cloud-regionsrv-client
- Update to 10.3.4
  + Modify the message when network access over a specific IP version does
    not work. This is an informational message and should not look like
    an error
  + Inform the user that LTSS registration takes a little longer
  + Add fix-for-sles12-no-trans_update.patch
    + SLE 12 family has no products with transactional-update we do not
    need to look for this condition
- From 10.3.3 (bsc#1229472)
  + Handle changes in process structure to properly identify the running
    zypper parent process and only check for 1 PID
- From 10.3.2
  + Remove rgnsrv-clnt-fix-docker-setup.patch included upstream
- From 10.3.1 (jsc#PCT-400)
  + Add support for LTSS registration
  + Add fix-for-sles12-disable-registry.patch
    ~ No container support in SLE 12
containerd
- Update to containerd v1.7.21. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.21>
  Fixes CVE-2023-47108. bsc#1217070
  Fixes CVE-2023-45142. bsc#1228553
- Rebase patches:
  * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
curl
- Security fix: [bsc#1230093, CVE-2024-8096]
  * curl: OCSP stapling bypass with GnuTLS
  * Add curl-CVE-2024-8096.patch

- Security fix: [bsc#1228535, CVE-2024-7264]
  * curl: ASN.1 date parser overread
  * Add curl-CVE-2024-7264.patch
python-kiwi
- Update virtualenv setup
  types-pkg_resources got dropped from PyPI
transactional-update
- Version 4.1.9
  - Adding support for specifying migration arguments
dracut
- Update to version 055+suse.392.g7930ab23:
  * feat(systemd*): include systemd config files from /usr/lib/systemd (bsc#1228398)
  * fix(convertfs): error in conditional expressions (bsc#1228847)
glib2
- Add glib2-gdbusmessage-cache-arg0.patch: cache the arg0 value in
  a dbus message. Fixes a possible use after free (boo#1224044).
glibc
- s390x-wcsncmp.patch: s390x: Fix segfault in wcsncmp (bsc#1228043, BZ
  [#31934])
grub2
- grub2.spec: Add ofnet to signed grub.elf to support powerpc net boot
  installation when secure boot is enabled (bsc#1217761) (bsc#1228866)
- Improved check for disk device when looking for PReP partition
  * 0004-Introduce-prep_load_env-command.patch
util-linux
- Skip aarch64 decode path for rest of the architectures
  (bsc#1229476, util-linux-lscpu-skip-aarch64-decode.patch).
expat
- Security fix (bsc#1229932, CVE-2024-45492): detect integer
  overflow in function nextScaffoldPart
  * Added expat-CVE-2024-45492.patch
- Security fix (bsc#1229931, CVE-2024-45491): detect integer
  overflow in dtdCopy
  * Added expat-CVE-2024-45491.patch
- Security fix (bsc#1229930, CVE-2024-45490): reject negative
  len for XML_ParseBuffer
  * Added expat-CVE-2024-45490.patch
mozilla-nss
- Updated nss-fips-approved-crypto-non-ec.patch to enforce
  approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113).
ncurses
- Add patch ncurses-6.1-boo1229028.patch (boo#1229028)
  * Allow that terminal description based on static fallback
    entries can be freed.
snapper
- handle content-length of stomp in zypper plugin
  (gh#openSUSE/snapper#918) (bsc#1229142)
  * added pr919.patch
  * added pr920.patch
libsolv
- removed dependency on external find program in the repo2solv tool
- bindings: fix return value of repodata.add_solv()
- new SOLVER_FLAG_FOCUS_NEW flag
- bump version to 0.7.30
systemd
- Import commit a57a6d239c5d6b91fb3dcd269705e60804a03ae1
  cd0c9ac4f4 unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414)
  e1eaa86a49 udev: do not set ID_PATH and by-path symlink for nvmf disks
  a85d211874 man: Document ranges for distributions config files and local config files

- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
  Otherwise pesign-obs-integration ends up re-packaging systemd with all macros
  inside comments unescaped leading to unpredictable behavior. Now why rpm
  expands rpm macros inside comments is the question...

- Update 1011-sysv-generator-add-back-support-for-SysV-scripts-for.patch
  Really skip redundant dependencies specified the LSB description that
  references the file name of the service itself for early boot scripts (noticed
  in bsc#1221479).
libzypp
- Make sure not to statically linked installed tools (bsc#1228787)
- version 17.35.8 (35)

- MediaPluginType must be resolved to a valid MediaHandler
  (bsc#1228208)
- version 17.35.7 (35)

- Export CredentialManager for legacy YAST versions (bsc#1228420)
- version 17.35.6 (35)

- Export asSolvable for YAST (bsc#1228420)
- Fix 4 typos in zypp.conf.
- version 17.35.5 (35)

- Fix typo in the geoip update pipeline (bsc#1228206)
- Export RepoVariablesStringReplacer for yast2 (bsc#1228138)
- version 17.35.4 (35)

- Translation: updated .pot file.
- Conflict with python zypp-plugin < 0.6.4 (bsc#1227793)
  Older zypp-plugins reject stomp headers including a '-'. Like the
  'content-length' header we may send.
- Fix int overflow in Provider (fixes #559)
  This patch fixes an issue in safe_strtonum which caused
  timestamps to overflow in the Provider message parser.
- Fix error reporting on repoindex.xml parse error (bsc#1227625)
- version 17.35.3 (35)

- Keep UrlResolverPlugin API public (fixes #560)
- Blacklist /snap executables for 'zypper ps' (bsc#1226014)
- Fix handling of buddies when applying locks (bsc#1225267)
  Buddy pairs (like -release package and product) internally share
  the same status object. When applying locks from query results
  the locked bit must be set if either item is locked.
- version 17.35.2 (35)

- Install zypp/APIConfig.h legacy include (fixes #557)
- version 17.35.1 (35)

- Update soname due to RepoManager refactoring and cleanup.
- version 17.35.0 (35)

- Workaround broken libsolv-tools-base requirements (fixes
  openSUSE/zypper#551)
- Strip ssl_clientkey from repo urls (bsc#1226030)
- Remove protobuf build dependency.
- Lazily attach medium during refresh workflows (bsc#1223094)
- Refactor RepoManager and add Service workflows.
- version 17.34.2 (34)
salt
- Fix rich rule comparison in firewalld module (bsc#1222684)
- test_vultrpy: adjust test expectation to prevent failure after Debian 10 EOL
- Make auth.pam more robust with Salt Bundle and fix tests
- Fix performance of user.list_groups with many remote groups
- Fix "status.diskusage" function and exclude some tests for Salt Bundle
- Skip certain tests if necessary for some OSes and set flaky ones
- Add a timer to delete old env post update for venv-minion
- Several fixes for tests to avoid errors and failures in some OSes
- Added:
  * firewalld-normalize-new-rich-rules-before-comparing-.patch
  * several-fixes-for-tests-to-avoid-errors-and-failures.patch
  * test_vultrpy-adjust-test-expectation-to-prevent-fail.patch
  * fix-status.diskusage-and-exclude-some-tests-to-run-w.patch
  * skip-certain-tests-if-necessary-and-mark-some-flaky-.patch
  * some-more-small-tests-fixes-enhancements-661.patch
  * provide-systemd-timer-unit.patch
  * fix-user.list_groups-omits-remote-groups.patch
python3-setuptools
- Add patch CVE-2024-6345-code-execution-via-download-funcs.patch:
  * Sanitize any VCS URL we download. (CVE-2024-6345, bsc#1228105)
regionServiceClientConfigGCE
- Version 4.2.0 (jsc#PCT-361)
  + Add IPv6 certs to supprt access of the update infrastructure via
    IPv6 on GCE instances.

- Update to version 4.1.0 (bsc#1217538)
  + Replace 162.222.182.90 and 35.187.193.56 (length 4096):
    rgnsrv-gce-asia-northeast1 -> 162.222.182.90 expires in 9 years
    rgnsrv-gce-us-central1 -> 35.187.193.56 expires in 10 years
runc
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.14. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.14>.
  Includes the patch for CVE-2024-45310. bsc#1230092
- Rebase patches:
  * 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
  * 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
  * 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
  * 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
selinux-policy
- Update to version 20230511+git17.e258ac27:
  * Fix mkhomedir_helper label to match on sbin (bsc#1229701)
supportutils
- Changes to version 3.2.8
  + Avoid getting duplicate kernel verifications in boot.text (pr#190)
  + lvm: suppress file descriptor leak warnings from lvm commands (pr#191)
  + docker_info: Add timestamps to container logs (pr#196)
  + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198)
  + Update supportconfig get pam.d sorted (pr#199)
  + yast_files: Exclude .zcat (pr#201)
  + Sanitize grub bootloader (bsc#1227127, pr#203)
  + Sanitize regcodes (pr#204)
  + Improve product detection (pr#205)
  + Add read_values for s390x (bsc#1228265, pr#206)
  + hardware_info: Remove old alsa ver check (pr#209)
  + drbd_info: Fix incorrect escape of quotes (pr#210)
suse-build-key
- extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339)
  - gpg-pubkey-39db7c82-5f68629b.asc
  + gpg-pubkey-39db7c82-66c5d91a.asc
suseconnect-ng
- Update version to 1.12:
  - Set the filesystem root on zypper when given (bsc#1230229,bsc#1229014)
systemd-presets-branding-SMO
- preserve wicked enabled during upgrade if it was enabled
  before (NM is default only for new installs) (bsc#1228522)
util-linux-systemd
- Skip aarch64 decode path for rest of the architectures
  (bsc#1229476, util-linux-lscpu-skip-aarch64-decode.patch).
xen
- Update to Xen 4.17.5 security bug fix release (bsc#1027519)
  xen-4.17.5-testing-src.tar.bz2
  * No upstream changelog found in sources or webpage
- bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86
  IOMMU identity mapping (XSA-460)
- bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through
  with shared resources (XSA-461)
- Dropped patches contained in new tarball
  6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch
  6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch
  6627a5fc-x86-MTRR-inverted-WC-check.patch
  662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
  662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
  663090fd-x86-gen-cpuid-syntax.patch
  663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch
  663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch
  663d05b5-x86-ucode-distinguish-up-to-date.patch
  663eaa27-libxl-XenStore-error-handling-in-device-creation.patch
  66450626-sched-set-all-sched_resource-data-inside-locked.patch
  66450627-x86-respect-mapcache_domain_init-failing.patch
  6646031f-x86-ucode-further-identify-already-up-to-date.patch
  6666ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch
  666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch
  666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch
  666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch
  666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch
  666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch
  667187cc-x86-Intel-unlock-CPUID-earlier.patch
  66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch
  6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch
  6672c846-x86-xstate-initialisation-of-XSS-cache.patch
  6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch
  6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch
  xsa458.patch
zypper
- Show rpm install size before installing (bsc#1224771)
  If filesystem snapshots are taken before the installation (e.g.
  by snapper) no disk space is freed by removing old packages. In
  this case the install size of all packages is a hint how much
  additional disk space is needed by the new packages static
  content.
- version 1.14.76

- Fix readline setup to handle Ctrl-C and Ctrl-D corrrectly
  (bsc#1227205)
- version 1.14.75

- Let_readline_abort_on_Ctrl-C (bsc#1226493)
- packages: add '--system' to show @System packages (bsc#222971)
- version 1.14.74