- Update -addon-azure to 1.0.2 (bsc#1196305)
  + The is-registered() function expects a string of the update server FQDN.
    The regionsrv-enabler-azure passed an Object of type SMT. Fix the call
    in regionsrv-enabler-azure.
- Update -plugin-azure to 2.0.0 (bsc#1196146)
  + Lower case the region hint to reduce issues with Azure region name
    case inconsistencies
- Update to version 10.0.0 (bsc#1195414, bsc#1195564)
  + Refactor removes check_registration() function in utils implementation
  + Only start the registration service for PAYG images
  - addon-azure sub-package to version 1.0.1
- Follow up changes to (jsc#PCT-130, bsc#1182026)
  + Fix executable name for AHB service/timer
  + Update manpage for BYOS instance registration
- Add coreutils-du-fts-xfs-noleaf.patch to remove problematic
  special leaf optimization cases for XFS that can lead to du
  crashes.  (bsc#1190354)
- CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store
  in plugins/sql.c (bsc#1196036)
  o add upstream patch:
- Security fixes:
  * (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows
    attackers to insert namespace-separator characters into
    namespace URIs
  - Added expat-CVE-2022-25236.patch
  * (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before
    2.4.5 does not check whether a UTF-8 character is valid in a
    certain context.
  - Added expat-CVE-2022-25235.patch
  * (CVE-2022-25313, bsc#1196168) Stack exhaustion in
    build_model() via uncontrolled recursion
  - Added expat-CVE-2022-25313.patch
  - The fix upstream introduced a regression that was later
    amended in 2.4.6 version
    + Added expat-CVE-2022-25313-fix-regression.patch
  * (CVE-2022-25314, bsc#1196169) Integer overflow in copyString
  - Added expat-CVE-2022-25314-before.patch
  - Added expat-CVE-2022-25314.patch
  * (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames
  - Added expat-CVE-2022-25315.patch
- Security fix (CVE-2022-23852, bsc#1195054)
  * Expat (aka libexpat) before 2.4.4 has a signed integer overflow
    in XML_GetBuffer, for configurations with a nonzero
  * Add tests for CVE-2022-23852.
  * Added expat-CVE-2022-23852.patch
- Security fix (CVE-2022-23990, bsc#1195217)
  * Fix unsigned integer overflow in function doProlog triggered
    by large content in element type declarations when there is
    an element declaration handler present (from a prior call to
  * Add expat-CVE-2022-23990.patch
  * Added expat-CVE-2022-22827.patch
- Update to version 4.9.0+git.1624456340.8d746be9:
  * fence_azure_arm: corrections to support Azure SDK >= 15 - including backward compatibility (#415)
  * fence_gce: make serviceaccount work with new libraries
  * fence_kubevirt: new fence agent
  * fence_virt*: simple_auth: use %zu for sizeof to avoid failing verbose builds on some archs
  * configure: dont fail when --with-agents contains virt
  * fence_mpath: watchdog retries support
  * fencing: add multi plug support for reboot-action
  * fence_redfish: add missing diag logic
  * fencing: fix issue with hardcoded help text length for metadata
  * fence_lindypdu: update metadata
  * fence_lindypdu: new fence agent
  * fencing: add stonith_status_sleep parameter for sleep between status calls during a STONITH action
  * fence_openstack: code formatting fixes per:
  * Proper try-except for connection exception.
  * Fix CI.
  * Do not wrap as many values.
  * Restore port metadata.
  * Update xml metadata.
  * Use standard logging.
  * Revert change to __all__
  * fence_virt: fix required=1 parameters that used to not be required and add deprecated=1 for old deprecated params
  * Major rework of the original agent:
  * fence_gce: default method moved back to powercycle (#389)
  * fence_aws: add filter parameter to be able to limit which nodes are listed
  * virt: fix a bunch of coverity scan errors in ip_lookup
  * virt: make sure to provide an empty default to strncpy
  * virt: make sure buffers are big enough for 0 byte end string
  * virt: increase buffer size to avoid overruns
  * virt: check return code in virt-sockets
  * virt: fix error code checking
  * virt: fix plugin (minor) memory leak and plug in load race
  * virt: attempt to open file directly and avoid race condition
  * virt: fix different coverity scan errors in common/tcp
  * virt: cleanup deadcode in client/vsock
  * virt: cleanup deadcode in client/tcp
  * virt: fix potential buffer overrun
  * virt: fix mcast coverity scan errors
  * virt: drop pm-fence plugin
  * build: tidy up module sources
  * virt: drop libvirt-qmf plugin
  * virt: drop null plugin
  * build: enable fence_virtd cpg plugin by default
  * virt: drop fence_virtd non-modular build
  * virt: fix plugin installation regression on upgrades
  * build: temporary disable -Wcast-align for some agents
  * build: fix CFLAGS overrides when using clang
  * fence_virt: metadata fixes, implement manpage generation and metadata/delay/rng checks
  * virt: make sure variable is initialized
  * Drop travis CI
  * Revert "/virt: drop -Werror to avoid unnecessary failures"/
  * zvm: reformat fence_zvm to avoid gcc warnings
  * build: fix make maintainerclean
  * build: remove unnecessary build snippets
  * virt: drop -Werror to avoid unnecessary failures
  * virt: disable -Wunused for yy generated files
  * virt: disable fence-virt on bsd variants
  * virt: merge spec files
  * build: fix more gcc warnings
  * build: remove unused / obsoleted options
  * build: fix some annoying warnings at ./ time
  * virt: move all virt CFLAGS/LDFLAGS in the right location
  * virt: fix unused gcc warnings and re-enable all build warnings
  * virt: fix write-strings gcc warnings
  * virt: fix pointer-arith gcc warnings
  * virt: fix declaration-after-statement gcc warnings
  * virt: fix build with -Wmissing-prototypes
  * build: don´t override clean target
  * virt: plug fence_virt into the build
  * virt: allow fence_virt build to be optional
  * virt: drop support for LSB init script
  * virt: collect docs in one location
  * virt: remove unnecessary files and move build macros in place
  * Ignore fence-virt man pages
  * Merge done
  * Move fence_virt to the correct location
  * Start merge
  * spec: use python3 path for newer releases
  * spec: undo autosetup change that breaks builds w/git commit hashes
  * Ignore unknown options on stdin
  * fence_gce: support google-auth and oauthlib and fallback to deprecated libs when not available
  * spec: add aliyun subpackage and fence_mpath_check* to mpath subpackage
  * fence_gce: Adds cloud-platform scope for bare metal API and optional proxy flags (#382)
  * fence_virt: Fix minor typo in metadata
  * fence_gce: update module reqs for SLES 15 (#383)
  * Add fence_ipmilanplus as fence_ipmilan wrapper always enabling lanplus
  * fence_redfish: Add diag action
  * fence_vbox: updated metadata file
  * fence_vbox: do not flood host account with vboxmanage calls
  * fence_aws/fence_gce: allow building without cloud libs
  * fence_gce: default to onoff
  * fence_lpar: Make --managed a required option
  * fence_zvmip: fix shell-timeout when using new disable-timeout parameter
  * Adds service account authentication to GCE fence agent
  * spec: dont build -all subpackage as noarch
  * fence_mpath, fence_scsi: Improve logging for failed res/key get
  * fence_mpath, fence_scsi: Capture stderr in run_cmd()
  * build: depend on config changes to rebuild when running make after running ./configure
  * fence_redfish: Fix typo in help.
  * fence_aws: add support for IMDSv2
  * fence_virt: add plug parameter that obsoletes old port parameter
  * Try to detect directory for initscripts configuration
  * Accept SIGTERM while waiting for initialization.
  * Add man pages to fence_virtd service file.
  * Fix spelling error in fence_virt.conf.5
  * build: fix BRs for suse distros
  * build: remove ExclusiveArch
  * build: removed gcc-c++ BR
  * build: add spec-file and rpm build targets
  * build: cleanup/improvements to reworked build system
  * [build] rework build system to use automake/libtool
  * fence_virtd: Fix segfault in vl_get when no domains are found
  * fence_virt: fix core dump
  * build: harden and make it possible to build with -fPIE
  * fence_virt: dont report success for incorrect parameters
  * fence_virt: mcast: config: Warn when provided mcast addr is not used
  * fence_virtd: Return control to main loop on select interruption
  * fence-virtd: Add missing vsock makefile bits
  * fence-virt: Add vsock support
  * fence_virtd: Fix transposed arguments in startup message
  * fence_virt: Rename challenge functions
  * fence_virtd: Cleanup: remove unused configuration options
  * fence_virt: Remove remaining references to checkpoints
  * fence_virt: Remove remaining references to checkpoints
  * fence-virt: Format string cleanup
  * fence_virtd: Implment hostlist for the cpg backend
  * fence_virt: Fix logic error in fence_xvm
  * fence_virtd: Cleanup config module
  * fence_virtd: cpg: Fail initialization if no hypervisor connections
  * fence_virtd: Make the libvirt backend survive libvirtd restarts
  * fence_virtd: Allow the cpg backend to survive libvirt failures
  * fence_virtd: cpg: Fix typo
  * fence-virtd: Add cpg-virt backend plugin
  * fence_virtd: Remove checkpoint, replace it with a CPG only plugin
  * fence-virt: Bump version
  * fence_virtd: Add better debugging messages for the TCP listner
  * fence_virtd: Fix potential unlocked pthread_cond_timedwait()
  * fence-virtd: Cleanup small memory leak
  * fence_virtd: Fix select logic in listener plugins
  * Factor out common libvirt code so that it can be reused by multiple backends
  * Document the fence_virtd -p command line flag
  * fence_virtd: Log an error when startup fails
  * Retry writes in the TCP, mcast, and serial listener plugins while sending a response to clients, if the write fails or is incomplete.
  * Make the packet authentication code more resilient in the face of transient failures.
  * Remove erroneous 'inline'
  * Disable the libvirt-qmf backend by default
  * Bump the versions of the libvirt and checkpoint plugins
  * fence-virtd: Enable TCP listener plugin by default
  * fence-virtd: Cleanup documentation of the TCP listener
  * fence_xvm/fence_virt: Add support for the validate-all status op
  * fence-virt: Add list-status command to man page and metadata
  * fence-virt: Cleanup numeric argument parsing
  * fence-virt: Log message to syslog in addition to stdout/stderr
  * fence-virt: Permit explicitly setting delay to 0
  * fence-virt: Add 'list-status' operation for compat with other agents
  * Fix use of undefined #define
  * Allow fence_virtd to run as non-root
  * Remove delay from the status, monitor and list functions
  * Resolves serveral problems in checkpoint plugin, making it functional.
  * Current implementation of event listener in virt-serial does not support keepalive, it does not generate nor capable to answer to keepalive requests, which causes libvirt connection to disconnect every 30 seconds (interval*timeout in libvirtd.conf). Furthermore, it does not clean up filehandlers and leaves hanging sockets. Also, if other thread opens its own connection to libvirt (i.e. checkpoint.c), event function in virt-serial.c just updates event listener file handler with a wrong one, what causes checkpoint.c malfunctions, fence_virtd hangs and so on. This patch uses default event listener implementation from libvirt and resolves theese problems.
  * daemon_init: Removed PID check and update
  * fence_virtd: drop legacy SysVStartPriority from service unit
  * fence-virt: client: Do not truncate VM domains in list output
  * client: fix "/delay"/ parameter checking (copy-paste)
  * fence-virt: Fix broken restrictions on the port ranges
  * Clarify debug message
  * fence-virtd: Use perror only if the last system call returns an error.
  * fence-virtd: Fix printing wrong system call in perror
  * fence-virtd: Allow multiple hypervisors for the libvirt backend
  * fence-virt: Don't overrwrite saved errno
  * fence-virt: Fix small memory leak in the config module
  * fence-virt: Fix mismatched sizeof in memset call
  * fence-virt: Send complete hostlist info
  * fence-virt: Clarify the path option in serial mode
  * Bump version
  * fence-virt: Bump version
  * fence_virtd: Fix broken systemd service file
  * fence_virt/fence_xvm: Print status when invoked with -o status
  * fence-virt: Fix for missed libvirtd events
  * fence-virt: Fail properly if unable to bind the listener socket
  * client: dump all arguments structure in debug mode
  * Drop executable flag for man pages (finally)
  * Honor implicit "/ip_family=auto"/ in fence_xvm w/IPv6 mult.addr.
  * Fix using bad struct item for auth algorithm
  * Drop executable flag for man pages
  * use bswap_X() instead of b_swapX()
  * fence_virtd: Fix memcpy size params in the TCP plugin
  * Revert "/fence-virt: Fix possible descriptor leak"/
  * fence_virtd: Return success if a domain exists but is already off.
  * fence-virt: Add back missing tcp_listener.h file
  * fence-virt: Fix a few fd leaks
  * fence-virt: Fix free of uninitialized variable
  * fence-virt: Fix possible null pointer dereference
  * fence-virt: Fix memory leak
  * fence-virt: Fix fd leak when finding local addresses
  * fence-virt: Fix possible descriptor leak
  * fence-virt: Fix possible fd leak
  * fence-virt: Fix null pointer deref
  * fence-virt: Explicitly set delay to 0
  * fence-virt: Fix return with lock held
  * fence_virt: Fix typo in fence_virt(8) man page
  * fence_virt: Return failure for nonexistent domains
  * Initial commit
  * Improve fence_virt.conf man page description of 'hash'
  * Add a delay (-w) option.
  * Remove duplicated port struct entry
  * Add a TCP listener plugin for use with viosproxy
  * In serial mode, return failure if the other end closes the connection before we see SERIAL_MAGIC in the reply or timeout.
  * Stop linking against unnecessary QPid libs.
  * Update libvirt-qmf plugin and docs
  * Fix crash when we fail to read key file.
  * Fix erroneous man page XML
  * Add 'interface' directive to example.conf
  * Fix build
  * Add old wait_for_backend directive handling & docs
  * Return proper error if we can't set up our socket.
  * Fix startup in systemd environments
  * Add systemd unit file and generation
  * Don't override user's pick for backend server module
  * Use libvirt as default in shipped config
  * Clean up compiler warnings
  * Fix serial domain handling
  * Fix monolithic build
  * Clean up build and comments.
  * Add missing pm_fence source code
  * Disable CMAN / checkpoint build by default
  * Rename libvirt-qpid -> libvirt-qmf
  * Fix static analysis errors
  * Reword assignment to appease static analyzers
  * Handle return value from virDomainGetInfo
  * Fix bad sizeof()
  * Make listen() retry
  * Add map_check on 'status' action
  * Update README
  * Don't reference out-of-scope temporary
  * Ensure we don't try to strdup() or atoi() on NULL
  * Add libvirt-qmf support to the libvirt-qpid plugin
  * Convert libvirt-qpid plugin to QMFv2
  * Fix incorrect return value on hash mismatch
  * Fix error getting status from libvirt-qpid plugin
  * Fix typo that broke multicast plugin
  * Make fence-virt requests endian clean
  * Update TODO
  * Fix input parsing to allow domain again
  * Provide 'domain' in metadata output for compatibility
  * High: Fix UUID lookups in checkpoint backend
  * Curtail 'list' operation requests
  * Fix man page references: fence_virtd.conf -> fence_virt.conf
  * Add 'list' operation for plugins; fix missing getopt line
  * Fix build with newer versions of qpid
  * Make actually disable plugins
  * Fix metadata output
  * Rename parameters to match other fencing agents
  * Fix fence_xvm man page to point to the right location
  * client: Clarify license in serial.c
  * Return 2 for 'off' like other fencing agents
  * Reset flags before returning from connect_nb
  * Use nonblocking connect to vmchannel sockets
  * More parity with other fencing agents' parameters
  * Fix memory leaks found with valgrind
  * Add basic daemon functions
  * Fix bug in path pruning support for serial plugin
  * Fix libvirt-qpid bugs found while testing
  * Fix segfault caused by invalid map pointer assignment
  * Fix another compiler warning
  * Fix build warnings in client/serial.c
  * Add 'monitor' as an alias for 'status'
  * Add serial listener to configuration utility
  * Make serial/vmchannel module enabled by default
  * Add missing 'metadata' option to help text
  * Add missing static_map.h
  * Add metadata support to fence_xvm/fence_virt
  * Allow IPs to be members of groups
  * Allow use of static mappings w/ mcast listener
  * Make 'path' be a directory
  * Update TODO
  * Remove useless debug printfs
  * Enable VM Channel support in serial plugin
  * Update TODO based on progress
  * Pass source VM UUID (if known) to backend
  * Mirror libvirt-qpid's settings in libvirt-qpid plugin
  * libvirt-qpid: clean up global variable
  * Enable a configurable host/port on libvirt-qpid plugin
  * Minor config utility cleanups
  * Man page cleanups
  * Remove unnecessary name_mode from multicast plugin
  * Add prototypes and clean up build warnings
  * Use seqno in serial requests
  * Minor debugging message cleanup
  * Fix build error due to improper value
  * Static map support and permissions reporting
  * Sync up on SERIAL_MAGIC while waiting for a response
  * Don't build serial vmchannel module by default
  * Update TODO
  * Initial checkin of serial server-side support
  * Fix fence_virt.conf man page name
  * Add Fedora init script
  * Compiler warning cleanups in virt-serial.c
  * Add wait-for-backend mode
  * Fix up help text for clients
  * Minor XML cleanups, add missing free() call
  * add missing module_path to fence_virtd.conf.5
  * Add capabilities to virt-serial
  * Note that serial support is experimental
  * Add a build target
  * Add vmchannel serial event interface
  * Split fence_virt vs. fence_xvm args
  * Add static map functions.
  * Fix build warning due to missing #include
  * Fix multiple query code
  * Better config query & multiple value/tag support
  * Add simple configuration mode
  * Add missing man pages
  * More minor config cleanups
  * Allow setting config values to NULL to clear them
  * Clean up example config file
  * Sort plugins by type when printing them
  * Revert "/Sort plugins by type when printing them"/
  * Sort plugins by type when printing them
  * Clean up some configuration plugin information
  * add empty line between names
  * Make libvirt to automatically use uuid or names
  * Improve error reporting
  * Fix build for hostlist functionality
  * Hostlist functionality for libvirt, libvirt-qpid
  * Update TODO
  * Work around broken nspr headers
  * Fix installation target for man pages
  * Fix default build script
  * Add man page build infrastructure
  * Initial commit of fence_virt & fence_xvm man pages
  * Make fence_xvm compatibility mode enabled by default
  * Fix libvirt / mcast support for name_mode
  * Fix agent option parsing
  * Fix dlsym mapping of C++ module
  * Make uuids work with libvirt-qpid
  * Fix uninitialized variable causing false returns
  * Update monolithic build
  * Fix linking problem
  * Add 'help' to fence_virtd
  * Fix libvirt-qpid build
  * Make 'reboot' work
  * Fix libvirt-qpid build
  * Add libvirt-qpid build target
  * Initial checking of libvirt-qpid plugin
  * Fix build on i686
  * Make symlink/compatibilty mode disabled by default
  * Add simple tarball / release script
  * Update TODO and requirements file
  * Update TODO
  * Use immediate resolution of symbols
  * Example config tweaks
  * Use sysconfdir for /etc/fence_virt.conf
  * Fix package name and install locations
  * Fix daemon return code
  * Add 'maintainer-clean' target
  * Fix build errors on Fedora
  * Add missing header file
  * Ignore automake error
  * Add missing COPYING file; update TODO
  * Make the build script actually build
  * Make cluster mode plugin work
  * Add basic cpg stuff for later
  * Enable 'on' operation for libvirt backend
  * Clean up modular build
  * Minor build cleanups
  * Yet more build fixes
  * More build cleanups
  * Build cleanups
  * Initial port to autoconf
  * Add checkpoint.c stub functions
  * Add sequence numbers to requests for tracking
  * Include missing include
  * Call generic history functions
  * Make history functions generic
  * Make debugging work from modules again
  * Revert "/Fix build issue breaking debug printing from modules"/
  * Fix build issue breaking debug printing from modules
  * Fix libvirt backend; VALIDATE was wrong
  * Cleanups, add daemon support
  * Add simple 'null' skeleton backend plugin
  * Make all plugins dynamically loaded.
  * Fix error message
  * Remove dummy serial prototypes
  * Remove modules in 'make clean'
  * Make listeners plugins.
  * Fix whitespace
  * Move name_mode to fence_virtd block
  * Add name_mode to example.conf
  * Move VM naming scheme to top level of config
  * Fix bad assignment due to wrong variable
  * Fix use of wrong variable
  * Revert "/Fix use of wrong variable"/
  * Fix use of wrong variable
  * Enable UUID use in libvirt.c
  * Add missing log.c.  Enable syslog wrapping
  * Move options.c to client directory
  * Fix context type names
  * Minor cleanup
  * Drop duplicate fencing requests
  * Don't require specifying an interface in fence_virt.conf
  * Fix empty node parsing
  * Fix segfault
  * Fix install targets
  * Actually use the default port by default
  * Don't overwrite config files
  * Install modules, too.
  * Fix config file name
  * Add temporary 'make install' target
  * Make a default configuration file
  * Make mcast work with UUIDs
  * Update TODO
  * Remove useless prototype
  * Update todo
  * Add to the build
  * Fix missing carriage returns on debug prints
  * Add architecture overview description
  * Make serial_init match mcast_init.
  * Make multicast use config file
  * Integrate config file processing
  * Create server-side plugin architecture
  * Remove bad list_do/list_done macros
  * Make libvirt a built-in plugin
  * Update description text.
  * Fix header in serial.c.
  * serial: Make client work.
- remove patch contained by the update:
  * 0001-fence_compute-Only-list-nova-compute-services-when-g.patch
  * 0001-fence_gce-add-support-for-stackdriver-logging.patch
  * 0001-fence_gce-filter-call-to-aggregatedList.patch
  * 0001-fence_gce-fix-regression-missing-import-googleapicli.patch
  * 0001-fence_gce-new-agent.patch
  * 0001-fence_gce-Write-error-messages-to-log.patch
  * 0001-fence_vmware_soap-fix-for-selfsigned-certificate.patch
  * 0001-Zone-Project-parameters-are-mandatory.patch
  * 0002-fence_compute-Don-t-list-hypervisors-but-nova-comput.patch
  * 0002-fence_gce-fix-regression-missing-import-oauth2client.patch
  * 0002-fence_gce-set-project-and-zone-as-not-required.patch
  * 0003-fence_compute-Do-not-override-domain-if-it-is-alread.patch
  * 0003-fence_gce-add-power-cycle-as-default-method.patch
  * 0003-fence_gce-use-default-credentials-from-googleapiclie.patch
  * 0004-fence_compute-Fix-handling-of-domain-None.patch
  * 0004-fence_gce-add-missing-imports-to-retrieve-the-projec.patch
  * 0005-fence_compute-Fix-fix_domain-to-not-return-too-early.patch
  * 0005-fence_gce-s-loging-stackdriver-logging.patch
  * 0006-fence_compute-Fix-fix_plug_name-when-looking-if-plug.patch
  * 0006-fence_gce-use-root-logger-for-stackdriver.patch
  * 0007-fence_compute-Remove-duplicate-check-for-binary-name.patch
  * 0007-fence_gce-minor-changes-in-logging.patch
  * 0008-fence_compute-fix-to-avoid-breaking-nova.patch
  * 0009-Compute-Handle-differences-in-Nova-API-argument-pass.patch
  * 0010-Compute-Split-out-evacation-functionality.patch
  * 0011-evacuate-Handle-changes-to-the-nova-API.patch
  * 0012-compute-Fix-unfencing-and-ensure-fencing-occurs-in-p.patch
  * 0013-compute-update-metadata.patch
  * 0014-evacuate-add-expected-metadata.patch
  * 0015-fencing-Add-consistency-between-command-line-and-STD.patch
  * 0016-fix-for-ignored-options.patch
  * 0017-Maintain-ABI-compatibility-for-external-agents.patch
  * 0018-fencing-include-timestamps-when-logging-to-STDERR-an.patch
  * 0019-fencing-fix-help-for-quiet.patch
  * 0020-compute-Add-support-for-keystone-v3-authentication.patch
  * 0021-fence_compute-evacuate-update-metadata.patch
  * 0022-Log-the-proper-nova_versions-variable.patch
  * 0023-move-fence_evacuate-into-its-own-subdirectory.patch
  * 0024-fence_compute-fence_evacuate-revert-to-old-parameter.patch
  * 0100-Make-pywsman-dependency-optional.patch
- (jsc#SLE-18227) ECO: Update fence-agents
- (jsc#SLE-18200) Add upstream PR to aws-vpc-move-ip and apply required resource & fence agent patches
- (jsc#SLE-18202) Add upstream PR to aws-vpc-move-ip and apply required resource & fence agent patches
- Update all scripts to python3 (bsc#1065966)
  Add patch:
  * 0001-Use-Python-3-for-all-scripts-bsc-1065966.patch
- Security fix: [bsc#1196167, CVE-2021-4209]
  * Null pointer dereference in MD_UPDATE
  * Add gnutls-CVE-2021-4209.patch
- bsc#1188437 CVE-2021-27845: Fix divide-by-zery in cp_create()
  Add jasper-CVE-2021-27845.patch
- Bluetooth: fix the erroneous flush_work() order (CVE-2021-3564
- commit 6b62fb2
- moxart: fix potential use-after-free on remove path
- commit 5c87126
- memstick: rtsx_usb_ms: fix UAF
- commit 9dca558
- phonet: refcount leak in pep_sock_accep (bsc#1193867,
- commit f8aba64
- net: mana: Add RX fencing (bsc#1193507).
- net: mana: Fix spelling mistake "/calledd"/ -> "/called"/
- net: mana: Support hibernation and kexec (bsc#1193507).
- net: mana: Improve the HWC error handling (bsc#1193507).
- net: mana: Fix the netdev_err()'s vPort argument in
  mana_init_port() (bsc#1193507).
- net: mana: Allow setting the number of queues while the NIC
  is down (bsc#1193507).
- net: mana: Use kcalloc() instead of kzalloc() (bsc#1193507).
- hv_netvsc: Set needed_headroom according to VF (bsc#1193507).
- hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit()
- commit b86c625
- scsi: ufs: Correct the LUN used in eh_device_reset_handler()
  callback (bsc#1193864 CVE-2021-39657).
- commit 5bf6fe1
- usb: gadget: configfs: Fix use-after-free issue with udc_name
  (bsc#1193861 CVE-2021-39648).
- commit 57b5f12
- fget: clarify and improve __fget_files() implementation
- commit 696ea54
- drm/i915: Flush TLBs before releasing backing store
  (CVE-2022-0330 bsc#1194880).
- commit 68b92fb
- ipv6: use prandom_u32() for ID generation (CVE-2021-45485
- Refresh
- commit 7a68b0c
- cgroup: Use open-time credentials for process migraton perm
  checks (bsc#1194302 CVE-2021-4197).
- commit eda1a06
- NFC: add NCI_UNREG flag to eliminate the race (CVE-2021-4202
- NFC: reorder the logic in nfc_{un,}register_device
  (CVE-2021-4202 bsc#1194529).
- NFC: reorganize the functions in nci_request (CVE-2021-4202
- commit ce69894
- kprobes: Limit max data_size of the kretprobe instances
- commit c7e4a69
- xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like
  fallocate (bsc#1194272 CVE-2021-4155).
- commit c94e1fd
- fget: check that the fd still exists after getting a ref to it
  (bsc#1193727 CVE-2021-4083).
- commit e9025bf
- btrfs: unlock newly allocated extent buffer after error (bsc#1194001, CVE-2021-4149).
- commit 04a66fc
- inet: use bigger hash table for IP ID generation (CVE-2021-45486
- commit b355639
- fix typo in s390 mcount regex (bsc#1192267).
- commit e48d1db
- look for jgnop instruction as well as bcrl
  on s390 (bsc#1192267).
- Delete patches.suse/ftrace-recordmcount-binutils.patch.
- commit 6347684
- xen/netback: don't queue unlimited number of packages
  (CVE-2021-28715 XSA-392 bsc#1193442).
- commit a531529
- xen/console: harden hvc_xen against event channel storms
  (CVE-2021-28713 XSA-391 bsc#1193440).
- commit 58dceb5
- xen/netfront: harden netfront against event channel storms
  (CVE-2021-28712 XSA-391 bsc#1193440).
- commit 8877609
- xen-netfront: do not use ~0U as error return value for
  xennet_fill_frags() (git-fixes).
- commit 6d6d065
- xen-netfront: do not assume sk_buff_head list is empty in
  error handling (git-fixes).
- commit 28eaccf
- xen/netfront: don't bug in case of too many frags (bnc#1012382).
- commit 9558b52
- xen/netfront: don't cache skb_shinfo() (bnc#1012382).
- commit 009fd8c
- xen/blkfront: harden blkfront against event channel storms
  (CVE-2021-28711 XSA-391 bsc#1193440).
- commit 4e5bb56
- tty: hvc: replace BUG_ON() with negative return value
- commit c255786
- xen/netfront: don't trust the backend response data blindly
- commit b986b56
- xen/netfront: disentangle tx_skb_freelist (git-fixes).
- commit 6944250
- xen/netfront: don't read data from request on the ring page
- commit ab5b1b6
- xen/netfront: read response from backend only once (git-fixes).
- commit ef6e21b
- xen/blkfront: don't trust the backend response data blindly
- commit d0c7fcb
- xen/blkfront: don't take local copy of a request from the ring
  page (git-fixes).
- commit 8786833
- xen/blkfront: read response from backend only once (git-fixes).
- commit 766a2af
- xen: sync include/xen/interface/io/ring.h with Xen's newest
  version (git-fixes).
- commit 586947d
- Update
  (CVE-2020-27825 bsc#1179960).
- commit 6d2a553
- bpf: fix truncated jump targets on heavy expansions (bsc#1193575
- commit 64cd10a
- ring-buffer: Protect ring_buffer_reset() from reentrancy
- commit 7a1c06f
- kABI compatibility for struct l2tp_tunnel (bsc#1192032
- commit 0642c93
- l2tp: fix races with ipv4-mapped ipv6 addresses (bsc#1192032
- Refresh
- commit 9536429
- net/x25: prevent a couple of overflows (bsc#1178590
  CVE-2020-35519 bsc#1183696).
- commit 8ed397f
- ixgbe: fix large MTU request from VF (bsc#1192877
- commit 8a7b6d5
- mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
  (CVE-2021-43976 bsc#1192847).
- commit 4d86fa1
- mac80211: drop robust management frames from unknown TA
  (CVE-2019-0136 bsc#1193157).
- mac80211: handle deauthentication/disassociation from TDLS peer
  (CVE-2019-0136 bsc#1193157).
- commit 159b426
- hugetlbfs: flush TLBs correctly after huge_pmd_unshare
  (bsc#1192946 (CVE-2021-4002)).
- commit b430748
- constraints: Build aarch64 on recent ARMv8.1 builders.
  Request asimdrdm feature which is available only on recent ARMv8.1 CPUs.
  This should prevent scheduling the kernel on an older slower builder.
- commit 1742151
- Revert "/ Reject Patch-mainline: No"/
  Allow Patch-mainline: No on historical branch.
- commit 1d03b44
- net/x25: fix a race in x25_bind() (networking-stable-19_03_15).
- commit 14e51bf
- Add libqb-fix-linker-hack.patch to fix incomplete check for
  needing a work-around, which is wrong for newer binutils. (bsc#1192470)
  Related to [bsc#1075418].
- log: callsite symbols of main object are also handled in initializer (bsc#1075418)
  * bsc#1075418-libqb-log_register_one.patch
- IPC: server: avoid temporary channel priority loss, up to deadlock-worth (gh#ClusterLabs/libqb#352, rh#1718773, bsc#1188212)
  * bsc#1188212-0001-IPC-server-avoid-temporary-channel-priority-loss-up-.patch
- Add 0200-mountd-Initialize-logging-early.patch
  If an error or warning message is produced before
  closeall() is called, mountd gets confused and doesn't work.
- 0191-mount-don-t-bind-a-socket-needlessly.patch
  Don't bind() a non-priv socket immediately before connecting,
  as this wastes port numbers.
- CVE-2021-4115: fixed a denial of service via file descriptor leak (bsc#1195542)
  added CVE-2021-4115.patch
  * Determine the namespace of a process only once to speed
    up the parsing of fdinfo (bsc#1194172).
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
- CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit
  module; (bsc#1194859); (bso#14914).
- Update to version 1.0.6 (bsc#1195095, bsc#1195096)
  + Include cloud-init logs whenever they are present
  + Update the packages we track in AWS, Azure, and Google
  + Include the ecs logs for AWS ECS instances
- Fix possible segfault in read_task_stats() [bsc#1194679]
- Add sysstat-fix-segfault-in-read_task_stats.patch
- Security fix: [bsc#1195825, CVE-2018-16301]
  * Fix segfault when handling large files
  * Add tcpdump-CVE-2018-16301.patch
- security update: Fix buffer overwrite
  * CVE-2019-17546[bsc#1154365]
    + tiff-CVE-2019-17546.patch
- security update: Fix heap based buffer overflow in pal2rgb
  * CVE-2017-17095[bsc#1071031]
    + tiff-CVE-2017-17095.patch
- security update: Fix OOB in _TIFFmemcpy
  * CVE-2022-22844[bsc#1194539]
    + tiff-CVE-2022-22844.patch
- security update: Fix memory allocation failure in tif_read.c
  * CVE-2020-35521[bsc#1182808] CVE-2020-35522[bsc#1182809]
    + tiff-CVE-2020-35521,CVE-2020-35522.patch
- security update: Fix DOS via invertImage()
  * CVE-2020-19131[bsc#1190312]
    + tiff-CVE-2020-19131.patch
- security update: Fix heap-based buffer overflow in TIFF2PDF tool
  * CVE-2020-35524[bsc#1182812]
    + tiff-CVE-2020-35524.patch
- security update: Fix integer overflow in tif_getimage
  * CVE-2020-35523 [bsc#1182811]
    + tiff-CVE-2020-35523.patch
- fsm: fix device rename via yast (bsc#1194392)
  Reset worker config instead to reject a NULL/empty config
  xml node -- introduced in wicked 0.6.67 by commit c2a0385.
  [+ 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch]
- version 0.6.68
- sysctl: process sysctl.d directories as in sysctl --system
- sysctl: fix sysctl values for loopback device (bsc#1181163, bsc#1178357)
- dhcp4: add option to set route pref-src to dhcp IP (bsc#1192353)
- cleanup: warnings, time calculations and dhcp fixes (bsc#1188019)
- wireless: reconnect on unexpected wpa_supplicant restart (bsc#1183495)
- tuntap: avoid sysfs attr read error (bsc#1192311)
- ifstatus: fix warning of unexpected interface flag combination (bsc#1192164)
- dbus: config files in /usr shouldn't be marked as config in spec
- version 0.6.67
- dbus: install bus config in /usr (bsc#1183407,jsc#SLE-9750)
- logging: log reaped sub-process command and as debug, not error
- ifstatus: Don't show link as "/up"/ without RUNNING flag set
- firewalld: Make the zone assignment permanent (boo#1189560)
- fsm: cleanup and improve ifconfig and ifpolicy access utils
- dbus: cleanup the dbus-service.h file and unused property makros
- cleanup: applied code-spell run typo corrections
- dracut: initial fixes and improved option handling (boo#1182227)
- version 0.6.66
- wireless: migrate to wpa-supplicant v1 DBus interface (bsc#1156920)
  - support multiple networks configurations per interface
  - show connection status and scan-results (bsc#1160654)
  - corrected eap-tls,ttls cetificate handling and open vs. shared
    wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592)
  - cleanups and several other improvements, see changes
  - updated man ifcfg-wireless manual pages
- nanny: fix identify node owner exit condition
- schema: several xml-schema and dbus/property improvements
- utils: format/parse bitmap to array and string alternatives
- client: expose ethtool --get-permanent-address option
- removed sle15-sp3 patches included in the master sources (bsc#1181812)
  [- 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch]
  [- 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch]
- dhcp4: discover on reboot timeout after start-delay (bsc#1181812)
  [+ 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch]
- dhcp6: request nis options on sle15 by default (bsc#1181812)
  [+ 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch]
- version 0.6.65
- ifconfig: differentiate if to re-trigger dad on address updates (bsc#1177215)
- client: parse sysctl files in the correct order (bsc#1181186)
- ifup: fix for set up with unenslave from unconfigured master (boo#954329)
- rpm: prepare for new builds using usrmerged rpm macro (boo#1029961)
- rpm: Let wicked-service also provide service(network)
- cleanup: remove obsolete use-nanny=false (gh#openSUSE/wicked#815)
- dbus: add variant container, generic object-path and uint32 array macros
- bsc#1194581 - VUL-0: CVE-2022-23034: xen: a PV guest could DoS
  Xen while unmapping a grant (XSA-394)
- bsc#1194588 - VUL-0: CVE-2022-23035: xen: insufficient cleanup of
  passed-through device IRQs (XSA-395)
- Added CVE-2019-20044.patch: fixes insecure dropping of privileges when
  unsetting PRIVILEGED option (CVE-2019-20044 bsc#1163882)
- Add CVE-2018-1100.patch: it fixes buffer overflow in utils.c:checkmailpath()
  can lead to local arbitrary code execution (CVE-2018-1100 bsc#1089030)
- Added CVE-2021-45444.patch: fixes a vulnerability in prompt expansion which
  could be exploited through e.g.  VCS_Info to execute arbitrary shell
  commands (CVE-2021-45444 bsc#1196435)