aaa_base
- Add patch git-50-845b509c9a005340a0455cb8a7fe084d1b8f1946.patch
  * Add mc helpers for both tcsh and bash resources (boo#1203617)
apache2
- Refresh apache2-CVE-2023-45802.patch.
- Fix for regression bsc#1233165.
binutils
- Update to current 2.43.1 branch [PED-10254, PED-10306]:
  * s390 - Add arch15 instructions
  * various fixes from upstream: PR32153, PR32171, PR32189,
    PR32196, PR32191, PR32109, PR32372, PR32387
- Adjusted binutils-2.43-branch.diff.gz.
- Disable zstd-by-default again (needs adjustments in at least
  golang,llvm15,llvm17 first)
- Add binutils-fix-branch.diff.
- Check non-changing of flex/bison inputs only after applying
  branch and fix-branch diffs.

- drop ld-relro.diff (relro is the default for some time)
  and it warns on avr spuriously (bsc#1233520)

- Add loongarch64 as new target

- Enable zstd compression algorithm (instead of zlib)
  for debug info sections by default.
cloud-regionsrv-client
- Update to 10.3.11 (bsc#1234050)
  + Send registration code for the extensions, not only base product

- Update to 10.3.8 (bsc#1233333)
  + Fix the package requirements for cloud-regionsrv-client
  + Follow changes to suseconnect error reporting from stdout to stderr

- Update to 10.3.7 (bsc#1232770)
  + Fix the product triplet for LTSS, it is always SLES-LTSS, not
    $BASEPRODUCT-LTSS

- Update to 10.3.6 (jsc#PCT-471, bsc#1230615)
  + Fix sudo setup
    ~ permissions cloudguestregistryauth
    ~ directory ownership /etc/sudoers.d
  + spec file
    ~ Remove traces of registry related entries on SLE 12
  + Forward port
    ~ fix-for-sles12-disable-registry.patch
    ~ fix-for-sles12-no-trans_update.patch
  + Deregister non free extensions at registercloudguest --clean
  + Fix registry cleanup at registercloudguest --clean, don't remove files
  + Prevent duplicate search entries in registry setup
- Update EC2 plugin to 1.0.5
  + Switch to using the region endpoint from IMDS to determine the region
    instead of deriving the data from the availability zone

- Update to 10.3.5
  + Update spec file to build in all code streams,
    SLE 12, SLE 15, ALP, and SLFO and have proper dependencies
cobbler
- CVE-2024-47533: Prevent privilege escalation from none to admin (bsc#1231332)
- Added:
  * xmlrpc_privilege_escalation_prevention.patch

- Increase start timeout for cobblerd unit (bsc#1219450)

- Provide sync_single_system for DHCP modules to improve performance (bsc#1219450)
- Add input_string_*, input_boolean, input_int functiont to public API
- Add new setting for uyuni authentication endpoint (bsc#1219887)
containerd
- Update to containerd v1.7.23. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.23>
- Rebase patches:
  * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch

- Update to containerd v1.7.22. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.22>
- Bump minimum Go version to 1.22.
- Rebase patches:
  * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
curl
- Security fix: [bsc#1234068, CVE-2024-11053]
  * curl could leak the password used for the first host to the
    followed-to host under certain circumstances.
  * netrc: address several netrc parser flaws
  * Add curl-CVE-2024-11053.patch
dhcp
- bsc#1192020: Add 'Requires(pre): group(nogroup)' to fix user
  creation in pre scriptlet for dhcp-server.
docker
- Update docker-buildx to v0.19.2. See upstream changelog online at
  <https://github.com/docker/buildx/releases/tag/v0.19.2>.
  Some notable changelogs from the last update:
  * <https://github.com/docker/buildx/releases/tag/v0.19.0>
  * <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Update to Go 1.22.

- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
  disable the SUSEConnect integration with Docker (which creates special mounts
  in /run/secrets to allow container-suseconnect to authenticate containers
  with registries on registered hosts). bsc#1231348 bsc#1232999
  In order to disable these mounts, just do
    echo 0 > /etc/docker/suse-secrets-enable
  and restart Docker. In order to re-enable them, just do
    echo 1 > /etc/docker/suse-secrets-enable
  and restart Docker. Docker will output information on startup to tell you
  whether the SUSE secrets feature is enabled or not.
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch

- Disable docker-buildx builds for SLES. It turns out that build containers
  with docker-buildx don't currently get the SUSE secrets mounts applied,
  meaning that container-suseconnect doesn't work when building images.
  bsc#1233819

- Add docker-integration-tests-devel subpackage for building and running the
  upstream Docker integration tests on machines to test that Docker works
  properly. Users should not install this package.
- docker-rpmlintrc updated to include allow-list for all of the integration
  tests package, since it contains a bunch of stuff that wouldn't normally be
  allowed.

- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
  sysconfig a long time ago, and apparently this causes issues with systemd in
  some cases.

- Further merge docker and docker-stable specfiles to minimise the differences.
  The main thing is that we now include both halves of the
  Conflicts/Provides/Obsoletes dance in both specfiles.

- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
  are replacing. See upstream changelog online at
  <https://github.com/docker/buildx/releases/tag/v0.17.1>

- Allow users to disable SUSE secrets support by setting
  DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. bsc#1231348
  bsc#1232999

- Add %{_sysconfdir}/audit/rules.d to filelist.

- Mark docker-buildx as required since classic "docker build" has been
  deprecated since Docker 23.0. bsc#1230331
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
  package, but with docker-stable it will be necessary to maintain the packages
  together and it makes more sense to have them live in the same OBS package.
  bsc#1230333
- Make some minor name macro updates to help with the docker-stable package
  fork.

- Update to Docker 26.1.5-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/26.1/#2615>
  bsc#1230294
- This update includes fixes for:
  * CVE-2024-41110. bsc#1228324
  * CVE-2023-47108. bsc#1217070
  * CVE-2023-45142. bsc#1228553
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
  * 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
  * 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
  * cli-0001-docs-include-required-tools-in-source-tree.patch
glib2
- Add glib2-CVE-2024-52533.patch: fix a single byte buffer overflow
  (boo#1233282 CVE-2024-52533 glgo#GNOME/glib#3461).
google-guest-agent
- Update to version 20241011.01 (bsc#1231775, bsc#1231776)
  * SUSE no overwrite bug fix, Ubuntu 18.04 exception (#451)
- from version 20241011.00
  * Skip MDS setup by default for this release (#450)
- from version 20241010.01
  * Revert "network/netplan: Adjust link-local accordingly (#443)" (#448)
  * Set enable regardless of previous check failed or not (#447)
- from version 20241009.03
  * Avoid unnecessary reloads, check before overwriting configs (#446)
- from version 20241009.02
  * network/netplan: Do generate instead of apply (#445)
- from version 20241009.01
  * Skip SetupInterfaces if configs are already applied (#444)
  * network/netplan: Adjust link-local accordingly (#443)
  * Repeated logging could be mistaken for a recurring issue,
    log mds mtls endpoint error only once (#439)
  * Retry MDS PUT operation, reload netplan/networkctl
    only if configs are changed (#438)
  * Log interface state after setting up network (#437)
  * network: Debian 12 rollback only if default netplan is ok (#436)
- from version 20240930.01
  * Change mtls mds defaults, update log message to assure error is harmless (#434)
- from version 20240930.00
  * network: Restore Debian 12 netplan configuration. (#433)
  * network: Remove primary NIC left over configs. (#432)
  * Update VLAN interfaces format to match with MDS (#431)
  * Fix panics in agent when setting up VLAN with netplan (#430)
  * Add VLAN NIC support for NetworkManager (#429)
  * Fix debian12 netplan config issue, use ptr receiver (#428)
  * Update README to reflect new network manager changes (#427)
  * Introduce a configuration toggle for enabling/disabling cloud logging (#413)
  * Adapt and update config key to be consistent with MDS (#426)
  * Allow users to enable/disable the mds mtls via metadata key (#423)
  * Make primary nic management config consistent across all network managers (#422)
  * Document disabling account manager on AD (#421)
  * Update README with MDS MTLS docs (#418)
  * Avoid writing configuration files when they already exist on wicked and (#410)
  * Update golang.org/x/net dependencies to catch up on CVEs (#412)
  * Get rid of deperecated dependencies in snapshot service generate code (#411)
  * Fix where agent panics on nil event (#409)
  * Configure primary nic if only set in cfg file (#408)
  * Update NIC management strategy (#402)
  * Only release dhclient leases for an interface if the
    respective dhclient is still running (#407)
  * Disable OS Login without pruning off any extra suffix. (#400)
  * Skip root cert rotation if installed once (#405)
  * Add ipv6 support to guest agent (#404)
  * Update Accounts documentation (#403)
  * Update google-startup-scripts.service to enable logging (#399)
  * Network subsystem remove os rules (#396)
  * oslogin: Don't remove sshca watcher when oslogin is disabled (#398)
  * Update dependencies to catch up on CVE fixes (#397)
  * Network manager netplan implementation (#386)
  * Update dependencies to catch up on CVE fixes (#391)
  * Log current available routes on error (#388)
  * Fix command monitor bugs (#389)
  * windows account: Ignore "user already belogs to group" error (#387)
  * Add more error logging in snapshot handling requests, use common retry util (#384)
  * All non-200 status code from MDS should raise error (#383)
  * Change metadata key to enable-oslogin-certificates (#382)
  * Update dhclient pid/lease file directory to abide apparmor rules (#381)
  * Add COS homedir-gid patch to upstream. (#365)
  * Add require-oslogin-certificates logic to disable keys (#368)
  * systemd-networkd: Support Debian 12's version (#372)
  * Minor update typo in comment (#380)
  * NetworkManager: Only set secondary interfaces as up (#378)
  * address manager: Make sure we check for oldMetadata (#375)
  * network: Early setup network (#374)
  * NetworkManager: Fix ipv6 and ipv4 mode attribute (#373)
  * Network Manager: Make sure we clean up ifcfg files (#371)
  * metadata script runner: Fix script download (#370)
  * oslogin: Avoid adding extra empty line at the end of /etc/security/group.conf (#369)
  * Dynamic vlan (#361)
  * Check for nil response (#366)
  * Create NetworkManager implementation (#362)
  * Skip interface manager on Windows (#363)
  * network: Remove ignore setup (#360)
  * Create wicked network service implementation and its respective unit (#356)
  * Update metadata script runner, add tests (#357)
  * Refactor guest-agent to use common retry util (#355)
  * Flush logs before exiting #358 (#359)
  * Create systemd-networkd unit tests. (#354)
  * Update network manager unit tests (#351)
  * Implement retry util (#350)
  * Refactor utils package to not dump everything unrelated into one file (#352)
  * Set version on metadata script runner (#353)
  * Implement cleanup of deprecated configuration directives (#348)
  * Ignore DHCP offered routes only for secondary nics (#347)
  * Deprecate DHClient in favor of systemd-networkd (#342)
  * Generate windows and linux licenses (#346)
  * Remove quintonamore from OWNERS (#345)
  * Delete integration tests (#343)

- Update to version 20240816.00
  * Add configuration toggle to enable/disable use
    of OS native certificate stores (#419)
  * Fix dependencies in stable branch #412 (#415)
  * Update dep: golang.org/x/crypto to v0.17.0
  * Update dep: google.golang.org/protobuf to 1.33.0
  * Update dep: golang.org/x/net to 0.17.0
  * Update dep: google.golang.org/grpc to v1.57.1
- from version 20240813.00
  * Update README with MDS MTLS docs (#418)
- from version 20240808.01
  * Avoid writing configuration files when they already
    exist on wicked and NetworkManager (#410)
- from version 20240808.00
  * Update golang.org/x/net dependencies
    to catch up on CVEs (#412)
- from version 20240805.00
  * Get rid of deperecated dependencies in
    snapshot service generate code (#411)
- Drop dont_overwrite_ifcfg.patch, fixed upstream

- Update to version 20240802.00
  * Fix where agent panics on nil event (#409)
- from version 20240801.00
  * Configure primary nic if only set in cfg file (#408)
  * Update NIC management strategy (#402)
  * Only release dhclient leases for an interface if the respective dhclient is still running (#407)
  * Disable OS Login without pruning off any extra suffix. (#400)
  * Skip root cert rotation if installed once (#405)
  * Add ipv6 support to guest agent (#404)
  * Update Accounts documentation (#403)
  * Update google-startup-scripts.service to enable logging (#399)
  * Network subsystem remove os rules (#396)
  * oslogin: don't remove sshca watcher when oslogin is disabled (#398)
  * Update dependencies to catch up on CVE fixes (#397)
  * Network manager netplan implementation (#386)
  * Update dependencies to catch up on CVE fixes (#391)
  * Log current available routes on error (#388)
  * Fix command monitor bugs (#389)
  * Windows account: ignore "user already belogs to group" error (#387)
  * Add more error logging in snapshot handling requests, use common retry util (#384)
  * All non-200 status code from MDS should raise error (#383)
  * Change metadata key to enable-oslogin-certificates (#382)
  * Update dhclient pid/lease file directory to abide apparmor rules (#381)
  * Add COS homedir-gid patch to upstream. (#365)
  * Add require-oslogin-certificates logic to disable keys (#368)
  * systemd-networkd: support debian 12's version (#372)
  * Minor update typo in comment (#380)
  * NetworkManager: only set secondary interfaces as up (#378)
  * address manager: make sure we check for oldMetadata (#375)
  * network: early setup network (#374)
  * NetworkManager: fix ipv6 and ipv4 mode attribute (#373)
  * Network Manager: make sure we clean up ifcfg files (#371)
  * metadata script runner: fix script download (#370)
  * oslogin: avoid adding extra empty line at the end of /etc/security/group.conf (#369)
  * Dynamic vlan (#361)
  * Check for nil response (#366)
  * Create NetworkManager implementation (#362)
  * Skip interface manager on Windows (#363)
  * network: remove ignore setup (#360)
  * Create wicked network service implementation and its respective unit (#356)
  * Update metadata script runner, add tests (#357)
  * Refactor guest-agent to use common retry util (#355)
  * Flush logs before exiting #358 (#359)
  * Create systemd-networkd unit tests. (#354)
  * Update network manager unit tests (#351)
  * Implement retry util (#350)
  * Refactor utils package to not dump everything unrelated into one file (#352)
  * Set version on metadata script runner (#353)
  * Implement cleanup of deprecated configuration directives (#348)
  * Ignore DHCP offered routes only for secondary nics (#347)
  * Deprecate DHClient in favor of systemd-networkd (#342)
  * Generate windows and linux licenses (#346)
  * Remove quintonamore from OWNERS (#345)
  * Delete integration tests (#343)
- from version 20240716.00
  * Update dep: golang.org/x/crypto to v0.17.0
  * Update dep: google.golang.org/protobuf to 1.33.0
  * Update dep: golang.org/x/net to 0.17.0
  * Update dep: google.golang.org/grpc to v1.57.1

- Update to version 20240701.00
  * Update google-startup-scripts.service to enable logging (#399)

- Update to version 20240611.01
  * Network subsystem remove os rules (#396)
  * oslogin: don't remove sshca watcher when oslogin is disabled (#398)
  * update dependencies to catch up on CVE fixes (#397)
  * Network manager netplan implementation (#386)
  * update dependencies to catch up on CVE fixes (#391)
  * Log current available routes on error (#388)
  * Fix command monitor bugs (#389)
  * windows account: ignore "user already belogs to group" error (#387)
  * Add more error logging in snapshot handling requests, use common retry util (#384)
  * All non-200 status code from MDS should raise error (#383)
  * change metadata key to enable-oslogin-certificates (#382)
  * Update dhclient pid/lease file directory to abide apparmor rules (#381)
  * Add COS homedir-gid patch to upstream. (#365)
  * Add require-oslogin-certificates logic to disable keys (#368)
  * systemd-networkd: support debian 12's version (#372)
  * Minor update typo in comment (#380)
  * NetworkManager: only set secondary interfaces as up (#378)
  * address manager: make sure we check for oldMetadata (#375)
  * network: early setup network (#374)
  * NetworkManager: fix ipv6 and ipv4 mode attribute (#373)
  * Network Manager: make sure we clean up ifcfg files (#371)
  * metadata script runner: fix script download (#370)
  * oslogin: avoid adding extra empty line at the end of /etc/security/group.conf (#369)
  * Dynamic vlan (#361)
  * Check for nil response (#366)
  * Create NetworkManager implementation (#362)
  * Skip interface manager on Windows (#363)
  * network: remove ignore setup (#360)
  * Create wicked network service implementation and its respective unit (#356)
  * Update metadata script runner, add tests (#357)
  * Refactor guest-agent to use common retry util (#355)
  * Flush logs before exiting #358 (#359)
  * Create systemd-networkd unit tests. (#354)
  * Update network manager unit tests (#351)
  * Implement retry util (#350)
  * Refactor utils package to not dump everything unrelated into one file (#352)
  * Set version on metadata script runner (#353)
  * Implement cleanup of deprecated configuration directives (#348)
  * ignore DHCP offered routes only for secondary nics (#347)
  * Deprecate DHClient in favor of systemd-networkd (#342)
  * Generate windows and linux licenses (#346)
  * Remove quintonamore from OWNERS (#345)
  * Delete integration tests (#343)
- from version 20240528.00
  * update dep: golang.org/x/crypto to v0.17.0
  * update dep: google.golang.org/protobuf to 1.33.0
  * update dep: golang.org/x/net to 0.17.0
  * update dep: google.golang.org/grpc to v1.57.1
google-guest-configs
- Add ggc-no-dup-metasrv-entry.patch
  + Follow up to (bsc#1234289, bsc#1234293). Avoid duplicate entries for
    the metadata server in /etc/hosts

- Update to version 20241205.00 (bsc#1234254, bsc#1234255)
  * Update google_set_multiqueue to configure
    vCPU ranges based on VM platform (#90)
- from version 20241204.00
  * Restore google_set_multiqueue changes for A3Ultra (#93)
  * Depend on networkd-dispatcher in Ubuntu (#94)
- Include components to set hostname and /etc/hosts entries (bsc#1234289, bsc#1234293)
  * Add sysconfig and sysconfig-network to BuildRequires
  * Install google_set_hostname into %{_bindir}
  * Install google_up.sh into %{_sysconfdir}/sysconfig/network/scripts/
  * Add code to add and remove POST_UP_SCRIPT="compat:suse:google_up.sh"
    to /etc/sysconfig/network/ifcfg-eth0 in %post and %postun sections

- Update to version 20241121.00 (bsc#1233625, bsc#1233626)
  * Temporarily revert google_set_multiqueue changes for release (#92)
- from version 20241115.00
  * Remove IDPF devices from renaming rules (#91)
- from version 20241112.00
  * Revert "Revert 3 commits:" (#89)
- from version 20241108.00
  * Revert 3 commits: (#87)
- from version 20241107.00
  * gce-nic-naming: Exit 1 so that udev ignores the rule on error (#86)
- from version 20241106.00
  * Remove Apt IPv4 only config for Debian and Ubuntu (#85)
- from version 20241031.00
  * Add GCE intent based NIC naming tools (#84)
- from version 20241025.00
  * Update google_set_multiqueue to skip set_irq
    if NIC is not a gvnic device (#83)
- Add new binary gce-nic-naming to %{_bindir} in %files section

- Update to version 20241021.00 (bsc#1231775, bsc#1231776)
  * Add GCE-specific config for systemd-resolved (#82)
- from version 20241015.00
  * Update google_set_multiqueue to enable on A3Ultra family (#79)
- from version 20241013.00
  * Update OWNERS (#81)
- from version 20241010.00
  * Depend on jq in enterprise linux (#80)
- from version 20241008.00
  * Always use IP from primary NIC in the
    networkd-dispatcher routable hook (#78)

- Update to version 20240925.00
  * Call google_set_hostname on openSUSE and when the agent
    is configured to manage hostname and FQDN, let it (#75)
- from version 20240924.00
  * Include systemd-networkd hook in Ubuntu packaging (#77)
- from version 20240905.00
  * Update packaging as of Ubuntu devel packaging (#65)
- from version 20240830.00
  * Fix the name for A3 Edge VMs (#76)

- Update to version 20240725.00
  * Fix: hostnamectl command (#74)

- Update to version 20240607.00
  * Update is_a3_platform to include A3-edge shape (#73)

- Update to version 20240514.00
  * Add systemd-networkd hostname hook (#71)
- from version 20240501.00
  * Add hostname hook for NetworkManager without
    dhclient compat script (#70)
google-osconfig-agent
- Update to version 20240926.03 (bsc#1231775, bsc#1231776)
  * Revert "Bump go.opentelemetry.io/otel from 1.24.0 to 1.30.0 (#679)" (#684)
- from version 20240926.02
  * Bump go.opentelemetry.io/otel from 1.24.0 to 1.30.0 (#679)
  * another batch of depencies upgrade (#683)
- from version 20240926.01
  * aggregate dependabot changes to go.mod (#677)
  * Revert back Source package info delivery to control-plane (#673)
- from version 20240926.00
  * Update OWNERS (#676)
- from version 20240924.02
  * Upgrade grpc and it's dependencies to latest version (#672)
- from version 20240924.01
  * Implement keepalive config (#671)
- from version 20240924.00
  * Set new version of gRPC for test (#669)
- from version 20240920.00
  * Revert "bump version of the gRPC" (#667)
- from version 20240919.00
  * bump version of the gRPC (#666)
- from version 20240917.00
  * Merge pull request #665 from GoogleCloudPlatform/revert-664-update_grpc_dependency
  * Revert "Update grpc library and other dependencies. (#664)"
- from version 20240916.00
  * Update grpc library and other dependencies. (#664)
- from version 20240913.00
  * Move packagebuild presubmit to osconfig (#662)
- from version 20240912.00
  * Revert "update osconfig api to v1.13.0 & indirect dependency update" (#659)
- from version 20240822.00
  * Revert "Source package info delivery to control-plane (#639)" (#656)
- from version 20240821.00
  * Fix golang version format to fix builds. (#655)
- from version 20240814.01
  * Use gcsfuse pkg in guest-policies e2e in pkg
    update tests instead of old pkgs (#653)
  * Replace osconfig-agent-test pkg by gcsfuse in ospolicies
    tests and inventory-report tests (#652)
- from version 20240806.00
  * Disable Repository Resource test for SLES-12 (#650)

- Update to version 20240801.00
  * Fix Debian-12 failing test by using gcsfuse pkg
  * Fix fetching gpg key unit tests (#649)
- from version 20240729.00
  * Fix for old state file on Windows (#648)
- from version 20240723.00
  * Add debugging logs for repository resource config (#646)
- from version 20240718.00
  * Fix SLES-12 SP5 RPM package-resource e2e test (#645)
- from version 20240715.01
  * Fix OSPolicies e2e tests for SLES-15 SP5 by removing
    zypper update from VMs startup script (#644)
- from version 20240715.00
  * Fix GuestPolicies e2e tests for SLES-15 SP5 by removing
    zypper update from VMs startup script (#643)
- from version 20240709.01
  * Source package info delivery to control-plane (#639)
- from version 20240709.00
  * Enable gpgcheck flag for RPM e2e tests (#638)
- from version 20240708.00
  * Update osconfig api to v1.13.0
  * Indirect dependency update (#637)
- from version 20240705.01
  * Updating Windows & Linux Chrome packages
    to fix failing e2e tests (#636)
- from version 20240705.00
  * Merge pull request #635 from Gulio/patch-1
  * Update OWNERS
- from version 20240702.02
  * Remove RHEL-7 and CentOS-7 images from e2e tests (#634)

- Update to version 20240702.01
  * Use Debian-11 img in googet pkg build workflow (#632)
- from version 20240702.00
  * Pipeline testing 00 (#631)
- from version 20240701.00
  * update readme file (#628)
- from version 20240625.01
  * Updating yum install to support multi architecture based packages
  * Revert "Adding Architecture to the packages being installed/updated in yum repo"
- from version 20240625.00
  * Update old SLES images urls (#627)
- from version 20240620.00
  * Merge pull request #626 from GoogleCloudPlatform/yum-multiarch-fix
  * Adding Architecture to the packages being installed/updated in yum repo
- from version 20240618.01
  * Extract source_name(source_rpm) for rpm packages (#624)
- from version 20240618.00
  * update README.md file (#625)
- from version 20240615.00
  * Fix(dpkg) return onlt installed items as inventory (#623)
  * Extract source name and version for dpkg packages. (#622)

- Update to version 20240607.00
  * Update e2e tests to use VMM team's GCP project for pkgs testing version (#621)
- from version 20240606.00
  * Disable SUSE tests to run with testing agent repo (#619)
- from version 20240604.00
  * Fix the logic of pick region for Artifact Registry function (#618)
- from version 20240603.00
  * Disable centos-stream-8 tests as it reached EOL in May 31 (#617)
- from version 20240529.00
  * Merge pull request #610 from savijatv/patch-3
  * Update cis-level1-once-a-day-policy.yaml
- from version 20240528.00
  * Merge pull request #616 from MahmoudOuka/allow-windows-e2e-tests-to-\
    install-testing-version-of-agent-from-private-artifact-registry-repos
  * Allow Windows e2e tests to pull osconfig-agent pkg from testing (private)
    repos from Artifact registry
- from version 20240527.01
  * Merge pull request #615 from MahmoudOuka/fix-SUSE-e2e-tests
  * fix SUSE e2e tests
- from version 20240527.00
  * Merge pull request #614 from MahmoudOuka/allow-apt-and-yum-\
    e2e-tests-to-pull-osconfig-agent-pkg-from-testing-repos
  * fix golint comments
  * Allow Apt & Yum e2e tests to pull osconfig-agent pkg from testing repos
- from version 20240524.03
  * Merge pull request #611 from savijatv/patch-ospolicy-samples
  * Update to the CIS OS policy samples
- from version 20240524.00
  * Merge pull request #612 from MahmoudOuka/update-apt-e2e-tests-\
    to-pull-osconfig-agent-pkg-from-new-ar-repos
  * fix golint comment
  * Update Apt e2e tests to pull osconfig-agent pkg from new AR repos instead of rapture
- from version 20240523.02
  * bump golang.org/x/crypto version (#613)
- from version 20240523.00
  * update go-cmp dependency (#604)
- from version 20240522.00
  * rollback masive dependency update (#603)
  * Bump google.golang.org/api from 0.180.0 to 0.181.0 (#596)

- Update to version 20240517.00
  * Bump cloud.google.com/go/auth from 0.4.1 to 0.4.2 (#597)
- from version 20240516.01
  * Bump cloud.google.com/go/logging from 1.9.0 to 1.10.0 (#595)
  * Bump cloud.google.com/go/storage from 1.40.0 to 1.41.0 (#594)
- from version 20240516.00
  * Bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#593)

- Update to version 20240513.02
  * E2e tests: allow passing spesific EL version
    number to InstallOSConfigEL func (#592)
- from version 20240513.01
  * Bump google.golang.org/api from 0.179.0 to 0.180.0 (#591)
- from version 20240513.00
  * E2e tests: Fix EL version detection logic in E2E tests (#590)
  * Bump google.golang.org/api from 0.178.0 to 0.179.0 (#589)
- from version 20240510.02
  * Bump cloud.google.com/go/auth from 0.4.0 to 0.4.1 (#588)
- from version 20240510.01
  * E2e tests: use family url format instead of specific
    version URL for head test images (#587)
- from version 20240510.00
  * Fix for lock location (#586)
- from version 20240509.03
  * Bump cloud.google.com/go from 0.112.2 to 0.113.0 (#584)
- from version 20240509.02
  * Remove dependabot not needed label (#576)
- from version 20240509.01
  * Write inventory to attributes only if enabled (#486)
- from version 20240509.00
  * E2e tests: install gnupg2 and run apt update in VMs startup-scripts (#583)
  * Add a temporary e2e test image for Ubuntu to test
    the latest osconfig-agent stable version (#582)
  * Bump google.golang.org/api from 0.177.0 to 0.178.0 (#578)
  * Bump github.com/googleapis/gax-go/v2 from 2.12.3 to 2.12.4 (#579)
  * Bump cloud.google.com/go/iam from 1.1.7 to 1.1.8 (#577)
  * Bump cloud.google.com/go/auth from 0.3.0 to 0.4.0 (#580)
  * Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#581)
  * Bump golang.org/x/net from 0.24.0 to 0.25.0 (#575)
  * Bump cloud.google.com/go/osconfig from 1.12.6 to 1.12.7 (#573)
  * Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp (#574)
  * Bump cloud.google.com/go/longrunning from 0.5.6 to 0.5.7 (#571)
- from version 20240508.08
  * Bump github.com/golang/glog from 1.2.0 to 1.2.1 (#572)
- from version 20240508.07
  * Bump golang.org/x/text from 0.14.0 to 0.15.0 (#565)
- from version 20240508.06
  * Bump golang.org/x/oauth2 from 0.19.0 to 0.20.0 (#566)
  * Bump golang.org/x/sys from 0.19.0 to 0.20.0 (#564)
- from version 20240508.05
  * Bump go.opentelemetry.io/otel/trace from 1.24.0 to 1.26.0 (#563)
- from version 20240508.04
  * Bump google.golang.org/protobuf from 1.34.0 to 1.34.1 (#567)
  * Using the default reviewer set for PR approvals (#570)
- from version 20240508.03
  * Adding advanced CodeQL settings to scan on PRs (#569)
- from version 20240508.02
  * Update Debian-12 package build workflow to use debian-cloud project (#568)
- from version 20240508.01
  * Dependabot dependency updates (#562)
- from version 20240508.00
  * Revert "Initial configuration of the dependabot
    for the direct and indirect d…" (#561)
  * Initial configuration of the dependabot for the
    direct and indirect dependency scanning (#560)
- from version 20240507.00
  * Fix Debian-12 package build workflow typo (#559)
- from version 20240506.00
  * Use signed-by keyring approach for apt repos in Debian 12+ and Ubuntu 24+ (#558)
- from version 20240501.03
  * Logrus dependency update (#557)
- from version 20240501.02
  * Updating dependencies and respective checksums (#556)
- from version 20240501.01
  * Update go.mod (#554)
- from version 20240501.00
  * Bump golang.org/x/net from 0.17.0 to 0.23.0 (#542)
- from version 20240430.01
  * Remove SBOM generation logic from package build workflows (#553)
- from version 20240425.00
  * Fix e2e tests for exec-output size limit (#552)
- from version 20240424.00
  * Disabled some images which are either past EoL or broken (#549)
- from version 20240423.01
  * Copy packagebuild folder from guest-test-infra repo to osconfig repo (#545)
  * OS Config windows state file location changed (#544)
- from version 20240423.00
  * Removed debian-10 from e2e tests (#548)
- from version 20240422.00
  * Merge pull request #541 from GoogleCloudPlatform/michaljankowiak-patch-1
  * Update OWNERS
- from version 20240409.00
  * Bump output size limit to 500KB (#538)
grafana-formula
- Version 0.11.0
  * Add SLES 15 SP6 to supported versions (bsc#1228286)
httpcomponents-asyncclient
- Reproducible builds: use SOURCE_DATE_EPOCH for timestamp

- Adapted for Enterprise Linux 9
httpcomponents-client
- Update to version 4.5.14
  * HTTPCLIENT-2206: Corrected resource de-allocation by fluent
    response objects.
  * HTTPCLIENT-2174: URIBuilder to return a new empty list instead
    of unmodifiable Collections#emptyList.
  * Don't retry requests in case of NoRouteToHostException.
  * HTTPCLIENT-2144: RequestBuilder fails to correctly copy charset
    of requests with form url-encoded body.
  * PR #269: 4.5.x use array fill and more.
    + Use Arrays.fill().
    + Remove redundant modifiers.
    + Use Collections.addAll() and Collection.addAll() APIs instead
    of loops.
    + Remove redundant returns.
    + No need to explicitly declare an array when calling a vararg
    method.
    + Remote extra semicolons (;).
    + Use a 'L' instead of 'l' to make long literals more readable.
  * PublicSuffixListParser.parseByType(Reader) allocates but does
    not use a 256 char StringBuilder.
  * Incorrect handling of malformed authority component by
    URIUtils#extractHost (bsc#1177488, CVE-2020-13956).
  * Avoid updating Content-Length header in a 304 response.
  * Bug fix: BasicExpiresHandler is annotated as immutable but is
    not (#239)
  * HTTPCLIENT-2076: Fixed NPE in LaxExpiresHandler (#222).

- Use %patch -P N instead of deprecated %patchN.
httpcomponents-core
- Upgraded to version 4.4.14
  * PR #231: 4.4.x Use better map apis and more.
    + Remove redundant modifiers.
    + Use Collections.addAll() API instead of loops.
    + Remove redundant returns.
    + No need to explicitly declare an array when calling a vararg
    method.
    + Remote extra semicolons (;).
  * Bug fix: Non-blocking TLSv1.3 connections can end up in an
    infinite event spin when closed concurrently by the local and
    the remote endpoints.
  * HTTPCORE-647: Non-blocking connection terminated due to
    'java.io.IOException: Broken pipe' can enter an infinite loop
    flushing buffered output data.
  * PR #201, HTTPCORE-634: Fix race condition in AbstractConnPool
    that can cause internal state corruption when persistent
    connections are manually removed from the pool.

- Use %patch -P N instead of deprecated %patchN.
hwdata
- update to 0.390:
  * Update pci and vendor ids

- update to 0.389:
  * Update pci and vendor ids

- update to 0.385:
  * Update pci and vendor ids

- update to 0.383:
  * Update pci and vendor ids

- update to 0.382:
  * Update pci, usb and vendor ids
jackson-annotations
- Update to 2.17.3
  * No changes since 2.17.2

- Build the module-info.java source too (with release=9)

- Update to 2.17.2
  * No changes since 2.17.1

- Update to 2.17.1
  * No changes since 2.17.0
- Includes changes from 2.17.0
  * #242: Allow `@JsonAnySetter` on `ElementType.PARAMETER` (for
    use on constructor parameters)
jackson-core
- Update to 2.17.3
  * #1331: Update to FastDoubleParser v1.0.1 to fix 'BigDecimal'
    decoding problem
  * #1340: Missing 'JsonFactory' "provides" SPI with JPMS in
    'jackson-core' module
  * #1352: Fix infinite loop due to integer overflow when reading
    large strings

- Build the module-info.java source too (with release=9)

- Update to 2.17.2
  * #1308: Relax validation by 'NumberInput.looksLikeValidNumber()'
    to allow trailing dot (like '3.')

- Reproducible builds: generate javadoc without timestamps

- Update to 2.17.1
  * #1241: Fix 'NumberInput.looksLikeValidNumber()' implementation
  * #1256: Revert #1117: change default recycler pool back to
    'threadLocalPool()' for 2.17.1
- Includes changes from 2.17.0
  * #507: Add 'JsonWriteFeature.ESCAPE_FORWARD_SLASHES' to allow
    escaping of '/' for String values
  * #1117: Change default 'RecylerPool' implementation to
    'newLockFreePool' (from 'threadLocalPool')
  * #1137: Improve detection of "is a NaN" to only consider
    explicit cases, not 'double' overflow/underflow
  * #1145: 'JsonPointer.appendProperty(String)' does not escape the
    property name
  * #1149: Add 'JsonParser.getNumberTypeFP()'
  * #1157: Use fast parser (FDP) for large 'BigDecimal's (500+
    chars)
  * #1169: 'ArrayIndexOutOfBoundsException' for specific invalid
    content, with Reader-based parser
  * #1173: 'JsonLocation' consistently off by one character for
    many invalid JSON parsing cases
  * #1179: Allow configuring 'DefaultPrettyPrinter' separators for
    empty Arrays and Objects
  * #1186: 'BufferRecycler' should avoid setting replacement if one
    already returned, bigger
  * #1195: Use 'BufferRecycler' provided by output ('OutputStream',
    'Writer') object if available
  * #1202: Add 'RecyclerPool.clear()' method for dropping all
    pooled Objects
  * #1203: Faster division by 1000
  * #1205:
    JsonFactory.setStreamReadConstraints(StreamReadConstraints)
    fails to update "maxNameLength" for symbol tables
  * #1217: Optimize char comparison using bitwise OR
  * #1218: Simplify Unicode surrogate pair conversion for
    generation
jackson-databind
- Update to 2.17.3
  * #4718: Should not fail on trying to serialize
    'java.time.DateTimeException'

- Remove LGPL-2.1-or-later license, since not found in the package

- Build the module-info.java source too (with release=9)

- Update to 2.17.2
  * #4561: Issues using jackson-databind 2.17.1 with Reactor
  * #4575: StdDelegatingSerializer does not consider a Converter
    that may return null for a non-null input
  * #4577: Cannot deserialize value of type 'java.math.BigDecimal'
    from String "3." (not a valid representation)
  * #4595: No way to explicitly disable wrapping in custom
    annotation processor
  * #4607: 'MismatchedInput': No Object Id found for an instance of
    X to assign to property '@id'
  * #4610: 'DeserializationFeature.FAIL_ON_UNRESOLVED_OBJECT_IDS'
    does not work when used with Polymorphic type handling

- Update to 2.17.1
  * 2.17.1 (04-May-2024)
    + #4428: 'ByteBuddy' scope went beyond 'test' in version 2.17.0
    + #4430: Use 'ReentrantLock' instead of 'synchronized' in
    'DeserializerCache' to avoid deadlock on pinning
    + #4435: Cannot deserialize value of type 'java.math.BigDecimal'
    from String ".05": not a valid representation
    + #4441: '@JsonSetter(nulls = Nulls.SKIP)' doesn't work in some
    situations
    + #4450: Empty QName deserialized as 'null'
    + #4471: Reconsider deprecation of
    'JsonNode.asText(defaultValue)'
    + #4481: Unable to override
    'DeserializationFeature.READ_UNKNOWN_ENUM_VALUES_AS_NULL' with
    'JsonFormat.Feature.READ_UNKNOWN_ENUM_VALUES_AS_NULL'
    + #4489: Unable to override 'DeserializationFeature
    .READ_UNKNOWN_ENUM_VALUES_USING_DEFAULT_VALUE' with
    'JsonFormat.Feature.READ_UNKNOWN_ENUM_VALUES_USING_DEFAULT_VALUE'
  * 2.17.0 (12-Mar-2024)
    + #437: Support throwing 'MismatchedInputException' when
    deserializing properties that are not part of the view
    + #736: 'MapperFeature.REQUIRE_SETTERS_FOR_GETTERS' has no effect
    + #2543: Introspection includes delegating ctor's only parameter
    as a property in 'BeanDescription'
    + #4160: Deprecate 'DefaultTyping.EVERYTHING' in '2.x' and
    remove in '3.0'
    + #4194: Add 'JsonNodeFeature
    .FAIL_ON_NAN_TO_BIG_DECIMAL_COERCION' option to fail on
    attempting to coerce 'NaN' into 'BigDecimal'
    + #4205: Consider types in 'sun.*' package(s) to be JDK
    (platform) types for purposes of handling
    + #4209: Make 'BeanDeserializerModifier'/'BeanSerializerModifier'
    implement 'java.io.Serializable'
    + #4214: 'EnumSet' deserialization does not work when we
    activate default typing in 'ObjectMapper'
    + #4248: 'ThrowableDeserializer' does not handle 'null' well for
    'cause'
    + #4250: Add input validation for 'NumberDeserializers'
    deserializers for "stringified" FP numbers
    + #4262: Improve handling of 'null' insertion failure for
    'TreeSet'
    + #4263: Change 'ObjectArrayDeserializer' to use "generic" type
    parameter ('java.lang.Object') to remove co-variant return
    type
    + #4299: Some 'Collection' and 'Map' fallbacks don't work in
    GraalVM native image
    + #4309: '@JsonSetter(nulls=...)' handling of 'Collection'
    'null' values during deserialization with
    'READ_UNKNOWN_ENUM_VALUES_AS_NULL' and
    'FAIL_ON_INVALID_SUBTYPE' wrong
    + #4327: '@JsonAlias' not respected by polymorphic deduction
    + #4337: 'AtomicReference' serializer does not support
    '@JsonSerialize(contentConverter=...)'
    + #4364: '@JsonProperty' and equivalents should merge with
    'AnnotationIntrospectorPair'
    + #4394: Better Base64 support for 'java.util.UUIDs' without
    padding
    + #4403: Deserialization of unknown value for enums does not
    yield default enum value
    + #4416: Deprecate 'JsonNode.asText(String)'
  * 2.16.2 (09-Mar-2024)
    + #4302: Problem deserializing some type of Enums when using
    'PropertyNamingStrategy'
    + #4303: 'ObjectReader' is not serializable if it's configured
    for polymorphism
    + #4316: NPE when deserializing 'JsonAnySetter' in 'Throwable'
    + #4355: Jackson 2.16 fails attempting to obtain 'ObjectWriter'
    for an 'Enum' of which some value returns null from
    'toString()'
    + #4409: Deserialization of enums with name defined with
    different cases leads to 'InvalidDefinitionException':
    Multiple fields representing property
javapackages-tools
- Upgrade to upstream version 6.3.4
  * Changes:
    + A corner case when which is not present
    + Remove dependency on which
    + Simplify after the which -> type -p change
    + jpackage_script: Remove pointless assignment when %java_home
    is unset
    + Don't require %java_home for %java etc.
    + Don't export JAVA_HOME
- Removed patches:
  * do-not-require-which.patch
  * fix-broken-commands.patch
  * remove-pointless-assignment.patch
    + integrated upstream
- Modified patch:
  * python-optional.patch
    + account for changed context
- Added patch:
  * 0001-Revert-jpackage_script-Remove-unneeded-backslashes.patch
    + This change breaks build with rpm 4.14.1

- remove-pointless-assignment.patch: Remove pointless assignment if
  %java_home is unset

- Added patch:
  * fix-broken-commands.patch
    + fix commands broken after recent removal of the default
    %%{java_home} macro

- Added patch:
  * do-not-require-which.patch
    + do not fail launching scripts if which is not installed
    (bsc#1231347)

- Upgrade to upstream version 6.3.2
  * Changes
    + spec: Update Obsoletes versions
    + Search for JAVACMD under JAVA_HOME only if it's set
    + Obsolete set_jvm and set_jvm_dirs functions
    + Drop unneeded _set_java_home function
    + Remove JAVA_HOME check from check_java_env function
    + Bump codecov/codecov-action from 2.0.2 to 4.6.0
    + Bump actions/setup-python from 4 to 5
    + Bump actions/checkout from 2 to 4
    + Add custom dependabot config
    + Remove the test for JAVA_HOME and error if it is not set
    + java-functions: Remove unneeded local variables
    + Fix build status shield
- Removed patch:
  * 0001-Double-quote-to-avoid-substitution-during-build.patch
    + Fixed differently in this version

- Upgrade to upstream version 6.3.1
  * Changes:
    + Allow missing components with abs2rel
    + Fix tests with python 3.4
    + Sync spec file from Fedora
    + Drop default JRE/JDK
    + Fix the use of java-functions in scripts
    + Update RPM spec file
    + Reproducible builds: constant timestamp for pom.properties
    + Test that we don't bomb on <relativePath/>
    + Test variable expansion in artifactId
    + Interpolate properties also in the current artifact
    + Rewrite abs2rel in shell
    + Use asciidoctor instead of asciidoc
    + Fix incompatibility with RPM 4.20
    + Don't define %topdir macro
    + coverage: use usercustomize
    + Reproducible builds: keep order of aliases and dependencies
    + Reproducible exclusions order in maven metadata
    + Do not bomb on <relativePath/> construct
    + Make maven_depmap order of aliases reproducible
- Removed patches:
  * 0001-Make-maven_depmap-order-of-aliases-reproducible.patch
  * 0002-Do-not-bomb-on-relativePath-construct.patch
  * 0003-Reproducible-exclusions-order-in-maven-metadata.patch
  * 0004-Reproducible-builds-keep-order-of-aliases-and-depend.patch
  * 0005-Interpolate-properties-also-in-the-current-artifact.patch
  * 0006-Test-variable-expansion-in-artifactId.patch
  * 0007-Test-that-we-don-t-bomb-on-relativePath.patch
  * 0008-Reproducible-builds-constant-timestamp-for-pom.prope.patch
    + Integrated in this version
- Added patch:
  * 0001-Double-quote-to-avoid-substitution-during-build.patch
    + Double-quote a macro in macros.jpackages to avoid value
    substitution during the build

- Added patch:
  * 0008-Reproducible-builds-constant-timestamp-for-pom.prope.patch
    + use reproducible timestamp when post-processing jar files and
    adding there the pom.properties file.
kernel-default
- ovl: Filter invalid inodes with missing lookup function
  (bsc#1235035 CVE-2024-56570).
- commit 54169ab

- NFSv4.0: Fix a use-after-free problem in the asynchronous open()
  (CVE-2024-53173 bsc#1234891).
- commit f801b5b

- Bluetooth: L2CAP: do not leave dangling sk pointer on error
  in l2cap_sock_create() (CVE-2024-56605 bsc#1235061).
- commit c461209

- idpf: trigger SW interrupt when exiting wb_on_itr mode
  (bsc#1235507).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024
  (bsc#1235246).
- idpf: enable WB_ON_ITR (bsc#1235507).
- commit 3cbddc0

- smb: client: fix use-after-free of signing key (CVE-2024-53179
  bsc#1234921).
- commit 86400c7

- smb: client: fix TCP timers deadlock after rmmod (git-fixes)
  [hcarvalho: this fixes issue discussed in bsc#1233642].
- commit 3e3e1af

- smb: client: Fix use-after-free of network namespace
  (CVE-2024-53095 bsc#1233642).
  [hcarvalho: remove netfs_tracker_* related code because we don't have
  such infrastructure.]
- commit 97b2d9e

- wifi: mwifiex: Fix memcpy() field-spanning write warning in
  mwifiex_config_scan() (CVE-2024-56539 bsc#1234963).
- commit e27d4b2

- vfio/pci: Properly hide first-in-list PCIe extended capability
  (bsc#1235004 CVE-2024-53214).
- commit f520125

- Bluetooth: RFCOMM: avoid leaving dangling sk pointer in
  rfcomm_sock_alloc() (bsc#1235056 CVE-2024-56604).
- commit cf32d9d

- Bluetooth: Consolidate code around sk_alloc into a helper
  function (bsc#1235056 CVE-2024-56604).
  Refresh
  patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_sock_timeout.patch.
- commit 4de890e

- nilfs2: fix potential out-of-bounds memory access in
  nilfs_find_entry() (bsc#1235224 CVE-2024-56619).
- commit b3f788e

- jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220
  CVE-2024-56598).
- commit 4762f9a

- hfsplus: don't query the device logical block size multiple
  times (bsc#1235073 CVE-2024-56548).
- commit 67473c2

- wifi: ath9k: add range check for conn_rsp_epid in
  htc_connect_service() (CVE-2024-53156 bsc#1234846).
- commit 747e664

- ALSA: 6fire: Release resources at card release (CVE-2024-53239
  bsc#1235054).
- commit 6995b0a

- NFSD: Prevent a potential integer overflow (CVE-2024-53146
  bsc#1234853).
- commit 79b751c

- Update
  patches.suse/tcp-Fix-use-after-free-of-nreq-in-reqsk_timer_handler.patch
  (CVE-2024-50154 bsc#1233070 CVE-2024-53206 bsc#1234960).
- commit cdf9cb8

- Update
  patches.suse/media-s5p_cec-limit-msg.len-to-CEC_MAX_MSG_SIZE.patch
  (git-fixes CVE-2022-49035 bsc#1215304).
- commit d91bb81

- x86/xen: use new hypercall functions instead of hypercall page
  (XSA-466 CVE-2024-53241 bsc#1234282).
- commit 439afbb

- x86/xen: add central hypercall functions (XSA-466 CVE-2024-53241
  bsc#1234282).
- commit 1784c5e

- x86/xen: don't do PV iret hypercall through hypercall page
  (XSA-466 CVE-2024-53241 bsc#1234282).
- commit 9f17f93

- x86/static-call: provide a way to do very early static-call
  updates (XSA-466 CVE-2024-53241 bsc#1234282).
- Refresh patches.kabi/tracepoint-fix.patch.
- commit 2e422a6

- objtool/x86: allow syscall instruction (XSA-466 CVE-2024-53241
  bsc#1234282).
- commit 1f61d5b

- x86: make get_cpu_vendor() accessible from Xen code (XSA-466
  CVE-2024-53241 bsc#1234282).
- commit 4d90703

- xen/netfront: fix crash when removing device (XSA-465
  CVE-2024-53240 bsc#1234281).
- commit f11b367

- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
  (git-fixes, bsc#1230697, CVE-2024-8805).
- commit cddc976

- Update
  patches.suse/initramfs-avoid-filename-buffer-overrun.patch
  (CVE-2024-53142 bsc#1232436).
- commit 14f79ec

- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- commit fe5d084

- idpf: fix UAFs when destroying the queues (CVE-2024-44932
  bsc#1229808).
- idpf: fix memory leaks and crashes while performing a soft reset
  (CVE-2024-44964 bsc#1230220).
- commit 4316b61

- USB: serial: io_edgeport: fix use after free in debug printk (CVE-2024-50267 bsc#1233456)
- commit 5a7c927

- tcp: Fix use-after-free of nreq in reqsk_timer_handler()
  (CVE-2024-50154 bsc#1233070).
- commit 9c54dc2

- README.BRANCH: Remove bouncing e-mail address.
- commit 9d57d70

- netdevsim: Add trailing zero to terminate the string
  in nsim_nexthop_bucket_activity_write() (CVE-2024-50259
  bsc#1233214).
- commit 3b589d0

- Update patches.suse/can-bcm-Fix-UAF-in-bcm_proc_show.patch
  (git-fixes CVE-2023-52922 bsc#1233977).
- commit 624f722

- security/keys: fix slab-out-of-bounds in key_task_permission
  (CVE-2024-50301 bsc#1233490).
- commit b8c1415

- media: cx24116: prevent overflows on SNR calculus
  (CVE-2024-50290 bsc#1233479).
- commit c59cd01

- dm cache: fix out-of-bounds access to the dirty bitset when
  resizing (CVE-2024-50279 bsc#1233468).
- commit 6c88f14

- Update config files.
  Enabled IDPF for ARM64 (bsc#1221309)
- commit 8dd2b1c

- HID: core: zero-initialize the report buffer (CVE-2024-50302
  bsc#1233491).
- commit 086ff16

- vsock/virtio: Initialization of the dangling pointer occurring
  in vsk->trans (CVE-2024-50264 bsc#1233453).
- commit 008fbbf

- Bluetooth: SCO: Fix UAF on sco_sock_timeout (CVE-2024-50125
  bsc#1232928).
- commit f9d799e

- Update
  patches.suse/0002-x86-mm-ident_map-Use-gbpages-only-where-full-GB-page.patch
  (bsc#1220382 CVE-2024-50017 bsc#1232312).
- commit 02ff322

- Update patches.suse/can-bcm-Fix-UAF-in-bcm_proc_show.patch
  (git-fixes CVE-2023-52922 bsc#1233977).
- commit 82c5a0a

- Refresh
  patches.suse/initramfs-avoid-filename-buffer-overrun.patch.
- commit 145c949

- idpf: avoid vport access in idpf_get_link_ksettings
  (CVE-2024-50274 bsc#1233463).
- commit 8971b65

- nilfs2: fix potential oob read in nilfs_btree_check_delete()
  (bsc#1232187 CVE-2024-47757).
- commit d813a1d

- media: dvbdev: prevent the risk of out of memory access
  (CVE-2024-53063 bsc#1233557).
- commit 52a90e5

- media: s5p-jpeg: prevent buffer overflows (CVE-2024-53061
  bsc#1233555).
- commit aef5475

- firmware: arm_scmi: Fix slab-use-after-free in
  scmi_bus_notifier() (CVE-2024-53068 bsc#1233561).
- commit e507b37

- kernel-binary: Enable livepatch package only when livepatch is enabled
  Otherwise the filelist may be empty failing the build (bsc#1218644).
- commit f730eec

- Update config files (bsc#1218644).
  LIVEPATCH_IPA_CLONES=n => LIVEPATCH=n
- commit 9c28790

- ALSA: firewire-lib: Avoid division by zero in
  apply_constraint_to_size() (CVE-2024-50205 bsc#1233293).
- commit d31c5c9

- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink()
  (CVE-2024-50154 bsc#1233070).
- commit 2430e1b

- unicode: Don't special case ignorable code points
  (CVE-2024-50089 bsc#1232860).
- commit ba47e72

- mm/memory: add non-anonymous page check in the
  copy_present_page() (bsc#1231646).
- commit 9f5cb06

- README.BRANCH: drop explicit maintainers
  kbuild already recognizes all downstream branch maintainers an
  merge their PRs so we do not need explicit maintainers for the cve
  branch itself.
- commit cd6f8fb

- KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
  (CVE-2024-50115 bsc#1232919).
- commit 4c6b1da

- mptcp: fix double-free on socket dismantle (CVE-2024-26782
  bsc#1222590).
  (cherry picked from commit 03ac3f085c702ef308481c09b021887b5a01d52b)
- commit 7f40404

- net/ncsi: Disable the ncsi work before freeing the associated
  structure (CVE-2024-49945 bsc#1232165).
- commit 0369bdb

- net: sched: fix use-after-free in taprio_change()
  (CVE-2024-50127 bsc#1232907).
- commit 88b0d06

- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117 CVE-2024-50208)
- commit da4098a

- block: initialize integrity buffer to zero before writing it
  to media (CVE-2024-43854 bsc#1229345).
- commit 2fc5adb

- x86/mm/ident_map: Use gbpages only where full GB page should
  be mapped (bsc#1220382).
- x86/kexec: Add EFI config table identity mapping for kexec
  kernel (bsc#1220382).
- commit c11660d

- initramfs: avoid filename buffer overrun (bsc#1232436).
- commit 6855778

- fbdev: efifb: Register sysfs groups through driver core
  (bsc#1232224 CVE-2024-49925).
- commit ed25954

- net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979 CVE-2022-48960)
- commit e22014e

- ipv6: avoid use-after-free in ip6_fragment() (CVE-2022-48956
  bsc#1231893).
- commit c192a62

- drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer
  (CVE-2024-49991 bsc#1232282).
- commit 6ba5342

- vhost_vdpa: assign irq bypass producer token correctly
  (bsc#1232174 CVE-2024-47748).
- commit 51b6257

- ext4: fix timer use-after-free on failed mount (CVE-2024-49960
  bsc#1232395).
- tipc: guard against string buffer overrun (CVE-2024-49995
  bsc#1232432).
- commit 7dec126

- net/xen-netback: prevent UAF in xenvif_flush_hash()
  (CVE-2024-49936 bsc#1232424).
- commit 05a71d8

- Update
  patches.suse/IB-core-Implement-a-limit-on-UMAD-receive-List.patch
  (bsc#1228743 CVE-2024-42145 bsc#1223384).
- Update
  patches.suse/aoe-fix-the-potential-use-after-free-problem-in-more.patch
  (bsc#1218562 CVE-2023-6270 CVE-2024-49982 bsc#1232097).
- Update
  patches.suse/fuse-Initialize-beyond-EOF-page-contents-before-setti.patch
  (bsc#1229454 CVE-2024-44947 bsc#1229456).
- Update patches.suse/media-edia-dvbdev-fix-a-use-after-free.patch
  (CVE-2024-27043 bsc#1223824 bsc#1218562).
- commit 1967352

- Update
  patches.suse/i3c-mipi-i3c-hci-Fix-out-of-bounds-access-in-hci_dma.patch
  (git-fixes CVE-2023-52766 bsc#1230620).
- Update
  patches.suse/nfc-nci-fix-possible-NULL-pointer-dereference-in-sen.patch
  (git-fixes CVE-2023-52919 bsc#1231988).
- Update
  patches.suse/tcp-do-not-accept-ACK-of-bytes-we-never-sent.patch
  (CVE-2023-52881 bsc#1225611 bsc#1223384).
- Update patches.suse/wifi-ath11k-fix-htt-pktlog-locking.patch
  (git-fixes CVE-2023-52800 bsc#1230600).
- commit 4af6b80

- Update
  patches.suse/0001-af_unix-Get-user_ns-from-in_skb-in-unix_diag_get_exa.patch
  (bsc#1209290 CVE-2023-28327 CVE-2022-48970 bsc#1231887).
- Update
  patches.suse/ALSA-seq-Fix-function-prototype-mismatch-in-snd_seq_.patch
  (git-fixes CVE-2022-48994 bsc#1232119).
- Update
  patches.suse/ASoC-ops-Check-bounds-for-second-channel-in-snd_soc_.patch
  (git-fixes CVE-2022-48951 bsc#1231929).
- Update
  patches.suse/ASoC-ops-Fix-bounds-check-for-_sx-controls.patch
  (git-fixes CVE-2022-49005 bsc#1232150).
- Update
  patches.suse/ASoC-soc-pcm-Add-NULL-check-in-BE-reparenting.patch
  (git-fixes CVE-2022-48992 bsc#1232071).
- Update
  patches.suse/Bluetooth-Fix-not-cleanup-led-when-bt_init-fails.patch
  (git-fixes CVE-2022-48971 bsc#1232037).
- Update patches.suse/Bluetooth-L2CAP-Fix-u8-overflow.patch
  (CVE-2022-45934 bsc#1205796 CVE-2022-48947 bsc#1231895).
- Update
  patches.suse/HID-core-fix-shift-out-of-bounds-in-hid_report_raw_e.patch
  (git-fixes CVE-2022-48978 bsc#1232038).
- Update
  patches.suse/Input-raydium_ts_i2c-fix-memory-leak-in-raydium_i2c_.patch
  (git-fixes CVE-2022-48995 bsc#1232120).
- Update
  patches.suse/NFC-nci-Bounds-check-struct-nfc_target-arrays.patch
  (git-fixes CVE-2022-48967 bsc#1232304).
- Update
  patches.suse/afs-Fix-server-active-leak-in-afs_put_server.patch
  (git-fixes CVE-2022-49012 bsc#1232005).
- Update
  patches.suse/btrfs-fix-hang-during-unmount-when-stopping-a-space-.patch
  (bsc#1232262 CVE-2024-49867 CVE-2022-48664 bsc#1223524).
- Update
  patches.suse/can-af_can-fix-NULL-pointer-dereference-in-can_rcv_f.patch
  (bsc#1210627 CVE-2023-2166 CVE-2022-48977 bsc#1231883).
- Update
  patches.suse/can-m_can-pci-add-missing-m_can_class_free_dev-in-pr.patch
  (git-fixes CVE-2022-49024 bsc#1232001).
- Update
  patches.suse/char-tpm-Protect-tpm_pm_suspend-with-locks.patch
  (git-fixes CVE-2022-48997 bsc#1232035).
- Update
  patches.suse/drm-shmem-helper-Remove-errant-put-in-error-path.patch
  (git-fixes CVE-2022-48981 bsc#1232229).
- Update
  patches.suse/e100-Fix-possible-use-after-free-in-e100_xmit_prepar.patch
  (git-fixes CVE-2022-49026 bsc#1231997).
- Update
  patches.suse/gpio-amd8111-Fix-PCI-device-reference-count-leak.patch
  (git-fixes CVE-2022-48973 bsc#1232039).
- Update
  patches.suse/gpiolib-fix-memory-leak-in-gpiochip_setup_dev.patch
  (git-fixes CVE-2022-48975 bsc#1231885).
- Update
  patches.suse/hwmon-coretemp-Check-for-null-before-removing-sysfs-.patch
  (git-fixes CVE-2022-49010 bsc#1232172).
- Update
  patches.suse/hwmon-coretemp-fix-pci-device-refcount-leak-in-nv1a_.patch
  (git-fixes CVE-2022-49011 bsc#1232006).
- Update
  patches.suse/hwmon-ibmpex-Fix-possible-UAF-when-ibmpex_register_b.patch
  (git-fixes CVE-2022-49029 bsc#1231995).
- Update
  patches.suse/iavf-Fix-error-handling-in-iavf_init_module.patch
  (jsc#SLE-18385 CVE-2022-49027 bsc#1232007).
- Update
  patches.suse/igb-Initialize-mailbox-message-for-VF-reset.patch
  (jsc#SLE-18379 CVE-2022-48949 bsc#1231897).
- Update
  patches.suse/iio-health-afe4403-Fix-oob-read-in-afe4403_read_raw.patch
  (git-fixes CVE-2022-49031 bsc#1231992).
- Update
  patches.suse/iio-health-afe4404-Fix-oob-read-in-afe4404_-read-wri.patch
  (git-fixes CVE-2022-49032 bsc#1231991).
- Update
  patches.suse/iommu-vt-d-Fix-PCI-device-refcount-leak-in-dmar_dev_scope_init
  (git-fixes CVE-2022-49002 bsc#1232133).
- Update
  patches.suse/iommu-vt-d-Fix-PCI-device-refcount-leak-in-has_external_pci
  (git-fixes CVE-2022-49000 bsc#1232123).
- Update
  patches.suse/ipv4-Handle-attempt-to-delete-multipath-route-when-f.patch
  (bsc#1204171 CVE-2022-3435 CVE-2022-48999 bsc#1231936).
- Update
  patches.suse/ixgbevf-Fix-resource-leak-in-ixgbevf_init_module.patch
  (git-fixes CVE-2022-49028 bsc#1231996).
- Update
  patches.suse/mac802154-fix-missing-INIT_LIST_HEAD-in-ieee802154_i.patch
  (git-fixes CVE-2022-48972 bsc#1232025).
- Update
  patches.suse/media-v4l2-dv-timings.c-fix-too-strict-blanking-sani.patch
  (git-fixes CVE-2022-48987 bsc#1232067).
- Update
  patches.suse/msft-hv-2684-net-mana-Fix-race-on-per-CQ-variable-napi-work_done.patch
  (git-fixes bsc#1206188 CVE-2022-48985 bsc#1231958).
- Update
  patches.suse/net-ethernet-nixge-fix-NULL-dereference.patch
  (git-fixes CVE-2022-49019 bsc#1231940).
- Update
  patches.suse/net-mdio-fix-unbalanced-fwnode-reference-count-in-md.patch
  (git-fixes CVE-2022-48961 bsc#1232108).
- Update
  patches.suse/net-mdiobus-fix-unbalanced-node-reference-count.patch
  (git-fixes CVE-2022-49016 bsc#1231937).
- Update
  patches.suse/net-mlx5e-Fix-use-after-free-when-reverting-terminat.patch
  (jsc#SLE-19253 CVE-2022-49025 bsc#1231960).
- Update
  patches.suse/net-phy-fix-null-ptr-deref-while-probe-failed.patch
  (git-fixes CVE-2022-49021 bsc#1231939).
- Update
  patches.suse/net-thunderbolt-fix-memory-leak-in-tbnet_open.patch
  (git-fixes CVE-2022-48955 bsc#1231892).
- Update
  patches.suse/net-tun-Fix-use-after-free-in-tun_detach.patch
  (git-fixes CVE-2022-49014 bsc#1231890).
- Update
  patches.suse/nilfs2-fix-NULL-pointer-dereference-in-nilfs_palloc_.patch
  (git-fixes CVE-2022-49007 bsc#1232170).
- Update
  patches.suse/nvme-fix-SRCU-protection-of-nvme_ns_head-list.patch
  (git-fixes CVE-2022-49003 bsc#1232136).
- Update
  patches.suse/octeontx2-pf-Fix-potential-memory-leak-in-otx2_init_.patch
  (jsc#SLE-24682 CVE-2022-48968 bsc#1232237).
- Update
  patches.suse/rtc-cmos-Fix-event-handler-registration-ordering-iss.patch
  (git-fixes CVE-2022-48953 bsc#1231941).
- Update patches.suse/s390-qeth-fix-use-after-free-in-hsci.patch
  (bsc#1210449 git-fixes CVE-2022-48954 bsc#1231972).
- Update
  patches.suse/tracing-Free-buffers-when-a-used-dynamic-event-is-removed.patch
  (git-fixes CVE-2022-49006 bsc#1232163).
- Update
  patches.suse/udf-Fix-preallocation-discarding-at-indirect-extent-.patch
  (bsc#1213034 CVE-2022-48946 bsc#1231888).
- Update
  patches.suse/usb-gadget-uvc-Prevent-buffer-overflow-in-setup-hand.patch
  (git-fixes CVE-2022-48948 bsc#1231896).
- Update
  patches.suse/wifi-cfg80211-fix-buffer-overflow-in-elem-comparison.patch
  (git-fixes CVE-2022-49023 bsc#1231961).
- Update
  patches.suse/wifi-mac8021-fix-possible-oob-access-in-ieee80211_ge.patch
  (git-fixes CVE-2022-49022 bsc#1231962).
- Update
  patches.suse/xen-netfront-Fix-NULL-sring-after-live-migration.patch
  (git-fixes CVE-2022-48969 bsc#1232026).
- commit 2377658

- Update
  patches.suse/drm-vc4-kms-Add-missing-drm_crtc_commit_put.patch
  (git-fixes CVE-2021-47534 bsc#1230903).
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
  stable-5.14.12 CVE-2021-47416 bsc#1225336 bsc#1225189).
- commit d4160e3

- NFSD: Force all NFSv4.2 COPY requests to be synchronous
  (CVE-2024-49974 bsc#1232383).
- commit e488dd4

- ACPI: sysfs: validate return type of _STR method (bsc#1231861
  CVE-2024-49860).
- commit 1bb3615

- Delete patches.suse/scsi-Update-max_hw_sectors-on-rescan.patch (bsc#1216223)
- commit c6f8315

- Refresh
  patches.suse/scsi-ibmvfc-Add-max_sectors-module-parameter.patch.
- commit 707c768

- drm/amd/display: Fix index out of bounds in DCN30 color
  transformation (CVE-2024-49969 bsc#1232519).
- commit a2392a3

- smb: client: fix UAF in async decryption (bsc#1232418
  CVE-2024-50047).
- commit dcba7ec

- net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
  (CVE-2022-48962 bsc#1232286).
- commit 0f23f49

- btrfs: wait for fixup workers before stopping cleaner kthread
  during umount (bsc#1232262 CVE-2024-49867).
- btrfs: fix hang during unmount when stopping a space reclaim
  worker (bsc#1232262 CVE-2024-49867).
- commit b603fa4

- mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma
  (CVE-2022-48991 bsc#1232070 prerequisity git-fix).
- mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
  (CVE-2022-48991 bsc#1232070).
- commit 3ab8533

- mm/khugepaged: fix GUP-fast interaction by sending IPI
  (CVE-2022-48991 bsc#1232070 prerequisity).
- commit 327d525

- mm/khugepaged: take the right locks for page table retraction
  (CVE-2022-48991 bsc#1232070 prerequisity).
- commit e43adf4

- mm: gup: fix the fast GUP race against THP collapse
  (CVE-2022-48991 bsc#1232070 prerequisity).
- commit 262192e

- s390/dasd: fix error recovery leading to data corruption on
  ESE devices (git-fixes bsc#1229452 CVE-2024-45026 bsc#1230454
  bsc#1232281).
- commit fc1d054

- net: seeq: Fix use after free vulnerability in ether3 Driver
  Due to Race Condition (CVE-2024-47747 bsc#1232145).
- commit a1020b1

- drm/amd/display: Check msg_id before processing transcation (CVE-2024-46814 bsc#1231193).
- commit 81681a2

- RDMA/mana_ib: use the correct page size for mapping user-mode
  doorbell page (bsc#1232036).
- net: mana: Fix the extra HZ in mana_hwc_send_request
  (bsc#1232033).
- commit 8c14fb0

- block, bfq: fix possible UAF for bfqq->bic with merge chain (CVE-2024-47706 bsc#1231942)
- commit c5d0bc0

- tcp: check skb is non-NULL in tcp_rto_delta_us() (CVE-2024-47684 bsc#1231987)
- commit 569d856

- net: hsr: Fix potential use-after-free (CVE-2022-49015 bsc#1231938)
- commit 5883d13

- wifi: ath11k: fix array out-of-bound access in SoC stats
  (CVE-2024-49930 bsc#1232260).
- commit e11de4c

- Update
  patches.suse/memcg-Fix-possible-use-after-free-in-memcg_write_event_control.patch
  (bsc#1206344, CVE-2022-48988, bsc#1232069).
- commit e7eaea8

- net: dsa: sja1105: fix memory leak in
  sja1105_setup_devlink_regions() (CVE-2022-48959 bsc#1231976).
- commit ec81f5f

- mm: avoid leaving partial pfn mappings around in error case
  (CVE-2024-47674 bsc#1231673).
- commit 9910e8f

- netem: fix return value if duplicate enqueue fails
  (CVE-2024-45016 bsc#1230429).
- commit 2e9108a

- lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668 bsc#1231502)
- commit 45aa8b3

- dn_route: set rt neigh to blackhole_netdev instead of
  loopback_dev in ifdown (bsc#1216813).
- commit 673d32f

- xfrm: set dst dev to blackhole_netdev instead of loopback_dev
  in ifdown (bsc#1216813).
- commit 0e5b278

- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- commit 0c7762c

- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- commit 5d1a23a

- aoe: fix the potential use-after-free problem in more places
  (bsc#1218562 CVE-2023-6270).
- commit e949a45

- efi: fix NULL-deref in init error path (bsc#1229556
  CVE-2022-48879).
- commit 41e1770

- dmaengine: altera-msgdma: properly free descriptor in
  msgdma_free_descriptor (bsc#1230715 CVE-2024-46716).
- commit 92074a5

- bpf: Fix pointer-leak due to insufficient speculative store
  bypass mitigation (bsc#1231375).
- commit fd93435

- drm/amd/display: Check gpio_id before used as array index (CVE-2024-46818 bsc#1231203).
- commit 53caf4b

- drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (CVE-2024-46815 bsc#1231195).
- commit ad18f86

- drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (CVE-2024-46816 bsc#1231197).
- commit 1eea356

- Delete some more obsolete scripts
- commit 0d4cf12

- drm/amd/display: Check link_index before accessing dc->links (CVE-2024-46813 bsc#1231191).
- commit a97e1a4

- drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (CVE-2024-46817 bsc#1231200).
- commit 18cf241

- rpm/release-projects: Add SLFO projects (bsc#1231293).
- commit 9f2c584

- NFSv3: only use NFS timeout for MOUNT when protocols are
  compatible (bsc#1231016).
- commit 2b5943c

- ASoC: meson: axg-card: fix 'use-after-free' (CVE-2024-46849 bsc#1231073)
- commit a395e2d

- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE
  They depend on SHADOW_CALL_STACK.
- commit 65fa52b
avahi
- prerequire avahi in avahi-autipd as we user "user avahi"

- Add avahi-CVE-2024-52616.patch:
  Backporting 1dade81c from upstream: Properly randomize query id
  of DNS packets.
  (CVE-2024-52616, bsc#1233420)

- Add avahi-filter-bogus-services.patch: no longer supply bogus
  services to callbacks (bsc#1226586).
cryptsetup
- luksFormat succeeds despite creating corrupt device [bsc#1234273]
  * Add a better warning if luksFormat ends with image without any space for data.
  * Print warning early if LUKS container is too small for activation.
  * Add patches:
  - cryptsetup-Add-a-better-warning-if-luksFormat-no-space-for-data.patch
  - cryptsetup-Print-warning-early-if-LUKS-container-is-too-small-for-activation.patch
expat
- security update
- added patches
  fix CVE-2024-50602 [bsc#1232579], DoS via XML_ResumeParser
  + expat-CVE-2024-50602.patch
python3
- Remove -IVendor/ from python-config boo#1231795
- Fix CVE-2024-11168-validation-IPv6-addrs.patch
- PGO run of build freezes with parallel processing, switch to -j1

- Add CVE-2024-11168-validation-IPv6-addrs.patch
  fixing bsc#1233307 (CVE-2024-11168,
  gh#python/cpython#103848): Improper validation of IPv6 and
  IPvFuture addresses.
net-snmp
- logrotate should use reload instead of restart (bsc#1232030)
libsolv
- fix replaces_installed_package using the wrong solvable id
  when checking the noupdate map
- make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard
- add rpm_query_idarray query function
- support rpm's "orderwithrequires" dependency
- bump version to 0.7.31
suseconnect-ng
- Update version to 1.13:
  - Integrating uptime-tracker
  - Honor auto-import-gpg-keys flag on migration (bsc#1231328)
  - Only send labels if targetting SCC
  - Skip the docker auth generation on RMT (bsc#1231185)
  - Add --set-labels to register command to set labels at registration time on SCC
  - Add a new function to display suse-uptime-tracker version
  - Integrate with uptime-tracker ( https://github.com/SUSE/uptime-tracker/ )
  - Add a command to show the info being gathered
systemd
- Import commit cba472567893618e15b4ab95a3cb0a762ad3ed10
  0e8c003e1f core/unit: increase the NameOwnerChanged/GetNameOwner timeout to the unit's start timeout (bsc#1230272)
  621e16c0b8 core/unit: add get_timeout_start_usec in UnitVTable and define it for service
  b4140d888a sd-bus: make bus_add_match_full accept timeout
  81cb3a4fb5 udev-builtin-path_id: SAS wide ports must have num_phys > 1 (bsc#1231610)
  533e98fc6b sd-device: add helper to read a unsigned int attribute
libzypp
- Url: queryparams without value should not have a trailing "=".
- version 17.35.16 (35)

- Url query part: `=` is a safe char in value (bsc#1234304)
- RpmDb: Recognize rpmdb.sqlite as database file (#593)
- Fix typo (fixes #592)
- cmake: check location of fcgi header and adjust include
  accordingly. On Debian and derivatives the fcgi headers
  are not stored in a fastcgi/ subdirectory.(#590)
- version 17.35.15 (35)

- The 20MB download limit must not apply to non-metadata files like
  package URLs provided via the CLI (bsc#1233393).
- version 17.35.14 (35)

- BuildCache: Don't try to retrieve missing raw metadata if no
  permission to write the cache (bsc#1225451)
- RepoManager: throw RepoNoPermissionException if the user has no
  permission to update(write) the caches (bsc#1225451)
- version 17.35.13 (35)
postgresql
- Bump major to 17 for SLE.

- Bump major and default to 17 for Factory and TW.
postgresql14
- Upgrade to 14.15:
  * Repair ABI break for extensions that work with struct
    ResultRelInfo.
  * Restore functionality of ALTER {ROLE|DATABASE} SET role
  * Fix cases where a logical replication slot's restart_lsn could
    go backwards.
  * Avoid deleting still-needed WAL files during pg_rewind.
  * Count index scans in contrib/bloom indexes in the statistics
    views, such as the pg_stat_user_indexes.idx_scan counter.
  * Fix crash when checking to see if an index's opclass options
    have changed.
  * Avoid assertion failure caused by disconnected NFA sub-graphs
    in regular expression parsing.
  * https://www.postgresql.org/docs/release/14.15/

- Upgrade to 14.14:
  * CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as
    dependent on the calling role when RLS applies to a
    non-top-level table reference.
  * CVE-2024-10977, bsc#1233325: Make libpq discard error messages
    received during SSL or GSS protocol negotiation.
  * CVE-2024-10978, bsc#1233326: Fix unintended interactions
    between SET SESSION AUTHORIZATION and SET ROLE
  * CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from
    changing environment variables.
  * https://www.postgresql.org/about/news/p-2955/
  * https://www.postgresql.org/docs/release/14.14/

- Sync spec file from postgresql17.
publicsuffix
- Update to version 20241202:
  * remove `upli.io` (#2302)
  * added o365 sub domain (#2291)
  * tools/internal/parser: enforce suffix ordering in the ICANN section (#2295)
  * chore: Fix Alphabetizing for the ICANN section (#2287)
  * remove `mcpe.me` (#2294)
  * util: gTLD data autopull updates for 2024-11-27T15:18:00 UTC (#2293)
  * Update `.EG` Section (#2290)
  * Adding RUB domain (#2292)
  * Update `.TW` Section (#2289)
  * Update `.CV` Section (#2286)
  * Update company name and email address (#2285)
  * Update `.GE` Section (#2283)
  * Update `.BO` (#2276)
  * Update `.DM` Block (#2277)
  * Update `.MG` Section (#2274)
  * chore: Update `.AF` Section link and sorting (#2279)
  * chore: Update `.CW` Section comments (#2281)
  * update `.tt` section (#2272)
  * remove `betainabox.com` (#2259)
  * Update `.AZ` comments and fix sorting (#2275)
  * alphabetise `.tm` section + add confirmation comment (#2268)
  * Update `.RE` Section (#2271)
  * Update `.CO` Section (#2269)
  * Update `.PL` comments and fix alphabetical sorting (#2270)
  * Update `.SG` Section (#2273)
  * Update 2nd levels for .JO (Jordan) section (#2264)
  * remove `nom.ad` (#2263)
  * Update .IS (#2266)
  * Update .AU Section (#2267)
  * Heyflow GmbHs domains heyflow.page and heyflow.site
  * Adding LODMAN regional domains
  * Master to main for the remote action in the website remote
  * chore(pr_template): remove syntax check (#2252)
  * Add pages-research.it.hs-heilbronn.de (#2253)
  * Update deploy-site.yml
  * remove `corpnet.work`, update contact info (#2247)
  * add `co.bz` (#2249)
  * move `wdh.app` to new section (#2246)
  * remove `bci.dnstrace.pro` (#2245)
  * remove `onred.one` (#2244)
  * util: gTLD data autopull updates for 2024-10-31T15:17:41 UTC (#2242)
  * Add home.arpa (#2220)
  * Add `taveusercontent.com` (#2239)
  * Add ip-ddns.com and ddns-ip.net (#2234)
  * Add grafana-dev.net to public suffix list (#2188)
  * chore: remove 2nd level comment for `.sk` (#2238)
  * Remove `presse.ci` and `md.ci`, other ccTLD stubs not associated w respective registry (#2198)
  * update `.io` section (#2236)
  * Remove `gov.cu` (#2233)
  * Remove Handshake suffixes (#2222)
  * internal/parser: add PublicSuffix and RegisteredDomain methods to List (#2228)
  * Add cloud-ip.biz and ip-dynamic.org for ClouDNS (#2202)
  * Add co.ss (#2144)
  * Add `org.ao`, `edu.ao`, `gov.ao` ccTLD (ICANN section) (#2145)
  * util: gTLD data autopull updates for 2024-10-17T15:16:22 UTC (#2226)
  * chore: update is-a.dev contact info (#2225)
  * Remove bloxcms.com in public suffix list - no longer needed (#2224)
  * Remove ddns5.com (#2221)
  * Make TXT validation use local git history (#2217)
  * Improve psltool PR check (#2218)
  * Remove beta.tailscale.net (#2216)
  * util: gTLD data autopull updates for 2024-10-15T15:17:29 UTC (#2219)
  * Remove `museum.mw` (#2203)
  * Update `.NA` entries (#2204)
  * Remove `ne.pw` (#2200)
  * Remove inactive or expired yombo domains (#2173)
  * Remove old Python PR checker
  * Add medusajs.app domain to public list (#2211)
  * Remove Banzai Cloud (#2215)
  * tools/internal/github: correctly handle github's mergeability updates (#2214)
  * tools/internal/parser: check TXT records (#2213)
  * remove `preview.wdh.app`, `t.hrsn.dev`, `t.hrsn.net` (#2208)
  * Update PR Template Requiring Abuse Contact for Subdomain Registry Requestors (#2201)
  * remove `paris.eu.org` (#2147)
  * remove `blogspot.mr` (#2100)
  * Adding ArvanCloud arvanedge.ir Compute Domain to public suffix list (#2205)
  * remove `q-a.eu.org` (#2146)
  * AWS Submissions to the Public Suffix List - Q3 2024 (#2032)
  * Remove `bounty-full.com` to rollback #104 (#2163)
  * Add back `cnpy.gdn` to restore #633 (#2194)
  * Remove `cnpy.gdn` to rollback #633 (#2174)
  * Br 20240930 update (#2192)
  * add mittwald product domains (#2171)
  * util: gTLD data autopull updates for 2024-09-26T15:17:07 UTC (#2191)
  * Remove `certmgr.org` to roll back #225 (#2164)
  * Remove dyn53.io to rollback #820 (#2161)
  * Remove `forte.id` to rollback #1081 (#2166)
  * Remove `daplie.me` to rollback commit a4d8335 (#2162)
  * remove exception in CI for duplicate sections (#2180)
  * combine duplicate sections (#2168)
  * tools/internal/domain: add functions to render a domain as punycode (#2179)
  * tools/psltool: allow checking the PSL for an arbitrary commit on github (#2177)
  * tools/internal/github: support loading PR diffs for merged PRs (#2176)
  * tools/internal: wrap use of collators in mutexes (#2175)
  * Add `hf.space` and `static.hf.space` to `public_suffix_list.dat` (#2157)
  * Update `prvcy.page` contact email (#2182)
  * Add shopware.shop to public suffix list (#2187)
  * Remove domain:ktistory.com from PSL (#2181)
  * rename `William Harrison` to `Harrison Network` (#2183)
  * Remove *.sensiosite.cloud and *.s5y.io (#2167)
  * Remove `mycd.eu` to rollback #233 (#2165)
  * docs(pr_template): fix grammar error + small changes (#2169)
  * add `hrsn.dev` (#2170)
  * add `t.hrsn.dev` (#2155)
  * docs(pr_template): various fixes and comment updates (#2156)
  * util: gTLD data autopull updates for 2024-09-13T15:16:52 UTC (#2154)
  * Apply formatting using `psltool fmt` (#2152)
  * update contact for dweb.link and libp2p.direct (#2105)
  * Automatically run psltool validate (#2151)
  * Add v0.build and vusercontent.net (#2121)
  * Cleanup (#2150)
  * chore: remove 6 domains from Now-DNS section (#2113)
  * Remove old Jelastic domains (from #1095) (#2148)
  * Add `ctfcloud.net` domain (#2073)
  * remove `mc.eu.org` (#2099)
  * Add gob.cu nat.cu (#1695) (#2143)
  * remove `dapps.earth` section (#2124)
  * Remove `autocode.dev` (Rollback #1617) (#2141)
  * remove `magnet.page` (#2142)
  * Apply formatting using `psltool fmt` (#2140)
  * Minor formatting fix (#2139)
  * Add psltool fmt check for PRs (#2137)
  * Replace Legacy Wikipedia URLs with IANA Page Links in ICANN Section Comments (#2135) (#2138)
  * UPDATE HOSTBIP DOMAIN NAMES (2024) +biz.ng +plc.ng -edu.scot -sch.so (#2127)
  * Adding oraclecloudapps.com from Oracle Autonomous Database (#2130)
  * Remove flap.id (#2132)
  * Remove discontinued CentralNic entries (#2136)
  * Apply formatting using `psltool fmt` (#2134)
  * Add new action to manually run formatter (#2133)
  * add `nyat.app` (#2122)
  * Remove `publishproxy.com` (#294) (#2131)
  * Update public_suffix_list.dat (#2128)
  * Remove `fireweb.app` (#2129)
  * Update contact information for `nyc.mn` (#2125)
  * Fix syntax inconsistency (#2126)
  * add `preview.wdh.app` and `t.hrsn.net` (#2119)
  * Move Domains Under OpenHost (#2115)
  * util: gTLD data autopull updates for 2024-08-25T15:14:38 UTC (#2111)
  * remove `bip.sh` (#2063)
  * Add routingthecloud.com/.net/.org (#2107)
  * remove Revitalised Limited section (#2101)
  * chore: update contact info + revert wildcard change for `wdh.app` (#2108)
  * remove `blogsite.xyz` (#2098)
  * Add additional readthedocs domain: readthedocs-hosted.com (#2110)
  * Add MathWorks domains  (#1983)
  * remove localzone.xyz (#2104)
  * add `is-a-good.dev` (#2095)
  * util: gTLD data autopull updates for 2024-08-12T15:17:08 UTC (#2103)
  * merge `wdh.app` entries together using wildcard (#2094)
  * add `is-a-fullstack.dev` under Open Domains (#2096)
  * Fix newline handling of automatic ICANN updater (#2093)
  * util: gTLD data autopull updates for 2024-08-10T15:15:39 UTC (#2097)
  * Add IONOS product domains (#2083)
  * add ggff.net and filegear-sg.me from l53.net (#2085)
  * add `wdh.app` (#2067)
  * add libp2p.direct (#2084)
  * add sn.mynetname.net domain (#2090)
  * Update public_suffix_list.dat (#2076)
  * Run 'psltool fmt' to reformat PSL to canonical form (#2088)
  * tools/psltool: support for analyzing a github PR (#2087)
  * tools/internal/parser: add more offline, diff-aware validations (#2089)
  * Add `mafelo.net` (#2082)
  * remove `devcdnaccesso.com` (#2065)
  * remove `t3l3p0rt.net` and `tele.amune.org` (#2066)
  * remove `bitbridge.net` (#2064)
  * remove static.land from public_suffix_list.dat (#2081)
  * Remove wedeploy domains (#2077)
  * update for .PK ccTLD (#2068)
  * Remove `awsmppl.com` (expired domain) (#2070)
  * update contact email for `is-a.dev` (#2074)
  * remove old domains (#2058)
  * Update README.md
  * remove cloudcontrol.com (#2072)
  * tools/internal/parser: add diff support (#2071)
  * remove`graphox.us` (#2062)
  * Remove `pagefrontapp.com` (expired domain) (#2059)
  * tools/psltool: CLI for editing and validating PSL files (#2069)
  * Remove `mozilla-iot.org` (#2050)
  * Remove Shift Crypto AG (#2055)
  * Remove `backplaneapp.io` to rollback #267 (expired domain) (#2060)
  * remove `pcloud.host` (#2052)
  * Remove `mintere.site` to rollback #993 (#2056)
  * remove `cya.gg` (#2053)
  * remove `nid.io` (#2054)
  * remove Cyclic Software section (#2051)
  * Remove `onflashdrive.app` (related to #1401) (#2048)
  * Remove impertrix domains to rollback #1060 (#2047)
  * Remove filegear regional domains (#2049)
  * remove `c.la` (#2044)

- Update to version 20240722:
  * PSL Private Section Domains WHOIS Checker (#2014)
  * Add servebolt.cloud to PLS (#2026)
  * Add `p.tawk.email` and `p.tawkto.email` domains (#2016)
  * Remove domain no longer under Supabase control. (#2037)
  * tools/internal/parser: implement automatic reformatting (#2036)
  * util: gTLD data autopull updates for 2024-07-12T15:14:39 UTC (#2034)
  * Add dhosting.pl Sp. z o.o. shared domains: dfirma.pl, dkonto.pl, you2.pl (#2024)
  * tools/internal/parser: rework metadata extraction for more accurate reformatting (#2027)
  * AWS Submissions to the Public Suffix List - Q2 2024 (#1954)
  * aero: remove extra word between TLD name and URL (#2029)
  * tools/internal/parser: rewrite parser to output a syntax tree (#2025)
  * Add removal notice to PR template (#2023)
  * remove Rakuten Games, Inc related entries (#2022)
  * add `hatenablog.com` etc (#1948)
  * Add cyber_Folks S.A. shared domain - cfolks.pl (#2017)
  * tools/internal/parser: minor parser cleanups (#2021)
  * Add Craft Docs Domain (#2006)
  * util: gTLD data autopull updates for 2024-06-29T15:13:33 UTC (#2020)
  * Merge WebPros domains in the same section (#2013)
  * Add `durumis.com` (#1978)
  * tools/internal/parser: validate the sort order of the private section (#2012)
  * Update comments on aland.fi (#2019)
  * Remove instantcloud.cn (#2015)
  * tools/internal/parser: detect and report section markers within suffix blocks (#2011)
  * tools/internal/parser: remove workarounds for fixed PSL blocks (#2010)
  * Add Raidboxes GmbH to the list (#2004)
  * Add missing URL schemes to URLs (#2008)
  * Add closing chevron to contact email address. (#2007)
  * tool/internal/parser: sanitize input to clean, valid UTF-8 (#2005)
  * Add `obl.ong` (#1830)
  * Salesforce crm dev (#1941)
  * Add wpsquared.site and wp2.host to private section (#1957) (#1957)
  * Add netfy.app (#1991)
  * Remove expired domains: `ro.im`, `cn.vu` (#2003)
  * tools/internal/parser: refactor to separate text processing from parser main logic (#1999)
  * Replace unicode fullwidth colon with a regular ascii colon. (#2001)
  * Add missing spaces after '//' on prequalifyme.today block (#2000)
  * Add `as.sh.cn` (#1992)
  * tools: add a validating parser for PSL files (#1987)
  * Clarify request to list third-party limits in PR template
  * util: gTLD data autopull updates for 2024-06-13T15:15:16 UTC (#1994)
  * Reattach of.by to the Belarus ccTLD block (#1995)
  * add madethis.site (#1979)
  * mytuleap.com, tuleap-partners.com: update contact information (#1845)
  * Add Strapi domains (#1982)
  * Add relay.evervault.app and relay.evervault.dev (#1959)
  * add .ind.mom  (#1984)
  * Add 6 new domains to Lukanet Ltd Private domains (#1977)
  * Add heiyu.space (#1980)

- Update to version 20240603:
  * Add Cloudflare CNAME setup domains (#1963)
  * util: gTLD data autopull updates for 2024-05-31T15:16:08 UTC (#1988)
  * Add `hypernode.io` domain (#1970)
  * Add `wixstudio.com` (#1971)
  * Fix set union (#1986)
  * Bump dnspython from 2.5.0 to 2.6.1 in /tools/pr_checker (#1985)
  * Add Github workflow to check _psl DNS entries on PRs (#1933)
  * Clean up list to fix rule sorting within orgs (#1968)

- Update to version 20240513:
  * Add Expo domains (#1975)
  * Add `*.hosted.app` (#1947)
  * Add Clever Cloud's domains for customers (#1974)
  * Add web.val.run and express.val.run to PSL (#1964)
  * add notion site to etld (#1958)
  * Add `box.ca` (Whatbox) (#1950)
  * Add observablehq.cloud (#1934)
  * Add "zeabur.app" (#1865)
  * Add `sheezy.games` (#1945)
  * util: gTLD data autopull updates for 2024-05-04T15:12:50 UTC (#1973)
  * Create a Security Policy (#1856)
  * Add examples of limitations to PR template (#1929)
  * Update `prvcy.page` (#1859)
  * Remove Lightmaker Property Manager, Inc. domain (#1820)
  * Adding regional domain bielsko.pl (#1749)
  * add xmit.dev (#1972)
  * Remove `ghost.io` (#1969)
  * Add aaa.vodka (#1795)
  * Add ngo.us for the NGO.US Registry (#1821)
  * AWS Submissions to the Public Suffix List - Q1 2024 (#1919)
  * Add shop.brendly.hr (#1762)

- Update to version 20240419:
  * add qnap entries to existing section (`myqnapcloud.cn` , `mycloudnas.com`, `mynascloud.com`) (#1837)
  * Update public_suffix_list.dat (#1966)
  * drop old domains (#1960)
  * Jouwweb public suffixes (#1935)
  * Add `us.kg` (#1755)
  * Replacement for PR #1741 (#1962)
  * Add `rt.ht` (#1860)
  * Add cloudscale.ch domains (#1589)

- Update to version 20240410:
  * Removing `ravendb.me` (#1841)
  * Updating psl: Adding myfritz.link (follow up PR#77) (#1761)
  * Add `framer.ai` (#1831)
  * chore: add `is-a.dev` (#1949)
  * Add StackBlitz (#1939)
  * Add `unison-services.cloud` (#1839)
  * Add `is-cool.dev`, `is-local.org`, `is-not-a.dev` and `localplayer.dev` (#1672)
  * Add grayjayleagues.com (#1742)
  * Add `runcontainers.dev` for Libre IT Ltd (#1783)
  * Add `heliohost.us`, `helioho.st`(#1825)
  * Remove `123sait.ru` (#1844)
  * Add MyDNS.JP Dynamic DNS Service (#1937)
  * add `scrypted.io` (#1826)
  * Add `darklang.io` (#1880)
  * Update `cloudns.net` dynamic dns domains listing (#1593)
  * Add wildcard to `snowflake.app` and `privatelink.snowflake.app` (#1743)
  * Add `preview.csb.app` and `csb.app` (#1648)
  * Add `nimsite.uk` (#1797)
  * add getlocalcert.net domains (#1798)
  * Add wadl.top (#1924)
  * ADD: `can.re` (#1651)
  * Add cdn77-storage.com and rsc.contentproxy9.cz (#1882)
  * add `srv.us`, `xmit.co`
  * Add at.emf.camp (#1955)
  * util: gTLD data autopull updates for 2024-03-28T15:13:37 UTC (#1952)

- Update to version 20240326:
  * Add `*.ir.md` (#1625)
  * Update name for info.cx (#1616)
  * add `nftstorage.link` (#1548)
  * GD - graphic.design (#1940)
  * Removing wildcard for cloudapp.azure.com (#1944)

- Update to version 20240306:
  * util: gTLD data autopull updates for 2024-03-06T15:14:58 UTC (#1943)

- Update to version 20240303:
  * add `*.my.canvasite.cn` and `*.my.canva.site` (#1739)
  * Add on.crisp.email (Crisp IM SAS) (#1904)
  * add `ngrok.pro` (#1895)
  * Add adaptable.app domain (#1824)
  * Add STACKIT free customer subdomains (#1785)
  * Add `modx.dev` (#1804)
  * Add `ewp.live` (EasyWP) (#1773)
  * Add convex.site (#1767)
  * Add `involve.me` user domains (#1731)
  * Add `replit.app` and `replit.dev` (#1679)
  * Add f5.si (#1664)
  * Add *.c.ts.net. (#1618)
  * Add `webflow.io` and `webflowtest.io` (#1722)
  * Add 3 Streak domains (#1720)
  * add myradweb.net and servername.us to Rad Web Hosting (#1760)

- Update to version 20240212:
  * Add cprapid.com suffix to private section (#1892)
  * util: gTLD data autopull updates for 2024-02-08T15:13:14 UTC (#1932)
  * Added Cyclic Software (#1737)
  * Update public_suffix_list.dat for scw.cloud subdomains (#1740)
  * Update public_suffix_list.dat (#1926)
  * Add ZAP-Hosting cloud domain (#1907)
  * Add `flutterflow.app` (#1666)
  * Update public_suffix_list.dat (#1614)
  * Brave Submissions to the Public Suffix List - Q4 2023 (#1872)
  * Add pley.games (#1881)
  * Add panel.dev (#1916)
  * add 12CHARS to private domains (#1915)
  * Azure updates for Microsoft Corporate Domains (#1891)
  * Remove blog.kg from private section (#1840)
  * AWS Submissions to the Public Suffix List - Q4 2023 (#1876)
  * Homebase requested the addition of id.pub kin.one kin.pub (#1768)
  * Replace run.app and a.run.app with *.run.app (#1928)
  * Add pages.gay (#1920)
  * Update Platform.sh domains (#1792)
  * fix(adobe): add aem.live and aem.page domains (#1874)
  * Update code builder domains with the canary (#1802)
  * Add atmeta.com to PSL and consolidate Meta entries (#1736)
  * util: gTLD data autopull updates for 2024-01-24T15:14:29 UTC (#1923)

- Update to version 20240123:
  * util: gTLD data autopull updates for 2024-01-23T15:14:10 UTC (#1921)

- Update to version 20240107:
  * Remove homeoffice.gov.uk (#1909)
  * util: gTLD data autopull updates for 2024-01-06T15:12:04 UTC (#1918)

- Update to version 20231213:
  * util: gTLD data autopull updates for 2023-12-12T15:13:54 UTC (#1910)
  * util: gTLD data autopull updates for 2023-12-06T15:14:08 UTC (#1908)
  * Place -v after -C in github actions workflows (#1906)
  * Introduce Go Modules to tooling (#1901)
  * util: gTLD data autopull updates for 2023-11-21T15:13:46 UTC (#1902)
  * Handle EBEROs: Use DelegationDate alongside ContractTerminated (#1894)
  * util: gTLD data autopull updates for 2023-11-18T15:11:52 UTC (#1898)

- Update to version 20231108:
  * Update public_suffix_list.dat (#1848)
  * util: gTLD data autopull updates for 2023-11-03T15:13:18 UTC (#1887)
  * Add `torun.pl` (#1684)

- Update to version 20231028:
  * util: gTLD data autopull updates for 2023-10-28
  * AWS Submissions to the Public Suffix List - Q3 2023
  * Add <4-8>.azurestaticapps.net DNS suffix

- Update to version 20230930:
  * util: gTLD data autopull updates for 2023-09-30T15:11:25 UTC
  * Update .fr list, move some subspaces to PRIVATE section listing of smallregistry.net
  * Remove k12.de.us
  * Add wix.run

- Update to version 20230826:
  * util: gTLD data autopull updates for 2023-08-26T15:11:07 UTC (#1835)
  * util: gTLD data autopull updates for 2023-08-23T15:12:41 UTC (#1832)
  * Update tld-update.yml (#1827)
  * util: gTLD data autopull updates for 2023-08-12T15:10:57 UTC (#1829)
  * util: gTLD data autopull updates for 2023-08-09T15:14:39 UTC (#1828)
  * tools: include IANA TLD URL in new gtld updates. (#1817)
  * util: gTLD data autopull updates for 2023-08-05T15:11:19 UTC (#1822)
  * Update tld-update.yml to automatically add labels when autopull catches deltas and generates PR (#1815)
  * ci: update test workflow triggers to include PRs. (#1818)
  * util: gTLD data autopull updates for 2023-08-02T15:11:59 UTC (#1816)
  * unbroke URL assembly
  * Add IANA DB URL instead of blanking out contract date
  * tools: skip contract date rendering, small CI fixups. (#1812)
  * util: gTLD data autopull updates for 2023-07-28T15:13:22 UTC (#1805)

- Update to version 20230717:
  * Domains are removed `hidora.com`, `users.scale.virtualcloud.com.br`, `clicketcloud.com` (#1598)
  * Add storipress.app (#1583)

- Update to version 20230709:
  * util: gTLD data autopull updates for 2023-07-08T15:13:17 UTC (#1796)
  * util: gTLD data autopull updates for 2023-07-01T15:13:05 UTC (#1791)
  * AWS Submissions to the Public Suffix List - Q1 2023 (#1600)

- Update to version 20230616:
  * Add 63 geographical domains for .vn ccTLD (#1776)
  * util: gTLD data autopull updates for 2023-06-16T15:12:40 UTC (#1778)
  * util: gTLD data autopull updates for 2023-06-14T15:13:06 UTC (#1777)

- Update to version 20230613:
  * Add `{id,io,ai}.vn` for .vn ccTLD in ICANN Section (#1771)
  * util: gTLD data autopull updates for 2023-06-10T15:11:56 UTC (#1774)
python-rpm-macros
- Add patch fix-sp4ga-macros-inject.patch, to fix macros injection
  with SP4:GA prjconf without ## PYTHON MACROS END. bsc#1233774

- Update to version 20241120.6ae645f:
  * Do sed in place

- Update to version 20241119.7609911:
  * Do not fix shebang on links to non-writeable files

- Update to version 20241111.a34b5d8:
  * Follow symlinks when replacing shebang with sed
  * Only sed the shebang in executable files

- Update to version 20240618.c146b29:
  * Add %FLAVOR_pytest and %FLAVOR_pyunittest variants
python-Jinja2
- Add security patch CVE-2024-56326.patch (bsc#1234809)
salt
- Fix failing x509 tests with OpenSSL < 1.1
- Avoid explicit reading of /etc/salt/minion (bsc#1220357)
- Allow NamedLoaderContexts to be returned from loader
- Revert the change making reactor less blocking (bsc#1230322)
- Use --cachedir for extension_modules in salt-call (bsc#1226141)
- Prevent using SyncWrapper with no reason
- Fix the SELinux context for Salt Minion service (bsc#1219041)
- Set contextvars as a build requirement for package
- Increase warn_until_date date for code we still support
- The test_debian test now uses port 80 for ubuntu keyserver
- Fix too frequent systemd service restart in test_system test
- Avoid crash on wrong output of systemctl version (bsc#1229539)
- Improve error handling with different OpenSSL versions
- Remove redundant run_func from salt.master.MWorker._handle_aes
- Fix cloud minion configuration for multiple masters (bsc#1229109)
- Use Pygit2 id instead of deprecated oid in gitfs
- Fix few failing tests to work with both Salt and Salt bundle
- Skip testing unsupported OpenSSL crypto algorithms
- Added:
  * join-masters-if-it-is-a-list-671.patch
  * fix-deprecated-code-677.patch
  * fix-x509-test-fails-on-old-openssl-systems-682.patch
  * replace-use-of-pygit2-deprecated-and-removed-1.15.0-.patch
  * fix-the-selinux-context-for-salt-minion-service-bsc-.patch
  * avoid-crash-on-wrong-output-of-systemctl-version-bsc.patch
  * use-cachedir-for-extension_modules-in-salt-call-bsc-.patch
  * allow-namedloadercontexts-to-be-returned-from-loader.patch
  * prevent-using-syncwrapper-with-no-reason.patch
  * make-tests-compatible-with-venv-bundle.patch
  * fix-test_debian-to-work-in-our-infrastructure-676.patch
  * skip-more-tests-related-to-old-openssl-algorithms.patch
  * fix-test_system-flaky-setup_teardown-fn.patch
  * remove-redundant-run_func-from-salt.master.mworker._.patch
  * improve-error-handling-with-different-openssl-versio.patch
  * avoid-explicit-reading-of-etc-salt-minion-bsc-122035.patch
  * revert-the-change-making-reactor-less-blocking-bsc-1.patch
spacewalk-certs-tools
- version 4.3.26-0
  * Fix private key format in jabberd certificate file (bsc#1228851)
  * Fix parsing Authority Key Identifier when keyid is not prefixed (bsc#1229079)
  * Support multiple certificates for root-ca-file and server-cert-file
spacewalk-client-tools
- version 4.3.21-0
  * Update translation strings
uyuni-common-libs
- version 4.3.11-0
  * Enforce directory permissions at repo-sync when creating
    directories (bsc#1229260)
  * Make ISSv1 timezone independent (bsc#1221505)
release-notes-susemanager
- Update to SUSE Manager 4.3.14
  * Ubuntu 24.04 support as client
  * Product migration from RHEL and Clones to SUSE Liberty Linux
  * POS image templates now produce compressed images
  * Date format for API endpoints has been changed to ISO-8601 format
  * CVE Fixed
    CVE-2024-47533, CVE-2024-49502, CVE-2024-49503
  * Bugs mentioned:
    bsc#1146701, bsc#1211899, bsc#1212985, bsc#1217003, bsc#1217338
    bsc#1217978, bsc#1218090, bsc#1219450, bsc#1219645, bsc#1219887
    bsc#1221435, bsc#1221505, bsc#1223312, bsc#1223988, bsc#1224108
    bsc#1224209, bsc#1225603, bsc#1225619, bsc#1225960, bsc#1226090
    bsc#1226439, bsc#1226461, bsc#1226478, bsc#1226687, bsc#1226917
    bsc#1227133, bsc#1227334, bsc#1227406, bsc#1227526, bsc#1227543
    bsc#1227599, bsc#1227606, bsc#1227746, bsc#1228036, bsc#1228101
    bsc#1228130, bsc#1228147, bsc#1228286, bsc#1228326, bsc#1228345
    bsc#1228412, bsc#1228545, bsc#1228638, bsc#1228851, bsc#1228945
    bsc#1229079, bsc#1229178, bsc#1229260, bsc#1229339, bsc#1231332
    bsc#1231852, bsc#1231922, bsc#1231900
rsync
- Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED
  * Added rsync-fix-FLAG_GOT_DIR_FLIST.patch

- Security update,CVE-2024-12747, bsc#1235475 race condition in handling symbolic links
  * Added rsync-CVE-2024-12747.patch

- Security update, fix multiple vulnerabilities:
  * CVE-2024-12085, bsc#1234101 - Info Leak via uninitialized Stack contents defeats ASLR
  * CVE-2024-12086, bsc#1234102 - Server leaks arbitrary client files
  * CVE-2024-12087, bsc#1234103 - Server can make client write files outside of destination directory using symbolic links
  * CVE-2024-12088, bsc#1234104 - --safe-links Bypass
  * Added rsync-CVE-2024-12085.patch
  * Added rsync-CVE-2024-12086_01.patch
  * Added rsync-CVE-2024-12086_02.patch
  * Added rsync-CVE-2024-12086_03.patch
  * Added rsync-CVE-2024-12086_04.patch
  * Added rsync-CVE-2024-12087_01.patch
  * Added rsync-CVE-2024-12087_02.patch
  * Added rsync-CVE-2024-12088.patch
  * Added rsync-fix-compile-missing-my_alloc_ref.patch
rubygem-nokogiri
- added only-complain-about-version-diff-if-it-is-older.patch:
  make nokogiri only complain about mismatching libxml2 version
  if the runtime version is older than the build version as we
  assume newer versions should be ABI compatible (boo#1213999)
000release-packages:sle-module-basesystem-release
n/a
000release-packages:sle-module-containers-release
n/a
000release-packages:sle-module-public-cloud-release
n/a
000release-packages:sle-module-server-applications-release
n/a
000release-packages:sle-module-web-scripting-release
n/a
spacecmd
- version 4.3.29-0
  * Speed up softwarechannel_removepackages (bsc#1227606)
spacewalk-backend
- version 4.3.30-0
  * Make ISSv1 timezone independent (bsc#1221505)
  * reposync: introduce timeout when syncing DEB channels (bsc#1225960)
  * yum_src: use proper name variable name for subprocess.TimeoutExpired
  * Check and populate PTF attributes at the time of importing
    packages (bsc#1225619)
  * reposync: import GPG keys to RPM DB individually (bsc#1217003)
  * Add log string to the journal when services are stopped
    because of insufficient disk space
spacewalk-web
- version 4.3.42-0
  * CVE-2024-49503: Escape organization credentials username to
    mitigate XSS vulnerability (bsc#1231922)

- version 4.3.41-0
  * CVE-2024-49502: Validate proxy hostname format and escape proxy
    username to mitigate XSS vulnerabilities (bsc#1231852)

- version 4.3.40-0
  * Fix channel selection using SSM (bsc#1226917)
  * Fix datetime selection when using maintenance windows (bsc#1228036)
spacewalk-config
- version 4.3.14-0
  * Trust the Content-Length header from AJP (bsc#1226439)
spacewalk-java
- version 4.3.83-0
  * Fix compliance check as some packages were renamed (bsc#1233014)

- version 4.3.82-0
  * Limit frontend-log message size (bsc#1231900)

- version 4.3.81-0
  * Add detection of Ubuntu 24.04

- version 4.3.80-0
  * Use custom select instead of errata view for better performance
    (bsc#1225619)

- version 4.3.79-0
  * Add info URL for cobbler to clean the system profile (bsc#1219645)
  * Require correct scap packages for Ubuntu
  * Require correct scap packages for Debian 12 (bsc#1227746)
  * Fix finding system_checkin_threshold configuration value on Sytems
    Overview page (bsc#1224108)
  * Allow changing base channel to Liberty LTSS when the system is on
    Liberty (bsc#1228326)
  * Implement product migration from RHEL and Clones to Liberty
  * Remove system also from proxy SSH known_hosts (bsc#1228345)
  * Fix NullPointerException when generating subscription matcher
    input (bsc#1228638)
  * Allow free products and SUSE Manager Proxy being managed by SUSE Manager
    Server PAYG
  * Open bootstrap script directory URL in a new page (bsc#1225603)
  * Delay package list refresh when Salt was updated (bsc#1217978)
  * Add SLE Micro 5 to the list of systems which support monitoring (bsc#1227334)
  * Add all SLE Micro systems to the list of systems which get PTF repositories
  * Update last sync refresh timestamp only when at least one time products
    were synced before
  * Prevent NullPointerException when listing history events without completion
    time (bsc#1146701)
  * Autoinstallation: prevent issues with duplicate IP address due to some
    networks (bsc#1226461)
  * Improve SQL queries and performance to check for PTF packages (bsc#1225619)
  * Check the correct Salt package before product migration (bsc#1224209)
  * Fix the date format output when using the HTTP API to use ISO 8601
    format (bsc#1227543)
  * Fix transactional update check for SL Micro (bsc#1227406)
  * Improve score comparison in system search to fix ISE (bsc#1228412)
  * Fix package profile update on CentOS 7 when yum-utils is not
    installed (bsc#1227133)
spacewalk-utils
- version 4.3.22-0
  * Add repositories for Ubuntu 24.04 LTS

- version 4.3.21-0
  * Drop unsupported tool spacewalk-final-archive as it is broken
    and may disclose sensitive information (bsc#1228945)
supportutils-plugin-susemanager
- version 4.3.13-0
  * Change supportconfig as some packages were renamed (bsc#1233014)
susemanager-build-keys
- extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339)
  - gpg-pubkey-39db7c82-5f68629b.asc
  + gpg-pubkey-39db7c82-66c5d91a.asc
susemanager-docs_en
- Documented Ubuntu 24.04 LTS as a supported client OS in Client
  Configuration Guide

- SUSE Manager 4.3.14 documentation update
- In network ports section, deleted partially outdated image, added
  port 443 for clients, and removed Cobbler only used internally
  (bsc#1217338)
- Added installer-updates.suse.com to the list of URLs in Installation
  and Upgrade Guide (bsc#1229178)
- Enhanced instructions about the permissions for the IAM role
  in Public Cloud Guide
- Fixed OS minor number in Client Configuration Guide (bsc#1218090)
- Added warning about Package Hub (bsc#1221435)
- Removed Verify Packages section from Package Management chapter
  in Client Configuration Guide
- Added note about usernames in PAM section in Administration Guide
  (bsc#1227599)
- Updated Content Lifecycle Management (CLM) examples for Red Hat
  Enterprise Linux 9 (bsc#1226687)
- Added VM based proxy installation in Installation and Upgrade Guide
- Fixed PostgreSQL name entity
- Improved Large Deployments Guide with better tuning values and
  extra parameters added
- Updated lists of SUSE Linux Enterprise hardening profiles in openSCAP
  chapter in the Administration Guide
susemanager-schema
- version 4.3.27-0
  * Introduce new attributes to detect PTF packages (bsc#1225619)
susemanager-sls
- version 4.3.45-0
  * Start using DEB822 format for repository sources beginning with Ubuntu 24.04

- version 4.3.44-0
  * Speed-up mgrutil.remove_ssh_known_host runner (bsc#1223312)
  * Implement product migration from RHEL and clones to Liberty
  * Disable transactional-update.timer on SLEM at bootstrap
  * Explicitly remove old venv-minion environment when updating Python versions
  * sumautil: properly detect bridge interfaces (bsc#1226461)
  * Fix typo on directories to clean up when deleting a system (bsc#1228101)
  * Translate GPG URL if it has server name and client behind proxy
    (bsc#1223988)
  * Fix yum-utils package missing on CentOS7 minions (bsc#1227133)
  * Implement IMDSv2 for AWS instance detection (bsc#1226090)
  * Fix package profile update on CentOS 7 when yum-utils is not
    installed (bsc#1227133)
  * Fix parsing passwords with special characters for PostgreSQL
    exporter
susemanager-sync-data
- version 4.3.21-0
  * Add SLES15-SP5-LTSS channel families
  * Add MicroOS PPC channel family

- version 4.3.20-0
  * Add Ubuntu 24.04 support

- version 4.3.19-0
  * Fix CentOS 7 repo urls (bsc#1227526)
  * Add channel family for SLES 12 SP5 LTSS Extended Security
  * Implement product migration from RHEL and clones to Liberty
susemanager
- version 4.3.39-0
  * Enable bootstrapping for Ubuntu 24.04 LTS

- version 4.3.38-0
  * Add missing package python3-ply to bootstrap repo definition (bsc#1228130)
  * Create special bootstrap data for SUSE Manager Server 4.3 with LTSS
    updates for Hub scenario (bsc#1211899)
  * Add LTSS updates to SUSE Manager Proxy 4.3 bootstrap data
  * Add traditional stack to boostrap repo on sles15sp6 (bsc#1228147)
  * Change package to libdbus-glib-1-2 on sle15sp6 (bsc#1228147)
tomcat
- Update to Tomcat 9.0.98
  * Fixed CVEs:
    + CVE-2024-54677: DoS in examples web application (bsc#1234664)
    + CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation (bsc#1234663)
    + CVE-2024-52317: Request/response mix-up with HTTP/2 (bsc#1233435)
  * Catalina
    + Add: Add option to serve resources from subpath only with WebDAV Servlet
    like with DefaultServlet. (michaelo)
    + Fix: Add special handling for the protocols attribute of SSLHostConfig in
    storeconfig. (remm)
    + Fix: 69442: Fix case sensitive check on content-type when parsing request
    parameters. (remm)
    + Code: Refactor duplicate code for extracting media type and subtype from
    content-type into a single method. (markt)
    + Fix: Compatibility of generated embedded code with components where
    constructors or property related methods throw a checked exception. (remm)
    + Fix: The previous fix for inconsistent resource metadata during concurrent
    reads and writes was incomplete. (markt)
    + Fix: 69444: Ensure that the javax.servlet.error.message request attribute
    is set when an application defined error page is called. (markt)
    + Fix: Avoid quotes for numeric values in the JSON generated by the status
    servlet. (remm)
    + Add: Add strong ETag support for the WebDAV and default servlet, which can
    be enabled by using the useStrongETags init parameter with a value set to
    true. The ETag generated will be a SHA-1 checksum of the resource content.
    (remm)
    + Fix: Use client locale for directory listings. (remm)
    + Fix: 69439: Improve the handling of multiple Cache-Control headers in the
    ExpiresFilter. Based on pull request #777 by Chenjp. (markt)
    + Fix: 69447: Update the support for caching classes the web application
    class loader cannot find to take account of classes loaded from external
    repositories. Prior to this fix, these classes could be incorrectly marked
    as not found. (markt)
    + Fix: 69466: Rework handling of HEAD requests. Headers explicitly set by
    users will not be removed and any header present in a HEAD request will
    also be present in the equivalent GET request. There may be some headers,
    as per RFC 9110, section 9.3.2, that are present in a GET request that are
    not present in the equivalent HEAD request. (markt)
    + Fix: 69471: Log instances of CloseNowException caught by
    ApplicationDispatcher.invoke() at debug level rather than error level as
    they are very likely to have been caused by a client disconnection or
    similar I/O issue. (markt)
    + Add: Add a test case for the fix for 69442. Also refactor references to
    application/x-www-form-urlencoded. Based on pull request #779 by Chenjp.
    (markt)
    + Fix: 69476: Catch possible ISE when trying to report PUT failure in the
    DefaultServlet. (remm)
    + Add: Add support for RateLimit header fields for HTTP (draft) in the
    RateLimitFilter. Based on pull request #775 provided by Chenjp. (markt)
    + Add: #787: Add regression tests for 69478. Pull request provided by Thomas
    Krisch. (markt)
    + Fix: The default servlet now rejects HTTP range requests when two or more
    of the requested ranges overlap. Based on pull request #782 provided by
    Chenjp. (markt)
    + Fix: Enhance Content-Range verification for partial PUT requests handled
    by the default servlet. Provided by Chenjp in pull request #778. (markt)
    + Fix: Harmonize DataSourceStore lookup in the global resources to
    optionally avoid the comp/env prefix which is usually not used there.
    (remm)
    + Fix: As required by RFC 9110, the HTTP Range header will now only be
    processed for GET requests. Based on pull request #790 provided by Chenjp.
    (markt)
    + Fix: Deprecate the useAcceptRanges initialisation parameter for the
    default servlet. It will be removed in Tomcat 12 onwards where it will
    effectively be hard coded to true. (markt)
    + Add: Add DataSource based property storage for the WebdavServlet. (remm)
  * Coyote
    + Fix: Align encodedSolidusHandling with the Servlet specification. If the
    pass-through mode is used, any %25 sequences will now also be passed
    through to avoid errors and/or corruption when the application decodes the
    path. (markt)
  * Jasper
    + Fix: Further optimise EL evaluation of method parameters. Patch provided
    by Paolo B. (markt)
    + Fix: Follow-up to the fix for 69381. Apply the optimisation for method
    lookup performance in expression language to an additional location.
    (markt)
  * Web applications
    + Fix: Documentation. Remove references to the ResourceParams element.
    Support for ResourceParams was removed in Tomcat 5.5.x. (markt)
    + Fix: Documentation. 69477: Correct name of attribute for RemoteIPFilter.
    The attribute is internalProxies rather than allowedInternalProxies. Pull
    request #786 provided by Jorge DĂ­az. (markt)
    + Fix: Examples. Fix broken links when Servlet Request Info example is
    called via a URL that includes a pathInfo component. (markt)
    + Fix: Examples. Expand the obfuscation of session cookie values in the
    request header example to JSON responses. (markt)
    + Add: Examples. Add the ability to delete session attributes in the servlet
    session example. (markt)
    + Add: Examples. Add a hard coded limit of 10 attributes per session for the
    servlet session example. (markt)
    + Add: Examples. Add the ability to delete session attributes and add a hard
    coded limit of 10 attributes per session for the JSP form authentication
    example. (markt)
    + Add: Examples. Limit the shopping cart example to only allow adding the
    pre-defined items to the cart. (markt)
    + Fix: Examples. Remove JSP calendar example. (markt)
  * Other
    + Fix: 69465: Fix warnings during native image compilation using the Tomcat
    embedded JARs. (markt)
    + Update: Update Tomcat's fork of Commons DBCP to 2.13.0. (markt)
    + Update: Update EasyMock to 5.5.0. (markt)
    + Update: Update Checkstyle to 10.20.2. (markt)
    + Update: Update BND to 7.1.0. (markt)
    + Add: Improvements to French translations. (remm)
    + Add: Improvements to Korean translations. (markt)
    + Add: Improvements to Chinese translations. (markt)
    + Add: Improvements to Japanese translations by tak7iji. (markt)

- Update to Tomcat 9.0.97
  * Fixed CVEs:
    + CVE-2024-52316: If the Jakarta Authentication fails with an exception,
    set a 500 status (bsc#1233434)
  * Catalina
    + Add: Add support for the new Servlet API method
    HttpServletResponse.sendEarlyHints(). (markt)
    + Add: 55470: Add debug logging that reports the class path when a
    ClassNotFoundException occurs in the digester or the web application
    class loader. Based on a patch by Ralf Hauser. (markt)
    + Update: 69374: Properly separate between table header and body in
    DefaultServlet's listing. (michaelo)
    + Update: 69373: Make DefaultServlet's HTML listing file last modified
    rendering better (flexible). (michaelo)
    + Update: Improve HTML output of DefaultServlet. (michaelo)
    + Code: Refactor RateLimitFilter to use FilterBase as the base class. The
    primary advantage for doing this is less code to process init-param
    values. (markt)
    + Update: 69370: DefaultServlet's HTML listing uses incorrect labels.
    (michaelo)
    + Fix: Avoid NPE in CrawlerSessionManagerValve for partially mapped
    requests. (remm)
    + Fix: Add missing WebDAV Lock-Token header in the response when locking
    a folder. (remm)
    + Fix: Invalid WebDAV lock requests should be rejected with 400. (remm)
    + Fix: Fix regression in WebDAV when attempting to unlock a collection.
    (remm)
    + Fix: Verify that destination is not locked for a WebDAV copy operation.
    (remm)
    + Fix: Send 415 response to WebDAV MKCOL operations that include a
    request body since this is optional and unsupported. (remm)
    + Fix: Enforce DAV: namespace on WebDAV XML elements. (remm)
    + Fix: Do not allow a new WebDAV lock on a child resource if a parent
    collection is locked (RFC 4918 section 6.1). (remm)
    + Fix: WebDAV Delete should remove any existing lock on successfully
    deleted resources. (remm)
    + Update: Remove WebDAV lock null support in accordance with RFC 4918
    section 7.3 and annex D. Instead, a lock on a non-existing resource
    will create an empty file locked with a regular lock. (remm)
    + Update: Rewrite implementation of WebDAV shared locks to comply with
    RFC 4918. (remm)
    + Update: Implement WebDAV If header using code from the Apache Jackrabbit
    project. (remm)
    + Add: Add PropertyStore interface in the WebDAV Servlet, to allow
    implementation of dead properties storage. The store used can be
    configured using the 'propertyStore' init parameter of the WebDAV
    servlet. A simple non-persistent implementation is used if no custom
    store is configured. (remm)
    + Update: Implement WebDAV PROPPATCH method using the newly added
    PropertyStore. (remm)
    + Fix: Cache not found results when searching for web application class
    loader resources. This addresses performance problems caused by
    components such as java.sql.DriverManager which, in some circumstances,
    will search for the same class repeatedly. In a large web application
    this can cause performance problems. The size of the cache can be
    controlled via the new notFoundClassResourceCacheSize on the
    StandardContext. (markt)
    + Fix: Stop after INITIALIZED state should be a noop since it is possible
    for subcomponents to be in FAILED after init. (remm)
    + Fix: Fix incorrect web resource cache size calculations when there are
    concurrent PUT and DELETE requests for the same resource. (markt)
    + Add: Add debug logging for the web resource cache so the current size
    can be tracked as resources are added and removed. (markt)
    + Update: Replace legacy WebDAV opaquelocktoken: scheme for lock tokens
    with urn:uuid: as recommended by RFC 4918, and remove secret init
    parameter. (remm)
    + Fix: Concurrent reads and writes (e.g. GET and PUT / DELETE) for the
    same path caused corruption of the FileResource where some of the
    fields were set as if the file exists and some as set as if it does
    not. This resulted in inconsistent metadata. (markt)
    + Fix: 69415: Ensure that the ExpiresFilter only sets cache headers on
    GET and HEAD requests. Also skip requests where the application has set
    Cache-Control: no-store. (markt)
    + Fix: 69419: Improve the performance of ServletRequest.getAttribute()
    when there are multiple levels of nested includes. Based on a patch
    provided by John Engebretson. (markt)
    + Add: All applications to send an early hints informational response by
    calling HttpServletResponse.sendError() with a status code of 103.
    (schultz)
    + Fix: Ensure that the Jakarta Authentication CallbackHandler only
    creates one GenericPrincipal in the Subject. (markt)
    + Fix: If the Jakarta Authentication process fails with an Exception,
    explicitly set the HTTP response status to 500 as the ServerAuthContext
    may not have set it. (markt)
    + Fix: When persisting the Jakarta Authentication provider configuration,
    create any necessary parent directories that don't already exist.
    (markt)
    + Fix: Correct the logic used to detect errors when deleting temporary
    files associated with persisting the Jakarta Authentication provider
    configuration. (markt)
    + Fix: When processing Jakarta Authentication callbacks, don't overwrite
    a Principal obtained from the PasswordValidationCallback with null if
    the CallerPrincipalCallback does not provide a Principal. (markt)
    + Fix: Avoid store config backup loss when storing one configuration more
    than once per second. (remm)
    + Fix: 69359: WebdavServlet duplicates getRelativePath() method from
    super class with incorrect Javadoc. (michaelo)
    + Fix: 69360: Inconsistent DELETE behavior between WebdavServlet and
    DefaultServlet. (michaelo)
    + Fix: Make WebdavServlet properly return the Allow header when deletion
    of a resource is not allowed. (michaelo)
    + Fix: Add log warning if non wildcard mappings are used with the
    WebdavServlet. (remm)
    + Fix: 69361: Ensure that the order of entries in a multi-status response
    to a WebDAV is consistent with the order in which resources were
    processed. (markt)
    + Fix: 69362: Provide a better multi-status response when deleting a
    collection via WebDAV fails. Empty directories that cannot be deleted
    will now be included in the response. (markt)
    + Fix: 69363: Use getPathPrefix() consistently in the WebDAV servlet to
    ensure that the correct path is used when the WebDAV servlet is mounted
    at a sub-path within the web application. (markt)
    + Fix: Improve performance of ApplicationHttpRequest.parseParameters().
    Based on sample code and test cases provided by John Engebretson.
    (markt)
    + Add: Add support for RFC 8297 (Early Hints). Applications can use
    this feature by casting the HttpServletResponse to
    org.apache.catalina.connector.Reponse and then calling the method
    void sendEarlyHints(). This method will be added to the Servlet API
    (removing the need for the cast) in Servlet 6.2 onwards. (markt)
    + Fix: 69214: Do not reject a CORS request that uses POST but does not
    include a content-type header. Tomcat now correctly processes this as
    a simple CORS request. Based on a patch suggested by thebluemountain.
    (markt)
    + Fix: Refactor SpnegoAuthenticator so it uses Subject.callAs() rather
    than Subject.doAs() when available. (markt)
  * Coyote
    + Fix: Return null SSL session id on zero length byte array returned from
    the SSL implementation. (remm)
    + Fix: Skip OpenSSLConf with BoringSSL since it is unsupported. (remm)
    + Fix: Create the HttpParser in Http11Processor if it is not present on
    the AbstractHttp11Protocol to provide better lifecycle robustness for
    regular HTTP/1.1. The new behavior was introduced on a previous
    refactoring to improve HTTP/2 performance. (remm)
    + Fix: OpenSSLContext will now throw a KeyManagementException if something
    is known to have gone wrong in the init method, which is the behavior
    documented by javax.net.ssl.SSLContext.init. This makes error handling
    more consistent. (remm)
    + Fix: 69316: Ensure that FastHttpDateFormat#getCurrentDate() (used to
    generate Date headers for HTTP responses) generates the correct string
    for the given input. Prior to this change, the output may have been
    wrong by one second in some cases. Pull request #751 provided by Chenjp.
    (markt)
    + Add: Add server and serverRemoveAppProvidedValues to the list of
    attributes the HTTP/2 protocol will inherit from the HTTP/1.1 connector
    it is nested within. (markt)
    + Fix: Avoid possible crashes when using Apache Tomcat Native, caused by
    destroying SSLContext objects through GC after APR has been terminated.
    (remm)
    + Fix: Improve HTTP/2 handling of trailer fields for requests. Trailer
    fields no longer need to be received before the headers of the
    subsequent stream nor are trailer fields for an in-progress stream
    swallowed if the Connector is paused before the trailer fields are
    received. (markt)
    + Fix: Ensure the request and response are not recycled too soon for an
    HTTP/2 stream when a stream level error is detected during the processing
    of incoming HTTP/2 frames. This could lead to incorrect processing times
    appearing in the access log. (markt)
    + Fix: Fix 69320, a regression in the fix for 69302 that meant the
    HTTP/2 processing was likely to be broken for all clients once any
    client sent an HTTP/2 reset frame. (markt)
    + Fix: Correct a regression in the fix for non-blocking reads of chunked
    request bodies that caused InputStream.available() to return a non-zero
    value when there was no data to read. In some circumstances this could
    cause a blocking read to block waiting for more data rather than return
    the data it had already received. (markt)
    + Add: Add a new attribute cookiesWithoutEquals to the Rfc6265CookieProcessor.
    The default behaviour is unchanged. (markt)
    + Fix: Ensure that Tomcat sends a TLS close_notify message after receiving
    one from the client when using the OpenSSLImplementation. (markt)
    + Fix: 69301: Fix trailer headers replacing non-trailer headers when writing
    response headers to the access log. Based on a patch and test case
    provided by hypnoce. (markt)
    + Fix: 69302: If an HTTP/2 client resets a stream before the request body is
    fully written, ensure that any ReadListener is notified via a call to
    ReadListener.onErrror(). (markt)
    + Fix: Correct regressions in the refactoring that added recycling of the
    coyote request and response to the HTTP/2 processing. (markt)
    + Add: Add OpenSSL integration using the FFM API rather than Tomcat Native.
    OpenSSL support may be enabled by adding the
    org.apache.catalina.core.OpenSSLLifecycleListener listener on the
    Server element when using Java 22 or later. (remm)
    + Fix: Ensure that HTTP/2 stream input buffers are only created when there
    is a request body to be read. (markt)
    + Code: Refactor creation of HttpParser instances from the Processor level
    to the Protocol level since the parser configuration depends on the
    protocol and the parser is, otherwise, stateless. (markt)
    + Add: Align HTTP/2 with HTTP/1.1 and recycle the container internal
    request and response processing objects by default. This behaviour can
    be controlled via the new discardRequestsAndResponses attribute on the
    HTTP/2 upgrade protocol. (markt)
  * Jasper
    + Fix: Add back tag release method as deprecated in the runtime for
    compatibility with old generated code. (remm)
    + Fix: 69399: Fix regression caused by the improvement 69333 which caused
    the tag release to be called when using tag pooling, and to be skipped
    when not using it. Patch submitted by Michal Sobkiewicz. (remm)
    + Fix: 69381: Improve method lookup performance in expression language.
    When the required method has no arguments there is no need to consider
    casting or coercion and the method lookup process can be simplified.
    Based on pull request #770 by John Engebretson.
    + Fix: 69382: Improve the performance of the JSP include action by
    re-using results of relatively expensive method calls in the generated
    code rather than repeating them. Patch provided by John Engebretson.
    (markt)
    + Fix: 69398: Avoid unnecessary object allocation in PageContextImpl.
    Based on a suggestion by John Engebretson. (markt)
    + Fix: 69406: When using StringInterpreterEnum, do not throw an
    IllegalArgumentException when an invalid Enum is encountered. Instead,
    resolve the value at runtime. Patch provided by John Engebretson.
    (markt)
    + Fix: 69429: Optimise EL evaluation of method parameters for methods
    that do not accept any parameters. Patch provided by John Engebretson.
    (markt)
    + Fix: 69333: Remove unnecessary code from generated JSPs. (markt)
    + Fix: 69338: Improve the performance of processing expressions that
    include AND or OR operations with more than two operands and expressions
    that use not empty. (markt)
    + Fix: 69348: Reduce memory consumption in ELContext by using lazy
    initialization for the data structure used to track lambda arguments.
    (markt)
    + Fix: Switch the TldScanner back to logging detailed scan results at debug
    level rather than trace level. (markt)
  * Web applications
    + Fix: The manager webapp will now be able to access certificates again
    when OpenSSL is used. (remm)
    + Fix: Documentation. Align the logging configuration documentation with
    the current defaults. (markt)
  * WebSocket
    + Fix: If a blocking message write exceeds the timeout, don't attempt the
    write again before throwing the exception. (markt)
    + Fix: An EncodeException being thrown during a message write should not
    automatically cause the connection to close. The application should
    handle the exception and make the decision whether or not to close the
    connection. (markt)
  * jdbc-pool
    + Fix: 69255: Correct a regression in the fix for 69206 that meant exceptions
    executing statements were wrapped in a java.lang.reflect.UndeclaredThrowableException
    rather than the application seeing the original SQLException. Fixed by
    pull request #744 provided by Michael Clarke. (markt)
    + Fix: 69279: Correct a regression in the fix for 69206 that meant that
    methods that previously returned a null ResultSet were returning a proxy
    with a null delegate. Fixed by pull request #745 provided by Huub de Beer.
    (markt)
    + Fix: 69206: Ensure statements returned from Statement methods
    executeQuery(), getResultSet() and getGeneratedKeys() are correctly
    wrapped before being returned to the caller. Based on pull request
    [#742] provided by Michael Clarke.
  * Other
    + Update: Switch from DigiCert ONE to ssl.com eSigner for code signing.
    (markt)
    + Update: Update Byte Buddy to 1.15.10. (markt)
    + Update: Update CheckStyle to 10.20.0. (markt)
    + Add: Improvements to German translations. (remm)
    + Add: Improvements to French translations. (remm)
    + Add: Improvements to Japanese translations by tak7iji. (markt)
    + Add: Improvements to Chinese translations by Ch_jp. (markt)
    + Add: Exclude the tomcat-coyote-ffm.jar from JAR scanning by default.
    (markt)
    + Fix: Change the default log handler level to ALL so log messages are
    not dropped by default if a logger is configured to use trace (FINEST)
    level logging. (markt)
    + Update: Update Hamcrest to 3.0. (markt)
    + Update: Update EasyMock to 5.4.0. (markt)
    + Update: Update Byte Buddy to 1.15.0. (markt)
    + Update: Update CheckStyle to 10.18.0. (markt)
    + Update: Update the internal fork of Apache Commons BCEL to 6.10.0.
    (markt)
    + Add: Improvements to Spanish translations by Fernando. (markt)
    + Add: Improvements to French translations. (remm)
    + Add: Improvements to Japanese translations by tak7iji. (markt)
    + Fix: Fix packaging regression with missing osgi information following
    addition of the test-only build target. (remm)
    + Update: Update Tomcat Native to 1.3.1. (markt)
    + Update: Update Byte Buddy to 1.14.18. (markt)
    + Add: Improvements to French translations. (remm)
    + Add: Improvements to Japanese translations by tak7iji. (markt)

- Adapt the scripts to run also with javapackages-tools >= 6.3

- Fix build after removal of the default %%{java_home} define

- Modified patch:
  * tomcat-9.0-osgi-build.patch
    + move the definition of bnd.classpath out of the setup-bnd task
    since it is one component in build.classpath
uyuni-reportdb-schema
- version 4.3.11-0
  * Change Errata CVE column to type text as a varchar reaches the
    maximum (bsc#1226478)
vim
- Provide latest 9.1.0836 release.
- Fix for bsc#1230625 and bsc#1231846.

- update to 9.1.0836
  * 9.1.0836: The vimtutor can be improved
  * 9.1.0835: :setglobal doesn't work properly for 'ffu' and 'tsrfu'
  * 9.1.0834: tests: 2html test fails
  * 9.1.0833: CI: recent ASAN changes do not work for indent tests
  * 9.1.0832: :set doesn't work for 'cot' and 'bkc' after :setlocal
  * runtime(doc): update help-toc description
  * runtime(2html): Make links use color scheme colors in TOhtml
  * 9.1.0831: 'findexpr' can't be used as lambad or Funcref
  * Filelist: include helptoc package
  * runtime(doc): include a TOC Vim9 plugin
  * Filelist: ignore .git-blame-ignore-revs
  * 9.1.0830: using wrong highlight group for spaces for popupmenu
  * runtime(typst): synchronize updates from the upstream typst.vim
  * git: ignore reformatting commit for git-blame (after v9.1.0829)
  * 9.1.0829: Vim source code uses a mix of tabs and spaces
  * 9.1.0828: string_T struct could be used more often
  * 9.1.0827: CI: tests can be improved
  * runtime(doc): remove stray sentence in pi_netrw.txt
  * 9.1.0826: filetype: sway files are not recognized
  * runtime(doc): Include netrw-gp in TOC
  * runtime(doc): mention 'iskeyword' at :h charclass()
  * runtime(doc): update help tags
  * 9.1.0825: compile error for non-diff builds
  * runtime(netrw): fix E874 when browsing remote directory which contains `~` character
  * runtime(doc): update coding style documentation
  * runtime(debversions): Add plucky (25.04) as Ubuntu release name
  * 9.1.0824: too many strlen() calls in register.c
  * 9.1.0823: filetype: Zephyr overlay files not recognized
  * runtime(doc): Clean up minor formatting issues for builtin functions
  * runtime(netrw): make :Launch/Open autoloadable
  * runtime(netrw): fix regression with x mapping on Cygwin
  * runtime(netrw): fix filetype detection for remote files
  * 9.1.0822: topline might be changed in diff mode unexpectedly
  * CI: huge linux builds should also run syntax & indent tests
  * 9.1.0821: 'findexpr' completion doesn't set v:fname to cmdline argument
  * 9.1.0820: tests: Mac OS tests are too flaky
  * runtime(awk): Highlight more awk comments in syntax script
  * runtime(netrw): add missing change for s:redir()
  * 9.1.0819: tests: using findexpr and imported func not tested
  * runtime(netrw): improve netrw's open-handling further
  * runtime(netrw): fix syntax error in netrwPlugin.vim
  * runtime(netrw): simplify gx file handling
  * 9.1.0818: some global functions are only used in single files
  * 9.1.0817: termdebug: cannot evaluate expr in a popup
  * runtime(defaults): Detect putty terminal and switch to dark background
  * 9.1.0816: tests: not clear what tests cause asan failures
  * runtime(doc): Remove some completed items from todo.txt
  * 9.1.0815: "above" virtual text causes wrong 'colorcolumn' position
  * runtime(syntax-tests): tiny vim fails because of line-continuation
  * 9.1.0814: mapset() may remove unrelated mapping
  * 9.1.0813: no error handling with setglobal and number types
  * 9.1.0812: Coverity warns about dereferencing NULL ptr
  * 9.1.0811: :find expansion does not consider 'findexpr'
  * 9.1.0810: cannot easily adjust the |:find| command
  * 9.1.0809: filetype: petalinux config files not recognized
  * 9.1.0808: Terminal scrollback doesn't shrink when decreasing 'termwinscroll'
  * 9.1.0807: tests: having 'nolist' in modelines isn't always desired
  * 9.1.0806: tests: no error check when setting global 'briopt'
  * 9.1.0805: tests: minor issues in gen_opt_test.vim
  * 9.1.0804: tests: no error check when setting global 'cc'
  * 9.1.0803: tests: no error check when setting global 'isk'
  * 9.1.0802: tests: no error check when setting global 'fdm' to empty value
  * 9.1.0801: tests: no error check when setting global 'termwinkey'
  * 9.1.0800: tests: no error check when setting global 'termwinsize'
  * runtime(doc): :ownsyntax also resets 'spelloptions'
  * 9.1.0799: tests: gettwinvar()/gettabwinvar() tests are not comprehensive
  * runtime(doc): Fix wrong Mac default options
  * 9.1.0798: too many strlen() calls in cmdhist.c
  * 9.1.0797: testing of options can be further improved
  * 9.1.0796: filetype: libtool files are not recognized
  * (typst): add folding to typst ftplugin
  * runtime(netrw): deprecate and remove netrwFileHandlers#Invoke()
  * 9.1.0795: filetype: Vivado memory info file are not recognized
  * 9.1.0794: tests: tests may fail on Windows environment
  * runtime(doc): improve the :colorscheme documentation
  * 9.1.0793: xxd: -e does add one extra space
  * 9.1.0792: tests: Test_set_values() is not comprehensive enough
  * runtime(swayconfig): add flag for bindsym/bindcode to syntax script
  * 9.1.0791: tests: errors in gen_opt_test.vim are not shown
  * runtime(compiler): check for compile_commands in build dirs for cppcheck
  * 9.1.0790: Amiga: AmigaOS4 build should use default runtime (newlib)
  * runtime(help): Update help syntax
  * runtime(help): fix end of sentence highlight in code examples
  * runtime(jinja): Support jinja syntax as secondary filetype
  * 9.1.0789: tests: ':resize + 5' has invalid space after '+'
  * 9.1.0788: <CSI>27;<mod>u is not decoded to literal Escape in kitty/foot
  * 9.1.0787: cursor position changed when using hidden terminal
  * 9.1.0786: tests: quickfix update test does not test location list
  * runtime(doc): add some docs for file-watcher programs
  * CI: uploading failed screendumps still fails on Cirrus CI
  * 9.1.0785: cannot preserve error position when setting quickfix list
  * 9.1.0784: there are several problems with python 3.13
  * 9.1.0783: 'spell' option setting has problems
  * 9.1.0782: tests: using wrong neomuttlog file name
  * runtime(doc): add preview flag to statusline example
  * 9.1.0781: tests: test_filetype fails
  * 9.1.0780: MS-Windows: incorrect Win32 error checking
  * 9.1.0779: filetype: neomuttlog files are not recognized
  * 9.1.0778: filetype: lf config files are not recognized
  * runtime(comment): fix commment toggle with mixed tabs & spaces
  * runtime(misc): Use consistent "Vim script" spelling
  * runtime(gleam): add ftplugin for gleam files
  * runtime(doc): link help-writing from write-local-help
  * 9.1.0777: filetype: Some upstream php files are not recognized
  * runtime(java): Define javaBlockStart and javaBlockOtherStart hl groups
  * runtime(doc): mention conversion rules for remote_expr()
  * runtime(tutor): Fix missing :s command in spanish translation section 4.4
  * 9.1.0776: test_strftime may fail because of missing TZ data
  * translation(am): Add Armenian language translation
  * 9.1.0775: tests: not enough tests for setting options
  * 9.1.0774: "shellcmdline" doesn't work with getcompletion()
  * 9.1.0773: filetype: some Apache files are not recognized
  * 9.1.0772: some missing changes from v9.1.0771
  * 9.1.0771: completion attribute hl_group is confusing
  * 9.1.0770: current command line completion is a bit limited
  * 9.1.0769: filetype: MLIR files are not recognized
  * 9.1.0768: MS-Windows: incorrect cursor position when restoring screen
  * runtime(nasm): Update nasm syntax script
  * 9.1.0767: A condition is always true in ex_getln.c
  * runtime(skill): Update syntax file to fix string escapes
  * runtime(help): highlight CTRL-<Key> correctly
  * runtime(doc): add missing usr_52 entry to toc
  * 9.1.0766: too many strlen() calls in ex_getln.c
  * runtime(doc): correct `vi` registers 1-9 documentation error
  * 9.1.0765: No test for patches 6.2.418 and 7.3.489
  * runtime(spec): set comments and commentstring options
  * NSIS: Include libgcc_s_sjlj-1.dll again
  * runtime(doc): clarify the effect of 'startofline' option
  * 9.1.0764: [security]: use-after-free when closing a buffer
  * runtime(vim): Update base-syntax file, improve class, enum and interface highlighting
  * 9.1.0763: tests: cannot run single syntax tests
  * 9.1.0762: 'cedit', 'termwinkey' and 'wildchar' may not be parsed correctly
  * 9.1.0761: :cd completion fails on Windows with backslash in path
  * 9.1.0760: tests: no error reported, if gen_opt_test.vim fails
  * 9.1.0759: screenpos() may return invalid position
  * runtime(misc): unset compiler in various ftplugins
  * runtime(doc): update formatting and syntax
  * runtime(compiler): add cppcheck linter compiler plugin
  * runtime(doc): Fix style in documents
  * runtime(doc): Fix to two-space convention in user manual
  * runtime(comment): consider &tabstop in lines after whitespace indent
  * 9.1.0758: it's possible to set an invalid key to 'wildcharm'
  * runtime(java): Manage circularity for every :syn-included syntax file
  * 9.1.0757: tests: messages files contains ANSI escape sequences
  * 9.1.0756: missing change from patch v9.1.0754
  * 9.1.0755: quickfix list does not handle hardlinks well
  * runtime(doc): 'filetype', 'syntax' and 'keymap' only allow alphanumeric + some characters
  * runtime(systemd): small fixes to &keywordprg in ftplugin
  * CI: macos-12 runner is being sunset, switch to 13
  * 9.1.0754: fixed order of items in insert-mode completion menu
  * runtime(comment): commenting might be off by one column
  * 9.1.0753: Wrong display when typing in diff mode with 'smoothscroll'
  * 9.1.0752: can set 'cedit' to an invalid value
  * runtime(doc): add `usr` tag to usr_toc.txt
  * 9.1.0751: Error callback for term_start() not used
  * 9.1.0750: there are some Win9x legacy references
  * runtime(java): Recognise the CommonMark form (///) of Javadoc comments
  * 9.1.0749: filetype: http files not recognized
  * runtime(comment): fix syntax error
  * CI: uploading failed screendump tests does not work Cirrus
  * 9.1.0748: :keep* commmands are sometimes misidentified as :k
  * runtime(indent): allow matching negative numbers for gnu indent config file
  * runtime(comment): add gC mapping to (un)comment rest of line
  * 9.1.0747: various typos in repo found
  * 9.1.0746: tests: Test_halfpage_longline() fails on large terminals
  * runtime(doc): reformat gnat example
  * runtime(doc): reformat ada_standard_types section
  * 9.1.0745: filetype: bun and deno history files not recognized
  * runtime(glvs): Correct the tag name of glvs-autoinstal
  * runtime(doc): include short form for :earlier/:later
  * runtime(doc): remove completed TODO
  * 9.1.0744: filetype: notmuch configs are not recognised
  * 9.1.0743: diff mode does not handle overlapping diffs correctly
  * runtime(glvs): fix a few issues
  * runtime(doc): Fix typo in :help :command-modifiers
  * 9.1.0742: getcmdprompt() implementation can be improved
  * runtime(docs): update `:set?` command behavior table
  * runtime(doc): update vim90 to vim91 in docs
  * runtime(doc): fix typo in :h dos-colors
  * 9.1.0741: No way to get prompt for input()/confirm()
  * runtime(doc): fix typo in version9.txt nrformat -> nrformats
  * runtime(rmd,rrst): 'fex' option not properly restored
  * runtime(netrw): remove extraneous closing bracket
  * 9.1.0740: incorrect internal diff with empty file
  * 9.1.0739: [security]: use-after-free in ex_getln.c
  * runtime(filetype): tests: Test_filetype_detection() fails
  * runtime(dist): do not output a message if executable is not found
  * 9.1.0738: filetype: rapid files are not recognized
  * runtime(modconf): remove erroneous :endif in ftplugin
  * runtime(lyrics): support multiple timestamps in syntax script
  * runtime(java): Optionally recognise _module_ import declarations
  * runtime(vim): Update base-syntax, improve folding function matches
  * CI: upload failed screendump tests also for Cirrus
  * 9.1.0737: tests: screendump tests may require a bit more time
  * runtime(misc): simplify keywordprg in various ftplugins
  * runtime(java): Optionally recognise all primitive constants in _switch-case_ labels
  * runtime(zsh,sh): set and unset compiler in ftplugin
  * runtime(netrw): using inefficient highlight pattern for 'mf'
  * 9.1.0736: Unicode tables are outdated
  * 9.1.0735: filetype: salt files are not recognized
  * 9.1.0734: filetype: jinja files are not recognized
  * runtime(zathurarc): add double-click-follow to syntax script
  * translation(ru): Updated messages translation
  * translation(it): updated xxd man page
  * translation(ru): updated xxd man page
  * 9.1.0733: keyword completion does not work with fuzzy
  * 9.1.0732: xxd: cannot use -b and -i together
  * runtime(java): Highlight javaConceptKind modifiers with StorageClass
  * runtime(doc): reword and reformat how to use defaults.vim
  * 9.1.0731: inconsistent case sensitive extension matching
  * runtime(vim): Update base-syntax, match Vim9 bool/null literal args to :if/:while/:return
  * runtime(netrw): delete confirmation not strict enough
  * 9.1.0730: Crash with cursor-screenline and narrow window
  * 9.1.0729: Wrong cursor-screenline when resizing window
  * 9.1.0728: [security]: heap-use-after-free in garbage collection with location list user data
  * runtime(doc): clarify the effect of the timeout for search()-functions
  * runtime(idlang): update syntax script
  * runtime(spec): Recognize epoch when making spec changelog in ftplugin
  * runtime(spec): add file triggers to syntax script
  * 9.1.0727: too many strlen() calls in option.c
  * runtime(make): add compiler/make.vim to reset compiler plugin settings
  * runtime(java): Recognise all available standard doclet tags
  * 9.1.0726: not using correct python3 API with dynamic linking
  * runtime(dosini): Update syntax script, spellcheck comments only
  * runtime(doc): Revert outdated comment in completeopt's fuzzy documentation
  * 9.1.0725: filetype: swiftinterface files are not recognized
  * runtime(pandoc): Update compiler plugin to use actual 'spelllang'
  * runtime(groff): Add compiler plugin for groff
  * 9.1.0724: if_python: link error with python 3.13 and stable ABI
  * 9.1.0723: if_python: dynamic linking fails with python3 >= 3.13
  * 9.1.0722: crash with large id in text_prop interface
  * 9.1.0721: tests: test_mksession does not consider XDG_CONFIG_HOME
  * runtime(glvs): update GetLatestVimScripts plugin
  * runtime(doc): Fix typo in :help :hide text
  * runtime(doc): buffers can be re-used
  * 9.1.0720: Wrong breakindentopt=list:-1 with multibyte or TABs
  * 9.1.0719: Resetting cell widths can make 'listchars' or 'fillchars' invalid
  * runtime(doc): Update version9.txt and mention $MYVIMDIR

- Update to 9.1.0718:
  * v9.1.0718: hard to know the users personal Vim Runtime Directory
  * v9.1.0717: Unnecessary nextcmd NULL checks in parse_command_modifiers()
    Maintainers: fix typo in author name
  * v9.1.0716: resetting setcellwidth( doesn't update the screen
    runtime(hcl,terraform): Add runtime files for HCL and Terraform
    runtime(tmux): Update syntax script
  * v9.1.0715: Not correctly parsing color names (after v9.1.0709)
  * v9.1.0714: GuiEnter_Turkish test may fail
  * v9.1.0713: Newline causes E749 in Ex mode
  * v9.1.0712: missing dependency of Test_gettext_makefile
  * v9.1.0711: test_xxd may file when using different xxd
  * v9.1.0710: popup window may hide part of Command line
    runtime(vim): Update syntax, improve user-command matching
  * v9.1.0709: GUIEnter event not found in Turkish locale
    runtime(sudoers): improve recognized Runas_Spec and Tag_Spec items
  * v9.1.0708: Recursive window update does not account for reset skipcol
    runtime(nu): include filetype plugin
  * v9.1.0707: invalid cursor position may cause a crash
  * v9.1.0706: test_gettext fails when using shadow dir
    CI: Install locales-all package
  * v9.1.0705: Sorting of fuzzy filename completion is not stable
    translation(pt): update Portuguese/Brazilian menu translation
    runtime(vim): Update base-syntax, match bracket mark ranges
    runtime(doc): Update :help :command-complete list
  * v9.1.0704: inserting with a count is inefficient
    runtime(doc): use mkdir -p to save a command
  * v9.1.0703: crash with 2byte encoding and glob2regpat()
    runtime(hollywood): update syn highlight for If-Then statements
    and For-In-Loops
  * v9.1.0702: Patch 9.1.0700 broke CI
  * v9.1.0701: crash with NFA regex engine when searching for
    composing chars
  * v9.1.0700: crash with 2byte encoding and glob2regpat()
  * v9.1.0699: "dvgo" is not always an inclusive motion
    runtime(java): Provide support for syntax preview features
  * v9.1.0698: "Untitled" file not removed when running Test_crash1_3
    alone
  * v9.1.0697: heap-buffer-overflow in ins_typebuf
  * v9.1.0696: installing runtime files fails when using SHADOWDIR
    runtime(doc): fix typo
  * v9.1.0695: test_crash leaves Untitled file around
    translation(br): Update Brazilian translation
    translation(pt): Update menu_pt_br
  * v9.1.0694: matchparen is slow on a long line
  * v9.1.0693: Configure doesn't show result when not using python3
    stable abi
  * v9.1.0692: Wrong patlen value in ex_substitute()
  * v9.1.0691: stable-abi may cause segfault on Python 3.11
    runtime(vim): Update base-syntax, match :loadkeymap after colon and bar
    runtime(mane): Improve <Plug>ManBS mapping
  * v9.1.0690: cannot set special highlight kind in popupmenu
    translation(pt): Revert and fix wrong Portuguese menu translation
    files
    translation(pt): revert Portuguese menu translation
    translation(br): Update Brazilian translations
    runtime(vim): Update base-syntax, improve :let-heredoc highlighting
  * v9.1.0689: buffer-overflow in do_search( with 'rightleft'
    runtime(vim): Improve heredoc handling for all embedded scripts
  * v9.1.0688: dereferences NULL pointer in check_type_is_value()
  * v9.1.0687: Makefile may not install desktop files
    runtime(man): Fix <Plug>ManBS
    runtime(java): Make the bundled &foldtext function optional
    runtime(netrw): Change line on `mx` if command output exists
    runtime(netrw): Fix `mf`-selected entry highlighting
    runtime(htmlangular): add html syntax highlighting
    translation(it): Fix filemode of Italian manpages
    runtime(doc): Update outdated man.vim plugin information
    runtime(zip): simplify condition to detect MS-Windows
  * v9.1.0686: zip-plugin has problems with special characters
    runtime(pandoc): escape quotes in &errorformat for pandoc
    translation(it): updated Italian manpage
  * v9.1.0685: too many strlen( calls in usercmd.c
    runtime(doc): fix grammar in :h :keeppatterns
    runtime(pandoc): refine pandoc compiler settings
  * v9.1.0684: completion is inserted on Enter with "noselect"
    translation(ru): update man pages
  * v9.1.0683: mode( returns wrong value with <Cmd> mapping
    runtime(doc): remove trailing whitespace in cmdline.txt
  * v9.1.0682: Segfault with uninitialized funcref
  * v9.1.0681: Analyzing failed screendumps is hard
    runtime(doc): more clarification for the :keeppatterns needed
  * v9.1.0680: VMS does not have defined uintptr_t
    runtime(doc): improve typedchar documentation for KeyInputPre autocmd
    runtime(dist): verify that executable is in $PATH
    translation(it): update Italian manpages
    runtime(doc): clarify the effect of :keeppatterns after * v9.1.0677
    runtime(doc): update Makefile and make it portable between GNU and BSD
  * v9.1.0679: Rename from w_closing to w_locked is incomplete
    runtime(colors): update colorschemes
    runtime(vim): Update base-syntax, improve :let-heredoc highlighting
    runtime(doc): Updating the examples in the xxd manpage
    translation(ru): Updated uganda.rux
    runtime(yaml): do not re-indent when commenting out lines
  * v9.1.0678: use-after-free in alist_add()
  * v9.1.0677 :keepp does not retain the substitute pattern
    translation(ja): Update Japanese translations to latest release
    runtime(netrw): Drop committed trace lines
    runtime(netrw): Error popup not always used
    runtime(netrw): ErrorMsg( may throw E121
    runtime(tutor): update Makefile and make it portable between GNU and BSD
    translation: improve the po/cleanup.vim script
    runtime(lang): update Makefile and make it portable between GNU and BSD
  * v9.1.0676: style issues with man pages
  * v9.1.0675: Patch v9.1.0674 causes problems
    runtime(dosbatch): Show %%i as an argument in syntax file
    runtime(dosbatch): Add syn-sync to syntax file
    runtime(sql, mysql): fix E169: Command too recursive with
    sql_type_default = "mysql"
  * v9.1.0674: compiling abstract method fails because of missing return
    runtime(javascript): fix a few issues with syntax higlighting
    runtime(mediawiki): fix typo in doc, test for b:did_ftplugin var
    runtime(termdebug): Fix wrong test for balloon feature
    runtime(doc): Remove mentioning of the voting feature
    runtime(doc): add help tags for json + markdown global variables
  * v9.1.0673: too recursive func calls when calling super-class method
    runtime(syntax-tests): Facilitate the viewing of rendered screendumps
    runtime(doc): fix a few style issues
  * v9.1.0672: marker folds may get corrupted on undo
  * v9.1.0671 Problem:  crash with WinNewPre autocommand
  * v9.1.0670: po file encoding fails on *BSD during make
    translation(it): Update Italian translation
    translation: Stop using msgconv
  * v9.1.0669: stable python ABI not used by default
    Update .gitignore and .hgignore files
  * v9.1.0668: build-error with python3.12 and stable ABI
    translations: Update generated po files
  * v9.1.0667: Some other options reset curswant unnecessarily when set
  * v9.1.0666: assert_equal( doesn't show multibyte string correctly
    runtime(doc): clarify directory of Vim's executable vs CWD
  * v9.1.0665 :for loop
    runtime(proto): Add indent script for protobuf filetype
  * v9.1.0664: console vim did not switch back to main screen on exit
    runtime(zip): zip plugin does not work with Vim 9.0
  * v9.1.0663: zip test still resets 'shellslash' option
    runtime(zip): use defer to restore old settings
    runtime(zip): add a generic Message function
    runtime(zip): increment base version of zip plugin
    runtime(zip): raise minimum Vim version to * v9.0
    runtime(zip): refactor save and restore of options
    runtime(zip): remove test for fnameescape
    runtime(zip): use :echomsg instead of :echo
    runtime(zip): clean up and remove comments
  * v9.1.0662: filecopy( may return wrong value when readlink( fails
  * v9.1.0661: the zip plugin is not tested.
    runtime(zip): Fix for FreeBSD's unzip command
    runtime(doc): capitalize correctly
  * v9.1.0660: Shift-Insert does work on old conhost
    translation(it): update Italian manpage
    runtime(lua): add/subtract a 'shiftwidth' after '('/')' in indentexpr
    runtime(zip): escape '[' on Unix as well
  * v9.1.0659: MSVC Makefile is a bit hard to read
    runtime(doc): fix typo in syntax.txt
    runtime(doc): -x is only available when compiled with crypt feature
  * v9.1.0658: Coverity warns about dereferencing NULL pointer.
    runtime(colors): update Todo highlight in habamax colorscheme
  * v9.1.0657: MSVC build time can be optimized
  * v9.1.0656: MSVC Makefile CPU handling can be improved
  * v9.1.0655: goaccess config file not recognized
    CI: update clang compiler to version 20
    runtime(netrw): honor `g:netrw_alt{o,v}` for `:{S,H,V}explore`
  * v9.1.0654: completion does not respect completeslash with fuzzy
  * v9.1.0653: Patch v9.1.0648 not completely right
  * v9.1.0652: too many strlen( calls in syntax.c
  * v9.1.0651 :append
  * v9.1.0650: Coverity warning in cstrncmp()
  * v9.1.0649: Wrong comment for "len" argument of call_simple_func()
  * v9.1.0648: [security] double-free in dialog_changed()
  * v9.1.0647: [security] use-after-free in tagstack_clear_entry
    runtime(doc): re-format tag example lines, mention ctags --list-kinds
  * v9.1.0646: imported function may not be found
    runtime(java): Document "g:java_space_errors" and "g:java_comment_strings"
    runtime(java): Cluster optional group definitions and their group links
    runtime(java): Tidy up the syntax file
    runtime(java): Tidy up the documentation for "ft-java-syntax"
    runtime(colors): update habamax scheme - tweak diff/search/todo colors
    runtime(nohlsearch): add missing loaded_hlsearch guard
    runtime(kivy): Updated maintainer info for syntax script
    Maintainers: Add maintainer for ondir ftplugin + syntax files
    runtime(netrw): removing trailing slash when copying files in same
    directory
  * v9.1.0645: wrong match when searching multi-byte char case-insensitive
    runtime(html): update syntax script to sync by 250 minlines by default
  * v9.1.0644: Unnecessary STRLEN( when applying mapping
    runtime(zip): Opening a remote zipfile don't work
    runtime(cuda): source c and cpp ftplugins
  * v9.1.0643: cursor may end up on invalid position
  * v9.1.0642: Check that mapping rhs starts with lhs fails if not
    simplified
  * v9.1.0641: OLE enabled in console version
    runtime(thrift): add ftplugin, indent and syntax scripts
  * v9.1.0640: Makefile can be improved
  * v9.1.0639: channel timeout may wrap around
  * v9.1.0638: E1510 may happen when formatting a message for smsg()
  * v9.1.0637: Style issues in MSVC Makefile

- Update apparmor.vim to latest version (from AppArmor 4.0.2)
  - add support for "all" and "userns" rules, and new profile flags

- Update to 9.1.0636:
  * 9.1.0636: filetype: ziggy files are not recognized
  * 9.1.0635: filetype: SuperHTML template files not recognized
  * 9.1.0634: Ctrl-P not working by default
  * 9.1.0633: Compilation warnings with `-Wunused-parameter`
  * 9.1.0632: MS-Windows: Compiler Warnings
  Add support for Files-Included in syntax script
  tweak documentation style a bit
  * 9.1.0631: wrong completion list displayed with non-existing dir + fuzzy completion
  * 9.1.0630: MS-Windows: build fails with VIMDLL and mzscheme
  * 9.1.0629: Rename of pum hl_group is incomplete
  * 9.1.0628: MinGW: coverage files are not cleaned up
  * 9.1.0627: MinGW: build-error when COVERAGE is enabled
  * 9.1.0626: Vim9: need more tests with null objects
  include initial filetype plugin
  * 9.1.0625: tests: test output all translated messages for all translations
  * 9.1.0624: ex command modifiers not found
  * 9.1.0623: Mingw: errors when trying to delete non-existing files
  * 9.1.0622: MS-Windows: mingw-build can be optimized
  * 9.1.0621: MS-Windows: startup code can be improved
  * 9.1.0620: Vim9: segfauls with null objects
  * 9.1.0619: tests: test_popup fails
  * 9.1.0618: cannot mark deprecated attributes in completion menu
  * 9.1.0617: Cursor moves beyond first line of folded end of buffer
  * 9.1.0616: filetype: Make syntax highlighting off for MS Makefiles
  * 9.1.0615: Unnecessary STRLEN() in make_percent_swname()
  Add single-line comment syntax
  Add syntax test for comments
  Update maintainer info
  * 9.1.0614: tests: screendump tests fail due to recent syntax changes
  * 9.1.0613: tests: termdebug test may fail and leave file around
  Update base-syntax, improve :set highlighting
  Optionally highlight the :: token for method references
  * 9.1.0612: filetype: deno.lock file not recognized
  Use delete() for deleting directory
  escape filename before trying to delete it
  * 9.1.0611: ambiguous mappings not correctly resolved with modifyOtherKeys
  correctly extract file from zip browser
  * 9.1.0610: filetype: OpenGL Shading Language files are not detected
  Fix endless recursion in netrw#Explore()
  * 9.1.0609: outdated comments in Makefile
  update syntax script
  Fix flow mapping key detection
  Remove orphaned YAML syntax dump files
  * 9.1.0608: Coverity warns about a few potential issues
  Update syntax script and remove syn sync
  * 9.1.0607: termdebug: uses inconsistent style
  * 9.1.0606: tests: generated files may cause failure in test_codestyle
  * 9.1.0605: internal error with fuzzy completion
  * 9.1.0604: popup_filter during Press Enter prompt seems to hang
  translation: Update Serbian messages translation
  * 9.1.0603: filetype: use correct extension for Dracula
  * 9.1.0602: filetype: Prolog detection can be improved
  fix more inconsistencies in assert function docs
  * 9.1.0601: Wrong cursor position with 'breakindent' when wide char doesn't fit
  Update base-syntax, improve :map highlighting
  * 9.1.0600: Unused function and unused error constants
  * 9.1.0599: Termdebug: still get E1023 when specifying arguments
  correct wrong comment options
  fix typo "a xterm" -> "an xterm"
  * 9.1.0598: fuzzy completion does not work with default completion
  * 9.1.0597: KeyInputPre cannot get the (unmapped typed) key
  * 9.1.0596: filetype: devscripts config files are not recognized
  gdb file/folder check is now performed only in CWD.
  quote filename arguments using double quotes
  update syntax to SDC-standard 2.1
  minor updates.
  Cleanup :match and :loadkeymap syntax test files
  Update base-syntax, match types in Vim9 variable declarations
  * 9.1.0595: make errors out with the po Makefile
  * 9.1.0594: Unnecessary redraw when setting 'winfixbuf'
  using wrong highlight for UTF-8
  include simple syntax plugin
  * 9.1.0593: filetype: Asymptote files are not recognized
  add recommended indent options to ftplugin
  add recommended indent options to ftplugin
  add recommended indent options to ftplugin
  * 9.1.0592: filetype: Mediawiki files are not recognized
  * 9.1.0591: filetype: *.wl files are not recognized
  * 9.1.0590: Vim9: crash when accessing getregionpos() return value
  'cpoptions': Include "z" in the documented default
  * 9.1.0589: vi: d{motion} and cw work differently than expected
  update included colorschemes
  grammar fixes in options.txt

- Add "Keywords" to gvim.desktop to make searching for gvim easier

- Removed patches, as they're no longer required (refreshing them
  deleted their contents):
  * vim-7.3-help_tags.patch
  * vim-7.4-highlight_fstab.patch
- Reorganise all applied patches in the spec file.
- Update to 9.1.0588:
  * 9.1.0588: The maze program no longer compiles on newer clang
    runtime(typst): Add typst runtime files
  * 9.1.0587: tests: Test_gui_lowlevel_keyevent is still flaky
  * 9.1.0586: ocaml runtime files are outdated
    runtime(termdebug): fix a few issues
  * 9.1.0585: tests: test_cpoptions leaves swapfiles around
  * 9.1.0584: Warning about redeclaring f_id() non-static
    runtime(doc): Add hint how to load termdebug from vimrc
    runtime(doc): document global insert behavior
  * 9.1.0583: filetype: *.pdf_tex files are not recognized
  * 9.1.0582: Printed line doesn't overwrite colon when pressing Enter in Ex mode
  * 9.1.0581: Various lines are indented inconsistently
  * 9.1.0580: :lmap mapping for keypad key not applied when typed in Select mode
  * 9.1.0579: Ex command is still executed after giving E1247
  * 9.1.0578: no tests for :Tohtml
  * 9.1.0577: Unnecessary checks for v:sizeoflong in test_put.vim
  * 9.1.0576: tests: still an issue with test_gettext_make
  * 9.1.0575: Wrong comments in alt_tabpage()
  * 9.1.0574: ex: wrong handling of commands after bar
    runtime(doc): add a note for netrw bug reports
  * 9.1.0573: ex: no implicit print for single addresses
    runtime(vim): make &indentexpr available from the outside
  * 9.1.0572: cannot specify tab page closing behaviour
    runtime(doc): remove obsolete Ex insert behavior
  * 9.1.0571: tests: Test_gui_lowlevel_keyevent is flaky
    runtime(logindefs): update syntax with new keywords
  * 9.1.0570: tests: test_gettext_make can be improved
    runtime(filetype): Fix Prolog file detection regex
  * 9.1.0569: fnamemodify() treats ".." and "../" differently
    runtime(mojo): include mojo ftplugin and indent script
  * 9.1.0568: Cannot expand paths from 'cdpath' setting
  * 9.1.0567: Cannot use relative paths as findfile() stop directories
  * 9.1.0566: Stop dir in findfile() doesn't work properly w/o trailing slash
  * 9.1.0565: Stop directory doesn't work properly in 'tags'
  * 9.1.0564: id() can be faster
  * 9.1.0563: Cannot process any Key event
  * 9.1.0562: tests: inconsistency in test_findfile.vim
    runtime(fstab): Add missing keywords to fstab syntax
  * 9.1.0561: netbeans: variable used un-initialized (Coverity)
  * 9.1.0560: bindtextdomain() does not indicate an error
  * 9.1.0559: translation of vim scripts can be improved
  * 9.1.0558: filetype: prolog detection can be improved
  * 9.1.0557: moving in the buffer list doesn't work as documented
    runtime(doc): fix inconsistencies in :h file-searching
  * 9.1.0556: :bwipe doesn't remove file from jumplist of other tabpages
    runtime(htmlangular): correct comment
  * 9.1.0555: filetype: angular ft detection is still problematic
  * 9.1.0554: :bw leaves jumplist and tagstack data around
  * 9.1.0553: filetype: *.mcmeta files are not recognized
  * 9.1.0552: No test for antlr4 filetype
  * 9.1.0551: filetype: htmlangular files are not properly detected
  * 9.1.0550: filetype: antlr4 files are not recognized
  * 9.1.0549: fuzzycollect regex based completion not working as expected
    runtime(doc): autocmd_add() accepts a list not a dict
  * 9.1.0548: it's not possible to get a unique id for some vars
    runtime(tmux): Update syntax script
  * 9.1.0547: No way to get the arity of a Vim function
  * 9.1.0546: vim-tiny fails on CTRL-X/CTRL-A
    runtime(hlsplaylist): include hlsplaylist ftplugin file
    runtime(doc): fix typo in :h ft-csv-syntax
    runtime(doc): Correct shell command to get $VIMRUNTIME into
    shell
  * 9.1.0545: MSVC conversion warning
  * 9.1.0544: filetype: ldapconf files are not recognized
    runtime(cmakecache): include cmakecache ftplugin file
    runtime(lex): include lex ftplugin file
    runtime(yacc): include yacc ftplugin file
    runtime(squirrel): include squirrel ftplugin file
    runtime(objcpp): include objcpp ftplugin file
    runtime(tf): include tf ftplugin file
    runtime(mysql): include mysql ftplugin file
    runtime(javacc): include javacc ftplugin file
    runtime(cabal): include cabal ftplugin file
    runtime(cuda): include CUDA ftplugin file
    runtime(editorconfig): include editorconfig ftplugin file
    runtime(kivy): update kivy syntax, include ftplugin
    runtime(syntax-tests): Stop generating redundant "*_* 99.dump"
    files
  * 9.1.0543: Behavior of CursorMovedC is strange
    runtime(vim): Update base-syntax, improve :match command
    highlighting
  * 9.1.0542: Vim9: confusing string() output for object functions
  * 9.1.0541: failing test with Vim configured without channel
  * 9.1.0540: Unused assignment in sign_define_cmd()
    runtime(doc): add page-scrolling keys to index.txt
    runtime(doc): add reference to xterm-focus-event from
    FocusGained/Lost
  * 9.1.0539: Not enough tests for what v9.1.0535 fixed
    runtime(doc): clarify how to re-init csv syntax file
  * 9.1.0538: not possible to assign priority when defining a sign
  * 9.1.0537: signed number detection for CTRL-X/A can be improved
  * 9.1.0536: filetype: zone files are not recognized
  * 9.1.0535: newline escape wrong in ex mode
    runtime(man): honor cmd modifiers before `g:ft_man_open_mode`
    runtime(man): use `nnoremap` to map to Ex commands
  * 9.1.0534: completion wrong with fuzzy when cycling back to original
    runtime(syntax-tests): Abort and report failed cursor progress
    runtime(syntax-tests): Introduce self tests for screen dumping
    runtime(syntax-tests): Clear and redraw the ruler line with
    the shell info
    runtime(syntax-tests): Allow for folded and wrapped lines in
    syntax test files
  * 9.1.0533: Vim9: need more tests for nested objects equality
    CI: Pre-v* 9.0.0110 versions generate bogus documentation tag entries
    runtime(doc): Remove wrong help tag CTRL-SHIFT-CR
  * 9.1.0532: filetype: Cedar files not recognized
    runtime(doc): document further keys that scroll page up/down
  * 9.1.0531: resource leak in mch_get_random()
    runtime(tutor): Fix wrong spanish translation
    runtime(netrw): fix remaining case of register clobber
  * 9.1.0530: xxd: MSVC warning about non-ASCII character
  * 9.1.0529: silent! causes following try/catch to not work
    runtime(rust): use shiftwidth() in indent script
  * 9.1.0528: spell completion message still wrong in translations
  * 9.1.0527: inconsistent parameter in Makefiles for Vim executable
  * 9.1.0526: Unwanted cursor movement with pagescroll at start of buffer
    runtime(doc): mention $XDG_CONFIG_HOME instead of $HOME/.config
  * 9.1.0525: Right release selects immediately when pum is truncated.
  * 9.1.0524: the recursive parameter in the *_equal functions can be removed
    runtime(termdebug): Add Deprecation warnings
  * 9.1.0523: Vim9: cannot downcast an object
  * 9.1.0522: Vim9: string(object) hangs for recursive references
  * 9.1.0521: if_py: _PyObject_CallFunction_SizeT is dropped in Python 3.13
  * 9.1.0520: Vim9: incorrect type checking for modifying lists
    runtime(manpager): avoid readonly prompt
  * 9.1.0519: MS-Windows: libvterm compilation can be optimized
  * 9.1.0518: initialize the random buffer can be improved
  * 9.1.0517: MS-Windows: too long lines in Make_mvc.mak
    runtime(terraform): Add filetype plugin for terraform
    runtime(dockerfile): enable spellchecking of comments in
    syntax script
    runtime(doc): rename variable for pandoc markdown support
    runtime(doc): In builtin overview use {buf} as param for
    appendbufline/setbufline
    runtime(doc): clarify, that register 1-* 9 will always be shifted
    runtime(netrw): save and restore register 0-* 9, a and unnamed
    runtime(termdebug): Refactored StartDebug_term and EndDebug
    functions
    runtime(java): Compose "g:java_highlight_signature" and
    "g:java_highlight_functions"
  * 9.1.0516: need more tests for nested dicts and list comparision
  * 9.1.0515: Vim9: segfault in object_equal()
  * 9.1.0514: Vim9: issue with comparing objects recursively
    runtime(termdebug): Change some variables to Enums
    runtime(vim): Update base-syntax, fix function tail comments
  * 9.1.0513: Vim9: segfault with object comparison

- Update to 9.1.0512:
  * Mode message for spell completion doesn't match allowed keys
  * CursorMovedC triggered wrongly with setcmdpos()
  * update runtime files
  * CI: test_gettext fails on MacOS14 + MSVC Win
  * not possible to translate Vim script messages
  * termdebug plugin can be further improved
  * add gomod filetype plugin
  * hard to detect cursor movement in the command line
  * Optionally highlight parameterised types
  * filetype: .envrc & .prettierignore not recognized
  * filetype: Faust files are not recognized
  * inner-tag textobject confused about ">" in attributes
  * cannot use fuzzy keyword completion
  * Remove the group exclusion list from @javaTop
  * wrong return type for execute() function
  * MS-Windows: too much legacy code
  * too complicated mapping restore in termdebug
  * simplify mapping
  * cannot switch buffer in a popup
  * MS-Windows: doesn't handle symlinks properly
  * getcmdcompltype() interferes with cmdline completion
  * termdebug can be further improved
  * update htmldjango detection
  * Improve Turkish documentation
  * include a simple csv filetype and syntax plugin
  * include the the simple nohlsearch package
  * matched text is highlighted case-sensitively
  * Matched text isn't highlighted in cmdline pum
  * Fix typos in several documents
  * clarify when text properties are cleared
  * improve the vim-shebang example
  * revert unintended formatting changes for termdebug
  * Add a config variable for commonly used compiler options
  * Wrong matched text highlighted in pum with 'rightleft'
  * bump length of character references in syntax script
  * properly check mapping variables using null_dict
  * fix KdlIndent and kdlComment in indent script
  * Test for patch 9.1.0489 doesn't fail without the fix
  * Fold multi-line comments with the syntax kind of &fdm
  * using wrong type for PlaceSign()
  * filetype: Vim-script files not detected by shebang line
  * revert unintended change to zip#Write()
  * add another tag for vim-shebang feature
  * Cmdline pum doesn't work properly with 'rightleft'
  * minor style problems with patch 9.1.0487
  * default completion may break with fuzzy
  * Wrong padding for pum "kind" with 'rightleft'
  * Update base-syntax, match shebang lines
  * MS-Windows: handle files with spaces properly
  * Restore HTML syntax file tests
  * completed item not update on fuzzy completion
  * filetype: Snakemake files are not recognized
  * make TermDebugSendCommand() a global function again
  * close all buffers in the same way
  * Matched text shouldn't be highlighted in "kind" and "menu"
  * fix wrong helptag for :defer
  * Update base-syntax, match :sleep arg
  * include Georgian keymap
  * Sorting of completeopt+=fuzzy is not stable
  * correctly test for windows in NetrwGlob()
  * glob() on windows fails with [] in directory name
  * rewrite mkdir() doc and simplify {flags} meaning
  * glob() not sufficiently tested
  * update return type for job_info()
  * termdebug plugin needs more love
  * correct return types for job_start() and job_status()
  * Update base-syntax, match :catch and :throw args
  * Include element values in non-marker annotations
  * Vim9: term_getjob() throws an exception on error
  * fuzzy string matching executed when not needed
  * fuzzy_match_str_with_pos() does unnecessary list operations
  * restore description of "$" in col() and virtcol()
  * deduplicate getpos(), line(), col(), virtcol()
  * Update g:vimsyn_comment_strings dump file tests
  * Use string interpolation instead of string concat
  * potential deref of NULL pointer in fuzzy_match_str_with_pos
  * block_editing errors out when using <enter>
  * Update base-syntax, configurable comment string highlighting
  * fix typos in syntax.txt
  * Cannot see matched text in popup menu
  * Update base-syntax, match multiline continued comments
  * clarify documentation for "v" position at line()
  * cmod_split modifier is always reset in term_start()
  * remove line-continuation characters
  * use shiftwidth() instead of &tabstop in indent script
  * Remove orphaned screen dump files
  * include syntax, indent and ftplugin files
  * CI: Test_ColonEight() fails on github runners
  * add missing Enabled field in syntax script
  * basic svelte ftplugin file
  * term_start() does not clear vertical modifier
  * fix mousemodel restoration by comparing against null_string
  * Added definitions of Vim scripts and plugins
  * Exclude lambda expressions from _when_ _switch-case_ label clauses
  * Fix saved_mousemodel check
  * Inconsistencies between functions for option flags
  * Crash when using autocmd_get() after removing event inside autocmd
  * Fix small style issues
  * add return type info for Vim function descriptions
  * Update Italian Vim manpage
  * disable the q mapping
  * Change 'cms' for C++ to '// %s'
  * fix type mismatch error
  * Fix wrong email address
  * convert termdebug plugin to Vim9 script

- Update to 9.1.0470:
  * tests Test_ColonEight_MultiByte() fails sporadically
  * Cannot have buffer-local value for 'completeopt'
  * GvimExt does not consult HKEY_CURRENT_USER
  * typos in some comments
  * runtime(vim): Update base-syntax, allow whitespace before
    :substitute pattern
  * Missing comments for fuzzy completion
  * runtime(man): update Vim manpage
  * runtime(comment): clarify the usage of 'commentstring' option
    value
  * runtime(doc): clarify how fuzzy 'completeopt' should work
  * runtime(netrw): prevent accidental data loss
  * missing filecopy() function
  * no whitespace padding in commentstring option in ftplugins
  * no fuzzy-matching support for insert-completion
  * eval5() and eval7 are too complex
  * too many strlen() calls in drawline.c
  * filetype lintstagedrc files are not recognized
  * Vim9 import autoload does not work with symlink
  * Coverity complains about division by zero
  * tests test_gui fails on Wayland
  * Left shift is incorrect with vartabstop and shiftwidth=0
  * runtime(doc): clarify 'shortmess' flag "S"
  * MS-Windows compiler warning for size_t to int conversion
  * runtime(doc): include some vim9 script examples in the help
  * minor issues in test_filetype with rasi test
  * filetype rasi files are not recognized
  * runtime(java): Improve the matching of lambda expressions
  * Configure checks for libelf unnecessarily
  * No test for escaping '<' with shellescape()
  * check.vim complains about overlong comment lines
  * translation(it): Update Italian translation
  * evalc. code too complex
  * MS-Windows Compiler warnings

- Update to 9.1.0448:
  * compiler warning in eval.c
  * remove remaining css code
  * Add ft_hare.txt to Reference Manual TOC
  * re-generate vim syntax from generator
  * fix syntax vim bug
  * completion may be wrong when deleting all chars
  * getregionpos() inconsistent for partly-selected multibyte char
  * fix highlighting nested and escaped quotes in string props
  * remove the indent plugin since it has too many issues
  * update Debian runtime files
  * Coverity warning after 9.1.0440
  * Not enough tests for getregion() with multibyte chars
  * Can't use blockwise selection with width for getregion()
  * update outdated syntax files
  * fix floating_modifier highlight
  * hare runtime files outdated
  * getregionpos() can't properly indicate positions beyond eol
  * function get_lval() is too long
  * Cannot filter the history
  * Wrong Ex command executed when :g uses '?' as delimiter
  * support floating_modifier none; revert broken highlighting
  * Motif requires non-const char pointer for XPM  data
  * Crash when using '?' as separator for :s
  * filetype: cygport files are not recognized
  * make errors trying to access autoload/zig
  * Wrong yanking with exclusive selection and ve=all
  * add missing help tags file
  * Ancient XPM preprocessor hack may cause build errors
  * include basic rescript ftplugin file
  * eval.c is too long
  * getregionpos() doesn't handle one char selection
  * check for gdb file/dir before using as buffer name
  * refactor zig ftplugin, remove auto format
  * Coverity complains about eval.c refactor
  * Tag guessing leaves wrong search history with very short names
  * some issues with termdebug mapping test
  * update matchit plugin to v1.20
  * too many strlen() calls in search.c
  * set commentstring option
  * update vb indent plugin as vim9script
  * filetype: purescript files are not recognized
  * filetype: slint files are not recognized
  * basic nim ftplugin file for comments
  * Add Arduino ftplugin and indent files
  * include basic typst ftplugin file
  * include basic prisma ftplugin file
  * include basic v ftplugin for comment support
  * getregionpos() wrong with blockwise mode and multibyte
  * function echo_string_core() is too long
  * hyprlang files are not recognized
  * add basic dart ftplugin file
  * basic ftplugin file for graphql
  * mention comment plugin at :h 'commentstring'
  * set commentstring for sql files in ftplugin
  * :browse oldfiles prompts even with single entry
  * eval.c not sufficiently tested
  * clarify why E195 is returned
  * clarify temporary file clean up
  * fix :NoMatchParen not working
  * Cannot move to previous/next rare word
  * add basic ftplugin file for sshdconfig
  * if_py: find_module has been removed in Python 3.12.0a7
  * some screen dump tests can be improved
  * Some functions are not tested
  * clarify instal instructions for comment package
  * Unable to leave long line with 'smoothscroll' and 'scrolloff'
  * fix typo in vim9script help file
  * Remove trailing spaces
  * clarify {special} argument for shellescape()

- update to 9.1.0413
  * smoothscroll may cause infinite loop
  * add missing entries for the keys CTRL-W g<Tab> and <C-Tab>
  * update vi_diff.txt: add default value for 'flash'
  * typo in regexp_bt.c in DEBUG code
  * allow indented commands
  * Fix wrong define regex in ftplugin
  * Filter out non-Latin-1 characters for syntax tests
  * prefer scp over pscp
  * fix typo in usr_52.txt
  * too long functions in eval.c
  * warning about uninitialized variable
  * too many strlen() calls in the regexp engine
  * E16 fix, async keyword support for define
  * Stuck with long line and half-page scrolling
  * Divide by zero with getmousepos() and 'smoothscroll'
  * update and remove  some invalid links
  * update translation of xxd manpage
  * Recursively delete directories by default with netrw delete command
  * Strive to remain compatible for at least Vim 7.0
  * tests: xxd buffer overflow fails on 32-bit
  * Stop handpicking syntax groups for @javaTop
  * [security] xxd: buffer-overflow with specific flags
  * Vim9: not able to import file from start dir
  * filetype: mdd files detected as zsh filetype
  * filetype: zsh module files are not recognized
  * Remove hardcoded private.ppk logic from netrw
  * Vim9: confusing error message for unknown type
  * block_editing errors out when using del
  * add new items to scripts section in syntax plugin
  * Vim9: imported vars are not properly type checked
  * Wrong display with 'smoothscroll' when changing quickfix list
  * filetype: jj files are not recognized
  * getregionpos() may leak memory on error
  * The CODEOWNERS File is not useful
  * Remove and cleanup Win9x legacy from netrw
  * add MsgArea to 'highlight' option description
  * Cannot get a list of positions describing a region
  * Fix digit separator in syntax script for octals and floats
  * Update link to Wikipedia Vi page
  * clear $MANPAGER in ftplugin before shelling out
  * Fix typos in help documents
  * 'viewdir' not respecting $XDG_CONFIG_HOME
  * tests: Vim9 debug tests may be flaky
  * correct getscriptinfo() example
  * Vim9: could improve testing
  * test_sound fails on macos-12
  * update Serbian menu
  * update Slovak menu
  * update Slovenian menu
  * update Portuguese menu
  * update Dutch menu
  * update Korean menu
  * update Icelandic menu
  * update Czech menu
  * update Afrikaans menu
  * update German menu
  * filetype: inko files are not recognized
  * filetype: templ files are not recognized
  * cursor() and getregion() don't handle v:maxcol well
  * Vim9: null value tests not sufficient
  * update Catalan menu
  * filetype: stylus files not recognized
  * update spanish menu localization
  * regenerate helptags
  * Vim9: crash with null_class and null_object
  * Add tags about lazyloading of menu
  * tests: vt420 terminfo entry may not be found
  * filetype: .out files recognized as tex files
  * filetype: Kbuild files are not recognized
  * cbuffer and similar commands don't accept a range
  * Improve the recognition of the "indent" method declarations
  * Fix a typo in usr_30.txt
  * remove undefined var s:save_cpoptions and add include setting
  * missing setlocal in indent plugin
  * Calculating line height for unnecessary amount of lines
  * improve syntax file performance
  * There are a few typos
  * Vim9: no comments allowed after class vars
  * CI: remove trailing white space in documentation
  * Formatting text wrong when 'breakindent' is set
  * Add oracular (24.10) as Ubuntu release name
  * Vim9: Trailing commands after class/enum keywords ignored
  * tests: 1-second delay after Test_BufEnter_botline()
  * update helptags for jq syntax
  * include syntax, ftplugin and compiler plugin
  * fix typo synconcealend -> synconcealed
  * include a simple comment toggling plugin
  * wrong botline in BufEnter
  * clarify syntax vs matching mechanism
  * fix undefined variable in indent plugin
  * ops.c code uses too many strlen() calls
  * Calling CLEAR_FIELD() on the same struct twice
  * Vim9: compile_def_function() still too long
  * Update Serbian messages
  * clarify the effect of setting the shell to powershell
  * Improve the recognition of the "style" method declarations
  * Vim9: problem when importing autoloaded scripts
  * compile_def_function is too long
  * filetype: ondir files are not recognized
  * Crash when typing many keys with D- modifier
  * tests: test_vim9_builtin is a bit slow
  * update documentation
  * change the download URL of "libsodium"
  * tests: test_winfixbuf is a bit slow
  * Add filetype, syntax and indent plugin for Astro
  * expanding rc config files does not work well
  * Vim9: vim9type.c is too complicated
  * Vim9: does not handle autoloaded variables well
  * minor spell fix in starting.txt
  * wrong drawing in GUI with setcellwidth()
  * Add include and suffixesadd
  * Page scrolling should place cursor at window boundaries
  * align command line table
  * minor fixes to starting.txt
  * fix comment definition in filetype plugin
  * filetype: flake.lock files are not recognized
  * runtime(uci): No support for uci file types
  * Support "g:ftplugin_java_source_path" with archived files
  * tests: Test_autoload_import_relative_compiled fails on Windows
  * Finding cmd modifiers and cmdline-specials is inefficient
  * No test that completing a partial mapping clears 'showcmd'
  * tests: test_vim9_dissamble may fail
  * Vim9: need static type for typealias
  * X11 does not ignore smooth scroll event
  * A few typos in test_xdg when testing gvimrc
  * Patch v9.1.0338 fixed sourcing a script with import
  * Problem: gvimrc not sourced from XDG_CONFIG_HOME
  * Cursor wrong after using setcellwidth() in terminal
  * 'showcmd' wrong for partial mapping with multibyte
  * tests: test_taglist fails when 'helplang' contains non-english
  * Problem: a few memory leaks are found
  * Problem: Error with matchaddpos() and empty list
  * tests: xdg test uses screen dumps
  * Vim9: import through symlinks not correctly handled
  * Missing entry for XDG vimrc file in :version
  * tests: typo in test_xdg
  * runtime(i3config/swayconfig): update syntax scripts
  * document pandoc compiler and enable configuring arguments
  * String interpolation fails for List type
  * No test for highlight behavior with 'ambiwidth'
  * tests: test_xdg fails on the appimage repo
  * tests: some assert_equal() calls have wrong order of args
  * make install does not install all files
  * runtime(doc): fix typos in starting.txt
wget
- Drop support for shorthand URLs
  * Breaking change to fix CVE-2024-10524.
  [+ drop-support-for-shorthand-URLs.patch, bsc#1233773]
xen
- bsc#1232622 - VUL-0: CVE-2024-45818: xen: Deadlock in x86 HVM
  standard VGA handling (XSA-463)
  xsa463-01.patch
  xsa463-02.patch
  xsa463-03.patch
  xsa463-04.patch
  xsa463-05.patch
  xsa463-06.patch
  xsa463-07.patch
  xsa463-08.patch
  xsa463-09.patch
  xsa463-10.patch
- bsc#1232624 - VUL-0: CVE-2024-45819: xen: libxl leaks data to PVH
  guests via ACPI tables (XSA-464)
  xsa464.patch
- Drop the following patches
  stdvga-cache.patch

- bsc#1232542 - remove usage of net-tools-deprecated from supportconfig plugin
xstream
- Upgrade to 1.4.21
  * Security fixes
    + This maintenance release addresses the security vulnerability
    CVE-2024-47072 (bsc#1233085), when using the BinaryDriver to
    unmarshal a manipulated input stream causing a Denial of
    Service due to a stack overflow.
  * Major changes
    + #350: Optimize memory allocation
    + Add a converter for the WeakHashMap which does not write any
    elements of the map. Avoids also access to the ReentrantLock
    contained in the WeakHashMap since Java 19.
  * Minor changes
    + #335: Allow PrettyPrintWriter to replace invalid XML
    characters when not running in quirks mode
    + #331, #326: Fix handling of empty
    java.util.concurrent.atomic.AtomicReference
    + #334: Fix remaining buffer size calculation in QuickWriter
    + #342: Optimize internal handling of children in DomReader
    avoiding O(n^2) access times for siblings
    + #349: Fix support of lambda objects for Java 21 and above
    + #359: Add KEYS file with public keys to verify signed
    artifacts.
    + Detect input manipulation in
    c.t.x.io.binary.BinaryStreamReader.
    + Use Jettison 1.5.4 by default for Java Runtimes version 8 or
    higher.
  * API changes
    + Added constant
    c.t.x.io.xml.PrettyPrintWriter.XML_1_0_REPLACEMENT.
    + Added constant
    c.t.x.io.xml.PrettyPrintWriter.XML_1_1_REPLACEMENT.
    + Added c.t.x.converters.collections.WeakHashMapConverter.
    + Protected field fieldsToOmit of
    c.t.x.mapper.ElementIgnoringMapper set to private.
    + Protected field unknownElementsToIgnore of
    c.t.x.mapper.ElementIgnoringMapper set to private.
  * Stream compatibility
    + The WeakHashMaps, that have been written with previous
    versions of XStream, can still be deserialized.
- Build against the stax:stax and stax:stax-api artifact
  and without hibernate unconditionally
- Modified patch:
  * Revert-MXParser-changes.patch
    + rediff

- Use %patch -P N instead of deprecated %patchN.

- Build with source/target 8 with java 18+

- Reproducible builds: use SOURCE_DATE_EPOCH for timestamp

- Make dependency on bea-stax optional and disable it by default
zypper
- info: Allow to query a specific version (jsc#PED-11268)
  To query for a specific version simply append "-<version>" or
  "-<version>-<release>" to the "<name>" pattern. Note that the
  edition part must always match exactly.
- version 1.14.79

- Don't try to download missing raw metadata if cache is not
  writable (bsc#1225451)
- man: Update 'search' command description.
  Hint to "se -v" showing the matches within the packages metadata.
  Explain that search strings starting with a "/" will implicitly
  look into the filelist as well. Otherfise an explicit "-f" is
  needed.
- version 1.14.78