- Version bump to 0.155.0
- Add systemd support for the resource agent to interact with the
  new SAP unit files for sapstartsrv.
  As the new version of the SAP Startup Framework will use systemd
  unit files to control the sapstartsrv process instead of the
  previous used SysV init script, we need to adapt the handling of
  sapstartsrv inside the resource agents to support both ways.
  (bsc#1189530, bsc#1189531)
- The resource start and stop timeout is now configurable by
  increasing the timeout for the action 'start' and/or 'stop'.
  We will use 95% of this action timeouts to calculate the new
  resource start and stop timeout for the 'WaitforStarted' and
  'WaitforStopped' functions. If the new, calculated timeout value
  is less than '3600', it will be set to '3600', so that we do not
  decrease this timeout by accident
  (bsc#1182545)
- change promotion scoring during maintenance procedure to prevent
  that both sides have an equal promotion scoring after refresh
  which might result in a critical promotion of the secondary.
  (bsc#1174557)
- update of man page SAPHanaSR.py.7 - correct the supported HANA
  version.
  (bsc#1182201)
- if the $hdbState command fails to retrieve the current state of
  the System Replication, the resource agent now uses the
  system_replication/actual_mode attribute (if available) from the
  global.ini file as a fallback.
  This should prevent some confusing and misleading log messages
  during a takeover and solves the problem of a not working
  takeover back (after a successful first takeover)
  (bsc#1181765)
- add dedicated logging of HANA_CALL problems. So it will be now
  possible to identify, if the called hana command or the needed
  su command throws the error and for further hints we log the
  stderr output.
  Additional it is possible to get regular log messages for the
  used commands, their return code and their stderr output by
  enabling the 'debug' mode of the resource agents.
  (bsc#1182774)

- fix (bsc#1194883) - aaa_base: Set net.ipv4.ping_group_range to
  allow ICMP ping
- added patches
  + git-40-d004657a244d75b372a107c4f6097b42ba1992d5.patch
- Port change from Thu Sep 30 08:51:55 UTC 2022 forword to
  current version which includes a rename of patch
    git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  to
    git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  as otherwise autopatch macro does not work anymore
- Include all fixes and changes for systemwide inputrc to remove
  the 8 bit escape sequence which interfere with UTF-8 multi byte
  characters as well as support the vi mode of readline library.
  This is done with the patches
  * git-41-f00ca2600331602241954533a1b1610d1da57edf.patch
  * git-42-f39a8d18719c3b34373e0e36098f0f404121b5c5.patch
  before the changed patch
    git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  rename it to
    git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  and also add the patches
  * git-44-425f3e9b44ba9ead865d70ff6690d5f2869442dc.patch
  * git-45-bf0a31597d0ed3562bfc5e6be0ade2fe5dc1f7a1.patch

- support new chrony 4.1 options (jsc#SLE-17334)
  augeas-new_options_for_chrony.patch

- Downgrade python3-Twisted to a Recommends. It is not available
  on SLED or PackageHub, and it is only needed by avahi-bookmarks
  (bsc#1196282).
- Add avahi-bookmarks-import-warning.patch: fix warning when
  twisted is not available.
- Replace avahi-0.6.31-systemd-order.patch with
  avahi-add-resolv-conf-to-inotify.patch: re-read configuration
  when resolv.conf changes, per discussion on the bug
  (boo#1194561).
- Have python3-avahi require python3-dbus-python, not the
  python 2 dbus-1-python package (bsc#1195614).
- Reinstate avahi-0.6.31-systemd-order.patch (boo#1194561).
  This can probably go away if/when gh#lathiat/avahi#118 is fixed.
- Drop avahi-0.6.32-suppress-resolv-conf-warning.patch: we should
  no longer need this given the above patch.
- Move sftp-ssh and ssh services to the doc directory. They allow
  a host's up/down status to be easily discovered and should not
  be enabled by default (boo#1179060).

- When using forwarders, bogus NS records supplied by, or via, those
  forwarders may be cached and used by named if it needs to recurse
  for any reason, causing it to obtain and pass on potentially
  incorrect answers.
  [CVE-2021-25220, bsc#1197135, bind-9.16.27-0001-CVE-2021-25220.patch]

- systemctl location (bsc#1193531)
  - Add cloud-init-sysctl-not-in-bin.patch
  - The sytemctl executable is not necessarily in '/bin'
- Remove unneeded BuildRequires on python3-nose.

- Update to version 10.0.2
  + Fix name of logfile in error message
  + Fix variable scoping to properly detect registration error
  + Cleanup any artifacts on registration failure
  + Fix latent bug with /etc/hosts population
  + Do not throw error when attemting to unregister a system that is not
    registered
  + Skip extension registration if the extension is recommended by the
    baseproduct as it gets automatically installed
- Update to version 10.0.1 (bsc#1197113)
  + Provide status feedback on registration, success or failure
  + Log warning message if data provider is configured but no data
    can be retrieved
- Update -addon-azure to 1.0.3 follow up fix for (bsc#1195414, bsc#1195564)
  + The repo enablement timer cannot depend on guestregister.service

- Update to version 4.3.1+20220321.bd33abac:
  * Dev: Parametrize the log dir
  * medium: utils: update detect_cloud pattern for aws (bsc#1197351)
  * Fix: utils: Only raise exception when return code of systemctl command over ssh larger than 4 (bsc#1196726)
  * Fix: sbd: not overwrite SYSCONFIG_SBD and sbd-disk-metadata if input 'n'(bsc#1194870)
  * Fix: crash_test: Adjust help output of 'crm cluster crash_test -h'(bsc#1194615)
  * Fix: bootstrap: Change log info when need to change user login shell (bsc#1194026)

  * (CVE-2022-25236, bsc#1196784) [>=2.4.5] Fix to CVE-2022-25236
    breaks biboumi, ClairMeta, jxmlease, libwbxml,
    openleadr-python, rnv, xmltodict
  - Added expat-CVE-2022-25236-relax-fix.patch
- Security fixes:

- Add /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)

- pthread-rwlock-trylock-stalls.patch: nptl: Fix pthread_rwlock_try*lock
  stalls (bsc#1195560, BZ #23844)
- clnt-create-unix-overflow.patch: Buffer overflow in sunrpc clnt_create
  for "/unix"/ (CVE-2022-23219, bsc#1194768, BZ #22542)
- svcunix-create-overflow.patch: Buffer overflow in sunrpc svcunix_create
  (CVE-2022-23218, bsc#1194770, BZ #28768)
- getcwd-erange.patch: getcwd: Set errno to ERANGE for size == 1
  (CVE-2021-3999, bsc#1194640, BZ #28769)
- pop-fail-stack.patch: Assertion failure in pop_fail_stack when executing
  a malformed regexp (CVE-2015-8985, bsc#1193625, BZ #21163)

- Update to Java 8.0 Service Refresh 7 Fix Pack 5 [bsc#1197126]
  * https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities
    [bsc#1194927, CVE-2022-21366] [bsc#1194928, CVE-2022-21365]
    [bsc#1194929, CVE-2022-21360] [bsc#1196500, CVE-2022-21349]
    [bsc#1194941, CVE-2022-21341] [bsc#1194940, CVE-2022-21340]
    [bsc#1194939, CVE-2022-21305] [bsc#1194930, CVE-2022-21277]
    [bsc#1194931, CVE-2022-21299] [bsc#1194932, CVE-2022-21296]
    [bsc#1194933, CVE-2022-21282] [bsc#1194934, CVE-2022-21294]
    [bsc#1194935, CVE-2022-21293] [bsc#1194925, CVE-2022-21291]
    [bsc#1194937, CVE-2022-21283] [bsc#1194926, CVE-2022-21248]
    [CVE-2022-21271]
- Fix a javaws broken symlink [bsc#1195146]

- fix memory leak in client protocol version 2 code (bsc#1193805)
  - update: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch

- require apparmor-abstractions, because apparmor.service fails with
  Could not open 'tunables/global' error otherwise (bsc#1195144)

- Add 0023-cache.c-removed-a-couple-warning.patch
  Fix compilation with new glibc (SLE15-SP4)
  (bsc#1197788)
- Add 0021-mount.nfs-insert-sloppy-at-beginning-of-the-options.patch
  Add 0022-mount.nfs-Fix-the-sloppy-option-processing.patch
  Ensure "/sloppy"/ is added correctly for newer kernels.  Particularly
  required for kernels since 5.6 (so SLE15-SP4), and safe for all kernels.
  (boo#1197297)

- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression
  reporting is bsc#1197004 causing SSSD to have faults.
- jsc#PM-3288 - restore CLDAP functionality in CLI tools

- Security Fix: [bsc#1196877, CVE-2022-0778]
  * Infinite loop in BN_mod_sqrt() reachable when parsing certificates
  * Add openssl-CVE-2022-0778.patch

- Between allocating the variable "/ai"/ and free'ing them, there are
  two "/return NO"/ were we don't free this variable. This patch
  inserts freaddrinfo() calls before the "/return NO;"/s.
  [bsc#1197024, pam-bsc1197024-free-addrinfo-before-return.patch]
- Define _pam_vendordir as "//%{_sysconfdir}/pam.d"/
  The variable is needed by systemd and others.
  [bsc#1196093, macros.pam]

- Add patch bsc1195468-23da4f40.patch to fix bsc#1195468 that is
  ignore SIGURG

- Fix incorrect parsing of nullchar in the proto symbol, CVE-2021-22570,
  bsc#1195258
  * Add protobuf-CVE-2021-22570.patch

- (CVE-2020-22934) (CVE-2020-22935) (CVE-2020-22936) (CVE-2020-22941) (bsc#1197417)
- Added:
  * patch_for_cve_bsc1197417.patch

- extended expiry of SUSE PTF key, move it to suse_ptf_key_old.asc
- added new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494)
- extended expiry of SUSE SLES11 key (bsc#1194845)
- added SUSE Contaner signing key in PEM format for use e.g. by cosign.
- SUSE security key replaced with 2022 edition (E-Mail usage only). (bsc#1196495)

- Import commit 5e7db68eb43ec3733c56e98262973431f57e2265
  4f00efadc7 systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870)

- Security fix: [bsc#1195825, CVE-2018-16301]
  * Fix segfault when handling large files
  * Add tcpdump-CVE-2018-16301.patch

- timezone update 2022a (bsc#1177460):
  * Palestine will spring forward on 2022-03-27, not -03-26*
  * zdump -v now outputs better failure indications
  * Bug fixes for code that reads corrupted TZif data

- break bash <-> update-alternatives cycle by coolo's rewrite
  of %post in lua [bsc#1195654]

- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51,
  util-linux-libuuid-extend-cache.patch).
- Prevent root owning of /var/lib/libuuid/clock.txt
  (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
- Warn if uuidd lock state is not usable (bsc#1194642,
  util-linux-uuidd-check-lock-state.patch).
- Fix "/su -s"/ bash completion
  (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).

- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51,
  util-linux-libuuid-extend-cache.patch).
- Prevent root owning of /var/lib/libuuid/clock.txt
  (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
- Warn if uuidd lock state is not usable (bsc#1194642,
  util-linux-uuidd-check-lock-state.patch).
- Fix "/su -s"/ bash completion
  (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).

- Fix CVE-2018-20573 The Scanner:EnsureTokensInQueue function in yaml-cpp
  allows remote attackers to cause DOS via a crafted YAML file
  (CVE-2018-20573, bsc#1121227)
- Fix CVE-2018-20574 The SingleDocParser:HandleFlowMap function in
  yaml-cpp allows remote attackers to cause DOS via a crafted YAML file
  (CVE-2018-20574, bsc#1121230)
- Fix CVE-2019-6285 The SingleDocParser::HandleFlowSequence function in
  cpp allows remote attackers to cause DOS via a crafted YAML file
  (CVE-2019-6285, bsc#1122004)
- Fix CVE-2019-6292 An issue was discovered in singledocparser.cpp in
  yaml-cpp which cause DOS by stack consumption
  (CVE-2019-6292, bsc#1122021)
- Added patch cve-2018-20574.patch

- CVE-2018-25032: Fix memory corruption on deflate, bsc#1197459
  * bsc1197459.patch