augeas
- add augeas-sysctl_parsing.patch (bsc#1197443)
  * backport original patch and rebase
azure-cli
- Update in SLE-15 (bsc#1189411, bsc#1191482)
- Add missing python-rpm-macros to BuildRequires
  + Version 2.17.1
  + For detailed information about changes see the
    HISTORY.rst file provided with this package
- Update Requires from setup.py
- New upstream release
azure-cli-core
- Update in SLE-15 (bsc#1189411, bsc#1191482)
- Fix regression in patch to disable update check (bsc#1192671)
  + acc_disable-update-check.patch
  + Version 2.17.1
  + For detailed information about changes see the
    HISTORY.rst file provided with this package
- New upstream release
binutils
- For building shim 15.6~rc1 (and later versions) aarch64 image, objcopy
  needs to support efi-app-aarch64 target. (bsc#1198458)
  Adds binutils-add-efi-aarch64-1.diff,
  binutils-add-efi-aarch64-2.diff, binutils-add-efi-aarch64-3.diff .
- Add binutils-fix-keepdebug.diff for fix bsc#1191908, a problem
  in crash not accepting some of our .ko.debug files.
- Add binutils-revert-rela.diff to revert back to old behaviour
  of not ignoring the in-section content of to be relocated
  fields on x86-64, even though that's a RELA architecture.
  Compatibility with buggy object files generated by old tools.
  [bsc#1198422]
containerd
- Update to containerd v1.6.6 to fix CVE-2022-31030 and meet the requirements
  of Docker v20.10.17-ce. bsc#1200145
- Remove upstreamed patches:
  - bsc1200145-Limit-the-response-size-of-ExecSync.patch
[ This patch was only released in SLES and Leap. ]
- Backport patch to fix GHSA-5ffw-gxpp-mxpf CVE-2022-31030. bsc#1200145
  + bsc1200145-Limit-the-response-size-of-ExecSync.patch
- Update to containerd v1.5.12. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.5.12>
- Update to containerd v1.5.11 to fix CVE-2022-24769. bsc#1197517
- Update to containerd v1.4.13 to fix CVE-2022-23648. bsc#1196441
- Remove upstreamed patch:
  - CVE-2022-23648.patch
[ This patch was only released in SLES and Leap. ]
cups
- cups-2.2.7-CVE-2022-26691.patch fixes CVE-2022-26691
  cups: authentication bypass and code execution (bsc#1199474)
- SUSE_bsc_1189517.patch is
  https://github.com/apple/cups/commit/821b3cc956d46b811facd50986acc9f24f0e1c79
  which belongs to https://github.com/apple/cups/issues/5288
  that fixes bsc#1189517
  "/cups printservice takes much longer than before
  with a big number of printers"/
  see in particular
  https://github.com/apple/cups/issues/5288#issuecomment-921626381
- SUSE_bsc_1195115.patch is
  https://github.com/apple/cups/commit/ba9d68cc7467a7a47ef219071902b9e9eb6dbc44
  which belongs to https://github.com/apple/cups/issues/5538
  that fixes bsc#1195115
  "/CUPS PreserveJobHistory doesn't work with seconds"/
dhcp
- bsc#1198657: properly handle DHCRELAY(6)_OPTIONS.
docker
- Update to Docker 20.10.17-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/#201017>. bsc#1200145
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
  * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
- Add patch to update golang.org/x/crypto for CVE-2021-43565 and CVE-2022-27191.
  bsc#1193930 bsc#1197284
  * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
- Update to Docker 20.10.14-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/#201014>. bsc#1197517
  CVE-2022-24769
dracut
- fix kernel name parsing in purge-kernels script (bsc#1199453)
- 95nfs: fix nfsroot option parsing (bsc#1003872)
  * add 0631-nfsroot-follow-ifcfg-settings-for-boot-protocol.patch
  * add 0632-95nfs-look-in-nfs-mount-options-for-nfs-server-ip-bs.patch
- fix(shutdown): add timeout to umount calls (bsc#1178219)
  * add 0629-shutdown-sleep-a-little-if-a-process-was-killed.patch
  * add 0630-fix-shutdown-add-timeout-to-umount-calls.patch
- fix setup errors in net-lib.sh due to premature did-setup in ifup.sh
  (bsc#1175102)
  * add 0628-ifup.sh-fix-did-setup-logic-and-dhcp-return-value.patch
e2fsprogs
- libext2fs-add-sanity-check-to-extent-manipulation.patch: libext2fs: add
  sanity check to extent manipulation (bsc#1198446 CVE-2022-1304)
gcc11
- Update to the GCC 11.3.0 release.
  * includes SLS hardening backport on x86_64.  [bsc#1195283]
- Update to gcc-11 branch head (691af15031e00227ba6d5935c), git1635
  * includes gcc11-pr104931.patch
  * includes fix for Firefox ICE  [gcc#105256]
- Add provides/conflicts to glibc crosses since only one GCC version
  for the same target can be installed at the same time.
- Add provides/conflicts to libgccjit.
- Update to gcc-11 branch head (6a1150d1524aeda3381b21717), git1406
  * includes change to adjust gnats idea of the target, fixing
    the build of gprbuild.  [bsc#1196861]
- Add gcc11-pr104931.patch to fix miscompile of embedded premake
  in 0ad on i586.  [bsc#1197065]
- drop armv5tel, merge arm and armv6hl
- use --with-cpu rather than specifying --with-arch/--with-tune
  to Recoomends.
- Remove sys/rseq.h from include-fixed
- Update to gcc-11 branch head (d4a1d3c4b377f1d4acb), git1173
  * Fix D memory corruption in -M output.
  * Fix ICE in is_this_parameter with coroutines.  [boo#1193659]
- Enable the cross compilers also on i586
- Enable some cross compilers also in rings
- Remove cross compilers for i386 target
- Update to gcc-11 branch head (7510c23c1ec53aa4a62705f03), git1018
  * fixes issue with debug dumping together with -o /dev/null
  * fixes libgccjit issue showing up in emacs build  [boo#1192951]
- Package mwaitintrin.h
- Remove spurious exit from change_spec.
- Enable the full cross compiler, cross-aarch64-gcc11 and
  cross-riscv64-gcc11 now provide a fully hosted C (and C++)
  cross compiler, not just a freestanding one.  I.e. with a cross
  glibc.  They don't yet support the sanitizer libraries.
  Part of [jsc#OBS-124].
gcc8
- Add gcc7-sanitizer-cyclades.patch, gcc8-pr100144.patch and
  gcc8-pr92154.patch to fix build against SP4.  [bsc#1197716]
- Remove bogus fixed include bits/statx.h from glibc 2.30.
  [gcc#91085, bsc#1197716]
grep
- Make profiling deterministic (bsc#1040589, SLE-24115)
grub2
- Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)
  * 0001-video-Remove-trailing-whitespaces.patch
  * 0002-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch
  * 0003-video-readers-jpeg-Catch-files-with-unsupported-quan.patch
  * 0004-video-readers-jpeg-Catch-OOB-reads-writes-in-grub_jp.patch
  * 0005-video-readers-jpeg-Don-t-decode-data-before-start-of.patch
  * 0006-misc-Format-string-for-grub_error-should-be-a-litera.patch
  * 0007-loader-efi-chainloader-Simplify-the-loader-state.patch
  * 0008-commands-boot-Add-API-to-pass-context-to-loader.patch
- Fix CVE-2022-28736 (bsc#1198496)
  * 0009-loader-efi-chainloader-Use-grub_loader_set_ex.patch
  * 0010-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch
  * 0011-video-readers-png-Abort-sooner-if-a-read-operation-f.patch
  * 0012-video-readers-png-Refuse-to-handle-multiple-image-he.patch
- Fix CVE-2021-3695 (bsc#1191184)
  * 0013-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
- Fix CVE-2021-3696 (bsc#1191185)
  * 0014-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch
  * 0015-video-readers-png-Sanity-check-some-huffman-codes.patch
  * 0016-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
  * 0017-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch
  * 0018-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
- Fix CVE-2021-3697 (bsc#1191186)
  * 0019-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch
  * 0020-normal-charset-Fix-array-out-of-bounds-formatting-un.patch
- Fix CVE-2022-28733 (bsc#1198460)
  * 0021-net-ip-Do-IP-fragment-maths-safely.patch
  * 0022-net-netbuff-Block-overly-large-netbuff-allocs.patch
  * 0023-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch
  * 0024-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch
  * 0025-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch
  * 0026-net-tftp-Avoid-a-trivial-UAF.patch
  * 0027-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch
- Fix CVE-2022-28734 (bsc#1198493)
  * 0028-net-http-Fix-OOB-write-for-split-http-headers.patch
- Fix CVE-2022-28734 (bsc#1198493)
  * 0029-net-http-Error-out-on-headers-with-LF-without-CR.patch
  * 0030-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch
  * 0031-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch
  * 0032-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch
  * 0033-Use-grub_loader_set_ex-for-secureboot-chainloader.patch
- Update SBAT security contact (boo#1193282)
- Bump grub's SBAT generation to 2
gzip
- Add hardening for zgrep (CVE-2022-1271, bsc#1198062)
  * bsc1198062-2.patch
kernel-default
- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 8d500b6
- CVE Mitigation for CVE-2022-29900 and CVE-2022-29901
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 990c27e
- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 88cae65
- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 49afa38
- x86/common: Stamp out the stepping madness (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit d58a5f9
- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 9d772ad
- x86/speculation: Use cached host SPEC_CTRL value for guest
  entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 9aba172
- x86/speculation: Fix SPEC_CTRL write on SMT state change
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit c4b1320
- x86/speculation: Fix firmware entry SPEC_CTRL handling
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 332556a
- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit ea6a39c
- x86/bugs: Do IBPB fallback check only once (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 706af70
- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 950f542
- intel_idle: Disable IBRS during long idle (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 27f8099
- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 7e307c4
- x86/bugs: Split spectre_v2_select_mitigation() and
  spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 5046541
- x86/speculation: Add spectre_v2=ibrs option to support Kernel
  IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit fa5358c
- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit d3f062a
- x86/entry: Add kernel IBRS implementation (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 8f092e0
- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit b6e5484
- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit b304339
- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- Update config files.
- commit c646fc1
- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 5f29932
- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit f342d5f
- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit a59060d
- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 76624c2
- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit d794a09
- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 0fb27b4
- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 0c72f74
- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit eb2a592
- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 613a553
- x86: Add straight-line-speculation mitigation (bsc#1201050
  CVE-2021-26341).
- Update config files.
- Refresh
  patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch.
- commit 174d972
- x86: Prepare inline-asm for straight-line-speculation
  (bsc#1201050 CVE-2021-26341).
- commit d7ff49d
- x86: Prepare asm files for straight-line-speculation
  (bsc#1201050 CVE-2021-26341).
- commit 54330c9
- x86/lib/atomic64_386_32: Rename things (bsc#1201050
  CVE-2021-26341).
- commit 69fe20b
- net: Rename and export copy_skb_header (bsc#1200762,
  CVE-2022-33741, XSA-403).
- commit 5e3ad99
- net: rose: fix UAF bugs caused by timer handler (CVE-2022-2318
  bsc#1201251).
- commit 6ad5c1f
- xen/netfront: force data bouncing when backend is untrusted
  (bsc#1200762, CVE-2022-33741, XSA-403).
- commit 459e62a
- xen/netfront: fix leaking data in shared pages (bsc#1200762,
  CVE-2022-33740, XSA-403).
- commit b225a00
- xen/blkfront: force data bouncing when backend is untrusted
  (bsc#1200762, CVE-2022-33742, XSA-403).
- commit 8bcc9cd
- xen/blkfront: fix leaking data in shared pages (bsc#1200762,
  CVE-2022-26365, XSA-403).
- commit f3412de
- sctp: handle kABI change in struct sctp_endpoint (CVE-2022-20154
  bsc#1200599).
- commit c46afe6
- sctp: use call_rcu to free endpoint (CVE-2022-20154 bsc#1200599).
- commit 3cb182d
- ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (CVE-2022-1679
  bsc#1199487).
- commit 2c5abda
- exec: Force single empty string when argv is empty
  (bsc#1200571).
- commit 4ee3bdd
- HID: holtek: fix mouse probing (CVE-2022-20132 bsc#1200619).
- HID: add USB_HID dependancy to hid-prodikeys (CVE-2022-20132
  bsc#1200619).
- HID: add USB_HID dependancy to hid-chicony (CVE-2022-20132
  bsc#1200619).
- HID: add USB_HID dependancy on some USB HID drivers
  (CVE-2022-20132 bsc#1200619).
- HID: check for valid USB device for many HID drivers
  (CVE-2022-20132 bsc#1200619).
- HID: add hid_is_usb() function to make it simpler for USB
  detection (CVE-2022-20132 bsc#1200619).
- HID: introduce hid_is_using_ll_driver (CVE-2022-20132
  bsc#1200619).
- commit fb86cdd
- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1200604
  CVE-2022-20141).
- commit 5040a6d
- floppy: disable FDRAWCMD by default (bsc#1198866 CVE-2022-1836).
- Update config files.
- commit 9af4e3a
- add mainline tag for a pci-hyperv change
- commit ec21422
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- commit 996513e
- certs: Add EFI_CERT_X509_GUID support for dbx entries
  (bsc#1177282 CVE-2020-26541).
- Update config files.
- commit 8948ca7
- NFC: netlink: fix sleep in atomic bug when firmware download
  timeout (CVE-2022-1975 bsc#1200143).
- commit a8211d8
- nfc: replace improper check device_is_registered() in netlink
  related functions (CVE-2022-1974 bsc#1200144).
- commit d539b18
- KVM: x86/speculation: Disable Fill buffer clear within guests
  (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123
  CVE-2022-21125 CVE-2022-21180).
- x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations
  (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123
  CVE-2022-21125 CVE-2022-21180).
- x86/speculation: Add a common function for MD_CLEAR mitigation
  update (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123
  CVE-2022-21125 CVE-2022-21180).
- x86/speculation/mmio: Add mitigation for Processor MMIO Stale
  Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123
  CVE-2022-21125 CVE-2022-21180).
- x86/speculation/mmio: Add sysfs reporting for Processor
  MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127
  CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
  (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123
  CVE-2022-21125 CVE-2022-21180).
- x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug
  (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123
  CVE-2022-21125 CVE-2022-21180).
- x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
  (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123
  CVE-2022-21125 CVE-2022-21180).
- x86/speculation/srbds: Update SRBDS mitigation selection
  (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123
  CVE-2022-21125 CVE-2022-21180).
- Refresh
  patches.suse/powerpc-64s-flush-L1D-after-user-accesses.patch.
- Refresh
  patches.suse/powerpc-64s-flush-L1D-on-kernel-entry.patch.
- commit ce3858c
- btrfs: extent-tree: kill the BUG_ON() in
  insert_inline_extent_backref() (CVE-2019-19377 bsc#1158266).
- commit 7762823
- btrfs: extent-tree: kill BUG_ON() in  __btrfs_free_extent()
  (CVE-2019-19377 bsc#1158266).
- commit fa0dbe1
- perf: Fix sys_perf_event_open() race against self
  (CVE-2022-1729, bsc#1199507).
- commit fc77f1c
- ext4: avoid cycles in directory h-tree (bsc#1198577
  CVE-2022-1184).
- commit ec51c1b
- ext4: verify dir block before splitting it (bsc#1198577
  CVE-2022-1184).
- commit 97bfb10
- debug: Lock down kgdb (bsc#1199426 CVE-2022-21499).
- commit 1cd17a0
- Update patch reference for ACPI fix (CVE-2017-13695 bsc#1055710)
- commit e74f546
- floppy: use a statically allocated error counter (bsc#1199063
  CVE-2022-1652).
- commit 7173277
- nfc: nfcmrvl: main: reorder destructive operations in
  nfcmrvl_nci_unregister_dev to avoid bugs (CVE-2022-1734
  bsc#1199605).
- commit d9ccce0
- btrfs: relocation: Only remove reloc rb_trees if reloc  control
  has been initialized (bsc#1199399).
- commit d95d9f9
- bpf: fix panic due to oob in bpf_prog_test_run_skb (bsc#1197219,
  CVE-2021-39711).
- commit 51bae76
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on
  PTRACE_SEIZE (CVE-2022-30594 bsc#1199505 bsc#1198413).
- commit 26d8e0b
- NFSv4: nfs_atomic_open() can race when looking up a non-regular
  file (bsc#1195612 CVE-2022-24448).
- commit dd7b1a9
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
- commit 8ae9239
- Fix kernel-vanilla build issue
  Fix:
  [  315s]   CC [M]  fs/fat/namei_vfat.o
  [  315s]   CC      kernel/elfcore.o
  [  315s] ../scripts/Makefile.build:302: recipe for target 'kernel/elfcore.o' failed
  [  315s] Cannot find symbol for section 1: .text.
  [  315s] kernel/elfcore.o: failed
  [  315s] make[3]: *** [kernel/elfcore.o] Error 1
  due to toolchain updates and the patch missing in the vanilla flavor. So
  move it there.
- commit 23d6a8f
-  series.conf: cleanup
  - Move submitted patch to "/sorted"/ section
    patches.suse/0001-SUNRPC-change-locking-for-xs_swap_enable-disable.patch
- commit be6432c
- ixgbevf: add disable link state (bsc#1196426 CVE-2021-33061).
- ixgbe: add improvement for MDD response functionality
  (bsc#1196426 CVE-2021-33061).
- ixgbe: add the ability for the PF to disable VF link state
  (bsc#1196426 CVE-2021-33061).
- commit 7ca9841
- net: mana: Remove unnecessary check of cqe_type in
  mana_process_rx_cqe() (bsc#1195651).
- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
- net: mana: Reuse XDP dropped page (bsc#1195651).
- net: mana: Add counter for XDP_TX (bsc#1195651).
- net: mana: Add counter for packet dropped by XDP (bsc#1195651).
- net: mana: Use struct_size() helper in
  mana_gd_create_dma_region() (bsc#1195651).
- commit 6d129df
- net/x25: Fix null-ptr-deref caused by x25_disconnect
  (CVE-2022-1516 bsc#1199012).
- commit 70361a9
- net: ena: Extract recurring driver reset code into a function
  (bsc#1198777).
- net: ena: Change the name of bad_csum variable (bsc#1198777).
- net: ena: Add debug prints for invalid req_id resets
  (bsc#1198777).
- net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198777).
- net: ena: Move reset completion print to the reset function
  (bsc#1198777).
- net: ena: Remove redundant return code check (bsc#1198777).
- net: ena: Change ENI stats support check to use capabilities
  field (bsc#1198777).
- net: ena: Add capabilities field with support for ENI stats
  capability (bsc#1198777).
- net: ena: Change return value of ena_calc_io_queue_size()
  to void (bsc#1198777).
- net: ena: Fix error handling when calculating max IO queues
  number (bsc#1198777).
- net: ena: Fix wrong rx request id by resetting device
  (bsc#1198777).
- net: ena: Fix undefined state when tx request id is out of
  bounds (bsc#1198777).
- ena: Remove rcu_read_lock() around XDP program invocation
  (bsc#1198777).
- net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198777).
- net: ena: re-organize code to improve readability (bsc#1198777).
- net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198777).
- net: ena: aggregate doorbell common operations into a function
  (bsc#1198777).
- net: ena: Remove module param and change message severity
  (bsc#1198777).
- net: ena: add jiffies of last napi call to stats (bsc#1198777).
- net: ena: use build_skb() in RX path (bsc#1198777).
- net: ena: Improve error logging in driver (bsc#1198777).
- net: ena: Remove unused code (bsc#1198777).
- net: ena: optimize data access in fast-path code (bsc#1198777).
- net: ena: fix DMA mapping function issues in XDP (bsc#1198777).
- net: ena: remove extra words from comments (bsc#1198777).
- net: ena: fix inaccurate print type (bsc#1198777).
- ethernet: amazon: ena: A typo fix in the file ena_com.h
  (bsc#1198777).
- net: ena: Update XDP verdict upon failure (bsc#1198777).
- net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT
  (bsc#1198777).
- net: ena: use xdp_return_frame() to free xdp frames
  (bsc#1198777).
- net: ena: introduce XDP redirect implementation (bsc#1198777).
- net: ena: use xdp_frame in XDP TX flow (bsc#1198777).
- net: ena: aggregate stats increase into a function
  (bsc#1198777).
- net: ena: fix coding style nits (bsc#1198777).
- net: ena: store values in their appropriate variables types
  (bsc#1198777).
- net: ena: add device distinct log prefix to files (bsc#1198777).
- net: ena: use constant value for net_device allocation
  (bsc#1198777).
- commit 88bd8e8
- net: ena: Use pci_sriov_configure_simple() to enable VFs
  (bsc#1198777).
- Refresh
  patches.suse/net-ena-add-pci-shutdown-handler-to-allow-safe-kexec.patch.
- commit f6aa8e4
- ovl: fix missing negative dentry check in ovl_rename()
  (CVE-2021-20321 bsc#1191647).
- commit 3e23b63
- SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
- commit b075c9d
- scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
  (bsc#1028340 bsc#1198825).
- commit 539ea3d
- net-sysfs: call dev_hold if kobject_init_and_add success
  (CVE-2019-20811 bsc#1172456).
- commit 5de8a61
- Update
  patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
  (bsc#1196018 CVE-2022-28748).
- commit 25ea790
- Update
  patches.suse/floppy-Do-not-copy-a-kernel-pointer-to-user-memory-i.patch
  (bsc#1051510 bsc#1084513 CVE-2018-7755).
- commit 371ca37
- drm/vmwgfx: Fix stale file descriptors on failed usercopy
  (CVE-2022-22942 bsc#1195065).
- commit 05bcda4
- drm/vgem: Close use-after-free race in vgem_gem_create (CVE-2022-1419 bsc#1198742)
- commit c2b5f0e
- isdn: cpai: check ctr->cnr to avoid array index out of bound
  (bsc#1191958 CVE-2021-43389).
- commit 6296574
- nfc: fix NULL ptr dereference in llcp_sock_getname() after
  failed connect (CVE-2021-38208 bsc#1187055).
- commit 54aed86
- powerpc/pseries: Fix use after free in remove_phb_dynamic()
  (bsc#1065729 bsc#1198660 ltc#197803).
- commit dfdc4e2
- af_key: add __GFP_ZERO flag for compose_sadb_supported in
  function pfkey_register (CVE-2022-1353 bsc#1198516).
- commit ffb367f
- Update
  patches.suse/x86-pm-save-the-msr-validity-status-at-context-setup.patch
  (bsc#1198400).
- Update
  patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch
  (bsc#1198400).
- commit b81f481
- drm/ttm/nouveau: don't call tt destroy callback on alloc failure
  (CVE-2021-20292 bsc#1183723).
- commit f1a5fa2
- x86/speculation: Restore speculation related MSRs during S3
  resume (bsc#1114648).
- commit 46f1ca5
- fuse: handle kABI change in struct fuse_req (bsc#1197343
  CVE-2022-1011).
- fuse: fix pipe buffer lifetime for direct_io (bsc#1197343
  CVE-2022-1011).
- commit e67cd7e
- x86/pm: Save the MSR validity status at context setup
  (bsc#1114648).
- commit 87c5893
- livepatch: Don't block removal of patches that are safe to
  unload (bsc#1071995).
- commit c1aba4b
- fix parallelism for rpc tasks (bsc#1197663).
- Make the xprtiod workqueue unbounded (bsc#1197663).
- commit 179a9b9
- Refresh
  patches.suse/net-sched-use-Qdisc-rcu-API-instead-of-relying-on-rt.patch.
  Fix missplaced qdisc_put()
- commit 883b3be
- powerpc/64: Fix kernel stack 16-byte alignment (bsc#1196999
  ltc#196609S git-fixes).
- commit d50eef3
- powerpc/64: Interrupts save PPR on stack rather than
  thread_struct (bsc#1196999 ltc#196609).
- commit 6b0ae7c
- pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
  (git-fixes CVE-2021-4157 bnc#1194013).
- commit 957ab2c
- powerpc/pseries: extract host bridge from pci_bus prior to
  bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803).
- commit 1c27431
libpsl
- fix [bsc#1197771] - FTBFS: libpsl won't compile on SP4
- added patches
  https://github.com/rockdaboot/libpsl/commit/f364cea73e351ce62e0b337fd1fbc21e70b52d56
  + libpsl-fix-test-data.patch
libxml2
- Security fix: [bsc#1199132, CVE-2022-29824]
  * Integer overflow leading to out-of-bounds write in buf.c
    (xmlBuf*) and tree.c (xmlBuffer*)
  * Add libxml2-CVE-2022-29824.patch
- Security fix: [bsc#1196490, CVE-2022-23308]
  * Use-after-free of ID and IDREF attributes.
  * Add libxml2-CVE-2022-23308.patch
  * Add libxml2-CVE-2021-3541.patch
openldap2
- bsc#1199240 - CVE-2022-29155 - Resolve sql injection in back-sql
  * 0242-ITS-9815-slapd-sql-escape-filter-values.patch
- bsc#1191157 - Correct version specification in ppolicy to allow
  submission to SP3 for TLS1.3
- bsc#1191157 - allow specification of max/min TLS version with TLS1.3
  * 0239-ITS-9422-Update-for-TLS-v1.3.patch
  * 0240-ITS-9518-add-LDAP_OPT_X_TLS_PROTOCOL_MAX-option.patch
  * 0241-TLS-set-protocol-version.patch
- bsc#1197004 - libldap was able to be out of step with openldap in
  some cases which could cause incorrect installations and symbol
  resolution failures. openldap2 and libldap now are locked to their
  related release versions.
- jsc#PM-3288 - restore CLDAP functionality in CLI tools
openssl-1_1
- Encrypt the sixteen bytes that were unencrypted in some circumstances
  on 32-bit x86 platforms.
  * [bsc#1201099, CVE-2022-2097]
  * added openssl-CVE-2022-2097.patch
- Added	openssl-1_1-Fix-file-operations-in-c_rehash.patch
  * bsc#1200550
  * CVE-2022-2068
  * Fixed more shell code injection issues in c_rehash
- Added openssl-update_expired_certificates.patch
  * Openssl failed tests because of expired certificates.
  * bsc#1185637
  * Sourced from https://github.com/openssl/openssl/pull/18446/commits
- Security fix: [bsc#1199166, CVE-2022-1292]
  * Added: openssl-CVE-2022-1292.patch
  * properly sanitise shell metacharacters in c_rehash script.
p11-kit
- CVE-2020-29362: Fixed a 4 byte overread (bsc#1180065)
  Added p11-kit-CVE-2020-29362.patch:
pam
- Do not include obsolete libselinux header files flask.h and
  av_permissions.h.
  [bsc#1197794, pam-bsc1197794-do-not-include-obsolete-header-files.patch]
pam-modules
- Do not include <selinux/flask.h> it does not exist any more in
  newer libselinux versions and is not required in older ones.
  [bsc#1197795, pam-bsc1197795-do-not-include-obsolete-header-files.patch]
pcre
- Added pcre-8.45-bsc1199232-unicode-property-matching.patch
  * bsc#1199232
  * CVE-2022-1586
  * Fixes unicode property matching issue
pcre2
- Added pcre2-10.31-bsc1199232-unicode-property-matching.patch
  * bsc#1199232 / CVE-2022-1586
  * Fixes unicode property matching issue
perl-XML-LibXML
- (bsc#1197798) FTBFS: compile against latest version available of
  libxml in SP4 so perl-XML-LibXSLT compiles cleanly.
python-PyJWT
- Add CVE-2022-29217-non-blocked-pubkeys.patch fixing
  CVE-2022-29217 (bsc#1199756), which disallows use of blocked
  pubkeys (heavily modified from upstream).
python-azure-agent
- Add reset-dhcp-deprovision.patch (bsc#1198258)
  + Reset the dhcp config when deprovisioning and instance to ensure
    instances from aVM image created from that instance send host information
    to the DHCP server.
python-azure-batch
- Update in SLE-15 (bsc#1189411, bsc#1191482)
- New upstream release
  + Version 10.0.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
python-azure-core
- Update in SLE-15 (bsc#1189411, bsc#1191482)
- New upstream release
  + Version 1.22.1
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- New upstream release
  + Version 1.22.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- New upstream release
  + Version 1.21.1
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- New upstream release
  + Version 1.21.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- New upstream release
  + Version 1.20.1
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- New upstream release
  + Version 1.20.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- New upstream release
  + Version 1.19.1
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- New upstream release
  + Version 1.19.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- New upstream release
  + Version 1.18.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- New upstream release
  + Version 1.17.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- New upstream release
  + Version 1.16.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- New upstream release
  + Version 1.15.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- New upstream release (bsc#1185854)
  + Version 1.14.0b1
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- Remove temporary version override
- New upstream release
  + Version 1.13.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- Temporarily override package version to 1.13.0.0 to allow
  upgrades from the previous 1.13.0b1 version
- New upstream release
  + Version 1.13.0b1
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- New upstream release
  + Version 1.11.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- Update Requires from setup.py
- New upstream release
  + Version 1.10.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
python-azure-mgmt-compute
- Update in SLE-15 (bsc#1189411, bsc#1191482)
  + Version 18.0.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- New upstream release
  + Version 17.0.0
python-azure-mgmt-containerregistry
- Update in SLE-15 (bsc#1189411, bsc#1191482)
- New upstream release
  + Version 3.0.0rc16
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
python-azure-mgmt-network
- Update in SLE-15 (bsc#1189411, bsc#1191482)
- New upstream release
  + Version 17.0.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
python-azure-mgmt-security
- Update in SLE-15 (bsc#1189411, bsc#1191482)
  + Version 0.6.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- New upstream release
python-azure-sdk
- Clean up the list of packages included
  + Do not include indirect dependencies
  + Do not include packages from PackageHub
  + Only include packages that are built for Python2 and Python3
- Update in SLE-15 (bsc#1189411, bsc#1191482)
- Add additional packages from the Azure SDK to Requires
  + python-azure-ai-formrecognizer
  + python-azure-synapse-managedprivateendpoints
  + python-azure-synapse-monitoring
  + python-azure-template
- Remove all version constraints in Requires
python-dnspython

      
python-msrest
- Update in SLE-15 (bsc#1189411, bsc#1191482)
- New upstream release
  + Version 0.6.21
  + For detailed information about changes see the
    README.rst file provided with this package
python3
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
  CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
  command injection in the mailcap module.
- Rename support-expat-245.patch to
  support-expat-CVE-2022-25236-patched.patch to unify the patch
  with other packages.
- Add bpo-46623-skip-zlib-s390x.patch skipping two failing tests
  on s390x.
- Update bundled pip wheel to the latest SLE version patched
  against bsc#1186819 (CVE-2021-3572).
- Add patch support-expat-245.patch:
  * Support Expat >= 2.4.5
- Rename 22198.patch into more descriptive remove-sphinx40-warning.patch.
- Don't use appstream-glib on SLE-12.
- Use Python 2-based Sphinx on SLE-12.
- No documentation on SLE-12.
- Add skip_SSL_tests.patch skipping tests because of patched
  OpenSSL (bpo#9425).
- Don't use appstream-glib on SLE-12.
- Use Python 2-based Sphinx on SLE-12.
- No documentation on SLE-12.
- Add skip_SSL_tests.patch skipping tests because of patched
  OpenSSL (bpo#9425).
- Don't use OpenSSL 1.1 on platforms which don't have it.
- Remove shebangs from from python-base libraries in _libdir
  (bsc#1193179, bsc#1192249).
- Readjust patches:
  - bpo-31046_ensurepip_honours_prefix.patch
  - decimal.patch
  - python-3.3.0b1-fix_date_time_compiler.patch
- build against openssl 1.1 as it is incompatible with openssl 3.0+  (bsc#1190566)
- 0001-allow-for-reproducible-builds-of-python-packages.patch: ignore
  permission error when changing the mtime of the source file in presence
  of SOURCE_DATE_EPOCH
  - CVE-2021-3733-ReDoS-urllib-AbstractBasicAuthHandler.patch
- Remove merged patch CVE-2020-8492-urllib-ReDoS.patch and
  CRLF_injection_via_host_part.patch.
regionServiceClientConfigAzure
- Update to version 2.0.0 (bsc#1199668)
  + Move the certs to /usr from /var to accomodate ro filesystem of
    SLE-Micro
  + Fix source url in spec file
rsyslog
- (CVE-2022-24903) fix potential heap buffer overflow in modules for TCP
  syslog reception (bsc#1199061)
  * add CVE-2022-24903.patch
runc
- Update to runc v1.1.3. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.3.
  (Includes a fix for bsc#1200088.)
  * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on
    s390 and s390x. This solves the issue where syscalls the host kernel did not
    support would return `-EPERM` despite the existence of the `-ENOSYS` stub
    code (this was due to how s390x does syscall multiplexing).
  * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as
    intended; this fix does not affect runc binary itself but is important for
    libcontainer users such as Kubernetes.
  * Inability to compile with recent clang due to an issue with duplicate
    constants in libseccomp-golang.
  * When using systemd cgroup driver, skip adding device paths that don't exist,
    to stop systemd from emitting warnings about those paths.
  * Socket activation was failing when more than 3 sockets were used.
  * Various CI fixes.
  * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container.
  * runc static binaries are now linked against libseccomp v2.5.4.
- Remove upstreamed patches:
  - bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch
- Backport <https://github.com/opencontainers/runc/pull/3474> to fix issues
  with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by
  that platform's syscall multiplexing semantics. bsc#1192051 bsc#1199565
  + bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch
- Add ExcludeArch for s390 (not s390x) since we've never supported it.
- Update to runc v1.1.2. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.2.
  CVE-2022-29162 bsc#1199460
  * A bug was found in runc where runc exec --cap executed processes with
    non-empty inheritable Linux process capabilities, creating an atypical Linux
    environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and
    CVE-2022-29162. bsc#1199460
  * `runc spec` no longer sets any inheritable capabilities in the created
    example OCI spec (`config.json`) file.
- Update to runc v1.1.1. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.1.
  * runc run/start can now run a container with read-only /dev in OCI spec,
    rather than error out. (#3355)
  * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403)
    libcontainer systemd v2 manager no longer errors out if one of the files
    listed in /sys/kernel/cgroup/delegate do not exist in container's
    cgroup. (#3387, #3404)
  * Loosen OCI spec validation to avoid bogus "/Intel RDT is not supported"/
    error. (#3406)
  * libcontainer/cgroups no longer panics in cgroup v1 managers if stat
    of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435)
- Update to runc v1.1.0. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.0.
  - libcontainer will now refuse to build without the nsenter package being
    correctly compiled (specifically this requires CGO to be enabled). This
    should avoid folks accidentally creating broken runc binaries (and
    incorrectly importing our internal libraries into their projects). (#3331)
- Update to runc v1.1.0~rc1. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1.
  + Add support for RDMA cgroup added in Linux 4.11.
  * runc exec now produces exit code of 255 when the exec failed.
    This may help in distinguishing between runc exec failures
    (such as invalid options, non-running container or non-existent
    binary etc.) and failures of the command being executed.
  + runc run: new --keep option to skip removal exited containers artefacts.
    This might be useful to check the state (e.g. of cgroup controllers) after
    the container hasexited.
  + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD
    (the latter is just an alias for SCMP_ACT_KILL).
  + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows
    users to create sophisticated seccomp filters where syscalls can be
    efficiently emulated by privileged processes on the host.
  + checkpoint/restore: add an option (--lsm-mount-context) to set
    a different LSM mount context on restore.
  + intelrdt: support ClosID parameter.
  + runc exec --cgroup: an option to specify a (non-top) in-container cgroup
    to use for the process being executed.
  + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1
    machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc
    run/exec now adds the container to the appropriate cgroup under it).
  + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s
    behaviour.
  + mounts: add support for bind-mounts which are inaccessible after switching
    the user namespace. Note that this does not permit the container any
    additional access to the host filesystem, it simply allows containers to
    have bind-mounts configured for paths the user can access but have
    restrictive access control settings for other users.
  + Add support for recursive mount attributes using mount_setattr(2). These
    have the same names as the proposed mount(8) options -- just prepend r
    to the option name (such as rro).
  + Add runc features subcommand to allow runc users to detect what features
    runc has been built with. This includes critical information such as
    supported mount flags, hook names, and so on. Note that the output of this
    command is subject to change and will not be considered stable until runc
    1.2 at the earliest. The runtime-spec specification for this feature is
    being developed in opencontainers/runtime-spec#1130.
  * system: improve performance of /proc/$pid/stat parsing.
  * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change
    the ownership of certain cgroup control files (as per
    /sys/kernel/cgroup/delegate) to allow for proper deferral to the container
    process.
  * runc checkpoint/restore: fixed for containers with an external bind mount
    which destination is a symlink.
  * cgroup: improve openat2 handling for cgroup directory handle hardening.
    runc delete -f now succeeds (rather than timing out) on a paused
    container.
  * runc run/start/exec now refuses a frozen cgroup (paused container in case of
    exec). Users can disable this using --ignore-paused.
- Update version data embedded in binary to correctly include the git commit of
  the release.
- Drop runc-rpmlintrc because we don't have runc-test anymore.
  bsc#1193436
salt
- Fix for CVE-2022-22967 (bsc#1200566)
- Added:
  * fix-for-cve-2022-22967-bsc-1200566.patch
- Make sure SaltCacheLoader use correct fileclient (bsc#1199149)
- Added:
  * make-sure-saltcacheloader-use-correct-fileclient-519.patch
- Update to version 3004 (jsc#SLE-24223) (jsc#SLE-23672)
  * See release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html
- Expose missing "/ansible"/ module functions in Salt 3004 (bsc#1195625)
- Fixes for Python 3.10
- Fix issues found around pre_flight_script_args
- Fix salt-call event.send with pillar or grains
- Fix exception in batch_async caused by a bad function call
- Fix print regression for yumnotify plugin
- Fix issues with salt-ssh's extra-filerefs
- Fix crash when calling manage.not_alive runners
- Added:
  * add-missing-ansible-module-functions-to-whitelist-in.patch
  * drop-serial-from-event.unpack-in-cli.batch_async.patch
  * fix-crash-when-calling-manage.not_alive-runners.patch
  * fix-issues-with-salt-ssh-s-extra-filerefs.patch
  * fix-salt-call-event.send-call-with-grains-and-pillar.patch
  * fix-the-regression-for-yumnotify-plugin-456.patch
  * fixes-for-python-3.10-502.patch
  * prevent-shell-injection-via-pre_flight_script_args-4.patch
- Modified:
  * add-custom-suse-capabilities-as-grains.patch
  * add-environment-variable-to-know-if-yum-is-invoked-f.patch
  * add-migrated-state-and-gpg-key-management-functions-.patch
  * add-rpm_vercmp-python-library-for-version-comparison.patch
  * adds-explicit-type-cast-for-port.patch
  * async-batch-implementation.patch
  * debian-info_installed-compatibility-50453.patch
  * dnfnotify-pkgset-plugin-implementation-3002.2-450.patch
  * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch
  * do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch
  * early-feature-support-config.patch
  * enable-passing-a-unix_socket-for-mysql-returners-bsc.patch
  * enhance-openscap-module-add-xccdf_eval-call-386.patch
  * fix-bsc-1065792.patch
  * fix-exception-in-yumpkg.remove-for-not-installed-pac.patch
  * fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch
  * fix-multiple-security-issues-bsc-1197417.patch
  * fix-regression-with-depending-client.ssh-on-psutil-b.patch
  * fix-wrong-test_mod_del_repo_multiline_values-test-af.patch
  * fixes-56144-to-enable-hotadd-profile-support.patch
  * implementation-of-held-unheld-functions-for-state-pk.patch
  * implementation-of-suse_ip-execution-module-bsc-10999.patch
  * improvements-on-ansiblegate-module-354.patch
  * include-aliases-in-the-fqdns-grains.patch
  * info_installed-works-without-status-attr-now.patch
  * make-aptpkg.list_repos-compatible-on-enabled-disable.patch
  * prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch
  * prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch
  * refactor-and-improvements-for-transactional-updates-.patch
  * restore-default-behaviour-of-pkg-list-return.patch
  * return-the-expected-powerpc-os-arch-bsc-1117995.patch
  * revert-fixing-a-use-case-when-multiple-inotify-beaco.patch
  * run-salt-master-as-dedicated-salt-user.patch
  * state.apply-don-t-check-for-cached-pillar-errors.patch
  * switch-firewalld-state-to-use-change_interface.patch
  * temporary-fix-extend-the-whitelist-of-allowed-comman.patch
  * update-target-fix-for-salt-ssh-to-process-targets-li.patch
  * use-adler32-algorithm-to-compute-string-checksums.patch
  * wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch
  * x509-fixes-111.patch
  * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch
- Removed:
  * 3002-set-distro-requirement-to-oldest-supported-vers.patch
  * 3002.2-do-not-consider-skipped-targets-as-failed-for.patch
  * 3002.2-xen-spicevmc-dns-srv-records-backports-314.patch
  * accumulated-changes-from-yomi-167.patch
  * accumulated-changes-required-for-yomi-165.patch
  * add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch
  * add-all-ssh-kwargs-to-sanitize_kwargs-method-3002.2-.patch
  * add-all_versions-parameter-to-include-all-installed-.patch
  * add-almalinux-and-alibaba-cloud-linux-to-the-os-fami.patch
  * add-astra-linux-common-edition-to-the-os-family-list.patch
  * add-batch_presence_ping_timeout-and-batch_presence_p.patch
  * add-cpe_name-for-osversion-grain-parsing-u-49946.patch
  * add-docker-logout-237.patch
  * add-hold-unhold-functions.patch
  * add-missing-aarch64-to-rpm-package-architectures-405.patch
  * add-multi-file-support-and-globbing-to-the-filetree-.patch
  * add-new-custom-suse-capability-for-saltutil-state-mo.patch
  * add-patch-support-for-allow-vendor-change-option-wit.patch
  * add-pkg.services_need_restart-302.patch
  * add-saltssh-multi-version-support-across-python-inte.patch
  * add-supportconfig-module-for-remote-calls-and-saltss.patch
  * add-virt.all_capabilities.patch
  * adding-preliminary-support-for-rocky.-59682-391.patch
  * allow-extra_filerefs-as-sanitized-kwargs-for-ssh-cli.patch
  * allow-passing-kwargs-to-pkg.list_downloaded-bsc-1140.patch
  * ansiblegate-take-care-of-failed-skipped-and-unreacha.patch
  * apply-patch-from-upstream-to-support-python-3.8.patch
  * async-batch-implementation-fix-320.patch
  * avoid-traceback-when-http.query-request-cannot-be-pe.patch
  * backport-a-few-virt-prs-272.patch
  * backport-of-upstream-pr59492-to-3002.2-404.patch
  * backport-thread.is_alive-fix-390.patch
  * backport-virt-patches-from-3001-256.patch
  * batch-async-catch-exceptions-and-safety-unregister-a.patch
  * batch_async-avoid-using-fnmatch-to-match-event-217.patch
  * better-handling-of-bad-public-keys-from-minions-bsc-.patch
  * calculate-fqdns-in-parallel-to-avoid-blockings-bsc-1.patch
  * changed-imports-to-vendored-tornado.patch
  * clear-network-interface-cache-when-grains-are-reques.patch
  * do-noop-for-services-states-when-running-systemd-in-.patch
  * do-not-break-repo-files-with-multiple-line-values-on.patch
  * do-not-crash-when-there-are-ipv6-established-connect.patch
  * do-not-make-ansiblegate-to-crash-on-python3-minions.patch
  * do-not-monkey-patch-yaml-bsc-1177474.patch
  * do-not-raise-streamclosederror-traceback-but-only-lo.patch
  * don-t-call-zypper-with-more-than-one-no-refresh.patch
  * drop-wrong-mock-from-chroot-unit-test.patch
  * drop-wrong-virt-capabilities-code-after-rebasing-pat.patch
  * ensure-virt.update-stop_on_reboot-is-updated-with-it.patch
  * exclude-the-full-path-of-a-download-url-to-prevent-i.patch
  * fall-back-to-pymysql.patch
  * figure-out-python-interpreter-to-use-inside-containe.patch
  * fix-__mount_device-wrapper-254.patch
  * fix-a-test-and-some-variable-names-229.patch
  * fix-a-wrong-rebase-in-test_core.py-180.patch
  * fix-aptpkg-systemd-call-bsc-1143301.patch
  * fix-aptpkg.normalize_name-when-package-arch-is-all.patch
  * fix-async-batch-multiple-done-events.patch
  * fix-async-batch-race-conditions.patch
  * fix-batch_async-obsolete-test.patch
  * fix-cve-2020-25592-and-add-tests-bsc-1178319.patch
  * fix-error-handling-in-openscap-module-bsc-1188647-40.patch
  * fix-failing-unit-tests-for-batch-async.patch
  * fix-failing-unit-tests-for-systemd.patch
  * fix-for-log-checking-in-x509-test.patch
  * fix-for-some-cves-bsc1181550.patch
  * fix-for-temp-folder-definition-in-loader-unit-test.patch
  * fix-git_pillar-merging-across-multiple-__env__-repos.patch
  * fix-grains.test_core-unit-test-277.patch
  * fix-ipv6-scope-bsc-1108557.patch
  * fix-issue-parsing-errors-in-ansiblegate-state-module.patch
  * fix-memory-leak-produced-by-batch-async-find_jobs-me.patch
  * fix-novendorchange-option-284.patch
  * fix-onlyif-unless-when-multiple-conditions-bsc-11808.patch
  * fix-regression-on-cmd.run-when-passing-tuples-as-cmd.patch
  * fix-save-for-iptables-state-module-bsc-1185131-372.patch
  * fix-the-removed-six.itermitems-and-six.-_type-262.patch
  * fix-unit-test-for-grains-core.patch
  * fix-unit-tests-for-batch-async-after-refactor.patch
  * fix-virt.update-with-cpu-defined-263.patch
  * fix-zypper-pkg.list_pkgs-expectation-and-dpkg-mockin.patch
  * fix-zypper.list_pkgs-to-be-aligned-with-pkg-state.patch
  * fixed-bug-lvm-has-no-parttion-type.-the-scipt-later-.patch
  * fixes-cve-2018-15750-cve-2018-15751.patch
  * fixing-streamclosed-issue.patch
  * get-os_arch-also-without-rpm-package-installed.patch
  * grains-master-can-read-grains.patch
  * grains.extra-support-old-non-intel-kernels-bsc-11806.patch
  * handle-master-tops-data-when-states-are-applied-by-t.patch
  * handle-volumes-on-stopped-pools-in-virt.vm_info-373.patch
  * implement-network.fqdns-module-function-bsc-1134860-.patch
  * improve-batch_async-to-release-consumed-memory-bsc-1.patch
  * integration-of-msi-authentication-with-azurearm-clou.patch
  * invalidate-file-list-cache-when-cache-file-modified-.patch
  * loop-fix-variable-names-for-until_no_eval.patch
  * loosen-azure-sdk-dependencies-in-azurearm-cloud-driv.patch
  * make-profiles-a-package.patch
  * move-server_id-deprecation-warning-to-reduce-log-spa.patch
  * move-vendor-change-logic-to-zypper-class-355.patch
  * open-suse-3002.2-bigvm-310.patch
  * open-suse-3002.2-virt-network-311.patch
  * open-suse-3002.2-xen-grub-316.patch
  * opensuse-3000-libvirt-engine-fixes-251.patch
  * opensuse-3000-virt-defined-states-222.patch
  * opensuse-3000.2-virt-backports-236-257.patch
  * opensuse-3000.3-spacewalk-runner-parse-command-250.patch
  * option-to-en-disable-force-refresh-in-zypper-215.patch
  * parsing-epoch-out-of-version-provided-during-pkg-rem.patch
  * path-replace-functools.wraps-with-six.wraps-bsc-1177.patch
  * pkgrepo-support-python-2.7-function-call-295.patch
  * prevent-ansiblegate-unit-tests-to-fail-on-ubuntu.patch
  * prevent-command-injection-in-the-snapper-module-bsc-.patch
  * prevent-import-errors-when-running-test_btrfs-unit-t.patch
  * prevent-logging-deadlock-on-salt-api-subprocesses-bs.patch
  * prevent-race-condition-on-sigterm-for-the-minion-bsc.patch
  * prevent-systemd-run-description-issue-when-running-a.patch
  * prevent-test_mod_del_repo_multiline_values-to-fail.patch
  * provide-the-missing-features-required-for-yomi-yet-o.patch
  * python3.8-compatibility-pr-s-235.patch
  * re-adding-function-to-test-for-root.patch
  * regression-fix-of-salt-ssh-on-processing-targets-353.patch
  * reintroducing-reverted-changes.patch
  * remove-arch-from-name-when-pkg.list_pkgs-is-called-w.patch
  * remove-deprecated-usage-of-no_mock-and-no_mock_reaso.patch
  * remove-deprecated-warning-that-breaks-miniion-execut.patch
  * remove-duplicated-method-definitions-in-salt.netapi-.patch
  * remove-msgpack-1.0.0-requirement-in-the-installed-me.patch
  * remove-unnecessary-yield-causing-badyielderror-bsc-1.patch
  * remove-vendored-backports-abc-from-requirements.patch
  * remove-wrong-_parse_cpe_name-from-grains.core-452.patch
  * revert-add-patch-support-for-allow-vendor-change-opt.patch
  * sanitize-grains-loaded-from-roster_grains.json.patch
  * strip-trailing-from-repo.uri-when-comparing-repos-in.patch
  * support-config-non-root-permission-issues-fixes-u-50.patch
  * support-for-btrfs-and-xfs-in-parted-and-mkfs.patch
  * support-transactional-systems-microos-271.patch
  * templates-move-the-globals-up-to-the-environment-jin.patch
  * transactional_update-detect-recursion-in-the-executo.patch
  * transactional_update-unify-with-chroot.call.patch
  * use-current-ioloop-for-the-localclient-instance-of-b.patch
  * use-threadpool-from-multiprocessing.pool-to-avoid-le.patch
  * vendor-stateresult.patch
  * virt-adding-kernel-boot-parameters-to-libvirt-xml-55.patch
  * virt-pass-emulator-when-getting-domain-capabilities-.patch
  * virt-uefi-fix-backport-312.patch
  * virt-use-dev-kvm-to-detect-kvm-383.patch
  * virt._get_domain-don-t-raise-an-exception-if-there-i.patch
  * virt.network_update-handle-missing-ipv4-netmask-attr.patch
  * xen-disk-fixes-264.patch
  * xfs-do-not-fails-if-type-is-not-present.patch
  * zypperpkg-filter-patterns-that-start-with-dot-244.patch
- Renamed and modified:
  * 3002.2-do-not-consider-skipped-targets-as-failed-for.patch -> 3003.3-do-not-consider-skipped-targets-as-failed-for.patch
  * 3002.2-postgresql-json-support-in-pillar-424.patch -> 3003.3-postgresql-json-support-in-pillar-423.patch
  * add-salt-ssh-support-with-venv-salt-minion-3002.2-47.patch -> add-salt-ssh-support-with-venv-salt-minion-3004-493.patch
  * allow-vendor-change-option-with-zypper-313.patch -> allow-vendor-change-option-with-zypper.patch
  * fix-inspector-module-export-function-bsc-1097531-480.patch -> fix-inspector-module-export-function-bsc-1097531-481.patch
  * fix-salt-ssh-opts-poisoning-bsc-1197637-3002.2-500.patch -> fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch
  * fix-state.orchestrate_single-to-not-pass-pillar-none.patch -> state.orchestrate_single-does-not-pass-pillar-none-4.patch
  * fix-traceback.-_exc-calls-429.patch -> fix-traceback.print_exc-calls-for-test_pip_state-432.patch
  * mock-ip_addrs-in-utils-minions.py-unit-test-444.patch -> mock-ip_addrs-in-utils-minions.py-unit-test-443.patch
  * support-transactional-systems-microos-271.patch -> support-transactional-systems-microos.patch
suse-build-key
- still ship the old ptf key (was not added to documentation by mistake).
  (bsc#1198504)
systemd-presets-branding-SLE
- Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312)
vim
- Deleted patches:
  * restrict-shell-commands.patch
  * source-check-sandbox.patch
  * vim-8.0.1568-CVE-2021-3778.patch
  * vim-8.0.1568-CVE-2021-3796.patch
  * vim-8.0.1568-CVE-2021-3872.patch
  * vim-8.0.1568-CVE-2021-3927.patch
  * vim-8.0.1568-CVE-2021-3928.patch
  * vim-8.0.1568-CVE-2021-3984.patch
  * vim-8.0.1568-CVE-2021-4019.patch
  * vim-8.0.1568-CVE-2021-4193.patch
  * vim-8.0.1568-CVE-2021-46059.patch
  * vim-8.0.1568-CVE-2022-0319.patch
  * vim-8.0.1568-CVE-2022-0351.patch
  * vim-8.0.1568-CVE-2022-0361.patch
  * vim-8.0.1568-CVE-2022-0413.patch
  * vim-8.0.1568-globalvimrc.patch
- Added patches:
  * vim-8.1.0297-dump3.patch
  * vim-8.2.2411-globalvimrc.patch
  * disable-unreliable-tests-arch.patch
- Updated patches:
  * disable-unreliable-tests.patch
  * vim-7.3-filetype_changes.patch
  * vim-7.3-filetype_ftl.patch
  * vim-7.3-filetype_spec.patch
  * vim-7.3-gvimrc_fontset.patch
  * vim-7.3-help_tags.patch
  * vim-7.3-mktemp_tutor.patch
  * vim-7.3-name_vimrc.patch
  * vim-7.3-sh_is_bash.patch
  * vim-7.3-use_awk.patch
  * vim-7.4-disable_lang_no.patch
  * vim-7.4-filetype_apparmor.patch
  * vim-7.4-filetype_mine.patch
  * vim-7.4-highlight_fstab.patch
  * vim-8.0-ttytype-test.patch
  * vim-8.0.1568-defaults.patch
  * vim73-no-static-libpython.patch
- Updated to version 8.2 with patch level 5038, fixes the following problems
  * Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow
  * Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow
  * Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to
    Heap-based Buffer Overflow
  * Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to
    Heap-based Buffer Overflow
  * Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use
    After Free
  * Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open()
    in src/ex_docmd.c
  * Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to
    Heap-based Buffer Overflow
  * Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to
    Out-of-bounds Read
  * Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to
    Out-of-bounds Read
  * Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free
  * Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow
    in vim prior to 8.2.
  * Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to
    Heap-based Buffer Overflow
  * Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in
    vim prior to 8.2.
  * Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in
    init_ccline() in ex_getln.c
  * Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in
    Conda vim prior to 8.2.
  * Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow
    in skip_range
  * Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in
    append_command
  * Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in
    function cmdline_erase_chars
  * Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in
    function vim_regexec_string
  * Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in
    find_pattern_in_path
  * Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim
  * Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior
    to 8.2
  * Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior
    to 8.2
  * Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a
    .swp file to the editor's primary group, which allows local users to obtain
    sensitive information
  * Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to
    Out-of-bounds Read
  * Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow
    in vim prior to 8.2
  * Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in
    vim prior to 8.2
  * Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset
  * Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow
  * Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in
    cindent.c
  * Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior
    to 8.2.
  * Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write
  * Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read
zypp-plugin