aaa_base
- fix (bsc#1194883) - aaa_base: Set net.ipv4.ping_group_range to
  allow ICMP ping
- added patches
  + git-40-d004657a244d75b372a107c4f6097b42ba1992d5.patch
- Port change from Thu Sep 30 08:51:55 UTC 2022 forword to
  current version which includes a rename of patch
    git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  to
    git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  as otherwise autopatch macro does not work anymore
- Include all fixes and changes for systemwide inputrc to remove
  the 8 bit escape sequence which interfere with UTF-8 multi byte
  characters as well as support the vi mode of readline library.
  This is done with the patches
  * git-41-f00ca2600331602241954533a1b1610d1da57edf.patch
  * git-42-f39a8d18719c3b34373e0e36098f0f404121b5c5.patch
  before the changed patch
    git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  rename it to
    git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  and also add the patches
  * git-44-425f3e9b44ba9ead865d70ff6690d5f2869442dc.patch
  * git-45-bf0a31597d0ed3562bfc5e6be0ade2fe5dc1f7a1.patch
augeas
- support new chrony 4.1 options (jsc#SLE-17334)
  augeas-new_options_for_chrony.patch
avahi
- Downgrade python3-Twisted to a Recommends. It is not available
  on SLED or PackageHub, and it is only needed by avahi-bookmarks
  (bsc#1196282).
- Add avahi-bookmarks-import-warning.patch: fix warning when
  twisted is not available.
- Replace avahi-0.6.31-systemd-order.patch with
  avahi-add-resolv-conf-to-inotify.patch: re-read configuration
  when resolv.conf changes, per discussion on the bug
  (boo#1194561).
- Have python3-avahi require python3-dbus-python, not the
  python 2 dbus-1-python package (bsc#1195614).
- Reinstate avahi-0.6.31-systemd-order.patch (boo#1194561).
  This can probably go away if/when gh#lathiat/avahi#118 is fixed.
- Drop avahi-0.6.32-suppress-resolv-conf-warning.patch: we should
  no longer need this given the above patch.
- Move sftp-ssh and ssh services to the doc directory. They allow
  a host's up/down status to be easily discovered and should not
  be enabled by default (boo#1179060).
bind
- When using forwarders, bogus NS records supplied by, or via, those
  forwarders may be cached and used by named if it needs to recurse
  for any reason, causing it to obtain and pass on potentially
  incorrect answers.
  [CVE-2021-25220, bsc#1197135, bind-9.16.27-0001-CVE-2021-25220.patch]
cloud-init
- systemctl location (bsc#1193531)
  - Add cloud-init-sysctl-not-in-bin.patch
  - The sytemctl executable is not necessarily in '/bin'
- Remove unneeded BuildRequires on python3-nose.
cloud-regionsrv-client
- Update to version 10.0.2
  + Fix name of logfile in error message
  + Fix variable scoping to properly detect registration error
  + Cleanup any artifacts on registration failure
  + Fix latent bug with /etc/hosts population
  + Do not throw error when attemting to unregister a system that is not
    registered
  + Skip extension registration if the extension is recommended by the
    baseproduct as it gets automatically installed
- Update to version 10.0.1 (bsc#1197113)
  + Provide status feedback on registration, success or failure
  + Log warning message if data provider is configured but no data
    can be retrieved
- Update -addon-azure to 1.0.3 follow up fix for (bsc#1195414, bsc#1195564)
  + The repo enablement timer cannot depend on guestregister.service
dapl
- Add reproducible.patch to override build date (boo#1047218)
expat
  * (CVE-2022-25236, bsc#1196784) [>=2.4.5] Fix to CVE-2022-25236
    breaks biboumi, ClairMeta, jxmlease, libwbxml,
    openleadr-python, rnv, xmltodict
  - Added expat-CVE-2022-25236-relax-fix.patch
- Security fixes:
filesystem
- Add /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)
glibc
- pthread-rwlock-trylock-stalls.patch: nptl: Fix pthread_rwlock_try*lock
  stalls (bsc#1195560, BZ #23844)
- clnt-create-unix-overflow.patch: Buffer overflow in sunrpc clnt_create
  for "/unix"/ (CVE-2022-23219, bsc#1194768, BZ #22542)
- svcunix-create-overflow.patch: Buffer overflow in sunrpc svcunix_create
  (CVE-2022-23218, bsc#1194770, BZ #28768)
- getcwd-erange.patch: getcwd: Set errno to ERANGE for size == 1
  (CVE-2021-3999, bsc#1194640, BZ #28769)
- pop-fail-stack.patch: Assertion failure in pop_fail_stack when executing
  a malformed regexp (CVE-2015-8985, bsc#1193625, BZ #21163)
libtirpc
- fix memory leak in client protocol version 2 code (bsc#1193805)
  - update: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
nfs-utils
- Add 0023-cache.c-removed-a-couple-warning.patch
  Fix compilation with new glibc (SLE15-SP4)
  (bsc#1197788)
- Add 0021-mount.nfs-insert-sloppy-at-beginning-of-the-options.patch
  Add 0022-mount.nfs-Fix-the-sloppy-option-processing.patch
  Ensure "/sloppy"/ is added correctly for newer kernels.  Particularly
  required for kernels since 5.6 (so SLE15-SP4), and safe for all kernels.
  (boo#1197297)
openldap2
- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression
  reporting is bsc#1197004 causing SSSD to have faults.
- jsc#PM-3288 - restore CLDAP functionality in CLI tools
openssl-1_1
- Security Fix: [bsc#1196877, CVE-2022-0778]
  * Infinite loop in BN_mod_sqrt() reachable when parsing certificates
  * Add openssl-CVE-2022-0778.patch
pam
- Between allocating the variable "/ai"/ and free'ing them, there are
  two "/return NO"/ were we don't free this variable. This patch
  inserts freaddrinfo() calls before the "/return NO;"/s.
  [bsc#1197024, pam-bsc1197024-free-addrinfo-before-return.patch]
- Define _pam_vendordir as "//%{_sysconfdir}/pam.d"/
  The variable is needed by systemd and others.
  [bsc#1196093, macros.pam]
procps
- Add patch bsc1195468-23da4f40.patch to fix bsc#1195468 that is
  ignore SIGURG
protobuf
- Fix incorrect parsing of nullchar in the proto symbol, CVE-2021-22570,
  bsc#1195258
  * Add protobuf-CVE-2021-22570.patch
salt
- (CVE-2020-22934) (CVE-2020-22935) (CVE-2020-22936) (CVE-2020-22941) (bsc#1197417)
- Added:
  * patch_for_cve_bsc1197417.patch
suse-build-key
- extended expiry of SUSE PTF key, move it to suse_ptf_key_old.asc
- added new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494)
- extended expiry of SUSE SLES11 key (bsc#1194845)
- added SUSE Contaner signing key in PEM format for use e.g. by cosign.
- SUSE security key replaced with 2022 edition (E-Mail usage only). (bsc#1196495)
systemd
- Import commit 5e7db68eb43ec3733c56e98262973431f57e2265
  4f00efadc7 systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870)
timezone
- timezone update 2022a (bsc#1177460):
  * Palestine will spring forward on 2022-03-27, not -03-26*
  * zdump -v now outputs better failure indications
  * Bug fixes for code that reads corrupted TZif data
update-alternatives
- break bash <-> update-alternatives cycle by coolo's rewrite
  of %post in lua [bsc#1195654]
util-linux
- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51,
  util-linux-libuuid-extend-cache.patch).
- Prevent root owning of /var/lib/libuuid/clock.txt
  (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
- Warn if uuidd lock state is not usable (bsc#1194642,
  util-linux-uuidd-check-lock-state.patch).
- Fix "/su -s"/ bash completion
  (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
util-linux-systemd
- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51,
  util-linux-libuuid-extend-cache.patch).
- Prevent root owning of /var/lib/libuuid/clock.txt
  (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
- Warn if uuidd lock state is not usable (bsc#1194642,
  util-linux-uuidd-check-lock-state.patch).
- Fix "/su -s"/ bash completion
  (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
yaml-cpp
- Fix CVE-2018-20573 The Scanner:EnsureTokensInQueue function in yaml-cpp
  allows remote attackers to cause DOS via a crafted YAML file
  (CVE-2018-20573, bsc#1121227)
- Fix CVE-2018-20574 The SingleDocParser:HandleFlowMap function in
  yaml-cpp allows remote attackers to cause DOS via a crafted YAML file
  (CVE-2018-20574, bsc#1121230)
- Fix CVE-2019-6285 The SingleDocParser::HandleFlowSequence function in
  cpp allows remote attackers to cause DOS via a crafted YAML file
  (CVE-2019-6285, bsc#1122004)
- Fix CVE-2019-6292 An issue was discovered in singledocparser.cpp in
  yaml-cpp which cause DOS by stack consumption
  (CVE-2019-6292, bsc#1122021)
- Added patch cve-2018-20574.patch
zlib
- CVE-2018-25032: Fix memory corruption on deflate, bsc#1197459
  * bsc1197459.patch