aaa_base
- fix (bsc#1194883) - aaa_base: Set net.ipv4.ping_group_range to
  allow ICMP ping
- added patches
  + git-40-d004657a244d75b372a107c4f6097b42ba1992d5.patch
- Port change from Thu Sep 30 08:51:55 UTC 2022 forword to
  current version which includes a rename of patch
    git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  to
    git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  as otherwise autopatch macro does not work anymore
- Include all fixes and changes for systemwide inputrc to remove
  the 8 bit escape sequence which interfere with UTF-8 multi byte
  characters as well as support the vi mode of readline library.
  This is done with the patches
  * git-41-f00ca2600331602241954533a1b1610d1da57edf.patch
  * git-42-f39a8d18719c3b34373e0e36098f0f404121b5c5.patch
  before the changed patch
    git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  rename it to
    git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  and also add the patches
  * git-44-425f3e9b44ba9ead865d70ff6690d5f2869442dc.patch
  * git-45-bf0a31597d0ed3562bfc5e6be0ade2fe5dc1f7a1.patch
augeas
- support new chrony 4.1 options (jsc#SLE-17334)
  augeas-new_options_for_chrony.patch
avahi
- Downgrade python3-Twisted to a Recommends. It is not available
  on SLED or PackageHub, and it is only needed by avahi-bookmarks
  (bsc#1196282).
- Add avahi-bookmarks-import-warning.patch: fix warning when
  twisted is not available.
- Replace avahi-0.6.31-systemd-order.patch with
  avahi-add-resolv-conf-to-inotify.patch: re-read configuration
  when resolv.conf changes, per discussion on the bug
  (boo#1194561).
- Have python3-avahi require python3-dbus-python, not the
  python 2 dbus-1-python package (bsc#1195614).
- Reinstate avahi-0.6.31-systemd-order.patch (boo#1194561).
  This can probably go away if/when gh#lathiat/avahi#118 is fixed.
- Drop avahi-0.6.32-suppress-resolv-conf-warning.patch: we should
  no longer need this given the above patch.
- Move sftp-ssh and ssh services to the doc directory. They allow
  a host's up/down status to be easily discovered and should not
  be enabled by default (boo#1179060).
bind
- When using forwarders, bogus NS records supplied by, or via, those
  forwarders may be cached and used by named if it needs to recurse
  for any reason, causing it to obtain and pass on potentially
  incorrect answers.
  [CVE-2021-25220, bsc#1197135, bind-9.16.27-0001-CVE-2021-25220.patch]
cloud-init
- systemctl location (bsc#1193531)
  - Add cloud-init-sysctl-not-in-bin.patch
  - The sytemctl executable is not necessarily in '/bin'
- Remove unneeded BuildRequires on python3-nose.
cloud-regionsrv-client
- Update to version 10.0.2
  + Fix name of logfile in error message
  + Fix variable scoping to properly detect registration error
  + Cleanup any artifacts on registration failure
  + Fix latent bug with /etc/hosts population
  + Do not throw error when attemting to unregister a system that is not
    registered
  + Skip extension registration if the extension is recommended by the
    baseproduct as it gets automatically installed
- Update to version 10.0.1 (bsc#1197113)
  + Provide status feedback on registration, success or failure
  + Log warning message if data provider is configured but no data
    can be retrieved
- Update -addon-azure to 1.0.3 follow up fix for (bsc#1195414, bsc#1195564)
  + The repo enablement timer cannot depend on guestregister.service
crash
- Fix module loading (bsc#1190743 ltc#194414).
  + crash-mod-fix-module-object-file-lookup.patch
expat
  * (CVE-2022-25236, bsc#1196784) [>=2.4.5] Fix to CVE-2022-25236
    breaks biboumi, ClairMeta, jxmlease, libwbxml,
    openleadr-python, rnv, xmltodict
  - Added expat-CVE-2022-25236-relax-fix.patch
- Security fixes:
filesystem
- Add /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)
glibc
- pthread-rwlock-trylock-stalls.patch: nptl: Fix pthread_rwlock_try*lock
  stalls (bsc#1195560, BZ #23844)
- clnt-create-unix-overflow.patch: Buffer overflow in sunrpc clnt_create
  for "/unix"/ (CVE-2022-23219, bsc#1194768, BZ #22542)
- svcunix-create-overflow.patch: Buffer overflow in sunrpc svcunix_create
  (CVE-2022-23218, bsc#1194770, BZ #28768)
- getcwd-erange.patch: getcwd: Set errno to ERANGE for size == 1
  (CVE-2021-3999, bsc#1194640, BZ #28769)
- pop-fail-stack.patch: Assertion failure in pop_fail_stack when executing
  a malformed regexp (CVE-2015-8985, bsc#1193625, BZ #21163)
libtirpc
- fix memory leak in client protocol version 2 code (bsc#1193805)
  - update: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
libzypp
- Fix handling of redirected command in-/output (bsc#1195326)
  This fixes delays at the end of zypper operations, where
  zypper unintentionally waits for appdata plugin scripts to
  complete.
- version 17.29.4 (22)
nfs-utils
- Add 0023-cache.c-removed-a-couple-warning.patch
  Fix compilation with new glibc (SLE15-SP4)
  (bsc#1197788)
- Add 0021-mount.nfs-insert-sloppy-at-beginning-of-the-options.patch
  Add 0022-mount.nfs-Fix-the-sloppy-option-processing.patch
  Ensure "/sloppy"/ is added correctly for newer kernels.  Particularly
  required for kernels since 5.6 (so SLE15-SP4), and safe for all kernels.
  (boo#1197297)
openldap2
- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression
  reporting is bsc#1197004 causing SSSD to have faults.
- jsc#PM-3288 - restore CLDAP functionality in CLI tools
openssh
- Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish: Make ssh
  connections update their dbus environment (bsc#1179465).
- Add openssh-bsc1190975-CVE-2021-41617-authorizedkeyscommand.patch
  (bsc#1190975, CVE-2021-41617), backported from upstream by
  Ali Abdallah.
openssl-1_1
- Security Fix: [bsc#1196877, CVE-2022-0778]
  * Infinite loop in BN_mod_sqrt() reachable when parsing certificates
  * Add openssl-CVE-2022-0778.patch openssl-CVE-2022-0778-tests.patch
- Fix PAC pointer authentication in ARM [bsc#1195856]
  * PAC pointer authentication signs the return address against the
    value of the stack pointer, to prevent stack overrun exploits
    from corrupting the control flow. The Poly1305 armv8 code got
    this wrong, resulting in crashes on PAC capable hardware.
  * Add openssl-1_1-ARM-PAC.patch
- Pull libopenssl-1_1 when updating openssl-1_1 with the same
  version. [bsc#1195792]
- FIPS: Fix function and reason error codes [bsc#1182959]
  * Add openssl-1_1-FIPS-fix-error-reason-codes.patch
- Enable zlib compression support [bsc#1195149]
  * Add openssl-fix-BIO_f_zlib.patch to fix BIO_f_zlib: Properly
    handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls.
pam
- Between allocating the variable "/ai"/ and free'ing them, there are
  two "/return NO"/ were we don't free this variable. This patch
  inserts freaddrinfo() calls before the "/return NO;"/s.
  [bsc#1197024, pam-bsc1197024-free-addrinfo-before-return.patch]
- Define _pam_vendordir as "//%{_sysconfdir}/pam.d"/
  The variable is needed by systemd and others.
  [bsc#1196093, macros.pam]
procps
- Add patch bsc1195468-23da4f40.patch to fix bsc#1195468 that is
  ignore SIGURG
protobuf
- Fix incorrect parsing of nullchar in the proto symbol, CVE-2021-22570,
  bsc#1195258
  * Add protobuf-CVE-2021-22570.patch
python-jsonschema
- Add patch to fix build with new webcolors:
  * webcolors.patch
- update to version 3.2.0 (jsc#SLE-18756):
  * Added a format_nongpl setuptools extra, which installs only format
    dependencies that are non-GPL (#619).
- specfile:
  * be more explicit in %files section
  * require python-importlib-metadata
- update to version 3.1.1:
  * Temporarily revert the switch to js-regex until #611 and #612 are
    resolved.
- changes from version 3.1.0:
  * Regular expressions throughout schemas now respect the ECMA 262
    dialect, as recommended by the specification (#609).
- Replace %fdupes -s with plain %fdupes; hardlinks are better.
- Activate more of the test suite
- Remove tests and benchmarking from the runtime package
- Update to v3.0.2
  * Fixed a bug where 0 and False were considered equal by
    const and enum
- from v3.0.1
  * Fixed a bug where extending validators did not preserve their
    notion of which validator property contains $id information.
- from v3.0.0
  * Support for Draft 6 and Draft 7
  * Draft 7 is now the default
  * New TypeChecker object for more complex type definitions
    (and overrides)
  * Falling back to isodate for the date-time format checker is
    no longer attempted, in accordance with the specification
- Add non-updating note to the SPEC file
- downgrade to < 3.0.0 again to fix all openstack clients
- Update to 3.0.1:
  * Support for Draft 6 and Draft 7
  * Draft 7 is now the default
  * New TypeChecker object for more complex type definitions (and overrides)
  * Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification
- Use %license instead of %doc [bsc#1082318]
python-lxml
- With the new update to 4.7.1, the old Bugzilla entries are also
  fixed:
  - bsc#1118088 (related to CVE-2018-19787)
  - bsc#1184177 (related to CVE-2021-28957)
- Update to 4.7.1 (officially released 2021-12-13)
  Features added
  - Chunked Unicode string parsing via parser.feed() now encodes the input
    data to the native UTF-8 encoding directly, instead of going through
    Py_UNICODE / wchar_t encoding first, which previously required duplicate
    recoding in most cases.
  Bugs fixed
  - The standard namespace prefixes were mishandled during "/C14N2"/
  serialisation
    on Python 3.
    See
  https://mail.python.org/archives/list/lxml@python.org/thread/
  6ZFBHFOVHOS5GFDOAMPCT6HM5HZPWQ4Q/
  - lxml.objectify previously accepted non-XML numbers with underscores
    (like "/1_000"/) as integers or float values in Python 3.6 and later.
    It now adheres to the number format of the XML spec again.
  - LP#1939031: Static wheels of lxml now contain the header files of zlib
    and libiconv (in addition to the already provided headers of
    libxml2/libxslt/libexslt).
  Other changes
  - Wheels include libxml2 2.9.12+ and libxslt 1.1.34 (also on Windows).
- Update to 4.7.0 (2021-12-13)
  - Release retracted due to missing files in lxml/includes/.
- UPdate to 4.6.5 (2021-12-12)
  Bugs fixed
  - A vulnerability (GHSL-2021-1038) in the HTML cleaner
  - allowed sneaking script content through SVG images
  - (bnc#1193752, CVE-2021-43818).
  - A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed
  - sneaking script content through CSS imports and other crafted
  - constructs (CVE-2021-43818).
- Update 4.6.4 (2021-11-01)
  Features added
  - GH#317: A new property system_url was added to DTD entities.
  - Patch by Thirdegree.
  - GH#314: The STATIC_* variables in setup.py can now be passed
  - via env vars.
  - Patch by Isaac Jurado.
- Update 4.6.3 (2021-03-21)
  Bugs fixed
  - A vulnerability (CVE-2021-28957) was discovered in the HTML
  - Cleaner by Kevin Chung, which allowed JavaScript to pass through.
  - The cleaner now removes the HTML5 formaction attribute.
- Update 4.6.2 (2020-11-26)
  Bugs fixed
  - A vulnerability (bnc#1179534, CVE-2020-27783) was discovered in the HTML
    Cleaner
  - by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner
  - now removes more sneaky "/style"/ content.
- Update 4.6.1 (2020-10-18)
  Bugs fixed
  - A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry,
  - which allowed JavaScript to pass through. The cleaner now removes
  - more sneaky "/style"/ content.
- Update 4.6.0 (2020-10-17)
  Features added
  - GH#310: lxml.html.InputGetter supports __len__() to count the number
  - of input fields. Patch by Aidan Woolley.
  - lxml.html.InputGetter has a new .items() method to ease processing
  - all input fields.
  - lxml.html.InputGetter.keys() now returns the field names in document
  - order.
  - GH-309: The API documentation is now generated using sphinx-apidoc.
  - Patch by Chris Mayo.
  Bugs fixed
  - LP#1869455: C14N 2.0 serialisation failed for unprefixed attributes
  - when a default namespace was defined.
  - TreeBuilder.close() raised AssertionError in some error cases where
  - it should have raised XMLSyntaxError. It now raises a combined
  - exception to keep up backwards compatibility, while switching to
  - XMLSyntaxError as an interface.
- Update 4.5.2 (2020-07-09)
  Bugs fixed
  - Cleaner() now validates that only known configuration options
  - can be set.
  - LP#1882606: Cleaner.clean_html() discarded comments and PIs
  - regardless of the corresponding configuration option, if
  - remove_unknown_tags was set.
  - LP#1880251: Instead of globally overwriting the document loader
  - in libxml2, lxml now sets it per parser run, which improves the
  - interoperability with other users of libxml2 such as libxmlsec.
  - LP#1881960: Fix build in CPython 3.10 by using Cython 0.29.21.
  - The setup options "/--with-xml2-config"/ and "/--with-xslt-config"/
  - were accidentally renamed to "/--xml2-config"/ and "/--xslt-config"/
  - in 4.5.1 and are now available again.
- Update 4.5.1 (2020-05-19)
  Bugs fixed
  - LP#1570388: Fix failures when serialising documents larger than
  - 2GB in some cases.
  - LP#1865141, GH#298: QName values were not accepted by the
  - el.iter() method. Patch by xmo-odoo.
  - LP#1863413, GH#297: The build failed to detect libraries on Linux
  - that are only configured via pkg-config. Patch by Hugh McMaster.
- Update 4.5.0 (2020-01-29)
  Features added
  - A new function indent() was added to insert tail whitespace for
  - pretty-printing an XML tree.
  Bugs fixed
  - LP#1857794: Tail text of nodes that get removed from a document
    using item deletion disappeared silently instead of sticking with
    the node that was removed.
  Other changes
  - MacOS builds are 64-bit-only by default. Set CFLAGS and LDFLAGS
    explicitly to override it.
  - Linux/MacOS Binary wheels now use libxml2 2.9.10 and libxslt 1.1.34.
  - LP#1840234: The package version number is now available as
    lxml.__version__.
- Update 4.4.3 (2020-01-28)
  Bugs fixed
  - LP#1844674: itertext() was missing tail text of comments and PIs
    since 4.4.0.
salt
- (CVE-2020-22934) (CVE-2020-22935) (CVE-2020-22936) (CVE-2020-22941) (bsc#1197417)
- Added:
  * patch_for_cve_bsc1197417.patch
supportutils
- Spec file adjusted for usr-merge
- Changes to version 3.1.20
  + Added command blkid #114
  + Added s390x specific files and output #115
  + Fix for invalid argument during updates (bsc#1193204)
  + Optimized conf_files, conf_files_text and log_cmd functions #118
  + Fixed iscsi initiator name (bsc#1195797)
  + Added rpcinfo -p output #116
  + Included /etc/sssd/conf.d configuration files #100
- Changes to version 3.1.19
  + Made /proc directory and network names spaces configurable (bsc#1193868)
- Changes to version 3.1.19
  + Removed chronyc DNS lookups with -n switch (bsc#1193732)
- Merged Include udev rules in /lib/udev/rules.d/ #113
- Merged Move localmessage/warm logs out of messages.txt to new localwarn.txt #87
- getappcore identifies compressed core files (bsc#1191794)
- Installing to /usr/sbin instead of /sbin (bsc#1191096)
- Added shared memory as a log directory for emergency use (bsc#1190943)
- Fixed cron package for RPM validation (bsc#1190315)
- Updated spec file with correct URL
- Changes to version 3.1.18
  + Added email.txt based on OPTION_EMAIL #108 (bsc#1189028)
  + Include 'multipath -t' output in mpio.txt #105
  + Improved lsblk readability with --ascsi #106
  + Removed duplicate commands in network.txt
  + Remove duplicate firewalld status output #109
suse-build-key
- extended expiry of SUSE PTF key, move it to suse_ptf_key_old.asc
- added new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494)
- extended expiry of SUSE SLES11 key (bsc#1194845)
- added SUSE Contaner signing key in PEM format for use e.g. by cosign.
- SUSE security key replaced with 2022 edition (E-Mail usage only). (bsc#1196495)
systemd
- Import commit 5e7db68eb43ec3733c56e98262973431f57e2265
  4f00efadc7 systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870)
tcpdump
- Security fix: [bsc#1195825, CVE-2018-16301]
  * Fix segfault when handling large files
  * Add tcpdump-CVE-2018-16301.patch
timezone
- timezone update 2022a (bsc#1177460):
  * Palestine will spring forward on 2022-03-27, not -03-26*
  * zdump -v now outputs better failure indications
  * Bug fixes for code that reads corrupted TZif data
update-alternatives
- break bash <-> update-alternatives cycle by coolo's rewrite
  of %post in lua [bsc#1195654]
util-linux
- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51,
  util-linux-libuuid-extend-cache.patch).
- Prevent root owning of /var/lib/libuuid/clock.txt
  (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
- Warn if uuidd lock state is not usable (bsc#1194642,
  util-linux-uuidd-check-lock-state.patch).
- Fix "/su -s"/ bash completion
  (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
util-linux-systemd
- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51,
  util-linux-libuuid-extend-cache.patch).
- Prevent root owning of /var/lib/libuuid/clock.txt
  (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
- Warn if uuidd lock state is not usable (bsc#1194642,
  util-linux-uuidd-check-lock-state.patch).
- Fix "/su -s"/ bash completion
  (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
yaml-cpp
- Fix CVE-2018-20573 The Scanner:EnsureTokensInQueue function in yaml-cpp
  allows remote attackers to cause DOS via a crafted YAML file
  (CVE-2018-20573, bsc#1121227)
- Fix CVE-2018-20574 The SingleDocParser:HandleFlowMap function in
  yaml-cpp allows remote attackers to cause DOS via a crafted YAML file
  (CVE-2018-20574, bsc#1121230)
- Fix CVE-2019-6285 The SingleDocParser::HandleFlowSequence function in
  cpp allows remote attackers to cause DOS via a crafted YAML file
  (CVE-2019-6285, bsc#1122004)
- Fix CVE-2019-6292 An issue was discovered in singledocparser.cpp in
  yaml-cpp which cause DOS by stack consumption
  (CVE-2019-6292, bsc#1122021)
- Added patch cve-2018-20574.patch
zlib
- CVE-2018-25032: Fix memory corruption on deflate, bsc#1197459
  * bsc1197459.patch