62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch
  62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch
  62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch
  62cc31ee-cmdline-extend-parse_boolean.patch
  62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch
  62cd91d0-x86-spec-ctrl-rework-context-switching.patch
  62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch
  62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch
  62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
  62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch
  62cd91d5-x86-cpuid-BTC_NO-enum.patch
  62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch
  62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch
  62dfe40a-x86-mm-gpt-TLB-flush-condition.patch
  62f27ebd-x86-expose-more-MSR_ARCH_CAPS-to-hwdom.patch
  62f51e16-x86-spec-ctrl-enum-PBRSB_NO.patch
  62f523da-AMD-setup_force_cpu_cap-BSP-only.patch
  63455f82-Arm-P2M-prevent-adding-mapping-when-dying.patch
  63455fa8-Arm-P2M-preempt-when-freeing-intermediate.patch
  63455fc3-x86-p2m_teardown-allow-skip-root-pt-removal.patch
  63455fe4-x86-HAP-monitor-table-error-handling.patch
  63456000-x86-tolerate-sh_set_toplevel_shadow-failure.patch
  6345601d-x86-tolerate-shadow_prealloc-failure.patch
  6345603a-x86-P2M-refuse-new-alloc-for-dying.patch
  63456057-x86-P2M-truly-free-paging-pool-for-dying.patch
  63456075-x86-P2M-free-paging-pool-preemptively.patch
  63456090-x86-p2m_teardown-preemption.patch
  63456175-libxl-per-arch-extra-default-paging-memory.patch
  63456177-Arm-construct-P2M-pool-for-guests.patch
  6345617a-Arm-XEN_DOMCTL_shadow_op.patch
  6345617c-Arm-take-P2M-pages-P2M-pool.patch
  634561aa-gnttab-locking-on-transitive-copy-error-path.patch
  6351095c-Arm-rework-p2m_init.patch
  6351096a-Arm-P2M-populate-pages-for-GICv2-mapping.patch
  63569723-x86-shadow-replace-bogus-assertions.patch
  636a9130-x86-spec-ctrl-Enumeration-for-IBPB_RET.patch
  636a9130-x86-spec-ctrl-Mitigate-IBPB-not-flushing-the-RSB-RAS.patch
  xsa326-01.patch
  xsa326-02.patch
  xsa326-03.patch
  xsa326-04.patch
  xsa326-05.patch
  xsa326-06.patch
  xsa326-07.patch
  xsa326-08.patch
  xsa326-09.patch
  xsa326-10.patch
  xsa326-11.patch
  xsa326-12.patch
  xsa326-13.patch
  xsa326-14.patch
  xsa326-15.patch
  xsa326-16.patch
  xsa403.patch
  xsa414.patch
  xsa415.patch
  xsa416.patch
  xsa417.patch
  xsa418-01.patch
  xsa418-02.patch
  xsa418-03.patch
  xsa418-04.patch
  xsa418-05.patch
  xsa418-06.patch
  xsa419-01.patch
  xsa419-02.patch
  xsa419-03.patch
  xsa421-01.patch
  xsa421-02.patch
  xsa427.patch
  xsa428-1.patch
  xsa428-2.patch
  xsa429.patch
  xsa433.patch

- Handle potential off-by-one errors in libxc-sr-xg_sr_bitmap.patch
  A bit is an index in bitmap, while bits is the allocated size
  of the bitmap.

- bsc#1213616 - VUL-0: CVE-2023-20593: xen: x86/AMD: Zenbleed
  (XSA-433)
  xsa433.patch
- Updated fix for XSA-417 (bsc#1204489)
  64ba268b-xenstore-fix-XSA-417.patch

- bsc#1209017 - VUL-0: CVE-2022-42332: xen: x86 shadow plus
  log-dirty mode use-after-free (XSA-427)
  xsa427.patch
- bsc#1209018 - VUL-0: CVE-2022-42333,CVE-2022-42334: xen: x86/HVM
  pinned cache attributes mis-handling (XSA-428)
  xsa428-1.patch
  xsa428-2.patch
- bsc#1209019 - VUL-0: CVE-2022-42331: xen: x86: speculative
  vulnerability in 32bit SYSCALL path (XSA-429)
  xsa429.patch

- Upstream bug fixes (bsc#1027519)
  63624fa6-xenstored-call-remove_domid_from_perm-for-special.patch
  637b5f4f-efifb-ignore-invalid.patch
  63a03e28-x86-high-freq-TSC-overflow.patch
- Re-order some patches back into their proper upstream sequence.

- bsc#1205209 - VUL-0: CVE-2022-23824: xen: x86: Multiple
  speculative security issues (XSA-422)
  636a9130-x86-spec-ctrl-Enumeration-for-IBPB_RET.patch
  636a9130-x86-spec-ctrl-Mitigate-IBPB-not-flushing-the-RSB-RAS.patch

- bsc#1193923 - VUL-1: xen: Frontends vulnerable to backends
  (XSA-376)
  61dd5f64-limit-support-statement-for-Linux-and-Windows-frontends.patch

- bsc#1204482 - VUL-0: CVE-2022-42311, CVE-2022-42312,
  CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316,
  CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let
  xenstored run out of memory (XSA-326)
  xsa326-10.patch (correction)

- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may
  take excessively long (XSA-410)
  63455f82-Arm-P2M-prevent-adding-mapping-when-dying.patch
  63455fa8-Arm-P2M-preempt-when-freeing-intermediate.patch
  63455fc3-x86-p2m_teardown-allow-skip-root-pt-removal.patch
  63455fe4-x86-HAP-monitor-table-error-handling.patch
  63456000-x86-tolerate-sh_set_toplevel_shadow-failure.patch
  6345601d-x86-tolerate-shadow_prealloc-failure.patch
  6345603a-x86-P2M-refuse-new-alloc-for-dying.patch
  63456057-x86-P2M-truly-free-paging-pool-for-dying.patch
  63456075-x86-P2M-free-paging-pool-preemptively.patch
  63456090-x86-p2m_teardown-preemption.patch
- bcs#1203804 - VUL-0: CVE-2022-33747: xen: unbounded memory consumption
  for 2nd-level page tables on ARM systems (XSA-409)
  63456175-libxl-per-arch-extra-default-paging-memory.patch
  63456177-Arm-construct-P2M-pool-for-guests.patch
  6345617a-Arm-XEN_DOMCTL_shadow_op.patch
  6345617c-Arm-take-P2M-pages-P2M-pool.patch
- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in
  transitive grant copy handling (XSA-411)
  634561aa-gnttab-locking-on-transitive-copy-error-path.patch
- Upstream bug fixes (bsc#1027519)
  6306185f-x86-XSTATE-CPUID-subleaf-1-EBX.patch
  6346e404-VMX-correct-error-handling-in-vmx_create_vmcs.patch
  6351095c-Arm-rework-p2m_init.patch
  6351096a-Arm-P2M-populate-pages-for-GICv2-mapping.patch
  635274c0-EFI-dont-convert-runtime-mem-to-RAM.patch
  635665fb-sched-fix-restore_vcpu_affinity.patch
  63569723-x86-shadow-replace-bogus-assertions.patch
- Drop patches replaced by upstream versions:
  xsa410-01.patch
  xsa410-02.patch
  xsa410-03.patch
  xsa410-04.patch
  xsa410-05.patch
  xsa410-06.patch
  xsa410-07.patch
  xsa410-08.patch
  xsa410-09.patch
  xsa410-10.patch
  xsa411.patch

- bsc#1204482 - VUL-0: CVE-2022-42311, CVE-2022-42312,
  CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316,
  CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let
  xenstored run out of memory (XSA-326)
  xsa326-01.patch
  xsa326-02.patch
  xsa326-03.patch
  xsa326-04.patch
  xsa326-05.patch
  xsa326-06.patch
  xsa326-07.patch
  xsa326-08.patch
  xsa326-09.patch
  xsa326-10.patch
  xsa326-11.patch
  xsa326-12.patch
  xsa326-13.patch
  xsa326-14.patch
  xsa326-15.patch
  xsa326-16.patch
- bsc#1204485 - VUL-0: CVE-2022-42309: xen: Xenstore: Guests can
  crash xenstored (XSA-414)
  xsa414.patch
- bsc#1204487 - VUL-0: CVE-2022-42310: xen: Xenstore: Guests can
  create orphaned Xenstore nodes (XSA-415)
  xsa415.patch
- bsc#1204488 - VUL-0: CVE-2022-42319: xen: Xenstore: Guests can
  cause Xenstore to not free temporary memory (XSA-416)
  xsa416.patch
- bsc#1204489 - VUL-0: CVE-2022-42320: xen: Xenstore: Guests can
  get access to Xenstore nodes of deleted domains (XSA-417)
  xsa417.patch
- bsc#1204490 - VUL-0: CVE-2022-42321: xen: Xenstore: Guests can
  crash xenstored via exhausting the stack (XSA-418)
  xsa418-01.patch
  xsa418-02.patch
  xsa418-03.patch
  xsa418-04.patch
  xsa418-05.patch
  xsa418-06.patch
- bsc#1204494 - VUL-0: CVE-2022-42322,CVE-2022-42323: xen:
  Xenstore: cooperating guests can create arbitrary numbers of
  nodes (XSA-419)
  xsa419-01.patch
  xsa419-02.patch
  xsa419-03.patch
- bsc#1204496 - VUL-0: CVE-2022-42325,CVE-2022-42326: xen:
  Xenstore: Guests can create arbitray number of nodes via
  transactions (XSA-421)
  xsa421-01.patch
  xsa421-02.patch
yast2-bootloader
- prevent leak of grub2 password to logs(bsc#1201962)
- 4.3.32
yast2-installation
- AutoYaST SecondStage: Revert changes introduced in 4.3.46 running
  the initscript service before systemd-user-sessions again once
  systemd patched logind (bsc#1195059, bsc#1200780)
- 4.3.55

- Do not restart services when updating the package (bsc#1199480,
  bsc#1200274)
- 4.3.54

- AutoYaST Second Stage: Added a missing dependency to the service
  to prevent getty-autogeneration listen on 5901 port (bsc#1199746)
- 4.3.53
yast2
- Reimplemented the hardcoded product mapping to support also the
  migration from SLE_HPC to SLES SP6+ (with the HPC module)
  (bsc#1220567)
- 4.3.70
yast2-network
- Guard secret attributes against leaking to the log (bsc#1221194)
- 4.3.89

- Fix typo when writing the wireless channel (bsc#1212976)
- 4.3.88

- bsc#1211431
  - Do not crash installation when storing vlan configuration into
    NetworkManager
- 4.3.87

- Fixed issue when writing the NetworkManager config without a
  gateway (bsc#1203866)
- 4.3.86

- Added a class to generate the configuration needed for a FCoE
  device being aware of it during the installation (bsc#1199554)
- 4.3.85

- AY: Added missing route extrapara element to the networking
  section (bsc#1201129)
- 4.3.84

- Allow more than 6 domains in resolver search list (bsc#1200155).
- 4.3.83
yast2-online-update
- Fix showing of release notes when we update a rubygem
  (bsc#1205913)
- 4.2.3
yast2-packager
- Reimplemented the hardcoded product mapping to support also the
  migration from SLE_HPC to SLES SP6+ (with the HPC module)
  (bsc#1220567)
- 4.3.27
yast2-pkg-bindings
- Fixed repository and service probing with libzypp 7.31.26
  and newer, fixes broken repository handling (bsc#1218977,
  bsc#1218399)
- 4.3.13

- Pkg.TargetInitializeOptions() - added a new option for
  rebuilding the RPM database (--rebuilddb) (bsc#1209565)
- 4.3.12
yast2-registration
- Set the new product mapping when upgrading SLE_HPC to SLES SP6+
  (with the HPC module), use the old product mapping when upgrading
  from SLE_HPC-SP3 to SLE_HPC-SP4 (bsc#1220567)
- 4.3.29

- Adapted to SCC API change 'base' -> 'isbase' (bsc#1217317):
  Cherry-picked igonzalezsosa's commit 431d937b78c209c0d35
- 4.3.28

- Switch to the new SUSEConnect-ng (bsc#1212799)
  - Includes a SSL reload fix (bsc#1195220)
  - Depends on a new suseconnect-ruby-bindings package instead of
    the old rubygem-suseconnect
- 4.3.27

- Import the SSL certificate from the <reg_server_cert> AutoYaST
  data also in the self-update step (bsc#1199091, bsc#1198642)
- 4.3.26
yast2-schema
- Add 'extrapara' to routes in the networking section (bsc#1201129)
- 4.3.31

- Support for flatten and nested "category_filter" element in the
  "online_update_configuration" section (bsc#1198848).
- 4.3.30
yast2-transfer
- Fixed TFTP download, truncate the target file to avoid garbage
  at the end of the file when saving to an already existing file
  (bsc#1208754)
- 4.1.1
yast2-update
- Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565)
- 4.3.5
zypper
- Fixed check for outdated repo metadata as non-root user
  (bsc#1222086)
- BuildRequires:  libzypp-devel >= 17.33.0.
- Delay zypp lock until command options are parsed (bsc#1223766)
- version 1.14.73

- Unify message format(fixes #485)
- version 1.14.72

- switch cmake build type to RelWithDebInfo
- modernize spec file (remove Authors section, use proper macros,
  remove redundant clean section, don't mark man pages as doc)
- switch to -O2 -fvisibility=hidden -fpie:
  * PIC is not needed as no shared lib is built
  * fstack-protector-strong is default on modern dists and would
    be downgraded by fstack-protector
  * default visibility hidden allows better optimisation
  * O2 is reducing inlining bloat
  - > 18% reduced binary size

- remove procps requires (was only for ZMD which is dropped)
  (jsc#PED-8153)

- Do not try to refresh repo metadata as non-root user
  (bsc#1222086)
  Instead show refresh stats and hint how to update them.
- man: Explain how to protect orphaned packages by collecting
  them in a plaindir repo.
- packages: Add --autoinstalled and --userinstalled options to
  list them.
- Don't print 'reboot required' message if download-only or
  dry-run (fixes #529)
  Instead point out that a reboot would be required if the option
  was not used.
- Resepect zypper.conf option `showAlias` search commands
  (bsc#1221963)
  Repository::asUserString (or Repository::label) respects the
  zypper.conf option, while name/alias return the property.
- version 1.14.71

- dup: New option --remove-orphaned to remove all orphaned
  packages in dup (bsc#1221525)
- version 1.14.70

- info,summary: Support VendorSupportOption flag
  VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014)
- BuildRequires:  libzypp-devel >= 17.32.0.
  API cleanup and changes for VendorSupportSuperseded.
- Show active dry-run/download-only at the commit propmpt.
- patch: Add --skip-not-applicable-patches option (closes #514)
- Fix printing detailed solver problem description.
  The problem description() is one rule out possibly many in
  completeProblemInfo() the solver has chosen to represent the
  problem. So either description or completeProblemInfo should be
  printed, but not both.
- Fix bash-completion to work with right adjusted numbers in the
  1st column too (closes #505)
- Set libzypp shutdown request signal on Ctrl+C (fixes #522)
- lr REPO: In the detailed view show all baseurls not just the
  first one (bsc#1218171)
- version 1.14.69

- Fix search/info commands ignoring --ignore-unknown (bsc#1217593)
  The switch makes search commands return 0 rather than 104 for
  empty search results.
- version 1.14.68

- patch: Make sure reboot-needed is remembered until next boot
  (bsc#1217873)
- version 1.14.67

- Return 104 also if info suggests near matches (fixes #504)
- Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422)
- Fix typo (fixes #484)
- version 1.14.66

- Fix some typos and spelling errors found by Lintian (fixes #501)
- Prefer unaliased `grep` to avoid unexpected/wrong completions.
  (#503)
- commit: Insert a headline to separate output of different rpm
  scripts (bsc#1041742)
- Fix typo in changes file.
- version 1.14.65

- Fix name of the bash completion script (bsc#1215007)
  In 1.14.63 the location of the bash completion script was changed
  to /usr/share/bash-completion/completions/. But the patch failed
  to also rename the completion script. The original script name
  zypper.sh is not recognized at the new location.
- Update notes about failing signature checks (bsc#1214395)
  It might be a transient issue if the server is in the midst of
  receiving new data. Retry after a few minutes might work.
- Improve the SIGINT handler to be signal safe (bsc#1214292)
  This patch updates the SIGINT handling strategy to be signal
  safe. Meaning the signal handler will do not much more than
  setting a flag, which we are going to check in the normal program
  flow as much as possible.
- version 1.14.64

- Changed location of bash completion script (bsc#1213854).
  This changes the location of zypper.sh bash completion script
  from /usr/share/bash-completion/completions/.
- version 1.14.63

- man: revised explanation of --force-resolution (bsc#1213557)
  Point out that the option not only allows to remove packages but
  may also violate any other active policy if there is no other way
  to resolve the job.
- Print summary hint if policies were violated due to
  - -force-resolution (bsc#1213557)
- BuildRequires:  libzypp-devel >= 17.31.16 (for zypp-tui)
- version 1.14.62

- targetos: Add an error note if XPath:/product/register/target
  is not defined in /etc/products.d/baseproduct (bsc#1211261)
- targetos: Update help and man page (bsc#1211261)
- version 1.14.61

- Fix selecting installed patterns from picklist (bsc#1209406)
- man: better explanation of --priority (fixes #480)
- version 1.14.60

- BuildRequires:  libzypp-devel >= 17.31.7.
- Provide "removeptf" command (bsc#1203249)
  A remove command which prefers replacing dependant packages to
  removing them as well.
  A PTF is typically removed as soon as the fix it provides is
  applied to the latest official update of the dependant packages.
  But you don't want the dependant packages to be removed together
  with the PTF, which is what the remove command would do. The
  removeptf command however will aim to replace the dependant
  packages by their official update versions.
- patterns: Avoid dispylaing superfluous @System entries
  (bsc#1205570)
- version 1.14.59

- Update man page and explain '.no_auto_prune' (bsc#1204956)
- Allow to (re)add a service with the same URL (bsc#1203715)
- Explain outdatedness of repos (fixes #463)
- BuildRequires:  libzypp-devel >= 17.31.5
- version 1.14.58