audit-secondary
- Fix rules not loaded when restarting auditd.service(bsc#1204844)
containerd
- Update to containerd v1.6.12 to fix CVE-2022-23471 bsc#1206235. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.11>
- Update to containerd v1.6.11. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.11>
- Update to containerd v1.6.9 for Docker v20.10.21-ce. Also includes a fix for
  CVE-2022-27191. boo#1206065 bsc#1197284 Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.9>
- add devel subpackage, which is needed by open-vm-tools
dracut
- Update to version 055+suse.323.gca0e74f0:
  * fix(network-manager): always install the library plugins directory (bsc#1202014)
  * feat(dracut-init.sh): add inst_libdir_dir() helper (bsc#1202014)
  A series of fixes for NVMeoF boot (bsc#1203368):
  * fix(network-legacy): misleading duplicate address detection using wicked
  * fix(man): dracut.cmdline.7: clarify "/rd.nvmf.discover=fc,auto"/
  * fix(network): avoid double brackets around IPv6 address
  * feat(nvmf): set rd.neednet=1 if tcp records encountered
  * fix(man): dracut.cmdline(7): correct syntax for rd.nonvmf
  * fix(network): don't use same ifname multiple times
  * fix(nvmf): run cmdline hook before parse-ip-opts.sh
  * fix(nvmf): avoid calling "/exit"/ in a cmdline hook
  * fix(nvmf): make sure "/rd.nvmf.discover=fc,auto"/ takes precedence
  * fix(nvmf): don't use "/finished"/ queue for autoconnect
  * fix(nvmf): don't create did-setup file
  * fix(nvmf): no need to load the nvme module
  * fix(nvmf): don't try to validate network connections in cmdline hook
  * fix(nvmf): nvme list-subsys prints the address using commas as separator
  * fix(nvmf): deprecate old nvmf cmdline options
  * fix(nvmf): set executable bit on nvmf-autoconnect.sh
- Update to version 055+suse.302.gc7aee2dc:
  * fix(dmsquash-live): correct regression introduced with shellcheck changes (bsc#1203894)
  * fix(systemd): add missing modprobe@.service (bsc#1203749)
  * fix(i18n): do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267)
grub2
- Security fixes and hardenings
  * 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
  * 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
- Fix CVE-2022-2601 (bsc#1205178)
  * 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch
  * 0004-font-Remove-grub_font_dup_glyph.patch
  * 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch
  * 0006-font-Fix-integer-overflow-in-BMP-index.patch
  * 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch
  * 0008-fbutil-Fix-integer-overflow.patch
- Fix CVE-2022-3775 (bsc#1205182)
  * 0009-font-Fix-an-integer-underflow-in-blit_comb.patch
  * 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
  * 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
  * 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
- Bump upstream SBAT generation to 3
iputils
- Backport 2 fixes for bsc#1203957:
  0001-ping-Add-SA_RESTART-to-sa_flags.patch
  0002-ping-Make-ping_rts-struct-static.patch
krb5
- Fix integer overflows in PAC parsing; (CVE-2022-42898);
  (bso#15203), (bsc#1205126).
- Added patches:
  * 0010-Fix-integer-overflows-in-PAC-parsing.patch
libeconf
- Update to version 0.4.6+git20220427.3016f4e:
  * econftool:
  * * Parsing error: Reporting file and line nr.
  * * --delimeters=spaces Taking all kind of spaces for delimiter
  * libeconf:
    Fixed bsc#1198165: Parsing files correctly which have space characters
    AND none space characters as delimiters.
- Update to version 0.4.5+git20220406.c9658f2:
  * econftool:
  * * New call "/syntax"/ for checking the configuration files only.
    Returns an error string with line number if an error occurs.
  * * New options "/--comment"/ and "/--delimeters"/
  * * Parsing one file only if needed.
lvm2
- killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216)
  - bug-1203216_lvmlockd-purge-the-lock-resources-left-in-previous-l.patch
- dracut-initqueue timeouts with 5.3.18-150300.59.63 kernel on ppc64le (bsc#1199074)
  - in lvm2.spec, change device_mapper_version from 1.02.163 to %{lvm2_version}_1.02.163
- lvmlockd is not supporting sanlock (bsc#1203482)
  - set 1 for _supportsanlock in lvm2.spec for enabling sanlock.
nfsidmap
- 0001-Removed-some-unused-and-set-but-not-used-warnings.patch
  0002-Handle-NULL-names-better.patch
  0003-Strip-newlines-out-of-IDMAP_LOG-messages.patch
  0004-onf_parse_line-Ignore-whitespace-at-the-beginning-of.patch
  0005-nss.c-wrong-check-of-return-value.patch
  0006-Fixed-a-memory-leak-nss_name_to_gid.patch
  Various bugfixes and improvemes from upstream
  In particular, 0001 fixes a crash that can happen when
  a 'static' mapping is configured.
  (bnc#1200901)
openssh
- Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish: Make ssh
  connections update their dbus environment (bsc#1179465).
openssl-1_1
- FIPS: Service-level indicator [bsc#1190651]
  * Mark PBKDF2 with key shorter than 112 bits as non-approved
  * Add openssl-1_1-ossl-sli-007-pbkdf2-keylen.patch
- FIPS: Service-level indicator [bsc#1190651]
  * Consider RSA siggen/sigver with PKCS1 padding also approved
  * Add openssl-1_1-ossl-sli-006-rsa_pkcs1_padding.patch
- FIPS: Service-level indicator [bsc#1190651]
  * Return the correct indicator for a given EC group order bits
  * Add openssl-1_1-ossl-sli-005-EC_group_order_bits.patch
python3
- Add bsc1188607-pythreadstate_clear-decref.patch to fix crash in
  the garbage collection (bsc#1188607).
- Add CVE-2022-37454-sha3-buffer-overflow.patch to fix
  bsc#1204577 (CVE-2022-37454, gh#python/cpython#98517) buffer
  overflow in hashlib.sha3_* implementations (originally from the
  XKCP library).
- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
  CVE-2020-10735 (bsc#1203125) to limit amount of digits
  converting text to int and vice vera (potential for DoS).
  Originally by Victor Stinner of Red Hat.
- Remove merged patch CVE-2020-8492-urllib-ReDoS.patch,
  CRLF_injection_via_host_part.patch, and
  CVE-2019-18348-CRLF_injection_via_host_part.patch.
rsyslog
- fix parsing of legacy config syntax (bsc#1205275)
  * add:
    0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch
    0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch
- remove $klogConsoleLogLevel setting from rsyslog.conf (bsc#1191833)
  * this legacy setting from pre-systemd times is obsolete and can
    block important systemd messages
sudo
- Added sudo-utf8-ldap-schema.patch
  * Change sudo-ldap schema from ASCII to UTF8.
  * Fixes bsc#1197998
  * Credit to William Brown <william.brown@suse.com>
  * https://github.com/sudo-project/sudo/pull/163
supportutils
- Added lifecycle information (issue#140)
- Changes to version 3.1.21
  + Added type output with df command in fs-diskio.txt (issue#141)
  + Gather all files in /etc/security/limits.d/ (issue#142)
  + Fixed KVM virtualization detection on bare metal (bsc#1184689)
  + Added logging using journalctl (bsc#1200330)
  + Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818)
  + Added system logging configuration and checking in messages_config.txt (issue#103)
  + If rsyslog not installed collect more from journalctl (issue#120)
  + Added systemd-status.txt for the status of all service units (issue#125)
  + autofs includes files in (+dir:<path>) (issue#111)
  + Get current sar data before collecting files (bsc#1192648)
  + Collects everything in /etc/multipath/ (bsc#1192252)
  + Collects power management information in hardware.txt (bsc#1197428)
  + Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337)
  + Fixed conf_files and conf_text_files so y2log is gathered (issue#134, bsc#1202269)
  + Update to nvme_info and block_info #133 (bsc#1202417)
  + Added IO scheduler (issue#136)
  + Added includedir directories from /etc/sudoers (bsc#1188086)
- Added a listing to /dev/mapper/. #129
suse-build-key
- added /usr/share/pki/containers directory for container pem keys
  (cosign/sigstore style), put our PEM key there too (bsc#1204706)
suseconnect-ng
- Update to version 1.0.0~git0.faee7c196dc1:
  * Revert "/packaging: 1.0.0 -> 1.0"/
- Update to version v1.0~git0.32cac3fb5047:
  * packaging: 1.0.0 -> 1.0
- Update to version 1.0.0~git0.60e48564a714 (bsc#1204821):
  * packaging: obsolete suseconnect < 1.0.0
  * packaging: don't end the summary with a dot
- Update to version 0.0.10~git2.ee561b8:
  * Drop .git from tar
- Update to version 0.0.10~git0.5f84106:
  * Fix System-Token support in ruby binding (bsc#1203341)
  * Added the PACKAGE.md file
- Update to version 0.0.9~git10.de887da7231f:
  * Respect the PROXY_ENABLED environment variable
- Update to version 0.0.9~git8.f9adb71:
  * Use standard buildconditionals
  * Strip the binaries (saves ~ 30%)
- Update to version 0.0.9~git5.75890b6:
  * Don't run keepalive on reboot
  * Use system-wide proxy settings (bsc#1200994)
  * Add customer information about keepalive calls
  * Add timer for SUSEConnect --keepalive (bsc#1196076)
  * Add --keepalive to manpage
  * Added support for the System-Token header
  * Add Keepalive command line option
  * Print nested zypper errors (bsc#1200803)
  * Fix migration json error with SMT (bsc#1198625)
  * Add option to run local scc tests
  * Switch to jenkins-hosted credentials
  * Fix "/VCS stamping"/ problem
  * Add missing import
  * Remove redundant code + add comment
- Update to version 0.0.8~git2.368ea44:
  * go1.18 compatibility: BuildRequires:git
tar
- Fix unexpected inconsistency when making directory, bsc#1203600
  * tar-avoid-overflow-in-symlinks-tests.patch
  * tar-fix-extract-unlink.patch
- Update race condition fix, bsc#1200657
  * tar-fix-race-condition.patch
- Refresh bsc1200657.patch
vim
- Updated to version 9.0 with patch level 0814, fixes the following problems
  * Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
  * Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483.
  * Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490.
  * Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598.
  * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
  * Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer()
  * Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c
  * Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c
  * Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c
  * Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag()
  * Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
  * Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c
  * Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free
  * Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse()
  * Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321
- ignore-flaky-test-failure.patch: Ignore failure of flaky tests
- disable-unreliable-tests-arch.patch: Removed
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.0313...v9.0.0814
wget
- Update 0001-possibly-truncate-pathname-components.patch
  * Truncate file name even if no directory structure
  * [bsc#1204720]
wicked
- version 0.6.70
- build: Link as Position Independent Executable (bsc#1184124)
- dhcp4: Fix issues in reuse of last lease (bsc#1187655)
- dhcp6: Add option to refresh lease (jsc#SLE-9492,jsc#SLE-24307)
- dhcp6: Remove address before release (USGv6 DHCPv6_1_2_07b)
- dhcp6: Ignore lease release status (USGv6 DHCPv6_1_2_07e,1_3_03)
- dhcp6: Consider ppp interfaces supported (gh#openSUSE/wicked#924)
- team: Fix to configure port priority in teamd (bsc#1200505)
- firewall-ext: No config change on ifdown (bsc#1201053,bsc#118950)
- wireless: Fix SEGV on supplicant restart (gh#openSUSE/wicked#931)
- wireless: Add support for WPA3 and PMF (bsc#1198894)
- wireless: Remove libiw dependencies (gh#openSUSE/wicked#910)
- client: Fix SEGV on empty xpath results (gh#openSUSE/wicked#919)
- client: Add release options to ifdown/ifreload (jsc#SLE-10249)
- dbus: Clear string array before append (gh#openSUSE/wicked#913)
- socket: Fix SEGV on heavy socket restart errors (bsc#1192508)
- systemd: Remove systemd-udev-settle dependency (bsc#1186787)
- dbus: cleanup the dbus-service.h file and unused property macros
  e.g. tso has been split into several features and the
- cleanup: add missing/explicit designated field initializers
- dhcp: support to define and request custom options (bsc#988954),
- utils: fixed last byte formatting in ni_format_hex
- ifconfig: re-add broadcast calculation (bcs#971629).
- version 0.6.27