apache-commons-lang3
- Update to 3.16.0:
  * New features:
    + Add StopWatch.getSplitDuration() and deprecate
    getSplitTime().
    + Add StopWatch.getStartInstant() and deprecate getStartTime().
    + Add StopWatch.getStopInstant() and deprecate getStopTime().
    + Add StopWatch.getDuration() and deprecate getTime().
    + Add Javadoc links from StopWatch to DurationUtils #1249.
    + Add LangCollectors.collect(Collector, T...).
    + Add RandomStringUtils.secure().
    + Add RandomStringUtils.insecure().
  * Fixed bugs:
    + Reimplement StopWatch internals to use java.time.
    + RandomStringUtils.random() with a negative character index
    should throw IllegalArgumentException. Fixes LANG-1745.
    + LocaleUtils.toLocale(String) cannot parse four segments.
    Fixes LANG-1741.
    + Use fewer intermediary strings in
    DefaultExceptionContext.getFormattedExceptionMessage(String).
    + Fix Javadoc in StringUtils.splitPreserveAllTokens() #1251.
    + Deprecate ArraySort constructor for removal.
    + Deprecate CharEncoding constructor for removal.
    + Deprecate Conversion constructor for removal.
    + Deprecate Conversion constructor for removal.
    + Deprecate EntityArrays constructor for removal.
    + Deprecate ObjectToStringComparator constructor for removal.
    + Deprecate RuntimeEnvironment constructor for removal.
- Includes changes from 3.15.0:
  * New features:
    + Customize text pattern in DiffResult#toString(). Fixes
    LANG-1724.
    + Add DiffBuilder.Builder.
    + Add DiffBuilder.builder().
    + Add ReflectionDiffBuilder.Builder.
    + Add ReflectionDiffBuilder.builder().
    + Add test in TypeUtilsTest #1151.
    + Add Streams.failableStream(T), non-varargs variant.
    + Add Streams.nonNull(T), non-varargs variant.
    + Add ArrayUtils.nullTo(T[], T[]).
    + Add T ArrayUtils.arraycopy(T, int, T, int, int) fluent style.
    + Add T ArrayUtils.arraycopy(T, int, int, int, Function) fluent
    style.
    + Add SystemUtils.IS_JAVA_22.
    + Add JavaVersion.JAVA_22.
    + Add SystemProperties.getUserName(Supplier<String>).
    + Add SystemProperties.getLineSeparator(Supplier<String>).
    + Add
    + SystemProperties.getJavaSpecificationVersion(Supplier<String>).
    + Add SystemProperties constants and methods for system
    properties as of Java 22.
    + Add MethodUtils.getMethodObject(Class, String, Class...).
    + Add null-safe Consumers.accept() and Functions.apply() #1215.
    Fixes LANG-1733.
    + Add SystemUtils.IS_OS_ANDROID.
    + Add SystemUtils.IS_OS_MAC_OSX_SONOMA.
    + Add RuntimeEnvironment.inContainer() #1241.
    + Add AppendableJoiner and refactor string joining #1244.
  * Fixed bugs:
    + Improve Javadoc in ExceptionUtils #1136.
    + Fixed two non-deterministic tests in EnumUtilsTest.java
    [#1131].
    + Fix wrong number check that cause
    StringIndexOutOfBoundsException #1140. Fixes LANG-1721.
    + Rethrow NegativeArraySizeException as SerializationException
    in SerializationUtils.deserialize(InputStream) #1141. Fixes
    LANG-1722.
    + Throw NumberFormatException instead of
    IndexOutOfBoundsException in NumberUtils.getMantissa(String,
    int) #1145. Fixes LANG-1723.
    + Minor grammar fixes #1143.
    + ArrayUtils will return null when adding two null arrays, but
    undocumented. Fixes LANG-1713.
    + Let parent POM figure out commons.spdx.version.
    + Undeprecate ExceptionUtils.rethrow(Throwable). Fixes
    LANG-1726.
    + Test the Conversion class #1155. Fixes LANG-1702.
    + Address minor redundancies after code inspection #1148.
    + Allow EventListenerSupport to handle (and ignore) exception
    from listeners allowing invocation of all listeners #1167.
    + Deprecate AnnotationUtils 0-argument constructor.
    + Deprecate ArchUtils 0-argument constructor.
    + Deprecate ArrayUtils 0-argument constructor.
    + Deprecate BooleanUtils 0-argument constructor.
    + Deprecate CharSequenceUtils 0-argument constructor.
    + Deprecate CharSetUtils 0-argument constructor.
    + Deprecate CharUtils 0-argument constructor.
    + Deprecate ClassLoaderUtils 0-argument constructor.
    + Deprecate ClassPathUtils 0-argument constructor.
    + Deprecate ClassUtils 0-argument constructor.
    + Deprecate ConstructorUtils 0-argument constructor.
    + Deprecate DateFormatUtils 0-argument constructor.
    + Deprecate DateUtils 0-argument constructor.
    + Deprecate Diff.getType().
    + Deprecate DiffBuilder.DiffBuilder(T, T, ToStringStyle).
    + Deprecate DiffBuilder.DiffBuilder(T, T, ToStringStyle,
    boolean).
    + Deprecate DurationFormatUtils 0-argument constructor.
    + Deprecate DurationUtils 0-argument constructor.
    + Deprecate EnumUtils 0-argument constructor.
    + Deprecate EventUtils 0-argument constructor.
    + Deprecate FieldUtils 0-argument constructor.
    + Deprecate IEEE754rUtils 0-argument constructor.
    + Deprecate InheritanceUtils 0-argument constructor.
    + Deprecate IntStreams 0-argument constructor.
    + Deprecate LocaleUtils 0-argument constructor.
    + Deprecate LockingVisitors 0-argument constructor.
    + Deprecate MemberUtils 0-argument constructor.
    + Deprecate MethodUtils 0-argument constructor.
    + Deprecate NumberUtils 0-argument constructor.
    + Deprecate ObjectUtils 0-argument constructor.
    + Deprecate RandomStringUtils 0-argument constructor.
    + Deprecate RandomUtils 0-argument constructor.
    + Deprecate ReflectionDiffBuilder.ReflectionDiffBuilder(T, T,
    ToStringStyle).
    + Deprecate RegExUtils 0-argument constructor.
    + Deprecate SerializationUtils 0-argument constructor.
    + Deprecate Streams 0-argument constructor.
    + Deprecate StringEscapeUtils 0-argument constructor.
    + Deprecate StringUtils 0-argument constructor.
    + Deprecate Suppliers 0-argument constructor.
    + Deprecate SystemProperties 0-argument constructor.
    + Deprecate ThreadUtils 0-argument constructor.
    + Deprecate TypeUtils 0-argument constructor.
    + Make ArrayFill null-safe.
    + Make ArraySorter null-safe.
    + Make ArrayUtils.removeAll() null-safe.
    + Fix Java version in README.md #1170.
    + StringUtils.stripAccents() should handle ligatures, UTF32
    math blocks, etc. #1201.
    + TypeUtils.toString(Type) StackOverflowError for an inner
    class in the inner class parameterized enclosing class #657.
    Fixes LANG-1524.
    + Deprecate SystemUtils.getUserName(String) in favor of
    SystemProperties.getUserName(Supplier).
    + Make LockVisitor.acceptReadLocked(FailableConsumer)
    null-safe.
    + Make LockVisitor.applyWriteLocked(FailableConsumer)
    null-safe.
    + Make ObjectUtils.getFirstNonNull(Supplier...) null-safe.
    + Make SystemProperties.getLineSeparator(Supplier).
    + StringUtils.stripAccents(String) doesn't handle "\u0111" and
    "\u0110" (Vietnamese) #1216.
    + StringUtils.stripAccents(String) doesn't handle I with bar.
    + StringUtils.stripAccents(String) doesn't handle U with bar.
    + StringUtils.stripAccents(String) doesn't handle T with
    stroke.
    + Fix Javadoc for FluentBitSet.setInclusive(int, int) #1222.
    Fixes LANG-1735.
    + Same Javadoc changes as [TEXT-234] #1223.
    + Remove duplicate static data in
    SerializationUtils.ClassLoaderAwareObjectInputStream.
    + Reimplement RandomUtils and RandomStringUtils on top of
    SecureRandom#getInstanceStrong() #1235.
    + DiffBuilder: Type constraint for method append(...,
    DiffResult) too strict #786. Fixes LANG-1657.

- Update to 3.14.0:
  * New features:
    + Add Functions#function(Function).
    + Add FailableFunction#function(FailableFunction).
    + Add CalendarUtils.getInstance().
    + Add syntax for optional tokens to DurationFormatUtils.
    + Add ArrayFill.
    + Add FastDateParser.TimeZoneStrategy.TzInfo.toString().
    + Add LocaleUtils.isLanguageUndetermined(Locale).
    + Add ObjectUtils.toString(Supplier<Object>, Supplier<String>).
    + Add LazyInitializer.isInitialized().
    + Add ConcurrentInitializer#isInitialized() #1120.
    + Add Streams.failableStream(T...).
    + Add FailableSupplier.nul().
    + Add Suppliers.nul().
    + Add ExceptionUtils.throwUnchecked(T) where T extends
    Throwable, and deprecate Object version.
    + Add ExceptionUtils.rethrowRuntimeException(T), and deprecate
    rethrow(T).
    + ConcurrentInitializer implementations can now be instantiated
    and configured with allocation and release lambdas.
    Fixes LANG-1716.
    + Add support for RISC-V in ArchUtils #1128. Fixes LANG-1717.
  * Fixed bugs:
    + Rename variable names from 'clss' to 'clazz'.
    + [Javadoc] ComparableUtils'c1' to 'comparable1', 'c2' to
    'comparable2'
    + [Javadoc] Remove 2.1 specific comment #1091.
    + [Javadoc] Fix Incorrect Description in Processor isAarch64()
    [#1093]. Fixes LANG-1704.
    + [Javadoc] Point to right getShortClassName flavor in Javadoc
    for relevant notes #1097.
    + Improve performance of StringUtils.isMixedCase().
    + ThreadUtils find methods should not return null items. Fixes
    LANG-1706.
    + ReflectionToStringBuilder changes in version 3.13.0 has broken
    the logic for overriding classes. Fixes LANG-1710.
    + Return "null" instead of NPE in
    ClassLoaderUtils.toString(ClassLoader).
    + Return "null" instead of NPE in
    ClassLoaderUtils.toString(URLClassLoader).
    + Return ToStringStyle.nullText instead of NPE for
    ReflectionToStringBuilder.toString().
    + Fix ThresholdCircuitBreaker#checkState().
    + Use ConcurrentInitializer implementations without subclassing.
    + Update critical value for chi-square test.
    + Fix Javadoc syntax errors #1129.
- From 3.13.0 update
  * New features:
    + Add GitHub coverage.yml.
    + Add EnumUtils.getEnumSystemProperty(...).
    + Add TriConsumer.
    + Add and use EnumUtils.getFirstEnumIgnoreCase(Class, String,
    Function, E).
    + Add and use Suppliers.
    + Add and use ArrayUtils.getComponentType(T[]).
    + Add and use ClassUtils.getComponentType(Class>T[]>).
    + Add and use ObjectUtils.getClass(T).
    + Add and use ArrayUtils.newInstance(Class>T>, int).
    + Add and use null-safe Streams.of(T...).
    + Add ClassUtils.comparator().
    + Add and use ThreadUtils.sleepQuietly(Duration).
    + Add and use ArrayUtils.setAll(T[], IntFunction).
    + Add and use ArrayUtils.setAll(T[], Supplier).
    + Add BooleanConsumer.
    + Add IntToCharFunction.
    + Add IntStreams.
    + Add UncheckedFuture.
    + Add UncheckedException.
    + Add UncheckedExecutionException.
    + Add UncheckedTimeoutException.
    + Add UncheckedInterruptedException.
    + Add TimeZones.GMT.
    + Add ObjectUtils.identityHashCodeHex(Object).
    + Add ObjectUtils.hashCodeHex(Object).
    + Add StringUtils.removeStart(String, char).
    + Add null-safe ObjectUtils.isArray(). Fixes LANG-1659.
    + Add ComparableUtils.max(A, A) and ComparableUtils.min(A, A).
    + Add UncheckedReflectiveOperationException.
    + Add and use ClassUtils.isPublic(Class).
    + Add UncheckedIllegalAccessException.
    + Add MethodInvokers.
    + Add Streams.nullSafeStream(Collection).
    + Add Streams.toStream(Collection).
    + Add Streams.failableStream(Collection) and deprecate misnamed
    stream(Collection).
    + Add Streams.failableStream(Stream) and deprecate misnamed
    stream(Stream).
    + Add EnumUtils.getEnumMap(Class, Function).
    + Add FluentBitSet.
    + Add Streams.instancesOf(Class, Collection).
    + Add ImmutablePair.ofNonNull(L, R).
    + Add ImmutableTriple.ofNonNull(L, M, R).
    + Add MutablePair.ofNonNull(L, R).
    + Add MutableTriple.ofNonNull(L, M, R).
    + Add Pair.ofNonNull(L, R).
    + Add Triple.ofNonNull(L, M, R).
    + Add ArrayUtils.containsAny(Object[], Object...).
    + Add Processor.Type.AARCH_64.
    + Add Processor.isAarch64().
    + Update ArchUtils.getProcessor(String) for "aarch64".
    + Add JavaVersion.JAVA_18.
    + Add JavaVersion.JAVA_19.
    + Add JavaVersion.JAVA_20.
    + Add JavaVersion.JAVA_21.
    + Add TimeZones.toTimeZone(TimeZone).
    + Add FutureTasks.
    + Add Memoizer(Function) and Memoizer(Function, boolean).
    + Add Consumers.
    + Add github/codeql-action.
    + Add coverage.yml.
    + Add DurationUtils.since(Temporal).
    + Add DurationUtils.of(FailableConsumer|FailableRunnbale).
    + Add ExceptionUtils.forEach(Throwable, Consumer<Throwable>).
    + Add ExceptionUtils.stream(Throwable).
    + Add ExceptionUtils.getRootCauseStackTraceList(Throwable).
    + Add SystemUtils.IS_OS_WINDOWS_11.
    + Add SystemUtils.IS_JAVA_16.
    + Add SystemUtils.IS_JAVA_17.
    + Add SystemUtils.IS_JAVA_18.
    + Add SystemUtils.IS_JAVA_19.
    + Add SystemUtils.IS_JAVA_20.
    + Add SystemUtils.IS_JAVA_21.
    + Add ArrayUtils.oneHot(). Fixes LANG-1627.
    + Let ReflectionToStringBuilder only reflect given field names.
    Fixes LANG-1662.
    + Add Streams.of(Enumeration<E>).
    + Add Streams.of(Iterable<E>).
    + Add Streams.of(Iterator<E>).
    + Simple support for Optional in ObjectUtils#isEmpty(). Fixes
    LANG-1689.
    + Add Processor.Type.getLabel().
    + Add Processor.toString().
    + Add HashCodeBuilder.equals(Object).
    + Add BooleanUtils.values() and forEach().
    + Add ClassPathUtils.packageToPath(String) and pathToPackage(String)
    + Add CalendarUtils#getDayOfYear()
    + Add NumberRange, DoubleRange, IntegerRange, LongRange.
    + Add missing exception javadoc/tests for some null arguments.
    + Add ClassLoaderUtils.getSystemURLs() and getThreadURLs().
    + Add RegExUtils.dotAll() and dotAllMatcher().
    + Add Pair.accept(FailableBiConsumer).
    + Add Pair.apply(FailableBiFunction).
    + Add ReflectionDiffBuilder.setExcludeFieldNames(...) and
    DiffExclude a... Fixes LANG-1677.
    + Add and ExceptionUtils.isChecked() and isUnchecked(). Fixes
    LANG-1647.
    + Add and use ExceptionUtils.throwUnchecked(throwable).
    + Add LockingVisitors.create(O, ReadWriteLock).
  * Fixed bugs:
    + NumberUtils.createNumber() to recognize hex integers prefixed
    with +. Fixes LANG-1645.
    + NumberUtils.createNumber() to return requested floating point
    type for zero. Fixes LANG-1646.
    + DMI: Random object created and used only once
    (DMI_RANDOM_USED_ONLY_ONCE); Better multi-threaded behavior.
    + Redundant Collection operation. Use
    Collections.emptyIterator(). Fixes LANG-1646.
    + Make Streams.stream(Collection) null-safe.
    + Allow tests to access java.util classes such as ArrayList in
    Java 16. Fixes LANG-1667.
    + OpenJDK 16 Day Period Parsing. Fixes LANG-1669.
    + Update documentation to list correct exception for null array
    parameters. Fixes LANG-1663.
    + Fixing reversed Javadoc descriptions in StopWatch.
    + Fix typos in JavaDoc. Fixes LANG-1670.
    + Simplify assertions with equivalent but more simple..
    + Avoid multiple equivalent occurrences of the same expression.
    + Remove redundant initializers.
    + Fix ObjectUtils Javadocs.
    + Make Range constructors more generic. Fixes LANG-1674.
    + Use final and Remove redundant String.
    + Use Set instead of List for checking the contains() method.
    + Javadoc for StringUtils.substringBefore(String str,
    int separator) doesn't mention that the separator is an int.
    + Fix NullPointerException in ThreadUtils.getSystemThreadGroup()
    when the current thread is stopped.
    + ArrayUtils.toPrimitive(Boolean...) null array elements map to
    false, like Boolean.parseBoolean(null) and its callers return
    false.
    + StrBuilder.StrBuilderReader.skip(long): Throw an exception
    when an implicit narrowing conversion in a compound assignment
    would result in information loss or a numeric error such as an
    overflows.
    + Deprecate Validate#notNull(Object) in favor of using
    Objects#requireNonNull(Object, String).
    + Use TimeZone from calendar in DateFormatUtils. Fixes
    LANG-1462.
    + Updating javadoc for NullPointerException when
    Validate.notNull() is called.
    + Fixing and adding DateUtils exception Javadocs.
    + Improve performance of StringUtils.unwrap(String, String).
    Fixes LANG-1679.
    + Improve performance of StringUtils.join for primitives. Fixes
    LANG-1675.
    + Fixed NPE getting Stack Trace if Throwable is null. Fixes
    LANG-1675.
    + Make Validate.isAssignableFrom() check null inputs.
    + Fix Javadoc for Validate.isAssignableFrom().
    + Make final mappingFunction variable.
    + Remove unnecessary variable creations.
    + Minor changes.
    + FastDateFormat does not support the 'L'-Pattern from
    SimpleDateFormat. Fixes LANG-1680.
    + Increase test coverage of ComparableUtils from 71% to 100%.
    + Increase method test coverage of
    MultilineRecursiveToStringStyle.
    + Fix unstable coverage of CharSequenceUtils tests noticed
    during merge of PRs 898 and 899.
    + Rewrite Conversion.binaryBeMsb0ToHexDigit to invert logic of
    binaryToHexDigit.
    + Allow extension of previously final classes ImmutablePair and
    ImmutableTriple.
    + Update ClassUtils Javadoc with some missing throws NPE.
    + Javadoc: StringUtils.repeat("", "x", 3) = "xx";.
    + StringUtils.join(Iterable, String) should only return null
    when the Iterable is null.
    + Add tests to increase coverage.
    + Extends Object clauses are redundant.
    + Simplify conditional expression..
    + Fix some Javadoc comments.
    + Deprecate getNanosOfMiili() method with typo and create proper
    getNanosOfMilli().
    + Deprecate ThreadUtils code that defines custom function
    interfaces in favor of stock java.util.function.Predicate
    usage.
    + Fix links in Javadoc and documentation.
    + Deprecate RandomUtils in favor of Apache Commons RNG
    UniformRandomProvider. Fixes LANG-1604.
    + Added docs regarding week year support. Fixes LANG-1638.
    + ClassUtils.getShortCanonicalName doesn't use the
    canonicalName. Fixes LANG-1691.
    + Validate: Get error messages without using String.format when
    varargs is empty.
    + Simplify expression (length is never < 0).
    + Fix simple broken javadoc..
    + Fix typo.
    + Use Objects.requireNonNull() directly.
    + MethodUtils.getMatchingMethod() fails with "Found multiple
    candidates". Fixes LANG-1694.
    + Construct ArrayList with better default size. Fixes LANG-1643.
    + ThreadUtilsTest#testThreadGroups will test failed when using
    Junit5 parallel test.
    + Swap the order of assertion args (first excepted then actual).
    + Fix the comment of Failable, redundant "-".
    + Fix the comment of ComparableUtils, using "smallest", not
    "largest".
    + AnnotationUtilsTest and FormattableUtilsTest Only use static
    imports to import assert methods in tests.
    + [LANG-1681] Fix some FieldUtils Javadocs.
    + Remove unnecessary statement in DurationFormatUtils.
    + Corrected value of SystemUtils.JAVA_VENDOR. Fixes LANG-1699.
    + [StepSecurity] ci: Harden GitHub Actions.
    + Update Javadoc for the insert methods in ArrayUtils.
    + Deprecate ExceptionUtils.ExceptionUtils().
    + TypeUtils.getRawType() throws a NullPointerException on
    Wildcard GenericArrayType. Fixes LANG-1697.
    + Throw IllegalArgumentException instead of InternalError in the
    builder package.
    + Avoid NPE in MutableObject#equals() for null content.
    + SystemUtils fix and updates related to macOS.

- Break cycle with the new bcel
- Removed patch:
  * apache-commons-lang3-junit-bom.patch
    + not needed since we install the pom file using the new
    %%mvn_install_pom macro which sanitizes the pom file to the
    bare runtime dependencies.
apache2
- Refresh apache2-CVE-2023-45802.patch.
- Fix for regression bsc#1233165.

- Apply fix for CVE-2023-45802, bsc#1216423.
  Patch file added:
  * apache2-CVE-2023-45802.patch

- Apply fix for CVE-2024-40725, bsc#1228097.
  Patch file added:
  * apache2-CVE-2024-40725.patch

- Apply fix for CVE-2024-39884, bsc#1227353.
  Patch file added:
  * apache2-CVE-2024-39884.patch

- Apply fix for CVE-2024-38474, bsc#1227278.
  Patch file added:
  * apache2-CVE-2024-38474.patch
- Apply fix for CVE-2024-38473, bsc#1227276.
  Patch files added:
  * apache2-CVE-2024-38473-1.patch
  * apache2-CVE-2024-38473-2.patch
  * apache2-CVE-2024-38473-3.patch
  * apache2-CVE-2024-38473-4.patch
bash
- Add patch boo1227807.patch
  * Load completion file eveh if a brace expansion is in the
    command line included (boo#1227807)
bcel
- Update to version 6.10.0
  * 6.10.0 (2024-06-24) Maintenance and bug fix release. Requires
    a minimum of Java 8.
    + Fix PMD UnnecessaryFullyQualifiedName.
    + Fix PMD EmptyCatchBlock by allowing commented blocks.
    + Fix PMD EmptyControlStatement by allowing commented blocks.
    + Fix SpotBugs RV_RETURN_VALUE_IGNORED_BAD_PRACTICE in
    JasminVisitor.
    + SpotBugs checks should ignore code generated by JavaCC.
    + Fix SpotBugs URF_UNREAD_FIELD in ClassDumper.
    + Fix SpotBugs DM_DEFAULT_ENCODING in JasminVisitor.
    + Fix SpotBugs RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE in
    ASTFunAppl.
    + Fix SpotBugs RV_ABSOLUTE_VALUE_OF_HASHCODE in
    Mini.Environment.
    + Fix SpotBugs DM_DEFAULT_ENCODING in Mini.MiniC.
    + Fix SpotBugs WMI_WRONG_MAP_ITERATOR in Package.go(String[]).
    + Deprecate TransitiveHull.INGORED in favor of
    TransitiveHull.getIgnored().
    + Add accessors to model and unit tests, Javadoc #183.
    + Add Const.MAJOR_22.
    + Add Const.MINOR_22.
    + Add Const.MAJOR_23.
    + Add Const.MINOR_23.
    + Add Const.MAJOR_24.
    + Add Const.MINOR_24.
    + Bump tests from org.assertj:assertj-core 3.25.3 to 3.26.3
    [#322], #332.
    + Bump tests from org.jetbrains.kotlin:kotlin-stdlib 1.9.23 to
    2.0.0 #309, #318.
    + Bump tests from org.apache.commons:commons-collections4 4.4
    to 4.5.0-M2.
    + Bump org.apache.commons:commons-parent from 69 to 71.
    + Bump org.codehaus.mojo:taglist-maven-plugin from 3.0.0 to
    3.1.0 #331.
  * Includes changes from  6.9.0 Maintenance and bug fix release.
    +  Add Support for Java 16 records #290.
    +  Add null guard for InstructionFactory.createInvoke() #289.
    +  Avoid possible NullPointerException in
    org.apache.bcel.classfile.DescendingVisitor.accept(E[]).
    +  Avoid possible NullPointerException in
    AnnotationEntryGen.getAnnotationAttributes(ConstantPoolGen,
    AnnotationEntryGen[]).
    +  Avoid possible NullPointerException in
    AnnotationEntryGen.copyValues(ElementValuePair[],
    ConstantPoolGen, boolean).
    +  Avoid possible NullPointerException in
    ArrayElementValueGen.ArrayElementValueGen(int,
    ElementValue[], ConstantPoolGen).
    +  Avoid possible NullPointerException in
    org.apache.bcel.generic.ClassGen.setMethods(Method[]).
    +  Avoid possible NullPointerException in
    org.apache.bcel.generic.ClassGen.unpackAnnotations(Attribute[]).
    +  Avoid possible NullPointerException in
    org.apache.bcel.classfile.ParameterAnnotationEntry.createParameterAnnotationEntries(Attribute[]).
    +  Avoid possible NullPointerException in
    org.apache.bcel.generic.ClassGen.ClassGen(JavaClass).
    +  Avoid possible NullPointerException in
    org.apache.bcel.generic.FieldGenOrMethodGen.addAll(Attribute[]).
    +  Avoid possible NullPointerException in
    org.apache.bcel.classfile.ParameterAnnotationEntry.createParameterAnnotationEntries(Attribute[]).
    +  Avoid NullPointerException after calling
    org.apache.bcel.classfile.MethodParameters.setParameters(MethodParameter[])
    with null.
    +  Avoid NullPointerException after calling
    org.apache.bcel.classfile.ParameterAnnotations.setParameterAnnotationTable(ParameterAnnotationEntry[])
    with null.
    +  Avoid NullPointerException after calling
    org.apache.bcel.classfile.LocalVariableTypeTable.setLocalVariableTable(LocalVariable[])
    with null.
    +  Avoid NullPointerException after calling
    org.apache.bcel.classfile.LocalVariableTable.setLocalVariableTable(LocalVariable[])
    with null.
    +  Avoid NullPointerException after calling
    org.apache.bcel.classfile.LineNumberTable.setLineNumberTable(LineNumber[])
    with null.
    +  Avoid NullPointerException after calling
    org.apache.bcel.classfile.JavaClass.setMethods(Method[] with
    null.
    +  Avoid NullPointerException after calling
    org.apache.bcel.classfile.JavaClass.setInterfaces(int[]) with
    null.
    +  Avoid NullPointerException after calling
    org.apache.bcel.classfile.JavaClass.setInterfaceNames(String[])
    with null.
    +  Avoid NullPointerException after calling
    org.apache.bcel.classfile.JavaClass.setFields(Field[]) with
    null.
    +  Avoid NullPointerException after calling
    org.apache.bcel.classfile.JavaClass.setAttributes(Attribute[])
    with null.
    +  Avoid NullPointerException after calling
    org.apache.bcel.classfile.ConstantPool.setConstantPool(Constant[])
    with null.
    +  Avoid NullPointerException after calling
    org.apache.bcel.classfile.FieldOrMethod.setAttributes(Attribute[])
    with null.
    +  Avoid NullPointerException after calling
    org.apache.bcel.classfile.Annotations.setAnnotationTable(AnnotationEntry[])
    with null.
    +  Avoid NullPointerException after calling
    org.apache.bcel.classfile.ArrayElementValue.ArrayElementValue(int,
    ElementValue[], ConstantPool) with null.
    +  Avoid NullPointerException after calling
    org.apache.bcel.classfile.BootstrapMethod.BootstrapMethod(int,
    int[]) with null.
    +  Avoid NullPointerException after calling
    org.apache.bcel.classfile.BootstrapMethod.setBootstrapArguments(int[])
    with null.
    +  Avoid NullPointerException after calling
    org.apache.bcel.classfile.BootstrapMethods.BootstrapMethods(int,
    int, BootstrapMethod[], ConstantPool) with null.
    +  Avoid NullPointerException after calling
    org.apache.bcel.classfile.BootstrapMethods.setBootstrapMethods(BootstrapMethod[])
    with null.
    +  Avoid NullPointerException calling
    org.apache.bcel.generic.InstructionList.redirectLocalVariables(LocalVariableGen[],
    InstructionHandle, InstructionHandle) with null.
    +  Avoid NullPointerException calling
    org.apache.bcel.generic.InstructionList.redirectExceptionHandlers(CodeExceptionGen[],
    InstructionHandle, InstructionHandle) with null.
    +  Avoid NullPointerException calling
    org.apache.bcel.generic.InstructionList.findHandle(InstructionHandle[],
    int[], int, int) with null.
    +  Avoid NullPointerException calling
    org.apache.bcel.generic.MethodGen.setArgumentTypes(Type[])
    with null.
    +  Avoid NullPointerException calling
    org.apache.bcel.generic.MethodGen.setArgumentNames(String[])
    with null.
    +  Avoid NullPointerException calling
    org.apache.bcel.generic.MethodGen.removeRuntimeAttributes(Attribute[])
    with null.
    +  Avoid NullPointerException calling
    org.apache.bcel.generic.MethodGen.makeMutableVersion(AnnotationEntry[])
    with null.
    +  Bump org.apache.commons:commons-parent from 66 to 69 #283,
    [#297].
    +  Bump org.jetbrains.kotlin:kotlin-stdlib from 1.9.22 to 1.9.23
    [#284].
    +  Bump commons-io:commons-io from 2.15.1 to 2.16.1 #295, #300.

- Update to version 6.8.0
  * 6.8.0 (2023-12-08) Maintenance and bug fix release.
    + New features:
    ~ Add and use InvalidMethodSignatureException extending
    ClassFormatException.
    ~ Increase code coverage in Class2HTMLTestCase with new test
    input Java4Example #186.
    ~ Add verifier tests on some opcodes #180.
    ~ Added signature test cases for class/method, and bad
    signatures #182.
    ~ Add Const.MAJOR_20.
    ~ Add Const.MINOR_20.
    ~ Add Const.MAJOR_21.
    ~ Add Const.MINOR_21.
    ~ [Bcelifier] stackmap support to pass JDK verifier #177.
    ~ Fix SpotBugs [ERROR] Class org.apache.bcel.util.ClassVector
    defines non-transient non-serializable instance field vec
    [org.apache.bcel.util.ClassVector] In ClassVector.java
    SE_BAD_FIELD.
    ~ Fix SpotBugs [ERROR] Switch statement found in
    org.apache.bcel.util.BCELFactory.visitAllocationInstruction(AllocationInstruction)
    where one case falls through to the next case
    [org.apache.bcel.util.BCELFactory,
    org.apache.bcel.util.BCELFactory] At
    BCELFactory.java:[lines 188-191]Another occurrence at
    BCELFactory.java:[lines 192-196] SF_SWITCH_FALLTHROUGH.
    + Fixed bugs:
    ~ When parsing an class with an invalid constant reference,
    ensure ClassParser.parse() throws ClassFormatException, not
    NullPointerException.
    ~ Ensure that references to a constant pool entry with index
    zero trigger a ClassFormatException, not a
    NullPointerException.
    ~ Ensure that references to the unused constant pool entry
    after a long/double entry triggers a ClassFormatException,
    not a NullPointerException.
    ~ Test and coverage of InstructionFactory #190.
    ~ Verifier: test and coverage for SWAP instruction #188.
    ~ Exception parsing Kotlin class with 'fun `method name with
    () in it`()' #205.
    ~ Fix null pointers in AnnotationEntry #213.
    ~ Field not found, search field in both super class and
    implemented interfaces (5x duplicated code to find field by
    name and type is refactored to a new method and now
    supports package-private) #181.
    ~ BCEL-366: Use alternative name for broken classes under
    test #220.
    ~ BCEL-367: Fixes java.lang.IndexOutOfBoundsException for
    ATHROW on empty stack #223.
    ~ BCEL-368: Fixes java.lang.StackOverflowError in
    Select#toString(boolean) #229.
    ~ Fix for type.getType(...) use on non-signature type names
    [#221].
    ~ Fix EmptyVisitorTestCase on Java 21.
    + Changes:
    ~ Bump commons-parent from 54 to 65 #189, #198, #222.
    ~ Bump jna.version from 5.12.1 to 5.13.0 #203.
    ~ Bump kotlin-stdlib from 1.8.10 to 1.9.21 #217, #219, #227,
    [#231], #235, #245, #247.
    ~ Bump commons-io from 2.11.0 to 2.15.1.
    ~ Bump commons-lang3 from 3.12.0 to 3.14.0.
    ~ Bump org.codehaus.mojo:exec-maven-plugin from 3.1.0 to
    3.1.1 #246.

- Update to version 6.7.0
  * 6.7.0 (2022-11-28) Maintenance and bug fix release.
  * 6.6.1 (2022-10-29) Maintenance and bug fix release.
  * 6.6.0 (2022-10-08) Minor feature and bug fix release.
  * 6.5.0 (2020-06-05) Minor feature and bug fix release.
  * 6.4.1 (2019-09-26) Bug fix release.
  * 6.4.0 (2019-09-20) Feature and bug fix release.
  * 6.3.1 (2019-03-20) Bug fix release
  * 6.3 (2019-01-23) Experimental Java 9, 10, 11, 12-EA, and 13-EA
    Support
  * 6.2 (2017-12-08) Experimental Java 9 Support
  * 6.1 (2017-09-14) Experimental Java 9 Support
  * 6.0 (2016-07-10) Apache Commons BCEL 6.0 is a major release
    supporting the new features introduced in Java 6, 7 and 8. It
    requires Java 7 or higher to run.
    COMPATIBILITY with 5.2
    + Binary compatible
  - not strictly compatible
  - The constant interface org.apache.bcel.Constants has been
    deprecated. Classes which implemented this interface in 5.2
    now use the constants defined in the org.apache.bcel.Const
    class.
  - The constant interface
    org.apache.bcel.generic.InstructionConstants has been
    deprecated. Classes which implemented this interface in 5.2
    now use the constants defined in the
    org.apache.bcel.generic.InstructionConsts class.
  - Return type of method 'public java.lang.Object
    getElementAt(int)' in org.apache.bcel.verifier
    .VerifierFactoryListModel has been changed to
    java.lang.String.
  - The BCEL classes do no longer implement java.io.Serializable.
    + Source compatible
  - Yes, sort of;
  - The org.apache.bcel.classfile.Visitor interface has been
    enhanced with additional methods. If you implemented it
    directly instead of extending the EmptyVisitor class you'll
    have to implement the new methods.
  - The org.apache.bcel.generic.Visitor interface has been
    enhanced with an additional method. If you implemented it
    directly instead of extending the EmptyVisitor class you'll
    have to implement the new methods.
    + Semantic compatible
  - Yes, except:
  - BCEL 6.0 handles new attributes such as code annotations
    that could only be processed by implementing a custom
    AttributeReader in the previous versions. Code relying on
    this behavior will have to be adjusted since the
    AttributeReader will no longer be called in these cases.
    + For full information about API changes please see the extended
    Clirr report: https://commons.apache.org/bcel/clirr-report.html
- Removed patches:
  * bcel-5.2-encoding.patch
    + part of our own build.xml file generated to build with ant
  * bcel-CVE-2022-42920.patch
    + integrated upstrea
binutils
- Update to current 2.43.1 branch [PED-10474]:
  * PR32109 - fuzzing problem
  * PR32083 - LTO vs overridden common symbols
  * PR32067 - crash with LTO-plugin and --oformat=binary
  * PR31956 - LTO vs wrapper symbols
  * riscv - add Zimop and Zcmop extensions
- Adjusted binutils-2.43-branch.diff.gz.

- Update to version 2.43:
  * new .base64 pseudo-op, allowing base64 encoded data as strings
  * Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF
    (APX_F now fully supported)
  * x86 Intel syntax now warns about more mnemonic suffixes
  * macros and .irp/.irpc/.rept bodies can use \+ to get at number
    of times the macro/body was executed
  * aarch64: support 'armv9.5-a' for -march, add support for LUT
    and LUT2
  * s390: base register operand in D(X,B) and D(L,B) can now be
    omitted (ala 'D(X,)'); warn when register type doesn't match
    operand type (use option
    'warn-regtype-mismatch=[strict|relaxed|no]' to adjust)
  * riscv: support various extensions: Zacas, Zcmp, Zfbfmin,
    Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw,
    XSfCease, all at version 1.0;
    remove support for assembly of privileged spec 1.9.1 (linking
    support remains)
  * arm: remove support for some old co-processors: Maverick and FPA
  * mips: '--trap' now causes either trap or breakpoint instructions
    to be emitted as per current ISA, instead of always using trap
    insn and failing when current ISA was incompatible with that
  * LoongArch: accept .option pseudo-op for fine-grained control
    of assembly code options; add support for DT_RELR
  * readelf: now displays RELR relocations in full detail;
    add -j/--display-section to show just those section(s) content
    according to their type
  * objdump/readelf now dump also .eh_frame_hdr (when present) when
    dumping .eh_frame
  * gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake
    processors; add minimal support for riscv
  * linker:
  - put .got and .got.plt into relro segment
  - add -z isa-level-report=[none|all|needed|used] to the x86 ELF
    linker to report needed and used x86-64 ISA levels
  - add --rosegment option which changes the -z separate-code
    option so that only one read-only segment is created (instead
    of two)
  - add --section-ordering-file <FILE> option to add extra
    mapping of input sections to output sections
  - add -plugin-save-temps to store plugin intermediate files
    permanently
- Removed binutils-2.42.tar.bz2, binutils-2.42-branch.diff.gz.
- Added binutils-2.43.tar.bz2, binutils-2.43-branch.diff.gz.
- Removed upstream patch riscv-no-relax.patch.
- Rebased ld-relro.diff and binutils-revert-rela.diff.

- binutils-pr22868.diff: Remove obsolete patch
- Undefine _FORTIFY_SOURCE when running checks

- Allow to disable profiling

- Use %patch -P N instead of deprecated %patchN.

- riscv-no-relax.patch: RISC-V: Don't generate branch/jump relocation if
  symbol is local when no-relax

- Add binutils-disable-code-arch-error.diff to demote an
  error about swapped .arch/.code directives to a warning.
  It happens in the wild.

- Update to version 2.42:
  * Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16,
  RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and
  flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2',
  '+rcpc2' and '+wfxt'
  * Add experimantal support for GAS to synthesize call-frame-info for
  some hand-written asm (--scfi=experimental) on x86-64.
  * Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2,
  PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16.
  * Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0,
  SiFive VCIX v1.0.
  * BPF assembler: ';' separates statements now, and does not introduce
  line comments anymore (use '#' or '//' for this).
  * x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with
  dynamic tags.
  * risc-v ld: Add '--[no-]check-uleb128'.
  * New linker script directive: REVERSE, to be combined with SORT_BY_NAME
  or SORT_BY_INIT_PRIORITY, reverses the generated order.
  * New linker options --warn-execstack-objects (warn only about execstack
  when input object files request it), and --error-execstack plus
  - -error-rxw-segments to convert the existing warnings into errors.
  * objdump: Add -Z/--decompress to be used with -s/--full-contents to
  decompress section contents before displaying.
  * readelf: Add --extra-sym-info to be used with --symbols (currently
  prints section name of references section index).
  * objcopy: Add --set-section-flags for x86_64 to include
  SHF_X86_64_LARGE.
  * s390 disassembly: add target-specific disasm option 'insndesc',
  as in "objdump -M insndesc" to display an instruction description
  as comment along with the disassembly.
- Add binutils-2.42-branch.diff.gz.
- Rebased s390-biarch.diff.
- Adjusted binutils-revert-hlasm-insns.diff,
  binutils-revert-plt32-in-branches.diff and binutils-revert-rela.diff
  for upstream changes.
- Removed binutils-2.41-branch.diff.gz, binutils-2.41.tar.bz2,
  binutils-2.41-branch.diff.gz.
- Removed binutils-use-less-memory.diff, binutils-old-makeinfo.diff
  and riscv-relro.patch (all upstreamed).
- Removed add-ulp-section.diff, we use a different mechanism
  for live patching since a long time.

- Add binutils-use-less-memory.diff to be a little nicer to 32bit
  userspace and huge links.  [bsc#1216908]

- riscv-relro.patch: RISC-V: Protect .got with relro

- Add libzstd-devel to Requires of binutils-devel. (bsc#1215341)
cloud-regionsrv-client
- Update to 10.3.7 (bsc#1232770)
  + Fix the product triplet for LTSS, it is always SLES-LTSS, not
    $BASEPRODUCT-LTSS

- Update to 10.3.6 (jsc#PCT-471, bsc#1230615)
  + Fix sudo setup
    ~ permissions cloudguestregistryauth
    ~ directory ownership /etc/sudoers.d
  + spec file
    ~ Remove traces of registry related entries on SLE 12
  + Forward port
    ~ fix-for-sles12-disable-registry.patch
    ~ fix-for-sles12-no-trans_update.patch
  + Deregister non free extensions at registercloudguest --clean
  + Fix registry cleanup at registercloudguest --clean, don't remove files
  + Prevent duplicate search entries in registry setup
- Update EC2 plugin to 1.0.5
  + Switch to using the region endpoint from IMDS to determine the region
    instead of deriving the data from the availability zone

- Update to 10.3.5
  + Update spec file to build in all code streams,
    SLE 12, SLE 15, ALP, and SLFO and have proper dependencies

- Update to 10.3.4
  + Modify the message when network access over a specific IP version does
    not work. This is an informational message and should not look like
    an error
  + Inform the user that LTSS registration takes a little longer
  + Add fix-for-sles12-no-trans_update.patch
    + SLE 12 family has no products with transactional-update we do not
    need to look for this condition
- From 10.3.3 (bsc#1229472)
  + Handle changes in process structure to properly identify the running
    zypper parent process and only check for 1 PID
- From 10.3.2
  + Remove rgnsrv-clnt-fix-docker-setup.patch included upstream
- From 10.3.1 (jsc#PCT-400)
  + Add support for LTSS registration
  + Add fix-for-sles12-disable-registry.patch
    ~ No container support in SLE 12
cobbler
- CVE-2024-47533: Prevent privilege escalation from none to admin (bsc#1231332)
- Added:
  * xmlrpc_privilege_escalation_prevention.patch

- Increase start timeout for cobblerd unit (bsc#1219450)

- Provide sync_single_system for DHCP modules to improve performance (bsc#1219450)
- Add input_string_*, input_boolean, input_int functiont to public API
- Add new setting for uyuni authentication endpoint (bsc#1219887)
containerd
- Update to containerd v1.7.21. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.21>
  Fixes CVE-2023-47108. bsc#1217070
  Fixes CVE-2023-45142. bsc#1228553
- Rebase patches:
  * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
cups
- cups-branch-2.2-commit-b643d6ba92f00752aa5e74ff86ad3974334914c1.diff
  is https://github.com/OpenPrinting/cups/commit/b643d6ba92f00752aa5e74ff86ad3974334914c1
  which was added in CUPS 2.2.8 that
  fixed a parsing bug in cups_auth_find() in cups/auth.c
  which lead to cupsd failing to authenticate users
  when group membership is required by cupsd configuration
  like 'Require user @GROUP' which lead to CUPS related commands
  requesting password from group users even if it is not needed
  (bsc#1226227)
- In cups.changes replaced one place where UTF-8 characters
  were used in the entry dated "Sat Sep 30 08:52:42 UTC 2017"
  for what should be ' - ' by ASCII to avoid RPMLINT warning
  about 'non-break-space' which "can lead to obscure errors".
curl
- Security fix: [bsc#1232528, CVE-2024-9681]
  * HSTS subdomain overwrites parent cache entry
  * Add curl-CVE-2024-9681.patch

- Make special characters in URL work with aws-sigv4 [bsc#1230516]
  * http_aws_sigv4: canonicalize the query [fc76a24c]
  * test439: verify query canonization for aws-sigv4 [65661016]
  * http_aws_sigv4: skip the op if the query pair is zero bytes [16bdc09e]
  * aws_sigv4: the query canon code miscounted URL encoded input [a1532a33]
  * http_aws_sigv4: canonicalise valueless query params [bbba69da]
  * aws-sigv4: url encode the canonical path [768909d8]
  * Add upstream patches:
  - curl-aws_sigv4-canonicalize-the-query.patch
  - curl-aws_sigv4-verify-query-canonization.patch
  - curl-aws_sigv4-skip-the-op-if-the-query-pair-is-zero-bytes.patch
  - curl-aws_sigv4-the-query-canon-code-miscounted-url-encoded-input.patch
  - curl-aws_sigv4-canonicalise-valueless-query-params.patch
  - curl-aws_sigv4-url-encode-the-canonical-path.patch

- Security fix: [bsc#1230093, CVE-2024-8096]
  * curl: OCSP stapling bypass with GnuTLS
  * Add curl-CVE-2024-8096.patch

- Security fix: [bsc#1228535, CVE-2024-7264]
  * curl: ASN.1 date parser overread
  * Add curl-CVE-2024-7264.patch
deltarpm
- update to deltarpm-3.6.5
  * support for archive files bigger than 2GByte [bnc#1230547]

- update to deltarpm-3.6.4
  * support for threaded zstd
  * use a tmp file instead of memory to hold the incore data
    [bsc#1228948]
- dropped patches:
  * deltarpm-b7987f6aa4211df3df03dcfc55a00b2ce7472e0a.patch

- deltarpm-b7987f6aa4211df3df03dcfc55a00b2ce7472e0a.patch: fixed
  some C bugs ( incorrect sized memset() , memcpy instead of strcpy,
  unsigned int)

- update to deltarpm-3.6.3
  * support for threaded zstd compression

- Actually enable zstd compression

- update to deltarpm-3.6.2
  * support for zstd compression
dracut
- Update to version 055+suse.359.geb85610b:
  * fix(convertfs): error in conditional expressions (bsc#1228847)
e2fsprogs
- resize2fs-Check-number-of-group-descriptors-only-if-.patch: resize2fs: Check
  number of group descriptors only if meta_bg is disabled (bsc#1230145)
glib2
- Add glib2-CVE-2024-52533.patch: fix a single byte buffer overflow
  (boo#1233282 CVE-2024-52533 glgo#GNOME/glib#3461).

- Add glib2-gdbusmessage-cache-arg0.patch: cache the arg0 value in
  a dbus message. Fixes a possible use after free (boo#1224044).
glibc
- tcache-thread-shutdown.patch: malloc: Initiate tcache shutdown even
  without allocations (bsc#1228661, BZ #28028)

- s390x-wcsncmp.patch: s390x: Fix segfault in wcsncmp (bsc#1228043, BZ
  [#31934])
grafana-formula
- Version 0.11.0
  * Add SLES 15 SP6 to supported versions (bsc#1228286)
grub2
- grub2.spec: Add ofnet to signed grub.elf to support powerpc net boot
  installation when secure boot is enabled (bsc#1217761) (bsc#1228866)
- Improved check for disk device when looking for PReP partition
  * 0004-Introduce-prep_load_env-command.patch
httpcomponents-asyncclient
- Reproducible builds: use SOURCE_DATE_EPOCH for timestamp

- Adapted for Enterprise Linux 9
httpcomponents-client
- Update to version 4.5.14
  * HTTPCLIENT-2206: Corrected resource de-allocation by fluent
    response objects.
  * HTTPCLIENT-2174: URIBuilder to return a new empty list instead
    of unmodifiable Collections#emptyList.
  * Don't retry requests in case of NoRouteToHostException.
  * HTTPCLIENT-2144: RequestBuilder fails to correctly copy charset
    of requests with form url-encoded body.
  * PR #269: 4.5.x use array fill and more.
    + Use Arrays.fill().
    + Remove redundant modifiers.
    + Use Collections.addAll() and Collection.addAll() APIs instead
    of loops.
    + Remove redundant returns.
    + No need to explicitly declare an array when calling a vararg
    method.
    + Remote extra semicolons (;).
    + Use a 'L' instead of 'l' to make long literals more readable.
  * PublicSuffixListParser.parseByType(Reader) allocates but does
    not use a 256 char StringBuilder.
  * Incorrect handling of malformed authority component by
    URIUtils#extractHost (bsc#1177488, CVE-2020-13956).
  * Avoid updating Content-Length header in a 304 response.
  * Bug fix: BasicExpiresHandler is annotated as immutable but is
    not (#239)
  * HTTPCLIENT-2076: Fixed NPE in LaxExpiresHandler (#222).

- Use %patch -P N instead of deprecated %patchN.
httpcomponents-core
- Upgraded to version 4.4.14
  * PR #231: 4.4.x Use better map apis and more.
    + Remove redundant modifiers.
    + Use Collections.addAll() API instead of loops.
    + Remove redundant returns.
    + No need to explicitly declare an array when calling a vararg
    method.
    + Remote extra semicolons (;).
  * Bug fix: Non-blocking TLSv1.3 connections can end up in an
    infinite event spin when closed concurrently by the local and
    the remote endpoints.
  * HTTPCORE-647: Non-blocking connection terminated due to
    'java.io.IOException: Broken pipe' can enter an infinite loop
    flushing buffered output data.
  * PR #201, HTTPCORE-634: Fix race condition in AbstractConnPool
    that can cause internal state corruption when persistent
    connections are manually removed from the pool.

- Use %patch -P N instead of deprecated %patchN.
hwdata
- update to 0.389:
  * Update pci and vendor ids

- update to 0.385:
  * Update pci and vendor ids

- update to 0.383:
  * Update pci and vendor ids

- update to 0.382:
  * Update pci, usb and vendor ids
jackson-annotations
- Update to 2.17.3
  * No changes since 2.17.2

- Build the module-info.java source too (with release=9)

- Update to 2.17.2
  * No changes since 2.17.1

- Update to 2.17.1
  * No changes since 2.17.0
- Includes changes from 2.17.0
  * #242: Allow `@JsonAnySetter` on `ElementType.PARAMETER` (for
    use on constructor parameters)
jackson-core
- Update to 2.17.3
  * #1331: Update to FastDoubleParser v1.0.1 to fix 'BigDecimal'
    decoding problem
  * #1340: Missing 'JsonFactory' "provides" SPI with JPMS in
    'jackson-core' module
  * #1352: Fix infinite loop due to integer overflow when reading
    large strings

- Build the module-info.java source too (with release=9)

- Update to 2.17.2
  * #1308: Relax validation by 'NumberInput.looksLikeValidNumber()'
    to allow trailing dot (like '3.')

- Reproducible builds: generate javadoc without timestamps

- Update to 2.17.1
  * #1241: Fix 'NumberInput.looksLikeValidNumber()' implementation
  * #1256: Revert #1117: change default recycler pool back to
    'threadLocalPool()' for 2.17.1
- Includes changes from 2.17.0
  * #507: Add 'JsonWriteFeature.ESCAPE_FORWARD_SLASHES' to allow
    escaping of '/' for String values
  * #1117: Change default 'RecylerPool' implementation to
    'newLockFreePool' (from 'threadLocalPool')
  * #1137: Improve detection of "is a NaN" to only consider
    explicit cases, not 'double' overflow/underflow
  * #1145: 'JsonPointer.appendProperty(String)' does not escape the
    property name
  * #1149: Add 'JsonParser.getNumberTypeFP()'
  * #1157: Use fast parser (FDP) for large 'BigDecimal's (500+
    chars)
  * #1169: 'ArrayIndexOutOfBoundsException' for specific invalid
    content, with Reader-based parser
  * #1173: 'JsonLocation' consistently off by one character for
    many invalid JSON parsing cases
  * #1179: Allow configuring 'DefaultPrettyPrinter' separators for
    empty Arrays and Objects
  * #1186: 'BufferRecycler' should avoid setting replacement if one
    already returned, bigger
  * #1195: Use 'BufferRecycler' provided by output ('OutputStream',
    'Writer') object if available
  * #1202: Add 'RecyclerPool.clear()' method for dropping all
    pooled Objects
  * #1203: Faster division by 1000
  * #1205:
    JsonFactory.setStreamReadConstraints(StreamReadConstraints)
    fails to update "maxNameLength" for symbol tables
  * #1217: Optimize char comparison using bitwise OR
  * #1218: Simplify Unicode surrogate pair conversion for
    generation
jackson-databind
- Update to 2.17.3
  * #4718: Should not fail on trying to serialize
    'java.time.DateTimeException'

- Remove LGPL-2.1-or-later license, since not found in the package

- Build the module-info.java source too (with release=9)

- Update to 2.17.2
  * #4561: Issues using jackson-databind 2.17.1 with Reactor
  * #4575: StdDelegatingSerializer does not consider a Converter
    that may return null for a non-null input
  * #4577: Cannot deserialize value of type 'java.math.BigDecimal'
    from String "3." (not a valid representation)
  * #4595: No way to explicitly disable wrapping in custom
    annotation processor
  * #4607: 'MismatchedInput': No Object Id found for an instance of
    X to assign to property '@id'
  * #4610: 'DeserializationFeature.FAIL_ON_UNRESOLVED_OBJECT_IDS'
    does not work when used with Polymorphic type handling

- Update to 2.17.1
  * 2.17.1 (04-May-2024)
    + #4428: 'ByteBuddy' scope went beyond 'test' in version 2.17.0
    + #4430: Use 'ReentrantLock' instead of 'synchronized' in
    'DeserializerCache' to avoid deadlock on pinning
    + #4435: Cannot deserialize value of type 'java.math.BigDecimal'
    from String ".05": not a valid representation
    + #4441: '@JsonSetter(nulls = Nulls.SKIP)' doesn't work in some
    situations
    + #4450: Empty QName deserialized as 'null'
    + #4471: Reconsider deprecation of
    'JsonNode.asText(defaultValue)'
    + #4481: Unable to override
    'DeserializationFeature.READ_UNKNOWN_ENUM_VALUES_AS_NULL' with
    'JsonFormat.Feature.READ_UNKNOWN_ENUM_VALUES_AS_NULL'
    + #4489: Unable to override 'DeserializationFeature
    .READ_UNKNOWN_ENUM_VALUES_USING_DEFAULT_VALUE' with
    'JsonFormat.Feature.READ_UNKNOWN_ENUM_VALUES_USING_DEFAULT_VALUE'
  * 2.17.0 (12-Mar-2024)
    + #437: Support throwing 'MismatchedInputException' when
    deserializing properties that are not part of the view
    + #736: 'MapperFeature.REQUIRE_SETTERS_FOR_GETTERS' has no effect
    + #2543: Introspection includes delegating ctor's only parameter
    as a property in 'BeanDescription'
    + #4160: Deprecate 'DefaultTyping.EVERYTHING' in '2.x' and
    remove in '3.0'
    + #4194: Add 'JsonNodeFeature
    .FAIL_ON_NAN_TO_BIG_DECIMAL_COERCION' option to fail on
    attempting to coerce 'NaN' into 'BigDecimal'
    + #4205: Consider types in 'sun.*' package(s) to be JDK
    (platform) types for purposes of handling
    + #4209: Make 'BeanDeserializerModifier'/'BeanSerializerModifier'
    implement 'java.io.Serializable'
    + #4214: 'EnumSet' deserialization does not work when we
    activate default typing in 'ObjectMapper'
    + #4248: 'ThrowableDeserializer' does not handle 'null' well for
    'cause'
    + #4250: Add input validation for 'NumberDeserializers'
    deserializers for "stringified" FP numbers
    + #4262: Improve handling of 'null' insertion failure for
    'TreeSet'
    + #4263: Change 'ObjectArrayDeserializer' to use "generic" type
    parameter ('java.lang.Object') to remove co-variant return
    type
    + #4299: Some 'Collection' and 'Map' fallbacks don't work in
    GraalVM native image
    + #4309: '@JsonSetter(nulls=...)' handling of 'Collection'
    'null' values during deserialization with
    'READ_UNKNOWN_ENUM_VALUES_AS_NULL' and
    'FAIL_ON_INVALID_SUBTYPE' wrong
    + #4327: '@JsonAlias' not respected by polymorphic deduction
    + #4337: 'AtomicReference' serializer does not support
    '@JsonSerialize(contentConverter=...)'
    + #4364: '@JsonProperty' and equivalents should merge with
    'AnnotationIntrospectorPair'
    + #4394: Better Base64 support for 'java.util.UUIDs' without
    padding
    + #4403: Deserialization of unknown value for enums does not
    yield default enum value
    + #4416: Deprecate 'JsonNode.asText(String)'
  * 2.16.2 (09-Mar-2024)
    + #4302: Problem deserializing some type of Enums when using
    'PropertyNamingStrategy'
    + #4303: 'ObjectReader' is not serializable if it's configured
    for polymorphism
    + #4316: NPE when deserializing 'JsonAnySetter' in 'Throwable'
    + #4355: Jackson 2.16 fails attempting to obtain 'ObjectWriter'
    for an 'Enum' of which some value returns null from
    'toString()'
    + #4409: Deserialization of enums with name defined with
    different cases leads to 'InvalidDefinitionException':
    Multiple fields representing property
java-11-openjdk
- Upgrade to upstream tag jdk-11.0.25+9 (October 2024 CPU)
  * Security fixes
    + JDK-8290367, JDK-8332643: Update default value and extend the
    scope of com.sun.jndi.ldap.object.trustSerialData system
    property
    + JDK-8307383: Enhance DTLS connections
    + JDK-8328286, CVE-2024-21208, bsc#1231702: Enhance HTTP client
    + JDK-8328544, CVE-2024-21210, bsc#1231711: Improve handling of
    vectorization
    + JDK-8328726: Better Kerberos support
    + JDK-8331446, CVE-2024-21217, bsc#1231716: Improve
    deserialization support
    + JDK-8332644, CVE-2024-21235, bsc#1231719: Improve graph
    optimizations
    + JDK-8335713: Enhance vectorization analysis
  * Other changes
    + JDK-7124313: [macosx] Swing Popups should overlap taskbar
    + JDK-7156347: javax/swing/JList/6462008/bug6462008.java fails
    + JDK-8078725: method adjustments can be done just once for all
    classes involved into redefinition
    + JDK-8205076: [17u] Inet6AddressImpl.c: 'lookupIfLocalHost'
    accesses 'int InetAddress.preferIPv6Address' as a boolean
    + JDK-8206440: Remove javac -source/-target 6 from jdk
    regression tests
    + JDK-8210338: Better output for GenerationTests.java
    + JDK-8211920: Close server socket and cleanups in
    test/jdk/javax/naming/module/RunBasic.java
    + JDK-8222005: ClassRedefinition crashes with: guarantee(false)
    failed: OLD and/or OBSOLETE method(s) found
    + JDK-8222884: ConcurrentClassDescLookup.java times out
    intermittently
    + JDK-8224081: SOCKS v4 tests require IPv4
    + JDK-8227122: [TESTBUG] Create Docker sidecar test cases
    + JDK-8229822: ThrowingPushPromises tests sometimes fail due to
    EOF
    + JDK-8231427: Warning cleanup in tests of java.io.Serializable
    + JDK-8236917: TestInstanceKlassSize.java fails with "The size
    computed by SA for java.lang.Object does not match"
    + JDK-8238169: BasicDirectoryModel getDirectories and
    DoChangeContents.run can deadlock
    + JDK-8240226: DeflateIn_InflateOut.java test incorrectly
    assumes size of compressed file
    + JDK-8242999: HTTP/2 client may not handle CONTINUATION frames
    correctly
    + JDK-8244966: Add .vscode to .hgignore and .gitignore
    + JDK-8249097: test/lib/jdk/test/lib/util/JarBuilder.java has a
    bad copyright
    + JDK-8249772: (ch) Improve
    sun/nio/ch/TestMaxCachedBufferSize.java
    + JDK-8249826: 5 javax/net/ssl/SSLEngine tests use @ignore w/o
    bug-id
    + JDK-8251188: Update LDAP tests not to use wildcard addresses
    + JDK-8253207: enable problemlists jcheck's check
    + JDK-8255898: Test java/awt/FileDialog/FilenameFilterTest/
    /FilenameFilterTest.java fails on Mac OS
    + JDK-8255913: Decrease number of iterations in
    TestMaxCachedBufferSize
    + JDK-8255969: Improve java/io/BufferedInputStream/
    /LargeCopyWithMark.java using jtreg tags
    + JDK-8259274: Increase timeout duration in
    sun/nio/ch/TestMaxCachedBufferSize.java
    + JDK-8260633: [macos] java/awt/dnd/MouseEventAfterStartDragTest/
    /MouseEventAfterStartDragTest.html test failed
    + JDK-8261433: Better pkcs11 performance for
    libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit
    + JDK-8263031: HttpClient throws Exception if it receives a
    Push Promise that is too large
    + JDK-8266149: mark hotspot compiler/startup tests which ignore
    VM flags
    + JDK-8266150: mark hotspot compiler/arguments tests which
    ignore VM flags
    + JDK-8266153: mark hotspot compiler/onSpinWait tests which
    ignore VM flags
    + JDK-8266154: mark hotspot compiler/oracle tests which ignore
    VM flags
    + JDK-8268906: gc/g1/mixedgc/TestOldGenCollectionUsage.java
    assumes that GCs take 1ms minimum
    + JDK-8269428: java/util/concurrent/ConcurrentHashMap/
    /ToArray.java timed out
    + JDK-8269616: serviceability/dcmd/framework/VMVersionTest.java
    fails with Address already in use error
    + JDK-8273135: java/awt/color/ICC_ColorSpace/
    /MTTransformReplacedProfile.java crashes in liblcms.dylib with
    NULLSeek+0x7
    + JDK-8275851: Deproblemlist open/test/jdk/javax/swing/
    /JComponent/6683775/bug6683775.java
    + JDK-8276036: The value of full_count in the message of
    insufficient codecache is wrong
    + JDK-8276306: jdk/jshell/CustomInputToolBuilder.java fails
    intermittently on storage acquisition
    + JDK-8276819: javax/print/PrintServiceLookup/
    /FlushCustomClassLoader.java fails to free
    + JDK-8279164: Disable TLS_ECDH_* cipher suites
    + JDK-8279337: The MToolkit is still referenced in a few places
    + JDK-8280392: java/awt/Focus/NonFocusableWindowTest/
    /NonfocusableOwnerTest.java failed with "RuntimeException:
    Test failed."
    + JDK-8284585: PushPromiseContinuation test fails
    intermittently in timeout
    + JDK-8286601: Mac Aarch: Excessive warnings to be ignored for
    build jdk
    + JDK-8286781: Replace the deprecated/obsolete gethostbyname
    and inet_addr calls
    + JDK-8292044: HttpClient doesn't handle 102 or 103 properly
    + JDK-8294148: Support JSplitPane for instructions and test UI
    + JDK-8294310: compare.sh fails on macos after JDK-8293550
    + JDK-8296410: HttpClient throws java.io.IOException: no
    statuscode in response for HTTP2
    + JDK-8298873: Update IllegalRecordVersion.java for changes to
    TLS implementation
    + JDK-8299058: AssertionError in sun.net.httpserver.ServerImpl
    when connection is idle
    + JDK-8299487: Test
    java/net/httpclient/whitebox/SSLTubeTestDriver.java timed out
    + JDK-8301189: validate-source fails after JDK-8298873
    + JDK-8303216: Prefer ArrayList to LinkedList in
    sun.net.httpserver.ServerImpl
    + JDK-8303965: java.net.http.HttpClient should reset the stream
    if response headers contain malformed header fields
    + JDK-8305072: Win32ShellFolder2.compareTo is inconsistent
    + JDK-8305079: Remove finalize() from compiler/c2/Test719030
    + JDK-8305081: Remove finalize() from
    test/hotspot/jtreg/compiler/runtime/Test8168712
    + JDK-8305825: getBounds API returns wrong value resulting in
    multiple Regression Test Failures on Ubuntu 23.04
    + JDK-8305906: HttpClient may use incorrect key when finding
    pooled HTTP/2 connection for IPv6 address
    + JDK-8306060: Open source few AWT Insets related tests
    + JDK-8306432: Open source several AWT Text Component related
    tests
    + JDK-8306466: Open source more AWT Drag & Drop related tests
    + JDK-8306489: Open source AWT List related tests
    + JDK-8306566: Open source several clipboard AWT tests
    + JDK-8306850: Open source AWT Modal related tests
    + JDK-8307091: A few client tests intermittently throw
    ConcurrentModificationException
    + JDK-8307779: Relax the java.awt.Robot specification
    + JDK-8308184: Launching java with large number of jars in
    classpath with java.protocol.handler.pkgs system property set
    can lead to StackOverflowError
    + JDK-8309934: Update GitHub Actions to use JDK 17 for building
    jtreg
    + JDK-8310201: Reduce verbose locale output in -XshowSettings
    launcher option
    + JDK-8311666: Disabled tests in test/jdk/sun/java2d/marlin
    + JDK-8312140: jdk/jshell tests failed with JDI socket timeouts
    + JDK-8314614: jdk/jshell/ImportTest.java failed with
    "InternalError: Failed remote listen"
    + JDK-8315422: getSoTimeout() would be in try block in
    SSLSocketImpl
    + JDK-8315437: Enable parallelism in
    vmTestbase/nsk/monitoring/stress/classload tests
    + JDK-8315442: Enable parallelism in
    vmTestbase/nsk/monitoring/stress/thread tests
    + JDK-8315804: Open source several Swing JTabbedPane JTextArea
    JTextField tests
    + JDK-8315898: Open source swing JMenu tests
    + JDK-8315965: Open source various AWT applet tests
    + JDK-8316104: Open source several Swing SplitPane and
    RadioButton related tests
    + JDK-8316211: Open source several manual applet tests
    + JDK-8316240: Open source several add/remove MenuBar manual
    tests
    + JDK-8316285: Opensource JButton manual tests
    + JDK-8316306: Open source and convert manual Swing test
    + JDK-8316328: Test jdk/jfr/event/oldobject/
    /TestSanityDefault.java times out for some heap sizes
    + JDK-8316462: sun/jvmstat/monitor/MonitoredVm/
    /MonitorVmStartTerminate.java ignores VM flags
    + JDK-8316973: GC: Make TestDisableDefaultGC use createTestJvm
    + JDK-8317039: Enable specifying the JDK used to run jtreg
    + JDK-8317228: GC: Make TestXXXHeapSizeFlags use createTestJvm
    + JDK-8317288: [macos] java/awt/Window/Grab/GrabTest.java:
    Press on the outside area didn't cause ungrab
    + JDK-8317316: G1: Make TestG1PercentageOptions use
    createTestJvm
    + JDK-8317343: GC: Make TestHeapFreeRatio use createTestJvm
    + JDK-8317358: G1: Make TestMaxNewSize use createTestJvm
    + JDK-8317807: JAVA_FLAGS removed from jtreg running in
    JDK-8317039
    + JDK-8318039: GHA: Bump macOS and Xcode versions
    + JDK-8320079: The ArabicBox.java test has no control buttons
    + JDK-8320570: NegativeArraySizeException decoding >1G UTF8
    bytes with non-ascii characters
    + JDK-8320602: Lock contention in SchemaDVFactory.getInstance()
    + JDK-8320945: problemlist tests failing on latest Windows 11
    update
    + JDK-8322330: JavadocHelperTest.java OOMEs with Parallel GC
    and ZGC
    + JDK-8323670: A few client tests intermittently throw
    ConcurrentModificationException
    + JDK-8324755: Enable parallelism in
    vmTestbase/gc/gctests/LargeObjects tests
    + JDK-8325022: Incorrect error message on client authentication
    + JDK-8325179: Race in BasicDirectoryModel.validateFileCache
    + JDK-8325862: set -XX:+ErrorFileToStderr when executing java
    in containers for some container related jtreg tests
    + JDK-8325876: crashes in docker container tests on
    Linuxppc64le Power8 machines
    + JDK-8326140: src/jdk.accessibility/windows/native/
    /libjavaaccessbridge/AccessBridgeJavaEntryPoints.cpp
    ReleaseStringChars might be missing in early returns
    + JDK-8327007: javax/swing/JSpinner/8008657/bug8008657.java
    fails
    + JDK-8327137: Add test for ConcurrentModificationException in
    BasicDirectoryModel
    + JDK-8327631: Update IANA Language Subtag Registry to Version
    2024-03-07
    + JDK-8327787: Convert javax/swing/border/Test4129681.java
    applet test to main
    + JDK-8327840: Automate javax/swing/border/Test4129681.java
    + JDK-8328011: Convert java/awt/Frame/GetBoundsResizeTest/
    /GetBoundsResizeTest.java applet test to main
    + JDK-8328110: Allow simultaneous use of PassFailJFrame with
    split UI and additional windows
    + JDK-8328115: Convert java/awt/font/TextLayout/
    /TestJustification.html applet test to main
    + JDK-8328158: Convert java/awt/Choice/NonFocusablePopupMenuTest
    to automatic main test
    + JDK-8328218: Delete test
    java/awt/Window/FindOwner/FindOwner.html
    + JDK-8328234: Remove unused nativeUtils files
    + JDK-8328238: Convert few closed manual applet tests to main
    + JDK-8328269: NonFocusablePopupMenuTest.java should be marked
    as headful
    + JDK-8328273: sun/management/jmxremote/bootstrap/
    /RmiRegistrySslTest.java failed with
    java.rmi.server.ExportException: Port already in use
    + JDK-8328560: java/awt/event/MouseEvent/ClickDuringKeypress/
    /ClickDuringKeypress.java imports Applet
    + JDK-8328561: test java/awt/Robot/ManualInstructions/
    /ManualInstructions.java isn't used
    + JDK-8328953: JEditorPane.read throws ChangedCharSetException
    + JDK-8328999: Update GIFlib to 5.2.2
    + JDK-8329004: Update Libpng to 1.6.43
    + JDK-8329013: StackOverflowError when starting Apache Tomcat
    with signed jar
    + JDK-8329103: assert(!thread->in_asgct()) failed during
    multi-mode profiling
    + JDK-8329510: Update ProblemList for
    JFileChooser/8194044/FileSystemRootTest.java
    + JDK-8329559: Test javax/swing/JFrame/bug4419914.java failed
    because The End and Start buttons are not placed correctly and
    Tab focus does not move as expected
    + JDK-8329995: Restricted access to '/proc' can cause JFR
    initialization to crash
    + JDK-8330063: Upgrade jQuery to 3.7.1
    + JDK-8330416: Update system property for Java SE specification
    maintenance version
    + JDK-8330523: Reduce runtime and improve efficiency of
    KeepAliveTest
    + JDK-8331063: Some HttpClient tests don't report leaks
    + JDK-8331263: Bump update version for OpenJDK: jdk-11.0.25
    + JDK-8331466: Problemlist serviceability/dcmd/gc/
    /RunFinalizationTest.java on generic-all
    + JDK-8331746: Create a test to verify that the cmm id is not
    ignored
    + JDK-8331798: Remove unused arg of checkErgonomics() in
    TestMaxHeapSizeTools.java
    + JDK-8332008: Enable issuestitle check
    + JDK-8332113: Update nsk.share.Log to be always verbose
    + JDK-8332424: Update IANA Language Subtag Registry to Version
    2024-05-16
    + JDK-8332524: Instead of printing "TLSv1.3," it is showing
    "TLS13"
    + JDK-8332898: failure_handler: log directory of commands
    + JDK-8332936: Test vmTestbase/metaspace/gc/watermark_70_80/
    /TestDescription.java fails with no GC's recorded
    + JDK-8333724: Problem list security/infra/java/security/cert/
    /CertPathValidator/certification/CAInterop.java
    [#]teliasonerarootcav1
    + JDK-8333804: java/net/httpclient/ForbiddenHeadTest.java threw
    an exception with 0 failures
    + JDK-8333837: [11u] HexPrinterTest.java javac compile fails
    illegal start of expression
    + JDK-8333839: [11u] LingeredAppTest.java fails Can't find
    source file: LingeredApp.java
    + JDK-8334166: Enable binary check
    + JDK-8334335: [TESTBUG] Backport of 8279164 to 11u & 17u
    includes elements of JDK-8163327
    + JDK-8334418: Update IANA Language Subtag Registry to Version
    2024-06-14
    + JDK-8334653: ISO 4217 Amendment 177 Update
    + JDK-8334711: [TEST_BUG] Compilation failed of
    MimeFormatsTest/MimeFormatsTest.java
    + JDK-8335803: SunJCE cipher throws NPE for un-extractable RSA
    keys
    + JDK-8336301: test/jdk/java/nio/channels/
    /AsyncCloseAndInterrupt.java leaves around a FIFO file upon
    test completion
    + JDK-8336928: GHA: Bundle artifacts removal broken
    + JDK-8337664: Distrust TLS server certificates issued after
    Oct 2024 and anchored by Entrust Root CAs
    + JDK-8338139: {ClassLoading,Memory}MXBean::isVerbose methods
    are inconsistent with their setVerbose methods
    + JDK-8341057: Add 2 SSL.com TLS roots
    + JDK-8341059: Change Entrust TLS distrust date to November 12,
    2024
    + JDK-8341675: [11u] Remove designator
    DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.25
- Added patches:
  * reproducible-directory-mtime.patch
    + if present, use SOURCE_DATE_EPOCH as timestamp for newly
    created directories
  * reproducible-search-index-files.patch
    + if present, use SOURCE_DATE_EPOCH as timestamp for the search
    index zip files created by javadoc
javapackages-tools
- Upgrade to upstream version 6.3.4
  * Changes:
    + A corner case when which is not present
    + Remove dependency on which
    + Simplify after the which -> type -p change
    + jpackage_script: Remove pointless assignment when %java_home
    is unset
    + Don't require %java_home for %java etc.
    + Don't export JAVA_HOME
- Removed patches:
  * do-not-require-which.patch
  * fix-broken-commands.patch
  * remove-pointless-assignment.patch
    + integrated upstream
- Modified patch:
  * python-optional.patch
    + account for changed context
- Added patch:
  * 0001-Revert-jpackage_script-Remove-unneeded-backslashes.patch
    + This change breaks build with rpm 4.14.1

- remove-pointless-assignment.patch: Remove pointless assignment if
  %java_home is unset

- Added patch:
  * fix-broken-commands.patch
    + fix commands broken after recent removal of the default
    %%{java_home} macro

- Added patch:
  * do-not-require-which.patch
    + do not fail launching scripts if which is not installed
    (bsc#1231347)

- Upgrade to upstream version 6.3.2
  * Changes
    + spec: Update Obsoletes versions
    + Search for JAVACMD under JAVA_HOME only if it's set
    + Obsolete set_jvm and set_jvm_dirs functions
    + Drop unneeded _set_java_home function
    + Remove JAVA_HOME check from check_java_env function
    + Bump codecov/codecov-action from 2.0.2 to 4.6.0
    + Bump actions/setup-python from 4 to 5
    + Bump actions/checkout from 2 to 4
    + Add custom dependabot config
    + Remove the test for JAVA_HOME and error if it is not set
    + java-functions: Remove unneeded local variables
    + Fix build status shield
- Removed patch:
  * 0001-Double-quote-to-avoid-substitution-during-build.patch
    + Fixed differently in this version

- Upgrade to upstream version 6.3.1
  * Changes:
    + Allow missing components with abs2rel
    + Fix tests with python 3.4
    + Sync spec file from Fedora
    + Drop default JRE/JDK
    + Fix the use of java-functions in scripts
    + Update RPM spec file
    + Reproducible builds: constant timestamp for pom.properties
    + Test that we don't bomb on <relativePath/>
    + Test variable expansion in artifactId
    + Interpolate properties also in the current artifact
    + Rewrite abs2rel in shell
    + Use asciidoctor instead of asciidoc
    + Fix incompatibility with RPM 4.20
    + Don't define %topdir macro
    + coverage: use usercustomize
    + Reproducible builds: keep order of aliases and dependencies
    + Reproducible exclusions order in maven metadata
    + Do not bomb on <relativePath/> construct
    + Make maven_depmap order of aliases reproducible
- Removed patches:
  * 0001-Make-maven_depmap-order-of-aliases-reproducible.patch
  * 0002-Do-not-bomb-on-relativePath-construct.patch
  * 0003-Reproducible-exclusions-order-in-maven-metadata.patch
  * 0004-Reproducible-builds-keep-order-of-aliases-and-depend.patch
  * 0005-Interpolate-properties-also-in-the-current-artifact.patch
  * 0006-Test-variable-expansion-in-artifactId.patch
  * 0007-Test-that-we-don-t-bomb-on-relativePath.patch
  * 0008-Reproducible-builds-constant-timestamp-for-pom.prope.patch
    + Integrated in this version
- Added patch:
  * 0001-Double-quote-to-avoid-substitution-during-build.patch
    + Double-quote a macro in macros.jpackages to avoid value
    substitution during the build

- Added patch:
  * 0008-Reproducible-builds-constant-timestamp-for-pom.prope.patch
    + use reproducible timestamp when post-processing jar files and
    adding there the pom.properties file.
kernel-default
- net/ncsi: Disable the ncsi work before freeing the associated
  structure (CVE-2024-49945 bsc#1232165).
- commit 0369bdb

- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117 CVE-2024-50208)
- commit da4098a

- block: initialize integrity buffer to zero before writing it
  to media (CVE-2024-43854 bsc#1229345).
- commit 2fc5adb

- x86/mm/ident_map: Use gbpages only where full GB page should
  be mapped (bsc#1220382).
- x86/kexec: Add EFI config table identity mapping for kexec
  kernel (bsc#1220382).
- commit c11660d

- initramfs: avoid filename buffer overrun (bsc#1232436).
- commit 6855778

- fbdev: efifb: Register sysfs groups through driver core
  (bsc#1232224 CVE-2024-49925).
- commit ed25954

- net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979 CVE-2022-48960)
- commit e22014e

- ipv6: avoid use-after-free in ip6_fragment() (CVE-2022-48956
  bsc#1231893).
- commit c192a62

- drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer
  (CVE-2024-49991 bsc#1232282).
- commit 6ba5342

- vhost_vdpa: assign irq bypass producer token correctly
  (bsc#1232174 CVE-2024-47748).
- commit 51b6257

- ext4: fix timer use-after-free on failed mount (CVE-2024-49960
  bsc#1232395).
- tipc: guard against string buffer overrun (CVE-2024-49995
  bsc#1232432).
- commit 7dec126

- net/xen-netback: prevent UAF in xenvif_flush_hash()
  (CVE-2024-49936 bsc#1232424).
- commit 05a71d8

- Update
  patches.suse/IB-core-Implement-a-limit-on-UMAD-receive-List.patch
  (bsc#1228743 CVE-2024-42145 bsc#1223384).
- Update
  patches.suse/aoe-fix-the-potential-use-after-free-problem-in-more.patch
  (bsc#1218562 CVE-2023-6270 CVE-2024-49982 bsc#1232097).
- Update
  patches.suse/fuse-Initialize-beyond-EOF-page-contents-before-setti.patch
  (bsc#1229454 CVE-2024-44947 bsc#1229456).
- Update patches.suse/media-edia-dvbdev-fix-a-use-after-free.patch
  (CVE-2024-27043 bsc#1223824 bsc#1218562).
- commit 1967352

- Update
  patches.suse/i3c-mipi-i3c-hci-Fix-out-of-bounds-access-in-hci_dma.patch
  (git-fixes CVE-2023-52766 bsc#1230620).
- Update
  patches.suse/nfc-nci-fix-possible-NULL-pointer-dereference-in-sen.patch
  (git-fixes CVE-2023-52919 bsc#1231988).
- Update
  patches.suse/tcp-do-not-accept-ACK-of-bytes-we-never-sent.patch
  (CVE-2023-52881 bsc#1225611 bsc#1223384).
- Update patches.suse/wifi-ath11k-fix-htt-pktlog-locking.patch
  (git-fixes CVE-2023-52800 bsc#1230600).
- commit 4af6b80

- Update
  patches.suse/0001-af_unix-Get-user_ns-from-in_skb-in-unix_diag_get_exa.patch
  (bsc#1209290 CVE-2023-28327 CVE-2022-48970 bsc#1231887).
- Update
  patches.suse/ALSA-seq-Fix-function-prototype-mismatch-in-snd_seq_.patch
  (git-fixes CVE-2022-48994 bsc#1232119).
- Update
  patches.suse/ASoC-ops-Check-bounds-for-second-channel-in-snd_soc_.patch
  (git-fixes CVE-2022-48951 bsc#1231929).
- Update
  patches.suse/ASoC-ops-Fix-bounds-check-for-_sx-controls.patch
  (git-fixes CVE-2022-49005 bsc#1232150).
- Update
  patches.suse/ASoC-soc-pcm-Add-NULL-check-in-BE-reparenting.patch
  (git-fixes CVE-2022-48992 bsc#1232071).
- Update
  patches.suse/Bluetooth-Fix-not-cleanup-led-when-bt_init-fails.patch
  (git-fixes CVE-2022-48971 bsc#1232037).
- Update patches.suse/Bluetooth-L2CAP-Fix-u8-overflow.patch
  (CVE-2022-45934 bsc#1205796 CVE-2022-48947 bsc#1231895).
- Update
  patches.suse/HID-core-fix-shift-out-of-bounds-in-hid_report_raw_e.patch
  (git-fixes CVE-2022-48978 bsc#1232038).
- Update
  patches.suse/Input-raydium_ts_i2c-fix-memory-leak-in-raydium_i2c_.patch
  (git-fixes CVE-2022-48995 bsc#1232120).
- Update
  patches.suse/NFC-nci-Bounds-check-struct-nfc_target-arrays.patch
  (git-fixes CVE-2022-48967 bsc#1232304).
- Update
  patches.suse/afs-Fix-server-active-leak-in-afs_put_server.patch
  (git-fixes CVE-2022-49012 bsc#1232005).
- Update
  patches.suse/btrfs-fix-hang-during-unmount-when-stopping-a-space-.patch
  (bsc#1232262 CVE-2024-49867 CVE-2022-48664 bsc#1223524).
- Update
  patches.suse/can-af_can-fix-NULL-pointer-dereference-in-can_rcv_f.patch
  (bsc#1210627 CVE-2023-2166 CVE-2022-48977 bsc#1231883).
- Update
  patches.suse/can-m_can-pci-add-missing-m_can_class_free_dev-in-pr.patch
  (git-fixes CVE-2022-49024 bsc#1232001).
- Update
  patches.suse/char-tpm-Protect-tpm_pm_suspend-with-locks.patch
  (git-fixes CVE-2022-48997 bsc#1232035).
- Update
  patches.suse/drm-shmem-helper-Remove-errant-put-in-error-path.patch
  (git-fixes CVE-2022-48981 bsc#1232229).
- Update
  patches.suse/e100-Fix-possible-use-after-free-in-e100_xmit_prepar.patch
  (git-fixes CVE-2022-49026 bsc#1231997).
- Update
  patches.suse/gpio-amd8111-Fix-PCI-device-reference-count-leak.patch
  (git-fixes CVE-2022-48973 bsc#1232039).
- Update
  patches.suse/gpiolib-fix-memory-leak-in-gpiochip_setup_dev.patch
  (git-fixes CVE-2022-48975 bsc#1231885).
- Update
  patches.suse/hwmon-coretemp-Check-for-null-before-removing-sysfs-.patch
  (git-fixes CVE-2022-49010 bsc#1232172).
- Update
  patches.suse/hwmon-coretemp-fix-pci-device-refcount-leak-in-nv1a_.patch
  (git-fixes CVE-2022-49011 bsc#1232006).
- Update
  patches.suse/hwmon-ibmpex-Fix-possible-UAF-when-ibmpex_register_b.patch
  (git-fixes CVE-2022-49029 bsc#1231995).
- Update
  patches.suse/iavf-Fix-error-handling-in-iavf_init_module.patch
  (jsc#SLE-18385 CVE-2022-49027 bsc#1232007).
- Update
  patches.suse/igb-Initialize-mailbox-message-for-VF-reset.patch
  (jsc#SLE-18379 CVE-2022-48949 bsc#1231897).
- Update
  patches.suse/iio-health-afe4403-Fix-oob-read-in-afe4403_read_raw.patch
  (git-fixes CVE-2022-49031 bsc#1231992).
- Update
  patches.suse/iio-health-afe4404-Fix-oob-read-in-afe4404_-read-wri.patch
  (git-fixes CVE-2022-49032 bsc#1231991).
- Update
  patches.suse/iommu-vt-d-Fix-PCI-device-refcount-leak-in-dmar_dev_scope_init
  (git-fixes CVE-2022-49002 bsc#1232133).
- Update
  patches.suse/iommu-vt-d-Fix-PCI-device-refcount-leak-in-has_external_pci
  (git-fixes CVE-2022-49000 bsc#1232123).
- Update
  patches.suse/ipv4-Handle-attempt-to-delete-multipath-route-when-f.patch
  (bsc#1204171 CVE-2022-3435 CVE-2022-48999 bsc#1231936).
- Update
  patches.suse/ixgbevf-Fix-resource-leak-in-ixgbevf_init_module.patch
  (git-fixes CVE-2022-49028 bsc#1231996).
- Update
  patches.suse/mac802154-fix-missing-INIT_LIST_HEAD-in-ieee802154_i.patch
  (git-fixes CVE-2022-48972 bsc#1232025).
- Update
  patches.suse/media-v4l2-dv-timings.c-fix-too-strict-blanking-sani.patch
  (git-fixes CVE-2022-48987 bsc#1232067).
- Update
  patches.suse/msft-hv-2684-net-mana-Fix-race-on-per-CQ-variable-napi-work_done.patch
  (git-fixes bsc#1206188 CVE-2022-48985 bsc#1231958).
- Update
  patches.suse/net-ethernet-nixge-fix-NULL-dereference.patch
  (git-fixes CVE-2022-49019 bsc#1231940).
- Update
  patches.suse/net-mdio-fix-unbalanced-fwnode-reference-count-in-md.patch
  (git-fixes CVE-2022-48961 bsc#1232108).
- Update
  patches.suse/net-mdiobus-fix-unbalanced-node-reference-count.patch
  (git-fixes CVE-2022-49016 bsc#1231937).
- Update
  patches.suse/net-mlx5e-Fix-use-after-free-when-reverting-terminat.patch
  (jsc#SLE-19253 CVE-2022-49025 bsc#1231960).
- Update
  patches.suse/net-phy-fix-null-ptr-deref-while-probe-failed.patch
  (git-fixes CVE-2022-49021 bsc#1231939).
- Update
  patches.suse/net-thunderbolt-fix-memory-leak-in-tbnet_open.patch
  (git-fixes CVE-2022-48955 bsc#1231892).
- Update
  patches.suse/net-tun-Fix-use-after-free-in-tun_detach.patch
  (git-fixes CVE-2022-49014 bsc#1231890).
- Update
  patches.suse/nilfs2-fix-NULL-pointer-dereference-in-nilfs_palloc_.patch
  (git-fixes CVE-2022-49007 bsc#1232170).
- Update
  patches.suse/nvme-fix-SRCU-protection-of-nvme_ns_head-list.patch
  (git-fixes CVE-2022-49003 bsc#1232136).
- Update
  patches.suse/octeontx2-pf-Fix-potential-memory-leak-in-otx2_init_.patch
  (jsc#SLE-24682 CVE-2022-48968 bsc#1232237).
- Update
  patches.suse/rtc-cmos-Fix-event-handler-registration-ordering-iss.patch
  (git-fixes CVE-2022-48953 bsc#1231941).
- Update patches.suse/s390-qeth-fix-use-after-free-in-hsci.patch
  (bsc#1210449 git-fixes CVE-2022-48954 bsc#1231972).
- Update
  patches.suse/tracing-Free-buffers-when-a-used-dynamic-event-is-removed.patch
  (git-fixes CVE-2022-49006 bsc#1232163).
- Update
  patches.suse/udf-Fix-preallocation-discarding-at-indirect-extent-.patch
  (bsc#1213034 CVE-2022-48946 bsc#1231888).
- Update
  patches.suse/usb-gadget-uvc-Prevent-buffer-overflow-in-setup-hand.patch
  (git-fixes CVE-2022-48948 bsc#1231896).
- Update
  patches.suse/wifi-cfg80211-fix-buffer-overflow-in-elem-comparison.patch
  (git-fixes CVE-2022-49023 bsc#1231961).
- Update
  patches.suse/wifi-mac8021-fix-possible-oob-access-in-ieee80211_ge.patch
  (git-fixes CVE-2022-49022 bsc#1231962).
- Update
  patches.suse/xen-netfront-Fix-NULL-sring-after-live-migration.patch
  (git-fixes CVE-2022-48969 bsc#1232026).
- commit 2377658

- Update
  patches.suse/drm-vc4-kms-Add-missing-drm_crtc_commit_put.patch
  (git-fixes CVE-2021-47534 bsc#1230903).
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
  stable-5.14.12 CVE-2021-47416 bsc#1225336 bsc#1225189).
- commit d4160e3

- NFSD: Force all NFSv4.2 COPY requests to be synchronous
  (CVE-2024-49974 bsc#1232383).
- commit e488dd4

- ACPI: sysfs: validate return type of _STR method (bsc#1231861
  CVE-2024-49860).
- commit 1bb3615

- Delete patches.suse/scsi-Update-max_hw_sectors-on-rescan.patch (bsc#1216223)
- commit c6f8315

- Refresh
  patches.suse/scsi-ibmvfc-Add-max_sectors-module-parameter.patch.
- commit 707c768

- drm/amd/display: Fix index out of bounds in DCN30 color
  transformation (CVE-2024-49969 bsc#1232519).
- commit a2392a3

- smb: client: fix UAF in async decryption (bsc#1232418
  CVE-2024-50047).
- commit dcba7ec

- net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
  (CVE-2022-48962 bsc#1232286).
- commit 0f23f49

- btrfs: wait for fixup workers before stopping cleaner kthread
  during umount (bsc#1232262 CVE-2024-49867).
- btrfs: fix hang during unmount when stopping a space reclaim
  worker (bsc#1232262 CVE-2024-49867).
- commit b603fa4

- mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma
  (CVE-2022-48991 bsc#1232070 prerequisity git-fix).
- mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
  (CVE-2022-48991 bsc#1232070).
- commit 3ab8533

- mm/khugepaged: fix GUP-fast interaction by sending IPI
  (CVE-2022-48991 bsc#1232070 prerequisity).
- commit 327d525

- mm/khugepaged: take the right locks for page table retraction
  (CVE-2022-48991 bsc#1232070 prerequisity).
- commit e43adf4

- mm: gup: fix the fast GUP race against THP collapse
  (CVE-2022-48991 bsc#1232070 prerequisity).
- commit 262192e

- s390/dasd: fix error recovery leading to data corruption on
  ESE devices (git-fixes bsc#1229452 CVE-2024-45026 bsc#1230454
  bsc#1232281).
- commit fc1d054

- net: seeq: Fix use after free vulnerability in ether3 Driver
  Due to Race Condition (CVE-2024-47747 bsc#1232145).
- commit a1020b1

- drm/amd/display: Check msg_id before processing transcation (CVE-2024-46814 bsc#1231193).
- commit 81681a2

- RDMA/mana_ib: use the correct page size for mapping user-mode
  doorbell page (bsc#1232036).
- net: mana: Fix the extra HZ in mana_hwc_send_request
  (bsc#1232033).
- commit 8c14fb0

- block, bfq: fix possible UAF for bfqq->bic with merge chain (CVE-2024-47706 bsc#1231942)
- commit c5d0bc0

- tcp: check skb is non-NULL in tcp_rto_delta_us() (CVE-2024-47684 bsc#1231987)
- commit 569d856

- net: hsr: Fix potential use-after-free (CVE-2022-49015 bsc#1231938)
- commit 5883d13

- wifi: ath11k: fix array out-of-bound access in SoC stats
  (CVE-2024-49930 bsc#1232260).
- commit e11de4c

- Update
  patches.suse/memcg-Fix-possible-use-after-free-in-memcg_write_event_control.patch
  (bsc#1206344, CVE-2022-48988, bsc#1232069).
- commit e7eaea8

- net: dsa: sja1105: fix memory leak in
  sja1105_setup_devlink_regions() (CVE-2022-48959 bsc#1231976).
- commit ec81f5f

- mm: avoid leaving partial pfn mappings around in error case
  (CVE-2024-47674 bsc#1231673).
- commit 9910e8f

- netem: fix return value if duplicate enqueue fails
  (CVE-2024-45016 bsc#1230429).
- commit 2e9108a

- lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668 bsc#1231502)
- commit 45aa8b3

- dn_route: set rt neigh to blackhole_netdev instead of
  loopback_dev in ifdown (bsc#1216813).
- commit 673d32f

- xfrm: set dst dev to blackhole_netdev instead of loopback_dev
  in ifdown (bsc#1216813).
- commit 0e5b278

- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- commit 0c7762c

- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- commit 5d1a23a

- aoe: fix the potential use-after-free problem in more places
  (bsc#1218562 CVE-2023-6270).
- commit e949a45

- efi: fix NULL-deref in init error path (bsc#1229556
  CVE-2022-48879).
- commit 41e1770

- dmaengine: altera-msgdma: properly free descriptor in
  msgdma_free_descriptor (bsc#1230715 CVE-2024-46716).
- commit 92074a5

- bpf: Fix pointer-leak due to insufficient speculative store
  bypass mitigation (bsc#1231375).
- commit fd93435

- drm/amd/display: Check gpio_id before used as array index (CVE-2024-46818 bsc#1231203).
- commit 53caf4b

- drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (CVE-2024-46815 bsc#1231195).
- commit ad18f86

- drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (CVE-2024-46816 bsc#1231197).
- commit 1eea356

- Delete some more obsolete scripts
- commit 0d4cf12

- drm/amd/display: Check link_index before accessing dc->links (CVE-2024-46813 bsc#1231191).
- commit a97e1a4

- drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (CVE-2024-46817 bsc#1231200).
- commit 18cf241

- rpm/release-projects: Add SLFO projects (bsc#1231293).
- commit 9f2c584

- NFSv3: only use NFS timeout for MOUNT when protocols are
  compatible (bsc#1231016).
- commit 2b5943c

- ASoC: meson: axg-card: fix 'use-after-free' (CVE-2024-46849 bsc#1231073)
- commit a395e2d

- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE
  They depend on SHADOW_CALL_STACK.
- commit 65fa52b

- usb: dwc3: st: fix probed platform device ref count on probe
  error path (bsc#1230507 CVE-2024-46674).
- commit ffd5693

- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
  Delete
  patches.suse/ibmvfc-make-max_sectors-a-module-option.patch.
- commit 13d3e25

- nvme: move stopping keep-alive into nvme_uninit_ctrl() (CVE-2024-45013 bsc#1230442)
- commit 75bf6d9

- Update
  patches.suse/media-vivid-fix-compose-size-exceed-boundary.patch
  (git-fixes CVE-2022-48945 bsc#1230398).
- Update
  patches.suse/powerpc-rtas-Prevent-Spectre-v1-gadget-construction-.patch
  (bsc#1227487 CVE-2024-46774 bsc#1230767).
- Update patches.suse/sched-Fix-yet-more-sched_fork-races.patch
  (git fixes (sched/core) CVE-2022-48944 bsc#1229947).
- commit be5b46d

- SUNRPC: avoid soft lockup when transmitting UDP to reachable
  server (bsc#1225272 bsc#1231016).
- commit d8ddf61

- kabi: add __nf_queue_get_refs() for kabi compliance.
- netfilter: nf_queue: fix possible use-after-free (bsc#1229633,
  CVE-2022-48911).
- commit 09526c9

- btrfs: prevent copying too big compressed lzo segment (CVE-2022-48923 bsc#1229662)
- commit 9c5b30e

- dev/parport: fix the array out-of-bounds risk (CVE-2024-42301
  bsc#1229407).
- commit 0515c56

- KABI: kcm: Serialise kcm_sendmsg() for the same socket
  (CVE-2024-44946 bsc#1230015).
- commit 4220de4

- kcm: Serialise kcm_sendmsg() for the same socket
  (CVE-2024-44946 bsc#1230015).
- commit 195f676

- Refresh
  patches.suse/Bluetooth-hci_ldisc-check-HCI_UART_PROTO_READY-flag-.patch.
  Update upstream status and move to the sorted section.
- commit 43dbf50

- memcg_write_event_control(): fix a user-triggerable oops
  (CVE-2024-45021 bsc#1230434).
- commit f5c92ca

- Revert "mm/sparsemem: fix race in accessing memory_section->usage"
  This reverts commit 606bd9b8228bfe004cf6ab930ffb673a535e3c55.
- commit 532bbfe

- Revert "mm, kmsan: fix infinite recursion due to RCU critical section"
  This reverts commit 1702784a5db6b26695f0bc2c6b0cbe973db5c0f3.
- commit e220e83

- Revert "mm: prevent derefencing NULL ptr in pfn_section_valid()"
  This reverts commit d77caa16c18115f0c470ecf5cdd3cdb6f9865aeb.
- commit b38d226

- blk-mq: add helper for checking if one CPU is mapped to
  specified hctx (bsc#1223600).
- blk-mq: don't schedule block kworker on isolated CPUs
  (bsc#1223600).
- commit 4537dc0

- vfs: Don't evict inode under the inode lru traversing context
  (CVE-2024-45003 bsc#1230245).
- commit 82e6e44

- blacklist.conf: update blacklist
- commit 401873a

- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- commit 9438e54

- bluetooth/l2cap: sync sock recv cb and release (bsc#1228576
  CVE-2024-41062).
- commit 5b1f743

- Update references
- commit a096907

- fuse: Initialize beyond-EOF page contents before setting
  uptodate (bsc#1229454 CVE-2024-44947).
- commit ddfd2d7

- usb: vhci-hcd: Do not drop references before new references
  are gained (CVE-2024-43883 bsc#1229707).
- commit 44d7bae

- net: usb: qmi_wwan: fix memory leak for not ip packets
  (CVE-2024-43861 bsc#1229500).
- commit 3e796c3

- PKCS#7: Check codeSigning EKU of certificates in PKCS#7
  (bsc#1226666).
- commit 95da232

- Update
  patches.suse/ASoC-ops-Shift-tested-values-in-snd_soc_put_volsw-by.patch
  (git-fixes CVE-2022-48917 bsc#1229637).
- Update
  patches.suse/Bluetooth-hci_qca-Fix-driver-shutdown-on-closed-serd.patch
  (git-fixes CVE-2022-48878 bsc#1229554).
- Update
  patches.suse/CDC-NCM-avoid-overflow-in-sanity-checking.patch
  (git-fixes CVE-2022-48938 bsc#1229664).
- Update
  patches.suse/KVM-x86-mmu-make-apf-token-non-zero-to-fix-bug.patch
  (git-fixes CVE-2022-48943 bsc#1229645).
- Update
  patches.suse/RDMA-cma-Do-not-change-route.addr.src_addr-outside-s.patch
  (git-fixes CVE-2022-48925 bsc#1229630).
- Update patches.suse/RDMA-ib_srp-Fix-a-deadlock.patch (git-fixes
  CVE-2022-48930 bsc#1229624).
- Update
  patches.suse/USB-gadgetfs-Fix-race-between-mounting-and-unmountin.patch
  (CVE-2022-4382 bsc#1206258 CVE-2022-48869 bsc#1229507).
- Update
  patches.suse/auxdisplay-lcd2s-Fix-memory-leak-in-remove.patch
  (git-fixes CVE-2022-48907 bsc#1229608).
- Update
  patches.suse/blktrace-fix-use-after-free-for-struct-blk_trace.patch
  (bsc#1198017 CVE-2022-48913 bsc#1229643).
- Update
  patches.suse/bpf-Fix-crash-due-to-out-of-bounds-access-into-reg2b.patch
  (git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204
  CVE-2022-0500 CVE-2022-23222 CVE-2022-48929 bsc#1229625).
- Update
  patches.suse/btrfs-fix-race-between-quota-rescan-and-disable-lead.patch
  (bsc#1207158 CVE-2023-52896 bsc#1229533).
- Update
  patches.suse/btrfs-fix-relocation-crash-due-to-premature-return-f.patch
  (bsc#1203360 CVE-2022-48903 bsc#1229613).
- Update
  patches.suse/cgroup-cpuset-Prevent-UAF-in-proc_cpuset_show.patch
  (bsc#1228801 CVE-2024-43853 bsc#1229292).
- Update
  patches.suse/cifs-fix-double-free-race-when-mount-fails-in-cifs_get_root-.patch
  (bsc#1193629 CVE-2022-48919 bsc#1229657).
- Update
  patches.suse/configfs-fix-a-race-in-configfs_-un-register_subsyst.patch
  (git-fixes CVE-2022-48931 bsc#1229623).
- Update
  patches.suse/dmaengine-idxd-Let-probe-fail-when-workqueue-cannot-.patch
  (git-fixes CVE-2022-48868 bsc#1229506).
- Update
  patches.suse/drm-msm-another-fix-for-the-headless-Adreno-GPU.patch
  (git-fixes CVE-2023-52911 bsc#1229522).
- Update
  patches.suse/drm-msm-dp-do-not-complete-dp_aux_cmd_fifo_tx-if-irq.patch
  (git-fixes CVE-2022-48898 bsc#1229537).
- Update patches.suse/drm-virtio-Fix-GEM-handle-creation-UAF.patch
  (git-fixes CVE-2022-48899 bsc#1229536).
- Update
  patches.suse/gsmi-fix-null-deref-in-gsmi_get_variable.patch
  (git-fixes CVE-2023-52893 bsc#1229535).
- Update
  patches.suse/hwmon-Handle-failure-to-register-sensor-with-thermal.patch
  (git-fixes CVE-2022-48942 bsc#1229612).
- Update
  patches.suse/ibmvnic-free-reset-work-item-when-flushing.patch
  (bsc#1196516 ltc#196391 CVE-2022-48905 bsc#1229604).
- Update
  patches.suse/ice-fix-concurrent-reset-and-removal-of-VFs.patch
  (git-fixes CVE-2022-48941 bsc#1229614).
- Update
  patches.suse/iio-adc-men_z188_adc-Fix-a-resource-leak-in-an-error.patch
  (git-fixes CVE-2022-48928 bsc#1229626).
- Update
  patches.suse/iio-adc-tsc2046-fix-memory-corruption-by-preventing-.patch
  (git-fixes CVE-2022-48927 bsc#1229628).
- Update
  patches.suse/io_uring-add-a-schedule-point-in-io_add_buffers.patch
  (git-fixes CVE-2022-48937 bsc#1229617).
- Update patches.suse/iommu-amd-Fix-I-O-page-table-memory-leak
  (git-fixes CVE-2022-48904 bsc#1229603).
- Update
  patches.suse/iommu-vt-d-fix-double-list_add-when-enabling-vmd-in-scalable-mode
  (bsc#1196894 CVE-2022-48916 bsc#1229638).
- Update
  patches.suse/iwlwifi-mvm-check-debugfs_dir-ptr-before-use.patch
  (git-fixes CVE-2022-48918 bsc#1229636).
- Update patches.suse/ixgbe-fix-pci-device-refcount-leak.patch
  (jsc#SLE-18384 CVE-2022-48896 bsc#1229540).
- Update
  patches.suse/misc-fastrpc-Don-t-remove-map-on-creater_process-and.patch
  (git-fixes CVE-2022-48873 bsc#1229512).
- Update
  patches.suse/misc-fastrpc-Fix-use-after-free-race-condition-for-m.patch
  (git-fixes CVE-2022-48872 bsc#1229510).
- Update
  patches.suse/net-mlx5-DR-Fix-slab-out-of-bounds-in-mlx5_cmd_dr_cr.patch
  (jsc#SLE-19253 CVE-2022-48932 bsc#1229622).
- Update patches.suse/net-smc-fix-connection-leak (git-fixes
  CVE-2022-48909 bsc#1229611).
- Update
  patches.suse/nfc-pn533-Wait-for-out_urb-s-completion-in-pn533_usb.patch
  (git-fixes CVE-2023-52907 bsc#1229526).
- Update
  patches.suse/nfp-flower-Fix-a-potential-leak-in-nfp_tunnel_add_sh.patch
  (git-fixes CVE-2022-48934 bsc#1229620).
- Update
  patches.suse/nilfs2-fix-general-protection-fault-in-nilfs_btree_i.patch
  (git-fixes CVE-2023-52900 bsc#1229581).
- Update
  patches.suse/octeontx2-pf-Fix-resource-leakage-in-VF-driver-unbin.patch
  (git-fixes CVE-2023-52905 bsc#1229528).
- Update
  patches.suse/platform-surface-aggregator-Add-missing-call-to-ssam.patch
  (git-fixes CVE-2022-48880 bsc#1229557).
- Update
  patches.suse/regulator-da9211-Use-irq-handler-when-ready.patch
  (git-fixes CVE-2022-48891 bsc#1229565).
- Update
  patches.suse/sched-fair-Fix-fault-in-reweight_entity.patch
  (git fixes (sched/core) CVE-2022-48921 bsc#1229635).
- Update
  patches.suse/scsi-storvsc-Fix-swiotlb-bounce-buffer-leak-in-confi.patch
  (bsc#1206006 CVE-2022-48890 bsc#1229544).
- Update
  patches.suse/spi-spi-zynq-qspi-Fix-a-NULL-pointer-dereference-in-.patch
  (git-fixes CVE-2021-4441 bsc#1229598).
- Update
  patches.suse/thermal-core-Fix-TZ_GET_TRIP-NULL-pointer-dereferenc.patch
  (git-fixes CVE-2022-48915 bsc#1229639).
- Update
  patches.suse/thermal-int340x-fix-memory-leak-in-int3400_notify.patch
  (git-fixes CVE-2022-48924 bsc#1229631).
- Update
  patches.suse/tty-fix-possible-null-ptr-defer-in-spk_ttyio_release.patch
  (git-fixes CVE-2022-48870 bsc#1229508).
- Update
  patches.suse/tty-serial-qcom-geni-serial-fix-slab-out-of-bounds-o.patch
  (git-fixes CVE-2022-48871 bsc#1229509).
- Update
  patches.suse/usb-gadget-f_ncm-fix-potential-NULL-ptr-deref-in-ncm.patch
  (git-fixes CVE-2023-52894 bsc#1229566).
- Update
  patches.suse/usb-gadget-rndis-add-spinlock-for-rndis-response-lis.patch
  (git-fixes CVE-2022-48926 bsc#1229629).
- Update
  patches.suse/usb-xhci-Check-endpoint-is-valid-before-dereferencin.patch
  (git-fixes CVE-2023-52901 bsc#1229531).
- Update
  patches.suse/wifi-mac80211-sdata-can-be-NULL-during-AMPDU-start.patch
  (git-fixes CVE-2022-48875 bsc#1229516).
- Update
  patches.suse/xen-netfront-destroy-queues-before-real_num_tx_queue.patch
  (git-fixes CVE-2022-48914 bsc#1229642).
- Update
  patches.suse/xhci-Fix-null-pointer-dereference-when-host-dies.patch
  (git-fixes CVE-2023-52898 bsc#1229568).
- commit 5c5e4d7

- mm: prevent derefencing NULL ptr in pfn_section_valid()
  (git-fixes).
- commit d77caa1

- mm, kmsan: fix infinite recursion due to RCU critical section
  (git-fixes).
- commit 1702784

- mm/sparsemem: fix race in accessing memory_section->usage
  (bsc#1221326 CVE-2023-52489).
- commit 606bd9b

- jfs: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792
  CVE-2024-44938).
- commit 8003b7e

- ata: libata-core: Fix double free on error
  (CVE-2024-41087,bsc#1228466).
- commit b5892ca

- ata: libata-core: Fix double free on error
  (CVE-2024-41087,bsc#1228466).
- commit 0a4b370

- exec: Fix ToCToU between perm check and set-uid/gid usage
  (CVE-2024-43882 bsc#1229503).
- commit 83a7456

- netfilter: nf_tables: unregister flowtable hooks on netns exit (CVE-2022-48935 bsc#1229619)
- commit 3e33f70

- netfilter: fix use-after-free in __nf_register_net_hook() (CVE-2022-48912 bsc#1229641)
- commit f8f42c3

- rpm/check-for-config-changes: Exclude ARCH_USING_PATCHABLE_FUNCTION_ENTRY
  gcc version dependent, at least on ppc
- commit 16da158

- scsi: smartpqi: Expose SAS address for SATA drives
  (bsc#1223958).
- commit 6711c21

- net/iucv: fix use after free in iucv_sock_close()
  (CVE-2024-42271 bsc#1229400 bsc#1228974).
- commit 82bb6f3

- Update
  patches.suse/drm-amdkfd-don-t-allow-mapping-the-MMIO-HDP-page-wit.patch
  (CVE-2024-41011 bsc#1228115 bsc#1228114).
- Update
  patches.suse/powerpc-pseries-Fix-scv-instruction-crash-with-kexec.patch
  (bsc#1194869 CVE-2024-42230 bsc#1228489).
- commit f6019c1

- libceph: fix race between delayed_work() and ceph_monc_stop()
  (bsc#1228959 CVE-2024-42232).
- commit 27160c2

- rpm/kernel-binary.spec.in: fix klp_symbols macro
  The commit below removed openSUSE filter from %ifs of the klp_symbols
  definition. But it removed -c of grep too and that causes:
  error: syntax error in expression:  01 && (  || 1 )
  error:                                        ^
  error: unmatched (:  01 && (  || 1 )
  error:                     ^
  error: kernel-default.spec:137: bad %if condition:  01 && (  || 1 )
  So reintroduce -c to the PTF's grep.
  Fixes: fd0b293bebaf (kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).)
- commit 4a36fe3

- rpm/kernel-binary.spec.in: Fix build regression
  The previous fix forgot to take over grep -c option that broke the
  conditional expression
- commit d29edf2

- kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).
  After the Jump project the kernel used by SLE and openSUSE Leap are the
  same. As consequence the klp_symbols variable is set, enabling
  kernel-default-livepatch-devel on both SLE and openSUSE.
  The current rules to avoid enabling the package exclude openSUSE
  Tumbleweed alone, which doesn't makes sense for now. Enabling
  kernel-default-livepatch-devel on TW makes it easier to test the
  creation of kernel livepatches of the next SLE versions.
- commit fd0b293

- Update
  patches.suse/powerpc-Avoid-nmi_enter-nmi_exit-in-real-mode-interr.patch
  (bsc#1221645 ltc#205739 bsc#1223191 CVE-2024-42126 bsc#1228718).
  Add CVE references.
- commit 637c320

- Update
  patches.suse/0001-ocfs2-fix-DIO-failure-due-to-insufficient-transactio.patch
  (bsc#1216834 CVE-2024-42077 bsc#1228516).
  Add CVE references.
- commit 8360e90

- ax25: Fix refcount imbalance on inbound connections
  (CVE-2024-40910 bsc#1227832).
- commit 12cb329

- config.sh: generate and install compile_commands.json (bsc#1228971)
  This file contains the command line options used to compile every C file.
  It's useful for the livepatching team.
- kernel-binary: generate and install compile_commands.json (bsc#1228971)
  This file contains the command line options used to compile every C file.
  It's useful for the livepatching team.
- commit 314f719

- packaging: Add case-sensitive perl option parsing
  A recent change in Getopt::Long [1]:
  Changes in version 2.55
  - ----------------------
  * Fix long standing bug that duplicate options were not detected
  when the options differ in case while ignore_case is in effect.
  This will now yield a warning and become a fatal error in a future
  release.
  perl defaults to ignore_case by default, switch it off to avoid
  accidental misparsing of options.
  This was suggested after similar change in scripts/.
- commit e978477
apr
- security update
- added patches
  fix CVE-2023-49582 [bsc#1229783], unexpected lax shared memory permissions
  + apr-CVE-2023-49582.patch
util-linux
- Skip aarch64 decode path for rest of the architectures
  (bsc#1229476, util-linux-lscpu-skip-aarch64-decode.patch).
expat
- security update
- added patches
  fix CVE-2024-50602 [bsc#1232579], DoS via XML_ResumeParser
  + expat-CVE-2024-50602.patch

- Security fix (bsc#1229932, CVE-2024-45492): detect integer
  overflow in function nextScaffoldPart
  * Added expat-CVE-2024-45492.patch
- Security fix (bsc#1229931, CVE-2024-45491): detect integer
  overflow in dtdCopy
  * Added expat-CVE-2024-45491.patch
- Security fix (bsc#1229930, CVE-2024-45490): reject negative
  len for XML_ParseBuffer
  * Added expat-CVE-2024-45490.patch
mozilla-nss
- Updated nss-fips-approved-crypto-non-ec.patch to enforce
  approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113).
libmodulemd
- Build python bindings for all pythons (jsc#PED-6218)
ncurses
- Add patch ncurses-6.1-boo1229028.patch (boo#1229028)
  * Allow that terminal description based on static fallback
    entries can be freed.
openssl-1_1
- Security fix: [bsc#1220262, CVE-2023-50782]
  * Implicit rejection in PKCS#1 v1.5
  * Add openssl-CVE-2023-50782.patch
libpcap
- enable rdma support (bsc#1230894)

- Security fix: [bsc#1230034, CVE-2024-8006]
  * libpcap: NULL pointer derefence in pcap_findalldevs_ex()
  * Add libpcap-CVE-2024-8006.patch

- Security fix: [bsc#1230020, CVE-2023-7256]
  * libpcap: double free via addrinfo in sock_initaddress()
  * Add libpcap-CVE-2023-7256.patch
postgresql16
- Upgrade to 16.4 (bsc#1229013):
  * bsc#1229013, CVE-2024-7348 PostgreSQL relation replacement
    during pg_dump executes arbitrary SQL
  * https://www.postgresql.org/about/news/postgresql-164-158-1413-1316-1220-and-17-beta-3-released-2910/
  * https://www.postgresql.org/docs/release/16.4/
python3
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
  path names provided when creating a virtual environment
  (bsc#1232241, CVE-2024-9287)

- Drop .pyc files from docdir for reproducible builds
  (bsc#1230906).

- Add CVE-2024-6232-ReDOS-backtrack-tarfile.patch prevent
  ReDos via excessive backtracking while parsing header values
  (bsc#1230227, CVE-2024-6232).

- Add CVE-2024-5642-switch-off-NPN.patch switching off the NPN
  support eliminating bsc#1227233 (CVE-2024-5642).

- Add CVE-2024-6923-email-hdr-inject.patch to prevent email
  header injection due to unquoted newlines (bsc#1228780,
  CVE-2024-6923).
- Add CVE-2024-7592-quad-complex-cookies.patch fixing quadratic
  complexity in parsing cookies with backslashes (bsc#1229596,
  CVE-2024-7592)
- %{profileopt} variable is set according to the variable
  %{do_profiling} (bsc#1227999)

- Remove %suse_update_desktop_file macro as it is not useful any
  more.

- Stop using %%defattr, it seems to be breaking proper executable
  attributes on /usr/bin/ scripts (bsc#1227378).
ruby2.5
- backport REXML from 3.3
  - fix denial of service when parsing a XML that has many deep
    elements with the same local name attributes
    (boo#1229673 CVE-2024-43398)
  - fix denial of service when parsing an XML that contains many
    specific characters such as whitespaces, >] and ]>
    (boo#1228794 CVE-2024-41123)
  - fix denial of service when parsing an XML that has many entity
    expansions with SAX2 or pull parser API
    (boo#1228799 CVE-2024-41946)
  - fix denial of service when parsing an XML that has many left
    angled brackets in an attribute value
    (boo#1224390 CVE-2024-35176)
  - fix ReDoS when parsing an XML that has many specific characters
    (boo#1228072 CVE-2024-39908)
libsolv
- removed dependency on external find program in the repo2solv tool
- bindings: fix return value of repodata.add_solv()
- new SOLVER_FLAG_FOCUS_NEW flag
- bump version to 0.7.30
suseconnect-ng
- Update version to 1.12:
  - Set the filesystem root on zypper when given (bsc#1230229,bsc#1229014)
systemd
- Import commit a57a6d239c5d6b91fb3dcd269705e60804a03ae1
  cd0c9ac4f4 unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414)
  e1eaa86a49 udev: do not set ID_PATH and by-path symlink for nvmf disks
  a85d211874 man: Document ranges for distributions config files and local config files

- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
  Otherwise pesign-obs-integration ends up re-packaging systemd with all macros
  inside comments unescaped leading to unpredictable behavior. Now why rpm
  expands rpm macros inside comments is the question...

- Update 1011-sysv-generator-add-back-support-for-SysV-scripts-for.patch
  Really skip redundant dependencies specified the LSB description that
  references the file name of the service itself for early boot scripts (noticed
  in bsc#1221479).
libzypp
- PluginFrame: Send unescaped colons in header values
  (bsc#1231043)
  According to the STOMP protocol it would be correct to escape a
  colon in a header-value, but it breaks plugin receivers which do
  not expect this. The first colon separates header-name from
  header-value, so escaping in the header-value is not needed
  anyway.
  Escaping in the header-value affects especially the urlresolver
  plugins. The input URL is passed in a header, but sent back as
  raw data in the frames body. If the plugin receiver does not
  correctly unescape the URL we may get back a "https\c//" which is
  not usable.
- Do not ignore return value of std::remove_if in MediaSyncFacade
  (fixes #579)
- Fix hang in curl code with no network connection (bsc#1230912)
- version 17.35.12 (35)

- Deprecate librpmDb::db_const_iterator default ctor (bsc#1230267)
  It's preferred to explicitly tell the root directory of the
  system whose database you want to query.
- version 17.35.11 (35)

- API refactoring. Prevent zypper from using now private libzypp
  symbols (bsc#1230267)
- Conflicts: zypper <= 1.14.76
- version 17.35.10 (35)

- single_rpmtrans: fix installation of .src.rpms (bsc#1228647)
- version 17.35.9 (35)

- Make sure not to statically linked installed tools (bsc#1228787)
- version 17.35.8 (35)

- MediaPluginType must be resolved to a valid MediaHandler
  (bsc#1228208)
- version 17.35.7 (35)

- Export CredentialManager for legacy YAST versions (bsc#1228420)
- version 17.35.6 (35)

- Export asSolvable for YAST (bsc#1228420)
- Fix 4 typos in zypp.conf.
- version 17.35.5 (35)

- Fix typo in the geoip update pipeline (bsc#1228206)
- Export RepoVariablesStringReplacer for yast2 (bsc#1228138)
- version 17.35.4 (35)

- Translation: updated .pot file.
- Conflict with python zypp-plugin < 0.6.4 (bsc#1227793)
  Older zypp-plugins reject stomp headers including a '-'. Like the
  'content-length' header we may send.
- Fix int overflow in Provider (fixes #559)
  This patch fixes an issue in safe_strtonum which caused
  timestamps to overflow in the Provider message parser.
- Fix error reporting on repoindex.xml parse error (bsc#1227625)
- version 17.35.3 (35)

- Keep UrlResolverPlugin API public (fixes #560)
- Blacklist /snap executables for 'zypper ps' (bsc#1226014)
- Fix handling of buddies when applying locks (bsc#1225267)
  Buddy pairs (like -release package and product) internally share
  the same status object. When applying locks from query results
  the locked bit must be set if either item is locked.
- version 17.35.2 (35)

- Install zypp/APIConfig.h legacy include (fixes #557)
- version 17.35.1 (35)

- Update soname due to RepoManager refactoring and cleanup.
- version 17.35.0 (35)

- Workaround broken libsolv-tools-base requirements (fixes
  openSUSE/zypper#551)
- Strip ssl_clientkey from repo urls (bsc#1226030)
- Remove protobuf build dependency.
- Lazily attach medium during refresh workflows (bsc#1223094)
- Refactor RepoManager and add Service workflows.
- version 17.34.2 (34)
shadow
- bsc#1230972: Add useradd warnings when requested UID is outside
  the default range
- add shadow-bsc1230972-useradd-warning.patch

- bsc#1228337: chage -d date vs passwd -S output is off by one
  Remove shadow-bsc1176006-chage-date.patch
logrotate
- Backport 'ignoreduplicates' configuration flag (jsc#PED-10366)
  * Added patch logrotate-ignore-duplicates.patch
  * Allows log processing with duplicate logfile matches
pam-config
- Change check for existence of modules.
  If we have a biarch architecture, we check that the 64bit
  PAM module is there and report an error if not. For the 32bit
  variant, we only issue a warning.
  [pam-config-change-check-for-existence-of-modules.patch, bsc#1227216]
postgresql
- bsc#1230423: Relax the dependency of extensions on the server
  version from exact major.minor to greater or equal, after Tom
  Lane confirmed on the PostgreSQL packagers list that ABI
  stability is being taken care of between minor releases.
postgresql14
- Upgrade to 14.13 (bsc#1229013):
  * bsc#1229013, CVE-2024-7348 PostgreSQL relation replacement
    during pg_dump executes arbitrary SQL
  * https://www.postgresql.org/about/news/postgresql-164-158-1413-1316-1220-and-17-beta-3-released-2910/
  * https://www.postgresql.org/docs/release/14.13/
protobuf
- Build the java part with maven, so that we create artifacts
  that correspond to upstream distributed ones.
- Add maven artifact metadata to the protoc binary
- Package also the bom and pom artifacts

- Add patch to fix StackOverflow vulnerability in Protocol Buffers
  * CVE-2024-7254.patch (bsc#1230778, CVE-2024-7254)
python-azure-agent
- Restart the agent (bsc#1227600)
  + The agent service gets restarted in post but may fail due to a missing
    config file. config files were split into their own package previously.
    When we detect that we have to restore a config file we also need
    to restart the agent again.
python3-dmidecode
- Update to the upstream release 3.12.3 (bsc#1229855):
  - consolidation of previous git commits
  - support SMBIOS3.3.0
- Remove upstreamed huge-memory.patch
- Remove upstreamed fix-memory-Type-Detail-map-size.patch
python-dnspython
- Fix CVE-2023-29483-pre1.patch
  (bsc#1230353, gh#rthalley/dnspython@6d590f0a2e1b, gh#nrhall/dnspython@55d6a9d81930)
salt
- Fix failing x509 tests with OpenSSL < 1.1
- Avoid explicit reading of /etc/salt/minion (bsc#1220357)
- Allow NamedLoaderContexts to be returned from loader
- Revert the change making reactor less blocking (bsc#1230322)
- Use --cachedir for extension_modules in salt-call (bsc#1226141)
- Prevent using SyncWrapper with no reason
- Fix the SELinux context for Salt Minion service (bsc#1219041)
- Set contextvars as a build requirement for package
- Increase warn_until_date date for code we still support
- The test_debian test now uses port 80 for ubuntu keyserver
- Fix too frequent systemd service restart in test_system test
- Avoid crash on wrong output of systemctl version (bsc#1229539)
- Improve error handling with different OpenSSL versions
- Remove redundant run_func from salt.master.MWorker._handle_aes
- Fix cloud minion configuration for multiple masters (bsc#1229109)
- Use Pygit2 id instead of deprecated oid in gitfs
- Fix few failing tests to work with both Salt and Salt bundle
- Skip testing unsupported OpenSSL crypto algorithms
- Added:
  * join-masters-if-it-is-a-list-671.patch
  * fix-deprecated-code-677.patch
  * fix-x509-test-fails-on-old-openssl-systems-682.patch
  * replace-use-of-pygit2-deprecated-and-removed-1.15.0-.patch
  * fix-the-selinux-context-for-salt-minion-service-bsc-.patch
  * avoid-crash-on-wrong-output-of-systemctl-version-bsc.patch
  * use-cachedir-for-extension_modules-in-salt-call-bsc-.patch
  * allow-namedloadercontexts-to-be-returned-from-loader.patch
  * prevent-using-syncwrapper-with-no-reason.patch
  * make-tests-compatible-with-venv-bundle.patch
  * fix-test_debian-to-work-in-our-infrastructure-676.patch
  * skip-more-tests-related-to-old-openssl-algorithms.patch
  * fix-test_system-flaky-setup_teardown-fn.patch
  * remove-redundant-run_func-from-salt.master.mworker._.patch
  * improve-error-handling-with-different-openssl-versio.patch
  * avoid-explicit-reading-of-etc-salt-minion-bsc-122035.patch
  * revert-the-change-making-reactor-less-blocking-bsc-1.patch

- Fix rich rule comparison in firewalld module (bsc#1222684)
- test_vultrpy: adjust test expectation to prevent failure after Debian 10 EOL
- Make auth.pam more robust with Salt Bundle and fix tests
- Fix performance of user.list_groups with many remote groups
- Fix "status.diskusage" function and exclude some tests for Salt Bundle
- Skip certain tests if necessary for some OSes and set flaky ones
- Add a timer to delete old env post update for venv-minion
- Several fixes for tests to avoid errors and failures in some OSes
- Added:
  * test_vultrpy-adjust-test-expectation-to-prevent-fail.patch
  * skip-certain-tests-if-necessary-and-mark-some-flaky-.patch
  * some-more-small-tests-fixes-enhancements-661.patch
  * firewalld-normalize-new-rich-rules-before-comparing-.patch
  * several-fixes-for-tests-to-avoid-errors-and-failures.patch
  * provide-systemd-timer-unit.patch
  * fix-user.list_groups-omits-remote-groups.patch
  * fix-status.diskusage-and-exclude-some-tests-to-run-w.patch
python3-setuptools
- Add patch CVE-2024-6345-code-execution-via-download-funcs.patch:
  * Sanitize any VCS URL we download. (CVE-2024-6345, bsc#1228105)
spacewalk-certs-tools
- version 4.3.26-0
  * Fix private key format in jabberd certificate file (bsc#1228851)
  * Fix parsing Authority Key Identifier when keyid is not prefixed (bsc#1229079)
  * Support multiple certificates for root-ca-file and server-cert-file
spacewalk-client-tools
- version 4.3.21-0
  * Update translation strings
uyuni-common-libs
- version 4.3.11-0
  * Enforce directory permissions at repo-sync when creating
    directories (bsc#1229260)
  * Make ISSv1 timezone independent (bsc#1221505)
regionServiceClientConfigAzure
- Update to version 2.2.0 (jsc#PCT-360)
  + Add IPv6 certs to enable IPv6 access of the update infrastructure
  + Add noipv6.patch to patch out IPv6 on SLE 12, no IPv6 support in SLE 12
    in the Public Cloud

- Update to version 2.1.0 (bsc#1217537)
  + Replace certs 23.100.36.229.pem and 40.121.202.140.pem (4096 length):
    rgnsrv-azure-westus -> 23.100.36.229.pem expires 9 years
    rgnsrv-azure-eastus  -> 40.121.202.140.pem expires 10 years
release-notes-susemanager
- Update to SUSE Manager 4.3.14
  * Ubuntu 24.04 support as client
  * Product migration from RHEL and Clones to SUSE Liberty Linux
  * POS image templates now produce compressed images
  * Date format for API endpoints has been changed to ISO-8601 format
  * CVE Fixed
    CVE-2024-47533, CVE-2024-49502, CVE-2024-49503
  * Bugs mentioned:
    bsc#1146701, bsc#1211899, bsc#1212985, bsc#1217003, bsc#1217338
    bsc#1217978, bsc#1218090, bsc#1219450, bsc#1219645, bsc#1219887
    bsc#1221435, bsc#1221505, bsc#1223312, bsc#1223988, bsc#1224108
    bsc#1224209, bsc#1225603, bsc#1225619, bsc#1225960, bsc#1226090
    bsc#1226439, bsc#1226461, bsc#1226478, bsc#1226687, bsc#1226917
    bsc#1227133, bsc#1227334, bsc#1227406, bsc#1227526, bsc#1227543
    bsc#1227599, bsc#1227606, bsc#1227746, bsc#1228036, bsc#1228101
    bsc#1228130, bsc#1228147, bsc#1228286, bsc#1228326, bsc#1228345
    bsc#1228412, bsc#1228545, bsc#1228638, bsc#1228851, bsc#1228945
    bsc#1229079, bsc#1229178, bsc#1229260, bsc#1229339, bsc#1231332
    bsc#1231852, bsc#1231922, bsc#1231900
rsyslog
- fix PreserveFQDN option before daemon is restarted (bsc#1231229)
  add 0001-core-bugfix-rsyslog-messages-may-not-always-have-FQD.patch

- restart daemon after update at the end of the transaction
  (bsc#1230984)
rubygem-nokogiri
- added only-complain-about-version-diff-if-it-is-older.patch:
  make nokogiri only complain about mismatching libxml2 version
  if the runtime version is older than the build version as we
  assume newer versions should be ABI compatible (boo#1213999)
runc
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.14. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.14>.
  Includes the patch for CVE-2024-45310. bsc#1230092
- Rebase patches:
  * 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
  * 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
  * 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
  * 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
shim
- Update shim-install to apply the missing fix for openSUSE Leap
  (bsc#1210382) fixed by Gary.
  * 86b73d1 Fix that bootx64.efi is not updated on Leap
- Update shim-install to use the 'removable' way for SL-Micro
  (bsc#1230316) fixed by Gary.
  * 433cc4e Always use the removable way for SL-Micro
000release-packages:sle-module-basesystem-release
n/a
000release-packages:sle-module-containers-release
n/a
000release-packages:sle-module-public-cloud-release
n/a
000release-packages:sle-module-server-applications-release
n/a
000release-packages:sle-module-web-scripting-release
n/a
spacecmd
- version 4.3.29-0
  * Speed up softwarechannel_removepackages (bsc#1227606)
spacewalk-backend
- version 4.3.30-0
  * Make ISSv1 timezone independent (bsc#1221505)
  * reposync: introduce timeout when syncing DEB channels (bsc#1225960)
  * yum_src: use proper name variable name for subprocess.TimeoutExpired
  * Check and populate PTF attributes at the time of importing
    packages (bsc#1225619)
  * reposync: import GPG keys to RPM DB individually (bsc#1217003)
  * Add log string to the journal when services are stopped
    because of insufficient disk space
spacewalk-web
- version 4.3.42-0
  * CVE-2024-49503: Escape organization credentials username to
    mitigate XSS vulnerability (bsc#1231922)

- version 4.3.41-0
  * CVE-2024-49502: Validate proxy hostname format and escape proxy
    username to mitigate XSS vulnerabilities (bsc#1231852)

- version 4.3.40-0
  * Fix channel selection using SSM (bsc#1226917)
  * Fix datetime selection when using maintenance windows (bsc#1228036)
spacewalk-config
- version 4.3.14-0
  * Trust the Content-Length header from AJP (bsc#1226439)
spacewalk-java
- version 4.3.82-0
  * Limit frontend-log message size (bsc#1231900)

- version 4.3.81-0
  * Add detection of Ubuntu 24.04

- version 4.3.80-0
  * Use custom select instead of errata view for better performance
    (bsc#1225619)

- version 4.3.79-0
  * Add info URL for cobbler to clean the system profile (bsc#1219645)
  * Require correct scap packages for Ubuntu
  * Require correct scap packages for Debian 12 (bsc#1227746)
  * Fix finding system_checkin_threshold configuration value on Sytems
    Overview page (bsc#1224108)
  * Allow changing base channel to Liberty LTSS when the system is on
    Liberty (bsc#1228326)
  * Implement product migration from RHEL and Clones to Liberty
  * Remove system also from proxy SSH known_hosts (bsc#1228345)
  * Fix NullPointerException when generating subscription matcher
    input (bsc#1228638)
  * Allow free products and SUSE Manager Proxy being managed by SUSE Manager
    Server PAYG
  * Open bootstrap script directory URL in a new page (bsc#1225603)
  * Delay package list refresh when Salt was updated (bsc#1217978)
  * Add SLE Micro 5 to the list of systems which support monitoring (bsc#1227334)
  * Add all SLE Micro systems to the list of systems which get PTF repositories
  * Update last sync refresh timestamp only when at least one time products
    were synced before
  * Prevent NullPointerException when listing history events without completion
    time (bsc#1146701)
  * Autoinstallation: prevent issues with duplicate IP address due to some
    networks (bsc#1226461)
  * Improve SQL queries and performance to check for PTF packages (bsc#1225619)
  * Check the correct Salt package before product migration (bsc#1224209)
  * Fix the date format output when using the HTTP API to use ISO 8601
    format (bsc#1227543)
  * Fix transactional update check for SL Micro (bsc#1227406)
  * Improve score comparison in system search to fix ISE (bsc#1228412)
  * Fix package profile update on CentOS 7 when yum-utils is not
    installed (bsc#1227133)
spacewalk-utils
- version 4.3.22-0
  * Add repositories for Ubuntu 24.04 LTS

- version 4.3.21-0
  * Drop unsupported tool spacewalk-final-archive as it is broken
    and may disclose sensitive information (bsc#1228945)
strace
- Change the license to the correct LGPL-2.1-or-later
  (bsc#1228216).
supportutils
- Changes to version 3.2.8
  + Avoid getting duplicate kernel verifications in boot.text (pr#190)
  + lvm: suppress file descriptor leak warnings from lvm commands (pr#191)
  + docker_info: Add timestamps to container logs (pr#196)
  + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198)
  + Update supportconfig get pam.d sorted (pr#199)
  + yast_files: Exclude .zcat (pr#201)
  + Sanitize grub bootloader (bsc#1227127, pr#203)
  + Sanitize regcodes (pr#204)
  + Improve product detection (pr#205)
  + Add read_values for s390x (bsc#1228265, pr#206)
  + hardware_info: Remove old alsa ver check (pr#209)
  + drbd_info: Fix incorrect escape of quotes (pr#210)
suse-build-key
- extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339)
  - gpg-pubkey-39db7c82-5f68629b.asc
  + gpg-pubkey-39db7c82-66c5d91a.asc

- ensure key2rpmname is called using bash.

- make the per-project inclusion optional, default off.

- Also include the GPG key from the current build project
  to allow Staging testing without production keys. (bsc#1231829)
susemanager-build-keys
- extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339)
  - gpg-pubkey-39db7c82-5f68629b.asc
  + gpg-pubkey-39db7c82-66c5d91a.asc
susemanager-docs_en
- Documented Ubuntu 24.04 LTS as a supported client OS in Client
  Configuration Guide

- SUSE Manager 4.3.14 documentation update
- In network ports section, deleted partially outdated image, added
  port 443 for clients, and removed Cobbler only used internally
  (bsc#1217338)
- Added installer-updates.suse.com to the list of URLs in Installation
  and Upgrade Guide (bsc#1229178)
- Enhanced instructions about the permissions for the IAM role
  in Public Cloud Guide
- Fixed OS minor number in Client Configuration Guide (bsc#1218090)
- Added warning about Package Hub (bsc#1221435)
- Removed Verify Packages section from Package Management chapter
  in Client Configuration Guide
- Added note about usernames in PAM section in Administration Guide
  (bsc#1227599)
- Updated Content Lifecycle Management (CLM) examples for Red Hat
  Enterprise Linux 9 (bsc#1226687)
- Added VM based proxy installation in Installation and Upgrade Guide
- Fixed PostgreSQL name entity
- Improved Large Deployments Guide with better tuning values and
  extra parameters added
- Updated lists of SUSE Linux Enterprise hardening profiles in openSCAP
  chapter in the Administration Guide
susemanager-schema
- version 4.3.27-0
  * Introduce new attributes to detect PTF packages (bsc#1225619)
susemanager-sls
- version 4.3.45-0
  * Start using DEB822 format for repository sources beginning with Ubuntu 24.04

- version 4.3.44-0
  * Speed-up mgrutil.remove_ssh_known_host runner (bsc#1223312)
  * Implement product migration from RHEL and clones to Liberty
  * Disable transactional-update.timer on SLEM at bootstrap
  * Explicitly remove old venv-minion environment when updating Python versions
  * sumautil: properly detect bridge interfaces (bsc#1226461)
  * Fix typo on directories to clean up when deleting a system (bsc#1228101)
  * Translate GPG URL if it has server name and client behind proxy
    (bsc#1223988)
  * Fix yum-utils package missing on CentOS7 minions (bsc#1227133)
  * Implement IMDSv2 for AWS instance detection (bsc#1226090)
  * Fix package profile update on CentOS 7 when yum-utils is not
    installed (bsc#1227133)
  * Fix parsing passwords with special characters for PostgreSQL
    exporter
susemanager-sync-data
- version 4.3.21-0
  * Add SLES15-SP5-LTSS channel families
  * Add MicroOS PPC channel family

- version 4.3.20-0
  * Add Ubuntu 24.04 support

- version 4.3.19-0
  * Fix CentOS 7 repo urls (bsc#1227526)
  * Add channel family for SLES 12 SP5 LTSS Extended Security
  * Implement product migration from RHEL and clones to Liberty
susemanager
- version 4.3.39-0
  * Enable bootstrapping for Ubuntu 24.04 LTS

- version 4.3.38-0
  * Add missing package python3-ply to bootstrap repo definition (bsc#1228130)
  * Create special bootstrap data for SUSE Manager Server 4.3 with LTSS
    updates for Hub scenario (bsc#1211899)
  * Add LTSS updates to SUSE Manager Proxy 4.3 bootstrap data
  * Add traditional stack to boostrap repo on sles15sp6 (bsc#1228147)
  * Change package to libdbus-glib-1-2 on sle15sp6 (bsc#1228147)
tomcat
- Update to Tomcat 9.0.97
  * Fixed CVEs:
    + CVE-2024-52316: If the Jakarta Authentication fails with an exception,
    set a 500 status (bsc#1233434)
  * Catalina
    + Add: Add support for the new Servlet API method
    HttpServletResponse.sendEarlyHints(). (markt)
    + Add: 55470: Add debug logging that reports the class path when a
    ClassNotFoundException occurs in the digester or the web application
    class loader. Based on a patch by Ralf Hauser. (markt)
    + Update: 69374: Properly separate between table header and body in
    DefaultServlet's listing. (michaelo)
    + Update: 69373: Make DefaultServlet's HTML listing file last modified
    rendering better (flexible). (michaelo)
    + Update: Improve HTML output of DefaultServlet. (michaelo)
    + Code: Refactor RateLimitFilter to use FilterBase as the base class. The
    primary advantage for doing this is less code to process init-param
    values. (markt)
    + Update: 69370: DefaultServlet's HTML listing uses incorrect labels.
    (michaelo)
    + Fix: Avoid NPE in CrawlerSessionManagerValve for partially mapped
    requests. (remm)
    + Fix: Add missing WebDAV Lock-Token header in the response when locking
    a folder. (remm)
    + Fix: Invalid WebDAV lock requests should be rejected with 400. (remm)
    + Fix: Fix regression in WebDAV when attempting to unlock a collection.
    (remm)
    + Fix: Verify that destination is not locked for a WebDAV copy operation.
    (remm)
    + Fix: Send 415 response to WebDAV MKCOL operations that include a
    request body since this is optional and unsupported. (remm)
    + Fix: Enforce DAV: namespace on WebDAV XML elements. (remm)
    + Fix: Do not allow a new WebDAV lock on a child resource if a parent
    collection is locked (RFC 4918 section 6.1). (remm)
    + Fix: WebDAV Delete should remove any existing lock on successfully
    deleted resources. (remm)
    + Update: Remove WebDAV lock null support in accordance with RFC 4918
    section 7.3 and annex D. Instead, a lock on a non-existing resource
    will create an empty file locked with a regular lock. (remm)
    + Update: Rewrite implementation of WebDAV shared locks to comply with
    RFC 4918. (remm)
    + Update: Implement WebDAV If header using code from the Apache Jackrabbit
    project. (remm)
    + Add: Add PropertyStore interface in the WebDAV Servlet, to allow
    implementation of dead properties storage. The store used can be
    configured using the 'propertyStore' init parameter of the WebDAV
    servlet. A simple non-persistent implementation is used if no custom
    store is configured. (remm)
    + Update: Implement WebDAV PROPPATCH method using the newly added
    PropertyStore. (remm)
    + Fix: Cache not found results when searching for web application class
    loader resources. This addresses performance problems caused by
    components such as java.sql.DriverManager which, in some circumstances,
    will search for the same class repeatedly. In a large web application
    this can cause performance problems. The size of the cache can be
    controlled via the new notFoundClassResourceCacheSize on the
    StandardContext. (markt)
    + Fix: Stop after INITIALIZED state should be a noop since it is possible
    for subcomponents to be in FAILED after init. (remm)
    + Fix: Fix incorrect web resource cache size calculations when there are
    concurrent PUT and DELETE requests for the same resource. (markt)
    + Add: Add debug logging for the web resource cache so the current size
    can be tracked as resources are added and removed. (markt)
    + Update: Replace legacy WebDAV opaquelocktoken: scheme for lock tokens
    with urn:uuid: as recommended by RFC 4918, and remove secret init
    parameter. (remm)
    + Fix: Concurrent reads and writes (e.g. GET and PUT / DELETE) for the
    same path caused corruption of the FileResource where some of the
    fields were set as if the file exists and some as set as if it does
    not. This resulted in inconsistent metadata. (markt)
    + Fix: 69415: Ensure that the ExpiresFilter only sets cache headers on
    GET and HEAD requests. Also skip requests where the application has set
    Cache-Control: no-store. (markt)
    + Fix: 69419: Improve the performance of ServletRequest.getAttribute()
    when there are multiple levels of nested includes. Based on a patch
    provided by John Engebretson. (markt)
    + Add: All applications to send an early hints informational response by
    calling HttpServletResponse.sendError() with a status code of 103.
    (schultz)
    + Fix: Ensure that the Jakarta Authentication CallbackHandler only
    creates one GenericPrincipal in the Subject. (markt)
    + Fix: If the Jakarta Authentication process fails with an Exception,
    explicitly set the HTTP response status to 500 as the ServerAuthContext
    may not have set it. (markt)
    + Fix: When persisting the Jakarta Authentication provider configuration,
    create any necessary parent directories that don't already exist.
    (markt)
    + Fix: Correct the logic used to detect errors when deleting temporary
    files associated with persisting the Jakarta Authentication provider
    configuration. (markt)
    + Fix: When processing Jakarta Authentication callbacks, don't overwrite
    a Principal obtained from the PasswordValidationCallback with null if
    the CallerPrincipalCallback does not provide a Principal. (markt)
    + Fix: Avoid store config backup loss when storing one configuration more
    than once per second. (remm)
    + Fix: 69359: WebdavServlet duplicates getRelativePath() method from
    super class with incorrect Javadoc. (michaelo)
    + Fix: 69360: Inconsistent DELETE behavior between WebdavServlet and
    DefaultServlet. (michaelo)
    + Fix: Make WebdavServlet properly return the Allow header when deletion
    of a resource is not allowed. (michaelo)
    + Fix: Add log warning if non wildcard mappings are used with the
    WebdavServlet. (remm)
    + Fix: 69361: Ensure that the order of entries in a multi-status response
    to a WebDAV is consistent with the order in which resources were
    processed. (markt)
    + Fix: 69362: Provide a better multi-status response when deleting a
    collection via WebDAV fails. Empty directories that cannot be deleted
    will now be included in the response. (markt)
    + Fix: 69363: Use getPathPrefix() consistently in the WebDAV servlet to
    ensure that the correct path is used when the WebDAV servlet is mounted
    at a sub-path within the web application. (markt)
    + Fix: Improve performance of ApplicationHttpRequest.parseParameters().
    Based on sample code and test cases provided by John Engebretson.
    (markt)
    + Add: Add support for RFC 8297 (Early Hints). Applications can use
    this feature by casting the HttpServletResponse to
    org.apache.catalina.connector.Reponse and then calling the method
    void sendEarlyHints(). This method will be added to the Servlet API
    (removing the need for the cast) in Servlet 6.2 onwards. (markt)
    + Fix: 69214: Do not reject a CORS request that uses POST but does not
    include a content-type header. Tomcat now correctly processes this as
    a simple CORS request. Based on a patch suggested by thebluemountain.
    (markt)
    + Fix: Refactor SpnegoAuthenticator so it uses Subject.callAs() rather
    than Subject.doAs() when available. (markt)
  * Coyote
    + Fix: Return null SSL session id on zero length byte array returned from
    the SSL implementation. (remm)
    + Fix: Skip OpenSSLConf with BoringSSL since it is unsupported. (remm)
    + Fix: Create the HttpParser in Http11Processor if it is not present on
    the AbstractHttp11Protocol to provide better lifecycle robustness for
    regular HTTP/1.1. The new behavior was introduced on a previous
    refactoring to improve HTTP/2 performance. (remm)
    + Fix: OpenSSLContext will now throw a KeyManagementException if something
    is known to have gone wrong in the init method, which is the behavior
    documented by javax.net.ssl.SSLContext.init. This makes error handling
    more consistent. (remm)
    + Fix: 69316: Ensure that FastHttpDateFormat#getCurrentDate() (used to
    generate Date headers for HTTP responses) generates the correct string
    for the given input. Prior to this change, the output may have been
    wrong by one second in some cases. Pull request #751 provided by Chenjp.
    (markt)
    + Add: Add server and serverRemoveAppProvidedValues to the list of
    attributes the HTTP/2 protocol will inherit from the HTTP/1.1 connector
    it is nested within. (markt)
    + Fix: Avoid possible crashes when using Apache Tomcat Native, caused by
    destroying SSLContext objects through GC after APR has been terminated.
    (remm)
    + Fix: Improve HTTP/2 handling of trailer fields for requests. Trailer
    fields no longer need to be received before the headers of the
    subsequent stream nor are trailer fields for an in-progress stream
    swallowed if the Connector is paused before the trailer fields are
    received. (markt)
    + Fix: Ensure the request and response are not recycled too soon for an
    HTTP/2 stream when a stream level error is detected during the processing
    of incoming HTTP/2 frames. This could lead to incorrect processing times
    appearing in the access log. (markt)
    + Fix: Fix 69320, a regression in the fix for 69302 that meant the
    HTTP/2 processing was likely to be broken for all clients once any
    client sent an HTTP/2 reset frame. (markt)
    + Fix: Correct a regression in the fix for non-blocking reads of chunked
    request bodies that caused InputStream.available() to return a non-zero
    value when there was no data to read. In some circumstances this could
    cause a blocking read to block waiting for more data rather than return
    the data it had already received. (markt)
    + Add: Add a new attribute cookiesWithoutEquals to the Rfc6265CookieProcessor.
    The default behaviour is unchanged. (markt)
    + Fix: Ensure that Tomcat sends a TLS close_notify message after receiving
    one from the client when using the OpenSSLImplementation. (markt)
    + Fix: 69301: Fix trailer headers replacing non-trailer headers when writing
    response headers to the access log. Based on a patch and test case
    provided by hypnoce. (markt)
    + Fix: 69302: If an HTTP/2 client resets a stream before the request body is
    fully written, ensure that any ReadListener is notified via a call to
    ReadListener.onErrror(). (markt)
    + Fix: Correct regressions in the refactoring that added recycling of the
    coyote request and response to the HTTP/2 processing. (markt)
    + Add: Add OpenSSL integration using the FFM API rather than Tomcat Native.
    OpenSSL support may be enabled by adding the
    org.apache.catalina.core.OpenSSLLifecycleListener listener on the
    Server element when using Java 22 or later. (remm)
    + Fix: Ensure that HTTP/2 stream input buffers are only created when there
    is a request body to be read. (markt)
    + Code: Refactor creation of HttpParser instances from the Processor level
    to the Protocol level since the parser configuration depends on the
    protocol and the parser is, otherwise, stateless. (markt)
    + Add: Align HTTP/2 with HTTP/1.1 and recycle the container internal
    request and response processing objects by default. This behaviour can
    be controlled via the new discardRequestsAndResponses attribute on the
    HTTP/2 upgrade protocol. (markt)
  * Jasper
    + Fix: Add back tag release method as deprecated in the runtime for
    compatibility with old generated code. (remm)
    + Fix: 69399: Fix regression caused by the improvement 69333 which caused
    the tag release to be called when using tag pooling, and to be skipped
    when not using it. Patch submitted by Michal Sobkiewicz. (remm)
    + Fix: 69381: Improve method lookup performance in expression language.
    When the required method has no arguments there is no need to consider
    casting or coercion and the method lookup process can be simplified.
    Based on pull request #770 by John Engebretson.
    + Fix: 69382: Improve the performance of the JSP include action by
    re-using results of relatively expensive method calls in the generated
    code rather than repeating them. Patch provided by John Engebretson.
    (markt)
    + Fix: 69398: Avoid unnecessary object allocation in PageContextImpl.
    Based on a suggestion by John Engebretson. (markt)
    + Fix: 69406: When using StringInterpreterEnum, do not throw an
    IllegalArgumentException when an invalid Enum is encountered. Instead,
    resolve the value at runtime. Patch provided by John Engebretson.
    (markt)
    + Fix: 69429: Optimise EL evaluation of method parameters for methods
    that do not accept any parameters. Patch provided by John Engebretson.
    (markt)
    + Fix: 69333: Remove unnecessary code from generated JSPs. (markt)
    + Fix: 69338: Improve the performance of processing expressions that
    include AND or OR operations with more than two operands and expressions
    that use not empty. (markt)
    + Fix: 69348: Reduce memory consumption in ELContext by using lazy
    initialization for the data structure used to track lambda arguments.
    (markt)
    + Fix: Switch the TldScanner back to logging detailed scan results at debug
    level rather than trace level. (markt)
  * Web applications
    + Fix: The manager webapp will now be able to access certificates again
    when OpenSSL is used. (remm)
    + Fix: Documentation. Align the logging configuration documentation with
    the current defaults. (markt)
  * WebSocket
    + Fix: If a blocking message write exceeds the timeout, don't attempt the
    write again before throwing the exception. (markt)
    + Fix: An EncodeException being thrown during a message write should not
    automatically cause the connection to close. The application should
    handle the exception and make the decision whether or not to close the
    connection. (markt)
  * jdbc-pool
    + Fix: 69255: Correct a regression in the fix for 69206 that meant exceptions
    executing statements were wrapped in a java.lang.reflect.UndeclaredThrowableException
    rather than the application seeing the original SQLException. Fixed by
    pull request #744 provided by Michael Clarke. (markt)
    + Fix: 69279: Correct a regression in the fix for 69206 that meant that
    methods that previously returned a null ResultSet were returning a proxy
    with a null delegate. Fixed by pull request #745 provided by Huub de Beer.
    (markt)
    + Fix: 69206: Ensure statements returned from Statement methods
    executeQuery(), getResultSet() and getGeneratedKeys() are correctly
    wrapped before being returned to the caller. Based on pull request
    [#742] provided by Michael Clarke.
  * Other
    + Update: Switch from DigiCert ONE to ssl.com eSigner for code signing.
    (markt)
    + Update: Update Byte Buddy to 1.15.10. (markt)
    + Update: Update CheckStyle to 10.20.0. (markt)
    + Add: Improvements to German translations. (remm)
    + Add: Improvements to French translations. (remm)
    + Add: Improvements to Japanese translations by tak7iji. (markt)
    + Add: Improvements to Chinese translations by Ch_jp. (markt)
    + Add: Exclude the tomcat-coyote-ffm.jar from JAR scanning by default.
    (markt)
    + Fix: Change the default log handler level to ALL so log messages are
    not dropped by default if a logger is configured to use trace (FINEST)
    level logging. (markt)
    + Update: Update Hamcrest to 3.0. (markt)
    + Update: Update EasyMock to 5.4.0. (markt)
    + Update: Update Byte Buddy to 1.15.0. (markt)
    + Update: Update CheckStyle to 10.18.0. (markt)
    + Update: Update the internal fork of Apache Commons BCEL to 6.10.0.
    (markt)
    + Add: Improvements to Spanish translations by Fernando. (markt)
    + Add: Improvements to French translations. (remm)
    + Add: Improvements to Japanese translations by tak7iji. (markt)
    + Fix: Fix packaging regression with missing osgi information following
    addition of the test-only build target. (remm)
    + Update: Update Tomcat Native to 1.3.1. (markt)
    + Update: Update Byte Buddy to 1.14.18. (markt)
    + Add: Improvements to French translations. (remm)
    + Add: Improvements to Japanese translations by tak7iji. (markt)

- Adapt the scripts to run also with javapackages-tools >= 6.3

- Fix build after removal of the default %%{java_home} define

- Modified patch:
  * tomcat-9.0-osgi-build.patch
    + move the definition of bnd.classpath out of the setup-bnd task
    since it is one component in build.classpath
unzip
- Use %patch -P N instead of deprecated %patchN.

- Build unzip-rcc using multibuild and update unzip-rcc.spec file
util-linux-systemd
- Skip aarch64 decode path for rest of the architectures
  (bsc#1229476, util-linux-lscpu-skip-aarch64-decode.patch).
uyuni-reportdb-schema
- version 4.3.11-0
  * Change Errata CVE column to type text as a varchar reaches the
    maximum (bsc#1226478)
wget
- Drop support for shorthand URLs
  * Breaking change to fix CVE-2024-10524.
  [+ drop-support-for-shorthand-URLs.patch, bsc#1233773]

- Update 0001-possibly-truncate-pathname-components.patch
  * Take the patch from savannah repository where the checking of the file
    length doesn't include path length.
  * [bsc#1204720, bsc#1231661]
wicked
- Update to version 0.6.77
  - compat-suse: use iftype in sysctl handling (bsc#1230911, gh#openSUSE/wicked#1043)
  - Always generate the ipv4/ipv6 <enabled>true|false</enabled> node
  - Inherit all, default and interface sysctl settings also for loopback,
    except for use_tempaddr and accept_dad.
  - Consider only interface specific accept_redirects sysctl settings.
  - Adopt ifsysctl(5) manual page with wicked specific behavior.
  - route: fix family and destination processing (bsc#1231060)
  - man: improve wicked-config(5) file description (gh#openSUSE/wicked#1039)
  - dhcp4: add ignore-rfc3927-1-6 wicked-config(5) option (jsc#PED-10855, gh#openSUSE/wicked#1038)
  - team: set arp link watcher interval default to 1s (gh#openSUSE/wicked#1037)
  - systemd: use `BindsTo=dbus.service` in favor of `Requisite=` (bsc#1229745)
  - compat-suse: fix use of deprecated `INTERFACETYPE=dummy` (boo#1229555)
  - arp: don't set target broadcast hardware address (gh#openSUSE/wicked#1036)
  - dbus: don't memcpy empty/NULL array value (gh#openSUSE/wicked#1035)
  - ethtool: fix leak and free pause data in ethtool_free (gh#openSUSE/wicked#1030)
- Removed patches included in the source archive:
  [- 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]

- compat-suse: fix dummy interfaces configuration with
  INTERFACETYPE=dummy (boo#1229555, gh#openSUSE/wicked#1031)
  [+ 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]
xalan-j2
- Use SOURCE_DATE_EPOCH for reproducible builds
- Split into two _multibuild flavours to avoid use of binary jars
  and prevent build cycles
- Fetch the sources from git and clean the tarball of binary jars
- Modified patches:
  * openjdk-build.patch
  * xalan-j2-crosslink.patch
  * xalan-j2-manifest.patch
  * xalan-j2-noxsltcdeps.patch
    + adapt to different line-endings and to slightly changed
    context

- Use %patch -P N instead of deprecated %patchN.

- Update to upstream version 2.7.3
  * Java 8 requirement
    + This XalanJ release, requires users to use Java minimum
    version 8 for working with XalanJ.
  * Fix for CVE-2022-34169 (bsc#1201684) An integer truncation issue
    when processing malicious XSLT stylesheets
    + This issue was fixed within XalanJ's XSLTC processor. This
    XalanJ issue, when present causes following problems:
    Malicious XSLT stylesheets may be written, which could result
    in XalanJ invalid translet Java byte code to be produced by
    XalanJ XSLTC processor. The XalanJ translet is a Java byte
    code compiled representation, of an XSLT transformation.
  * Upgrade to Apache Commons BCEL 6.7.0
    + This XalanJ release, contains upgraded version of Apache
    Commons BCEL library.
  * Enhancements for, performing XalanJ build and running of XalanJ
    tests from source distribution
    + The XalanJ users, can now make XalanJ builds and perform
    XalanJ tests from the XalanJ source distribution. The XalanJ
    build scripts for the implementation and the tests, both for
    the Windows and Linux platforms, were enhanced to support
    building XalanJ with JDK 1.8.
  * Upgrade to Xerces-J 2.12.2
    + This XalanJ release, contains upgraded versions of
    xercesImpl.jar and xml-apis.jar (Xerces-J 2.12.2).
- Modified patches:
  * openjdk-build.patch
  * xalan-j2-manifest.patch
    + rediff to changed context
xen
- bsc#1232622 - VUL-0: CVE-2024-45818: xen: Deadlock in x86 HVM
  standard VGA handling (XSA-463)
  xsa463-01.patch
  xsa463-02.patch
  xsa463-03.patch
  xsa463-04.patch
  xsa463-05.patch
  xsa463-06.patch
  xsa463-07.patch
  xsa463-08.patch
  xsa463-09.patch
  xsa463-10.patch
- bsc#1232624 - VUL-0: CVE-2024-45819: xen: libxl leaks data to PVH
  guests via ACPI tables (XSA-464)
  xsa464.patch
- Drop the following patches
  stdvga-cache.patch

- bsc#1232542 - remove usage of net-tools-deprecated from supportconfig plugin

- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
  vlapic_error() (XSA-462)
  xsa462.patch

- bsc#1228201 - [Baremetal][sles15sp4][guest migration] xl
  migration fail , guest not shutdown.
  This also fixes, bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86:
  Native Branch History Injection (XSA-456)
  661d00b8-VMX-prevent-fallthrough-in-vmx_set_reg.patch

- bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86
  IOMMU identity mapping (XSA-460)
  66bb7316-x86-IOMMU-move-tracking-in-iommu_identity_mapping.patch
- bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through
  with shared resources (XSA-461)
  66bb6fa5-x86-pass-through-document-as-security-unsupported.patch
- Drop xsa458.patch in favor of upstream version (bsc#1227355)
  669662ea-x86-IRQ-avoid-double-unlock-in-map_domain_pirq.patch

- bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86
  guest IRQ handling (XSA-458)
  xsa458.patch

- bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch
  History Injection (XSA-456)
  662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
  662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
xerces-j2
- Simplify the spec file: remove old macros

- Use %patch -P N instead of deprecated %patchN.
xstream
- Upgrade to 1.4.21
  * Security fixes
    + This maintenance release addresses the security vulnerability
    CVE-2024-47072 (bsc#1233085), when using the BinaryDriver to
    unmarshal a manipulated input stream causing a Denial of
    Service due to a stack overflow.
  * Major changes
    + #350: Optimize memory allocation
    + Add a converter for the WeakHashMap which does not write any
    elements of the map. Avoids also access to the ReentrantLock
    contained in the WeakHashMap since Java 19.
  * Minor changes
    + #335: Allow PrettyPrintWriter to replace invalid XML
    characters when not running in quirks mode
    + #331, #326: Fix handling of empty
    java.util.concurrent.atomic.AtomicReference
    + #334: Fix remaining buffer size calculation in QuickWriter
    + #342: Optimize internal handling of children in DomReader
    avoiding O(n^2) access times for siblings
    + #349: Fix support of lambda objects for Java 21 and above
    + #359: Add KEYS file with public keys to verify signed
    artifacts.
    + Detect input manipulation in
    c.t.x.io.binary.BinaryStreamReader.
    + Use Jettison 1.5.4 by default for Java Runtimes version 8 or
    higher.
  * API changes
    + Added constant
    c.t.x.io.xml.PrettyPrintWriter.XML_1_0_REPLACEMENT.
    + Added constant
    c.t.x.io.xml.PrettyPrintWriter.XML_1_1_REPLACEMENT.
    + Added c.t.x.converters.collections.WeakHashMapConverter.
    + Protected field fieldsToOmit of
    c.t.x.mapper.ElementIgnoringMapper set to private.
    + Protected field unknownElementsToIgnore of
    c.t.x.mapper.ElementIgnoringMapper set to private.
  * Stream compatibility
    + The WeakHashMaps, that have been written with previous
    versions of XStream, can still be deserialized.
- Build against the stax:stax and stax:stax-api artifact
  and without hibernate unconditionally
- Modified patch:
  * Revert-MXParser-changes.patch
    + rediff

- Use %patch -P N instead of deprecated %patchN.

- Build with source/target 8 with java 18+

- Reproducible builds: use SOURCE_DATE_EPOCH for timestamp

- Make dependency on bea-stax optional and disable it by default
zypper
- API refactoring. Prevent zypper from using now private libzypp
  symbols (bsc#1230267)
- BuildRequires:  libzypp-devel >= 17.35.10.
- Fix wrong numbers used in CommitSummary skipped/failed messages.
- version 1.14.77

- Show rpm install size before installing (bsc#1224771)
  If filesystem snapshots are taken before the installation (e.g.
  by snapper) no disk space is freed by removing old packages. In
  this case the install size of all packages is a hint how much
  additional disk space is needed by the new packages static
  content.
- version 1.14.76

- Fix readline setup to handle Ctrl-C and Ctrl-D corrrectly
  (bsc#1227205)
- version 1.14.75

- Let_readline_abort_on_Ctrl-C (bsc#1226493)
- packages: add '--system' to show @System packages (bsc#222971)
- version 1.14.74