aaa_base
- fix (bsc#1194883) - aaa_base: Set net.ipv4.ping_group_range to
  allow ICMP ping
- added patches
  + git-40-d004657a244d75b372a107c4f6097b42ba1992d5.patch
- Port change from Thu Sep 30 08:51:55 UTC 2022 forword to
  current version which includes a rename of patch
    git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  to
    git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  as otherwise autopatch macro does not work anymore
- Include all fixes and changes for systemwide inputrc to remove
  the 8 bit escape sequence which interfere with UTF-8 multi byte
  characters as well as support the vi mode of readline library.
  This is done with the patches
  * git-41-f00ca2600331602241954533a1b1610d1da57edf.patch
  * git-42-f39a8d18719c3b34373e0e36098f0f404121b5c5.patch
  before the changed patch
    git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  rename it to
    git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  and also add the patches
  * git-44-425f3e9b44ba9ead865d70ff6690d5f2869442dc.patch
  * git-45-bf0a31597d0ed3562bfc5e6be0ade2fe5dc1f7a1.patch
apache2
- modified patches
  % apache2-CVE-2022-23943.patch (refreshed)
- security update
- added patches
  fix CVE-2022-23943 [bsc#1197098], heap out-of-bounds write in mod_sed
  + apache2-CVE-2022-23943.patch
  fix CVE-2022-22720 [bsc#1197095], HTTP request smuggling due to incorrect error handling
  + apache2-CVE-2022-22720.patch
  fix CVE-2022-22719 [bsc#1197091], use of uninitialized value of in r:parsebody in mod_lua
  + apache2-CVE-2022-22719.patch
  fix CVE-2022-22721 [bsc#1197096], possible buffer overflow with very large or unlimited LimitXMLRequestBody
  + apache2-CVE-2022-22721.patch
- security update
augeas
- support new chrony 4.1 options (jsc#SLE-17334)
  augeas-new_options_for_chrony.patch
avahi
- Downgrade python3-Twisted to a Recommends. It is not available
  on SLED or PackageHub, and it is only needed by avahi-bookmarks
  (bsc#1196282).
- Add avahi-bookmarks-import-warning.patch: fix warning when
  twisted is not available.
- Replace avahi-0.6.31-systemd-order.patch with
  avahi-add-resolv-conf-to-inotify.patch: re-read configuration
  when resolv.conf changes, per discussion on the bug
  (boo#1194561).
- Have python3-avahi require python3-dbus-python, not the
  python 2 dbus-1-python package (bsc#1195614).
- Reinstate avahi-0.6.31-systemd-order.patch (boo#1194561).
  This can probably go away if/when gh#lathiat/avahi#118 is fixed.
- Drop avahi-0.6.32-suppress-resolv-conf-warning.patch: we should
  no longer need this given the above patch.
- Move sftp-ssh and ssh services to the doc directory. They allow
  a host's up/down status to be easily discovered and should not
  be enabled by default (boo#1179060).
bind
- When using forwarders, bogus NS records supplied by, or via, those
  forwarders may be cached and used by named if it needs to recurse
  for any reason, causing it to obtain and pass on potentially
  incorrect answers.
  [CVE-2021-25220, bsc#1197135, bind-9.16.27-0001-CVE-2021-25220.patch]
chrony
- Fix config file handling in the spec file and remove "/ntsdumpdir"/
  from default config, because augeas-lenses cannot parse it during
  installation of SLE Micro on SLE-15-SP3 (bsc#1194220).
- bsc#1194229: Fix pool package dependencies, so that SLE actually
  prefers chrony-pool-suse over chrony-pool-empty.
- Add chrony-htonl.patch to work around undocumented behaviour of
  htonl() in older glibc versions (SLE-12) on 64 bit big endian
  architectures (s390x).
- SLE bugs that have been fixed in openSUSE up to this point
  without explicit references: bsc#1183783, bsc#1184400,
  bsc#1171806, bsc#1161119, bsc#1159840.
- Obsoleted SLE patches:
  * chrony-fix-open.patch
  * chrony-gettimeofday.patch
  * chrony-ntp-era-split.patch
  * chrony-pidfile.patch
  * chrony-select-timeout.patch
  * chrony-urandom.patch
  * chrony.sysconfig
  * clknetsim-glibc-2.31.patch
- boo#1190926: PrivateDevices is too strict, we might need to
  access the rtc and ptp devices.
- Add back support to build chrony on SLE12.
- Drop dependency on asciidoctor. It is only needed for building
  the HTML documentation which we don't package anyway.
- Added hardening to systemd service(s). Added patch(es):
  * harden_chrony-wait.service.patch
  * harden_chronyd.service.patch
- boo#1187906: Consolidate all references to the helper script.
- Add now working CONFIG parameter to sysusers generator
- Change to using systemd-sysusers
- Remove otherproviders, not needed anymore
- Update to 4.1
  * Add support for NTS servers specified by IP address (matching
    Subject Alternative Name in server certificate)
  * Add source-specific configuration of trusted certificates
  * Allow multiple files and directories with trusted certificates
  * Allow multiple pairs of server keys and certificates
  * Add copy option to server/pool directive
  * Increase PPS lock limit to 40% of pulse interval
  * Perform source selection immediately after loading dump files
  * Reload dump files for addresses negotiated by NTS-KE server
  * Update seccomp filter and add less restrictive level
  * Restart ongoing name resolution on online command
  * Fix dump files to not include uncorrected offset
  * Fix initstepslew to accept time from own NTP clients
  * Reset NTP address and port when no longer negotiated by NTS-KE
    server
- Update clknetsim to snapshot f89702d.
- Refresh chrony.keyring from
  https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc
- Ensure the correct pool packages are installed for openSUSE
  and SLE (bsc#1180689).
- Enable syscallfilter unconditionally [boo#1181826].
- drop buildrequires on NSS. We need gnutls for NTS anyway and we
  can do all the other required crypto via nettle+gnutls. no need
  for another crypto library.
- Update to 4.0
  - Enhancements
  - Add support for Network Time Security (NTS) authentication
  - Add support for AES-CMAC keys (AES128, AES256) with Nettle
  - Add authselectmode directive to control selection of
    unauthenticated sources
  - Add binddevice, bindacqdevice, bindcmddevice directives
  - Add confdir directive to better support fragmented
    configuration
  - Add sourcedir directive and "/reload sources"/ command to
    support dynamic NTP sources specified in files
  - Add clockprecision directive
  - Add dscp directive to set Differentiated Services Code Point
    (DSCP)
  - Add -L option to limit log messages by severity
  - Add -p option to print whole configuration with included
    files
  - Add -U option to allow start under non-root user
  - Allow maxsamples to be set to 1 for faster update with -q/-Q
    option
  - Avoid replacing NTP sources with sources that have
    unreachable address
  - Improve pools to repeat name resolution to get "/maxsources"/
    sources
  - Improve source selection with trusted sources
  - Improve NTP loop test to prevent synchronisation to itself
  - Repeat iburst when NTP source is switched from offline state
    to online
  - Update clock synchronisation status and leap status more
    frequently
  - Update seccomp filter
  - Add "/add pool"/ command
  - Add "/reset sources"/ command to drop all measurements
  - Add authdata command to print details about NTP
    authentication
  - Add selectdata command to print details about source
    selection
  - Add -N option and sourcename command to print original names
    of sources
  - Add -a option to some commands to print also unresolved
    sources
  - Add -k, -p, -r options to clients command to select, limit,
    reset data
  - Bug fixes
  - Don’t set interface for NTP responses to allow asymmetric
    routing
  - Handle RTCs that don’t support interrupts
  - Respond to command requests with correct address on
    multihomed hosts
  - Removed features
  - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
  - Drop support for long (non-standard) MACs in NTPv4 packets
    (chrony 2.x clients using non-MD5/SHA1 keys need to use
    option "/version 3"/)
  - Drop support for line editing with GNU Readline
- add BuildRequires for gnutls-devel (which also pulls nettle to
  enable the new features)
- drop patches which are included in the update:
  chrony-test-update-processing-of-packet-log.patch
  chrony-test-fix-util-unit-test-for-NTP-era-split.patch
- refreshed chrony-config.patch
- track series file for easier quilt setup
- added option to turn off testsuite with
  osc build --without=testsuite
  testsuite still runs by default
- By default we don't write log files but log to journald, so
  only recommend logrotate.
- Adjust and rename the sysconfig file, so that it matches the
  expectations of chronyd.service (bsc#1173277).
- Update to 3.5.1:
  * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
- Use iburst in the default pool statements to speed up initial
  synchronisation (bsc#1172113).
- Use _systemdutildir instead of _libexecdir/systemd: systemd does
  not actually live below libexecdir.
- Add chrony-test-update-processing-of-packet-log.patch in order
  to fix test-suite failure.
- Update clknetsim to version 79ffe44 (fixes boo#1162964).
- Backport chrony-test-fix-util-unit-test-for-NTP-era-split.patch.
- Change to BuildRequires: rubygem(asciidoctor) and remove conditional
  (is available in SLE12-SP4 and SLE15* as well)
- Fix typo in %install
- Fix asciidoc in Tumbleweed
- Revert clknetsim to version 58c5e8b
- Fix incorrect download link for package signature
- Temporarily disable signature usage as its expired
- Update clknetsim to version ac3c832
- fix chrony-service-helper.patch
- Update to 3.5:
  + Add support for more accurate reading of PHC on Linux 5.0
  + Add support for hardware timestamping on interfaces with read-only timestamping configuration
  + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris
  + Update seccomp filter to work on more architectures
  + Validate refclock driver options
  + Fix bindaddress directive on FreeBSD
  + Fix transposition of hardware RX timestamp on Linux 4.13 and later
  + Fix building on non-glibc systems
- Fix location of helper script in chrony-dnssrv@.service
  (bsc#1128846).
- Update testsuite to version 58c5e8b
- Read runtime servers from /var/run/netconfig/chrony.servers to
  fix bsc#1099272.
- Move chrony-helper to /usr/lib/chrony/helper, because there
  should be no executables in /usr/share.
- Update clknetsim to revision 8b48422
- Remove discrepancies between spec file and chrony-tmpfiles (boo#1115529)
- Update the keyring and uncomment it in the spec file
- Comment out bad signature
- Added %{_tmpfilesdir}/%{name}.conf
- Updated clknetsim
- Update to version 3.4
  * Enhancements
    + Add filter option to server/pool/peer directive
    + Add minsamples and maxsamples options to hwtimestamp directive
    + Add support for faster frequency adjustments in Linux 4.19
    + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd
    without root privileges to remove it on exit
    + Disable sub-second polling intervals for distant NTP sources
    + Extend range of supported sub-second polling intervals
    + Get/set IPv4 destination/source address of NTP packets on FreeBSD
    + Make burst options and command useful with short polling intervals
    + Modify auto_offline option to activate when sending request failed
    + Respond from interface that received NTP request if possible
    + Add onoffline command to switch between online and offline state
    according to current system network configuration
    + Improve example NetworkManager dispatcher script
  * Bug fixes
    + Avoid waiting in Linux getrandom system call
    + Fix PPS support on FreeBSD and NetBSD
- Update clknetsim to revision 42b693b
  * Drop not needed chrony-fix-open.patch
- Build tests with optflags as well
- Do not run tests on i586
- Enable signd
- Mention all sources as such in spec file
- Fix formatting of changelog
- Drop reference to change is not present
- Update to version 3.3
  * Enhancements:
    + Add burst option to server/pool directive
    + Add stratum and tai options to refclock directive
    + Add support for Nettle crypto library
    + Add workaround for missing kernel receive timestamps on Linux
    + Wait for late hardware transmit timestamps
    + Improve source selection with unreachable sources
    + Improve protection against replay attacks on symmetric mode
    + Allow PHC refclock to use socket in /var/run/chrony
    + Add shutdown command to stop chronyd
    + Simplify format of response to manual list command
    + Improve handling of unknown responses in chronyc
  * Bug fixes:
    + Respond to NTPv1 client requests with zero mode
    + Fix -x option to not require CAP_SYS_TIME under non-root user
    + Fix acquisitionport directive to work with privilege separation
    + Fix handling of socket errors on Linux to avoid high CPU usage
    + Fix chronyc to not get stuck in infinite loop after clock step
cloud-init
- systemctl location (bsc#1193531)
  - Add cloud-init-sysctl-not-in-bin.patch
  - The sytemctl executable is not necessarily in '/bin'
- Remove unneeded BuildRequires on python3-nose.
cloud-regionsrv-client
- Update to version 10.0.2
  + Fix name of logfile in error message
  + Fix variable scoping to properly detect registration error
  + Cleanup any artifacts on registration failure
  + Fix latent bug with /etc/hosts population
  + Do not throw error when attemting to unregister a system that is not
    registered
  + Skip extension registration if the extension is recommended by the
    baseproduct as it gets automatically installed
- Update to version 10.0.1 (bsc#1197113)
  + Provide status feedback on registration, success or failure
  + Log warning message if data provider is configured but no data
    can be retrieved
- Update -addon-azure to 1.0.3 follow up fix for (bsc#1195414, bsc#1195564)
  + The repo enablement timer cannot depend on guestregister.service
expat
  * (CVE-2022-25236, bsc#1196784) [>=2.4.5] Fix to CVE-2022-25236
    breaks biboumi, ClairMeta, jxmlease, libwbxml,
    openleadr-python, rnv, xmltodict
  - Added expat-CVE-2022-25236-relax-fix.patch
- Security fixes:
filesystem
- Add /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)
firewalld
- Add patch which fixes the zone configuration (bsc#1191837)
  * 0001-chore-fw_zone-call-permanent-config-checks-at-runtim.patch
java-11-openjdk
- Update to upstream tag jdk-11.0.14.1+1
  * Changes:
    + JDK-8280786: Build failure on Solaris after 8262392
    + JDK-8218546: Unable to connect to https://google.com using
    java.net.HttpClient
    + JDK-8281324: Bump update version for OpenJDK: jdk-11.0.14.1
- Update to upstream tag jdk-11.0.14+9 (January 2022 CPU)
  * New features
    + JDK-8248238: Implementation: JEP 388: Windows AArch64 Support
  * Security fixes
    + JDK-8217375: jarsigner breaks old signature with long lines
    in manifest
    + JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if
    zip has dir named "/."/ inside
    + JDK-8264934, CVE-2022-21248, bnc#1194926: Enhance cross VM serialization
    + JDK-8268488: More valuable DerValues
    + JDK-8268494: Better inlining of inlined interfaces
    + JDK-8268512: More content for ContentInfo
    + JDK-8268795: Enhance digests of Jar files
    + JDK-8268801: Improve PKCS attribute handling
    + JDK-8268813, CVE-2022-21283, bnc#1194937: Better String matching
    + JDK-8269151: Better construction of EncryptedPrivateKeyInfo
    + JDK-8269944: Better HTTP transport redux
    + JDK-8270386, CVE-2022-21291, bsc#1194925: Better verification
    of scan methods
    + JDK-8270392, CVE-2022-21293, bsc#1194935: Improve String
    constructions
    + JDK-8270416, CVE-2022-21294, bsc#1194934: Enhance construction
    of Identity maps
    + JDK-8270492, CVE-2022-21282, bsc#1194933: Better resolution of
    URIs
    + JDK-8270498, CVE-2022-21296, bsc#1194932: Improve SAX Parser
    configuration management
    + JDK-8270646, CVE-2022-21299, bsc#1194931: Improved scanning of
    XML entities
    + JDK-8270952, CVE-2022-21277, bsc#1194930: Improve TIFF file
    handling
    + JDK-8271962: Better TrueType font loading
    + JDK-8271968: Better canonical naming
    + JDK-8271987: Manifest improved manifest entries
    + JDK-8272014, CVE-2022-21305, bsc#1194939: Better array
    indexing
    + JDK-8272026, CVE-2022-21340, bsc#1194940: Verify Jar
    Verification
    + JDK-8272236, CVE-2022-21341, bsc#1194941: Improve serial forms
    for transport
    + JDK-8272272: Enhance jcmd communication
    + JDK-8272462: Enhance image handling
    + JDK-8273290: Enhance sound handling
    + JDK-8273756, CVE-2022-21360, bsc#1194929: Enhance BMP image
    support
    + JDK-8273838, CVE-2022-21365, bsc#1194928: Enhanced BMP
    processing
    + JDK-8274096, CVE-2022-21366, bsc#1194927: Improve decoding of
    image files
    + JDK-8279541: Improve HarfBuzz
  * Other changes
    + JDK-6849922: java/awt/Choice/ChoiceKeyEventReaction/
    /ChoiceKeyEventReaction.html fails
    + JDK-7105119: [TEST_BUG] [macosx] In test
    UIDefaults.toString() must be called with the invokeLater()
    + JDK-7151826: [TEST_BUG] [macosx] The test
    javax/swing/JPopupMenu/4966112/bug4966112.java not for mac
    + JDK-7179006: [macosx] Print-to-file doesn't work: printing to
    the default printer instead
    + JDK-8015602: [macosx] Test javax/swing/SpringLayout/4726194/
    /bug4726194.java fails on MacOSX
    + JDK-8034084: nsk.nsk/jvmti/ThreadStart/threadstart003 Wrong
    number of thread end events
    + JDK-8039261: [TEST_BUG]: There is not a minimal security
    level in Java Preferences and the TestApplet.html is blocked.
    + JDK-8047218: [TEST_BUG] java/awt/FullScreen/AltTabCrashTest/
    /AltTabCrashTest.java fails with exception
    + JDK-8075909: [TEST_BUG] The regression-swing case failed as
    it does not have the 'Open' button when select 'subdir' folder
    with NimbusLAF
    + JDK-8078219: Verify lack of @test tag in files in java/net
    test directory
    + JDK-8080569: java/lang/ProcessBuilder/DestroyTest.java fails
    with "/RuntimeException: Process terminated prematurely"/
    + JDK-8081652: [TESTBUG] java/lang/management/ThreadMXBean/
    /ThreadMXBeanStateTest.java timed out intermittently
    + JDK-8129310: java/net/Socket/asyncClose/AsyncClose.java fails
    intermittently
    + JDK-8131745: java/lang/management/ThreadMXBean/
    /AllThreadIds.java still fails intermittently
    + JDK-8136517: [macosx] Test java/awt/Focus/8073453/
    /AWTFocusTransitionTest.java fails on MacOSX
    + JDK-8137101: [TEST_BUG] javax/swing/plaf/basic/BasicHTML/
    /4251579/bug4251579.java failure due to timing
    + JDK-8143021: [TEST_BUG] Test javax/swing/JColorChooser/
    /Test6541987.java fails
    + JDK-8159597: [TEST_BUG] closed/javax/swing/JPopupMenu/4760494/
    /bug4760494.java leaves key pressed
    + JDK-8159904: [TEST_BUG] Failure on solaris of
    java/awt/Window/MultiWindowApp/MultiWindowAppTest.java
    + JDK-8163086: java/awt/Window/TranslucentJAppletTest/
    /TranslucentJAppletTest.java fails
    + JDK-8165828: [TEST_BUG] The reg case: javax/swing/plaf/metal/
    /MetalIcons/MetalHiDPIIconsTest.java failed as No Metal Look
    and Feel
    + JDK-8169953: JComboBox/8057893: ComboBoxEdited event is not
    fired! on Windows
    + JDK-8169954: JFileChooser/8021253: java.lang.RuntimeException:
    Default button is not pressed
    + JDK-8169959: javax/swing/JTable/6263446/bug6263446.java:
    Table should be editing
    + JDK-8171381: [TEST_BUG] [macos] javax/swing/JPopupMenu/
    /7156657/bug7156657.java fails on OS X
    + JDK-8171998: javax/swing/JMenu/4692443/bug4692443.java fails
    on Windows
    + JDK-8174819: java/nio/file/WatchService/LotsOfEvents.java
    fails intermittently
    + JDK-8179880: Refactor javax/security shell tests to plain
    java tests
    + JDK-8180568: Refactor javax/crypto shell tests to plain java
    tests
    + JDK-8180569: Refactor sun/security/krb5/ shell tests to plain
    java tests
    + JDK-8180571: Refactor sun/security/pkcs11 shell tests to
    plain java tests and fix failures
    + JDK-8180573: Refactor sun/security/tools shell tests to plain
    java tests
    + JDK-8187649: ArrayIndexOutOfBoundsException in
    java.util.JapaneseImperialCalendar
    + JDK-8190753: (zipfs): Accessing a large entry (> 2^31 bytes)
    leads to a negative initial size for ByteArrayOutputStream
    + JDK-8195703: BasicJDWPConnectionTest.java: 'App exited
    unexpectedly with 2'
    + JDK-8196096: javax/swing/JPopupMenu/6580930/bug6580930.java
    fails
    + JDK-8197560: test javax/swing/JTree/8003400/Test8003400.java
    fails
    + JDK-8197800: Test java/awt/Focus/NonFocusableWindowTest/
    /NoEventsTest.java fails on Windows
    + JDK-8197811: Test java/awt/Choice/PopupPosTest/
    /PopupPosTest.java fails on Windows
    + JDK-8198616: java/awt/Focus/6378278/InputVerifierTest.java
    fails on mac
    + JDK-8198617: java/awt/Focus/6382144/EndlessLoopTest.java
    fails on mac
    + JDK-8198619: java/awt/Focus/FocusTraversalPolicy/
    /ButtonGroupLayoutTraversal/ButtonGroupLayoutTraversalTest.java
    fails on mac
    + JDK-8198623: java/awt/KeyboardFocusmanager/TypeAhead/
    /EnqueueWithDialogButtonTest/EnqueueWithDialogButtonTest.java
    fails on mac
    + JDK-8198624: java/awt/KeyboardFocusmanager/TypeAhead/
    /SubMenuShowTest/SubMenuShowTest.html fails on mac
    + JDK-8199138: Add RISC-V support to Zero
    + JDK-8199529: javax/swing/text/Utilities/8142966/
    /SwingFontMetricsTest.java fails on windows
    + JDK-8201224: Make string buffer size dynamic in
    mlvmJvmtiUtils.c
    + JDK-8202342: [Graal] fromTonga/nsk/jvmti/unit/
    /FollowReferences/followref003/TestDescription.java fails with
    "/Location mismatch"/ errors
    + JDK-8204161: [TESTBUG] auto failed with the "/Applet thread
    threw exception: java.lang.UnsupportedOperationException"/
    exception
    + JDK-8206085: Refactor
    langtools/tools/javac/versions/Versions.java
    + JDK-8207936: TestZipFile failed with java.lang.AssertionError
    exception
    + JDK-8208242: Add @requires to vmTestbase/gc/g1 tests
    + JDK-8209611: use C++ compiler for hotspot tests
    + JDK-8210182: Remove macros for C compilation from vmTestBase
    but non jvmti
    + JDK-8210198: Clean up JNI_ENV_ARG for
    vmTestbase/jvmti/Get[A-F] tests
    + JDK-8210205: build fails on AIX in hotspot cpp tests (for
    example getstacktr001.cpp)
    + JDK-8210242: [TESTBUG] vmTestbase/nsk/stress/jni/
    /jnistress001.java crashes with EXCEPTION_ACCESS_VIOLATION
    on windows-x86
    + JDK-8210353: Move java/util/Arrays/TimSortStackSize2.java
    back to tier1
    + JDK-8210385: Clean up JNI_ENV_ARG and factorize the macros
    for vmTestbase/jvmti[A-N] tests
    + JDK-8210392: assert(Compile::current()->live_nodes() <
    Compile::current()->max_node_limit()) failed: Live Node limit
    exceeded limit
    + JDK-8210395: Add doc to SecurityTools.java
    + JDK-8210429: Clean up JNI_ENV_ARG for
    vmTestbase/jvmti/Get[G-Z] tests
    + JDK-8210481: Remove #ifdef cplusplus from vmTestbase
    + JDK-8210593: Clean up JNI_ENV_ARG and factorize the macros
    for vmTestbase/jvmti[N-R] tests
    + JDK-8210665: Clean up JNI_ENV_ARG and factorize the macros
    for vmTestbase/jvmti[R-U] tests
    + JDK-8210689: Remove the multi-line old C style for string
    literals
    + JDK-8210700: Clean up JNI_ENV_ARG and factorize the macros
    for vmTestbase/jvmti/unit tests
    + JDK-8210726: Fix up a few minor nits forgotten by JDK-8210665
    + JDK-8210920: Native C++ tests are not using CXXFLAGS
    + JDK-8210984: [TESTBUG] hs203t003 fails with "/# ERROR:
    hs203t003.cpp, 218: NSK_CPP_STUB2 ( ResumeThread, jvmti,
    thread)"/
    + JDK-8211036: Remove the NSK_STUB macros from vmTestbase for
    non jvmti
    + JDK-8211131: Remove the NSK_CPP_STUB macros from vmTestbase
    for jvmti/[G-I]*
    + JDK-8211148: var in implicit lambdas shouldn't be accepted
    for source < 11
    + JDK-8211171: move JarUtils to top-level testlibrary
    + JDK-8211227: Inconsistent TLS protocol version in debug output
    + JDK-8211261: Remove the NSK_CPP_STUB macros from vmTestbase
    for jvmti/[A-G]*
    + JDK-8211432: [REDO] Handle JNIGlobalRefLocker.cpp
    + JDK-8211782: Remove the NSK_CPP_STUB macros from vmTestbase
    for jvmti/[I-S]*
    + JDK-8211801: Remove the NSK_CPP_STUB macros from vmTestbase
    for jvmti/scenarios/[A-E]
    + JDK-8211899: Remove the NSK_CPP_STUB macros from vmTestbase
    for jvmti/scenarios/[E-M]
    + JDK-8211905: Remove multiple casts for EM06 file
    + JDK-8211999: Window positioning bugs due to overlapping
    GraphicsDevice bounds (Windows/HiDPI)
    + JDK-8212082: Remove the NSK_CPP_STUB macros for remaining
    vmTestbase/jvmti/[sS]*
    + JDK-8212083: Handle remaining gc/lock native code and fix two
    strings
    + JDK-8212148: Remove remaining NSK_CPP_STUBs
    + JDK-8213110: Remove the use of applets in automatic tests
    + JDK-8213189: Make restricted headers in HTTP Client
    configurable and remove Date by default
    + JDK-8213263: fix legal headers in test/langtools
    + JDK-8213296: Fix legal headers in test/jdk/java/net
    + JDK-8213301: Fix legal headers in jdk logging tests
    + JDK-8213305: Fix legal headers in test/java/math
    + JDK-8213306: Fix legal headers in test/java/nio
    + JDK-8213328: Update test copyrights in test/java/util/zip and
    test/jdk/tools
    + JDK-8213330: Fix legal headers in i18n tests
    + JDK-8213707: [TEST] vmTestbase/nsk/stress/except/
    /except011.java failed due to wrong class name
    + JDK-8214469: [macos] PIT: java/awt/Choice/
    /ChoiceKeyEventReaction/ChoiceKeyEventReaction.java fails
    + JDK-8215410: Regression test for JDK-8214994
    + JDK-8215568: Refactor SA clhsdb tests to use ClhsdbLauncher
    + JDK-8215624: Add parallel heap iteration for jmap u2013histo
    + JDK-8215889: assert(!_unloading) failed: This oop is not
    available to unloading class loader data with ZGC
    + JDK-8216318: The usage of Disposer in the java.awt.Robot can
    be deleted
    + JDK-8216417: cleanup of IPv6 scope-id handling
    + JDK-8217377: javax/swing/JPopupMenu/6583251/bug6583251.java
    failed with UnsupportedOperation exception
    + JDK-8217438: Adapt tools//launcher/Test7029048.java for AIX
    + JDK-8217633: Configurable extensions with system properties
    + JDK-8217882: java/net/httpclient/MaxStreams.java failed once
    + JDK-8217903: java/net/httpclient/Response204.java fails with
    404
    + JDK-8218483: Crash in
    "/assert(_daemon_threads_count->get_value() > daemon_count)
    failed: thread count mismatch 5 : 5"/
    + JDK-8219986: Change to Xcode 10.1 for building on Macosx at
    Oracle
    + JDK-8220575: Correctly format test URI's that contain a
    retrieved IPv6 address
    + JDK-8221259: New tests for java.net.Socket to exercise long
    standing behavior
    + JDK-8221305: java/awt/FontMetrics/MaxAdvanceIsMax.java fails
    on MacOS + Solaris
    + JDK-8221902: PIT: javax/swing/JRadioButton/FocusTraversal/
    /FocusTraversal.java fails on ubuntu
    + JDK-8221903: PIT: javax/swing/RepaintManager/IconifyTest/
    /IconifyTest.java fails on ubuntu18.04
    + JDK-8222446: assert(C->env()->system_dictionary_modification_counter_changed())
    failed: Must invalidate if TypeFuncs differ
    + JDK-8223137: Rename predicate 'do_unroll_only()' to
    'is_unroll_only()'.
    + JDK-8223138: Small clean-up in loop-tree support.
    + JDK-8223139: Rename mandatory policy-do routines.
    + JDK-8223140: Clean-up in 'ok_to_convert()'
    + JDK-8223141: Change (count) suffix _ct into _cnt.
    + JDK-8223400: Replace some enums with static const members in
    hotspot/runtime
    + JDK-8223658: Performance regression of XML.validation in
    13-b19
    + JDK-8223923: C2: Missing interference with mismatched unsafe
    accesses
    + JDK-8224829: AsyncSSLSocketClose.java has timing issue
    + JDK-8225083: Remove Google certificate that is expiring in
    December 2021
    + JDK-8226514: Replace wildcard address with loopback or local
    host in tests - part 17
    + JDK-8226943: compile error in libfollowref003.cpp  with XCode
    10.2 on macosx
    + JDK-8228442: DHKeyExchange/LegacyDHEKeyExchange.java failed
    due to "/SSLException: An established connection was aborted by
    the software in your host machine"/
    + JDK-8228508: [TESTBUG] java/net/httpclient/SmokeTest.java
    fails on Windows7
    + JDK-8229935: [TEST_BUG]: bug8132119.java inconsistently
    positions text
    + JDK-8230019: [REDO] compiler/types/correctness/* tests fail
    with "/assert(recv == __null || recv->is_klass()) failed: wrong
    type"/
    + JDK-8230067: Add optional automatic retry when running jtreg
    tests
    + JDK-8230228: [TESTBUG] Several runtime/ErrorHandling tests
    may fail on some platforms
    + JDK-8231501: VM crash in
    MethodData::clean_extra_data(CleanExtraDataClosure*):
    fatal error: unexpected tag 99
    + JDK-8233403: Improve verbosity of some httpclient tests
    + JDK-8233550: [TESTBUG] JTree tests fail regularly on MacOS
    + JDK-8233552: [TESTBUG] JTable Test bug7068740.java fails on
    MacOS
    + JDK-8233553: [TESTBUG] JSpinner test bug4973721.java fails on
    MacOS
    + JDK-8233555: [TESTBUG] JRadioButton tests failing on MacoS
    + JDK-8233556: [TESTBUG] JPopupMenu tests fail on MacOS
    + JDK-8233559: [TESTBUG] TestNimbusOverride.java is failing on
    macos
    + JDK-8233560: [TESTBUG] ToolTipManager/Test6256140.java  is
    failing on macos
    + JDK-8233561: [TESTBUG] Swing text test bug8014863.java fails
    on macos
    + JDK-8233562: [TESTBUG] Swing StyledEditorKit test
    bug4506788.java fails on MacOS
    + JDK-8233564: [TESTBUG] MouseComboBoxTest.java is failing
    + JDK-8233566: [TESTBUG] KeyboardFocusManager tests failing on
    MacoS
    + JDK-8233567: [TESTBUG] FocusSubRequestTest.java fails on macos
    + JDK-8233569: [TESTBUG] JTextComponent test bug6361367.java
    fails on macos
    + JDK-8233570: [TESTBUG] HTMLEditorKit test bug5043626.java is
    failing on macos
    + JDK-8233634: [TESTBUG] Swing text test bug4278839.java fails
    on macos
    + JDK-8233635: [TESTBUG] ProgressMonitorEscapeKeyPress.java
    fails on macos
    + JDK-8233637: [TESTBUG] Swing
    ActionListenerCalledTwiceTest.java fails on macos
    + JDK-8233638: [TESTBUG] Swing test
    ScreenMenuBarInputTwice.java fails on macos
    + JDK-8233641: [TESTBUG] JMenuItem test bug4171437.java fails
    on macos
    + JDK-8233642: [TESTBUG] JMenuBar test bug 4750590.java  fails
    on macos
    + JDK-8233643: [TESTBUG] JMenu test bug4515762.java fails on
    macos
    + JDK-8233644: [TESTBUG] JInternalFrame test bug8020708.java is
    failing on macos
    + JDK-8233647: [TESTBUG] JColorChooser/Test8051548.java is
    failing on macos
    + JDK-8234802: [TESTBUG] Test Right Mouse Button Drag Gesture
    Recognition in all the platforms
    + JDK-8234823: java/net/Socket/Timeouts.java testcase
    testTimedConnect2() fails on Windows 10
    + JDK-8235784: java/lang/invoke/VarHandles/
    /VarHandleTestByteArrayAsInt.java fails due to timeout with
    fastdebug bits
    + JDK-8236042: [TESTBUG] serviceability/sa/ClhsdbCDSCore.java
    fails with -Xcomp -XX:TieredStopAtLevel=1
    + JDK-8236177: assert(status == 0) failed: error ETIMEDOUT(60),
    cond_wait
    + JDK-8236596: HttpClient leaves HTTP/2 sockets in CLOSE_WAIT,
    when using proxy tunnel
    + JDK-8237354: Add option to jcmd to write a gzipped heap dump
    + JDK-8237589: Fix copyright header formatting
    + JDK-8238677: java/net/httpclient/ssltest/CertificateTest.java
    should not specify TLS version
    + JDK-8239334: Tab Size does not work correctly in JTextArea
    with setLineWrap on
    + JDK-8239422: [TESTBUG]
    compiler/c1/TestPrintIRDuringConstruction.java failed when C1
    is disabled
    + JDK-8239827: The test OpenByUNCPathNameTest.java should be
    changed to be manual
    + JDK-8240256: Better resource cleaning for SunPKCS11 Provider
    + JDK-8242044: Add basic HTTP/1.1 support to the HTTP/2 Test
    Server
    + JDK-8242526: PIT: javax/swing/JInternalFrame/8020708/
    /bug8020708.java fails in mach5 ubuntu system
    + JDK-8242793: Incorrect copyright header in
    ContinuousCallSiteTargetChange.java
    + JDK-8243543: jtreg test security/infra/java/security/cert/
    /CertPathValidator/certification/BuypassCA.java fails
    + JDK-8244292: Headful clients failing with
  - -illegal-access=deny
    + JDK-8245147: Refactor and improve utility of
    test/langtools/tools/javac/versions/Versions.java
    + JDK-8245165: Update bug id for
    javax/swing/text/StyledEditorKit/4506788/bug4506788.java in
    ProblemList
    + JDK-8245665: Test WeakAlg.java should only make sure no
    warning for weak signature algorithms by keytool on root CA
    + JDK-8246114: java/net/MulticastSocket/Promiscuous.java fails
    after 8241072 (multi-homed systems)
    + JDK-8246807: Incorrect copyright header in
    TimeZoneDatePermissionCheck.sh
    + JDK-8247403: JShell: No custom input (e.g. from GUI) possible
    with JavaShellToolBuilder
    + JDK-8247510: typo in IllegalHandshakeMessage
    + JDK-8248187: [TESTBUG] javax/swing/plaf/basic/
    /BasicGraphicsUtils/8132119/bug8132119.java fails with String
    is not properly drawn
    + JDK-8248341: ProblemList java/lang/management/ThreadMXBean/
    /ThreadMXBeanStateTest.java
    + JDK-8248500: AArch64: Remove the r18 dependency on Windows
    AArch64
    + JDK-8248899: security/infra/java/security/cert/
    /CertPathValidator/certification/QuoVadisCA.java fails,
    Certificate has been revoked
    + JDK-8249195: Change to Xcode 11.3.1 for building on Macos at
    Oracle
    + JDK-8250521: Configure initial RTO to use minimal retry for
    loopback connections on Windows
    + JDK-8250810: Push missing parts of JDK-8248817
    + JDK-8250839: Improve test template SSLEngineTemplate with
    SSLContextTemplate
    + JDK-8250863: Build error with GCC 10 in NetworkInterface.c
    and k_standard.c
    + JDK-8250888: nsk/jvmti/scenarios/general_functions/GF08/
    /gf08t001/TestDriver.java fails
    + JDK-8251155: HostIdentifier fails to canonicalize hostnames
    starting with digits
    + JDK-8251377: [macos11] JTabbedPane selected tab text is
    barely legible
    + JDK-8251570: JDK-8215624 causes assert(worker_id <
    _n_workers) failed: Invalid worker_id
    + JDK-8251930: AArch64: Native types mismatch in hotspot
    + JDK-8252049: Native memory leak in ciMethodData ctor
    + JDK-8252051: Make mlvmJvmtiUtils strncpy uses GCC 10.x
    friendly
    + JDK-8252114: Windows-AArch64: Enable and test ZGC and
    ShenandoahGC
    + JDK-8253015: Aarch64: Move linux code out from generic CPU
    feature detection
    + JDK-8253147: The javax/swing/JPopupMenu/7154841/bug7154841.java
    fail on big screens
    + JDK-8253497: Core Libs Terminology Refresh
    + JDK-8253682: The AppletInitialFocusTest1.java is unstable
    + JDK-8253763: ParallelObjectIterator should have virtual
    destructor
    + JDK-8253866: Security Libs Terminology Refresh
    + JDK-8254802: ThrowingPushPromisesAsStringCustom.java fails in
    "/try throwing in GET_BODY"/
    + JDK-8255227: java/net/httpclient/FlowAdapterPublisherTest.java
    intermittently failing with TestServer: start exception:
    java.io.IOException: Invalid preface
    + JDK-8255264: Support for identifying the full range of IPv4
    localhost addresses on Windows
    + JDK-8255716: AArch64: Regression: JVM crashes if manually
    offline a core
    + JDK-8255722: Create a new test for rotated blit
    + JDK-8256009: Remove src/hotspot/share/adlc/Test/i486.ad
    + JDK-8256066: Tests use deprecated TestNG API that is no
    longer available in new versions
    + JDK-8256152: tests fail because of ambiguous method resolution
    + JDK-8256182: Update qemu-debootstrap cross-compilation recipe
    + JDK-8256201: java/awt/FullScreen/FullscreenWindowProps/
    /FullscreenWindowProps.java failed
    + JDK-8256202: Some tweaks for jarsigner tests
    PosixPermissionsTest and SymLinkTest
    + JDK-8256372: [macos] Unexpected symbol was displayed on
    JTextField with Monospaced font
    + JDK-8256956: RegisterImpl::max_slots_per_register is
    incorrect on AMD64
    + JDK-8258457: testlibrary_tests/ctw/JarDirTest.java fails with
    InvalidPathException on windows
    + JDK-8258855: Two tests sun/security/krb5/auto/
    /ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java
    failed on OL8.3
    + JDK-8259237: Demo selection changes with left/right arrow
    key. No need to press space for selection.
    + JDK-8260571: Add PrintMetaspaceStatistics to print metaspace
    statistics upon VM exit
    + JDK-8260690: JConsole User Guide Link from the Help menu is
    not accessible by keyboard
    + JDK-8261036: Reduce classes loaded by CleanerFactory
    initialization
    + JDK-8261071: AArch64: Refactor interpreter native wrappers
    + JDK-8261075: Create stubRoutines.inline.hpp with SafeFetch
    implementation
    + JDK-8261236: C2: ClhsdbJstackXcompStress test fails when
    StressGCM is enabled
    + JDK-8261297: NMT: Final report should use scale 1
    + JDK-8261661: gc/stress/TestReclaimStringsLeaksMemory.java
    fails because Reserved memory size is too big
    + JDK-8261916: gtest/GTestWrapper.java
    vmErrorTest.unimplemented1_vm_assert failed
    + JDK-8262438: sun/security/ssl/SSLLogger/
    /LoggingFormatConsistency.java failed with "/SocketException:
    Socket is closed"/
    + JDK-8262731: [macOS] Exception from "/Printable.print"/ is
    swallowed during "/PrinterJob.print"/
    + JDK-8262844: (fs) FileStore.supportsFileAttributeView might
    return false negative in case of ext3
    + JDK-8263059: security/infra/java/security/cert/
    /CertPathValidator/certification/ComodoCA.java fails due to
    revoked cert
    + JDK-8263068: Rename safefetch.hpp to safefetch.inline.hpp
    + JDK-8263303: C2 compilation fails with assert(found_sfpt)
    failed: no node in loop that's not input to safepoint
    + JDK-8263362: Avoid division by 0 in
    java/awt/font/TextJustifier.java justify
    + JDK-8263773: Reenable German localization for builds at Oracle
    + JDK-8263897: compiler/c2/aarch64/TestVolatilesSerial.java
    failed with "/java.lang.RuntimeException: Wrong method"/
    + JDK-8264526: javax/swing/text/html/parser/Parser/8078268/
    /bug8078268.java timeout
    + JDK-8264824: java/net/Inet6Address/B6206527.java doesn't
    close ServerSocket properly
    + JDK-8265019: Update tests for additional TestNG test
    permissions
    + JDK-8265173: [test] divert spurious log output away from
    stream under test in ProcessBuilder Basic test
    + JDK-8265524: Upgrading JSZip from v3.2.2 to v3.6.0
    + JDK-8266182: Automate manual steps listed in the test
    jdk/sun/security/pkcs12/ParamsTest.java
    + JDK-8266579: Update test/jdk/java/lang/ProcessHandle/
    /PermissionTest.java & test/jdk/java/sql/testng/util/
    /TestPolicy.java
    + JDK-8266949: Check possibility to disable OperationTimedOut
    on Unix
    + JDK-8267246: -XX:MaxRAMPercentage=0 is unreasonable for jtreg
    tests on many-core machines
    + JDK-8267256: Extend minimal retry for loopback connections on
    Windows to PlainSocketImpl
    + JDK-8267304: Bump global JTReg memory limit to 768m
    + JDK-8267652: c2 loop unrolling by 8 results in reading memory
    past array
    + JDK-8268019: C2: assert(no_dead_loop) failed: dead loop
    detected
    + JDK-8268093: Manual Testcase: "/sun/security/krb5/config/
    /native/TestDynamicStore.java"/ Fails with NPE
    + JDK-8268555: Update HttpClient tests that use ITestContext to
    jtreg 6+1
    + JDK-8268672: C2: assert(!loop->is_member(u_loop)) failed: can
    be in outer loop or out of both loops only
    + JDK-8269034: AccessControlException for SunPKCS11 daemon
    threads
    + JDK-8269426: Rename test/jdk/java/lang/invoke/t8150782 to
    accessClassAndFindClass
    + JDK-8269574: C2: Avoid redundant uncommon traps in
    GraphKit::builtin_throw() for JVMTI exception events
    + JDK-8269656: The test test/langtools/tools/javac/versions/
    /Versions.java has duplicate test cycles
    + JDK-8269768: JFR Terminology Refresh
    + JDK-8269951: [macos] Focus not painted in JButton when
    setBorderPainted(false) is invoked
    + JDK-8269984: [macos] JTabbedPane title looks like  disabled
    + JDK-8269993: [Test]: java/net/httpclient/
    /DigestEchoClientSSL.java contains redundant @run tags
    + JDK-8270116: Expand ButtonGroupLayoutTraversalTest.java to
    run in all LaFs, including Aqua on macOS
    + JDK-8270216: [macOS] Update named used for Java run loop mode
    + JDK-8270280: security/infra/java/security/cert/
    /CertPathValidator/certification/LetsEncryptCA.java OCSP
    response error
    + JDK-8270290: NTLM authentication fails if HEAD request is used
    + JDK-8270317: Large Allocation in CipherSuite
    + JDK-8270344: Session resumption errors
    + JDK-8270517: Add Zero support for LoongArch
    + JDK-8270533: AArch64: size_fits_all_mem_uses should return
    false if its output is a CAS
    + JDK-8270886: Crash in
    PhaseIdealLoop::verify_strip_mined_scheduling
    + JDK-8271287: jdk/jshell/CommandCompletionTest.java fails with
    "/lists don't have the same size expected"/
    + JDK-8271340: Crash PhaseIdealLoop::clone_outer_loop
    + JDK-8271341: Opcode() != Op_If && Opcode() != Op_RangeCheck)
    || outcnt() == 2 assert failure with Test7179138_1.java
    + JDK-8271459: C2: Missing NegativeArraySizeException when
    creating StringBuilder with negative capacity
    + JDK-8271490: [ppc] [s390]: Crash in
    JavaThread::pd_get_top_frame_for_profiling
    + JDK-8271560: sun/security/ssl/DHKeyExchange/
    /LegacyDHEKeyExchange.java still fails due to "/An established
    connection was aborted by the software in your host machine"/
    + JDK-8271567: AArch64: AES Galois CounterMode (GCM)
    interleaved implementation using vector instructions
    + JDK-8272180: Upgrade JSZip from v3.6.0 to v3.7.1
    + JDK-8272181: Windows-AArch64:Backport fix of `Backtracing
    broken on PAC enabled systems`
    + JDK-8272316: Wrong Boot JDK help message in 11
    + JDK-8272318: Improve performance of HeapDumpAllTest
    + JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/
    /PageDialogMarginTest.java catches all exceptions
    + JDK-8272570: C2: crash in PhaseCFG::global_code_motion
    + JDK-8272574: C2: assert(false) failed: Bad graph detected in
    build_loop_late
    + JDK-8272581: sun/security/pkcs11/Provider/MultipleLogins.sh
    fails after JDK-8266182
    + JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/
    /security/cert/CertPathValidator/certification/BuypassCA.java
    no longer needs ocspEnabled
    + JDK-8272720: Fix the implementation of loop unrolling
    heuristic with LoopPercentProfileLimit
    + JDK-8272783: Epsilon: Refactor tests to improve performance
    + JDK-8272806: [macOS] "/Apple AWT Internal Exception"/ when
    input method is changed
    + JDK-8272828: Add correct licenses to jszip.md
    + JDK-8272836: Limit run time for java/lang/invoke/LFCaching
    tests
    + JDK-8272850: Drop zapping values in the Zap* option
    descriptions
    + JDK-8272902: Bump update version for OpenJDK: jdk-11.0.14
    + JDK-8272914: Create hotspot:tier2 and hotspot:tier3 test
    groups
    + JDK-8272966: test/jdk/java/awt/Robot/FlushCurrentEvent.java
    fails by timeout
    + JDK-8273026: Slow LoginContext.login() on multi threading
    application
    + JDK-8273229: Update OS detection code to recognize Windows
    Server 2022
    + JDK-8273235: tools/launcher/HelpFlagsTest.java Fails on
    Windows 32bit
    + JDK-8273308: PatternMatchTest.java fails on CI
    + JDK-8273314: Add tier4 test groups
    + JDK-8273342: Null pointer dereference in
    classFileParser.cpp:2817
    + JDK-8273358: macOS Monterey does not have the font Times
    needed by Serif
    + JDK-8273373: Zero: Cannot invoke JVM in primordial threads on
    Zero
    + JDK-8273498: compiler/c2/Test7179138_1.java timed out
    + JDK-8273541: Cleaner Thread creates with normal priority
    instead of MAX_PRIORITY - 2
    + JDK-8273547: [11u] [JVMCI] Partial module-info.java backport
    of JDK-8223332
    + JDK-8273606: Zero: SPARC64 build fails with si_band type
    mismatch
    + JDK-8273646: Add openssl from path variable also in to
    Default System Openssl Path in OpensslArtifactFetcher
    + JDK-8273671: Backport of 8260616 misses one JNF header
    inclusion removal
    + JDK-8273790: Potential cyclic dependencies between Gregorian
    and CalendarSystem
    + JDK-8273795: Zero SPARC64 debug builds fail due to missing
    interpreter fields
    + JDK-8273826: Correct Manifest file name and NPE checks
    + JDK-8273894: ConcurrentModificationException raised every
    time ReferralsCache drops referral
    + JDK-8273924: ArrayIndexOutOfBoundsException thrown in
    java.util.JapaneseImperialCalendar.add()
    + JDK-8273961: jdk/nio/zipfs/ZipFSTester.java fails if file
    path contains '+' character
    + JDK-8273968: JCK javax_xml tests fail in CI
    + JDK-8274056: JavaAccessibilityUtilities leaks JNI objects
    + JDK-8274083: Update testing docs to mention tiered testing
    + JDK-8274293: Build failure on macOS with Xcode 13.0 as vfork
    is deprecated
    + JDK-8274326: [macos] Ensure initialisation of sun/lwawt/
    /macosx/CAccessibility in JavaComponentAccessibility.m
    + JDK-8274329: Fix non-portable HotSpot code in
    MethodMatcher::parse_method_pattern
    + JDK-8274381: missing CAccessibility definitions in JNI code
    + JDK-8274407: (tz) Update Timezone Data to 2021c
    + JDK-8274467: TestZoneInfo310.java fails with tzdata2021b
    + JDK-8274468: TimeZoneTest.java fails with tzdata2021b
    + JDK-8274522: java/lang/management/ManagementFactory/
    /MXBeanException.java test fails with Shenandoah
    + JDK-8274642: jdk/jshell/CommandCompletionTest.java fails with
    NoSuchElementException after JDK-8271287
    + JDK-8274773: [TESTBUG] UnsafeIntrinsicsTest intermittently
    fails on weak memory model platform
    + JDK-8274779: HttpURLConnection: HttpClient and HttpsClient
    incorrectly check request method when set to POST
    + JDK-8274840: Update OS detection code to recognize Windows 11
    + JDK-8274860: gcc 10.2.1 produces an uninitialized warning in
    sharedRuntimeTrig.cpp
    + JDK-8275051: Shenandoah: Correct ordering of requested gc
    cause and gc request flag
    + JDK-8275131: Exceptions after a touchpad gesture on macOS
    + JDK-8275713: TestDockerMemoryMetrics test fails on recent runc
    + JDK-8275766: (tz) Update Timezone Data to 2021e
    + JDK-8275849: TestZoneInfo310.java fails with tzdata2021e
    + JDK-8276066: Reset LoopPercentProfileLimit for x86 due to
    suboptimal performance
    + JDK-8276139: TestJpsHostName.java not reliable, better to
    expand HostIdentifierCreate.java test
    + JDK-8276157: C2: Compiler stack overflow during escape
    analysis on Linux x86_32
    + JDK-8276201: Shenandoah: Race results degenerated GC to enter
    wrong entry point
    + JDK-8276536: Update TimeZoneNames files to follow the changes
    made by JDK-8275766
    + JDK-8276550: Use SHA256 hash in build.tools.depend.Depend
    + JDK-8276774: Cookie stored in CookieHandler not sent if user
    headers contain cookie
    + JDK-8276854: Windows GHA builds fail due to broken Cygwin
    + JDK-8277029: JMM GetDiagnosticXXXInfo APIs should verify
    output array sizes
    + JDK-8277224: sun.security.pkcs.PKCS9Attributes.toString()
    throws NPE
    + JDK-8277529: SIGSEGV in C2 CompilerThread
    Node::rematerialize() compiling Packet::readUnsignedTrint
    + JDK-8277815: Fix mistakes in legal header backports
- Removed patch:
  * riscv64-zero.patch
    + integrated upstream
- Modified patch:
  * fips.patch
    + rediff to changed context
kernel-default
- Revert "/rpm/kernel-source.spec.in: call fdupes per subpackage"/
  This reverts commit 1da843983718d4cfdd652a76e428abee98e37450.
- commit f349b81
- Revert "/build initrd without systemd"/ (bsc#1197300)
  This reverts commit ef4c569b998635a9369390d4e9cfe3a922815c76.
  It seems to be the cause of a stall in OBS build that resulted in
  the failure with obs-build-qa (and possibly others).
- commit ff2b28e
- Update patch reference for USB gadget fix (CVE-2022-27223 bsc#1197245)
- commit fd3b6e8
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 891ddc4
- sr9700: sanity check for packet length (bsc#1196836
  CVE-2022-26966).
- commit edaafdd
- blacklist.conf: prerequisites break kABI
- commit d0b972b
- rpm: SC2006: Use $(...) notation instead of legacy backticked `...`.
- commit f0d0e90
- usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode (git-fixes).
- commit 3863766
- usb: dwc2: Fix Stalling a Non-Isochronous OUT EP (git-fixes).
- commit 9d7504f
- aio: fix use-after-free due to missing POLLFREE handling
  (CVE-2021-39698 bsc#1196956).
- aio: keep poll requests on waitqueue until completed
  (CVE-2021-39698 bsc#1196956).
- signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956).
- binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956).
- wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956).
- commit b026506
- usb: dwc2: gadget: Fix kill_all_requests race (git-fixes).
- commit 5ad82f7
- usb: dwc3: meson-g12a: Disable the regulator in the error
  handling path of the probe (git-fixes).
- commit 6109544
- mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes).
- drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes).
- commit 44ceec6
- rpm/kernel-source.spec.in: call fdupes per subpackage
  It is a waste of time to do a global fdupes when we have
  subpackages.
- commit 1da8439
- af_unix: fix garbage collect vs MSG_PEEK (CVE-2021-0920
  bsc#1193731).
- commit 7040fdd
- Refresh patches.suse/xfrm-fix-mtu-regression.patch.
- commit 8d867d6
- bpf, selftests: Add test case trying to taint map value pointer
  (bsc#1196130,CVE-2021-45402).
- bpf: Make 32->64 bounds propagation slightly more robust
  (bsc#1196130,CVE-2021-45402).
- bpf: Fix signed bounds propagation after mov32
  (bsc#1196130,CVE-2021-45402).
- commit 63a6298
- net: phy: DP83822: clear MISR2 register to disable interrupts
  (git-fixes).
- gianfar: ethtool: Fix refcount leak in gfar_get_ts_info
  (git-fixes).
- NFC: port100: fix use-after-free in port100_send_complete
  (git-fixes).
- ax25: Fix NULL pointer dereference in ax25_kill_by_device
  (git-fixes).
- staging: gdm724x: fix use after free in gdm_lte_rx()
  (git-fixes).
- gpio: ts4900: Do not set DAT and OE together (git-fixes).
- gpiolib: acpi: Convert ACPI value of debounce to microseconds
  (git-fixes).
- usb: hub: Fix locking issues with address0_mutex (git-fixes).
- commit ea6e976
- EDAC: Fix calculation of returned address and next offset in
  edac_align_ptr() (bsc#1178134).
- commit c292d6b
- xen/netfront: react properly to failing
  gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396,
  CVE-2022-23042).
- commit fe0a923
- xen/gnttab: fix gnttab_end_foreign_access() without page
  specified (bsc#1196488, XSA-396, CVE-2022-23041).
- commit 58c801b
- xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488,
  XSA-396, CVE-2022-23041).
- commit afb2dba
- xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396,
  CVE-2022-23041).
- commit cee63b9
- xen/usb: don't use gnttab_end_foreign_access() in
  xenhcd_gnttab_done() (bsc#1196488, XSA-396).
- commit b1d434d
- xen/gntalloc: don't use gnttab_query_foreign_access()
  (bsc#1196488, XSA-396, CVE-2022-23039).
- commit a4ec4aa
- xen/scsifront: don't use gnttab_query_foreign_access() for
  mapped status (bsc#1196488, XSA-396, CVE-2022-23038).
- commit fd9cb30
- xen/netfront: don't use gnttab_query_foreign_access() for
  mapped status (bsc#1196488, XSA-396, CVE-2022-23037).
- commit 4e33999
- xen/blkfront: don't use gnttab_query_foreign_access() for
  mapped status (bsc#1196488, XSA-396, CVE-2022-23036).
- commit 4334af7
- xen/grant-table: add gnttab_try_end_foreign_access()
  (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038).
- commit 19b769a
- xen/xenbus: don't let xenbus_grant_ring() remove grants in
  error case (bsc#1196488, XSA-396, CVE-2022-23040).
- commit 5aacf1f
- EDAC/altera: Fix deferred probing (bsc#1178134).
- commit 13cc9b2
- rpm/arch-symbols,guards,*driver: Replace Novell with SUSE.
- commit 174a64f
- nvme-rdma: fix possible use-after-free in transport
  error_recovery work (git-fixes).
- commit f4a5de3
- usb: host: xen-hcd: add missing unlock in error path
  (git-fixes).
- commit daa9ea7
- Refresh
  patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch.
- commit d9066f6
- Refresh
  patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch.
- commit 5c41eb3
- rpm/kernel-docs.spec.in: use %%license for license declarations
  Limited to SLE15+ to avoid compatibility nightmares.
- commit 73d560e
- rpm/*.spec.in: Use https:// urls
- commit 77b5f8e
- nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787).
- commit 8823060
- Bluetooth: btusb: Add missing Chicony device for Realtek
  RTL8723BE (bsc#1196779).
- commit 504b440
- ixgbe: xsk: change !netif_carrier_ok() handling in
  ixgbe_xmit_zc() (git-fixes).
- selftests: mlxsw: tc_police_scale: Make test more robust
  (bsc#1176774).
- net: fix up skbs delta_truesize in UDP GRO frag_list
  (bsc#1176447).
- igc: igc_write_phy_reg_gpy: drop premature return (git-fixes).
- igc: igc_read_phy_reg_gpy: drop premature return (git-fixes).
- iavf: Fix missing check for running netdev (git-fixes).
- RDMA/cma: Do not change route.addr.src_addr outside state checks
  (bsc#1181147).
- RDMA/ib_srp: Fix a deadlock (git-fixes).
- RDMA/rtrs-clt: Fix possible double free in error case
  (jsc#SLE-15176).
- net/mlx5e: TC, Reject rules with forward and drop actions
  (git-fixes).
- net/mlx5e: TC, Reject rules with drop and modify hdr action
  (git-fixes).
- net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded
  packets (jsc#SLE-15172).
- net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
  (git-fixes).
- net/mlx5: Fix possible deadlock on rule deletion (git-fixes).
- net/mlx5: Fix wrong limitation of metadata match on ecpf
  (git-fixes).
- net/mlx5: Update the list of the PCI supported devices
  (git-fixes).
- netfilter: nf_tables: fix memory leak during stateful obj update
  (bsc#1176447).
- bnxt_en: Fix incorrect multicast rx mask setting when not
  requested (git-fixes).
- bnxt_en: Fix occasional ethtool -t loopback test failures
  (git-fixes).
- bnxt_en: Fix offline ethtool selftest with RDMA enabled
  (git-fixes).
- bnxt_en: Fix active FEC reporting to ethtool (jsc#SLE-16649).
- ice: initialize local variable 'tlv' (jsc#SLE-12878).
- nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
  (git-fixes).
- net/sched: act_ct: Fix flow table lookup after ct clear or
  switching zones (jsc#SLE-15172).
- bonding: force carrier update when releasing slave (git-fixes).
- RDMA/mlx4: Don't continue event handler after memory allocation
  failure (git-fixes).
- RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes).
- IB/rdmavt: Validate remote_addr during loopback atomic tests
  (git-fixes).
- RDMA/cxgb4: Set queue pair state when being queried (git-fixes).
- RDMA/rxe: Fix a typo in opcode name (git-fixes).
- RDMA/cma: Let cma_resolve_ib_dev() continue search even after
  empty entry (git-fixes).
- RDMA/core: Let ib_find_gid() continue search even after empty
  entry (git-fixes).
- RDMA/uverbs: Remove the unnecessary assignment (git-fixes).
- RDMA/cma: Remove open coding of overflow checking for
  private_data_len (git-fixes).
- RDMA/hns: Validate the pkey index (git-fixes).
- RDMA/bnxt_re: Scan the whole bitmap when checking if "/disabling
  RCFW with pending cmd-bit"/ (git-fixes).
- RDMA/core: Don't infoleak GRH fields (git-fixes).
- RDMA/uverbs: Check for null return of kmalloc_array (git-fixes).
- IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes).
- IB/hfi1: Fix early init panic (git-fixes).
- IB/hfi1: Insure use of smp_processor_id() is preempt disabled
  (git-fixes).
- IB/hfi1: Correct guard on eager buffer deallocation (git-fixes).
- net/mlx5: Update the list of the PCI supported devices
  (git-fixes).
- commit 5d0d3c3
- asix: fix uninit-value in asix_mdio_read() (git-fixes).
- commit 954cba8
- usb: hub: Fix usb enumeration issue due to address0 race
  (git-fixes).
- commit 831632a
- USB: hub: Clean up use of port initialization schemes and
  retries (git-fixes).
- commit 39e09e3
- powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433
  ltc#196449).
- commit 5cf33af
- mask out added spinlock in rndis_params (git-fixes).
- commit cf77fd5
- usb: gadget: rndis: add spinlock for rndis response list
  (git-fixes).
- commit 6500e0b
- HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes).
- HID: add mapping for KEY_DICTATE (git-fixes).
- Input: elan_i2c - fix regulator enable count imbalance after
  suspend/resume (git-fixes).
- Input: elan_i2c - move regulator_[en|dis]able() out of
  elan_[en|dis]able_power() (git-fixes).
- arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output
  (git-fixes).
- dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes).
- i2c: bcm2835: Avoid clock stretching timeouts (git-fixes).
- Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes).
- ASoC: rt5682: do not block workqueue if card is unbound
  (git-fixes).
- ASoC: rt5668: do not block workqueue if card is unbound
  (git-fixes).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
  (git-fixes).
- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
  (git-fixes).
- mac80211_hwsim: report NOACK frames in tx_status (git-fixes).
- hamradio: fix macro redefine warning (git-fixes).
- commit add4eb4
- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes).
- scsi: bnx2fc: Flush destroy_work queue before calling
  bnx2fc_interface_put() (git-fixes).
- scsi: nsp_cs: Check of ioremap return value (git-fixes).
- scsi: qedf: Fix potential dereference of NULL pointer
  (git-fixes).
- scsi: ufs: Fix race conditions related to driver data
  (git-fixes).
- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write()
  (git-fixes).
- commit 2185cf5
- Add SCSI git-fix to blacklist: too pervasive
- commit 3f4a3f6
- blacklist.conf: Add 05c7b7a92cc8 cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
- commit 511f680
- cgroup/cpuset: Fix "/suspicious RCU usage"/ lockdep warning
  (bsc#1196868).
- commit 30013c2
- cpuset: Fix the bug that subpart_cpus updated wrongly in
  update_cpumask() (bsc#1196866).
- commit 8ee9c97
- blacklist.conf: prerequisites break kABI
- commit 88b00ea
- blacklist.conf: kABI
- commit 11980b2
- blacklist.conf: patch not applicable due to missing infrastructure
- commit be9f64f
- usb: dwc2: use well defined macros for power_down (git-fixes).
- commit 781db9c
- ename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 59d5e34
- Hand over the maintainership to SLE15-SP3 maintainers
- commit 0c92742
- SUNRPC: avoid race between mod_timer() and del_timer_sync()
  (bnc#1195403).
- commit f6cf219
- cputime, cpuacct: Include guest time in user time in (git-fixes)
- commit b360f79
- sched/core: Mitigate race (git-fixes)
- commit d6e526f
- cpufreq: schedutil: Use kobject release() method to free (git-fixes)
- commit 3b82dc0
- blacklist.conf: Blacklist uclamp related fixes
- commit af69679
- sr9700: sanity check for packet length (bsc#1196836).
- commit 558034f
- tracing: Fix return value of __setup handlers (git-fixes).
- commit 184ff86
- exfat: fix i_blocks for files truncated over 4 GiB  (git-fixes).
- exfat: fix incorrect loading of i_blocks for large files
  (git-fixes).
- commit f1e7b8d
- nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
  (CVE-2022-26490 bsc#1196830).
- commit fd10ace
- nvme-tcp: fix possible use-after-free in transport
  error_recovery work (git-fixes).
- nvme: fix a possible use-after-free in controller reset during
  load (git-fixes).
- commit 8b4713c
- Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch
  (bsc#1194516 CVE-2022-0487).
- Update
  patches.suse/NFSv4-Handle-case-where-the-lookup-of-a-directory-fa.patch
  (bsc#1195612 CVE-2022-24448).
- Update
  patches.suse/udf-Fix-NULL-ptr-deref-when-converting-from-inline-f.patch
  (bsc#1196079 CVE-2022-0617).
- Update
  patches.suse/udf-Restore-i_lenAlloc-when-inode-expansion-fails.patch
  (bsc#1196079 CVE-2022-0617).
- Update
  patches.suse/vfs-check-fd-has-read-access-in-kernel_read_file_from_fd.patch
  (bsc#1194888 CVE-2022-0644 bsc#1196155).
- commit 096ea36
- ALSA: intel_hdmi: Fix reference to PCM buffer address
  (git-fixes).
- ASoC: cs4265: Fix the duplicated control name (git-fixes).
- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
  (git-fixes).
- commit 46ecf36
- scsi: smartpqi: Add PCI IDs (bsc#1196627).
- commit 0f3e3c7
- vrf: Fix fast path output packet handling with async Netfilter
  rules (git-fixes).
- commit 4dafe3d
- net/mlx5e: Fix modify header actions memory leak (git-fixes).
- commit 2d08f14
- net: ethernet: ti: cpsw: disable PTPv1 hw timestamping
  advertisement (git-fixes).
- commit 644c57f
- net: hns3: Clear the CMDQ registers before unmapping BAR region
  (git-fixes).
- commit 09653f6
- netsec: ignore 'phy-mode' device property on ACPI systems
  (git-fixes).
- commit b2241ca
- net: sfc: Replace in_interrupt() usage (git-fixes).
- commit 254377d
- gtp: remove useless rcu_read_lock() (git-fixes).
- commit 2588833
- net: dsa: mv88e6xxx: MV88E6097 does not support jumbo
  configuration (git-fixes).
- commit 28ecaea
- Refresh
  patches.suse/ibmvnic-Allow-queueing-resets-during-probe.patch.
- Refresh
  patches.suse/ibmvnic-clear-fop-when-retrying-probe.patch.
- Refresh
  patches.suse/ibmvnic-complete-init_done-on-transport-events.patch.
- Refresh
  patches.suse/ibmvnic-define-flush_reset_queue-helper.patch.
- Refresh
  patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch.
- Refresh
  patches.suse/ibmvnic-free-reset-work-item-when-flushing.patch.
- Refresh patches.suse/ibmvnic-init-init_done_rc-earlier.patch.
- Refresh
  patches.suse/ibmvnic-initialize-rc-before-completing-wait.patch.
- Refresh
  patches.suse/ibmvnic-register-netdev-after-init-of-adapter.patch.
- Refresh
  patches.suse/ibmvnic-schedule-failover-only-if-vioctl-fails.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-pt2pt-NVMe-PRLI-reject-LOGO-loop.patch.
- Refresh patches.suse/xfrm-fix-mtu-regression.patch.
- commit 25457d5
- netfilter: nf_tables_offload: incorrect flow offload action
  array size (bsc#1196299 CVE-2022-25636).
- commit 30b89a9
- batman-adv: Don't expect inter-netns unique iflink indices
  (git-fixes).
- batman-adv: Request iflink once in batadv_get_real_netdevice
  (git-fixes).
- batman-adv: Request iflink once in batadv-on-batadv check
  (git-fixes).
- nl80211: Handle nla_memdup failures in handle_nan_filter
  (git-fixes).
- mac80211: fix forwarded mesh frames AC & queue selection
  (git-fixes).
- can: gs_usb: change active_channels's type from atomic_t to u8
  (git-fixes).
- commit 1c8fa49
- cgroup-v1: Correct privileges check in release_agent writes
  (bsc#1196723).
- commit 3d0b2e2
- blacklist.conf: Add 51e50fbd3efc psi: fix "/no previous prototype"/ warnings when CONFIG_CGROUPS=n
- commit 2727993
- ARM: 9182/1: mmu: fix returns from early_param() and __setup()
  functions (git-fixes).
- ARM: Fix kgdb breakpoint for Thumb2 (git-fixes).
- ntb: intel: fix port config status offset for SPR (git-fixes).
- USB: serial: option: add Telit LE910R1 compositions (git-fixes).
- USB: serial: option: add support for DW5829e (git-fixes).
- USB: gadget: validate endpoint index for xilinx udc (git-fixes).
- xhci: re-initialize the HC during resume if HCE was set
  (git-fixes).
- drm/amdgpu: disable MMHUB PG for Picasso (git-fixes).
- USB: zaurus: support another broken Zaurus (git-fixes).
- USB: gadget: validate interface OS descriptor requests
  (git-fixes).
- commit a54291e
- Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch
  (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985).
- commit 59ca885
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- commit 6dcfd65
- blk-mq: don't free tags if the tag_set is used by other device
  in queue initialztion (bsc#1193787).
- commit 5b79ad2
- kernel-binary.spec: Also exclude the kernel signing key from devel package.
  There is a check in OBS that fails when it is included. Also the key is
  not reproducible.
  Fixes: bb988d4625a3 ("/kernel-binary: Do not include sourcedir in certificate path."/)
- commit 68fa069
- powerpc/fadump: register for fadump as early as possible
  (bsc#1179439 ltc#190038).
- commit 3f54d95
- rpm/check-for-config-changes: Ignore PAHOLE_VERSION.
- commit 88ba5ec
- powerpc/pseries/iommu: Fix window size for direct mapping with
  pmem (bsc#1196472 ltc#192278).
- powerpc/dma: Fallback to dma_ops when persistent memory present
  (bsc#1196472 ltc#192278).
  Update config files.
- dma-mapping: Allow mixing bypass and mapped DMA operation
  (bsc#1196472 ltc#192278).
- dma-direct: Fix potential NULL pointer dereference (bsc#1196472
  ltc#192278).
- commit a04953d
- soc: fsl: qe: Check of ioremap return value (git-fixes).
- soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes).
- soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY)
  (git-fixes).
- firmware: arm_scmi: Remove space in MODULE_ALIAS name
  (git-fixes).
- efivars: Respect "/block"/ flag in efivar_entry_set_safe()
  (git-fixes).
- gpio: tegra186: Fix chip_data type confusion (git-fixes).
- gpio: rockchip: Reset int_bothedge when changing trigger
  (git-fixes).
- spi: spi-zynq-qspi: Fix a NULL pointer dereference in
  zynq_qspi_exec_mem_op() (git-fixes).
- iio: Fix error handling for PM (git-fixes).
- iio: adc: men_z188_adc: Fix a resource leak in an error handling
  path (git-fixes).
- iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM
  bits (git-fixes).
- tty: n_gsm: fix proper link termination after failed open
  (git-fixes).
- tty: n_gsm: fix encoding of control signal octet bit DV
  (git-fixes).
- Revert "/USB: serial: ch341: add new Product ID for CH341A"/
  (git-fixes).
- usb: dwc3: gadget: Let the interrupt handler disable bottom
  halves (git-fixes).
- usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes).
- xhci: Prevent futile URB re-submissions due to incorrect return
  value (git-fixes).
- ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes).
- clk: jz4725b: fix mmc0 clock gating (git-fixes).
- drm/edid: Always set RGB444 (git-fixes).
- commit c381750
- powerpc/mm: Remove dcache flush from memory remove (bsc#1196433
  ltc#196449).
- commit 72793cf
- udf: Restore i_lenAlloc when inode expansion fails (bsc#1196079
  CVE-2022-0617).
- commit a1deb2a
- udf: Fix NULL ptr deref when converting from inline format
  (bsc#1196079 CVE-2022-0617).
- commit 43cd4ed
- usb: gadget: rndis: check size of RNDIS_MSG_SET command
  (CVE-2022-25375 bsc#1196235).
- commit 4e7d746
- Update patch reference for vfs fix (CVE-2022-0644 bsc#1196155)
- commit 900b4f0
- USB: gadget: validate interface OS descriptor requests
  (CVE-2022-25258 bsc#1196095).
- commit 4c69367
- f2fs: fix to do sanity check on inode type during garbage
  collection (CVE-2021-44879 bsc#1195987).
- commit 139271b
- yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959
  bsc#1195897).
- commit 60220af
- usb: gadget: clear related members when goto fail
  (CVE-2022-24958 bsc#1195905).
- usb: gadget: don't release an existing dev->buf (CVE-2022-24958
  bsc#1195905).
- commit 96dda76
- Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch
  (bsc#1194516 CVE-2022-0487).
- commit f68f189
- kernel-binary: Do not include sourcedir in certificate path.
  The certs macro runs before build directory is set up so it creates the
  aggregate of supplied certificates in the source directory.
  Using this file directly as the certificate in kernel config works but
  embeds the source directory path in the kernel config.
  To avoid this symlink the certificate to the build directory and use
  relative path to refer to it.
  Also fabricate a certificate in the same location in build directory
  when none is provided.
- commit bb988d4
- constraints: Also adjust disk requirement for x86 and s390.
- commit 9719db0
- constraints: Increase disk space for aarch64
- commit 09c2882
- drm/i915: Remove memory frequency calculation (bsc#1195211).
- commit ea4d32b
- drm/i915: Rename is_16gb_dimm to wm_lv_0_adjust_needed
  (bsc#1195211).
- drm/i915/gen11+: Only load DRAM information from pcode
  (bsc#1195211).
- drm/i915: Nuke not needed members of dram_info (bsc#1195211).
- drm/i915/dg1: Wait for pcode/uncore handshake at startup
  (bsc#1195211).
- commit d7995a2
- NFSv4: Handle case where the lookup of a directory fails
  (bsc#1195612 CVE-2022-24448).
- commit 1023a28
- scsi: ufs: Correct the LUN used in eh_device_reset_handler()
  callback (bsc#1193864 CVE-2021-39657).
- commit 5ec67f9
- kernel-obs-build: include 9p (boo#1195353)
  To be able to share files between host and the qemu vm of the build
  script, the 9p and 9p_virtio kernel modules need to be included in
  the initrd of kernel-obs-build.
- commit 0cfe67a
- net: tipc: validate domain record count on input (bsc#1195254).
- commit 96de11b
- kernel-binary.spec.in: Move 20-kernel-default-extra.conf to the correctr
  directory (bsc#1195051).
- commit c80b5de
- kernel-binary.spec: Do not use the default certificate path (bsc#1194943).
  Using the the default path is broken since Linux 5.17
- commit 68b36f0
- fix rpm build warning
  tumbleweed rpm is adding these warnings to the log:
  It's not recommended to have unversioned Obsoletes: Obsoletes:      microcode_ctl
- commit 3ba8941
- build initrd without systemd
  This reduces the size of the initrd by over 25%, which
  improves startup time of the virtual machine by 0.5-0.6s on
  very fast machines, more on slower ones.
- commit ef4c569
libarchive
- Fix CVE-2021-36976 use-after-free in copy_string
  (CVE-2021-36976, bsc#1188572)
  * fix-CVE-2021-36976.patch
- The following issues have already been fixed in this package but
  weren't previously mentioned in the changes file:
  CVE-2017-5601, bsc#1022528, bsc#1189528
open-iscsi
- Update to latest upstream, including test cleanup, minor
  bug fixes (cosmetic), and fixing iscsi-init (bsc#1195656).
- Updated to latest upstream 2.1.6 as 2.1.6-suse, which contains
  bug fixes and cleanups. See the Changelog for more details.
openldap2
- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression
  reporting is bsc#1197004 causing SSSD to have faults.
openssl-1_1
- Security Fix: [bsc#1196877, CVE-2022-0778]
  * Infinite loop in BN_mod_sqrt() reachable when parsing certificates
  * Add openssl-CVE-2022-0778.patch openssl-CVE-2022-0778-tests.patch
- Fix PAC pointer authentication in ARM [bsc#1195856]
  * PAC pointer authentication signs the return address against the
    value of the stack pointer, to prevent stack overrun exploits
    from corrupting the control flow. The Poly1305 armv8 code got
    this wrong, resulting in crashes on PAC capable hardware.
  * Add openssl-1_1-ARM-PAC.patch
- Pull libopenssl-1_1 when updating openssl-1_1 with the same
  version. [bsc#1195792]
- FIPS: Fix function and reason error codes [bsc#1182959]
  * Add openssl-1_1-FIPS-fix-error-reason-codes.patch
- Enable zlib compression support [bsc#1195149]
  * Add openssl-fix-BIO_f_zlib.patch to fix BIO_f_zlib: Properly
    handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls.
pam
- Between allocating the variable "/ai"/ and free'ing them, there are
  two "/return NO"/ were we don't free this variable. This patch
  inserts freaddrinfo() calls before the "/return NO;"/s.
  [bsc#1197024, pam-bsc1197024-free-addrinfo-before-return.patch]
- Define _pam_vendordir as "//%{_sysconfdir}/pam.d"/
  The variable is needed by systemd and others.
  [bsc#1196093, macros.pam]
postgresql13
- bsc#1195680: Upgrade to 13.6:
  * https://www.postgresql.org/docs/13/release-13-6.html
  * Reindexing might be needed after applying this upgrade, so
    please read the release notes carefully.
- boo#1190740: Add constraints file with 12GB of memory for s390x
  as a workaround
- Add a llvmjit-devel subpackage to pull in the right versions
  of clang and llvm for building extensions.
- Fix some mistakes in the interdependencies between the
  implementation packages and their noarch counterpart.
- Update the BuildIgnore section.
procps
- Add patch bsc1195468-23da4f40.patch to fix bsc#1195468 that is
  ignore SIGURG
protobuf
- Fix incorrect parsing of nullchar in the proto symbol, CVE-2021-22570,
  bsc#1195258
  * Add protobuf-CVE-2021-22570.patch
python
- Update bundled pip wheel to the latest SLE version patched
  against bsc#1186819 (CVE-2021-3572).
- Recover again proper value of %python2_package_prefix
  (bsc#1175619).
- BuildRequire rpm-build-python: The provider to inject python(abi)
  has been moved there. rpm-build pulls rpm-build-python
  automatically in when building anything against python3-base, but
  this implies that the initial build of python3-base does not
  trigger the automatic installation.
- Older SLE versions should use old OpenSSL.
- Add CVE-2022-0391-urllib_parse-newline-parsing.patch
  (bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs
  containing ASCII newline and tabs in urlparse.
- Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146,
  bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib
  not trust the PASV response.
- build against openssl 1.1.x (incompatible with openssl 3.0x)
  for now.
- on sle12, python2 modules will still be called python-xxxx until EOL,
  for newer SLE versions they will be python2-xxxx
- BuildRequire rpm-build-python: The provider to inject python(abi)
  has been moved there. rpm-build pulls rpm-build-python
  automatically in when building anything against python3-base, but
  this implies that the initial build of python3-base does not
  trigger the automatic installation.
python-base
- Update bundled pip wheel to the latest SLE version patched
  against bsc#1186819 (CVE-2021-3572).
- Recover again proper value of %python2_package_prefix
  (bsc#1175619).
- BuildRequire rpm-build-python: The provider to inject python(abi)
  has been moved there. rpm-build pulls rpm-build-python
  automatically in when building anything against python3-base, but
  this implies that the initial build of python3-base does not
  trigger the automatic installation.
- Older SLE versions should use old OpenSSL.
- Add CVE-2022-0391-urllib_parse-newline-parsing.patch
  (bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs
  containing ASCII newline and tabs in urlparse.
- Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146,
  bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib
  not trust the PASV response.
- build against openssl 1.1.x (incompatible with openssl 3.0x)
  for now.
- on sle12, python2 modules will still be called python-xxxx until EOL,
  for newer SLE versions they will be python2-xxxx
- BuildRequire rpm-build-python: The provider to inject python(abi)
  has been moved there. rpm-build pulls rpm-build-python
  automatically in when building anything against python3-base, but
  this implies that the initial build of python3-base does not
  trigger the automatic installation.
python-jsonschema
- Add patch to fix build with new webcolors:
  * webcolors.patch
- update to version 3.2.0 (jsc#SLE-18756):
  * Added a format_nongpl setuptools extra, which installs only format
    dependencies that are non-GPL (#619).
- specfile:
  * be more explicit in %files section
  * require python-importlib-metadata
- update to version 3.1.1:
  * Temporarily revert the switch to js-regex until #611 and #612 are
    resolved.
- changes from version 3.1.0:
  * Regular expressions throughout schemas now respect the ECMA 262
    dialect, as recommended by the specification (#609).
- Replace %fdupes -s with plain %fdupes; hardlinks are better.
- Activate more of the test suite
- Remove tests and benchmarking from the runtime package
- Update to v3.0.2
  * Fixed a bug where 0 and False were considered equal by
    const and enum
- from v3.0.1
  * Fixed a bug where extending validators did not preserve their
    notion of which validator property contains $id information.
- from v3.0.0
  * Support for Draft 6 and Draft 7
  * Draft 7 is now the default
  * New TypeChecker object for more complex type definitions
    (and overrides)
  * Falling back to isodate for the date-time format checker is
    no longer attempted, in accordance with the specification
- Add non-updating note to the SPEC file
- downgrade to < 3.0.0 again to fix all openstack clients
- Update to 3.0.1:
  * Support for Draft 6 and Draft 7
  * Draft 7 is now the default
  * New TypeChecker object for more complex type definitions (and overrides)
  * Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification
- Use %license instead of %doc [bsc#1082318]
python3
- Update bundled pip wheel to the latest SLE version patched
  against bsc#1186819 (CVE-2021-3572).
- Add patch support-expat-245.patch:
  * Support Expat >= 2.4.5
- Rename 22198.patch into more descriptive remove-sphinx40-warning.patch.
- Don't use appstream-glib on SLE-12.
- Use Python 2-based Sphinx on SLE-12.
- No documentation on SLE-12.
- Add skip_SSL_tests.patch skipping tests because of patched
  OpenSSL (bpo#9425).
release-notes-sles
- 15.3.20220323 (tracked in bsc#933411)
- Move KubeVirt out of tech preview
- aarch64: Fixed GICv4.1 acronym (jsc#SLE-14763)
salt
- (CVE-2020-22934) (CVE-2020-22935) (CVE-2020-22936) (CVE-2020-22941) (bsc#1197417)
- Added:
  * patch_for_cve_bsc1197417.patch
sudo
- Add sudo-1.9.5p2-honor-T_opt.patch
  * the -T option of sudo does nothing even when
  'Defaults user_command_timeouts' is present in the configuration.
  * [bsc#1193446]
  * Credit to Jaroslav Jindrak <dzejrou@gmail.com>
supportutils
- Spec file adjusted for usr-merge
- Changes to version 3.1.20
  + Added command blkid #114
  + Added s390x specific files and output #115
  + Fix for invalid argument during updates (bsc#1193204)
  + Optimized conf_files, conf_files_text and log_cmd functions #118
  + Fixed iscsi initiator name (bsc#1195797)
  + Added rpcinfo -p output #116
  + Included /etc/sssd/conf.d configuration files #100
- Changes to version 3.1.19
  + Made /proc directory and network names spaces configurable (bsc#1193868)
- Changes to version 3.1.19
  + Removed chronyc DNS lookups with -n switch (bsc#1193732)
- Merged Include udev rules in /lib/udev/rules.d/ #113
- Merged Move localmessage/warm logs out of messages.txt to new localwarn.txt #87
- getappcore identifies compressed core files (bsc#1191794)
- Installing to /usr/sbin instead of /sbin (bsc#1191096)
- Added shared memory as a log directory for emergency use (bsc#1190943)
- Fixed cron package for RPM validation (bsc#1190315)
- Updated spec file with correct URL
- Changes to version 3.1.18
  + Added email.txt based on OPTION_EMAIL #108 (bsc#1189028)
  + Include 'multipath -t' output in mpio.txt #105
  + Improved lsblk readability with --ascsi #106
  + Removed duplicate commands in network.txt
  + Remove duplicate firewalld status output #109
systemd-rpm-macros
- Bump version to 11
- Make %_modprobedir point to /lib/modprobe.d (bsc#1196275 bsc#1196406)
  Until SLE15-SP3:QU2, /usr/lib/modprobe.d path was not supported by kmod and
  since SLE15-SP4 /etc/modprobe.d/README has references to /lib/modprobe.d...
tcl
- New version 8.6.12:
  * (bug)[d43f96] [string trim*] broken for Emoji
  * (bug)[22324b] [string reverse] broken for Emoji
  * (bug)[1dab71,7c64aa] BRE broken by uninitialized value use
  * (bug)[8419c5] Unix tty channels tolerate EINTR
  * ** POTENTIAL INCOMPATIBILITY ***
  * (bug)[4c591f] [string compare] EIAS violation
  * (bug)[266494] [concat foo [list #]] EIAS violation
  * (bug)[24b918] Save IO buffers from modern optimizers
  * (new) support for POSIX error EILSEQ
  * (bug)[688fcc] segfault during traced delete of alias
  * (bug)[ccc448] segfault in ensemble rewrite machinery
  * (new) Update to Unicode-14
  * (bug)[a8579d] failed proc argument spec processing
  * Obsoletes tcl-aa4a13c15516da45.patch
- Bump %itclver and ensure it stays in sync.
- bsc#1185662: Move tcl.macros /usr/lib/rpm/macros.d .
- https://core.tcl-lang.org/thread/tktview?name=98ae20f0f5:
  Add tcl-aa4a13c15516da45.patch to disable lto for the stubs
  libraries.
- tclConfig.sh: Fix path names and avoid braces in TCL_PACKAGE_PATH
- Set TCL_LIBRARY at configure time for better consistency.
- New version: 8.6.11:
  * Add tcltest::(Setup|Eval|Cleanup|)Test
  * Update to Unicode-13
  * Add 3 libtommath functions to stub table
  * Many more bug fixes
- Potentially incompatible changes:
  * (bug)[ffeb20] [binary decode base64] ignore invalid chars
  * (bug)[b8e82d] some -maxlen values break uuencode round trip
  * (bug)[085913] Tcl_DStringAppendElement # quoting precision
  * (bug)[81242a] revised documentation for Tcl_UtfAtIndex()
  * (bug)[ed2980] Tcl_UtfToUniChar reads > TCL_UTF_MAX bytes
  * (bug)[a1bd37] [clock scan] new ISO format (clock-34.(19-24))
  * (bug)[501974] [clock scan] +time zone (clock-34.(53-68))
  * (new) force -eofchar 032 when evaluating library scripts
  * (new)[48898a] improve error message consistency
  * (new) revised case of module names
- Add a manpage symlink for tclsh8.6.
- Fix build with RPM 4.16: error: bare words are no longer
  supported, please use "/..."/:  lib64 == lib64.
- New version: 8.6.10:
  * (bug)[7a9dc5] [file normalize ~/~foo] segfault
  * (bug)[3cf3a9] variable 'timezone' deprecated in vc2017
  * (bug)[cc1e91] [list [list {*}[set a "/ "/]]] regression
    obsoletes tcl-expand-regression.patch.
  * (bug)[e3f481] tests var-1.2[01]
  * (new) Update to Unicode 12.0
  * (new)[TIP 527] New command [timerate]
  * (bug)[39fed4] [package require] memory validity
  * (new) New command tcl::unsupported::corotype
  * (bug) memlink when namespace deletion kills linked var
  * (new) README file converted to README.md in Markdown
  * (bug)[8b9854] [info level 0] regression with ensembles
  * (bug)[6bdadf] crash multi-arg write-traced [lappend]
  * (bug)[f8a33c] crash Tcl_Exit before init
  * (bug)[fa6bf3] Bytecode fails epoch recovery at numLevel=0
  * (bug)[fec0c1] C stack overflow compiling bytecode
  * tzdata updated to Olson's tzdata2019c
  * (bug)[16768d] Fix [info hostname] on NetBSD
  * (new) libtommath updated to release 1.2.0
  * (bug)[bcd100] bad fs cache when system encoding changes
  * (bug)[135804] segfault in [next] after destroy
  * (bug)[13657a] application/json us text, not binary
- binary-40.3 is expected to fail on riscv64 which does not support NaN
  propagation
- Use FAT LTO objects in order to provide proper static
  library (boo#1138797).
- Fix a regression in the handling of denormalized empty lists
  (tcl-expand-regression.patch, tcl#cc1e91552c).
- New version: 8.6.9:
  * NR-enable [package require]
  * (bug)[9fd5c6] crash in object deletion, test oo-11.5
  * (bug)[3c32a3] crash deleting object with class mixed in
  * (platform) stop using -lieee, removed from glibc-2.27
    (bsc#1179615, bsc#1181840).
  * (bug)[8e6a9a] bad binary [string match], test string-11.55
  * (bug)[1873ea] repair multi-thread std channel init
  * (bug)[db36fa] broken bytecode for index values
  * (bug) broken compiled [string replace], test string-14.19
  * (bug) [string trim*] engine crashed on invalid UTF
  * (bug) missing trace in compiled [array set], test var-20.11
  * (bug)[46a241] crash in unset array with search, var-13.[23]
  * (bug)[27b682] race made [file delete] raise "/no such file"/
  * (bug)[925643] 32/64 cleanup of filesystem DIR operations
  * (bug) leaks in TclSetEnv and env cache
  * (bug)[3592747] [yieldto] dying namespace, tailcall-14.1
  * (bug)[270f78] race in [file mkdir]
  * (bug)[3f7af0] [file delete] raised "/permission denied"/
  * (bug)[d051b7] overflow crash in [format]
  * revised quoting of [exec] args in generated command line
  * HTTP Keep-Alive with pipelined requests
  * (new)[TIP 505] [lreplace] accepts all out of range indices
  * (bug) Prevent crash from NULL keyName in the registry package
  * Update tcltest package for Travis support
  * (bug)[35a8f1] overlong string length of some lists
  * (bug)[00d04c] Repair [binary encode base64]
- Version 8.6.8:
  * [array names -regexp] supports backrefs
  * Fix gcc build failures due to #pragma placement
  * (bug)[b50fb2] exec redir append stdout and stderr to file
  * (bug)[2a9465] http state 100 continue handling broken
  * (bug)[0e4d88] replace command, delete trace kills namespace
  * (bug)[1a5655] [info * methods] includes mixins
  * (bug)[fc1409] segfault in method cloning, oo-15.15
  * (bug)[3298012] Stop crash when hash tables overflow 32 bits
  * (bug)[5d6de6] Close failing case of [package prefer stable]
  * (bug)[4f6a1e] Crash when ensemble map and list are same
  * (bug)[ce3a21] file normalize failure when tail is empty
  * (new)[TIP 477] nmake build system reform
  * (bug)[586e71] EvalObjv exception handling at level #0
- Sync SLE12 with Factory to fix a bug in Itcl that was affecting
  iwidgets (bsc#903017).
timezone
- timezone update 2022a (bsc#1177460):
  * Palestine will spring forward on 2022-03-27, not -03-26*
  * zdump -v now outputs better failure indications
  * Bug fixes for code that reads corrupted TZif data
tk
- New version 8.6.12:
  * (bug)[7beaed] ttk::bindMouseWheel syntax error
  * (new) support 4 new keycodes: CodeInput, SingleCandidate,
    MultipleCandidate, PreviousCandidate
  * (new) Portable keycodes: OE, oe, Ydiaeresis
  * (bug)[9e1312] <Enter> to parent after child destroyed
  * (bug)[d3cd4c] more robust notebook processing
  * (bug)[234ee4] crash in [clipboard get] invalid encoding
  * (bug)[be9cad] Poor trace housekeeping -> tkwait segfault
  * (bug)[9b6065] restore Tcl [update], see window-2.12
  * (bug)[34db75,ea876b] cursor motion in peer text
  * (bug)[c97464] memleak in TkpDrawAngledChars
  * (bug)[171ba7] crash when grab and focus are not coordinated
  * crash due to failed transient record housekeeping
  * (bug)[099109] segfault reusing a container toplevel
  * (bug)[4efbfe] static package init order in wish
  * (bug)[033886] Win: hang in font loading
  * (bug)[8ebed3] multi-thread safety in Xft use
  * (new)[TIP 608] New virtual event <<TkWorldChanged>>
- Update to version 8.6.11.1 (still presenting itself as 8.6.11)
  * Fixed issue in bindMouseWheel
- Version 8.6.11:
  * Fix TkKeyEvent platform variations
  * ttk respect -cursor option
  * MouseWheel for ttk::scrollbar
  * fix fontconfig crash when no font installed
  * fix tearoff menu redraw artifacts
  * stop crash w/Noto Color Emoji font
  * fix crash of angled text w/o Xft
  * fix crash when active button is destroyed
  * disfavor Master/Slave terminology
  * many more bug fixes.
- Fix manpage symlink for wish8.6.
- Fix build with RPM 4.16: error: bare words are no longer
  supported, please use "/..."/:  lib64 == lib64.
- Version 8.6.10:
  * (bug)[0a9c91] crash in text-11a.22
  * (bug)[9705d1] crash activating "/Alt"/ theme
  * (bug)[e3b954] cursor offset at full screen display
  * (bug)[18a4ba] cross-platform [winfo containing]
  * (build) 'None', 'ControlMask' symbol conflicts
  * (bug)[509caf] [treeview tag configure] regression
  * (bug)[3003895] [scale] res rounds and -from
  * (new)[TIP 533] [$mb post x y idx]
  * (bug)[1529659] embed toplevel blocks outer menu
  * (bug)[8814bd] crash in [NSMenu size]
  * (bug)[1951ab] Prevent transient window cycles (crashed on Aqua)
  * ** POTENTIAL INCOMPATIBILITY ***
  * (bug)[4da219] Incomplete read of multi-image GIF
  * (new)[TIP 535] Precision of ::scale widget tick mark values
  * ** POTENTIAL INCOMPATIBILITY ***
  * (bug)[da3914] [$treeview identify element] failure
  * (bug)[897ffe] Prevent cross-manager loops of geom management
  * (bug)[368fa4] Prevent toggle of hidden treeview indicators
  * (bug)[928652] Apply TIP 533 for ttk::menubutton
  * (bug)[1001070] X-platform rework of label options -highlight*
  * (bug)[6286fd] checkbutton handling of -selectcolor
  * (bug) Ttk scrolling bugs, see tests treeview-9.1, entry-3.[3-6]
  * (new)[TIP 541] [combobox current] support "/end"/ index
  * (bug)[2a6c62] <<TreeviewSelect>> trigger on item delete
  * (bug)[75b8fb] Crash with some [event generate]d <ButtonRelease>
  * (bug)[5ddeca] Stop app switching exposing withdrawn windows as zombies
  * (new) Refactor all MouseWheel bindings
  * ** POTENTIAL INCOMPATIBILITY ***
  * (bug)[c8ccd1] up array key in [text] takes to index 1.0
  * (new)[TIP 532] Tk event loop rewrite to prevent ring overflow
  * ** POTENTIAL INCOMPATIBILITY ***
  * (bug)[2834776] Stop disabled spinbox from generating
    <<Increment>> & <<Decrement>>
  * (bug)[a01b6f7] Workaround XWayland bug reporting screen width
  * (bug)[b82bd4] Fix [style configure -compound]
  * (bug)[69b48f] failing test textTag-18.1
  * (bug)[c4abd2] panic in stackorder command
  * (bug)[53d280] [wm iconphoto] crash on empty image
  * [90d555] workaround NSFontManager bad selections
  * (new) Partial Emoji support in text displays
- tk-8.5.12-fix-xft.patch is not needed anymore.
- Use FAT LTO objects in order to provide proper static
  library (boo#1138797).
- Version 8.6.9:
  * (platform) stop using -lieee, removed from glibc-2.27
    (bsc#1179615, bsc#1181840).
  * (bug)[aa7679] crash using window after master destroyed
  * (bug)[925262] New option -state for ttk::scale
  * (bug)[fa8de7] Crash [ttk::checkbutton .x -variable {}]
  * (bug)[382712] Crash in [event generate . <KeyPress>]
  * (bug)[657c38] Crash in menu destroy with checkbutton entry
  * (bug)[de156e] Deny PRIMARY selection access in safe interps
  * (bug)[b68710] Fixes in [text] bindings
  * (bug)[e20d5c] Stop failures of textTag-18.1
  * (bug)[5d991b] Fortify var traces against deleted vars
  * (bug)[1821174] Stop RenderBadPicture X error
  * (bug)[502e74] Stop X errors on untrusted connections
  * (bug)[71b131] Regression in Tk_DrawChars()
  * (bug)[59fccb] menu flaws when empty menubar clicked
  * (bug)[7423f9] improved legacy support for [tk_setPalette]
  * (bug)[de01e2] Crash in [$text replace]
  * (bug)[135696] Crash in [wm transient]
  * (bug)[309b42] Improve ttk high-contrast-mode support
  * (bug)[fabed1] GIF photo support for "/deferred clear code"/
  * (bug)[3441086] error message in layout-2
  * (bug)[05bd7f] vista theme for combobox
  * (bug)[382712] crash in KeyPress event handling
  * (bug)[6fcaaa] insertion cursor visibility in ttk::entry
  * (bug)[822923] cascade menu indicator color
  * (bug)[9658bc] borderwidth calculations on menu items
  * (bug)[ca403f] treeview border drawing
  * (bug)[4b555a] hang in [$text search -all]
  * (bug)[6b22d4] [treeview] binding fix
- Update tkcon.tcl to CVS revision 1.124:
  * Use -underline clearly to disambiguate from new 8.6.6 option
  - underlinefg
  * prevent file edit from undoing loading of file
- add explicit buildrequire on fontconfig-devel
- Version 8.6.8:
  * (bug)[f1a3ca] Memory leak in [text] B-tree
  * (bug)[ee40fd] Report [console] init errors
  * (bug)[3295446] Improve history visibility in [console]
  * (bug)canvas closed polylines fully honor -joinstyle
  * (bug)[cc42cc] out of mem crash in tests imgPhoto-18.*
  * (bug)[3406785] fix coords rounding when drawing canvas items
  * (bug)[8277e1] linux fontchooser sync with available fonts
  * (bug)[5239fd] Segfault copying a photo image to itself
  * (bug)[514ff6] canvas rotated text overlap detection
  * (bug)[1e0db2] canvas rchars artifacts
  * (bug)[d9fdfa] display of Long non-wrapped lines in text
  * (bug)[dd9667] text anchor not set
  * (bug)[bb6b40] ::tk::AmpMenuArgs and 'entryconf'
  * (bug)[55b95f] Crash [scale] with a bignum value
  * (bug)[ce62c8] text-37.1 fails
  * (bug)[0ef1c5] OS X - tests menu-22.[345] hang
  * (bug) display of embedded toplevels
  * (bug)[73ba07] Correct property type for MULTIPLE conversion
  * (bug) Memory leak in tkImgPhoto.c.
  * (bug) Defeat zombie toplevels
  * (bug) [wm withdraw] on Window and Dock menus
  * (new)[TIP 477] nmake build system reform
- Sync SLE12 with Factory to fix a bug in Itcl that was affecting
  iwidgets (bsc#903017).
tomcat
- Remove log4j (bsc#1196137)
- Fixed CVEs:
  * CVE-2022-23181: Make calculation of session storage location more robust (bsc#1195255)
- Added patches:
  * tomcat-9.0-CVE-2022-23181.patch
util-linux
- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51,
  util-linux-libuuid-extend-cache.patch).
- Prevent root owning of /var/lib/libuuid/clock.txt
  (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
- Make uuidd lock state file usable and time based UUIDs safe again
  (bsc#1194642, util-linux-uuidd-fix-lock-state.patch).
- Fix "/su -s"/ bash completion
  (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
util-linux-systemd
- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51,
  util-linux-libuuid-extend-cache.patch).
- Prevent root owning of /var/lib/libuuid/clock.txt
  (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
- Make uuidd lock state file usable and time based UUIDs safe again
  (bsc#1194642, util-linux-uuidd-fix-lock-state.patch).
- Fix "/su -s"/ bash completion
  (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
xen
- bsc#1196915 - VUL-0: CVE-2022-0001, CVE-2022-0002,CVE-2021-26401:
  xen: BHB speculation issues (XSA-398)
  62278667-Arm-introduce-new-processors.patch
  62278668-Arm-move-errata-CSV2-check-earlier.patch
  62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch
  6227866a-Arm-Spectre-BHB-handling.patch
  6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch
  6227866c-x86-AMD-cease-using-thunk-lfence.patch
- bsc#1191668 - L3: issue around xl and virsh operation - virsh
  list not giving any output
  Replace
    libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
    libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
  by upstream backport
    61f7b2af-libxl-dont-touch-nr_vcpus_out-if-listing.patch
- Upstream bug fixes (bsc#1027519)
  60782745-x86-AMD-split-LFENCE-setup.patch
  6081bae4-x86-cpuid-LFENCE-always-serialising.patch
  61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch
  61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch
  61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch
  61f933a4-x86-cpuid-advertise-SSB_NO.patch
  61f933a5-x86-drop-use_spec_ctrl-boolean.patch
  61f933a6-x86-new-has_spec_ctrl-boolean.patch
  61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch
  61f933a8-x86-SPEC_CTRL-record-last-write.patch
  61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch
  61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch
  61f933ab-x86-AMD-SPEC_CTRL-infra.patch
  61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch
  61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch
  6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch
  6202afa4-x86-TSX-move-has_rtm_always_abort.patch
  6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch
  6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch
  6202afa8-x86-Intel-PSFD-for-guests.patch
- Update to Xen 4.14.4 bug fix release (bsc#1027519)
  xen-4.14.4-testing-src.tar.bz2
- Drop patches contained in new tarball
  6138b7a1-x86-spec-ctrl-split-diagnostics-line.patch
  6138b7a2-x86-AMD-enum-speculative-hints.patch
  6138b7a3-x86-AMD-use-newer-SSBD.patch
  6139f1b1-x86-spec-ctrl-print-AMD-features.patch
  6148453b-VT-d-hidden-devices-unmap.patch
  6148455f-VT-d-PCI-segment-numbers-16-bits.patch
  61532102-PCI-bridge-with-subord-bus-0xFF.patch
  615c9fd0-VT-d-fix-deassign-of-device-with-RMRR.patch
  61655b5a-AMD-IOMMU-hidden-devices-flush.patch
  616d66bd-x86-HVM-cleanup-after-failed-viridian_vcpu_init.patch
  616e7cfe-x86-paging-restrict-paddr-width-reported.patch
  618289da-x86-shstk-fix-with-XPTI-active.patch
  619b7ac9-harden-assign_pages.patch
  619b8cb0-x86-PoD-misaligned-GFNs.patch
  619b8cb1-x86-PoD-intermediate-page-orders.patch
  619b8cb2-x86-P2M-set-partial-success.patch
  61b31d5c-x86-restrict-all-but-self-IPI.patch
  61b88e78-x86-CPUID-TSXLDTRK-definition.patch
  61bc429f-revert-hvmloader-PA-range-should-be-UC.patch
  61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch
  xsa393.patch
  xsa394.patch
  xsa395.patch
  list not giving any output (see also bsc#1194267)
xstream
- Upgrade to 1.4.19
  * Security fixes
    + This maintenance release addresses the security vulnerability
    CVE-2021-43859, bsc#1195458, when unmarshalling highly
    recursive collections or maps causing a Denial of Service.
  * API changes
    + Added c.t.x.XStream.COLLECTION_UPDATE_LIMIT and
    c.t.x.XStream.COLLECTION_UPDATE_SECONDS.
    + Added c.t.x.XStream.setCollectionUpdateLimit(int).
    + Added c.t.x.core.SecurityUtils.
    + Added c.t.x.security.AbstractSecurityException and
    c.t.x.security.InputManipulationException.
    + c.t.x.security.InputManipulationException derives now from
    c.t.x.security.AbstractSecurityException.
yaml-cpp
- Fix CVE-2018-20573 The Scanner:EnsureTokensInQueue function in yaml-cpp
  allows remote attackers to cause DOS via a crafted YAML file
  (CVE-2018-20573, bsc#1121227)
- Fix CVE-2018-20574 The SingleDocParser:HandleFlowMap function in
  yaml-cpp allows remote attackers to cause DOS via a crafted YAML file
  (CVE-2018-20574, bsc#1121230)
- Fix CVE-2019-6285 The SingleDocParser::HandleFlowSequence function in
  cpp allows remote attackers to cause DOS via a crafted YAML file
  (CVE-2019-6285, bsc#1122004)
- Fix CVE-2019-6292 An issue was discovered in singledocparser.cpp in
  yaml-cpp which cause DOS by stack consumption
  (CVE-2019-6292, bsc#1122021)
- Added patch cve-2018-20574.patch
zlib
- CVE-2018-25032: Fix memory corruption on deflate, bsc#1197459
  * bsc1197459.patch