- Add patch git-46-78b2a0b29381c16bec6b2a8fc7eabaa9925782d7.patch
  * The wrapper rootsh is not a restricted shell (bsc#1199492)

- Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
  Added:
  - Certainly Root E1
  - Certainly Root R1
  - DigiCert SMIME ECC P384 Root G5
  - DigiCert SMIME RSA4096 Root G5
  - DigiCert TLS ECC P384 Root G5
  - DigiCert TLS RSA4096 Root G5
  - E-Tugra Global Root CA ECC v3
  - E-Tugra Global Root CA RSA v3
  Removed:
  - Hellenic Academic and Research Institutions RootCA 2011
- Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
  Added:
  - Autoridad de Certificacion Firmaprofesional CIF A62634068
  - D-TRUST BR Root CA 1 2020
  - D-TRUST EV Root CA 1 2020
  - GlobalSign ECC Root CA R4
  - GTS Root R1
  - GTS Root R2
  - GTS Root R3
  - GTS Root R4
  - HiPKI Root CA - G1
  - ISRG Root X2
  - Telia Root CA v2
  - vTrus ECC Root CA
  - vTrus Root CA
  Removed:
  - Cybertrust Global Root
  - DST Root CA X3
  - DigiNotar PKIoverheid CA Organisatie - G2
  - GlobalSign ECC Root CA R4
  - GlobalSign Root CA R2
  - GTS Root R1
  - GTS Root R2
  - GTS Root R3
  - GTS Root R4
- updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added CAs:
  + HARICA Client ECC Root CA 2021
  + HARICA Client RSA Root CA 2021
  + HARICA TLS ECC Root CA 2021
  + HARICA TLS RSA Root CA 2021
  + TunTrust Root CA
- Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
- Added new root CAs:
  - NAVER Global Root Certification Authority
- Removed old root CA:
  - GeoTrust Global CA
  - GeoTrust Primary Certification Authority
  - GeoTrust Primary Certification Authority - G3
  - GeoTrust Universal CA
  - GeoTrust Universal CA 2
  - thawte Primary Root CA
  - thawte Primary Root CA - G2
  - thawte Primary Root CA - G3
  - VeriSign Class 3 Public Primary Certification Authority - G4
  - VeriSign Class 3 Public Primary Certification Authority - G5

  * mount.cifs: fix verbose messages on option parsing (bsc#1198976, CVE-2022-29869)

2 recommended fixes from upstream:
- news-fix-typo.patch: We ship the NEWS file so avoid including a
  typo in it.
- dmioem-fix-segmentation-fault-in-dmi_hp_240_attr.patch: Passing
  NULL to a %s printf conversion specifier is illegal, and can
  result in a segmentation fault. Current version of glibc doesn't
  mind, but alternative, past or future libc implementations could
  crash, so let's fix it.
- Update to upstream version 3.4:
  * This update implements jsc#SLE-24502 and jsc#PED-1466.
  * [COMPATIBILITY] Document how the UUID fields are interpreted.
  * [PORTABILITY] Don't use memcpy on /dev/mem on arm64.
  * Support for SMBIOS 3.4.0. This includes new memory device types, new
    processor upgrades, new slot types and characteristics, decoding of memory
    module extended speed, new system slot types, new processor characteristics
    and new format of Processor ID.
  * Support for SMBIOS 3.5.0. This includes new processor upgrades, BIOS
    characteristics, new slot characteristics, new on-board device types, new
    pointing device interface types, and a new record type (type 45 -
    Firmware Inventory Information).
  * Decode HPE OEM records 194, 199, 203, 236, 237, 238 ans 240.
  * Bug fixes:
    Fix OEM vendor name matching
  * Minor improvements:
    Add bios-revision, firmware-revision and system-sku-number to -s option
    Use the most appropriate unit for cache size
    Decode system slot base bus width and peers
    Skip details of uninstalled memory modules
    Don't display the raw CPU ID in quiet mode
    Improve the formatting of the manual pages
  * Obsoletes dmidecode-add-enumerated-values-from-smbios-3.3.0.patch,
    dmidecode-add-logical-non-volatile-device.patch,
    dmidecode-add-memory-device-types-from-smbios-3.4.0.patch,
    dmidecode-add-processor-characteristics-bits-from-smbios-3.4.0.patch,
    dmidecode-add-processor-upgrades-from-smbios-3.4.0.patch,
    dmidecode-add-slot-characteristics2-from-smbios-3.4.0.patch,
    dmidecode-add-system-slot-types-from-smbios-3.4.0.patch,
    dmidecode-fix-formatting-of-tpm-table-output.patch,
    dmidecode-fix-redfish-hostname-print-length.patch,
    dmidecode-fix-system-slot-information-for-pcie-ssd.patch,
    dmidecode-missing-commas.patch,
    dmidecode-only-scan-dev-mem-for-entry-point-on-x86.patch and
    dmidecode-skip-details-of-uninstalled-memory-modules.patch.

- Security fix:
  * (CVE-2022-40674, bsc#1203438) use-after-free in the doContent
    function in xmlparse.c
  - Added patch expat-CVE-2022-40674.patch

- x86-shared-non-temporal-threshold.patch: Reversing calculation of
  __x86_shared_non_temporal_threshold (bsc#1201942)
- memcmp-power10.patch: powerpc: Optimized memcmp for power10
  (jsc#PED-987)

- FIPS: Zeroize the calculated hmac and new_hmac in the
  check_binary_integrity() function. [bsc#1191021]
  * Add gnutls-FIPS-Zeroize-check_binary_integrity.patch
- FIPS: Additional modifications to the SLI. [bsc#1190698]
  * Mark CMAC and GMAC and non-approved in gnutls_pbkfd2().
  * Mark HMAC keylength less than 112 bits as non-approved in
    gnutls_pbkfd2().
  * Adapt the pbkdf2 selftest and the regression tests accordingly.
  * Add gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch
- FIPS: Port GnuTLS to use jitterentropy [bsc#1202146, jsc#SLE-24941]
  * Add new dependency on jitterentropy
  * Add gnutls-FIPS-jitterentropy.patch

- Update to version 20220713.00 (bsc#1202100, bsc#1202101)
  * try restoring module mode (#172)
  * update for golang 1.16 (#171)
- from version 20220614.00
  * Remove log that can break startup scripts (#170)
- from version 20220603.00
  * repeat fix for arm (#169)
  * no authorized keys on debian (#168)
- from version 20220527.00
  * Add authorized keys command to the Windows agent package. (#167)
  * Support for Windows SSH (#164)
- from version 20220523.00
  * restore double slash metadata url (#166)
- from version 20220520.00
  * Support .exe as an option for scripts and refactor runScript (#165)
- Update to version 20220429.00
  * Move some functionality to a utils module (#162)
- Update to version 20220412.00
  * enable goproxy during build (#163)
- from version 20220321.00
  * enable routes for ipv6 (#160)

- Update to version 20220721.00 (bsc#1202100, bsc#1202101)
  * prune outdated info from readme (#86)
- from version 20220714.00
  * strip json-c version symbol (#84)
- from version 20220622.00
  * pam login: split conditions for logging (#83)
- use pam_moduledir (boo#1191036)
  * Support UsrMerge project
- Update to version 20220411.00
  * pam login: split conditions for logging (#83)

- Use install command in %post section to create state file (bsc#1202826)
- Remove useless creation of state file directory in /var/lib
- avoid bashim in post install scripts (bsc#1195391)
- Update to version 20220801.00 (bsc#1202100, bsc#1202101)
  * update OWNERS (#438)
  * Close client when RegisterAgent fails. (#436)
- from version 20220714.00
  * Add timeouts for pip/gem updates. (#433)
- from version 20220623.00
  * upgrade to golang 1.16 and override deb build settings for compatibility (#432)
- from version 20220606.00
  * new example policy to ensure sshd is running on windows VMs (#430)
- from version 20220531.00
  * Add default timeout for pip and gem list commands (#429)
- Don't restart daemon on package upgrade, create a state file instead (bsc#1194319)
- Update to version 20220314.01
  * Support COS on arm64 (#426)
- from version 20220314.00
  * Fix previous PR: exec.CommandContext cannot be reused (#425)
- from version 20220304.00
  * Update the error message when an exec task is run on Windows
    without an interpreter (#423)
  * Fix string that apt-get returns when requiring downgrade (#422)
  * e2e_tests: fix patch test rerun (#421)
  * Add --allow-downgrades flag to apt-get calls when it
    fails because of wanting to downgrade a package (#418)
  * Create e2e test that runs apt-get in a state that makes
    it downgrade a package (#420)
  * e2e_tests: update OS targets, adjust retries (#419)
  * Create change_group.yaml (#416)
- from version 20220215.00
  * Add regex support to package exclusion in OS Patch (#415)

- update to 2.5.5:
  * Fix a crash in the logging code
  * Upgrade autoconf
- update to 2.5.4:
  * Fix some minor build annoyances
- Update to 2.5.3:
  * Add a timeout for writing to a SOCKS5 proxy.
  * Add workaround for a problem with LD_LIBRARY_PATH on newer systems.
- qemu-disable-fdpassing-test.patch: remove
-Update to 2.5.2:
  * configure.ac: Bump LT version to C8/A8/R2
  * include libassuan.pc in the spec file

- FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
  * Add libgcrypt-FIPS-rndjent_poll.patch
- FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]
  * Consider approved keylength greater or equal to 112 bits.
  * Add libgcrypt-FIPS-kdf-leylength.patch
- FIPS: Zeroize buffer and digest in check_binary_integrity()
  * Add libgcrypt-FIPS-Zeroize-hmac.patch [bsc#1191020]
- FIPS: gpg/gpg2 gets out of core handler in FIPS mode while
  typing Tab key to Auto-Completion. [bsc#1182983]
  * Add libgcrypt-out-of-core-handler.patch
- FIPS: Port libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941]
  * Enable the jitter based entropy generator by default in random.conf
  - Add libgcrypt-jitterentropy-3.3.0.patch
  * Update the internal jitterentropy to version 3.4.0
  - Add libgcrypt-jitterentropy-3.4.0.patch

- fix CVE-2021-46828: libtirpc: DoS vulnerability with lots of
  connections (bsc#1201680)
  - add 0001-Fix-DoS-vulnerability-in-libtirpc.patch

- Resolver: Fix missing --[no]-recommends initialization in
  update (fixes #openSUSE/zypper#459, bsc#1201972)
- Log ONLY_NAMESPACE_RECOMMENDED because this is what corresponds
  to --[no]-recommends.
- version 17.31.2 (22)
- UsrEtc: Store logrotate files in %{_distconfdir} if defined
  (fixes #402)
- Log backtrace on SIGABRT too.
- Need to explicitly enable building experimental code. Otherwise
  an old Notcurses++ package which happens to be present in the
  buildenv breaks the build (fixes #412).
- Work around libyui/libyui#78 on code 15.4 and older.
- Stop using std::*ary_function; deprecated and removed in c++17.
- Don't expose header files which use types not available in
  c++11.  In 15.3 and older, YAST and PK compile with -std=c++11.
- Remove no longer needed %post code (bsc#1203649)
- Enable zck support for SLE15-SP4 and newer. On Leap it is enabled
  since 15.1 (bsc#1189282)
- version 17.31.1 (22)

- lvm2.spec %post deletes libdevmapper and triggers kernel panic (bsc#1198523)
  - change %post behaviour, only do deleting job for non-link folder

- Added d3e402928b6eb3327f8f7d59a9edfa622fec557b.patch: (boo#1157805 CVE-2019-19246)
  oniguruma: Heap-based buffer over-read in str_lower_case_match in regexec.c
- Added 6eb4aca6a7f2f60f473580576d86686ed6a6ebec.patch: (boo#1164569 CVE-2019-19204)
  oniguruma: heap-based buffer over-read in function fetch_interval_quantifier in regparse.c
- Added aa0188eaedc056dca8374ac03d0177429b495515.patch: (boo#1164550 CVE-2019-19203)
  oniguruma: heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c
- Added 4097828d7cc87589864fecf452f2cd46c5f37180.patch: (boo#1150130 CVE-2019-16163)
  oniguruma: stack Exhaustion in regcomp.c because of recursion in regparse.c.
- Added cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0.patch: (boo#1177179 CVE-2020-26159)
  oniguruma: Buffer overflow in concat_opt_exact_str could result in DoS
- Added 0f7f61ed1b7b697e283e37bd2d731d0bd57adb55.patch: (boo#1142847 CVE-2019-13224)
  oniguruma: use-after-free in onig_new_deluxe() in regext.c

- merge gh#openSUSE/perl-bootloader#139
- fix sysconfig parsing (bsc#1198828)
- 0.939
- merge gh#openSUSE/perl-bootloader#138
- grub2/install: reset error code when passing through recover code
  (bsc#1198197)
- 0.938

  * chkstat: also consider group controlled paths (bsc#1203018, CVE-2022-31252)
- Update to version 20201225:

- Add patch CVE-2021-28861-double-slash-path.patch:
  * http.server: Fix an open redirection vulnerability in the HTTP server
    when an URI path starts with //. (bsc#1202624, CVE-2021-28861)

- Update to runc v1.1.4. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.4.
  * Fix mounting via wrong proc fd. When the user and mount namespaces are
    used, and the bind mount is followed by the cgroup mount in the spec,
    the cgroup was mounted using the bind mount's mount fd.
  * Switch kill() in libcontainer/nsenter to sane_kill().
  * Fix "/permission denied"/ error from runc run on noexec fs.
  * Fix failed exec after systemctl daemon-reload. Due to a regression
    in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and
    was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded.
    (boo#1202821)

- update to 3.39.3:
  * Use a statement journal on DML statement affecting two or more
    database rows if the statement makes use of a SQL functions
    that might abort.
  * Use a mutex to protect the PRAGMA temp_store_directory and
    PRAGMA data_store_directory statements, even though they are
    decremented and documented as not being threadsafe.
- update to 3.39.2:
  * Fix a performance regression in the query planner associated
    with rearranging the order of FROM clause terms in the
    presences of a LEFT JOIN.
  * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
    1345947, forum post 3607259d3c, and other minor problems
    discovered by internal testing. [boo#1201783]
- update to 3.39.1:
  * Fix an incorrect result from a query that uses a view that
    contains a compound SELECT in which only one arm contains a
    RIGHT JOIN and where the view is not the first FROM clause term
    of the query that contains the view
  * Fix a long-standing problem with ALTER TABLE RENAME that can
    only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set
    to a very small value.
  * Fix a long-standing problem in FTS3 that can only arise when
    compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time
    option.
  * Fix the initial-prefix optimization for the REGEXP extension so
    that it works correctly even if the prefix contains characters
    that require a 3-byte UTF8 encoding.
  * Enhance the sqlite_stmt virtual table so that it buffers all of
    its output.
- update to 3.39.0:
  * Add (long overdue) support for RIGHT and FULL OUTER JOIN
  * Add new binary comparison operators IS NOT DISTINCT FROM and
    IS DISTINCT FROM that are equivalent to IS and IS NOT,
    respective, for compatibility with PostgreSQL and SQL standards
  * Add a new return code (value "/3"/) from the sqlite3_vtab_distinct()
    interface that indicates a query that has both DISTINCT and
    ORDER BY clauses
  * Added the sqlite3_db_name() interface
  * The unix os interface resolves all symbolic links in database
    filenames to create a canonical name for the database before
    the file is opened
  * Defer materializing views until the materialization is actually
    needed, thus avoiding unnecessary work if the materialization
    turns out to never be used
  * The HAVING clause of a SELECT statement is now allowed on any
    aggregate query, even queries that do not have a GROUP BY
    clause
  * Many microoptimizations collectively reduce CPU cycles by about
    2.3%.
- drop sqlite-src-3380100-atof1.patch, included upstream
- add sqlite-src-3390000-func7-pg-181.patch to skip float precision
  related test failures on 32 bit
- update to 3.38.5:
  * Fix a blunder in the CLI of the 3.38.4 release
- includes changes from 3.38.4:
  * fix a byte-code problem in the Bloom filter pull-down
    optimization added by release 3.38.0 in which an error in the
    byte code causes the byte code engine to enter an infinite loop
    when the pull-down optimization encounters a NULL key
- update to 3.38.3:
  * Fix a case of the query planner be overly aggressive with
    optimizing automatic-index and Bloom-filter construction,
    using inappropriate ON clause terms to restrict the size of the
    automatic-index or Bloom filter, and resulting in missing rows
    in the output.
  * Other minor patches. See the timeline for details.
- update to 3.38.2:
  * Fix a problem with the Bloom filter optimization that might
    cause an incorrect answer when doing a LEFT JOIN with a WHERE
    clause constraint that says that one of the columns on the
    right table of the LEFT JOIN is NULL.
  * Other minor patches.
- Remove obsolete configure flags
- Package the Tcl bindings here again so that we only ship one copy
  of SQLite (bsc#1195773).
- update to 3.38.1:
  * Fix problems with the new Bloom filter optimization that might
    cause some obscure queries to get an incorrect answer.
  * Fix the localtime modifier of the date and time functions so
    that it preserves fractional seconds.
  * Fix the sqlite_offset SQL function so that it works correctly
    even in corner cases such as when the argument is a virtual
    column or the column of a view.
  * Fix row value IN operator constraints on virtual tables so that
    they work correctly even if the virtual table implementation
    relies on bytecode to filter rows that do not satisfy the
    constraint.
  * Other minor fixes to assert() statements, test cases, and
    documentation. See the source code timeline for details.
- add upstream patch to run atof1 tests only on x86_64
  sqlite-src-3380100-atof1.patch
- update to 3.38.0
  * Add the -> and ->> operators for easier processing of JSON
  * The JSON functions are now built-ins
  * Enhancements to date and time functions
  * Rename the printf() SQL function to format() for better
    compatibility, with alias for backwards compatibility.
  * Add the sqlite3_error_offset() interface for helping localize
    an SQL error to a specific character in the input SQL text
  * Enhance the interface to virtual tables
  * CLI columnar output modes are enhanced to correctly handle tabs
    and newlines embedded in text, and add options like "/--wrap N"/,
    "/--wordwrap on"/, and "/--quote"/ to the columnar output modes.
  * Query planner enhancements using a Bloom filter to speed up
    large analytic queries, and a balanced merge tree to evaluate
    UNION or UNION ALL compound SELECT statements that have an
    ORDER BY clause.
  * The ALTER TABLE statement is changed to silently ignores
    entries in the sqlite_schema table that do not parse when
    PRAGMA writable_schema=ON
- update to 3.37.2:
  * Fix a bug introduced in version 3.35.0 (2021-03-12) that can
    cause database corruption if a SAVEPOINT is rolled back while
    in PRAGMA temp_store=MEMORY mode, and other changes are made,
    and then the outer transaction commits
  * Fix a long-standing problem with ON DELETE CASCADE and ON
    UPDATE CASCADE in which a cache of the bytecode used to
    implement the cascading change was not being reset following a
    local DDL change
- update to 3.37.1:
  * Fix a bug introduced by the UPSERT enhancements of version
    3.35.0 that can cause incorrect byte-code to be generated for
    some obscure but valid SQL, possibly resulting in a NULL-
    pointer dereference.
  * Fix an OOB read that can occur in FTS5 when reading corrupt
    database files.
  * Improved robustness of the --safe option in the CLI.
  * Other minor fixes to assert() statements and test cases.
- SQLite3 3.37.0:
  * STRICT tables provide a prescriptive style of data type
    management, for developers who prefer that kind of thing.
  * When adding columns that contain a CHECK constraint or a
    generated column containing a NOT NULL constraint, the
    ALTER TABLE ADD COLUMN now checks new constraints against
    preexisting rows in the database and will only proceed if no
    constraints are violated.
  * Added the PRAGMA table_list statement.
  * Add the .connection command, allowing the CLI to keep multiple
    database connections open at the same time.
  * Add the --safe command-line option that disables dot-commands
    and SQL statements that might cause side-effects that extend
    beyond the single database file named on the command-line.
  * CLI: Performance improvements when reading SQL statements that
    span many lines.
  * Added the sqlite3_autovacuum_pages() interface.
  * The sqlite3_deserialize() does not and has never worked
    for the TEMP database. That limitation is now noted in the
    documentation.
  * The query planner now omits ORDER BY clauses on subqueries and
    views if removing those clauses does not change the semantics
    of the query.
  * The generate_series table-valued function extension is modified
    so that the first parameter ("/START"/) is now required. This is
    done as a way to demonstrate how to write table-valued
    functions with required parameters. The legacy behavior is
    available using the -DZERO_ARGUMENT_GENERATE_SERIES
    compile-time option.
  * Added new sqlite3_changes64() and sqlite3_total_changes64()
    interfaces.
  * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
  * Use less memory to hold the database schema.
  * bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert
    extension when a column has no collating sequence.

- BuildRequires:  libzypp-devel >= 17.31.2.
- Fix --[no]-allow-vendor-change feedback in install command
  (bsc#1201972)
- version 1.14.57
- UsrEtc: Store logrotate files in %{_distconfdir} if defined
  (fixes #441, fixes #444)
- Remove unneeded code to compute the PPP status.
  Since libzypp 17.23.0 the PPP status is auto established. No
  extra solver run is needed.
- Make sure 'up' respects solver related CLI options (bsc#1201972)
- Fix tests to use locale "/C.UTF-8"/ rather than "/en_US"/.
- Fix man page (fixes #451)
- version 1.14.56