SUSEConnect
- Update to 0.3.36
- Allow suseconnect-keepalive.service to recognize a configured proxy. (bsc#1200994)
- Remove the `WantedBy` statement from suseconnect-keepalive.service since it's only to be triggered by a systemd timer.
- SUSEConnect will now ensure that the `PROXY_ENABLED` environment variable is honored.
- Write services with ssl_verify=no when using connect with insecure
- Update to 0.3.35
- Rely on system-wide defaults for enabling the keepalive timer by systemd-presets-branding-SLE. (bsc#1200641)
- Update to 0.3.34
- Manage the `System-Token` header. The `System-Token` header as delivered by
  SCC will be stored inside of the credentials file for later use on API calls.
  This way we add system clone detection for systems using this version of SUSE
  Connect.
- Update to 0.3.33
- Add --keepalive command to send pings to SCC.
- Add service/timer to periodically call --keepalive command to make system
  information in SCC and proxies more accurate. (bsc#1196076)
binutils
- Add binutils-maxpagesize.diff for a problem on old code
  streams, where we would generate too large binaries.
- s390-pic-dso.diff: use %pB instead of %B
- SLE toolchain update of binutils.  Update to 2.39 from 2.37,
  which means obsoleting and hence removing these patches:
  binutils-add-efi-aarch64-1.diff, binutils-add-efi-aarch64-2.diff,
  binutils-add-efi-aarch64-3.diff, binutils-fix-keepdebug.diff,
  binutils-add-z16-name.diff.
  Implements [jsc#SLE-25046, jsc#PED-2029, jsc#PED-2035, jsc#PED-2033,
  jsc#PED-2030, jsc#PED-2038, jsc#PED-2032, jsc#PED-2034, jsc#PED-2031,
  jsc#SLE-25047]
- This fixes these CVEs relative to 2.37:
  [bsc#1188374, bsc#1185597] aka (GCC) PR99935 aka CVE-2021-3648
  [bsc#1193929] aka PR28694 aka CVE-2021-45078
  [bsc#1194783] aka (GCC) PR98886 aka CVE-2021-46195
  [bsc#1197592] aka (GCC) PR105039 aka CVE-2022-27943
  [bsc#1202966] aka PR29289 aka CVE-2022-38126
  [bsc#1202967] aka PR29290 aka CVE-2022-38127
  [bsc#1202969] aka CVE-2021-3826
- Add binutils-pr29482.diff for PR29482, aka CVE-2022-38533
  [bsc#1202816]
- Rebase binutils-2.39-branch.diff.gz that contains fix for PR29451.
- Add binutils-2.39-branch.diff.gz.
- Explicitly enable --enable-warn-execstack=yes and	--enable-warn-rwx-segments=yes.
- Add gprofng subpackage.
- Update to binutils 2.39:
  * The ELF linker will now generate a warning message if the stack is made
    executable.  Similarly it will warn if the output binary contains a
    segment with all three of the read, write and execute permission
    bits set.  These warnings are intended to help developers identify
    programs which might be vulnerable to attack via these executable
    memory regions.
    The warnings are enabled by default but can be disabled via a command
    line option.  It is also possible to build a linker with the warnings
    disabled, should that be necessary.
  * The ELF linker now supports a --package-metadata option that allows
    embedding a JSON payload in accordance to the Package Metadata
    specification.
  * In linker scripts it is now possible to use TYPE=<type> in an output
    section description to set the section type value.
  * The objdump program now supports coloured/colored syntax
    highlighting of its disassembler output for some architectures.
    (Currently: AVR, RiscV, s390, x86, x86_64).
  * The nm program now supports a --no-weak/-W option to make it ignore
    weak symbols.
  * The readelf and objdump programs now support a -wE option to prevent
    them from attempting to access debuginfod servers when following
    links.
  * The objcopy program's --weaken, --weaken-symbol, and
  - -weaken-symbols options now works with unique symbols as well.
- Rebase binutils-compat-old-behaviour.diff, binutils-revert-hlasm-insns.diff,
  binutils-revert-plt32-in-branches.diff and remove binutils-2.38-branch.diff.gz.
- For now use --disable-gprofng.
- Includes fixes for these CVEs:
  bnc#1142579 aka CVE-2019-1010204 aka PR23765
(Fake entry from SLE for tracking purposes:)
- For building shim 15.6~rc1 (and later versions) aarch64 image, objcopy
  needs to support efi-app-aarch64 target. (bsc#1198458)
  Adds binutils-add-efi-aarch64-1.diff,
  binutils-add-efi-aarch64-2.diff, binutils-add-efi-aarch64-3.diff .
- Use https for variosu links.
- Update binutils-2.38-branch.diff.gz (to 93054037f1e304e)
  in order to include PR29087.
- Enable multitarget build on riscv64
- On SLE15 and later, use make -Oline to synchronize configure output by
  lines
(Fake entry from SLE for tracking purposes:)
- Add binutils-fix-keepdebug.diff for fix bsc#1191908, a problem
  in crash not accepting some of our .ko.debug files.
- Renumber Sources.
- Fix ExcludeArch for ppc.
- Make multibuild utilize only the main binutils.spec file.
- Remove not needed README.First-for.SUSE.packagers, pre_checkin.sh.
- Start using _multibuild for cross binutils.
  (forward port from SLE)
- Update binutils-2.38-branch.diff.gz (to c210342d7f5) to include
  recognition of 'z16' name for 'arch14' on s390.  [bsc#1198237]
(Fake entry from SLE for tracking purposes:)
- Add binutils-add-z16-name.diff so that the now official name
  z16 for arch14 is recognized.  [bsc#1198237]
- Add usage of a SUSE_ZNOW environment variable which allows switching
  on "/-z now"/ by default using "/export SUSE_ZNOW=1"/, similar to
  the SUSE_ASNEEDED variable.  Adds binutils-znow.patch.
- Update binutils-skip-rpaths.patch: add back fix for boo#1191473,
  which got lost in the update to 2.38.
- Update binutils-2.38-branch.diff.gz in order to include PR28879.
- From Stefan Brüns <stefan.bruens@rwth-aachen.de>:
  * Install symlinks for all target specific tools on
    arm-eabi-none [bsc#1185712]
- Do not re-generate ld/ldlex.c, ld/ldgram.c, ld/ldgram.h and verify
  that corresponding flex/bison files are not modified by a patch.
- Use verbose mode for make for cross compilers.
- Make it build on SLE-11 again.
- Use verbose mode for make.
- Update to binutils 2.38:
  * elfedit: Add --output-abiversion option to update ABIVERSION.
  * Add support for the LoongArch instruction set.
  * Tools which display symbols or strings (readelf, strings, nm, objdump)
    have a new command line option which controls how unicode characters are
    handled.  By default they are treated as normal for the tool.  Using
  - -unicode=locale will display them according to the current locale.
    Using --unicode=hex will display them as hex byte values, whilst
  - -unicode=escape will display them as escape sequences.  In addition
    using --unicode=highlight will display them as unicode escape sequences
    highlighted in red (if supported by the output device).
  * readelf -r dumps RELR relative relocations now.
  * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been
    added to objcopy in order to enable UEFI development using binutils.
  * ar: Add --thin for creating thin archives. -T is a deprecated alias without
    diagnostics. In many ar implementations -T has a different meaning, as
    specified by X/Open System Interface.
  * Add support for AArch64 system registers that were missing in previous
    releases.
  * Add support for the LoongArch instruction set.
  * Add a command-line option, -muse-unaligned-vector-move, for x86 target
    to encode aligned vector move as unaligned vector move.
  * Add support for Cortex-R52+ for Arm.
  * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64.
  * Add support for Cortex-A710 for Arm.
  * Add support for Scalable Matrix Extension (SME) for AArch64.
  * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the
    assembler what to when it encoutners multibyte characters in the input.  The
    default is to allow them.  Setting the option to "/warn"/ will generate a
    warning message whenever any multibyte character is encountered.  Using the
    option to "/warn-sym-only"/ will make the assembler generate a warning whenever a
    symbol is defined containing multibyte characters.  (References to undefined
    symbols will not generate warnings).
  * Outputs of .ds.x directive and .tfloat directive with hex input from
    x86 assembler have been reduced from 12 bytes to 10 bytes to match the
    output of .tfloat directive.
  * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and
    'armv9.3-a' for -march in AArch64 GAS.
  * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a',
    'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS.
  * Add support for Intel AVX512_FP16 instructions.
  * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF
    linker to pack relative relocations in the DT_RELR section.
  * Add support for the LoongArch architecture.
  * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF
    linker to control canonical function pointers and copy relocation.
  * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE
    bytes.
- Add binutils-2.38-branch.diff.gz.
- Removed deletion of man pages as they should be properly packages
  in tarball.
- Rebased patches: aarch64-common-pagesize.patch, add-ulp-section.diff,
  binutils-bfd_h.patch, binutils-revert-nm-symversion.diff,
  binutils-revert-plt32-in-branches.diff, binutils-skip-rpaths.patch
  and binutils-compat-old-behaviour.diff.
- Enable PRU architecture for AM335x CPU (Beagle Bone Black board)
- use fdupes on datadir
- remove RPM_BUILD_ROOT usage and other cleanups
- Rebase binutils-2.37-branch.diff: fixes PR28494.
ca-certificates-mozilla
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
  Removed CAs:
  - Global Chambersign Root
  - EC-ACC
  - Network Solutions Certificate Authority
  - Staat der Nederlanden EV Root CA
  - SwissSign Platinum CA - G2
  Added CAs:
  - DIGITALSIGN GLOBAL ROOT ECDSA CA
  - DIGITALSIGN GLOBAL ROOT RSA CA
  - Security Communication ECC RootCA1
  - Security Communication RootCA3
  Changed trust:
  - TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle "/valid before nov 30 2022"/
  and it is not clear how many certs were issued for SSL middleware by TrustCor:
  - TrustCor RootCert CA-1
  - TrustCor RootCert CA-2
  - TrustCor ECA-1
  Patch: remove-trustcor.patch
cloud-regionsrv-client
- Update to version 10.0.8 (bsc#1206428)
  - Fix regression introduced by 10.0.7. When the hosts file was modified
    such that there is no empty line at the end of the file the content
    after removing the registration data does not match the content prior
    to registration. The update fixes the issue triggered by an index
    logic error.
- Guard dmidecode dependency (bsc#1206082)
- Update to version 10.0.7 (bsc#1191880, bsc#1195925, bsc#1195924)
  - Implement functionality to detect if an update server has a new cert.
    Import the new cert when it is detected.
  - Forward port fix-for-sles12-disable-ipv6.patch
- From 10.0.6 (bsc#1205089)
  - Credentials are equal when username and password are the same ignore
    other entries in the credentials file
  - Handle multiple zypper names in process table, zypper and Zypp-main
    to properly detect the running process
- Add patch to block IPv6 on SLE12 (bsc#1203382)
curl
- Security Fix: [bsc#1206309, CVE-2022-43552]
  * HTTP Proxy deny use-after-free
  * Add curl-CVE-2022-43552.patch
- Security Fix: [bsc#1204383, CVE-2022-32221]
  * POST following PUT confusion
  * Add curl-CVE-2022-32221.patch
dbus-1
- Fix a potential crash that could be triggered by an invalid signature.
  (CVE-2022-42010, bsc#1204111)
  * fix-upstream-CVE-2022-42010.patch
- Fix an out of bounds read caused by a fixed length array (CVE-2022-42011,
  bsc#1204112)
  * fix-upstream-CVE-2022-42011.patch
- A message in non-native endianness with out-of-band Unix file descriptors
  would cause a use-after-free and possible memory corruption CVE-2022-42012,
  bsc#1204113)
  * fix-upstream-CVE-2022-42012.patch
- Disable asserts (bsc#1087072)
- Refreshed patches
  * dbus-do-autolaunch.patch
  * increase-backlog.patch
  * fix-upstream-timeout-reset-2.patch
  * fix-upstream-CVE-2020-12049_2.patch
  - ------------------------------------------------------------------
dbus-1-x11
- Fix a potential crash that could be triggered by an invalid signature.
  (CVE-2022-42010, bsc#1204111)
  * fix-upstream-CVE-2022-42010.patch
- Fix an out of bounds read caused by a fixed length array (CVE-2022-42011,
  bsc#1204112)
  * fix-upstream-CVE-2022-42011.patch
- A message in non-native endianness with out-of-band Unix file descriptors
  would cause a use-after-free and possible memory corruption CVE-2022-42012,
  bsc#1204113)
  * fix-upstream-CVE-2022-42012.patch
- Disable asserts (bsc#1087072)
- Refreshed patches
  * dbus-do-autolaunch.patch
  * increase-backlog.patch
  * fix-upstream-timeout-reset-2.patch
  * fix-upstream-CVE-2020-12049_2.patch
dhcp
- bsc#1203988, CVE-2022-2928, dhcp-CVE-2022-2928.patch:
  An option refcount overflow exists in dhcpd
- bsc#1203989, CVE-2022-2929, dhcp-CVE-2022-2929.patch:
  DHCP memory leak
expat
  * (CVE-2022-43680, bsc#1204708) use-after free caused by overeager
    destruction of a shared DTD in XML_ExternalEntityParserCreate in
    out-of-memory situations
  - Added patch expat-CVE-2022-43680.patch
- Security fix:
glibc
- pop-fail-stack.patch: Assertion failure in pop_fail_stack when executing
  a malformed regexp (CVE-2015-8985, bsc#1193625, BZ #21163)
- pthread-cond-wait-stack-align.patch: x86: fix stack alignment in
  pthread_cond_[timed]wait (bsc#1196852)
gnutls
- sysrng-linux: re-open /dev/urandom every time [bsc#1204763]
  * Control the file descriptor closing method
  * Backported from c95312c5831be5418dc02a86d72bcd1eafd4c145
  * Add gnutls-re-open-dev_urandom-every-time.patch
grub2
- Fix unreadable filesystem with xfs v4 superblock (bsc#1205520)
  * 0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch
- Remove zfs modules (bsc#1205554)
  * grub-remove-zfs-modules.patch
- Security fixes and hardenings
  * 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
  * 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
- Fix CVE-2022-2601 (bsc#1205178)
  * 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch
  * 0004-font-Remove-grub_font_dup_glyph.patch
  * 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch
  * 0006-font-Fix-integer-overflow-in-BMP-index.patch
  * 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch
  * 0008-fbutil-Fix-integer-overflow.patch
- Fix CVE-2022-3775 (bsc#1205182)
  * 0009-font-Fix-an-integer-underflow-in-blit_comb.patch
  * 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
  * 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
  * 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
- Bump upstream SBAT generation to 3
- fs/xfs: add bigtime incompat feature support (bsc#1203387)
  * grub2-fs-xfs-Add-bigtime-incompat-feature-support.patch
kernel-default
- scsi: zfcp: Fix double free of FSF request when qdio send fails
  (git-fixes).
- s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing
  pavgroup (git-fixes).
- scsi: zfcp: Fix missing auto port scan and thus missing target
  ports (git-fixes).
- s390/zcore: fix race when reading from hardware system area
  (git-fixes).
- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
  (git-fixes).
- s390/lcs: fix variable dereferenced before check (git-fixes).
- s390/ctcm: fix potential memory leak (git-fixes).
- s390/ctcm: fix variable dereferenced before check (git-fixes).
- s390/module: fix loading modules with a lot of relocations
  (git-fixes).
- s390/qeth: fix deadlock during failing recovery (bsc#1206213
  LTC#200742).
- s390/qeth: Fix deadlock in remove_discipline (bsc#1206213
  LTC#200742).
- s390/pv: fix the forcing of the swiotlb (git-fixes).
- s390/cio: dont call css_wait_for_slow_path() inside a lock
  (git-fixes).
- s390/cio: Fix the "/type"/ field in s390_cio_tpi tracepoint
  (git-fixes).
- s390: appldata depends on PROC_SYSCTL (git-fixes).
- s390/cpcmd: fix inline assembly register clobbering (git-fixes).
- s390/pkey: fix paes selftest failure with paes and pkey static
  build (git-fixes).
- s390: Remove arch_has_random, arch_has_random_seed (git-fixes).
- s390/qeth: remove driver-wide workqueue (bsc#1206213
  LTC#200742).
- s390/qeth: don't defer close_dev work during recovery
  (bsc#1206213 LTC#200742).
- commit 1acccf5
- Delete and blacklist
  patches.suse/s390-qeth-use-Read-device-to-query-hypervisor-for-MA.patch.
- commit 26d92fb
- blacklist.conf: add 6f390916c4fb KVM: s390: Ensure
  kvm_arch_no_poll() is read once when blocking vCPU
- commit d8badd9
- ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
- commit 014ac33
- proc: proc_skip_spaces() shouldn't think it is working on C
  strings (CVE-2022-4378 bsc#1206207).
- proc: avoid integer type confusion in get_proc_long
  (CVE-2022-4378 bsc#1206207).
- commit 4f96478
- ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
- commit 0f3ab2f
- Delete
  patches.suse/KVM-x86-Manually-calculate-reserved-bits-when-loadin.patch
  and add it to blacklist.conf instead, as the patch breaks shadow page
  tables for KVM guests without any real other gain (bsc#1205234).
- commit afc147a
- Refresh
  patches.suse/x86-speculation-Disable-RRSBA-behavior.patch.
- Refresh
  patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch.
  Fix up after merge from cve/4.12. The patch can be closer to upstream in
  12sp5 as we have more than in the cve branch.
- commit c316a9f
- x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon
  resume from S3 (bsc#1206037).
- commit 54d8403
- xen/netback: don't call kfree_skb() with interrupts disabled
  (bsc#1206114, XSA-424, CVE-2022-42328, CVE-2022-42329).
- commit 0a9d163
- xen/netback: Ensure protocol headers don't fall in the
  non-linear area (bsc#1206113, XSA-423, CVE-2022-3643).
- commit 1430849
- cuse: prevent clone (bsc#1206120).
- fuse: don't check refcount after stealing page (bsc#1206119).
- fuse: retrieve: cap requested size to negotiated max_write
  (bsc#1206118).
- fuse: use READ_ONCE on congestion_threshold and max_background
  (bsc#1206117).
- commit 04cffe1
- blacklist.conf: added 4a6f278d4827 ("/fuse: add file_modified() to fallocate"/)
- commit 02645f1
- blacklist.conf: 2e5383d7904e cgroup1: don't call release_agent when it
  is "/"/
- commit 1051f51
- blacklist.conf: add hamradio
- commit 099ae10
- net: hns3: fix kernel crash when unload VF while it is being
  reset (git-fixes).
- commit ae4bc46
- net: smsc911x: Fix unload crash when link is up (git-fixes).
- commit 5d0ae5f
- i40e: Fix kernel crash during module removal (git-fixes).
- commit 5410efd
- i40e: Fix reset path while removing the driver (git-fixes).
- commit a60eb44
- net: ieee802154: adf7242: Fix bug if defined DEBUG (git-fixes).
- commit 9864107
- net: aquantia: Fix actual speed capabilities reporting
  (git-fixes).
- Refresh
  patches.suse/net-aquantia-Fix-hardware-DMA-stream-overload-on-lar.patch.
- commit 4b16854
- gianfar: Disable EEE autoneg by default (git-fixes).
- commit e3da720
- net: ethernet: arc: fix error handling in emac_rockchip_probe
  (git-fixes).
- commit a60d1e6
- sfp: fix RX_LOS signal handling (git-fixes).
- commit e49032c
- net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit
  (git-fixes).
- commit 1a4980e
- xen-netfront: remove warning when unloading module (git-fixes).
- commit 8066ddd
- macsec: fix memory leaks when skb_to_sgvec fails (git-fixes).
- commit fdbdae5
- macsec: check return value of skb_to_sgvec always (git-fixes).
- commit 958f55b
- blacklist.conf: Add 51bee5abeab2 cgroup/pids: turn cgroup_subsys->free()
  into cgroup_subsys->release() to fix the accounting
- commit 5bcd4d4
- net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
- commit 6514e10
- net: ieee802154: at86rf230: Stop leaking skb's (git-fixes).
- commit 9837fc7
- blacklist.conf: Add 45e1ba40837a cgroup: disable controllers at parse
  time
- commit ccb9bf4
- blacklist.conf: Add threaded cgroups related patches
  The come from stable-4.14, thus not relevant for us.
  (One more cgroup patch added that's unneeded too.)
- commit dbc5a4e
- docs/kernel-parameters: Update descriptions for "/mitigations="/
  param with retbleed (bsc#1199657 CVE-2022-29900 CVE-2022-29901
  bsc#1203271 bsc#1206032).
- Refresh
  patches.suse/powerpc-64s-flush-L1D-after-user-accesses.patch.
- Refresh
  patches.suse/powerpc-64s-flush-L1D-on-kernel-entry.patch.
- commit e452934
- Update
  patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901 bsc#1203271
  bsc#1206032).
- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
  Fix mitigations=off to imply retbleed=off (bsc#1206032).
- commit cf52a0b
- add missing bug reference to a hv_netvsc patch file (bsc#1204850).
- commit e38a906
- blacklist.conf: add 72791ac854fea3
- commit f0edb3e
- blacklist.conf: add 5c13a4a0291b3019
- commit 2149313
- xen/gntdev: Prevent leaking grants (git-fixes).
- commit 4bead56
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
  (git-fixes).
- commit 3e8dd4e
- xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
- commit 392a5ef
- atm: idt77252: fix use-after-free bugs caused by tst_timer
  (CVE-2022-3635 bsc#1204631).
- commit df41542
- blacklist.conf: add e8240addd0a3919e
- commit 5c7763d
- blacklist.conf: add 0f4558ae91870692c
- commit 480f3db
- xen/balloon: fix cancelled balloon action (git-fixes).
- commit b478418
- xen/balloon: fix balloon kthread freezing (git-fixes).
- commit d9798f7
- xen/balloon: use a kernel thread instead a workqueue
  (git-fixes).
- commit 05697f5
- xen/xenbus: Fix granting of vmalloc'd memory (git-fixes).
- Refresh
  patches.suse/xen-xenbus-don-t-let-xenbus_grant_ring-remove-grants.patch.
- commit d643b77
- xen/blkback: fix memory leaks (git-fixes).
- commit 0f8219d
- blacklist.conf: add bce5963bcb4f
- commit 898778b
- Revert "/xen/balloon: Mark unallocated host memory as UNUSABLE"/
  (git-fixes).
- blacklist.conf: remove added patch
- Refresh
  patches.suse/0001-Revert-xen-balloon-Fix-crash-when-ballooning-on-x86-.patch.
- commit e16cca1
- xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL
  usage (git-fixes).
- Refresh
  patches.suse/xen-events-avoid-removing-an-event-channel-while-han.patch.
- commit 51c6261
- xen: avoid crash in disable_hotplug_cpu (bsc#1106594).
- rename patch file and move it to the sorted section.
- commit a55d114
- xen/balloon: fix balloon initialization for PVH Dom0
  (git-fixes).
- Refresh
  patches.suse/0001-xen-balloon-Support-xend-based-toolstack-take-two.patch.
- Refresh
  patches.suse/0001-xen-balloon-Support-xend-based-toolstack.patch.
- commit 5ba6e04
- xen/pcpu: fix possible memory leak in register_pcpu()
  (git-fixes).
- commit b8c3c6e
- Xen/gntdev: don't ignore kernel unmapping error (git-fixes).
- commit bfe3d11
- xen-netback: correct success/error reporting for the
  SKB-with-fraglist case (git-fixes).
- commit 7a7fe44
- arm/xen: Don't probe xenbus as part of an early initcall
  (git-fixes).
- commit 0d3422a
- xen: Fix XenStore initialisation for XS_LOCAL (git-fixes).
- commit 0c5b296
- xen: Fix event channel callback via INTX/GSI (git-fixes).
- commit 99af98d
- x86/xen: don't unbind uninitialized lock_kicker_irq (git-fixes).
- commit dc567fb
- xen/xenbus: ensure xenbus_map_ring_valloc() returns proper
  grant status (git-fixes).
- commit c08cb70
- xenbus: req->err should be updated before req->state
  (git-fixes).
- commit 0cbe5b2
- xenbus: req->body should be updated before req->state
  (git-fixes).
- commit c25f15f
- x86/xen: Distribute switch variables for initialization
  (git-fixes).
- commit c306d38
- xen/balloon: fix ballooned page accounting without hotplug
  enabled (git-fixes).
- commit a0adbc7
- xen-blkback: prevent premature module unload (git-fixes).
- commit cf8ca9e
- x86/xen: Return from panic notifier (git-fixes).
- commit 79e25ba
- xen/efi: Set nonblocking callbacks (git-fixes).
- commit c90ddf2
- xen/pciback: remove set but not used variable 'old_state'
  (git-fixes).
- commit 9bb95c7
- always clear the X2APIC_ENABLE bit for PV guest (git-fixes).
- commit 0e5993e
- xen/pciback: Check dev_data before using it (git-fixes).
- commit 1cda86e
- kprobes/x86/xen: blacklist non-attachable xen interrupt
  functions (git-fixes).
- commit c21b175
- net: xen-netback: fix return type of ndo_start_xmit function
  (git-fixes).
- commit 7ad3ae2
- xen/scsiback: add error handling for xenbus_printf (git-fixes).
- commit 7517554
- xen: add error handling for xenbus_printf (git-fixes).
- commit e858168
- xen: xenbus: use put_device() instead of kfree() (git-fixes).
- commit fe0b840
- ceph: lockdep annotations for try_nonblocking_invalidate
  (bsc#1205908).
- ceph: fix fscache invalidation (bsc#1205907).
- ceph: fix potential race in ceph_check_caps (bsc#1205906).
- ceph: don't skip updating wanted caps when cap is stale
  (bsc#1205905).
- ceph: return ceph_mdsc_do_request() errors from __get_parent()
  (bsc#1205904).
- ceph: check availability of mds cluster on mount after wait
  timeout (bsc#1205903).
- ceph: return -EINVAL if given fsc mount option on kernel w/o
  support (bsc#1205902).
- ceph: return -ERANGE if virtual xattr value didn't fit in buffer
  (bsc#1205901).
- commit 24952fe
- mm, swap, frontswap: fix THP swap if frontswap enabled
  (git-fixes).
- commit 61f5d01
- blacklist.conf: added xen/pvcalls related patches, as driver not in 4.12
- commit f9877af
- xen/grant-table: Use put_page instead of free_page (git-fixes).
- Refresh
  patches.suse/xen-gnttab-fix-gnttab_end_foreign_access-without-pag.patch.
- Refresh
  patches.suse/xen-grant-table-add-gnttab_try_end_foreign_access.patch.
- commit 5a79925
- xen/gntdev: Fix partial gntdev_mmap() cleanup (git-fixes).
- commit e0b8207
- xen/gntdev: Fix off-by-one error when unmapping with holes
  (git-fixes).
- commit 309e553
- xen: XEN_ACPI_PROCESSOR is Dom0-only (git-fixes).
- commit c11ca0a
- Refresh
  patches.suse/tty-extract-tty_flip_buffer_commit-from-tty_flip_buf.patch.
- Refresh
  patches.suse/tty-use-new-tty_insert_flip_string_and_push_buffer-i.patch.
  Update upstream status and move to sorted section.
- commit f034897
- Refresh patches.suse/ibmvnic-Properly-dispose-of-all-skbs-during-a-failov.patch.
  Fix metadata
- commit 3d8bb62
- ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533
  git-fixes).
- commit 1a498e7
- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845).
- hv_netvsc: Fix race between VF offering and VF association message from host (git-fixes).
- scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
- scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
- PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017, bsc#1205617).
- PCI: hv: Add validation for untrusted Hyper-V values (bsc#1204017).
- PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845).
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
- PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017, bsc#1203860, bsc#1205617).
- Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017, bsc#1205617).
- Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017, bsc#1205617).
- Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017, bsc#1205617).
- PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017).
- Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017).
- PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
- Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
- hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (bsc#1204017).
- net: hyperv: remove use of bpf_op_t (git-fixes).
- Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes).
- Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
- net: netvsc: remove break after return (git-fixes).
- x86/hyperv: Output host build info as normal Windows version number (git-fixes).
- hv_netvsc: Add check for kvmalloc_array (git-fixes).
- PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365).
- PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845).
- PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
- hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
- scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017).
- PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446).
- PCI: hv: Support for create interrupt v3 (git-fixes).
- PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446).
- PCI: hv: Fix a race condition when removing the device (bsc#1204446).
- PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446).
- scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017).
- PCI: hv: Drop msi_controller structure (bsc#1204446).
- hv_netvsc: Add error handling while switching data path (bsc#1204850).
- Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).
- scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017).
- hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
- hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
- hv_netvsc: Check VF datapath when sending traffic to VF (bsc#1204017).
- hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (bsc#1204017).
- hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017, bsc#1205617).
- Revert "/scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback()"/ (bsc#1204017).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- Drivers: hv: vmbus: Move __vmbus_open() (bsc#1204017).
- hv_netvsc: Add validation for untrusted Hyper-V values (bsc#1204017).
- hv_netvsc: Cache the current data path to avoid duplicate call and message (bsc#1204017).
- PCI: hv: Use struct_size() helper (bsc#1204446).
- hv_netvsc: Remove unnecessary round_up for recv_completion_cnt (bsc#1204017).
- commit 8363ff1
- Refresh patches.suse/misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch (CVE-2022-3424 bsc#1204166)
  Taken from v10 patch in char-misc subsystem tree
- commit dd1508b
- HID: roccat: Fix use-after-free in roccat_read() (bsc#1203960
  CVE-2022-41850).
- commit bc92371
- Bluetooth: L2CAP: Fix u8 overflow (CVE-2022-45934 bsc#1205796).
- commit 20328af
- blacklist.conf: Do not backport an intrusive KVM/S390 fix.
- commit dc91df6
- KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes).
- KVM: s390: Add a routine for setting userspace CPU state
  (git-fixes).
- KVM: s390: reduce number of IO pins to 1 (git-fixes).
- KVM: s390: fix memory slot handling for
  KVM_SET_USER_MEMORY_REGION (git-fixes).
- commit 91dd7c2
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory
  (CVE-2022-42895 bsc#1205705).
- Bluetooth: L2CAP: Fix accepting connection request for invalid
  SPSM (CVE-2022-42896 bsc#1205709).
- commit 2d196d4
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (bsc#1205671
  CVE-2022-41858).
- commit 502b5e0
- blacklist.conf: not enabled
- commit 62afe05
- md/raid5: Ensure stripe_fill happens on non-read IO with journal
  (git-fixes).
- commit e6e2ec1
- md: Replace snprintf with scnprintf (git-fixes, bsc#1164051).
- Replaced the in-house patch by the above upstream patch,
  patches.suse/md-raid0-fix-buffer-overflow-at-debug-print.patch.
- commit ed9d761
- dm raid: fix address sanitizer warning in raid_resume
  (git-fixes).
- dm raid: fix address sanitizer warning in raid_status
  (git-fixes).
- dm: return early from dm_pr_call() if DM device is suspended
  (git-fixes).
- dm thin: fix use-after-free crash in
  dm_sm_register_threshold_callback (git-fixes).
- Documentation: dm writecache: Render status list as list
  (git-fixes).
- dm raid: fix accesses beyond end of raid member array
  (git-fixes).
- dm mirror log: clear log bits up to BITS_PER_LONG boundary
  (git-fixes).
- dm era: commit metadata in postsuspend after worker stops
  (git-fixes).
- PM: hibernate: fix sparse warnings (git-fixes).
- dm mpath: remove harmful bio-based optimization (git-fixes).
- blk-mq: add callback of .cleanup_rq (git-fixes).
- commit a1e0c0c
- nfsd: set the server_scope during service startup (bsc#1203746).
- commit b1b4277
- NFSD: Cap rsize_bop result based on send buffer size
  (bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv3 READ
  (bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv2 READ
  (bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv3 READDIR
  (bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv2 READDIR
  (bsc#1205128 CVE-2022-43945).
- commit dc177c9
- blacklist.conf: Add 74e4b956eb1c cgroup: Honor caller's cgroup NS when resolving path
- commit 86c9eae
- media: mceusb: do not read data parameters unless required
  (git-fixes).
- commit a5b2d37
- [media] mceusb: TX -EPIPE (urb status = -32) lockup fix
  (git-fixes).
- commit 4fa96ff
- [media] mceusb: RX -EPIPE (urb status = -32) lockup failure fix
  (git-fixes).
- commit 4ed839f
- [media] mceusb: fix inaccurate debug buffer dumps, and
  misleading debug messages (git-fixes).
- Refresh
  patches.suse/media-mceusb-fix-memory-leaks-in-error-path.patch.
- commit dec0bf7
- [media] mceusb: sporadic RX truncation corruption fix
  (git-fixes).
- commit e1eba54
- ring_buffer: Do not deactivate non-existant pages (git-fixes).
- commit 90f5154
- ftrace: Optimize the allocation for mcount entries (git-fixes).
- commit 9d86fe0
- ftrace: Fix the possible incorrect kernel message (git-fixes).
- commit c275921
- ipv6: Fix data races around sk->sk_prot (bsc#1204414
  CVE-2022-3567).
- commit 92ed14c
- ipv6: annotate some data-races around sk->sk_prot (bsc#1204414
  CVE-2022-3567).
- commit 18f5fc2
- ipv6: use indirect call wrappers for {tcp, udpv6}_{recv,
  send}msg() (bsc#1204414 CVE-2022-3567).
- commit ed98ad2
- ipv6: provide and use ipv6 specific version for {recv, send}msg
  (bsc#1204414 CVE-2022-3567).
- commit f8fc818
- inet: factor out inet_send_prepare() (bsc#1204414
  CVE-2022-3567).
- commit 2f26c25
- blacklist.conf: Add fixes for unsupported platforms
- commit 05248b6
- staging: rtl8712: fix use after free bugs (CVE-2022-4095
  bsc#1205514).
- commit 9676102
- blacklist.conf: Add bd31ecf44b8e KVM: PPC: Book3S: Fix CONFIG_TRANSACTIONAL_MEM=n crash
- commit ec74f0b
- s390/pci: add missing EX_TABLE entries to
  __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes).
- s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
  (git-fixes).
- s390/uaccess: add missing EX_TABLE entries to __clear_user(),
  copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc()
  and __strnlen_user() (git-fixes).
- commit c7f58f1
- x86/speculation: Disable RRSBA behavior (bsc#1201455
  CVE-2022-28693).
- Refresh patches.suse/do-not-default-to-ibrs-on-skl.patch.
- commit ca7c19a
- media: ite-cir: IR receiver stop working after receive overflow
  (git-fixes).
- commit 0a8d27b
- media: em28xx-input: fix refcount bug in em28xx_usb_disconnect
  (git-fixes).
- commit 069a7c2
- Update metadata references
- commit 61da8f0
- blacklist.conf: build fix
- commit 42d485b
- media: mceusb: sanity check for prescaler value (git-fixes).
- commit ba3bebc
- blacklist.conf: duplicate
- commit d529ebe
- rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
- sbitmap: fix possible io hung due to lost wakeup (git-fixes).
- block: blk_queue_enter() / __bio_queue_enter() must return
  - EAGAIN for nowait (git-fixes).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- blktrace: Trace remapped requests correctly (git-fixes).
- bfq: Update cgroup information before merging bio (git-fixes).
- virtio_blk: eliminate anonymous module_init & module_exit
  (git-fixes).
- block: don't delete queue kobject before its children
  (git-fixes).
- floppy: Fix hang in watchdog when disk is ejected (git-fixes).
- block: use "/unsigned long"/ for blk_validate_block_size()
  (git-fixes).
- virtio-blk: Use blk_validate_block_size() to validate block size
  (git-fixes).
- block: Add a helper to validate the block size (git-fixes).
- scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND
  (git-fixes).
- block: rsxx: select CONFIG_CRC32 (git-fixes).
- nbd: don't update block size after device is started
  (git-fixes).
- null_blk: fix passing of REQ_FUA flag in null_handle_rq
  (git-fixes).
- block: respect queue limit of max discard segment (git-fixes).
- null_blk: Fix the null_add_dev() error path (git-fixes).
- brd: re-enable __GFP_HIGHMEM in brd_insert_page() (git-fixes).
- block/bfq: fix ifdef for CONFIG_BFQ_GROUP_IOSCHED=y (git-fixes).
- commit a6dd16c
- scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
  (git-fixes).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic (git-fixes).
- commit 8b26e24
- blacklist.conf: add 2 pervasive git-fixes
- commit 0bf3c41
- x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
- commit 52db277
- x86/microcode/AMD: Apply the patch early on every logical thread
  (bsc#1205264).
- commit 2ee27a4
- hv_netvsc: Fix error handling in netvsc_set_features() (git-fixes).
- x86/hyperv: Set pv_info.name to "/Hyper-V"/ (git-fixes).
- hv_netvsc: Sync offloading features to VF NIC (git-fixes).
- commit 4a8a7a9
- net: ethernet: ti: ale: fix seeing unreg mcast packets with
  promisc and allmulti disabled (git-fixes).
- commit 940ee30
- net/mlx5: E-Switch, Hold mutex when querying drop counter in
  legacy mode (git-fixes).
- commit 2e07a05
- bnxt_en: Free context memory after disabling PCI in probe
  error path (git-fixes).
- commit 720cc36
- bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S
  (git-fixes).
- commit 9d7339e
- net/mlx5e: Fix endianness handling in pedit mask (git-fixes).
- commit 20e8907
- arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes)
  Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default
  Refresh patches.suse/0018-KVM-arm64-Add-templates-for-BHB-mitigation-sequences.patch
  Refresh patches.suse/0008-kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch
- commit 043a003
- s390/qeth: fix NULL deref in qeth_clear_working_pool_list()
  (git-fixes).
- s390/qeth: fix notification for pending buffers during teardown
  (git-fixes).
- s390/qeth: fix memory leak after failed TX Buffer allocation
  (git-fixes).
- s390/qeth: vnicc Fix EOPNOTSUPP precedence (git-fixes).
- s390/qeth: vnicc Fix init to default (git-fixes).
- s390/qeth: Fix vnicc_is_in_use if rx_bcast not set (git-fixes).
- s390/qeth: fix false reporting of VNIC CHAR config failure
  (git-fixes).
- s390/qeth: Fix initialization of vnicc cmd masks during set
  online (git-fixes).
- s390/qeth: Fix error handling during VNICC initialization
  (git-fixes).
- commit 6e472df
- s390/crash: fix incorrect number of bytes to copy to user space
  (git-fixes).
- vfio/ccw: Do not change FSM state in subchannel event
  (git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes
  copied (git-fixes).
- s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
- s390/qdio: fix roll-back after timeout on ESTABLISH ccw
  (git-fixes).
- virtio/s390: implement virtio-ccw revision 2 correctly
  (git-fixes).
- vfio: ccw: fix error return in vfio_ccw_sch_event (git-fixes).
- commit 76839b9
- Refresh
  patches.suse/Fix-releasing-of-old-bundles-in-xfrm_bundle_lookup-b.patch.
- commit 374b5d5
- blacklist.conf: cleanup intended to break kABI
- commit c84e993
- usb: chipidea: udc: check request status before setting device
  address (git-fixes).
- commit cb47b3a
- usb: musb: Fix suspend with devices connected for a64
  (git-fixes).
- commit f48dc12
- net: nxp: lpc_eth.c: avoid hang when bringing interface down (git-fixes).
- commit b1650a6
- net: hns3: disable sriov before unload hclge layer (git-fixes).
- commit d345db6
- net: hns3: add limit ets dwrr bandwidth cannot be 0 (git-fixes).
- commit 48b09a8
- net: hns3: reset DWRR of unused tc to zero (git-fixes).
- commit 8875465
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes).
- commit 0db1cd8
- can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
- commit aefa3aa
- can: rcar_can: fix suspend/resume (git-fixes).
- commit 132b32d
- qed: Fix missing error code in qed_slowpath_start() (git-fixes).
- commit a0a50ea
- i40e: fix endless loop under rtnl (git-fixes).
- commit 0544181
- phy: mdio: fix memory leak (git-fixes).
- commit a953b17
- Revert "/net: mdiobus: Fix memory leak in __mdiobus_register"/ (git-fixes).
- commit 8056426
- net: hns3: do not allow call hns3_nic_net_open repeatedly (git-fixes).
- commit 97ee07d
- e100: fix buffer overrun in e100_get_regs (git-fixes).
- commit 4f15909
- e100: fix length calculation in e100_get_regs_len (git-fixes).
- commit cc79b14
- net: mdiobus: Fix memory leak in __mdiobus_register (git-fixes).
- commit 09955f8
- net: hns3: check vlan id before using it (git-fixes).
- commit bfc3c2e
- net: hns3: fix change RSS 'hfunc' ineffective issue (git-fixes).
- commit c549aee
- media: mceusb: Use new usb_control_msg_*() routines
  (CVE-2022-3903 bsc#1205220).
- media: mceusb: fix control-message timeouts (CVE-2022-3903
  bsc#1205220).
- USB: core: return -EREMOTEIO on short usb_control_msg_recv()
  (CVE-2022-3903 bsc#1205220).
- USB: correct API of usb_control_msg_send/recv (CVE-2022-3903
  bsc#1205220).
- USB: core: message.c: use usb_control_msg_send() in a few places
  (CVE-2022-3903 bsc#1205220).
- USB: add usb_control_msg_send() and usb_control_msg_recv()
  (CVE-2022-3903 bsc#1205220).
- USB: move snd_usb_pipe_sanity_check into the USB core
  (CVE-2022-3903 bsc#1205220).
- commit 5162019
- Update patches.suse/scsi-ibmvfc-Avoid-path-failures-during-live-migratio.patch
  (bsc#1065729 bsc#1204810 ltc#200162).
- commit 4db2648
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest
  (git-fixes).
- commit d145d85
- ptp: dp83640: don't define PAGE0 (git-fixes).
- commit ba826c9
- natsemi: sonic: stop calling netdev_boot_setup_check
  (git-fixes).
- commit 3ddf5c6
- cxgb4: dont touch blocked freelist bitmap after free
  (git-fixes).
- commit 590981e
- blacklist.conf: update blacklist
- commit e42313e
- blacklist.conf:  update blacklist for git-fixes commits
- commit 3de45db
- scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
  (bsc#1156395).
- commit aefe870
- bnxt_en: Clean up completion ring page arrays completely
  (git-fixes).
- commit 39641b0
- bnxt_en: Don't use static arrays for completion ring pages
  (git-fixes).
- commit 7ae4ad6
- bnxt_en: Increase maximum RX ring size if jumbo ring is not used
  (git-fixes).
- commit 8ab9e71
- net: natsemi: Fix missing pci_disable_device() in probe and
  remove (git-fixes).
- commit b1e1228
- sis900: Fix missing pci_disable_device() in probe and remove
  (git-fixes).
- commit 9b32829
- tulip: windbond-840: Fix missing pci_disable_device() in probe
  and remove (git-fixes).
- commit 1916370
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- commit 91f7e82
- net/mlx5: Fix flow table chaining (git-fixes).
- commit 50c9e7c
- NIU: fix incorrect error return, missed in previous revert
  (git-fixes).
- commit 697aa31
- ixgbe: Fix packet corruption due to missing DMA sync
  (git-fixes).
- commit 523784f
- net: ti: fix UAF in tlan_remove_one (git-fixes).
- commit 0aebd34
- net: qcom/emac: fix UAF in emac_remove (git-fixes).
- commit 5b6315c
- net: moxa: fix UAF in moxart_mac_probe (git-fixes).
- commit cf3a72b
- net: bcmgenet: Ensure all TX/RX queues DMAs are disabled
  (git-fixes).
- commit 9d4ba6f
- igb: Fix position of assignment to *ring (git-fixes).
- commit 3c1202a
- igc: change default return of igc_read_phy_reg() (git-fixes).
- commit df2e2f4
- igc: Fix use-after-free error during reset (git-fixes).
- commit 251ef5a
- virtio_net: move tx vq operation under tx queue lock
  (git-fixes).
- commit 90eec50
- vxlan: add missing rcu_read_lock() in neigh_reduce()
  (git-fixes).
- commit 156a458
- FDDI: defxx: Make MMIO the configuration default except for EISA
  (git-fixes).
- commit 8b83e49
- FDDI: defxx: Bail out gracefully with unassigned PCI resource
  for CSR (git-fixes).
- commit 2da1970
- ice: Increase control queue timeout (git-fixes).
- commit 5d9b03d
- blacklist.conf: update blacklist
- commit e370582
- scsi: ibmvfc: Avoid path failures during live migration
  (bsc#1065729).
- commit 3b44e8a
- sunrpc: Re-purpose trace_svc_process (bsc#1205006).
- commit cdf529c
- ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
- commit 7c13cdf
- ring-buffer: Check for NULL cpu_buffer in
  ring_buffer_wake_waiters() (git-fixes).
- commit da95687
- ring-buffer: Allow splice to read previous partially read pages
  (git-fixes).
- commit 10722c0
- panic, kexec: make __crash_kexec() NMI safe (git-fixes).
- kexec: turn all kexec_mutex acquisitions into trylocks
  (git-fixes).
- commit 924938c
- s390/boot: fix absolute zero lowcore corruption on boot
  (git-fixes).
- s390: fix nospec table alignments (git-fixes).
- s390: define get_cycles macro for arch-override (git-fixes).
- commit f757324
- blacklist.conf: s390: No need to fix VSIE.
- commit 0194543
- s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST
  flag (git-fixes).
- s390/mm: use non-quiescing sske for KVM switch to keyed guest
  (git-fixes).
- KVM: s390x: fix SCK locking (git-fixes).
- s390/nmi: handle vector validity failures for KVM guests
  (git-fixes).
- s390/nmi: handle guarded storage validity failures for KVM
  guests (git-fixes).
- KVM: s390: Fix handle_sske page fault handling (git-fixes).
- KVM: s390: Simplify SIGP Set Arch handling (git-fixes).
- s390/mcck: fix invalid KVM guest condition check (git-fixes).
- KVM: s390: split kvm_s390_real_to_abs (git-fixes).
- KVM: s390: split kvm_s390_logical_to_effective (git-fixes).
- commit 63379a7
- Update patch references to
  patches.suse/0001-floppy-disable-FDRAWCMD-by-default.patch
  (bsc#1200692 CVE-2022-33981).
- commit 28012b2
- wifi: brcmfmac: Fix potential buffer overflow in
  brcmf_fweh_event_worker() (CVE-2022-3628 bsc#1204868).
- commit 284cbb1
- selftests/livepatch: better synchronize test_klp_callbacks_busy
  (bsc#1071995).
- commit fa89806
- blacklist.conf: livepatch: 32-bit only
- commit 4273e1d
- livepatch: Add a missing newline character in
  klp_module_coming() (bsc#1071995).
- commit 2506784
- livepatch: fix race between fork and KLP transition
  (bsc#1071995).
- commit 6135eb4
- scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
- commit b8d4061
- scsi: qla2xxx: Use transport-defined speed mask for
  supported_speeds (bsc#1204963).
- scsi: qla2xxx: Fix serialization of DCBX TLV data request
  (bsc#1204963).
- commit 9169c2c
- ftrace: Fix char print issue in print_ip_ins() (git-fixes).
- commit da87a2f
- tracing: Do not free snapshot if tracer is on cmdline
  (git-fixes).
- commit 56e3837
- tracing: Simplify conditional compilation code in
  tracing_set_tracer() (git-fixes).
- commit f6b96f7
- ring-buffer: Fix race between reset page and reading page
  (git-fixes).
- commit 3e65661
- tracing: Wake up waiters when tracing is disabled (git-fixes).
- commit d91da96
- tracing: Add ioctl() to force ring buffer waiters to wake up
  (git-fixes).
- commit a0bbb4b
- tracing: Wake up ring buffer waiters on closing of the file
  (git-fixes).
- kABI: Fix after adding trace_iterator.wait_index (git-fixes).
- commit 2dbafe6
- ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
- commit fda3a5b
- ring-buffer: Check pending waiters when doing wake ups as well
  (git-fixes).
- commit 2778e59
- tracing: Disable interrupt or preemption before acquiring
  arch_spinlock_t (git-fixes).
- commit 3e162e8
- i40e: improve locking of mac_filter_hash (git-fixes).
- commit 143807c
- net: marvell: fix MVNETA_TX_IN_PRGRS bit number (git-fixes).
- commit a0ef80c
- bnxt: don't lock the tx queue from napi poll (git-fixes).
- commit 3f4f3ee
- ppp: Fix generating ppp unit id when ifname is not specified
  (git-fixes).
- commit 8e47822
- ppp: Fix generating ifname when empty IFLA_IFNAME is specified
  (git-fixes).
- commit 8d0bcb7
- net: dsa: mt7530: add the missing RxUnicast MIB counter
  (git-fixes).
- commit 57a9699
- net: vxge: fix use-after-free in vxge_device_unregister
  (git-fixes).
- commit 1d9b679
- net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).
- commit 13c92ff
- net: mvpp2: Put fwnode in error case during ->probe()
  (git-fixes).
- commit ec00850
- net/mlx5e: Remove dependency in IPsec initialization flows
  (git-fixes).
- commit e587509
- net/mlx4: Fix EEPROM dump support (git-fixes).
- commit ebb3264
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
  (git-fixes).
- commit 24bcdc7
- Revert "/niu: fix missing checks of niu_pci_eeprom_read"/
  (git-fixes).
- commit 021da5e
- bnxt_en: Fix RX consumer index logic in the error path
  (git-fixes).
- commit f39a791
- net: lapbether: Prevent racing when checking whether the netif
  is running (git-fixes).
- commit 4bee41d
- amd-xgbe: Update DMA coherency values (git-fixes).
- commit e0d8a19
- net: stmmac: fix watchdog timeout during suspend/resume stress
  test (git-fixes).
- commit cc02dbe
- net: stmmac: stop each tx channel independently (git-fixes).
- commit 8a11cdd
- r8169: fix jumbo packet handling on RTL8168e (git-fixes).
- commit 5965441
- i40e: Fix overwriting flow control settings during driver
  loading (git-fixes).
- commit a33b4c7
- i40e: Fix flow for IPv6 next header (extension header)
  (git-fixes).
- commit b64f750
- net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes).
- commit b2e387c
- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE
  SFP (git-fixes).
- commit 366a419
- USB: serial: ch341: fix lost character on LCR updates
  (git-fixes).
- commit 50da091
- net: amd-xgbe: Reset link when the link never comes back
  (git-fixes).
- commit b7ab28e
- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout
  warning (git-fixes).
- commit 183da9c
- bnxt_en: reverse order of TX disable and carrier off
  (git-fixes).
- commit d1661a3
- blacklist.conf: update blacklist
- commit 379051a
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
  (git-fixes).
- commit 9910802
- Input: xpad - add supported devices as contributed on github
  (git-fixes).
- commit a1cf7e6
- Input: gscps2 - check return value of ioremap() in
  gscps2_probe() (git-fixes).
- commit 2ec370b
- Add CVE reference to
  patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
  (bsc#1196018 CVE-2022-28748 CVE-2022-2964).
- commit 0ac14cd
- memcg, kmem: do not fail __GFP_NOFAIL charges (bsc#1204755).
- commit 3f2ce02
- fs: move S_ISGID stripping into the vfs_*() helpers (bsc#1198702
  CVE-2021-4037).
- commit 8a8ede5
- fs: Add missing umask strip in vfs_tmpfile (bsc#1198702
  CVE-2021-4037).
- commit 2edb1f4
- fs: add mode_strip_sgid() helper (bsc#1198702 CVE-2021-4037).
- commit 0ea44f9
- usb: mon: make mmapped memory read only (bsc#1204653
  CVE-2022-43750).
- commit be1109d
- USB: serial: ch341: fix lockup of devices with limited prescaler
  (git-fixes).
- Refresh
  patches.suse/Revert-USB-serial-ch341-add-new-Product-ID-for-CH341.patch.
- Refresh
  patches.suse/USB-serial-ch341-sort-device-id-entries.patch.
- commit 4dd7140
- USB: serial: ch341: fix receiver regression (git-fixes).
- commit c932590
- USB: serial: ch341: reimplement line-speed handling (git-fixes).
- commit b324632
- USB: serial: ch341: add basis for quirk detection (git-fixes).
- commit 113d16b
- blacklist.conf: duplicate of b4a64ed6e7b857317070fcb9d87ff5d4a73be3e8
- commit ff064ba
- nvmem: core: Check input parameter for NULL in
  nvmem_unregister() (bsc#1204241).
- commit ee0dc75
- bnx2x: fix potential memory leak in bnx2x_tpa_stop()
  (bsc#1204402 CVE-2022-3542).
- nfp: fix use-after-free in area_cache_get() (bsc#1204415
  CVE-2022-3545).
- commit ece443c
- nilfs2: fix use-after-free bug of struct nilfs_root
  (CVE-2022-3649 bsc#1204647).
- commit d234200
- nilfs2: fix leak of nilfs_root in case of writer thread creation
  failure (CVE-2022-3646 bsc#1204646).
- vsock: Fix memory leak in vsock_connect() (CVE-2022-3629
  bsc#1204635).
- commit cf0c998
- nilfs2: fix NULL pointer dereference at
  nilfs_bmap_lookup_at_level() (CVE-2022-3621 bsc#1204574).
- commit d20af40
- USB: core: Fix RST error in hub.c (git-fixes).
- commit 5b67fc6
- r8152: Rate limit overflow messages (CVE-2022-3594 bsc#1204479).
- commit d14e803
- kcm: avoid potential race in kcm_tx_work (bsc#1204355
  CVE-2022-3521).
- commit 92746cd
- tcp/udp: Fix memory leak in ipv6_renew_options() (bsc#1204354
  CVE-2022-3524).
- commit ffa0698
- Update metadata references
- commit 090bf0c
- sch_sfb: Also store skb len before calling child enqueue
  (CVE-2022-3586 bsc#1204439).
- sch_sfb: Don't assume the skb is still around after enqueueing
  to child (CVE-2022-3586 bsc#1204439).
- commit baac8bc
- mISDN: fix use-after-free bugs in l1oip timer handlers
  (CVE-2022-3565 bsc#1204431).
- commit a6ab2c6
- USB: serial: cp210x: add Decagon UCA device id (git-fixes).
- commit f308a7a
- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
  (git-fixes).
- commit 1416c1e
- USB: serial: option: add Quectel EM060K modem (git-fixes).
- Refresh patches.suse/USB-serial-option-add-Quectel-RM520N.patch.
- commit 891a8cf
- USB: serial: option: add support for OPPO R11 diag port
  (git-fixes).
- commit a94c0a4
- powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h
  (bsc#1065729).
- commit b4e5f08
- powerpc/mm/64s: Drop pgd_huge() (bsc#1065729).
- powerpc/powernv: add missing of_node_put() in
  opal_export_attrs() (bsc#1065729).
- powerpc/pci_dn: Add missing of_node_put() (bsc#1065729).
- commit 0f4a423
- kABI: fix kABI after "/KVM: Add infrastructure and macro to mark
  VM as bugged"/ (bsc#1200788 CVE-2022-2153).
- commit 07bccdc
- KVM: Add infrastructure and macro to mark VM as bugged
  (bsc#1200788 CVE-2022-2153).
- commit ef2b928
- KVM: x86/emulator: Fix handing of POP SS to correctly set
  interruptibility (git-fixes).
- commit a313609
- x86/xen: Remove undefined behavior in setup_features()
  (git-fixes).
- commit baac9c4
- KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't
  activated (bsc#1200788 CVE-2022-2153).
- commit 8a3b61b
- KVM: x86: ensure all MSRs can always be KVM_GET/SET_MSR'd
  (bsc#1200788 CVE-2022-2153).
- commit 661c2ce
- KVM: x86: hyper-v: disallow configuring SynIC timers with no
  SynIC (bsc#1200788 CVE-2022-2153).
- commit 3a9cc04
- s390/hypfs: avoid error message under KVM (bsc#1032323).
- commit c6701d7
- locking/csd_lock: Change csdlock_debug from early_param to
  __setup (git-fixes).
- Refresh
  patches.suse/0002-kernel-smp-make-csdlock-timeout-depend-on-boot-param.patch.
- commit 0d160b3
- KVM: x86: Avoid theoretical NULL pointer dereference in
  kvm_irq_delivery_to_apic_fast() (bsc#1200788 CVE-2022-2153).
- commit b4f4125
- KVM: x86: Check lapic_in_kernel() before attempting to set a
  SynIC irq (bsc#1200788 CVE-2022-2153).
- commit 95457fb
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB
  hugepages (bsc#1203142 LTC#199883).
- s390/mm: do not trigger write fault when vma does not allow
  VM_WRITE (bsc#1203198 LTC#199898).
- commit 8606330
- scsi: stex: Properly zero out the passthrough command structure
  (bsc#1203514 CVE-2022-40768).
- commit 73e670f
- Update
  patches.suse/mm-rmap-Fix-anon_vma-degree-ambiguity-leading-to-double-reuse.patch
  (CVE-2022-42703, bsc#1204168, git-fixes, bsc#1203098).
- commit 6bd6b60
- misc: sgi-gru: fix use-after-free error in
  gru_set_context_option, gru_fault and gru_handle_user_call_os
  (CVE-2022-3424 bsc#1204166).
- commit 729cf0b
- blacklist.conf: Append 'drm/vc4: hdmi: Prevent access to crtc->state outside of KMS'
- commit 95fbcd2
- blacklist.conf: Append 'drm/vc4: hdmi: Use a mutex to prevent concurrent framework access'
- commit 61ed64b
- blacklist.conf: Append 'drm/vc4: hdmi: Add a spinlock to protect register access'
- commit 469e1ea
- blacklist.conf: ignore unwanted nfs/md patches
- commit 968a253
- ACPI: processor idle: Practically limit "/Dummy wait"/ workaround
  to old Intel systems (bnc#1203802).
- ACPI: processor_idle: Skip dummy wait if kernel is in guest
  (bnc#1203802).
- commit 51d1632
- nvme: restrict management ioctls to admin (bsc#1203290
  CVE-2022-3169).
- commit 9735897
- s390: fix double free of GS and RI CBs on fork() failure
  (bsc#1203254 LTC#199911).
- s390/guarded storage: simplify task exit handling (bsc#1203254
  LTC#199911).
- commit 33e512e
- blacklist.conf: Append 'sysfb: Enable boot time VESA graphic mode selection'
- commit dd58489
- xfs: widen ondisk quota expiration timestamps to handle y2038+
  (bsc#1203387).
- commit e991b90
- quota: widen timestamps for the fs_disk_quota structure
  (bsc#1203387).
- commit 0516b01
- efi: capsule-loader: Fix use-after-free in efi_capsule_write
  (bsc#1203322 CVE-2022-40307).
- commit 8166d5e
- blacklist.conf: df5b035b5683 x86/cacheinfo: Add a cpu_llc_shared_mask() UP variant
- commit b440061
- blacklist.conf: 00da0cb385d0 Documentation/ABI: Mention retbleed vulnerability info file for sysfs
- commit d6070f7
- USB: serial: option: add Quectel RM520N (git-fixes).
- commit e024e1e
- USB: serial: option: add Quectel BG95 0x0203 composition
  (git-fixes).
- commit 88f61a5
- xfs: store inode btree block counts in AGI header (bsc#1203387).
- Refresh patches.suse/xfs-unsupported-features.patch.
- commit 510678c
- xfs: enable big timestamps (bsc#1203387).
- commit f5ecebd
- xfs: widen ondisk inode timestamps to deal with y2038+
  (bsc#1203387).
- commit a71ecee
- xfs: redefine xfs_ictimestamp_t (bsc#1203387).
- Refresh
  patches.suse/xfs-repair-malformed-inode-items-during-log-recovery.patch.
- commit de56df3
- xfs: preserve default grace interval during quotacheck
  (bsc#1203387).
- commit 32fdbbb
- xfs: redefine xfs_timestamp_t (bsc#1203387).
- commit ea13b52
- xfs: use a struct timespec64 for the in-core crtime
  (bsc#1203387).
- commit 31e0e71
- xfs: quota: move to time64_t interfaces (bsc#1203387).
- commit 852ad51
- xfs: explicitly define inode timestamp range (bsc#1203387).
- commit 0ca10b2
- xfs: enable new inode btree counters feature (bsc#1203387).
- commit fdfb081
- xfs: use the finobt block counts to speed up mount times
  (bsc#1203387).
- Refresh patches.suse/xfs-unsupported-features.patch.
- commit 480b158
- xfs: account finobt blocks properly in perag reservation
  (bsc#1203387).
- commit 2390201
- ip6: fix skb leak in ip6frag_expire_frag_queue (bsc#1202972)
- commit da5fa15
- module: change to print useful messages from
  elf_validity_check() (git-fixes).
- commit aa3765e
- module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes).
- commit 99976e2
- module: harden ELF info handling (git-fixes).
- Refresh
  patches.suse/0001-module-warn-if-module-init-probe-takes-long.patch.
- Delete
  patches.suse/0005-modsign-print-module-name-along-with-error-message.patch
  (info->mod->name is no longer available in module_sig_check() due to
  the backported patch).
- commit 6bb95a5
krb5
- Fix integer overflows in PAC parsing; (CVE-2022-42898);
  (bsc#1205126);
- Added patches:
  * 0126-Fix-integer-overflows-in-PAC-parsing.patch
libX11
- U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
  * security update for CVE-2022-3554 (bsc#1204422)
- U_Fix-two-memory-leaks-in-_XFreeX11XCBStructure.patch
  * security update for CVE-2022-3555 (bsc#1204425)
libdb-4_8
- Security fix: [bsc#1174414, CVE-2019-2708]
  * libdb: Data store execution leads to partial DoS
  * Backport the upsteam commits:
  - Fixed several possible crashes when running db_verify
    on a corrupted database. [#27864]
  - Fixed several possible hangs when running db_verify
    on a corrupted database. [#27864]
  - Added a warning message when attempting to verify a queue
    database which has many extent files. Verification will take
    a long time if there are many extent files. [#27864]
  * Add libdb-4_8-CVE-2019-2708.patch
libksba
- Security fix: [bsc#1206579, CVE-2022-47629]
  * Integer overflow in the CRL signature parser.
  * Add libksba-CVE-2022-47629.patch
- Security fix: [bsc#1204357, CVE-2022-3515]
  * Detect a possible overflow directly in the TLV parser.
  * Add libksba-CVE-2022-3515.patch
liblogging
- Use %license instead of %doc [bsc#1082318]
- fix SLE 12 build
- Use python3 version of rst2man when available
- Run spec-cleaner
- liblogging 1.0.6:
  * fix small memory leaks in libstdlog
  * enhancement:  sigsafe_printf now recognizes the "/j"/ length
    modifier
  * fix: build_file_line and build_syslog_frame call the
  __stdlog_print_* functions incorrectly
  * Implement a STDLOG_PID option
  * bugfix: potentialSEGV in the stdlog_sigsafe_string formatter
    if NULL pointer was passed in
  * bugfix: stdlog_sigsafe_printf mis-handles an int or unsigned
    int
  * build system: auto-detect presence of journal libraries
- When building with systemd-journal support, only buildrequire
  pkgconfig(libsystemd-journal) on openSUSE 13.1. On newer
  versions, buildrequrie pkgconfig(libsystemd). The sublibaries have
  been merged in version 209 (13.2 shipped systemd 210).
- make the suse_version portable
- fix broken conditional with sles_version macro
- Remove redundant ldconfig requires
- liblogging 1.0.5:
  + cleanup for systemd-journal >= 209
  + bugfix: date stamp was incorrectly formatted
libtasn1
- Add libtasn1-CVE-2021-46848.patch: Fixed off-by-one array size check
  that affects asn1_encode_simple_der (CVE-2021-46848, bsc#1204690).
libtirpc
- fix CVE-2021-46828: libtirpc: DoS vulnerability with lots of
  connections (bsc#1201680)
  - backport 0001-Fix-DoS-vulnerability-in-libtirpc.patch
- exclude ipv6 addresses in client protocol 2 code (bsc#1200800)
  - update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
libxml2
- Security fixes:
  * [CVE-2022-40303, bsc#1204366] Fix integer overflows with
    XML_PARSE_HUGE
    + Added patch libxml2-CVE-2022-40303.patch
  * [CVE-2022-40304, bsc#1204367] Fix dict corruption caused by
    entity reference cycles
    + Added patch libxml2-CVE-2022-40304.patch
- Security fix: [bsc#1201978, CVE-2016-3709]
  * Cross-site scripting vulnerability after commit 960f0e2
  * Add libxml2-CVE-2016-3709.patch
libxslt
- Fix broken license symlink for libxslt-tools [bsc#1203669]
libzypp
- properly reset range requests (bsc#1204548)
- version 16.22.5 (0)
- Fix package signature check (bsc#1184501)
mozilla-nspr
- update to version 4.34.1
  * add file descriptor sanity checks in the NSPR poll function.
mozilla-nss
- Update nss-fips-approved-crypto-non-ec.patch to disapprove the
  creation of DSA keys, i.e. mark them as not-fips (bsc#1201298)
- Update nss-fips-approved-crypto-non-ec.patch to allow the use SHA
  keygen mechs (bsc#1191546).
- Update nss-fips-constructor-self-tests.patch to ensure abort() is
  called when the repeat integrity check fails (bsc#1198980).
- Require libjitter only for SLE15-SP4 and greater
- update to NSS 3.79.2 (bsc#1204729)
  * bmo#1785846 - Bump minimum NSPR version to 4.34.1.
  * bmo#1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity.
- Add nss-allow-slow-tests.patch, which allows a timed test to run
  longer than 1s. This avoids turning slow builds into broken
  builds.
- Update nss-fips-approved-crypto-non-ec.patch to allow the use of
  DSA keys (verification only) (bsc#1201298).
- Update nss-fips-constructor-self-tests.patch to add
  sftk_FIPSRepeatIntegrityCheck() to softoken's .def file
  (bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to allow the use of
  longer symmetric keys via the service level indicator
  (bsc#1191546).
- Update nss-fips-constructor-self-tests.patch to hopefully export
  sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to prevent sessions
  from getting flagged as non-FIPS (bsc#1191546).
- Mark DSA keygen unapproved (bsc#1191546, bsc#1201298).
- Update nss-fips-approved-crypto-non-ec.patch to prevent keys
  from getting flagged as non-FIPS and add remaining TLS mechanisms.
- Add nss-fips-drbg-libjitter.patch to use libjitterentropy for
  entropy. This is disabled until we can avoid the inline assembler
  in the latter's header file that relies on GNU extensions.
- Update nss-fips-constructor-self-tests.patch to fix an abort()
  when both NSS_FIPS and /proc FIPS mode are enabled.
nfs-utils
- Add 0202-nfsd-allow-server-scope-to-be-set-with-config-or-com.patch
  Allow server scope to be set - removes the need to run nfsd
  inside a private UTS namespace for fail-over applications
  (bsc#1203746)
- 0201-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch
  Ensure sysctl setting work (bsc#1199856)
openldap2
- bsc#1203320 - Resolve broken symlinks in documentation
openssh
- Add -Y option (jsc#SLE-24949)
  + openssh-More-BSD-compat-functions-recallocarray-getpagesize-.patch
  + openssh-Add-more-sshbuf-functions-sshbuf_dup_string-sshbuf_c.patch
  + openssh-New-option-parsing-functions.patch
  + openssh-ssh-keygen-ssh-agent-intergration.patch
  + openssh-test-updates.patch
  + openssh-test-fixups.patch
  + openssh-Add-ssh-keygen-Y-option-sshsig.patch
  - Ship added protocol file as documentation.
- Refresh openssh-7.2p2-gssapi_key_exchange.patch: fix up tests broken by gssapi
- Run tests during build
- cycle patches through git, use autopatch.
openssl-1_0_0
- Added openssl-1_0_0-paramgen-default_to_rfc7919.patch
  * bsc#1180995
  * Default to RFC7919 groups when generating ECDH parameters
    using 'genpkey' or 'dhparam' in FIPS mode.
openssl-1_1
- Added openssl-1_1-paramgen-default_to_rfc7919.patch
  * bsc#1180995
  * Default to RFC7919 groups when generating ECDH parameters
    using 'genpkey' or 'dhparam' in FIPS mode.
permissions
  * fix regression introduced by backport of security fix (bsc#1203911)
- Update to version 20170707:
python
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
  CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.
- Add bpo34990-2038-problem-compileall.patch making compileall.py
  compliant with year 2038 (bsc#1202666, gh#python/cpython#79171),
  backport of fix to Python 2.7.
- Filter out executable-stack error that is triggered for i586
  target.
python-azure-agent
- Add paa_12_sp5_rdma_no_ext_driver.patch (bsc#1203181)
- Update to version 2.8.0.11 (bsc#1203164)
  + Enabled support for Fast Track (faster processing of extensions)
  + Add telemetry for VM Size
  + Add telemetry for environment variables passed to extensions
  + Enforce CPU quota on the Agent on Red Hat and CentOS 7.4+
  + Restore all firewall rules needed for communication with the WireServer
  + Fix false positives reporting processes in the Agent's cgroup
  + Fix false errors when collecting debug logs
  + Don't report incorrect CPU usage data
  + Fetching a goal state with empty certificates property
  + Silence goal state fetch errors after 3 logs
  + Change fast track timestamp default from None to datetime.min
  + Retry HGAP's extensionsArtifact requests on BAD_REQUEST status
  + Support for Rocky Linux
  + RHEL 8
  + RHEL 9
  + Preliminary work to enforce CPU quota on extensions
  + Preliminary work for management of agent self-updates [GA Versioning]
  + Add CentOS 7.9 to end-to-end-tests
  + Add Mariner to end-to-end-tests
- 2.8.0.11 followed 2.7.3.0, no intermediate releases
- Migration to /usr/etc: Saving user changed configuration files
  in /etc and restoring them while an RPM update.
- Update to 2.7.3.0 (jsc#PED-1298)
  + Remove proper_dhcp_config_set.patch included upstream
  + Remove sle_hpc-is-sles.patch included upstream
  + Forward port reset-dhcp-deprovision.patch
  + Retry HGAP's extensionsArtifact requests on BAD_REQUEST status #2622
  + Use 'ip' instead of 'ifdown/ifup' to restart network interface on
    RHEL >= 8.6 #2612 #2624
- From 2.7.1.0
  + hotfix for OOM errors on the log collector
- From 2.7.0.6
  + Increase time of autoupdates after updates are available #2403
  + Send telemetry when upgrade available #2421
  + Enable collection of debugging information #2436, #2453, #2510
  + Add support for Python 2.6 to the debug info collection code #2452
  + Enable CPU/memory data collection on RedHat and CentOS #2450
  + Exclude end-to-end tests from Agent setup #2396, #2402
  + Fix log message in cgroups management #2427
  + Fix parsing of malformed error.json files #2433
  + Allow DNS queries over TCP #2429
  + Dont exit extension handler process if unable to fetch
    first goal state #2440
  + Improvements for Mariner #2407, #2414
  + Add uos support #2420
  + Add support for VMware PhotonOS #2431
- From 2.6.0.2
  + added cloudlinux support (#2344)
  + Enable extensions cpu monitoring (#2357, #2384, #2391)
  + Support Flatcar Container Linux (#2365)
  + Retrieve VmSettings from HostGAPlugin
    (#2378, #2382, #2386, #2394, #2397, #2404)
  + Set Agent's CpuQuota to 75% (#2383)
  + Use handler status if extension status is None when computing
    the ExtensionsSummary (#2358) (#2361)
  + fix bug with dependent extensions with no settings (#2285) (#2362)
  + Create events dir for handlers if ETP enabled (#2366)
  + Report status even if goal state cannot be processed (#2370)
  + Define ExtensionsSummary.eq (#2371) (#2373)
  + Implement ExtensionsSummary.ne in terms of eq (#2375)
- From 2.5.0.2
  + Enable Extension Telemetry Pipeline (#2337, #2339)
  + Enable Periodic Log Collection in systemd distros (#2295,#2289)
  + Implement InitialGoalStatePeriod parameter + improvements in logging
    goal state processing(#2332)
  + Fix operation name in InitializeHostPlugin event(#2338)
  + Mock systemctl stop cmd (#2335)
  + Report transitioning when status file not found (#2330)
  + Dont create default status file for Single-Config extensions (#2318)
  + Do not create placeholder status file for AKS extensions (#2298)
  + Save waagent_status to history folder and add additional details to
    the status file (#2325,#2301,#2270)
  + Rename Debug.FetchVmSettings to Debug.EnableFastTrack (#2324)
  + Update HostGAplugin headers before fetching vmSettings (#2323)
  + Handle HTTP GONE in vmSettings request (#2321)
  + Added log statements to debug issues in vmSettings API(#2317)
  + Remove reference to re.IGNORECASE (#2316)
  + Add and remove extension slice (#2315)
  + FastTrack changes (#2314, #2313,#2306, #2304,#2294, #2293)
  + Helper to handle exception message(#2305)
  + Remove trailing spaces from command name (#2296)
  + Add debug info for systemd-run false positives (#2292)
  + Move Github Actions VMs to Ubuntu 18 (#2291)
  + Onboard redhat82, ubuntu20 (#2290, #2279)
  + Allow systemd-run in the Agent's cgroup (#2287)
  + Use handler status if extension status is None (#2358)
  + Bug Fix :Define ExtensionsSummary.ne (#2371)
- From 2.4.0.2
  + Support for Multi config (#2245, #2261)
  + Support sles 15 sp2 distro (#2272)
  + Cleanup history folder every 30 min (#2258)
  + Updated _read_status_file to include a fragment of status file in
    the exception (#2257)
  + Fix telemetry unicode errors (Re-add #1937) (#2278)
  + Match IPoIB interface with any alphanumeric characters (#2239)
  + Fix bug with dependent extensions with no settings (#2285)
  + Do not create placeholder status file for AKS extensions (#2298)
  + Refactoring of Agent's main loop (#2275)
  + Exception for Linux Patch Extension for creating placeholder
    status file (#2307)
  + Dont create default status file for Single-Config extensions (#2318)
  + Fix bad logging (#2241)
  + Fixed logging of PeriodicOperation (#2263)
  + Log collector broken pipe fix (#2267)
  + Improved logging for Multi config (#2246)
- From 2.3.1.1
  + revert for reducing the time window where we restart the network
    interfaces of the VM
- From 2.3.0.2
  + Enforce CPUQuota on agent #2222, #2226
  + Add support for RequiredFeatures and GoalStateAggregateStatus APIs
    [#2190], #2206, #2209, #2216
  + Added fallback locations for extension manifests #2188
  + Add missing call to str.format() when creating exception #2193
  + Remove helper network service on deprovision #2191
  + Use a helper script to start the network service #2225 #2253
  + Initialize published_hostname using /var/lib/cloud/data/set-hostname #2215
  + Fix utf logging for persist firewall rules #2237
  + Replace firewall-setup unit file if changed #2236
- From 2.2.54
  + PA changes to check cloud-init (#2061)
  + log collector (#2066)
  + cgroups CPU percentage py processor count (#2074)
  + Parse InVMGoalStateMetaData from Extension Config (#2081)
  + iscsi disk support for agent configs (#2073)
  + Add support for VMs with multiple IB devices (#2085)
  + Python 3.9 support (#2082)
  + Add support for CBL-Mariner distro (#2099)
  + Enable Provisioning.MonitorHostName for Ubuntu (#1934)
  + Added supportedFeatures flag in status reporting (#2089)
  + Parse ext runtime settings (#2087)
  + GHA merge validation (#2097)
  + Cgroups improvements
  + renamed the eventsFolder variable for preview and enabled ETP (#2140)
  + Agent slice and custom unit files telemetry (#2150)
  + Make IPoIB interface online (#2116)
  + Add option to disable NetworkConfigurationChanges (#2156)
  + Log network configuration on service start (#2157)
  + Setup persistent firewall rules on service restart (#2154)
  + switched to using run_command (#2060)
  + fixes for chained-comparison and dangerous-default-value pylint
    warnings (#2072)
  + fixed depends on errors (#2059)
  + WireIp env variable added (#2078)
  + Unstick HGAP channel as default (#2046)
  + shellutil.run_command fixes (#2086, #2098)
  + unit test fixes (#2090, #2091, #2108, #2153)
  + fix distro resolution for RedHat (#2083)
  + Read KVP value in binary mode (#2084)
  + Redact protected settings in goal state debug files (#2130)
  + Modify retry logic for empty goal state (#2140)
  + GS no config fix (#2141)
  + CommandExecution.log logrototate config -> custom log management (#2143)
  + binary file for firewall rules (#2147)
  + Refresh host ga plugin periodically (#2155)
  + Disabled custom service (#2166)
  + update test zips (#2167)
- From 2.2.53.1
  + Extension Telemetry Pipeline as a private-preview feature
- From 2.2.53
  + Start exthandler with the same python interpreter (#2007)
  + Verify that the extension status is an array (#2010)
  + Remove enum _UpdateType and retry fetching goal state (#2018)
  + use dd for ext4 as well as xfs (#2042)
  + Fix path for error.json (#2044)
  + Switch to run command changes, + provisioning changes that need to be
    reverted. (#2050)
  + Fix timestamp for goal state archive (#2051)
  + Case insensitive parsing or Plugins and PluginSettings (#2054)
  + Revert "/Fixed delays for HTTP retries rather than exponential
    delays (#1967)"/ (#2065)
  + Fixed bug causing "/MAC verified OK"/ message (#2069)
  + Revert unicode fix manually (#1937) (#2070)
  + Recreate handler environment file on service startup (#1960)
  + Add log collection tool and thread (#1987)
  + Thread interface (#1990)
  + Verify that the CPU and Memory cgroups for the agent are properly
    initialized; disabled cgroups if they are not active. (#2015)
  + SUSE config: use Btrfs LZO compression for ResourceDisk (#2055)
  + Extension telemetry pipeline (#1918)
  + Reformatted the heartbeat event (#2009)
  + Add LIS version to OSInfo.message (#2011)
  + One thread for telemetry (#2019)
  + Limit description character length sent for health report (#2020)
  + Remove Serial Console Logging (#2028)
  + Echo log to /dev/console during provisioning (#2043)
  + Adding telemetry for logrotate (#2045)
  + Report placeholder extension status as an array (#2068)
  + Fix broken link in readme (#2014)
  + Add log collector flags to README (#2029)
- From 2.2.52
  + Do not retrieve users in each goal state (#1935)
  + Fix check for systemd-run failure when invoking extensions (#1943)
  + Fix telemetry unicode errors (#1937)
  + Uninstall unregistered extensions (#1970)
  + Use run_command to execute iptables (#1944)
  + Use run_command for ip route (#1958)
  + Fix handling of gen2 disks with udev rules (#1954)
  + Add API for uploading logs via host plugin (#1902)
  + Fixed delays for HTTP retries rather than exponential delays (#1967)
  + Resolve undefined variable (#1950)
  + Convert owner uid to string (#1949)
  + Fix Travis special checks for distro and remove useless cgroup tests (#1959)
  + Use tmp_dir instead of data_dir (#1968)
- Removed %config flag for files in /usr directory.
- Cleanup spec file:
  - - Removed %{_distconfdir}/logrotate.d from dirlist. It will be
    handled by package filelist now.
  - - %{_distconfdir}/logrotate.d/* can be changed by vendor only.
    So it will be replaced by an RPM update.
- Moved logrotate files from user specific directory /etc/logrotate.d
  to vendor specific directory /usr/etc/logrotate.d.
- require python-rpm-macros to fix build for TW
- do not require test dependencies for build, they are not needed
  (no testsuite run in %check)
python-base
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
  CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.
- Add bpo34990-2038-problem-compileall.patch making compileall.py
  compliant with year 2038 (bsc#1202666, gh#python/cpython#79171),
  backport of fix to Python 2.7.
- Filter out executable-stack error that is triggered for i586
  target.
python3
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
  CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.
- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
  CVE-2020-10735 (bsc#1203125) to limit amount of digits
  converting text to int and vice vera (potential for DoS).
  Originally by Victor Stinner of Red Hat.
python3-base
- Add CVE-2022-40899-ReDos-cookiejar.patch to Fix REDoS in http.cookiejar
  (gh#python/cpython#17157, bsc#1206673, CVE-2022-40899)
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
  CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.
- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
  CVE-2020-10735 (bsc#1203125) to limit amount of digits
  converting text to int and vice vera (potential for DoS).
  Originally by Victor Stinner of Red Hat.
python3-lxml
- Add patch CVE-2021-28957-prevent-formaction.patch:
  * Sanitize HTML5 formaction attributes to prevent an XSS
    (bsc#1184177, CVE-2021-28957)
python36
- Add CVE-2022-37454-sha3-buffer-overflow.patch to fix
  bsc#1204577 (CVE-2022-37454, gh#python/cpython#98517) buffer
  overflow in hashlib.sha3_* implementations (originally from the
  XKCP library).
- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
  CVE-2020-10735 (bsc#1203125) to limit amount of digits
  converting text to int and vice vera (potential for DoS).
  Originally by Victor Stinner of Red Hat.
- Remove merged patch CVE-2020-8492-urllib-ReDoS.patch,
  CRLF_injection_via_host_part.patch, and
  CVE-2019-18348-CRLF_injection_via_host_part.patch.
release-notes-sles
- 12.5.20220930 (tracked in bsc#933411)
- Added note about /var/run volatility (jsc#SLE-5601)
- Added note about SUSEConnect tracking (jsc#SLE-23312)
- Updated LibreOffice note (jsc#SLE-24441)
- Updated Java 1.7 lifecycle (jsc#PED-2073)
- 12.5.20220906 (tracked in bsc#933411)
- Updated Java lifecycle (jsc#PED-2073)
rpm
- backport pgp hardening changes from upstream [bsc#1185299]
  new patch: pgpharden.diff
- fix deadlock when multiple rpm processes try to acquire the
  database lock [bsc#1183659]
  new patch: deadlock.diff
- backport header check security fixes from upstream [CVE-2021-3421]
  [CVE-2021-20271] [CVE-2021-20266]
  [bsc#1183543] [bsc#1183545] [bsc#1183632]
  new patch: headerchk3.diff
- backport fixes for various format handling bugs [bsc#996280]
  new patch: formatbugs.diff
rsync
- Add support for --trust-sender parameter (patch by Jie Gong in
  bsc#1202970). (related to CVE-2022-29154, bsc#1201840)
  * Added patch rsync-CVE-2022-29154-trust-sender-1.patch
  * Added patch rsync-CVE-2022-29154-trust-sender-2.patch
rsyslog
- fix parsing of legacy config syntax (bsc#1205275)
  * add:
    0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch
    0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch
salt
- Ignore extend declarations from excluded SLS files (bsc#1203886)
- Added:
  * ignore-extend-declarations-from-excluded-sls-files.patch
- Enhance capture of error messages for Zypper calls in zypperpkg module
- Added:
  * include-stdout-in-error-message-for-zypperpkg-561.patch
- Fix state.apply in test mode with file state module
  on user/group checking (bsc#1202167)
- Added:
  * fix-state.apply-in-test-mode-with-file-state-module-.patch
- Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596)
- Added:
  * retry-if-rpm-lock-is-temporarily-unavailable-547-551.patch
samba
- Update to 4.15.13
  * CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
    and should be avoided; (bso#15240); (bsc#1206504);
  * filter-subunit is inefficient with large numbers of
    knownfails; (bso#15258);
- Update to 4.15.12
  * CVE-2022-42898: samba: heimdal: Samba buffer overflow
    vulnerabilities on 32-bit systems; (bso#15203); (bsc#1205126).
- Update to 4.15.11
  * Allow rebuild of Centos 8 images after move to vault for
    Samba 4.15; (bso#15193).
  * CVE-2022-3437: samba: Buffer overflow in Heimdal unwrap_des3();
    (bso#15134); (bsc#1204254)
- Update to 4.15.10
  * Possible use after free of connection_struct when iterating
    smbd_server_connection->connections; (bso#15128);
    (bsc#1200102).
  * smbXsrv_connection_shutdown_send result leaked; (bso#15174).
  * Spotlight RPC service returns wrong response when Spotlight
    is disabled on a share; (bso#15086).
  * acl_xattr VFS module may unintentionally use filesystem
    permissions instead of ACL from xattr; (bso#15126).
  * Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1;
    (bso#15153).
  * assert failed: !is_named_stream(smb_fname)"/) at
    ../../lib/util/fault.c:197; (bso#15161).
  * Missing READ_LEASE break could cause data corruption;
    (bso#15148).
  * rpcclient can crash using setuserinfo(2); (bso#15124).
  * Samba fails to build with glibc 2.36 caused by including
    <sys/mount.h> in libreplace; (bso#15132).
  * SMB1 negotiation can fail to handle connection errors;
    (bso#15152).
  * samba-tool domain join segfault when joining a samba ad
    domain; (bso#15078).
- Update to 4.15.9
  * CVE-2022-32742:SMB1 code does not correct verify SMB1write,
    SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
    (bsc#1201496).
  * CVE-2022-32746: samba: Use-after-free occurring in database
    audit logging; (bso#15009); (bso#15096); (bsc#1201490).
  * CVE-2022-2031: samba, ldb: AD users can bypass certain
    restrictions associated with changing passwords; (bso#15047);
    (bsc#1201495);
  * CVE-2022-32745: samba: ldb: AD users can crash the server
    process with an LDAP add or modify request; (bso#15008);
    (bso#15096); (bsc#1201492).
  * CVE-2022-2031: samba, ldb: AD users can bypass certain
    restrictions associated with changing passwords; (bso#15047);
    (bsc#1201495);
  * CVE-2022-32744: samba, ldb: AD users can forge password change
    requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
sg3_utils
- Update to version 1.43+48.63a5696:
  * sg_turs: do not report error for standby or unavailable ports
    (bsc#1186628)
  * drop 55-scsi-sg3_id.rules-fix-SCSI_IDENT_LUN_NAA_EXT-case.patch
    (now included in git tarball)
sqlite3
- bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch:
  relying on --safe for execution of an untrusted CLI script
sudo
- Added sudo-utf8-ldap-schema.patch
  * Change sudo-ldap schema from ASCII to UTF8.
  * Fixes bsc#1197998
  * Credit to William Brown <william.brown@suse.com>
  * https://github.com/sudo-project/sudo/pull/163
- Added sudo-observe-SIGCHLD.patch
  * Make sure SIGCHLD is not ignored when sudo is executed; fixes
    race condition.
  * bsc#1203201
  * Sourced from https://github.com/sudo-project/sudo/commit/727056e
- Added sudo-CVE-2022-43995.patch
  * CVE-2022-43995
  * bsc#1204986
  * Fixed a potential heap-based buffer over-read when entering a password
    of seven characters or fewer and using the crypt() password backend.
- Modified sudo-sudoers.patch
  * bsc#1177578
  * Removed redundant and confusing 'secure_path' settings in
    sudo-sudoers file.
- Added sudo-1-8-27-bsc1201462-ignore-no-sudohost.patch
  * Ignore entries when converting LDAP to sudoers. Prevents empty
    host list being treated as "/ALL"/ wildcard.
  * bsc#1201462
  * Sourced from https://www.sudo.ws/repos/sudo/rev/484d0d3b892e
supportutils
- Changes to supportconfig version 3.0.11
  + Added _sanitize_file and applied it as needed (bsc#1203818)
systemd
- Import commit 284594087815b5a621c9cbdfd7fde382c3fa110e
  408bdd5b5c units: restore RemainAfterExit=yes in systemd-vconsole-setup.service
  c9d71f32e9 vconsole-setup: don't concat strv if we don't need to (i.e. not in debug log mode)
  36cea26f87 vconsole-setup: add more log messages
  ed5157ad87 units: restore Before dependencies for systemd-vconsole-setup.service
  e9ae2bacc4 vconsole-setup: add lots of debug messages
  40b348e753 Add enable_disable() helper
  33ac2fa67a vconsole: correct kernel command line namespace
  41e28b24d6 vconsole: Don't do static installation under sysinit.target
  d5a5e14c0b vconsole: use KD_FONT_OP_GET/SET to handle copying (bsc#1181636)
  4e62cab082 vconsole: updates of keyboard/font loading functions
  8fd6316be5 vconsole: Add generic is_*() functions
  a755ea98ec vconsole: add two new toggle functions, remove old enable/disable ones
  9ca3cfe2aa vconsole: copy font to 63 consoles instead of 15
  7ddfcaab83 vconsole: add log_oom() where appropriate
  8d61f5bde5 vconsole-setup: Store fonts on heap (#3268)
  6efe43abe2 coredump: do not allow user to access coredumps with changed uid/gid/capabilities (bsc#1205000 CVE-2022-4415)
  1f09db3094 errno-util: add new errno_or_else() helper
- Drop 5000-errno-util-add-new-errno_or_else-helper.patch
    5001-coredump-do-not-allow-user-to-access-coredumps-with-.patch
  They have been integrated in SUSE/v228, see above.
- Disable coredump support when building the mini flavor to avoid pulling in
  elfutils as some elf macro definitions are now needed by coredump.c
- Fix systemd-coredump to not allow user to access coredumps with changed
  uid/gid/capabilities (bsc#1205000 CVE-2022-4415)
  Add 5000-errno-util-add-new-errno_or_else-helper.patch
  Add 5001-coredump-do-not-allow-user-to-access-coredumps-with-.patch
- 80-hotplug-cpu-mem.rules: restrict cpu rule to x86_64 (bsc#1204423)
- Import commit 417bb0944e035969594fff83a3ab9c2ca9a56234
  e4ba341080 time-util: fix buffer-over-run (bsc#1204968 CVE-2022-3821)
  20743c1a44 logind: fix crash in logind on user-specified message string
  b971b5f085 tmpfiles: check the directory we were supposed to create, not its parent
  2850271ea6 stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call
  3d3bd5fc8d systemd --user: call pam_loginuid when creating user@.service (#3120) (bsc#1198507)
  4b56c3540a parse-util: introduce pid_is_valid()
  aa811a4c0c systemd-detect-virt: refine hypervisor detection (#7171) (bsc#1197244)
- Rebase 0001-logind-unmount-runtime-path-in-a-dedicated-process.patch
tar
- Fix unexpected inconsistency when making directory, bsc#1203600
  * tar-fix-no-overwrite-dir.patch
  * tar-avoid-overflow-in-symlinks-tests.patch
  * tar-fix-extract-unlink.patch
- Update race condition fix, bsc#1200657
  * tar-fix-race-condition.patch
- Refresh bsc1200657.patch
- Fix race condition while creating intermediate subdirectories,
  bsc#1200657
  * bsc1200657.patch
tcl
- Fix a race condition in test socket-13.1
  (tcl-test-socket-13.1.patch).
- Remove the SQLite extension and package it as a subpackage of
  sqlite3 to have only a single copy and keep it more up to date
  (bsc#1195773).
- Clean up the lib dependencies in tclConfig.sh and tcl.pc.
telnet
- Fix CVE-2022-39028, NULL pointer dereference in telnetd
  (CVE-2022-39028, bsc#1203759)
  CVE-2022-39028.patch
timezone
- timezone update 2022g (bsc#1177460):
  * In the Mexican state of Chihuahua, the border strip near the US
    will change to agree with nearby US locations on 2022-11-30.
    The strip's western part, represented by Ciudad Juárez, switches
    from -06 all year to -07/-06 with US DST rules, like El Paso, TX.
    The eastern part, represented by Ojinaga, will observe US DST next
    year, like Presidio, TX.
    A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
  * Much of Greenland, represented by America/Nuuk, stops observing
    winter time after March 2023, so its daylight saving time becomes
    standard time.
  * Changes for pre-1996 northern Canada
  * Update to past DST transition in Colombia (1993), Singapore
    (1981)
  * timegm is now supported by default
- timezone update 2022f (bsc#1177460):
  * Mexico will no longer observe DST except near the US border
  * Chihuahua moves to year-round -06 on 2022-10-30
  * Fiji no longer observes DST
  * Move links to 'backward'
  * In vanguard form, GMT is now a Zone and Etc/GMT a link
  * zic now supports links to links, and vanguard form uses this
  * Simplify four Ontario zones
  * Fix a Y2438 bug when reading TZif data
  * Enable 64-bit time_t on 32-bit glibc platforms
  * Omit large-file support when no longer needed
  * In C code, use some C23 features if available
  * Remove no-longer-needed workaround for Qt bug 53071
- Refreshed patches:
  * fat.patch
  * tzdata-china.diff
- timezone update 2022e (bsc#1177460):
  * Jordan and Syria switch from +02/+03 with DST to year-round +03
- timezone update 2022d:
  * Palestine transitions are now Saturdays at 02:00
  * Simplify three Ukraine zones into one
- timezone update 2022c:
  * Work around awk bug
  * Improve tzselect on intercontinental Zones
- timezone update 2022b:
  * Chile's DST is delayed by a week in September 2022 boo#1202324
  * Iran no longer observes DST after 2022
  * Rename Europe/Kiev to Europe/Kyiv
  * New zic -R option
  * Vanguard form now uses %z
  * Finish moving duplicate-since-1970 zones to 'backzone'
- Refresh tzdata-china.diff
- Remove upstreamed bsc1202310.patch
util-linux
- Fix tests not passing when '@' character is in build path:
  Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
- Add util-linux-fix-tests-when-at-symbol-in-path.patch
- Integrate pam_keyinit pam module (bsc#1201354, boo#1081947,
  su-l.pamd, runuser.pamd, runuser-l.pamd, login.pamd,
  remote.pamd).
util-linux-systemd
- Integrate pam_keyinit pam module (bsc#1201354, boo#1081947,
  su-l.pamd, runuser.pamd, runuser-l.pamd, login.pamd,
  remote.pamd).
vim
- Updated to version 9.0 with patch level 0814, fixes the following problems
  * Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
  * Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483.
  * Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490.
  * Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598.
  * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
  * Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer()
  * Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c
  * Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c
  * Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c
  * Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag()
  * Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
  * Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c
  * Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free
  * Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse()
  * Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321
  * Fixing bsc#1200884 Vim: Error on startup
  * Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32
  * Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37
  * Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37
  * Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl()
  * Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044
  * Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045
  * Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046.
  * Fixing bsc#1201620 vim: SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue
  * Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock()
  * Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar()
  * Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char
  * Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote()
  * Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent()
  * Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk()
  * Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both()
  * Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name()
  * Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc()
  * Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len()
  * Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow
  * Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes()
  * Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk()
  * Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite()
  * Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int()
  * Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check()
  * Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs()
  * Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special()
  * Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr()
  * Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand
  * Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line()
  * Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string()
  * Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr()
  * Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput()
  * Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails()
  * Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet()
  * Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function()
  * Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len()
  * Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar()
  * Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c
  * Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240
  * Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval
  * Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00
  * Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow
  * Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow
  * Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to
    Heap-based Buffer Overflow
  * Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to
    Heap-based Buffer Overflow
  * Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use
    After Free
  * Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open()
    in src/ex_docmd.c
  * Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to
    Heap-based Buffer Overflow
  * Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to
    Out-of-bounds Read
  * Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to
    Out-of-bounds Read
  * Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free
  * Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow
    in vim prior to 8.2.
  * Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to
    Heap-based Buffer Overflow
  * Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in
    vim prior to 8.2.
  * Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in
    init_ccline() in ex_getln.c
  * Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in
    Conda vim prior to 8.2.
  * Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow
    in skip_range
  * Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in
    append_command
  * Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in
    function cmdline_erase_chars
  * Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in
    function vim_regexec_string
  * Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in
    find_pattern_in_path
  * Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim
  * Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior
    to 8.2
  * Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior
    to 8.2
  * Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a
    .swp file to the editor's primary group, which allows local users to obtain
    sensitive information
  * Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to
    Out-of-bounds Read
  * Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow
    in vim prior to 8.2
  * Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in
    vim prior to 8.2
  * Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset
  * Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow
  * Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in
    cindent.c
  * Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior
    to 8.2.
  * Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write
  * Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read
  * Fixing bsc#1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim:
    Heap-based Buffer Overflow in vim prior to 8.2.
    / vim-8.0.1568-CVE-2022-0413.patch
  * Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in
    normal.c / vim-8.0.1568-CVE-2021-3796.patch
  * Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in
    win_redr_status() drawscreen.c / vim-8.0.1568-CVE-2021-3872.patch
  * Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to
    Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-3927.patch
  * Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to
    Stack-based Buffer Overflow / vim-8.0.1568-CVE-2021-3928.patch
  * Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to
    Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-4019.patch
  * Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting
    could lead to Heap Buffer Overflow / vim-8.0.1568-CVE-2021-3984.patch
  * Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c
    / vim-8.0.1568-CVE-2021-3778.patch
  * Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read
    / vim-8.0.1568-CVE-2021-4193.patch
  * Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability
    exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which
    causes a denial of service. / vim-8.0.1568-CVE-2021-46059.patch
  * Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim
    prior to 8.2. / vim-8.0.1568-CVE-2022-0319.patch
  * Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7()
    / vim-8.0.1568-CVE-2022-0351.patch
  * Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim
    prior to 8.2. / vim-8.0.1568-CVE-2022-0361.patch
  * Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c
    / vim-8.0.1568-CVE-2022-0413.patch
- ignore-flaky-test-failure.patch: Ignore failure of flaky tests
- missing-vim-client: removed
- install suse vimrc in /usr (boo#1182324, vim-8.0.1568-globalvimrc.patch)
- source correct suse.vimrc file (boo#1182324)
- stop owning /etc/vimrc so the old, distro provided config actually
  gets removed. Leaving it around leads to a duplicated autocmd for
  * .spec, leading to spec file template inserted twice.
- own some dirs in vim-data-common so installation of vim-small
  doesn't leave not owned directories (boo#1173256).
- Add vi as slave to update-alternatives so that every package
  has a matching "/vi"/ symlink (bsc#1174564, boo#1176549).
- Removed patches:
  * disable-unreliable-tests-arch.patch
  * CVE-2016-1248.patch
  * CVE-2017-5953.patch
  * CVE-2017-6349.patch
  * CVE-2017-6350.patch
  * restrict-shell-commands.patch
  * source-check-sandbox.patch
  * vim-8.0.1568-CVE-2021-3778.patch
  * vim-8.0.1568-CVE-2021-3796.patch
  * vim-8.0.1568-CVE-2021-3872.patch
  * vim-8.0.1568-CVE-2021-3927.patch
  * vim-8.0.1568-CVE-2021-3928.patch
  * vim-8.0.1568-CVE-2021-3984.patch
  * vim-8.0.1568-CVE-2021-4019.patch
  * vim-8.0.1568-CVE-2021-4193.patch
  * vim-8.0.1568-CVE-2021-46059.patch
  * vim-8.0.1568-CVE-2022-0319.patch
  * vim-8.0.1568-CVE-2022-0351.patch
  * vim-8.0.1568-CVE-2022-0361.patch
  * vim-8.0.1568-CVE-2022-0413.patch
  * vim-8.0.1568-globalvimrc.patch
  * vim-7.1.314-CVE-2009-0316-debian.patch
  * vim-7.3-diff_check.patch
  * vim-python35.patch
  * vim-speedup-yaml.patch
- Updated patches:
  * vim-7.3-filetype_changes.patch
  * vim-7.3-filetype_ftl.patch
  * vim-7.3-filetype_spec.patch
  * vim-7.3-gvimrc_fontset.patch
  * vim-7.3-help_tags.patch
  * vim-7.3-mktemp_tutor.patch
  * vim-7.3-name_vimrc.patch
  * vim-7.3-sh_is_bash.patch
  * vim-7.3-use_awk.patch
  * vim-7.4-disable_lang_no.patch
  * vim-7.4-filetype_apparmor.patch
  * vim-7.4-filetype_mine.patch
  * vim-7.4-highlight_fstab.patch
  * vim-8.0-ttytype-test.patch
  * vim-8.0.1568-defaults.patch
  * vim73-no-static-libpython.patch
  * vim-7.4-rpmlintrc
  * vim73-no-static-libpython.patch
- Added patches:
  * vim-8.0-ttytype-test.patch
  * vim-8.0.1568-defaults.patch
  * vim-8.1.0297-dump3.patch
  * vim-8.2.2411-globalvimrc.patch
  * disable-unreliable-tests.patch
- for the complete list of changes see
  https://github.com/vim/vim/compare/v7.4.326...v9.0.0814
wicked
- version 0.6.70
- build: Link as Position Independent Executable (bsc#1184124)
- dhcp4: Fix issues in reuse of last lease (bsc#1187655)
- dhcp6: Add option to refresh lease (jsc#SLE-9492,jsc#SLE-24307)
- dhcp6: Remove address before release (USGv6 DHCPv6_1_2_07b)
- dhcp6: Ignore lease release status (USGv6 DHCPv6_1_2_07e,1_3_03)
- dhcp6: Consider ppp interfaces supported (gh#openSUSE/wicked#924)
- team: Fix to configure port priority in teamd (bsc#1200505)
- firewall-ext: No config change on ifdown (bsc#1201053,bsc#118950)
- wireless: Fix SEGV on supplicant restart (gh#openSUSE/wicked#931)
- wireless: Add support for WPA3 and PMF (bsc#1198894)
- wireless: Remove libiw dependencies (gh#openSUSE/wicked#910)
- client: Fix SEGV on empty xpath results (gh#openSUSE/wicked#919)
- client: Add release options to ifdown/ifreload (jsc#SLE-10249)
- dbus: Clear string array before append (gh#openSUSE/wicked#913)
- socket: Fix SEGV on heavy socket restart errors (bsc#1192508)
- systemd: Remove systemd-udev-settle dependency (bsc#1186787)
- version 0.6.69
- redfish: decode smbios and setup host interface
  Add initial support to decode the SMBIOS Management Controller Host
  Interface (Type 42) structure and expose it as wicked `firmware:redfish`
  configuration to setup a Host Network Interface (to the BMC) using the
  `Redfish over IP` protocol allowing access to the Redfish Service (via
  redfish-localhost in /etc/hosts) used to manage the computer system.
  Tech Preview (jsc#SLE-17762).
- buffer: fix size_t length downcast to uint, add guards to init functions
- wireless: fix to not expect colons in 64byte long wpa-psk hex hash string
- xml-schema: reference counting fix to not crash at exit on schema errors
- compat-suse: match sysctl.d /etc vs. /run read order with systemd-sysctl,
  remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5.
- compat-suse: fix reading of sysctl addr_gen_mode to wrong variable
- auto6: fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429)
- removed obsolete patch included in the master sources (bsc#1194392)
  [- 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch]
- dbus: cleanup the dbus-service.h file and unused property macros
  e.g. tso has been split into several features and the
- cleanup: add missing/explicit designated field initializers
- dhcp: support to define and request custom options (bsc#988954),
- utils: fixed last byte formatting in ni_format_hex
- ifconfig: re-add broadcast calculation (bcs#971629).
- version 0.6.27
  correctly OR grouped lease status (bnc#896188)
  netlink attribute if provided by the kernel (bnc#885007).
  do not detect persistence but set if requested only (bnc#876845).
- client: do not mix shared with exclusive references (bnc#877776)
- extensions: disabled writing of wickedd.log (debug) file
- addrconf: initial lease writing/parsing helpers / disarmed
- several lldp fixes, mostly for parsing / formatting
yast2-printer
- Try to connect with SMB3 protocol when testing SMB printers
  (bsc#1084277)
- 3.2.1
yast2-registration
- fix crash of autoyast config dialog (bsc#1152913)
- 3.3.1
zlib
- Fix bsc#1203652, inflate() does not update strm.adler if DFLTCC is used
  * bsc1203652.patch