SUSEConnect
- Update to 0.3.32
- Allow --regcode and --instance-data attributes at the same time (jsc#PCT-164)
- Document that 'debug' can also get set in the config file
- --status will also print the subscription name
- Update to 0.3.31
- Disallow registering via SUSEConnect if the system is managed by SUSE Manager.
- Add subscription name to output of 'SUSEConnect --status'
- Update to 0.3.30
- send payload of GET requests as part of the url,
  not in the body (see bsc#1185611)
amazon-ssm-agent
- Update to version 3.0.1209.0 (bsc#1186239, bsc#1186262)
  + For detailed changes see RELEASENOTES.md
  + Drop fix-version.patch replaced by sed expression in spec file
  + Drop remove-unused-import.patch no longer included from upstream
  + Drop fix-config.patch all SUSE distros use systemd
  + Remove amazon-ssm-agent.service included in upstream source, use it
  + Move all binaries into sbin and fix the hard coded config path via sed
- Update to 2.3.1205.0:
  * Updated the SSM Agent Snap to core18
  * Bug fix for expired in-progress documents being resumed
  * Bug fix for update specific files not being deleted after agent update is finished
  * Bug fix for cached manifest files not being deleted in the configurepackage plugin
- Add patch to remove unused import
  + remove-unused-import.patch
- Refresh patches for new version
  + fix-version.patch
- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
  shortcut through the -mini flavors.
- Update version patch.
- Update to 2.3.415.0 (2019-03-05)
- Update to 2.3.372.0 (2019-03-05)
- Update to 2.3.344.0 (2019-03-05)
- Update to 2.3.274.0 (2019-03-05)
- Update to 2.3.235.0 (2019-03-05)
- Update to 2.3.193.0 (2019-03-05)
- Update to 2.3.169.0 (2019-03-05)
- Update to 2.3.136.0 (2019-03-05)
- Update to 2.3.117.0 (2019-03-05)
- Update to 2.3.101.0 (2019-03-05)
- Update to 2.3.68.0 (2019-03-05)
- Update to 2.3.13.0 (2019-03-05)
- Update to 2.2.916.0 (2019-03-05)
- Update to 2.2.902.0 (2019-03-05)
- Update to 2.2.800.0 (2019-03-05)
  + Streaming AWS Systems Manager Run Command output to CloudWatch
    Logs
- Update to 2.2.619.0 (2019-03-05)
- Update to 2.2.607.0 (2019-03-05)
- Update to 2.2.546.0 (2019-03-05)
  + Bug fix to retry sending document results if they couldn't
    reach the service
- Update to 2.2.493.0 (2019-03-05)
  + Bug fix so that aws:downloadContent does not change permissions
    of directories
  + Bug fix to Cloudwatch plugin where StartType has duplicated
    Enabled value
- Update to 2.2.392.0 (2019-03-05)
  + Added support for agent hibernation so that Agent backs off or
    enters hibernation mode if it does not have access to the
    service
- Update to 2.2.355.0 (2019-03-05)
apparmor
- apparmor-profiles-add-sssd-to-nameservice.patch: Enable access
  to sssd fast cache for nameservice users (bsc#1183599)
- add-ld.so.preload-to-abstraction_base.patch: Add ld.so.preload to
  abstraction/base (bsc#1181728)
at
- Increase TasksMax limit from 512 (systemd default) to 4915,
  fix bsc#1058557
audit
- Enable Aarch64 processor support. (bsc#1179515)
audit-secondary
- Enable Aarch64 processor support. (bsc#1179515)
avahi
- Add avahi-CVE-2021-3468.patch: avoid infinite loop by handling
  HUP event in client_work (boo#1184521 CVE-2021-3468).
  https://github.com/lathiat/avahi/pull/330
- Update avahi-daemon-check-dns-suse.patch: needed rebase against
  the updated avahi-daemon-check-dns.sh.
aws-cli
- Update to version 1.19.9 (bsc#1182421, bsc#1182422, jsc#ECO-3352, jsc#PM-2485)
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.19.9/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.18.212
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.18.212/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.18.185
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.18.185/CHANGELOG.rst
- Rename README.md to README.rst in %doc section
- Update Requires in spec file from setup.py
- Update to version 1.18.156
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.18.156/CHANGELOG.rst
- Drop patches no longer required
  + hide_py_pckgmgmt.patch
- Update Requires in spec file from setup.py
- Update to version 1.18.133
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.18.133/CHANGELOG.rst
  + Forward port hide_py_pckgmgmt.patch
  + Update Requires in spec file from setup.py
bash
- Add patch bash-4.3-boo1192785.patch
  * setuid causing permission denied on popen (bsc#1192785)
- Add patch bsc1177369.patch to fix bsc#1177369
  * tailf command does destroy terminal/console settings
bind
- Fixed CVE-2021-25219:
  The lame-ttl option controls how long named caches certain types
  of broken responses from authoritative servers (see the security
  advisory for details). This caching mechanism could be abused by
  an attacker to significantly degrade resolver performance. The
  vulnerability has been mitigated by changing the default value of
  lame-ttl to 0 and overriding any explicitly set value with 0,
  effectively disabling this mechanism altogether. ISC's testing has
  determined that doing that has a negligible impact on resolver
  performance while also preventing abuse.
  Administrators may observe more traffic towards servers issuing
  certain types of broken responses than in previous BIND 9 releases.
  [bsc#1192146, CVE-2021-25219, bind-CVE-2021-25219.patch]
- Some debugs were still in the patch for bsc#1181495.
  [bsc#1181495, bind-bsc1181495-disable-md5-when-in-fips-mode.patch]
- * A broken inbound incremental zone update (IXFR)
    can cause named to terminate unexpectedly
    [CVE-2021-25214, bind-CVE-2021-25214.patch]
  * An assertion check can fail while answering queries
    for DNAME records that require the DNAME to be processed to resolve
    itself
    [CVE-2021-25215, bind-CVE-2021-25215.patch]
  * A second vulnerability in BIND's GSSAPI security
    policy negotiation can be targeted by a buffer overflow attack
    This does not affect this package as the affected code is
    disabled.
    [CVE-2021-25216]
  [bsc#1185345]
- * A broken inbound incremental zone update (IXFR)
    can cause named to terminate unexpectedly
    [CVE-2021-25214, bind-CVE-2021-25214.patch]
- When FIPS mode is enabled, the named tools will complain that
  MD5 is enabled. This is now checked, MD5 is ignored and a
  warning is shown.
  [bsc#1181495, bind-bsc1181495-disable-md5-when-in-fips-mode.patch]
binutils
- Add binutils-revert-hlasm-insns.diff for compatibility on old
  code stream that expect 'brcl 0,label' to not be disassembled
  as 'jgnop label' on s390x.  [bsc#1192267]
- Rebase binutils-2.37-branch.diff: fixes PR28523 aka boo#1188941.
- Fix empty man-pages from broken release tarball [PR28144].
- Update binutils-skip-rpaths.patch with contained a memory corruption
  (boo#1191473).
- Configure with --disable-x86-used-note on old code streams.
- Disable libalternatives temporarily for build cycle reasons.
- make TARGET-bfd=headers again, we patch bfd-in.h
- This state submitted to SLE12 and SLE15 code streams for annual
  toolchain update. [jsc#PM-2767, jsc#SLE-21561, jsc#SLE-19618]
- Bump binutils-2.37-branch.diff to 66d5c7003, to include fixes for
  PR28422, PR28192, PR28391.  Also adds some s390x arch14
  instructions [jsc#SLE-18637].
- Using libalternatives instead of update-alternatives.
- Adjust for testsuite fails on older products that configure
  binutils in different ways, adds  binutils-compat-old-behaviour.diff
  and adjusts binutils-revert-nm-symversion.diff and
  binutils-revert-plt32-in-branches.diff.
- Bump binutils-2.37-branch.diff: fixes PR28138.
- Use LTO & PGO build.
- Update to binutils 2.37:
  * The GNU Binutils sources now requires a C99 compiler and library to
    build.
  * Support for the arm-symbianelf format has been removed.
  * Support for Realm Management Extension (RME) for AArch64 has been
    added.
  * A new linker option '-z report-relative-reloc' for x86 ELF targets
    has been added to report dynamic relative relocations.
  * A new linker option '-z start-stop-gc' has been added to disable
    special treatment of __start_*/__stop_* references when
  - -gc-sections.
  * A new linker options '-Bno-symbolic' has been added which will
    cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
  * The readelf tool has a new command line option which can be used to
    specify how the numeric values of symbols are reported.
  - -sym-base=0|8|10|16 tells readelf to display the values in base 8,
    base 10 or base 16.  A sym base of 0 represents the default action
    of displaying values under 10000 in base 10 and values above that in
    base 16.
  * A new format has been added to the nm program.  Specifying
    '--format=just-symbols' (or just using -j) will tell the program to
    only display symbol names and nothing else.
  * A new command line option '--keep-section-symbols' has been added to
    objcopy and strip.  This stops the removal of unused section symbols
    when the file is copied.  Removing these symbols saves space, but
    sometimes they are needed by other tools.
  * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
    supported by objcopy now make undefined symbols weak on targets that
    support weak symbols.
  * Readelf and objdump can now display and use the contents of .debug_sup
    sections.
  * Readelf and objdump will now follow links to separate debug info
    files by default.  This behaviour can be stopped via the use of the
    new '-wN' or '--debug-dump=no-follow-links' options for readelf and
    the '-WN' or '--dwarf=no-follow-links' options for objdump.  Also
    the old behaviour can be restored by the use of the
    '--enable-follow-debug-links=no' configure time option.
    The semantics of the =follow-links option have also been slightly
    changed.  When enabled, the option allows for the loading of symbol
    tables and string tables from the separate files which can be used
    to enhance the information displayed when dumping other sections,
    but it does not automatically imply that information from the
    separate files should be displayed.
    If other debug section display options are also enabled (eg
    '--debug-dump=info') then the contents of matching sections in both
    the main file and the separate debuginfo file *will* be displayed.
    This is because in most cases the debug section will only be present
    in one of the files.
    If however non-debug section display options are enabled (eg
    '--sections') then the contents of matching parts of the separate
    debuginfo file will *not* be displayed.  This is because in most
    cases the user probably only wanted to load the symbol information
    from the separate debuginfo file.  In order to change this behaviour
    a new command line option --process-links can be used.  This will
    allow di0pslay options to applied to both the main file and any
    separate debuginfo files.
  * Nm has a new command line option: '--quiet'.  This suppresses "/no
    symbols"/ diagnostic.
- Includes fixes for these CVEs:
  bnc#1181452 aka CVE-2021-20197 aka PR26945
  bnc#1183511 aka CVE-2021-20284 aka PR26931
  bnc#1184519 aka CVE-2021-20294 aka PR26929
  bnc#1184620 aka CVE-2021-3487 aka PR26946
  bnc#1184794 aka CVE-2020-35448 aka PR26574
- Also fixes:
  bsc#1183909 - slow performance of stripping some binaries
- Rebased patches: binutils-build-as-needed.diff, binutils-fix-abierrormsg.diff,
  binutils-fix-invalid-op-errata.diff, binutils-fix-relax.diff,
  binutils-revert-nm-symversion.diff, binutils-revert-plt32-in-branches.diff
- Removed patches (are in upstream): ppc-ensure-undef-dynamic-weak-undefined.patch and
  ppc-use-local-plt.patch.
- Add binutils-2.37-branch.diff.gz.
- ppc-ensure-undef-dynamic-weak-undefined.patch: PPC: ensure_undef_dynamic
  on weak undef only in plt
- ppc-use-local-plt.patch: PowerPC use_local_plt (prerequisite for above
  patch)
- Update 2.36 branch diff which fixes PR27587.
- Do not run make TARGET-bfd=headers separately.
- Bump 2.36 branch diff (includes fix for PR27441 aka bsc#1182252).
- Bump 2.36 branch diff.
- Update 2.36 branch diff which should fix PR27311 completely.
  It fixes also PR27284.
- Remove temporary fix 0001-PR27311-ld.bfd-symbol-from-plugin-undefined-referenc.patch.
- Add temporary upstream fix for PR27311
  0001-PR27311-ld.bfd-symbol-from-plugin-undefined-referenc.patch.
- Update to binutils 2.36:
  New features in the Assembler:
    General:
  * When setting the link order attribute of ELF sections, it is now
    possible to use a numeric section index instead of symbol name.
  * Added a .nop directive to generate a single no-op instruction in
    a target neutral manner.  This instruction does have an effect on
    DWARF line number generation, if that is active.
  * Removed --reduce-memory-overheads and --hash-size as gas now
    uses hash tables that can be expand and shrink automatically.
    X86/x86_64:
  * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key
    Locker instructions.
  * Support non-absolute segment values for lcall and ljmp.
  * Add {disp16} pseudo prefix to x86 assembler.
  * Configure with --enable-x86-used-note by default for Linux/x86.
    ARM/AArch64:
  * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1,
    Cortex-R82, Neoverse V1, and Neoverse N2 cores.
  * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded
    Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call
    Stack Recorder Extension) and BRBE (Branch Record Buffer
    Extension) system registers.
  * Add support for Armv8-R and Armv8.7-A ISA extensions.
  * Add support for DSB memory nXS barrier, WFET and WFIT
    instruction for Armv8.7.
  * Add support for +csre feature for -march. Add CSR PDEC
    instruction for CSRE feature in AArch64.
  * Add support for +flagm feature for -march in Armv8.4 AArch64.
  * Add support for +ls64 feature for -march in Armv8.7
    AArch64. Add atomic 64-byte load/store instructions for this
    feature.
  * Add support for +pauth (Pointer Authentication) feature for
  - march in AArch64.
    New features in the Linker:
  * Add --error-handling-script=<NAME> command line option to allow
    a helper script to be invoked when an undefined symbol or a
    missing library is encountered.  This option can be suppressed
    via the configure time switch: --enable-error-handling-script=no.
  * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark
    x86-64-{baseline|v[234]} ISA level as needed.
  * Add -z unique-symbol to avoid duplicated local symbol names.
  * The creation of PE format DLLs now defaults to using a more
    secure set of DLL characteristics.
  * The linker now deduplicates the types in .ctf sections.  The new
    command-line option --ctf-share-types describes how to do this:
    its default value, share-unconflicted, produces the most compact
    output.
  * The linker now omits the "/variable section"/ from .ctf sections
    by default, saving space.  This is almost certainly what you
    want unless you are working on a project that has its own
    analogue of symbol tables that are not reflected in the ELF
    symtabs.
  New features in other binary tools:
  * The ar tool's previously unused l modifier is now used for
    specifying dependencies of a static library. The arguments of
    this option (or --record-libdeps long form option) will be
    stored verbatim in the __.LIBDEP member of the archive, which
    the linker may read at link time.
  * Readelf can now display the contents of LTO symbol table
    sections when asked to do so via the --lto-syms command line
    option.
  * Readelf now accepts the -C command line option to enable the
    demangling of symbol names.  In addition the --demangle=<style>,
  - -no-demangle, --recurse-limit and --no-recurse-limit options
    are also now availale.
- Includes fixes for these CVEs:
  bnc#1179898 aka CVE-2020-16590 aka PR25821
  bnc#1179899 aka CVE-2020-16591 aka PR25822
  bnc#1179900 aka CVE-2020-16592 aka PR25823
  bnc#1179901 aka CVE-2020-16593 aka PR25827
  bnc#1179902 aka CVE-2020-16598 aka PR25840
  bnc#1179903 aka CVE-2020-16599 aka PR25842
  bnc#1180451 aka CVE-2020-35493 aka PR25307
  bnc#1180454 aka CVE-2020-35496 aka PR25308
  bnc#1180461 aka CVE-2020-35507 aka PR25308
- Rebase the following patches:
  * binutils-fix-relax.diff
  * binutils-revert-nm-symversion.diff
  * binutils-revert-plt32-in-branches.diff
- Add missing dependency on bc (ld.gold testsuite uses it).
- Use --enable-obsolete for cross builds as ia64 is deprecated now.
- Add binutils-2.36-branch.diff.gz.
- Add binutils-fix-relax.diff to fix linking relaxation problems
  with old object files hitting some enterprise software. [bsc#1179341]
- Update binutils-2.35-branch.diff.gz to commit 1c5243df:
  * Fixes PR26520, aka [bsc#1179036], a problem in addr2line with
    certain DWARF variable descriptions.
  * Also fixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878,
    PR26740, PR26778, PR26763, PR26685, PR26699, PR26902, PR26869,
    PR26711
  * The above includes fixes for dwo files produced by modern dwp,
    fixing several problems in the DWARF reader.
- Reapply spec file cleanup from format_spec_file
- Remove a SLE10 version check
- Update to 2.35.1 and rebased branch diff:
  * This is a point release over the previous 2.35 version, containing bug
  fixes, and as an exception to the usual rule, one new feature.  The
  new feature is the support for a new directive in the assembler:
  "/.nop"/.  This directive creates a single no-op instruction in whatever
  encoding is correct for the target architecture.  Unlike the .space or
  .fill this is a real instruction, and it does affect the generation of
  DWARF line number tables, should they be enabled.
- Update binutils-2.35-branch.diff.gz to commit 23f268a0:
  * Add xBPF target
  * Fix various problems with DWARF 5 support in gas
- Toolchain module update for SLE15 [jsc#ECO-2373]
- Includes changes that were SLE-only in binutils-add-z15-name.diff
  for [bsc#1160590, jsc#SLE-7903 aka jsc#SLE-7464]
- Amend binutils-revert-plt32-in-branches.diff to adjust also new
  testcases.
- Add binutils-2.35-branch.diff.gz: it includes fix for
  nm -B for objects compiled with -flto and -fcommon.
- Add binutils-revert-nm-symversion.diff to be compatible with old
  output of nm relied on in scripts.
- Add binutils-fix-abierrormsg.diff to work around an eager (new)
  error message occuring without inputs and as-needed (affects
  nvme-cli build).
- Update to binutils 2.35:
  * The asseembler can now produce DWARF-5 format line number tables.
  * Readelf now has a "/lint"/ mode to enable extra checks of the files it is processing.
  * Readelf will now display "/[...]"/ when it has to truncate a symbol name.
    The old behaviour - of displaying as many characters as possible, up to
    the 80 column limit - can be restored by the use of the --silent-truncation
    option.
  * The linker can now produce a dependency file listing the inputs that it
    has processed, much like the -M -MP option supported by the compiler.
- Regenerate add-ulp-section.diff with -p1 due to a fuzzing issue.
- Remove binutils-2.34-branch.diff.gz.
- Regenerate binutils-build-as-needed.diff due to a fuzzing issue.
- Regenerate binutils-fix-invalid-op-errata.diff as one hunk was upstreamed.
- Remove upstreamed patch binutils-pr25593.diff.
- Regenerate unit-at-a-time.patch due to a fuzzing issue.
- Regenerate binutils-revert-plt32-in-branches.diff.
- Update binutils-2.34-branch.diff.gz.
- Remove fix-try_load_plugin.patch as it is part
  of the updated binutils-2.34-branch.diff.gz patch.
- Add binutils-pr25593.diff to fix DT_NEEDED order with -flto
  [bsc#1163744]
- Update fix-try_load_plugin.patch to latest version.
- Add fix-try_load_plugin.patch in order to fix fallback caused
  by backport for PR25355.
- Update to binutils 2.34:
  * The disassembler (objdump --disassemble) now has an option to
    generate ascii art thats show the arcs between that start and end
    points of control flow instructions.
  * The binutils tools now have support for debuginfod.  Debuginfod is a
    HTTP service for distributing ELF/DWARF debugging information as
    well as source code.  The tools can now connect to debuginfod
    servers in order to download debug information about the files that
    they are processing.
  * The assembler and linker now support the generation of ELF format
    files for the Z80 architecture.
- Rename and get binutils-2.34-branch.diff.gz (boo#1160254).
- Rebase add-ulp-section.diff, binutils-revert-plt32-in-branches.diff,
  cross-avr-size.patch and binutils-skip-rpaths.patch.
- Add new subpackages for libctf and libctf-nobfd.
- Disable LTO due to boo#1163333.
- Includes fixes for these CVEs:
  bnc#1153768 aka CVE-2019-17451 aka PR25070
  bnc#1153770 aka CVE-2019-17450 aka PR25078
- Disable LTO during testsuite run
- Add binutils-fix-invalid-op-errata.diff to fix various
  build fails on aarch64 (PR25210, bsc#1157755).
- Add add-ulp-section.diff for user space live patching.
- Update to binutils 2.33.1:
  * Adds support for the Arm Scalable Vector Extension version 2
    (SVE2) instructions, the Arm Transactional Memory Extension (TME)
    instructions and the Armv8.1-M Mainline and M-profile Vector
    Extension (MVE) instructions.
  * Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P
    processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE,
    Cortex-A76AE, and Cortex-A77 processors.
  * Adds a .float16 directive for both Arm and AArch64 to allow
    encoding of 16-bit floating point literals.
  * For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not)
    Loongson3 LLSC Errata.  Add a --enable-mips-fix-loongson3-llsc=[yes|no]
    configure time option to set the default behavior. Set the default
    if the configure option is not used to "/no"/.
  * The Cortex-A53 Erratum 843419 workaround now supports a choice of
    which workaround to use.  The option --fix-cortex-a53-843419 now
    takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp]
    which can be used to force a particular workaround to be used.
    See --help for AArch64 for more details.
  * Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and
    GNU_PROPERTY_AARCH64_FEATURE_1_PAC  in ELF GNU program properties
    in the AArch64 ELF linker.
  * Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI
    on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI
    on inputs and use PLTs protected with BTI.
  * Add -z pac-plt for AArch64 to pick PAC enabled PLTs.
  * Add --source-comment[=<txt>] option to objdump which if present,
    provides a prefix to source code lines displayed in a disassembly.
  * Add --set-section-alignment <section-name>=<power-of-2-align>
    option to objcopy to allow the changing of section alignments.
  * Add --verilog-data-width option to objcopy for verilog targets to
    control width of data elements in verilog hex format.
  * The separate debug info file options of readelf (--debug-dump=links
    and --debug-dump=follow) and objdump (--dwarf=links and
  - -dwarf=follow-links) will now display and/or follow multiple
    links if more than one are present in a file.  (This usually
    happens when gcc's -gsplit-dwarf option is used).
    In addition objdump's --dwarf=follow-links now also affects its
    other display options, so that for example, when combined with
  - -syms it will cause the symbol tables in any linked debug info
    files to also be displayed.  In addition when combined with
  - -disassemble the --dwarf= follow-links option will ensure that
    any symbol tables in the linked files are read and used when
    disassembling code in the main file.
  * Add support for dumping types encoded in the Compact Type Format
    to objdump and readelf.
- Includes fixes for these CVEs:
  bnc#1126826 aka CVE-2019-9077 aka PR1126826
  bnc#1126829 aka CVE-2019-9075 aka PR1126829
  bnc#1126831 aka CVE-2019-9074 aka PR24235
  bnc#1140126 aka CVE-2019-12972 aka PR23405
  bnc#1143609 aka CVE-2019-14444 aka PR24829
  bnc#1142649 aka CVE-2019-14250 aka PR90924
- Remove patches that are now included in the release:
  binutils-2.32-branch.diff.gz, binutils-fix-ld-segv.diff,
  binutils-pr24486.patch, riscv-abi-check.patch,
  rx-gas-padding-pr24464.patch.
- Add binutils-2.33-branch.diff.gz patch.
- Rebase binutils-revert-plt32-in-branches.diff and
  cross-avr-size.patch patch.
bzip2
- Implement %check, bsc#1191648
- Remove bzip2-faster.patch, it causes a crash with libarchive and
  valgrind points out uninitialized memory. See
  https://github.com/libarchive/libarchive/issues/637#issuecomment-170612576
  Required for bsc#1188891
- Fix basisms in bzgrep and bznew
  * bzip2-1.0.6-fix-bashisms.patch
ca-certificates-mozilla
- remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021.
  (bsc#1190858)
cifs-utils
- cifs.upcall: fix regression in kerberos mount; (bsc#1184815).
  * add 0015-cifs.upcall-fix-regression-in-kerberos-mount.patch
- CVE-2021-20208: cifs-utils: cifs.upcall kerberos auth leak in
  container; (bsc#1183239); CVE-2021-20208.
cloud-netconfig
- Update to version 1.6:
  + Ignore proxy when accessing metadata (bsc#1187939)
  + Print warning in case metadata is not accessible
  + Documentation update
cpio
- Fix segmentation fault caused by a regression (bsc#1189465)
  * fix-CVE-2021-38185_4.patch
- Add another patch to fix regression (bsc#1189465)
  * fix-CVE-2021-38185_3.patch
- Fix regression in last update (bsc#1189465)
  * fix-CVE-2021-38185_2.patch
- Fix CVE-2021-38185 Remote code execution caused by an integer overflow in ds_fgetstr
  (CVE-2021-38185, bsc#1189206)
  * fix-CVE-2021-38185.patch
cracklib
- %check: really test the package [bsc#1191736]
crash
- Fix crash utility is taking forever to initialize a vmcore from large config
  system (bsc#1178827 ltc#189279).
  crash-task.c-avoid-unnecessary-cpu-cycles-in-stkptr_to_tas.patch
cronie
- Increase limit of allowed entries in crontab files to fix bsc#1187508
  * cronie-1.4.11-increase_crontab_limit.patch
cups
- When cupsd creates directories with specific owner group
  and permissions (usually owner is 'root' and group matches
  "/configure --with-cups-group=lp"/) specify same owner group and
  permissions in the RPM spec file to ensure those directories
  are installed by RPM with the right settings because if those
  directories were installed by RPM with different settings then
  cupsd would use them as is and not adjust its specific owner
  group and permissions which could lead to privilege escalation
  from 'lp' user to 'root' via symlink attacks e.g. if owner is
  falsely 'lp' instead of 'root' CVE-2021-25317 (bsc#1184161)
curl
- libssh: do not let libssh create socket [bsc#1192790]
  * Fixes sftp over a proxy failure in curl with error:
    Failure establishing ssh session
  * Add curl-libssh-socket.patch
- MIME: Properly check Content-Type even if it has parameters
  * Add curl-check-content-type.patch [bsc#1190153]
- Security fix: [bsc#1190374, CVE-2021-22947]
  * STARTTLS protocol injection via MITM
  * Add curl-CVE-2021-22947.patch
- Security fix: [bsc#1190373, CVE-2021-22946]
  * Protocol downgrade required TLS bypassed
  * Add curl-CVE-2021-22946.patch
- Security fix: [bsc#1188220, CVE-2021-22925]
  * TELNET stack contents disclosure again
  * Add curl-CVE-2021-22925.patch
- Security fix: [bsc#1188219, CVE-2021-22924]
  * Bad connection reuse due to flawed path name checks
  * Add curl-CVE-2021-22924.patch
- Security fix: Disable the metalink feature:
  * Insufficiently Protected Credentials [bsc#1188218, CVE-2021-22923]
  * Wrong content via metalink not discarded [bsc#1188217, CVE-2021-22922]
- Security fix: [bsc#1186114, CVE-2021-22898]
  * TELNET stack contents disclosure
- Add curl-CVE-2021-22898.patch
- Security fix: [bsc#1183933, CVE-2021-22876]
  * The automatic referer leaks credentials
- Add curl-CVE-2021-22876-URL-API.patch curl-CVE-2021-22876.patch
- Fix: SFTP uploads result in empty uploaded files [bsc#1177976]
- Add curl-fix-O_APPEND.patch
- Security fix: [bsc#1179593, CVE-2020-8286]
  * Inferior OCSP verification: libcurl offers "/OCSP stapling"/ via
    the 'CURLOPT_SSL_VERIFYSTATUS' option that, when set, verifies
    the OCSP response that a server responds with as part of the TLS
    handshake. It then aborts the TLS negotiation if something is
    wrong with the response. The same feature can be enabled with
    '--cert-status' using the curl tool.
  * As part of the OCSP response verification, a client should verify
    that the response is indeed set out for the correct certificate.
    This step was not performed by libcurl when built or told to use
    OpenSSL as TLS backend.
- Add curl-CVE-2020-8286.patch
- Security fix: [bsc#1179399, CVE-2020-8285]
  * FTP wildcard stack overflow: The wc_statemach() internal
    function has been rewritten to use an ordinary loop instead of
    the recursive approach.
- Add curl-CVE-2020-8285.patch
- Security fix: [bsc#1179398, CVE-2020-8284]
  * Trusting FTP PASV responses: When curl performs a passive FTP
    transfer, it first tries the 'EPSV' command and if that is not
    supported, it falls back to using 'PASV'. A malicious server
    can use the 'PASV' response to trick curl into connecting
    back to a given IP address and port, and this way potentially
    make curl extract information about services that are otherwise
    private and not disclosed.
  * The IP address part of the response is now ignored by default,
    by making 'CURLOPT_FTP_SKIP_PASV_IP' default to '1L'. The same
    goes for the command line tool, which then might need
    '--no-ftp-skip-pasv-ip' set to prevent curl from ignoring the
    address in the server response.
- Add curl-CVE-2020-8284.patch
- Security fix: [bsc#1175109, CVE-2020-8231]
  * An application that performs multiple requests with libcurl's
    multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in
    rare circumstances experience that when subsequently using the
    setup connect-only transfer, libcurl will pick and use the wrong
    connection and instead pick another one the application has
    created since then.
- Add curl-CVE-2020-8231.patch
cyrus-sasl-saslauthd
- bsc#1159635 VUL-0: CVE-2019-19906: cyrus-sasl: cyrus-sasl
  has an out-of-bounds write leading to unauthenticated remote
  denial-of-service in OpenLDAP via a malformed LDAP packet
  o apply upstream patch
- 0001-Fix-587.patch
- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518)
  * Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518)
  * Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
  * Add 0003-Check-return-error-from-gss_wrap_size_limit.patch
  * Add 0004-Add-support-for-retrieving-the-mech_ssf.patch
dbus-1
- Fix CVE-2020-35512 - shared UID's caused issues (CVE-2020-35512 bsc#1187105)
  * fix-upstream-userdb-constpointer.patch
  * fix-upstream-CVE-2020-35512.patch
- Fix CVE-2020-12049 truncated messages lead to resource exhaustion
  (CVE-2020-12049, bsc#1172505)
  * fix-upstream-CVE-2020-12049_2.patch
dbus-1-x11
- Fix CVE-2020-35512 - shared UID's caused issues (CVE-2020-35512 bsc#1187105)
  * fix-upstream-userdb-constpointer.patch
  * fix-upstream-CVE-2020-35512.patch
- Fix CVE-2020-12049 truncated messages lead to resource exhaustion
  (CVE-2020-12049, bsc#1172505)
  * fix-upstream-CVE-2020-12049_2.patch
dhcp
- CVE-2021-25217, bsc#1186382, dhcp-CVE-2021-25217.patch: A buffer
  overrun in lease file parsing code can be used to exploit a
  common vulnerability shared by dhcpd and dhclient.
file
- Add temporary patch CVE-2019-18218-46a8443f.patch from upstream
  to fix bsc#1154661 -- heap-based buffer overflow in cdf_read_property_info in cdf.c
  as well as bsc#1189093
gettext-runtime
- Added msgfmt-double-free.patch to fix a double free error
  (CVE-2018-18751 bsc#1113719)
glib2
- Add glib2-CVE-2021-27218.patch: g_byte_array_new_take takes a
  gsize as length but stores in a guint, this patch will refuse if
  the length is larger than guint. (bsc#1182328,
  glgo#GNOME/glib!1944)
- Add glib2-CVE-2021-27219-add-g_memdup2.patch: g_memdup takes a
  guint as parameter and sometimes leads into an integer overflow,
  so add a g_memdup2 function which uses gsize to replace it.
  (bsc#1182362, glgo#GNOME/glib!1927, glgo#GNOME/glib!1933,
  glgo#GNOME/glib!1943)
glibc
- mq-notify-use-after-free.patch: Use __pthread_attr_copy in mq_notify
  (CVE-2021-33574, bsc#1186489, BZ #27896)
- wordexp-param-overflow.patch: wordexp: handle overflow in positional
  parameter number (CVE-2021-35942, bsc#1187911, BZ #28011)
- iconv-option-parsing.patch: Rewrite iconv option parsing
  (CVE-2016-10228, bsc#1027496, BZ #19519)
- force-elision-race.patch: Fix race in pthread_mutex_lock while promoting
  to PTHREAD_MUTEX_ELISION_NP (bsc#1131330, BZ #23275)
- s390-memmove-ifunc-selector-arch13.patch: S390: Also check vector
  support in memmove ifunc-selector (bsc#1184034, BZ #27511)
- iconv-redundant-shift.patch: iconv: Accept redundant shift sequences in
  IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224)
- iconv-ucs4-loop-bounds.patch: iconv: Fix incorrect UCS4 inner loop
  bounds (CVE-2020-29562, bsc#1179694, BZ #26923)
- printf-long-double-non-normal.patch: x86: Harden printf against
  non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649)
gmp
- Add gmp-6.2.1-CVE-2021-43618.patch to fix buffer overflow on
  malformed input to mpz_inp_raw.  [bsc#1192717, CVE-2021-43618]
grub2
- From Stefan Seyfried <seife@novell.slipkontur.de> : Fix grub2-install fails
  with "/not a directory"/ error (boo#1161641, bsc#1162403)
  * grub2-install-fix-not-a-directory-error.patch
- Fix error gfxterm isn't found with multiple terminals (bsc#1187565)
- Patch refreshed
  * grub2-fix-error-terminal-gfxterm-isn-t-found.patch
- Fix boot failure as journaled data not get drained due to abrupt power
  off after grub-install (bsc#1167756)
- Fix boot failure after kdump due to the content of grub.cfg is not
  completed with pending modificaton in xfs journal (bsc#1186975)
  * grub-install-force-journal-draining-to-ensure-data-i.patch
- Fix executable stack in grub-emu (bsc#1181696)
  * 0001-emu-fix-executable-stack-marking.patch
irqbalance
- Increase size of procinterrupts line readings by factor 32 (bsc#1184592)
  A procinterrupts_read_buffer_increase.patch
- Use _fillupdir in spec file to also build against latest distros
  which could be useful for comparing versions in case we get yet
  another bug.
- not balancing interrupts in Xen guests (bsc#1178477, bsc#1183405)
  A procinterrupts-check-xen-dyn-event-more-flexible.patch
kdump
- kdump-add-watchdog-modules.patch
  Add watchdog modules to kdump initrd (bsc#1189923)
- kdump-do-not-iterate-past-end-of-string.patch:
  URLParser::extractAuthority(): Do not iterate past end of string
  (bsc#1186037).
- kdump-fix-incorrect-exit-code-checking.patch: Fix incorrect exit
  code checking after "/local"/ with assignment (bsc#1184616
  LTC#192282).
- kdump-Add-bootdev-to-dracut-command-line.patch: Add 'bootdev=' to
  dracut command line (bsc#1182309).
- kdump-avoid-endless-loop-EAI_AGAIN.patch: Avoid an endless loop
  when resolving a hostname fails with EAI_AGAIN (bsc#1183070).
- kdump-install-etc-resolv.conf-using-resolved-path.patch: Install
  /etc/resolv.conf using its resolved path (bsc#1183070).
- kdump-query-systemd-network.service.patch: Query systemd
  network.service to find out if wicked is used (bsc#1182309).
- kdump-check-explicit-ip-options.patch: Do not add network-related
  dracut options if ip= is set explicitly (bsc#1182309 bsc#1188090
  LTC#193461).
- kdump-ensure-initrd.target.wants-directory.patch: Make sure that
  initrd.target.wants directory exists (bsc#1172670).
- kdump-activate-udev-rules-late-during-boot.patch: kdump: activate
  udev rules late during boot (bsc#1154837).
- kdump-make-sure-that-the-udev-runtime-directory-exists.patch:
  Make sure that the udev runtime directory exists (bsc#1164713).
kernel-default
- Revert "/header.py: Reject Patch-mainline: No"/
  Allow Patch-mainline: No on historical branch.
- commit 93a453e
- config: disable unprivileged BPF by default (jsc#SLE-22913)
  Backport of mainline commit 8a03e56b253e ("/bpf: Disallow unprivileged bpf
  by default"/) only changes kconfig default, used e.g. for "/make oldconfig"/
  when the config option is missing, but does not update our kernel configs
  used for build. Update also these to make sure unprivileged BPF is really
  disabled by default.
- commit 5f769a4
- Refresh patches.suse/hisax-fix-spectre-issues.patch.
- commit 8ad1382
- bpf: Remove MTU check in __bpf_skb_max_len (bsc#1192045
  CVE-2021-0941).
- commit 9de0315
- osst: fix spectre issue in osst_verify_frame (bsc#1192802).
- mpt3sas: fix spectre issues (bsc#1192802).
- infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802).
- hysdn: fix spectre issue in hycapi_send_message (bsc#1192802).
- hisax: fix spectre issues (bsc#1192802).
- gigaset: fix spectre issue in do_data_b3_req (bsc#1192802).
- iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802).
- drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802).
- media: wl128x: get rid of a potential spectre issue
  (bsc#1192802).
- net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
  (bsc#1192802).
- sysvipc/sem: mitigate semnum index against spectre v1
  (bsc#1192802).
- media: dvb_ca_en50221: prevent using slot_info for Spectre
  attacs (bsc#1192802).
- media: dvb_ca_en50221: sanity check slot number from userspace
  (bsc#1192802).
- commit f2e7f94
- bpf: Disallow unprivileged bpf by default (jsc#SLE-22913).
- bpf: Add kconfig knob for disabling unpriv bpf
  by default (jsc#SLE-22913)
- Update config files: Add
  CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
- commit 065d420
- dm ioctl: fix out of bounds array access when no devices
  (CVE-2021-31916 bsc#1192781).
- commit 0ab7d09
- ipv4: make exception cache less predictible (bsc#1191790,
  CVE-2021-20322).
- ipv4: use siphash instead of Jenkins in fnhe_hashfun()
  (bsc#1191790, CVE-2021-20322).
- commit 74af5bd
- Revert "/config.sh: Build cve/linux-4.12 against SLE15-SP1."/
  This reverts commit ec3bd8c5b541a336b6608cd92493d50ba56230dc.
  See https://github.com/openSUSE/suse-module-tools/pull/44
- commit bede44a
- Update patches.suse/NFS-Do-uncached-readdir-when-we-re-seeking-a-cookie-.patch
  (bsc#1191628 bsc#1192549).
  Previous version of patch was broken .  dir_cookie is a pointer on our kernels.
- commit 2d413dc
- cpufreq: intel_pstate: Add Icelake servers support in no-HWP
  mode (bsc#1185758,bsc#1192400).
- commit cbfe50f
- x86/CPU: Add more Icelake model numbers (bsc#1185758,bsc#1192400).
- commit b3e8b00
- Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
  (bsc#1191961 CVE-2021-34981).
- commit 0392318
- config.sh: Build cve/linux-4.12 against SLE15-SP1.
  SLE15 is no longer updated and we will need recent update to
  suse-module-tools to continue building the kernel.
- commit ec3bd8c
- ftrace: Fix scripts/recordmcount.pl due to new binutils
  (bsc#1192267).
- commit adeb3ce
- usb: hso: fix error handling code of hso_create_net_device
  (bsc#1188601 CVE-2021-37159).
- commit 3ae1a19
- blacklist.conf: blacklist pair of obsoleted patches
  (bsc#1188601 CVE-2021-37159)
- commit 2c55ec1
- Update
  patches.suse/net-fix-race-condition-in-__inet_lookup_established.patch.
  (bsc#1180624)
- handle also race conditions in /proc/net/tcp code
- drop debugging statements
- commit 469d22c
- sctp: add vtag check in sctp_sf_ootb (CVE-2021-3772
  bsc#1190351).
- sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (CVE-2021-3772
  bsc#1190351).
- sctp: add vtag check in sctp_sf_violation (CVE-2021-3772
  bsc#1190351).
- sctp: fix the processing for COOKIE_ECHO chunk (CVE-2021-3772
  bsc#1190351).
- sctp: fix the processing for INIT_ACK chunk (CVE-2021-3772
  bsc#1190351).
- sctp: fix the processing for INIT chunk (CVE-2021-3772
  bsc#1190351).
- sctp: use init_tag from inithdr for ABORT chunk (CVE-2021-3772
  bsc#1190351).
- sctp: check asoc peer.asconf_capable before processing asconf
  (bsc#1190351).
- commit 81f6dbd
- sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
  (CVE-2021-3655 bsc#1188563).
- sctp: validate chunk size in __rcv_asconf_lookup (CVE-2021-3655
  bsc#1188563).
- sctp: add size validation when walking chunks (CVE-2021-3655
  bsc#1188563).
- commit b0a2686
- cipso,calipso: resolve a number of problems with the DOI
  refcounts (CVE-2021-33033 bsc#1186109).
- commit 017dde5
- net/mlx4_en: Handle TX error CQE (bsc#1181854 bsc#1181855).
- net/mlx4_en: Avoid scheduling restart task if it is already
  running (bsc#1181854 bsc#1181855).
- commit 65f5129
- nfc: nci: fix the UAF of rf_conn_info object (CVE-2021-3760
  bsc#1190067).
- commit 6401849
- Update patch reference for a firewire fix (CVE-2021-42739 CVE-2021-3542 bsc#1184673)
- commit 7614f38
- xfs: fix up non-directory creation in SGID directories
  (bsc#1190006 CVE-2018-13405).
- commit 888b5ee
- xfs: remove the icdinode di_uid/di_gid members (bsc#1190006
  CVE-2018-13405).
- commit d7d9af2
- xfs: ensure that the inode uid/gid match values match the
  icdinode ones (bsc#1190006 CVE-2018-13405).
- commit f969983
- kabi: hide return value type change of sctp_af::from_addr_param
  (CVE-2021-3655 bsc#1188563).
- sctp: fix return value check in __sctp_rcv_asconf_lookup
  (CVE-2021-3655 bsc#1188563).
- sctp: validate from_addr_param return (CVE-2021-3655
  bsc#1188563).
- sctp: fully initialize v4 addr in some functions (bsc#1188563).
- commit 535a60e
- Update
  patches.suse/net_sched-cls_route-remove-the-right-filter-from-has.patch
  references (add CVE-2021-3715 bsc#1190349).
- commit 2e6d83a
- net: mana: Fix error handling in mana_create_rxq() (git-fixes,
  bsc#1191801).
- commit a1b7d26
- media: firewire: firedtv-avc: fix a buffer overflow in
  avc_ca_pmt() (CVE-2021-3542 bsc#1184673).
- commit d196d58
- NFS: Do uncached readdir when we're seeking a cookie in an
  empty page cache (bsc#1191628).
- commit a70a9e4
- powerpc/bpf: Emit stf barrier instruction sequences
  for BPF_NOSPEC (bsc#1188983 CVE-2021-34556 bsc#1188985
  CVE-2021-35477).
- powerpc/security: Add a helper to query stf_barrier type
  (bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477).
- powerpc/bpf: Validate branch ranges (bsc#1188983 CVE-2021-34556
  bsc#1188985 CVE-2021-35477).
- powerpc/lib: Add helper to check if offset is within
  conditional branch range (bsc#1188983 CVE-2021-34556 bsc#1188985
  CVE-2021-35477).
- commit d4beb54
- Move upstreamed bpf patch into sorted section
- commit 848cbf8
- soc: aspeed: lpc-ctrl: Fix boundary check for mmap
  (CVE-2021-42252 bsc#1190479).
- commit 5b9f8af
- bpf: Fix integer overflow in prealloc_elems_and_freelist()
  (bsc#1191317, CVE-2021-41864).
- commit d0cde41
- net: 6pack: fix slab-out-of-bounds in decode_data
  (CVE-2021-42008 bsc#1191315).
- commit 7ea0770
- ipc: remove memcg accounting for sops objects in do_semtimedop()
  (bsc#1190115 CVE-2021-3759).
- Delete
  patches.suse/ipc-remove-memcg-accounting-for-sops-objects.patch.
  This commit is effectively patch refresh but filename changed too. This
  only adds metadata to the patch after it was accepted upstream.
- commit d2aacd0
- hv: adjust mana_select_queue to old ndo_select_queue API
- commit 8938bc6
- kABI compatibility for ath_key_delete() changes (CVE-2020-3702
  bsc#1191193).
- commit f8ebcef
- ath9k: Postpone key cache entry deletion for TXQ frames
  reference it (CVE-2020-3702 bsc#1191193).
- ath: Modify ath_key_delete() to not need full key entry
  (CVE-2020-3702 bsc#1191193).
- ath: Export ath_hw_keysetmac() (CVE-2020-3702 bsc#1191193).
- ath9k: Clear key cache explicitly on disabling hardware
  (CVE-2020-3702 bsc#1191193).
- ath: Use safer key clearing with key cache entries
  (CVE-2020-3702 bsc#1191193).
- commit 9bf1f45
- kabi/severities: skip kABI check for ath9k-local symbols (CVE-2020-3702 bsc#1191193)
  ath9k modules have some exported symbols for the common helpers
  and the recent fixes broke kABI of those.  They are specific to
  ath9k's own usages, so safe to ignore.
- commit b554871
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185727).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185727).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185727).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185727).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185727).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185727).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185727).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185727).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185727).
- hv: mana: fake bitmap API (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185727).
- hv: mana: adjust mana_select_queue to old API (jsc#SLE-18779, bsc#1185727).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185727).
- commit 037db9d
- Bluetooth: check for zapped sk before connecting (CVE-2021-3752
  bsc#1190023).
- commit 7504476
- net: sched: sch_teql: fix null-pointer dereference
  (bsc#1190717).
- commit 8424bb8
- s390/bpf: Fix optimizing out zero-extensions (bsc#1190601).
- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
  (bsc#1190601).
- s390/bpf: Fix branch shortening during codegen pass
  (bsc#1190601).
- s390/bpf: Wrap JIT macro parameter usages in parentheses
  (bsc#1190601).
- s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_*
  (bsc#1190601).
- commit 79e76b1
- s390/unwind: use current_frame_address() to unwind current task
  (bsc#1185677).
- commit 56c84a4
- ext4: fix race writing to an inline_data file while its xattrs
  are changing (bsc#1190159 CVE-2021-40490).
- commit 3973759
- crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
  (bsc#1189884 CVE-2021-3744 bsc#1190534 CVE-2021-3764).
- commit 5fef1e1
- ipc: remove memcg accounting for sops objects in do_semtimedop()
  (bsc#1190115).
- commit 2e73db0
- bpf: Fix leakage due to insufficient speculative store bypass mitigation
  (bsc#1188983, bsc#1188985, CVE-2021-34556, CVE-2021-35477).
- Refresh
  patches.kabi/bpf-prevent-memory-disambiguation-attack.patch.
- Refresh
  patches.kabi/bpf-prevent-out-of-bounds-speculation-on-pointer-ari.patch.
- commit 15cd454
- scsi: sg: add sg_remove_request in sg_write (bsc#1171420
  CVE-2020-12770).
- commit c1e2c47
- Bluetooth: schedule SCO timeouts with delayed_work
  (CVE-2021-3640 bsc#1188172).
- Refresh patches.kabi/bt_accept_enqueue-kabi-workaround.patch.
- Refresh patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch.
- commit adfd842
- Revert "/memcg: enable accounting for file lock caches (bsc#1190115)."/
  This reverts commit 912b4421a3e9bb9f0ef1aadc64a436666259bd4d.
  It's effectively upstream commit
  3754707bcc3e190e5dadc978d172b61e809cb3bd applied to kernel-source (to
  avoid proliferation of patches). Make a note in blacklist.conf too.
- commit 84da196
- kABI: revert change in struct bpf_insn_aux_data (bsc#1188983,
  bsc#1188985, CVE-2021-34556, CVE-2021-35477).
- commit 67f23e7
- vhost: scsi: add weight support (CVE-2019-3900 bsc#1133374).
- vhost: vsock: add weight support (CVE-2019-3900 bsc#1133374).
- vhost_net: fix possible infinite loop (CVE-2019-3900 bsc#1133374).
- refresh patches.kabi/kabi-mask-changes-to-vhost_dev_init-and-struct-vhost.patch
- kabi: mask changes to vhost_dev_init() and struct vhost_dev
  (CVE-2019-3900 bsc#1133374).
- vhost: introduce vhost_exceeds_weight() (CVE-2019-3900
  bsc#1133374).
- vhost_net: introduce vhost_exceeds_weight() (CVE-2019-3900
  bsc#1133374).
- refresh patches.suse/vhost-log-dirty-page-correctly.patch
- vhost_net: use packet weight for rx handler, too (CVE-2019-3900
  bsc#1133374).
- refresh patches.suse/vhost-log-dirty-page-correctly.patch
- vhost-net: set packet weight of tx polling to 2 * vq size
  (CVE-2019-3900 bsc#1133374).
- commit fac5272
- sctp: implement memory accounting on rx path (CVE-2019-3874
  bsc#1129898).
- sctp: implement memory accounting on tx path (CVE-2019-3874
  bsc#1129898).
- commit d1cd2ad
- Update
  patches.suse/l2tp-pass-tunnel-pointer-to-session_create.patch
  references (add CVE-2018-9517 bsc#1108488).
- commit 902e6bb
- memcg: enable accounting of ipc resources (bsc#1190115
  CVE-2021-3759).
- memcg: enable accounting for file lock caches (bsc#1190115).
- commit e2a14e4
- virtio_console: Assure used length from device is limited
  (CVE-2021-38160 bsc#1190117).
- commit 495fc27
- Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
  (CVE-2021-3640 bsc#1188172).
- commit d78ba89
- Move upstreamed BT fixes into sorted section
- commit 52a00c3
- vt_kdsetmode: extend console locking (bsc#1190025
  CVE-2021-3753).
- commit 9420ba7
- mm: vmscan: scan anonymous pages on file refaults (VM
  Performance, bsc#1183050).
- blacklist.conf: unblacklist the backported commit.
- Delete patches.suse/prevent-active-list-thrashing.patch.
- commit fae6d99
- ovl: prevent private clone if bind mount is not allowed
  (bsc#1189706, CVE-2021-3732).
- ovl: fix dentry leak in ovl_get_redirect (bsc#1189846).
- ovl: initialize error in ovl_copy_xattr (bsc#1189846).
- ovl: relax WARN_ON() on rename to self (bsc#1189846).
- ovl: filter of trusted xattr results in audit (bsc#1189846).
- ovl: check whiteout in ovl_create_over_whiteout() (bsc#1189846).
- commit 1f3eb84
- PCI: hv: Use expected affinity when unmasking IRQ (bsc#1185973).
- commit 68ed6c6
- bpf: Introduce BPF nospec instruction for mitigating Spectre v4
  (bsc#1188983, bsc#1188985, CVE-2021-34556, CVE-2021-35477).
- commit 84b20f7
- KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
  (bsc#1189399, CVE-2021-3653).
- KVM: nSVM: always intercept VMLOAD/VMSAVE when nested
  (bsc#1189400, CVE-2021-3656).
- KVM: X86: MMU: Use the correct inherited permissions to get
  shadow page (CVE-2021-38198 bsc#1189262).
- commit 9c35f8d
- Bluetooth: switch to lock_sock in SCO (CVE-2021-3640
  bsc#1188172).
- Bluetooth: avoid circular locks in sco_sock_connect
  (CVE-2021-3640 bsc#1188172).
- commit 73d3a49
- Bluetooth: defer cleanup of resources in hci_unregister_dev()
  (CVE-2021-3640 bsc#1188172).
- commit c8012e0
- usb: max-3421: Prevent corruption of freed memory
  (CVE-2021-38204 bsc#1189291).
- commit cfb9fc6
- tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop
  (CVE-2021-3679 bsc#1189057).
- commit dfd73b3
- s390/vtime: fix increased steal time accounting (bsc#1183861).
- commit 2cf28b7
- powerpc/pesries: Get STF barrier requirement from
  H_GET_CPU_CHARACTERISTICS (CVE-2018-3639 bsc#1087082 git-fixes bsc#1188885 ltc#193722).
- powerpc/security: Add a security feature for STF barrier
  (CVE-2018-3639 bsc#1087082 git-fixes bsc#1188885 ltc#193722).
- powerpc/pseries: Get entry and uaccess flush required bits
  from H_GET_CPU_CHARACTERISTICS (CVE-2020-4788 bsc#1177666 git-fixes bsc#1188885 ltc#193722).
- powerpc/64s: rename pnv|pseries_setup_rfi_flush to
  _setup_security_mitigations (CVE-2018-3639, bsc#1087082, bsc#1188885 ltc#193722).
- commit bd9e95f
- Update patch-mainline and git-commit tags
  Refresh:
  - patches.suse/0001-netfilter-conntrack-add-new-sysctl-to-disable-RST-ch.patch
  - patches.suse/0001-netfilter-conntrack-improve-RST-handling-when-tuple-.patch
- commit 4eda9fe
- net: mac802154: Fix general protection fault (CVE-2021-3659
  bsc#1188876).
- commit c0396b9
- xfrm: xfrm_state_mtu should return at least 1280 for ipv6
  (bsc#1185377).
- commit 6f8f910
- Update
  patches.suse/l2tp-ensure-sessions-are-freed-after-their-PPPOL2TP-.patch
  references (add CVE-2020-0429 bsc#1176724).
- Update
  patches.suse/l2tp-fix-race-between-l2tp_session_delete-and-l2tp_t.patch
  references (add CVE-2020-0429 bsc#1176724).
- commit b29ebd9
- use 3.0 SPDX identifier in rpm License tags
  As requested by Maintenance, change rpm License tags from "/GPL-2.0"/
  (SPDX 2.0) to "/GPL-2.0-only"/ (SPDX 3.0) so that their scripts do not have
  to adjust the tags with each maintenance update submission.
- commit f888e0b
- KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (bsc#1188838
  CVE-2021-37576).
- commit 50c1fab
- KVM: do not allow mapping valid but non-reference-counted pages
  (bsc#1186482, CVE-2021-22543).
- KVM: Use kvm_pfn_t for local PFN variable in
  hva_to_pfn_remapped() (bsc#1186482, CVE-2021-22543).
- KVM: do not assume PTE is writable after follow_pfn
  (bsc#1186482, CVE-2021-22543).
- kvm: Map PFN-type memory regions as writable (if possible)
  (bsc#1186482, CVE-2021-22543).
- commit 9c4f9b4
- Update seq_file fix to the upstreamed one and moved into sorted section (bsc#1188062, CVE-2021-33909).
- commit 175d85f
- rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap
  (boo#1184804).
- commit 5b51131
- netfilter: x_tables: fix compat match/target pad out-of-bound
  write (CVE-2021-22555 bsc#1188116).
- commit 62f1359
- rpm/kernel-binary.spec.in: Remove zdebug define used only once.
- commit 85a9fc2
- kernel-binary.spec: Exctract s390 decompression code (jsc#SLE-17042).
- commit 7f97df2
- seq_file: Disallow extremely large seq buffer allocations (bsc#1188062, CVE-2021-33909).
- commit c848c42
- kernel-binary.spec: Fix up usrmerge for non-modular kernels.
- commit d718cd9
- can: bcm: delay release of struct bcm_op after synchronize_rcu()
  (CVE-2021-3609 bsc#1187215).
- commit 36fe7da
- kernel-binary.spec: Remove obsolete and wrong comment
  mkmakefile is repleced by echo on newer kernel
- commit d9209e7
- s390/stack: fix possible register corruption with stack switch
  helper (git-fixes).
- commit addd920
- bpf: Fix leakage under speculation on mispredicted branches
  (bsc#1187554,CVE-2021-33624).
- commit daa92a2
- af_key: pfkey_dump needs parameter validation (CVE-2021-0605
  bsc#1187601).
- commit 685407a
- HID: make arrays usage and value to be the same (CVE-2021-0512
  bsc#1187595).
- commit 3d7a48c
- Update patch reference for a BT fix (CVE-2020-26558)
- commit ee30101
- can: bcm: fix infoleak in struct bcm_msg_head (CVE-2021-34693
  bsc#1187452).
- commit 8f80d3a
- x86/debug: Extend the lower bound of crash kernel low
  reservations (bsc#1153720).
- commit bd79de7
- UsrMerge the kernel (boo#1184804)
- Move files in /boot to modules dir
  The file names in /boot are included as %ghost links. The %post script
  creates symlinks for the kernel, sysctl.conf and System.map in
  /boot for compatibility. Some tools require adjustments before we
  can drop those links. If boot is a separate partition, a copy is
  used instead of a link.
  The logic for /boot/vmlinuz and /boot/initrd doesn't change with
  this patch.
- Use /usr/lib/modules as module dir when usermerge is active in the
  target distro.
- commit 6f5ed04
- kernel-binary.spec.in: Regenerate makefile when not using mkmakefile.
- commit 6b30fe5
- rpm/kernel-binary.spec.in: Fix handling of +arch marker (bsc#1186672)
  The previous commit made a module wrongly into Module.optional.
  Although it didn't influence on the end result, better to fix it.
  Also, add a comment to explain the markers briefly.
- commit 8f79742
- Add arch-dependent support markers in supported.conf (bsc#1186672)
  We may need to put some modules as supported only on specific archs.
  This extends the supported.conf syntax to allow to put +arch additionally
  after the unsupported marker, then it'll be conditionally supported on
  that arch.
- commit 8cbdb41
- Create Symbols.list and ipa-clones.list determistically
  without this patch, filesystem readdir order would influence
  order of entries in these files.
  This patch was done while working on reproducible builds for SLE.
- commit a898b6d
- RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy (bsc#1187050, CVE-2020-36385)
- commit ee0f2cc
- Bluetooth: SMP: Fail if remote and local public keys are
  identical (bsc#1186463 CVE-2021-0129).
- commit effcfea
- scsi: scsi_dh_alua: Retry RTPG on a different path after failure
  (bsc#1174978 bsc#1185701).
- commit 4cb9aa2
- kernel-binary.spec.in: Add Supplements: for -extra package on Leap
  kernel-$flavor-extra should supplement kernel-$flavor on Leap, like
  it does on SLED, and like the kernel-$flavor-optional package does.
- commit c60d87f
- Bluetooth: Fix slab-out-of-bounds read in
  hci_extended_inquiry_result_evt() (CVE-2020-36386 bsc#1187038).
- commit e0be120
- cfg80211: mitigate A-MSDU aggregation attacks (CVE-2020-24588
  bsc#1185861).
- commit 821e5ae
- Refresh patches.suse/bpf-prevent-out-of-bounds-speculation-on-pointer-ari.patch.
  Adjust the diff for fixup_bpf_calls() to apply to the correct code block
- commit dd58306
- kernel-binary.spec.in: build-id check requires elfutils.
- commit 01569b3
- kernel-binary.spec: Only use mkmakefile when it exists
  Linux 5.13 no longer has a mkmakefile script
- commit b453c7b
- bpf: No need to simulate speculative domain for immediates
  (bsc#1186484,CVE-2021-33200).
- bpf: Fix leakage of uninitialized bpf stack under speculation (bsc#1186484,CVE-2021-33200).
  Refresh patches.suse/bpf-Wrap-aux-data-inside-bpf_sanitize_info-container.patch
- bpf: Fix masking negation logic upon negative dst register
  (bsc#1186484,CVE-2021-33200).
- commit b1c6278
- netfilter: conntrack: add new sysctl to disable RST check
  (bsc#1183947 bsc#1185950).
- commit 5972e5e
- netfilter: conntrack: improve RST handling when tuple is re-used
  (bsc#1183947 bsc#1185950).
- commit 89e6630
- netfilter: conntrack: tcp: only close if RST matches exact
  sequence (bsc#1183947 bsc#1185950).
- commit cf78d2b
- netfilter: conntrack: avoid misleading 'invalid' in log message
  (bsc#1183947 bsc#1185950).
- commit 84ea6ba
- bpf: Fix mask direction swap upon off reg sign change
  (bsc#1186484,CVE-2021-33200).
- bpf: Wrap aux data inside bpf_sanitize_info container
  (bsc#1186484,CVE-2021-33200).
- commit 3ce8728
- Refresh ibmvfc patch metadata, move to sorted section.
- commit 02394ef
- powerpc/64s: Fix crashes when toggling entry flush barrier
  (CVE-2020-4788 bsc#1177666 git-fixes).
- commit 3917f8f
- powerpc/64s: Fix crashes when toggling stf barrier (CVE-2018-3639 bsc#1087082 git-fixes).
- commit 2a6a70d
- kabi: preserve struct header_ops after bsc#1176081 fix
  (bsc#1176081).
- commit 2b91b1b
- af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL
  (bsc#1176081).
- commit bf20724
- net/mlx5e: Trust kernel regarding transport offset
  (bsc#1176081).
- commit 7908247
- net/mlx5e: Remove the wrong assumption about transport offset
  (bsc#1176081).
- commit 35ee981
- net/packet: Remove redundant skb->protocol set (bsc#1176081).
- commit e1457ed
- net/packet: Ask driver for protocol if not provided by user
  (bsc#1176081).
- commit 9aa68b6
- net/ethernet: Add parse_protocol header_ops support
  (bsc#1176081).
- commit 5cf046a
- net: Introduce parse_protocol header_ops callback (bsc#1176081).
- commit e56ccb3
- net: Don't set transport offset to invalid value (bsc#1176081).
  Refresh patches.suse/tun-properly-test-for-IFF_UP.patch
- commit 1123c1a
- video: hyperv_fb: Add ratelimit on error message (bsc#1185724).
- Drivers: hv: vmbus: Increase wait time for VMbus unload
  (bsc#1185724).
- Drivers: hv: vmbus: Initialize unload_event statically
  (bsc#1185724).
- commit 5e352aa
- kABI workaround for hci_chan amp field addition (CVE-2021-33034
  bsc#1186111).
- commit 53b1091
- Bluetooth: verify AMP hci_chan before amp_destroy
  (CVE-2021-33034 bsc#1186111).
- commit daddd4e
- Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG for x86 (bsc#1180846).
- commit 5cf1721
- Update config files: disable CONFIG_CSD_LOCK_WAIT_DEBUG (bsc#1180846).
- commit b7b98a2
- kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846).
- commit 4426b12
- kABI: Fix kABI after modifying struct __call_single_data
  (bsc#1180846).
- commit 39d873a
- smp: Add source and destination CPUs to __call_single_data
  (bsc#1180846).
- commit b94afbf
- kernel/smp: make csdlock timeout depend on boot parameter
  (bsc#1180846).
- commit cbfad8d
- kernel/smp: add more data to CSD lock debugging (bsc#1180846).
- commit 1b2a824
- kernel/smp: prepare more CSD lock debugging (bsc#1180846).
- commit f3477b9
- kernel/smp: add boot parameter for controlling CSD lock
  debugging (bsc#1180846).
- commit a5772cf
- Correct CVE number for a mac80211 fix (CVE-2020-26139 bsc#1186062)
- commit 9e5446b
- net/nfc: fix use-after-free llcp_sock_bind/connect
  (CVE-2021-23134 bsc#1186060).
- commit 577df82
- kABI workaround for cfg80211 changes (CVE-2020-24586
  bsc#1185859).
- ath10k: Validate first subframe of A-MSDU before processing
  the list (CVE-2020-26141 bsc#1185863 bsc#1185987).
- ath10k: Fix TKIP Michael MIC verification for PCIe
  (CVE-2020-26141 bsc#1185863 bsc#1185987).
- ath10k: drop fragments with multicast DA for PCIe
  (CVE-2020-26145 bsc#1185860).
- mac80211: extend protection against mixed key and fragment
  cache attacks (CVE-2020-24586 bsc#1185859).
- mac80211: do not accept/forward invalid EAPOL frames
  (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862
  bsc#1185859).
- mac80211: prevent attacks on TKIP/WEP as well (CVE-2020-24586
  bsc#1185859).
- mac80211: check defrag PN against current frame (CVE-2020-24587
  CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859).
- mac80211: add fragment cache to sta_info (CVE-2020-24587
  CVE-2020-24586 bsc#1185863 bsc#1185859).
- mac80211: drop A-MSDUs on old ciphers (CVE-2020-24587
  CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859).
- mac80211: properly handle A-MSDUs that start with an RFC 1042
  header (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862
  bsc#1185859).
- mac80211: prevent mixed key and fragment cache attacks
  (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862
  bsc#1185859).
- mac80211: assure all fragments are encrypted (CVE-2020-26147
  bsc#1185863 bsc#1185859).
- commit f9c088d
- ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
- ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938
  ltc#192043).
- ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
- commit 9530ba8
- scripts/git_sort/git_sort.py: add bpf git repo
- commit 65979e3
- proc: Avoid mixing integer types in mem_rw() (CVE-2021-3491
  bsc#1185642).
- commit fb84449
- blacklist: add commit b166a20b0738
  Mainline commit b166a20b0738 ("/net/sctp: fix race condition in
  sctp_destroy_sock"/) was found buggy so that it was reverted by commit
  01bfe5e8e428 ("/Revert "/net/sctp: fix race condition in sctp_destroy_sock"/"/)
  and replaced by a new fix, commit 34e5b0118685 ("/sctp: delay auto_asconf
  init until binding the first addr"/).
- commit 23ad848
- sctp: delay auto_asconf init until binding the first addr
  (CVE-2021-23133 bsc#1184675).
- commit c06b5aa
- bluetooth: eliminate the potential race condition when removing
  the HCI controller (CVE-2021-32399 bsc#1185898).
- commit 4b51cab
- kernel-docs.spec.in: Build using an utf-8 locale.
  Sphinx cannot handle UTF-8 input in non-UTF-8 locale.
- commit 0db6da1
- md/raid1: properly indicate failure when ending a failed write
  request (bsc#1185680).
- commit d29842e
- s390/entry: save the caller of psw_idle (bsc#1185677).
- commit 3c0dc03
- rpm: drop /usr/bin/env in interpreter specification
  OBS checks don't like /usr/bin/env in script interpreter lines but upstream
  developers tend to use it. A proper solution would be fixing the depedency
  extraction and drop the OBS check error but that's unlikely to happen so
  that we have to work around the problem on our side and rewrite the
  interpreter lines in scripts before collecting files for packages instead.
- commit 45c5c1a
- scripts/git_sort/git_sort.py: Update nvme repositories
- commit e849c44
- Update
  patches.suse/net-fix-race-condition-in-__inet_lookup_established.patch
  (bsc#1151794 bsc#1180624).
- handle also the opposite type of race condition
- commit 9395ee0
- KVM: Add proper lockdep assertion in I/O bus unregister
  (CVE-2020-36312 bsc#1184509).
- KVM: Stop looking for coalesced MMIO zones if the bus is
  destroyed (CVE-2020-36312 bsc#1184509).
- KVM: Destroy I/O bus devices on unregister failure _after_
  sync'ing SRCU (CVE-2020-36312 bsc#1184509).
- commit bc1f707
- dm: fix redundant IO accounting for bios that need splitting
  (bsc#1183738).
- commit 9cc6704
- rpm/constraints.in: bump disk space to 45GB on riscv64
- commit f8b883f
- rpm/constraints.in: remove aarch64 disk size exception
  obs://Kernel:stable/kernel-default/ARM/aarch64 currrently fails:
  installing package kernel-default-livepatch-devel-5.12.0-3.1.g6208a83.aarch64 needs 3MB more space on the / filesystem
  The stats say:
  Maximal used disk space: 31799 Mbyte
  By default, we require 35G. For aarch64 we had an exception to lower
  this limit to 30G there. Drop this exception as it is obviously no
  longer valid.
- commit ee00b50
- hv_netvsc: remove ndo_poll_controller (bsc#1185248).
- commit 2667ed7
- netfilter: x_tables: Use correct memory barriers (bsc#1184208
  CVE-2021-29650).
- commit 719c6a8
- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
- commit 52805ed
- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
  Previously essiv was part of dm-crypt but now it is separate.
  Include the module in kernel-obs-build when available.
  Fixes: 7cf5b9e26d87 ("/rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup"/)
- commit fe15b78
- Revert "/rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)"/
  This turned out to be a bad idea: the kernel-$flavor-devel package
  must be usable without kernel-$flavor, e.g. at the build of a KMP.
  And this change brought superfluous installation of kernel-preempt
  when a system had kernel-syms (bsc#1185113).
- commit d771304
- rpm/check-for-config-changes: add AS_HAS_* to ignores
  arch/arm64/Kconfig defines a lot of these. So far our current compilers
  seem to support them all. But it can quickly change with SLE later.
- commit a4d8194
- bpf: Tighten speculative pointer arithmetic mask (bsc#1184942
  CVE-2021-29155).
- bpf: Move sanitize_val_alu out of op switch (bsc#1184942
  CVE-2021-29155).
- bpf: Refactor and streamline bounds check into helper
  (bsc#1184942 CVE-2021-29155).
- bpf: Improve verifier error messages for users (bsc#1184942
  CVE-2021-29155).
- bpf: Rework ptr_limit into alu_limit and add common error path
  (bsc#1184942 CVE-2021-29155).
- bpf: Ensure off_reg has no mixed signed bounds for all types
  (bsc#1184942 CVE-2021-29155).
- bpf: Move off_reg into sanitize_ptr_alu (bsc#1184942
  CVE-2021-29155).
- commit c3fe286
- blacklist.conf: Add b6b79dd53082 powerpc/64s: Fix allnoconfig build
  since uaccess flush
- commit e9d5937
- Refresh ppc L1D flush patch metadata.
- commit 9db13af
- rpm/check-for-config-changes: remove stale comment
  It is stale since 8ab393bf905a committed in 2005 :).
- commit c9f9f5a
- rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650)
- commit f37613f
- Update bsc#1184170 fixes to fix a mistakenly modified BPF instruction
- Refresh
  patches.suse/bpf-Fix-32-bit-src-register-truncation-on-div-mod.patch.
- Refresh
  patches.suse/bpf-Fix-truncation-handling-for-mod32-dst-reg-wrt-ze.patch
- commit e62aa97
- KVM: SVM: avoid infinite loop on NPF from bad address (CVE-2020-36310 bsc#1184512).
- commit a90e23c
- rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)
  The devel package requires the kernel binary package itself for building
  modules externally.
- commit 794be7b
- KVM: fix memory leak in kvm_io_bus_unregister_dev() (CVE-2020-36312 bsc#1184509).
- commit 8663791
- xen/events: fix setting irq affinity (bsc#1184583 XSA-332
  CVE-2020-27673).
- commit de73046
- bpf, x86: Validate computation of branch displacements for
  x86-64 (bsc#1184391 CVE-2021-29154).
- commit 1d1eb4d
- nfc: Avoid endless loops caused by repeated llcp_sock_connect()
  (CVE-2020-25673 bsc#1178181).
- nfc: fix memory leak in llcp_sock_connect() (CVE-2020-25672
  bsc#1178181).
- nfc: fix refcount leak in llcp_sock_connect() (CVE-2020-25671
  bsc#1178181).
- nfc: fix refcount leak in llcp_sock_bind() (CVE-2020-25670
  bsc#1178181).
- commit 71faffc
- KVM: SVM: Periodically schedule when unregistering regions on
  destroy (bsc#1184511 CVE-2020-36311).
- commit e140650
- rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12.
- commit bd64cb2
- post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388).
- commit 18f65df
- Update bsc#1184170 fixes to do 32bit jump correctly
- Refresh
  patches.suse/bpf-Fix-32-bit-src-register-truncation-on-div-mod.patch.
- Refresh
  patches.suse/bpf-Fix-truncation-handling-for-mod32-dst-reg-wrt-ze.patch.
- commit c609295
- ibmvnic: Clear failover_pending if unable to schedule
  (bsc#1181960 ltc#190997).
- commit ce0766a
- fuse: fix live lock in fuse_iget() (bsc#1184211 CVE-2021-28950).
- fuse: fix bad inode (bsc#1184211 CVE-2020-36322).
- commit 920863f
- hv: clear ring_buffer pointer during cleanup (part of ae6935ed) (bsc#1181032).
- commit d0dbce1
- media: v4l: ioctl: Fix memory leak in video_usercopy
  (bsc#1184120 CVE-2021-30002).
- commit 08b20fe
- firewire: nosy: Fix a use-after-free bug in nosy_ioctl()
  (CVE-2021-3483 bsc#1184393).
- commit 9292696
- Update patch reference of tty fix (CVE-2021-20219 bsc#1184397)
- commit b4b1b38
- btrfs: fix race when cloning extent buffer during rewind of
  an old root (bsc#1184193 CVE-2021-28964).
- commit 8039ed4
- bpf: Fix truncation handling for mod32 dst reg wrt zero
  (bsc#1184170 CVE-2021-3444).
- bpf: Fix 32 bit src register truncation on div/mod
  (bsc#1184170).
- commit 0962666
- bpf: fix subprog verifier bypass by div/mod by 0 exception (bsc#1184170).
- Refresh
  patches.suse/bpf-move-tmp-variable-into-ax-register-in-interprete.patch.
- commit 4d5a2c3
- perf/x86/intel: Fix a crash caused by zero PEBS status
  (CVE-2021-28971 bsc#1184196).
- commit 40c1d32
- xen-blkback: don't leak persistent grants from xen_blkbk_map()
  (bsc#1183646, CVE-2021-28688, XSA-371).
- commit 55909b8
- usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
  (CVE-2021-29265 bsc#1184167).
- commit 6095add
- gianfar: fix jumbo packets+napi+rx overrun crash (CVE-2021-29264
  bsc#1184168).
- commit 9dcbb37
- PCI: rpadlpar: Fix potential drc_name corruption in store
  functions (CVE-2021-28972 bsc#1184198).
- commit 6348e09
- net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()
  (CVE-2021-29647 bsc#1184192).
- commit 3ab36f2
- bpf: Add sanity check for upper ptr_limit (bsc#1183686
  bsc#1183775).
- bpf: Simplify alu_limit masking for pointer arithmetic
  (bsc#1183686 bsc#1183775).
- bpf: Fix off-by-one for area size in creating mask to left
  (bsc#1183775 CVE-2020-27171).
- bpf: Prohibit alu ops for pointer types not defining ptr_limit
  (bsc#1183686 CVE-2020-27170).
- commit dbf16ca
- Fix a typo in r8188eu fix patch that caused a build error (CVE-2021-28660 bsc#1183593)
- commit b574698
- Update patch reference for x25 fix (CVE-2020-35519 bsc#1183696)
- commit c241986
- staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
  (CVE-2021-28660 bsc#1183593).
- commit 5b4b262
- Update tags
  patches.suse/ext4-check-journal-inode-extents-more-carefully.patch
  (bsc#1173485 bsc#1183509 CVE-2021-3428).
- commit f1fc1ff
- blk-mq: move _blk_mq_update_nr_hw_queues synchronize_rcu call
  (CVE-2020-0433 bsc#1176720).
- blk-mq: Allow blocking queue tag iter callbacks (CVE-2020-0433
  bsc#1176720 bsc#1167316).
- commit 7fb1c08
- Update
  patches.suse/Xen-gnttab-handle-p2m-update-errors-on-a-per-slot-ba.patch
  (bsc#1183022 XSA-367 CVE-2021-28038): added CVE number
- Update
  patches.suse/xen-netback-respect-gnttab_map_refs-s-return-value.patch
  (bsc#1183022 XSA-367 CVE-2021-28038): added CVE number
- commit cfcdec5
- xen/events: avoid handling the same event on two cpus at the
  same time (bsc#1183638 XSA-332 CVE-2020-27673).
- commit 89c8a49
- xen/events: don't unmask an event channel when an eoi is pending
  (bsc#1183638 XSA-332 CVE-2020-27673).
- commit e4088d0
- xen/events: reset affinity of 2-level event when tearing it down
  (bsc#1183638 XSA-332 CVE-2020-27673).
- commit 6e06fe9
- jfs: Fix array index bounds check in dbAdjTree  (bsc#1179454 CVE-2020-27815).
- commit 981c2ff
- rpm/check-for-config-changes: comment on the list
  To explain what it actually is.
- commit e94bacf
- rpm/check-for-config-changes: define ignores more strictly
  * search for whole words, so make wildcards explicit
  * use ' for quoting
  * prepend CONFIG_ dynamically, so it need not be in the list
- commit f61e954
- rpm/check-for-config-changes: sort the ignores
  They are growing so to make them searchable by humans.
- commit 67c6b55
- rpm/check-for-config-changes: add -mrecord-mcount ignore
  Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig)
  upstream.
- commit 018b013
- Correct bugzilla reference (CVE-2021-27365 CVE-2021-27363 CVE-2021-27364 bsc#1182716 bsc#1182717 bsc#1182715)
- commit e2a0905
- scsi: iscsi: Verify lengths on passthrough PDUs (CVE-2021-27365
  bsc#182715).
- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
  (CVE-2021-27365 bsc#182715).
- scsi: iscsi: Restrict sessions and handles to admin capabilities
  (CVE-2021-27363 CVE-2021-27364 bsc#182716 bsc#182717).
- commit ee332c8
- rpm/check-for-config-changes: declare sed args as an array
  So that we can reuse it in both seds.
  This also introduces IGNORED_CONFIGS_RE array which can be easily
  extended.
- commit a1976d2
- xen-netback: respect gnttab_map_refs()'s return value
  (bsc#1183022 XSA-367).
- commit 6e61f26
- Xen/gnttab: handle p2m update errors on a per-slot basis
  (bsc#1183022 XSA-367).
- commit 1ab6d01
- rpm/check-for-config-changes: ignore more configs
  Specifially, these:
  * CONFIG_CC_HAS_*
  * CONFIG_CC_HAVE_*
  * CONFIG_CC_CAN_*
  * CONFIG_HAVE_[A-Z]*_COMPILER
  * CONFIG_TOOLS_SUPPORT_*
  are compiler specific too. This will allow us to use super configs
  using kernel's dummy-tools.
- commit d12dcbd
- Refresh
  patches.suse/cifs-introduce-helper-for-finding-referral-server.patch.
- commit 5c4b443
- x86/hyperv: Fix kexec panic/hang issues (bsc#1176831).
- commit 6da2889
- cifs: fix nodfs mount option (bsc#1180906).
- commit d3637e8
- cifs: introduce helper for finding referral server
  (bsc#1180906).
- commit 4cf3344
- cifs: check all path components in resolved dfs target
  (bsc#1180906).
- commit 85ef5ca
- cifs: fix check of tcon dfs in smb1 (bsc#1180906).
- commit 872e6be
- Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() (git-fixes).
- commit 6a804a8
- mm, THP, swap: make reuse_swap_page() works for THP swapped out
  (partial) (CVE-2020-29368, bsc#1179660.).
- commit 556db3f
- mm: thp: fix MADV_REMOVE deadlock on shmem THP (CVE-2020-29368,
  bsc#1179660.).
- commit 4eb863b
- mm: thp: make the THP mapcount atomic against
  __split_huge_pmd_locked() (CVE-2020-29368, bsc#1179660.).
- commit 2881aaa
- ibmvnic: fix a race between open and reset (bsc#1176855
  ltc#187293).
- commit c2ff1c3
- macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672).
  Since rpm 4.16 files installed during build phase are lost.
- commit d0b887e
- rpm/kernel-subpackage-build: Workaround broken bot
  (https://github.com/openSUSE/openSUSE-release-tools/issues/2439)
- commit b74d860
- xen-blkback: fix error handling in xen_blkbk_map() (XSA-365
  CVE-2021-26930 bsc#1181843).
- commit 0ed98dc
- xen-scsiback: don't "/handle"/ error by BUG() (XSA-362
  CVE-2021-26931 bsc#1181753).
- commit b067c04
- xen-netback: don't "/handle"/ error by BUG() (XSA-362
  CVE-2021-26931 bsc#1181753).
- commit 4c9cf8b
- xen-blkback: don't "/handle"/ error by BUG() (XSA-362
  CVE-2021-26931 bsc#1181753).
- commit 603464d
- xen/arm: don't ignore return errors from set_phys_to_machine
  (XSA-361 CVE-2021-26932 bsc#1181747).
- commit 9ff68db
- Xen/gntdev: correct error checking in gntdev_map_grant_pages()
  (XSA-361 CVE-2021-26932 bsc#1181747).
- commit 7fd73db
- Xen/gntdev: correct dev_bus_addr handling in
  gntdev_map_grant_pages() (XSA-361 CVE-2021-26932 bsc#1181747).
- commit 131ffb6
- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()
  (XSA-361 CVE-2021-26932 bsc#1181747).
- commit 4b44d15
- Xen/x86: don't bail early from clear_foreign_p2m_mapping()
  (XSA-361 CVE-2021-26932 bsc#1181747).
- commit 92a5a6c
- xen/netback: fix spurious event detection for common event case
  (bsc#1182175).
- commit 1f35f61
- kernel-binary.spec: Add back initrd and image symlink ghosts to
  filelist (bsc#1182140).
  Fixes: 76a9256314c3 ("/rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082)."/)
- commit 606c9d1
- rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058)
- commit c29e77d
- scsi/fc: kABI fixes for new ELS_FPIN definition (bsc#1181441)
- commit 2714ba6
- scsi: qla2xxx: Fix description for parameter
  ql2xenforce_iocb_limit (bsc#1181441).
- scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1181441).
- scsi: qla2xxx: Fix device loss on 4G and older HBAs
  (bsc#1181441).
- scsi: qla2xxx: If fcport is undergoing deletion complete I/O
  with retry (bsc#1181441).
- scsi: qla2xxx: Fix the call trace for flush workqueue
  (bsc#1181441).
- scsi: qla2xxx: Fix flash update in 28XX adapters on big endian
  machines (bsc#1181441).
- scsi: qla2xxx: Handle aborts correctly for port undergoing
  deletion (bsc#1181441).
- scsi: qla2xxx: Fix N2N and NVMe connect retry failure
  (bsc#1181441).
- scsi: qla2xxx: Fix FW initialization error on big endian
  machines (bsc#1181441).
- scsi: qla2xxx: Fix crash during driver load on big endian
  machines (bsc#1181441).
- scsi: qla2xxx: Fix compilation issue in PPC systems
  (bsc#1181441).
- scsi: qla2xxx: Don't check for fw_started while posting NVMe
  command (bsc#1181441).
- scsi: qla2xxx: Tear down session if FW say it is down
  (bsc#1181441).
- scsi: qla2xxx: Limit interrupt vectors to number of CPUs
  (bsc#1181441).
  Refresh:
  - patches.suse/qla2xxx-allow-irqbalance-control-in-non-MQ-mode.patch
- scsi: qla2xxx: Change post del message from debug level to
  log level (bsc#1181441).
- scsi: qla2xxx: Remove trailing semicolon in macro definition
  (bsc#1181441).
- scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code
  (bsc#1181441).
- scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt())
  (bsc#1181441).
- scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code
  (bsc#1181441).
- scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1181441).
- scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG
  (bsc#1181441).
- scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1181441).
- scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1181441).
- scsi: qla2xxx: Fix return of uninitialized value in rval
  (bsc#1181441).
- scsi: qla2xxx: Initialize variable in qla8044_poll_reg()
  (bsc#1181441).
- scsi: qla2xxx: Use constant when it is known (bsc#1181441).
- scsi: qla2xxx: Fix inconsistent format argument type in
  qla_dbg.c (bsc#1181441).
- scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c
  (bsc#1181441).
- scsi: qla2xxx: Fix inconsistent format argument type in
  tcm_qla2xxx.c (bsc#1181441).
- scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1181441).
- scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue
  (bsc#1181441).
- scsi: qla2xxx: Fix crash on session cleanup with unload
  (bsc#1181441).
- scsi: qla2xxx: Fix reset of MPI firmware (bsc#1181441).
- scsi: qla2xxx: Fix MPI reset needed message (bsc#1181441).
- scsi: qla2xxx: Fix buffer-buffer credit extraction error
  (bsc#1181441).
- scsi: qla2xxx: Correct the check for sscanf() return value
  (bsc#1181441).
- scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1181441).
- scsi: qla2xxx: Add SLER and PI control support (bsc#1181441).
- scsi: qla2xxx: Add IOCB resource tracking (bsc#1181441).
- scsi: qla2xxx: Add rport fields in debugfs (bsc#1181441).
- scsi: qla2xxx: Make tgt_port_database available in initiator
  mode (bsc#1181441).
- scsi: qla2xxx: Fix I/O errors during LIP reset tests
  (bsc#1181441).
- scsi: qla2xxx: Performance tweak (bsc#1181441).
- scsi: qla2xxx: Fix memory size truncation (bsc#1181441).
- scsi: qla2xxx: Reduce duplicate code in reporting speed
  (bsc#1181441).
- scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec
  (bsc#1181441).
- scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices
  (bsc#1181441).
- scsi: qla2xxx: Setup debugfs entries for remote ports
  (bsc#1181441).
- scsi: qla2xxx: Fix I/O failures during remote port toggle
  testing (bsc#1181441).
- scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1181441).
- scsi: qla2xxx: Log calling function name in
  qla2x00_get_sp_from_handle() (bsc#1181441).
- scsi: qla2xxx: Simplify return value logic in
  qla2x00_get_sp_from_handle() (bsc#1181441).
- scsi: qla2xxx: Warn if done() or free() are called on an
  already freed srb (bsc#1181441).
- scsi: qla2xxx: Fix the return value (bsc#1181441).
- scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba()
  (bsc#1181441).
- scsi: qla2xxx: Fix wrong return value in
  qlt_chk_unresolv_exchg() (bsc#1181441).
- scsi: qla2xxx: Remove redundant variable initialization
  (bsc#1181441).
- scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()'
  call (bsc#1181441).
- scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1181441).
- scsi: qla2xxx: Remove superfluous memset() (bsc#1181441).
- scsi: qla2xxx: Fix regression on sparc64 (bsc#1181441).
- scsi: qla2xxx: Fix null pointer access during disconnect from
  subsystem (bsc#1181441).
- scsi: qla2xxx: Check if FW supports MQ before enabling
  (bsc#1181441).
- scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba
  (bsc#1181441).
- scsi: qla2xxx: Allow ql2xextended_error_logging special value
  1 to be set anytime (bsc#1181441).
- scsi: qla2xxx: Reduce noisy debug message (bsc#1181441).
- scsi: qla2xxx: Fix login timeout (bsc#1181441).
- scsi: qla2xxx: Indicate correct supported speeds for Mezz card
  (bsc#1181441).
- scsi: qla2xxx: Flush I/O on zone disable (bsc#1181441).
- scsi: qla2xxx: Flush all sessions on zone disable (bsc#1181441).
- scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout
  values (bsc#1181441).
- scsi: qla2xxx: Address a set of sparse warnings (bsc#1181441).
- scsi: qla2xxx: SAN congestion management implementation
  (bsc#1181441).
- scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests
  (bsc#1181441).
- scsi: qla2xxx: Introduce a function for computing the debug
  message prefix (bsc#1181441).
- scsi: qla2xxx: Make qla2x00_restart_isp() easier to read
  (bsc#1181441).
- scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump()
  (bsc#1181441).
- scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits
  of request_t.handle (bsc#1181441).
- scsi: qla2xxx: Remove a superfluous cast (bsc#1181441).
- scsi: qla2xxx: Initialize 'n' before using it (bsc#1181441).
- scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier
  to read (bsc#1181441).
- scsi: qla2xxx: Remove the __packed annotation from struct
  fcp_hdr and fcp_hdr_le (bsc#1181441).
- scsi: qla2xxx: Check the size of struct fcp_hdr at compile time
  (bsc#1181441).
- scsi: Fix trivial spelling (bsc#1181441).
- scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs()
  (bsc#1181441).
- scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1181441).
- scsi: qla2xxx: Remove return value from qla_nvme_ls()
  (bsc#1181441).
- scsi: qla2xxx: Remove an unused function (bsc#1181441).
- scsi: qla2xxx: Fix endianness annotations in source files
  (bsc#1181441).
  Refresh:
  - patches.suse/scsi-qla2xxx-Set-NVMe-status-code-for-failed-NVMe-FC.patch
- scsi: qla2xxx: Fix endianness annotations in header files
  (bsc#1181441).
- scsi: qla2xxx: Use make_handle() instead of open-coding it
  (bsc#1181441).
- scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t
  (bsc#1181441).
- scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from
  upper case into lower case (bsc#1181441).
- scsi: qla2xxx: Fix the code that reads from mailbox registers
  (bsc#1181441).
- scsi: qla2xxx: Use register names instead of register offsets
  (bsc#1181441).
- scsi: qla2xxx: Change two hardcoded constants into offsetof()
  / sizeof() expressions (bsc#1181441).
- scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg
  to FCP_PRIO_CFG_SIZE (bsc#1181441).
- scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit
  (bsc#1181441).
- scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1181441).
- scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically
  (bsc#1181441).
- scsi: qla2xxx: Simplify the functions for dumping firmware
  (bsc#1181441).
- scsi: qla2xxx: Fix spelling of a variable name (bsc#1181441).
- scsi: qla2xxx: Make qlafx00_process_aen() return void
  (bsc#1181441).
- scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1181441).
- scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1181441).
- scsi: qla2xxx: Make qla_set_ini_mode() return void
  (bsc#1181441).
- scsi: qla2xxx: Fix issue with adapter's stopping state
  (bsc#1181441).
- scsi: qla2xxx: Fix failure message in qlt_disable_vha()
  (bsc#1181441).
- scsi: qla2xxx: Fix warning after FC target reset (bsc#1181441).
- scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1181441).
- scsi: qla2xxx: Fix MPI failure AEN (8200) handling
  (bsc#1181441).
- scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it
  (bsc#1181441).
- scsi: qla2xxx: Split qla2x00_configure_local_loop()
  (bsc#1181441).
- scsi: fc: Update Descriptor definition and add RDF and Link
  Integrity FPINs (bsc#1181441).
- scsi: scsi_transport_fc: Add FPIN fc event codes (bsc#1181441).
- scsi: scsi_transport_fc: refactor event posting routines
  (bsc#1181441).
- scsi: fc: add FPIN ELS definition (bsc#1181441).
- commit 951e0ba
- xen/netback: avoid race in xenvif_rx_ring_slots_available()
  (bsc#1065600).
- commit 8f2c4d9
- objtool: Don't fail on missing symbol table (bsc#1192379).
- commit e7ec5af
- rpm/kernel-binary.spec.in: Correct Supplements in optional subpkg (jsc#SLE-11796)
  The product string was changed from openSUSE to Leap.
- commit 3cb7943
- blacklist.conf: Add 08685be7761d powerpc/64s: fix scv entry fallback flush vs interrupt
  No scv support.
- commit f4c561c
- Exclude Symbols.list again.
  Removing the exclude builds vanilla/linux-next builds.
  Fixes: 55877625c800 ("/kernel-binary.spec.in: Package the obj_install_dir as explicit filelist."/)
- commit a1728f2
- ibmvnic: continue fatal error reset after passive init
  (bsc#1171078 ltc#184239 git-fixes).
- commit 5749efe
- ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231
  git-fixes).
- commit 5c51f87
- ibmvnic: delay next reset if hard reset fails (bsc#1094840
  ltc#167098 git-fixes).
- ibmvnic: restore adapter state on failed reset (bsc#1152457
  ltc#174432 git-fixes).
- ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231
  git-fixes).
- ibmvnic: enhance resetting status check during module exit
  (bsc#1065729).
- ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues
  (FATE#322021 bsc#1040855 ltc#155067 git-fixes).
- commit 0755e1a
- rpm/kernel-{source,binary}.spec: do not include ghost symlinks
  (boo#1179082).
- commit 76a9256
- scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section
- commit 965157e
- rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045)
  egrep is only a deprecated bash wrapper for "/grep -E"/. So use the latter
  instead.
- commit 63d7072
- kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082)
- commit adf56a8
- rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014)
  %split_extra still contained two.
- commit d9b4c40
- kernel-source.spec: Fix build with rpm 4.16 (boo#1179015).
  RPM_BUILD_ROOT is cleared before %%install. Do the unpack into
  RPM_BUILD_ROOT in %%install
- commit 13bd533
- rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014)
  Author: Dominique Leuenberger <dimstar@opensuse.org>
- commit 21f8205
- rpm/mkspec: do not build kernel-obs-build on x86_32
  We want to use 64bit kernel due to various bugs (bsc#1178762 to name
  one).
  There is:
  ExportFilter: ^kernel-obs-build.*.x86_64.rpm$ . i586
  in Factory's prjconf now. No other actively maintained distro (i.e.
  merging packaging branch) builds a x86_32 kernel, hence pushing to
  packaging directly.
- commit 8099b4b
- powerpc/vnic: Extend "/failover pending"/ window (bsc#1176855
  ltc#187293).
- commit 76b80e4
- Updated Copyright line in rpm templates with SUSE LLC
- commit 39a1fcf
- rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401)
- commit 33ded45
- rpm/kernel-binary.spec.in: Fix compressed module handling for in-tree KMP (jsc#SLE-10886)
  The in-tree KMP that is built with SLE kernels have a different scriptlet
  that is embedded in kernel-binary.spec.in rather than *.sh files.
- commit e32ee2c
- rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592)
- commit 552ec97
- kernel-binary.spec.in: pack scripts/module.lds into kernel-$flavor-devel
  Since mainline commit 596b0474d3d9 ("/kbuild: preprocess module linker
  script"/) in 5.10-rc1, scripts/module.lds linker script is needed to build
  out of tree modules. Add it into kernel-$flavor-devel subpackage.
- commit fe37c16
- rpm/split-modules: Avoid errors even if Module.* are not present
- commit 752fbc6
- coredump: fix crash when umh is disabled (bsc#1177753, bsc#1182194).
- commit 2d7672f
- Add the support for kernel-FLAVOR-optional subpackage (jsc#SLE-11796)
  This change allows to create kernel-*-optional subpackage containing
  the modules that are not shipped on SLE but only on Leap.  Those
  modules are marked in the new "/-!optional"/ marker in supported.conf.
  Flip split_optional definition in kernel-binaries.spec.in for the
  branch that needs the splitting.
- commit 1fa25f8
- kernel-binary.spec.in: Exclude .config.old from kernel-devel
  - use tar excludes for .kernel-binary.spec.buildenv
- commit 939a79b
- ibmvnic: add missing parenthesis in do_reset() (bsc#1176700
  ltc#188140).
- commit 8875ac3
- ibmvnic fix NULL tx_pools and rx_tools issue at do_reset
  (bsc#1175873 ltc#187922).
- commit 5929ac3
- ext4: check journal inode extents more carefully (bsc#1173485).
- commit 794d98a
- ext4: don't allow overlapping system zones (bsc#1173485).
- commit 9b895a5
- ext4: handle error of ext4_setup_system_zone() on remount
  (bsc#1173485).
- commit 7164881
- net_sched: cls_route: remove the right filter from hashtable
  (networking-stable-20_03_28).
- commit a96d7a8
- block: don't use blocking queue entered for recursive bio
  (bsc#1104967,FATE#325924).
- commit d4e47bf
less
- Add missing runtime dependency on which, which is used by lessopen.sh.
  Fix bsc#1190552.
libX11
- redone U_CVE-2021-31535.patch due to regressions (boo#1186643)
  * fixes segfaults for xforms applications like fdesign
- U_CVE-2021-31535.patch
  * adds missing request length checks in libX11 (CVE-2021-31535,
    bsc#1182506)
libcap
- Add explicit dependency on libcap2 with version to libcap-progs
  (bsc#1184690, bsc#1184434)
- Update to libcap 2.26 for supporting the ambient capabilities
  (jsc#SLE-17092, jsc#ECO-3460)
- Drop obsoleted patch:
  libcap-missing-capabilities.patch
- Use "/or"/ in the license tag to avoid confusion (bsc#1180073)
libesmtp
- Add libesmtp-fix-cve-2019-19977.patch: Fix stack-based buffer
  over-read in ntlm/ntlmstruct.c (bsc#1160462 bsc#1189097).
libgcrypt
- Security fix: [bsc#1187212, CVE-2021-33560]
  * Libgcrypt mishandles ElGamal encryption because it lacks exponent
    blinding to address a side-channel attack against mpi_powm
- Add patches:
  * libgcrypt-CVE-2021-33560-ElGamal-exponent-blinding.patch
  * libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
libnettle
- Security fix: [CVE-2021-3580, bsc#1187060]
  * Remote crash in RSA decryption via manipulated ciphertext
  * Add libnettle-CVE-2021-3580.patch
- Security fix: [bsc#1184401, bsc#1183835, CVE-2021-20305]
  * multiply function being called with out-of-range scalars
  * Affects ecc-ecdsa-sign(), ecc_ecdsa_verify() and _eddsa_hash().
- Add libnettle-CVE-2021-20305.patch
libsolv
- Turn on rich dependency handling needed for ptf support
  [jsc#SLE-17973] [jsc#SLE-17974] [bnc#1190530]
- bump version to 0.6.38
- fix heap-buffer-overflow in repodata_schema2id [CVE-2019-20387]
  [bnc#1161510]
- backport support for blacklisted packages to support ptf
  packages and retracted patches [jsc#SLE-17973]
- fix ruleinfo of complex dependencies returning the wrong origin
- fix SOLVER_FLAG_FOCUS_BEST updateing packages without reason
- fix add_complex_recommends() selecting conflicted packages in rare
  cases
- testcase_read: error out if repos are added or the system is changed
  too late [CVE-2021-3200] [bnc#1186229]
- fix potential segfault in resolve_jobrules
- fix solv_zchunk decoding error if large chunks are used
- bump version to 0.6.37
libxml2
- Security fix: [bsc#1186015, CVE-2021-3541]
  * Exponential entity expansion attack bypasses all existing
    protection mechanisms.
- Add libxml2-CVE-2021-3541.patch
- Security fix: [bsc#1185698, CVE-2021-3537]
  * NULL pointer dereference in valid.c:xmlValidBuildAContentModel
  * Add libxml2-CVE-2021-3537.patch
- Security fix: [bsc#1185408, CVE-2021-3518]
  * Fix use-after-free in xinclude.c:xmlXIncludeDoProcess()
  * Add libxml2-CVE-2021-3518.patch
- Security fix: [bsc#1185410, CVE-2021-3517]
  * Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal()
  * Add libxml2-CVE-2021-3517.patch
- Security fix: [bsc#1185409, CVE-2021-3516]
  * Fix use-after-free in entities.c:xmlEncodeEntitiesInternal()
  * Add libxml2-CVE-2021-3516.patch
libzypp
- Rephrase vendor conflict message in case 2 packages are
  involved (bsc#1187760)
  This covers the case where not the packages itself would change
  its vendor, but replaces a package from a different vendor.
- RepoManager: Don't probe for plaindir repo if URL schema is
  plugin: (bsc#1191286)
- version 16.22.3 (0)
- BuildRequires:  libsolv-devel >= 0.6.38
  Must rebuild all caches to make sure rich dependency handling is
  turned on. Needed for PTF support. (jsc#SLE-17974, bsc#1190530)
- version 16.22.2 (0)
- Fix solver jobs for PTFs (bsc#1186503)
- version 16.22.1 (0)
- Add support for PTFs (jsc#SLE-17974)
- version 16.22.0 (0)
- Patch: Identify well-known category names (bsc#1179847)
  This allows to use the RH and SUSE patch categrory names synonymously:
  (recommendedi = bugfix) and (optional = feature = enhancement).
- version 16.21.5 (0)
lvm2
- starting with 12SP4 lvconvert no longer takes stripes option (bsc#1183905)
  + bug-1183905_lvconvert-allow-stripes-stripesize-in-mirror-convers.patch
mozilla-nspr
- update to version 4.32:
  * implement new socket option PR_SockOpt_DontFrag
  * support larger DNS records by increasing the default buffer
    size for DNS queries
- update to version 4.31:
  * Lock access to PRCallOnceType members in PR_CallOnce* for
    thread safety bmo#1686138
- update to version 4.30
  * support longer thread names on macOS
  * fix a build failure on OpenBSD
- update to version 4.29
  * Remove macOS Code Fragment Manager support code
  * Remove XP_MACOSX and OS_TARGET=MacOSX
  * Refresh config.guess and config.sub
  * Remove NSPR's patch to config.sub
  * Add support for e2k target (64-bit Elbrus 2000)
- update to version 4.28
  * Fix a compiler warning
  * Add rule for cross-compiling with cygwin
- update to version 4.27
  * the macOS platform code for shared library loading was
    changed to support macOS 11.
    If the absolute path parameter given to PR_LoadLibrary
    begins with either /System/ or /usr/lib/ then no test is
    performed if the library exists at a file.
  * An include statement for a Windows system library header
    was added
- update to version 4.26
  * PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get
    information about the operating system build version.
  * Better support parallel building on Windows.
  * The internal release automatic script requires python 3.
mozilla-nss
- Mozilla NSS 3.68.1
  MFSA 2021-51 (bsc#1193170)
  * CVE-2021-43527 (bmo#1737470)
    Memory corruption via DER-encoded DSA and RSA-PSS signatures
- Remove now obsolete patch nss-bsc1193170.patch
- Add patch to fix CVE-2021-43527 (bsc#1193170):
  nss-bsc1193170.patch
- Removed nss-fips-kdf-self-tests.patch.  This was made
  obsolete by upstream changes. (bmo#1660304)
- Rebase nss-fips-stricter-dh.patch needed due to upstream changes.
- Update nss-fips-constructor-self-tests.patch to fix crashes
  reported by upstream. This was likely affecting WebRTC calls.
- update to NSS 3.68
  * bmo#1713562 - Fix test leak.
  * bmo#1717452 - NSS 3.68 should depend on NSPR 4.32.
  * bmo#1693206 - Implement PKCS8 export of ECDSA keys.
  * bmo#1712883 - DTLS 1.3 draft-43.
  * bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
  * bmo#1713562 - Validate ECH public names.
  * bmo#1717610 - Add function to get seconds from epoch from pkix::Time.
- update to NSS 3.67
  * bmo#1683710 - Add a means to disable ALPN.
  * bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66).
  * bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja.
  * bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c.
  * bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte.
- update to NSS 3.66
  * bmo#1710716 - Remove Expired Sonera Class2 CA from NSS.
  * bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority.
  * bmo#1708307 - Remove Trustis FPS Root CA from NSS.
  * bmo#1707097 - Add Certum Trusted Root CA to NSS.
  * bmo#1707097 - Add Certum EC-384 CA to NSS.
  * bmo#1703942 - Add ANF Secure Server Root CA to NSS.
  * bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS.
  * bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database.
  * bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler.
  * bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h.
  * bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators.
  * bmo#1709291 - Add VerifyCodeSigningCertificateChain.
  * Use GNU tar for the release helper script.
- update to NSS 3.65
  * bmo#1709654 - Update for NetBSD configuration.
  * bmo#1709750 - Disable HPKE test when fuzzing.
  * bmo#1566124 - Optimize AES-GCM for ppc64le.
  * bmo#1699021 - Add AES-256-GCM to HPKE.
  * bmo#1698419 - ECH -10 updates.
  * bmo#1692930 - Update HPKE to final version.
  * bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
  * bmo#1703936 - New coverity/cpp scanner errors.
  * bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
  * bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
  * bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.
- refreshed patches
- Firefox 90.0 requires NSS 3.66
- update to NSS 3.64
  * bmo#1705286 - Properly detect mips64.
  * bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and
    disable_crypto_vsx.
  * bmo#1698320 - replace __builtin_cpu_supports("/vsx"/) with
    ppc_crypto_support() for clang.
  * bmo#1613235 - Add POWER ChaCha20 stream cipher vector
    acceleration.
- update to NSS 3.63.1
  * no upstream release notes for 3.63.1 (yet)
  Fixed in 3.63
  * bmo#1697380 - Make a clang-format run on top of helpful contributions.
  * bmo#1683520 - ECCKiila P384, change syntax of nested structs
    initialization to prevent build isses with GCC 4.8.
  * bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual
    scalar multiplication.
  * bmo#1683520 - ECCKiila P521, change syntax of nested structs
    initialization to prevent build isses with GCC 4.8.
  * bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual
    scalar multiplication.
  * bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683.
  * bmo#1694214 - tstclnt can't enable middlebox compat mode.
  * bmo#1694392 - NSS does not work with PKCS #11 modules not supporting
    profiles.
  * bmo#1685880 - Minor fix to prevent unused variable on early return.
  * bmo#1685880 - Fix for the gcc compiler version 7 to support setenv
    with nss build.
  * bmo#1693217 - Increase nssckbi.h version number for March 2021 batch
    of root CA changes, CA list version 2.48.
  * bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's
    'Chambers of Commerce' and 'Global Chambersign' roots.
  * bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER.
  * bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS.
  * bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS.
  * bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs
    from NSS.
  * bmo#1687822 - Turn off Websites trust bit for the “Staat der
    Nederlanden Root CA - G3” root cert in NSS.
  * bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce
    Root - 2008' and 'Global Chambersign Root - 2008’.
  * bmo#1694291 - Tracing fixes for ECH.
- required for Firefox 88
- update to NSS 3.62
  * bmo#1688374 - Fix parallel build NSS-3.61 with make
  * bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add()
    can corrupt "/cachedCertTable"/
  * bmo#1690583 - Fix CH padding extension size calculation
  * bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail
  * bmo#1690421 - Install packaged libabigail in docker-builds image
  * bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing
  * bmo#1674819 - Fixup a51fae403328, enum type may be signed
  * bmo#1681585 - Add ECH support to selfserv
  * bmo#1681585 - Update ECH to Draft-09
  * bmo#1678398 - Add Export/Import functions for HPKE context
  * bmo#1678398 - Update HPKE to draft-07
- required for Firefox 87
- Add nss-btrfs-sqlite.patch to address bmo#1690232
- update to NSS 3.61
  * required for Firefox 86
  * bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key
    values under certain conditions.
  * bmo#1684300 - Fix default PBE iteration count when NSS is compiled
    with NSS_DISABLE_DBM.
  * bmo#1651411 - Improve constant-timeness in RSA operations.
  * bmo#1677207 - Upgrade Google Test version to latest release.
  * bmo#1654332 - Add aarch64-make target to nss-try.
- update to NSS 3.60.1
  Notable changes in NSS 3.60:
  * TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support
    has been added, replacing the previous ESNI (draft-ietf-tls-esni-01)
    implementation. See bmo#1654332 for more information.
  * December 2020 batch of Root CA changes, builtins library updated
    to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769
    for more information.
- removed obsolete ppc-old-abi-v3.patch
- update to NSS 3.59.1
  * bmo#1679290 - Fix potential deadlock with certain third-party
    PKCS11 modules
- update to NSS 3.59
  Notable changes
  * Exported two existing functions from libnss:
    CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData
  Bugfixes
  * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race
  * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
  * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent
  * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy
  * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed
    root certs when SHA1 signatures are disabled.
  * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to
    solve some test intermittents
  * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in
    our CVE-2020-25648 fix that broke purple-discord
    (boo#1179382)
  * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP
  * bmo#1667989 - Fix gyp linking on Solaris
  * bmo#1668123 - Export CERT_AddCertToListHeadWithData and
    CERT_AddCertToListTailWithData from libnss
  * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
  * bmo#1663091 - Remove unnecessary assertions in the streaming
    ASN.1 decoder that affected decoding certain PKCS8
    private keys when using NSS debug builds
  * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS.
- update to NSS 3.58
  Bugs fixed:
  * bmo#1641480 (CVE-2020-25648)
    Tighten CCS handling for middlebox compatibility mode.
  * bmo#1631890 - Add support for Hybrid Public Key Encryption
    (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello
    (draft-ietf-tls-esni).
  * bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto
    extensions.
  * bmo#1668328 - Handle spaces in the Python path name when using
    gyp on Windows.
  * bmo#1667153 - Add PK11_ImportDataKey for data object import.
  * bmo#1665715 - Pass the embedded SCT list extension (if present)
    to TrustDomain::CheckRevocation instead of the notBefore value.
- install libraries in %{_libdir} (boo#1029961)
- Fix build with RPM 4.16: error: bare words are no longer
  supported, please use "/..."/:  lib64 == lib64.
- update to NSS 3.57
  * The following CA certificates were Added:
    bmo#1663049 - CN=Trustwave Global Certification Authority
    SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8
    bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority
    SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4
    bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority
    SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
  * The following CA certificates were Removed:
    bmo#1651211 - CN=EE Certification Centre Root CA
    SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76
    bmo#1656077 - O=Government Root Certification Authority; C=TW
    SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
  * Trust settings for the following CA certificates were Modified:
    bmo#1653092 - CN=OISTE WISeKey Global Root GA CA
    Websites (server authentication) trust bit removed.
  * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes
- requires NSPR 4.29
- removed obsolete nss-freebl-fix-aarch64.patch (bmo#1659256)
- introduced _constraints due to high memory requirements especially
  for LTO on Tumbleweed
- Add patch to fix build on aarch64 - boo#1176934:
  * nss-freebl-fix-aarch64.patch
- Update nss-fips-approved-crypto-non-ec.patch to match RC2 code
  being moved to deprecated/.
- Remove nss-fix-dh-pkcs-derive-inverted-logic.patch. This was made
  obsolete by upstream changes.
- Modifications for NIST SP 800-56Ar3 compliance. This adds checks
  and restricts Diffie-Hellman parameters in FIPS mode
  (bsc#1176173).
  New patches:
  * nss-fips-stricter-dh.patch
  * nss-fips-kdf-self-tests.patch
- update to NSS 3.56
  Notable changes
  * bmo#1650702 - Support SHA-1 HW acceleration on ARMv8
  * bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS.
  * bmo#1654142 - Add CPU feature detection for Intel SHA extension.
  * bmo#1648822 - Add stricter validation of DH keys in FIPS mode.
  * bmo#1656986 - Properly detect arm64 during GYP build architecture
    detection.
  * bmo#1652729 - Add build flag to disable RC2 and relocate to
    lib/freebl/deprecated.
  * bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay.
  * bmo#1588941 - Send empty certificate message when scheme selection
    fails.
  * bmo#1652032 - Fix failure to build in Windows arm64 makefile
    cross-compilation.
  * bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent.
  * bmo#1653975 - Fix 3.53 regression by setting "/all"/ as the default
    makefile target.
  * bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert.
  * bmo#1659814 - Fix interop.sh failures with newer tls-interop
    commit and dependencies.
  * bmo#1656519 - NSPR dependency updated to 4.28
- do not hard require mozilla-nss-certs-32bit via baselibs
  (boo#1176206)
- update to NSS 3.55
  Notable changes
  * P384 and P521 elliptic curve implementations are replaced with
    verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
  * PK11_FindCertInSlot is added. With this function, a given slot
    can be queried with a DER-Encoded certificate, providing performance
    and usability improvements over other mechanisms. (bmo#1649633)
  * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)
  Relevant Bugfixes
  * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and
    P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
  * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
  * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
  * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part
    ChaCha20 (which was not functioning correctly) and more strictly
    enforce tag length.
  * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
  * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
  * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
  * bmo#1653202 - Fix initialization bug in blapitest when compiled
    with NSS_DISABLE_DEPRECATED_SEED.
  * bmo#1646594 - Fix AVX2 detection in makefile builds.
  * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot
    for a DER-encoded certificate.
  * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
  * bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
  * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
  * bmo#1649226 - Add Wycheproof ECDSA tests.
  * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
  * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in
    RSA_CheckSignRecover.
  * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the
    signature_algorithms extension.
    nss-fips-constructor-self-tests.patch
- update to NSS 3.54
  Notable changes
  * Support for TLS 1.3 external pre-shared keys (bmo#1603042).
  * Use ARM Cryptography Extension for SHA256, when available
    (bmo#1528113)
  * The following CA certificates were Added:
    bmo#1645186 - certSIGN Root CA G2.
    bmo#1645174 - e-Szigno Root CA 2017.
    bmo#1641716 - Microsoft ECC Root Certificate Authority 2017.
    bmo#1641716 - Microsoft RSA Root Certificate Authority 2017.
  * The following CA certificates were Removed:
    bmo#1645199 - AddTrust Class 1 CA Root.
    bmo#1645199 - AddTrust External CA Root.
    bmo#1641718 - LuxTrust Global Root 2.
    bmo#1639987 - Staat der Nederlanden Root CA - G2.
    bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4.
    bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4.
    bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3.
  * A number of certificates had their Email trust bit disabled.
    See bmo#1618402 for a complete list.
  Bugs fixed
  * bmo#1528113 - Use ARM Cryptography Extension for SHA256.
  * bmo#1603042 - Add TLS 1.3 external PSK support.
  * bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows.
  * bmo#1645186 - Add "/certSIGN Root CA G2"/ root certificate.
  * bmo#1645174 - Add Microsec's "/e-Szigno Root CA 2017"/ root certificate.
  * bmo#1641716 - Add Microsoft's non-EV root certificates.
  * bmo1621151 - Disable email trust bit for "/O=Government
    Root Certification Authority; C=TW"/ root.
  * bmo#1645199 - Remove AddTrust root certificates.
  * bmo#1641718 - Remove "/LuxTrust Global Root 2"/ root certificate.
  * bmo#1639987 - Remove "/Staat der Nederlanden Root CA - G2"/ root
    certificate.
  * bmo#1618402 - Remove Symantec root certificates and disable email trust
    bit.
  * bmo#1640516 - NSS 3.54 should depend on NSPR 4.26.
  * bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c.
  * bmo#1642153 - Fix infinite recursion building NSS.
  * bmo#1642638 - Fix fuzzing assertion crash.
  * bmo#1642871 - Enable SSL_SendSessionTicket after resumption.
  * bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs.
  * bmo#1643557 - Fix numerous compile warnings in NSS.
  * bmo#1644774 - SSL gtests to use ClearServerCache when resetting
    self-encrypt keys.
  * bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c.
  * bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding.
ncurses
- Add patch bsc1190793-63ca9e06.patch to fix bsc#1190793 for
  CVE-2021-39537: ncurses: heap-based buffer overflow in
  _nc_captoinfo in captoinfo.c
nfs-utils
- Add mountstats_0_3.py and man page.
  mountstats_0_3 is mountstats from more recent a nfs-utils release.
  It add more functionality, but as there are possible incompatible
  changes, the old mountstats is left unchanged, and the new is provided
  with the new name.
  (bsc#1183297)
- 0190-manpage-Add-a-description-of-the-nconnect-mount-opti.patch
  Improve nfs.man (bsc#1181651)
- 0181-mountd-reject-unknown-client-IP-when-use_ipaddr.patch
  0182-mountd-Don-t-proactively-add-export-info-when-fh-inf.patch
  0183-mountd-add-logging-for-authentication-results-for-ac.patch
  0184-mountd-add-cache-use-ipaddr-option-to-force-use_ipad.patch
  0185-mountd-make-default-ttl-settable-by-option.patch
  Improve logging of authentication (bsc#1181540)
nghttp2
- security update
- added patches
  fix CVE-2020-11080 [bsc#1181358], HTTP/2 Large Settings Frame DoS
  + nghttp2-CVE-2020-11080.patch
- Require correct library from devel package - boo#1125689
- Update to version 1.39.2 (bsc#1146184, bsc#1146182):
  * This release fixes CVE-2019-9511 “Data Dribble” and CVE-2019-9513
  “Resource Loop” vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2
  frames cause Denial of Service by consuming CPU time. Check out
  https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
  for details. For nghttpx, additionally limiting inbound traffic by
  - -read-rate and --read-burst options is quite effective against
  this kind of attack.
  * Add nghttp2_option_set_max_outbound_ack API function
  * nghttpx: Fix request stall
- Update to version 1.39.1:
  * This release fixes the bug that log-level is not set with
    cmd-line or configuration file. It also fixes FPE with default
    backend.
- Changes for version 1.39.0:
  * libnghttp2 now ignores content-length in 200 response to
    CONNECT request as per RFC 7230.
  * mruby has been upgraded to 2.0.1.
  * libnghttp2-asio now supports boost-1.70.
  * http-parser has been replaced with llhttp.
  * nghttpx now ignores Content-Length and Transfer-Encoding in 1xx
    or 200 to CONNECT.
- Drop no longer needed boost170.patch
- Update to 1.38.0:
  * This release fixes the bug that authority and path altered by per-pattern mruby script can affect backend selection on retry.
  * It also fixes the bug that HTTP/1.1 chunked request stalls.
  * Now nghttpx does not log authorization request header field value with -LINFO.
  * This release fixes possible backend stall when header and request body are sent in their own packets.
  * The backend option gets weight parameter to influence backend selection.
  * This release fixes compile error with BoringSSL.
- Add patch from upstream to build with new boost bsc#1134616:
  * boost170.patch
- Update to 1.36.0
  * build: disable shared library if ENABLE_SHARED_LIB is off
  * third-party: use http-parser to v2.9.0 (GH-1294)
  * third-party: Update mruby to 2.0.0
  * nghttpx: Pool h1 backend connection per address (GH-1292)
  * nghttpx: Randomize backend address round robin order per thread
    (GH-1291)
  * nghttpx: Fix getting long SNs for openssl < 1.1 (GH-1287)
  * h2load: add an option to write per-request logs (GH-1256)
  * asio: added access to # of the current server port (GH-1257)
- Use multibuild to not pull in python3 in first build, nghttp2
  is low in the system
- Update to version 1.35.1:
  * nghttpx: Fix broken trailing slash handling (GH-1276)
- Changes for version 1.35:
  * build: cmake: Fix libevent version detection (Patch from Jan Kundrát) (GH-1238)
  * lib: Use __has_declspec_attribute for shared builds (Patch from Don) (GH-1222)
  * src: Require C++14 language feature
  * nghttpx: Write mruby send_info early
  * nghttpx: Fix assertion failure on mruby send_info with HTTP/1 frontend
  * h2load: Handle HTTP/1 non-final response (GH-1259)
  * h2load: Clarify that time for connect includes TLS handshake
- Update to version 1.34.0: (bsc#1112438, FATE#326776)
  * lib: Implement RFC 8441 :protocol support
  * nghttpx: Add read/write-timeout parameters to backend option
  * nghttpx: Fix mruby parameter validation in backend option
  * nghttpx: Implement RFC 8441 Bootstrapping WebSocket with HTTP/2
  * nghttpx: Update neverbleed to fix OpenSSL 1.1.1 issues
  * nghttpx: Update mruby 1.4.1
  * nghttpx: Add mruby env.tls_handshake_finished
  * nghttpx: Add --tls13-ciphers and --tls-client-ciphers options
  * nghttpx: Add RFC 8470 Early-Data header field support
  * nghttpx: Add RFC 8446 TLSv1.3 0-RTT early data support
- Update to version 1.33.0:
  * lib: Tweak nghttp2_session_set_stream_user_data
  * lib: Fix handling of SETTINGS_MAX_CONCURRENT_STREAMS.
  * lib: Implement ORIGIN frame
  * asio: support definition of local endpoint for cleartext
    client session
  * integration: Remove remaining SPDY code from the integration tests
  * nghttpx: Fix worker process crash with neverbleed write error
  * nghttpx: Support per-backend mruby script
  * nghttpx: Fix stream reset if data from client is arrived before
    dconn is attached
- Update to version 1.32.0:
  * lib: Ignore all input after calling session_terminate_session
  * lib: Fix treatment of padding
  * lib: Don't allow 101 HTTP status code because HTTP/2 removes
    HTTP Upgrade
  * build: add ENABLE_STATIC_LIB option to build static lib
  * third-party: Upgrade neverbleed to the latest master
  * asio: Support client side SNI
  * src: Compile with libressl 2.7.2
  * src: Allow building without NPN
  * h2load: -r and --duration are mutually exclusive
- Version umpdate to 1.31.1:
  * Fix bsc#1088639 CVE-2018-1000168
  * https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/
- Version update to 1.31.0:
  * lib: Add nghttp2_session_set_user_data() public API function (GH-1137)
  * src: Define nghttp2_inet_pton wrapper to avoid inet_pton macro (GH-1128)
  * nghttpx: Close listening socket on graceful shutdown
  * nghttpx: Add an option to accept expired client certificate (GH-1126)
  * nghttpx: Add mruby tls_client_not_before, and tls_client_not_after (GH-1123)
  * nghttpx: Fix potential memory leak
  * lib: Allow PING frame to be sent after GOAWAY (GH-1103)
  * nghttpx: Fix bug that h1 backend idle timeout expires sooner
  * nghttpx: Stop overwrite of first header on mruby call to env.req.set_header(..) (Patch from Dylan Plecki) (GH-1119)
  * nghttpx: Add upgrade-scheme parameter to backend option (GH-1099)
  * nghttpx: Fix missing ALPN validation (--npn-list) (GH-1094)
  * nghttpx: Remember which resource is pushed for RFC 8297 (GH-1101)
- Drop spdylay dependency as it is deprecated since version 1.28.0
  and removed from cofnigure.ac since 1.29.0
- Use %license (boo#1082318)
- Update to version 1.29.0:
  * lib: Use NGHTTP2_REFUSED_STREAM for streams which are closed by
    GOAWAY
  * build: Remove SPDY
  * build: Fix CMAKE_MODULE_PATH
  * nghttpx: Revert "/nghttpx: Use an existing h2 backend connection
    as much as possible"/
  * nghttpx: Write API request body in temporary file
  * nghttpx: Increase api-max-request-body
  * nghttpx: Faster configuration loading with lots of backends
  * nghttpx: Fix crash with --backend-http-proxy-uri option
- Export PYTHON=/usr/bin/python3 before running configure: allow to
  build without (comnplete) python2 in the buildroot. In any case
  we only ship python3-bindings already.
- Upodate to version 1.28.0:
  * lib: Add nghttp2_error_callback2
  * build: Add deprecation warning when spdylay support is enabled
  * Switch to clang-format-5.0
  * examples: Make client and server work with libevent-2.1.8
  * third-party: Update neverbleed
  * integration: Fix issues reported by the go vet tool.
  * nghttpx: Fix affinity retry
  * nghttpx: Fix stalled backend connection on retry
  * nghttpx: Cookie based session affinity
  * nghttpx: Expose additional TLS related variables to mruby and
    accesslog
- Drop forgotten python2 build dependency
- Update to version 1.27.0:
  * h2load: Print out h2 header fields with --verbose option
  * nghttpx: Send non-final response to HTTP/1.1 or HTTP/2 client
    only
- Changes for version 1.26.0:
  * docs: Fix some typos in the nghttpx how-to
  * h2load: Fix bug that timing script stalls with -m1
  * h2load: Reservoir sampling (GH-984)
  * h2load: Add timing-based load-testing in h2load
- Switch to python3 support
- Don't use jemalloc on ppc or %arm, where it is broken.
- Update to version 1.25.0:
  * lib: add nghttp2_rcbuf_is_static() (Patch from Anna Henningsen) (GH-983)
  * nghttpx: Fix bug that forwarded for is not affected by proxy protocol (GH-979)
  * nghttpx: Update mruby to 1.3.0 (GH-957)
- Drop doc building
- Rename python subpackage to python2
- Update to version 1.24.0:
  * doc: README.rst: fix typo (Patch from Simone Basso) (GH-947)
  * doc: fix up grammar in submit_trailer docs (Patch from Benjamin Peterson) (GH-945)
  * doc: fix cleaning in out-of-tree builds (Patch from Benjamin Peterson) (GH-938)
  * nghttp: Fix bug that upgrade fails if reason-phrase is missing (GH-949)
  * nghttpx: Verify OCSP response using trusted CA certificates (GH-943)
  * nghttpx: Set default minimum TLS version to TLSv1.2 (GH-937)
- Changes for version 1.23.1:
  * nghttpx: Fix crash in OCSP response verification
- Changes for version 1.23.0:
  * lib: nghttp2_session: Allow for compiling library with -DNDEBUG set (Patch from Angus Gratton) (GH-919)
  * lib: Treat incoming invalid regular header field as stream error (GH-900)
  * lib: Call nghttp2_on_invalid_frame_callback if altsvc validation fails (GH-904)
  * doc: spelling mistake in arguments to build nghttp apps (Patch from Soham Sinha) (GH-925)
  * doc: Add notes for installation on linux systems (Patch from Tapanito) (GH-917)
  * doc: Clarify the effect of nghttp2_option_set_no_http_messaging
  * nghttpx: Verify OCSP response (GH-929)
  * nghttpx: Fix certificate selection based on pub key algorithm (GH-924)
  * nghttpx: Fix certificate indexing bug
  * nghttpx: Run OCSP at startup (GH-922)
  * nghttpx: Wildcard path matching (GH-914)
  * nghttpx: Forward multiple via, xff, and xfp header fields (GH-903)
  * nghttp: Add -y, --no-verify-peer option to suppress peer verify warn (GH-906)
- Update to version 1.22.0:
  * lib: Add missing free call on error in inflight_settings_new() (Patch from lstefani) (GH-884)
  * asio: Support specifying stream priority via session::submit() (Patch from Matt Way) (GH-881)
  * nghttpx: Clarify --conf option behaviour
  * nghttpx: Add $tls_sni access log variable (GH-896)
  * nghttpx: Rename ssl_* log variables as tls_* (GH-895)
  * nghttpx: Fix path matching bug (GH-894)
  * nghttpx: SNI based backend server selection (GH-892)
  * nghttpx: Enable signed_certificate_timestamp extension for TLSv1.3 (GH-878)
  * nghttpx: Add options for X-Forwarded-Proto header field (GH-872)
  * nghttpx: Add --single-process option (GH-869)
  * nghttpx: Use 502 as server error code
  * nghttpx: Use SSL_CTX_set_early_data_enabled with boringssl
  * nghttp: Verify server certificate and show warning if it fails (GH-870)
  * integration: Use nip.io instead of xip.io
- Update to version 1.21.1:
  * asio: Fix crash if connect takes longer time than ping interval (GH-866)
  * nghttpx: Fix bug that 204 from h1 backend is always treated as error (GH-871)
- Changes for version 1.21.0:
  * lib: Fix nghttp2_session_want_write (GH-832)
  * doc: Document pkg-config path usage
  * build: Eliminate U macro; Instead use (void)VAR for better compiler compatibility.
  * src: BoringSSL supports SSL_CTX_set_{min,max}_proto_version. (Patch from Piotr Sikora) (GH-853)
  * src: Use Mozilla's "/Modern compatibility"/ ciphers by default
  * src: nghttp2_gzip: fix this statement may fall through [-Werror=implicit-fallthrough=] found by gcc7 (Patch from Alexis La Goutte) (GH-823)
  * nghttpx: Print version number with -v option
  * nghttpx: Enable X25519 with boringssl
  * nghttpx: Retry getaddrinfo without AI_ADDRCONFIG (GH-858)
  * nghttpx: Failing to listen on server socket is fatal error
  * nghttpx: Escape certain characters in access log (GH-856)
  * nghttpx: Ignore further input if connection is going to close
  * nghttpx: Don't call functions which are not async-signal-safe after fork but before execv in multithreaded process.
  * nghttpx: Enable backend pattern matching with http2-proxy (GH-733)
  * asio: client: Send PING after 30 seconds idle (GH-847)
- Update to version 1.20.0:
  * lib: nghttp2_session: fix The 'then' statement is equivalent to the subsequent code fragment found by PVS Studio (V523) (Patch from Alexis La Goutte) (GH-814)
  * lib: Add nghttp2_option_set_no_closed_streams (GH-810)
  * build: Disable spdylay detection by default
  * build: Add --with-systemd option to configure
  * fuzz: Add fuzzer for oss-fuzz (GH-799)
  * src: Enable TLSv1.3 if it is supported by OpenSSL (or BoringSSL) (GH-816)
  * src: h2 requires >= TLSv1.2
  * asio: More graceful stop of nghttp2::asio_http2::server::http2 (Patch from Amir Pakdel) (GH-805)
  * asio: Holding more shared_ptrs instead of raw ptrs to make sure called objects don't get deleted. (Patch from clemahieu)
  * asio: Fix infinite loop in acceptor handler (Patch from clemahieu) (GH-794)
  * asio: close_stream erases from streams_ while it's being iterated over. (Patch from clemahieu) (GH-795)
  * nghttpx: Strip version number from server header field
  * nghttpx: Add --single-worker option
  * nghttpx: Fix bug that send_reply does not participate graceful shutdown
  * nghttpx: Add --frontend-max-requests option
  * nghttpx: Enable stream-write-timeout by default
  * nghttpx: Fix stream write timer handling
  * nghttpx: Add configrevision API endpoint (GH-820)
  * nghttpx: Redirect to HTTPS URI with redirect-if-not-tls parameter (GH-819)
  * nghttpx: Update log time stamp in millisecond interval
  * nghttpx: Better error message when private key and certificate are missing
  * nghttpx: Fix bug that old config is used during reloading configuration
  * nghttpx: Specify TLS protocol by version range (GH-809)
  * nghttpx: Send SIGQUIT to the original master process (GH-807)
  * nghttpx: Restrict HTTP major and minor in 0 or 1
  * nghttpx: Drop privilege of neverbleed daemon first
  * nghttpx: add systemd support (Patch from Tomasz Torcz) (GH-802)
  * nghttpx: Fix crash on SIGHUP with multi thread configuration (GH-801)
  * nghttpx: Send 1xx non-final response using mruby script (GH-800)
  * nghttpx: Select certificate by client's supported signature algorithm (GH-792)
  * nghttpx: Recommend POST for backendconfig API request
  * nghttpx: Don't build PSK features with LibreSSL (Patch from Bernard Spil) (GH-789)
  * nghttp: add support for link rel="/preload"/ for --get-assets (Patch from Benedikt Christoph Wolters) (GH-791)
  * h2load: Fix wrong req_stat updates
  * h2load: Explicitly count the number of requests left and inflight
  * integration: Fix deprecation warnings
  * integration: Redirect nghttpx stdout/stderr to test driver's stdout/stderr
- Changes for version 1.19.0:
  * lib: Fix memory leak of nghttp2_stream object in server side nghttp2_session object
  * Fix issues found by PVS Studio (Patch from Alexis La Goutte) (GH-769)
  * doc: Update README file to write about the issue of Alpine Linux's inability to replace malloc (Patch from makovich) (GH-768)
  * build: Compile with Android NDK r13b using clang
  * src: Fix assertion error with boringssl
  * nghttp: Take into account scheme and port when parsing HTML links
  * nghttp: Fix authority for --get-assets if IP address is used in conjunction with user-defined :authority header (Patch from Benedikt Christoph Wolters) (GH-783)
  * nghttpx: Add --accesslog-write-early option (GH-777)
  * nghttpx: Fix access.log timestamp (GH-778)
  * nghttpx: Show default cipher list in -h
  * nghttpx: Add client-ciphers option
  * nghttpx: Add client-no-http2-cipher-black-list option
  * nghttpx: Fix the bug that no-http2-cipher-black-list does not work on backend HTTP/2 connections.
  * nghttpx: Add --client-psk-secret option to enable PSK in backend (GH-612)
  * nghttpx: Add --psk-secret option to enable PSK in frontend connection (GH-612)
  * nghttpx: Enable SCT with OpenSSL 1.1.0
  * nghttpx: Add proxyproto to frontend option to accept PROXY protocol (GH-765)
  * h2load: Show default cipher list in -h
  * h2load: Show custom server temp key such as X25519
  * h2load: Fix incorrect return value from spdylay_send_callback
- Changes for version 1.18.1:
  * nghttpx: Fix assertion error in libev ev_io_start (GH-759)
  * nghttpx: Handle c-ares success without result
  * nghttpx: Fix bug that DNS timeout was erroneously disabled (GH-763)
  * nghttpx: Fix bug that DNS timeout was ignored (GH-763)
- use individual libboost-*-devel packages instead of boost-devel
- Update to version 1.18.0:
  * lib: Accept and ignore content-length: 0 in 204 response for now
  * build: Use pkg-config to detect libxml2
  * build: Require c-ares to compile applications under src
  * build: Add Windows CI via AppVeyor (Patch from Alexis La Goutte)
  * examples: Delete tiny-nghttpd
  * nghttpx: Retry h1 backend request if first write fails (GH-757)
  * nghttpx: Keep reading after backend write failed (GH-756)
  * nghttpx: Add frontend-keep-alive-timeout option (GH-755)
  * nghttpx: New error log format (GH-749)
  * nghttpx: Fix bug that fetch-ocsp-response does not work with OpenSSL 1.1.0 (GH-742)
  * nghttpx: Backend API call allows non-numeric host with dns parameter (GH-731)
  * nghttpx: Lookup backend host name dynamically (GH-721)
  * nghttpx: Accept and ignore content-length: 0 in 204 response for now (GH-735)
  * nghttpx: Wait for child process to exit
- Update to version 1.17.0:
  * lib: Disallow content-length in 1xx, 204, or 200 to a CONNECT request (GH-722)
  * lib: Avoid memcpy against NULL src
  * build: MSVC version resource support (Patch from Remo E) (GH-718)
  * asio: server: Call on_close callback on connection close (GH-729)
  * nghttpx: Fix frequent crash with --backend-http-proxy-uri
  * nghttpx: Robust backend read timeout
  * nghttpx: Fix bug that mishandles response header from h1 backend
  * nghttpx: Fix bug that zero-length POST is not forwarded (GH-726)
  * nghttpx: Remove optional reason-phrase from SPDY :status
  * nghttpx: Header key and value must be string in mruby script
  * nghttpx: Strip content-length with 204 or 200 to CONNECT in mruby (GH-722)
  * nghttpx: Strict handling for Content-Length or Transfer-Encoding in h1 (GH-722)
  * nghttpx: Fix compilation with BoringSSL (Patch from dalf) (GH-717)
  * nghttpd, nghttpx, asio: Add missing mandatory SP after status code
- Update to version 1.16.1:
  * lib: Prevent undefined behavior in decode_length
  * nghttpx: Fix bug which may crash nghttpx if non-final response
    is forwarded from origin server to HTTP/1.1 client
- Changes for version 1.16.0:
  * lib: Add nghttp2_set_debug_vprintf_callback to take advantage
    of DEBUGF statements in when building DEBUGBUILD.
  * Update .clang-format for clang-format-3.9
  * build: Make it possible to include nghttp2/CMakeLists.txt in
    another project using add_subdirectory.
  * third-party: Update http-parser to
    feae95a3a69f111bc1897b9048d9acbc290992f9
  * asio: Fix crash when end() is called outside nghttp2 callback
  * nghttpx: Add --backend-connect-timeout option
  * nghttpx: Add TLS signed_certificate_timestamp extension support
  * nghttpx: Add --ecdh-curves option to specify list of named
    curves
  * h2load: Add --header-table-size and --encoder-header-table-size
    options
- Update to version 1.15.0:
  * lib: Add nghttp2_option_set_max_deflate_dynamic_table_size()
    API function (GH-684)
  * lib: Allow NGHTTP2_ERR_PAUSE from
    nghttp2_data_source_read_callback (GH-671)
  * lib: Add nghttp2_session_get_hd_deflate_dynamic_table_size()
    and nghttp2_session_get_hd_inflate_dynamic_table_size() API
    functions to get current HPACK dynamic table size (GH-664)
  * lib: Add nghttp2_session_get_local_settings() API function
  * lib: Add nghttp2_session_get_local_window_size() and
    nghttp2_session_get_stream_local_window_size() API functions
  * build: Add -lsocket -lnsl to APPLDFLAGS for solaris build
  * neverbleed: Update neverbleed to support ECDSA certificate
  * doc: Mention --enable-lib-only configure option in README
  * integration: Fix test failure with go1.7.1
  * src: Fix compile error with openssl 1.1.0
  * nghttpx: Improve performance with HTTP/1.1 backend when
    request body is involved
  * nghttpx: Use std::atomic_* overloads for std::shared_ptr if
    available
  * nghttpx: Migrate backend stream to another h2 session on
    graceful shutdown
  * nghttpx: Add option to specify HPACK encoder/decoder dynamic
    table size
  * nghttpx: Log client address
  * nghttpx: Add tls_sni to mruby Nghttpx::Env class
  * nghttpx: Add --frontend-http2-window-size option, and its
    family functions
  * nghttpx: Add experimental TCP optimization for h2 frontend
  * nghttpx: Workaround for std::make_shared bug in Xcode7, 7.1,
    and 7.2 (GH-670)
  * nghttpx: Fix bug that bytes are doubly counted to rate limit
    for TLS connections
  * nghttpx: Add --no-server-rewrite option not to rewrite server
    header field (GH-667)
  * nghttpx: Retry if backend h1 connection cannot be established
    due to timeout
  * nghttpx: Reset stream if invalid header field is received in h2
  * nghttpx: Add --server-name option to change server response
    header field (GH-667)
  * nghttpd: Add --encoder-header-table-size option
  * nghttp: Add --encoder-header-table-size option
  * python: Support ALPN, require Python 3.5
- Update to version 1.14.0:
  * lib: Make emit_header() return void since it always succeed
  * lib: Add nghttp2_hd_deflate_hd_vec() deflate API to support
    multiple buffer input
  * lib: since hd_inflate_commit_indexed() always return 0,
    remove the return value check in nghttp2_hd_inflate_hd_nv()
  * lib: Use memeq() instead of lstreq() in lookup_token()
  * lib: More strict stream state handling
  * lib: Modify genlibtokenlookup.py to remove redundant header
    comparisons and remove inline qualifier of lookup_token()
    in genlibtokenlookup.py
  * lib: Fix wrong tree operation to avoid cycle
  * lib: Make get_max_index() return the max index in frame,
    so we don't need to do extra calculation
  * lib: Add nghttp2_on_invalid_header_callback
  * lib: Log frame's stream ID for header debug logging
  * doc: Remove old doc about differential encoding in HPACK
  * doc: Document about ALPN in nghttpx howto
  * nghttpx: Log error code from getsockopt(SO_ERROR) on first
    write event
  * nghttpx: Don't change pushed stream's priority
  * nghttpx: Log backend connection failure in WARN level
  * nghttpx: Fix bug that api and healthmon parameters do not work
    with http2 proxy
  * nghttpx: Add access log variable for backend host and port
  * nghttpx: Use copy instead of const reference of backend group
  * nghttpx: Reload configuration with SIGHUP
  * nghttp: Adjust weight according to Firefox stable
  * nghttp: Call error callback when invalid header field is
    received and ignored
  * nghttp: Allow multiple -p option
  * deflatehd: Call nghttp2_hd_deflate_change_table_size only
    if table size is changed from default
- Update to version 1.13.0:
  * lib: Cancel non-DATA frame transmission from
    nghttp2_before_frame_send_callback
  * doc: Fix warning with Sphinx 1.4
  * build: Work with Android NDK r12b
  * nghttpx: Use consistent hashing for client IP based session
    affinity
  * nghttpx: Fix FTBFS on armel by explicitly including the header
  * nghttpx: Cast to double to fix build with gcc 4.8 on Solaris 11
  * nghttpx: Fix build error with libressl
  * examples: Fix compile error with OpenSSL v1.1.0-beta2
- Update to version 1.12.0:
  * Add nghttp2_session_set_local_window_size API function
  * Add nghttp2_option_set_max_send_header_block_length API
    function (GH-613)
  * Fix warning: declaration of 'free' shadows a global declaration
    (Patch from Alexis La Goutte)
  * examples: Add ALPN support to tutorial client/server (GH-614)
  * nghttpx: Reduce TTFB with large number of incoming connections
  * nghttpx: Rewrite read timer handling
  * nghttpx: Clean up neverbleed AF_UNIX socket
  * nghttpx: Add --backend-max-backoff option
  * nghttpx: Use 16KiB buffer for reading to match TLS record size
  * nghttpx: Add healthmon parameter to -f option to enable health
    monitor mode
  * nghttpx: Receive reference of std::mt19937, not making a copy
  * nghttpx: Fix bug that backend never return to online (GH-615)
  * nghttpx: Implement client IP based session affinity
  * nghttpx: Add --api-max-request-body option to set maximum API
    request body size
  * nghttpx: Add api parameter to --frontend option to mark API
    endpoint
  * h2load: Add content-length header field for HTTP/2 and SPDY as
    well
  * h2load: Implement HTTP/1 upload (GH-611)
- Update to 1.11.1
  * lib: Add nghttp2_hd_inflate_hd2() and deprecate
    nghttp2_hd_inflate_hd()
  * lib: Avoid 0-length DATA if NGHTTP2_DATA_FLAG_NO_END_STREAM is set
  * lib: Fix bug that PING flags are ignored in nghttp2_submit_ping
  * integration: Workaround runtime error: cgo argument has Go pointer
    to Go pointer
  * nghttp: Eliminate zero length DATA frame at the end if possible
  * nghttpd: Set content-length in status response
  * nghttpx: Add sni keyword to --backend option
  * nghttpx: Allow mixed protocol and TLS settings among backends under
    same pattern
  * nghttpx: Don't add 0-length DATA when response HEADERS bears
    END_STREAM flag
  * nghttpx: Don't add chunked encoded response body for HEAD request
  * nghttpx: Don't use CN if we have dNSName or iPAddress field
  * nghttpx: Just call execv instead of execve to pass environ
  * nghttpx: Make SETTINGS timeout value configurable
  * nghttpx: Save PID file after it is ready to accept connections
  * nghttpx: Treat backend failure if SETTINGS is not received within
    timeout
  * nghttpx: Wait for SETTINGS ACK to make sure that backend h2 server
    is alive
- Update to 1.10.0
  * Pass unknown SETTINGS values to nghttp2_on_frame_recv_callback
  * Add ALTSVC frame support
  * Run error callback when peer does not send initial SETTINGS
    frame
  * Update http-parser
  * Update sphinx_rtd_theme
  * nghttp: add an --expect-continue option
  * nghttpx: Fix downstream connect callback called early
  * nghttpx: Truncate too long -b option signature
  * nghttpx: Fix bug that server push from mruby script did not
    work
  * nghttpx: Try next HTTP/1 backend address when connection
    cannot be made
  * nghttpx: Retry next HTTP/2 backend address when connection
    cannot be made
  * nghttpx: Enable link header field based push for non-final
    response
  * nghttpx: Detect online/offline state of backend servers
  * nghttpx: Better load balancing between backend HTTP/2 servers
  * nghttpx: Fix crash with backend failure
- Update to 1.9.2
  * nghttpx: Fix crash with backend failure
  * nghttpx: Better distribute load to backend h2 servers
  * nghttpx: Fix error messages on deprecated mode
  * nghttpx: Fix bug that logger wrote string which was not
    NULL-terminated
  * nghttpx: Fix bug that proxy with HTTP/1.1 CONNECT did not work
- Update to 1.9.1
  * nghttpx: Fix bug that backend tls keyword did not work with -s
    option
  * nghttpx: Fix handing stream after connection check was failed
- Changes for 1.9.0
  * lib: Add nghttp2_error_callback to tell application human
    readable error message
  * lib: Reference counted HPACK name/value pair, adding
  * nghttp2_on_header_callback2
  * lib: Add nghttp2_option_set_no_auto_ping_ack() option
  * lib: Add nghttp2_http2_strerror() to return HTTP/2 error code
    string
  * build: Makefile.msvc enhancements (Patch from Jan-E)
  * build: Lower libev version requirement (Patch from Peter Wu)
  * build: cmake build support (Patch from Peter Wu)
  * asio: Fix bug that server event loop breaks with exception
  * integration: Disable tests that sometimes break randomly on
    travis
  * integration: do not use recursive target (Patch from Peter Wu)
  * h2load: Fix bug that it did not try to connect to server again
  * h2load: Fix bug that initial max concurrent streams was too
    large
  * nghttpx: Memcached connection encryption with tls keyword
  * nghttpx: Enable/disable TLS per frontend address
  * nghttpx: Configure TLS per backend routing pattern
  * nghttpx: Workaround for Ubuntu 15.04 which does not
    value-initialize on std::make_shared.
  * nghttpx: Add --error-page option to set custom error pages
  * nghttpx: Add wildcard host routing
  * nghttpx: Change read timeout reset timing
  * nghttpx: Don't push if Link header field includes nopush
  * nghttpx: Deprecate backend-http1-connections-per-host in favor
    of backend-connections-per-host
  * nghttpx: Restructure mode settings, removing --http2-bridge,
  - -client, and --client-proxy options
  * nghttpx: Deprecate backend-http1-connections-per-frontend in
    favor of backend-connections-per-frontend
  * nghttpx: Don't share session which is already in draining
    state
  * nghttpx: Effectively disable backend HTTP/2 connection flow
    control
  * nghttpx: Add --frontend-http2-max-concurrent-streams and
  - -backend-http2-max-concurrent-streams, and deprecate
  - -http2-max-concurrent-streams option
  * nghttpx: Deprecate --backend-http2-connections-per-worker
    option
  * nghttpx: Share TLS session cache between HTTP/2 and HTTP/1
    backend
  * nghttpx: Rewrite backend HTTP/2 connection coalesce strategy
- Update to 1.8.0
  * Add Architecture documents (work in progress)
  * List all contributors in AUTHORS
  * doc: fix out-of-tree doc builds (Patch from Peter Wu)
  * Wrap AM_PATH_XML2 by m4_ifdef to handle the case when
    _PATH_XML2 is not found
  * Fix configure script for non-gcc, clang build
  * Document compiling apps and include h2load in configure (Patch
    from David Beitey)
  * Don't check for dlopen/libdl on *BSD (Patch from Bernard Spil)
  * Don't taint CXXFLAGS from AX_CXX_COMPILE_STDCXX_11
  * Fixing Windows Makefile version detection (Patch from Reza
    Tavakoli)
  * lib: Tokenize extra HTTP header fields
  * lib: Fix typo in HAVE_CONFIG_H name (Patch from Peter Wu)
  * lib: Add HTTP/2 extension framework to send and receive
    non-critical frames
  * tests: remove unused macros (Patch from Peter Wu)
  * src: Update default cipher list
  * src: Fix compile error with gcc-6 which enables C++14 by default
  * asio: client: Fix connect timeout does not work, return from cb
    if session stopped, removing client::session::connect_timeout()
    functon
  * nghttpd: Start SETTINGS timer after it is written to output
    buffer
  * nghttpd: Add trailer header field to status responses
  * nghttpd: Add -w and -W options to change window size
  * nghttpx: Worker wide blocker which is used when socket(2) is
    failed
  * nghttpx: ConnectBlocker per backend address
  * nghttpx: Interleave text/html pushed resources with associated
    resource
  * nghttpx: Add headers given in add-response-headers for mruby
    response
  * nghttpx: Deprecate --backend-ipv4 and --backend-ipv6 in favor
    of --backend-address-family
  * nghttpx: Add options to specify address family of memcached
    connections
  * nghttpx: Add encryption support for TLS ticket key retrieval
  * nghttpx: Add TLS support for session cache memcached connection
  * nghttpx: Refactor blacklisted cipher suite check (Patch from
    Jay Satiro)
  * nghttpx: Add TLS support for HTTP/1 backend
  * nghttpx: Add request-header-field-buffer and
    max-request-header-fields options, deprecating
    header-field-buffer and max-header-fields options.
  * nghttpx: Add --no-http2-cipher-black-list to allow black listed
    cipher suite
  * nghttpx: Limit header fields from backend
  * nghttpx: Fix bug that IPv6 address in Forwarded "/for"/ is not
    quoted-string
  * nghttpx: Support multiple frontend addresses
  * integration-tests: support out-of-tree tests (Patch from Peter
    Wu)
  * examples: fix compile warnings (Patch from Peter Wu)
- Drop upstreamed nghttp2-c++14.patch
- Update to 1.7.1
  * Fix CVE-2016-1544 (boo#966514)
- Add nghttp2-c++14.patch to properly guard make_unique templates.
  [bsc#964140]
- Update to 1.7.0
  * Reset (RST_STREAM) stream if flow control window gets overflow
  * Validate :authroity, host, and :scheme value more strictly
  * Check request/response submission error based side of session
  * Strict outgoing idle stream detection
  * Return error from nghttp2_submit_{headers,request} when self
    dependency is made
  * Add -ldl to APPLDFLAGS for static openssl linking
  * asio: Stop acceptor on server::http2::stop
  * asio: Rename http2::get_io_services() as http2::io_services()
  * h2load: Support UNIX domain socket
  * h2load: Improve readability of traffic numbers
  * h2load: Remove "/auto"/ for -m option
  * h2load: Show progress in rate mode
  * h2load: Perform sampling for request and connection timings to
    reduce memory consumption
  * nghttpd: Add --no-content-length option to omit content-length
    in response
  * nghttpx: Interleave pushed streams with the associated stream
    if pushed streams are javascript and CSS resources
  * nghttpx: The initial value of request/response buffer is
    increased to 128K
  * nghttpx: Fix bug that --listener-disable-timeout option is not
    used
  * nghttpx: Don't emit :authority if request does not contain
    authority information
  * nghttpx: Add clarification of quotes in configuration file
  * nghttpx: Don't allow certain characters in host and :scheme
    header field
  * nghttpx: Add RFC 7239 Forwarded header field support
  * nghttpx: Fix crash when running on IPv6 only (Patch from Vernon
    Tang)
  * nghttpx: Take into account of trailers when applying
    max_header_fields
  * nghttpx: Don't apply max_header_fields and header_field_buffer
    limit to response
  * nghttpx: Strict validation for header fields given in
    configuration
  * nghttpx: header value should not be lower-cased (Patch from
    ayanamist)
- fixed typo in libnghttp2_asio1 [bsc#962914]
ntp
- bsc#1186431: Fix a typo in %post .
- jsc#SLE-15482, ntp-clarify-interface.patch:
  Adjust the documentation to clarify that "/interface ignore all"/
  does not cover the wildcard and localhost addresses.
- Refactor the key handling in %post so that it does not overwrite
  user settings (bsc#1036505, bsc#1183513).
open-iscsi
- Do not restart iscsid and iscsiuio during package upgrade,
  if those daemons are running. (bsc#1183741).
- Cherry picked 3 factory commits (from upstream) for bsc#1183421:
  * Enable iscsi.service asynchronous logins, cleanup services
  * Implement login "/no_wait"/ for iscsiadm NODE mode
  * Add ability to attempt target logins asynchronously
openslp
- Implement automatic active discovery retries so that DAs do
  not get dropped if they are not reachable for some time
  [bnc#1166637] [bnc#1184008]
  new patch: openslp.unicastactivediscovery.diff
openssh
- Add openssh-bsc1190975-CVE-2021-41617-authorizedkeyscommand.patch
  (bsc#1190975, CVE-2021-41617), backported from upstream by
  Ali Abdallah.
openssl-1_0_0
- bsc#1190885
  * OpenSSL: parameters by name ffdheXXXX and modp_XXXX sometimes result in "/not found"/
  * modified openssl-DH.patch
- Other OpenSSL functions that print ASN.1 data have been found to assume that
  the ASN1_STRING byte array will be NUL terminated, even though this is not
  guaranteed for strings that have been directly constructed. Where an application
  requests an ASN.1 structure to be printed, and where that ASN.1 structure
  contains ASN1_STRINGs that have been directly constructed by the application
  without NUL terminating the "/data"/ field, then a read buffer overrun can occur.
  * CVE-2021-3712 continued
  * bsc#1189521
  * Add CVE-2021-3712-other-ASN1_STRING-issues.patch
  * Sourced from openssl-CVE-2021-3712.tar.bz2 posted on bsc-1189521
    2021-08-24 00:47 PDT by Marcus Meissner
- The function X509_CERT_AUX_print() has a bug which may cause a read buffer overrun
  when printing certificate details. A malicious actor could construct a
  certificate to deliberately hit this bug, which may result in a crash of the
  application (causing a Denial of Service attack).
  * CVE-2021-3712
  * bsc#1189521
  * Add CVE-2021-3712-Fix-read-buffer-overrun-in-X509_CERT_AUX_print.patch
- Add safe primes to DH parameter generation
  * RFC7919 and RFC3526
  * bsc#1180995
  * Added openssl-add_rfc3526_rfc7919.patch
  * Genpkey: "/-pkeyopt dh_param:"/ can now choose modp_* (rfc3526) and
    ffdhe* (rfc7919) groups. Example:
    $ openssl genpkey -genparam -algorithm DH -pkeyopt dh_param:modp_4096
- Security fixes:
  * Integer overflow in CipherUpdate: Incorrect SSLv2 rollback
    protection [bsc#1182333, CVE-2021-23840]
  * Null pointer deref in X509_issuer_and_serial_hash()
    [bsc#1182331, CVE-2021-23841]
- Add openssl-CVE-2021-23840.patch openssl-CVE-2021-23841.patch
pam
- pam_cracklib: backported code to check whether the password contains
  a substring of of the user's name of at least <N> characters length
  in some form from SLE-15.
  This is enabled by the new parameter "/usersubstr=<N>"/
  See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4
  [jsc#SLE-21741, pam-pam_cracklib-add-usersubstr.patch]
- Added tmpfiles for pam to set up directory for pam_faillock.
  [pam.conf]
- Added pam_faillock to the set of modules.
  [jsc#sle-20638, pam-sle20638-add-pam_faillock.patch]
- In the 32-bit compatibility package for 64-bit architectures,
  require "/systemd-32bit"/ to be also installed as it contains
  pam_systemd.so for 32 bit applications.
  [bsc#1185562, baselibs.conf]
- pam_limits: "/unlimited"/ is not a legitimate value for "/nofile"/
  (see setrlimit(2)). So, when "/nofile"/ is set to one of the
  "/unlimited"/ values, it is set to the contents of
  "//proc/sys/fs/nr_open"/ instead.
  Also changed the manpage of pam_limits to express this.
  [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch]
pcre
- pcre 8.45 (the final release)
  * Fixed a small (*MARK) bug in the interpreter (Bugzilla #2771).
- pcre 8.44
  * Small patch to pcreposix.c to set the erroroffset field to -1 immediately
  after a successful compile, instead of at the start of matching to avoid a
  sanitizer complaint (regexec is supposed to be thread safe).
  * Check the size of the number after (?C as it is read, in order to avoid
  integer overflow. (bsc#1172974, CVE-2020-14155)
  * Tidy up left shifts to avoid sanitize warnings; also fix one NULL deference
  in pcretest.
- pcre 8.43
  * In a pattern such as /[^x{100}-x{ffff}]*[x80-xff]/ which has a repeated
  negative class with no characters less than 0x100 followed by a positive class
  with only characters less than 0x100, the first class was incorrectly being
  auto-possessified, causing incorrect match failures.
  * If the only branch in a conditional subpattern was anchored, the whole
  subpattern was treated as anchored, when it should not have been, since the
  assumed empty second branch cannot be anchored. Demonstrated by test patterns
  such as /(?(1)^())b/ or /(?(?=^))b/.
  * Fix subject buffer overread in JIT when UTF is disabled and X or R has
  a greater than 1 fixed quantifier. This issue was found by Yunho Kim.
  (bsc#1172973 CVE-2019-20838)
  * If a pattern started with a subroutine call that had a quantifier with a
  minimum of zero, an incorrect "/match must start with this character"/ could be
  recorded. Example: /(?&xxx)*ABC(?<xxx>XYZ)/ would (incorrectly) expect 'A' to
  be the first character of a match.
- pcre 8.42
  * If a backreference with a minimum repeat count of zero was first in a
  pattern, apart from assertions, an incorrect first matching character could be
  recorded. For example, for the pattern /(?=(a))1?b/, "/b"/ was incorrectly set
  as the first character of a match.
  * Fix out-of-bounds read for partial matching of /./ against an empty string
  when the newline type is CRLF.
  * When matching using the the REG_STARTEND feature of the POSIX API with a
  non-zero starting offset, unset capturing groups with lower numbers than a
  group that did capture something were not being correctly returned as "/unset"/
  (that is, with offset values of -1).
  * Matching the pattern /(*UTF)C[^v]+x80/ against an 8-bit string
  containing multi-code-unit characters caused bad behaviour and possibly a
  crash. This issue was fixed for other kinds of repeat in release 8.37 by change
  38, but repeating character classes were overlooked.
- pcre 8.41
  * Fix a missing else in the JIT compiler (bsc#1025709 CVE-2017-6004)
  * A (?# style comment is now ignored between a basic quantifier and a
    following '+' or '?' (example: /X+(?#comment)?Y/.
  * Avoid use of a potentially overflowing buffer in pcregrep (patch by Petr
    Pisar).
  * In the 32-bit library in non-UTF mode, an attempt to find a Unicode
  property for a character with a code point greater than 0x10ffff (the Unicode
  maximum) caused a crash. (bsc#1030807 CVE-2017-7244)
  * The alternative matching function, pcre_dfa_exec() misbehaved if it
  encountered a character class with a possessive repeat, for example [a-f]{3}+.
  (bsc#1030066 CVE-2017-7186)
  * When pcretest called pcre_copy_substring() in 32-bit mode, it set the buffer
  length incorrectly, which could result in buffer overflow.
  (bsc#1030805 CVE-2017-7245, bsc#1030803 CVE-2017-7246)
  * Fix returned offsets from regexec() when REG_STARTEND is used with a
  starting offset greater than zero.
- pcre 8.40
  * Fix register overwite in JIT when SSE2 acceleration is enabled.
  * Ignore "/show all captures"/ (/=) for DFA matching.
  * Fix JIT unaligned accesses on x86. Patch by Marc Mutz.
  * In any wide-character mode (8-bit UTF or any 16-bit or 32-bit mode),
    without PCRE_UCP set, a negative character type such as D in a positive
    class should cause all characters greater than 255 to match, whatever else
    is in the class. There was a bug that caused this not to happen if a
    Unicode property item was added to such a class, for example [DP{Nd}] or
    [WpL].
  * A pattern such as (?<RA>abc)(?(R)xyz) was incorrectly compiled such that
    the conditional was interpreted as a reference to capturing group 1 instead
    of a test for recursion. Any group whose name began with R was
    misinterpreted in this way. (The reference interpretation should only
    happen if the group's name is precisely "/R"/.)
  * A number of bugs have been mended relating to match start-up optimizations
    when the first thing in a pattern is a positive lookahead. These all
    applied only when PCRE_NO_START_OPTIMIZE was *not* set:
    (a) A pattern such as (?=.*X)X$ was incorrectly optimized as if it needed
    both an initial 'X' and a following 'X'.
    (b) Some patterns starting with an assertion that started with .* were
    incorrectly optimized as having to match at the start of the subject or
    after a newline. There are cases where this is not true, for example,
    (?=.*[A-Z])(?=.{8,16})(?!.*[s]) matches after the start in lines that
    start with spaces. Starting .* in an assertion is no longer taken as an
    indication of matching at the start (or after a newline).
permissions
  * add capability for prometheus-blackbox_exporter (bsc#1191194)
- Update to version 20170707:
  * make btmp root:utmp (bsc#1050467, bsc#1182899)
- Update to version 20170707:
polkit
- CVE-2021-3560: fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync()
  (bsc#1186497)
  CVE-2021-3560.patch
psmisc
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
  * Fix bsc#1185208 to make private mount namespaces work as well
    as to distinguish NFS mounts from same remote device share.
- Remove patch bsc1185208.patch as now solved in main patch/commit
- Fix for SG#60627, bsc#1185208:
  * bsc1185208.patch: Don't list all processes from different private
    namespace when fuser is run on a NFS mount.
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
  * Fix bsc#1178407: fuser does not show open kvm storage image files
    such as qcow2 files. Patch from Ali Abdallah <ali.abdallah@suse.com>
python
- Set correct value of %python2_package_prefix to python
  (as expected on SLE-12). (bsc#1175619)
- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091
  (CVE-2019-20907, bpo#39017) avoiding possible infinite loop
  in specifically crafted tarball.
  Add recursion.tar as a testing tarball for the patch.
- Renamed patch for assigned CVE:
  * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
    CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
    (boo#1189241, CVE-2021-3737)
- Renamed patch for assigned CVE:
  * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch
    (boo#1189287, CVE-2021-3733)
- Fix python-doc build (bpo#35293):
  * sphinx-update-removed-function.patch
- Update documentation formatting for Sphinx 3.0 (bpo#40204).
- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
  request (bpo#43075, boo#1189287).
- Add missing security announcement to
  bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
  which fixes http client infinite line reading (DoS) after a http
  100 (bpo#44022, boo#1189241).
- Modify Lib/ensurepip/__init__.py to contain the same version
  numbers as are in reality the ones in the bundled wheels
  (bsc#1187668).
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
  use of semicolon as a query string separator (bpo#42967,
  bsc#1182379, CVE-2021-23336).
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.
- (bsc#1180125) We really don't Require python-rpm-macros package.
  Unnecessary dependency.
- Add patch configure_PYTHON_FOR_REGEN.patch which makes
  configure.ac to consider the correct version of
  PYTHON_FO_REGEN (bsc#1078326).
- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
- Update to 2.7.18, final release of Python 2. Ever.:
  - Newline characters have been escaped when performing uu
    encoding to prevent them from overflowing into to content
    section of the encoded file. This prevents malicious or
    accidental modification of data during the decoding process.
  - Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben
    Caller.
  - Fixed line numbers and column offsets for AST nodes for calls
    without arguments in decorators.
  - bsc#1155094 (CVE-2019-18348) Disallow control characters in
    hostnames in http.client. Such potentially malicious header
    injection URLs now cause a InvalidURL to be raised.
  - Fix urllib.urlretrieve failing on subsequent ftp transfers
    from the same host.
  - Fix problems identified by GCC's -Wstringop-truncation
    warning.
  - AddRefActCtx() was needlessly being checked for failure in
    PC/dl_nt.c.
  - Prevent failure of test_relative_path in test_py_compile on
    macOS Catalina.
  - Fixed possible leak in `PyArg_Parse` and similar
    functions for format units "/es#"/ and "/et#"/ when the macro
    `PY_SSIZE_T_CLEAN` is not defined.
- Remove upstreamed patches:
  - CVE-2019-18348-CRLF_injection_via_host_part.patch
  - python-2.7.14-CVE-2017-1000158.patch
  - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch
  - CVE-2018-1061-DOS-via-regexp-difflib.patch
  - CVE-2019-10160-netloc-port-regression.patch
  - CVE-2019-16056-email-parse-addr.patch
- Add CVE-2019-9674-zip-bomb.patch to improve documentation
  warning about dangers of zip-bombs and other security problems
  with zipfile library. (bsc#1162825 CVE-2019-9674)
- Change to Requires: libpython%{so_version} == %{version}-%{release}
  to python-base to keep both packages always synchronized (add
  %{so_version}) (bsc#1162224).
- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug
  "/Python urrlib allowed an HTTP server to conduct Regular
  Expression Denial of Service (ReDoS)"/ (bsc#1162367)
- Provide python-testsuite from devel subkg to ease py2->py3
  dependencies
- bsc#1109847 (CVE-2018-14647): add
  CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing
  bpo-34623.
  fixing bpo-35746 (CVE-2019-5010).
python-PyJWT
- Update in SLE-12 (bsc#1186173)
- Drop patches for issues fixed upstream
  * CVE-2017-12880-pkcs1-pubkey.patch
  * PyJWT-1.1.0.diff
- Avoid not needed python-pytest-cov and python-pytest-runner
  BuildRequires. There is no need todo a coverage run during
  package build.
- update to version 1.5.3:
  * Changed
    + Increase required version of the cryptography package to
    >=1.4.0.
  * Fixed
    + Remove uses of deprecated functions from the cryptography
    package.
    + Warn about missing algorithms param to decode() only when verify
    param is True #281
- update to 1.5.2:
  - Ensure correct arguments order in decode super call [7c1e61d][7c1e61d]
  - Change optparse for argparse. [#238][238]
  - Guard against PKCS1 PEM encododed public keys [#277][277]
  - Add deprecation warning when decoding without specifying `algorithms` [#277][277]
  - Improve deprecation messages [#270][270]
  - PyJWT.decode: move verify param into options [#271][271]
  - Support for Python 3.6 [#262][262]
  - Expose jwt.InvalidAlgorithmError [#264][264]
  - Add support for ECDSA public keys in RFC 4253 (OpenSSH) format [#244][244]
  - Renamed commandline script `jwt` to `jwt-cli` to avoid issues with the script clobbering the `jwt` module in some circumstances. [#187][187]
  - Better error messages when using an algorithm that requires the cryptography package, but it isn't available [#230][230]
  - Tokens with future 'iat' values are no longer rejected [#190][190]
  - Non-numeric 'iat' values now raise InvalidIssuedAtError instead of DecodeError
  - Remove rejection of future 'iat' claims [#252][252]
  - Add back 'ES512' for backward compatibility (for now) [#225][225]
  - Fix incorrectly named ECDSA algorithm [#219][219]
  - Fix rpm build [#196][196]
  - Add JWK support for HMAC and RSA keys [#202][202]
- Restore runtime dependency python-ecdsa
- Convert to singlespec
- Remove unneeded dependency python-ecdsa
- Use "/download_files"/ in _service file to automate source fetching
- Drop pycrypto as dependency, we only need cryptography
- Use update-alternatives so it can be co-installable with python3-PyJWT
- Use dos2unix on jwt/__init__.py
- updated source url to files.pythonhosted.org
- Run the spec file through spec-cleaner
- Drop PyJWT-1.1.0.diff which was only used on rhel (?)
python-PyYAML
- Add pyyaml.CVE-2020-14343.patch (bsc#1174514 CVE-2020-14343)
  Prevents arbitrary code execution during python/object/* constructors
  This patch contains the upstream git commit a001f27 from the 5.4 release.
- Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)
- update to 5.3.1
  * fixes boo#1165439 (cve-2020-1747) Prevents arbitrary code execution
  during python/object/new constructor
- update to 5.3
  * Use `is` instead of equality for comparing with `None`
  * fix typos and stylistic nit
  * Fix up small typo
  * Fix handling of __slots__
  * Allow calling add_multi_constructor with None
  * Add use of safe_load() function in README
  * Fix reader for Unicode code points over 0xFFFF
  * Enable certain unicode tests when maxunicode not > 0xffff
  * Use full_load in yaml-highlight example
  * Document that PyYAML is implemented with Cython
  * Fix for Python 3.10
  * increase size of index, line, and column fields
  * remove some unused imports
  * Create timezone-aware datetimes when parsed as such
  * Add tests for timezone
- update to 5.2
  * A more flexible fix for custom tag constructors
  * Change default loader for yaml.add_constructor
  * Change default loader for add_implicit_resolver, add_path_resolver
  * Move constructor for object/apply to UnsafeConstructor
  * Fix logic for quoting special characters
python-base
- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091
  (CVE-2019-20907, bpo#39017) avoiding possible infinite loop
  in specifically crafted tarball.
  Add recursion.tar as a testing tarball for the patch.
- Renamed patch for assigned CVE:
  * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
    CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
    (boo#1189241, CVE-2021-3737)
- Renamed patch for assigned CVE:
  * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch
    (boo#1189287, CVE-2021-3733)
- Fix python-doc build (bpo#35293):
  * sphinx-update-removed-function.patch
- Update documentation formatting for Sphinx 3.0 (bpo#40204).
- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
  request (bpo#43075, boo#1189287).
- Add missing security announcement to
  bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
  which fixes http client infinite line reading (DoS) after a http
  100 (bpo#44022, boo#1189241).
- Modify Lib/ensurepip/__init__.py to contain the same version
  numbers as are in reality the ones in the bundled wheels
  (bsc#1187668).
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
  use of semicolon as a query string separator (bpo#42967,
  bsc#1182379, CVE-2021-23336).
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.
- (bsc#1180125) We really don't Require python-rpm-macros package.
  Unnecessary dependency.
- Add patch configure_PYTHON_FOR_REGEN.patch which makes
  configure.ac to consider the correct version of
  PYTHON_FO_REGEN (bsc#1078326).
- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
- Update to 2.7.18, final release of Python 2. Ever.:
  - Newline characters have been escaped when performing uu
    encoding to prevent them from overflowing into to content
    section of the encoded file. This prevents malicious or
    accidental modification of data during the decoding process.
  - Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben
    Caller.
  - Fixed line numbers and column offsets for AST nodes for calls
    without arguments in decorators.
  - bsc#1155094 (CVE-2019-18348) Disallow control characters in
    hostnames in http.client. Such potentially malicious header
    injection URLs now cause a InvalidURL to be raised.
  - Fix urllib.urlretrieve failing on subsequent ftp transfers
    from the same host.
  - Fix problems identified by GCC's -Wstringop-truncation
    warning.
  - AddRefActCtx() was needlessly being checked for failure in
    PC/dl_nt.c.
  - Prevent failure of test_relative_path in test_py_compile on
    macOS Catalina.
  - Fixed possible leak in `PyArg_Parse` and similar
    functions for format units "/es#"/ and "/et#"/ when the macro
    `PY_SSIZE_T_CLEAN` is not defined.
- Remove upstreamed patches:
  - CVE-2019-18348-CRLF_injection_via_host_part.patch
  - python-2.7.14-CVE-2017-1000158.patch
  - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch
  - CVE-2018-1061-DOS-via-regexp-difflib.patch
  - CVE-2019-10160-netloc-port-regression.patch
  - CVE-2019-16056-email-parse-addr.patch
- Add CVE-2019-9674-zip-bomb.patch to improve documentation
  warning about dangers of zip-bombs and other security problems
  with zipfile library. (bsc#1162825 CVE-2019-9674)
- Change to Requires: libpython%{so_version} == %{version}-%{release}
  to python-base to keep both packages always synchronized (add
  %{so_version}) (bsc#1162224).
- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug
  "/Python urrlib allowed an HTTP server to conduct Regular
  Expression Denial of Service (ReDoS)"/ (bsc#1162367)
- Provide python-testsuite from devel subkg to ease py2->py3
  dependencies
- bsc#1109847 (CVE-2018-14647): add
  CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing
  bpo-34623.
  fixing bpo-35746 (CVE-2019-5010).
python-boto3
- Version update to 1.17.9 (bsc#1182421, bsc#1182422, jsc#ECO-3352, jsc#PM-2485)
  * api-change:``devops-guru``: [``botocore``] Update devops-guru client to latest version
  * api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
- from version 1.17.8
  * api-change:``lightsail``: [``botocore``] Update lightsail client to latest version
  * api-change:``medialive``: [``botocore``] Update medialive client to latest version
  * api-change:``kinesis-video-archived-media``: [``botocore``] Update kinesis-video-archived-media
    client to latest version
  * api-change:``config``: [``botocore``] Update config client to latest version
  * api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version
  * api-change:``redshift-data``: [``botocore``] Update redshift-data client to latest version
  * api-change:``workmailmessageflow``: [``botocore``] Update workmailmessageflow client to latest version
  * api-change:``mediatailor``: [``botocore``] Update mediatailor client to latest version
- from version 1.17.7
  * api-change:``personalize-events``: [``botocore``] Update personalize-events client to latest version
  * api-change:``eks``: [``botocore``] Update eks client to latest version
  * api-change:``iam``: [``botocore``] Update iam client to latest version
  * api-change:``codepipeline``: [``botocore``] Update codepipeline client to latest version
  * api-change:``detective``: [``botocore``] Update detective client to latest version
  * api-change:``macie2``: [``botocore``] Update macie2 client to latest version
  * api-change:``wafv2``: [``botocore``] Update wafv2 client to latest version
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
  * api-change:``appsync``: [``botocore``] Update appsync client to latest version
  * api-change:``rds``: [``botocore``] Update rds client to latest version
- from version 1.17.6
  * api-change:``databrew``: [``botocore``] Update databrew client to latest version
  * api-change:``rds``: [``botocore``] Update rds client to latest version
- from version 1.17.5
  * api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
  * api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
  * api-change:``qldb-session``: [``botocore``] Update qldb-session client to latest version
  * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
  * api-change:``gamelift``: [``botocore``] Update gamelift client to latest version
- from version 1.17.4
  * api-change:``dataexchange``: [``botocore``] Update dataexchange client to latest version
  * api-change:``cloudtrail``: [``botocore``] Update cloudtrail client to latest version
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
  * api-change:``ivs``: [``botocore``] Update ivs client to latest version
  * api-change:``macie2``: [``botocore``] Update macie2 client to latest version
  * api-change:``globalaccelerator``: [``botocore``] Update globalaccelerator client to latest version
  * api-change:``iotsitewise``: [``botocore``] Update iotsitewise client to latest version
  * api-change:``elasticache``: [``botocore``] Update elasticache client to latest version
- from version 1.17.3
  * api-change:``macie``: [``botocore``] Update macie client to latest version
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
  * api-change:``organizations``: [``botocore``] Update organizations client to latest version
- from version 1.17.2
  * api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
  * api-change:``appflow``: [``botocore``] Update appflow client to latest version
  * api-change:``emr-containers``: [``botocore``] Update emr-containers client to latest version
  * api-change:``dlm``: [``botocore``] Update dlm client to latest version
  * api-change:``athena``: [``botocore``] Update athena client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
- from version 1.17.1
  * api-change:``lambda``: [``botocore``] Update lambda client to latest version
  * api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``ce``: [``botocore``] Update ce client to latest version
  * api-change:``databrew``: [``botocore``] Update databrew client to latest version
  * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version
  * api-change:``workmail``: [``botocore``] Update workmail client to latest version
  * api-change:``auditmanager``: [``botocore``] Update auditmanager client to latest version
  * api-change:``compute-optimizer``: [``botocore``] Update compute-optimizer client to latest version
  * api-change:``iotsitewise``: [``botocore``] Update iotsitewise client to latest version
- from version 1.17.0
  * api-change:``appmesh``: [``botocore``] Update appmesh client to latest version
  * feature:Python: Dropped support for Python 3.4 and 3.5
  * api-change:``application-autoscaling``: [``botocore``] Update application-autoscaling
  client to latest version
  * api-change:``lookoutvision``: [``botocore``] Update lookoutvision client to latest version
  * api-change:``organizations``: [``botocore``] Update organizations client to latest version
  * feature:Python: [``botocore``] Dropped support for Python 3.4 and 3.5
  * api-change:``s3control``: [``botocore``] Update s3control client to latest version
  * api-change:``rds-data``: [``botocore``] Update rds-data client to latest version
  * api-change:``medialive``: [``botocore``] Update medialive client to latest version
  * api-change:``route53``: [``botocore``] Update route53 client to latest version
  * api-change:``location``: [``botocore``] Update location client to latest version
  * enhancement:s3: [``botocore``] Amazon S3 now supports AWS PrivateLink, providing direct access
    to S3 via a private endpoint within your virtual private network.
  * api-change:``iotwireless``: [``botocore``] Update iotwireless client to latest version
- from version 1.16.63
  * api-change:``macie2``: [``botocore``] Update macie2 client to latest version
  * api-change:``connect``: [``botocore``] Update connect client to latest version
  * api-change:``medialive``: [``botocore``] Update medialive client to latest version
- from version 1.16.62
  * api-change:``wellarchitected``: [``botocore``] Update wellarchitected client to latest version
  * api-change:``managedblockchain``: [``botocore``] Update managedblockchain client to latest version
  * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
  * api-change:``databrew``: [``botocore``] Update databrew client to latest version
  * bugfix:Validator: [``botocore``] Fix showing incorrect max-value in error message for
    range and length value validation
  * api-change:``iot``: [``botocore``] Update iot client to latest version
  * api-change:``robomaker``: [``botocore``] Update robomaker client to latest version
- from version 1.16.61
  * api-change:``elasticache``: [``botocore``] Update elasticache client to latest version
  * api-change:``customer-profiles``: [``botocore``] Update customer-profiles client to latest version
  * api-change:``sesv2``: [``botocore``] Update sesv2 client to latest version
  * api-change:``accessanalyzer``: [``botocore``] Update accessanalyzer client to latest version
  * api-change:``lightsail``: [``botocore``] Update lightsail client to latest version
  * api-change:``es``: [``botocore``] Update es client to latest version
- from version 1.16.60
  * api-change:``backup``: [``botocore``] Update backup client to latest version
- from version 1.16.59
  * api-change:``greengrassv2``: [``botocore``] Update greengrassv2 client to latest version
  * api-change:``redshift``: [``botocore``] Update redshift client to latest version
  * api-change:``lexv2-runtime``: [``botocore``] Update lexv2-runtime client to latest version
  * api-change:``rds``: [``botocore``] Update rds client to latest version
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
  * api-change:``ssm``: [``botocore``] Update ssm client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
- from version 1.16.58
  * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version
  * api-change:``kafka``: [``botocore``] Update kafka client to latest version
  * api-change:``resourcegroupstaggingapi``: [``botocore``] Update resourcegroupstaggingapi
    client to latest version
- from version 1.16.57
  * api-change:``acm-pca``: [``botocore``] Update acm-pca client to latest version
  * api-change:``chime``: [``botocore``] Update chime client to latest version
  * api-change:``ecs``: [``botocore``] Update ecs client to latest version
- from version 1.16.56
  * api-change:``sns``: [``botocore``] Update sns client to latest version
- from version 1.16.55
  * api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version
  * api-change:``cognito-identity``: [``botocore``] Update cognito-identity client to latest version
  * api-change:``s3control``: [``botocore``] Update s3control client to latest version
  * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
- from version 1.16.54
  * api-change:``frauddetector``: [``botocore``] Update frauddetector client to latest version
  * api-change:``personalize``: [``botocore``] Update personalize client to latest version
- from version 1.16.53
  * api-change:``appstream``: [``botocore``] Update appstream client to latest version
  * api-change:``auditmanager``: [``botocore``] Update auditmanager client to latest version
  * api-change:``ssm``: [``botocore``] Update ssm client to latest version
  * api-change:``elasticache``: [``botocore``] Update elasticache client to latest version
  * api-change:``lightsail``: [``botocore``] Update lightsail client to latest version
- Update BuildRequires and Requires from setup.py
- Version update to 1.16.52
  * api-change:``rds``: [``botocore``] Update rds client to latest version
  * api-change:``kms``: [``botocore``] Update kms client to latest version
- from version 1.16.51
  * api-change:``devops-guru``: [``botocore``] Update devops-guru client to latest version
  * api-change:``codepipeline``: [``botocore``] Update codepipeline client to latest version
  * api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
- from version 1.16.50
  * api-change:``autoscaling``: [``botocore``] Update autoscaling client to latest version
  * api-change:``transfer``: [``botocore``] Update transfer client to latest version
  * api-change:``autoscaling-plans``: [``botocore``] Update autoscaling-plans client to latest version
- from version 1.16.49
  * api-change:``ce``: [``botocore``] Update ce client to latest version
  * api-change:``application-autoscaling``: [``botocore``] Update application-autoscaling
    client to latest version
- from version 1.16.48
  * api-change:``healthlake``: [``botocore``] Update healthlake client to latest version
  * api-change:``cloudsearch``: [``botocore``] Update cloudsearch client to latest version
- from version 1.16.47
  * api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
- from version 1.16.46
  * api-change:``macie2``: [``botocore``] Update macie2 client to latest version
  * api-change:``elasticache``: [``botocore``] Update elasticache client to latest version
- from version 1.16.45
  * api-change:``acm-pca``: [``botocore``] Update acm-pca client to latest version
  * api-change:``apigatewayv2``: [``botocore``] Update apigatewayv2 client to latest version
- from version 1.16.44
  * api-change:``cloudfront``: [``botocore``] Update cloudfront client to latest version
- from version 1.16.43
  * api-change:``compute-optimizer``: [``botocore``] Update compute-optimizer client to latest version
  * api-change:``resource-groups``: [``botocore``] Update resource-groups client to latest version
  * api-change:``dms``: [``botocore``] Update dms client to latest version
- from version 1.16.42
  * api-change:``ssm``: [``botocore``] Update ssm client to latest version
  * api-change:``iotwireless``: [``botocore``] Update iotwireless client to latest version
  * api-change:``rds``: [``botocore``] Update rds client to latest version
  * api-change:``glue``: [``botocore``] Update glue client to latest version
  * api-change:``ce``: [``botocore``] Update ce client to latest version
  * api-change:``connect``: [``botocore``] Update connect client to latest version
  * api-change:``elasticache``: [``botocore``] Update elasticache client to latest version
- from version 1.16.41
  * api-change:``config``: [``botocore``] Update config client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``glue``: [``botocore``] Update glue client to latest version
  * api-change:``batch``: [``botocore``] Update batch client to latest version
  * api-change:``managedblockchain``: [``botocore``] Update managedblockchain client to latest version
  * api-change:``service-quotas``: [``botocore``] Update service-quotas client to latest version
  * api-change:``s3``: [``botocore``] Update s3 client to latest version
  * api-change:``connectparticipant``: [``botocore``] Update connectparticipant client to latest version
  * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version
  * api-change:``qldb-session``: [``botocore``] Update qldb-session client to latest version
  * api-change:``outposts``: [``botocore``] Update outposts client to latest version
  * api-change:``servicecatalog-appregistry``: [``botocore``] Update servicecatalog-appregistry
    client to latest version
  * api-change:``dms``: [``botocore``] Update dms client to latest version
  * api-change:``apigateway``: [``botocore``] Update apigateway client to latest version
- from version 1.16.40
  * api-change:``rds``: [``botocore``] Update rds client to latest version
  * bugfix:SSO: [``botocore``] Fixed timestamp format for SSO credential expirations
  * api-change:``personalize-runtime``: [``botocore``] Update personalize-runtime
    client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
- from version 1.16.39
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
  * api-change:``dlm``: [``botocore``] Update dlm client to latest version
  * api-change:``kms``: [``botocore``] Update kms client to latest version
  * api-change:``route53resolver``: [``botocore``] Update route53resolver client to latest version
  * api-change:``sqs``: [``botocore``] Update sqs client to latest version
  * api-change:``config``: [``botocore``] Update config client to latest version
  * api-change:``imagebuilder``: [``botocore``] Update imagebuilder client to latest version
  * api-change:``route53``: [``botocore``] Update route53 client to latest version
- from version 1.16.38
  * api-change:``ce``: [``botocore``] Update ce client to latest version
  * api-change:``amp``: [``botocore``] Update amp client to latest version
  * api-change:``location``: [``botocore``] Update location client to latest version
  * api-change:``wellarchitected``: [``botocore``] Update wellarchitected client to latest version
  * api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
- from version 1.16.37
  * api-change:``iotwireless``: [``botocore``] Update iotwireless client to latest version
  * api-change:``lambda``: [``botocore``] Update lambda client to latest version
  * api-change:``greengrassv2``: [``botocore``] Update greengrassv2 client to latest version
  * api-change:``ssm``: [``botocore``] Update ssm client to latest version
  * api-change:``iotdeviceadvisor``: [``botocore``] Update iotdeviceadvisor client to latest version
  * api-change:``iot``: [``botocore``] Update iot client to latest version
  * api-change:``iotanalytics``: [``botocore``] Update iotanalytics client to latest version
  * api-change:``amp``: [``botocore``] Update amp client to latest version
  * api-change:``iotfleethub``: [``botocore``] Update iotfleethub client to latest version
- from version 1.16.36
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``globalaccelerator``: [``botocore``] Update globalaccelerator
    client to latest version
  * api-change:``devops-guru``: [``botocore``] Update devops-guru client
    to latest version
- from version 1.16.35
  * api-change:``guardduty``: [``botocore``] Update guardduty client to latest version
  * api-change:``iotsitewise``: [``botocore``] Update iotsitewise client to latest version
  * api-change:``autoscaling``: [``botocore``] Update autoscaling client to latest version
  * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
  * api-change:``pi``: [``botocore``] Update pi client to latest version
  * api-change:``cloudtrail``: [``botocore``] Update cloudtrail client to latest version
- from version 1.16.34
  * api-change:``networkmanager``: [``botocore``] Update networkmanager
    client to latest version
  * api-change:``kendra``: [``botocore``] Update kendra client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
- from version 1.16.33
  * api-change:``globalaccelerator``: [``botocore``] Update globalaccelerator
    client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``redshift``: [``botocore``] Update redshift client to latest version
- from version 1.16.32
  * api-change:``ecr``: [``botocore``] Update ecr client to latest version
  * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
  * api-change:``kendra``: [``botocore``] Update kendra client to latest version
  * api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
  * api-change:``auditmanager``: [``botocore``] Update auditmanager client to latest version
  * api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-runtime client to latest version
  * api-change:``sagemaker-edge``: [``botocore``] Update sagemaker-edge client to latest version
  * api-change:``forecast``: [``botocore``] Update forecast client to latest version
  * api-change:``healthlake``: [``botocore``] Update healthlake client to latest version
  * api-change:``emr-containers``: [``botocore``] Update emr-containers client to latest version
- from version 1.16.31
  * api-change:``dms``: [``botocore``] Update dms client to latest version
  * api-change:``servicecatalog-appregistry``: [``botocore``] Update servicecatalog-appregistry
    client to latest version
- from version 1.16.30
  * api-change:``ssm``: [``botocore``] Update ssm client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``workspaces``: [``botocore``] Update workspaces client to latest version
  * api-change:``license-manager``: [``botocore``] Update license-manager client to latest version
  * api-change:``lambda``: [``botocore``] Update lambda client to latest version
  * api-change:``ds``: [``botocore``] Update ds client to latest version
  * api-change:``kafka``: [``botocore``] Update kafka client to latest version
  * api-change:``medialive``: [``botocore``] Update medialive client to latest version
  * api-change:``rds``: [``botocore``] Update rds client to latest version
- from version 1.16.29
  * api-change:``license-manager``: [``botocore``] Update license-manager client to latest version
  * api-change:``compute-optimizer``: [``botocore``] Update compute-optimizer client to latest version
  * api-change:``amplifybackend``: [``botocore``] Update amplifybackend client to latest version
  * api-change:``batch``: [``botocore``] Update batch client to latest version
- from version 1.16.28
  * api-change:``customer-profiles``: [``botocore``] Update customer-profiles
    client to latest version
- from version 1.16.27
  * api-change:``sagemaker-featurestore-runtime``: [``botocore``] Update
    sagemaker-featurestore-runtime client to latest version
  * api-change:``ecr-public``: [``botocore``] Update ecr-public client to latest version
  * api-change:``honeycode``: [``botocore``] Update honeycode client to latest version
  * api-change:``eks``: [``botocore``] Update eks client to latest version
  * api-change:``amplifybackend``: [``botocore``] Update amplifybackend client to latest version
  * api-change:``lambda``: [``botocore``] Update lambda client to latest version
  * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
  * api-change:``lookoutvision``: [``botocore``] Update lookoutvision client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``connect``: [``botocore``] Update connect client to latest version
  * api-change:``connect-contact-lens``: [``botocore``] Update connect-contact-lens client to latest version
  * api-change:``profile``: [``botocore``] Update profile client to latest version
  * api-change:``s3``: [``botocore``] Update s3 client to latest version
  * api-change:``appintegrations``: [``botocore``] Update appintegrations client to latest version
  * api-change:``ds``: [``botocore``] Update ds client to latest version
  * api-change:``devops-guru``: [``botocore``] Update devops-guru client to latest version
- from version 1.16.26
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
- Update BuildRequires and Requires from setup.py
- Version update to 1.16.25
  * api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
  * api-change:``cloudformation``: [``botocore``] Update cloudformation client to latest version
  * api-change:``appflow``: [``botocore``] Update appflow client to latest version
  * api-change:``fsx``: [``botocore``] Update fsx client to latest version
  * api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version
  * api-change:``timestream-write``: [``botocore``] Update timestream-write client to latest version
  * api-change:``elasticbeanstalk``: [``botocore``] Update elasticbeanstalk client to latest version
  * api-change:``batch``: [``botocore``] Update batch client to latest version
  * api-change:``cloudtrail``: [``botocore``] Update cloudtrail client to latest version
  * api-change:``cognito-idp``: [``botocore``] Update cognito-idp client to latest version
  * api-change:``iotsitewise``: [``botocore``] Update iotsitewise client to latest version
  * api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
  * api-change:``comprehend``: [``botocore``] Update comprehend client to latest version
  * api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
  * api-change:``mwaa``: [``botocore``] Update mwaa client to latest version
  * api-change:``lex-models``: [``botocore``] Update lex-models client to latest version
  * api-change:``gamelift``: [``botocore``] Update gamelift client to latest version
- from version 1.16.24
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``translate``: [``botocore``] Update translate client to latest version
  * api-change:``kafka``: [``botocore``] Update kafka client to latest version
  * api-change:``application-insights``: [``botocore``] Update application-insights client to latest version
  * api-change:``glue``: [``botocore``] Update glue client to latest version
  * api-change:``signer``: [``botocore``] Update signer client to latest version
  * api-change:``codestar-connections``: [``botocore``] Update codestar-connections client to latest version
  * api-change:``codeartifact``: [``botocore``] Update codeartifact client to latest version
  * api-change:``elasticache``: [``botocore``] Update elasticache client to latest version
  * api-change:``emr``: [``botocore``] Update emr client to latest version
  * api-change:``forecast``: [``botocore``] Update forecast client to latest version
  * api-change:``iot``: [``botocore``] Update iot client to latest version
  * api-change:``autoscaling``: [``botocore``] Update autoscaling client to latest version
  * api-change:``ecs``: [``botocore``] Update ecs client to latest version
  * api-change:``timestream-query``: [``botocore``] Update timestream-query client to latest version
  * api-change:``sso-admin``: [``botocore``] Update sso-admin client to latest version
  * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version
  * api-change:``lambda``: [``botocore``] Update lambda client to latest version
  * api-change:``outposts``: [``botocore``] Update outposts client to latest version
  * api-change:``license-manager``: [``botocore``] Update license-manager client to latest version
  * api-change:``dynamodb``: [``botocore``] Update dynamodb client to latest version
- from version 1.16.23
  * api-change:``servicecatalog-appregistry``: [``botocore``] Update servicecatalog-appregistry client to latest version
  * api-change:``appmesh``: [``botocore``] Update appmesh client to latest version
  * api-change:``kafka``: [``botocore``] Update kafka client to latest version
  * api-change:``macie2``: [``botocore``] Update macie2 client to latest version
  * api-change:``chime``: [``botocore``] Update chime client to latest version
  * api-change:``cloudhsmv2``: [``botocore``] Update cloudhsmv2 client to latest version
  * api-change:``codeguru-reviewer``: [``botocore``] Update codeguru-reviewer client to latest version
  * api-change:``s3``: [``botocore``] Update s3 client to latest version
  * api-change:``cognito-identity``: [``botocore``] Update cognito-identity client to latest version
  * api-change:``connect``: [``botocore``] Update connect client to latest version
- from version 1.16.22
  * api-change:``ce``: [``botocore``] Update ce client to latest version
  * api-change:``lex-runtime``: [``botocore``] Update lex-runtime client to latest version
  * api-change:``glue``: [``botocore``] Update glue client to latest version
  * api-change:``lex-models``: [``botocore``] Update lex-models client to latest version
  * api-change:``events``: [``botocore``] Update events client to latest version
  * api-change:``autoscaling``: [``botocore``] Update autoscaling client to latest version
  * api-change:``ds``: [``botocore``] Update ds client to latest version
  * api-change:``kinesisanalyticsv2``: [``botocore``] Update kinesisanalyticsv2 client to latest version
  * api-change:``redshift``: [``botocore``] Update redshift client to latest version
  * api-change:``medialive``: [``botocore``] Update medialive client to latest version
  * api-change:``lambda``: [``botocore``] Update lambda client to latest version
- from version 1.16.21
  * api-change:``elasticache``: [``botocore``] Update elasticache client to latest version
  * api-change:``cloudformation``: [``botocore``] Update cloudformation client to latest version
  * api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
  * bugfix:Retry: [``botocore``] Fix bug where retries were attempted on any response with an "/Error"/ key.
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``s3control``: [``botocore``] Update s3control client to latest version
  * api-change:``backup``: [``botocore``] Update backup client to latest version
  * api-change:``outposts``: [``botocore``] Update outposts client to latest version
- from version 1.16.20
  * api-change:``connect``: [``botocore``] Update connect client to latest version
  * api-change:``chime``: [``botocore``] Update chime client to latest version
  * api-change:``fms``: [``botocore``] Update fms client to latest version
  * api-change:``network-firewall``: [``botocore``] Update network-firewall client to latest version
  * api-change:``rds``: [``botocore``] Update rds client to latest version
  * api-change:``macie2``: [``botocore``] Update macie2 client to latest version
- from version 1.16.19
  * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
  * api-change:``iotsitewise``: [``botocore``] Update iotsitewise client to latest version
  * api-change:``dms``: [``botocore``] Update dms client to latest version
  * api-change:``iotsecuretunneling``: [``botocore``] Update iotsecuretunneling client to latest version
  * api-change:``sns``: [``botocore``] Update sns client to latest version
  * api-change:``synthetics``: [``botocore``] Update synthetics client to latest version
  * api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
  * api-change:``codepipeline``: [``botocore``] Update codepipeline client to latest version
  * api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
- from version 1.16.18
  * api-change:``textract``: [``botocore``] Update textract client to latest version
  * api-change:``shield``: [``botocore``] Update shield client to latest version
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
- from version 1.16.17
  * api-change:``personalize-runtime``: [``botocore``] Update personalize-runtime client to latest version
  * api-change:``servicecatalog-appregistry``: [``botocore``] Update servicecatalog-appregistry client to latest version
  * api-change:``lex-models``: [``botocore``] Update lex-models client to latest version
  * api-change:``polly``: [``botocore``] Update polly client to latest version
  * api-change:``iot``: [``botocore``] Update iot client to latest version
  * api-change:``robomaker``: [``botocore``] Update robomaker client to latest version
  * api-change:``lightsail``: [``botocore``] Update lightsail client to latest version
- from version 1.16.16
  * api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
  * api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
  * api-change:``databrew``: [``botocore``] Update databrew client to latest version
  * api-change:``forecast``: [``botocore``] Update forecast client to latest version
  * api-change:``amplify``: [``botocore``] Update amplify client to latest version
  * api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
- from version 1.16.15
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
  * api-change:``autoscaling``: [``botocore``] Update autoscaling client to latest version
  * api-change:``ssm``: [``botocore``] Update ssm client to latest version
- from version 1.16.14
  * api-change:``dynamodb``: [``botocore``] Update dynamodb client to latest version
  * api-change:``es``: [``botocore``] Update es client to latest version
  * api-change:``fsx``: [``botocore``] Update fsx client to latest version
  * api-change:``macie2``: [``botocore``] Update macie2 client to latest version
  * api-change:``iotanalytics``: [``botocore``] Update iotanalytics client to latest version
  * api-change:``s3``: [``botocore``] Update s3 client to latest version
  * api-change:``storagegateway``: [``botocore``] Update storagegateway client to latest version
  * api-change:``ssm``: [``botocore``] Update ssm client to latest version
  * api-change:``ecs``: [``botocore``] Update ecs client to latest version
  * api-change:``datasync``: [``botocore``] Update datasync client to latest version
- from version 1.16.13
  * api-change:``ssm``: [``botocore``] Update ssm client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``iotsitewise``: [``botocore``] Update iotsitewise client to latest version
  * api-change:``medialive``: [``botocore``] Update medialive client to latest version
  * api-change:``dlm``: [``botocore``] Update dlm client to latest version
- from version 1.16.12
  * api-change:``frauddetector``: [``botocore``] Update frauddetector client to latest version
  * api-change:``rds``: [``botocore``] Update rds client to latest version
  * api-change:``kendra``: [``botocore``] Update kendra client to latest version
  * api-change:``events``: [``botocore``] Update events client to latest version
  * api-change:``dynamodb``: [``botocore``] Update dynamodb client to latest version
  * api-change:``lambda``: [``botocore``] Update lambda client to latest version
  * api-change:``es``: [``botocore``] Update es client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``appmesh``: [``botocore``] Update appmesh client to latest version
- from version 1.16.11
  * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
  * api-change:``es``: [``botocore``] Update es client to latest version
  * api-change:``xray``: [``botocore``] Update xray client to latest version
  * api-change:``mq``: [``botocore``] Update mq client to latest version
  * api-change:``iot``: [``botocore``] Update iot client to latest version
  * api-change:``meteringmarketplace``: [``botocore``] Update meteringmarketplace client to latest version
  * api-change:``autoscaling``: [``botocore``] Update autoscaling client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
- from version 1.16.10
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
- from version 1.16.9
  * api-change:``medialive``: [``botocore``] Update medialive client to latest version
  * api-change:``dms``: [``botocore``] Update dms client to latest version
  * api-change:``macie2``: [``botocore``] Update macie2 client to latest version
  * api-change:``imagebuilder``: [``botocore``] Update imagebuilder client to latest version
  * api-change:``braket``: [``botocore``] Update braket client to latest version
  * api-change:``sns``: [``botocore``] Update sns client to latest version
  * api-change:``elasticache``: [``botocore``] Update elasticache client to latest version
- from version 1.16.8
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
  * api-change:``codeartifact``: [``botocore``] Update codeartifact client to latest version
  * api-change:``marketplacecommerceanalytics``: [``botocore``] Update marketplacecommerceanalytics client to latest version
  * api-change:``apigateway``: [``botocore``] Update apigateway client to latest version
  * api-change:``sesv2``: [``botocore``] Update sesv2 client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``storagegateway``: [``botocore``] Update storagegateway client to latest version
- from version 1.16.7
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``iot``: [``botocore``] Update iot client to latest version
  * api-change:``workmail``: [``botocore``] Update workmail client to latest version
- from version 1.16.6
  * api-change:``glue``: [``botocore``] Update glue client to latest version
- from version 1.16.5
  * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
  * api-change:``neptune``: [``botocore``] Update neptune client to latest version
  * api-change:``kendra``: [``botocore``] Update kendra client to latest version
- from version 1.16.4
  * api-change:``mediatailor``: [``botocore``] Update mediatailor client to latest version
  * api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
  * api-change:``macie2``: [``botocore``] Update macie2 client to latest version
- from version 1.16.3
  * api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
  * api-change:``sns``: [``botocore``] Update sns client to latest version
  * api-change:``accessanalyzer``: [``botocore``] Update accessanalyzer client to latest version
  * api-change:``appflow``: [``botocore``] Update appflow client to latest version
- from version 1.16.2
  * api-change:``organizations``: [``botocore``] Update organizations client to latest version
  * api-change:``globalaccelerator``: [``botocore``] Update globalaccelerator client to latest version
  * api-change:``kendra``: [``botocore``] Update kendra client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``cloudfront``: [``botocore``] Update cloudfront client to latest version
  * api-change:``glue``: [``botocore``] Update glue client to latest version
- from version 1.16.1
  * api-change:``elasticbeanstalk``: [``botocore``] Update elasticbeanstalk client to latest version
  * api-change:``appsync``: [``botocore``] Update appsync client to latest version
  * api-change:``batch``: [``botocore``] Update batch client to latest version
- from version 1.16.0
  * api-change:``backup``: [``botocore``] Update backup client to latest version
  * api-change:``docdb``: [``botocore``] Update docdb client to latest version
  * api-change:``cloudfront``: [``botocore``] Update cloudfront client to latest version
  * api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
  * feature:imds: [``botocore``] Updated InstanceMetadataFetcher to use custom ipv6 uri as endpoint if envvar or config set
  * api-change:``ssm``: [``botocore``] Update ssm client to latest version
- from version 1.15.18
  * api-change:``medialive``: [``botocore``] Update medialive client to latest version
  * api-change:``organizations``: [``botocore``] Update organizations client to latest version
- from version 1.15.17
  * api-change:``transfer``: [``botocore``] Update transfer client to latest version
  * api-change:``xray``: [``botocore``] Update xray client to latest version
  * api-change:``dms``: [``botocore``] Update dms client to latest version
  * api-change:``macie2``: [``botocore``] Update macie2 client to latest version
  * api-change:``ssm``: [``botocore``] Update ssm client to latest version
  * api-change:``groundstation``: [``botocore``] Update groundstation client to latest version
  * api-change:``rekognition``: [``botocore``] Update rekognition client to latest version
  * api-change:``ce``: [``botocore``] Update ce client to latest version
  * api-change:``workspaces``: [``botocore``] Update workspaces client to latest version
  * api-change:``glue``: [``botocore``] Update glue client to latest version
  * api-change:``budgets``: [``botocore``] Update budgets client to latest version
  * api-change:``accessanalyzer``: [``botocore``] Update accessanalyzer client to latest version
  * api-change:``rds``: [``botocore``] Update rds client to latest version
  * api-change:``workmail``: [``botocore``] Update workmail client to latest version
  * api-change:``iot``: [``botocore``] Update iot client to latest version
- from version 1.15.16
  * api-change:``snowball``: [``botocore``] Update snowball client to latest version
  * api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
  * api-change:``eks``: [``botocore``] Update eks client to latest version
  * api-change:``amplify``: [``botocore``] Update amplify client to latest version
  * api-change:``medialive``: [``botocore``] Update medialive client to latest version
- Update BuildRequires and Requires from setup.py
- Only build Python3 flavors for distributions 15 and greater
- Version update to 1.15.15
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``events``: [``botocore``] Update events client to latest version
  * api-change:``sns``: [``botocore``] Update sns client to latest version
  * api-change:``ce``: [``botocore``] Update ce client to latest version
  * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
  * api-change:``rds``: [``botocore``] Update rds client to latest version
  * api-change:``rekognition``: [``botocore``] Update rekognition client to latest version
- from version 1.15.14
  * api-change:``mediapackage``: [``botocore``] Update mediapackage client to latest version
  * api-change:``ce``: [``botocore``] Update ce client to latest version
  * api-change:``compute-optimizer``: [``botocore``] Update compute-optimizer client to latest version
  * api-change:``elasticache``: [``botocore``] Update elasticache client to latest version
- from version 1.15.13
  * api-change:``dms``: [``botocore``] Update dms client to latest version
  * api-change:``kinesisanalyticsv2``: [``botocore``] Update kinesisanalyticsv2 client to latest version
  * api-change:``marketplace-catalog``: [``botocore``] Update marketplace-catalog client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
- from version 1.15.12
  * api-change:``dynamodbstreams``: [``botocore``] Update dynamodbstreams client to latest version
  * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
  * api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
  * api-change:``dynamodb``: [``botocore``] Update dynamodb client to latest version
  * api-change:``glue``: [``botocore``] Update glue client to latest version
- from version 1.15.11
  * api-change:``batch``: [``botocore``] Update batch client to latest version
  * api-change:``personalize-events``: [``botocore``] Update personalize-events client to latest version
  * api-change:``rds``: [``botocore``] Update rds client to latest version
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
  * api-change:``servicediscovery``: [``botocore``] Update servicediscovery client to latest version
  * api-change:``s3``: [``botocore``] Update s3 client to latest version
- from version 1.15.10
  * api-change:``glue``: [``botocore``] Update glue client to latest version
  * api-change:``kafka``: [``botocore``] Update kafka client to latest version
  * api-change:``appsync``: [``botocore``] Update appsync client to latest version
  * api-change:``emr``: [``botocore``] Update emr client to latest version
  * api-change:``wafv2``: [``botocore``] Update wafv2 client to latest version
  * api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
- from version 1.15.9
  * api-change:``datasync``: [``botocore``] Update datasync client to latest version
  * api-change:``s3control``: [``botocore``] Update s3control client to latest version
  * api-change:``imagebuilder``: [``botocore``] Update imagebuilder client to latest version
  * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version
  * api-change:``iot``: [``botocore``] Update iot client to latest version
  * api-change:``emr``: [``botocore``] Update emr client to latest version
  * api-change:``s3outposts``: [``botocore``] Update s3outposts client to latest version
  * api-change:``application-autoscaling``: [``botocore``] Update application-autoscaling client to latest version
  * api-change:``directconnect``: [``botocore``] Update directconnect client to latest version
  * api-change:``s3``: [``botocore``] Update s3 client to latest version
  * api-change:``mediaconnect``: [``botocore``] Update mediaconnect client to latest version
  * api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version
- from version 1.15.8
  * api-change:``timestream-write``: [``botocore``] Update timestream-write client to latest version
  * api-change:``connect``: [``botocore``] Update connect client to latest version
  * api-change:``ssm``: [``botocore``] Update ssm client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``schemas``: [``botocore``] Update schemas client to latest version
  * api-change:``timestream-query``: [``botocore``] Update timestream-query client to latest version
- from version 1.15.7
  * api-change:``application-autoscaling``: [``botocore``] Update application-autoscaling client to latest version
  * api-change:``rds``: [``botocore``] Update rds client to latest version
- from version 1.15.6
  * api-change:``frauddetector``: [``botocore``] Update frauddetector client to latest version
  * api-change:``config``: [``botocore``] Update config client to latest version
  * api-change:``batch``: [``botocore``] Update batch client to latest version
  * api-change:``docdb``: [``botocore``] Update docdb client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``sts``: [``botocore``] Update sts client to latest version
- from version 1.15.5
  * api-change:``transcribe``: [``botocore``] Update transcribe client to latest version
  * api-change:``textract``: [``botocore``] Update textract client to latest version
  * api-change:``amplify``: [``botocore``] Update amplify client to latest version
  * api-change:``eks``: [``botocore``] Update eks client to latest version
  * api-change:``savingsplans``: [``botocore``] Update savingsplans client to latest version
  * api-change:``synthetics``: [``botocore``] Update synthetics client to latest version
- from version 1.15.4
  * api-change:``translate``: [``botocore``] Update translate client to latest version
  * api-change:``ce``: [``botocore``] Update ce client to latest version
  * api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
  * api-change:``backup``: [``botocore``] Update backup client to latest version
- from version 1.15.3
  * api-change:``comprehend``: [``botocore``] Update comprehend client to latest version
  * api-change:``dynamodbstreams``: [``botocore``] Update dynamodbstreams client to latest version
  * api-change:``workmail``: [``botocore``] Update workmail client to latest version
  * api-change:``lex-models``: [``botocore``] Update lex-models client to latest version
- from version 1.15.2
  * api-change:``glue``: [``botocore``] Update glue client to latest version
  * api-change:``resourcegroupstaggingapi``: [``botocore``] Update resourcegroupstaggingapi client to latest version
  * api-change:``iotsitewise``: [``botocore``] Update iotsitewise client to latest version
  * api-change:``events``: [``botocore``] Update events client to latest version
  * api-change:``resource-groups``: [``botocore``] Update resource-groups client to latest version
  * api-change:``rds``: [``botocore``] Update rds client to latest version
- from version 1.15.1
  * api-change:``medialive``: [``botocore``] Update medialive client to latest version
  * api-change:``sso-admin``: [``botocore``] Update sso-admin client to latest version
  * api-change:``codestar-connections``: [``botocore``] Update codestar-connections client to latest version
- from version 1.15.0
  * api-change:``kendra``: [``botocore``] Update kendra client to latest version
  * api-change:``cloudfront``: [``botocore``] Update cloudfront client to latest version
  * api-change:``comprehend``: [``botocore``] Update comprehend client to latest version
  * api-change:``apigateway``: [``botocore``] Update apigateway client to latest version
  * api-change:``es``: [``botocore``] Update es client to latest version
  * api-change:``apigatewayv2``: [``botocore``] Update apigatewayv2 client to latest version
  * feature:dependency: [``botocore``] botocore has removed docutils as a required dependency
- from version 1.14.63
  * api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
  * api-change:``dlm``: [``botocore``] Update dlm client to latest version
  * api-change:``greengrass``: [``botocore``] Update greengrass client to latest version
  * api-change:``connect``: [``botocore``] Update connect client to latest version
  * api-change:``ssm``: [``botocore``] Update ssm client to latest version
- from version 1.14.62
  * api-change:``transcribe``: [``botocore``] Update transcribe client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
  * api-change:``medialive``: [``botocore``] Update medialive client to latest version
  * api-change:``budgets``: [``botocore``] Update budgets client to latest version
  * api-change:``kafka``: [``botocore``] Update kafka client to latest version
  * api-change:``kendra``: [``botocore``] Update kendra client to latest version
  * api-change:``organizations``: [``botocore``] Update organizations client to latest version
- from version 1.14.61
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``managedblockchain``: [``botocore``] Update managedblockchain client to latest version
  * api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version
  * api-change:``docdb``: [``botocore``] Update docdb client to latest version
- from version 1.14.60
  * api-change:``workspaces``: [``botocore``] Update workspaces client to latest version
- from version 1.14.59
  * api-change:``cloudfront``: [``botocore``] Update cloudfront client to latest version
  * api-change:``ebs``: [``botocore``] Update ebs client to latest version
  * api-change:``sso-admin``: [``botocore``] Update sso-admin client to latest version
  * api-change:``s3``: [``botocore``] Update s3 client to latest version
- from version 1.14.58
  * api-change:``kinesisanalyticsv2``: [``botocore``] Update kinesisanalyticsv2 client to latest version
  * api-change:``glue``: [``botocore``] Update glue client to latest version
  * api-change:``redshift-data``: [``botocore``] Update redshift-data client to latest version
- from version 1.14.57
  * api-change:``lex-models``: [``botocore``] Update lex-models client to latest version
  * api-change:``apigatewayv2``: [``botocore``] Update apigatewayv2 client to latest version
  * api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
  * api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
- Update BuildRequires and Requires from setup.py
- Version update to 1.14.56
  * api-change:``workspaces``: [``botocore``] Update workspaces client to latest version
  * api-change:``xray``: [``botocore``] Update xray client to latest version
  * api-change:``ssm``: [``botocore``] Update ssm client to latest version
- from version 1.14.55
  * api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version
  * api-change:``guardduty``: [``botocore``] Update guardduty client to latest version
  * api-change:``mediapackage``: [``botocore``] Update mediapackage client to latest version
  * api-change:``kendra``: [``botocore``] Update kendra client to latest version
- from version 1.14.54
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``macie2``: [``botocore``] Update macie2 client to latest version
- from version 1.14.53
  * api-change:``codeguru-reviewer``: [``botocore``] Update codeguru-reviewer client to latest version
  * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version
- from version 1.14.52
  * api-change:``sqs``: [``botocore``] Update sqs client to latest version
  * api-change:``backup``: [``botocore``] Update backup client to latest version
  * api-change:``cloudfront``: [``botocore``] Update cloudfront client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
- from version 1.14.51
  * api-change:``cur``: [``botocore``] Update cur client to latest version
  * api-change:``route53``: [``botocore``] Update route53 client to latest version
  * api-change:``cloudfront``: [``botocore``] Update cloudfront client to latest version
  * api-change:``emr``: [``botocore``] Update emr client to latest version
- from version 1.14.50
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``redshift``: [``botocore``] Update redshift client to latest version
  * api-change:``gamelift``: [``botocore``] Update gamelift client to latest version
  * api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
- from version 1.14.49
  * api-change:``appflow``: [``botocore``] Update appflow client to latest version
  * api-change:``route53resolver``: [``botocore``] Update route53resolver client to latest version
- from version 1.14.48
  * api-change:``iotsitewise``: [``botocore``] Update iotsitewise client to latest version
  * api-change:``xray``: [``botocore``] Update xray client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``logs``: [``botocore``] Update logs client to latest version
  * api-change:``dms``: [``botocore``] Update dms client to latest version
  * api-change:``ssm``: [``botocore``] Update ssm client to latest version
  * api-change:``kafka``: [``botocore``] Update kafka client to latest version
- from version 1.14.47
  * api-change:``chime``: [``botocore``] Update chime client to latest version
  * api-change:``fsx``: [``botocore``] Update fsx client to latest version
  * api-change:``apigatewayv2``: [``botocore``] Update apigatewayv2 client to latest version
- from version 1.14.46
  * api-change:``lakeformation``: [``botocore``] Update lakeformation client to latest version
  * api-change:``storagegateway``: [``botocore``] Update storagegateway client to latest version
  * api-change:``ivs``: [``botocore``] Update ivs client to latest version
  * api-change:``organizations``: [``botocore``] Update organizations client to latest version
  * api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
- from version 1.14.45
  * api-change:``identitystore``: [``botocore``] Update identitystore client to latest version
  * api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
  * api-change:``cognito-idp``: [``botocore``] Update cognito-idp client to latest version
  * api-change:``datasync``: [``botocore``] Update datasync client to latest version
  * api-change:``sesv2``: [``botocore``] Update sesv2 client to latest version
  * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version
- from version 1.14.44
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
  * api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
  * api-change:``kinesis``: [``botocore``] Update kinesis client to latest version
  * api-change:``ecr``: [``botocore``] Update ecr client to latest version
  * api-change:``acm``: [``botocore``] Update acm client to latest version
  * api-change:``robomaker``: [``botocore``] Update robomaker client to latest version
  * api-change:``elb``: [``botocore``] Update elb client to latest version
  * api-change:``acm-pca``: [``botocore``] Update acm-pca client to latest version
- from version 1.14.43
  * api-change:``braket``: [``botocore``] Update braket client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``license-manager``: [``botocore``] Update license-manager client to latest version
  * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
  * api-change:``appstream``: [``botocore``] Update appstream client to latest version
- from version 1.14.42
  * api-change:``rds``: [``botocore``] Update rds client to latest version
  * api-change:``eks``: [``botocore``] Update eks client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``macie2``: [``botocore``] Update macie2 client to latest version
  * api-change:``cognito-idp``: [``botocore``] Update cognito-idp client to latest version
  * api-change:``appsync``: [``botocore``] Update appsync client to latest version
  * api-change:``braket``: [``botocore``] Update braket client to latest version
- from version 1.14.41
  * api-change:``transfer``: [``botocore``] Update transfer client to latest version
  * api-change:``comprehend``: [``botocore``] Update comprehend client to latest version
  * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
  * api-change:``fsx``: [``botocore``] Update fsx client to latest version
  * api-change:``workspaces``: [``botocore``] Update workspaces client to latest version
  * api-change:``lambda``: [``botocore``] Update lambda client to latest version
  * api-change:``iot``: [``botocore``] Update iot client to latest version
  * api-change:``cloud9``: [``botocore``] Update cloud9 client to latest version
- Update BuildRequires and Requires from setup.py
python-botocore
- Version update to 1.20.9 (bsc#1182421, bsc#1182422, jsc#ECO-3352, jsc#PM-2485)
  * api-change:``devops-guru``: Update devops-guru client to latest version
  * api-change:``codebuild``: Update codebuild client to latest version
- from version 1.20.8
  * api-change:``lightsail``: Update lightsail client to latest version
  * api-change:``medialive``: Update medialive client to latest version
  * api-change:``kinesis-video-archived-media``: Update kinesis-video-archived-media
    client to latest version
  * api-change:``config``: Update config client to latest version
  * api-change:``pinpoint``: Update pinpoint client to latest version
  * api-change:``redshift-data``: Update redshift-data client to latest version
  * api-change:``workmailmessageflow``: Update workmailmessageflow client to latest version
  * api-change:``mediatailor``: Update mediatailor client to latest version
- from version 1.20.7
  * api-change:``personalize-events``: Update personalize-events client to latest version
  * api-change:``eks``: Update eks client to latest version
  * api-change:``iam``: Update iam client to latest version
  * api-change:``codepipeline``: Update codepipeline client to latest version
  * api-change:``detective``: Update detective client to latest version
  * api-change:``macie2``: Update macie2 client to latest version
  * api-change:``wafv2``: Update wafv2 client to latest version
  * api-change:``elbv2``: Update elbv2 client to latest version
  * api-change:``appsync``: Update appsync client to latest version
  * api-change:``rds``: Update rds client to latest version
- from version 1.20.6
  * api-change:``databrew``: Update databrew client to latest version
  * api-change:``rds``: Update rds client to latest version
- from version 1.20.5
  * api-change:``quicksight``: Update quicksight client to latest version
  * api-change:``mediaconvert``: Update mediaconvert client to latest version
  * api-change:``qldb-session``: Update qldb-session client to latest version
  * api-change:``sagemaker``: Update sagemaker client to latest version
  * api-change:``gamelift``: Update gamelift client to latest version
- from version 1.20.4
  * api-change:``dataexchange``: Update dataexchange client to latest version
  * api-change:``cloudtrail``: Update cloudtrail client to latest version
  * api-change:``elbv2``: Update elbv2 client to latest version
  * api-change:``ivs``: Update ivs client to latest version
  * api-change:``macie2``: Update macie2 client to latest version
  * api-change:``globalaccelerator``: Update globalaccelerator client to latest version
  * api-change:``iotsitewise``: Update iotsitewise client to latest version
  * api-change:``elasticache``: Update elasticache client to latest version
- from version 1.20.3
  * api-change:``macie``: Update macie client to latest version
  * api-change:``elbv2``: Update elbv2 client to latest version
  * api-change:``organizations``: Update organizations client to latest version
- from version 1.20.2
  * api-change:``quicksight``: Update quicksight client to latest version
  * api-change:``appflow``: Update appflow client to latest version
  * api-change:``emr-containers``: Update emr-containers client to latest version
  * api-change:``dlm``: Update dlm client to latest version
  * api-change:``athena``: Update athena client to latest version
  * api-change:``ec2``: Update ec2 client to latest version
- from version 1.20.1
  * api-change:``lambda``: Update lambda client to latest version
  * api-change:``codebuild``: Update codebuild client to latest version
  * api-change:``ec2``: Update ec2 client to latest version
  * api-change:``ce``: Update ce client to latest version
  * api-change:``databrew``: Update databrew client to latest version
  * api-change:``securityhub``: Update securityhub client to latest version
  * api-change:``workmail``: Update workmail client to latest version
  * api-change:``auditmanager``: Update auditmanager client to latest version
  * api-change:``compute-optimizer``: Update compute-optimizer client to latest version
  * api-change:``iotsitewise``: Update iotsitewise client to latest version
- from version 1.20.0
  * api-change:``appmesh``: Update appmesh client to latest version
  * api-change:``application-autoscaling``: Update application-autoscaling client to latest version
  * api-change:``lookoutvision``: Update lookoutvision client to latest version
  * api-change:``organizations``: Update organizations client to latest version
  * feature:Python: Dropped support for Python 3.4 and 3.5
  * api-change:``s3control``: Update s3control client to latest version
  * api-change:``rds-data``: Update rds-data client to latest version
  * api-change:``medialive``: Update medialive client to latest version
  * api-change:``route53``: Update route53 client to latest version
  * api-change:``location``: Update location client to latest version
  * enhancement:s3: Amazon S3 now supports AWS PrivateLink, providing direct
    access to S3 via a private endpoint within your virtual private network.
  * api-change:``iotwireless``: Update iotwireless client to latest version
- from version 1.19.63
  * api-change:``macie2``: Update macie2 client to latest version
  * api-change:``connect``: Update connect client to latest version
  * api-change:``medialive``: Update medialive client to latest version
- from version 1.19.62
  * api-change:``wellarchitected``: Update wellarchitected client to latest version
  * api-change:``managedblockchain``: Update managedblockchain client to latest version
  * api-change:``cloudwatch``: Update cloudwatch client to latest version
  * api-change:``databrew``: Update databrew client to latest version
  * bugfix:Validator: Fix showing incorrect max-value in error message for
    range and length value validation
  * api-change:``iot``: Update iot client to latest version
  * api-change:``robomaker``: Update robomaker client to latest version
- from version 1.19.61
  * api-change:``elasticache``: Update elasticache client to latest version
  * api-change:``customer-profiles``: Update customer-profiles client to latest version
  * api-change:``sesv2``: Update sesv2 client to latest version
  * api-change:``accessanalyzer``: Update accessanalyzer client to latest version
  * api-change:``lightsail``: Update lightsail client to latest version
  * api-change:``es``: Update es client to latest version
- from version 1.19.60
  * api-change:``backup``: Update backup client to latest version
- from version 1.19.59
  * api-change:``greengrassv2``: Update greengrassv2 client to latest version
  * api-change:``redshift``: Update redshift client to latest version
  * api-change:``lexv2-runtime``: Update lexv2-runtime client to latest version
  * api-change:``rds``: Update rds client to latest version
  * api-change:``lexv2-models``: Update lexv2-models client to latest version
  * api-change:``ssm``: Update ssm client to latest version
  * api-change:``ec2``: Update ec2 client to latest version
- from version 1.19.58
  * api-change:``kafka``: Update kafka client to latest version
  * api-change:``resourcegroupstaggingapi``: Update resourcegroupstaggingapi
    client to latest version
- from version 1.19.57
  * api-change:``acm-pca``: Update acm-pca client to latest version
  * api-change:``chime``: Update chime client to latest version
  * api-change:``ecs``: Update ecs client to latest version
- from version 1.19.56
  * api-change:``sns``: Update sns client to latest version
- from version 1.19.55
  * api-change:``pinpoint``: Update pinpoint client to latest version
  * api-change:``cognito-identity``: Update cognito-identity client to latest version
  * api-change:``s3control``: Update s3control client to latest version
  * api-change:``sagemaker``: Update sagemaker client to latest version
- from version 1.19.54
  * api-change:``frauddetector``: Update frauddetector client to latest version
  * api-change:``personalize``: Update personalize client to latest version
- from version 1.19.53
  * api-change:``appstream``: Update appstream client to latest version
  * api-change:``auditmanager``: Update auditmanager client to latest version
  * api-change:``ssm``: Update ssm client to latest version
  * api-change:``elasticache``: Update elasticache client to latest version
  * api-change:``lightsail``: Update lightsail client to latest version
- from version 1.19.52
  * api-change:``rds``: Update rds client to latest version
  * api-change:``kms``: Update kms client to latest version
- from version 1.19.51
  * api-change:``devops-guru``: Update devops-guru client to latest version
  * api-change:``codepipeline``: Update codepipeline client to latest version
  * api-change:``mediaconvert``: Update mediaconvert client to latest version
- from version 1.19.50
  * api-change:``autoscaling``: Update autoscaling client to latest version
  * api-change:``transfer``: Update transfer client to latest version
  * api-change:``autoscaling-plans``: Update autoscaling-plans client to latest version
- from version 1.19.49
  * api-change:``ce``: Update ce client to latest version
  * api-change:``application-autoscaling``: Update application-autoscaling
    client to latest version
- from version 1.19.48
  * api-change:``healthlake``: Update healthlake client to latest version
  * api-change:``cloudsearch``: Update cloudsearch client to latest version
- Add python-nose to BuildRequires
- Drop python-pytest from BuildRequires
- Drop patch which no longer applies but hasn't been merged upstream yet
  + remove_nose.patch
- Switch testsuite invocation back to python-nose
- Update to 1.19.47
  * api-change:servicecatalog: Update servicecatalog client to
    latest version
- Changes in 1.19.46
  * api-change:macie2: Update macie2 client to latest version
  * api-change:elasticache: Update elasticache client to latest
    version
- Changes in 1.19.45
  * api-change:acm-pca: Update acm-pca client to latest version
  * api-change:apigatewayv2: Update apigatewayv2 client to latest
    version
- Changes in 1.19.44
  * api-change:cloudfront: Update cloudfront client to latest
    version
- Changes in 1.19.43
  * api-change:compute-optimizer: Update compute-optimizer client
    to latest version
  * api-change:resource-groups: Update resource-groups client to
    latest version
  * api-change:dms: Update dms client to latest version
- Changes in 1.19.42
  * api-change:ssm: Update ssm client to latest version
  * api-change:iotwireless: Update iotwireless client to latest
    version
  * api-change:rds: Update rds client to latest version
  * api-change:glue: Update glue client to latest version
  * api-change:ce: Update ce client to latest version
  * api-change:connect: Update connect client to latest version
  * api-change:elasticache: Update elasticache client to latest
    version
- Changes in 1.19.41
  * api-change:config: Update config client to latest version
  * api-change:ec2: Update ec2 client to latest version
  * api-change:glue: Update glue client to latest version
  * api-change:batch: Update batch client to latest version
  * api-change:managedblockchain: Update managedblockchain client
    to latest version
  * api-change:service-quotas: Update service-quotas client to
    latest version
  * api-change:s3: Update s3 client to latest version
  * api-change:connectparticipant: Update connectparticipant
    client to latest version
  * api-change:securityhub: Update securityhub client to latest
    version
  * api-change:qldb-session: Update qldb-session client to latest
    version
  * api-change:outposts: Update outposts client to latest version
  * api-change:servicecatalog-appregistry: Update servicecatalog-
    appregistry client to latest version
  * api-change:dms: Update dms client to latest version
  * api-change:apigateway: Update apigateway client to latest
    version
- Changes in 1.19.40
  * api-change:rds: Update rds client to latest version
  * bugfix:SSO: Fixed timestamp format for SSO credential
    expirations
  * api-change:personalize-runtime: Update personalize-runtime
    client to latest version
  * api-change:ec2: Update ec2 client to latest version
- Changes in 1.19.39
  * api-change:ec2: Update ec2 client to latest version
  * api-change:servicecatalog: Update servicecatalog client to
    latest version
  * api-change:dlm: Update dlm client to latest version
  * api-change:kms: Update kms client to latest version
  * api-change:route53resolver: Update route53resolver client to
    latest version
  * api-change:sqs: Update sqs client to latest version
  * api-change:config: Update config client to latest version
  * api-change:imagebuilder: Update imagebuilder client to latest
    version
  * api-change:route53: Update route53 client to latest version
- Changes in 1.19.38
  * api-change:ce: Update ce client to latest version
  * api-change:amp: Update amp client to latest version
  * api-change:location: Update location client to latest version
  * api-change:wellarchitected: Update wellarchitected client to
    latest version
  * api-change:quicksight: Update quicksight client to latest
    version
- Changes in 1.19.37
  * api-change:iotwireless: Update iotwireless client to latest
  version
  * api-change:lambda: Update lambda client to latest version
  * api-change:greengrassv2: Update greengrassv2 client to latest
    version
  * api-change:ssm: Update ssm client to latest version
  * api-change:iotdeviceadvisor: Update iotdeviceadvisor client to
    latest version
  * api-change:iot: Update iot client to latest version
  * api-change:iotanalytics: Update iotanalytics client to latest
    version
  * api-change:amp: Update amp client to latest version
  * api-change:iotfleethub: Update iotfleethub client to latest
    version
- Changes in 1.19.36
  * api-change:ec2: Update ec2 client to latest version
  * api-change:globalaccelerator: Update globalaccelerator client
    to latest version
  * api-change:devops-guru: Update devops-guru client to latest
    version
- Changes in 1.19.35
  * api-change:guardduty: Update guardduty client to latest
    version
  * api-change:iotsitewise: Update iotsitewise client to latest
    version
  * api-change:autoscaling: Update autoscaling client to latest
    version
  * api-change:cloudwatch: Update cloudwatch client to latest
    version
  * api-change:pi: Update pi client to latest version
  * api-change:cloudtrail: Update cloudtrail client to latest
    version
- Changes in 1.19.34
  * api-change:networkmanager: Update networkmanager client to
    latest version
  * api-change:kendra: Update kendra client to latest version
  * api-change:ec2: Update ec2 client to latest version
- Changes in 1.19.33
  * api-change:globalaccelerator: Update globalaccelerator client
    to latest version
  * api-change:ec2: Update ec2 client to latest version
  * api-change:redshift: Update redshift client to latest version
- Changes in 1.19.32
  * api-change:ecr: Update ecr client to latest version
  * api-change:sagemaker: Update sagemaker client to latest
    version
  * api-change:kendra: Update kendra client to latest version
  * api-change:quicksight: Update quicksight client to latest
    version
  * api-change:auditmanager: Update auditmanager client to latest
    version
  * api-change:sagemaker-runtime: Update sagemaker-runtime client
    to latest version
  * api-change:sagemaker-edge: Update sagemaker-edge client to
    latest version
  * api-change:forecast: Update forecast client to latest version
  * api-change:healthlake: Update healthlake client to latest
    version
  * api-change:emr-containers: Update emr-containers client to
    latest version
- Changes in 1.19.31
  * api-change:dms: Update dms client to latest version
  * api-change:servicecatalog-appregistry: Update servicecatalog-
    appregistry client to latest version
- Changes in 1.19.30
  * api-change:ssm: Update ssm client to latest version
  * api-change:ec2: Update ec2 client to latest version
  * api-change:workspaces: Update workspaces client to latest
    version
  * api-change:license-manager: Update license-manager client to
    latest version
  * api-change:lambda: Update lambda client to latest version
  * api-change:ds: Update ds client to latest version
  * api-change:kafka: Update kafka client to latest version
  * api-change:medialive: Update medialive client to latest
    version
  * api-change:rds: Update rds client to latest version
- Changes in 1.19.29
  * api-change:license-manager: Update license-manager client to
    latest version
  * api-change:compute-optimizer: Update compute-optimizer client
    to latest version
  * api-change:amplifybackend: Update amplifybackend client to
    latest version
  * api-change:batch: Update batch client to latest version
- Changes in 1.19.28
  * api-change:customer-profiles: Update customer-profiles client
    to latest version
- Changes in 1.19.27
  * api-change:sagemaker-featurestore-runtime: Update sagemaker-
    featurestore-runtime client to latest version
  * api-change:ecr-public: Update ecr-public client to latest
    version
  * api-change:honeycode: Update honeycode client to latest
    version
  * api-change:eks: Update eks client to latest version
  * api-change:amplifybackend: Update amplifybackend client to
    latest version
  * api-change:lambda: Update lambda client to latest version
  * api-change:sagemaker: Update sagemaker client to latest
    version
  * api-change:lookoutvision: Update lookoutvision client to
    latest version
  * api-change:ec2: Update ec2 client to latest version
  * api-change:connect: Update connect client to latest version
  * api-change:connect-contact-lens: Update connect-contact-lens
    client to latest version
  * api-change:profile: Update profile client to latest version
  * api-change:s3: Update s3 client to latest version
  * api-change:appintegrations: Update appintegrations client to
    latest version
  * api-change:ds: Update ds client to latest version
  * api-change:devops-guru: Update devops-guru client to latest
    version
- Changes in 1.19.26
  * api-change:ec2: Update ec2 client to latest version
- Unpin upper versions
- Refresh remove_nose.patch
- Version update to 1.19.25
  * api-change:``mediaconvert``: Update mediaconvert client to latest version
  * api-change:``cloudformation``: Update cloudformation client to latest version
  * api-change:``appflow``: Update appflow client to latest version
  * api-change:``fsx``: Update fsx client to latest version
  * api-change:``stepfunctions``: Update stepfunctions client to latest version
  * api-change:``timestream-write``: Update timestream-write client to latest version
  * api-change:``elasticbeanstalk``: Update elasticbeanstalk client to latest version
  * api-change:``batch``: Update batch client to latest version
  * api-change:``cloudtrail``: Update cloudtrail client to latest version
  * api-change:``cognito-idp``: Update cognito-idp client to latest version
  * api-change:``iotsitewise``: Update iotsitewise client to latest version
  * api-change:``codebuild``: Update codebuild client to latest version
  * api-change:``comprehend``: Update comprehend client to latest version
  * api-change:``quicksight``: Update quicksight client to latest version
  * api-change:``mwaa``: Update mwaa client to latest version
  * api-change:``lex-models``: Update lex-models client to latest version
  * api-change:``gamelift``: Update gamelift client to latest version
- from version 1.19.24
  * api-change:``ec2``: Update ec2 client to latest version
  * api-change:``translate``: Update translate client to latest version
  * api-change:``kafka``: Update kafka client to latest version
  * api-change:``application-insights``: Update application-insights client to latest version
  * api-change:``glue``: Update glue client to latest version
  * api-change:``signer``: Update signer client to latest version
  * api-change:``codestar-connections``: Update codestar-connections client to latest version
  * api-change:``codeartifact``: Update codeartifact client to latest version
  * api-change:``elasticache``: Update elasticache client to latest version
  * api-change:``emr``: Update emr client to latest version
  * api-change:``forecast``: Update forecast client to latest version
  * api-change:``iot``: Update iot client to latest version
  * api-change:``autoscaling``: Update autoscaling client to latest version
  * api-change:``ecs``: Update ecs client to latest version
  * api-change:``timestream-query``: Update timestream-query client to latest version
  * api-change:``sso-admin``: Update sso-admin client to latest version
  * api-change:``securityhub``: Update securityhub client to latest version
  * api-change:``lambda``: Update lambda client to latest version
  * api-change:``outposts``: Update outposts client to latest version
  * api-change:``license-manager``: Update license-manager client to latest version
  * api-change:``dynamodb``: Update dynamodb client to latest version
- from version 1.19.23
  * api-change:``servicecatalog-appregistry``: Update servicecatalog-appregistry client to latest version
  * api-change:``appmesh``: Update appmesh client to latest version
  * api-change:``kafka``: Update kafka client to latest version
  * api-change:``macie2``: Update macie2 client to latest version
  * api-change:``chime``: Update chime client to latest version
  * api-change:``cloudhsmv2``: Update cloudhsmv2 client to latest version
  * api-change:``codeguru-reviewer``: Update codeguru-reviewer client to latest version
  * api-change:``s3``: Update s3 client to latest version
  * api-change:``cognito-identity``: Update cognito-identity client to latest version
  * api-change:``connect``: Update connect client to latest version
- from version 1.19.22
  * api-change:``ce``: Update ce client to latest version
  * api-change:``lex-runtime``: Update lex-runtime client to latest version
  * api-change:``glue``: Update glue client to latest version
  * api-change:``lex-models``: Update lex-models client to latest version
  * api-change:``events``: Update events client to latest version
  * api-change:``autoscaling``: Update autoscaling client to latest version
  * api-change:``ds``: Update ds client to latest version
  * api-change:``kinesisanalyticsv2``: Update kinesisanalyticsv2 client to latest version
  * api-change:``redshift``: Update redshift client to latest version
  * api-change:``medialive``: Update medialive client to latest version
  * api-change:``lambda``: Update lambda client to latest version
- from version 1.19.21
  * api-change:``elasticache``: Update elasticache client to latest version
  * api-change:``cloudformation``: Update cloudformation client to latest version
  * api-change:``codebuild``: Update codebuild client to latest version
  * bugfix:Retry: Fix bug where retries were attempted on any response with an "/Error"/ key.
  * api-change:``ec2``: Update ec2 client to latest version
  * api-change:``s3control``: Update s3control client to latest version
  * api-change:``backup``: Update backup client to latest version
  * api-change:``outposts``: Update outposts client to latest version
- from version 1.19.20
  * api-change:``connect``: Update connect client to latest version
  * api-change:``chime``: Update chime client to latest version
  * api-change:``fms``: Update fms client to latest version
  * api-change:``network-firewall``: Update network-firewall client to latest version
  * api-change:``rds``: Update rds client to latest version
  * api-change:``macie2``: Update macie2 client to latest version
- from version 1.19.19
  * api-change:``sagemaker``: Update sagemaker client to latest version
  * api-change:``iotsitewise``: Update iotsitewise client to latest version
  * api-change:``dms``: Update dms client to latest version
  * api-change:``iotsecuretunneling``: Update iotsecuretunneling client to latest version
  * api-change:``sns``: Update sns client to latest version
  * api-change:``synthetics``: Update synthetics client to latest version
  * api-change:``servicecatalog``: Update servicecatalog client to latest version
  * api-change:``codepipeline``: Update codepipeline client to latest version
  * api-change:``quicksight``: Update quicksight client to latest version
- from version 1.19.18
  * api-change:``textract``: Update textract client to latest version
  * api-change:``shield``: Update shield client to latest version
  * api-change:``elbv2``: Update elbv2 client to latest version
- from version 1.19.17
  * api-change:``personalize-runtime``: Update personalize-runtime client to latest version
  * api-change:``servicecatalog-appregistry``: Update servicecatalog-appregistry client to latest version
  * api-change:``lex-models``: Update lex-models client to latest version
  * api-change:``polly``: Update polly client to latest version
  * api-change:``iot``: Update iot client to latest version
  * api-change:``robomaker``: Update robomaker client to latest version
  * api-change:``lightsail``: Update lightsail client to latest version
- from version 1.19.16
  * api-change:``mediaconvert``: Update mediaconvert client to latest version
  * api-change:``servicecatalog``: Update servicecatalog client to latest version
  * api-change:``databrew``: Update databrew client to latest version
  * api-change:``forecast``: Update forecast client to latest version
  * api-change:``amplify``: Update amplify client to latest version
  * api-change:``quicksight``: Update quicksight client to latest version
- from version 1.19.15
  * api-change:``ec2``: Update ec2 client to latest version
  * api-change:``elbv2``: Update elbv2 client to latest version
  * api-change:``autoscaling``: Update autoscaling client to latest version
  * api-change:``ssm``: Update ssm client to latest version
- from version 1.19.14
  * api-change:``dynamodb``: Update dynamodb client to latest version
  * api-change:``es``: Update es client to latest version
  * api-change:``fsx``: Update fsx client to latest version
  * api-change:``macie2``: Update macie2 client to latest version
  * api-change:``iotanalytics``: Update iotanalytics client to latest version
  * api-change:``s3``: Update s3 client to latest version
  * api-change:``storagegateway``: Update storagegateway client to latest version
  * api-change:``ssm``: Update ssm client to latest version
  * api-change:``ecs``: Update ecs client to latest version
  * api-change:``datasync``: Update datasync client to latest version
- from version 1.19.13
  * api-change:``ssm``: Update ssm client to latest version
  * api-change:``ec2``: Update ec2 client to latest version
  * api-change:``iotsitewise``: Update iotsitewise client to latest version
  * api-change:``medialive``: Update medialive client to latest version
  * api-change:``dlm``: Update dlm client to latest version
- from version 1.19.12
  * api-change:``frauddetector``: Update frauddetector client to latest version
  * api-change:``rds``: Update rds client to latest version
  * api-change:``kendra``: Update kendra client to latest version
  * api-change:``events``: Update events client to latest version
  * api-change:``dynamodb``: Update dynamodb client to latest version
  * api-change:``lambda``: Update lambda client to latest version
  * api-change:``es``: Update es client to latest version
  * api-change:``ec2``: Update ec2 client to latest version
  * api-change:``appmesh``: Update appmesh client to latest version
- from version 1.19.11
  * api-change:``cloudwatch``: Update cloudwatch client to latest version
  * api-change:``es``: Update es client to latest version
  * api-change:``xray``: Update xray client to latest version
  * api-change:``mq``: Update mq client to latest version
  * api-change:``iot``: Update iot client to latest version
  * api-change:``meteringmarketplace``: Update meteringmarketplace client to latest version
  * api-change:``autoscaling``: Update autoscaling client to latest version
  * api-change:``ec2``: Update ec2 client to latest version
  * api-change:``servicecatalog``: Update servicecatalog client to latest version
- from version 1.19.10
  * api-change:``ec2``: Update ec2 client to latest version
- from version 1.19.9
  * api-change:``medialive``: Update medialive client to latest version
  * api-change:``dms``: Update dms client to latest version
  * api-change:``macie2``: Update macie2 client to latest version
  * api-change:``imagebuilder``: Update imagebuilder client to latest version
  * api-change:``braket``: Update braket client to latest version
  * api-change:``sns``: Update sns client to latest version
  * api-change:``elasticache``: Update elasticache client to latest version
- from version 1.19.8
  * api-change:``elbv2``: Update elbv2 client to latest version
  * api-change:``codeartifact``: Update codeartifact client to latest version
  * api-change:``marketplacecommerceanalytics``: Update marketplacecommerceanalytics client to latest version
  * api-change:``apigateway``: Update apigateway client to latest version
  * api-change:``sesv2``: Update sesv2 client to latest version
  * api-change:``ec2``: Update ec2 client to latest version
  * api-change:``storagegateway``: Update storagegateway client to latest version
- from version 1.19.7
  * api-change:``ec2``: Update ec2 client to latest version
  * api-change:``iot``: Update iot client to latest version
  * api-change:``workmail``: Update workmail client to latest version
- from version 1.19.6
  * api-change:``glue``: Update glue client to latest version
- from version 1.19.5
  * api-change:``sagemaker``: Update sagemaker client to latest version
  * api-change:``neptune``: Update neptune client to latest version
  * api-change:``kendra``: Update kendra client to latest version
- from version 1.19.4
  * api-change:``mediatailor``: Update mediatailor client to latest version
  * api-change:``quicksight``: Update quicksight client to latest version
  * api-change:``macie2``: Update macie2 client to latest version
- from version 1.19.3
  * api-change:``servicecatalog``: Update servicecatalog client to latest version
  * api-change:``sns``: Update sns client to latest version
  * api-change:``accessanalyzer``: Update accessanalyzer client to latest version
  * api-change:``appflow``: Update appflow client to latest version
- from version 1.19.2
  * api-change:``organizations``: Update organizations client to latest version
  * api-change:``globalaccelerator``: Update globalaccelerator client to latest version
  * api-change:``kendra``: Update kendra client to latest version
  * api-change:``ec2``: Update ec2 client to latest version
  * api-change:``cloudfront``: Update cloudfront client to latest version
  * api-change:``glue``: Update glue client to latest version
- from version 1.19.1
  * api-change:``elasticbeanstalk``: Update elasticbeanstalk client to latest version
  * api-change:``appsync``: Update appsync client to latest version
  * api-change:``batch``: Update batch client to latest version
- from version 1.19.0
  * api-change:``backup``: Update backup client to latest version
  * api-change:``docdb``: Update docdb client to latest version
  * api-change:``cloudfront``: Update cloudfront client to latest version
  * api-change:``servicecatalog``: Update servicecatalog client to latest version
  * feature:imds: Updated InstanceMetadataFetcher to use custom ipv6 uri as endpoint if envvar or config set
  * api-change:``ssm``: Update ssm client to latest version
- from version 1.18.18
  * api-change:``medialive``: Update medialive client to latest version
  * api-change:``organizations``: Update organizations client to latest version
- from version 1.18.17
  * api-change:``transfer``: Update transfer client to latest version
  * api-change:``xray``: Update xray client to latest version
  * api-change:``dms``: Update dms client to latest version
  * api-change:``macie2``: Update macie2 client to latest version
  * api-change:``ssm``: Update ssm client to latest version
  * api-change:``groundstation``: Update groundstation client to latest version
  * api-change:``rekognition``: Update rekognition client to latest version
  * api-change:``ce``: Update ce client to latest version
  * api-change:``workspaces``: Update workspaces client to latest version
  * api-change:``glue``: Update glue client to latest version
  * api-change:``budgets``: Update budgets client to latest version
  * api-change:``accessanalyzer``: Update accessanalyzer client to latest version
  * api-change:``rds``: Update rds client to latest version
  * api-change:``workmail``: Update workmail client to latest version
  * api-change:``iot``: Update iot client to latest version
- from version 1.18.16
  * api-change:``snowball``: Update snowball client to latest version
  * api-change:``servicecatalog``: Update servicecatalog client to latest version
  * api-change:``eks``: Update eks client to latest version
  * api-change:``amplify``: Update amplify client to latest version
  * api-change:``medialive``: Update medialive client to latest version
- Update BuildRequires and Requires
- Only build Python3 flavors for distributions 15 and greater
- Version update to 1.18.15
  * api-change:``ec2``: Update ec2 client to latest version
  * api-change:``events``: Update events client to latest version
  * api-change:``sns``: Update sns client to latest version
  * api-change:``ce``: Update ce client to latest version
  * api-change:``sagemaker``: Update sagemaker client to latest version
  * api-change:``rds``: Update rds client to latest version
  * api-change:``rekognition``: Update rekognition client to latest version
- from version 1.18.14
  * api-change:``mediapackage``: Update mediapackage client to latest version
  * api-change:``ce``: Update ce client to latest version
  * api-change:``compute-optimizer``: Update compute-optimizer client to latest version
  * api-change:``elasticache``: Update elasticache client to latest version
- from version 1.18.13
  * api-change:``dms``: Update dms client to latest version
  * api-change:``kinesisanalyticsv2``: Update kinesisanalyticsv2 client to latest version
  * api-change:``marketplace-catalog``: Update marketplace-catalog client to latest version
  * api-change:``ec2``: Update ec2 client to latest version
- from version 1.18.12
  * api-change:``dynamodbstreams``: Update dynamodbstreams client to latest version
  * api-change:``sagemaker``: Update sagemaker client to latest version
  * api-change:``mediaconvert``: Update mediaconvert client to latest version
  * api-change:``dynamodb``: Update dynamodb client to latest version
  * api-change:``glue``: Update glue client to latest version
- from version 1.18.11
  * api-change:``batch``: Update batch client to latest version
  * api-change:``personalize-events``: Update personalize-events client to latest version
  * api-change:``rds``: Update rds client to latest version
  * api-change:``elbv2``: Update elbv2 client to latest version
  * api-change:``servicediscovery``: Update servicediscovery client to latest version
  * api-change:``s3``: Update s3 client to latest version
- from version 1.18.10
  * api-change:``glue``: Update glue client to latest version
  * api-change:``kafka``: Update kafka client to latest version
  * api-change:``appsync``: Update appsync client to latest version
  * api-change:``emr``: Update emr client to latest version
  * api-change:``wafv2``: Update wafv2 client to latest version
  * api-change:``quicksight``: Update quicksight client to latest version
- from version 1.18.9
  * api-change:``datasync``: Update datasync client to latest version
  * api-change:``s3control``: Update s3control client to latest version
  * api-change:``imagebuilder``: Update imagebuilder client to latest version
  * api-change:``securityhub``: Update securityhub client to latest version
  * api-change:``iot``: Update iot client to latest version
  * api-change:``emr``: Update emr client to latest version
  * api-change:``s3outposts``: Update s3outposts client to latest version
  * api-change:``application-autoscaling``: Update application-autoscaling client to latest version
  * api-change:``directconnect``: Update directconnect client to latest version
  * api-change:``s3``: Update s3 client to latest version
  * api-change:``mediaconnect``: Update mediaconnect client to latest version
  * api-change:``pinpoint``: Update pinpoint client to latest version
- from version 1.18.8
  * api-change:``timestream-write``: Update timestream-write client to latest version
  * api-change:``connect``: Update connect client to latest version
  * api-change:``ssm``: Update ssm client to latest version
  * api-change:``ec2``: Update ec2 client to latest version
  * api-change:``schemas``: Update schemas client to latest version
  * api-change:``timestream-query``: Update timestream-query client to latest version
- from version 1.18.7
  * api-change:``application-autoscaling``: Update application-autoscaling client to latest version
  * api-change:``rds``: Update rds client to latest version
- from version 1.18.6
  * api-change:``frauddetector``: Update frauddetector client to latest version
  * api-change:``config``: Update config client to latest version
  * api-change:``batch``: Update batch client to latest version
  * api-change:``docdb``: Update docdb client to latest version
  * api-change:``ec2``: Update ec2 client to latest version
  * api-change:``sts``: Update sts client to latest version
- from version 1.18.5
  * api-change:``transcribe``: Update transcribe client to latest version
  * api-change:``textract``: Update textract client to latest version
  * api-change:``amplify``: Update amplify client to latest version
  * api-change:``eks``: Update eks client to latest version
  * api-change:``savingsplans``: Update savingsplans client to latest version
  * api-change:``synthetics``: Update synthetics client to latest version
- from version 1.18.4
  * api-change:``translate``: Update translate client to latest version
  * api-change:``ce``: Update ce client to latest version
  * api-change:``quicksight``: Update quicksight client to latest version
  * api-change:``backup``: Update backup client to latest version
- from version 1.18.3
  * api-change:``comprehend``: Update comprehend client to latest version
  * api-change:``dynamodbstreams``: Update dynamodbstreams client to latest version
  * api-change:``workmail``: Update workmail client to latest version
  * api-change:``lex-models``: Update lex-models client to latest version
- from version 1.18.2
  * api-change:``glue``: Update glue client to latest version
  * api-change:``resourcegroupstaggingapi``: Update resourcegroupstaggingapi client to latest version
  * api-change:``iotsitewise``: Update iotsitewise client to latest version
  * api-change:``events``: Update events client to latest version
  * api-change:``resource-groups``: Update resource-groups client to latest version
  * api-change:``rds``: Update rds client to latest version
- from version 1.18.1
  * api-change:``medialive``: Update medialive client to latest version
  * api-change:``sso-admin``: Update sso-admin client to latest version
  * api-change:``codestar-connections``: Update codestar-connections client to latest version
- from version 1.18.0
  * api-change:``kendra``: Update kendra client to latest version
  * api-change:``cloudfront``: Update cloudfront client to latest version
  * api-change:``comprehend``: Update comprehend client to latest version
  * api-change:``apigateway``: Update apigateway client to latest version
  * api-change:``es``: Update es client to latest version
  * api-change:``apigatewayv2``: Update apigatewayv2 client to latest version
  * feature:dependency: botocore has removed docutils as a required dependency
- from version 1.17.63
  * api-change:``servicecatalog``: Update servicecatalog client to latest version
  * api-change:``dlm``: Update dlm client to latest version
  * api-change:``greengrass``: Update greengrass client to latest version
  * api-change:``connect``: Update connect client to latest version
  * api-change:``ssm``: Update ssm client to latest version
- from version 1.17.62
  * api-change:``transcribe``: Update transcribe client to latest version
  * api-change:``ec2``: Update ec2 client to latest version
  * api-change:``sagemaker``: Update sagemaker client to latest version
  * api-change:``medialive``: Update medialive client to latest version
  * api-change:``budgets``: Update budgets client to latest version
  * api-change:``kafka``: Update kafka client to latest version
  * api-change:``kendra``: Update kendra client to latest version
  * api-change:``organizations``: Update organizations client to latest version
- from version 1.17.61
  * api-change:``ec2``: Update ec2 client to latest version
  * api-change:``managedblockchain``: Update managedblockchain client to latest version
  * api-change:``stepfunctions``: Update stepfunctions client to latest version
  * api-change:``docdb``: Update docdb client to latest version
- from version 1.17.60
  * api-change:``workspaces``: Update workspaces client to latest version
- from version 1.17.59
  * api-change:``cloudfront``: Update cloudfront client to latest version
  * api-change:``ebs``: Update ebs client to latest version
  * api-change:``sso-admin``: Update sso-admin client to latest version
  * api-change:``s3``: Update s3 client to latest version
- from version 1.17.58
  * api-change:``kinesisanalyticsv2``: Update kinesisanalyticsv2 client to latest version
  * api-change:``glue``: Update glue client to latest version
  * api-change:``redshift-data``: Update redshift-data client to latest version
- from version 1.17.57
  * api-change:``lex-models``: Update lex-models client to latest version
  * api-change:``apigatewayv2``: Update apigatewayv2 client to latest version
  * api-change:``codebuild``: Update codebuild client to latest version
  * api-change:``quicksight``: Update quicksight client to latest version
  * api-change:``elbv2``: Update elbv2 client to latest version
- Drop patches no longer required
  * hide_py_pckgmgmt.patch
- Refresh patches for new version
  * remove_nose.patch
- Update BuildRequires and Requires from requirements.txt and setup.py
- Adjust remove_nose.patch to apply again
- Version update to 1.17.56
  * api-change:``workspaces``: Update workspaces client to latest version
  * api-change:``xray``: Update xray client to latest version
  * api-change:``ssm``: Update ssm client to latest version
- from version 1.17.55
  * api-change:``stepfunctions``: Update stepfunctions client to latest version
  * api-change:``guardduty``: Update guardduty client to latest version
  * api-change:``mediapackage``: Update mediapackage client to latest version
  * api-change:``kendra``: Update kendra client to latest version
- from version 1.17.54
  * api-change:``ec2``: Update ec2 client to latest version
  * api-change:``macie2``: Update macie2 client to latest version
- from version 1.17.53
  * api-change:``codeguru-reviewer``: Update codeguru-reviewer client to latest version
  * api-change:``securityhub``: Update securityhub client to latest version
- from version 1.17.52
  * api-change:``sqs``: Update sqs client to latest version
  * api-change:``backup``: Update backup client to latest version
  * api-change:``cloudfront``: Update cloudfront client to latest version
  * api-change:``ec2``: Update ec2 client to latest version
- from version 1.17.51
  * api-change:``cur``: Update cur client to latest version
  * api-change:``route53``: Update route53 client to latest version
  * api-change:``cloudfront``: Update cloudfront client to latest version
  * api-change:``emr``: Update emr client to latest version
- from version 1.17.50
  * api-change:``ec2``: Update ec2 client to latest version
  * api-change:``redshift``: Update redshift client to latest version
  * api-change:``gamelift``: Update gamelift client to latest version
  * api-change:``mediaconvert``: Update mediaconvert client to latest version
- from version 1.17.49
  * api-change:``appflow``: Update appflow client to latest version
  * api-change:``route53resolver``: Update route53resolver client to latest version
- from version 1.17.48
  * api-change:``iotsitewise``: Update iotsitewise client to latest version
  * api-change:``xray``: Update xray client to latest version
  * api-change:``ec2``: Update ec2 client to latest version
  * api-change:``logs``: Update logs client to latest version
  * api-change:``dms``: Update dms client to latest version
  * api-change:``ssm``: Update ssm client to latest version
  * api-change:``kafka``: Update kafka client to latest version
- from version 1.17.47
  * api-change:``chime``: Update chime client to latest version
  * api-change:``fsx``: Update fsx client to latest version
  * api-change:``apigatewayv2``: Update apigatewayv2 client to latest version
- from version 1.17.46
  * api-change:``lakeformation``: Update lakeformation client to latest version
  * api-change:``storagegateway``: Update storagegateway client to latest version
  * api-change:``ivs``: Update ivs client to latest version
  * api-change:``organizations``: Update organizations client to latest version
  * api-change:``servicecatalog``: Update servicecatalog client to latest version
- from version 1.17.45
  * api-change:``identitystore``: Update identitystore client to latest version
  * api-change:``codebuild``: Update codebuild client to latest version
  * api-change:``cognito-idp``: Update cognito-idp client to latest version
  * api-change:``datasync``: Update datasync client to latest version
  * api-change:``sesv2``: Update sesv2 client to latest version
  * api-change:``securityhub``: Update securityhub client to latest version
- from version 1.17.44
  * api-change:``elbv2``: Update elbv2 client to latest version
  * api-change:``quicksight``: Update quicksight client to latest version
  * api-change:``kinesis``: Update kinesis client to latest version
  * api-change:``ecr``: Update ecr client to latest version
  * api-change:``acm``: Update acm client to latest version
  * api-change:``robomaker``: Update robomaker client to latest version
  * api-change:``elb``: Update elb client to latest version
  * api-change:``acm-pca``: Update acm-pca client to latest version
- from version 1.17.43
  * api-change:``braket``: Update braket client to latest version
  * api-change:``ec2``: Update ec2 client to latest version
  * api-change:``license-manager``: Update license-manager client to latest version
  * api-change:``sagemaker``: Update sagemaker client to latest version
  * api-change:``appstream``: Update appstream client to latest version
- from version 1.17.42
  * api-change:``rds``: Update rds client to latest version
  * api-change:``eks``: Update eks client to latest version
  * api-change:``ec2``: Update ec2 client to latest version
  * api-change:``macie2``: Update macie2 client to latest version
  * api-change:``cognito-idp``: Update cognito-idp client to latest version
  * api-change:``appsync``: Update appsync client to latest version
  * api-change:``braket``: Update braket client to latest version
- from version 1.17.41
  * api-change:``transfer``: Update transfer client to latest version
  * api-change:``comprehend``: Update comprehend client to latest version
  * api-change:``ec2``: Update ec2 client to latest version
  * api-change:``fsx``: Update fsx client to latest version
  * api-change:``workspaces``: Update workspaces client to latest version
  * api-change:``lambda``: Update lambda client to latest version
  * api-change:``iot``: Update iot client to latest version
  * api-change:``cloud9``: Update cloud9 client to latest version
- Add remove_nose.patch which ports test suite from nose to
  pytest (mostly just plain unittest, I just don't know how to
  mark tests as slow). Filed upstream as gh#boto/botocore#2134.
python-cffi
- Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)
- update to version 1.11.5:
  * Issue #357: fix ffi.emit_python_code() which generated a buggy
    Python file if you are using a struct with an anonymous union
    field or vice-versa.
  * Windows: ffi.dlopen() should now handle unicode filenames.
  * ABI mode: implemented ffi.dlclose() for the in-line case (it used
    to be present only in the out-of-line case).
  * Fixed a corner case for setup.py install --record=xx --root=yy
    with an out-of-line ABI module. Also fixed Issue #345.
  * More hacks on Windows for running CFFI’s own setup.py.
  * Issue #358: in embedding, to protect against (the rare case of)
    Python initialization from several threads in parallel, we have to
    use a spin-lock. On CPython 3 it is worse because it might
    spin-lock for a long time (execution of Py_InitializeEx()). Sadly,
    recent changes to CPython make that solution needed on CPython 2
    too.
  * CPython 3 on Windows: we no longer compile with Py_LIMITED_API by
    default because such modules cannot be used with virtualenv. Issue
    [#350] mentions a workaround if you still want that and are not
    concerned about virtualenv: pass a
    define_macros=[("/Py_LIMITED_API"/, None)] to the
    ffibuilder.set_source() call.
- specfile:
  * delete patch cffi-loader.patch; included upstream
- update to version 1.11.4:
  * Windows: reverted linking with python3.dll, because virtualenv
    does not make this DLL available to virtual environments for
    now. See Issue #355. On Windows only, the C extension modules
    created by cffi follow for now the standard naming scheme
    foo.cp36-win32.pyd, to make it clear that they are regular CPython
    modules depending on python36.dll.
- changes from version 1.11.3:
  * Fix on CPython 3.x: reading the attributes __loader__ or __spec__
    from the cffi-generated lib modules gave a buggy
    SystemError. (These attributes are always None, and provided only
    to help compatibility with tools that expect them in all modules.)
  * More Windows fixes: workaround for MSVC not supporting large
    literal strings in C code (from
    ffi.embedding_init_code(large_string)); and an issue with
    Py_LIMITED_API linking with python35.dll/python36.dll instead of
    python3.dll.
  * Small documentation improvements.
python-colorama
- Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)
- Fix build on SLE-12
  + Set LANG to en_US.UTF8 in %build, %install and %check sections
- update to 0.4.4:
  * Fixes
- update to version 0.4.3
  * Several documentation & demo fixes.
- update to version 0.4.1:
  * Fix issue #196: prevent exponential number of calls when calling
    'init' multiple times. Reported by bbayles and fixed by Delgan.
- Switch to github tarball to get tests
- specfile:
  * update copyright year
  * move from tar.gz to zip on pypi
  * be more specific in %files section
  * remove devel from noarch
- update to version 0.4.0:
  * Fix issue #142: reset LIGHT_EX colors with RESET_ALL. Reported by
    Delgan
  * Fix issue #147: ignore invalid "/erase"/ ANSI codes. Reported by
    shin-
  * Fix issues #163 and #164: fix stream wrapping under
    PyCharm. Contributed by veleek and Delgan.
  * Thanks to jdufresne for various code cleanup and updates to
    documentation and project metadata.  (pull requests #171, #172,
    [#173], #174, #176, #177, #189, #190, #192)
  * #186: added contextlib magic methods to ansitowin32.StreamWrapper.
    Contributed by hoefling.
  * Fix issue #131: don't cache stdio handles, since they might be
    closed/changed by fd redirection. This fixes an issue with pytest.
    Contributed by segevfiner.
  * #146, #157: Drop support for EOL Python 2.5, 2.6, 3.1, 3.2 and
    3.3, and add 3.6. Thanks to hugovk.
python-cryptography
- Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)
- update to 2.8
  * Added support for Python 3.8.
  * Added class methods Poly1305.generate_tag and Poly1305.verify_tag for Poly1305 sign and verify operations.
  * Deprecated support for OpenSSL 1.0.1. Support will be removed in cryptography 2.9.
  * We now ship manylinux2010 wheels in addition to our manylinux1 wheels.
  * Added support for ed25519 and ed448 keys in the CertificateBuilder, CertificateSigningRequestBuilder, CertificateRevocationListBuilder and OCSPResponseBuilder.
  * cryptography no longer depends on asn1crypto.
  * FreshestCRL is now allowed as a CertificateRevocationList extension.
- Convert to single-spec (fate#324191, bsc#1065275)
- Run fdupes to hardlink duplicate files
  + Add fdupes to BuildRequires
  + Add %fdupes %{buildroot}/%{_prefix} to %install
- update to 2.7
  * BACKWARDS INCOMPATIBLE: Removed the cryptography.hazmat.primitives.mac.MACContext interface.
  The CMAC and HMAC APIs have not changed, but they are no longer registered
  as MACContext instances.
  * Removed support for running our tests with setup.py test.
  * Add support for :class:`~cryptography.hazmat.primitives.poly1305.Poly1305`
  when using OpenSSL 1.1.1 or newer.
  * Support serialization with Encoding.OpenSSH and PublicFormat.OpenSSH
  in :meth:`Ed25519PublicKey.public_bytes <cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey.public_bytes>` .
  * Correctly allow passing a SubjectKeyIdentifier to :meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`
  and deprecate passing an Extension object.
- Simplify the test execution to be more understandable
- update to 2.6.1:
  * BACKWARDS INCOMPATIBLE:
    Removedcryptography.hazmat.primitives.asymmetric.utils.encode_rfc6979_signature
    andcryptography.hazmat.primitives.asymmetric.utils.decode_rfc6979_signature,
    which had been deprecated for nearly 4 years. Use encode_dss_signature()
    and decode_dss_signature()instead.
  * BACKWARDS INCOMPATIBLE: Removed cryptography.x509.Certificate.serial, which
    had been deprecated for nearly 3 years. Use serial_number instead.
  * Updated Windows, macOS, and manylinux1 wheels to be compiled with
    OpenSSL 1.1.1b.
  * Added support for Ed448 signing when using OpenSSL 1.1.1b or newer.
  * Added support for Ed25519 signing when using OpenSSL 1.1.1b or newer.
  * load_ssh_public_key() can now load ed25519 public keys.
  * Add support for easily mapping an object identifier to its elliptic curve
    class viaget_curve_for_oid().
  * Add support for OpenSSL when compiled with the no-engine
    (OPENSSL_NO_ENGINE) flag.
- Dependency on python-idna changed to "/Recommends"/ aligned with
  change in upstream source (see below)
- update to 2.5:
  * BACKWARDS INCOMPATIBLE: U-label strings were deprecated in version 2.1,
    but this version removes the default idna dependency as well. If you still
    need this deprecated path please install cryptography with the idna extra:
    pip install cryptography[idna].
  * BACKWARDS INCOMPATIBLE: The minimum supported PyPy version is now 5.4.
  * Numerous classes and functions have been updated to allow bytes-like
    types for keying material and passwords, including symmetric algorithms,
    AEAD ciphers, KDFs, loading asymmetric keys, and one time password classes.
  * Updated Windows, macOS, and manylinux1 wheels to be compiled with OpenSSL 1.1.1a.
  * Added support for SHA512_224 and SHA512_256 when using OpenSSL 1.1.1.
  * Added support for SHA3_224, SHA3_256, SHA3_384, and SHA3_512 when using OpenSSL 1.1.1.
  * Added support for X448 key exchange when using OpenSSL 1.1.1.
  * Added support for SHAKE128 and SHAKE256 when using OpenSSL 1.1.1.
  * Added initial support for parsing PKCS12 files with load_key_and_certificates().
  * Added support for IssuingDistributionPoint.
  * Added rfc4514_string() method to x509.Name,
    x509.RelativeDistinguishedName, and x509.NameAttribute to format the name
    or component an RFC 4514 Distinguished Name string.
  * Added from_encoded_point(), which immediately checks if the point is on
    the curve and supports compressed points. Deprecated the previous method
    from_encoded_point().
  * Added signature_hash_algorithm to OCSPResponse.
  * Updated X25519 key exchange support to allow additional serialization
    methods. Calling public_bytes() with no arguments has been deprecated.
  * Added support for encoding compressed and uncompressed points via
    public_bytes(). Deprecated the previous method encode_point().
- Update to version 2.4.2:
  * Updated Windows, macOS, and manylinux1 wheels to be compiled
    with OpenSSL 1.1.0j.
- Update to 2.4.1:
  * Dropped support for LibreSSL 2.4.x.
  * Deprecated OpenSSL 1.0.1 support. OpenSSL 1.0.1 is no
    longer supported by the OpenSSL project. At this time there
    is no time table for dropping support, however we strongly
    encourage all users to upgrade or install cryptography from
    a wheel.
  * Added initial :doc:`OCSP </x509/ocsp>` support.
  * Added support for cryptography.x509.PrecertPoison.
- Fix fdupes call
- Update to 2.3.1:
  * updated tests for upstream wycheproof changes
  * many other tiny test tweaks
- update to 2.3:
  * SECURITY ISSUE: finalize_with_tag() allowed tag truncation by default
    which can allow tag forgery in some cases. The method now enforces the
    min_tag_length provided to the GCM constructor.
  * Added support for Python 3.7.
  * Added extract_timestamp() to get the authenticated timestamp of a Fernet token.
  * Support for Python 2.7.x without hmac.compare_digest has been deprecated.
    We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next
    cryptography release.
  * Fixed multiple issues preventing cryptography from compiling
    against LibreSSL 2.7.x.
  * Added get_revoked_certificate_by_serial_number for quick
    serial number searches in CRLs.
  * The RelativeDistinguishedName class now preserves the order of attributes.
    Duplicate attributes now raise an error instead of silently discarding duplicates.
  * aes_key_unwrap() and aes_key_unwrap_with_padding() now raise InvalidUnwrap
    if the wrapped key is an invalid length, instead of ValueError.
- update to 2.2.2
  * fix build on some systems with openssl 1.1.0h
- Cleanup with spec-cleaner
- Use %setup to unpack all archives do not rely on tar calls
- Update to upstream release 2.2.1:
  * Reverted a change to GeneralNames which prohibited having zero elements,
    due to breakages.
  * Fixed a bug in
    :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding`
    that caused it to raise InvalidUnwrap when key length modulo 8 was zero.
  * BACKWARDS INCOMPATIBLE: Support for Python 2.6 has been dropped.
  * Resolved a bug in HKDF that incorrectly constrained output size.
  * Added
    :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP256R1`,
    :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP384R1`, and
    :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP512R1` to
    support inter-operating with systems like German smart meters.
  * Added token rotation support to :doc:`Fernet </fernet>` with
    :meth:`~cryptography.fernet.MultiFernet.rotate`.
  * Fixed a memory leak in
    :func:`~cryptography.hazmat.primitives.asymmetric.ec.derive_private_key`.
  * Added support for AES key wrapping with padding via
    :func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap_with_padding` and
    :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding` .
  * Allow loading DSA keys with 224 bit q.
- fix deps for hypothesis, pytest
- Fix previous change and explicitly require python2 instead of
  python because python itself is also provided by python3.
  This fixes:
  ImportError: No module named _ssl
  when using python-cryptography in a python2 build environment
- Fix the previous change to not pull in py2 on py3 enviroment
- fix requires on python ssl once more after the last change
- build python3 subpackage (FATE#324435, bsc#1073879)
python-py-doc
- CVE-2020-29651.patch (bsc#1179805, CVE-2020-29651, bsc#1184505)
  * python-py: regular expression denial of service in svnwc.py
python-requests
- Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)
- Fix build on SLE-12
  + Add python to BuildRequires for suse_version < 1500
- remove patch pr_5251-pytest5.patch, not needed anymore.
- update to version 2.24.0:
  - pyOpenSSL TLS implementation is now only used if Python
  either doesn't have an `ssl` module or doesn't support
  SNI. Previously pyOpenSSL was unconditionally used if available.
  This applies even if pyOpenSSL is installed via the
  `requests[security]` extra (#5443)
  - Redirect resolution should now only occur when
  `allow_redirects` is True. (#5492)
  - No longer perform unnecessary Content-Length calculation for
  requests that won't use it. (#5496)
- update to 2.23.0
- dropped merged_pr_5049.patch
- refreshed requests-no-hardcoded-version.patch
  * Remove defunct reference to prefetch in Session __attrs__
  * Requests no longer outputs password in basic auth usage warning
- Remove python-urllib3, python-certifi and ca-certificates from
  main package BuildRequires, not required for building.
- Do not require full python, (implicit) python-base is sufficient.
- Add two patches only updating test logic to remove pytest 3 pin
  - merged_pr_5049.patch
  - pr_5251-pytest5.patch
- Hardcode pytest 3.x series as upstream even in git does not work
  with newer versions (they pinned the release)
- Update to 2.22.0:
  * Requests now supports urllib3 v1.25.2. (note: 1.25.0 and 1.25.1 are incompatible)
- Rebase requests-no-hardcoded-version.patch
- Do not hardcode version requirements in setup.py allowing us to
  update and verify functionality on our own:
  * requests-no-hardcoded-version.patch
- Skip one more test that is flaky
- Do not depend on python-py
- Update few of the requirements
- update to version 2.21.0:
  * Requests now supports idna v2.8.
- Support older Red Hat platforms that don't offer "/Recommends:"/
- Move name ahead of version in spec file to resolve build issues
  on older distributions
- fdupe more thoroughly.
- update to version 2.20.1:
  * Bugfixes
    + Fixed bug with unintended Authorization header stripping for
    redirects using default ports (http/80, https/443).
python-rsa
- Add cve_2020-13757.patch (CVE-2020-13757 bsc#1172389)
  + Handle leading '0' bytes during decryption of ciphertext
python-six
- Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)
- Fix testsuite on SLE-12
  + Add python to BuildRequires for suse_version < 1500
- Include in SLE-12 (FATE#326838, bsc#1113302)
- build python3 subpackage (FATE#324435, bsc#1073879)
- Submit 1.9.0 to SLE-12 (fate#319030, fate#318838, bsc#940812)
- sanitize release line in specfile
python-urllib3
- Add %dir declaration for %{_licensedir}
- Add CVE-2021-33503.patch (bsc#1187045, CVE-2021-33503)
  * Improve performance of sub-authority splitting in URL
- Update in SLE-12 (bsc#1182421, jsc#ECO-3352, jsc#PM-2485)
- Enable python2 builds
- Re-add file permissions in %file section
- Undo python2/3 split in %install section
- Skip test for RECENT_DATE. It is a test purely for developers.
  To maintain reproducibility, keep upstreams possibly outdated
  RECENT_DATE in the source code.
- Add CI variable, which makes timeouts in the test suite longer
  (gh#urllib3/urllib3#2109, bsc#1176389) and
  test_timeout_errors_cause_retries should not fail.
- Add urllib3-cve-2020-26137.patch. Don't allow control chars in request
  method. (bsc#1177120, CVE-2020-26137)
- Generate pyc for ssl_match_hostname too
- update to 1.25.10:
  * Added support for ``SSLKEYLOGFILE`` environment variable for
    logging TLS session keys with use with programs like
    Wireshark for decrypting captured web traffic (Pull #1867)
  * Fixed loading of SecureTransport libraries on macOS Big Sur
    due to the new dynamic linker cache (Pull #1905)
  * Collapse chunked request bodies data and framing into one
  call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull #1906)
  * Don't insert ``None`` into ``ConnectionPool`` if the pool
    was empty when requesting a connection (Pull #1866)
  * Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull #1858)
- update to 1.25.9 (bsc#1177120, CVE-2020-26137):
  * Added ``InvalidProxyConfigurationWarning`` which is raised when
    erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently
    support connecting to HTTPS proxies but will soon be able to
    and we would like users to migrate properly without much breakage.
  * Drain connection after ``PoolManager`` redirect (Pull #1817)
  * Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull #1812)
  * Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull #1805)
  * Allow the CA certificate data to be passed as a string (Pull #1804)
  * Raise ``ValueError`` if method contains control characters (Pull #1800)
  * Add ``__repr__`` to ``Timeout`` (Pull #1795)
- Explicitly switch off building python 2 version.
- update to 1.25.8
  * Drop support for EOL Python 3.4
  * Optimize _encode_invalid_chars
  * Preserve chunked parameter on retries
  * Allow unset SERVER_SOFTWARE in App Engine
  * Fix issue where URL fragment was sent within the request target.
  * Fix issue where an empty query section in a URL would fail to parse.
  * Remove TLS 1.3 support in SecureTransport due to Apple removing support.
- Require a new enough release of python-six. 1.25.6 needs at least
  1.12.0 for ensure_text() and friends.
- Updae to 1.25.6:
  * Fix issue where tilde (~) characters were incorrectly percent-encoded in the path. (Pull #1692)
- Restrict the tornado dep from tom to 5 or older release as the
  6.x changed the API
- Update to 1.25.5:
  * Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which caused certificate verification to be enabled when using cert_reqs=CERT_NONE. (Issue #1682)
  * Propagate Retry-After header settings to subsequent retries. (Pull #1607)
  * Fix edge case where Retry-After header was still respected even when explicitly opted out of. (Pull #1607)
  * Remove dependency on rfc3986 for URL parsing.
  * Fix issue where URLs containing invalid characters within Url.auth would raise an exception instead of percent-encoding those characters.
  * Add support for HTTPResponse.auto_close = False which makes HTTP responses work well with BufferedReaders and other io module features. (Pull #1652)
  * Percent-encode invalid characters in URL for HTTPConnectionPool.request() (Pull #1673)
- Drop patch urllib3-ssl-default-context.patch
- Drop patch python-urllib3-recent-date.patch the date is recent
  enough on its own
- Use have/skip_python2/3 macros to allow building only one flavour
- Add urllib3-remove-authorization-header-when-redirecting-cross-host.patch
  Remove Authorization header when redirecting cross-host
  (gh#urllib3/urllib3#1316,boo#1119376,CVE-2018-20060)
- Use old pytest 3.x as newer do not work with this release
  * this will be fixed with next release, just spread among
    numerous fixes in the git for quick backporting
- Fixup pre script: the migration issue happens when changing from
  python-urllib3 to python2-urllib3: the number of installed
  instances of python2-urlliib3 is at this moment 1, unlike in
  regular updates. This is due to a name change, which consists not
  of a pure package update.
- Provides/Obsoletes does not fix the issue: we have a
  directory-to-symlink switch, which cannot be handled by RPM
  internally. Assist using pre script (boo#1138715).
- Fix Upgrade from Leap 42.1/42.2 by adding Obsoletes/Provides:
  python-urllib3, fixes boo#1138746
- Skip test_source_address_error as we raise different error with
  fixes that we provide in new python2/3
- Add more test to skip as with new openssl some behaviour changed
  and we can't rely on them anymore
- Unbundle the six, rfc3986, and backports.ssl_match_hostname
- Add missing dependency on python-six (bsc#1150895)
- Update to 1.25.3:
  * Change HTTPSConnection to load system CA certificates when ca_certs, ca_cert_dir, and ssl_context are unspecified. (Pull #1608, Issue #1603)
  * Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605)
- Update to 1.25.2:
  * Change is_ipaddress to not detect IPvFuture addresses. (Pull #1583)
  * Change parse_url to percent-encode invalid characters within the path, query, and target components. (Pull #1586)
  * Add support for Google's Brotli package. (Pull #1572, Pull #1579)
  * Upgrade bundled rfc3986 to v1.3.1 (Pull #1578)
- Require all the deps from the secure list rather than Recommend.
  This makes the check to be run always and ensure the urls are
  "/secure"/.
- Remove ndg-httpsclient as it is not needed since 2015
- Add missing dependency on brotlipy
- Fix the tests to pass again
- update to 1.25 (bsc#1132663, bsc#1129071, CVE-2019-9740, CVE-2019-11236):
  * Require and validate certificates by default when using HTTPS
  * Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant.
  * Added support for ``key_password`` for ``HTTPSConnectionPool`` to use
    encrypted ``key_file`` without creating your own ``SSLContext`` object.
  * Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext``
    implementations. (Pull #1496)
  * Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft.
  * Fixed issue where OpenSSL would block if an encrypted client private key was
    given and no password was given. Instead an ``SSLError`` is raised.
  * Added support for Brotli content encoding. It is enabled automatically if
  ``brotlipy`` package is installed which can be requested with
  ``urllib3[brotli]`` extra.
  * Drop ciphers using DSS key exchange from default TLS cipher suites.
    Improve default ciphers when using SecureTransport.
  * Implemented a more efficient ``HTTPResponse.__iter__()`` method.
- Drop urllib3-test-ssl-drop-sslv3.patch . No longer needed
- Update to 1.24.2 (bsc#1132900, CVE-2019-11324):
  - Implemented a more efficient HTTPResponse.__iter__() method.
    (Issue #1483)
  - Upgraded urllib3.utils.parse_url() to be RFC 3986 compliant.
    (Pull #1487)
  - Remove Authorization header regardless of case when
    redirecting to cross-site. (Issue #1510)
  - Added support for key_password for HTTPSConnectionPool to use
    encrypted key_file without creating your own SSLContext
    object. (Pull #1489)
  - Fixed issue where OpenSSL would block if an encrypted client
    private key was given and no password was given. Instead an
    SSLError is raised. (Pull #1489)
  - Require and validate certificates by default when using HTTPS
    (Pull #1507)
  - Added support for Brotli content encoding. It is enabled
    automatically if brotlipy package is installed which can be
    requested with urllib3[brotli] extra. (Pull #1532)
  - Add TLSv1.3 support to CPython, pyOpenSSL, and
    SecureTransport SSLContext implementations. (Pull #1496)
  - Drop ciphers using DSS key exchange from default TLS cipher
    suites. Improve default ciphers when using SecureTransport.
    (Pull #1496)
  - Add support for IPv6 addresses in subjectAltName section of
    certificates. (Issue #1269)
  - Switched the default multipart header encoder from RFC 2231
    to HTML 5 working draft. (Issue #303, PR #1492)
- Update to 1.24.1:
  * Remove quadratic behavior within GzipDecoder.decompress()
    (Issue #1467)
  * Restored functionality of ciphers parameter for
    create_urllib3_context(). (Issue #1462)
- Update to 1.24:
  * Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull #1449)
  * Test against Python 3.7 on AppVeyor. (Pull #1453)
  * Early-out ipv6 checks when running on App Engine. (Pull #1450)
  * Change ambiguous description of backoff_factor (Pull #1436)
  * Add ability to handle multiple Content-Encodings (Issue #1441 and Pull #1442)
  * Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue #1405).
  * Add a server_hostname parameter to HTTPSConnection which allows for overriding the SNI hostname sent in the handshake. (Pull #1397)
  * Drop support for EOL Python 2.6 (Pull #1429 and Pull #1430)
  * Fixed bug where responses with header Content-Type: message/* erroneously raised HeaderParsingError, resulting in a warning being logged. (Pull #1439)
  * Move urllib3 to src/urllib3 (Pull #1409)
- Drop patch 1414.patch merged upstream
- Refresh patches:
  * python-urllib3-recent-date.patch
  * urllib3-ssl-default-context.patch
- Switch to multibuild to minize requirements for providing
  urllib3 module.
- fix dependency again for passing tests for python 2.x
- Do not use ifpython2 for BRs where it does not work
- add python-ipaddress dependency for python 2.x
- Drop not needed devel and nose deps
- update to 1.23
- add 1414.patch - fix tests with new tornado
- refresh python-urllib3-recent-date.patch
- drop urllib3-test-no-coverage.patch
  * Allow providing a list of headers to strip from requests when redirecting
  to a different host. Defaults to the Authorization header. Different
  headers can be set via Retry.remove_headers_on_redirect.
  * Fix util.selectors._fileobj_to_fd to accept long
  * Dropped Python 3.3 support.
  * Put the connection back in the pool when calling stream()
  or read_chunked() on a chunked HEAD response.
  * Fixed pyOpenSSL-specific ssl client authentication issue when clients
  attempted to auth via certificate + chain
  * Add the port to the connectionpool connect print
  * Don't use the uuid module to create multipart data boundaries.
  * read_chunked() on a closed response returns no chunks.
  * Add Python 2.6 support to contrib.securetransport
  * Added support for auth info in url for SOCKS proxy
python3
- Add CVE-2021-3733-ReDoS-urllib-AbstractBasicAuthHandler.patch
  fixing ReDoS in urllib AbstractBasicAuthHandler (bsc#1189287,
  CVE-2021-3733, bpo#43075)
- Add CVE-2021-3737-infinite-loop-on-100-Continue.patch fixing bpo-44022
  (bsc#1189241, CVE-2021-3737): http.client now avoids infinitely
  reading potential HTTP headers after a 100 Continue status response
  from the server.
- Reorder and better documented patches related to bpo#30458 (also, for
  rechecking solution for bsc#1129071).
- Refresh patches:
  - CVE-2019-10160-netloc-port-regression.patch
  - CVE-2019-18348-CRLF_injection_via_host_part.patch
  - CVE-2019-9947-no-ctrl-char-http.patch
  - CVE-2020-8492-urllib-ReDoS.patch
  - Python-3.3.0b2-multilib.patch
  - python-3.6-CVE-2017-18207.patch
  - python3-urllib-prefer-lowercase-proxies.patch
  - subprocess-raise-timeout.patch
- Modify Lib/ensurepip/__init__.py to contain the same version
  numbers as are in reality the ones in the bundled wheels
  (bsc#1187668).
- Add CVE-2020-27619-no-eval-http-content.patch fixing
  CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support
  calls eval() on content retrieved via HTTP.
- Make sure to close the import_failed.map file after the exception
  has been raised in order to avoid ResourceWarnings when the
  failing import is part of a try...except block.
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
  use of semicolon as a query string separator (bpo#42967,
  bsc#1182379, CVE-2021-23336).
python3-PyYAML
- Add pyyaml.CVE-2020-14343.patch (bsc#1174514 CVE-2020-14343)
  Prevents arbitrary code execution during python/object/* constructors
  This patch contains the upstream git commit a001f27 from the 5.4 release.
- Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)
- update to 5.3.1
  * fixes boo#1165439 (cve-2020-1747) Prevents arbitrary code execution
  during python/object/new constructor
- update to 5.3
  * Use `is` instead of equality for comparing with `None`
  * fix typos and stylistic nit
  * Fix up small typo
  * Fix handling of __slots__
  * Allow calling add_multi_constructor with None
  * Add use of safe_load() function in README
  * Fix reader for Unicode code points over 0xFFFF
  * Enable certain unicode tests when maxunicode not > 0xffff
  * Use full_load in yaml-highlight example
  * Document that PyYAML is implemented with Cython
  * Fix for Python 3.10
  * increase size of index, line, and column fields
  * remove some unused imports
  * Create timezone-aware datetimes when parsed as such
  * Add tests for timezone
- update to 5.2
  * A more flexible fix for custom tag constructors
  * Change default loader for yaml.add_constructor
  * Change default loader for add_implicit_resolver, add_path_resolver
  * Move constructor for object/apply to UnsafeConstructor
  * Fix logic for quoting special characters
python3-base
- Add CVE-2021-3733-ReDoS-urllib-AbstractBasicAuthHandler.patch
  fixing ReDoS in urllib AbstractBasicAuthHandler (bsc#1189287,
  CVE-2021-3733, bpo#43075)
- Add CVE-2021-3737-infinite-loop-on-100-Continue.patch fixing bpo-44022
  (bsc#1189241, CVE-2021-3737): http.client now avoids infinitely
  reading potential HTTP headers after a 100 Continue status response
  from the server.
- Reorder and better documented patches related to bpo#30458 (also, for
  rechecking solution for bsc#1129071).
- Refresh patches:
  - CVE-2019-10160-netloc-port-regression.patch
  - CVE-2019-18348-CRLF_injection_via_host_part.patch
  - CVE-2019-9947-no-ctrl-char-http.patch
  - CVE-2020-8492-urllib-ReDoS.patch
  - Python-3.3.0b2-multilib.patch
  - python-3.6-CVE-2017-18207.patch
  - python3-urllib-prefer-lowercase-proxies.patch
  - subprocess-raise-timeout.patch
- Modify Lib/ensurepip/__init__.py to contain the same version
  numbers as are in reality the ones in the bundled wheels
  (bsc#1187668).
- Add CVE-2020-27619-no-eval-http-content.patch fixing
  CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support
  calls eval() on content retrieved via HTTP.
- Make sure to close the import_failed.map file after the exception
  has been raised in order to avoid ResourceWarnings when the
  failing import is part of a try...except block.
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
  use of semicolon as a query string separator (bpo#42967,
  bsc#1182379, CVE-2021-23336).
release-notes-sles
- 12.4.20211208 (tracked in bsc#933411)
- Added note about unprivileged eBPF (jsc#DOCTEAM-433)
- Added note about nested VMX (jsc#SLE-11270)
- 12.4.20210421 (tracked in bsc#1185080)
- Set lifecycle to unmaintained
- Added note about enabling NFSv4.2 (jsc#SLE-7040)
- Added note about adding librdkafka (jsc#DOCTEAM-53)
- Added note about updated Xorg Server (jsc#SLE-11159)
- Added note about git 2.26.2 (jsc#SLE-11177)
- Added note about Salt 3000 update (jsc#SLE-12830)
- Added note about new kernel-firmware package (bsc#1143465)
- Updated note about LibreOffice version (jsc#SLE-11176)
rsync
- Fix a segmentation fault in iconv [bsc#1188258]
  * Add rsync-iconv-segfault.patch
rsyslog
- fix memory leak when internal messages not processed internally
  (bsc#1190483)
  * add 0001-core-bugfix-memory-leak-when-internal-messages-not-p.patch
- fix memory leak in omfile (bsc#1189737)
  * add 0001-omfile-bugfix-file-handle-leak.patch
- fix SIGSEV/SIGABRT in da-queue when using libfastjson (bsc#1187590)
  * add 0001-Fix-race-condition-related-to-libfastjson-when-using.patch
-  fix race in async writer (bsc#1179089)
  * add 0001-omfile-bugfix-race-file-when-async-writing-is-enable.patch
ruby2
Add patches to fix the following CVE's:
  - CVE-2021-32066.patch (CVE-2021-32066): Fix StartTLS stripping
    vulnerability in Net:IMAP (bsc#1188160)
  - CVE-2021-31810.patch (CVE-2021-31810): Fix trusting FTP PASV
    responses vulnerability in  Net:FTP (bsc#1188161)
  - CVE-2020-25613.patch (CVE-2020-25613): Fix potential HTTP request
    smuggling in WEBrick (bsc#1177125)
  - CVE-2021-31799.patch (CVE-2021-31799): Fix Command injection
    vulnerability in RDoc (bsc#1190375)
salt
- Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103)
- Remove wrong _parse_cpe_name from grains.core
- Prevent tracebacks if directory for cookie is missing
- Fix file.find tracebacks with non utf8 file names (bsc#1190114)
- Added:
  * fix-file.find-tracebacks-with-non-utf8-file-names-bs.patch
  * remove-wrong-_parse_cpe_name-from-grains.core-453.patch
  * prevent-tracebacks-if-directory-for-cookie-is-missin.patch
- Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412)
- Added:
  * fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch
- Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446)
- Fix traceback.*_exc() calls
- Added:
  * fix-traceback.-_exc-calls-430.patch
  * 3000-do-not-consider-skipped-targets-as-failed-for-a.patch
- Fix the regression of docker_container state module (bsc#1191285)
- Added:
  * fix-the-regression-brought-in-with-pr-402-421.patch
- Support querying for JSON data in external sql pillar
- Added:
  * 3000-postgresql-json-support-in-pillar-426.patch
- Exclude the full path of a download URL to prevent injection of
  malicious code (bsc#1190265) (CVE-2021-21996)
- Added:
  * exclude-the-full-path-of-a-download-url-to-prevent-i.patch
- Fix wrong relative paths resolution with Jinja renderer when importing subdirectories
- Added:
  * templates-move-the-globals-up-to-the-environment-jin.patch
- Fix python-MarkupSafe dependency (bsc#1189043)
- Add missing aarch64 to rpm package architectures
- Consolidate some state requisites (bsc#1188641)
- Added:
  * consolidate-some-state-requisites-55974-bsc-1188641-.patch
  * add-missing-aarch64-to-rpm-package-architectures-406.patch
- Fix failing unit test for systemd
- Fix error handling in openscap module (bsc#1188647)
- Better handling of bad public keys from minions (bsc#1189040)
- Added:
  * fix-error-handling-in-openscap-module-bsc-1188647-41.patch
  * fix-failing-unit-tests-for-systemd.patch
  * better-handling-of-bad-public-keys-from-minions-bsc-.patch
- Define license macro as doc in spec file if not existing
- Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327)
- Do noop for services states when running systemd in offline mode (bsc#1187787)
- transactional_updates: do not execute states in parallel but use a queue (bsc#1188170)
- Added:
  * do-noop-for-services-states-when-running-systemd-in-.patch
- Handle "/master tops"/ data when states are applied by "/transactional_update"/ (bsc#1187787)
- Enhance openscap module: add "/xccdf_eval"/ call
- Added:
  * enhance-openscap-module-add-xccdf_eval-call-396.patch
  * handle-master-tops-data-when-states-are-applied-by-t.patch
- virt: pass emulator when getting domain capabilities from libvirt
- Implementation of held/unheld functions for state pkg (bsc#1187813)
- Added:
  * implementation-of-held-unheld-functions-for-state-pk.patch
  * virt-pass-emulator-when-getting-domain-capabilities-.patch
- Fix exception in yumpkg.remove for not installed package
- Fix save for iptables state module (bsc#1185131)
- Added:
  * fix-exception-in-yumpkg.remove-for-not-installed-pac.patch
  * fix-save-for-iptables-state-module-bsc-1185131-370.patch
- virt: use /dev/kvm to detect KVM
- Added:
  * virt-use-dev-kvm-to-detect-kvm-384.patch
- zypperpkg: improve logic for handling vendorchange flags
- Added:
  * move-vendor-change-logic-to-zypper-class-355.patch
- Add bundled provides for tornado to the spec file
- Enhance logging when inotify beacon is missing pyinotify (bsc#1186310)
- Add "/python3-pyinotify"/ as a recommended package for Salt in SUSE/openSUSE distros
- Added:
  * enhance-logging-when-inotify-beacon-is-missing-pyino.patch
- Check if dpkgnotify is executable (bsc#1186674)
- Added:
  * check-if-dpkgnotify-is-executable-bsc-1186674-365.patch
- Detect Python version to use inside container (bsc#1167586) (bsc#1164192)
- Handle volumes on stopped pools in virt.vm_info (bsc#1186287)
- Added:
  * handle-volumes-on-stopped-pools-in-virt.vm_info-374.patch
  * figure-out-python-interpreter-to-use-inside-containe.patch
- grains.extra: support old non-intel kernels (bsc#1180650)
- Fix missing minion returns in batch mode (bsc#1184659)
- Added:
  * grains.extra-support-old-non-x86-kernels-bsc-1180650.patch
  * fix-missing-minion-returns-in-batch-mode-360.patch
- Parsing Epoch out of version provided during pkg remove (bsc#1173692)
- Added:
  * parsing-epoch-out-of-version-provided-during-pkg-rem.patch
- Fix issue parsing errors in ansiblegate state module
- Added:
  * fix-issue-parsing-errors-in-ansiblegate-state-module.patch
- Prevent command injection in the snapper module (bsc#1185281) (CVE-2021-31607)
- transactional_update: detect recursion in the executor
- Add subpackage salt-transactional-update
- Remove duplicate directories from specfile
- Added:
  * transactional_update-detect-recursion-in-the-executo.patch
  * prevent-command-injection-in-the-snapper-module-bsc-.patch
- Improvements on "/ansiblegate"/ module (bsc#1185092):
  * New methods: ansible.targets / ansible.discover_playbooks
  * General bugfixes
- Added:
  * improvements-on-ansiblegate-module-354.patch
- Add support for Alibaba Cloud Linux 2 (Aliyun Linux)
- Regression fix of salt-ssh on processing targets
- Added:
  * add-alibaba-cloud-linux-2-to-salt-3000-branch-351.patch
  * regression-fix-of-salt-ssh-on-processing-targets-353.patch
- Update target fix for salt-ssh and avoiding race condition
  on salt-ssh event processing (bsc#1179831, bsc#1182281)
- Added:
  * update-target-fix-for-salt-ssh-and-avoiding-race-con.patch
- Add notify beacon for Debian/Ubuntu systems
- Added:
  * notify-beacon-for-debian-ubuntu-systems-347.patch
- Fix zmq bug that causes salt-call to freeze (bsc#1181368)
- Added:
  * fix-zmq-hang-backport-of-saltstack-salt-58364.patch
- Add core grains support for AlmaLinux
- Added:
  * add-almalinux-to-the-os-family-list-340.patch
- Allow vendor change option with zypper
- Added:
  * allow-vendor-change-option-with-zypper-313.patch
- virt: virtual network backports to Salt 3000
- Added:
  * opensuse-3000-virtual-network-backports-329.patch
- Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474)
- Added:
  * do-not-monkey-patch-yaml-bsc-1177474.patch
- Only require python-certifi for CentOS7
- Fix race conditions for corner cases when handling SIGTERM by minion (bsc#1172110)
- Added:
  * prevent-race-condition-on-sigterm-for-the-minion-bsc.patch
- Rename patch file
- Renamed:
  * fix_regression_in_cmd_run_after_cve.patch -> fix-regression-on-cmd.run-when-passing-tuples-as-cmd.patch
- Implementation of suse_ip execution module to prevent issues with network.managed (bsc#1099976)
- Fix recursion false detection in payload (bsc#1180101)
- Add sleep on exception handling on minion connection attempt to the master (bsc#1174855)
- Allows for the VMware provider to handle CPU and memory hot-add in newer versions of the software. (bsc#1181347)
- Always require python-certifi (used by salt.ext.tornado)
- Exclude SLE 12 from requiring python-certifi
- Added:
  * fixes-56144-to-enable-hotadd-profile-support.patch
  * fix-recursion-false-detectioni-in-payload-305.patch
  * add-sleep-on-exception-handling-minion-connecting-to.patch
  * implementation-of-suse_ip-execution-module-bsc-10999.patch
- Do not crash when unexpected cmd output at listing patches (bsc#1181290)
- Added:
  * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch
- Fix behavior for "/onlyif/unless"/ when multiple conditions (bsc#1180818)
- Added:
  * fix-onlyif-unless-when-multiple-conditions-bsc-11808.patch
- Master can read grains (bsc#1179696)
samba
- The username map [script] advice from CVE-2020-25717 advisory
  note has undesired side effects for the local nt token. Fallback
  to a SID/UID based mapping if the name based lookup fails;
  (bsc#1192849); (bso#14901).
- CVE-2016-2124: SMB1 client connections can be downgraded to
  plaintext authentication (bsc#1014440); (bso#12444);
- CVE-2020-25717: A user in an AD Domain could become root on
  domain members; (bsc#1192284); (bso#14556);
- CVE-2021-20254 Buffer overrun in sids_to_unixids();
  (bso#14571); (bsc#1184677).
- Avoid free'ing our own pointer in memcache when memcache_trim
  attempts to reduce cache size; (bso#14625); (bnc#1179156).
- Adjust smbcacls '--propagate-inheritance' feature to align with
  upstream; (bsc#1178469).
sqlite3
- Sync version 3.36.0 from Factory to implement jsc#SLE-16032.
- The following CVEs have been fixed in upstream releases up to
  this point, but were not mentioned in the change log so far:
  * bsc#1173641, CVE-2020-15358: heap-based buffer overflow in
    multiSelectOrderBy due to mishandling of query-flattener
    optimization
  * bsc#1164719, CVE-2020-9327: NULL pointer dereference and
    segmentation fault because of generated column optimizations in
    isAuxiliaryVtabOperator
  * bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds
    with WITH stack unwinding even after a parsing error
  * bsc#1160438, CVE-2019-19959: memory-management error via
    ext/misc/zipfile.c involving embedded '0' input
  * bsc#1160309, CVE-2019-19923: improper handling  of  certain uses
    of SELECT DISTINCT in flattenSubquery may lead to null pointer
    dereference
  * bsc#1159850, CVE-2019-19924: improper error handling in
    sqlite3WindowRewrite()
  * bsc#1159847, CVE-2019-19925: improper handling of NULL pathname
    during an update of a ZIP archive
  * bsc#1159715, CVE-2019-19926: improper handling  of certain
    errors during parsing  multiSelect in select.c
  * bsc#1159491, CVE-2019-19880: exprListAppendList in window.c
    allows attackers to trigger an invalid pointer dereference
  * bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE
    and CREATE VIEW statements, does not consider confusion with
    a shadow table name
  * bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an
    integrity_check PRAGMA command in certain cases of generated
    columns
  * bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger
    infinite recursion via certain types of self-referential views
    in conjunction with ALTER TABLE statements
  * bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits
    from the colUsed bitmask in the case of a generated column,
    which allows attackers to cause a denial of service
  * bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The
    function sqlite3Select in select.c allows a crash if a
    sub-select uses both DISTINCT and window functions, and also
    has certain ORDER BY usage
  * bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator
    vulnerability
  * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of
    collation-sequence names
  * CVE-2020-13434 boo#1172115: integer overflow in
    sqlite3_str_vappendf
  * CVE-2020-13630 boo#1172234: use-after-free in fts3EvalNextRow
  * CVE-2020-13631 boo#1172236: virtual table allowed to be renamed
    to one of its shadow tables
  * CVE-2020-13632 boo#1172240: NULL pointer dereference via
    crafted matchinfo() query
  * CVE-2020-13435: Malicious SQL statements could have crashed the
    process that is running SQLite (boo#1172091)
- Remove the following patches from there which are all upstream:
  * sqlite3-CVE-2017-10989.patch
  * sqlite3-CVE-2017-2518.patch,
  * sqlite3-CVE-2018-20346.patch,
  * sqlite3-CVE-2018-8740.patch,
  * sqlite3-CVE-2019-16168.patch,
  * sqlite3-CVE-2019-8457.patch,
  * sqlite3-journal-file.patch,
  * sqlite3-xFetch-null.patch,
  * sqlite3-CVE-2016-6153.patch
sudo
- Tenable Scan reports sudo is still vulnerable to CVE-2021-3156
  [bsc#1183936]
supportutils
- Changes to version 3.0.10
  + Adding ethtool options g l m to network.txt (jsc#SLE-18239)
  + lsof options to improve performance (bsc#1186687)
  + Exclude rhn.conf from etc.txt (bsc#1186347)
- analyzevmcore supports local directories (bsc#1186397)
- getappcore checks for valid compression binary (bsc#1185991)
- getappcore does not trigger errors with help message (bsc#1185993)
- Additions to version 3.0.9
  + prevent running 'systool -vb memory' by default on systems with 16TB or more #57 (bsc#1127734)
- Additions to version 3.0.9
  + Checks package signatures in rpm.txt (bsc#1021918)
  + Optimizing find (bsc#1184911)
- Using zypper --xmlout (bsc#1181351)
- Error fix for sysfs.txt (bsc#1089870)
- Additions to version 3.0.9
  + Added drbd information and configuration details to drbd.txt (bsc#1063765)
  + Added list-timers and list-jobs to systemd.txt (bsc#1169348)
  + nfs4 in search (bsc#1184828)
- Captures rotated logs with different compression methods (bsc#1179188)
- Minor wording change in text
- Removed deprecated mii-tool (bsc#1043601)
  - Added -u for HTTPS and -a for FTPES uploads to SUSE FTP servers
  (bsc#1051419)
suse-module-tools
- Update to version 12.6.1: Import kernel scriptlets from kernel-source
  * rpm-script: fix bad exit status in OpenQA (bsc#1191922)
  * cert-script: Deal with existing $cert.delete file (bsc#1191804).
  * cert-script: Ignore kernel keyring for kernel certificates (bsc#1191480).
  * cert-script: Only print mokutil output in verbose mode.
  * inkmp-script(postun): don't pass  existing files to weak-modules2
    (boo#1191200)
  * kernel-scriptlets: skip cert scriptlet on non-UEFI systems
    (boo#1191260)
  * rpm-script: link config also into /boot (boo#1189879)
  * Import kernel scriptlets from kernel-source.
    (bsc#1189841, bsc#1190598)
  * Provide "/suse-kernel-rpm-scriptlets"/
systemd
- Added 1001-basic-unit-name-do-not-use-strdupa-on-a-path.patch (CVE-2021-33910 bsc#1188063)
  This patch will be moved to the git repo once the bug will become
  public.
- Import commit 45e55ba407af6c95bb31ee6274a410221b270631
  7ee5d00c35 mount-util: shorten the loop a bit (#7545)
  d11f9ecd26 mount-util: do not use the official MAX_HANDLE_SZ (#7523)
  061ad6d042 mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761)
  a3b6ac5b16 mount-util: fix bad indenting
  2f1216da61 mount-util: EOVERFLOW might have other causes than buffer size issues
  6aad8e1164 mount-util: fix error propagation in fd_fdinfo_mnt_id()
  7f212aaf82 mount-util: drop exponential buffer growing in name_to_handle_at_loop()
  575cd1cd59 udev: port udev_has_devtmpfs() to use path_get_mnt_id()
  6e640e0f72 mount-util: add new path_get_mnt_id() call that queries the mnt ID of a path
  f897e6fa6b mount-util: add name_to_handle_at_loop() wrapper around name_to_handle_at()
  9a99b8e39b mount-util: accept that name_to_handle_at() might fail with EPERM (#5499)
  2d37137b9a basic: fallback to the fstat if we don't have access to the /proc/self/fdinfo
- Import commit e41f1650e7f69f44569d5b27a7ca27b69b162792
  514ffd3db7 sysusers: use the usual comment style
  5aa120f089 test/TEST-21-SYSUSERS: add tests for new functionality
  8e55e98aae sysusers: allow admin/runtime overrides to command-line config
  dca71da06a basic/strv: add function to insert items at position
  0b0c80f431 sysusers: allow the shell to be specified
  57cf9a6680 sysusers: move various user credential validity checks to src/basic/
  cece58038d man: reformat table in sysusers.d(5)
  579642f528 sysusers: take configuration as positional arguments
  c3b02cbec6 sysusers: emit a bit more info at debug level when locking fails
  e1beaac365 sysusers: allow force reusing existing user/group IDs (#8037)
  c4dc42a352 sysusers: ensure GID in uid:gid syntax exists
  7a55d8caf3 sysusers: make ADD_GROUP always create a group
  895392a9a4 test: add TEST-21-SYSUSERS test
  753dc29ca0 sysuser: use OrderedHashmap
  5275d4e204 sysusers: allow uid:gid in sysusers.conf files
  a15c051441 sysusers: fix memleak (#4430)
  These commits implement the option '--replace' for systemd-sysusers
  so %sysusers_create_package can be introduced in SLE and packages
  can rely on this rpm macro without wondering whether the macro is
  available on the different target the package is submitted to.
- Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807)
- Import commit 29b66d7e01845caec85e303e784ba216918715c1
  b06adcab32 systemctl: add --value option
  e1f9d7b8f0 execute: make sure to call into PAM after initializing resource limits (bsc#1184967)
  d2396ab8b7 rlimit-util: introduce setrlimit_closest_all()
  d1e0854de9 system-conf: drop reference to ShutdownWatchdogUsec=
  91110a7331 core: rename ShutdownWatchdogSec to RebootWatchdogSec (bsc#1185331)
  b249d10eb5 Return -EAGAIN instead of -EALREADY from unit_reload (bsc#1185046)
- Import commit 0c74cd4d58ef31f346e1edb1be7692d61961897c
  611376f830 rules: don't ignore Xen virtual interfaces anymore (bsc#1178561)
  65f4fa852e write_net_rules: set execute bits (bsc#1178561)
  f60153e565 udev: rework network device renaming
  df31eb968a Revert "/Revert "/udev: network device renaming - immediately give up if the target name isn't available"/"/
- Import commit d7219f1b222f5ca3ff58701d413bf09fe8ce2e82 (bsc#1183790)
  b66e9a5e5a service: go through stop_post on failure (#4770)
  8d4001767f service: only fail notify services on empty cgroup during start
  322324c5e6 service: fix main processes exit behavior for type notify services
  fdb06bc393 service: introduce protocol error type
  1a94e63978 core: when a service's ExecStartPre= times out, skip ExecStop=
- Import commit fadcac5bb458e57306bd370995938af4c7ea05f8
  832c6d3161 shutdown: bump kmsg log level to LOG_WARNING only
  77fa130932 shutdown: rework bump_sysctl_printk_log_level() to use sysctl_writef()
  17e2859d11 sysctl: add sysctl_writef() helper
  0826c7395e shutdown: use "/int"/ for log level type
  d3345e5d0d killall: bump log message about unkilled processes to LOG_WARNING
  408ad0aeed core/killall: Log the process names not killed after 10s
  235fb3716f shutdown: Bump sysctl kernel.printk log level in order to see info msg
  816497776a core/killall: Propagate errors and return the number of process left
  ea84ca6f13 shutdown: always pass errno to logging functions
  28de6884a5 umount: beef up logging when umount/remount child processes fail
  7954277e26 umount: Try unmounting even if remounting read-only failed
  3e1b1be184 core: Implement sync_with_progress() (bsc#1178219)
  748da3e5c7 core: Implement timeout based umount/remount limit (bsc#1178219)
  705b3d7618 core: remove "/misuse"/ of getpgid() in systemd-shutdown
  573617ed8a core: systemd-shutdown: avoid confusingly redundant messages
  f07ddb30ad core: systemd-shutdown: add missing check for umount_changed
  016365166a umount: always use MNT_FORCE in umount_all() (#7213)
  f831b68e56 pid1: improve logging when failing to remount / ro (#5940)
  4d1bbd1bc1 signal-util: use a slightly less likely to conflict variable name instead of 't'
  447ed76ff9 shutdown: already sync IO before we enter the final killing spree
  0a80b4a9ac shutdown: use (void)
  8428aa0e6d shutdown: use 90s SIGKILL timeout
  5cbaf621ca basic: mark unused variable as such
  a320b497db nss: block various signals while running NSS lookups
  87b294baa5 core: free m->deserialized_subscribed on daemon-reexec
  0ba5127071 PATCH] Always free deserialized_subscribed on reload (bsc#1180020)
    A bunch of commits which should improve the logs emitted by
  systemd-shutdown during the shutdown process when some badly written
  applications cannot be stopped properly and prevents some mount
  points to be unmounted properly. See bsc#1178219 for an example of
  such case.
- Don't use shell redirections when calling a rpm macro (bsc#1183094)
  It's broken since the redirection is expanded where the parameters
  of the macro are, which can be anywhere in the body of macro.
- systemd requires aaa_base >= 13.2
  This dependency is required because 'systemctl
  {is-enabled,enable,disable} <initscript>"/ ends up calling
  systemd-sysv-install which in its turn calls "/chkconfig
  - -no-systemctl"/.
  aaa_base package has a weird versioning but the '--no-systemctl'
  option has been introduced starting from SLE12-SP2-GA, which shipped
  version "/13.2+git20140911.61c1681"/.
  Spotted in bsc#1180083.
- Import commit 4eae068097b42f2fd2a942e637e91ba3c12b37af
  386e85dcd3 core: Fix edge case when processing /proc/self/mountinfo (#7811) (bsc#1180596)
  7be6e949dc udev: create /dev/disk/by-label symlink for LUKS2 (#8998) (bsc#1180885)
  3bce298616 core: fix memory leak on reload (bsc#1180020)
  b24b36d76c journal: do not trigger assertion when journal_file_close() get NULL (bsc#1179824)
  703c08e0ae udev: Fix sound.target dependency (bsc#1179363)
  07dc6d987d rules: enable hardware-related targets also for user instances
  5cfed8b620 scope: on unified, make sure to unwatch all PIDs once they've been moved to the cgroup scope
  2710a4be38 core: serialize u->pids until the processes have been moved to the scope cgroup (bsc#1174436)
  d3b81a8940 core: make sure RequestStop signal is send directed
  bbe11f8400 time-util: treat /etc/localtime missing as UTC (bsc#1141597)
tar
- security update
- added patches
  fix CVE-2021-20193 [bsc#1181131], Memory leak in read_header() in list.c
  + tar-CVE-2021-20193.patch
tcsh
- Add patch tcsh-6.18.01-toolong.patch which is an upstream commit
  ported back to 6.18.01 to fix bsc#1179316 about history file growing
timezone
- timezone update 2021e (bsc#1177460):
  * Palestine will fall back 10-29 (not 10-30) at 01:00
- timezone update 2021d:
  * Fiji suspends DST for the 2021/2022 season
  * 'zic -r' marks unspecified timestamps with "/-00"/
- timezone update 2021c:
  * Revert almost all of 2021b's changes to the 'backward' file
  * Fix a bug in 'zic -b fat' that caused old timestamps to be
    mishandled in 32-bit-only readers
- timezone update 2021b:
  * Jordan now starts DST on February's last Thursday.
  * Samoa no longer observes DST.
  * Move some backward-compatibility links to 'backward'.
  * Rename Pacific/Enderbury to Pacific/Kanton.
  * Correct many pre-1993 transitions in Malawi, Portugal, etc.
  * zic now creates each output file or link atomically.
  * zic -L no longer omits the POSIX TZ string in its output.
  * zic fixes for truncation and leap second table expiration.
  * zic now follows POSIX for TZ strings using all-year DST.
  * Fix some localtime crashes and bugs in obscure cases.
  * zdump -v now outputs more-useful boundary cases.
  * tzfile.5 better matches a draft successor to RFC 8536.
- Refresh tzdata-china.patch
- Install tzdata.zi (bsc#1188127)
xen
- Fix xsa385.patch and xsa388-1.patch. Adjust xsa389.patch.
- bsc#1192554 - VUL-0: CVE-2021-28706: xen: guests may exceed their
  designated memory limit (XSA-385)
  xsa385.patch
- bsc#1192557 - VUL-0: CVE-2021-28704,CVE-2021-28707,CVE-2021-28708:
  xen: PoD operations on misaligned GFNs (XSA-388)
  xsa388-1.patch
  xsa388-2.patch
- bsc#1192559 - VUL-0: CVE-2021-28705,CVE-2021-28709: xen: issues
  with partially successful P2M updates on x86 (XSA-389)
  xsa389.patch
- xsa378-3.patch, xsa380-2.patch: Integrate bugfixes. (bsc#1189373
  and bsc#1189378)
- xsa382.patch, xsa384.patch: Refresh.
- bsc#1189632 - VUL-0: CVE-2021-28701: xen: Another race in
  XENMAPSPACE_grant_table handling (XSA-384)
  xsa384.patch
- bsc#1189882 - refresh libxc.sr.superpage.patch
  prevent superpage allocation in the LAPIC and ACPI_INFO range
- bsc#1189373 - VUL-0: CVE-2021-28694,CVE-2021-28695,
  CVE-2021-28696: xen: IOMMU page mapping issues on x86 (XSA-378)
  xsa378-0a.patch
  xsa378-0b.patch
  xsa378-0c.patch
  xsa378-1.patch
  xsa378-2.patch
  xsa378-3.patch
  xsa378-4.patch
  xsa378-5.patch
  xsa378-6.patch
  xsa378-7.patch
  xsa378-8.patch
- bsc#1189376 - VUL-0: CVE-2021-28697: xen: grant table v2 status
  pages may remain accessible after de-allocation. (XSA-379)
  xsa379.patch
- bsc#1189378 - VUL-0: CVE-2021-28698: xen: long running loops in
  grant table handling. (XSA-380)
  xsa380-1.patch
  xsa380-2.patch
- bsc#1189380 - VUL-0: CVE-2021-28699: xen: inadequate grant-v2
  status frames array bounds check. (XSA-382)
  xsa382.patch
- bsc#1182654 - VUL-1: CVE-2021-20255: xen: eepro100: stack
  overflow via infinite recursion
  CVE-2021-20255-qemut-eepro100-stack-overflow-via-infinite-recursion.patch
- Drop aarch64-maybe-uninitialized.patch as the fix is in tarball.
- bsc#1187369 - VUL-1: CVE-2021-3592: xen: slirp: invalid pointer
  initialization may lead to information disclosure (bootp)
  CVE-2021-3592-qemut-slirp-bootp-1.patch
  CVE-2021-3592-qemut-slirp-bootp-2.patch
- bsc#1187378 - VUL-1: CVE-2021-3594: xen: slirp: invalid pointer
  initialization may lead to information disclosure (udp)
  CVE-2021-3594-qemut-slirp-udp.patch
- bsc#1187376 - VUL-1: CVE-2021-3595: xen: slirp: invalid pointer
  initialization may lead to information disclosure (tftp)
  CVE-2021-3595-qemut-slirp-tcp.patch
- Prerequisite patches for above security issues
  CVE-2021-3592-3594-3595-qemut-prereq1.patch
  CVE-2021-3592-3594-3595-qemut-prereq2.patch
- bsc#1181254 - VUL-0: xen: IRQ vector leak on x86 (XSA-360)
  xsa360.patch
- bsc#1186429 - VUL-0: CVE-2021-28692: xen: inappropriate x86 IOMMU
  timeout detection / handling (XSA-373)
  xsa373-1.patch
  xsa373-2.patch
  xsa373-3.patch
  xsa373-4.patch
  xsa373-5.patch
- bsc#1186433 - VUL-0: CVE-2021-0089: xen: Speculative Code Store
  Bypass (XSA-375)
  xsa375.patch
- bsc#1186434 - VUL-0: CVE-2021-28690: xen: x86: TSX Async Abort
  protections not restored after S3 (XSA-377)
  xsa377.patch
- Drop until better upstream version is available
  xsa370-1.patch
  xsa370-2.patch
- Add xen.sysconfig-fillup.patch to make sure xencommons is in a
  format as expected by fillup. (bsc#1185682)
  Each comment needs to be followed by an enabled key. Otherwise
  fillup will remove manually enabled key=value pairs, along with
  everything that looks like a stale comment, during next pkg update
- A recent systemd update caused a regression in xenstored.service
  systemd now fails to track units that use systemd-notify
  (bsc#1183790)
- Adjust xenstore-launch.patch, which adds a delay between the call
  to systemd-notify and the final exit of the wrapper script
  (bsc#1185021, bsc#1185196)
- bsc#1185104 - VUL-0: CVE-2021-28689: xen: x86: Speculative
  vulnerabilities with bare (non-shim) 32-bit PV guests (XSA-370)
  xsa370-1.patch
  xsa370-2.patch
- bsc#1182846 - VUL-0: CVE-2021-20257: xen: infinite loop issue in
  the e1000 NIC emulator
  CVE-2021-20257-qemut-infinite-loop-issue-in-the-e1000-NIC-emulator.patch
- bsc#1182431 - VUL-0: CVE-2021-27379: xen: missed flush in XSA-321
  backport (XSA-366)
  xsa366.patch
- bsc#1178591 - fix bad backport
  xsa351-1.patch
  xsa351-2.patch
xfsprogs
- xfs_io: add label command (bsc#1191500)
  - add xfsprogs-xfs_io-add-label-command.patch
- xfs_repair: add flag -e to modify exit code for corrected errors
  (bsc#1190320)
  - add xfsprogs-xfs_repair-add-flag-e-to-modify-exit-code-for-correc.patch
- fsck.xfs: allow forced repairs using xfs_repair (bsc#1190320)
  - add xfsprogs-fsck.xfs-allow-forced-repairs-using-xfs_repair.patch
- xfs_repair: initialize realloced bplist in longform_dir2_entry_check
  (bsc#1187832)
  - add xfsprogs-xfs_repair-initialize-realloced-bplist-in-longform_d.patch
yast2-ftp-server
- Fix the label of the certificate input field (bsc#1183786).
- 3.4.2
zypper
- Add support for PTFs (jsc#SLE-17974)
- version 1.13.60
- man: point out more clearly that patches update affected
  packages to the latest available version (bsc#1187466)
- version 1.13.59