antlr
- Build antlr-manual package without examples files [bsc#1120360]
- Remove not needed files
apache-commons-cli
- Rebased patch CLI-253-workaround.patch to new version.
- Updated build XML file to new version.
- Harmonized the use of X.Y.X strings everywhere.
- Updated new source locations from Apache.
- Added 'apache-commons-cli-rpmlintrc' to silence 'package-with-huge-docs' warning (Javadoc generates many files...)
- Update to 1.5:
  * New features:
  - (CLI-217) Accommodate toggling partial matching in DefaultParser. Thanks to Rubin Simons.
  - (CLI-274) Option parser type EXISTING_FILE_VALUE not check file existing Thanks to Béla Schaum.
  - (CLI-271) CommandLine.getXXX and CommandLine.hasXXX should accept an Option as a parameter Thanks to Christoph Läubrich.
  - (CLI-276) Adjust access-modifier of checkRequiredOptions() to protected. Thanks to Jason Dillon.
  - (CLI-282) TypeHandler should throw ParseException for an unsupported class. Thanks to Alex Nordlund.
  - Added setter for Builder.option #33. Thanks to Waldemar Sojka, Gary Gregory.
  - Add Option unit tests #76. Thanks to Waldemar Sojka, Gary Gregory.
  * Fixed bugs:
  - Fix NPE in DefaultParser.isLongOption(String). Thanks to Gary Gregory.
  - (CLI-279) @param or @return lines should end with a period in CommandLine.java Thanks to Krishna Mohan Rao Kandunoori.
  - Replace deprecated FindBugs with SpotBugs. Thanks to Gary Gregory.
  - Replace CLIRR with JApiCmp. Thanks to Gary Gregory.
  - Option Javadocs grammar nits #55. Thanks to Elliotte Rusty Harold.
  - Minor Improvements #57, #61. Thanks to Arturo Bernal, Gary Gregory.
  - (CLI-254) Input "test" gets parsed as test, quotes die #58. Thanks to stoty.
  - (CLI-287) Allow whitespace-only header and footer #26. Thanks to MrQubo, Gary Gregory.
  * Updates:
  - (CLI-294) Update Java from version 5 to 7.
  - Docs: Replace OptionBuilder in usage page #30. Thanks to Mincong Huang.
  - Remove deprecated sudo setting. #36. Thanks to dengliming.
  - Bump junit:junit from 4.12 to 4.13.2, #53, #60. Thanks to Gary Gregory, Dependabot.
  - Bump commons-parent from 48 to 52. Thanks to Dependabot.
  - Bump maven-pmd-plugin from 3.12.0 to 3.15.0, #44, #54, #67. Thanks to Dependabot.
  - Bump actions/checkout from v2.3.1 to v2.3.5 #46, #72. Thanks to Dependabot.
  - Bump actions/setup-java from v1.4.2 to v2 #50. Thanks to Dependabot, Gary Gregory.
  - Bump maven-antrun-plugin from 1.7 to 3.0.0 #43. Thanks to Dependabot.
  - Bump maven-checkstyle-plugin from 2.15 to 3.1.2 #41. Thanks to Gary Gregory.
  - Bump checkstyle to 9.0.1 #68. Thanks to Gary Gregory.
  - Bump actions/cache from 2 to 2.1.6 #64, #65. Thanks to Dependabot.
  - Bump commons.animal-sniffer.version 1.19 -> 1.20. Thanks to Gary Gregory.
  - Bump maven-bundle-plugin 5.1.1 -> 5.1.2. Thanks to Gary Gregory.
  - Bump biz.aQute.bndlib.version 5.1.2 -> 6.0.0. Thanks to Gary Gregory.
  - Bump spotbugs from 4.4.1 to 4.4.2 #70. Thanks to Dependabot.
  - Bump spotbugs-maven-plugin from 4.4.1 to 4.4.2.2 #71. Thanks to Dependabot.-

- Add OSGi manifest to the build files.
- Set java source/target levels to 6
apache-commons-codec
- Do not alias the artifact to itself

- Update to 1.15
  * Fix: MurmurHash3: Ensure hash128 maintains the sign extension bug.
  * Update: Base32/Base64/BCodec: Added strict decoding property to
    control handling of trailing bits. Default lenient mode discards
    them without error. Strict mode raise an exception.
  * Update: Base32/Base64 Input/OutputStream: Added strict decoding
    property to control handling of trailing bits. Default lenient
    mode discards them without error. Strict mode raise an exception.
  * Update: Update tests from JUnit 4.12 to 4.13.
  * Add: Base16Codec and Base16Input/OutputStream.
  * Add: Hex encode/decode with existing arrays.
  * Update: Update actions/checkout from v1 to v2.3.2.
  * Update: Update actions/setup-java from v1.4.0 to v1.4.1.
- Remove timeout.patch

- Update to version 1.14
  * Release 1.14 - 2019-12-30
  - Fix: Hex: Allow encoding read-only ByteBuffer.
  - Fix: Hex: Only use an available ByteBuffer backing array if
    the length equals the remaining byte count.
  - Update: MurmurHash3: Deprecate hash64 methods and hash methods
    accepting a String that use the default encoding.
  - Fix: BaseNCodec to expand buffer using overflow conscious code.
  - Fix: Base32/64: Fixed decoding check that all the final trailing
    bits to discard are zero.
  - Add: Add MurmurHash3.hash128x64 methods to fix sign extension error
    during seeding in hash128 methods.
  - Add: Add MurmurHash3.hash32x86 methods and IncrementalHash32x86 to
    fix sign extension error in hash32 methods.
  - Fix: Allow repeat calls to MurmurHash3.IncrementalHash32.end() to
    generate the same value.
  - Add: Add RandomAccessFile digest methods #31.
  - Add: Add Path APIs to org.apache.commons.codec.digest.DigestUtils
    similar to File APIs.
  - Add: Add SHA-512/224 and SHA-512/256 to DigestUtils for Java 9 and up.
  - Add: Add missing note in javadoc when sign extension error is present #34.
  - Fix: Reliance on default encoding in MurmurHash2 and MurmurHash3.
  - Update: Don't reload standard Charsets in org.apache.commons.codec.Charsets.
  - Update: Deprecate Charset constants in org.apache.commons.codec.Charsets
    in favor of java.nio.charset.StandardCharsets.
  * Release 1.13 - 2019-07-20
  - Fix: ColognePhonetic handles x incorrectly.
  - Fix: ColognePhonetic does not treat the letter H correctly.
  - Fix: Reject any decode request for a value that is impossible to
    encode to for Base32/Base64 rather than blindly decoding.
  - Add: MurmurHash2 for 32-bit or 64-bit value.
  - Add: MurmurHash3 for 32-bit or 128-bit value.
  - Update: Broken direct java.nio.ByteBuffer support in
    org.apache.commons.codec.binary.Hex.
  * Release 1.12 - 2019-02-04
  - Fix: B64 salt generator: Random -> ThreadLocalRandom.
  - Fix: Wrong value calculated by Cologne Phonetic if a special character
    is placed between equal letters.
  - Update: Update from Java 6 to Java 7.
  - Add: Add Percent-Encoding Codec (described in RFC3986 and RFC7578).
  - Fix: ColognePhoneticTest.testIsEncodeEquals missing assertions.
  - Add: Add SHA-3 methods in DigestUtils.
apache-commons-collections
- Do not use a dummy pom that only declares dependencies for the
  testframework artifact
- Clean up the spec file
apache-commons-daemon
- Update to 1.3.2:
  * Fixes:
  - Procrun. Remove noisy INFO log message that triggered logging
    once per minute while the service was running.
  - Fix typos in Javadoc and comments.
  - Procrun. The DependsOn parameter is no longer ignored when
    updating the service configuration.
  - Fix crash and provide an error level log message when the
    user attempts to start the service without configuring a
    JVM and none is available via the registry.
  * Updates:
  - Bump actions/cache from 3.0.3 to 3.0.8.
  - Bump actions/checkout from 3 to 3.0.2.
  - Bump commons-parent from 53 to 54.
  - Bump spotbugs-maven-plugin from 4.6.0.0 to 4.7.2.0.
  - Bump jacoco-maven-plugin from 0.8.7 to 0.8.8.
  - Bump japicmp-maven-plugin from 0.15.4 to 0.16.0.
  - Bump JUnit 4 to 5 vintage.
  * Remove apache-commons-daemon-riscv64.patch already upstream

- Build with source/target levels 8

- Define %%make_build for systems where it is not defined in
  rpm macros

- Update to 1.2.4
  * Procrun. Ensure that log messages written to stdout and stderr
    are not lost during start-up.
  * Procrun. Correct a regression introduced in 1.2.3. Enable the
    service to start if the Options value is not present in the
    registry.
  * jsvc. Don't fail if the CAP_DAC_READ_SEARCH capability is not
    available. Fall back to using argv[0] rather than
    /proc/self/exe to determine the path for the current binary.
  * Improved JRE/JDK detection to support increased range of both
    JVM versions and vendors

- Update to 1.2.3
  * Fix: Procrun. Correct multiple issues related to enabling a
    service to interact with the desktop. Provide a better error
    message if this option is used with an invalid user, install
    the service with the option enabled if requested and correctly
    save the setting if it is enabled in the GUI.
  * Fix: jsvc. Update the list of paths searched for libjvm.so to
    include the path used by OpenJDK 11.
  * Add: Procrun. Add additional debug logging for Java start mode.
  * Fix: jsvc. Remove incorrect definition 'supported_os' which
    defined in psupport.m4 file to fix jsvc build error on s390,
    arm, aarch64, mipsel and mips.
  * Add: More debug logging in prunsrv.c and javajni.c.
  * Add: Update arguments.c to support Java 11 --enable-preview.
  * Add: jsvc and Procrun. Add support for Java native memory tracking.
  * Add: Procrun. Add a new command, print, that outputs the command to
    (re-)configure the service with the current settings. This is
    intended to be used to save settings such as before an upgrade.
- Rebase apache-commons-daemon-riscv64.patch
- Remove apache-commons-daemon-s390x.patch fixed upstream

- Generate ant build file and customize it in order to be able to
  build this ring package without cycles. Ring packages cannot be
  built using maven.
- Modified patches:
  * apache-commons-daemon-JAVA_OS.patch
  * apache-commons-daemon-riscv64.patch
  * apache-commons-daemon-s390x.patch
    + Do not patch configure file itself, since we generate it
    during the build

- Update to 1.2.2
  * Release 1.2.2 - 2019-10-04
  - Fix: Procrun. Correct a regression in the fix for DAEMON-401
    that prevented the service from starting unless support for the
    universal C runtime had been installed.
  - Update: Update Commons-Parent to version 49.
  * Release 1.2.1 - 2019-09-09
  - Fix: jsvc. Correct debug log message that reports change in umask.
  - Fix: Procrun. Correct a regression in the previous fix for this
    issue that caused 32-bit services to crash on start-up. Fixes DAEMON-401.
  - Fix: Procrun. Correct a regression in the fix for DAEMON-391
    that caused the GUI to mix-up the WARN and INFO logging levels.
  * Release 1.2.0 - 2019-07-02
  - Fix: Procrun. Only set the global shutdown event if the event is created.
  - Fix: Unable to build with Java 9 using ant; dropped Ant build files.
  - Fix: Procrun. prunsrv stopping with error due to hard-coded timeout.
  - Fix: Update config.guess and config.sub.
  - Fix: Jsvc. Set the sun.java.command system property when starting via jsvc
    so that tools like jconsole show something meaningful for the process name.
  - Fix: Procrun. Correct the level name used in the GUI for WARN so that
    changes made via the GUI are recognised. Order the log levels in the
    drop-down from ERROR to DEBUG.
  - Fix: Procrun. Correct reversed code comments for JRE and JDK locations
    in the registry.
  - Fix: Procrun. Fix a bug that meant a value provided for LibraryPath
    replaced the value of the PATH environment variable rather than prepended to it.
  - Fix: Procrun. Ensure that the java.library.path environment variable is
    correctly configured when running on a JRE that depends on the Universal CRT.
  - Add: Procrun. Log the error code returned if JVM creation fails to aid debugging.
  - Fix: Procrun. Ensure that environment variables set via prunsrv are visible
    to native libraries that depend on the Universal CRT.
  - Fix: Procrun. Remove the code that removed quotes from configured Java and
    Java 9 Options.
  - Add: Procrun. Add an option to configure the service to use the 'Automatic
    (Delayed Start)' startup mode.
  - Add: Procrun. When running in jre mode, if the standard Java registry
    entries for JavaHome and RuntimeLib are not present, attempt to use the
    Procrun JavaHome key to find the runtime library.
  - Add: jsvc. Include the full path to the jsvc executable in the debug log.
  * Release 1.1.0 - 2017-11-15
  - Update: Update the minimum Java requirement from version 5 to 6.
  - Update: Add AArch64 support to src/native/unix/support/apsupport.m4.
  - Fix: Remove calls to explicit garbage collection during daemon start and stop.
  - Fix: Update config.guess and config.sub to add support, amongst others,
    for the 64-bit PowerPC Little-Endian architecture.
  - Update: Update Commons-Parent to version 41.
  - Fix: Update apsupport.m4 add support for 64-bit PowerPC architectures.
  - Fix: Suppress spurious "The data area passed to a system call is too small"
    error message in the log when Procrun fails to stop the service.
  - Fix: Enable jsvc to start when running on Java 9.
  - Fix: Fix a resource leak opening the JVM configuration file.
    _ Fix: Improve the jsvc code that restarts the process if the JVM crashes so
    that if the JVM crashes after a signal has been received to shut down jsvc
    does not attempt to restart the JVM.
  - Fix: Ensure that the child process is started with the correct umask.
  - Fix: Correct conflicting information for the behaviour of Procrun when
    using jvm mode.
  - Fix: Ensure that, when using Procrun in java or exe mode, the service
    process waits for the stop process to complete before starting clean-up
    to avoid a crash in the stop process.
  - Fix: Enable jsvc to find the jvm when running on AIX.
  - Fix: Ensure that Procrun treats JVM crashes as service failures so the
    recovery options will apply.
  - Fix: Ensure that the //MQ command closes the prunmgr process even if
    the configuration dialog is open when the //MQ command is used.
  - Fix: Add support for Java 9 command line arguments to jsvc.
  - Add: Add a restarts options to jsvc to control the number of permitted
    restarts after a system crash.
  - Remove: Remove support for building Procrun for the Itanium platform.
  - Fix: Fix race conditions in PID file handling in jsvc.
- Remove patches:
  * apache-commons-daemon-ppc64.patch
  * apache-commons-daemon-aarch64.patch
- Refresh patches:
  * apache-commons-daemon-riscv64.patch
  * apache-commons-daemon-JAVA_OS.patch
- Update project keyring.
apache-commons-digester
- Build with java source and target levels 8

- Fixed SPEC file: Replaced broken URL.
apache-commons-el
- Build with java source and target levels 8
apache-commons-fileupload
- Upgrade to upstream version 1.5
  * New features:
    + Add a configurable limit (disabled by default) for the number
    of files to upload per request (bsc#1208513, CVE-2023-24998).
    The new configuration option (FileUploadBase#setFileCountMax)
    is not enabled by default and must be explicitly configured.
  * Fixed Bugs:
    + FILEUPLOAD-293: DiskFileItem.write(File) had been changed to
    use FileUtils.moveFile internally, preventing an existing file
    as the target.
    + Improve parsing speed.
  * Changes:
    + Bump Commons IO to 2.11.0
    + FILEUPLOAD-328 Switch from Cobertura code coverage to Jacoco
    code coverage.
    + Bump JUnit to 4.13.2

- Build with java source and target levels 8
apache-commons-jexl
- Build with java source and target levels 8
apache-commons-lang3
- Remove the junit bom dependency for now as it breaks the build of
  other packages like log4j.
  * Add apache-commons-lang3-junit-bom.patch

- Fix component version in default.properties to 3.12

- Updated download URL.
- Update to 3.12.0:
  - New features:
  * Add BooleanUtils.booleanValues().
  * Add BooleanUtils.primitiveValues().
  * Add StringUtils.containsAnyIgnoreCase(CharSequence, CharSequence...).
  * Add StopWatch.getStopTime().
  * More test coverage for CharSequenceUtils.
  * Add fluent-style ArraySorter.
  * Add and use LocaleUtils.toLocale(Locale) to avoid NPEs.
  * Add FailableShortSupplier, handy for JDBC APIs.
  * Add JavaVersion.JAVA_17.
  * Add missing boolean[] join method.
  * Add StringUtils.substringBefore(String, int).
  * Add Range.INTEGER.
  * Add DurationUtils.
  * Introduce the use of @Nonnull, and @Nullable, and the Objects class as a helper tool.
  * Add and use true and false String constants.
  * Add and use ObjectUtils.requireNonEmpty().
  - Fixed Bugs:
  * Correct implementation of RandomUtils.nextLong(long, long).
  * Restore handling of collections for non-JSON ToStringStyle.
  * ContextedException Javadoc add missing semicolon.
  * Resolve JUnit pioneer transitive dependencies using JUnit BOM.
  * NumberUtilsTest - incorrect types in min/max tests.
  * Improve StringUtils.stripAccents conversion of remaining accents.
  * StringUtils.countMatches - clarify Javadoc.
  * Remove redundant argument from substring call.
  * BigDecimal is created when you pass it the min and max values.
  * ArrayUtils.contains() and indexOf() fail to handle Double.NaN.
  * ArrayUtils contains() and indexOf() fail to handle Float.NaN.
  * Fix potential NPE in TypeUtils.isAssignable(Type, ParameterizedType, Map, Type>).
  * TypeUtils.isAssignable returns wrong result for GenericArrayType and ParameterizedType.
  * testGetAllFields and testGetFieldsWithAnnotation sometimes fail.
  * Fix Javadoc for SystemUtils.isJavaVersionAtMost().
  * Fix StringUtils.unwrap throws StringIndexOutOfBoundsException.
  * Fix formatting of isAnyBlank() and isAnyEmpty().
  * TypeUtils. containsTypeVariables does not support GenericArrayType.
  * Javadoc of some methods incorrectly refers to another method.
  * Refine StringUtils.lastIndexOfIgnoreCase.
  * Refine StringUtils.abbreviate.
  * Refine StringUtils.isNumericSpace.
  * Refine StringUtils.deleteWhitespace.
  * Correction in Javadoc of some methods.
  * Javadoc for RandomStringUtils.random() letters, numbers parameters is wrong.
  * Correct markup in Javadoc for unbalanced braces.
  * MethodUtils.invokeMethod NullPointerException in case of null in args list.
  * Fix 2 digit week year formatting.
  * Fix broken Javadoc links to commons-text.
  * Add and use ThreadUtils.sleep(Duration).
  * Add and use ThreadUtils.join(Thread, Duration).
  * Add ObjectUtils.wait(Duration).
  - Changes:
  * ArrayUtils.toPrimitive(Object) does not support boolean and other types.
  * Enable Dependabot.
  * Bump junit-jupiter from 5.6.2 to 5.7.0.
  * Bump spotbugs from 4.1.2 to 4.2.1.
  * Bump spotbugs-maven-plugin from 4.0.0 to 4.2.0.
  * Bump biz.aQute.bndlib from 5.1.1 to 5.3.0.
  * Bump junit-pioneer from 0.6.0 to 1.1.0.
  * Bump checkstyle from 8.34 to 8.40.
  * Bump actions/checkout from v2.3.1 to v2.3.4.
  * Bump actions/setup-java from v1.4.0 to v1.4.2.
  * Update commons.jacoco.version 0.8.5 to 0.8.6 (Fixes Java 15 builds).
  * Update maven-surefire-plugin 2.22.2 -> 3.0.0-M5.
  * Bump maven-pmd-plugin from 3.13.0 to 3.14.0.
  * Bump jmh.version from 1.21 to 1.27.
  * Update commons.japicmp.version 0.14.3 -> 0.15.2.
  * Processor.java: check enum equality with == instead of .equals() method.
  * Bump junit-pioneer from 1.1.0 to 1.3.0.
  * Bump maven-checkstyle-plugin from 3.1.1 to 3.1.2.
  * Bump actions/cache from v2 to v2.1.4.
  * Bump junit-bom from 5.7.0 to 5.7.1.
  * Minor Improvements.
  * Minor Improvement: Add final variable.try to make the code read-only.
  * Minor Improvement: Remove redundant initializer.
  * Use own validator ObjectUtils.anyNull to check null String input.
- From 3.11 Update:
  - New features:
  * Add ArrayUtils.isSameLength() to compare more array types.
  * Added the Locks class as a convenient possibility to deal with locked objects.
  * Add to Functions: FailableBooleanSupplier, FailableIntSupplier, FailableLongSupplier, FailableDoubleSupplier, and so on.
  * Add ArrayUtils.get(T[], index, T) to provide an out-of-bounds default value.
  * Add JavaVersion enum constants for Java 14 and 15.
  * Add JavaVersion enum constants for Java 16.
  * Use Java 8 lambdas and Map operations.
  * Change removeLastFieldSeparator to use endsWith.
  * Change a Pattern to a static final field, for not letting it compile each time the function invoked.
  * Add ImmutablePair factory methods left() and right().
  * Add ObjectUtils.toString(Object, Supplier<String>).
  * Add org.apache.commons.lang3.StringUtils.substringAfter(String, int).
  * Add org.apache.commons.lang3.StringUtils.substringAfterLast(String, int).
  - Fixed Bugs:
  * Fix Javadoc for StringUtils.appendIfMissingIgnoreCase().
  * Refine Javadoc.
  * Fix typos
  * Ignored exception `ignored`, should not be called so.
  * StringUtils.replaceEachRepeatedly gives IllegalStateException.
  * [JSON string for maps] ToStringBuilder.reflectionToString doesnt render nested maps correctly.
  * Correct Javadocs of methods that use Validate.notNull() and replace some uses of Validate.isTrue() with Validate.notNull().
  * Add allNull() and anyNull() methods to ObjectUtils.
  - Changes:
  * Refine test output for FastDateParserTest
  * CharSequenceUtils.lastIndexOf : remake it
  * remove encoding and docEncoding and use inherited values from commons-parent
  * Simplify null checks in Pair.hashCode() using Objects.hashCode().
  * Simplify null checks in Triple.hashCode() using Objects.hashCode().
  * Simplify some if statements in StringUtils.
  * Simplify a null check in the private replaceEach() method of StringUtils.
  * Replace some usages of the ternary operator with calls to Math.max() and Math.min().
  * (Javadoc) Fix return tag for throwableOf*() methods.
  * CharSequenceUtils.regionMatches is wrong dealing with Georgian.
  * Optimize ArrayUtils::isArrayIndexValid method.
  * Use List.sort instead of Collection.sort.
  * Use StandardCharsets.UTF_8.
  * Use Collections.singletonList insteadof Arrays.asList when there be only one element.
  * Change array style from `int a[]` to `int[] a`.
  * Change from addAll to constructors for some List.
  * Simplify if as some conditions are covered by others.
  * Fixed Javadocs for setTestRecursive().
  * ToStringBuilder.reflectionToString - Wrong JSON format when object has a List of Enum.
  * Make org.apache.commons.lang3.CharSequenceUtils.toCharArray(CharSequence) public.
  * org.apache.commons:commons-parent 50 -> 51.
  * org.junit-pioneer:junit-pioneer 0.5.4 -> 0.6.0.
  * org.junit.jupiter:junit-jupiter 5.6.0 -> 5.6.2.
  * com.github.spotbugs:spotbugs 4.0.0 -> 4.0.6.
  * com.puppycrawl.tools:checkstyle 8.29 -> 8.34.
  * commons.surefire.version 3.0.0-M4 -> 3.0.0-M5..
- From 3.10 Update:
  - New features:
  * Add ExceptionUtils.throwableOfType(Throwable, Class) and friends.
  * Add EMPTY_ARRAY constants to classes in org.apache.commons.lang3.tuple.
  * Add null-safe StringUtils APIs to wrap String#getBytes([Charset|String]).
  * Add zero arg constructor for org.apache.commons.lang3.NotImplementedException.
  * Add ArrayUtils.addFirst() methods.
  * Add Range.fit(T) to fit a value into a range.
  * Added Functions.as*, and tests thereof, as suggested by Peter Verhas
  * Add getters for lhs and rhs objects in DiffResult.
  * Generify builder classes Diffable, DiffBuilder, and DiffResult.
  * Add ClassLoaderUtils with toString() implementations.
  * Add null-safe APIs as StringUtils.toRootLowerCase(String) and StringUtils.toRootUpperCase(String).
  * Add org.apache.commons.lang3.time.Calendars.
  * Add EnumUtils getEnum() methods with default values.
  * Added indexesOf methods and simplified removeAllOccurences.
  * Add support of lambda value evaluation for defaulting methods.
  * Add factory methods to Pair classes with Map.Entry input.
  * Add StopWatch convenience APIs to format times and create a simple instance.
  * Allow a StopWatch to carry an optional message.
  * Add ComparableUtils.
  * Add org.apache.commons.lang3.SystemUtils.getUserName().
  * Add ObjectToStringComparator.
  * Add org.apache.commons.lang3.arch.Processor.Arch.getLabel().
  * Add IS_JAVA_14 and IS_JAVA_15 to org.apache.commons.lang3.SystemUtils.
  * ObjectUtils: Get first non-null supplier value.
  * Added the Streams class, and Functions.stream() as an accessor thereof.
  - Fixed Bugs:
  * Make test more stable by wrapping assertions in hashset.
  * Generate Javadoc jar on build.
  * Trivial: year of release for 3.9 says 2018, should be 2019.
  * Use synchronize on a set created with Collections.synchronizedSet before iterating.
  * StringUtils.unwrap incorrect throw StringIndexOutOfBoundsException.
  * StringIndexOutOfBoundsException in StringUtils.replaceIgnoreCase.
  * StringUtils.removeIgnoreCase("?a", "a") throws IndexOutOfBoundsException.
  * Corrected usage examples in Javadocs.
  * StringUtils abbreviate returns String of length greater than maxWidth.
  * Test may fail due to a different order of fields returned by reflection api.
  * Sort fields in ReflectionToStringBuilder for deterministic order.
  * MethodUtils will throw a NPE if invokeMethod() is called for a var-args method.
  * MethodUtils.getAnnotation() with searchSupers = true does not work if super is generic.
  - Changes:
  * Remove redundant if statements in join methods.
  * commons.japicmp.version 0.13.1 -> 0.14.1.
  * junit-jupiter 5.5.0 -> 5.5.1.
  * junit-jupiter 5.5.1 -> 5.5.2.
  * Improve Javadoc based on the discussion of the GitHub PR.
  * maven-checkstyle-plugin 3.0.0 -> 3.1.0.
  * Update documentation related to the issue LANG-696.
  * AnnotationUtils little cleanup.
  * Update test dependency: org.easymock:easymock 4.0.2 -> 4.1.
  * Update test dependency: org.hamcrest:hamcrest 2.1 -> 2.2.
  * Update test dependency: org.junit-pioneer:junit-pioneer 0.3.0 -> 0.4.2.
  * Update build dependency: com.puppycrawl.tools:checkstyle 8.18 -> 8.27.
  * Update POM parent: org.apache.commons:commons-parent 48 -> 50.
  * BooleanUtils Javadoc.
  * Functions Javadoc.
  * org.easymock:easymock 4.1 -> 4.2.
  * org.junit-pioneer:junit-pioneer 0.4.2 -> 0.5.4.
  * org.junit.jupiter:junit-jupiter 5.5.2 -> 5.6.0.
  * Use Javadoc {@code} instead of pre tags.
  * ExceptionUtilsTest to 100%.
  * Reuse own code in Functions.java.
  * Avoid unnecessary allocation in StringUtils.wrapIfMissing.
  * Internally use Validate.notNull(foo, ...) instead of Validate.isTrue(foo != null, ...).
  * Add 1 and 0 in toBooleanObject(final String str).
  * Remove an redundant argument check in NumberUtils.
  * Deprecate org.apache.commons.lang3.ArrayUtils.removeAllOccurences(*) for org.apache.commons.lang3.ArrayUtils.removeAllOccurrences(*).

- Fixed SPEC file: Replaced broken URL
- Update to 3.9
  * Requires jdk >= 1.8
  * Fixed issues with java 12
  * Add more SystemUtils.IS_JAVA_XX variants
  * Adding the Functions class
  * Add @FunctionalInterface to ThreadPredicate and ThreadGroupPredicate
  * Add isEmpty method to ObjectUtils
  * null-safe StringUtils.valueOf(char[]) to delegate to
    String.valueOf(char[]).
  * Add API org.apache.commons.lang3.SystemUtils.isJavaVersionAtMost(JavaVersion)
  * Consolidate the StringUtils equals and equalsIgnoreCase

- Add OSGi manifest
apache-commons-logging
- Do not build against the log4j12 packages, use the new reload4j

- Disable tests everywhere, not only for arm6

- Added patch
  * no-tests.patch
    + ignore failing tests for arm6
apache2
- Security update:
  * fix CVE-2023-27522 [bsc#1209049], mod_proxy_uwsgi HTTP response splitting
    + Added patch apache2-CVE-2023-27522.patch
  * fix CVE-2023-25690 [bsc#1209047], HTTP request splitting with mod_rewrite and mod_proxy
    + Added patch apache2-CVE-2023-25690.patch

- Rename patches to use proper naming:
  * Rename patch:
  - Removed bsc1207327-fix-mod_proxy-handling-long-urls.patch
  - Added apache2-bsc1207327-fix-mod_proxy-handling-long-urls.patch
- [bsc#1208708] fix passing health check does not recover worker
  from its error state:
  * Added: apache2-bsc1208708-fix-passing-health-check-recover-worker-from-error-state.patch

- [bsc#1207327] fix mod_proxy handling of very long urls
  + bsc1207327-fix-mod_proxy-handling-long-urls.patch
autofs
- autofs-5.1.3-revert-fix-argc-off-by-one-in-mount_aut.patch
  Fix off-by-one error in recursive map handling. (bsc#1209653)
autoyast2
- Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565)
- 4.3.106

- Properly install the selected products, do not lose them after
  resetting the package manager internally (bsc#1202234)
- 4.3.105
bind
- Security Fix:
  * The overmem cleaning process has been improved, to prevent the
    cache from significantly exceeding the configured
    max-cache-size limit.
  [bsc#1212544, CVE-2023-2828, bind-CVE-2023-2828.patch]
binutils
- Add binutils-disable-dt-relr.sh for an compatibility problem
  caused by binutils-revert-rela.diff in SLE codestreams.
  Needed for update of glibc as that would otherwise pick up
  the broken relative relocs support.  [bsc#1213282, PED-1435]
blog
- Add patch blog.dif
  * Fix big endian cast problems to be able to read commands
    and ansers (blogctl) as well as passphrases (blogd)
ca-certificates-mozilla
- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
  Added:
  - Atos TrustedRoot Root CA ECC G2 2020
  - Atos TrustedRoot Root CA ECC TLS 2021
  - Atos TrustedRoot Root CA RSA G2 2020
  - Atos TrustedRoot Root CA RSA TLS 2021
  - BJCA Global Root CA1
  - BJCA Global Root CA2
  - LAWtrust Root CA2 (4096)
  - Sectigo Public Email Protection Root E46
  - Sectigo Public Email Protection Root R46
  - Sectigo Public Server Authentication Root E46
  - Sectigo Public Server Authentication Root R46
  - SSL.com Client ECC Root CA 2022
  - SSL.com Client RSA Root CA 2022
  - SSL.com TLS ECC Root CA 2022
  - SSL.com TLS RSA Root CA 2022
  Removed CAs:
  - Chambers of Commerce Root
  - E-Tugra Certification Authority
  - E-Tugra Global Root CA ECC v3
  - E-Tugra Global Root CA RSA v3
  - Hongkong Post Root CA 1
cal10n
- Fetch sources using source service from ch.qos git
- Upgrade to the 10th commit after 0.8.1 calling it 0.8.1.10
- Redo completely the packaging including the possibility to run
  tests if --with tests is specified
- Add the cal10n-ant-task to built artifacts
- Removed patch:
  * cal10n-0.7.7-sourcetarget.patch
    + changes factored into the build system

- Update to 0.8.1:
  * This release adds JSR-269 support. In other words, verification
    of bundles can be performed at compilation time. See the related
    documentation for more details.
  * Fix issue with Eclipse not finding existing resources. With
    release 0.8.1, Eclipse will find bundles located under
    "src/main/resources" but still fail to find bundles located
    under "src/test/resources/".
  * When reading in bundles, the verify method in MessageKeyVerifier
    now uses the locale passed as parameter instead of always
    Locale.FR. This bug was reported by Dale Wijnand who also
    provided the releavant patch.
- Update build.xml-0.7.7.tar.xz to build.xml-0.8.1.tar.xz with
  references to version 0.8.1 to build correctly versioned jar
  files.
cglib
- Remove links between artifacts and their parent since we are
  not building with maven

- Don't inject <optional>true</optional> in cglib pom, as 3.3.0
  already provides that option and it makes the POM xml incorrect.

- Update to upstream 3.3.0
  * emits code compatible with java 1.8, so we can call static
    interface methods.
  * minor fix for allowing a fastclass to call static interface
    methods.
  * update to asm 7.1
  * make ant dependency optional
  * add Automatic Module Names
  * Expose non-bridge methods more frequently.
  * Drop support for Java6. (It may continue to work, but continuous
    integration tests will no longer validate it does.)
  * Fix #115: Release resources eagerly.
  * Deprecated TinyBitSet.
  * Add workarounds for changes coming from Jigsaw.
  * Fix #89 / #90 (generated incorrect code for bridge methods sometimes)
- Update project url to new github site (old one redirects there)
cloud-netconfig
- Update to version 1.8:
  + Fix Azure metadata check (bsc#1214715)
  + Fix cleanup on ifdown
cloud-regionsrv-client
- Update to version 10.1.2 (bsc#1211282)
  + Properly handle Ipv6 when checking update server responsiveness. If not
    available fall back and use IPv4 information
  + Use systemd_ordered to allow use in a container without pulling systemd
    into the container as a requirement

- Update to version 10.1.1 (bsc#1210020, bsc#1210021)
  + Clean up the system if baseproduct registraion fails to leave the
    system in prestine state
  + Log when the registercloudguest command is invoked with --clean

- Update to version 10.1.0 (bsc#1207133, bsc#1208097, bsc#1208099 )
  - Removes a warning about system_token entry present in the credentials
  file.
  - Adds logrotate configuration for log rotation.

- Update to version 10.1.0 (bsc#1207133, bsc#1208097, bsc#1208099 )
  - Removes a warning about system_token entry present in the credentials
  file.
  - Adds logrotate configuration for log rotation.
cobbler
- Fix S390X auto-installation for cases where kernel options are longer
  than 79 characters (bsc#1207308)
- Switch packaging from patch based to Git tree based development
- All patches that are being removed in this revision are contained in
  the new Git tree.
- Removed:
  * better-string-replacement-performance.diff
  * cgi_parse_qs_is_deprecated.diff
  * fix-for-cve-2022-0860-fixup.patch
  * fix-for-cve-2022-0860.diff
  * fix-for-old-str.join-usage.diff
  * fix-string-replacement.diff
  * fix-trail-stripping-utf8.diff
  * fix_issue_when_inherited_boot_loader_bsc1185679.patch
  * load_module_apache_suse_fix.diff
  * patch_logrotate_service_condrestart.patch
  * prevent-race-condition-writting-tftpboot-files-bsc1186124.patch
  * refactored_auth_module.diff
  * remove-redundant-json-suffix.diff
  * v3-1-2-arbitrary-file-read-write-plus-RCE.patch
  * v3-1-2-fix-failing-test-after-cve-fix.patch
  * v3-1-2-incomplete-template-sanatization.patch
  * v3-1-2-log-pollution-1.patch
  * v3-1-2-log-pollution-2.patch
  * v3-1-2-log-pollution-3.patch
  * v3-1-2-mongodb-sanatiy-check.patch
  * v3-1-2-remove-testing-auth.patch

- Unbreak PAM authentication due to missing encode of user input in the PAM
  auth module of Cobbler (bsc#1197027, CVE-2022-0860)
- Added:
  - fix-for-cve-2022-0860-fixup.patch
gcc7
- Add gcc7-aarch64-bsc1214052.patch to fix -fstack-protector issues
  with variable length stack allocations on aarch64.
  Fixes CVE-2023-4039.  [bsc#1214052]
- Add gcc7-aarch64-untyped_call.patch to fix issue with __builtin_apply
- Add gcc7-lra-elim.patch to fix internal compiler error when forming
  paired loads and stores on aarch64.

- Disable multilib and go on riscv64
- libgcc-riscv-div.patch: Backport of r12-5799-g45116f342057b7 to fix
  build with current binutils

- Backport _multibuild auto-generation.  Remove redundant
  .changes files.

- Add _multibuild to define 2nd spec file as additional flavor.
  Eliminates the need for source package links in OBS.

- Add gcc7-pr89124.patch to fix KASAN kernel compile.  [bsc#1205145]

- Add gcc7-pr72764.patch to fix ICE with C++17 code as reported
  in [bsc#1204505]

- Add gcc7-libsanitizer-cherry-pick-9cf13067cb5088626ba7-from-u.patch
  and gcc7-libgo-don-t-include-linux-fs.h-when-building-gen-sys.patch
  in order to support glibc 2.36.
- Enable format_spec_file otherwise one gets huge diff after
  running change_spec.
- Remove fixed sys/mount.h.

- Add patch from upstream to fix altivec.h redefining bool in C++
  which makes bool unusable (boo#1195517):
  * gcc7-pr78263.patch

- Add gcc7-ada-Target_Name.patch to adjust gnats idea of the
  target, fixing the build of gprbuild.  [bsc#1196861]

- Remove include-fixed/sys/rseq.h to fix build on openSUSE:Factory.
- Avoid duplicate license in cross packages.
cpu-mitigations-formula
- Update to version 0.5.0:
  * Mark all SUSE Linux Enterprise 15 SP4 and newer and
    openSUSE 15.4 and newer as supported (bsc#1210835)
cups
- cups-2.2.7-CVE-2023-4504.patch fixes CVE-2023-4504
  "CUPS PostScript Parsing Heap Overflow"
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h
  bsc#1215204

- cups-2.2.7-CVE-2023-32360.patch fixes CVE-2023-32360
  "Information leak through Cups-Get-Document operation"
  by requiring authentication for CUPS-Get-Document in cupsd.conf
  https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-7pv4-hx8c-gr4g
  bsc#1214254
- cups-2.2.7-additional_policies.patch is an updated version
  of cups-2.0.3-additional_policies.patch that replaces it
  to add the 'allowallforanybody' policy to cupsd.conf
  after cups-2.2.7-CVE-2023-32360.patch was applied

- cups-2.2.7-CVE-2023-34241.patch fixes CVE-2023-34241
  "use-after-free in cupsdAcceptClient()"
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25
  bsc#1212230

- cups-2.2.7-CVE-2023-32324.patch fixes CVE-2023-32324
  "Heap buffer overflow in cupsd"
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
  bsc#1211643

- 0001-cups-dests.c-cupsGetNamedDest-set-IPP_STATUS_ERROR_N.patch
  improves logging on 'IPP_STATUS_ERROR_NOT_FOUND' error
  that fixes bsc#1191467, bsc#1198932:
  "lpr reports 'No such file or directory' for missing catalogue files"
  "/usr/bin/lpr: No such file or directory"
- after-network_target-sssd_service.patch
  is derived from https://github.com/apple/cups/issues/5550 with its
  https://github.com/apple/cups/commit/aaebca5660fdd7f7b6f30461f0788d91ef6e2fee
  and SUSE PTF:24471 cups.SUSE_SLE-15_Update cups-2.2.7-wait-for-network.patch
  to add "After=network.target sssd.service" to the systemd unit
  source files cupsd.service.in and cups.cups-lpdAT.service.in
  to fix bsc#1201234, bsc#1200321:
  "Missing network dependency in systemd unit for cups-2.2.7"
  "CUPS may not always start if sssd is in use"

- cups-branch-2.2-commit-876fdc1c90a885a58644c8757bc1283c9fd5bcb7.diff
  is https://github.com/OpenPrinting/cups/commit/876fdc1c90a885a58644c8757bc1283c9fd5bcb7
  which belongs to https://github.com/OpenPrinting/cups/issues/308
  that fixes bsc#1191525, bsc#1203446:
  "Print jobs on cups.sock return with EAGAIN (Resource temporarily unavailable)"
  "/usr/bin/lpr: Error - The printer or class does not exist."
curl
- Security fixes:
  * [bsc#1211231, CVE-2023-28320] siglongjmp race condition
  - Add curl-CVE-2023-28320.patch
  * [bsc#1211232, CVE-2023-28321] IDN wildcard matching
  - Add curl-CVE-2023-28321.patch [bsc#1211339]
  * [bsc#1211233, CVE-2023-28322] POST-after-PUT confusion
  - Add curl-CVE-2023-28322.patch

- Security fixes:
  * [bsc#1209209, CVE-2023-27533] TELNET option IAC injection
    Add curl-CVE-2023-27533-no-sscanf.patch curl-CVE-2023-27533.patch
  * [bsc#1209210, CVE-2023-27534] SFTP path ~ resolving discrepancy
    Add curl-CVE-2023-27534.patch curl-CVE-2023-27534-dynbuf.patch
  * [bsc#1209211, CVE-2023-27535] FTP too eager connection reuse
    Add curl-CVE-2023-27535.patch
  * [bsc#1209212, CVE-2023-27536] GSS delegation too eager connection re-use
    Add curl-CVE-2023-27536.patch
  * [bsc#1209214, CVE-2023-27538] SSH connection too eager reuse still
    Add curl-CVE-2023-27538.patch

- Security Fix: [bsc#1207992, CVE-2023-23916]
  * HTTP multi-header compression denial of service
  * Add curl-CVE-2023-23916.patch
dbus-1
- Sometimes unprivileged users were able to crash dbus-daemon
  (CVE-2023-34969, bsc#1212126)
  * fix-upstream-CVE-2023-34969.patch
lvm2
- blkdeactivate calls wrong mountpoint cmd (bsc#1214071)
  + bug-1214071-blkdeactivate_calls_wrong_mountpoint.patch
dmidecode
- use-read_file-to-read-from-dump.patch: Fix an old harmless bug
  which would prevent root from using the --from-dump option since
  the latest security fixes (bsc#1210418).

Security fixes (CVE-2023-30630)
- dmidecode-split-table-fetching-from-decoding.patch: dmidecode:
  Clean up function dmi_table so that it does only one thing
  (bsc#1210418).
- dmidecode-write-the-whole-dump-file-at-once.patch: When option
  - -dump-bin is used, write the whole dump file at once, instead of
  opening and closing the file separately for the table and then
  for the entry point (bsc#1210418).
- dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch:
  Make sure that the file passed to option --dump-bin does not
  already exist (bsc#1210418).
- ensure-dev-mem-is-a-character-device-file.patch: Add a safety
  check on the type of the mem device file we are asked to read
  from, if we are root (bsc#1210418).
  3 recommended fixes from upstream:
- dmidecode-fortify-entry-point-length-checks.patch: Ensure that
  the SMBIOS entry point is long enough to include all the fields
  we need.
- dmidecode-fix-the-alignment-of-type-25-name.patch: Drop a stray
  tabulation before the name of DMI record type 25.
- dmidecode-print-type-33-name-unconditionally.patch: Display the
  name of DMI record type 33 even if we can't decode it.
docker
- update to Docker 24.0.5-ce. See upstream changelong online at
  <https://docs.docker.com/engine/release-notes/24.0/#2405>. bsc#1213229

- Update to Docker 24.0.4-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500

- Update to Docker 24.0.3-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120
- Rebase patches:
  * cli-0001-docs-include-required-tools-in-source-tree.patch

- Recommend docker-rootless-extras instead of Require(ing) it, given
  it's an additional functionality and not inherently required for
  docker to function.

- Add docker-rootless-extras subpackage
  (https://docs.docker.com/engine/security/rootless)

- Update to Docker 24.0.2-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368
  * Includes the upstreamed fix for the mount table pollution issue.
    bsc#1210797
- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
  being provided by this package.
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * cli-0001-docs-include-required-tools-in-source-tree.patch

- Update to Docker 23.0.6-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/23.0/#2306>. bsc#1211578
- Rebase patches:
  * cli-0001-docs-include-required-tools-in-source-tree.patch
- Re-unify packaging for SLE-12 and SLE-15.
- Add patch to fix build on SLE-12 by switching back to libbtrfs-devel headers
  (the uapi headers in SLE-12 are too old).
  + 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- Re-numbered patches:
  - 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  + 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch`

- Update to Docker 23.0.5-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/23.0/#2305>.
- Rebase patches:
  * cli-0001-docs-include-required-tools-in-source-tree.patch

- Update to Docker 23.0.4-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/23.0/#2304>. bsc#1208074
- Fixes:
  * bsc#1214107 - CVE-2023-28840
  * bsc#1214108 - CVE-2023-28841
  * bsc#1214109 - CVE-2023-28842
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Renumbered patches:
  - 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Remove upstreamed patches:
  - 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
  - 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
  - 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- Backport <https://github.com/docker/cli/pull/4228> to allow man pages to be
  built without internet access in OBS.
  + cli-0001-docs-include-required-tools-in-source-tree.patch

- update to 20.10.23-ce.
  * see upstream changelog at https://docs.docker.com/engine/release-notes/#201023
- drop kubic flavor as kubic is EOL. this removes:
  kubelet.env docker-kubic-service.conf 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch

- Update to Docker 20.10.21-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/#201021>. bsc#1206065
  bsc#1205375 CVE-2022-36109
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
  * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
  * 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- The PRIVATE-REGISTRY patch will now output a warning if it is being used (in
  preparation for removing the feature). This feature was never meant to be
  used by users directly (and is only available in the -kubic/CaaSP version of
  the package anyway) and thus should not affect any users.

- Fix wrong After: in docker.service, fixes bsc#1188447

- Add apparmor-parser as a Recommends to make sure that most users will end up
  with it installed even if they are primarily running SELinux.

- Fix syntax of boolean dependency

- Allow to install container-selinux instead of apparmor-parser.

- Change to using systemd-sysusers
dom4j
- Build against the standalone JavaEE modules unconditionally

- Add alias to the new artifact coordinates org.dom4j:dom4j
- Simplify the spec file a bit

- Add jaxb-api dependency for relevant distribution versions so that
  we can build with JDKs that do not include the JavaEE modules
dracut
- Update to version 049.1+suse.255.g19bd61fd:
  * fix(dracut.sh): exit if resolving executable dependencies fails (bsc#1214081)

- Update to version 049.1+suse.253.g1008bf13:
  * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640)

- Update to version 049.1+suse.251.g0b8dad5:
  * fix(dracut.sh): omission is an addition to other omissions in conf files (bsc#1208929)
  * fix(nfs): chown using rpc default group (bsc#1204929)
ecj
- Added patch:
  * encoding.patch
    + the encoding needs to be set for all JDK versions
- Modified patch:
  * ecj-rpmdebuginfo.patch
    + rediff
  * javaAPI.patch
    + extract the encoding part to a separate patch

- Upgrade to eclipse 4.18 ecj
- Switch java14api to java15api to be compatible to JDK 15

- Upgrade to eclipse 4.17 ecj
  * No changelog was made available.
- Removed patches:
  * ecj-encoding.patch
  * jdk10u-jdk8compat.patch
- Switch to JDK 11 for build a JDK 8 is not supported anymore by ecj
- Switch java10api to java14api to be compatible to JDK 14
elfutils
- 0001-libelf-Fixup-SHF_COMPRESSED-sh_addralign-in-elf_upda.patch:
  make debuginfo extraction from go1.19 built binaries work again.
  (bsc#1203599)
firewalld
- Fix firewalld does not longer understand IPv4 network masks
  of type `255.255.255.0`
  Added following patch (boo#1212974)
  [+ 0004-fix_rich_source_address_with_netmask.patch]

- Fix firewall-offline-cmd fails with ERROR: Calling pre func
  Added following patch (bsc#1206928)
  [+ 0003-firewall-offline-cmd-fail-fix.patch]
fonts-config
- get the homedir from getpwuid when no $ENV{"HOME"} set
- added patches
  fix bsc#1210700
  + fonts-config-homedir-getpwuid.patch
gawk
- format-tree-positional-arg.patch: Validate index into argument list
  (CVE-2023-4156, bsc#1214025)
geronimo-specs
- On supported platforms, avoid building with OpenJ9, in order to
  prevent build cycles.

- Set version for the specs comming from tag 1_1_1 in order to
  avoid unexpanded version macros in pom files.
glib2
- Update glib2-fix-normal-form-handling-in-gvariant.patch:
  Backported from upstream to fix regression on s390x.
  (bsc#1210135, glgo#GNOME/glib!2978)

- Add glib2-fix-normal-form-handling-in-gvariant.patch: Backported
  from upstream to fix normal form handling in GVariant.
  (CVE-2023-24593, CVE-2023-25180, bsc#1209714, bsc#1209713,
  glgo#GNOME/glib!3125)
glibc
- resolv-conf-lock.patch: resolv_conf: release lock on allocation failure
  (bsc#1211828, BZ #30527)

- ulp-prologue-into-asm-functions.patch: Add support for livepatches
  in ASM written functions (bsc#1211726)

- getlogin-no-loginuid.patch: getlogin_r: fix missing fallback if loginuid
  is unset (bsc#1209229, BZ #30235)

- Exclude static archives from preparation for live patching (bnc#1208721)

- amd-cacheinfo.patch: x86: Cache computation for AMD architecture
  (bsc#1207957)

- gmon-hash-table-size.patch: gmon: Fix allocated buffer overflow
  (CVE-2023-0687, bsc#1207975, BZ #29444)

- strncmp-avx2-boundary.patch: Fix avx2 strncmp offset compare condition
  check (bsc#1208358, BZ #25933)

- dlopen-filter-object.patch: elf: Allow dlopen of filter object to work
  (bsc#1207571, BZ #16272)
- powerpc-tst-ucontext.patch: powerpc: Fix unrecognized instruction errors
  with recent GCC
google-guest-agent
- Update to version 20230601.00 (bsc#1212418, bsc#1212759)
  * Revert "Avoid conflict with automated package updates (#212)" (#214)
  * Don't block google-osconfig-agent (#213)
- from version 20230531.00
  * Avoid conflict with automated package updates (#212)
  * Add a support of TrustedUserCAKeys into sshd configuration (#206)

- Update to version 20230510.00
  * Fix dependencies after updating go ver to 1.17 (#211)
  * Update Go version (#210)
- from version 20230426.00
  * Fix compilation directives (#207)
- from version 20230403.00
  * Mod update (#205)
  * Update mod: update golang.org/x/net to
    0.8.0 and its dependencies (#204)
google-guest-configs
- Update to version 20230808.00 (bsc#1214546, bsc#1214572)
  * 64-gce-disk-removal.rules: delete (#51)
- from version 20230801.00
  * Replace xxd with dd for google_nvme_id (#56)
- from version 20230729.00
  * Setup irq binding for a3 8g vm (#57)
- from version 20230724.00
  * Debian packaging: add xxd dependency (#55)

- Update to version 20230626.00 (bsc#1212418, bsc#1212759)
  * Revert "Replace `xxd` to `cut` for google_nvme_id (#49)" (#54)

- Update to version 20230526.00
  * dracut: Add a new dracut module for gcp udev rules (#53)
- from version 20230522.00
  * src/lib/udev: only create symlinks for GCP devices (#52)
- from version 20230515.00
  * Replace `xxd` to `cut` for google_nvme_id (#49)
- from version 20230328.00
  * Set hostname: consider fully qualified static hostname (#46)

- Update to version 20230217.01
  * Support multiple local SSD controllers (#39)
- from version 20230217.00
  * Update OWNERS (#45)
- from version 20230215.00
  * DHCP hostname: don't reset hostname if
    the hostname hasn't changed (#44)
- from version 20230202.00
  * Update OWNERS file (#43)
- from version 20230123.00
  * Fix a repository URL in packaging specs (#41)
google-osconfig-agent
- Update to version 20230706.02 (bsc#1212418, bsc#1212759)
  * Update go version in go.mod (#479)
- from version 20230706.01
  * Fix condition to have 10 attempts rather than 11. (#477)
- from version 20230706.00
  * Remove tests for Ubuntu 18.04 (EOL) (#476)
- from version 20230605.00
  * Update old SLES images paths (#475)
- from version 20230602.00
  * Adding what exit codes mean for OS Config policy (#474)
- from version 20230504.00
  * Set DEBIAN_FRONTEND=noninteractive for apt-get (#472)
- from version 20230403.00
  * Disable repos clean-up (#471)
- from version 20230330.00
  * Revert "Call FQDN (#454)" (#470)
- from version 20230327.00
  * support new format of zypper patch (#469)
  * Fix comparing exec.Cmd in mock on Go1.20
- from version 20230316.00
  * Remove old images from e2e tests image list
- from version 20230227.01
  * Update dependencies (#466)
- from version 20230227.00
  * Bump golang.org/x/sys from 0.0.0-20210923061019-b8560ed6a9b7 to 0.1.0 (#463)
grub2
- grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563)

- Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064)
  (bsc#1209234)
  * 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch
- Fix installation over serial console ends up in infinite boot loop
  (bsc#1187810) (bsc#1209667) (bsc#1209372)
  * 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch

- Fix aarch64 kiwi image's file not found due to '/@' prepended to path in
  btrfs filesystem. (bsc#1209165)
  * grub2-btrfs-05-grub2-mkconfig.patch

- Make grub more robust against storage race condition causing system boot
  failures (bsc#1189036)
  * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch

- Make grub.cfg invariant to efi and legacy platforms (bsc#1205200)
- Removed patch linuxefi
  * grub2-secureboot-provide-linuxefi-config.patch
  * grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch
  * grub2-secureboot-use-linuxefi-on-uefi.patch
- Rediff
  * grub2-btrfs-05-grub2-mkconfig.patch
  * grub2-efi-xen-cmdline.patch
  * grub2-s390x-05-grub2-mkconfig.patch
  * grub2-suse-remove-linux-root-param.patch

- Move unsupported zfs modules into 'extras' packages
  (bsc#1205554) (PED-2947)
httpcomponents-client
- Build with source/target levels 8

- Update to version 4.5.12
httpcomponents-core
- Build with source/target levels 8

- Upgraded to version 4.4.13
- Removed patch:
  * 0001-Re-generated-expired-test-certificates.patch
    + included in this version
- Modified patch:
  * httpcomponents-core-java8compat.patch
    + rediffed to changed context
hwdata
- update to 0.371:
  * Update pci, usb and vendor ids

- update to 0.370:
  * Update pci, usb and vendor ids

- update to 0.369:
  * Update pci, usb and vendor ids

- update to 0.368:
  * Update pci, usb and vendor ids

- update to 0.367:
  * Update pci, usb and vendor ids

- update to 0.366:
  * Update pci, usb and vendor ids
hwinfo
- merge gh#openSUSE/hwinfo#132
- avoid linking problems with libsamba (bsc#1212756)
- 21.85

- merge gh#openSUSE/hwinfo#127
- create xen usb controller device if necessary (bsc#1204294)
- 21.84

- merge gh#openSUSE/hwinfo#115
- improve treatment of NVME devices (bsc#1200975)
- fix compiler warnings
- 21.83
icu4j
- Upgrade to version 71.1
  * Updates to CLDR 41 locale data with various additions and
    corrections.
  * Adds phrase-based line breaking for Japanese. Existing line
    breaking methods follow standards and conventions for body text
    but do not work well for short Japanese text, such as in titles
    and headings. This new feature is optimized for these use
    cases.
  * Adds support for Hindi written in Latin letters (hi_Latn). The
    CLDR data for this increasingly popular locale has been
    significantly revised and expanded. Note that based on user
    expectations, hi_Latn incorporates a large amount of English,
    and can also be referred to as “Hinglish”.
  * ICU 71 and CLDR 41 are minor releases, mostly focused on bug
    fixes and small enhancements.
  * Updates to the time zone data version 2022a. Note that pre-1970
    data for a number of time zones has been removed, as has been
    the case in the upstream tzdata release since 2021b.
- Remove obsolete stuff from spec file
- Reformat the changes file to fit to 67 chars width

- Upgrade to verison 70.1
- Modified patches:
  * icu4j-66.1-java8compat.patch -> icu4j-70.1-java8compat.patch
  * icu4j-jdk10plus.patch
    + rediff to changed context
  * improve-osgi-manifest.patch
    + replace also DATAVERSION token during the build
- Added patch:
  * icu4j-javadoc.patch
    + fix invalid html entities

- Update to version 67.1
  * Unicode 13 (ICU-20893, same as in ICU 66)
    + Total of 5930 new characters
    + 4 new scripts
    + 55 new emoji characters, plus additional new sequences
    + New CJK extension, first characters in plane 3: U+30000..U+3134A
  * CLDR 37
    + New language at Modern coverage: Nigerian Pidgin
    + New languages at Basic coverage: Fulah (Adlam), Maithili,
    Manipuri, Santali, Sindhi (Devanagari), Sundanese
    + Region containment: EU no longer includes GB
    + Unicode 13 root collation data and Chinese data for collation
    and transliteration
  * DateTimePatternGenerator now obeys the "hc" preference in the
    locale identifier (ICU-20442)
  * Various other improvements for ECMA-402 conformance
  * Number skeletons have a new "concise" form that can be used in
    MessageFormat strings (ICU-20418)
  * Currency formatting options for formal and other currency
    display name variants (ICU-20854)
  * ListFormatter: new public API to select the style & type
    (ICU-12863)
  * ListFormatter now selects the proper “and”/“or” form for
    Spanish & Hebrew (ICU-21016)
  * Locale ID canonicalization upgraded to implement the complete
    CLDR spec (ICU-20834, ICU-20272)
  * LocaleMatcher: New option to ignore one-way matches
    (ICU-20936), and other tweaks to the code (ICU-20916,
    ICU-20917) and data (from CLDR)
  * acceptLanguage() reimplemented via LocaleMatcher (ICU-20700)
  * Data build tool: tzdbNames.res moved from the "zone_tree"
    category to the "zone_supplemental" category (ICU-21073)

- Version update to 66.1
- Changed patches:
  * icu4j-jdk10plus.patch
  * improve-osgi-manifest.patch
  * icu4j-63.1-java8compat.patch -> icu4j-66.1-java8compat.patch
    + rediff to changed context

- Remove build-dependency on java-javadoc, since it is not
  necessary with this version.
open-iscsi
- Branched SLE-15-SP3 from Factory. No longer in sync with
  Tumbleweed.
- Backported upstream commit, which sets 'safe_logout' and
  'startup' in iscsid.conf, to address bsc#1207157
- Updated year in SPEC file
isorelax
- Build with java target and source version 1.8
issue-generator
- Update to version 1.13
  - SELinux: Do not call agetty --reload [bsc#1186178]

- Update to version 1.12
  - Update manual page
  - Use python3 instead of python 2.x

- Update to version 1.11
  - Don't display issue.d/*.issue files, agetty will do that [bsc#1177891]
  - Ignore /run/issue.d in issue-generator.path, else issue-generator will
    be called too fast too often [bsc#1177865]
  - Ignore *.bak, *~ and *.rpm* files [bsc#1118862]

- Handle the .path unit in scriptlets as well

- Update to version 1.10
  - Display wlan interfaces [bsc#1169070]

- Update to version 1.9
  - Fix path for systemd files

- Update to version 1.8
  - Handle network interface renames
jakarta-commons-discovery
- Update to 0.5:
  * Breaking changes: The minimum JDK requirement is now JDK 1.5.
    The provided binaries will not work on lower JDKs. The source
    has been updated to leverage Generics and other JDK 1.5 features
    where possible, and requires JDK 1.5 to compile.
  * Dependencies: Commons Discovery depends on Commons Logging.
    It is built against version 1.1.1.
  * New features: Discovery APIs use Java5 Generics.
  * Known bugs/limitations: resource.classes.DiscoverClasses doesn't
    work with Oracle embedded JVM in DBMS, see DISCOVERY-13:
  - https://issues.apache.org/jira/browse/DISCOVERY-13
  * Deprecations:
  - Classes in org.apache.commons.discovery.log package
    have been deprecated, depending on Apache Commons Logging 1.1.1
    there is no more circular dependency between Apache Commons
    Discovery and Apache Commons Logging.
  - setLog(org.apache.commons.logging.Log) methods have been
    deprecated too, they are not thread-safe.

- Build with source and target levels 8

- Distribute commons-discovery as maven artifact

- Added build support for Enterprise Linux.
java-11-openjdk
- Update to upstream tag jdk-11.0.20.1+1 (August 2023 emergency
  release fixing a regression in July 2023 CPU)
  * Changes:
    + JDK-8313765: Invalid CEN header (invalid zip64 extra data
    field size)
    + JDK-8314678: Bump update version for OpenJDK: jdk-11.0.20.1

- Added patch:
  * reproducible-javadoc-timestamp.patch
    + use SOURCE_DATE_EPOCH in javadoc and make the javadoc
    generation more reproducible

- Upgrade to upstream tag jdk-11.0.20+8 (July 2023 CPU)
  * CVEs
    + CVE-2023-22006, bsc#1213473
    + CVE-2023-22036, bsc#1213474
    + CVE-2023-22041, bsc#1213475
    + CVE-2023-22044, bsc#1213479
    + CVE-2023-22045, bsc#1213481
    + CVE-2023-22049, bsc#1213482
    + CVE-2023-25193, bsc#1207922
  * Security fixes
    + JDK-8298676: Enhanced Look and Feel
    + JDK-8300285: Enhance TLS data handling
    + JDK-8300596: Enhance Jar Signature validation
    + JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1
    + JDK-8302475: Enhance HTTP client file downloading
    + JDK-8302483: Enhance ZIP performance
    + JDK-8303376: Better launching of JDI
    + JDK-8304468: Better array usages
    + JDK-8305312: Enhanced path handling
    + JDK-8308682: Enhance AES performance
  * Other changes
    + JDK-8171426: java/lang/ProcessBuilder/Basic.java failed with
    Stream closed
    + JDK-8178806: Better exception logging in crypto code
    + JDK-8187522: test/sun/net/ftp/FtpURLConnectionLeak.java timed
    out
    + JDK-8209167: Use CLDR's time zone mappings for Windows
    + JDK-8209546: Make sun/security/tools/keytool/autotest.sh to
    support macosx
    + JDK-8209880: tzdb.dat is not reproducibly built
    + JDK-8213531: Test javax/swing/border/TestTitledBorderLeak.java
    fails
    + JDK-8214459: NSS source should be removed
    + JDK-8214807: Improve handling of very old class files
    + JDK-8215015: [TESTBUG] remove unneeded -Xfuture option from
    tests
    + JDK-8215575: C2 crash: assert(get_instanceKlass()->is_loaded())
    failed: must be at least loaded
    + JDK-8220093: Change to GCC 8.2 for building on Linux at Oracle
    + JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java
    fails with AssertionError
    + JDK-8232853: AuthenticationFilter.Cache::remove may throw
    ConcurrentModificationException
    + JDK-8243936: NonWriteable system properties are actually
    writeable
    + JDK-8246383: NullPointerException in
    JceSecurity.getVerificationResult when using Entrust provider
    + JDK-8248701: On Windows generated modules-deps.gmk can
    contain backslash-r (CR) characters
    + JDK-8257856: Make ClassFileVersionsTest.java robust to JDK
    version updates
    + JDK-8259530: Generated docs contain MIT/GPL-licenced works
    without reproducing the licence
    + JDK-8263420: Incorrect function name in
    NSAccessibilityStaticText native peer implementation
    + JDK-8264290: Create implementation for
    NSAccessibilityComponentGroup protocol peer
    + JDK-8264304: Create implementation for NSAccessibilityToolbar
    protocol peer
    + JDK-8265486: ProblemList javax/sound/midi/Sequencer/
    /Recording.java on macosx-aarch64
    + JDK-8268558: [TESTBUG] Case 2 in
    TestP11KeyFactoryGetRSAKeySpec is skipped
    + JDK-8269746: C2: assert(!in->is_CFG()) failed: CFG Node with
    no controlling input?
    + JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile
    + JDK-8275233: Incorrect line number reported in exception
    stack trace thrown from a lambda expression
    + JDK-8275721: Name of UTC timezone in a locale changes
    depending on previous code
    + JDK-8275735: [linux] Remove deprecated Metrics api (kernel
    memory limit)
    + JDK-8276880: Remove java/lang/RuntimeTests/exec/ExecWithDir
    as unnecessary
    + JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java -
    add 4357905
    + JDK-8278434: timeouts in test java/time/test/java/time/format/
    /TestZoneTextPrinterParser.java
    + JDK-8280703: CipherCore.doFinal(...) causes potentially
    massive byte[] allocations during decryption
    + JDK-8282077: PKCS11 provider C_sign() impl should handle
    CKR_BUFFER_TOO_SMALL error
    + JDK-8282201: Consider removal of expiry check in
    VerifyCACerts.java test
    + JDK-8282467: add extra diagnostics for JDK-8268184
    + JDK-8282600: SSLSocketImpl should not use user_canceled
    workaround when not necessary
    + JDK-8283059: Uninitialized warning in check_code.c with GCC
    11.2
    + JDK-8285497: Add system property for Java SE specification
    maintenance version
    + JDK-8286398: Address possibly lossy conversions in
    jdk.internal.le
    + JDK-8287007: [cgroups] Consistently use stringStream
    throughout parsing code
    + JDK-8287246: DSAKeyValue should check for missing params
    instead of relying on KeyFactory provider
    + JDK-8287876: The recently de-problemlisted
    TestTitledBorderLeak test is unstable
    + JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md
    with information on 4th party dependencies
    + JDK-8289301: P11Cipher should not throw out of bounds
    exception during padding
    + JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space
    + JDK-8291226: Create Test Cases to cover scenarios for
    JDK-8278067
    + JDK-8291637: HttpClient default keep alive timeout not
    followed if server sends invalid value
    + JDK-8291638: Keep-Alive timeout of 0 should close connection
    immediately
    + JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage()
    is lower than expected
    + JDK-8293232: Fix race condition in pkcs11 SessionManager
    + JDK-8293815: P11PSSSignature.engineUpdate should not print
    debug messages during normal operation
    + JDK-8294548: Problem list SA core file tests on macosx-x64
    due to JDK-8294316
    + JDK-8294906: Memory leak in PKCS11 NSS TLS server
    + JDK-8295974: jni_FatalError and Xcheck:jni warnings should
    print the native stack when there are no Java frames
    + JDK-8296934: Write a test to verify whether Undecorated Frame
    can be iconified or not
    + JDK-8297000: [jib] Add more friendly warning for proxy issues
    + JDK-8297450: ScaledTextFieldBorderTest.java fails when run
    with -show parameter
    + JDK-8298887: On the latest macOS+XCode the Robot API may
    report wrong colors
    + JDK-8299259: C2: Div/Mod nodes without zero check could be
    split through iv phi of loop resulting in SIGFPE
    + JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy
    due to constant NULL src argument
    + JDK-8300205: Swing test bug8078268 make latch timeout
    configurable
    + JDK-8300490: Spaces in name of MacOS Code Signing Identity
    are not correctly handled after JDK-8293550
    + JDK-8301119: Support for GB18030-2022
    + JDK-8301170: perfMemory_windows.cpp add free_security_attr to
    early returns
    + JDK-8301401: Allow additional characters for GB18030-2022
    support
    + JDK-8302151: BMPImageReader throws an exception reading BMP
    images
    + JDK-8302791: Add specific ClassLoader object to Proxy
    IllegalArgumentException message
    + JDK-8303102: jcmd: ManagementAgent.status truncates the text
    longer than O_BUFLEN
    + JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m
    needs CFRelease call in early potential CHECK_NULL return
    + JDK-8303432: Bump update version for OpenJDK: jdk-11.0.20
    + JDK-8303440: The "ZonedDateTime.parse" may not accept the
    "UTC+XX" zone id
    + JDK-8303465: KeyStore of type KeychainStore, provider Apple
    does not show all trusted certificates
    + JDK-8303476: Add the runtime version in the release file of a
    JDK image
    + JDK-8303482: Update LCMS to 2.15
    + JDK-8303564: C2: "Bad graph detected in build_loop_late"
    after a CMove is wrongly split thru phi
    + JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs
    CFRelease call in early potential CHECK_NULL return
    + JDK-8303822: gtestMain should give more helpful output
    + JDK-8303861: Error handling step timeouts should never be
    blocked by OnError and others
    + JDK-8303937: Corrupted heap dumps due to missing retries for
    os::write()
    + JDK-8304134: jib bootstrapper fails to quote filename when
    checking download filetype
    + JDK-8304291: [AIX] Broken build after JDK-8301998
    + JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998
    + JDK-8304350: Font.getStringBounds calculates wrong width for
    TextAttribute.TRACKING other than 0.0
    + JDK-8304760: Add 2 Microsoft TLS roots
    + JDK-8305113: (tz) Update Timezone Data to 2023c
    + JDK-8305400: ISO 4217 Amendment 175 Update
    + JDK-8305528: [11u] Backport of JDK-8259530 breaks build with
    JDK10 bootstrap VM
    + JDK-8305682: Update the javadoc in the Character class to
    state support for GB 18030-2022 Implementation Level 2
    + JDK-8305711: Arm: C2 always enters slowpath for monitorexit
    + JDK-8305721: add `make compile-commands` artifacts to
    .gitignore
    + JDK-8305975: Add TWCA Global Root CA
    + JDK-8306543: GHA: MSVC installation is failing
    + JDK-8306658: GHA: MSVC installation could be optional since
    it might already be pre-installed
    + JDK-8306664: GHA: Update MSVC version to latest stepping
    + JDK-8306768: CodeCache Analytics reports wrong threshold
    + JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep
    + JDK-8307134: Add GTS root CAs
    + JDK-8307811: [TEST] compilation of TimeoutInErrorHandlingTest
    fails after backport of JDK-8303861
    + JDK-8308006: Missing NMT memory tagging in CMS
    + JDK-8308884: [17u/11u] Backout JDK-8297951
    + JDK-8309476: [11u] tools/jmod/hashes/HashesOrderTest.java
    fails intermittently
    + JDK-8311465: [11u] Remove designator
    DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.20
- Removed patch:
  * system-crypto-policy.patch
    + folded into modified fips.patch
- Modified patch:
  * fips.patch
    + fold in the system-crypto-policy.patch
    + regenerate to changed context

- Upgrade to upsteam tag jdk-11.0.19+7 (April 2023 CPU)
  * Security fixes:
    + JDK-8287404: Improve ping times
    + JDK-8288436: Improve Xalan supports
    + JDK-8294474, CVE-2023-21930, bsc#1210628: Better AES support
    + JDK-8295304, CVE-2023-21938, bsc#1210632: Runtime support
    improvements
    + JDK-8296676, CVE-2023-21937, bsc#1210631: Improve String
    platform support
    + JDK-8296684, CVE-2023-21937, bsc#1210631: Improve String
    platform support
    + JDK-8296692, CVE-2023-21937, bsc#1210631: Improve String
    platform support
    + JDK-8296832, CVE-2023-21939, bsc#1210634: Improve Swing
    platform support
    + JDK-8297371: Improve UTF8 representation redux
    + JDK-8298191, CVE-2023-21954, bsc#1210635: Enhance object
    reclamation process
    + JDK-8298310, CVE-2023-21967, bsc#1210636: Enhance TLS session
    negotiation
    + JDK-8298667, CVE-2023-21968, bsc#1210637: Improved path
    handling
    + JDK-8299129: Enhance NameService lookups
  * Fixes:
    + JDK-6528710: sRGB-ColorSpace to sRGB-ColorSpace Conversion
    + JDK-7188098: TEST_BUG: closed/javax/sound/midi/Synthesizer/
    /Receiver/bug6186488.java fails
    + JDK-8035787: SourcePositions are wrong for Strings
    concatenated with '+' operator
    + JDK-8065097: [macosx] javax/swing/Popup/
    /TaskbarPositionTest.java fails because Popup is one pixel off
    + JDK-8065422: Trailing dot in hostname causes TLS handshake to
    fail with SNI disabled
    + JDK-8129315: java/net/Socket/LingerTest.java and
    java/net/Socket/ShutdownBoth.java timeout intermittently
    + JDK-8144030: [macosx] test java/awt/Frame/
    /ShapeNotSetSometimes/ShapeNotSetSometimes.java fails (again)
    + JDK-8170705: sun/net/www/protocol/http/StackTraceTest.java
    fails intermittently with Invalid Http response
    + JDK-8171405: java/net/URLConnection/ResendPostBody.java
    failed with "Error while cleaning up threads after test"
    + JDK-8179317: [TESTBUG] rewrite runtime shell tests in java
    + JDK-8247741: Test  test/hotspot/jtreg/runtime/7162488/
    /TestUnrecognizedVmOption.java fails when
  - XX:+IgnoreUnrecognizedVMOptions is set
    + JDK-8190492: Remove SSLv2Hello and SSLv3 from default enabled
    TLS protocols
    + JDK-8192931: Regression test java/awt/font/TextLayout/
    /CombiningPerf.java fails
    + JDK-8195057: java/util/concurrent/CountDownLatch/Basic.java
    failed w/ Xcomp
    + JDK-8195716: BootstrapLoggerTest : Executor still alive
    + JDK-8202621: bad test with broken links needs to be updated
    + JDK-8207248: Reduce incidence of
    compiler.warn.source.no.bootclasspath in javac tests
    + JDK-8208077: File.listRoots performance degradation
    + JDK-8209023: fix 2 compiler tests to avoid JDK-8208690
    + JDK-8209115: adjust libsplashscreen linux ppc64le builds for
    easier libpng update
    + JDK-8209774: Refactor shell test
    javax/xml/jaxp/common/8035437/run.sh to java
    + JDK-8209935: Test to cover CodeSource.getCodeSigners()
    + JDK-8210373: Deadlock in libj2gss.so when loading "j2gss" and
    "net" libraries in parallel.
    + JDK-8212165: JGSS: Fix cut/paste error in NativeUtil.c
    + JDK-8212216: JGSS: Fix leak in exception cases in getJavaOID()
    + JDK-8213130: Update ProblemList after verification of jtreg
    tests in Win 7
    + JDK-8213265: fix missing newlines at end of files
    + JDK-8213932: [TESTBUG] assertEquals is invoked with the
    arguments in the wrong order
    + JDK-8214445: [test] java/net/URL/HandlerLoop has illegal
    reflective access
    + JDK-8215372: test/jdk/java/nio/file/DirectoryStream/Basic.java
    not correct when using a glob
    + JDK-8215759: [test] java/math/BigInteger/ModPow.java can
    throw an ArithmeticException
    + JDK-8217353: java/util/logging/LogManager/Configuration/
    /updateConfiguration/HandlersOnComplexResetUpdate.java fails
    with Unexpected reference: java.lang.ref.WeakReference
    + JDK-8217730: Split up MakeBase.gmk
    + JDK-8218133: sun/net/www/protocol/http/ProtocolRedirect.java
    failed with "java.net.ConnectException"
    + JDK-8218431: Improved platform checking in makefiles
    + JDK-8221098: Run java/net/URL/HandlerLoop.java in othervm mode
    + JDK-8221168: java/util/concurrent/CountDownLatch/Basic.java
    fails
    + JDK-8221351: Crash in
    KlassFactory::check_shared_class_file_load_hook
    + JDK-8221621: FindTests.gmk cannot handle "=" in TEST.groups
    comments
    + JDK-8222430: Add tests for ElementKind predicates
    + JDK-8223463: Replace wildcard address with loopback or local
    host in tests - part 2
    + JDK-8223716: sun/net/www/http/HttpClient/MultiThreadTest.java
    should be more resilient to unexpected traffic
    + JDK-8223736: jvmti/scenarios/contention/TC04/tc04t001/
    /TestDescription.java fails due to wrong number of
    MonitorContendedEntered events
    + JDK-8224024: java/util/concurrent/BlockingQueue/
    /DrainToFails.java testBounded fails intermittently
    + JDK-8226595: jvmti/scenarios/contention/TC04/tc04t001/
    /TestDescription.java still fails due to wrong number of
    MonitorContendedEntered events
    + JDK-8226917: jvmti/scenarios/contention/TC04/tc04t001/
    /TestDescription.java fails on jvmti->InterruptThread
    (JVMTI_ERROR_THREAD_NOT_ALIVE)
    + JDK-8227422: sun/net/www/protocol/file/
    /DirPermissionDenied.java failed on Windows 2016 because
    DirPermissionDenied directory has no read permission
    + JDK-8230374: maxOutputSize, instead of
    javatest.maxOutputSize, should be used in TEST.properties
    + JDK-8230731: SA tests fail with "Windbg Error: ReadVirtual
    failed"
    + JDK-8231595: [TEST] develop a test case for SuspendThreadList
    including current thread
    + JDK-8233462: serviceability/tmtools/jstat tests times out
    with -Xcomp
    + JDK-8235448: code cleanup in SSLContextImpl.java
    + JDK-8238936: The crash in XRobotPeer when the custom
    GraphicsDevice is used
    + JDK-8241806: The sun/awt/shell/FileSystemViewMemoryLeak.java
    is unstable
    + JDK-8244592: Start supporting SOURCE_DATE_EPOCH
    + JDK-8245245: WebSocket can lose the URL encoding of URI query
    parameters
    + JDK-8298588: WebSockets: HandshakeUrlEncodingTest
    unnecessarily depends on a response body
    + JDK-8245654: Add Certigna Root CA
    + JDK-8248306: gc/stress/gclocker/
    /TestExcessGCLockerCollections.java does not compile
    + JDK-8249691: jdk/lambda/vm/StrictfpDefault.java file can be
    removed
    + JDK-8252401: Introduce Utils.TEST_NATIVE_PATH
    + JDK-8252532: use Utils.TEST_NATIVE_PATH instead of
    System.getProperty("test.nativepath")
    + JDK-8252715: Problem list java/awt/event/KeyEvent/KeyTyped/
    /CtrlASCII.java on Linux
    + JDK-8254267: javax/xml/crypto/dsig/LogParameters.java failed
    with "RuntimeException: Unexpected log output:"
    + JDK-8255710: Opensource unit/regression tests for CMM
    + JDK-8256110: Create implementation for NSAccessibilityStepper
    protocol
    + JDK-8256111: Create implementation for
    NSAccessibilityStaticText protocol
    + JDK-8256126: Create implementation for NSAccessibilityImage
    protocol peer
    + JDK-8256240: Reproducible builds should turn on the
    "deterministic" flag for Visual Studio
    + JDK-8281262: Windows builds in different directories are not
    fully reproducible
    + JDK-8256934: C2: assert(C->live_nodes() <=
    C->max_node_limit()) failed: Live Node limit exceeded limit
    + JDK-8257928: Test image build failure with clang-10 due to
  - Wmisleading-indentation
    + JDK-8258005: JDK build fails with incorrect fixpath script
    + JDK-8259265: Refactor UncaughtExceptions shell test as java
    test.
    + JDK-8259267: Refactor LoaderLeak shell test as java test.
    + JDK-8225648: [TESTBUG] java/lang/annotation/loaderLeak/
    /Main.java fails with -Xcomp
    + JDK-8260576: Typo in compiler/runtime/safepoints/
    /TestRegisterRestoring.java
    + JDK-8261270: MakeMethodNotCompilableTest fails with
  - XX:TieredStopAtLevel={1,2,3}
    + JDK-8261279: sun/util/resources/cldr/TimeZoneNamesTest.java
    timed out
    + JDK-8261350: Create implementation for
    NSAccessibilityCheckBox protocol peer
    + JDK-8261351: Create implementation for
    NSAccessibilityRadioButton protocol
    + JDK-8261352: Create implementation for component peer for all
    the components who should be ignored in a11y interactions
    + JDK-8262060: compiler/whitebox/BlockingCompilation.java timed
    out
    + JDK-8264200: java/nio/channels/DatagramChannel/SRTest.java
    fails intermittently
    + JDK-8264299: Create implementation of native accessibility
    peer for ScrollPane and ScrollBar Java Accessibility roles
    + JDK-8264512: jdk/test/jdk/java/util/prefs/ExportNode.java
    relies on default platform encoding
    + JDK-8266974: duplicate property key in java.sql.rowset
    resource bundle
    + JDK-8267038: Update IANA Language Subtag Registry to Version
    2022-03-02
    + JDK-8270609: [TESTBUG] java/awt/print/Dialog/DialogCopies.java
    does not show instruction
    + JDK-8271323: [TESTBUG] serviceability/sa/ClhsdbCDSCore.java
    fails with -XX:TieredStopAtLevel=1
    + JDK-8271506: Add ResourceHashtable support for deleting
    selected entries
    + JDK-8272985: Reference discovery is confused about atomicity
    and degree of parallelism
    + JDK-8273497: building.md should link to both md and html
    + JDK-8273806: compiler/cpuflags/TestSSE4Disabled.java should
    test for CPU feature explicitly
    + JDK-8273895: compiler/ciReplay/TestVMNoCompLevel.java fails
    due to wrong data size with TieredStopAtLevel=2,3
    + JDK-8274939: Incorrect size of the pixel storage is used by
    the robot on macOS
    + JDK-8277346: ProblemList 7 serviceability/sa tests on
    macosx-x64
    + JDK-8277351: ProblemList runtime/jni/checked/
    /TestPrimitiveArrayCriticalWithBadParam.java on macosx-x64
    + JDK-8279614: The left line of the TitledBorder is not painted
    on 150 scale factor
    + JDK-8279662: serviceability/sa/ClhsdbScanOops.java can fail
    due to unexpected GC
    + JDK-8279941: sun/security/pkcs11/Signature/
    /TestDSAKeyLength.java fails when NSS version detection fails
    + JDK-8280048: Missing comma in copyright header
    + JDK-8280391: NMT: Correct NMT tag on CollectedHeap
    + JDK-8280401: [sspi] gss_accept_sec_context leaves
    output_token uninitialized
    + JDK-8280896: java/nio/file/Files/probeContentType/Basic.java
    fails on Windows 11
    + JDK-8282036: Change java/util/zip/ZipFile/DeleteTempJar.java
    to stop HttpServer cleanly in case of exceptions
    + JDK-8282219: jdk/java/lang/ProcessBuilder/Basic.java fails on
    AIX
    + JDK-8282398: EndingDotHostname.java test fails because SSL
    cert expired
    + JDK-8282511: Use fixed certificate validation date in
    SSLExampleCert template
    + JDK-8282958: Rendering Issues with Borders on Windows
    High-DPI systems
    + JDK-8283606: Tests may fail with zh locale on MacOS
    + JDK-8283717: vmTestbase/nsk/jdi/ThreadStartEvent/thread/
    /thread001 failed due to SocketTimeoutException
    + JDK-8283719: java/util/logging/CheckZombieLockTest.java
    failing intermittently
    + JDK-8283870: jdeprscan --help causes an exception when the
    locale is ja, zh_CN or de
    + JDK-8284023: java.sun.awt.X11GraphicsDevice
    .getDoubleBufferVisuals() leaks XdbeScreenVisualInfo
    + JDK-8284165: Add pid to process reaper thread name
    + JDK-8285093: Introduce UTIL_ARG_WITH
    + JDK-8285755: JDK-8285093 changed the default for
  - -with-output-sync
    + JDK-8285919: Remove debug printout from JDK-8285093
    + JDK-8285399: JNI exception pending in awt_GraphicsEnv.c:1432
    + JDK-8285690: CloneableReference subtest should not throw
    CloneNotSupportedException
    + JDK-8285835: SIGSEGV in
    PhaseIdealLoop::build_loop_late_post_work
    + JDK-8286030: Avoid JVM crash when containers share the same
    /tmp dir
    + JDK-8286800: Assert in PhaseIdealLoop::dump_real_LCA is too
    strong
    + JDK-8286962: java/net/httpclient/ServerCloseTest.java failed
    once with ConnectException
    + JDK-8287011: Improve container information
    + JDK-8287180: Update IANA Language Subtag Registry to Version
    2022-08-08
    + JDK-8287906: Rewrite of GitHub Actions (GHA) sanity tests
    + JDK-8288499: Restore cancel-in-progress in GHA
    + JDK-8288332: Tier1 validate-source fails after 8279614
    + JDK-8289562: Change bugs.java.com and bugreport.java.com
    URL's to https
    + JDK-8289695: [TESTBUG] TestMemoryAwareness.java fails on
    cgroups v2 and crun
    + JDK-8290197: test/jdk/java/nio/file/Files/probeContentType/
    /Basic.java fails on some systems for the ".rar" extension
    + JDK-8290899: java/lang/String/StringRepeat.java test requests
    too much heap on windows x86
    + JDK-8290920: sspi_bridge.dll not built if BUILD_CRYPTO is
    false
    + JDK-8290964: C2 compilation fails with assert "non-reduction
    loop contains reduction nodes"
    + JDK-8292863: assert(_print_inlining_stream->size() > 0)
    failed: missing inlining msg
    + JDK-8292877: java/util/concurrent/atomic/Serial.java uses
    {Double,Long}Accumulator incorrectly
    + JDK-8293550: Optionally add get-task-allow entitlement to
    macos binaries
    + JDK-8293767: AWT test TestSinhalaChar.java has old SCCS
    markings
    + JDK-8293996: C2: fix and simplify
    IdealLoopTree::do_remove_empty_loop
    + JDK-8294378: URLPermission constructor exception when using
    tr locale
    + JDK-8294580: frame::interpreter_frame_print_on() crashes if
    free BasicObjectLock exists in frame
    + JDK-8294705: Disable an assertion in
    test/jdk/java/util/DoubleStreamSums/CompensatedSums.java
    + JDK-8294947: Use 64bit atomics in patch_verified_entry on
    x86_64
    + JDK-8295116: C2: assert(dead->outcnt() == 0 &&
    !dead->is_top()) failed: node must be dead
    + JDK-8295211: Fix autoconf 2.71 warning "AC_CHECK_HEADERS: you
    should use literals"
    + JDK-8295405: Add cause in a couple of
    IllegalArgumentException and InvalidParameterException shown
    by sun/security/pkcs11 tests
    + JDK-8295412: support latest VS2022 MSC_VER in
    abstract_vm_version.cpp
    + JDK-8295530: Update Zlib Data Compression Library to Version
    1.2.13
    + JDK-8295685: Update Libpng to 1.6.38
    + JDK-8295774: Write a test to verify List sends
    ItemEvent/ActionEvent
    + JDK-8295777: java/net/httpclient/ConnectExceptionTest.java
    should not rely on system resolver
    + JDK-8295788: C2 compilation hits "assert((mode ==
    ControlAroundStripMined && use == sfpt) ||
    !use->is_reachable_from_root()) failed: missed a node"
    + JDK-8296239: ISO 4217 Amendment 174 Update
    + JDK-8296611: Problemlist several sun/security tests until
    + JDK-8295343 is resolved
    + JDK-8296619: Upgrade jQuery to 3.6.1
    + JDK-8296675: Exclude linux-aarch64 in NSS tests
    + JDK-8296878: Document Filter attached to JPasswordField and
    setText("") is not cleared instead inserted characters
    replaced with unicode null characters
    + JDK-8296904: Improve handling of macos xcode toolchain
    + JDK-8296912: C2: CreateExNode::Identity fails with assert(i <
    _max) failed: oob: i=1, _max=1
    + JDK-8296924: C2:
    assert(is_valid_AArch64_address(dest.target())) failed: bad
    address
    + JDK-8297088: Update LCMS to 2.14
    + JDK-8297257: Bump update version for OpenJDK: jdk-11.0.19
    + JDK-8297264: C2: Cast node is not processed again in CCP and
    keeps a wrong too narrow type which is later replaced by top
    + JDK-8297480: GetPrimitiveArrayCritical in imageioJPEG misses
    result - NULL check
    + JDK-8297489: Modify TextAreaTextEventTest.java as to verify
    the content change of TextComponent sends TextEvent
    + JDK-8297569: URLPermission constructor throws
    IllegalArgumentException: Invalid characters in hostname
    after JDK-8294378
    + JDK-8297951: C2: Create skeleton predicates for all If nodes
    in loop predication
    + JDK-8297963: Partially fix string expansion issues in
    UTIL_DEFUN_NAMED and related macros
    + JDK-8298027: Remove SCCS id's from awt jtreg tests
    + JDK-8298073: gc/metaspace/
    /CompressedClassSpaceSizeInJmapHeap.java causes test task
    timeout on macosx
    + JDK-8241293: CompressedClassSpaceSizeInJmapHeap.java time out
    after 8 minutes
    + JDK-8298093: improve cleanup and error handling of
    awt_parseColorModel in awt_parseImage.c
    + JDK-8298108: Add a regression test for JDK-8297684
    + JDK-8298129: Let checkpoint event sizes grow beyond u4 limit
    + JDK-8298271: java/security/SignedJar/spi-calendar-provider/
    /TestSPISigned.java failing on Windows
    + JDK-8298459: Fix msys2 linking and handling out of tree build
    directory for source zip creation
    + JDK-8298527: Cygwin's uname -m returns different string than
    before
    + JDK-8299194: CustomTzIDCheckDST.java may fail at future date
    + JDK-8299296: Write a test to verify the components selection
    sends ItemEvent
    + JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java
    fails for hr_HR
    + JDK-8299483: ProblemList java/text/Format/NumberFormat/
    /CurrencyFormat.java
    + JDK-8299445: EndingDotHostname.java fails because of
    compilation errors
    + JDK-8299520: TestPrintXML.java output error messages in case
    compare fails
    + JDK-8299596: [11u] Remove designator
    DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.19
    + JDK-8299616: [11u] Bootcycle build fails after JDK-8257679
    backport
    + JDK-8299789: Compilation of gtest causes build to fail if
    runtime libraries are in different dirs
    + JDK-8300119: CgroupMetrics.getTotalMemorySize0() can report
    invalid results on 32 bit systems
    + JDK-8300424: [11u] Chunk lost in backport of 8297569
    + JDK-8300642: [17u,11u] Fix DEFAULT_PROMOTED_VERSION_PRE=ea
    for -dev
    + JDK-8300742: jstat's CGCT is 5 percent higher than the pause
    time in -Xlog:gc.
    + JDK-8300773: Address the inconsistency between the constant
    array and pool size
    + JDK-8301397: [11u, 17u] Bump jtreg to fix issue with build
    JDK 11.0.18
    + JDK-8301760: Fix possible leak in SpNegoContext dispose
    + JDK-8301842: JFR: increase checkpoint event size for
    stacktrace and string pool
    + JDK-8302000: [11u] A subtle race condition during jdk11u
    build
    + JDK-8218460: Test generation scripts do not invoke stream
    preprocessor correctly
    + JDK-8302657: [11u] Add missing '(' in makefile after backport
    of 8218431
    + JDK-8302694: [11u] Update GHA Boot JDK to 11.0.18
    + JDK-8302903: [11u] Add modified test snippet after backport
    of JDK-8221871
    + JDK-8303075: [11u] Add CompileClassWithDebugTest to
    ProblemList for 8303074
    + JDK-8304389: [11u] Crash on Windows in C2 compiled code after
    8248238 and 8218431
- Modified patch:
  * fips.patch
    + adapt to changed context
javamail
- Add alias to com.sun.mail:jakarta.mail needed by ant-javamail

- Remove all parents, since this package is not built with maven
- Assure that every dependency has a version, or at least "any"
  * fixes use with gradle

- Build against the standalone JavaEE modules unconditionally

- Build with source/target levels 8

- Add glassfish-activation-api dependency for relevant distribution
  versions to make buildable with JDK that does not contain the
  JavaEE modules
javapackages-tools
- Update to upstream version 6.1.0
  * Release version 6.1.0
  * Introduce common and extra subpackages
  * Update documentation
  * Add lua interpreter to check and GH actions
  * Remove license headers from wrapper scripts
  * Make scripts compatible with rpmlua
  * Add more tests, fix behaviour
  * Implement separate simple class name matching
  * Minor changes
  * Modularize Lua scripts
  * Add Lua scripts for removing annotations
  * Update build status badge in README.md
  * Migrate CI from TravisCI to GitHub Actions
  * Fix running tests without coverage
  * Update ivy-local-classpath
  * Release version 6.0.0
  * Fix extra XML handling of pom_change_dep
  * Add reproducer for #82
  * Respect %jpb_env RPM macro
  * Add bootstrap metadata to XMvn resolver config
  * Delete run_tests.py
  * Replace nose by pytest
  * [install] Make glob pattern work with Python 3.10
  * Adding ppc64le architecture support on travis-ci
  * Drop deprecated add_maven_depmap macro
  * Drop SCL support
  * Fix provides matching
  * Fix builddep snippet generation
  * [test] Add test for builddep snippet generation
  * Add location of java binary used by the java-1.8.0-openjdk
    (JRE) package so that setting JAVA_HOME will work correctly
  * Use XMvn Javadoc MOJO by default
  * Remove explicit import of Python 3 features
  * Remove dependency on Six compatibility library
  * Fix invalid <skippedPlugins> in XMvn configuration
  * [test] Don't try to kill PID 1 during tests
  * [travis] Drop Python 2 from test matrix
  * Add separate subpackage with RPM generators
  * mvn_build: replace inline shell scriptlet with native python
    code
  * [test] Don't use networking during tests
  * Add apache-rat-plugin to skippedPlugins
  * Skip execution of various Maven plugins
  * Remove Python 3.5 from .travis.yml
  * Make generated javadoc package noarch
- Added patch:
  * javapackages-6.1.0-maven-depmap.patch
    + Bulk patch correspoding to our pull request
    https://github.com/fedora-java/javapackages/pull/92 which
    brings back some of the removed tools that we depend on
    heavily
- Modified patches:
  * python-optional.patch
  * suse-use-libdir.patch
    + Rediff to changed context
- Removed patches:
  * 0001-Let-maven_depmap.py-generate-metadata-with-dependenc.patch
  * 0002-Do-not-try-to-construct-POM-from-maven-coordinate-st.patch
  * 0003-Fix-tests-after-the-recent-maven_depmap.py-changes.patch
    + Already part of the above-mentioned bulk patch
  * 0004-Remove-dependency-on-Six-compatibility-library.patch
    + Upstream patch already integrated in the 6.x code-line

- Fix wrong conditioning of the python-six require.

- Added patch:
  * 0004-Remove-dependency-on-Six-compatibility-library.patch
    + remove dependency on python-six for newer distributions

- Added patches:
  * 0001-Let-maven_depmap.py-generate-metadata-with-dependenc.patch
  * 0002-Do-not-try-to-construct-POM-from-maven-coordinate-st.patch
  * 0003-Fix-tests-after-the-recent-maven_depmap.py-changes.patch
    + Let maven_depmap.py generate metadata with dependencies under
    certain circumstances

- Fix typo in suse-use-libdir.patch:
  %{_libdir}/jvm-commmon -> %{_libdir}/jvm-common

- Do not run tests on SLE12, since python3-test is not accessible

- Can't assume non-existence of python38 macros in Leap.
  gh#openSUSE/python-rpm-macros#107
  Test for suse_version instead. Only Tumbleweed has and needs the
  python_subpackage_only support.

- Fix typo in spec file sitearch -> sitelib

- Fix the python subpackage generation
  gh#openSUSE/python-rpm-macros#79

- Support python subpackages for each flavor
  gh#openSUSE/python-rpm-macros#66
- Replace old nose with pytest gh#fedora-java/javapackages#86

- when building extra flavor, BuildRequire javapackages-filesystem:
  /etc/java is being cleaned out of the filesystems package.

- Upgrade to version 5.3.1
- Modified patch:
  * suse-use-libdir.patch
    + rediff to changed context
- Define _rpmmacrodir for distributions that don't have it

- Use %{_rpmmacrodir} instead of %{_libexecdir}/rpm/macros.d: this
  just happens to overlap in some distros.
javassist
- Clean up the spec file and make it actually build on a vanilla
  SLE-12-SP5
- Modified patch:
  * javassist-java8-compat.patch
    + make remove functions that are not available in java 8

- Version update to 3.29.2:
  * Include` Automatic-Module-Name in MANIFEST.MF
- Rebased javassist-osgi.patch and corrected version numbers in
  the patch.

- Version update to 3.29.1:
  * `Readme.html` was deleted.
- Rebased javassist-osgi.patch and corrected version numbers in
  the patch.

- Requires java >= 1.8
- Rebased patches:
  * javassist-osgi.patch
- Version update to 3.29.0:
  * removes an unused import declaration as PR 384 mentions.
  * Merge pull request #382 from tim-hoffman/PR_RemoveStringBuffer
  * Merge pull request #383 from tim-hoffman/PR_ArrayCopyPerformance
  * uncomments test code suggested by PR405
  * cancels PR#391, which does not pass all the tests
  * fixes a wrong indentation
  * Merge pull request #391 from derklaro/fix-method-naming-syntax
  * does refactoring
  * fixes a bug in SignatureAttribute.renameClass().
  * fixs a compilation problem although one test still fails.
  * Merge pull request #299 from pietrobraione/master
  * Merge branch 'master' into master
  * Merge pull request #278 from ximsfei/master
  * Merge pull request #390 from derklaro/master
  * changes test code because package
    java.rmi.activation.ActivationGroupDesc does not exist any
    longer.
  * deletes src/test/test2/*.class
  * Merge pull request #399 from carldea/master
  * Merge pull request #409 from aschleck/patch-1
  * Remove redundant type check
  * Using TCK Tested JDK builds of OpenJDK
  * Merge pull request #395 from aburaksahin/master
  * Fix for NullPointerException on detach()
  * Only wrap the method name if the method doesn't come from the
    same decl class
  * Lower requirement for an extra type in constructor to Java 7-
  * Replace array copy loop with System.arraycopy
  * Replace remaining StringBuffer uses with StringBuilder
  * Replace StringBuffer with StringBuilder and other minor String
    optimizations
  * fixes GitHub Issue 378 (wrong link for apache license)
  * updates javassist.Loader to exclude jdk.internal.
  * Fixes to support the full syntax of possible signatures
  * Fix renaming of classes in presence of generic signatures and
    nested classes.
  * add unit test
  * fixes a bug of ClassFile#renameClass(), some imports could not
    be successfully renamed

- Rebased osgi patch: javassist-osgi.patch
- Rebased java8 compat patch: javassist-java8-compat.patch
- Requires Java API >= 1.7

- Added patch:
  * javassist-osgi.patch
    + Add OSGi manifest to the javassist.jar
jdom
- Security fix: [bsc#1187446, CVE-2021-33813]
  * XXE issue in SAXBuilder can cause a denial of service via
    a crafted HTTP request
- Add jdom-CVE-2021-33813.patch
- Remove unneeded dependency on glassfish-jaxb-api.

- Build against the standalone JavaEE modules unconditionally

- Modified patch:
  * jdom-1.1-build.xml.patch
    + Build with source/target levels 8

- Build against standalone jaxb-api on distributions that have
  JDK without the JavaEE modules

- Alias the xom artifact to the new com.io7m.xom groupId

- Update jaxen to version 1.1.6
  * Bug fixes

- Increase java stack size to avoid overflow
joda-time
- Build with java source and target levels 8
jzlib
- Build with java source and target levels 8
kernel-default
- Refresh patches.suse/powerpc-Move-DMA64_PROPNAME-define-to-a-header.patch.
- commit d263157

- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
- commit a3ff58c

- drm/vmwgfx: Test shader type against SVGA3d_SHADERTYPE_MIN (bsc#1203517 CVE-2022-36402)
- commit 5b2dbae

- powerpc/rtas: remove ibm_suspend_me_token (bsc#1023051).
- commit 4f01e57

- Do not add and remove genksyms ifdefs
- Refresh patches.kabi/lockdown-kABI-workaround-for-lockdown_reason-changes.patch.
- Refresh patches.suse/lockdown-also-lock-down-previous-kgdb-use.patch.
- commit e497b88

- powerpc/rtas: move syscall filter setup into separate function
  (bsc#1023051).
- commit a36442d

- x86/speculation: Add cpu_show_gds() prototype (git-fixes).
- commit 5d94fff

- x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
- commit 5ab0096

- blacklist.conf: Blacklist redundant docu patch
- commit 1c6d737

- Sort recent hw security-related patches
  Move them to the sorted section and adjust patches accordingly.
- Refresh patches.suse/kvm-add-gds_no-support-to-kvm.patch.
- Refresh
  patches.suse/x86-speculation-add-force-option-to-gds-mitigation.patch.
- Refresh
  patches.suse/x86-speculation-add-gather-data-sampling-mitigation.patch.
- Refresh
  patches.suse/x86-speculation-add-kconfig-option-for-gds.patch.
- Refresh
  patches.suse/x86-srso-add-a-speculative-ras-overflow-mitigation.patch.
- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
- commit 5c87dd7

- Input: cyttsp4_core - change del_timer_sync() to
  timer_shutdown_sync() (bsc#1213971 CVE-2023-4134).
- commit 3ffe891

- powerpc/rtas: block error injection when locked down
  (bsc#1023051).
  Refresh patches.kabi/lockdown-kABI-workaround-for-lockdown_reason-changes.patch
- commit 3bd253d

- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- commit 3251f7a

- powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297
  ltc#197503).
- commit c36e5b8

- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (bsc#1213927, CVE-2023-20588).
- commit 48fc5d8

- x86/CPU/AMD: Do not leak quotient data after a division by 0 (bsc#1213927, CVE-2023-20588).
- commit 5e5738e

- net: vmxnet3: fix possible NULL pointer dereference in
  vmxnet3_rq_cleanup() (bsc#1214451 CVE-2023-4459).
- commit 1ac9015

- net: nfc: Fix use-after-free caused by nfc_llcp_find_local
  (bsc#1213601 CVE-2023-3863).
- nfc: llcp: simplify llcp_sock_connect() error paths (bsc#1213601
  CVE-2023-3863).
- nfc: llcp: nullify llcp_sock->dev on connect() error paths
  (bsc#1213601 CVE-2023-3863).
- commit 9d4529d

- kabi/severities: Ignore newly added SRSO mitigation functions
- commit 95ed32f

- x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
- commit 309af7f

- x86/srso: Explain the untraining sequences a bit more (git-fixes).
- commit fa09ab7

- x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
- commit 5038558

- x86/cpu: Cleanup the untrain mess (git-fixes).
- commit eda7e6d

- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- commit 6e5dea6

- xfrm: add NULL check in xfrm_update_ae_params (bsc#1213666
  CVE-2023-3772).
- commit fdc40c6

- x86/cpu: Rename original retbleed methods (git-fixes).
- commit 554babe

- x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
- commit a99796e

- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (git-fixes).
- commit 2b91cd9

- Update config files. Drop the dpt_i2o kernel module.
  For: jsc#PED-4579, CVE-2023-2007
- commit 6a43698

- fs: jfs: fix possible NULL pointer dereference in dbFree() (bsc#1214348 CVE-2023-4385).
- commit ee83171

- xfs: fix sb write verify for lazysbcount (bsc#1214275).
- commit 37c728c

- xfs: update superblock counters correctly for !lazysbcount
  (bsc#1214275).
- commit 2b6e01d

- xfs: gut error handling in xfs_trans_unreserve_and_mod_sb()
  (bsc#1214275).
- commit e55f7c6

- pseries/iommu/ddw: Fix kdump to work in absence of
  ibm,dma-window (bsc#1214297 ltc#197503).
- commit ea499bc

- net: vmxnet3: fix possible use-after-free bugs in
  vmxnet3_rq_alloc_rx_buf() (bsc#1214350 CVE-2023-4387).
- commit 0fa208f

- e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738).
- commit dfa3fd7

- intel/e1000:fix repeated words in comments (jsc#PED-5738).
- commit e5d93d0

- e1000: Fix typos in comments (jsc#PED-5738).
- commit 64fd6bc

- e1000: switch to napi_consume_skb() (jsc#PED-5738).
- commit 1ad8d9c

- intel: remove checker warning (jsc#PED-5738).
- commit c3ad152

- net: e1000: remove repeated words for e1000_hw.c (jsc#PED-5738).
- commit ace3bf9

- net: e1000: remove repeated word "slot" for e1000_main.c
  (jsc#PED-5738).
- commit cfd4849

- e1000: Fix fall-through warnings for Clang (jsc#PED-5738).
- commit 7817f78

- e1000: drop unneeded assignment in e1000_set_itr()
  (jsc#PED-5738).
- commit d2ba4db

- io_uring: Acquire completion_lock around io_get_deferred_req
  (bsc#1213272 CVE-2023-21400).
- commit 84db304

- md/raid0: Fix performance regression for large sequential writes
  (bsc#1213916).
- md/raid0: Factor out helper for mapping and submitting a bio
  (bsc#1213916).
- commit b0544bd

- media: usb: siano: Fix warning due to null work_func_t function
  pointer (bsc#1213969 CVE-2023-4132).
- commit c44d7c3

- media: usb: siano: Fix use after free bugs caused by
  do_submit_urb (bsc#1213969 CVE-2023-4132).
- commit a27f430

- net/sched: cls_route: No longer copy tcf_result on update  to
  avoid use-after-free (bsc#1214149 CVE-2023-4128).
- net/sched: cls_fw: No longer copy tcf_result on update to
  avoid use-after-free (bsc#1214149 CVE-2023-4128).
- net/sched: cls_u32: No longer copy tcf_result on update  to
  avoid use-after-free (bsc#1214149 CVE-2023-4128).
- commit ea3bad4

- exfat: check if filename entries exceeds max filename length
  (bsc#1214120 CVE-2023-4273).
- commit d8c4244

- series.conf: resort
- commit b2ee92a

- netfilter: nf_tables: disallow rule addition to bound chain
  via NFTA_RULE_CHAIN_ID (CVE-2023-4147 bsc#1213968).
- commit 1258138

- cxgb4: fix use after free bugs caused by circular dependency
  problem (bsc#1213970 CVE-2023-4133).
- timers: Provide timer_shutdown[_sync]() (bsc#1213970).
- timers: Add shutdown mechanism to the internal functions
  (bsc#1213970).
- timers: Split [try_to_]del_timer[_sync]() to prepare for
  shutdown mode (bsc#1213970).
- timers: Silently ignore timers with a NULL function
  (bsc#1213970).
- timers: Rename del_timer() to timer_delete() (bsc#1213970).
- timers: Rename del_timer_sync() to timer_delete_sync()
  (bsc#1213970).
- timers: Use del_timer_sync() even on UP (bsc#1213970).
- timers: Update kernel-doc for various functions (bsc#1213970).
- timers: Replace BUG_ON()s (bsc#1213970).
- clocksource/drivers/sp804: Do not use timer namespace for
  timer_shutdown() function (bsc#1213970).
- clocksource/drivers/arm_arch_timer: Do not use timer namespace
  for timer_shutdown() function (bsc#1213970).
- ARM: spear: Do not use timer namespace for timer_shutdown()
  function (bsc#1213970).
- commit 6a1c404

- xen/netback: Fix buffer overrun triggered by unusual packet
  (CVE-2023-34319, XSA-432, bsc#1213546).
- commit 3617080

- x86/srso: Tie SBPB bit setting to microcode patch detection (bsc#1213287, CVE-2023-20569).
- commit 3f35ab4

- net: tun_chr_open(): set sk_uid from current_fsuid()
  (CVE-2023-4194 bsc#1214019).
- commit 25c979d

- net: tap_open(): set sk_uid from current_fsuid() (CVE-2023-4194
  bsc#1214019).
- commit b03d1d8

- x86/microcode/AMD: Make stub function static inline
  (bsc#1213868).
- Refresh patches.suse/x86-cpu-amd-add-a-zenbleed-fix.patch.
- commit f587833

- mm: Move mm_cachep initialization to mm_init() (bsc#1206418, CVE-2022-40982).
- commit 487512d

- bpf: add missing header file include (bsc#1211738
  CVE-2023-0459).
- commit 0e6ab49

- locking/rwsem: Add __always_inline annotation to
  __down_read_common() and inlined callers (bsc#1207270
  jsc#PED-4567).
- commit 9e46337

- locking/rwsem: Disable preemption in all down_write*() and
  up_write() code paths (bsc#1207270 jsc#PED-4567).
- commit e8b39d0

- locking/rwsem: Disable preemption in all down_read*() and
  up_read() code paths (bsc#1207270 jsc#PED-4567).
- commit f20a53f

- locking/rwsem: Prevent non-first waiter from spinning in
  down_write() slowpath (bsc#1207270 jsc#PED-4567).
- commit 9c40fdf

- locking/rwsem: Disable preemption while trying for rwsem lock
  (bsc#1207270 jsc#PED-4567).
- commit d6741e8

- locking/rwsem: Allow slowpath writer to ignore handoff bit if
  not set by first waiter (bsc#1207270 jsc#PED-4567).
- commit 22681e5

- locking/rwsem: Always try to wake waiters in out_nolock path
  (bsc#1207270 jsc#PED-4567).
- commit 2dd13e8

- locking/rwsem: Conditionally wake waiters in reader/writer
  slowpaths (bsc#1207270 jsc#PED-4567).
- commit c20a7d3

- locking/rwsem: No need to check for handoff bit if wait queue
  empty (bsc#1207270 jsc#PED-4567).
- commit 7d6a2e9

- locking: Add missing __sched attributes (bsc#1207270
  jsc#PED-4567).
- commit 0f7a2d1

- locking/rwsem: Optimize down_read_trylock() under highly
  contended case (bsc#1207270 jsc#PED-4567).
- commit 46658e6

- locking/rwsem: Make handoff bit handling more consistent
  (bsc#1207270 jsc#PED-4567).
- commit e47427d

- locking/rwsem: Fix comments about reader optimistic lock
  stealing conditions (bsc#1207270 jsc#PED-4567).
- commit 4a0d7cf

- locking: Remove rcu_read_{,un}lock() for preempt_{dis,en}able()
  (bsc#1207270 jsc#PED-4567).
- commit ee007db

- lockdep: Add preemption enabled/disabled assertion APIs
  (bsc#1207270 jsc#PED-4567).
- commit 1386d93

- locking/rwsem: Disable preemption for spinning region
  (bsc#1207270 jsc#PED-4567).
- commit 0fad749

- locking/rwsem: Remove an unused parameter of rwsem_wake()
  (bsc#1207270 jsc#PED-4567).
- commit b255b46

- locking/rwsem: Fix comment typo (bsc#1207270 jsc#PED-4567).
- commit 0ac673a

- locking/rwsem: Remove reader optimistic spinning (bsc#1207270
  jsc#PED-4567).
- commit 4b129c1

- locking/rwsem: Enable reader optimistic lock stealing
  (bsc#1207270 jsc#PED-4567).
- commit 7c0e82a

- locking/rwsem: Prevent potential lock starvation (bsc#1207270
  jsc#PED-4567).
- commit 00b076e

- locking/rwsem: Pass the current atomic count to
  rwsem_down_read_slowpath() (bsc#1207270 jsc#PED-4567).
- commit 1d2b5fa

- locking/rwsem: Fold __down_{read,write}*() (bsc#1207270
  jsc#PED-4567).
- commit fd0b8b5

- locking/rwsem: Introduce rwsem_write_trylock() (bsc#1207270
  jsc#PED-4567).
- commit daa9d5f

- locking/rwsem: Better collate rwsem_read_trylock() (bsc#1207270
  jsc#PED-4567).
- commit 23252c2

- rwsem: Implement down_read_interruptible (bsc#1207270
  jsc#PED-4567).
- commit 07e26fd

- rwsem: Implement down_read_killable_nested (bsc#1207270
  jsc#PED-4567).
- commit 42f4ca4

- locking/rwsem: Prepare for a rwsem backport
  The rwsem backport will enable the kernel to run on large VMs in Azure
  (M416v2, M832v2). The rwsem code is going to be updated with newest
  features one of which disables optimistic spinning for readers.
- blacklist.conf: Remove an entry that is part of the backported
  patch set.
- Delete
  patches.suse/locking-rwsem-Disable-reader-optimistic-spinning.patch.
- commit d354394

- ipv6: rpl: Fix Route of Death (CVE-2023-2156 bsc#1211131).
- commit 5601bfa

- x86/srso: Add IBPB on VMEXIT (bsc#1213287, CVE-2023-20569).
- commit f2c709c

- x86/srso: Add IBPB (bsc#1213287, CVE-2023-20569).
- commit ef6bc71

- x86/srso: Add SRSO_NO support (bsc#1213287, CVE-2023-20569).
- commit a905016

- x86/cpu, kvm: Add support for CPUID_80000021_EAX (bsc#1213287, CVE-2023-20569).
- Refresh patches.suse/x86-cpufeatures-add-kabi-padding.patch.
- commit f39cd8f

- x86/srso: Add IBPB_BRTYPE support (bsc#1213287, CVE-2023-20569).
- commit 5d6a6a0

- x86: Sanitize linker script (bsc#1213287, CVE-2023-20569).
- commit 8ff4f99

- x86/retbleed: Add __x86_return_thunk alignment checks (bsc#1213287, CVE-2023-20569).
- commit e623809

- x86/srso: Add a Speculative RAS Overflow mitigation (bsc#1213287, CVE-2023-20569).
- commit 707be59

- kernel-binary.spec.in: Remove superfluous %% in Supplements
  Fixes: 02b7735e0caf ("rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs")
- commit 264db74

- net/sched: sch_qfq: account for stab overhead in qfq_enqueue
  (CVE-2023-3611 bsc#1213585).
- net/sched: sch_qfq: refactor parsing of netlink parameters
  (bsc#1213585).
- blacklist follow-up commit 158810b261d0 ("net/sched: sch_qfq: reintroduce
  lmax bound check for MTU") as unlike the original upstream commit, our
  backport does not remove the check
- commit 609da2e

- net/sched: cls_u32: Fix reference counter leak leading to
  overflow (CVE-2023-3609 bsc#1213586).
- commit b22e9b9

- net/sched: cls_fw: Fix improper refcount update leads to
  use-after-free (CVE-2023-3776 bsc#1213588).
- commit b7fc513

- vc_screen: don't clobber return value in vcs_read (bsc#1213167
  CVE-2023-3567).
- vc_screen: modify vcs_size() handling in vcs_read() (bsc#1213167
  CVE-2023-3567).
- vc_screen: move load of struct vc_data pointer in vcs_read()
  to avoid UAF (bsc#1213167 CVE-2023-3567).
- commit da930b7

- block, bfq: Fix division by zero error on zero wsum
  (bsc#1213653).
- commit 67879a5

- x86/xen: Fix secondary processors' FPU initialization (bsc#1206418, CVE-2022-40982).
- commit 8a9c409

- x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1206418, CVE-2022-40982).
- commit d9e45bd

- x86/fpu: Mark init functions __init (bsc#1206418, CVE-2022-40982).
- commit 613212d

- x86/fpu: Remove cpuinfo argument from init functions (bsc#1206418).
- commit 82c61db

- init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418).
- commit 6fb5f8f

- init: Invoke arch_cpu_finalize_init() earlier (bsc#1206418).
- commit 8ef61c6

- init: Remove check_bugs() leftovers (bsc#1206418).
- commit a639423

- ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1206418).
- commit cbb96e9

- x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1206418).
- commit 7fa4777

- x86/mm: Initialize text poking earlier (bsc#1206418, CVE-2022-40982).
- Refresh patches.suse/init-provide-arch_cpu_finalize_init.patch.
- commit 9784a5e

- init: Provide arch_cpu_finalize_init() (bsc#1206418).
- commit f81d332

- x86/mm: fix poking_init() for Xen PV guests (bsc#1206418, CVE-2022-40982).
- commit b12d1bf

- x86/mm: Use mm_alloc() in poking_init() (bsc#1206418, CVE-2022-40982).
- commit 9a1d45f

- net: tun: fix bugs for oversize packet when napi frags enabled
  (bsc#1213543 CVE-2023-3812).
- commit 5e9be17

- netfilter: nf_tables: do not ignore genmask when looking up
  chain by id (CVE-2023-31248 bsc#1213061).
- commit 414921d

- netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
  (CVE-2023-35001 bsc#1213059).
- commit b0acbe2

- uaccess: Add speculation barrier to copy_from_user()
  (bsc#1211738 CVE-2023-0459).
- commit 93eec59

- netfilter: nf_tables: incorrect error path handling with
  NFT_MSG_NEWRULE (CVE-2023-3390 CVE-2023-3117 bsc#1212846
  bsc#1213245).
- commit 176a7df

- KVM: Add GDS_NO support to KVM (bsc#1206418, CVE-2022-40982).
- commit 6550823

- x86/speculation: Add Kconfig option for GDS (bsc#1206418, CVE-2022-40982).
- commit eb94624

- x86/speculation: Add force option to GDS mitigation (bsc#1206418, CVE-2022-40982).
- commit 79691d3

- x86/speculation: Add Gather Data Sampling mitigation (bsc#1206418, CVE-2022-40982).
- commit 74a70bc

- ocfs2: fix defrag path triggering jbd2 ASSERT (bsc#1199304).
- ocfs2: fix a deadlock when commit trans (bsc#1199304).
- jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304).
- ocfs2: fix race between searching chunks and release
  journal_head from buffer_head (bsc#1199304).
- commit f86bdfe

- Refresh
  patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s-asso.patch.
- commit d8b8cf8

- x86/cpu/amd: Add a Zenbleed fix (bsc#1213286, CVE-2023-20593).
- commit c2a9155

- x86/cpu/amd: Move the errata checking functionality up (bsc#1213286, CVE-2023-20593).
- commit d7a9bc3

- rpm: Update dependency to match current kmod.
- commit d687dc3

- keys: Do not cache key in task struct if key is requested from
  kernel thread (bsc#1213354).
- commit 0121b9a

- net: mana: Add support for vlan tagging (bsc#1212301).
- commit 613e87e

- fs: hfsplus: fix UAF issue in hfsplus_put_super  (bsc#1211867, CVE-2023-2985).
- commit e01b911

- rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME
  They depend on CONFIG_TOOLCHAIN_HAS_*.
- commit 1007103

- ubi: Fix failure attaching when vid_hdr offset equals to
  (sub)page size (bsc#1210584).
- ubi: ensure that VID header offset + VID header size <= alloc,
  size (bsc#1210584).
- commit 8f5f025

- Remove more packaging cruft for SLE < 12 SP3
- commit a16781c

- Get module prefix from kmod (bsc#1212835).
- commit f6691b0

- rpm/check-for-config-changes: ignore also PAHOLE_HAS_*
  We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE.
- commit 86b52c1

- usrmerge: Adjust module path in the kernel sources (bsc#1212835).
  With the module path adjustment applied as source patch only
  ALP/Tumbleweed kernel built on SLE/Leap needs the path changed back to
  non-usrmerged.
- commit dd9a820

- ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842
  CVE-2023-3090).
- commit ddb6922

- x86/build: Avoid relocation information in final vmlinux
  (bsc#1187829).
- commit 88b515e

- Refresh
  patches.suse/cifs-fix-open-leaks-in-open_cached_dir.patch.
  s/sync_hdr/hdr/ - fix build breakage on CONFIG_CIFS_DEBUG2=y.
- commit c3cb631

- kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
- commit 95a40a6

- HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes
  bsc#1212606 CVE-2023-3358).
- commit 7077c4f

- usb: gadget: udc: renesas_usb3: Fix use after free bug
  in renesas_usb3_remove due to race condition (bsc#1212513
  CVE-2023-35828).
- commit 1f06f62

- binfmt_elf: Take the mmap lock when walking the VMA list
  (bsc#1209039 CVE-2023-1249).
- commit 3f46ff2

- bluetooth: Perform careful capability checks in hci_sock_ioctl()
  (bsc#1210533 CVE-2023-2002).
- commit cb86eb0

- relayfs: fix out-of-bounds access in relay_file_read
  (bsc#1212502 CVE-2023-3268).
- kernel/relay.c: fix read_pos error when multiple readers
  (bsc#1212502 CVE-2023-3268).
- commit 73e4027

- media: dm1105: Fix use after free bug in dm1105_remove due to
  race condition (bsc#1212501 CVE-2023-35824).
- commit 0c9d507

- media: saa7134: fix use after free bug in saa7134_finidev due
  to race condition (bsc#1212494 CVE-2023-35823).
- commit 61b38d8

- net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
  (CVE-2023-35788 bsc#1212504).
- commit 865936b

- Drop a buggy dvb-core fix patch (bsc#1205758)
  Also the kabi workaround is dropped, too
- commit 7ace3fb

- cifs: fix open leaks in open_cached_dir() (bsc#1209342).
- commit 82c30e2

- kernel-docs: Add buildrequires on python3-base when using python3
  The python3 binary is provided by python3-base.
- commit c5df526

- fbcon: Check font dimension limits (CVE-2023-3161 bsc#1212154).
- commit 6f6d21f

- Move setting %%build_html to config.sh
- commit 3f65cd5

- memstick: r592: Fix UAF bug in r592_remove due to race condition
  (CVE-2023-3141 bsc#1212129 bsc#1211449).
- commit 4d760e7

- firewire: fix potential uaf in outbound_phy_packet_callback()
  (CVE-2023-3159 bsc#1212128).
- commit 444321d

- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- commit 7ebcbd5

- Move setting %%split_optional to config.sh
- commit 4519250

- Move setting %%supported_modules_check to config.sh
- commit d9c64aa

- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- commit 799f050

- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- commit 334fb4d

- Also include kernel-docs build requirements for ALP
- commit 114d088

- Move the kernel-binary conflicts out of the spec file.
  Thie list of conflicting packages varies per release.
  To reduce merge conflicts move the list out of the spec file.
- commit 4d81125

- sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077)
- commit a8f82d0

- Avoid unsuported tar parameter on SLE12
- commit f11765a

- gve: Remove the code of clearing PBA bit (bsc#1211519).
- gve: Secure enough bytes in the first TX desc for all TCP pkts
  (bsc#1211519).
- gve: Cache link_speed value from device (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Fix error return code in gve_prefill_rx_pages()
  (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path
  (bsc#1211519).
- gve: Fix GFP flags when allocing pages (bsc#1211519).
- google/gve:fix repeated words in comments (bsc#1211519).
- gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519).
- gve: enhance no queue page list detection (bsc#1211519).
- commit 5088617

- Move obsolete KMP list into a separate file.
  The list of obsoleted KMPs varies per release, move it out of the spec
  file.
- commit 016bc55

- Trim obsolete KMP list.
  SLE11 is out of support, we do not need to handle upgrading from SLE11
  SP1.
- commit 08819bb

- Generalize kernel-doc build requirements.
- commit 23b058f

- kernel-binary: Add back kernel-default-base guarded by option
  Add configsh option for splitting off kernel-default-base, and for
  not signing the kernel on non-efi
- commit 28c22af

- net: rpl: fix rpl header size calculation (CVE-2023-2156
  bsc#1211131).
- commit 884cd15

- Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622).
- commit 6cf7013

- usrmerge: Compatibility with earlier rpm (boo#1211796)
- commit 2191d32

- Fix usrmerge error (boo#1211796)
- commit da84579

- Update References
  patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch
  (bsc#1198400 bsc#1209779 CVE-2023-1637).
- commit 23e11e7

- tcp: Fix data races around icsk->icsk_af_ops (bsc#1204405
  CVE-2022-3566).
- commit d1f836b

- Remove usrmerge compatibility symlink in buildroot (boo#1211796)
  Besides Makefile depmod.sh needs to be patched to prefix /lib/modules.
  Requires corresponding patch to kmod.
- commit b8e00c5

- Update
  patches.suse/netfilter-x_tables-use-correct-memory-barriers.patch
  (bsc#1184208 CVE-2021-29650 bsc#1211596 CVE-2020-36694).
- commit 0092ed2

- HID: asus: use spinlock to safely schedule workers (bsc#1208604
  CVE-2023-1079).
- commit df4ce9a

- HID: asus: use spinlock to protect concurrent accesses
  (bsc#1208604 CVE-2023-1079).
- commit 4b7a2e4

- ipv6: sr: fix out-of-bounds read when setting HMAC data
  (bsc#1211592).
- commit f37c1a1

- power: supply: bq24190: Fix use after free bug in bq24190_remove
  due to race condition (CVE-2023-33288 bsc#1211590).
- commit 3e2047c

- kernel-source: Remove unused macro variant_symbols
- commit 915ac72

- media: dvb_net: kABI workaround (CVE-2022-45886 bsc#1205760).
- media: dvb_frontend: kABI workaround (CVE-2022-45885
  bsc#1205758).
- commit c99685c

- media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
  (CVE-2022-45887 bsc#1205762).
- media: dvb-core: Fix use-after-free due to race condition at
  dvb_ca_en50221 (CVE-2022-45919 bsc#1205803).
- media: dvb-core: Fix use-after-free due to race at
  dvb_register_device() (CVE-2022-45884 bsc#1205756).
- media: dvb-core: Fix use-after-free due on race condition at
  dvb_net (CVE-2022-45886 bsc#1205760).
- media: dvb-core: Fix kernel WARNING for blocking operation in
  wait_event*() (CVE-2023-31084 bsc#1210783).
- media: dvb-core: Fix use-after-free on race condition at
  dvb_frontend (CVE-2022-45885 bsc#1205758).
- commit f5d1bea

- media: dvbdev: fix error logic at dvb_register_device()
  (CVE-2022-45884 bsc#1205756).
- media: dvbdev: Fix memleak in dvb_register_device
  (CVE-2022-45884 bsc#1205756).
- media: media/dvb: Use kmemdup rather than duplicating its
  implementation (CVE-2022-45884 bsc#1205756).
- commit fa580d0

- net: sched: sch_qfq: prevent slab-out-of-bounds in
  qfq_activate_agg (bsc#1210940 CVE-2023-31436).
- commit eeb865d

- i2c: xgene-slimpro: Fix out-of-bounds bug in
  xgene_slimpro_i2c_xfer() (bsc#1210715 CVE-2023-2194).
- commit e9b03ca

- netrom: Fix use-after-free caused by accept on already
  connected socket (bsc#1211186 CVE-2023-32269).
- commit e76516d

- SUNRPC: Ensure the transport backchannel association
  (bsc#1211203).
- commit db18275

- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- commit 1c1a4cd

- netfilter: nf_tables: deactivate anonymous set from preparation
  phase (CVE-2023-32233 bsc#1211043).
- commit 8d253dc

- act_mirred: use the backlog for nested calls to mirred ingress
  (CVE-2022-4269 bsc#1206024).
- net/sched: act_mirred: better wording on protection against
  excessive stack growth (CVE-2022-4269 bsc#1206024).
- net/sched: act_mirred: refactor the handle of xmit
  (CVE-2022-4269 bsc#1206024).
- commit c36d39a

- wifi: brcmfmac: slab-out-of-bounds read in
  brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380).
- commit 238a208

- Remove obsolete rpm spec constructs
  defattr does not need to be specified anymore
  buildroot does not need to be specified anymore
- commit c963185

- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate
  obsoletes correctly (boo#1172073 bsc#1191731).
  rpm only supports full length release, no provides
- commit c9b5bc4

- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
  (bsc#1206878 bsc#1211105 CVE-2023-2513).
- commit 2a8658b

- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878
  bsc#1211105 CVE-2023-2513).
- commit 880db90

- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- commit d6c8c20

- net: qcom/emac: Fix use after free bug in emac_remove due to
  race condition (bsc#1211037 CVE-2023-2483).
- commit d3abec2

- Update patches.suse/io_uring-prevent-race-on-registering-fixed-files.patch
  Fix the missing the bsc# prefix for the bug number in the References tag.
- commit 704a6c4

- timens: Forbid changing time namespace for an io_uring process
  (bsc#1208474 CVE-2023-23586).
- commit 89cf4b3

- s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk
  driver (bsc#1199636).
- commit 6a9faa3

- xfs: verify buffer contents when we skip log replay (bsc#1210498
  CVE-2023-2124).
- commit 8eed3d3

- io_uring: prevent race on registering fixed files (1210414
  CVE-2023-1872).
- commit e53cfa3

- KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS
  (bsc#1206992 CVE-2022-2196).
- commit f66a218

- keys: Fix linking a duplicate key to a keyring's assoc_array
  (bsc#1207088).
- commit 527a5be

- xirc2ps_cs: Fix use after free bug in xirc2ps_detach
  (bsc#1209871 CVE-2023-1670).
- commit cfec974

- Drivers: vmbus: Check for channel allocation before looking
  up relids (git-fixes).
- commit de13f74

- scsi: iscsi_tcp: Fix UAF during login when accessing the shost
  ipaddress (bsc#1210647 CVE-2023-2162).
- commit d0a859e

- RDMA/core: Refactor rdma_bind_addr (bsc#1210629 CVE-2023-2176)
- commit 5886145

- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (bsc#1210629 CVE-2023-2176)
- commit 8b6288f

- RDMA/cma: Do not change route.addr.src_addr outside state checks (bsc#1210629 CVE-2023-2176)
- commit c706a03

- RDMA/cma: Make the locking for automatic state transition more clear (bsc#1210629 CVE-2023-2176)
- commit 7a43827

- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
- commit f513a6e

- x86/speculation: Allow enabling STIBP with legacy IBRS
  (bsc#1210506 CVE-2023-1998).
- commit d03ef09

- cifs: fix negotiate context parsing (bsc#1210301).
- commit 5d87bbe

- power: supply: da9150: Fix use after free bug in
  da9150_charger_remove due to race condition (CVE-2023-30772
  bsc#1210329).
- commit 61aa622

- k-m-s: Drop Linux 2.6 support
- commit 22b2304

- Remove obsolete KMP obsoletes (bsc#1210469).
- commit 7f325c6

- udmabuf: add back sanity check (git-fixes bsc#1210453
  CVE-2023-2008).
- commit b2b9158

- hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove
  due to race condition (CVE-2023-1855 bsc#1210202).
- commit 4401c6f

- netlink: limit recursion depth in policy validation
  (CVE-2020-36691 bsc#1209613).
- Refresh
  patches.suse/netlink-prevent-potential-spectre-v1-gadgets.patch.
- commit 374a1af

- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
  condition (git-fixes bsc#1210337 CVE-2023-1990).
- commit 775e632

- Bluetooth: btsdio: fix use after free bug in btsdio_remove
  due to unfinished work (CVE-2023-1989 bsc#1210336).
- commit e27c00d

- Update
  patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv2-R.patch
  (bsc#1205128 CVE-2022-43945 bsc#1210124).
- Update
  patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv3-R.patch
  (bsc#1205128 CVE-2022-43945 bsc#1210124).
- Update
  patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv3-Rdir.patch
  (bsc#1205128 CVE-2022-43945 bsc#1210124).
  Fix performance problem with these patches - bsc@1210124
- commit 4dbd22d

- btrfs: fix race between quota disable and quota assign ioctls
  (CVE-2023-1611 bsc#1209687).
- commit 3fdcd22

- Fix double fget() in vhost_net_set_backend() (bsc#1210203
  CVE-2023-1838).
- commit 7e671a8

- Define kernel-vanilla as source variant
  The vanilla_only macro is overloaded. It is used for determining if
  there should be two kernel sources built as well as for the purpose of
  determmioning if vanilla kernel should be used for kernel-obs-build.
  While the former can be determined at build time the latter needs to be
  baked into the spec file template. Separate the two while also making
  the latter more generic.
  $build_dtbs is enabled on every single rt and azure branch since 15.3
  when the setting was introduced, gate on the new $obs_build_variant
  setting as well.
- commit 36ba909

- series.conf: cleanup
- update upstream references and resort:
  - patches.suse/wifi-cfg80211-avoid-nontransmitted-BSS-list-corrupti.patch
- commit 9bae747

- net/ulp: use consistent error code when blocking ULP
  (CVE-2023-0461 bsc#1208787).
- net/ulp: prevent ULP without clone op from entering the LISTEN
  status (CVE-2023-0461 bsc#1208787).
- commit 028f0fd

- rpm/constraints.in: increase the disk size for armv6/7 to 24GB
  It grows and the build fails recently on SLE15-SP4/5.
- commit 41ac816

- rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE
  This new form was added in commit e89c2e815e76 ("riscv: Handle
  zicsr/zifencei issues between clang and binutils").
- commit 234baea

- seq_buf: Fix overflow in seq_buf_putmem_hex() (bsc#1209549
  CVE-2023-28772).
- commit 5c5e4d3

- PCI: hv: Add a per-bus mutex state_lock (bsc#1209785).
- Revert "PCI: hv: Fix a timing issue which causes kdump to fail
  occasionally" (bsc#1209785).
- PCI: hv: Remove the useless hv_pcichild_state from struct
  hv_pci_dev (bsc#1209785).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can
  cause panic (bsc#1209785).
- PCI: hv: fix a race condition bug in hv_pci_query_relations()
  (bsc#1209785).
- commit 6b9e385

- kvm: initialize all of the kvm_debugregs structure before
  sending it to userspace (bsc#1209532 CVE-2023-1513).
- commit bd9c11d

- Bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052
  CVE-2023-28464).
- commit 677d920

- net: tls: fix possible race condition between
  do_tls_getsockopt_conf() and do_tls_setsockopt_conf()
  (bsc#1209366 CVE-2023-28466).
- commit 5f7c4a6

- Move ENA upstream fix to sorted section.
- commit aff6c71

- RDMA/core: Don't infoleak GRH fields (bsc#1209778 CVE-2021-3923)
- commit 50ba48b

- tipc: fix NULL deref in tipc_link_xmit() (bsc#1209289
  CVE-2023-1390).
- commit b2c1533

- tun: avoid double free in tun_free_netdev (bsc#1209635
  CVE-2022-4744).
- commit c5cf205

- net/sched: tcindex: update imperfect hash filters respecting
  rcu (CVE-2023-1281 bsc#1209634).
- commit 97b3f9d

- fs/proc: task_mmu.c: don't read mapcount for migration entry
  (CVE-2023-1582, bsc#1209636).
- commit 35d5c42

- af_unix: Get user_ns from in_skb in unix_diag_get_exact()
  (bsc#1209290 CVE-2023-28327).
- commit 000517c

- netlink: prevent potential spectre v1 gadgets (bsc#1209547
  CVE-2017-5753).
- commit cec3f24

- tipc: add an extra conn_get in tipc_conn_alloc (bsc#1209288
  CVE-2023-1382).
- commit 6a58da4

- tipc: set con sock in tipc_conn_alloc (bsc#1209288
  CVE-2023-1382).
- commit 06eaf34

- Refresh
  patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch.
- commit 890554b

- media: dvb-usb: az6027: fix null-ptr-deref in  az6027_i2c_xfer()
  (bsc#1209291 CVE-2023-28328).
- commit af7b7eb

- rpm/group-source-files.pl: Fix output difference when / is in location
  While previous attempt to fix group-source-files.pl in 6d651362c38
  "rpm/group-source-files.pl: Deal with {pre,post}fixed / in location"
  breaks the infinite loop, it does not properly address the issue. Having
  prefixed and/or postfixed forward slash still result in different
  output.
  This commit changes the script to use the Perl core module File::Spec
  for proper path manipulation to give consistent output.
- commit 4161bf9

- Require suse-kernel-rpm-scriptlets at all times.
  The kernel packages call scriptlets for each stage, add the dependency
  to make it clear to libzypp that the scriptlets are required.
  There is no special dependency for posttrans, these scriptlets run when
  transactions are resolved. The plain dependency has to be used to
  support posttrans.
- commit 56c4dbe

- Replace mkinitrd dependency with dracut (bsc#1202353).
  Also update mkinitrd refrences in documentation and comments.
- commit e356c9b

- prlimit: do_prlimit needs to have a speculation check
  (bsc#1209256 CVE-2017-5753).
- commit a2ac7fb

- rpm/kernel-obs-build.spec.in: Remove SLE11 cruft
- commit 871eeb4

- rds: rds_rm_zerocopy_callback() correct order for
  list_add_tail() (CVE-2023-1078 bsc#1208601).
- rds: rds_rm_zerocopy_callback() use list_first_entry()
  (CVE-2023-1078 bsc#1208601).
- commit ec0c93c

- net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075
  bsc#1208598).
- commit d651270

- tap: tap_open(): correctly initialize socket uid (CVE-2023-1076
  bsc#1208599).
- tun: tun_chr_open(): correctly initialize socket uid
  (CVE-2023-1076 bsc#1208599).
- net: add sock_init_data_uid() (CVE-2023-1076 bsc#1208599).
- netfilter: nf_tables: fix null deref due to zeroed list head
  (CVE-2023-1095 bsc#1208777).
- commit b65b67b

- cifs: fix use-after-free caused by invalid pointer `hostname`
  (bsc#1208971).
- commit d1a37f1

- HID: bigben: use spinlock to safely schedule workers
  (CVE-2023-25012 bsc#1207560).
- HID: bigben_worker() remove unneeded check on report_field
  (CVE-2023-25012 bsc#1207560).
- HID: bigben: use spinlock to protect concurrent accesses
  (CVE-2023-25012 bsc#1207560).
- commit 3c79258

- malidp: Fix NULL vs IS_ERR() checking (bsc#1208843
  CVE-2023-23004).
- commit a8f9557

- Do not sign the vanilla kernel (bsc#1209008).
- commit cee4d89

- rpm/group-source-files.pl: Deal with {pre,post}fixed / in location
  When the source file location provided with -L is either prefixed or
  postfixed with forward slash, the script get stuck in a infinite loop
  inside calc_dirs() where $path is an empty string.
  user@localhost:/tmp> perl "$HOME/group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/
  ...
  path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig
  path = /usr/src/linux-5.14.21-150500.41/Documentation
  path = /usr/src/linux-5.14.21-150500.41
  path = /usr/src
  path = /usr
  path =
  path =
  path =
  ... # Stuck in an infinite loop
  This workarounds the issue by breaking out the loop once path is an
  empty string. For a proper fix we'd want something that
  filesystem-aware, but this workaround should be enough for the rare
  occation that this script is ran manually.
  Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html
- commit 6d65136

- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
  (CVE-2023-1118 bsc#1208837).
- phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node
  function (CVE-2023-23000 bsc#1208816).
- commit 52c897a

- scsi: qla2xxx: Add option to disable FC2 Target support
  (bsc#1198438 bsc#1206103).
- Delete
  patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch.
- commit 5959f82

- drm/virtio: Fix NULL vs IS_ERR checking in
  virtio_gpu_object_shmem_init (bsc#1208776 CVE-2023-22998).
- commit 2fd8a08

- net/mlx5: DR, Fix NULL vs IS_ERR checking in
  dr_domain_init_resources (bsc#1208845 CVE-2023-23006).
- commit 14082ec

- mm/slub: fix panic in slab_alloc_node() (bsc#1208023).
- commit b092aa9

- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).
  When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1
  which sets the variable for a simple command.
  However, the script is no longer a simple command. Export the variable
  instead.
- commit 152a069

- README.BRANCH: Update
  Relieve Ivan Ivanov of his duties as branch maintainer as I am back.
- commit 1da55f1

- usb: dwc3: dwc3-qcom: Add missing platform_device_put() in
  dwc3_qcom_acpi_register_core (bsc#1208741 CVE-2023-22995).
- commit 7a31d48

- net: mpls: fix stale pointer if allocation fails during device
  rename (bsc#1208700 CVE-2023-26545).
- commit 18d9ec7

- s390/kexec: fix ipl report address for kdump (bsc#1207575).
- commit 7a62f13

- x86/mm: Randomize per-cpu entry area (bsc#1207845
  CVE-2023-0597).
- commit 3a695c7

- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
- commit f589074

- usb: rndis_host: Secure rndis_query check against int overflow
  (CVE-2023-23559 bsc#1207051).
- commit d9a137b

- net: mana: Assign interrupts to CPUs based on NUMA nodes
  (bsc#1208153).
- Refresh
  patches.suse/net-mana-Fix-IRQ-name-add-PCI-and-queue-number.patch.
- commit 342fb4d

- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- commit 4d24191

- drm/vmwgfx: Avoid NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331 CVE-2022-38096)
- commit 1f21d95

- module: Don't wait for GOING modules (bsc#1196058, bsc#1186449,
  bsc#1204356, bsc#1204662).
- commit 77af0b0

- drm/vmwgfx: Validate the box size for the snooped cursor (bsc#1203332 CVE-2022-36280)
- commit f246cad

- Refresh
  patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd.patch (bsc#1206351).
  The former kABI fix only move the newly added member to scsi_host_template to
  the end of the struct. But that is usually allocated statically, even by 3rd
  party modules relying on kABI. Before we use the member we need to signalize
  that it is to be expected. As we only expect it to be allocated by in-tree
  modules that we can control, we can use a space in the bitfield to signalize
  that.
- commit 0e772e8

- net: mana: Fix IRQ name - add PCI and queue number
  (bsc#1207875).
- commit f2c8c19

- x86/bugs: Flush IBP in ib_prctl_set() (bsc#1207773
  CVE-2023-0045).
- commit baf6bec

- net: ena: optimize data access in fast-path code (bsc#1208137).
- commit 09cfdc0

- net: sched: fix race condition in qdisc_graft() (CVE-2023-0590
  bsc#1207795).
- net_sched: add __rcu annotation to netdev->qdisc (CVE-2023-0590
  bsc#1207795).
- commit c6f042b

- Update
  patches.suse/net-mlx5-Allocate-individual-capability.patch
  (bsc#1195175).
- Update
  patches.suse/net-mlx5-Dynamically-resize-flow-counters-query-buff.patch
  (bsc#1195175).
- Update
  patches.suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len.patch
  (bsc#1195175).
- Update
  patches.suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size.patch
  (bsc#1195175).
- Update
  patches.suse/net-mlx5-Reorganize-current-and-maximal-capabilities.patch
  (bsc#1195175).
- Update
  patches.suse/net-mlx5-Use-order-0-allocations-for-EQs.patch
  (bsc#1195175).
  Fixed bugzilla reference.
- commit e56868b
krb5
- Ensure array count consistency in kadm5 RPC; (bsc#1214054);
  (CVE-2023-36054);
- Added patches:
  * 0011-Ensure-array-count-consistency-in-kadm5-RPC.patch
libX11
- U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch
  * Buffer overflows in InitExt.c (boo#1212102, CVE-2023-3138)
gcc12
- Add gcc12-aarch64-bsc1214052.patch to fix -fstack-protector issues
  with variable length stack allocations on aarch64.
  Fixes CVE-2023-4039.  [bsc#1214052]

- Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204
  * includes regression bug fixes
- Add gcc12-testsuite-fixes.patch to pick testsuite related fixes
  from the branch after the release.

- Speed up builds with --enable-link-serialization.

- Update to gcc-12 branch head, 193f7e62815b4089dfaed4c2bd3, git749

- Don't rely on %usrmerged, set it based on standard %suse_version

- Update to gcc-12 branch head, e4b5fec75aa8d0d01f6e042ec28, git696
  * remove gcc12-fifo-jobserver-support.patch which is now
    included upstream

- avoid trailing backslashes at the end of post install scripts

- Update to gcc-12 branch head, 0aaef83351473e8f4eb774f8f99, git537

- Update embedded newlib to version 4.2.0
  * includes newlib-4.1.0-aligned_alloc.patch

- add gcc12-riscv-inline-atomics.patch,
  gcc12-riscv-pthread.patch: handle subword size inline atomics
  (needed by several openSUSE packages)
avahi
- Add avahi-CVE-2023-1981.patch: emit error if requested service
  is not found (boo#1210328 CVE-2023-1981).
util-linux
- Add upstream patch fix-lib-internal-cache-size.patch
  bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9
libcap
- Fixed integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup()
  (bsc#1211419 / CVE-2023-2603) CVE-2023-2603.patch
c-ares
- Update to version 1.19.1
  Security:
  * CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
    (bsc#1211604)
  * CVE-2023-31147 Moderate. Insufficient randomness in generation
    of DNS query IDs (bsc#1211605)
  * CVE-2023-31130. Moderate. Buffer Underwrite in
    ares_inet_net_pton() (bsc#1211606)
  * CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE
    during cross compilation (bsc#1211607)
  Bug fixes:
  * Fix uninitialized memory warning in test
  * ares_getaddrinfo() should allow a port of 0
  * Fix memory leak in ares_send() on error
  * Fix comment style in ares_data.h
  * Fix typo in ares_init_options.3
  * Sync ax_pthread.m4 with upstream
  * Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
cryptsetup
- luksFormat: Handle system with low memory and no swap space [bsc#1211079]
  * Check for physical memory available also in PBKDF benchmark.
  * Try to avoid OOM killer on low-memory systems without swap.
  * Use only half of detected free memory on systems without swap.
  * Add patches:
  - cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
  - cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
  - cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
libdb-4_8
- Fix incomplete license tag. [bsc#1099695]
libeconf
- Additional info for version 0.5.2:
  * Fixed a stack-buffer-overflow vulnerability in "econf_writeFile"
    function. (CVE-2023-30078, CVE-2023-32181, bsc#1211078)
  * Fixed a stack-buffer-overflow vulnerability in "read_file"
    function. (CVE-2023-30079, CVE-2023-22652, bsc#1211078)

- Update to version 0.5.2:
  * Fixed build for aarch64 and gcc13.
  * Making the output verbose when a test fails.
  * Fixed a stack-buffer-overflow vulnerability in "econf_writeFile"
    function.
  * Fixed a stack-buffer-overflow vulnerability in "read_file"
    function.
  * Added new feature: econf_set_conf_dirs (const char **dir_postfix_list)
    Sets a list of directory structures (with order) which describes
    the directories in which the files have to be parsed.
    E.G. with the given list: {"/conf.d/", ".d/", "/", NULL} files in following
    directories will be parsed:
    "<default_dirs>/<project_name>.<suffix>.d/"
    "<default_dirs>/<project_name>/conf.d/"
    "<default_dirs>/<project_name>.d/"
    "<default_dirs>/<project_name>/"
    The entry "<default_dirs>/<project_name>.<suffix>.d/" will be added
    automatically.
  * General code cleanup.

- Update to version 0.5.1:
  * Reading files in /usr/_vendor_/_example_._suffix_.d/* regardless
    there is a /etc/_example_._suffix_ file. (#175)

- Update to version 0.5.0:
  * API calls econf_read*WithCallback supporting a general (void *)
    argument for user defined data with which the callback function is
    called.
  * Tagged following functions deprecated:
    econf_requireOwner, econf_requireGroup, econf_requirePermissions,
    econf_followSymlinks, econf_reset_security_settings
    Use one of the econf_read*WithCallback functions instead.

- Update to version 0.4.9:
  * libeconf.h: added missing sys/types.h header (#171)
  * new API calls: econf_readFileWithCallback,
    econf_readDirsWithCallback, econf_readDirsHistoryWithCallback (#172)
  * Checking NULL comment parameter in the parsing functions.

- Update to version 0.4.8+git20221114.7ff7704:
  * Parsing files which are containing keys only (#170)
    All delimiters are allowed now : "", " =", " ", "=". But the
    user should use "" in order to be distinct.
  * /usr/etc/shells.d/<file_name> will not be parsed if
    /etc/shells.d/<file_name> is defined too.
  * Lto build fixed (#168)
  * New calls: econf_comment_tag, econf_delimiter_tag, econf_set_comment_tag,
    econf_set_delimiter_tag
  * Checking UID,GroupID, permissions,... of the parsed files (#165)
    New calls: econf_requireOwner, econf_requireGroup, econf_requirePermissions,
    econf_followSymlinks
  * Ignoring Group without brackets; Do not hold brackets in the internal data structure. (#164)
  * Error handling improved for nums and booleans (#163)

- Update to version 0.4.6+git20220427.3016f4e:
  * econftool:
  * * Parsing error: Reporting file and line nr.
  * * --delimeters=spaces Taking all kind of spaces for delimiter
  * libeconf:
    Fixed bsc#1198165: Parsing files correctly which have space characters
    AND none space characters as delimiters.

- Update to version 0.4.5+git20220406.c9658f2:
  * econftool:
  * * New call "syntax" for checking the configuration files only.
    Returns an error string with line number if an error occurs.
  * * New options "--comment" and "--delimeters"
  * * Parsing one file only if needed.
mozilla-nss
- update to NSS 3.90
  * bmo#1623338 - ride along: remove a duplicated doc page
  * bmo#1623338 - remove a reference to IRC
  * bmo#1831983 - clang-format lib/freebl/stubs.c
  * bmo#1831983 - Add a constant time select function
  * bmo#1774657 - Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access.
  * bmo#1830973 - output early build errors by default
  * bmo#1804505 - Update the technical constraints for KamuSM
  * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates
  * bmo#1790763 - Enable default UBSan Checks
  * bmo#1786018 - Add explicit handling of zero length records
  * bmo#1829391 - Tidy up DTLS ACK Error Handling Path
  * bmo#1786018 - Refactor zero length record tests
  * bmo#1829112 - Fix compiler warning via correct assert
  * bmo#1755267 - run linux tests on nss-t/t-linux-xlarge-gcp
  * bmo#1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator
  * bmo#1784163 - Fix reading raw negative numbers
  * bmo#1748237 - Repairing unreachable code in clang built with gyp
  * bmo#1783647 - Integrate Vale Curve25519
  * bmo#1799468 - Removing unused flags for Hacl*
  * bmo#1748237 - Adding a better error message
  * bmo#1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6
  * bmo#1782980 - Fall back to the softokn when writing certificate trust
  * bmo#1806010 - FIPS-104-3 requires we restart post programmatically
  * bmo#1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13
  * bmo#1818766 - Update ACVP dockerfile for compatibility with debian package changes
  * bmo#1815796 - Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files
  * bmo#1819958 - Removed deprecated sprintf function and replaced with snprintf
  * bmo#1822076 - fix rst warnings in nss doc
  * bmo#1821997 - Fix incorrect pygment style
  * bmo#1821292 - Change GYP directive to apply across platforms
  * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag
- Add nss-fix-bmo1836925.patch to fix build-errors
- Merge the libfreebl3-hmac and libsoftokn3-hmac packages
  into the respective libraries. (bsc#1185116)
- update to NSS 3.89.1
  * bmo#1804505 - Update the technical constraints for KamuSM.
  * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates.
- update to NSS 3.89
  * bmo#1820834 - revert freebl/softoken RSA_MIN_MODULUS_BITS increase
  * bmo#1820175 - PR_STATIC_ASSERT is cursed
  * bmo#1767883 - Need to add policy control to keys lengths for signatures
  * bmo#1820175 - Fix unreachable code warning in fuzz builds
  * bmo#1820175 - Fix various compiler warnings in NSS
  * bmo#1820175 - Enable various compiler warnings for clang builds
  * bmo#1815136 - set PORT error after sftk_HMACCmp failure
  * bmo#1767883 - Need to add policy control to keys lengths for signatures
  * bmo#1804662 - remove data length assertion in sec_PKCS7Decrypt
  * bmo#1804660 - Make high tag number assertion failure an error
  * bmo#1817513 - CKM_SHA384_KEY_DERIVATION correction maximum key
    length from 284 to 384
  * bmo#1815167 - Tolerate certificate_authorities xtn in ClientHello
  * bmo#1789436 - Fix build failure on Windows
  * bmo#1811337 - migrate Win 2012 tasks to Azure
  * bmo#1810702 - fix title length in doc
  * bmo#1570615 - Add interop tests for HRR and PSK to GREASE suite
  * bmo#1570615 - Add presence/absence tests for TLS GREASE
  * bmo#1804688 - Correct addition of GREASE value to ALPN xtn
  * bmo#1789436 - CH extension permutation
  * bmo#1570615 - TLS GREASE (RFC8701)
  * bmo#1804640 - improve handling of unknown PKCS#12 safe bag types
  * bmo#1815870 - use a different treeherder symbol for each docker
    image build task
  * bmo#1815868 - pin an older version of the ubuntu:18.04 and
    20.04 docker images
  * bmo#1810702 - remove nested table in rst doc
  * bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag
  * bmo#1812671 - build failure while implicitly casting SECStatus
    to PRUInt32
- update to NSS 3.88.1
  * bmo#1804640 - improve handling of unknown PKCS#12 safe bag types
- update to NSS 3.88
  * bmo#1815870 - use a different treeherder symbol for each docker
    image build task
  * bmo#1815868 - pin an older version of the ubuntu:18.04 and
    20.04 docker images
  * bmo#1810702 - remove nested table in rst doc
  * bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag.
  * bmo#1812671 - build failure while implicitly casting SECStatus
    to PRUInt32
  * bmo#1212915 - Add check for ClientHello SID max length
  * bmo#1771100 - Added EarlyData ALPN test support to BoGo shim
  * bmo#1790357 - ECH client - Discard resumption TLS < 1.3
    Session(IDs|Tickets) if ECH configs are setup
  * bmo#1714245 - On HRR skip PSK incompatible with negotiated
    ciphersuites hash algorithm
  * bmo#1789410 - ECH client: Send ech_required alert on server
    negotiating TLS 1.2. Fixed misleading Gtest,
    enabled corresponding BoGo test
  * bmo#1771100 - Added Bogo ECH rejection test support
  * bmo#1771100 - Added ECH 0Rtt support to BoGo shim
  * bmo#1747957 - RSA OAEP Wycheproof JSON
  * bmo#1747957 - RSA decrypt Wycheproof JSON
  * bmo#1747957 - ECDSA Wycheproof JSON
  * bmo#1747957 - ECDH Wycheproof JSON
  * bmo#1747957 - PKCS#1v1.5 wycheproof json
  * bmo#1747957 - Use X25519 wycheproof json
  * bmo#1766767 - Move scripts to python3
  * bmo#1809627 - Properly link FuzzingEngine for oss-fuzz.
  * bmo#1805907 - Extending RSA-PSS bltest test coverage
    (Adding SHA-256 and SHA-384)
  * bmo#1804091 - NSS needs to move off of DSA for integrity checks
  * bmo#1805815 - Add initial testing with ACVP vector sets using
    acvp-rust
  * bmo#1806369 - Don't clone libFuzzer, rely on clang instead
- update to NSS 3.87
  * bmo#1803226 - NULL password encoding incorrect
  * bmo#1804071 - Fix rng stub signature for fuzzing builds
  * bmo#1803595 - Updating the compiler parsing for build
  * bmo#1749030 - Modification of supported compilers
  * bmo#1774654 - tstclnt crashes when accessing gnutls server
    without a user cert in the database.
  * bmo#1751707 - Add configuration option to enable source-based
    coverage sanitizer
  * bmo#1751705 - Update ECCKiila generated files.
  * bmo#1730353 - Add support for the LoongArch 64-bit architecture
  * bmo#1798823 - add checks for zero-length RSA modulus to avoid
    memory errors and failed assertions later
  * bmo#1798823 - Additional zero-length RSA modulus checks
- Remove nss-fix-bmo1774654.patch which is now upstream
- update to NSS 3.86
  * bmo#1803190 - conscious language removal in NSS
  * bmo#1794506 - Set nssckbi version number to 2.60
  * bmo#1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
    CKA_NSS_EMAIL_DISTRUST_AFTER for 3
    TrustCor Root Certificates
  * bmo#1799038 - Remove Staat der Nederlanden EV Root CA from NSS
  * bmo#1797559 - Remove EC-ACC root cert from NSS
  * bmo#1794507 - Remove SwissSign Platinum CA - G2 from NSS
  * bmo#1794495 - Remove Network Solutions Certificate Authority
  * bmo#1802331 - compress docker image artifact with zstd
  * bmo#1799315 - Migrate nss from AWS to GCP
  * bmo#1800989 - Enable static builds in the CI
  * bmo#1765759 - Removing SAW docker from the NSS build system
  * bmo#1783231 - Initialising variables in the rsa blinding code
  * bmo#320582 - Implementation of the double-signing of the message
    for ECDSA
  * bmo#1783231 - Adding exponent blinding for RSA.
- update to NSS 3.85
  * bmo#1792821 - Modification of the primes.c and dhe-params.c in
    order to have better looking tables
  * bmo#1796815 - Update zlib in NSS to 1.2.13
  * bmo#1796504 - Skip building modutil and shlibsign when building
    in Firefox
  * bmo#1796504 - Use __STDC_VERSION__ rather than __STDC__ as a guard
  * bmo#1796407 - Fix -Wunused-but-set-variable warning from clang 15
  * bmo#1796308 - Fix -Wtautological-constant-out-of-range-compare
    and -Wtype-limits warnings
  * bmo#1796281 - Followup: add missing stdint.h include
  * bmo#1796281 - Fix -Wint-to-void-pointer-cast warnings
  * bmo#1796280 - Fix -Wunused-{function,variable,but-set-variable}
    warnings on Windows
  * bmo#1796079 - Fix -Wstring-conversion warnings
  * bmo#1796075 - Fix -Wempty-body warnings
  * bmo#1795242 - Fix unused-but-set-parameter warning
  * bmo#1795241 - Fix unreachable-code warnings
  * bmo#1795222 - Mark _nss_version_c unused on clang-cl
  * bmo#1795668 - Remove redundant variable definitions in lowhashtest
  * Add note about python executable to build instructions.
- update to NSS 3.84
  * bmo#1791699 - Bump minimum NSPR version to 4.35
  * bmo#1792103 - Add a flag to disable building libnssckbi.
- update to NSS 3.83
  * bmo#1788875 - Remove set-but-unused variables from
    SEC_PKCS12DecoderValidateBags
  * bmo#1563221 - remove older oses that are unused part3/ BeOS
  * bmo#1563221 - remove older unix support in NSS part 3 Irix
  * bmo#1563221 - remove support for older unix in NSS part 2 DGUX
  * bmo#1563221 - remove support for older unix in NSS part 1 OSF
  * bmo#1778413 - Set nssckbi version number to 2.58
  * bmp#1785297 - Add two SECOM root certificates to NSS
  * bmo#1787075 - Add two DigitalSign root certificates to NSS
  * bmo#1778412 - Remove Camerfirma Global Chambersign Root from NSS
  * bmo#1771100 - Added bug reference and description to disabled
    UnsolicitedServerNameAck bogo ECH test
  * bmo#1779361 - Removed skipping of ECH on equality of private and
    public server name
  * bmo#1779357 - Added comment and bug reference to
    ECHRandomHRRExtension bogo test
  * bmo#1779370 - Added Bogo shim client HRR test support. Fixed
    overwriting of CHInner.random on HRR
  * bmo#1779234 - Added check for server only sending ECH extension
    with retry configs in EncryptedExtensions and if not
    accepting ECH. Changed config setting behavior to
    skip configs with unsupported mandatory extensions
    instead of failing
  * bmo# 1771100 - Added ECH client support to BoGo shim. Changed
    CHInner creation to skip TLS 1.2 only extensions to
    comply with BoGo
  * bmo#1771100 - Added ECH server support to BoGo shim. Fixed NSS ECH
    server accept_confirmation bugs
  * bmo#1771100 - Update BoGo tests to recent BoringSSL version
  * bmo#1785846 - Bump minimum NSPR version to 4.34.1
- update to NSS 3.82
  * bmo#1330271 - check for null template in sec_asn1{d,e}_push_state
  * bmo#1735925 - QuickDER: Forbid NULL tags with non-zero length
  * bmo#1784724 - Initialize local variables in
    TlsConnectTestBase::ConnectAndCheckCipherSuite
  * bmo#1784191 - Cast the result of GetProcAddress
  * bmo#1681099 - pk11wrap: Tighten certificate lookup based on
    PKCS #11 URI.
- update to NSS 3.81
  * bmo#1762831 - Enable aarch64 hardware crypto support on OpenBSD
  * bmo#1775359 - make NSS_SecureMemcmp 0/1 valued
  * bmo#1779285 - Add no_application_protocol alert handler and
    test client error code is set
  * bmo#1777672 - Gracefully handle null nickname in
    CERT_GetCertNicknameWithValidity
  * required for Firefox 104
- raised NSPR requirement to 4.34.1
- changing some Requires from (pre) to generic as (pre) is not
  sufficient (boo#1202118)
- update to NSS 3.80
  * bmo#1774720 - Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h.
  * bmo#1617956 - Add support for asynchronous client auth hooks.
  * bmo#1497537 - nss-policy-check: make unknown keyword check optional.
  * bmo#1765383 - GatherBuffer: Reduced plaintext buffer allocations
    by allocating it on initialization. Replaced
    redundant code with assert. Debug builds: Added
    buffer freeing/allocation for each record.
  * bmo#1773022 - Mark 3.79 as an ESR release.
  * bmo#1764206 - Bump nssckbi version number for June.
  * bmo#1759815 - Remove Hellenic Academic 2011 Root.
  * bmo#1770267 - Add E-Tugra Roots.
  * bmo#1768970 - Add Certainly Roots.
  * bmo#1764392 - Add DigitCert Roots.
  * bmo#1759794 - Protect SFTKSlot needLogin with slotLock.
  * bmo#1366464 - Compare signature and signatureAlgorithm fields in
    legacy certificate verifier.
  * bmo#1771497 - Uninitialized value in cert_VerifyCertChainOld.
  * bmo#1771495 - Unchecked return code in sec_DecodeSigAlg.
  * bmo#1771498 - Uninitialized value in cert_ComputeCertType.
  * bmo#1760998 - Avoid data race on primary password change.
  * bmo#1769063 - Replace ppc64 dcbzl intrinisic.
  * bmo#1771036 - Allow LDFLAGS override in makefile builds.

- Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) with
  fixes to PBKDF2 parameter validation.

- Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) to
  validate extra PBKDF2 parameters according to FIPS 140-3.

- Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546) to
  update session->lastOpWasFIPS before destroying the key after
  derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE,
  CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256,
  CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases.
- Update nss-fips-pct-pubkeys.patch (bsc#1207209) to remove some
  excess code.

- Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546).

- Add nss-fips-pct-pubkeys.patch (bsc#1207209) for pairwise consistency
  checks. Thanks to Martin for the DHKey parts.

- Add manpages to mozilla-nss-tools (bsc#1208242)
freetype2
- Added patch:
  * CVE-2023-2004.patch
    + fixes bsc#1210419, CVE-2023-2004: Integer overflow
harfbuzz
- Add CVE-2023-25193.patch: limit how far we skip when looking
  back (bsc#1207922 CVE-2023-25193).
libjansson
- Update to 2.14 (boo#1201817):
  * New Features:
    + Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the
    corresponding `nocheck` functions.
    + Add jansson_version_str() and jansson_version_cmp() for runtime
    version checking
    + Add json_object_update_new(), json_object_update_existing_new()
    and json_object_update_missing_new() functions
    + Add json_object_update_recursive()
    + Add `json_pack()` format specifiers s*, o* and O* for values
    that can be omitted if null (#339).
    + Add `json_error_code()` to retrieve numeric error codes
    (#365, #380, #381).
    + Enable thread safety for `json_dump()` on all systems.
    Enable thread safe `json_decref()` and `json_incref()` for
    modern compilers (#389).
    + Add `json_sprintf()` and `json_vsprintf()` (#393).
  * Fixes:
    + Handle `sprintf` corner cases.
    + Add infinite loop check in json_deep_copy()
    + Enhance JANSSON_ATTRS macro to support earlier C standard(C89)
    + Update version detection for sphinx-build
    + Fix error message in `json_pack()` for NULL object (#409).
    + Avoid invalid memory read in `json_pack()` (#421).
    + Call va_end after va_copy in `json_vsprintf()` (#427).
    + Improve handling of formats with '?' and '*' in `json_pack()`
    (#438).
    + Remove inappropriate `jsonp_free()` which caused
    segmentation fault in error handling (#444).
    + Fix incorrect report of success from `json_dump_file()` when
    an error is returned by `fclose()` (#359).
    + Make json_equal() const-correct (#344).
    + Fix incomplete stealing of references by `json_pack()` (#374)
- Use GitHub as source URLs: Release hasn't been uploaded to digip.org.
- Add check section.
openldap2
- bsc#1212260 - crash in libldap when non-ldap data responds
  * 0245-ITS-9803-Drop-connection-when-receiving-non-LDAP-dat.patch

- bsc#1211795 - CVE-2023-2953 - Null pointer deref in ber_memalloc_x
  * 0244-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch
ldb
- Remove no longer needed ldb-memory-bug-15096-4.15-ldbonly.patch
- Add cve-2023-0614.patch: Address CVE-2023-0614
- CVE-2023-0614: samba: Access controlled AD LDAP attributes can be
  discovered; (bsc#1209485); (bso#15270);
- Update to version 2.4.4
  + CVE-2022-32746 ldb: db: Use-after-free occurring in
    database audit logging module; (bso#15009); (bsc#1201490).
liblognorm
- Upgrade to liblognorm v2.0.6 (jsc#PED-4883)
  * 2018-11-02: nitfixes: issues deteced by CodeFactor.com
  * 2018-11-01: more cleanup of shell scripting
  * 2018-10-31: cleanup shell scripting
  * 2018-10-26: implement Checkpoint LEA transfer format
  * 2018-10-31: fix mising shebangs in test scripts
  * 2018-10-30: fix some bash style nits
  * 2018-07-15: fix very theoretic misadressing (gcc-8 warning)
  * 2018-06-26: string parser: add "lazy" matching mode
  * 2018-05-30: Update lognormalizer.c
  * 2018-05-30: Update lognormalizer.c to support case fallthrough
  * 2018-05-30: Update README
  * 2018-05-10: Fix for #229 (cisco-interface-spec at end of line)
  * 2018-03-21: Suppress invalid param error for name to fix #270
- Upgrade to liblognorm v2.0.5
  * 2018-04-25: fix potential NULL pointer addressing
  * 2018-04-07: Add test for nested user types
  * 2018-04-07: Fix use after free with nested user types (#235)
  * 2018-04-25: build system: fix gcc warning
  * 2018-04-25: make "make check" "succeed" on solaris 10
  * 2018-04-16: fix build warnings with some newer compilers
  * 2018-04-16: remove dead code
  * 2018-04-16: fix potential memory leaks during config processing
  * 2018-04-16: fix memory leak during config processing
  * 2018-04-16: csv encoder: fix format error when processing arrays
  * 2018-03-29: Explicitly list supported whitespace characters
  * 2018-03-28: "fix" return type of unused dummy function
  - replaces liblognorm-2.0.4-no-return-in-nonvoid-function.patch
  * 2018-03-21: Suppress invalid param error for name to fix #270
  * 2018-03-19: fix header guard
  * 2018-03-06: Correct CLI options in the docs
  * 2018-01-13: AIX port : added compatibility and modified lognormalizer for AIX.
  * 2017-11-29: codestyle: correct line length to 120
  * 2017-11-29: codestyle: set max line length to 120
  * 2017-11-25: fix some very bad line length violations
  * 2017-11-25: travis: temporarily permit longer line length
  * 2017-10-19: make build with gcc7
  * 2017-10-05: es_str2cstr leak in string-to v1 parse
ncurses
- Modify patch ncurses-6.1.dif
  * Secure writing terminfo entries by setfs[gu]id in s[gu]id
    (boo#1210434, CVE-2023-29491)
  * Reading is done since 2000/01/17
nftables
- add 0001-evaluate-reject-support-ethernet-as-L2-protocol-for-.patch: this
  fixes a crash in nftables if layer2 reject rules are processed (e.g.
  Ethernet MAC address based reject rich rule in firewalld, bsc#1210773).
openssl-1_1
- Security fix: (bsc#1213853, CVE-2023-3817)
  * Fix excessive time spent checking DH q parameter value
    (bsc#1213853, CVE-2023-3817). The function DH_check() performs
    various checks on DH parameters. After fixing CVE-2023-3446 it
    was discovered that a large q parameter value can also trigger
    an overly long computation during some of these checks. A
    correct q value, if present, cannot be larger than the modulus
    p parameter, thus it is unnecessary to perform these checks if
    q is larger than p. If DH_check() is called with such q parameter
    value, DH_CHECK_INVALID_Q_VALUE return flag is set and the
    computationally intensive checks are skipped.
  * Add openssl-1_1-CVE-2023-3817.patch

- Dont pass zero length input to EVP_Cipher because assembler
  optimized AES cannot handle zero size. [bsc#1213517]
  * Add openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch

- Security fix: [bsc#1213487, CVE-2023-3446]
  * Fix DH_check() excessive time with over sized modulus.
  * The function DH_check() performs various checks on DH parameters.
    One of those checks confirms that the modulus ("p" parameter) is
    not too large. Trying to use a very large modulus is slow and
    OpenSSL will not normally use a modulus which is over 10,000 bits
    in length.
    However the DH_check() function checks numerous aspects of the
    key or parameters that have been supplied. Some of those checks
    use the supplied modulus value even if it has already been found
    to be too large.
    A new limit has been added to DH_check of 32,768 bits. Supplying
    a key/parameters with a modulus over this size will simply cause
    DH_check() to fail.
  * Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch

- Security Fix: [bsc#1207534, CVE-2022-4304]
  * Reworked the Fix for the Timing Oracle in RSA Decryption
    The previous fix for this timing side channel turned out to cause
    a severe 2-3x performance regression in the typical use case
    compared to 1.1.1s.
  * Add openssl-CVE-2022-4304.patch
  * Removed patches:
  - openssl-CVE-2022-4304-1of2.patch
  - openssl-CVE-2022-4304-2of2.patch
  * Refreshed openssl-CVE-2023-0286.patch

- Update further expiring certificates that affect tests [bsc#1201627]
  * Add openssl-Update-further-expiring-certificates.patch

- Security Fix: [CVE-2023-2650, bsc#1211430]
  * Possible DoS translating ASN.1 object identifiers
  * Add openssl-CVE-2023-2650.patch

- Security Fix: [CVE-2023-0465, bsc#1209878]
  * Invalid certificate policies in leaf certificates are silently ignored
  * Add openssl-CVE-2023-0465.patch
- Security Fix: [CVE-2023-0466, bsc#1209873]
  * Certificate policy check not enabled
  * Add openssl-CVE-2023-0466.patch

- Security Fix: [CVE-2023-0464, bsc#1209624]
  * Excessive Resource Usage Verifying X.509 Policy Constraints
  * Add openssl-CVE-2023-0464.patch
parted
- fix null pointer dereference (bsc#1193412)
  - add: parted-fix-check-diskp-in-do_name.patch
- update mkpart options in manpage (bsc#1182142)
  - add: parted-mkpart-manpage.patch
pcre2
- Security fix: [bsc#1213514, CVE-2022-41409]
  * Integer overflow vulnerability in pcre2test before 10.41
    allows attackers to cause a denial of service or other
    unspecified impacts via negative input.
  * Add pcre2-CVE-2022-41409.patch
postgresql15
- Update to 15.4:
  * bsc#1214059, CVE-2023-39417: Disallow substituting a schema or
    owner name into an extension script if the name contains a
    quote, backslash, or dollar sign.
  * bsc#1214061, CVE-2023-39418: Fix MERGE to enforce row security
    policies properly.
  * https://www.postgresql.org/docs/15/release-15-4.html

- Update to 15.3:
  * bsc#1211228, CVE-2023-2454:
    Prevent CREATE SCHEMA from defeating changes in search_path
  * bsc#1211229, CVE-2023-2455: Enforce row-level security
    policies correctly after inlining a set-returning function
  * https://www.postgresql.org/docs/15/release-15-3.html

- bsc#1210303: Stop using the obsolete internal %_restart_on_update
  macro and drop support for sysv init to simplify the scriptlets.

- Include -mini in Name: to avoid conflicts in the source package
  name and OBS internal dependency tracking.
procps
- Add patch CVE-2023-4016.patch
  * CVE-2023-4016: ps buffer overflow (bsc#1214290)

- Add patch bsc1209122-a6c0795d.patch
  * Fix for bsc#1209122 to allow `-´ as leading character to ignore
    possible errors on systctl entries
python-base
- Fix the application of the python-2.7.17-switch-off-failing-SSL-tests.patch.

- python-2.7.5-multilib.patch: Update for riscv64
- Don't fail if _ctypes or dl extension was not built

- The condition around libnsl-devel BuildRequires is NOT
  switching off NIS support on SLE < 15, support for NIS used to
  be in the glibc itself. Partial revert of sr#1061583.

- Add PygmentsBridge-trime_doctest_flags.patch to allow build of
  the documentation even with the current Sphinx. (SUSE-ONLY
  PATCH, DO NOT SEND UPSTREAM!)

- Enable --with-system-ffi for non-standard architectures.

- SLE-12 builds nis.so as well.
python3
- Add 99366-patch.dict-can-decorate-async.patch fixing
  gh#python/cpython#98086 (backport from Python 3.10 patch in
  gh#python/cpython!99366), fixing bsc#1211158.

- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
  CVE-2007-4559 (bsc#1203750) by adding the filter for
  tarfile.extractall (PEP 706).

- Use python3 modules to build the documentation.

- Add bpo-44434-libgcc_s-for-pthread_cancel.patch
  which eliminates unnecessary and dangerous calls to
  PyThread_exit_thread() (bsc#1203355).

- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
  bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters
snapper
- improved responsiveness of snapperd when a btrfs quota rescan
  is running (see bsc#1211459)
  * added pr821.patch

- avoid stale btrfs qgroups on transactional systems (bsc#1210151)
  * added pr805.patch
- wait for existing btrfs quota rescans to finish (bsc#1210150)
  * added pr790.patch
libsolv
- handle learnt rules in solver_alternativeinfo()
- support x86_64_v[234] architecture levels
- implement decision sorting for package decisionlists
- add back findutils requires for the libsolv-tools packagse
  [bsc#1195633]
- bump version to 0.7.24

- fix "keep installed" jobs not disabling "best update" rules
- do not autouninstall suse ptf packages
- ensure duplinvolvedmap_all is reset when a solver is reused
- special case file dependencies in the testcase writer
- support stringification of multiple solvables
- new weakdep introspection interface similar to ruleinfos
- support decision reason queries
- support merging of related decissions
- support stringification of ruleinfo, decisioninfo and decision reasons
- support better info about alternatives
- new '-P' and '-W' options for testsolv
- bump version to 0.7.23
libxml2
- Security update:
  * [CVE-2023-39615, bsc#1214768] Crafted xml can cause global
    buffer overflow
  - Added file libxml2-CVE-2023-39615.patch

- Security update:
  * [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings
    isn't deterministic
  - Added patch libxml2-CVE-2023-29469.patch
  * [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in
    xmlSchemaFixupComplexType
  - Added patch libxml2-CVE-2023-28484-1.patch
  - Added patch libxml2-CVE-2023-28484-2.patch
- Fix changelog entries in both .changes files.
- Apply al patches correctly for libxml2 and python-libxml2.
libyajl
- add libyajl-CVE-2023-33460.patch (CVE-2023-33460, bsc#1212928)
zlib
- Fix deflateBound() before deflateInit(), bsc#1210593
  bsc1210593.patch

- Add DFLTCC support for using inflate() with a small window,
  fixes bsc#1206513
  * bsc1206513.patch
zstd
- Fix CVE-2022-4899, bsc#1209533
  * Disallow empty --output-dir-flat=
- Added patch:
  * Disallow-empty-output-directory.patch
libzypp
- Fixup changes for 17.31.16. Remove faulty reference to a bug
  actually fixed in 2019.
- version 17.31.20 (22)

- Fix zypp-tui/output/Out.h to build with clang.
- Fix zypp/Arch.h for clang (fixes #478)
  Clang seems to have issues with picking the overload in
  std::men_fn if there is a static overload of a member function.
  We need to explicitely specify the correct type of the function
  pointer. To make sure this would not break compiling a
  application with clang that builds against libzypp this patch
  works around the problem.
- version 17.31.19 (22)

- SINGLE_RPMTRANS: Respect ZYPP_READONLY_HACK when checking the
  zypp-rpm lock (fixes openSUSE/openSUSE-repos#29)
- version 17.31.18 (22)

- Fix wrong filesize exceeded dl abort in zyppng::Downloader
  (bsc#1213673)
  In some cases when downloading very small files we can run into
  issues when the URL is protected by credentials.
- version 17.31.17 (22)

- Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231)
- Don't cleanup orphaned dirs if read-only mode was promised
  (bsc#1210740)
- version 17.31.16 (22)

- Fix build against protobuf >= 22 (fixes #465, closes #466)
  Port away from protobuf_generate_cpp. Upstream protobuf does not
  export protobuf_generate_cpp by default anymore.
  Use protobuf_generate instead, which is also available on older
  versions.
- Remove SUSE < SLE11 constructs (fixes #464).
- version 17.31.15 (22)

- build: honor libproxy.pc's includedir (bsc#1212222)
- Curl: trim all custom headers (bsc#1212187)
  HTTP/2 RFC 9113 forbids fields ending with a space. So we make
  sure all custom headers are trimmed. This also includes headers
  returned by URL-Resolver plugins.
- version 17.31.14 (22)

- curl: Trim user agent string (bsc#1212187)
  HTTP/2 RFC 9113 forbids fields ending with a space. Violation
  results in curl error: 92: HTTP/2 PROTOCOL_ERROR.
- version 17.31.13 (22)

- Do not unconditionally release a medium if provideFile failed
  (bsc#1211661)
- libzypp.spec.cmake: remove duplicate file listing.
- version 17.31.12 (22)

- MediaCurl: Fix endless loop if wrong credentials are stored in
  credentials.cat (bsc#1210870)
  Since libzypp-17.31.7 wrong credentials stored in credentials.cat
  may lead to an endless loop. Rather than asking for the right
  credentials, the stored ones are used again and again.
- zypp.conf: Introduce 'download.connect_timeout' [60 sec.]
  (bsc#1208329)
  Maximum time in seconds that you allow the connection phase to
  the server to take. This only limits the connection phase, it has
  no impact once it has connected. (see also CURLOPT_CONNECTTIMEOUT)
- commit: Try to provide /dev fs if not present (fixes #444)
- fix build with boost 1.82.
- version 17.31.11 (22)

- fix build with boost 1.82

- BuildRequires: libsolv-devel >= 0.7.24 for x86_64_v[234]
  support.
- version 17.31.10 (22)

- Workround bsc#1195633 while libsolv <= 0.7.23 is used.
- Fix potential endless loop in new ZYPP_MEDIANETWORK.
- ZYPP_METALINK_DEBUG=1: Log URL and priority of the mirrors
  parsed from a metalink file.
- multicurl: propagate ssl settings stored in repo url
  (boo#1127591)
  Closes #335.
- Teach MediaNetwork to retry on HTTP2 errors.
- fix CapDetail to return Rel::NONE if an EXPRESSION is used as a
  NAMED cap.
- Capability: support parsing richdeps from string.
- defaultLoadSystem: default to LS_NOREFRESH if not root.
- Detect x86_64_v[234]: Fix LZCNT bit used in detection (fixes
  [#439])
  Merges rpm-software-management/rpm#2412: The bit for LZCNT is in
  CPUID 0x80000001, not 1.
- Detect x86_64_v[234] architecture levels (fixes #439)
- Support x86_64_v[234] architecture levels (for #439)
- version 17.31.9 (22)

- ProgressData: enforce reporting the INIT||END state
  (bsc#1206949)
- ps: fix service detection on newer Tumbleweed systems
  (bsc#1205636)
- version 17.31.8 (22)

- Hint to "zypper removeptf" to remove PTFs.
- Removing a PTF without enabled repos should always fail
  (bsc#1203248)
  Without enabled repos, the dependent PTF-packages would be
  removed (not replaced!) as well. To remove a PTF "zypper install
  - - -PTF" or a dedicated "zypper removeptf PTF" should be used.
  This will update the installed PTF packages to theit latest
  version.
- version 17.31.7 (22)

- Avoid calling getsockopt when we know the info already.
  This patch hopefully fixes logging on WSL, getsockopt seems to
  not be fully supported but the code required it when accepting
  new socket connections. (for bsc#1178233)
- Enhance yaml-cpp detection (fixes #428)
- No need to redirect 'history.logfile=/dev/null' into the target.
- MultiCurl: Make sure to reset the progress function when
  falling back.
- version 17.31.6 (22)

- Create '.no_auto_prune' in the package cache dir to prevent auto
  cleanup of orphaned repositories (bsc#1204956)
- properly reset range requests (bsc#1204548)
- version 17.31.5 (22)

- Do not clean up MediaSetAccess before using the geoip file
  (fixes #424)
- version 17.31.4 (22)

- Improve download of optional files (fixes #416)
- Do not use geoip rewrites if the repo has explicit country
  settings.
- Implement geoIP feature for zypp.
  This patch adds a feature to rewrite request URLs to the repo
  servers by querying a geoIP file from download.opensuse.org. This
  file can return a redirection target depending on the clients IP
  adress, this way we can directly contact a local mirror of d.o.o
  instead. The redir target stays valid for 24hrs.
  This feature can be disabled in zypp.conf by setting
  'download.use_geoip_mirror = false'.
- Use a dynamic fallback for BLKSIZE in downloads.
  When not receiving a blocklist via metalink file from the server
  MediaMultiCurl used to fallback to a fixed, relatively small
  BLKSIZE. This patch changes the fallback into a dynamic value
  based on the filesize using a similar metric as the MirrorCache
  implementation on the server side.
- Skip media.1/media download for http repo status calc.
  This patch allows zypp to skip a extra media.1/media download to
  calculate if a repository needs to be refreshed. This
  optimisation only takes place if the repo does specify only
  downloading base urls.
- version 17.31.3 (22)
log4j
- Do not package the *.zip artifacts whose content is part of the
  multi-release jars already
- Added patch:
  * log4j-java8compat.patch
    + maintain ByteBuffer and CharBuffer compatibility with java 8

- Build as multi-release jar.
- Add some logging providers which we can build with the existing
  dependencies and without cycles.

- Add dependency on standalone javax.activation-api that is not
  included in newer JDKs

- Update to 2.17.2
  * New Features
  - Limit loading of configuration via a url to https by default.
  - Require log4j2.Script.enableLanguages to be specified to
    enable scripting for specific languages.
  - Add TB support to FileSize.
  - Add the log4j-to-jul JDK Logging Bridge.
  - Add org.apache.logging.log4j.core.appender.AsyncAppender.getAppenders()
    to more easily port from org.apache.log4j.AsyncAppender.getAllAppenders().
  - Add Configurator.setLevel(Logger, Level),
    setLevel(String, String), and setLevel(Class, Level).
  - Add shorthand syntax for properties configuration format for
    specifying a logger level and appender refs.
  - Add optional additional fields to NoSQLAppender.
  * Fixed Bugs
  - Flag LogManager as initiialized if the LoggerFactory is
    provided as a property.
  - Fix DefaultConfiguration leak in PatternLayout.
  - Document that the Spring Boot Lookup requires the
    log4j-spring-boot dependency.
  - Fix RoutingAppender backcompat and disallow recursive
    evaluation of lookup results outside of configuration
    properties.
  - Fix ThreadContextDataInjector initialization deadlock.
  - Fix substitutions when programmatic configuration is used.
  - OptionConverter could cause a StackOverflowError.
  - Log4j 1.2 bridge class ConsoleAppender should extend
    WriterAppender and provide better compatibility with custom
    appenders.
  - Log4j 1.2 bridge method NDC.inherit(Stack) should not use
    generics to provide source compatibility.
  - Log4j 1.2 bridge class PatternLayout is missing constants
    DEFAULT_CONVERSION_PATTERN and TTCC_CONVERSION_PATTERN.
  - Log4j 1.2 bridge class PropertyConfigurator should implement
    Configurator.
  - Log4j 1.2 bridge interface Configurator doConfigure() methods
    should use LoggerRepository, not LoggerContext.
  - Log4j 1.2 bridge class OptionConverter is missing
    selectAndConfigure() methods.
  - Log4j 1.2 bridge class Category should implement
    AppenderAttachable.
  - Log4j 1.2 bridge method Category.exists(String) should be
    static.
  - Log4j 1.2 bridge methods missing in org.apache.log4j.Category:
    getDefaultHierarchy(), getHierarchy(), getLoggerRepository().
  - Log4j 1.2 bridge class LogManager default constructor should
    be public.
  - Log4j 1.2 bridge interface org.apache.log4j.spi.RendererSupport
    was in the wrong package and incomplete.
  - Log4j 1.2 bridge interfaces missing from package
    org.apache.log4j.spi: ThrowableRenderer,
    ThrowableRendererSupport, TriggeringEventEvaluator.
  - Log4j 1.2 bridge missing class org.apache.log4j.or.RendererMap.
  - Log4j 1.2 bridge PropertiesConfiguration.buildAppender not
    adding filters to custom appender.
  - Log4j 1.2 bridge should ignore case in properties file keys.
  - Log4j 1.2 bridge adds org.apache.log4j.component.helpers.Constants.
  - Log4j 1.2 bridge adds org.apache.log4j.helpers.LogLog.
  - Log4j 1.2 bridge adds org.apache.log4j.helpers.Loader.
  - Log4j 1.2 bridge adds org.apache.log4j.spi.RootLogger.
  - Log4j 1.2 bridge class Category is missing some protected
    instance variables.
  - Log4j 1.2 bridge adds org.apache.log4j.Hierarchy.
  - Log4j 1.2 bridge methods Category.getChainedPriority() and
    getEffectiveLevel() should not be final.
  - Log4j 1.2 bridge adds org.apache.log4j.spi.NOPLoggerRepository
    and NOPLogger.
  - Log4j 1.2 bridge adds org.apache.log4j.spi.DefaultRepositorySelector.
  - Log4j 1.2 bridge implements LogManager.getCurrentLoggers()
    fully.
  - Log4j 1.2 bridge fixes parsing filters in properties
    configuration file #680.
  - Log4j 1.2 bridge missing OptionConverter.instantiateByKey(
    Properties, String, Class, Object).
  - Log4j 1.2 bridge class org.apache.log4j.spi.LoggingEvent
    missing constructors and public instance variable.
  - Log4j 1.2 bridge does not support system properties in log4j.xml.
  - Log4j 1.2 bridge now logs a warning instead of throwing an
    NullPointerException when building a Syslog appender with a
    missing "SyslogHost" param.
  - Log4j 1.2 bridge should allow property and XML attributes to
    start with either an upper-case or lower-case letter.
  - Log4j 1.2 bridge uses the wrong default values for a
    TTCCLayout.
  - Log4j 1.2 bridge throws ClassCastException when using
    SimpleLayout and others.
  - Log4j 1.2 bridge uses the wrong file pattern for rolling file
    appenders.
  - Log4j 1.2 bridge throws ClassCastException when using
    SimpleLayout and others.
  - Log4j 1.2 bridge creates a SocketAppender instead of a
    SyslogAppender.
  - Log4j 1.2 bridge uses some incorrect default property values
    in some appenders.
  - Log4j 1.2 bridge supports the SocketAppender.
  - Log4j 1.2 bridge missing DefaultThrowableRenderer.
  - Log4j 1.2 bridge missing some ThrowableInformation constructors.
  - Log4j 1.2 bridge missing some LocationInfo constructors.
  - Log4j 1.2 bridge missed
  - Log4j 1.2 bridge missed org.apache.log4j.pattern.FormattingInfo.
  - Log4j 1.2 bridge missed org.apache.log4j.pattern.NameAbbreviator.
  - Log4j 1.2 bridge missing UtilLoggingLevel.
  - Log4j 1.2 bridge missing FormattingInfo.
  - Log4j 1.2 bridge missing PatternConverter.
  - Log4j 1.2 bridge missing PatternParser.
  - Log4j 1.2 bridge issues with filters.
  - Log4j 1.2 bridge implements most of DOMConfigurator.
  - JndiManager reverts to 2.17.0 behavior: Read the system
    property for each call.
  - Configurator.setLevel not fetching the correct LoggerContext.
  - Fix DTD error: Add missing ELEMENT for Marker.
  - Fix log4j-jakarta-web service file.
  - AppenderLoggingException logging any exception to a MongoDB
    Appender.
  - Possible NullPointerException in MongoDb4DocumentObject,
    MongoDbDocumentObject, DefaultNoSqlObject.
  - Trim whitespace before parsing a String into an Integer.
  - Log4j 1.2 bridge throws a ClassCastException when logging a
    Map with non-String keys.
  - Log4j 1.2 bridge Check for non-existent appender when parsing
    properties #761. Thanks to Kenny MacLeod.
  - Log4j 1.2 bridge supports global threshold.
  * Changes
  - Change modifier of method
    org.apache.logging.log4j.core.tools.Generate#generate to
    public (was package private) to facilitate automated code
    generation.
shadow
- bsc#1213189: Change lock mechanism to file locking to prevent
  lock files after power interruptions
- Add shadow-4.8.1-lock-mechanism.patch

- bsc#1206627: Add --prefix support to passwd, chpasswd and chage
  Needed for YaST
- Add shadow-4.8.1-add-prefix-passwd-chpasswd-chage.patch

- bsc#1210507 (CVE-2023-29383):
  Check for control characters
- Add shadow-CVE-2023-29383.patch
man
- Use inverted exit status in exec option of find command to
  avoid refreshing man database (boo#1155879)

- Minor corrections on %ghost /var/cache/man
mgr-libmod
- version 4.2.8-1
  * Ignore extra metadata fields for Liberty Linux (bsc#1208908)
mozilla-nspr
- update to version 4.35
  * fixes for building with clang
  * use the number of online processors for the
    PR_GetNumberOfProcessors() API on some platforms
  * fix build on mips+musl libc
  * Add support for the LoongArch 64-bit architecture
nekohtml
- Use the security patched fork at
  https://github.com/sparklemotion/nekohtml
- Upgrade to version 1.9.22.neko2
  * fixes bsc#1198739, CVE-2022-28366, bsc#1198404, CVE-2022-24839
- Fetch tarball using source service
- Modified patches:
  * 0002-Jar-paths.patch -> 0001-Jar-paths.patch
  * 0003-Add-OSGi-attributes.patch -> 0002-Add-OSGi-attributes.patch
    + rebase to changed context

- Build with source and target levels 8
nfs-utils
- Add 0032-exportfs-Ingnore-export-failures-in-nfs-server.seriv.patch
  Inconsistencies in /etc/exports shouldn't be fatal.
  (bsc#1212594)

- Add 0030-systemd-use-correct-modprobe-d-directory
  SLE15-SP5 an earlier don't use /usr/lib/modprobe.d
  (bsc#1200710)
- Add 0031-mountd-don-t-advertise-krb5-for-v4root-when-not-conf.patch
  Avoid unhelpful warning if rpcsec_gss_krb5.ko not installed

- Add 0028-mount.nfs-always-include-mountpoint-or-spec-if-error.patch
  boo#1157881
- Add 0029-nfsd.man-fix-typo-in-section-on-scope.patch
  bsc#1209859
- Allow scope to be set in sysconfig: NFSD_SCOPE

- Rename all drop-in options.conf files as 10-options.conf
  This makes it easier for other packages to over-ride
  with a drop-in with a later sequence number.
  resource-agents does this.
  (bsc#1207843)

- 0026-modprobe-avoid-error-messages-if-sbin-sysctl-fail.patch
  Avoid modprobe errors when sysctl is not installed.
  (bsc#1200710 bsc#1207022 bsc#1206781)
- 0027-nfsd-allow-server-scope-to-be-set-with-config-or-com.patch
  Add "-S scope" option to rpc.nfsd to simplify fail-over cluster
  config.
  (bsc#1203746)
objectweb-asm
- Upgrade to version 9.3
  * new Opcodes.V19 constant for Java 19
  * new size() method in ByteVector
  * checkDataFlow option in CheckClassAdapter can now be used
    without valid maxStack and maxLocals values
  * new Maven BOM
  * bug fixes
    + 317949: fix javadoc errors
    + remap invokedynamic field handles properly
    + add missing left curly brace in ASMifier output of visitModule

- Build asm as modular jar files to be used as such by java >= 9
- Leave asm-all.jar as a non-modular jar

- Upgrade to version 9.2
  * Up to JDK 18 support
  * ClassReader.readStream() performance improvements
  * Add some input validations in ClassReader
  * Replace -debug flag in Printer with -nodebug (-debug continues
    to work)
  * new V15 constant
  * experimental support for PermittedSubtypes and RecordComponent
  * Javadoc fixes
  * bug fixes
    + 317942: ClassCheckAdaptor output represents reference arrays
    as only their "root" component type
    + 317921: Make Analyzer not require correct maxs or calculate
    maxs fast
    + 317922: InstructionAdapter shall throw consistent exceptions
    + 317923: Incorrect documentation on ClassReader's use of
    AnnotationVisitor
    + 317929: ClassRemapper doesn't remap annotation values
    + 317930: Can CheckClassAdapter.checkTypeRef throw a more
    specific exception?
    + 317931: Shall CheckMethodAdapter.Method.visitLabel throw
    IllegalStateException?
    + Tests that requires preview features should only run if the
    preview features of the right JDK are enabled
    + 317897: AdviceAdapter incorrectly emits onMethodEnter from a
    try-catch block in a constructor
    + 317900: Javadoc of ClassVisitor does not specify order of
    visitRecordComponent
    + 317904: Bug with constructors in AdviceAdapter
    + 317910: Iterating over a InsnList with an iterator traverses
    the list twice
    + 317898: ASM 8 does not support writing of empty records
    + 317896: Performance degradation when using dynamic constants
    as a static paramet to another InDy/ConDy
    + 317885: SKIP_DEBUG now skips MethodParameters attributes
openssh
- Add openssh-CVE-2023-38408-PKCS11-execution.patch, Abort if
  requested to load a PKCS#11 provider that isnt a PKCS#11
  provider (bsc#1213504,CVE-2023-38408)

- openssh-7.7p1-fips_checks.patch: close the right filedescriptor
  to avoid fd leads, and also close fdh in read_hmac (bsc#1209536)

- Revert addition of openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish:
  This caused invalid and irrelevant environment assignments (bsc#1207014).
oro
- Build with source/target levels 8
perl-Bootloader
- merge gh#openSUSE/perl-bootloader#152
- use signed grub EFI binary when updating grub in default EFI
  location (bsc#1210799)
- check whether grub2-install supports --suse-force-signed option
- 0.944

- merge gh#openSUSE/perl-bootloader#147
- UEFI: update also default location, if it is controlled by SUSE
  (bsc#1210799, bsc#1201399)
- 0.943

- merge gh#openSUSE/perl-bootloader#142
- use fw_platform_size to distinguish between 32 bit and 64 bit
  UEFI platforms (bsc#1208003)
- 0.942

- merge gh#openSUSE/perl-bootloader#141
- systemd-boot: easier initial setup
- 0.941

- merge gh#openSUSE/perl-bootloader#140
- add basic support for systemd-boot
- 0.940
perl-Satcon
- version 4.2.3-1
  * Accept keys with dots
perl
- enable TLS cert verification in CPAN [bnc#1210999] [CVE-2023-31484]
  new patch: perl-cpan_verify_cert.diff
postgresql13
- Update to 13.12:
  * bsc#1214059, CVE-2023-39417: Disallow substituting a schema or
    owner name into an extension script if the name contains a
    quote, backslash, or dollar sign.
  * https://www.postgresql.org/docs/13/release-13-12.html

- Update to 13.11:
  * bsc#1211228, CVE-2023-2454:
    Prevent CREATE SCHEMA from defeating changes in search_path
  * bsc#1211229, CVE-2023-2455: Enforce row-level security
    policies correctly after inlining a set-returning function
  * https://www.postgresql.org/docs/13/release-13-11.html

- bsc#1210303: Stop using the obsolete internal %_restart_on_update
  macro and drop support for sysv init to simplify the scriptlets.

- Include -mini in Name: to avoid conflicts in the source package
  name and OBS internal dependency tracking.
publicsuffix
- Update to version 20230607:
  * util: gTLD data autopull updates for 2023-06-07T15:13:30 UTC (#1772)
  * Add test workflow (#1750)
  * Update of gov.pl labels (#1752)

- Update to version 20230426:
  * Update public_suffix_list.dat (#1747)
  * Update README.md - added link to sorting

- Update to version 20230414:
  * util: gTLD data autopull updates for 2023-04-14T15:13:16 UTC (#1738)
  * Change - update comments/policy for the French ccTLDs (`.fr`, `.pm`, `.re`, `.tf`, `.wf`, `.yt`) by Administrator (#1732)
  * New policy for .museum, without all the SLD (Second-Level Domains) (#1729)
  * Add ladesk.com (#1538)
  * util: gTLD data autopull updates for 2023-03-18T15:13:12 UTC (#1723)
  * util: gTLD data autopull updates for 2023-03-08T15:15:40 UTC (#1714)
  * Additional ngrok domains - more `ngrok.io` from #48 + `ngrok.app` `ngrok-free.app` `ngrok.dev` `ngrok-free.dev` `ngrok.pizza` (#1653)
  * Add `ie.ua` (#1597)

- Update to version 20230226:
  * TLD and gTLD data updated
  * add SAKURA Internet Inc. domains
  * Add 3.azurestaticapps.net DNS suffix
  * Add subset of Akamai domains to the PSL
  * Add it.com
  * Add Snowflake private domains
  * add canva-apps.com and canva-apps.cn
  * add fastly-edge.com
  * Add Adobe Developer Platform domains
  * Add autocode.dev
  * update .bj

- Update to version 20221129:
  * util: gTLD data autopull updates for 2022-11-29T15:14:18 UTC (#1658)
  * Add activetrail.biz (#1655)
  * Add `cf-ipfs.com`, `cloudflare-ipfs.com`, and `r2.dev` (#1582)
  * Added mytabit.co.il; mytabit.com; (#1499)
  * removing tbits.me from public suffix list (#1642)

- Update to version 20221107:
  * Add myamaze.net (#1602)
  * Remove gwiddle.co.uk (#1638)
  * Removing domain that expired and is not used (#1643)
  * util: gTLD data autopull updates for 2022-11-02T15:17:39 UTC (#1641)
  * Fix typos in pull request template (#1639)
  * util: gTLD data autopull updates for 2022-10-29T15:16:24 UTC (#1636)
  * util: gTLD data autopull updates for 2022-10-20T15:22:14 UTC (#1632)
  * util: gTLD data autopull updates for 2022-10-15T15:17:50 UTC (#1631)
  * Use CentralNic model for Amazon suffixes (#1629)
  * Names.of.London is no longer operating the service (#1630)
  * Domains from simplesite.com used for  subdomain style webhosting of individual customer websites. (#1623)
  * Add Fastmail user content domain user.fm (#1601)
  * util: gTLD data autopull updates for 2022-10-11T15:20:32 UTC (#1626)
  * util: gTLD data autopull updates for 2022-10-07T15:19:56 UTC (#1624)
  * Add *.on-acorn.io (#1578)
  * Update existing Replit entries, add `firewalledreplit.co` (#1568)
  * Add 2.azurestaticapps.net DNS suffix (#1604)
  * Update Pull Request Form to address #1619
  * Add rules for AWS Cloud9 (#1590)
  * util: gTLD data autopull updates for 2022-09-15T15:17:33 UTC (#1615)
purge-kernels-service
- Change service type to exec (boo#1198668).
python-cryptography
- Add patch CVE-2023-23931-dont-allow-update-into.patch (bsc#1208036, CVE-2023-23931)
  * Don't allow update_into to mutate immutable objects
python-pyasn1
- To avoid users of this package having to recompile bytecode
  files, change the mtime of any __init__.py. (bsc#1207805)
python-requests
- Add CVE-2023-32681.patch to fix unintended leak of
  Proxy-Authorization header (CVE-2023-32681, bsc#1211674)
  Upstream commit: gh#psf/requests@74ea7cf7a6a2
python-urllib3
- Add %dir declaration for %{_licensedir}
python-PyJWT
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Drop CVE-2022-29217-non-blocked-pubkeys.patch since the issue
  was fixed upstream in version 2.4.0
python-configobj
- Add CVE-2023-26112.patch (bsc#1210070)
python-libxml2-python
- Security update:
  * [CVE-2023-39615, bsc#1214768] Crafted xml can cause global
    buffer overflow
  - Added file libxml2-CVE-2023-39615.patch

- Security update:
  * [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings
    isn't deterministic
  - Added patch libxml2-CVE-2023-29469.patch
  * [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in
    xmlSchemaFixupComplexType
  - Added patch libxml2-CVE-2023-28484-1.patch
  - Added patch libxml2-CVE-2023-28484-2.patch
- Fix changelog entries in both .changes files.
- Apply al patches correctly for libxml2 and python-libxml2.

- Add W3C conformance tests to the testsuite (bsc#1204585):
  * Added file xmlts20080827.tar.gz
salt
- Prevent _pygit2.GitError: error loading known_hosts when $HOME is not set (bsc#1210994)
- Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591)
- tornado: Fix an open redirect in StaticFileHandler (CVE-2023-28370, bsc#1211741)
- Added:
  * 3006.0-prevent-_pygit2.giterror-error-loading-known_.patch
  * fix-some-issues-detected-in-salt-support-cli-module-.patch
  * tornado-fix-an-open-redirect-in-staticfilehandler-cv.patch

- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516) (bsc#1212517)
- Added:
  * make-master_tops-compatible-with-salt-3000-and-older.patch

- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Added:
  * define-__virtualname__-for-transactional_update-modu.patch

- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Added:
  * avoid-conflicts-with-dependencies-versions-bsc-12116.patch

- Update to Salt release version 3006.0 (jsc#PED-4360)
  * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html
- Add missing patch after rebase to fix collections Mapping issues
- Add python3-looseversion as new dependency for salt
- Add python3-packaging as new dependency for salt
- Allow entrypoint compatibility for "importlib-metadata>=5.0.0" (bsc#1207071)
- Create new salt-tests subpackage containing Salt tests
- Drop conflictive patch dicarded from upstream
- Fix SLS rendering error when Jinja macros are used
- Fix version detection and avoid building and testing failures
- Prevent deadlocks in salt-ssh executions
- Require python3-jmespath runtime dependency (bsc#1209233)
- Added:
  * 3005.1-implement-zypper-removeptf-573.patch
  * control-the-collection-of-lvm-grains-via-config.patch
  * fix-version-detection-and-avoid-building-and-testing.patch
  * make-sure-the-file-client-is-destroyed-upon-used.patch
  * skip-package-names-without-colon-bsc-1208691-578.patch
  * use-rlock-to-avoid-deadlocks-in-salt-ssh.patch
- Modified:
  * activate-all-beacons-sources-config-pillar-grains.patch
  * add-custom-suse-capabilities-as-grains.patch
  * add-environment-variable-to-know-if-yum-is-invoked-f.patch
  * add-migrated-state-and-gpg-key-management-functions-.patch
  * add-publish_batch-to-clearfuncs-exposed-methods.patch
  * add-salt-ssh-support-with-venv-salt-minion-3004-493.patch
  * add-sleep-on-exception-handling-on-minion-connection.patch
  * add-standalone-configuration-file-for-enabling-packa.patch
  * add-support-for-gpgautoimport-539.patch
  * allow-vendor-change-option-with-zypper.patch
  * async-batch-implementation.patch
  * avoid-excessive-syslogging-by-watchdog-cronjob-58.patch
  * bsc-1176024-fix-file-directory-user-and-group-owners.patch
  * change-the-delimeters-to-prevent-possible-tracebacks.patch
  * debian-info_installed-compatibility-50453.patch
  * dnfnotify-pkgset-plugin-implementation-3002.2-450.patch
  * do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch
  * don-t-use-shell-sbin-nologin-in-requisites.patch
  * drop-serial-from-event.unpack-in-cli.batch_async.patch
  * early-feature-support-config.patch
  * enable-passing-a-unix_socket-for-mysql-returners-bsc.patch
  * enhance-openscap-module-add-xccdf_eval-call-386.patch
  * fix-bsc-1065792.patch
  * fix-for-suse-expanded-support-detection.patch
  * fix-issue-2068-test.patch
  * fix-missing-minion-returns-in-batch-mode-360.patch
  * fix-ownership-of-salt-thin-directory-when-using-the-.patch
  * fix-regression-with-depending-client.ssh-on-psutil-b.patch
  * fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch
  * fix-salt.utils.stringutils.to_str-calls-to-make-it-w.patch
  * fix-the-regression-for-yumnotify-plugin-456.patch
  * fix-traceback.print_exc-calls-for-test_pip_state-432.patch
  * fixes-for-python-3.10-502.patch
  * include-aliases-in-the-fqdns-grains.patch
  * info_installed-works-without-status-attr-now.patch
  * let-salt-ssh-use-platform-python-binary-in-rhel8-191.patch
  * make-aptpkg.list_repos-compatible-on-enabled-disable.patch
  * make-setup.py-script-to-not-require-setuptools-9.1.patch
  * pass-the-context-to-pillar-ext-modules.patch
  * prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch
  * prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch
  * prevent-shell-injection-via-pre_flight_script_args-4.patch
  * read-repo-info-without-using-interpolation-bsc-11356.patch
  * restore-default-behaviour-of-pkg-list-return.patch
  * return-the-expected-powerpc-os-arch-bsc-1117995.patch
  * revert-fixing-a-use-case-when-multiple-inotify-beaco.patch
  * run-salt-api-as-user-salt-bsc-1064520.patch
  * run-salt-master-as-dedicated-salt-user.patch
  * save-log-to-logfile-with-docker.build.patch
  * switch-firewalld-state-to-use-change_interface.patch
  * temporary-fix-extend-the-whitelist-of-allowed-comman.patch
  * update-target-fix-for-salt-ssh-to-process-targets-li.patch
  * use-adler32-algorithm-to-compute-string-checksums.patch
  * use-salt-bundle-in-dockermod.patch
  * x509-fixes-111.patch
  * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch
- Removed:
  * 3003.3-do-not-consider-skipped-targets-as-failed-for.patch
  * 3003.3-postgresql-json-support-in-pillar-423.patch
  * add-amazon-ec2-detection-for-virtual-grains-bsc-1195.patch
  * add-missing-ansible-module-functions-to-whitelist-in.patch
  * add-rpm_vercmp-python-library-for-version-comparison.patch
  * add-support-for-name-pkgs-and-diff_attr-parameters-t.patch
  * adds-explicit-type-cast-for-port.patch
  * align-amazon-ec2-nitro-grains-with-upstream-pr-bsc-1.patch
  * backport-syndic-auth-fixes.patch
  * batch.py-avoid-exception-when-minion-does-not-respon.patch
  * check-if-dpkgnotify-is-executable-bsc-1186674-376.patch
  * clarify-pkg.installed-pkg_verify-documentation.patch
  * detect-module.run-syntax.patch
  * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch
  * enhance-logging-when-inotify-beacon-is-missing-pyino.patch
  * fix-62092-catch-zmq.error.zmqerror-to-set-hwm-for-zm.patch
  * fix-crash-when-calling-manage.not_alive-runners.patch
  * fixes-pkg.version_cmp-on-openeuler-systems-and-a-few.patch
  * fix-exception-in-yumpkg.remove-for-not-installed-pac.patch
  * fix-for-cve-2022-22967-bsc-1200566.patch
  * fix-inspector-module-export-function-bsc-1097531-481.patch
  * fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch
  * fix-issues-with-salt-ssh-s-extra-filerefs.patch
  * fix-jinja2-contextfuntion-base-on-version-bsc-119874.patch
  * fix-multiple-security-issues-bsc-1197417.patch
  * fix-salt-call-event.send-call-with-grains-and-pillar.patch
  * fix-salt.states.file.managed-for-follow_symlinks-tru.patch
  * fix-state.apply-in-test-mode-with-file-state-module-.patch
  * fix-test_ipc-unit-tests.patch
  * fix-the-regression-in-schedule-module-releasded-in-3.patch
  * fix-wrong-test_mod_del_repo_multiline_values-test-af.patch
  * fixes-56144-to-enable-hotadd-profile-support.patch
  * fopen-workaround-bad-buffering-for-binary-mode-563.patch
  * force-zyppnotify-to-prefer-packages.db-than-packages.patch
  * ignore-erros-on-reading-license-files-with-dpkg_lowp.patch
  * ignore-extend-declarations-from-excluded-sls-files.patch
  * ignore-non-utf8-characters-while-reading-files-with-.patch
  * implementation-of-held-unheld-functions-for-state-pk.patch
  * implementation-of-suse_ip-execution-module-bsc-10999.patch
  * improvements-on-ansiblegate-module-354.patch
  * include-stdout-in-error-message-for-zypperpkg-559.patch
  * make-pass-renderer-configurable-other-fixes-532.patch
  * make-sure-saltcacheloader-use-correct-fileclient-519.patch
  * mock-ip_addrs-in-utils-minions.py-unit-test-443.patch
  * normalize-package-names-once-with-pkg.installed-remo.patch
  * notify-beacon-for-debian-ubuntu-systems-347.patch
  * refactor-and-improvements-for-transactional-updates-.patch
  * retry-if-rpm-lock-is-temporarily-unavailable-547.patch
  * set-default-target-for-pip-from-venv_pip_target-envi.patch
  * state.apply-don-t-check-for-cached-pillar-errors.patch
  * state.orchestrate_single-does-not-pass-pillar-none-4.patch
  * support-transactional-systems-microos.patch
  * wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch

- Fix problem with detecting PTF packages (bsc#1208691)
- Added:
  * skip-package-names-without-colon-bsc-1208691-578.patch

- Fixes pkg.version_cmp on openEuler systems and a few other OS flavors
- Make pkg.remove function from zypperpkg module to handle also PTF packages
- Added:
  * fixes-pkg.version_cmp-on-openeuler-systems-and-a-few.patch
  * 3004-implement-zypper-removeptf-574.patch
spacewalk-certs-tools
- version 4.2.20-1
  * Update translations
spacewalk-client-tools
- version 4.2.23-1
  * Update translation strings
python-tornado
- Add tornado-Fix-an-open-redirect-in-StaticFileHandler.patch:
  Backport from upstream, Fix an open redirect in StaticFileHandler.
  Under some configurations the default_filename redirect could be
  exploited to redirect to an attacker-controlled site. This change
  refuses to redirect to URLs that could be misinterpreted
  (CVE-2023-28370 bsc#1211741).
uyuni-common-libs
- version 4.2.10-1
  * Allow default component for context manager.
python
- Fix the application of the python-2.7.17-switch-off-failing-SSL-tests.patch.

- python-2.7.5-multilib.patch: Update for riscv64
- Don't fail if _ctypes or dl extension was not built

- The condition around libnsl-devel BuildRequires is NOT
  switching off NIS support on SLE < 15, support for NIS used to
  be in the glibc itself. Partial revert of sr#1061583.

- Add PygmentsBridge-trime_doctest_flags.patch to allow build of
  the documentation even with the current Sphinx. (SUSE-ONLY
  PATCH, DO NOT SEND UPSTREAM!)

- Enable --with-system-ffi for non-standard architectures.

- SLE-12 builds nis.so as well.
regexp
- Build with source/target levels 8
relaxngDatatype
- Build with source/target levels 8
release-notes-sles
- 15.3.20230301 (tracked in bsc#933411)
- Added note about silencing killmode=none (jsc#PED-407)
- Added note about by-id/wwn- change (bsc#1188762)
- Added note about frr (jsc#SLE-13591)
- Added note about ssh-import-id GitHub support (jsc#SLE-20079)
- Added note about adcli --dont-expire-password (jsc#SLE-21224)
- Added note about NVMe-oF in dracut (jsc#SLE-17091)
- Added note about vPMU optimization (jsc#SLE-12687)
- Added note about snapper btrfs snapshot cleanup (jsc#SLE-16031)
- Added note about redis and bindings (jsc#SLE-11036)
- Added note about zram on low-mem devices (jsc#SLE-17630)
- Added note about wsmancli moving to basesystem (jsc#SLE-22844)
- Added note about scap-security-guide (jsc#SLE-20292)
- Added note about libreiserfs removal (jsc#SLE-17723)
- Added note about icu 69.1 (jsc#SLE-17893)
- Added note about blog 2.26 (jsc#SLE-23233)
- Added note about libpwquality-tools (jsc#SLE-23623)
- Added note about DFS share failover (jsc#SLE-20042)
- Added note about git 2.35.3 (jsc#SLE-23332)
- Added note about tcl 8.6.12 (jsc#SLE-21016)
- Added note about Rust developer tools (jsc#SLE-23381)
- Added note about PostgreSQL 14 (jsc#SLE-20675)
- Added note about NodeJS 16 (jsc#SLE-21235)
- Added note about strongSwan namespace support (jsc#SLE-17756)
- Added note about mariadb-galera (jsc#SLE-22242)
rsync
- Drop rsync-fix-external-compression.patch, rsync-iconv-segfault.patch

- Fix --delay-updates never updates after interruption [bsc#1204538]
  * Added patch rsync-fix-delay-updates-never-updates-after-interruption.patch
rsyslog
- fix segfaults in modExit() of imklog.c (bsc#1211757)
  * add 0001-imklog-fix-invalid-memory-adressing-could-cause-abor.patch

- fix removal of imfile state files (bsc#1213212)
  * add 0001-fixing-the-deleteStateOnFileDelete-option.patch
samba
- Move libcluster-samba4.so from samba-libs to samba-client-libs;
  (bsc#1213940);

- secure channel faulty since Windows 10/11 update 07/2023;
  (bso#15418); (bsc#1213384).

- CVE-2022-2127: lm_resp_len not checked properly in
  winbindd_pam_auth_crap_send; (bso#15072); (bsc#1213174).
- CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite
  Loop Denial-of-Service Vulnerability; (bso#15340); (bsc#1213173).
- CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type
  Confusion Denial-of-Service Vulnerability; (bso#15341); (bsc#1213172).
- CVE-2023-34968: Spotlight server-side Share Path Disclosure;
  (bso#15388); (bsc#1213171).

- CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords
  in cleartext; (bso#15315); (bsc#1209481).
- CVE-2023-0225: Samba AD DC "dnsHostname" attribute can be
  deleted by unprivileged authenticated users; (bso#15276);
  (bsc#1209483).
- CVE-2023-0614: samba: Access controlled AD LDAP attributes can
  be discovered; (bso#15270); (bsc#1209485).

- Prevent use after free of messaging_ctdb_fde_ev structs;
  (bso#15293); (bsc#1207416).
000release-packages:sle-module-basesystem-release
n/a
000release-packages:sle-module-public-cloud-release
n/a
000release-packages:sle-module-server-applications-release
n/a
000product:sle-module-suse-manager-server-release
n/a
000release-packages:sle-module-web-scripting-release
n/a
slf4j
- Add symlink to reload4j -> log4j12 for applications that expect
  that name.

- Build with source/target levels 8

- Upgrade to 1.7.36
  * Changes in 1.7.36:
    + Correct corrupt "Export-Package" declaration in MANIFEST.MF
    in log4j-over-slf4j module
    + Starting with version 1.7.36, slf4j releases will be
    reproducible. By reproducible we mean that anyone checking out
    the code corresponding to the release version from source code
    repository and building that local copy, will obtain an
    identical binary to the published binary.
  * Changes 1.7.35
    + In this release, the "slf4j-log4j12" artifact automatically
    instructs Maven to use the "slf4j-reload4j" artifact instead.
    As you might have guessed, the "slf4j-reload4j" binding
    delegates log processing to the reload4j logging framework.
    + Fix incorrect version number in the relocation element in
    slf4j-log4j12/pom.ml
  * Changes in 1.7.34
    + The relocation element in slf4j-log4j12 had incorrect version
    number. Version 1.7.34 should not be used.
  * Changes in 1.7.33
    + SLF4J now ships with the slf4j-reload4j module delegating to
    the reload4j backend.
    + SimpleLogger now prints the thread Id if instructed to do so.
    This fixes SLF4J-499.
- Added patch:
  * slf4j-reload4j-bundlename.patch
    + fix a typo in source reload4k -> reload4j

- Do not use a separate spec file for sources, since now they
  can be built in the same run as the other artifacts

- Removed patch:
  * slf4j-reload4j.patch
    + the incompatibility is now handled in reload4j itself

- Fetch sources using source service
- Depend for build on reload4j
- Fix dependencies of the module slf4j-log4j12

- Added patch:
  * slf4j-reload4j.patch
    + fix build against reload4j

- Update to upstream version 1.7.32
  * In the slf4j-simple module, SimpleLogger now caters for
    concurrent access.
- Update to upstream version 1.7.31
  * In the jcl-over-slf4j module avoid Object to String conversion.
  * In the log4j-over-slf4j module added empty constructors for
    ConsoleAppender.

- Don't use %%mvn_artifact, but %%add_maven_depmap for the
  sources artifacts, so that they don't suck in half of the xmvn*
  stack in order to build
snakeyaml
- Fix --with tests build

- Upgrade to upstream release 1.33
  * Fixes
    + bsc#1204173
    + bsc#1203154 (CVE-2022-38752)
  * Changes of 1.33
    + Remove some deprecated unused methods
    + Fix #555: Fixed Github actions
    + Fix #553: LoaderOptions.setCodePointLimit() not honored by
    loadAll()
    + Fix #554: Always emit numberish strings with quotes
  * Changes of 1.32
    + Fix #543: show the configuration in the test
    + Fix #531: provide configuration to fail early
    + Fix #547: Set the limit for incoming data to prevent a CVE
    report in NIST. By default it is 3MB
    + Fix #544: Support unescaped unicode characters for
    double-quoted scalars
- Modified patches:
  * 0001-replace-bundled-base64coder-with-java.util.Base64.patch
  * 0002-Replace-bundled-gdata-java-client-classes-with-commo.patch
    + rebase
- Added patch:
  * 0003-Fix-ReaderBomTest.patch
    + remove two tests that require unicode boms
spacecmd
- version 4.2.24-1
  * Update the translations from Weblate

- version 4.2.23-1
  * Fix argument parsing of distribution_update (bsc#1210458)

- version 4.2.22-1
  * Display activation key details after executing the corresponding command (bsc#1208719)
  * Show targetted packages before actually removing them (bsc#1207830)
  * Fix spacecmd not showing any output for softwarechannel_diff
    and softwarechannel_errata_diff (bsc#1207352)
spacewalk-backend
- version 4.2.29-1
  * Use a constant to get the product name in python code rather than reading rhn.conf (bsc#1212943)
  * Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507)

- version 4.2.28-1
  * Filter CLM modular packages using release strings (bsc#1207814)
  * Add package details to reposync error logging

- version 4.2.27-1
  * Fix the mgr-inter-sync not creating valid repository metadata when dealing
    with empty channels (bsc#1207829)
  * fix repo sync for cloud payg connected repositories (bsc#1208772)
  * Fix issues with kickstart syncing on mirrorlist repositories
  * Do not sync .mirrorlist and other non needed files
  * reposync: catch local file not found urlgrabber error properly (bsc#1208288)
spacewalk-web
- version 4.2.36-1
  * Update the translations from weblate
  * Fix VHM CPU and RAM display when 0 (bsc#1175823)
  * Fix parsing error when showing notification message details (bsc#1211469)

- version 4.2.35-1
  * Show loading indicator on formula details pages (bsc#1179747)
  * Increase datetimepicker font sizes (bsc#1210437)
  * Fix an issue where the datetimepicker shows wrong date (bsc#1209231)

- version 4.2.34-1
  * Fix datetime picker appearing behind modal edge (bsc#1209703)

- version 4.2.33-1
  * Deprecate jQuery datepicker, integrate React datepicker (bsc#1209689)
  * Fix CLM environments UI for environment labels containing dots (bsc#1207838)
spacewalk-java
- version 4.2.55-1
  * Set swap memory value if available
  * Set primary FQDN to hostname if none is set (bsc#1209156, bsc#1214333)

- version 4.2.54-1
  * Consider venv-salt-minion package update as salt update to prevent
    backtraces on upgrading salt with itself (bsc#1211884)

- version 4.2.53-1
  * Fix "more then one method candidate found" for API function (bsc#1211100)
  * Fixed a bug that caused the tab Autoinstallation to hide when clicking on Power
    Management Management/Operations on SSM -> Provisioning
  * Update copyright year (bsc#1212106)
  * Disable jinja processing for the roster file (bsc#1211650)

- version 4.2.52-1
  * Update jetty-util to version 9.4.51

- version 4.2.51-1
  * Update version of Tomcat build dependencies

- version 4.2.50-1
  * Fix misleading error message regarding SCC credentials removal (bsc#1207941)
  * Fix issue with `aclChannelTypeCapable` that prevented errata view in
    deb arch
  * Refresh pillars after setting custom values via SSM (bsc#1210659)
  * Report SSM power management errors in 'rhn_web_ui' (bsc#1210406)
  * Filter CLM modular packages using release strings (bsc#1207814)
  * Allow processing big state results (bsc#1210957)
  * Use glassfish-activation-api instead of gnu-jaf
  * Fix session information leak CVE-2023-22644 (bsc#1210107)
  * Fix Intenal Server Error when URI contains invalid sysid (bsc#1186011)
  * kernel options: only add quotes if there is a space in the value (bsc#1209926)
  * Fix link to Knowledge Base articles (bsc#1210311)
  * Do not output Cobbler xmlrpc token in debug logs CVE-2023-22644 (bsc#1210162)
  * Remove channels from client after transfer to a different
    organization (bsc#1209220)
  * Fix displaying system channels when no base product is installed
    (bsc#1206423)
  * Fix broken ifcfg grub option on reinstallation (bsc#1210232)
  * Fix NPE in Cobbler system sync when server has no creator set
  * Fix credentials and other secrets disclosure when debug log is enabled
    CVE-2023-22644 (bsc#1210154)
  * Do not output URL parameters for tiny urls CVE-2023-22644 (bsc#1210101)
  * Remove web session swap secrets output in logs CVE-2023-22644 (bsc#1210086)
  * Add listSystemEvents missing API endpoint (bsc#1209877)

- version 4.2.49-1
  * Refactor Java notification synchronize to avoid dead locks (bsc#1209369)

- version 4.2.48-1
  * Prevent logging formula data (bsc#1209386, bsc#1209434, CVE-2023-22644)
  * Use gnu-jaf instead of jaf
  * Use reload4j instead of log4j or log4j12
  * Save scheduler user when creating Patch actions manually (bsc#1208321)
  * Use slf4j-reload4j and jaf
  * Add `mgr_server_is_uyuni` minion pillar item
  * Do not execute immediately Package Refresh action for the SSH minion (bsc#1208325)
  * Mark as failed actions that cannot be scheduled because earliest
    date is too old
  * Update earliest date when rescheduling failed actions (bsc#1206562)
  * Fix reconnection of postgres event stream
  * fix NumberFormatException when syncing ubuntu errata (bsc#1207883)
  * Fix duplicate keys in image tables (bsc#1207799)
  * Fix CLM environments UI for environment labels containing dots (bsc#1207838)
spacewalk-reports
- version 4.2.8-1
  * Drop Python2 compatibility (bsc#1212589)
spacewalk-search
- version 4.2.10-1
  * Use reload4j instead of log4j or log4j12
spacewalk-setup
- version 4.2.13-1
  * Drop usage of salt.ext.six in embedded_diskspace_check

- version 4.2.12-1
  * Enable netapi clients in master configuration (required for Salt 3006)
spacewalk-utils
- version 4.2.20-1
  * Drop Python2 compatibility

- version 4.2.19-1
  * spacewalk-hostname-rename remains stuck at refreshing pillars (bsc#1207550)
subscription-matcher
- Relax antlr version requirement
sudo
- Fix CVE-2023-28486, sudo does not escape control characters in
  log messages, (CVE-2023-28486, bsc#1209362)
  * Add sudo-CVE-2023-28486.patch
- Fix CVE-2023-28487, sudo does not escape control characters in
  sudoreplay output (CVE-2023-28487, bsc#1209361)

- sudo-dont-enable-read-after-pty_finish.patch
  * bsc#1203201
  * Do not re-enable the reader when flushing the buffers as part
    of pty_finish().
  * While sudo-observe-SIGCHLD patch applied earlier prevents a
    race condition from happening, this fixes a related buffer hang.

- Added sudo-fix_NULL_deref_RunAs.patch
  * bsc#1206483
  * Fix a situation where "sudo -U otheruser -l" would dereference
    a NULL pointer.
supportutils-plugin-suse-public-cloud
- Update to version 1.0.8 (bsc#1213951)
  + Capture CSP billing adapter config and log (issue#13)
  + Accept upper case Amazon string in DMI table (issue#12)

- Update to version 1.0.7 (bsc#1209026)
  + Include information about the cached registration data
  + Collect the data that is sent to the update infrastructure during
    registration
supportutils-plugin-susemanager
- version 4.2.7-1
  * Fix property name to tune for salt events queue processing

- version 4.2.6-1
  * fix db connection check tool (bsc#1208586)
supportutils
- Changes to supportconfig version 3.1.11-46.3
  + Added missed sanitation check on crash.txt (bsc#1203818)
- Changes to supportconfig.rc version 3.1.11-30
  + Added check to _sanitize_file
  + Using variable for replement text in _sanitize_file
susemanager-build-keys
- Version 15.3.9
  * add SUSE Liberty v2 key (bsc#1212096)
    + Added: RPM-GPG-KEY-SUSE-Liberty-v2
  * add Debian 12 (bookworm) GPG keys (bsc#1212363)
    + Added:
    debian-archive-key-12-security-254CF3B5AEC0A8F0.asc
    debian-archive-key-12-B7C5D7D6350947F8.asc
    debian-release-12-F8D2585B8783D481.asc
  * add new 4096 bit RSA package hub key
    + Added: packagehub-gpg-pubkey-8A49EB0325DB7AE0.asc

- Version 15.3.8
  * fix installation of sle15 RSA reserve build key
  * add new 4096 bit RSA openSUSE build key gpg-pubkey-29b700a4.asc

- Version 15.3.7 (jsc#PED-2777):
  * add new 4096 bit RSA build key gpg-pubkey-3fa1d6ce-63c9481c.asc
  * add new 4096 bit RSA reserve build key gpg-pubkey-d588dc46-63c939db.asc
  * add 2022 2048 bit RSA PTF key suse_ptf_key-6F5DA62B.asc
  * add new 4096 bit RSA PTF key suse_ptf_key_2023.asc
susemanager-doc-indexes
- Typo correction for Cobbler buildiso command in Client
  Configuration Guide
- Replaced plain text with dedicated attribute for AutoYaST
- Added a note about Oracle Unbreakable Linux Network mirroring
  requirements in Client Configuration Guide (bsc#1212032)
- Added SUSE Linux Enterprise 15 SP5 and openSUSE Leap 15.5
  as supported clients in the Client Configuration Guide
- Fixed missing tables of content in the Reference Guide
  (bsc#1208577)
- Fixed instruction for Single sign-on implementation example
  in the Administration Guide (bsc#1210103)
- Removed reference to non-exitent files in Reference Guide
  (bsc#1208528)

- Salt version changed to 3006.0
- Added note for clarification between self-installed and cloud
  instances of Ubuntu
- Improved Pay-as-you-go documentation in the Install and Upgrade
  Guide (bsc#1208984)
- Added comment about activation keys for LTSS clients in Client
  Configuration Guide (bsc#1210011)
- Updated API script examples to Python 3 in Administration Guide
  and Large Deployment Guide
- Change cleanup Salt Client description
- Added instruction for Cobbler to use the correct label in Client
  Configuration Guide distro label (bsc#1205600)
- Added updated options for rhn.conf file in the Administration Guide
  (bsc#1209508)
- Fixed calculation of DB max-connections and align it with the
  supportconfig checking tool in the Tuning Guide

- Removed z196 and z114 from listing in System Z chapter of the
  Installation and Upgrade Guide (bsc#1206973)
- Branding updated for 2023
- New search engine optimization improvements for documentation
- Translations are now included in the webui help documentation
- Local search is now provided with the webui help documentation
susemanager-docs_en
- Typo correction for Cobbler buildiso command in Client
  Configuration Guide
- Replaced plain text with dedicated attribute for AutoYaST
- Added a note about Oracle Unbreakable Linux Network mirroring
  requirements in Client Configuration Guide (bsc#1212032)
- Added SUSE Linux Enterprise 15 SP5 and openSUSE Leap 15.5
  as supported clients in the Client Configuration Guide
- Fixed missing tables of content in the Reference Guide
  (bsc#1208577)
- Fixed instruction for Single sign-on implementation example
  in the Administration Guide (bsc#1210103)
- Removed reference to non-exitent files in Reference Guide
  (bsc#1208528)

- Salt version changed to 3006.0
- Added note for clarification between self-installed and cloud
  instances of Ubuntu
- Improved Pay-as-you-go documentation in the Install and Upgrade
  Guide (bsc#1208984)
- Added comment about activation keys for LTSS clients in Client
  Configuration Guide (bsc#1210011)
- Updated API script examples to Python 3 in Administration Guide
  and Large Deployment Guide
- Change cleanup Salt Client description
- Added instruction for Cobbler to use the correct label in Client
  Configuration Guide distro label (bsc#1205600)
- Added updated options for rhn.conf file in the Administration Guide
  (bsc#1209508)
- Fixed calculation of DB max-connections and align it with the
  supportconfig checking tool in the Tuning Guide

- Removed z196 and z114 from listing in System Z chapter of the
  Installation and Upgrade Guide (bsc#1206973)
- Branding updated for 2023
- New search engine optimization improvements for documentation
- Translations are now included in the webui help documentation
- Local search is now provided with the webui help documentation
susemanager-schema
- version 4.2.29-1
  * Add schema directory for susemanager-schema-4.2.29

- version 4.2.28-1
  * Filter CLM modular packages using release strings (bsc#1207814)
  * Repeat schema migrations for module metadata storage (bsc#1209915)
susemanager-sls
- version 4.2.35-1
  * Do not disable salt-minion on salt-ssh managed clients
  * Use venv-salt-minion instead of salt for docker states (bsc#1212416)

- version 4.2.34-1
  * trust new Liberty Linux v2 key (bsc#1212096)

- version 4.2.33-1
  * Include automatic migration from Salt 3000 to Salt bundle in highstate
  * Disable salt-minion and remove its config file on cleanup (bsc#1209277)
  * To update everything on a debian system, call dist-upgrade to
    be able to install and remove packages

- version 4.2.32-1
  * Improve error handling in mgr_events.py (bsc#1208687)
susemanager
- version 4.2.44-1
  * Require LTSS channels for SUSE Linux Enterprise 15 SP1/SP2/SP3
    and SUSE Manager Proxy 4.2 (bsc#1214187)

- version 4.2.43-1
  * Add missing Salt 3006.0 dependencies to bootstrap repo definitions (bsc#1212700)
  * Make mgr-salt-ssh to properly fix HOME environment to avoid issues with gitfs (bsc#1210994)

- version 4.2.42-1
  * Use newest venv-salt-minion version available to generate the
    venv-enabled-*.txt file in bootstrap repos (bsc#1211958)

- version 4.2.41-1
  * Add bootstrap repository definitions for openSUSE Leap 15.5
  * Add bootstrap repository definitions for SUSE Linux Enterprise Server 15 SP5
systemd-presets-common-SUSE
- Enable systemd-pstore.service by default (jsc#PED-2663)
systemd-rpm-macros
- Bump version to 13

- Fix %sysctl_apply() and %binfmt_apply() so they are disabled when called from
  a chroot (bsc#1211272)

- Bump version to 12

- Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not
  present as it's expected (bsc#1208079).
tagsoup
- Condition for SLE-12 to avoid accidental use of modular java
  with javapackages-tools 2.x

- Compile with source and target levels 8
timezone
- timezone update 2023c:
  * Revert changes made in 2023b
- timezone update 2023b:
  * Lebanon delays the start of DST this year.
- timezone update 2023a:
  * Egypt now uses DST again, from April through October.
  * This year Morocco springs forward April 23, not April 30.
  * Palestine delays the start of DST this year.
  * Much of Greenland still uses DST from 2024 on.
  * America/Yellowknife now links to America/Edmonton.
  * tzselect can now use current time to help infer timezone.
  * The code now defaults to C99 or later.
- Refresh tzdata-china.diff
tomcat
- Update to Tomcat 9.0.75.
  * See changelog at
    https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.75_(markt)
  * Fixes:
    + bsc#1211608, CVE-2023-28709
    + bsc#1208513, CVE-2023-24998 (previous incomplete fix)
- Remove patches:
  * tomcat-9.0-CVE-2021-30640.patch
  * tomcat-9.0-CVE-2021-33037.patch
  * tomcat-9.0-CVE-2021-41079.patch
  * tomcat-9.0-CVE-2022-23181.patch
  * tomcat-9.0-NPE-JNDIRealm.patch
  * tomcat-9.0-hardening_getResources.patch
  * tomcat-9.0.43-CVE-2021-43980.patch
  * tomcat-9.0.43-CVE-2022-42252.patch
  * tomcat-9.0.43-CVE-2022-45143.patch
  * tomcat-9.0.43-CVE-2023-24998.patch
  * tomcat-9.0.43-CVE-2023-28708.patch
    + integrated in this version
  * tomcat-9.0.43-java8compat.patch
    + problem with Java 8 compatibility solved in this version
- Modified patch:
  * tomcat-9.0.31-secretRequired-default.patch
  - > tomcat-9.0.75-secretRequired-default.patch
    + rediffed to changed context
  * tomcat-9.0-javadoc.patch
    + drop integrated hunks
  * tomcat-9.0-osgi-build.patch
    + fix to work with current version
- Added patch:
  * tomcat-9.0-jdt.patch
    + fix build against our ecj

- Fixed CVEs:
  * CVE-2022-45143: JsonErrorReportValve: add escape for type, message or description (bsc#1206840)
- Added patches:
  * tomcat-9.0.43-CVE-2022-45143.patch

- Fixed CVEs:
  * CVE-2023-28708: tomcat: not including the secure attribute
    causes information disclosure (bsc#1209622)
- Added patches:
  * tomcat-9.0.43-CVE-2023-28708.patch

- Fixed CVEs:
  * CVE-2023-24998: tomcat,tomcat6: FileUpload DoS with excessive parts (bsc#1208513)
- Added patches:
  * tomcat-9.0.43-CVE-2023-24998.patch

- set logrotate for localhost.log, manager.log, host-manager.log and localhost_access_log.txt
- use logrotate for catalina.out
  * update tomcat-serverxml-tool and spec to configure server.xml
- Added patch:
  * tomcat-9.0-logrotate_everything.patch
  * tomcat-serverxml-tool.tar.gz
- Removed:
  * tomcat-serverxml-tool-1.0.tar.gz

- Use catalina.out for logging (bsc#1205647)
- Added patches:
  * tomcat-9.0-fix_catalina.patch

- Fixed CVEs:
  * CVE-2022-42252: reject invalid content-length requests. (bsc#1204918)
- Added patches:
  * tomcat-9.0.43-CVE-2022-42252.patch

- Fixed CVEs:
  * CVE-2021-43980: Improve the recycling of Processor objects to make it more robust. (bsc#1203868)
- Added patches:
  * tomcat-9.0.43-CVE-2021-43980.patch

- Do not hardcode /usr/libexec but use %%_libexecdir during the
  build
  * Fixes for platforms, where /usr/libexec and %%_libexecdir are
    different

- Fix bsc#1201081 by building with release=8 all files that can be
  built this way. The one file remaining, build it with source=8 and
  target=8
- Modified patch:
  * tomcat-9.0.43-java8compat.patch
    + Do not cast ByteBuffer to Buffer to call the Java 8 compatible
    methods. Build with release=8 instead
util-linux-systemd
- Add upstream patch fix-lib-internal-cache-size.patch
  bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9
vim
- Updated to version 9.0 with patch level 1572, fixes the following security problems
  * Fixing bsc#1210996 (CVE-2023-2426) - VUL-0: CVE-2023-2426: vim: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
  * Fixing bsc#1211256 (CVE-2023-2609) - VUL-1: CVE-2023-2609: vim: NULL Pointer Dereference prior to 9.0.1531
  * Fixing bsc#1211257 (CVE-2023-2610) - VUL-1: CVE-2023-2610: vim: Integer Overflow or Wraparound prior to 9.0.1532
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1443...v9.0.1572

- Fixing bsc#1211461 - L3: vim "eats" first character from prompt in xterm
  * Add: reorder-exit-raw-mode.patch
  * Swaps out_str_t_TE() and cursor_on() during exit to prevent missing characters in xterm prompt on exit.

- Fixing bsc#1211144 - [Build 96.1] openQA test fails in zypper_migration - conflict between xxd and vim
  * Revert the creation standalone xxd packages

- Updated to version 9.0 with patch level 1443, fixes the following security problems
  * Fixing bsc#1209042 (CVE-2023-1264) - VUL-0: CVE-2023-1264: vim: NULL Pointer Dereference vim prior to 9.0.1392
  * Fixing bsc#1209187 (CVE-2023-1355) - VUL-0: CVE-2023-1355: vim: NULL Pointer Dereference prior to 9.0.1402.
  * Fixing bsc#1208828 (CVE-2023-1127) - VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- drop vim-8.0-ttytype-test.patch as it changes test_options.vim which we
  remove during %prep anyway. And this breaks quilt setup.
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1386...v9.0.1443

- Updated to version 9.0 with patch level 1386, fixes the following security problems
  * Fixing bsc#1207780 - (CVE-2023-0512) VUL-0: CVE-2023-0512: vim: Divide By Zero in GitHub repository vim/vim prior to 9.0.1247
  * Fixing bsc#1208957 - (CVE-2023-1175) VUL-0: CVE-2023-1175: vim: Incorrect Calculation of Buffer Size
  * Fixing bsc#1208959 - (CVE-2023-1170) VUL-0: CVE-2023-1170: vim: Heap-based Buffer Overflow in vim prior to 9.0.1376
  * Fixing bsc#1208828 - (CVE-2023-1127) VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386
virtual-host-gatherer
- version 1.0.26-1
  * fix cpu calculation in the libvirt module and enhance the data
    structure by os value

- version 1.0.25-1
  * Report total CPU numbers in the libvirt module
wicked
- ifconfig: fix arp notify loop (boo#1212806) and burst sending
  [+ 0001-fix_arp_notify_loop_and_burst_sending.patch]

- update to version 0.6.73
- spec: cleanup artefacts and fix some rpmlint warnings
- arp: allow verify/notify counter and interval configuration
- arp: handle ENOBUFS sending errors (bsc#1203300)
- extensions: improve environment variable handling
- firmware: refactor firmware extension definition
- firmware: enable, disable and revert cli commands
- code cleanup: fix memory leaks, add array/list utils
- wireless: Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026)
- cleanup /var/run leftovers in extension scripts (bsc#1194557)
- json: output formatting improvements and Unicode support
- bond: workaround 6.1 kernel enslave regression (boo#1206674)
- update to version 0.6.72
- client: add `wicked firmware extensions|interfaces|enable|disable`
  command to improve `ibft`,`nbft`,`redfish` firmware extension and
  interface handling.
- client: improve error handling in netif firmware discovery
  extension execution and extension definition overrides in
  the wicked-config.
- nanny: fix use-after-free in debug mode (bsc#1206447)
- spec: replace transitional `%usrmerged` macro with regular
  version check (boo#1206798)
- client: improve to show `no-carrier` in ifstatus output
- linux: cleanup inclusions and update uapi header to 6.0
- ethtool: link mode nwords cleanup and new advertise mode names
- update to version 0.6.71
- dhcp: enable raw-ip support for wwan-qmi interfaces (jsc#PED-90)
- schema: fix the ip rule to-selector to handle network prefixes
- spec: Add /etc/sysconfig/network to file list, no longer in the
  default list of a cleaned up filesystem package on tumbleweed
  (https://github.com/openSUSE/wicked/pull/939).
ws-jaxme
- Build against the standalone JavaEE modules unconditionally

- Modified patch:
  * ws-jaxme-sourcetarget.patch
    + Build with source/target levels 8

- On relevant distributions, build against the standalone jaxb-api

- Do not build against the log4j12 packages, use the new reload4j
xalan-j2
- Build with source/target levels 8

- Do not link to the java_cup* compatibility links, but to the
  java-cup* ones

- Remove parent from the pom files, since we are not building
  with maven
- Clean-up packaging
xen
- Update to Xen 4.14.6 bug fix release (bsc#1027519)
  xen-4.14.6-testing-src.tar.bz2
  * No upstream changelog found in sources or webpage
- bsc#1214082 - VUL-0: CVE-2023-20569: xen: x86/AMD: Speculative
  Return Stack Overflow (XSA-434)
- bsc#1214083 - VUL-0: CVE-2022-40982: xen: x86/Intel: Gather Data
  Sampling (XSA-435)
- Dropped patches contained in new tarball
  62a1e594-x86-clean-up-_get_page_type.patch
  62a1e5b0-x86-ABAC-race-in-_get_page_type.patch
  62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch
  62a1e5f0-x86-dont-change-cacheability-of-directmap.patch
  62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch
  62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch
  62a1e649-x86-track-and-flush-non-coherent.patch
  62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch
  62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch
  62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch
  62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch
  62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch
  62cc31ee-cmdline-extend-parse_boolean.patch
  62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch
  62cd91d0-x86-spec-ctrl-rework-context-switching.patch
  62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch
  62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch
  62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
  62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch
  62cd91d5-x86-cpuid-BTC_NO-enum.patch
  62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch
  62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch
  62dfe40a-x86-mm-gpt-TLB-flush-condition.patch
  62f27ebd-x86-expose-more-MSR_ARCH_CAPS-to-hwdom.patch
  62f51e16-x86-spec-ctrl-enum-PBRSB_NO.patch
  62f523da-AMD-setup_force_cpu_cap-BSP-only.patch
  63455f82-Arm-P2M-prevent-adding-mapping-when-dying.patch
  63455fa8-Arm-P2M-preempt-when-freeing-intermediate.patch
  63455fc3-x86-p2m_teardown-allow-skip-root-pt-removal.patch
  63455fe4-x86-HAP-monitor-table-error-handling.patch
  63456000-x86-tolerate-sh_set_toplevel_shadow-failure.patch
  6345601d-x86-tolerate-shadow_prealloc-failure.patch
  6345603a-x86-P2M-refuse-new-alloc-for-dying.patch
  63456057-x86-P2M-truly-free-paging-pool-for-dying.patch
  63456075-x86-P2M-free-paging-pool-preemptively.patch
  63456090-x86-p2m_teardown-preemption.patch
  63456175-libxl-per-arch-extra-default-paging-memory.patch
  63456177-Arm-construct-P2M-pool-for-guests.patch
  6345617a-Arm-XEN_DOMCTL_shadow_op.patch
  6345617c-Arm-take-P2M-pages-P2M-pool.patch
  634561aa-gnttab-locking-on-transitive-copy-error-path.patch
  6351095c-Arm-rework-p2m_init.patch
  6351096a-Arm-P2M-populate-pages-for-GICv2-mapping.patch
  63569723-x86-shadow-replace-bogus-assertions.patch
  636a9130-x86-spec-ctrl-Enumeration-for-IBPB_RET.patch
  636a9130-x86-spec-ctrl-Mitigate-IBPB-not-flushing-the-RSB-RAS.patch
  xsa326-01.patch
  xsa326-02.patch
  xsa326-03.patch
  xsa326-04.patch
  xsa326-05.patch
  xsa326-06.patch
  xsa326-07.patch
  xsa326-08.patch
  xsa326-09.patch
  xsa326-10.patch
  xsa326-11.patch
  xsa326-12.patch
  xsa326-13.patch
  xsa326-14.patch
  xsa326-15.patch
  xsa326-16.patch
  xsa403.patch
  xsa414.patch
  xsa415.patch
  xsa416.patch
  xsa417.patch
  xsa418-01.patch
  xsa418-02.patch
  xsa418-03.patch
  xsa418-04.patch
  xsa418-05.patch
  xsa418-06.patch
  xsa419-01.patch
  xsa419-02.patch
  xsa419-03.patch
  xsa421-01.patch
  xsa421-02.patch
  xsa427.patch
  xsa428-1.patch
  xsa428-2.patch
  xsa429.patch
  xsa433.patch

- Handle potential off-by-one errors in libxc-sr-xg_sr_bitmap.patch
  A bit is an index in bitmap, while bits is the allocated size
  of the bitmap.

- bsc#1213616 - VUL-0: CVE-2023-20593: xen: x86/AMD: Zenbleed
  (XSA-433)
  xsa433.patch
- Updated fix for XSA-417 (bsc#1204489)
  64ba268b-xenstore-fix-XSA-417.patch

- bsc#1209017 - VUL-0: CVE-2022-42332: xen: x86 shadow plus
  log-dirty mode use-after-free (XSA-427)
  xsa427.patch
- bsc#1209018 - VUL-0: CVE-2022-42333,CVE-2022-42334: xen: x86/HVM
  pinned cache attributes mis-handling (XSA-428)
  xsa428-1.patch
  xsa428-2.patch
- bsc#1209019 - VUL-0: CVE-2022-42331: xen: x86: speculative
  vulnerability in 32bit SYSCALL path (XSA-429)
  xsa429.patch
xerces-j2
- Build with source/target levels 8
xml-commons-apis
- Build with source/target levels 8
xml-commons-resolver
- Build with source/target levels 8
xpp2
- Modified patch:
  * xpp2-build_xml.patch
    + Build with source/target levels 8

- Added pom file
xpp3
- Modified patch:
  * xpp3-sourcetarget.patch
    + Build with source/target levels 8
xstream
- Upgrade to 1.4.20
  * Security fixes
    + This maintenance release addresses the security
    vulnerabilities CVE-2022-40151 (bsc#1203520) and
    CVE-2022-41966 (bsc#1206729), causing a Denial of Service by
    raising a stack overflow. It also provides new converters for
    Optional and Atomic types.
  * Major changes
    + #308: Add converter for AtomicBoolean, AtomicInteger,
    AtomicLong, and AtomicReference of package
    java.util.concurrent.atomic.
    + #293: Add converter for Optional, OptionalDouble, OptionalInt,
    and OptionalLong of package java.util.
  * Minor changes
    + #287: Close stream opened from provided URL.
    + #284: Fix disabling check against hash code attack with
    XStream.setCollectionUpdateLimit(0).
  * Stream compatibility
    + The atomic types with new converters of package
    java.util.concurrent.atomic, that have been written with
    previous versions of XStream, can still be deserialized.
    + The Optional types with new converters of package java.util,
    that have been written with previous versions of XStream,
    can still be deserialized.
    + The WildcardTypePermission allows by default no longer
    anonymous class types.
  * API changes
    + Added c.t.x.converters.extended.AtomicBooleanConverter.
    + Added c.t.x.converters.extended.AtomicIntegerConverter.
    + Added c.t.x.converters.extended.AtomicLongConverter.
    + Added c.t.x.converters.extended.AtomicReferenceConverter.
    + Added c.t.x.converters.extended.OptionalConverter.
    + Added c.t.x.converters.extended.OptionalDoubleConverter.
    + Added c.t.x.converters.extended.OptionalIntConverter.
    + Added c.t.x.converters.extended.OptionalLongConverter.
    + Added c.t.x.security.WildcardTypePermission
    .WildcardTypePermission(boolean,String[]).

- Build against the standalone JavaEE modules unconditionally

- Build against standalone activation-api and jaxb-api on systems
  where the JavaEE modules are not part of JDK
yast2-network
- Fix typo when writing the wireless channel (bsc#1212976)
- 4.3.88

- bsc#1211431
  - Do not crash installation when storing vlan configuration into
    NetworkManager
- 4.3.87
yast2-online-update
- Fix showing of release notes when we update a rubygem
  (bsc#1205913)
- 4.2.3
yast2-pkg-bindings
- Pkg.TargetInitializeOptions() - added a new option for
  rebuilding the RPM database (--rebuilddb) (bsc#1209565)
- 4.3.12
yast2-transfer
- Fixed TFTP download, truncate the target file to avoid garbage
  at the end of the file when saving to an already existing file
  (bsc#1208754)
- 4.1.1
yast2-update
- Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565)
- 4.3.5
zypper
- Changed location of bash-complication (bsc#1213854).
  This changes the location of zypper.sh bash completion script
  from /usr/share/bash-completion/completions/.
- version 1.14.63

- man: revised explanation of --force-resolution (bsc#1213557)
  Point out that the option not only allows to remove packages but
  may also violate any other active policy if there is no other way
  to resolve the job.
- Print summary hint if policies were violated due to
  - -force-resolution (bsc#1213557)
- BuildRequires:  libzypp-devel >= 17.31.16 (for zypp-tui)
- version 1.14.62

- targetos: Add an error note if XPath:/product/register/target
  is not defined in /etc/products.d/baseproduct (bsc#1211261)
- targetos: Update help and man page (bsc#1211261)
- version 1.14.61

- Fix selecting installed patterns from picklist (bsc#1209406)
- man: better explanation of --priority (fixes #480)
- version 1.14.60

- BuildRequires:  libzypp-devel >= 17.31.7.
- Provide "removeptf" command (bsc#1203249)
  A remove command which prefers replacing dependant packages to
  removing them as well.
  A PTF is typically removed as soon as the fix it provides is
  applied to the latest official update of the dependant packages.
  But you don't want the dependant packages to be removed together
  with the PTF, which is what the remove command would do. The
  removeptf command however will aim to replace the dependant
  packages by their official update versions.
- patterns: Avoid dispylaing superfluous @System entries
  (bsc#1205570)
- version 1.14.59

- Update man page and explain '.no_auto_prune' (bsc#1204956)
- Allow to (re)add a service with the same URL (bsc#1203715)
- Explain outdatedness of repos (fixes #463)
- BuildRequires:  libzypp-devel >= 17.31.5
- version 1.14.58