autofs
- autofs-5.1.6-fix-quoted-string-length-calc-in-expand.patch
  Fix problem with quote handling
  (bsc#1181715)
- 0005-autofs-5.1.4-fix-incorrect-locking-in-sss-lookup.patch
  Fix locking problem that causes deadlock when sss used.
  (bsc#1196485)
- 0004-autofs-5.1.3-add-port-parameter-to-rpc_ping.patch
  Suppress portmap calls when port explicitly given
  (bsc#1195697)
cifs-utils
- CVE-2022-27239: mount.cifs: fix length check for ip option
  parsing; (bsc#1197216) (bso#15025); CVE-2022-27239.
  * add 0016-CVE-2022-27239-mount.cifs-fix-length-check-for-ip-op.patch
cloud-regionsrv-client
- Update to version 10.0.3 (bsc#1198389)
  - Descend into the extension tree even if top level module is recommended
  - Cache license state for AHB support to detect type switch
  - Properly clean suse.com credentials when switching from SCC to update
    infrastructure
  - New log message to indicate base product registration success
crmsh
- Update to version 4.3.1+20220321.bd33abac:
  * Dev: Parametrize the log dir
  * medium: utils: update detect_cloud pattern for aws (bsc#1197351)
  * Fix: utils: Only raise exception when return code of systemctl command over ssh larger than 4 (bsc#1196726)
  * Fix: sbd: not overwrite SYSCONFIG_SBD and sbd-disk-metadata if input 'n'(bsc#1194870)
  * Fix: crash_test: Adjust help output of 'crm cluster crash_test -h'(bsc#1194615)
  * Fix: bootstrap: Change log info when need to change user login shell (bsc#1194026)
e2fsprogs
- libss-add-newer-libreadline.so.7-to-dlopen-path.patch: libss: Add support
  for libreadline.so.7 for Leap 15.3 (bsc#1196939)
gcc11
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
  packages provided by older GCC work.  Add a requires from that
  package to the corresponding libstc++6 package to keep those
  at the same version.  [bsc#1196107]
- Add gcc11-D-dependence-fix.patch to fix memory corruption when
  creating dependences with the D language frontend.
- Sync cross.spec.in to avoid trying to build cross-aarch64-gcc1-bootstrap
  on aarch64 which is unresolvable.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
  to Recommends.
gzip
- Fix escaping of malicious filenames (CVE-2022-1271 bsc#1198062)
  * bsc1198062.patch
- fix DFLTCC segfault [bsc#1177047]
- added patches
  fix https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=be0a534ba2b6e77da289de8da79e70843b1028cc
  + gzip-1.10-fix-DFLTCC-segfault.patch
- gzip.spec: move %patch10 from the ifarch condition (mistake)
- add gzip-1.10-fix_count_of_lines_to_skip.patch to fix count
  of lines to skip [bsc#1180713]
kernel-default
- Update
  patches.suse/llc-fix-netdevice-reference-leaks-in-llc_ui_bind.patch
  references (add CVE-2022-28356 bsc#1197391).
- commit 658b50e
- netfilter: nf_tables: initialize registers in nft_do_chain()
  (CVE-2022-1016 bsc#1197227).
- commit 4726ea9
- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
- commit caaa7d4
- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb
  in error path (CVE-2022-28389 bsc#1198033).
- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb()
  in error path (CVE-2022-28388 bsc#1198032).
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb()
  in error path (CVE-2022-28390 bsc#1198031).
- commit 2396928
- xprtrdma: fix incorrect header size calculations (CVE-2022-0812
  bsc#1196639).
- commit 19d5b1d
- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and
  mmap_lock (CVE-2022-1048 bsc#1197331).
- Refresh
  patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch.
- commit 62bc950
- ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562
  bsc#1196761 CVE-2022-0850).
- commit 0d570d1
- Update patches.suse/sr9700-sanity-check-for-packet-length.patch
  (bsc#1196836 CVE-2022-26966).
  fixed typo in References
- commit e04f4f1
- esp: Fix possible buffer overflow in ESP transformation
  (bsc#1197131 CVE-2022-0886).
- commit d9e58bc
- Refresh patches.suse/xfrm-fix-mtu-regression.patch.
- commit 0ee241b
- quota: check block number when reading the block in quota  file
  (bsc#1197366 CVE-2021-45868).
- commit b7d9616
- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048
  bsc#1197331).
- Refresh patches.kabi/ALSA-pcm-oss-rw_ref-kabi-fix.patch.
- commit f284bec
- Fixing a series_sort.py issue for a patch
  The patch: blk-mq-move-_blk_mq_update_nr_hw_queues-synchronize_rcu-call
  was placed at the end of the sorted section by series_insert.py at
  one time, but now series_sort.py is complaining. So move this patch
  to later in series.conf, outside of the sorted section, making
  series_sort.py happy.
- commit a65cae5
- ALSA: pcm: Fix races among concurrent prealloc proc writes
  (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent prepare and
  hw_params/hw_free calls (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent read/write and buffer
  changes (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent hw_params and hw_free
  calls (CVE-2022-1048 bsc#1197331).
- commit 0f72275
- macros.kernel-source: Fix conditional expansion.
  Fixes: bb95fef3cf19 ("/rpm: Use bash for %() expansion (jsc#SLE-18234)."/)
- commit 7e857f7
- rpm: Use bash for %() expansion (jsc#SLE-18234).
  Since 15.4 alternatives for /bin/sh are provided by packages
  <something>-sh. While the interpreter for the build script can be
  selected the interpreter for %() cannot.
  The kernel spec files use bashisms in %().
  While this could technically be fixed there is more serious underlying
  problem: neither bash nor any of the alternatives are 100% POSIX
  compliant nor bug-free.
  It is not my intent to maintain bug compatibility with any number of
  shells for shell scripts embedded in the kernel spec file. The spec file
  syntax is not documented so embedding the shell script in it causes some
  unspecified transformation to be applied to it. That means that
  ultimately any changes must be tested by building the kernel, n times if
  n shells are supported.
  To reduce maintenance effort require that bash is used for kernel build
  always.
- commit bb95fef
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
  (bsc#1196018).
- commit 95d7e2c
- net: usb: ax88179_178a: fix packet alignment padding
  (bsc#1196018).
- commit 065384f
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32
  (bsc#1196018).
- commit f59903f
- Update patches.suse/sr9700-sanity-check-for-packet-length.patch
  (bac#1196836 CVE-2022-26966).
  added CVE number
- commit 7e940d6
- rpm: Run external scriptlets on uninstall only when available
  (bsc#1196514 bsc#1196114 bsc#1196942).
  When dependency cycles are encountered package dependencies may not be
  fulfilled during zypper transaction at the time scriptlets are run.
  This is a problem for kernel scriptlets provided by suse-module-tools
  when migrating to a SLE release that provides these scriptlets only as
  part of LTSS. The suse-module-tools that provides kernel scriptlets may
  be removed early causing migration to fail.
- commit ab8dd2d
- rpm: SC2006: Use $(...) notation instead of legacy backticked `...`.
- commit f0d0e90
- rpm/kernel-source.spec.in: call fdupes per subpackage
  It is a waste of time to do a global fdupes when we have
  subpackages.
- commit 1da8439
- net: sched: use Qdisc rcu API instead of relying on rtnl lock
  (bsc#1196973 CVE-2021-39713).
- net: sched: add helper function to take reference to Qdisc
  (bsc#1196973 CVE-2021-39713).
- net: sched: extend Qdisc with rcu (bsc#1196973 CVE-2021-39713).
- net: sched: rename qdisc_destroy() to qdisc_put() (bsc#1196973
  CVE-2021-39713).
- net: core: netlink: add helper refcount dec and lock function
  (bsc#1196973 CVE-2021-39713).
- commit a22ecb0
- xen/netfront: react properly to failing
  gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396,
  CVE-2022-23042).
- commit 2b38f30
- xen/gnttab: fix gnttab_end_foreign_access() without page
  specified (bsc#1196488, XSA-396, CVE-2022-23041).
- commit 7149843
- xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396,
  CVE-2022-23041).
- commit a920e1c
- xen/usb: don't use gnttab_end_foreign_access() in
  xenhcd_gnttab_done() (bsc#1196488, XSA-396).
- commit e8ca175
- xen/gntalloc: don't use gnttab_query_foreign_access()
  (bsc#1196488, XSA-396, CVE-2022-23039).
- commit 02e08de
- xen/scsifront: don't use gnttab_query_foreign_access() for
  mapped status (bsc#1196488, XSA-396, CVE-2022-23038).
- commit 78fd62a
- xen/netfront: don't use gnttab_query_foreign_access() for
  mapped status (bsc#1196488, XSA-396, CVE-2022-23037).
- commit 335a138
- xen/blkfront: don't use gnttab_query_foreign_access() for
  mapped status (bsc#1196488, XSA-396, CVE-2022-23036).
- commit 69cc608
- xen/grant-table: add gnttab_try_end_foreign_access()
  (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038).
- commit d8d4a06
- xen/xenbus: don't let xenbus_grant_ring() remove grants in
  error case (bsc#1196488, XSA-396, CVE-2022-23040).
- commit 9eb0e70
- rpm/arch-symbols,guards,*driver: Replace Novell with SUSE.
- commit 174a64f
- usb: host: xen-hcd: add missing unlock in error path
  (git-fixes).
- commit af60176
- Refresh
  patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch.
- commit ee8e3fd
- Refresh
  patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch.
- commit 29bb7f5
- rpm/kernel-docs.spec.in: use %%license for license declarations
  Limited to SLE15+ to avoid compatibility nightmares.
- commit 73d560e
- rpm/*.spec.in: Use https:// urls
- commit 77b5f8e
- sr9700: sanity check for packet length (bsc#1196836).
- commit 7ac3395
- nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
  (CVE-2022-26490 bsc#1196830).
- commit 47ae8c5
- Update patch reference for iov security fix (CVE-2022-0847 bsc#1196584)
- commit 43f0d0b
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- commit 72e80fb
- kernel-binary.spec: Also exclude the kernel signing key from devel package.
  There is a check in OBS that fails when it is included. Also the key is
  not reproducible.
  Fixes: bb988d4625a3 ("/kernel-binary: Do not include sourcedir in certificate path."/)
- commit 68fa069
- rpm/check-for-config-changes: Ignore PAHOLE_VERSION.
- commit 88ba5ec
- kernel-binary: Do not include sourcedir in certificate path.
  The certs macro runs before build directory is set up so it creates the
  aggregate of supplied certificates in the source directory.
  Using this file directly as the certificate in kernel config works but
  embeds the source directory path in the kernel config.
  To avoid this symlink the certificate to the build directory and use
  relative path to refer to it.
  Also fabricate a certificate in the same location in build directory
  when none is provided.
- commit bb988d4
- constraints: Also adjust disk requirement for x86 and s390.
- commit 9719db0
- constraints: Increase disk space for aarch64
- commit 09c2882
- kernel-obs-build: include 9p (boo#1195353)
  To be able to share files between host and the qemu vm of the build
  script, the 9p and 9p_virtio kernel modules need to be included in
  the initrd of kernel-obs-build.
- commit 0cfe67a
- kernel-binary.spec.in: Move 20-kernel-default-extra.conf to the correctr
  directory (bsc#1195051).
- commit c80b5de
- kernel-binary.spec: Do not use the default certificate path (bsc#1194943).
  Using the the default path is broken since Linux 5.17
- commit 68b36f0
- fix rpm build warning
  tumbleweed rpm is adding these warnings to the log:
  It's not recommended to have unversioned Obsoletes: Obsoletes:      microcode_ctl
- commit 3ba8941
- build initrd without systemd
  This reduces the size of the initrd by over 25%, which
  improves startup time of the virtual machine by 0.5-0.6s on
  very fast machines, more on slower ones.
- commit ef4c569
- kernel-obs-build: remove duplicated/unused parameters
  lbs=0 - this parameters is just giving "/unused parameter"/ and it looks
  like I can not find any version that implemented this.
  rd.driver.pre=binfmt_misc is not needed when setup_obs is used, it
  alread loads the kernel module.
  quiet and panic=1 will now be also always added by OBS, so we don't have
  to set it here anymore.
- commit 972c692
- Revert "/- rpm/*build: use buildroot macro instead of env variable"/
  buildroot macro is not being expanded inside a shell script. go
  back to the environment variable usage. This reverts parts of
  commit e2f60269b9330d7225b2547e057ef0859ccec155.
- commit fe85f96
- kernel-obs-build: include the preferred kernel parameters
  Currently the Open Build Service hardcodes the kernel boot parameters
  globally. Recently functionality was added to control the parameters
  by the kernel-obs-build package, so make use of that. parameters here
  will overwrite what is used by OBS otherwise.
- commit a631240
- kernel-obs-build: inform build service about virtio-serial
  Inform the build worker code that this kernel supports virtio-serial,
  which improves performance and relability of logging.
- commit 301a3a7
- rpm/*.spec.in: use buildroot macro instead of env variable
  The RPM_BUILD_ROOT variable is considered deprecated over
  a buildroot macro. future proof the spec files.
- commit e2f6026
- rpm/kernel-obs-build.spec.in: move to zstd for the initrd
  Newer distros have capability to decompress zstd, which
  provides a 2-5% better compression ratio at very similar
  cpu overhead. Plus this tests the zstd codepaths now as well.
- commit 3d53a5b
libinput
- Add libinput-CVE_2022-1215.patch: strip the device name of
  format directives (boo#1198111 CVE-2022-1215).
libsolv
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code
  [bsc#1196514]
- support parsing of Debian's Multi-Arch indicator
- bump version to 0.7.22
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden
  vendor change
- support strict repository priorities
  new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members
  ("/requires"/ is a keyword in C++20)
- support setting/reading userdata in solv files
  new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
  new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
- bump version to 0.7.21
libzypp
- ZConfig: Update solver settings if target changes (bsc#1196368)
- version 17.30.0 (22)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- version 17.29.7 (22)
- Fix package signature check (bsc#1184501)
  Pay attention that header and payload are secured by a valid
  signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
  A previously released ISO image may need a bit more time to
  release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm
  protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- version 17.29.6 (22)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
- version 17.29.5 (22)
mozilla-nss
- Mozilla NSS 3.68.3 (bsc#1197903)
  This release improves the stability of NSS when used in a multi-threaded
  environment. In particular, it fixes memory safety violations that
  can occur when PKCS#11 tokens are removed while in use (CVE-2022-1097).
  We presume that with enough effort these memory safety violations are exploitable.
  * Remove token member from NSSSlot struct (bmo#1756271).
  * Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots
    (bmo#1755555).
  * Check return value of PK11Slot_GetNSSToken (bmo#1370866).
perl
- Stabilize Socket::VERSION comparisons [bnc#1193489]
  new patch: perl-Stabilize-Socket-VERSION-comparisons.patch
psmisc
  * Add a fallback if the system call name_to_handle_at() is
    not supported by the used file system.
- Add patch psmisc-22.21-semaphores.patch
  * Replace the synchronizing over pipes of the sub process for the
    stat(2) system call with mutex and conditions from pthreads(7)
    (bsc#1194172)
- Add patch psmisc-22.21-statx.patch
  * Use statx(2) or SYS_statx system call to replace the stat(2)
    system call and avoid the sub process at all (bsc#1194172)
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
python-requests
- Add patches fixing CVE-2018-18074 (bsc#1111622) preventing the
  package to send an HTTP Authorization header to an http URI
  upon receiving a same-hostname https-to-http redirect:
  - 01-CVE-2018-18074-strip-authorization-hdrs.patch
  - 02-proper-handl-ports-auth-strip.patch
  - 03-v2.20.0...v2.20.1.patch
ruby2
- Update suse.patch:
  - backport fix for CVE-2022-28739: ruby: Buffer overrun in
    String-to-Float conversion (boo#1198441)
  - back port date 2.0.3 CVE-2021-41817 (boo#1193035)
  - merge the previous bug fixes into suse.patch
  - CVE-2021-32066.patch
  - CVE-2021-31810.patch
  - CVE-2021-31799.patch
- Add Requires to make and gcc to ruby-devel to make the default
  extconf.rb work
rubygem-puma
- updated to version 4.3.11
  * fix bsc#1196222, CVE-2022-23634
  rubygem-puma: puma would not always call 'close' on the response body
  * fix bsc#1191681, CVE-2021-41136
  * fix bsc#1188527, CVE-2021-29509
salt
- Prevent data pollution between actions proceesed
  at the same time (bsc#1197637)
- Fix regression preventing bootstrapping new clients
  caused by redundant dependency on psutil (bsc#1197533)
- Added:
  * prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch
  * fix-regression-with-depending-client.ssh-on-psutil-b.patch
- Fix salt-ssh opts poisoning (bsc#1197637)
- Added:
  * fix-salt-ssh-opts-poisoning-bsc-1197637-3002.2-500.patch
- Remove duplicated method definitions in salt.netapi
- Clear network interfaces cache on grains request (bsc#1196050)
- Add salt-ssh with Salt Bundle support (venv-salt-minion)
  (bsc#1182851, bsc#1196432)
- Restrict "/state.orchestrate_single"/ to pass a pillar value if it exists (bsc#1194632)
- Added:
  * remove-duplicated-method-definitions-in-salt.netapi-.patch
  * clear-network-interface-cache-when-grains-are-reques.patch
  * add-salt-ssh-support-with-venv-salt-minion-3002.2-47.patch
  * fix-state.orchestrate_single-to-not-pass-pillar-none.patch
- Renamed:
  * patch_for_cve_bsc1197417.patch -> fix-multiple-security-issues-bsc-1197417.patch
- Fix multiple security issues (bsc#1197417)
  * Sign authentication replies to prevent MiTM (CVE-2022-22935)
  * Sign pillar data to prevent MiTM attacks. (CVE-2022-22934)
  * Prevent job and fileserver replays (CVE-2022-22936)
  * Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941)
sanlock
- spec: Add libuuid as a build requirement to fix compilation on
  SLE15 SP4
  bsc#1197853
supportutils
- Spec file adjusted for usr-merge
- Changes to version 3.1.20
  + Added command blkid #114
  + Added s390x specific files and output #115
  + Fix for invalid argument during updates (bsc#1193204)
  + Optimized conf_files, conf_files_text and log_cmd functions #118
  + Fixed iscsi initiator name (bsc#1195797)
  + Added rpcinfo -p output #116
  + Included /etc/sssd/conf.d configuration files #100
- Changes to version 3.1.19
  + Made /proc directory and network names spaces configurable (bsc#1193868)
- Changes to version 3.1.19
  + Removed chronyc DNS lookups with -n switch (bsc#1193732)
- Merged Include udev rules in /lib/udev/rules.d/ #113
- Merged Move localmessage/warm logs out of messages.txt to new localwarn.txt #87
- getappcore identifies compressed core files (bsc#1191794)
- Installing to /usr/sbin instead of /sbin (bsc#1191096)
- Added shared memory as a log directory for emergency use (bsc#1190943)
- Fixed cron package for RPM validation (bsc#1190315)
- Updated spec file with correct URL
- Changes to version 3.1.18
  + Added email.txt based on OPTION_EMAIL #108 (bsc#1189028)
  + Include 'multipath -t' output in mpio.txt #105
  + Improved lsblk readability with --ascsi #106
  + Removed duplicate commands in network.txt
  + Remove duplicate firewalld status output #109
suse-build-key
- No longer install 1024bit keys by default. (bsc#1197293)
  - SLE11 key moved to documentation
  - old PTF (pre March 2022) moved to documentation only
tar
- tests-skip-time01-on-32bit-time_t.patch: Add patch to skip test
  'tests/time01.at' on platforms with 32-bit time_t for now.
- tar.spec: Reference it.
  (%check): Output the testsuite.log in case the testsuite failed.
- The following issues have already been fixed in this package but
  weren't previously mentioned in the changes file:
  * bsc#1181131, CVE-2021-20193
  * bsc#1120610
- GNU tar 1.34:
  * Fix extraction over pipe
  * Fix memory leak in read_header
  * Fix extraction when . and .. are unreadable
  * Gracefully handle duplicate symlinks when extracting
  * Re-initialize supplementary groups when switching to user
    privileges
- GNU tar 1.33:
  * POSIX extended format headers do not include PID by default
  * --delay-directory-restore works for archives with reversed
    member ordering
  * Fix extraction of a symbolic link hardlinked to another
    symbolic link
  * Wildcards in exclude-vcs-ignore mode don't match slash
  * Fix the --no-overwrite-dir option
  * Fix handling of chained renames in incremental backups
  * Link counting works for file names supplied with -T
  * Accept only position-sensitive (file-selection) options in file
    list files
- remove deprecated texinfo packaging macros
- prepare usrmerge (boo#1029961)
- Drop Requires(pre) info in the preamble: the main package does
  not contain any info files, and has not even a pre script. The
  - doc subpackage already has the correct deps.
- No longer recommend -lang: supplements are in use.
- update to version 1.32
  * Fix the use of --checkpoint without explicit --checkpoint-action
  * Fix extraction with the -U option
  * Fix iconv usage on BSD-based systems
  * Fix possible NULL dereference (savannah bug #55369)
    [bsc#1130496] [CVE-2019-9923]
  * Improve the testsuite
- remove tar-1.31-tests_dirrem.patch and
  tar-1.31-racy_compress_tests.patch that are no longer needed
  (applied usptream)
- Remove libattr-devel from buildrequires, tar no longer uses
  it but finds xattr functions in libc.
- update to version 1.31
  * Fix heap-buffer-overrun with --one-top-level, bug introduced
    with the addition of that option in 1.28
  * Support for zstd compression
  * New option '--zstd' instructs tar to use zstd as compression
    program. When listing, extractng and comparing, zstd compressed
    archives are recognized automatically. When '-a' option is in
    effect, zstd compression is selected if the destination archive
    name ends in '.zst' or '.tzst'.
  * The -K option interacts properly with member names given in the
    command line. Names of members to extract can be specified along
    with the "/-K NAME"/ option. In this case, tar will extract NAME
    and those of named members that appear in the archive after it,
    which is consistent with the semantics of the option. Previous
    versions of tar extracted NAME, those of named members that
    appeared before it, and everything after it.
  * Fix CVE-2018-20482 - When creating archives with the --sparse
    option, previous versions of tar would loop endlessly if a
    sparse file had been truncated while being archived.
- remove the following patches (upstreamed)
  * tar-1.30-tests-difflink.patch
  * tar-1.30-tests_dirrem_race.patch
- refresh add_readme-tests.patch
- add tar-1.31-tests_dirrem.patch to fix expected output in dirrem
  tests
- add tar-1.31-racy_compress_tests.patch to fix compression tests
xkeyboard-config
- U_Add-the-new-AZERTY-layout-norm-NF-Z71-300.patch
  * Backport French standardized AZERTY layout (AFNOR: NF Z71-300)
    (bsc#1188867)
xz
- Fix ZDI-CAN-16587 Fix escaping of malicious filenames
  (ZDI-CAN-16587 bsc#1198062 CVE-2022-1271)
  * bsc1198062.patch
zypper
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
- version 1.14.52