- fix (bsc#1194883) - aaa_base: Set net.ipv4.ping_group_range to
  allow ICMP ping
- added patches
  + git-40-d004657a244d75b372a107c4f6097b42ba1992d5.patch
- Port change from Thu Sep 30 08:51:55 UTC 2022 forword to
  current version which includes a rename of patch
  as otherwise autopatch macro does not work anymore
- Include all fixes and changes for systemwide inputrc to remove
  the 8 bit escape sequence which interfere with UTF-8 multi byte
  characters as well as support the vi mode of readline library.
  This is done with the patches
  * git-41-f00ca2600331602241954533a1b1610d1da57edf.patch
  * git-42-f39a8d18719c3b34373e0e36098f0f404121b5c5.patch
  before the changed patch
  rename it to
  and also add the patches
  * git-44-425f3e9b44ba9ead865d70ff6690d5f2869442dc.patch
  * git-45-bf0a31597d0ed3562bfc5e6be0ade2fe5dc1f7a1.patch
- modified patches
  % apache2-CVE-2022-23943.patch (refreshed)
- security update
- added patches
  fix CVE-2022-23943 [bsc#1197098], heap out-of-bounds write in mod_sed
  + apache2-CVE-2022-23943.patch
  fix CVE-2022-22720 [bsc#1197095], HTTP request smuggling due to incorrect error handling
  + apache2-CVE-2022-22720.patch
  fix CVE-2022-22719 [bsc#1197091], use of uninitialized value of in r:parsebody in mod_lua
  + apache2-CVE-2022-22719.patch
  fix CVE-2022-22721 [bsc#1197096], possible buffer overflow with very large or unlimited LimitXMLRequestBody
  + apache2-CVE-2022-22721.patch
- security update
- support new chrony 4.1 options (jsc#SLE-17334)
- Downgrade python3-Twisted to a Recommends. It is not available
  on SLED or PackageHub, and it is only needed by avahi-bookmarks
- Add avahi-bookmarks-import-warning.patch: fix warning when
  twisted is not available.
- Replace avahi-0.6.31-systemd-order.patch with
  avahi-add-resolv-conf-to-inotify.patch: re-read configuration
  when resolv.conf changes, per discussion on the bug
- Have python3-avahi require python3-dbus-python, not the
  python 2 dbus-1-python package (bsc#1195614).
- Reinstate avahi-0.6.31-systemd-order.patch (boo#1194561).
  This can probably go away if/when gh#lathiat/avahi#118 is fixed.
- Drop avahi-0.6.32-suppress-resolv-conf-warning.patch: we should
  no longer need this given the above patch.
- Move sftp-ssh and ssh services to the doc directory. They allow
  a host's up/down status to be easily discovered and should not
  be enabled by default (boo#1179060).
- When using forwarders, bogus NS records supplied by, or via, those
  forwarders may be cached and used by named if it needs to recurse
  for any reason, causing it to obtain and pass on potentially
  incorrect answers.
  [CVE-2021-25220, bsc#1197135, bind-9.16.27-0001-CVE-2021-25220.patch]
- systemctl location (bsc#1193531)
  - Add cloud-init-sysctl-not-in-bin.patch
  - The sytemctl executable is not necessarily in '/bin'
- Remove unneeded BuildRequires on python3-nose.
- Update to version 10.0.2
  + Fix name of logfile in error message
  + Fix variable scoping to properly detect registration error
  + Cleanup any artifacts on registration failure
  + Fix latent bug with /etc/hosts population
  + Do not throw error when attemting to unregister a system that is not
  + Skip extension registration if the extension is recommended by the
    baseproduct as it gets automatically installed
- Update to version 10.0.1 (bsc#1197113)
  + Provide status feedback on registration, success or failure
  + Log warning message if data provider is configured but no data
    can be retrieved
- Update -addon-azure to 1.0.3 follow up fix for (bsc#1195414, bsc#1195564)
  + The repo enablement timer cannot depend on guestregister.service
- Fix module loading (bsc#1190743 ltc#194414).
  + crash-mod-fix-module-object-file-lookup.patch
  * (CVE-2022-25236, bsc#1196784) [>=2.4.5] Fix to CVE-2022-25236
    breaks biboumi, ClairMeta, jxmlease, libwbxml,
    openleadr-python, rnv, xmltodict
  - Added expat-CVE-2022-25236-relax-fix.patch
- Security fixes:
- Add /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)
- pthread-rwlock-trylock-stalls.patch: nptl: Fix pthread_rwlock_try*lock
  stalls (bsc#1195560, BZ #23844)
- clnt-create-unix-overflow.patch: Buffer overflow in sunrpc clnt_create
  for "/unix"/ (CVE-2022-23219, bsc#1194768, BZ #22542)
- svcunix-create-overflow.patch: Buffer overflow in sunrpc svcunix_create
  (CVE-2022-23218, bsc#1194770, BZ #28768)
- getcwd-erange.patch: getcwd: Set errno to ERANGE for size == 1
  (CVE-2021-3999, bsc#1194640, BZ #28769)
- pop-fail-stack.patch: Assertion failure in pop_fail_stack when executing
  a malformed regexp (CVE-2015-8985, bsc#1193625, BZ #21163)
- Update to upstream tag jdk-
  * Changes:
    + JDK-8280786: Build failure on Solaris after 8262392
    + JDK-8218546: Unable to connect to using
    + JDK-8281324: Bump update version for OpenJDK: jdk-
- Update to upstream tag jdk-11.0.14+9 (January 2022 CPU)
  * New features
    + JDK-8248238: Implementation: JEP 388: Windows AArch64 Support
  * Security fixes
    + JDK-8217375: jarsigner breaks old signature with long lines
    in manifest
    + JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if
    zip has dir named "/."/ inside
    + JDK-8264934, CVE-2022-21248, bnc#1194926: Enhance cross VM serialization
    + JDK-8268488: More valuable DerValues
    + JDK-8268494: Better inlining of inlined interfaces
    + JDK-8268512: More content for ContentInfo
    + JDK-8268795: Enhance digests of Jar files
    + JDK-8268801: Improve PKCS attribute handling
    + JDK-8268813, CVE-2022-21283, bnc#1194937: Better String matching
    + JDK-8269151: Better construction of EncryptedPrivateKeyInfo
    + JDK-8269944: Better HTTP transport redux
    + JDK-8270386, CVE-2022-21291, bsc#1194925: Better verification
    of scan methods
    + JDK-8270392, CVE-2022-21293, bsc#1194935: Improve String
    + JDK-8270416, CVE-2022-21294, bsc#1194934: Enhance construction
    of Identity maps
    + JDK-8270492, CVE-2022-21282, bsc#1194933: Better resolution of
    + JDK-8270498, CVE-2022-21296, bsc#1194932: Improve SAX Parser
    configuration management
    + JDK-8270646, CVE-2022-21299, bsc#1194931: Improved scanning of
    XML entities
    + JDK-8270952, CVE-2022-21277, bsc#1194930: Improve TIFF file
    + JDK-8271962: Better TrueType font loading
    + JDK-8271968: Better canonical naming
    + JDK-8271987: Manifest improved manifest entries
    + JDK-8272014, CVE-2022-21305, bsc#1194939: Better array
    + JDK-8272026, CVE-2022-21340, bsc#1194940: Verify Jar
    + JDK-8272236, CVE-2022-21341, bsc#1194941: Improve serial forms
    for transport
    + JDK-8272272: Enhance jcmd communication
    + JDK-8272462: Enhance image handling
    + JDK-8273290: Enhance sound handling
    + JDK-8273756, CVE-2022-21360, bsc#1194929: Enhance BMP image
    + JDK-8273838, CVE-2022-21365, bsc#1194928: Enhanced BMP
    + JDK-8274096, CVE-2022-21366, bsc#1194927: Improve decoding of
    image files
    + JDK-8279541: Improve HarfBuzz
  * Other changes
    + JDK-6849922: java/awt/Choice/ChoiceKeyEventReaction/
    /ChoiceKeyEventReaction.html fails
    + JDK-7105119: [TEST_BUG] [macosx] In test
    UIDefaults.toString() must be called with the invokeLater()
    + JDK-7151826: [TEST_BUG] [macosx] The test
    javax/swing/JPopupMenu/4966112/ not for mac
    + JDK-7179006: [macosx] Print-to-file doesn't work: printing to
    the default printer instead
    + JDK-8015602: [macosx] Test javax/swing/SpringLayout/4726194/
    / fails on MacOSX
    + JDK-8034084: nsk.nsk/jvmti/ThreadStart/threadstart003 Wrong
    number of thread end events
    + JDK-8039261: [TEST_BUG]: There is not a minimal security
    level in Java Preferences and the TestApplet.html is blocked.
    + JDK-8047218: [TEST_BUG] java/awt/FullScreen/AltTabCrashTest/
    / fails with exception
    + JDK-8075909: [TEST_BUG] The regression-swing case failed as
    it does not have the 'Open' button when select 'subdir' folder
    with NimbusLAF
    + JDK-8078219: Verify lack of @test tag in files in java/net
    test directory
    + JDK-8080569: java/lang/ProcessBuilder/ fails
    with "/RuntimeException: Process terminated prematurely"/
    + JDK-8081652: [TESTBUG] java/lang/management/ThreadMXBean/
    / timed out intermittently
    + JDK-8129310: java/net/Socket/asyncClose/ fails
    + JDK-8131745: java/lang/management/ThreadMXBean/
    / still fails intermittently
    + JDK-8136517: [macosx] Test java/awt/Focus/8073453/
    / fails on MacOSX
    + JDK-8137101: [TEST_BUG] javax/swing/plaf/basic/BasicHTML/
    /4251579/ failure due to timing
    + JDK-8143021: [TEST_BUG] Test javax/swing/JColorChooser/
    / fails
    + JDK-8159597: [TEST_BUG] closed/javax/swing/JPopupMenu/4760494/
    / leaves key pressed
    + JDK-8159904: [TEST_BUG] Failure on solaris of
    + JDK-8163086: java/awt/Window/TranslucentJAppletTest/
    / fails
    + JDK-8165828: [TEST_BUG] The reg case: javax/swing/plaf/metal/
    /MetalIcons/ failed as No Metal Look
    and Feel
    + JDK-8169953: JComboBox/8057893: ComboBoxEdited event is not
    fired! on Windows
    + JDK-8169954: JFileChooser/8021253: java.lang.RuntimeException:
    Default button is not pressed
    + JDK-8169959: javax/swing/JTable/6263446/
    Table should be editing
    + JDK-8171381: [TEST_BUG] [macos] javax/swing/JPopupMenu/
    /7156657/ fails on OS X
    + JDK-8171998: javax/swing/JMenu/4692443/ fails
    on Windows
    + JDK-8174819: java/nio/file/WatchService/
    fails intermittently
    + JDK-8179880: Refactor javax/security shell tests to plain
    java tests
    + JDK-8180568: Refactor javax/crypto shell tests to plain java
    + JDK-8180569: Refactor sun/security/krb5/ shell tests to plain
    java tests
    + JDK-8180571: Refactor sun/security/pkcs11 shell tests to
    plain java tests and fix failures
    + JDK-8180573: Refactor sun/security/tools shell tests to plain
    java tests
    + JDK-8187649: ArrayIndexOutOfBoundsException in
    + JDK-8190753: (zipfs): Accessing a large entry (> 2^31 bytes)
    leads to a negative initial size for ByteArrayOutputStream
    + JDK-8195703: 'App exited
    unexpectedly with 2'
    + JDK-8196096: javax/swing/JPopupMenu/6580930/
    + JDK-8197560: test javax/swing/JTree/8003400/
    + JDK-8197800: Test java/awt/Focus/NonFocusableWindowTest/
    / fails on Windows
    + JDK-8197811: Test java/awt/Choice/PopupPosTest/
    / fails on Windows
    + JDK-8198616: java/awt/Focus/6378278/
    fails on mac
    + JDK-8198617: java/awt/Focus/6382144/
    fails on mac
    + JDK-8198619: java/awt/Focus/FocusTraversalPolicy/
    fails on mac
    + JDK-8198623: java/awt/KeyboardFocusmanager/TypeAhead/
    fails on mac
    + JDK-8198624: java/awt/KeyboardFocusmanager/TypeAhead/
    /SubMenuShowTest/SubMenuShowTest.html fails on mac
    + JDK-8199138: Add RISC-V support to Zero
    + JDK-8199529: javax/swing/text/Utilities/8142966/
    / fails on windows
    + JDK-8201224: Make string buffer size dynamic in
    + JDK-8202342: [Graal] fromTonga/nsk/jvmti/unit/
    /FollowReferences/followref003/ fails with
    "/Location mismatch"/ errors
    + JDK-8204161: [TESTBUG] auto failed with the "/Applet thread
    threw exception: java.lang.UnsupportedOperationException"/
    + JDK-8206085: Refactor
    + JDK-8207936: TestZipFile failed with java.lang.AssertionError
    + JDK-8208242: Add @requires to vmTestbase/gc/g1 tests
    + JDK-8209611: use C++ compiler for hotspot tests
    + JDK-8210182: Remove macros for C compilation from vmTestBase
    but non jvmti
    + JDK-8210198: Clean up JNI_ENV_ARG for
    vmTestbase/jvmti/Get[A-F] tests
    + JDK-8210205: build fails on AIX in hotspot cpp tests (for
    example getstacktr001.cpp)
    + JDK-8210242: [TESTBUG] vmTestbase/nsk/stress/jni/
    on windows-x86
    + JDK-8210353: Move java/util/Arrays/
    back to tier1
    + JDK-8210385: Clean up JNI_ENV_ARG and factorize the macros
    for vmTestbase/jvmti[A-N] tests
    + JDK-8210392: assert(Compile::current()->live_nodes() <
    Compile::current()->max_node_limit()) failed: Live Node limit
    exceeded limit
    + JDK-8210395: Add doc to
    + JDK-8210429: Clean up JNI_ENV_ARG for
    vmTestbase/jvmti/Get[G-Z] tests
    + JDK-8210481: Remove #ifdef cplusplus from vmTestbase
    + JDK-8210593: Clean up JNI_ENV_ARG and factorize the macros
    for vmTestbase/jvmti[N-R] tests
    + JDK-8210665: Clean up JNI_ENV_ARG and factorize the macros
    for vmTestbase/jvmti[R-U] tests
    + JDK-8210689: Remove the multi-line old C style for string
    + JDK-8210700: Clean up JNI_ENV_ARG and factorize the macros
    for vmTestbase/jvmti/unit tests
    + JDK-8210726: Fix up a few minor nits forgotten by JDK-8210665
    + JDK-8210920: Native C++ tests are not using CXXFLAGS
    + JDK-8210984: [TESTBUG] hs203t003 fails with "/# ERROR:
    hs203t003.cpp, 218: NSK_CPP_STUB2 ( ResumeThread, jvmti,
    + JDK-8211036: Remove the NSK_STUB macros from vmTestbase for
    non jvmti
    + JDK-8211131: Remove the NSK_CPP_STUB macros from vmTestbase
    for jvmti/[G-I]*
    + JDK-8211148: var in implicit lambdas shouldn't be accepted
    for source < 11
    + JDK-8211171: move JarUtils to top-level testlibrary
    + JDK-8211227: Inconsistent TLS protocol version in debug output
    + JDK-8211261: Remove the NSK_CPP_STUB macros from vmTestbase
    for jvmti/[A-G]*
    + JDK-8211432: [REDO] Handle JNIGlobalRefLocker.cpp
    + JDK-8211782: Remove the NSK_CPP_STUB macros from vmTestbase
    for jvmti/[I-S]*
    + JDK-8211801: Remove the NSK_CPP_STUB macros from vmTestbase
    for jvmti/scenarios/[A-E]
    + JDK-8211899: Remove the NSK_CPP_STUB macros from vmTestbase
    for jvmti/scenarios/[E-M]
    + JDK-8211905: Remove multiple casts for EM06 file
    + JDK-8211999: Window positioning bugs due to overlapping
    GraphicsDevice bounds (Windows/HiDPI)
    + JDK-8212082: Remove the NSK_CPP_STUB macros for remaining
    + JDK-8212083: Handle remaining gc/lock native code and fix two
    + JDK-8212148: Remove remaining NSK_CPP_STUBs
    + JDK-8213110: Remove the use of applets in automatic tests
    + JDK-8213189: Make restricted headers in HTTP Client
    configurable and remove Date by default
    + JDK-8213263: fix legal headers in test/langtools
    + JDK-8213296: Fix legal headers in test/jdk/java/net
    + JDK-8213301: Fix legal headers in jdk logging tests
    + JDK-8213305: Fix legal headers in test/java/math
    + JDK-8213306: Fix legal headers in test/java/nio
    + JDK-8213328: Update test copyrights in test/java/util/zip and
    + JDK-8213330: Fix legal headers in i18n tests
    + JDK-8213707: [TEST] vmTestbase/nsk/stress/except/
    / failed due to wrong class name
    + JDK-8214469: [macos] PIT: java/awt/Choice/
    /ChoiceKeyEventReaction/ fails
    + JDK-8215410: Regression test for JDK-8214994
    + JDK-8215568: Refactor SA clhsdb tests to use ClhsdbLauncher
    + JDK-8215624: Add parallel heap iteration for jmap u2013histo
    + JDK-8215889: assert(!_unloading) failed: This oop is not
    available to unloading class loader data with ZGC
    + JDK-8216318: The usage of Disposer in the java.awt.Robot can
    be deleted
    + JDK-8216417: cleanup of IPv6 scope-id handling
    + JDK-8217377: javax/swing/JPopupMenu/6583251/
    failed with UnsupportedOperation exception
    + JDK-8217438: Adapt tools//launcher/ for AIX
    + JDK-8217633: Configurable extensions with system properties
    + JDK-8217882: java/net/httpclient/ failed once
    + JDK-8217903: java/net/httpclient/ fails with
    + JDK-8218483: Crash in
    "/assert(_daemon_threads_count->get_value() > daemon_count)
    failed: thread count mismatch 5 : 5"/
    + JDK-8219986: Change to Xcode 10.1 for building on Macosx at
    + JDK-8220575: Correctly format test URI's that contain a
    retrieved IPv6 address
    + JDK-8221259: New tests for to exercise long
    standing behavior
    + JDK-8221305: java/awt/FontMetrics/ fails
    on MacOS + Solaris
    + JDK-8221902: PIT: javax/swing/JRadioButton/FocusTraversal/
    / fails on ubuntu
    + JDK-8221903: PIT: javax/swing/RepaintManager/IconifyTest/
    / fails on ubuntu18.04
    + JDK-8222446: assert(C->env()->system_dictionary_modification_counter_changed())
    failed: Must invalidate if TypeFuncs differ
    + JDK-8223137: Rename predicate 'do_unroll_only()' to
    + JDK-8223138: Small clean-up in loop-tree support.
    + JDK-8223139: Rename mandatory policy-do routines.
    + JDK-8223140: Clean-up in 'ok_to_convert()'
    + JDK-8223141: Change (count) suffix _ct into _cnt.
    + JDK-8223400: Replace some enums with static const members in
    + JDK-8223658: Performance regression of XML.validation in
    + JDK-8223923: C2: Missing interference with mismatched unsafe
    + JDK-8224829: has timing issue
    + JDK-8225083: Remove Google certificate that is expiring in
    December 2021
    + JDK-8226514: Replace wildcard address with loopback or local
    host in tests - part 17
    + JDK-8226943: compile error in libfollowref003.cpp  with XCode
    10.2 on macosx
    + JDK-8228442: DHKeyExchange/ failed
    due to "/SSLException: An established connection was aborted by
    the software in your host machine"/
    + JDK-8228508: [TESTBUG] java/net/httpclient/
    fails on Windows7
    + JDK-8229935: [TEST_BUG]: inconsistently
    positions text
    + JDK-8230019: [REDO] compiler/types/correctness/* tests fail
    with "/assert(recv == __null || recv->is_klass()) failed: wrong
    + JDK-8230067: Add optional automatic retry when running jtreg
    + JDK-8230228: [TESTBUG] Several runtime/ErrorHandling tests
    may fail on some platforms
    + JDK-8231501: VM crash in
    fatal error: unexpected tag 99
    + JDK-8233403: Improve verbosity of some httpclient tests
    + JDK-8233550: [TESTBUG] JTree tests fail regularly on MacOS
    + JDK-8233552: [TESTBUG] JTable Test fails on
    + JDK-8233553: [TESTBUG] JSpinner test fails on
    + JDK-8233555: [TESTBUG] JRadioButton tests failing on MacoS
    + JDK-8233556: [TESTBUG] JPopupMenu tests fail on MacOS
    + JDK-8233559: [TESTBUG] is failing on
    + JDK-8233560: [TESTBUG] ToolTipManager/  is
    failing on macos
    + JDK-8233561: [TESTBUG] Swing text test fails
    on macos
    + JDK-8233562: [TESTBUG] Swing StyledEditorKit test fails on MacOS
    + JDK-8233564: [TESTBUG] is failing
    + JDK-8233566: [TESTBUG] KeyboardFocusManager tests failing on
    + JDK-8233567: [TESTBUG] fails on macos
    + JDK-8233569: [TESTBUG] JTextComponent test
    fails on macos
    + JDK-8233570: [TESTBUG] HTMLEditorKit test is
    failing on macos
    + JDK-8233634: [TESTBUG] Swing text test fails
    on macos
    + JDK-8233635: [TESTBUG]
    fails on macos
    + JDK-8233637: [TESTBUG] Swing fails on macos
    + JDK-8233638: [TESTBUG] Swing test fails on macos
    + JDK-8233641: [TESTBUG] JMenuItem test fails
    on macos
    + JDK-8233642: [TESTBUG] JMenuBar test bug  fails
    on macos
    + JDK-8233643: [TESTBUG] JMenu test fails on
    + JDK-8233644: [TESTBUG] JInternalFrame test is
    failing on macos
    + JDK-8233647: [TESTBUG] JColorChooser/ is
    failing on macos
    + JDK-8234802: [TESTBUG] Test Right Mouse Button Drag Gesture
    Recognition in all the platforms
    + JDK-8234823: java/net/Socket/ testcase
    testTimedConnect2() fails on Windows 10
    + JDK-8235784: java/lang/invoke/VarHandles/
    / fails due to timeout with
    fastdebug bits
    + JDK-8236042: [TESTBUG] serviceability/sa/
    fails with -Xcomp -XX:TieredStopAtLevel=1
    + JDK-8236177: assert(status == 0) failed: error ETIMEDOUT(60),
    + JDK-8236596: HttpClient leaves HTTP/2 sockets in CLOSE_WAIT,
    when using proxy tunnel
    + JDK-8237354: Add option to jcmd to write a gzipped heap dump
    + JDK-8237589: Fix copyright header formatting
    + JDK-8238677: java/net/httpclient/ssltest/
    should not specify TLS version
    + JDK-8239334: Tab Size does not work correctly in JTextArea
    with setLineWrap on
    + JDK-8239422: [TESTBUG]
    compiler/c1/ failed when C1
    is disabled
    + JDK-8239827: The test should be
    changed to be manual
    + JDK-8240256: Better resource cleaning for SunPKCS11 Provider
    + JDK-8242044: Add basic HTTP/1.1 support to the HTTP/2 Test
    + JDK-8242526: PIT: javax/swing/JInternalFrame/8020708/
    / fails in mach5 ubuntu system
    + JDK-8242793: Incorrect copyright header in
    + JDK-8243543: jtreg test security/infra/java/security/cert/
    /CertPathValidator/certification/ fails
    + JDK-8244292: Headful clients failing with
  - -illegal-access=deny
    + JDK-8245147: Refactor and improve utility of
    + JDK-8245165: Update bug id for
    javax/swing/text/StyledEditorKit/4506788/ in
    + JDK-8245665: Test should only make sure no
    warning for weak signature algorithms by keytool on root CA
    + JDK-8246114: java/net/MulticastSocket/ fails
    after 8241072 (multi-homed systems)
    + JDK-8246807: Incorrect copyright header in
    + JDK-8247403: JShell: No custom input (e.g. from GUI) possible
    with JavaShellToolBuilder
    + JDK-8247510: typo in IllegalHandshakeMessage
    + JDK-8248187: [TESTBUG] javax/swing/plaf/basic/
    /BasicGraphicsUtils/8132119/ fails with String
    is not properly drawn
    + JDK-8248341: ProblemList java/lang/management/ThreadMXBean/
    + JDK-8248500: AArch64: Remove the r18 dependency on Windows
    + JDK-8248899: security/infra/java/security/cert/
    /CertPathValidator/certification/ fails,
    Certificate has been revoked
    + JDK-8249195: Change to Xcode 11.3.1 for building on Macos at
    + JDK-8250521: Configure initial RTO to use minimal retry for
    loopback connections on Windows
    + JDK-8250810: Push missing parts of JDK-8248817
    + JDK-8250839: Improve test template SSLEngineTemplate with
    + JDK-8250863: Build error with GCC 10 in NetworkInterface.c
    and k_standard.c
    + JDK-8250888: nsk/jvmti/scenarios/general_functions/GF08/
    /gf08t001/ fails
    + JDK-8251155: HostIdentifier fails to canonicalize hostnames
    starting with digits
    + JDK-8251377: [macos11] JTabbedPane selected tab text is
    barely legible
    + JDK-8251570: JDK-8215624 causes assert(worker_id <
    _n_workers) failed: Invalid worker_id
    + JDK-8251930: AArch64: Native types mismatch in hotspot
    + JDK-8252049: Native memory leak in ciMethodData ctor
    + JDK-8252051: Make mlvmJvmtiUtils strncpy uses GCC 10.x
    + JDK-8252114: Windows-AArch64: Enable and test ZGC and
    + JDK-8253015: Aarch64: Move linux code out from generic CPU
    feature detection
    + JDK-8253147: The javax/swing/JPopupMenu/7154841/
    fail on big screens
    + JDK-8253497: Core Libs Terminology Refresh
    + JDK-8253682: The is unstable
    + JDK-8253763: ParallelObjectIterator should have virtual
    + JDK-8253866: Security Libs Terminology Refresh
    + JDK-8254802: fails in
    "/try throwing in GET_BODY"/
    + JDK-8255227: java/net/httpclient/
    intermittently failing with TestServer: start exception: Invalid preface
    + JDK-8255264: Support for identifying the full range of IPv4
    localhost addresses on Windows
    + JDK-8255716: AArch64: Regression: JVM crashes if manually
    offline a core
    + JDK-8255722: Create a new test for rotated blit
    + JDK-8256009: Remove src/hotspot/share/adlc/Test/
    + JDK-8256066: Tests use deprecated TestNG API that is no
    longer available in new versions
    + JDK-8256152: tests fail because of ambiguous method resolution
    + JDK-8256182: Update qemu-debootstrap cross-compilation recipe
    + JDK-8256201: java/awt/FullScreen/FullscreenWindowProps/
    / failed
    + JDK-8256202: Some tweaks for jarsigner tests
    PosixPermissionsTest and SymLinkTest
    + JDK-8256372: [macos] Unexpected symbol was displayed on
    JTextField with Monospaced font
    + JDK-8256956: RegisterImpl::max_slots_per_register is
    incorrect on AMD64
    + JDK-8258457: testlibrary_tests/ctw/ fails with
    InvalidPathException on windows
    + JDK-8258855: Two tests sun/security/krb5/auto/
    / and
    failed on OL8.3
    + JDK-8259237: Demo selection changes with left/right arrow
    key. No need to press space for selection.
    + JDK-8260571: Add PrintMetaspaceStatistics to print metaspace
    statistics upon VM exit
    + JDK-8260690: JConsole User Guide Link from the Help menu is
    not accessible by keyboard
    + JDK-8261036: Reduce classes loaded by CleanerFactory
    + JDK-8261071: AArch64: Refactor interpreter native wrappers
    + JDK-8261075: Create stubRoutines.inline.hpp with SafeFetch
    + JDK-8261236: C2: ClhsdbJstackXcompStress test fails when
    StressGCM is enabled
    + JDK-8261297: NMT: Final report should use scale 1
    + JDK-8261661: gc/stress/
    fails because Reserved memory size is too big
    + JDK-8261916: gtest/
    vmErrorTest.unimplemented1_vm_assert failed
    + JDK-8262438: sun/security/ssl/SSLLogger/
    / failed with "/SocketException:
    Socket is closed"/
    + JDK-8262731: [macOS] Exception from "/Printable.print"/ is
    swallowed during "/PrinterJob.print"/
    + JDK-8262844: (fs) FileStore.supportsFileAttributeView might
    return false negative in case of ext3
    + JDK-8263059: security/infra/java/security/cert/
    /CertPathValidator/certification/ fails due to
    revoked cert
    + JDK-8263068: Rename safefetch.hpp to safefetch.inline.hpp
    + JDK-8263303: C2 compilation fails with assert(found_sfpt)
    failed: no node in loop that's not input to safepoint
    + JDK-8263362: Avoid division by 0 in
    java/awt/font/ justify
    + JDK-8263773: Reenable German localization for builds at Oracle
    + JDK-8263897: compiler/c2/aarch64/
    failed with "/java.lang.RuntimeException: Wrong method"/
    + JDK-8264526: javax/swing/text/html/parser/Parser/8078268/
    / timeout
    + JDK-8264824: java/net/Inet6Address/ doesn't
    close ServerSocket properly
    + JDK-8265019: Update tests for additional TestNG test
    + JDK-8265173: [test] divert spurious log output away from
    stream under test in ProcessBuilder Basic test
    + JDK-8265524: Upgrading JSZip from v3.2.2 to v3.6.0
    + JDK-8266182: Automate manual steps listed in the test
    + JDK-8266579: Update test/jdk/java/lang/ProcessHandle/
    / & test/jdk/java/sql/testng/util/
    + JDK-8266949: Check possibility to disable OperationTimedOut
    on Unix
    + JDK-8267246: -XX:MaxRAMPercentage=0 is unreasonable for jtreg
    tests on many-core machines
    + JDK-8267256: Extend minimal retry for loopback connections on
    Windows to PlainSocketImpl
    + JDK-8267304: Bump global JTReg memory limit to 768m
    + JDK-8267652: c2 loop unrolling by 8 results in reading memory
    past array
    + JDK-8268019: C2: assert(no_dead_loop) failed: dead loop
    + JDK-8268093: Manual Testcase: "/sun/security/krb5/config/
    /native/"/ Fails with NPE
    + JDK-8268555: Update HttpClient tests that use ITestContext to
    jtreg 6+1
    + JDK-8268672: C2: assert(!loop->is_member(u_loop)) failed: can
    be in outer loop or out of both loops only
    + JDK-8269034: AccessControlException for SunPKCS11 daemon
    + JDK-8269426: Rename test/jdk/java/lang/invoke/t8150782 to
    + JDK-8269574: C2: Avoid redundant uncommon traps in
    GraphKit::builtin_throw() for JVMTI exception events
    + JDK-8269656: The test test/langtools/tools/javac/versions/
    / has duplicate test cycles
    + JDK-8269768: JFR Terminology Refresh
    + JDK-8269951: [macos] Focus not painted in JButton when
    setBorderPainted(false) is invoked
    + JDK-8269984: [macos] JTabbedPane title looks like  disabled
    + JDK-8269993: [Test]: java/net/httpclient/
    / contains redundant @run tags
    + JDK-8270116: Expand to
    run in all LaFs, including Aqua on macOS
    + JDK-8270216: [macOS] Update named used for Java run loop mode
    + JDK-8270280: security/infra/java/security/cert/
    /CertPathValidator/certification/ OCSP
    response error
    + JDK-8270290: NTLM authentication fails if HEAD request is used
    + JDK-8270317: Large Allocation in CipherSuite
    + JDK-8270344: Session resumption errors
    + JDK-8270517: Add Zero support for LoongArch
    + JDK-8270533: AArch64: size_fits_all_mem_uses should return
    false if its output is a CAS
    + JDK-8270886: Crash in
    + JDK-8271287: jdk/jshell/ fails with
    "/lists don't have the same size expected"/
    + JDK-8271340: Crash PhaseIdealLoop::clone_outer_loop
    + JDK-8271341: Opcode() != Op_If && Opcode() != Op_RangeCheck)
    || outcnt() == 2 assert failure with
    + JDK-8271459: C2: Missing NegativeArraySizeException when
    creating StringBuilder with negative capacity
    + JDK-8271490: [ppc] [s390]: Crash in
    + JDK-8271560: sun/security/ssl/DHKeyExchange/
    / still fails due to "/An established
    connection was aborted by the software in your host machine"/
    + JDK-8271567: AArch64: AES Galois CounterMode (GCM)
    interleaved implementation using vector instructions
    + JDK-8272180: Upgrade JSZip from v3.6.0 to v3.7.1
    + JDK-8272181: Windows-AArch64:Backport fix of `Backtracing
    broken on PAC enabled systems`
    + JDK-8272316: Wrong Boot JDK help message in 11
    + JDK-8272318: Improve performance of HeapDumpAllTest
    + JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/
    / catches all exceptions
    + JDK-8272570: C2: crash in PhaseCFG::global_code_motion
    + JDK-8272574: C2: assert(false) failed: Bad graph detected in
    + JDK-8272581: sun/security/pkcs11/Provider/
    fails after JDK-8266182
    + JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/
    no longer needs ocspEnabled
    + JDK-8272720: Fix the implementation of loop unrolling
    heuristic with LoopPercentProfileLimit
    + JDK-8272783: Epsilon: Refactor tests to improve performance
    + JDK-8272806: [macOS] "/Apple AWT Internal Exception"/ when
    input method is changed
    + JDK-8272828: Add correct licenses to
    + JDK-8272836: Limit run time for java/lang/invoke/LFCaching
    + JDK-8272850: Drop zapping values in the Zap* option
    + JDK-8272902: Bump update version for OpenJDK: jdk-11.0.14
    + JDK-8272914: Create hotspot:tier2 and hotspot:tier3 test
    + JDK-8272966: test/jdk/java/awt/Robot/
    fails by timeout
    + JDK-8273026: Slow LoginContext.login() on multi threading
    + JDK-8273229: Update OS detection code to recognize Windows
    Server 2022
    + JDK-8273235: tools/launcher/ Fails on
    Windows 32bit
    + JDK-8273308: fails on CI
    + JDK-8273314: Add tier4 test groups
    + JDK-8273342: Null pointer dereference in
    + JDK-8273358: macOS Monterey does not have the font Times
    needed by Serif
    + JDK-8273373: Zero: Cannot invoke JVM in primordial threads on
    + JDK-8273498: compiler/c2/ timed out
    + JDK-8273541: Cleaner Thread creates with normal priority
    instead of MAX_PRIORITY - 2
    + JDK-8273547: [11u] [JVMCI] Partial backport
    of JDK-8223332
    + JDK-8273606: Zero: SPARC64 build fails with si_band type
    + JDK-8273646: Add openssl from path variable also in to
    Default System Openssl Path in OpensslArtifactFetcher
    + JDK-8273671: Backport of 8260616 misses one JNF header
    inclusion removal
    + JDK-8273790: Potential cyclic dependencies between Gregorian
    and CalendarSystem
    + JDK-8273795: Zero SPARC64 debug builds fail due to missing
    interpreter fields
    + JDK-8273826: Correct Manifest file name and NPE checks
    + JDK-8273894: ConcurrentModificationException raised every
    time ReferralsCache drops referral
    + JDK-8273924: ArrayIndexOutOfBoundsException thrown in
    + JDK-8273961: jdk/nio/zipfs/ fails if file
    path contains '+' character
    + JDK-8273968: JCK javax_xml tests fail in CI
    + JDK-8274056: JavaAccessibilityUtilities leaks JNI objects
    + JDK-8274083: Update testing docs to mention tiered testing
    + JDK-8274293: Build failure on macOS with Xcode 13.0 as vfork
    is deprecated
    + JDK-8274326: [macos] Ensure initialisation of sun/lwawt/
    /macosx/CAccessibility in JavaComponentAccessibility.m
    + JDK-8274329: Fix non-portable HotSpot code in
    + JDK-8274381: missing CAccessibility definitions in JNI code
    + JDK-8274407: (tz) Update Timezone Data to 2021c
    + JDK-8274467: fails with tzdata2021b
    + JDK-8274468: fails with tzdata2021b
    + JDK-8274522: java/lang/management/ManagementFactory/
    / test fails with Shenandoah
    + JDK-8274642: jdk/jshell/ fails with
    NoSuchElementException after JDK-8271287
    + JDK-8274773: [TESTBUG] UnsafeIntrinsicsTest intermittently
    fails on weak memory model platform
    + JDK-8274779: HttpURLConnection: HttpClient and HttpsClient
    incorrectly check request method when set to POST
    + JDK-8274840: Update OS detection code to recognize Windows 11
    + JDK-8274860: gcc 10.2.1 produces an uninitialized warning in
    + JDK-8275051: Shenandoah: Correct ordering of requested gc
    cause and gc request flag
    + JDK-8275131: Exceptions after a touchpad gesture on macOS
    + JDK-8275713: TestDockerMemoryMetrics test fails on recent runc
    + JDK-8275766: (tz) Update Timezone Data to 2021e
    + JDK-8275849: fails with tzdata2021e
    + JDK-8276066: Reset LoopPercentProfileLimit for x86 due to
    suboptimal performance
    + JDK-8276139: not reliable, better to
    expand test
    + JDK-8276157: C2: Compiler stack overflow during escape
    analysis on Linux x86_32
    + JDK-8276201: Shenandoah: Race results degenerated GC to enter
    wrong entry point
    + JDK-8276536: Update TimeZoneNames files to follow the changes
    made by JDK-8275766
    + JDK-8276550: Use SHA256 hash in
    + JDK-8276774: Cookie stored in CookieHandler not sent if user
    headers contain cookie
    + JDK-8276854: Windows GHA builds fail due to broken Cygwin
    + JDK-8277029: JMM GetDiagnosticXXXInfo APIs should verify
    output array sizes
    + JDK-8277224:
    throws NPE
    + JDK-8277529: SIGSEGV in C2 CompilerThread
    Node::rematerialize() compiling Packet::readUnsignedTrint
    + JDK-8277815: Fix mistakes in legal header backports
- Removed patch:
  * riscv64-zero.patch
    + integrated upstream
- Modified patch:
  * fips.patch
    + rediff to changed context
- Fix CVE-2021-36976 use-after-free in copy_string
  (CVE-2021-36976, bsc#1188572)
  * fix-CVE-2021-36976.patch
- The following issues have already been fixed in this package but
  weren't previously mentioned in the changes file:
  CVE-2017-5601, bsc#1022528, bsc#1189528
- fix memory leak in client protocol version 2 code (bsc#1193805)
  - update: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
- Add 0023-cache.c-removed-a-couple-warning.patch
  Fix compilation with new glibc (SLE15-SP4)
- Add 0021-mount.nfs-insert-sloppy-at-beginning-of-the-options.patch
  Add 0022-mount.nfs-Fix-the-sloppy-option-processing.patch
  Ensure "/sloppy"/ is added correctly for newer kernels.  Particularly
  required for kernels since 5.6 (so SLE15-SP4), and safe for all kernels.
- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression
  reporting is bsc#1197004 causing SSSD to have faults.
- Add, openssh-dbus.csh, Make ssh
  connections update their dbus environment (bsc#1179465).
- Security Fix: [bsc#1196877, CVE-2022-0778]
  * Infinite loop in BN_mod_sqrt() reachable when parsing certificates
  * Add openssl-CVE-2022-0778.patch openssl-CVE-2022-0778-tests.patch
- Fix PAC pointer authentication in ARM [bsc#1195856]
  * PAC pointer authentication signs the return address against the
    value of the stack pointer, to prevent stack overrun exploits
    from corrupting the control flow. The Poly1305 armv8 code got
    this wrong, resulting in crashes on PAC capable hardware.
  * Add openssl-1_1-ARM-PAC.patch
- Pull libopenssl-1_1 when updating openssl-1_1 with the same
  version. [bsc#1195792]
- FIPS: Fix function and reason error codes [bsc#1182959]
  * Add openssl-1_1-FIPS-fix-error-reason-codes.patch
- Enable zlib compression support [bsc#1195149]
  * Add openssl-fix-BIO_f_zlib.patch to fix BIO_f_zlib: Properly
- Between allocating the variable "/ai"/ and free'ing them, there are
  two "/return NO"/ were we don't free this variable. This patch
  inserts freaddrinfo() calls before the "/return NO;"/s.
  [bsc#1197024, pam-bsc1197024-free-addrinfo-before-return.patch]
- Define _pam_vendordir as "//%{_sysconfdir}/pam.d"/
  The variable is needed by systemd and others.
  [bsc#1196093, macros.pam]
- Fix the pg_server_requires macro on older rpm versions (SLE-12).
- Avoid a dependency on awk in postgresql-script.
- Move the dependency of llvmjit-devel on clang and llvm to the
  implementation packages where we can depend on the correct
- fix postgresql_has_llvm usage
- First round of changes to make it easier to build extensions for
  - add postgresql-llvmjit-devel subpackage:
    This package will pull in clang and llvm if the distro has a
    recent enough version, otherwise it will just pull
  - add postgresql macros to the postgresql-server-devel package
    those cover all the variables from pg_config and some macros
    to remove repitition from the spec files
- Bump version to 14.
- Bump default to 14 on Factory and future SPs.
- Add patch bsc1195468-23da4f40.patch to fix bsc#1195468 that is
  ignore SIGURG
- Fix incorrect parsing of nullchar in the proto symbol, CVE-2021-22570,
  * Add protobuf-CVE-2021-22570.patch
- Update bundled pip wheel to the latest SLE version patched
  against bsc#1186819 (CVE-2021-3572).
- Recover again proper value of %python2_package_prefix
- BuildRequire rpm-build-python: The provider to inject python(abi)
  has been moved there. rpm-build pulls rpm-build-python
  automatically in when building anything against python3-base, but
  this implies that the initial build of python3-base does not
  trigger the automatic installation.
- Older SLE versions should use old OpenSSL.
- Add CVE-2022-0391-urllib_parse-newline-parsing.patch
  (bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs
  containing ASCII newline and tabs in urlparse.
- Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146,
  bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib
  not trust the PASV response.
- build against openssl 1.1.x (incompatible with openssl 3.0x)
  for now.
- on sle12, python2 modules will still be called python-xxxx until EOL,
  for newer SLE versions they will be python2-xxxx
- BuildRequire rpm-build-python: The provider to inject python(abi)
  has been moved there. rpm-build pulls rpm-build-python
  automatically in when building anything against python3-base, but
  this implies that the initial build of python3-base does not
  trigger the automatic installation.
- Update bundled pip wheel to the latest SLE version patched
  against bsc#1186819 (CVE-2021-3572).
- Recover again proper value of %python2_package_prefix
- BuildRequire rpm-build-python: The provider to inject python(abi)
  has been moved there. rpm-build pulls rpm-build-python
  automatically in when building anything against python3-base, but
  this implies that the initial build of python3-base does not
  trigger the automatic installation.
- Older SLE versions should use old OpenSSL.
- Add CVE-2022-0391-urllib_parse-newline-parsing.patch
  (bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs
  containing ASCII newline and tabs in urlparse.
- Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146,
  bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib
  not trust the PASV response.
- build against openssl 1.1.x (incompatible with openssl 3.0x)
  for now.
- on sle12, python2 modules will still be called python-xxxx until EOL,
  for newer SLE versions they will be python2-xxxx
- BuildRequire rpm-build-python: The provider to inject python(abi)
  has been moved there. rpm-build pulls rpm-build-python
  automatically in when building anything against python3-base, but
  this implies that the initial build of python3-base does not
  trigger the automatic installation.
- Add patch to fix build with new webcolors:
  * webcolors.patch
- update to version 3.2.0 (jsc#SLE-18756):
  * Added a format_nongpl setuptools extra, which installs only format
    dependencies that are non-GPL (#619).
- specfile:
  * be more explicit in %files section
  * require python-importlib-metadata
- update to version 3.1.1:
  * Temporarily revert the switch to js-regex until #611 and #612 are
- changes from version 3.1.0:
  * Regular expressions throughout schemas now respect the ECMA 262
    dialect, as recommended by the specification (#609).
- Replace %fdupes -s with plain %fdupes; hardlinks are better.
- Activate more of the test suite
- Remove tests and benchmarking from the runtime package
- Update to v3.0.2
  * Fixed a bug where 0 and False were considered equal by
    const and enum
- from v3.0.1
  * Fixed a bug where extending validators did not preserve their
    notion of which validator property contains $id information.
- from v3.0.0
  * Support for Draft 6 and Draft 7
  * Draft 7 is now the default
  * New TypeChecker object for more complex type definitions
    (and overrides)
  * Falling back to isodate for the date-time format checker is
    no longer attempted, in accordance with the specification
- Add non-updating note to the SPEC file
- downgrade to < 3.0.0 again to fix all openstack clients
- Update to 3.0.1:
  * Support for Draft 6 and Draft 7
  * Draft 7 is now the default
  * New TypeChecker object for more complex type definitions (and overrides)
  * Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification
- Use %license instead of %doc [bsc#1082318]
- Update to
  * CVEs fixed
    CVE-2022-22934, CVE-2022-22935, CVE-2022-22936, CVE-2022-22941
  * Bugs mentioned
- (CVE-2020-22934) (CVE-2020-22935) (CVE-2020-22936) (CVE-2020-22941) (bsc#1197417)
- Added:
  * patch_for_cve_bsc1197417.patch
- Spec file adjusted for usr-merge
- Changes to version 3.1.20
  + Added command blkid #114
  + Added s390x specific files and output #115
  + Fix for invalid argument during updates (bsc#1193204)
  + Optimized conf_files, conf_files_text and log_cmd functions #118
  + Fixed iscsi initiator name (bsc#1195797)
  + Added rpcinfo -p output #116
  + Included /etc/sssd/conf.d configuration files #100
- Changes to version 3.1.19
  + Made /proc directory and network names spaces configurable (bsc#1193868)
- Changes to version 3.1.19
  + Removed chronyc DNS lookups with -n switch (bsc#1193732)
- Merged Include udev rules in /lib/udev/rules.d/ #113
- Merged Move localmessage/warm logs out of messages.txt to new localwarn.txt #87
- getappcore identifies compressed core files (bsc#1191794)
- Installing to /usr/sbin instead of /sbin (bsc#1191096)
- Added shared memory as a log directory for emergency use (bsc#1190943)
- Fixed cron package for RPM validation (bsc#1190315)
- Updated spec file with correct URL
- Changes to version 3.1.18
  + Added email.txt based on OPTION_EMAIL #108 (bsc#1189028)
  + Include 'multipath -t' output in mpio.txt #105
  + Improved lsblk readability with --ascsi #106
  + Removed duplicate commands in network.txt
  + Remove duplicate firewalld status output #109
- Import commit 5e7db68eb43ec3733c56e98262973431f57e2265
  4f00efadc7 systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870)
- Bump version to 11
- Make %_modprobedir point to /lib/modprobe.d (bsc#1196275 bsc#1196406)
  Until SLE15-SP3:QU2, /usr/lib/modprobe.d path was not supported by kmod and
  since SLE15-SP4 /etc/modprobe.d/README has references to /lib/modprobe.d...
- timezone update 2022a (bsc#1177460):
  * Palestine will spring forward on 2022-03-27, not -03-26*
  * zdump -v now outputs better failure indications
  * Bug fixes for code that reads corrupted TZif data
- Remove log4j (bsc#1196137)
- Fixed CVEs:
  * CVE-2022-23181: Make calculation of session storage location more robust (bsc#1195255)
- Added patches:
  * tomcat-9.0-CVE-2022-23181.patch
- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51,
- Prevent root owning of /var/lib/libuuid/clock.txt
  (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
- Warn if uuidd lock state is not usable (bsc#1194642,
- Fix "/su -s"/ bash completion
  (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51,
- Prevent root owning of /var/lib/libuuid/clock.txt
  (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
- Warn if uuidd lock state is not usable (bsc#1194642,
- Fix "/su -s"/ bash completion
  (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
- Upgrade to 1.4.19
  * Security fixes
    + This maintenance release addresses the security vulnerability
    CVE-2021-43859, bsc#1195458, when unmarshalling highly
    recursive collections or maps causing a Denial of Service.
  * API changes
    + Added c.t.x.XStream.COLLECTION_UPDATE_LIMIT and
    + Added c.t.x.XStream.setCollectionUpdateLimit(int).
    + Added c.t.x.core.SecurityUtils.
    + Added and
    + derives now from
- Fix CVE-2018-20573 The Scanner:EnsureTokensInQueue function in yaml-cpp
  allows remote attackers to cause DOS via a crafted YAML file
  (CVE-2018-20573, bsc#1121227)
- Fix CVE-2018-20574 The SingleDocParser:HandleFlowMap function in
  yaml-cpp allows remote attackers to cause DOS via a crafted YAML file
  (CVE-2018-20574, bsc#1121230)
- Fix CVE-2019-6285 The SingleDocParser::HandleFlowSequence function in
  cpp allows remote attackers to cause DOS via a crafted YAML file
  (CVE-2019-6285, bsc#1122004)
- Fix CVE-2019-6292 An issue was discovered in singledocparser.cpp in
  yaml-cpp which cause DOS by stack consumption
  (CVE-2019-6292, bsc#1122021)
- Added patch cve-2018-20574.patch
- CVE-2018-25032: Fix memory corruption on deflate, bsc#1197459
  * bsc1197459.patch