apparmor
- update add-samba-bgqd.diff:  to add new rule to fix 'DENIED' open on
  /proc/{pid}/fd for samba-bgqd (bnc#1196850).
- Add update-usr-sbin-smbd.diff to add new rule to allow reading of
  openssl.cnf (bnc#1195463).
cifs-utils
- CVE-2022-29869: mount.cifs: fix verbose messages on option parsing
  (bsc#1198976, CVE-2022-29869)
  * add cifs-utils-CVE-2022-29869.patch
dracut
- Update to version 049.1+suse.238.gd8dbb075:
  * fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970)
  * fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461)
elfutils
- Added 4G memory build constraint for aarch64 to pass testing.
- Update to version 0.177 (Martin Liška):
    elfclassify: New tool to analyze ELF objects.
    readelf: Print DW_AT_data_member_location as decimal offset.
    Decode DW_AT_discr_list block attributes.
    libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
    libdwelf: Add dwelf_elf_e_machine_string.
    dwelf_elf_begin now only returns NULL when there is an error
    reading or decompressing a file. If the file is not an ELF file
    an ELF handle of type ELF_K_NONE is returned.
    backends: Add support for C-SKY.
  - Update to version 0.176
    build: Add new --enable-install-elfh option.
    Do NOT use this for system installs (it overrides glibc elf.h).
    backends: riscv improved core file and return value location support.
    Fixes CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664
  - CVE-2019-7150: dwfl_segment_report_module doesn't check whether
    the dyn data read from core file is truncated (bnc#1123685)
  - CVE-2019-7665: NT_PLATFORM core file note should be a zero
    terminated string (CVE is a bit misleading, as this is not a bug
    in libelf as described) (bnc#1125007)
  - Removed patches:
  - libdwfl-sanity-check-partial-core-file-dyn-data-read.patch
  - libebl-check-NT_PLATFORM-core-notes.patch
  - Update to version 0.175 (Martin Liška):
    readelf: Handle mutliple .debug_macro sections.
    Recognize and parse GNU Property, NT_VERSION and
    GNU Build Attribute ELF Notes.
    strip: Handle SHT_GROUP correctly.
    Add strip --reloc-debug-sections-only option.
    Handle relocations against GNU compressed sections.
    libdwelf: New function dwelf_elf_begin.
    libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
    and BPF_JSLE.
    backends: RISCV handles ADD/SUB relocations.
    Handle SHT_X86_64_UNWIND.
  - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the
    function arlib_add_symbols() used by eu-ranlib (bnc#1112723)
  - CVE-2018-18310: Invalid Address Read problem in
    dwfl_segment_report_module.c (bnc#1111973)
  - CVE-2018-18520: eu-size: Bad handling of ar files inside are
    files (bnc#1112726)
  - Removed patches:
  - arlib-check-that-sh_entsize-isnt-zero.patch
  - libdwfl-sanity-check-partial-core-file-data-reads.patch
  - size-handle-recursive-elf-ar-files.patch
  - Update to version 0.174 (Martin Liška):
    libelf, libdw and all tools now handle extended shnum and
    shstrndx correctly.
    elfcompress: Don't rewrite input file if no section data needs
    updating. Try harder to keep same file mode bits
    (suid) on rewrite.
    strip: Handle mixed (out of order) allocated/non-allocated
    sections.
    unstrip: Handle SHT_GROUP sections.
    backends: RISCV and M68K now have backend implementations to
    generate CFI based backtraces.
  - CVE-2018-16402: libelf: denial of service/double free on an
    attempt to decompress the same section twice (bnc#1107066)
    Double-free crash in nm and readelf
  - CVE-2018-16403: heap buffer overflow in readelf (bnc#1107067)
  - CVE-2018-16062: heap-buffer-overflow in
    /elfutils/libdw/dwarf_getaranges.c:156 (bnc#1106390)
    Removed patches:
    libelf-error-if-elf_compress_gnu-is-used-on-SHF_COMPRESSED.patch
    libdw-check-end-of-attributes-list-consistently.patch
    libdw-readelf-make-sure-there-is-enough-data-to-read.patch
  - Update to version 0.173 (Martin Liška):
    More fixes for crashes and hangs found by afl-fuzz. In particular various
    functions now detect and break infinite loops caused by bad DIE tree cycles.
    readelf: Will now lookup the size and signedness of constant value types
    to display them correctly (and not just how they were encoded).
    libdw: New function dwarf_next_lines to read CU-less .debug_line data.
    dwarf_begin_elf now accepts ELF files containing just .debug_line
    or .debug_frame sections (which can be read without needing a DIE
    tree from the .debug_info section).
    Removed dwarf_getscn_info, which was never implemented.
    backends: Handle BPF simple relocations.
    The RISCV backends now handles ABI specific CFI and knows about
    RISCV register types and names.
  - Update to version 0.172 (Martin Liška):
    No functional changes compared to 0.171.
    Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
    Thanks to running the afl fuzzer on eu-readelf and various testcases.
  - Update to version 0.171 (Martin Liška):
    DWARF5 and split dwarf, including GNU DebugFission, are supported now.
    Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
    .debug_loclists, .debug_str_offsets and .debug_rnglists.  Plus the new
    DWARF5 and GNU DebugFission encodings of the existing .debug sections.
    Also in split DWARF .dwo (DWARF object) files.  This support is mostly
    handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
    dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
    sections and data formats.  But some new functions have been added
    to more easily get information about skeleton and split compile units
    (dwarf_get_units and dwarf_cu_info), handle new attribute data
    (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
    that might come from different sections or files (dwarf_die_addr_die).
    Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
    files, the .debug_names index, the .debug_cu_index and .debug_tu_index
    sections. Only a single .debug_info (and .debug_types) section are
    currently handled.
    readelf: Handle all new DWARF5 sections.
  - -debug-dump=info+ will show split unit DIEs when found.
  - -dwarf-skeleton can be used when inspecting a .dwo file.
    Recognizes GNU locviews with --debug-dump=loc.
    libdw: New functions dwarf_die_addr_die, dwarf_get_units,
    dwarf_getabbrevattr_data and dwarf_cu_info.
    libdw will now try to resolve the alt file on first use of
    an alt attribute FORM when not set yet with dwarf_set_alt.
    dwarf_aggregate_size() now works with multi-dimensional arrays.
    libdwfl: Use process_vm_readv when available instead of ptrace.
    backends: Add a RISC-V backend.
    There were various improvements to build on Windows.
    The sha1 and md5 implementations have been removed, they weren't used.
  - Update to version 0.170 (Martin Liška):
    libdw: Added new DWARF5 attribute, tag, character encoding, language code,
    calling convention, defaulted member function and macro constants
    to dwarf.h.
  New functions dwarf_default_lower_bound and dwarf_line_file.
  dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
  dwarf_getmacros now handles DWARF5 .debug_macro sections.
    strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
    backends: The bpf disassembler is now always build on all platforms.
  - Includes changes in 0.169
    backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
    Frame pointer unwinding fallback support for i386, x86_64, aarch64.
    translations: Update Polish translation.
  - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and
    application crash) via a crafted ELF file (bnc#1033088)
  - CVE-2017-7610: elflint: heap-based buffer overflow in check_group
    (bnc#1033087)
  - CVE-2017-7609: memory allocation failure in __libelf_decompress
    (bnc#1033086)
  - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi
    (readelf.c) (bnc#1033084)
  - CVE-2017-7608: heap-based buffer overflow in
    ebl_object_note_type_name (eblobjnotetypename.c) (bnc#1033085)
  - CVE-2017-7613: elfutils: denial of service (memory consumption)
    via a crafted ELF file (bnc#1033090)
  - CVE-2017-7612: elfutils: denial of service (heap-based buffer
    over-read and application crash) via a crafted ELF file (bnc#1033089)
  - Removed patches:
  - obsolete 0001-backends-Add-support-for-EM_PPC64-GNU_ATTRIBUTES.patch
  - ppc-machine-flags.patch
  - elflint-check-symbol-table-data-is-big-enough-before-check.patch
  - elflint-dont-check-section-group-without-flags-word.patch
  - libelf-check-compression-before-allocate-output-buffer.patch
  - readelf-fix-off-by-one-sanity-check.patch
  - use-the-empty-string-for-note-names-with-zero-size.patch
  - elflint-sanity-check-the-number-of-phdrs-and-shdrs.patch
  - elfutils-dont-trust-sh_entsize.patch
- Packaging cleanups:
  - Modernize specfile and metadata. (Jan Engelhardt)
  - Use %make_build (Martin Liška)
  - Update License tag to GPL-3.0-or-later, as requested by legal
    review. (Dominique Leuenberger)
  - Don't make elfutils recommend elfutils-lang as elfutils-lang
    already supplements elfutils. (Antoine Belvire)
  - Fix typo in the recommends name bsc#1104264 (Tomas Chvatal)
  - Use %license (boo#1082318) (Fabian Vogt)
- Test fixes (Andreas Schwab):
  - disable-tests-with-ptrace.patch: Remove, set XFAIL_TESTS instead
  - dwelf_elf_e_machine_string.patch: Avoid spurious failure
- disable-tests-with-ptrace.patch: Remove, set XFAIL_TESTS instead
- dwelf_elf_e_machine_string.patch: Avoid spurious failure
glibc
- disable-check-consistency.patch: i386: Disable check_consistency for GCC
  5 and above (bsc#1201640, BZ #25788)
- static-tls-surplus.patch: Remove tunables (bsc#1201560)
gpg2
- Security fix [CVE-2022-34903, bsc#1201225]
  - Vulnerable to status injection
  - Added patch gnupg-CVE-2022-34903.patch
- gnupg-detect_FIPS_mode.patch: use AES as default cipher instead
  of 3DES if we are in FIPS mode. (bsc#1196125)
hwinfo
- merge gh#openSUSE/hwinfo#113
- Keep NVMe's namespace output consistency when
  nvme_core.multipath=1 (bsc#1199948)
- 21.82
- merge gh#openSUSE/hwinfo#112
- fix bug in determining serial console device name (bsc#1198043)
- 21.81
- merge gh#openSUSE/hwinfo#109
- fix logic around cdrom detection
- 21.80
- merge gh#openSUSE/hwinfo#108
- Donot close the open tray after read_cdrom_info.
- Donot close the open tray after read.
- 21.79
- merge gh#openSUSE/hwinfo#106
- Always read numerical 32bit serial number from EDID header.
  Override this with ASCII serial number from display descriptor,
  if available.
- Display numerical 32bit serial number for monitors without serial
  number display descriptor
- 21.78
- merge gh#openSUSE/hwinfo#105
- Use license file from gnu.org
- Fix spelling
- Add missing final newline
- Trim excess whitespace
- Simple maintenance improvements
- 21.77
- merge gh#openSUSE/hwinfo#104
- Fix timezone issue in SOURCE_DATE_EPOCH code
- 21.76
- merge gh#openSUSE/hwinfo#100
- recognize loongarch64 architecture
- 21.75
- merge gh#openSUSE/hwinfo#98
- update pci and usb ids
- 21.74
- merge gh#openSUSE/hwinfo#95
- don't rely on select() updating its timeout arg (bsc#1184339)
- 21.73
kernel-default
-  Fix 1201644, 1201664, 1201672, 1201673, 1201676
  All are reports of the same problem - the IBRS_* regs push/popping was
  wrong but it needs
  1b331eeea7b8 ("/x86/entry: Remove skip_r11rcx"/)
  too.
- commit cc90276
- Refresh
  patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch.
- commit 9493568
- x86/entry: Remove skip_r11rcx (bsc#1201644).
- Refresh
  patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- commit b81e242
ldb
- Add ldb-memory-bug-15096-4.15-ldbonly.patch to backport all
  changes for ldb-2.4.4.
  + CVE-2022-32745: samba: ldb: AD users can crash the server
    process with an LDAP add or modify request; (bso#15008);
    (bso#15096); (bsc#1201492).
  + CVE-2022-2031: samba, ldb: AD users can bypass certain
    restrictions associated with changing passwords; (bso#15047);
    (bsc#1201495);
  + CVE-2022-32744: samba, ldb: AD users can forge password change
    requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- Update to version 2.4.3
  + Fix build problems, waf produces incorrect names for python
    extensions; (bso#15071);
libzypp
- appdata plugin: Pass path to the repodata/ directory inside the
  cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending
  endOfScriptTag.
- version 17.30.2 (22)
- PluginRepoverification: initial version hooked into
  repo::Downloader and repo refresh.
- Immediately start monitoring the download.transfer_timeout.
  Do not wait until the first data arrived. (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only.
- Work around cases where sat repo.start points to an invalid
  solvable.  May happen if (wrong arch) solvables were removed
  at the  beginning of the repo.
- fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
  (fixes #388)
- version 17.30.1 (22)
logrotate
- Security fix: (bsc#1192449) related to (bsc#1191281, CVE-2021-3864)
  * enforce stricter parsing to avoid CVE-2021-3864
  * Added patch logrotate-enforce-stricter-parsing-and-extra-tests.patch
- Fix "/logrotate emits unintended warning: keyword size not properly
  separated, found 0x3d"/ (bsc#1200278, bsc#1200802):
  * Added patch logrotate-dont_warn_on_size=_syntax.patch
ncurses
- Add patch ncurses-bnc1198627.patch
  * Fix bsc#1198627: CVE-2022-29458: ncurses: segfaulting OOB read
pcre2
- Added pcre2-bsc1199235-CVE-2022-1587.patch
  * CVE-2022-1587 / bsc#1199235
  * Fix out-of-bounds read due to bug in recursions
  * Sourced from:
  - https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0
- Added pcre2-Fix_crash_when_X_is_used_without_UTF_in_JIT.patch
  * CVE-2019-20454 / bsc#1164384
  * Fix crash when X is used in non-UTF mode on certain inputs.
  * Sourced from:
  - https://github.com/PCRE2Project/pcre2/commit/342c16ecd31bd12fc350ee31d2dcc041832ebb3f
  - https://github.com/PCRE2Project/pcre2/commit/e118e60a68f03f38dd2ff3d16ca2e2e0d800e1d9
perl-Bootloader
- merge gh#openSUSE/perl-bootloader#139
- fix sysconfig parsing (bsc#1198828)
- 0.939
- merge gh#openSUSE/perl-bootloader#138
- grub2/install: reset error code when passing through recover code
  (bsc#1198197)
- 0.938
- merge gh#openSUSE/perl-bootloader#137
- grub2 install: Support secure boot on powerpc (bsc#1192764
  jsc#SLE-18271).
- 0.937
python-py
- Update in SLE-15 (bsc#1195916, bsc#1196696, jsc#PM-3356, jsc#SLE-23972)
- Drop CVE-2020-29651.patch, issue fixed upstream in 1.10.0
- Update to 1.10.0
  * Fix a regular expression DoS vulnerability in the py.path.svnwc
    SVN blame functionality (CVE-2020-29651)
- Devendor apipkg and iniconfig
- Add pr_222.patch to activate test suite
- Update to 1.9.0
  * Add type annotation stubs
samba
- CVE-2022-32746: samba: Use-after-free occurring in database
  audit logging; (bso#15009); (bso#15096); (bsc#1201490).
- CVE-2022-32745: samba: ldb: AD users can crash the server
  process with an LDAP add or modify request; (bso#15008);
  (bso#15096); (bsc#1201492).
- CVE-2022-2031: samba, ldb: AD users can bypass certain
  restrictions associated with changing passwords; (bso#15047);
  (bsc#1201495);
- CVE-2022-32742:SMB1 code does not correct verify SMB1write,
  SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
  (bsc#1201496).
- CVE-2022-32744: samba, ldb: AD users can forge password change
  requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- Update to 4.15.8
  * Use pathref fd instead of io fd in vfs_default_durable_cookie;
    (bso#15042);
  * Setting fruit:resource = stream in vfs_fruit causes a panic;
    (bso#15099);
  * Add support for bind 9.18; (bso#14986);
  * logging dsdb audit to specific files does not work; (bso#15076);
  * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
    file had been deleted; (bso#15069);
  * netgroups support removed; (bso#15087); (bsc#1199247);
  * net ads info shows LDAP Server: 0.0.0.0 depending on contacted
    server; (bso#14674); (bsc#1199734);
  * waf produces incorrect names for python extensions with Python
    3.11; (bso#15071);
  * smbclient commands del & deltree fail with
    NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
    (bsc#1200556);
  * vfs_gpfs recalls=no option prevents listing files; (bso#15055);
  * waf produces incorrect names for python extensions with Python
    3.11; (bso#15071);
  * Compile error in source3/utils/regedit_hexedit.c; (bso#15091);
  * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link;
    (bso#15108);
  * smbd doesn't handle UPNs for looking up names; (bso#15054);
  * Out-by-4 error in smbd read reply max_send clamp; (bso#14443);
- Move pdb backends from package samba-libs to package
  samba-client-libs and remove samba-libs requirement from
  samba-winbind; (bsc#1200964); (bsc#1198255);
- Use the canonical realm name to refresh the Kerberos tickets;
  (bsc#1196224); (bso#14979);
- Fix  smbclient commands del & deltree failing with
  NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
  (bsc#1200556).
systemd
- Import commit 0fb88066f5fa4695467e930559776cc3444773ec
  90740ae2aa string-util: explicitly cast character to unsigned
  ca1455c5b9 string-util: fix build error on aarch64
  c0829f98fc basic/escape: escape control characters, but not utf-8, in shell quoting
  387a2e1fbf basic/string-util: simplify how str_realloc() is used
  cdc4d55d22 basic/string-util: inline iterator variable declarations
  d435514c85 basic/string-util: split out helper function
  bdbc4faff5 basic/escape: always escape newlines in shell_escape()
  3eb13063d1 basic/escape: add mode where empty arguments are still shown as "/"/
  08fd20d8fb Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
  ec07c1c46c basic/escape: use consistent location for "/*"/ in function declarations
  074e1b622e Allow control characters in environment variable values (bsc#1200170)
  44e419dcb0 Revert "/basic/env-util: (mostly) follow POSIX for what variable names are allowed"/
  d5756f6f71 test-env-util: Verify that r is disallowed in env var values
  d02bac33d3 basic/env-util: make function shorter
  c68d5f0ba6 basic/env-util: (mostly) follow POSIX for what variable names are allowed
  887c150a04 test-env-util: print function headers
- Import commit 40960e1ccb15071355fd3ee922877ef51f34bdbc
  e6354ebb34 core/device: device_coldplug(): don't set DEVICE_DEAD
  b593249c00 core/device: do not downgrade device state if it is already enumerated
  7b47b3c306 core/device: ignore DEVICE_FOUND_UDEV bit on switching root (bsc#1137373 bsc#1181658 bsc#1194708 bsc#1195157 bsc#1197570)
  912c07c281 core/device: drop unnecessary condition
- fix parsing error in s390 udev rules conversion script (bsc#1198732)
- Call pam_loginuid when creating user@.service (bsc#1198507)
  It's a backport of upstream commit 1000522a60ceade446773c67031b47a566d4a70d.
tar
- bsc1200657.patch was previously incomplete leading to deadlocks
  * bsc#1202436
  * bsc1200657.patch updated
- Fix race condition while creating intermediate subdirectories,
  bsc#1200657
  * bsc1200657.patch
zypper
- Basic JobReport for "/cmdout/monitor"/.
- versioncmp: if verbose, also print the edition 'parts' which are
  compared.
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally (fixes #433)
- Honor the NO_COLOR environment variable when auto-detecting
  whether to use color (fixes #432)
- Define table columns which should be sorted natural [case
  insensitive] (fixes #391, closes #396, fixes #424)
- lr/ls: Use highlight color on name and alias as well.
- version 1.14.53