Removed rpms
============

 - google-arimo-fonts
 - google-cousine-fonts
 - google-noto-fonts-doc
 - google-tinos-fonts
 - noto-sans-cjk-fonts

Added rpms
==========

 - google-noto-sans-cjk-fonts
 - google-noto-sans-jp-bold-fonts
 - google-noto-sans-jp-fonts
 - google-noto-sans-jp-regular-fonts
 - google-noto-sans-kr-bold-fonts
 - google-noto-sans-kr-fonts
 - google-noto-sans-kr-regular-fonts
 - google-noto-sans-sc-bold-fonts
 - google-noto-sans-sc-fonts
 - google-noto-sans-sc-regular-fonts
 - google-noto-sans-tc-bold-fonts
 - google-noto-sans-tc-fonts
 - google-noto-sans-tc-regular-fonts
 - google-noto-serif-jp-bold-fonts
 - google-noto-serif-jp-fonts
 - google-noto-serif-jp-regular-fonts
 - google-noto-serif-kr-bold-fonts
 - google-noto-serif-kr-fonts
 - google-noto-serif-kr-regular-fonts
 - google-noto-serif-sc-bold-fonts
 - google-noto-serif-sc-fonts
 - google-noto-serif-sc-regular-fonts
 - google-noto-serif-tc-bold-fonts
 - google-noto-serif-tc-fonts
 - google-noto-serif-tc-regular-fonts
 - hplip-udev-rules
 - libtiff6
 - noto-arimo-fonts
 - noto-cousine-fonts
 - noto-tinos-fonts
 - plocate

Package Source Changes
======================

AppStream
+- Fix the documentation being put in the devel subpackage while
+  the doc subpackage was empty. I think the doc %files section was
+  probably removed inadvertently since it wasn't mentioned in the
+  changelog and the doc subpackage declaration was left around.
+- Moved the appstreamcli-compose man page to the same package
+  as the binary.
+- Make AppStream-compose-devel explicitly require
+  libappstream-compose0 to stop rpmlint from reporting an error.
+
+- Enable vala support when building in SLE-15 SP6
+- Fix condition in files section for the case where vala support
+  is disabled, where some files are being generated but were not
+  included
+
+- Update to 0.16.3:
+  Features:
+  * compose: Allow creating metadata with complete URLs and no base URL
+  Bugfixes:
+  * Fix tweaking of appstream.pc when building as subproject
+  * Do not override default-priority when parsing multiple metadata files
+  * Ensure stemmer always has the right locale and token-search works
+  * Require a more recent libxmlb to avoid crashes
+  Miscellaneous:
+  * Work around invalid null-dereference warning in GCC 13
+- Drop patch, merged upstream:
+  * 0001-Do-not-override-default-priority-when-parsing-multip.patch
+
+- Update to 0.16.2:
+  Features:
+  * Add API for asking whether the pool is empty
+  * Add DDE to known desktop-environment list
+  * validator: Check if Release Description is inside description tag
+  * Make AppStream use BCP47 for locale in XML data
+  Bugfixes:
+  * Add missing standard::is-hidden attribute to file search enumerator
+  * spdx: Accept brackets in spdx license expression check
+  * introspection: Bring back AS_FORMAT_STYLE_COLLECTION into its enum
+  * compose: Fix crash in asc_l10n_search_translations_qt()
+  * compose: Set lower-cased CID for synthesized components again
+  * Don't crash when non-YAML documents are read as YAML
+  Miscellaneous:
+  * sanitizers: Allow null-dereference check again
+- Drop patch, merged upstream:
+  * bfa8fa6ac4ef645368a93384a6c16ac551a40922.patch
+- Add upstream change:
+  * 0001-Do-not-override-default-priority-when-parsing-multip.patch
+
+- refresh patch for new glib-2.76 from upstream
+
+- Add upstream fix for new glib-2.76:
+  * bfa8fa6ac4ef645368a93384a6c16ac551a40922.patch
+
+- Update to version 0.16.1:
+  Specification:
+  * docs: Clarify the locations where catalog icons should be placed
+  * spec: Expand documentation for <issue> elements
+  * spec: Mention that <issues> is not part of the description
+  * spec: Give some guidance about tone in release descriptions
+  Bugfixes:
+  * Fix binding helper macro to behave correctly if a function is passed directly
+  * Override-merge icons and provided items correctly
+  * tests: Ensure locale is C.UTF-8 in pool tests
+  Miscellaneous:
+  * release: Add sanity checks at beginning of each function
+- Add ldconfig_scriptlets for libappstream-compose
+
+- Update to version 0.16.0:
+  * Features:
+    + pool: Offer API to look up components by bundles
+    + Bump format version to 0.16
+    + Add new AsSystemInfo to read information about the current OS and device
+    + Add helper to get device names from a modalias
+    + Implement support for external release metadata
+    + Add validation support for external release metadata
+    + compose: Validate external release metadata used for the catalog as well
+    + its: Add rule for standalone release metadata
+    + Add function to test if an AsRelation is satisfied on the current system
+    + cli: Add command to list category contents
+    + cli: Display colored checkmarks if possible
+    + cli: Add new is-satisfied check to test relations from the command-line
+    + cli: Add Markdown export support for metainfo-to-news
+    + qt: Add support for SystemInfo & relation satisfication checks
+  * Specification:
+    + spec: Specify a metadata format for external release descriptions
+  * Bugfixes:
+    + Fix build with Clang 15
+    + Give a better error message if trying to list too many categories
+    + Adjust documentation of AsPool.get_components_by_categories to reflect reality
+    + validator: Validate merge component catalog data properly again
+  * Miscellaneous:
+    + Consistently name catalog metadata as such everywhere
+- Update support-meson0.59.patch for latest version of AppStream
+- Build AppStream with compose support as a separate package.
+
+- Use %ldconfig_scriptlets. Leap 15.3 is out of maintenance.
+
ImageMagick
+- version update to 7.1.1.21
+  https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
+- modified patches
+  [bsc#1217014][bsc#1216811]
+  % ImageMagick-s390x-disable-tests.patch (refreshed)
+- deleted patches
+  - ImageMagick-correct-time-to-live.patch (upstreamed)
+- added patches
+  https://github.com/ImageMagick/ImageMagick/commit/8f3c56fabc619c1672865257e5aafe33cbfaaf3e
+  https://github.com/ImageMagick/ImageMagick/commit/3a7b915d9a810ce742987b37c935f6ae8b36df10
+  + ImageMagick-infinite-resource-time-limit.patch
+
curl
+  * [bsc#1217573, CVE-2023-46218] cookie mixed case PSL bypass
+  * [bsc#1217574, CVE-2023-46219] HSTS long file name clears contents
+  * Add curl-CVE-2023-46218.patch curl-CVE-2023-46219.patch
+
+- Security fixes:
desktop-file-utils
+- Add patches to support Desktop entry spec 1.5 (bsc#1216357):
+  * 0001-validate-support-SingleMainWindow-key-from-1.5.patch
+  * 0002-validate-Support-version-1.5.patch
+
e2fsprogs
-- libext2fs-add-sanity-check-to-extent-manipulation.patch: libext2fs: add
-  sanity check to extent manipulation (bsc#1198446 CVE-2022-1304)
+- libext2fs-add-sanity-check-to-extent-manipulation.patch: Merged upstream
+  in 1.46.6
+- References to old bugs fixed by updating to latest upstream version:
+  CVE-2015-0247 CVE-2015-1572 CVE-2019-5094 CVE-2019-5188 CVE-2022-1304
+  bsc#1009532 bsc#1038194 bsc#1128383 bsc#1145716 bsc#1152101 bsc#1154295
+  bsc#1160571 bsc#1160979 bsc#1170964 bsc#1183791 bsc#1198446 bsc#915402
+  bsc#918346 bsc#960273
-- Add references from old package:
-  Autoreconf removed from the spec file, just without bsc reference
-  (bsc#1183791)
-  Fix po-remove-unnecessary-buggy-positional-parameter-spe.patch in 1.45.3
-  (bsc#1170964)
-  Fix e2fsck-clarify-overflow-link-count-error-message.patch in 1.46.0
-  (bsc#1160979)
-  Fix ext2fs-update-allocation-info-earlier-in-ext2fs_mkdi.patch in 1.46.0
-  (bsc#1160979)
-  Fix ext2fs-implement-dir-entry-creation-in-htree-directo.patch in 1.46.0
-  (bsc#1160979)
-  Fix tests-add-test-to-excercise-indexed-directories-with.patch in 1.46.0
-  (bsc#1160979)
-  Fix tune2fs-update-dir-checksums-when-clearing-dir_index.patch in 1.46.0
-  (bsc#1160979)
-  Fix e2fsck-abort-if-there-is-a-corrupted-directory-block.patch in 1.45.5
-  (bsc#1160571 CVE-2019-5188)
-  Fix e2fsck-don-t-try-to-rehash-a-deleted-directory.patch in 1.45.5
-  (bsc#1160571 CVE-2019-5188)
-  Fix resize2fs-Make-minimum-size-estimates-more-reliable.patch in 1.45.5
-  (bsc#1154295)
-  Fix libsupport-add-checks-to-prevent-buffer-overrun-bugs.patch in 1.45.4
-  (bsc#1152101 CVE-2019-5094)
-  Fix libext2fs-call-fsync-2-to-clear-stale-errors-for-a-n.patch in 1.44.3
-  (bsc#1145716)
-  Fix e2fsck-check-and-fix-tails-of-all-bitmaps.patch in 1.45.1 (bsc#1128383)
-  Fix libext2fs-Fix-fsync-2-detection.patch in 1.44.0 (bsc#1038194)
-  Fix resize2fs-Fix-32-64-bit-overflow-when-multiplying-by-blocks-cl.patch
-  in 1.42.12 (bsc#1009532)
-  Fix libext2fs-fix-potential-buffer-overflow-in-closefs.patch
-  in 1.42.13 (bsc#918346 CVE-2015-1572)
-  Fix libext2fs-avoid-buffer-overflow-if-s_first_meta_bg-i.patch
-  in 1.42.12 (bsc#915402 CVE-2015-0247)
-  Got specfile fix through Factory (bsc#960273)
-  Fix libext2fs-don-t-ignore-fsync-errors.patch in 1.43.4 (bsc#1038194)
+- mke2fs-Drop-metadata_csum_seed-and-orphan_file-from-.patch: Update
+  mke2fs.conf to create filesystems only with features supported
+  by tools in SLE15-SP4/5 by default.
+
+- Update specfile to make sure regenerate_initrd_post macro is defined
+
+- Update to 1.47.0:
+  * Add support for the orphan_file feature, which speeds up workloads
+    that are deleting or truncating a large number files in parallel.
+    This compat feature was first supported in the v5.15 Linux kernel.
+  * The mke2fs program (via the mke2fs.conf file) now enables the
+    metadata_csum_seed and orphan_file features by default.
+    The metadata_csum_seed feature is an incompat feature which is
+    first supported in the Linux kernel starting in the 4.4 kernel.
+  * Mke2fs now supports the extended option "assume_storage_prezeroed"
+    which causes mke2fs to skip zeroing the journal and inode tables
+    and to mark the inode tables as zeroed.
+  * Add support to tune2fs and e2label to set the label and UUID for
+    a mounted file system using a ioctl, which is more reliable than
+    modifying the superblock via writing to the block device.
+    The kernel support for setting the label landed in v5.17, while
+    the support for adding the UUID landed in v6.0. If the ioctls
+    are not supported, tune2fs and e2label will fall back old
+    strategy of directly modifying the superblock.
+  * Allow tune2fs to disable the casefold feature after scanning all
+    of the directories do not have the Casefold flag set.
+
+- Replace transitional %usrmerged macro with regular version check (boo#1206798)
+
+- Refresh e2fsprogs.keyring based on currently provided keys.
+
+- Spec file cleanup:
+  + Drop remainders regarding -mini packages, which was not a thing
+    since Jan 2014.
+  + Split build of fuse2fs out into a sep build (_multibuild
+    enabled).
+
+- enabled fuse2fs build which enable to mount ext2/3/4 via FUSE
+
+- avoid empty preuninstall script
+
+- Update to 1.46.5:
+  * better handling for resizing to fs sizes which would exceed inode limits
+  * fix crash in e2fsck fastcommit handling
+  * fix possibly lost quota limits when e2fsck corrects quota files
+  * fix tune2fs to properly transfer quota limits when convertion quota files
+  * add support for handling of version 0 quota files in tune2fs
+  * teach libss to use libreadline.so.8
+  * optimize resize2fs cpu usage for large filesystems
+  * teach libuuid to use getrandom() or getentropy() if available
+- libss-add-newer-libreadline.so.8-to-dlopen-path.patch: Remove, merged upstream
+- quota-Add-support-to-version-0-quota-format.patch: Remove, merged upstream
+- quota-Fold-quota_read_all_dquots-into-quota_update_l.patch: Remove, merged upstream
+- quota-Rename-quota_update_limits-to-quota_read_all_d.patch: Remove, merged upstream
+- tune2fs-Fix-conversion-of-quota-files.patch: Remove, merged upstream
+- e2fsck-Do-not-trash-user-limits-when-processing-orph.patch: Remove, merged upstream
+- debugfs-Fix-headers-for-quota-commands.patch: Remove, merged upstream
+- quota-Drop-dead-code.patch: Remove, merged upstream
+
+- Drop ProtectClock hardening, can cause issues if other device acceess is needed
glibc
-- dl-map-segment-align-munmap.patch: elf: Align argument of __munmap to
-  page size (bsc#1215891, BZ #28676)
+- gb18030-2022.patch: add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)
-- gai-merge-continue-actions.patch: Simplify allocations and fix merge and
-  continue actions (CVE-2023-4813, bsc#1215286, BZ #28931)
+- dtors-reverse-ctor-order.patch: Remove, has been reverted
-- gb18030-2022.patch: add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)
+- Avoid use of SSE in i586 build
-- nscd-netlink-cache-invalidation.patch: nscd: Fix netlink cache
-  invalidation if epoll is used (bsc#1212910, BZ #29415)
+- Add systemd also to gshadow lookups (jsc#PED-5188)
+- For SLE continue to use nsswitch.conf without systemd
-- nss-files-hosts-v4mapped.patch: Restore lookup of IPv4 mapped addresses
-  in files database (bsc#1212819, BZ #25457)
+- setxid-propagate-glibc-tunables.patch: Propagate GLIBC_TUNABLES in
+  setxid binaries
+- tunables-string-parsing.patch: tunables: Terminate if end of input is
+  reached (CVE-2023-4911, bsc#1215501)
+
+- fstat-implementation.patch: io: Do not implement fstat with fstatat
+
+- getaddrinfo-memory-leak.patch: Fix leak in getaddrinfo introduced by the
+  fix for CVE-2023-4806 (CVE-2023-5156, bsc#1215714, BZ #30884)
+
+- getcanonname-use-after-free.patch: getaddrinfo: Fix use after free in
+  getcanonname (CVE-2023-4806, bsc#1215281, BZ #30843)
+- Do not build any cross packages in SLES
+
+- no-aaaa-read-overflow.patch: Stack read overflow with large TCP
+  responses in no-aaaa mode (CVE-2023-4527, bsc#1215280, BZ #30842)
+
+- Add systemd to passwd, group and shadow lookups (jsc#PED-5188)
+
+- ppc64-flock-fob64.patch: io: Fix record locking contants for powerpc64
+  with __USE_FILE_OFFSET64 (BZ #30804)
+- libio-io-vtables.patch: libio: Fix oversized __io_vtables
+- call-init-proxy-objects.patch: elf: Do not run constructors for proxy
+  objects
+- dtors-reverse-ctor-order.patch: elf: Always call destructors in reverse
+  constructor order (BZ #30785)
+
+- intl-c-utf-8-like-c-locale.patch: intl: Treat C.UTF-8 locale like C
+  locale (BZ #16621)
+- glibc-disable-gettext-for-c-utf8.patch: Removed
+
+- Add cross-ppc64le package
+
+- posix-memalign-fragmentation.patch: malloc: Enable merging of remainders
+  in memalign, remove bin scanning from memalign (BZ #30723)
+- Limit build counter sync to i686 flavor, to reduce needs for rebuilds
+
+- Add cross-s390x package (bsc#1214460)
+
+- Require that elf/check-localplt does not fail
+- glibc-2.3.90-langpackdir.diff: add hidden alias for __strcpy_chk
+- cache-amd-legacy.patch: x86: Fix for cache computation on AMD legacy
+  cpus
+- cache-intel-shared.patch: x86: Fix incorrect scope of setting
+  `shared_per_thread` (BZ# 30745)
+
+- Update to glibc 2.38
+  * When C2X features are enabled and the base argument is 0 or 2, the
+    following functions support binary integers prefixed by 0b or 0B as
+    input
+  * PRIb*, PRIB* and SCNb* macros from C2X have been added to
+    <inttypes.h>.
+  * printf-family functions now support the wN format length modifiers for
+    arguments of type intN_t, int_leastN_t, uintN_t or uint_leastN_t
+    and the wfN format
+    length modifiers for arguments of type int_fastN_t or uint_fastN_t, as
+    specified in draft ISO C2X
+  * A new tunable, glibc.pthread.stack_hugetlb, can be used to disable
+    Transparent Huge Pages (THP) in stack allocation at pthread_create
+  * Vector math library libmvec support has been added to AArch64
+  * The strlcpy and strlcat functions have been added
+  * CVE-2023-25139: When the printf family of functions is called with a
+    format specifier that uses an <apostrophe> (enable grouping) and a
+    minimum width specifier, the resulting output could be larger than
+    reasonably expected by a caller that computed a tight bound on the
+    buffer size
+- Enable build with _FORTIFY_SOURCE
+- glibc-2.3.90-langpackdir.diff: avoid reference to __strcpy_chk
+- iconv-error-verbosity.patch: iconv: restore verbosity with unrecognized
+  encoding names (BZ #30694)
+- printf-grouping.patch, strftime-time64.patch,
+  getlogin-no-loginuid.patch, fix-locking-in-_IO_cleanup.patch,
+  gshadow-erange-rhandling.patch, system-sigchld-block.patch,
+  gmon-buffer-alloc.patch, check-pf-cancel-handler.patch,
+  powerpc64-fcntl-lock.patch, realloc-limit-chunk-reuse.patch,
+  dl-find-object-return.patch; Removed
+- bsc#1211828
+- bsc#1212819
+
+- gshadow-erange-rhandling.patch: gshadow: Matching sgetsgent, sgetsgent_r
+  ERANGE handling (BZ #30151)
+- system-sigchld-block.patch: posix: Fix system blocks SIGCHLD erroneously
+  (BZ #30163)
+- gmon-buffer-alloc.patch: gmon: Fix allocated buffer overflow
+  (CVE-2023-0687, bsc#1207975, BZ #29444)
+- check-pf-cancel-handler.patch: __check_pf: Add a cancellation cleanup
+  handler (BZ #20975)
+- powerpc64-fcntl-lock.patch: io: Fix F_GETLK, F_SETLK, and F_SETLKW for
+  powerpc64
+- realloc-limit-chunk-reuse.patch: realloc: Limit chunk reuse to only
+  growing requests (BZ #30579)
+- dl-find-object-return.patch: elf: _dl_find_object may return 1 during
+  early startup (BZ #30515)
-- remove-excessive-p-align-check.patch: elf: Remove excessive p_align
-  check on PT_LOAD segments (bsc#1211829, BZ #28688)
-- segment-align.patch: elf: Properly align PT_LOAD segments (bsc#1211829,
-  BZ #28676)
-- ld-so-always-use-map-copy.patch: ld.so: Always use MAP_COPY to map the
-  first segment (BZ #30452)
+- Need to build with GCC 12 as minimum
-- resolv-conf-lock.patch: resolv_conf: release lock on allocation failure
-  (bsc#1211828, BZ #30527)
+- fix-locking-in-_IO_cleanup.patch: Update to final version
-- ulp-prologue-into-asm-functions.patch: Add support for livepatches
-  in ASM written functions (bsc#1211726)
+- ulp-prologue-into-asm-functions.patch: Add support for livepatches in
+  ASM written functions (bsc#1210777, bsc#1211726)
-- amd-cacheinfo.patch: x86: Cache computation for AMD architecture
-  (bsc#1207957)
-
-- gmon-hash-table-size.patch: gmon: Fix allocated buffer overflow
-  (CVE-2023-0687, bsc#1207975, BZ #29444)
-
-- strncmp-avx2-boundary.patch: Fix avx2 strncmp offset compare condition
-  check (bsc#1208358, BZ #25933)
-
-- dlopen-filter-object.patch: elf: Allow dlopen of filter object to work
-  (bsc#1207571, BZ #16272)
-- powerpc-tst-ucontext.patch: powerpc: Fix unrecognized instruction errors
-  with recent GCC
-
-- x86-shared-non-temporal-threshold.patch: Reversing calculation of
-  __x86_shared_non_temporal_threshold (bsc#1201942)
+- Update to glibc 2.37
+  * The getent tool now supports the --no-addrconfig option
+  * The dynamic linker no longer loads shared objects from the "tls"
+    subdirectories on the library search path or the subdirectory that
+    corresponds to the AT_PLATFORM system name, or employs the legacy AT_HWCAP
+    search mechanism, which was deprecated in version 2.33
+- printf-grouping.patch: Account for grouping in printf width (BZ #30068)
+- strftime-time64.patch: Use 64-bit time_t interfaces in strftime and
+  strptime (BZ #30053)
+- glibcextract-compile-c-snippet.patch, sys-mount-kernel-definition.patch,
+  sys-mount-usage.patch, nscd-netlink-cache-invalidation.patch,
+  syslog-large-messages.patch, dlmopen-libc-early-init.patch,
+  ldd-vdso-dependency.patch, syslog-extra-whitespace.patch,
+  errlist-edeadlock.patch, makeflags.patch, get-nscd-addresses.patch,
+  x86-64-avx2-string-functions.patch, nscd-aicache.patch,
+  dl-debug-bindings.patch, floatn.patch: Removed
+- bsc#1207957
+- bsc#1208358
+- bsc#1212910
+
+- Remove reference to obsolete %usrmerged macro (boo#1206798)
+
+- floatn.patch: Update _FloatN header support for C++ in GCC 13
+
+- nscd: Convert to systemd-sysusers
+
+- dl-debug-bindings.patch: elf: Reinstate on DL_DEBUG_BINDINGS
+  _dl_lookup_symbol_x (bsc#1204710)
+
+- get-nscd-addresses.patch: get_nscd_addresses: Fix subscript typos (BZ
+  [#29605])
+- x86-64-avx2-string-functions.patch: check for required cpu features in
+  AVX2 string functions (BZ #29611)
+- nscd-aicache.patch: nscd: Drop local address tuple variable (BZ #29607)
+
+- makeflags.patch: Makerules: fix MAKEFLAGS assignment for upcoming
+  make-4.4 (BZ# 29564)
+
+- errlist-edeadlock.patch: errlist: add missing entry for EDEADLOCK (BZ
+  [#29545])
+
+- syslog-large-messages.patch: syslog: Fix large messages (CVE-2022-39046,
+  bsc#1203011, BZ #29536)
+- dlmopen-libc-early-init.patch: elf: Call __libc_early_init for reused
+  namespaces (BZ #29528)
+- ldd-vdso-dependency.patch: elf: Restore how vDSO dependency is printed
+  with LD_TRACE_LOADED_OBJECTS (BZ #29539)
+- syslog-extra-whitespace.patch: syslog: Remove extra whitespace between
+  timestamp and message (BZ #29544)
-- memcmp-power10.patch: powerpc: Optimized memcmp for power10
-  (jsc#PED-987)
-
-- disable-check-consistency.patch: i386: Disable check_consistency for GCC
-  5 and above (bsc#1201640, BZ #25788)
+- nscd-netlink-cache-invalidation.patch: nscd: Fix netlink cache
+  invalidation if epoll is used (boo#1199964, BZ #29415)
-- static-tls-surplus.patch: Remove tunables (bsc#1201560)
+- glibcextract-compile-c-snippet.patch: glibcextract.py: Add
+  compile_c_snippet
+- sys-mount-kernel-definition.patch: linux: Mimic kernel definition for
+  BLOCK_SIZE
+- sys-mount-usage.patch: linux: Fix sys/mount.h usage with kernel headers
+
+- Update to glibc 2.36
+  Major new features:
+  * Support for DT_RELR relative relocation format has been added to
+    glibc
+  * On Linux, the pidfd_open, pidfd_getfd, and pidfd_send_signal functions
+    have been added
+  * On Linux, the process_madvise function has been added
+  * On Linux, the process_mrelease function has been added
+  * The “no-aaaa” DNS stub resolver option has been added
+  * On Linux, the fsopen, fsmount, move_mount, fsconfig, fspick, open_tree,
+    and mount_setattr have been added
+  * localedef now accepts locale definition files encoded in UTF-8
+  * Support for the mbrtoc8 and c8rtomb multibyte/UTF-8 character conversion
+    functions has been added per the ISO C2X N2653 and C++20 P0482R6 proposals
+  * The functions arc4random, arc4random_buf, and arc4random_uniform have been
+    added
+  Deprecated and removed features, and other changes affecting compatibility:
+  * Support for prelink will be removed in the next release
+  * The Linux kernel version check has been removed along with the
+    LD_ASSUME_KERNEL environment variable
+  * On Linux, The LD_LIBRARY_VERSION environment variable has been removed
+- get-nprocs-sched-uninit-read.patch, get-nprocs-inaccurate.patch,
+  strcmp-rtm-fallback.path, pt-load-invalid-hole.patch,
+  localedef-ld-monetary.patch, nptl-spurious-eintr.patch,
+  strncpy-power9-vsx.patch, nptl-cleanup-async-restore.patch,
+  read-chk-cancel.patch, wcrtomb-fortify.patch,
+  nptl-cleanup-async-restore-2.patch: Removed
+- CVE-2023-4813, bsc#1215286
+- bsc#1198751
+- bsc#1200334
+
+- nptl-cleanup-async-restore-2.patch: nptl: Fix
+  ___pthread_unregister_cancel_restore asynchronous restore (bsc#1200093,
+  BZ #29214)
+
+- read-chk-cancel.patch: debug: make __read_chk a cancellation point
+  (bsc#1200682, BZ #29274)
+- wcrtomb-fortify.patch: wcrtomb: Make behavior POSIX compliant
+  (bsc#1200688)
-- static-tls-surplus.patch: rtld: Avoid using up static TLS surplus for
-  optimizations (bsc#1200855, BZ #25051)
+- Set SUSE_ZNOW=0
-  __strncpy_power9 (bsc#1200334, BZ #29197)
+  __strncpy_power9 (BZ #29197)
+- nptl-cleanup-async-restore.patch: nptl: Fix __libc_cleanup_pop_restore
+  asynchronous restore (bsc#1200093, BZ #29214)
+
+- nptl-spurious-eintr.patch: nptl: Handle spurious EINTR when thread
+  cancellation is disabled (BZ #29029)
+
+- Follow the distro default gcc version to build the cross
+  bootstrap packages.
+
+- switched to https urls
+
+- get-nprocs-sched-uninit-read.patch: linux: __get_nprocs_sched: do not
+  feed CPU_COUNT_S with garbage (BZ #28850)
+- get-nprocs-inaccurate.patch: linux: fix accuracy of get_nprocs and
+  get_nprocs_conf (BZ #28865)
+- strcmp-rtm-fallback.path: x86: Fallback {str|wcs}cmp RTM in the ncmp
+  overflow case (BZ #28896)
+- pt-load-invalid-hole.patch: elf: Check invalid hole in PT_LOAD segments
+  (BZ #28838)
+- localedef-ld-monetary.patch: localedef: Update LC_MONETARY handling (BZ
+  [#28845])
+
+- Update to glibc 2.35
+  Major new features:
+  * Unicode 14.0.0 Support
+  * Bump r_version in the debugger interface to 2
+  * Support for the C.UTF-8 locale has been added to glibc
+  * <math.h> functions that round their results to a narrower type, and
+    corresponding <tgmath.h> macros, are added from TS 18661-1:2014, TS
+    18661-3:2015 and draft ISO C2X
+  * <math.h> functions for floating-point maximum and minimum,
+    corresponding to new operations in IEEE 754-2019, and corresponding
+    <tgmath.h> macros, are added from draft ISO C2X
+  * <math.h> macros for single-precision float constants are added as a
+    GNU extension
+  * The __STDC_IEC_60559_BFP__ and __STDC_IEC_60559_COMPLEX__ macros are
+    predefined as specified in TS 18661-1:2014
+  * The exp10 functions in <math.h> now have a corresponding type-generic
+    macro in <tgmath.h>
+  * The ISO C2X macro _PRINTF_NAN_LEN_MAX has been added to <stdio.h>
+  * printf-family functions now support the %b format for output of
+    integers in binary, as specified in draft ISO C2X, and the %B variant
+    of that format recommended by draft ISO C2X
+  * A new DSO sorting algorithm has been added in the dynamic linker that uses
+    topological sorting by depth-first search (DFS), solving performance issues
+    of the existing sorting algorithm when encountering particular circular
+    object dependency cases
+  * A new tunable, glibc.rtld.dynamic_sort, can be used to select between
+    the two DSO sorting algorithms
+  * ABI support for a new function '__memcmpeq'. '__memcmpeq' is meant
+    to be used by compilers for optimizing usage of 'memcmp' when its
+    return value is only used for its boolean status
+  * Support for automatically registering threads with the Linux rseq
+    system call has been added
+  * A symbolic link to the dynamic linker is now installed under
+    /usr/bin/ld.so (or more precisely, '${bindir}/ld.so')
+  * All programs and the testsuite in glibc are now built as position independent
+    executables (PIE) by default on toolchains and architectures that support it
+  * On Linux, a new tunable, glibc.malloc.hugetlb, can be used to
+    either make malloc issue madvise plus MADV_HUGEPAGE on mmap and sbrk
+    or to use huge pages directly with mmap calls with the MAP_HUGETLB
+    flags)
+  * The printf family of functions now handles the flagged %#m conversion
+    specifier, printing errno as an error constant (similar to strerrorname_np)
+  * The function _dl_find_object has been added
+  * On Linux, the epoll_pwait2 function has been added
+  * The function posix_spawn_file_actions_addtcsetpgrp_np has been added,
+    enabling posix_spawn and posix_spawnp to set the controlling terminal in
+    the new process in a race free manner
+  * Source fortification (_FORTIFY_SOURCE) level 3 is now available for
+    applications compiling with glibc and gcc 12 and later
+  Deprecated and removed features, and other changes affecting compatibility:
+  * On x86-64, the LD_PREFER_MAP_32BIT_EXEC environment variable support
+    has been removed since the first PT_LOAD segment is no longer executable
+    due to defaulting to -z separate-code
+  * The r_version update in the debugger interface makes the glibc binary
+    incompatible with GDB
+  * Intel MPX support (lazy PLT, ld.so profile, and LD_AUDIT) has been removed
+  * The catchsegv script and associated libSegFault.so shared object have
+    been removed
+  * Support for prelink will be removed in the next release; this includes
+    removal of the LD_TRACE_PRELINKING, and LD_USE_LOAD_BIAS, environment
+    variables and their functionality in the dynamic loader
+  Changes to build and runtime requirements:
+  * The audit module interface version LAV_CURRENT is increased to enable
+    proper bind-now support
+  * The audit interface on aarch64 is extended to support both the indirect
+    result location register (x8) and NEON Q register
+  Security related changes:
+  * CVE-2022-23219: Passing an overlong file name to the clnt_create
+    legacy function could result in a stack-based buffer overflow when
+    using the "unix" protocol
+  * CVE-2022-23218: Passing an overlong file name to the svcunix_create
+    legacy function could result in a stack-based buffer overflow
+  * CVE-2021-3998: Passing a path longer than PATH_MAX to the realpath
+    function could result in a memory leak and potential access of
+    uninitialized memory
+  * CVE-2021-3999: Passing a buffer of size exactly 1 byte to the getcwd
+    function may result in an off-by-one buffer underflow and overflow
+    when the current working directory is longer than PATH_MAX and also
+    corresponds to the / directory through an unprivileged mount
+    namespace
+- copy-and-spawn-sgid-double-close.patch,
+  fcntl-time-bits-64-redirect.patch, gaiconf-init-double-free.patch,
+  gconv-parseconfdir-memory-leak.patch, getcwd-attribute-access.patch,
+  glibc-c-utf8-locale.patch, iconv-charmap-close-output.patch,
+  ld-show-auxv-colon.patch, ldconfig-leak-empty-paths.patch,
+  librt-null-pointer.patch, pthread-kill-fail-after-exit.patch,
+  pthread-kill-race-thread-exit.patch, pthread-kill-return-esrch.patch,
+  pthread-kill-send-specific-thread.patch,
+  pthread-mutexattr-getrobust-np-type.patch,
+  setxid-deadlock-blocked-signals.patch,
+  sysconf-nprocessors-affinity.patch, x86-string-control-test.patch:
+  Removed.
+- bsc#1194640
+- bsc#1194768
+- bsc#1194770
+- bsc#1197718
+- bsc#1211829
+- bsc#1215891
-- selinux-deprecated.patch: Disable warnings due to deprecated libselinux
-  symbols used by nss and nscd (bsc#1197718)
-- systemtap-altmacro.patch: i386: Remove broken CAN_USE_REGISTER_ASM_EBP
-  (bsc#1197718, BZ #28771)
-
-- Add s390-add-z16-name.diff for bsc#1198751.
-
-- getcwd-erange.patch: getcwd: Set errno to ERANGE for size == 1
-  (CVE-2021-3999, bsc#1194640, BZ #28769)
-
-- 0001-powerpc-Optimized-strcpy-for-POWER9.patch,
-  0002-powerpc-Optimized-stpcpy-for-POWER9.patch,
-  0003-powerpc-Optimized-rawmemchr-for-POWER9.patch,
-  0004-powerpc64le-add-optimized-strlen-for-P9.patch,
-  0005-powerpc-fix-ifunc-implementation-list-for-POWER9-str.patch,
-  0006-powerpc-Add-optimized-strncpy-for-POWER9.patch,
-  0007-powerpc-Add-optimized-stpncpy-for-POWER9.patch,
-  0008-powerpc-Add-optimized-ilogb-for-POWER9.patch,
-  0009-powerpc-Add-optimized-llogb-for-POWER9.patch,
-  0010-powerpc-Add-optimized-strlen-for-POWER10.patch,
-  0011-powerpc64le-Optimized-memmove-for-POWER10.patch,
-  0012-powerpc64le-Optimize-memcpy-for-POWER10.patch,
-  0013-powerpc64le-Optimize-memset-for-POWER10.patch,
-  0014-powerpc64le-Fix-ifunc-selection-for-memset-memmove-b.patch,
-  0015-powerpc-Add-optimized-rawmemchr-for-POWER10.patch: ppc64le ifunc
-  improvements (bsc#1194785, jsc#SLE-18195)
-
-- clnt-create-unix-overflow.patch: Buffer overflow in sunrpc clnt_create
-  for "unix" (CVE-2022-23219, bsc#1194768, BZ #22542)
-- svcunix-create-overflow.patch: Buffer overflow in sunrpc svcunix_create
-  (CVE-2022-23218, bsc#1194770, BZ #28768)
+- Enable building the cross packages in rings.
+- Add ExtraBuildFlags for build flags that cannot be passed to configure.
-- Enable livepatching on x86_64.
-- 0001-s390x-Align-child-stack-while-clone.-BZ-27968.patch,
-  0002-S390-Optimize-__memcpy_z196.patch,
-  0003-S390-Optimize-__memset_z196.patch,
-  0004-S390-Sync-HWCAP-names-with-kernel-by-adding-aliases-.patch,
-  0005-S390-Add-new-hwcap-values.patch,
-  0006-S390-Add-PCI_MIO-and-SIE-HWCAPs.patch: [15sp4 FEAT] GNU2007 -
-  GLIBC: Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869)
+- glibc.rpmlintrc: Update for rpmlint2
-- mq-notify-use-after-free.patch: Use __pthread_attr_copy in mq_notify
-  (CVE-2021-33574, bsc#1186489, BZ #27896)
+- ld-show-auxv-colon.patch: elf: Fix missing colon in LD_SHOW_AUXV output
+  (BZ #282539
+- x86-string-control-test.patch: x86-64: Use testl to check
+  __x86_string_control
+- pthread-kill-fail-after-exit.patch: nptl: pthread_kill, pthread_cancel
+  should not fail after exit (BZ #19193)
+- pthread-kill-race-thread-exit.patch: nptl: Fix race between pthread_kill
+  and thread exit (BZ #12889)
+- getcwd-attribute-access.patch: posix: Fix attribute access mode on
+  getcwd (BZ #27476)
+- pthread-kill-return-esrch.patch: nptl: pthread_kill needs to return
+  ESRCH for old programs (BZ #19193)
+- pthread-mutexattr-getrobust-np-type.patch: nptl: Fix type of
+  pthread_mutexattr_getrobust_np, pthread_mutexattr_setrobust_np (BZ
+  [#28036])
+- setxid-deadlock-blocked-signals.patch: nptl: Avoid setxid deadlock with
+  blocked signals in thread exit (BZ #28361)
+- pthread-kill-send-specific-thread.patch: nptl: pthread_kill must send
+  signals to a specific thread (BZ #28407)
+- sysconf-nprocessors-affinity.patch: linux: Revert the use of
+  sched_getaffinity on get_nproc (BZ #28310)
+- iconv-charmap-close-output.patch: renamed from
+  icon-charmap-close-output.patch
+
+- Don't create separate debuginfo packages for cross packages
+
+- ldconfig-leak-empty-paths.patch: ldconfig: avoid leak on empty paths in
+  config file
+- gconv-parseconfdir-memory-leak.patch: gconv_parseconfdir: Fix memory leak
+- gaiconf-init-double-free.patch: gaiconf_init: Avoid double-free in label
+  and precedence lists
+- copy-and-spawn-sgid-double-close.patch: copy_and_spawn_sgid: Avoid
+  double calls to close()
+- icon-charmap-close-output.patch: iconv_charmap: Close output file when
+  done
+- fcntl-time-bits-64-redirect.patch: Linux: Fix fcntl, ioctl, prctl
+  redirects for _TIME_BITS=64 (BZ #28182)
+- librt-null-pointer.patch: librt: fix NULL pointer dereference (BZ
+  [#28213])
+
+- Add cross development packages for aarch64 and riscv64.
+
+- Update to glibc 2.34
+  Major new features:
+  * When _DYNAMIC_STACK_SIZE_SOURCE or _GNU_SOURCE are defined,
+    PTHREAD_STACK_MIN is no longer constant and is redefined to
+    sysconf(_SC_THREAD_STACK_MIN)
+  * Add _SC_MINSIGSTKSZ and _SC_SIGSTKSZ
+  * The dynamic linker implements the --list-diagnostics option, printing
+    a dump of information related to IFUNC resolver operation and
+    glibc-hwcaps subdirectory selection
+  * On Linux, the function execveat has been added
+  * The ISO C2X function timespec_getres has been added
+  * The feature test macro __STDC_WANT_IEC_60559_EXT__, from draft ISO
+    C2X, is supported to enable declarations of functions defined in Annex F
+    of C2X
+  * Add support for 64-bit time_t on configurations like x86 where time_t
+    is traditionally 32-bit
+  * The main gconv-modules file in glibc now contains only a small set of
+    essential converter modules and the rest have been moved into a supplementary
+    configuration file gconv-modules-extra.conf in the gconv-modules.d directory
+    in the same GCONV_PATH
+  * On Linux, a new tunable, glibc.pthread.stack_cache_size, can be used
+    to configure the size of the thread stack cache
+  * The function _Fork has been added as an async-signal-safe fork replacement
+    since Austin Group issue 62 droped the async-signal-safe requirement for
+    fork (and it will be included in the future POSIX standard)
+  * On Linux, the close_range function has been added
+  * The function closefrom has been added
+  * The posix_spawn_file_actions_closefrom_np function has been added, enabling
+    posix_spawn and posix_spawnp to close all file descriptors great than or
+    equal to a giver integer
+  Deprecated and removed features, and other changes affecting compatibility:
+  * The function pthread_mutex_consistent_np has been deprecated
+  * The function pthread_mutexattr_getrobust_np has been deprecated
+  * The function pthread_mutexattr_setrobust_np has been deprecated
+  * The function pthread_yield has been deprecated
+  * The function inet_neta declared in <arpa/inet.h> has been deprecated
+  * Various rarely-used functions declared in <resolv.h> and
+    <arpa/nameser.h> have been deprecated
+  * The pthread cancellation handler is now installed with SA_RESTART and
+    pthread_cancel will always send the internal SIGCANCEL on a cancellation
+    request
+  * The symbols mallwatch and tr_break are now deprecated and no longer used in
+    mtrace
+  * The __morecore and __after_morecore_hook malloc hooks and the default
+    implementation __default_morecore have been removed from the API
+  * Debugging features in malloc such as the MALLOC_CHECK_ environment variable
+    (or the glibc.malloc.check tunable), mtrace() and mcheck() have now been
+    disabled by default in the main C library
+  * The deprecated functions malloc_get_state and malloc_set_state have been
+    moved from the core C library into libc_malloc_debug.so
+  * The deprecated memory allocation hooks __malloc_hook, __realloc_hook,
+    __memalign_hook and __free_hook are now removed from the API
+  Changes to build and runtime requirements:
+  * On Linux, the shm_open, sem_open, and related functions now expect the
+    file shared memory file system to be mounted at /dev/shm
+  Security related changes:
+    CVE-2021-27645: The nameserver caching daemon (nscd), when processing
+    a request for netgroup lookup, may crash due to a double-free,
+    potentially resulting in degraded service or Denial of Service on the
+    local system
+    CVE-2021-33574: The mq_notify function has a potential use-after-free
+    issue when using a notification type of SIGEV_THREAD and a thread
+    attribute with a non-default affinity mask
+    CVE-2021-35942: The wordexp function may overflow the positional
+    parameter number when processing the expansion resulting in a crash
+- nss-database-check-reload.patch, nss-load-chroot.patch,
+  x86-isa-level.patch, nscd-netgroupcache.patch,
+  nss-database-lookup.patch, select-modify-timeout.patch,
+  nptl-db-libpthread-load-order.patch, rawmemchr-warning.patch,
+  tst-cpu-features-amx.patch, mq-notify-use-after-free.patch: Removed
+- bsc#1181403
+- bsc#1184035
+- bsc#1187911
+- jsc#PED-987
-- wordexp-param-overflow.patch: wordexp: handle overflow in positional
-  parameter number (CVE-2021-35942, bsc#1187911, BZ #28011)
+- Enable usrmerge in Factory always as it's default there
+- Add conflict with pre-usrmerge filesystem package
-- s390-memmove-ifunc-selector-arch13.patch: S390: Also check vector
-  support in memmove ifunc-selector (bsc#1184035, BZ #27511)
+- mq-notify-use-after-free.patch: Use __pthread_attr_copy in mq_notify
+  (CVE-2021-33574, bsc#1186489, BZ #27896)
+- Drop glibc-usrmerge-bootstrap-helper package
-- Update glibc-2.31-HTM-vzeroupper.diff with a AVX-SSE transition
-  fix.
+- tst-cpu-features-amx.patch: x86: tst-cpu-features-supports.c: Update AMX
+  check
-- Add glibc-2.31-HTM-vzeroupper.diff to avoid VZEROUPPER in the
-  AVX2 accelerated string routines which cause HTM transaction
-  aborts.  Instead use EVEX or SSE.  (bsc#1181403)
+- rawmemchr-warning.patch: string: Work around GCC PR 98512 in rawmemchr
+- nptl-db-libpthread-load-order.patch: nptl_db: Support different
+  libpthread/ld.so load orders (bsc#1184214, BZ #27744)
+
+- Enable support for static PIE (bsc#1184646)
+- select-modify-timeout.patch: linux: always update select timeout
+  (bsc#1184339, BZ #27706)
+
+- Don't remove -f[asynchronous-]unwind-tables during configure run, no
+  longer needed
+
+- nss-database-check-reload.patch: nsswitch: return result when nss
+  database is locked (BZ #27343)
+- nss-load-chroot.patch: nss: Re-enable NSS module loading after chroot
+  (bsc#1182323, BZ #27389)
+- x86-isa-level.patch: x86: Set minimum x86-64 level marker (bsc#1182522,
+  BZ #27318)
+- nss-database-lookup.patch: nss: fix nss_database_lookup2's alternate
+  handling (bsc#1182247, BZ #27416)
+- nss-revert-api.patch: remove
-- gconv-assertion-iso-2022-jp.patch: gconv: Fix assertion failure in
-  ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256)
+- Disable x86 ISA level for now (bsc#1182522, BZ #27318)
+- nss-revert-api.patch: Workaround for nss-compat brokeness (bsc#1182247,
+  BZ #27416)
+
+- Fix build of utils flavor for usrmerge
+
+- Prepare for usrmerge (bsc#1029961)
+
+- Add --enable-memory-tagging for aarch64
+
+- Update to glibc 2.33
+  * The dynamic linker accepts the --list-tunables argument which prints
+    all the supported tunables.
+  * The dynamic linker accepts the --argv0 argument and provides opportunity
+    to change argv[0] string.
+  * The dynamic linker loads optimized implementations of shared objects
+    from subdirectories under the glibc-hwcaps directory on the library
+    search path if the system's capabilities meet the requirements for
+    that subdirectory.
+  * The new --help option of the dynamic linker provides usage and
+    information and library search path diagnostics.
+  * The mallinfo2 function is added to report statistics as per mallinfo,
+    but with larger field widths to accurately report values that are
+    larger than fit in an integer.
+  * Add <sys/platform/x86.h> to provide query macros for x86 CPU features.
+  * A new fortification level _FORTIFY_SOURCE=3 is available.
+  * The mallinfo function is marked deprecated.
+  * When dlopen is used in statically linked programs, alternative library
+    implementations from HWCAP subdirectories are no longer loaded.
+  * The deprecated <sys/vtimes.h> header and the function vtimes have been
+    removed.
+  * On s390(x), the type float_t is now derived from the macro
+    __FLT_EVAL_METHOD__ that is defined by the compiler, instead of being
+    hardcoded to double.
+  * A future version of glibc will stop loading shared objects from the
+    "tls" subdirectories on the library search path, the subdirectory that
+    corresponds to the AT_PLATFORM system name, and also stop employing
+    the legacy AT_HWCAP search mechanism.
+  * CVE-2021-3326: An assertion failure during conversion from the
+    ISO-20220-JP-3 character set using the iconv function has been fixed.
+- Remove obsolete, unused /etc/default/nss
+- aarch64-static-pie.patch, euc-kr-overrun.patch,
+  get-nprocs-cpu-online-parsing.patch, iconv-redundant-shift.patch,
+  iconv-ucs4-loop-bounds.patch, ifunc-fma4.patch,
+  intl-codeset-suffixes.patch, nscd-gc-cycle.patch,
+  printf-long-double-non-normal.patch, strerrorname-np.patch,
+  syslog-locking.patch, sysvipc.patch: Removed
+- bsc#1180557
+- bsc#1181505
+- bsc#1191592
+- bsc#1201942
-- sysvipc-sem-stat-any.patch: sysvipc: Fix SEM_STAT_ANY kernel argument
-  pass (bsc#1180557, BZ #26637)
+- Remove support for %optimize_power
+- Move to power4 baseline on ppc
-- aarch64-getauxval.patch: aarch64: Accept PLT calls to __getauxval within
-  libc.so (bsc#1167939)
+- aarch64-static-pie.patch: fix static PIE start code for BTI
+  (bsc#1179450, BZ #27068)
-- power10-support.patch: Add support for POWER10 (jsc#SLE-13520)
-- iconv-option-parsing.patch: Rewrite iconv option parsing
-  (CVE-2016-10228, bsc#1027496, BZ #19519)
-
-- Update to glibc 2.31
-- glibc-2.14-crypt.diff, crypt_blowfish-const.patch,
-  crypt_blowfish-1.2-sha.diff, crypt_blowfish-gensalt.patch,
-  crypt_blowfish-1.2-hack_around_arm.diff, glibc-nodate.patch,
-  powerpc-elision-enable-envvar.patch, s390-elision-enable-envvar.patch,
-  crt-nocompress-debug-sections.patch, resolv-context-leak.patch,
-  dl-runtime-resolve-opt-avx512f.patch, libpthread-compat-wrappers.patch,
-  math-c++-compat.patch, remove-nss-nis-compat.patch,
-  eh-frame-zero-terminator.patch, ld-so-hwcap-x86-64.patch,
-  assert-pedantic.patch, getaddrinfo-errno.patch, resolv-conf-oom.patch,
-  dynarray-allocation.patch, nearbyint-inexact.patch, nss-compat.patch,
-  nscd-libnsl.patch, malloc-tcache-leak.patch,
-  falkor-memcpy-memmove.patch, aarch64-cpu-features.patch,
-  nss-files-large-buffers.patch, sysconf-uio-maxiov.patch,
-  glob-tilde-overflow.patch, dl-runtime-resolve-xsave.patch,
-  spawni-assert.patch, x86-64-dl-platform.patch, glob64-s390.patch,
-  tst-tlsopt-powerpc.patch, powerpc-hwcap-bits.patch,
-  malloc-tcache-check-overflow.patch, dl-init-paths-overflow.patch,
-  fillin-rpath-empty-tokens.patch, getcwd-absolute.patch,
-  memalign-overflow.patch, stack-guard-size-accounting.patch,
-  libgcc-rtld-now.patch, res-send-enomem.patch,
-  glibc-fix-avx512-mempcpy.patch, i386-memmove-sse2-unaligned.patch,
-  realpath-ssize-max-overflow.patch, localtime-2039.patch,
-  math-remove-slow-path.patch, aarch64-hwcap-atomics.patch,
-  glibc-fix-aarch64-build.diff, absolute-symbols.patch,
-  x86-haswell-string-flags.patch,
-  pthread-cond-broadcast-waiters-after-spinning.patch,
-  mman-map-sync.patch, mman-linux-map-shared-validate.patch,
-  nptl-setxid-error.patch, pthread-mutex-trylock-barrier.patch,
-  getaddrinfo-parse-ipv4-address.patch, japanese-era-name-may-2019.patch,
-  force-elision-race.patch, regex-read-overrun.patch,
-  regex-parse-reg-exp.patch,
-  0001-S390-Add-configure-check-to-detect-z10-as-mininum-ar.patch,
-  0002-S390-Use-hwcap-instead-of-dl_hwcap-in-ifunc-resolver.patch,
-  0003-S390-Unify-31-64bit-memcpy.patch,
-  0004-S390-Refactor-memcpy-mempcpy-ifunc-handling.patch,
-  0005-S390-Remove-s390-specific-implementation-of-bcopy.patch,
-  0006-S390-Use-memcpy-for-forward-cases-in-memmove.patch,
-  0007-S390-Add-configure-check-to-detect-z13-as-mininum-ar.patch,
-  0008-S390-Add-z13-memmove-ifunc-variant.patch,
-  0009-S390-Add-z13-strstr-ifunc-variant.patch,
-  0010-S390-Add-z13-memmem-ifunc-variant.patch,
-  0011-S390-Cleanup-ifunc-resolve.h.patch,
-  0012-S390-Mark-vx-and-vxe-as-important-hwcap.patch,
-  0013-S390-Add-new-hwcap-values-for-new-cpu-architecture-a.patch,
-  0014-S390-Add-configure-check-to-detect-support-for-arch1.patch,
-  0015-S390-Add-arch13-memmove-ifunc-variant.patch,
-  0016-S390-Add-arch13-strstr-ifunc-variant.patch,
-  0017-S390-Add-arch13-memmem-ifunc-variant.patch,
-  prefer-map-32bit-exec.patch, s390-strstr-page-boundary.patch,
-  ppc-tle-htm-nosc.patch,
-  posix-Add-internal-symbols-for-posix_spawn-interface.patch,
-  glibc-2.29-posix-Use-posix_spawn-on-popen.patch,
-  backtrace-powerpc.patch, pthread-rwlock-pwn.patch,
-  manual-memory-protection.patch, ldbl-96-rem-pio2l.patch,
-  dl-sort-maps.patch, dlopen-filter-object.patch,
-  glob-use-after-free.patch, nptl-setxid-race.patch, nscd-senfile.patch,
-  ldd-system-interp.patch, abort-no-flush.patch,
-  fnmatch-collating-elements.patch, nss-files-long-lines-2.patch,
-  iconv-reset-input-buffer.patch, nscd-prune.patch, syslog-locking.patch:
-  Removed.
-- long-double-alias.patch, glibc-nsswitch-usr.diff, euc-kr-overrun.patch,
-  riscv-syscall-clobber.patch, nscd-gc-cycle.patch: Added.
+- intl-codeset-suffixes.patch: intl: Handle translation output codesets
+  with suffixes (BZ #26383)
+- strerrorname-np.patch: string: Fix strerrorname_np return value (BZ
+  [#26555])
+- sysvipc.patch: sysvipc: Fix SEM_STAT_ANY kernel argument pass (BZ
+  [#26637], BZ #26639, BZ #26636)
+
+- Use --enable-cet on x86_64 to instrument glibc for indirect branch
+  tracking and shadow stack use.  Enable indirect branch tracking
+  and shadow stack in the dynamic loader (jsc#PM-2110, bsc#1175154)
-- nscd-senfile.patch: Fix concurrent changes on nscd aware files
-  (bsc#1171878, BZ #23178)
-- nscd-prune.patch: nscd: bump GC cycle during cache pruning (bsc#1171878,
-  BZ #26130)
+- Keep nsswitch.conf in /etc for SLES15
+- ifunc-fma4.patch: x86-64: Fix FMA4 detection in ifunc (BZ #26534)
-- nptl-setxid-race.patch: nptl: wait for pending setxid request also in
-  detached thread (bsc#1162930, BZ #25942)
+- Update to glibc 2.32
+  * Unicode 13.0.0 Support
+  * New locale added: ckb_IQ
+  * The GNU C Library now loads audit modules listed in the DT_AUDIT and
+    DT_DEPAUDIT dynamic section entries of the main executable
+  * powerpc64le supports IEEE128 long double libm/libc redirects when
+    using the -mabi=ieeelongdouble to compile C code on supported GCC
+    toolchains
+  * To help detect buffer overflows and other out-of-bounds accesses
+    several APIs have been annotated with GCC 'access' attribute
+  * On Linux, functions the pthread_attr_setsigmask_np and
+    pthread_attr_getsigmask_np have been added
+  * The GNU C Library now provides the header file <sys/single_threaded.h>
+    which declares the variable __libc_single_threaded
+  * The functions sigabbrev_np and sigdescr_np have been added
+  * The functions strerrorname_np and strerrordesc_np have been added
+  * AArch64 now supports standard branch protection security hardening
+    in glibc when it is built with a GCC that is configured with
+  - -enable-standard-branch-protection (or if -mbranch-protection=standard
+    flag is passed when building both GCC target libraries and glibc,
+    in either case a custom GCC is needed)
+  * The deprecated <sys/sysctl.h> header and the sysctl function have been
+    removed
+  * The sstk function is no longer available to newly linked binaries
+  * The legacy signal handling functions siginterrupt, sigpause, sighold,
+    sigrelse, sigignore and sigset, and the sigmask macro have been
+    deprecated
+  * ldconfig now defaults to the new format for ld.so.cache
+  * The deprecated arrays sys_siglist, _sys_siglist, and sys_sigabbrev
+    are no longer available to newly linked binaries, and their declarations
+    have been removed from <string.h>
+  * The deprecated symbols sys_errlist, _sys_errlist, sys_nerr, and _sys_nerr
+    are no longer available to newly linked binaries, and their declarations
+    have been removed from from <stdio.h>
+  * Both strerror and strerror_l now share the same internal buffer in the
+    calling thread, meaning that the returned string pointer may be invalided
+    or contents might be overwritten on subsequent calls in the same thread or
+    if the thread is terminated
+  * Using weak references to libpthread functions such as pthread_create
+    or pthread_key_create to detect the singled-threaded nature of a
+    program is an obsolescent feature
+  * The "files" NSS module no longer supports the "key" database (used for
+    secure RPC)
+  * The __morecore and __after_morecore_hook malloc hooks and the default
+    implementation __default_morecore have been deprecated
+  * The hesiod NSS module has been deprecated and will be removed in a
+    future version of glibc
+  * CVE-2016-10228: An infinite loop has been fixed in the iconv program when
+    invoked with the -c option and when processing invalid multi-byte input
+    sequences
+  * CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
+    corruption when they were passed a pseudo-zero argument
+  * CVE-2020-1752: A use-after-free vulnerability in the glob function when
+    expanding ~user has been fixed.
+  * CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
+    memmove functions has been fixed
+- riscv-syscall-clobber.patch, ldbl-96-rem-pio2l.patch,
+  long-double-alias.patch: Removed
+- bsc#1027496
+- bsc#1162930
+- bsc#1166106
+- bsc#1167631
+- bsc#1167939
+- bsc#1194785, jsc#SLE-18195
+- bsc#1200855
+- bsc#1201560
+- bsc#1201640
+- bsc#1207571
+- jsc#SLE-13520
+
+- long-double-alias.patch: Fix build with GCC 10 when long double = double
+- nscd-gc-cycle.patch: nscd: bump GC cycle during cache pruning
+  (bsc#1171878, BZ #26130)
+
+- glibc-nsswitch-usr.diff: read /usr/etc/nsswitch.conf if
+  /etc/nsswitch.conf does not exist
+- Install default nsswitch.conf in /usr/etc
+- Don't install gai.conf in /etc
-- glob-use-after-free.patch: Fix use-after-free in glob when expanding
-  ~user (CVE-2020-1752, bsc#1167631, BZ #25414)
-
-- dl-sort-maps.patch, dlopen-filter-object.patch: Allow dlopen of filter
-  object to work (bsc#1166106, BZ #16272)
+- Split off %lang_package
+- riscv-syscall-clobber.patch: riscv: Avoid clobbering register parameters
+  in syscall
-- pthread-rwlock-pwn.patch: Fix rwlock stall with
-  PREFER_WRITER_NONRECURSIVE_NP (bsc#1164505, BZ #23861)
-- manual-memory-protection.patch: manual: Document mprotect and introduce
-  section on memory protection (bsc#1163184)
+- nsswitch.conf: comment out initgroups setting, so that it defaults to
+  the group setting (bsc#1164075)
-- backtrace-powerpc.patch: Fix array overflow in backtrace on PowerPC
-  (CVE-2020-1751, bsc#1158996, BZ #25423)
-
-- posix-Add-internal-symbols-for-posix_spawn-interface.patch,
-  glibc-2.29-posix-Use-posix_spawn-on-popen.patch: Use posix_spawn on
-  popen (bsc#1149332, BZ #22834)
+- fix-locking-in-_IO_cleanup.patch: update to latest version
-- ppc-tle-htm-nosc.patch: powerpc: Fix syscalls during early process
-  initialization (SLE-8348, BZ #22685)
+- Update to glibc 2.31
+  * The GNU C Library now supports a feature test macro _ISOC2X_SOURCE to
+    enable features from the draft ISO C2X standard
+  * The <math.h> functions that round their results to a narrower type now
+    have corresponding type-generic macros in <tgmath.h>
+  * The function pthread_clockjoin_np has been added, enabling join with a
+    terminated thread with a specific clock
+  * New locale added: mnw_MM (Mon language spoken in Myanmar).
+  * The DNS stub resolver will optionally send the AD (authenticated data) bit
+    in queries if the trust-ad option is set via the options directive in
+    /etc/resolv.conf (or if RES_TRUSTAD is set in _res.options)
+  * The totalorder and totalordermag functions, and the corresponding
+    functions for other floating-point types, now take pointer arguments to
+    avoid signaling NaNs possibly being converted to quiet NaNs in argument
+    passing
+  * The obsolete function stime is no longer available to newly linked
+    binaries, and its declaration has been removed from <time.h>
+  * The gettimeofday function no longer reports information about a
+    system-wide time zone
+  * If a lazy binding failure happens during dlopen, during the execution of
+    an ELF constructor, the process is now terminated
+- malloc-info-whitespace.patch, riscv-vfork.patch,
+  prefer-map-32bit-exec.patch, backtrace-powerpc.patch,
+  ldconfig-dynstr.patch: Removed.
+- bsc#1157893
+- bsc#1163184
+- fate#325815, fate#325879, fate#325880, fate#325881, fate#325882
+- fate#325962
-- s390-strstr-page-boundary.patch: S390: Fix handling of needles crossing
-  a page in strstr z15 ifunc-variant (bsc#1157893, BZ #25226)
+- backtrace-powerpc.patch: Fix array overflow in backtrace on PowerPC
+  (CVE-2020-1751, bsc#1158996, BZ #25423)
+- Drop support for pluggable gconv modules (bsc#1159851)
-- GNU1815 - Hardware support in toolchain (bsc#1151582)
-  0001-S390-Add-configure-check-to-detect-z10-as-mininum-ar.patch
-  0002-S390-Use-hwcap-instead-of-dl_hwcap-in-ifunc-resolver.patch
-  0003-S390-Unify-31-64bit-memcpy.patch
-  0004-S390-Refactor-memcpy-mempcpy-ifunc-handling.patch
-  0005-S390-Remove-s390-specific-implementation-of-bcopy.patch
-  0006-S390-Use-memcpy-for-forward-cases-in-memmove.patch
-  0007-S390-Add-configure-check-to-detect-z13-as-mininum-ar.patch
-  0008-S390-Add-z13-memmove-ifunc-variant.patch
-  0009-S390-Add-z13-strstr-ifunc-variant.patch
-  0010-S390-Add-z13-memmem-ifunc-variant.patch
-  0011-S390-Cleanup-ifunc-resolve.h.patch
-  0012-S390-Mark-vx-and-vxe-as-important-hwcap.patch
-  0013-S390-Add-new-hwcap-values-for-new-cpu-architecture-a.patch
-  0014-S390-Add-configure-check-to-detect-support-for-arch1.patch
-  0015-S390-Add-arch13-memmove-ifunc-variant.patch
-  0016-S390-Add-arch13-strstr-ifunc-variant.patch
-  0017-S390-Add-arch13-memmem-ifunc-variant.patch
-
-- regex-parse-reg-exp.patch: ERE '0|()0|\1|0' causes regexec undefined
-  behavior (CVE-2009-5155, bsc#1127223, BZ #18986)
-- regex-read-overrun.patch: regex: fix read overrun (CVE-2019-9169,
-  bsc#1127308, BZ #24114)
+- nsswitch.conf: add usrfiles for services, protocols, rpc, ethers
+  and aliases for /usr/etc move
-- crt-nocompress-debug-sections.patch: Don't compress debug sections in
-  crt*.o files (bsc#1123710)
+- euc-kr-overrun.patch: Fix buffer overrun in EUC-KR conversion module
+  (CVE-2019-25013, BZ #24973)
-- ldconfig-concurrency.patch: Avoid concurrency problem in ldconfig
-  (bsc#1117993, BZ #23973)
+- ldconfig-dynstr.patch: ldconfig: handle .dynstr located in separate
+  segment (bsc#1153149, BZ #25087)
-- force-elision-race.patch: Fix race in pthread_mutex_lock while promoting
-  to PTHREAD_MUTEX_ELISION_NP (bsc#1131330, BZ #23275)
+- Package gconv-modules.cache as %ghost
+- Regenerate it also in the %post of glibc-local-base-<targettype>
+
+- move mo files to glibc-locale as that's where all the other
+  informations for those locales are. glibc-locale-base only has English
+  anyways.
+
+- riscv-vfork.patch: Fix RISC-V vfork build with Linux 5.3 kernel headers
+
+- Remove NoSource tags (bsc#994835)
+
+- pwdutils is long gone and replaced by shadow
+
+- Update to glibc 2.30
+  * Unicode 12.1.0 Support
+  * The dynamic linker accepts the --preload argument to preload shared
+    objects
+  * The twalk_r function has been added
+  * On Linux, the getdents64, gettid, and tgkill functions have been added
+  * Minguo (Republic of China) calendar support has been added
+  * The entry for the new Japanese era has been added
+  * Memory allocation functions malloc, calloc, realloc, reallocarray, valloc,
+    pvalloc, memalign, and posix_memalign fail now with total object size
+    larger than PTRDIFF_MAX
+  * The dynamic linker no longer refuses to load objects which reference
+    versioned symbols whose implementation has moved to a different soname
+    since the object has been linked
+  * Add new POSIX-proposed pthread_cond_clockwait, pthread_mutex_clocklock,
+    pthread_rwlock_clockrdlock, pthread_rwlock_clockwrlock and sem_clockwait
+    functions
+  * On AArch64 the GNU IFUNC resolver call ABI changed
+  * The copy_file_range function fails with ENOSYS if the kernel does not
+    support the system call of the same name
+  * The functions clock_gettime, clock_getres, clock_settime,
+    clock_getcpuclockid, clock_nanosleep were removed from the librt library
+    for new applications (on architectures which had them)
+  * The obsolete and never-implemented XSI STREAMS header files <stropts.h>
+    and <sys/stropts.h> have been removed
+  * Support for the "inet6" option in /etc/resolv.conf and the RES_USE_INET6
+    resolver flag (deprecated in glibc 2.25) have been removed
+  * The obsolete RES_INSECURE1 and RES_INSECURE2 option flags for the DNS stub
+    resolver have been removed from <resolv.h>
+  * With --enable-bind-now, installed programs are now linked with the
+    BIND_NOW flag.
+  * On 32-bit Arm, support for the port-based I/O emulation and the <sys/io.h>
+    header have been removed
+  * The Linux-specific <sys/sysctl.h> header and the sysctl function have been
+    deprecated and will be removed from a future version of glibc
+  * CVE-2019-7309: x86-64 memcmp used signed Jcc instructions to check
+    size
+  * CVE-2019-9169: Attempted case-insensitive regular-expression match
+    via proceed_next_node in posix/regexec.c leads to heap-based buffer
+    over-read
+- pthread-rwlock-trylock-stalls.patch,
+  arm-systemtap-probe-constraint.patch, pthread-mutex-barrier.patch,
+  fork-handler-lock.patch, pthread-join-probe.patch,
+  riscv-clone-unwind.patch, add-new-Fortran-vector-math-header-file.patch,
+  regex-read-overrun.patch, japanese-era-name-may-2019.patch,
+  dl-show-auxv.patch, s390-vx-vxe-hwcap.patch, taisho-era-string.patch,
+  malloc-tracing-hooks.patch, pldd-inf-loop.patch,
+  malloc-large-bin-corruption-check.patch, wfile-sync-crash.patch,
+  malloc-tests-warnings.patch, fnmatch-collating-elements.patch,
+  iconv-reset-input-buffer.patch: Removed
+- malloc-info-whitespace.patch: Remove unwanted leading whitespace in
+  malloc_info (BZ #24867)
+- bsc#1100396
+- bsc#1130045
+
+- Move /var/lib/misc/Makefile to /usr/share/misc/Makefile.makedb (bsc#1138726)
+
+- malloc-tests-warnings.patch: Fix warnings in malloc tests with GCC 9
+
+- Set optflags for i686 after _lto_cflags is set (boo#1138807).
+
+- Disable LTO due to a usage of top-level assembler that
+  causes LTO issues (boo#1138807).
+
+- nss-files-long-lines-2.patch: Remove obsolete patch
+
+- dl-show-auxv.patch: Fix output of LD_SHOW_AUXV=1
+- s390-vx-vxe-hwcap.patch: S390: Mark vx and vxe as important hwcap
+- taisho-era-string.patch: ja_JP: Change the offset for Taisho gan-nen
+  from 2 to 1 (BZ #24162)
+- malloc-tracing-hooks.patch: malloc: Set and reset all hooks for tracing
+  (BZ #16573)
+- pldd-inf-loop.patch: elf: Fix pldd (BZ#18035)
+- malloc-large-bin-corruption-check.patch: malloc: Check for large bin
+  list corruption when inserting unsorted chunk (BZ #24216)
+- wfile-sync-crash.patch: Fix crash in _IO_wfile_sync (BZ #20568)
-  Japanese era (bsc#1100396, BZ #22964)
+  Japanese era (BZ #22964)
+- Replace glibc_post_upgrade with lua script
-- pthread-mutex-trylock-barrier.patch: pthread_mutex_trylock does not use
-  the correct order of instructions while maintaining the robust mutex
-  list due to missing compiler barriers (bsc#1130045, BZ #24180)
-- getaddrinfo-parse-ipv4-address.patch: getaddrinfo: Fully parse IPv4
-  address strings (CVE-2016-10739, bsc#1122729, BZ #20018)
-
-- mman-map-sync.patch: Add MAP_SYNC from Linux 4.15 (bsc#1126590)
-- mman-linux-map-shared-validate.patch: Add MAP_SHARED_VALIDATE from Linux
-  4.15 (bsc#1126590)
-- nptl-setxid-error.patch: nptl: Preserve error in setxid thread broadcast
-  in coredumps (bsc#1063675, BZ #22153)
+- add-new-Fortran-vector-math-header-file.patch: Update from upstream
-- x86-haswell-string-flags.patch: Fix Haswell CPU string flags
-  (bsc#1114984, BZ #23709)
-- pthread-cond-broadcast-waiters-after-spinning.patch: Fix
-  waiters-after-spinning case (bsc#1114993, BZ #23538)
+- regex-read-overrun.patch: fix read overrun (CVE-2019-9169, bsc#1127308,
+  BZ #24114)
+- ldconfig-concurrency.patch: Avoid concurrency problem in ldconfig
+  (bsc#1117993, BZ #23973)
+
+- Add add-new-Fortran-vector-math-header-file.patch.
-- absolute-symbols.patch: Don't relocate absolute symbols (bsc#1112570, BZ
-  [#19818])
+- pthread-rwlock-trylock-stalls.patch: nptl: Fix pthread_rwlock_try*lock
+  stalls (BZ #23844)
+- arm-systemtap-probe-constraint.patch: arm: Use "nr" constraint for
+  Systemtap probes (BZ #24164)
+- pthread-mutex-barrier.patch: Add compiler barriers around modifications
+  of the robust mutex list for pthread_mutex_trylock (BZ #24180)
+- fork-handler-lock.patch: nptl: Avoid fork handler lock for
+  async-signal-safe fork (BZ #24161)
+- pthread-join-probe.patch: nptl: Fix invalid Systemtap probe in
+  pthread_join (BZ #24211)
+- riscv-clone-unwind.patch: RISC-V: Fix elfutils testsuite unwind failures
+  (BZ #24040)
+
+- Update to glibc 2.29
+  * The getcpu wrapper function has been added, which returns the currently
+    used CPU and NUMA node
+  * Optimized generic exp, exp2, log, log2, pow, sinf, cosf, sincosf and tanf
+  * The reallocarray function is now declared under _DEFAULT_SOURCE, not just
+    for _GNU_SOURCE, to match BSD environments
+  * For powercp64le ABI, Transactional Lock Elision is now enabled iff kernel
+    indicates that it will abort the transaction prior to entering the kernel
+    (PPC_FEATURE2_HTM_NOSC on hwcap2)
+  * The functions posix_spawn_file_actions_addchdir_np and
+    posix_spawn_file_actions_addfchdir_np have been added, enabling
+    posix_spawn and posix_spawnp to run the new process in a different
+    directory
+  * The popen and system do not run atfork handlers anymore (BZ#17490)
+  * strftime's default formatting of a locale's alternative year (%Ey)
+    has been changed to zero-pad the year to a minimum of two digits,
+    like "%y"
+  * As a GNU extension, the '_' and '-' flags can now be applied to
+    "%EY" to control how the year number is formatted
+  * The glibc.tune tunable namespace has been renamed to glibc.cpu and the
+    tunable glibc.tune.cpu has been renamed to glibc.cpu.name
+  * The type of the pr_uid and pr_gid members of struct elf_prpsinfo, defined
+    in <sys/procfs.h>, has been corrected to match the type actually used by
+    the Linux kernel
+  * An archaic GNU extension to scanf, under which '%as', '%aS', and '%a[...]'
+    meant to scan a string and allocate space for it with malloc, is now
+    restricted to programs compiled in C89 or C++98 mode with _GNU_SOURCE
+    defined
+- unwind-ctor.patch, old-getdents64.patch, nss-files-leak.patch,
+  riscv-feholdexcept-setround.patch,
+  pthread-cond-broadcast-waiters-after-spinning.patch,
+  regex-uninit-memory-access.patch, spawni-maybe-script-execute.patch,
+  gethostid-gethostbyname-failure.patch, strstr-huge-needle.patch,
+  pthread-mutex-lock-elision-race.patch, x86-haswell-string-flags.patch,
+  if-nametoindex-descr-leak.patch, riscv-flush-icache.patch: Removed
+- CVE-2016-10739
+- bsc#1114984
+- bsc#1114993
+- bsc#1122729
+- bsc#1131330
+- bsc#1149332
+- bsc#1151582
+- bsc#1164505
+
+- fnmatch-collating-elements.patch: update
+- riscv-flush-icache.patch: fix for compiling against 4.20 headers
+
+- if-nametoindex-descr-leak.patch: if_nametoindex: Fix descriptor leak for
+  overlong name (CVE-2018-19591, BZ #23927, bsc#1117603)
+
+- Fix typography for glibc-locale-base.
+
+- pthread-mutex-lock-elision-race.patch: Fix race in pthread_mutex_lock
+  while promoting to PTHREAD_MUTEX_ELISION_NP (BZ #23275)
+- x86-haswell-string-flags.patch: x86: Fix Haswell CPU string flags (BZ
+  [#23709])
+
+- unwind-ctor.patch: Add missing unwind information to ld.so on powerpc32
+  (BZ #23707)
+- old-getdents64.patch: Rewrite __old_getdents64 (BZ #23497)
+- nss-files-leak.patch: Fix file stream leak in aliases lookup (BZ #23521)
+- riscv-feholdexcept-setround.patch: Fix rounding save/restore bug
+- pthread-cond-broadcast-waiters-after-spinning.patch: Fix
+  waiters-after-spinning case (BZ #23538)
+- regex-uninit-memory-access.patch: fix uninitialized memory access (BZ
+  [#23578])
+- spawni-maybe-script-execute.patch: Fix segfault in maybe_script_execute
+- gethostid-gethostbyname-failure.patch: Check for NULL value from
+  gethostbyname_r (BZ #23679)
+- strstr-huge-needle.patch: Fix strstr bug with huge needles (BZ #23637)
-- glibc-fix-aarch64-build.diff: Fix build on aarch64 with
-  binutils newer than 2.30.
+- Add libpng-devel and zlib-devel for utils build
-- aarch64-hwcap-atomics.patch: aarch64: add HWCAP_ATOMICS to
-  HWCAP_IMPORTANT (fate#325962)
+- Update to glibc 2.28
+  * The localization data for ISO 14651 is updated to match the 2016
+    Edition 4 release of the standard, this matches data provided by
+    Unicode 9.0.0
+  * Unicode 11.0.0 Support: Character encoding, character type info, and
+    transliteration tables are all updated to Unicode 11.0.0, using
+    generator scripts contributed by Mike FABIAN (Red Hat)
+  * <math.h> functions that round their results to a narrower type are added
+    from TS 18661-1:2014 and TS 18661-3:2015
+  * Two grammatical forms of month names are now supported
+  * The renameat2 function has been added, a variant of the renameat function
+    which has a flags argument
+  * The statx function has been added, a variant of the fstatat64
+    function with an additional flags argument
+  * IDN domain names in getaddrinfo and getnameinfo now use the system libidn2
+    library if installed
+  * Parsing of dynamic string tokens in DT_RPATH, DT_RUNPATH, DT_NEEDED,
+    DT_AUXILIARY, and DT_FILTER has been expanded to support the full
+    range of ELF gABI expressions including such constructs as
+    '$ORIGIN$ORIGIN' (if valid)
+  * Support for ISO C threads (ISO/IEC 9899:2011) has been added.
+  * The nonstandard header files <libio.h> and <_G_config.h> are no longer
+    installed
+  * The stdio functions 'getc' and 'putc' are no longer defined as macros
+  * All stdio functions now treat end-of-file as a sticky condition
+  * The macros 'major', 'minor', and 'makedev' are now only available from
+    the header <sys/sysmacros.h>
+  * The obsolete function ustat is no longer available to newly linked
+    binaries; the headers <ustat.h> and <sys/ustat.h> have been removed
+  * The obsolete function nfsservctl is no longer available to newly linked
+    binaries
+  * The obsolete function name llseek is no longer available to newly linked
+    binaries
+  * The AI_IDN_ALLOW_UNASSIGNED and NI_IDN_ALLOW_UNASSIGNED flags for the
+    getaddrinfo and getnameinfo functions have been deprecated
+  * The AI_IDN_USE_STD3_ASCII_RULES and NI_IDN_USE_STD3_ASCII_RULES flags for
+    the getaddrinfo and getnameinfo functions have been deprecated
+  * The fcntl function now have a Long File Support variant named fcntl64
+  * CVE-2016-6261, CVE-2016-6263, CVE-2017-14062: Various vulnerabilities have
+    been fixed by removing the glibc-internal IDNA implementation and using
+    the system-provided libidn2 library instead
+- Split off all libcrypt related functions into package libxcrypt
+- fix-locking-in-_IO_cleanup.patch, fnmatch-collating-elements.patch:
+  Rediff
+- aarch64-sys-ptrace-update.patch,
+  crypt_blowfish-1.2-hack_around_arm.diff, crypt_blowfish-1.2-sha.diff,
+  crypt_blowfish-const.patch, crypt_blowfish-gensalt.patch,
+  glibc-2.14-crypt.diff, i386-memmove-sse2-unaligned.patch,
+  i386-sigaction-sa-restorer.patch, mempcpy-avx512.patch,
+  netgroup-cache-keys.patch, nss-database-multiple-dfn.patch,
+  pkey-get-reserved-name.patch, powerpc-sys-ptrace-undefine-macros.patch,
+  powerpc-sys-ptrace-update.patch, realpath-ssize-max-overflow.patch,
+  res-send-enomem.patch, riscv-fmax-fmin-nan.patch,
+  riscv-kernel-sigaction.patch, riscv-readelflib.patch,
+  riscv-tls-init.patch: Removed
+- glibc_post_upgrade.c: Don't reload init (bsc#1103124)
+- CVE-2009-5155, CVE-2015-8985
+- bsc#1092877
+- bsc#1102526
+- bsc#1112570
+- bsc#1126590
+- bsc#1127223
+
+- Use python3-pexpect instead of python-pexpect
-- math-remove-slow-path.patch: Remove slow paths from math routines
-  (fate#325815, fate#325879, fate#325880, fate#325881, fate#325882)
+- riscv-kernel-sigaction.patch: fix struct kernel_sigaction to match the
+  kernel version (BZ #23069)
-- localtime-2039.patch: Fix year 2039 bug for localtime with 64-bit time_t
-  (bsc#1102526, BZ #22639)
+- glibc-2.3.90-langpackdir.diff: No longer search in /usr/share/locale-bundle
-- i386-memmove-sse2-unaligned.patch: Fix SSE2 memmove issue when crossing
-  2GB boundary (CVE-2017-18269, bnc#1094150, BZ #22644)
+- mempcpy-avx512.patch: Don't write beyond destination in
+  __mempcpy_avx512_no_vzeroupper (CVE-2018-11237, bsc#1094154)
-- glibc-fix-avx512-mempcpy.patch: replace with upstream version
-
-- Use %license also for COPYING and COPYING.LIB (bsc#1082318)
-
-- Add glibc-fix-avx512-mempcpy.patch as quick fix for mempcpy
-  buffer overwrite in memmove-avx512-no-vzeroupper.S for Knights
-  Landing CPUs (CVE-2018-11237, bnc#1094154, bnc#1092877, BZ #23196)
+- Use %license also for COPYING, COPYING.LIB
+- i386-memmove-sse2-unaligned.patch: Fix SSE2 memmove issue when crossing
+  2GB boundary (CVE-2017-18269, bnc#1094150, BZ #22644)
+
-- Use %license (bsc#1082318)
-
-- stack-guard-size-accounting.patch: Fix stack guard size accounting
-  (bsc#1074208, BZ #22637)
-- libgcc-rtld-now.patch: Open libgcc.so with RTLD_NOW during
-  pthread_cancel (bsc#1074208, BZ #22636)
-
-- Mark source0 as nosource in non-main source rpms
-
-- Add systemtap-headers to BuildRequires.
-- Add --enable-systemtap to configure arguments. (fate#324969,
-  bsc#1073636)
-
-- memalign-overflow.patch: Fix integer overflows in internal memalign and
-  malloc functions (CVE-2018-6485, CVE-2018-6551, bsc#1079036, BZ #22343,
-  BZ #22774)
+- pkey-get-reserved-name.patch: Linux: use reserved name __key in pkey_get
+  (BZ #22797)
+- aarch64-sys-ptrace-update.patch: linux/aarch64: sync sys/ptrace.h with
+  Linux 4.15 (BZ #22433)
+- powerpc-sys-ptrace-undefine-macros.patch: powerpc: Undefine Linux ptrace
+  macros that conflict with __ptrace_request
+- powerpc-sys-ptrace-update.patch: linux/powerpc: sync sys/ptrace.h with
+  Linux 4.15 (BZ #22433, BZ #22807)
+- netgroup-cache-keys.patch: Fix netgroup cache keys (BZ #22342)
+- i386-sigaction-sa-restorer.patch: i386: Fix i386 sigaction sa_restorer
+  initialization (BZ #21269)
+- riscv-tls-init.patch: RISC-V: Do not initialize $gp in TLS macros
+- riscv-fmax-fmin-nan.patch: RISC-V: fmax/fmin: Handle signalling NaNs
+  correctly (BZ #22884)
+
+- nss-database-multiple-dfn.patch: Fix multiple definitions of
+  __nss_*_database (BZ #22918)
+
+- Use %license (boo#1082318)
+
+- Add systemtap-headers to BuildRequires
+- Add --enable-systemtap to configure arguments (fate#324969, bsc#1073636)
+
+- riscv-readelflib.patch: Fix parsing flags in ELF64 files on riscv
+
+- Update to glibc 2.27
+  * Optimized x86-64 asin, atan2, exp, expf, log, pow, atan, sin, cosf,
+    sinf, sincosf and tan with FMA
+  * Optimized x86-64 trunc and truncf for processors with SSE4.1
+  * Optimized generic expf, exp2f, logf, log2f, powf, sinf, cosf and
+    sincosf
+  * In order to support faster and safer process termination the malloc API
+    family of functions will no longer print a failure address and stack
+    backtrace after detecting heap corruption
+  * The abort function terminates the process immediately, without flushing
+    stdio streams
+  * On platforms where long double has the IEEE binary128 format (aarch64,
+    alpha, mips64, riscv, s390 and sparc), the math library now implements
+    _Float128 interfaces for that type, as defined by ISO/IEC TS 18661-3:2015
+    These are the same interfaces added in version 2.26 for some platforms where
+    this format is supported but is not the format of long double
+  * On platforms with support for _Float64x (aarch64, alpha, i386, ia64,
+    mips64, powerpc64le, riscv, s390, sparc and x86_64), the math library now
+    implements interfaces for that type, as defined by ISO/IEC TS
+    18661-3:2015
+  * The math library now implements interfaces for the _Float32, _Float64 and
+    _Float32x types, as defined by ISO/IEC TS 18661-3:2015
+  * glibc now implements the memfd_create and mlock2 functions on Linux
+  * Support for memory protection keys was added
+  * The copy_file_range function was added
+  * The ldconfig utility now processes `include' directives using the C/POSIX
+    collation ordering
+  * Support for two grammatical forms of month names has been added
+  * Support for the RISC-V ISA running on Linux has been added
+  * Statically compiled applications attempting to load locales compiled for the
+    GNU C Library version 2.27 will fail and fall back to the builtin C/POSIX
+    locale
+  * Support for statically linked applications which call dlopen is deprecated
+    and will be removed in a future version of glibc
+  * Support for old programs which use internal stdio data structures and
+    functions is deprecated
+  * On GNU/Linux, the obsolete Linux constant PTRACE_SEIZE_DEVEL is no longer
+    defined by <sys/ptrace.h>
+  * libm no longer supports SVID error handling (calling a user-provided
+    matherr function on error) or the _LIB_VERSION variable to control error
+    handling
+  * The libm functions pow10, pow10f and pow10l are no longer supported for
+    new programs
+  * The mcontext_t type is no longer the same as struct sigcontext
+  * The add-ons mechanism for building additional packages at the same time as
+    glibc has been removed
+  * The res_hnok, res_dnok, res_mailok and res_ownok functions now check that
+    the specified string can be parsed as a domain name
+  * In the malloc_info output, the <heap> element may contain another <aspace>
+    element, "subheaps", which contains the number of sub-heaps
+  * In the malloc_info output, the <heap> element may contain another <aspace>
+    element, "subheaps", which contains the number of sub-heaps
+  * The nonstandard header files <libio.h> and <_G_config.h> are deprecated
+    and will be removed in a future release
+  * CVE-2018-6485, CVE-2018-6551: The posix_memalign and memalign
+    functions, when called with an object size near the value of SIZE_MAX,
+    would return a pointer to a buffer which is too small, instead of NULL
+    (bsc#1079036)
+- Support for Sun RPC is no longer available, use libtirpc instead
+- glibc-nodate.patch, powerpc-elision-enable-envvar.patch,
+  s390-elision-enable-envvar.patch, resolv-context-leak.patch,
+  dl-runtime-resolve-opt-avx512f.patch, libpthread-compat-wrappers.patch,
+  math-c++-compat.patch, remove-nss-nis-compat.patch,
+  eh-frame-zero-terminator.patch, ld-so-hwcap-x86-64.patch,
+  assert-pedantic.patch, getaddrinfo-errno.patch, resolv-conf-oom.patch,
+  dynarray-allocation.patch, nearbyint-inexact.patch, nss-compat.patch,
+  nscd-libnsl.patch, malloc-tcache-leak.patch,
+  falkor-memcpy-memmove.patch, aarch64-cpu-features.patch,
+  nss-files-large-buffers.patch. sysconf-uio-maxiov.patch,
+  glob-tilde-overflow.patch, dl-runtime-resolve-xsave.patch,
+  spawni-assert.patch, x86-64-dl-platform.patch, glob64-s390.patch,
+  tst-tlsopt-powerpc.patch, powerpc-hwcap-bits.patch,
+  malloc-tcache-check-overflow.patch, dl-init-paths-overflow.patch,
+  fillin-rpath-empty-tokens.patch, getcwd-absolute.patch,
+  ldd-system-interp.patchabort-no-flush.patch: Removed
+- All patches refreshed
+- bsc#1063675
+- bsc#1074208
gnome-control-center
+- Add gnome-control-center-network-fix-nmce-popup.patch:
+  network-connection-editor: Close the editor when nm-connection-editor
+  exits(bsc#1208193 glgo#GNOME/gnome-control-center!1956).
+
google-noto-fonts
+fix: bsc#1202279 and gh#notofonts/Arimo#13
+- fix-arimo.patch
+
+fix: summary and descriptions not mentioning font being Serif
+  add: README.FAQ to answer some questions about Noto Fonts packaging
+
+feat: create new metapackage noto-fonts with all Noto Fonts except CJK and Emoji
+
+update: 20220524 -> 20220607
+- Noto Sans and Noto Sans Myanmar have been updated
+  fix(spec): add LICENSE to every package, remove redundant doc package
+- It is likely a legal requirement that the license must be included with the package (rather than only recommends)
+- Using the %license macro and including the license in every subpackage is the norm
+  fix(sh): prevent redundant .svn files from being compressed into archive
+  chore(spec): use install instead of mkdir and cp
+  chore(sh): fix typo
+
+- Add obsoletes and provides for google-{arimo,cousine,tinos}-fonts
+
+- Switch back to hinted ttf as unhinted otf causes blurring (boo#1199938)
+
+- Add obsoletes and provides for:
+  - noto-mono-fonts: Got merged into noto-sans-mono-fonts
+  - noto-sans-syriac* variants: Got merged into noto-sans-syriac-fonts
+  - noto-sans-tibetan-fonts: Got renamed to noto-serif-tibetan-fonts
+- Update to version 20220524
+  - Updated Noto Sans Myanmar and Noto Sans Tangsa Fonts
+
+- Clarify sources
+
+- Fix unversioned obsoletes
+- Merge noto-sans-display-fonts into noto-sans-fonts
+  - Fixes inconsistent font family names see Github issue #2315
+- Bump version to 20220516
+  - Start using OTF fonts to be in-line with Noto CJK and Emoji
+  - No new fonts
+
+- Update URL and source for zips
+- Update to version 20220509
+  - 96 new fonts, details at https://pastebin.com/ycnpAn88
+
grub2
-- Fix failure to identify recent ext4 filesystem (bsc#1216010)
-  * 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch
-  * 0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch
-- Add patch to fix reading files from btrfs with "implicit" holes
-  * 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch
+- grub2.spec: Fix openQA test failure in SLE-15-SP6 due to missing
+  font in memdisk
+
+- Update the TPM2 patches to skip the persistent SRK handle if not
+  specified and improve the error messages
+  + 0003-protectors-Add-TPM2-Key-Protector.patch
+  + 0005-util-grub-protect-Add-new-tool.patch
+  + 0004-tpm2-Support-authorized-policy.patch
+
+- Fix XFS regression in 2.12~rc1 and support large extent counters
+  * 0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch
+  * 0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch
+  * 0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch
-  * 0001-kern-ieee1275-init-ppc64-Restrict-high-memory-in-pre.patch
+  * 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch
+
+- Fix a potential error when appending multiple keys into the
+  synthesized initrd
+  * Fix-the-size-calculation-for-the-synthesized-initrd.patch
+
+- Fix Xen chainloding error of no matching file path found (bsc#1216081)
+  * grub2-efi-chainload-harder.patch
+
+- Use grub-tpm2 token to unlock keyslots to make the unsealing process more
+  efficient and secure.
+  * 0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch
+- Add patch to fix reading files from btrfs with "implicit" holes:
+  * 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch
+
+- Update the TPM 2.0 patches to support more RSA and ECC algorithms
+  * 0002-tpm2-Add-TPM-Software-Stack-TSS.patch
+  * 0003-protectors-Add-TPM2-Key-Protector.patch
+  * 0005-util-grub-protect-Add-new-tool.patch
+
+- Remove build require for gcc-32bit, target platform didn't rely on libgcc
+  function shipped with compiler but rather using functions supplied in grub
+  directly.
+
+- Add BuildIgnore to break cycle with the branding package
+
+- Only build with fde-tpm-helper-rpm-macros for the architectures
+  supporting the newer UEFI and TPM 2.0.
+  * Also correct the location of %fde_tpm_update_requires
+
+- Add the new BuildRequires for EFI builds for the better FDE
+  support: fde-tpm-helper-rpm-macros
+  + Also add the the macros to %post and %posttrans
+
+- Correct the type of allocated EFI pages for ARM64 kernel (bsc#1215151)
+  * arm64-Use-proper-memory-type-for-kernel-allocation.patch
+
+- grub2-mkconfig-riscv64.patch: Handle riscv64 in mkconfig
+
+- Implement NV index mode for TPM 2.0 key protector
+  0001-protectors-Implement-NV-index.patch
+- Fall back to passphrase mode when the key protector fails to
+  unlock the disk
+  0002-cryptodisk-Fallback-to-passphrase.patch
+- Wipe out the cached key cleanly
+  0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch
+- Make diskfiler to look up cryptodisk devices first
+  0004-diskfilter-look-up-cryptodisk-devices-first.patch
+
+- Change the bash-completion directory (bsc#1213855)
+  * grub2-change-bash-completion-dir.patch
+
+- Version bump to 2.12~rc1 (PED-5589)
+  * Added:
+  - grub-2.12~rc1.tar.xz
+  * Removed:
+  - grub-2.06.tar.xz
+  * Patch dropped merged by new version:
+  - grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch
+  - grub2-s390x-02-kexec-module-added-to-emu.patch
+  - grub2-efi-chainloader-root.patch
+  - grub2-Fix-incorrect-netmask-on-ppc64.patch
+  - 0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch
+  - 0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch
+  - 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch
+  - grub2-s390x-10-keep-network-at-kexec.patch
+  - 0001-Fix-build-error-in-binutils-2.36.patch
+  - 0001-emu-fix-executable-stack-marking.patch
+  - 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch
+  - 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch
+  - 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
+  - 0001-Filter-out-POSIX-locale-for-translation.patch
+  - 0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch
+  - 0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch
+  - 0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch
+  - 0001-grub-mkconfig-restore-umask-for-grub.cfg.patch
+  - 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch
+  - 0002-ieee1275-claim-more-memory.patch
+  - 0003-ieee1275-request-memory-with-ibm-client-architecture.patch
+  - 0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch
+  - 0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch
+  - 0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch
+  - 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch
+  - 0001-powerpc-do-CAS-in-a-more-compatible-way.patch
+  - 0001-libc-config-merge-from-glibc.patch
+  - 0001-video-Remove-trailing-whitespaces.patch
+  - 0002-loader-efi-chainloader-Simplify-the-loader-state.patch
+  - 0003-commands-boot-Add-API-to-pass-context-to-loader.patch
+  - 0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch
+  - 0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch
+  - 0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch
+  - 0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch
+  - 0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch
+  - 0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
+  - 0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch
+  - 0011-video-readers-png-Sanity-check-some-huffman-codes.patch
+  - 0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
+  - 0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch
+  - 0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
+  - 0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch
+  - 0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch
+  - 0017-net-ip-Do-IP-fragment-maths-safely.patch
+  - 0018-net-netbuff-Block-overly-large-netbuff-allocs.patch
+  - 0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch
+  - 0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch
+  - 0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch
+  - 0022-net-tftp-Avoid-a-trivial-UAF.patch
+  - 0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch
+  - 0024-net-http-Fix-OOB-write-for-split-http-headers.patch
+  - 0025-net-http-Error-out-on-headers-with-LF-without-CR.patch
+  - 0026-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch
+  - 0027-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch
+  - 0028-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch
+  - 0029-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch
+  - 0030-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch
+  - 0031-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch
+  - 0032-Use-grub_loader_set_ex-for-secureboot-chainloader.patch
+  - 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch
+  - 0002-cryptodisk-Refactor-to-discard-have_it-global.patch
+  - 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch
+  - 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch
+  - 0005-cryptodisk-Improve-cryptomount-u-error-message.patch
+  - 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch
+  - 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch
+  - 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch
+  - 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch
+  - 0001-crytodisk-fix-cryptodisk-module-looking-up.patch
+  - 0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch
+  - 0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch
+  - 0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch
+  - 0004-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch
+  - 0005-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch
+  - 0006-EFI-console-Do-not-set-colorstate-until-the-first-te.patch
+  - 0007-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch
+  - efi-set-variable-with-attrs.patch
+  - 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch
+  - 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch
+  - 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch
+  - 0004-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch
+  - 0005-kern-efi-mm-Implement-runtime-addition-of-pages.patch
+  - 0001-kern-efi-mm-Enlarge-the-default-heap-size.patch
+  - 0002-mm-Defer-the-disk-cache-invalidation.patch
+  - 0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch
+  - 0001-commands-efi-tpm-Refine-the-status-of-log-event.patch
+  - 0002-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch
+  - 0003-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch
+  - 0001-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch
+  - 0002-ieee1275-implement-vec5-for-cas-negotiation.patch
+  - 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
+  - 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
+  - 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch
+  - 0004-font-Remove-grub_font_dup_glyph.patch
+  - 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch
+  - 0006-font-Fix-integer-overflow-in-BMP-index.patch
+  - 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch
+  - 0008-fbutil-Fix-integer-overflow.patch
+  - 0009-font-Fix-an-integer-underflow-in-blit_comb.patch
+  - 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
+  - 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
+  - 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
+  - 0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch
+  - 0001-ieee1275-Increase-initially-allocated-heap-from-1-4-.patch
+  - 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch
+  - grub2-add-module-for-boot-loader-interface.patch
+  - 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch
+  - 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
+  - 0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch
+  - 0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch
+  - 0001-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch
+  - 0002-kern-ieee1275-init-Extended-support-in-Vec5.patch
+  - 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch
+  - 0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch
+  * Patch modified to new base version:
+  - use-grub2-as-a-package-name.patch
+  - grub2-fix-menu-in-xen-host-server.patch
+  - grub2-secureboot-add-linuxefi.patch
+  - grub2-secureboot-chainloader.patch
+  - grub2-s390x-01-Changes-made-and-files-added-in-order-to-allow-s390x.patch
+  - grub2-s390x-03-output-7-bit-ascii.patch
+  - grub2-s390x-04-grub2-install.patch
+  - grub2-use-rpmsort-for-version-sorting.patch
+  - grub2-getroot-treat-mdadm-ddf-as-simple-device.patch
+  - grub2-grubenv-in-btrfs-header.patch
+  - grub2-commands-introduce-read_file-subcommand.patch
+  - grub2-efi-chainload-harder.patch
+  - grub2-emu-4-all.patch
+  - grub2-util-30_os-prober-multiple-initrd.patch
+  - grub2-install-fix-not-a-directory-error.patch
+  - grub-install-force-journal-draining-to-ensure-data-i.patch
+  - grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
+  - grub2-btrfs-04-grub2-install.patch
+  - grub2-btrfs-05-grub2-mkconfig.patch
+  - grub2-btrfs-06-subvol-mount.patch
+  - grub2-efi-xen-chainload.patch
+  - grub2-efi-xen-cmdline.patch
+  - grub2-efi-xen-removable.patch
+  - grub2-suse-remove-linux-root-param.patch
+  - grub2-ppc64le-disable-video.patch
+  - grub2-install-remove-useless-check-PReP-partition-is-empty.patch
+  - 0004-efinet-UEFI-IPv6-PXE-support.patch
+  - 0007-efinet-Setting-network-from-UEFI-device-path.patch
+  - 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch
+  - 0001-add-support-for-UEFI-network-protocols.patch
+  - grub2-mkconfig-default-entry-correction.patch
+  - grub2-s390x-11-secureboot.patch
+  - grub2-secureboot-install-signed-grub.patch
+  - grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch
+  - 0002-cmdline-Provide-cmdline-functions-as-module.patch
+  - 0001-efi-linux-provide-linux-command.patch
+  - 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch
+  - 0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch
+  - 0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch
+  - 0001-Factor-out-grub_efi_linux_boot.patch
+  - 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch
+  - 0015-test_asn1-test-module-for-libtasn1.patch
+  - 0021-appended-signatures-documentation.patch
+  - 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch
+  - 0003-grub-install-support-prep-environment-block.patch
+  - 0004-Introduce-prep_load_env-command.patch
+  - 0001-grub-install-bailout-root-device-probing.patch
+  - 0001-install-fix-software-raid1-on-esp.patch
+  - 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch
+  - 0001-protectors-Add-key-protectors-framework.patch
+  - 0002-tpm2-Add-TPM-Software-Stack-TSS.patch
+  - 0004-cryptodisk-Support-key-protectors.patch
+  - 0008-linuxefi-Use-common-grub_initrd_load.patch
+  - 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch
+  - grub-read-pcr.patch
+  - tpm-record-pcrs.patch
+  - 0001-clean-up-crypttab-and-linux-modules-dependency.patch
+  * Patch refreshed:
+  - rename-grub-info-file-to-grub2.patch
+  - grub2-linux.patch
+  - grub2-simplefb.patch
+  - grub2-ppc-terminfo.patch
+  - grub2-pass-corret-root-for-nfsroot.patch
+  - grub2-efi-HP-workaround.patch
+  - grub2-secureboot-no-insmod-on-sb.patch
+  - grub2-linuxefi-fix-boot-params.patch
+  - grub2-s390x-05-grub2-mkconfig.patch
+  - grub2-xen-linux16.patch
+  - grub2-efi-disable-video-cirrus-and-bochus.patch
+  - grub2-vbe-blacklist-preferred-1440x900x32.patch
+  - grub2-mkconfig-aarch64.patch
+  - grub2-menu-unrestricted.patch
+  - grub2-mkconfig-arm.patch
+  - grub2-s390x-06-loadparm.patch
+  - grub2-s390x-07-add-image-param-for-zipl-setup.patch
+  - grub2-s390x-08-workaround-part-to-disk.patch
+  - grub2-diskfilter-support-pv-without-metadatacopies.patch
+  - grub2-getroot-support-nvdimm.patch
+  - grub2-s390x-skip-zfcpdump-image.patch
+  - grub2-btrfs-02-export-subvolume-envvars.patch
+  - grub2-btrfs-03-follow_default.patch
+  - grub2-btrfs-07-subvol-fallback.patch
+  - grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch
+  - grub2-btrfs-09-get-default-subvolume.patch
+  - grub2-btrfs-10-config-directory.patch
+  - grub2-efi-xen-cfg-unquote.patch
+  - grub2-Add-hidden-menu-entries.patch
+  - grub2-SUSE-Add-the-t-hotkey.patch
+  - grub2-ppc64le-memory-map.patch
+  - grub2-ppc64-cas-reboot-support.patch
+  - grub2-ppc64-cas-new-scope.patch
+  - grub2-ppc64-cas-fix-double-free.patch
+  - 0003-bootp-New-net_bootp6-command.patch
+  - 0005-grub.texi-Add-net_bootp6-doument.patch
+  - 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch
+  - 0012-tpm-Build-tpm-as-module.patch
+  - 0002-AUDIT-0-http-boot-tracker-bug.patch
+  - grub2-btrfs-help-on-snapper-rollback.patch
+  - grub2-video-limit-the-resolution-for-fixed-bimap-font.patch
+  - 0001-kern-mm.c-Make-grub_calloc-inline.patch
+  - 0001-Unify-the-check-to-enable-btrfs-relative-path.patch
+  - 0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch
+  - 0003-Make-grub_error-more-verbose.patch
+  - 0001-ieee1275-Avoiding-many-unecessary-open-close.patch
+  - 0001-Workaround-volatile-efi-boot-variable.patch
+  - 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch
+  - 0004-Try-to-pick-better-locations-for-kernel-and-initrd.patch
+  - 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch
+  - 0005-docs-grub-Document-signing-grub-under-UEFI.patch
+  - 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch
+  - 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch
+  - 0008-pgp-factor-out-rsa_pad.patch
+  - 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch
+  - 0011-libtasn1-import-libtasn1-4.18.0.patch
+  - 0014-libtasn1-compile-into-asn1-module.patch
+  - 0016-grub-install-support-embedding-x509-certificates.patch
+  - 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch
+  - 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch
+  - 0019-appended-signatures-support-verifying-appended-signa.patch
+  - 0020-appended-signatures-verification-tests.patch
+  - 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch
+  - 0002-Add-grub_disk_write_tail-helper-function.patch
+  - 0005-export-environment-at-start-up.patch
+  - 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch
+  - 0003-protectors-Add-TPM2-Key-Protector.patch
+  - 0005-util-grub-protect-Add-new-tool.patch
+  - 0010-templates-import-etc-crypttab-to-grub.cfg.patch
+  - grub-install-record-pcrs.patch
+  - safe_tpm_pcr_snapshot.patch
+  - 0002-Mark-environmet-blocks-as-used-for-image-embedding.patch
+  - 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch
+  - 0002-discard-cached-key-before-entering-grub-shell-and-ed.patch
+  - 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
+  - 0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch
+  * New:
+  - 0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch
+  - 0001-font-Try-memdisk-fonts-with-the-same-name.patch
+  - 0001-Make-grub.cfg-compatible-to-old-binaries.patch
+  - 0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch
+  * Embedding fonts in the grub.efi to get signed for secure boot
+
+- Fix error message "unknown command tpm_record_pcrs" with encrypted boot and
+  no tpm device present (bsc#1213547)
+  * 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
+
+- add 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch,
+  0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch:
+  * support more featureful extX filesystems (backport from
+  upstream git)
+
+- Exclude the deprecated EFI location, /usr/lib64/efi/, from
+  Tumbleweed and ALP
+
+- Update TPM 2.0 key unsealing patches
+  * Add the new upstreaming patches
+    0001-protectors-Add-key-protectors-framework.patch
+    0002-tpm2-Add-TPM-Software-Stack-TSS.patch
+    0003-protectors-Add-TPM2-Key-Protector.patch
+    0004-cryptodisk-Support-key-protectors.patch
+    0005-util-grub-protect-Add-new-tool.patch
+  * Add the authorized policy patches based on the upstreaming
+    patches
+    0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch
+    0002-tpm2-Add-more-marshal-unmarshal-functions.patch
+    0003-tpm2-Implement-more-TPM2-commands.patch
+    0004-tpm2-Support-authorized-policy.patch
+  * Drop the old patches
+    0010-protectors-Add-key-protectors-framework.patch
+    0011-tpm2-Add-TPM-Software-Stack-TSS.patch
+    0012-protectors-Add-TPM2-Key-Protector.patch
+    0013-cryptodisk-Support-key-protectors.patch
+    0014-util-grub-protect-Add-new-tool.patch
+    fix-tpm2-build.patch
+    tpm-protector-dont-measure-sealed-key.patch
+    tpm-protector-export-secret-key.patch
+    grub-unseal-debug.patch
+    0001-tpm2-adjust-the-input-parameters-of-TPM2_EvictContro.patch
+    0002-tpm2-declare-the-input-arguments-of-TPM2-functions-a.patch
+    0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch
+    0004-tpm2-add-new-TPM2-types-structures-and-command-const.patch
+    0005-tpm2-add-more-marshal-unmarshal-functions.patch
+    0006-tpm2-check-the-command-parameters-of-TPM2-commands.patch
+    0007-tpm2-pack-the-missing-authorization-command-for-TPM2.patch
+    0008-tpm2-allow-some-command-parameters-to-be-NULL.patch
+    0009-tpm2-remove-the-unnecessary-variables.patch
+    0010-tpm2-add-TPM2-commands-to-support-authorized-policy.patch
+    0011-tpm2-make-the-file-reading-unmarshal-functions-gener.patch
+    0012-tpm2-initialize-the-PCR-selection-list-early.patch
+    0013-tpm2-support-unsealing-key-with-authorized-policy.patch
+  * Refresh grub-read-pcr.patch
+  * Introduce a new build requirement: libtasn1-devel
+- Only package grub2-protect for the architectures with EFI support
+
+  * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch
-- Fix installation over serial console ends up in infinite boot loop
-  (bsc#1187810) (bsc#1209667) (bsc#1209372)
-  * 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch
-
+- Restrict cryptsetup key file permission for better security (bsc#1207499)
+  * 0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch
+  * 0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch
+
+- Meanwhile, memtest86+ gained EFI support, but using the grub
+  command line to run it manually is quite tedious...
+  Adapt 20_memtest86+ to provide a proper menu entry. Executing
+  memtest requires to turn security off in BIOS: (Boot Mode: Other OS).
+
+- Tolerate kernel moved out of /boot. (bsc#1184804)
+  * grub2-s390x-12-zipl-setup-usrmerge.patch
+
+- Discard cached key from grub shell and editor mode
+  * 0001-clean-up-crypttab-and-linux-modules-dependency.patch
+  * 0002-discard-cached-key-before-entering-grub-shell-and-ed.patch
+
-- Move unsupported zfs modules into 'extras' packages
-  (bsc#1205554) (PED-2947)
+- Fix riscv64 error for relocation 0x13 is not implemented yet
+  * 0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch
+- Rediff
+  * safe_tpm_pcr_snapshot.patch
+- Patch supersceded
+  * 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
+
+- Refresh 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch to
+  handle the TPM2 responseCode correctly.
+
+- Add module for boot loader interface. Needed for load Unified Kernel
+  Image (UKI)
+  * grub2-add-module-for-boot-loader-interface.patch
+
+- Amend the TPM2 stack and add authorized policy mode to
+  tpm2_key_protector
+  * 0001-tpm2-adjust-the-input-parameters-of-TPM2_EvictContro.patch
+  * 0002-tpm2-declare-the-input-arguments-of-TPM2-functions-a.patch
+  * 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch
+  * 0004-tpm2-add-new-TPM2-types-structures-and-command-const.patch
+  * 0005-tpm2-add-more-marshal-unmarshal-functions.patch
+  * 0006-tpm2-check-the-command-parameters-of-TPM2-commands.patch
+  * 0007-tpm2-pack-the-missing-authorization-command-for-TPM2.patch
+  * 0008-tpm2-allow-some-command-parameters-to-be-NULL.patch
+  * 0009-tpm2-remove-the-unnecessary-variables.patch
+  * 0010-tpm2-add-TPM2-commands-to-support-authorized-policy.patch
+  * 0011-tpm2-make-the-file-reading-unmarshal-functions-gener.patch
+  * 0012-tpm2-initialize-the-PCR-selection-list-early.patch
+  * 0013-tpm2-support-unsealing-key-with-authorized-policy.patch
+- Fix GCC 13 build failure (bsc#1201089)
+  * 0002-AUDIT-0-http-boot-tracker-bug.patch
+
+- Move unsupported zfs modules into 'extras' packages
+  (bsc#1205554) (PED-2947)
+
+- Fix inappropriately including commented lines in crypttab (bsc#1206279)
+  * 0010-templates-import-etc-crypttab-to-grub.cfg.patch
+
+- Increase the path buffer in the crypttab command for the long
+  volume name (bsc#1206333)
+  * grub2-increase-crypttab-path-buffer.patch
+
-- Support grub2-install on LUKS2 encrypted device
-  * 0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch
-  * 0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch
-  * 0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch
+- Make full utilization of btrfs bootloader area (bsc#1161823)
+  * 0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch
+  * 0002-Mark-environmet-blocks-as-used-for-image-embedding.patch
+- Patch removed
+  * 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch
+
+- Fix regression of reverting back to asking password twice when a keyfile is
+  already used (bsc#1205309)
+  * 0010-templates-import-etc-crypttab-to-grub.cfg.patch
+- Removed 0001-linux-fix-efi_relocate_kernel-failure.patch as reported
+  regression in some hardware being stuck in initrd loading (bsc#1205380)
+
+- Fix password asked twice if third field in crypttab not present (bsc#1205312)
+  * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch
+
+- Fix efi pcr snapshot related funtion is defined but not used on powerpc
+  platform.
+  * safe_tpm_pcr_snapshot.patch
+- Fix firmware oops after disk decrypting failure (bsc#1204037)
+  * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch
+
+- Add patch to fix kernel relocation error in low memory
+  * 0001-linux-fix-efi_relocate_kernel-failure.patch
+
+- Add safety measure to pcr snapshot by checking platform and tpm status
+  * safe_tpm_pcr_snapshot.patch
+
+- Fix installation failure due to unavailable nvram device on
+  ppc64le (bsc#1201361)
+  * 0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch
+
+- Add patches to dynamically allocate additional memory regions for
+  EFI systems (bsc#1202438)
+  * 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch
+  * 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch
+  * 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch
+  * 0004-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch
+  * 0005-kern-efi-mm-Implement-runtime-addition-of-pages.patch
+- Enlarge the default heap size and defer the disk cache
+  invalidation (bsc#1202438)
+  * 0001-kern-efi-mm-Enlarge-the-default-heap-size.patch
+  * 0002-mm-Defer-the-disk-cache-invalidation.patch
+
+- Add patches for ALP FDE support
+  * 0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch
+  * 0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch
+  * 0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch
+  * 0004-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch
+  * 0005-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch
+  * 0006-EFI-console-Do-not-set-colorstate-until-the-first-te.patch
+  * 0007-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch
+  * 0008-linuxefi-Use-common-grub_initrd_load.patch
+  * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch
+  * 0010-templates-import-etc-crypttab-to-grub.cfg.patch
+  * grub-read-pcr.patch
+  * efi-set-variable-with-attrs.patch
+  * tpm-record-pcrs.patch
+  * tpm-protector-dont-measure-sealed-key.patch
+  * tpm-protector-export-secret-key.patch
+  * grub-install-record-pcrs.patch
+  * grub-unseal-debug.patch
+
+- Fix out of memory error cannot be prevented via disabling tpm (bsc#1202438)
+  * 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
+
+- Fix tpm error stop tumbleweed from booting (bsc#1202374)
+  * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
+- Patch Removed
+  * 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch
+
+- Add tpm, tpm2, luks2 and gcry_sha512 to default grub.efi (bsc#1197625)
+- Make grub-tpm.efi a symlink to grub.efi
+  * grub2.spec
+- Log error when tpm event log is full and continue
+  * 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch
+- Patch superseded
+  * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
+
-- Fix installation failure due to unavailable nvram device on
-  ppc64le (bsc#1201361)
-  * 0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch
-
-- Update SBAT security contact (boo#1193282)
+- Fix error message in displaying help on bootable snapshot (bsc#1199609)
+
+- Fix installation over serial console ends up in infinite boot loop
+  (bsc#1187810) (bsc#1209667) (bsc#1209372)
+  * 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch
+- Fix ppc64le build error for new IEEE long double ABI
+  * 0001-libc-config-merge-from-glibc.patch
+
+- use common SBAT values (boo#1193282)
+
+- Fix wrong order in kernel sorting of listing rc before final release
+  (bsc#1197376)
+  * grub2-use-rpmsort-for-version-sorting.patch
+
+- Fix duplicated insmod part_gpt lines in grub.cfg (bsc#1197186)
+  * 0001-grub-probe-Deduplicate-probed-partmap-output.patch
+
+- Fix GCC 12 build failure (bsc#1196546)
+  * 0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch
+  * 0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch
+  * 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch
+- Revised
+  * grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
+  * 0002-ieee1275-powerpc-enables-device-mapper-discovery.patch
+
gstreamer-plugins-bad
-- Add gstreamer-plugins-bad-CVE-2023-40474.patch: Backporting
-  ff91a3d8 from upstream, Fix possible overflow using
-  max_sub_layers_minus1 (CVE-2023-40474 bsc#1215793).
+- Add gstreamer-plugins-bad-CVE-2023-40474.patch:
+  Backporting ce17e968 from upstream, Fix integer overflow causing
+  out of bounds writes when handling invalid uncompressed video.
+  (CVE-2023-40474 bsc#1215796)
-- Add patch from upstream to fix a heap overwrite in PGS subtitle
+- Add gstreamer-plugins-bad-CVE-2023-40476.patch:
+  Backporting ff91a3d8 from upstream, Fix possible overflow using
+  max_sub_layers_minus1.
+  (CVE-2023-40476 bsc#1215793)
+
+- Add 0001-dvdspu-Make-sure-enough-data-is-allocated-for-the.patch:
+  from upstream to fix a heap overwrite in PGS subtitle
-  execution (bsc#1213126, CVE-2023-37329):
-  * 0001-dvdspu-Make-sure-enough-data-is-allocated-for-the.patch
+  execution (CVE-2023-37329 bsc#1213126).
hplip
-- Add patch to fix hplip being vulnerable to a malicious printer
-  attribute handling which could provoke a buffer overflow if
-  CUPS returned a printer with too large name/location/uri/etc.
-  It seems upstream tried to fix this buffer overflow in 3.22.x
-  by using snprintf instead of strcpy and in the process they
-  introduced another similar issue (boo#1209866, lp#2013185).
-  This backport of the fix submitted to TW for boo#1209866 fixes
-  the buffer overflow correctly:
+- hppsfilter: booklet printing: change insecure fixed /tmp file paths
+  (bsc#1214399)
+  * add hppsfilter-booklet-printing-change-insecure-fixed-tm.patch
+
+- Update to hplip 3.23.8 (jsc#PED-5846)
+- Support for new printers:
+  * HP Color LaserJet Pro MFP 4301fdne
+  * HP Color LaserJet Pro MFP 4301fdwe
+  * HP Color LaserJet Pro MFP 4301cdwe
+  * HP Color LaserJet Pro MFP 4301cfdne
+  * HP Color LaserJet Pro MFP 4301cfdwe
+  * HP Color LaserJet Pro MFP 4302dwe
+  * HP Color LaserJet Pro MFP 4302fdne
+  * HP Color LaserJet Pro MFP 4302fdwe
+  * HP Color LaserJet Pro MFP 4302cdwe
+  * HP Color LaserJet Pro MFP 4302fdn
+  * HP Color LaserJet Pro MFP 4302fdw
+  * HP Color LaserJet Pro MFP 4303dw
+  * HP Color LaserJet Pro MFP 4303fdn
+  * HP Color LaserJet Pro MFP 4303fdw
+  * HP Color LaserJet Pro MFP 4303cdw
+  * HP Color LaserJet Pro MFP 4303cfdn
+  * HP Color LaserJet Pro MFP 4303cfdw
+  * HP Color LaserJet Pro 4201dne
+  * HP Color LaserJet Pro 4201dwe
+  * HP Color LaserJet Pro 4201cdne
+  * HP Color LaserJet Pro 4201cdwe
+  * HP Color LaserJet Pro 4202dne
+  * HP Color LaserJet Pro 4202dwe
+  * HP Color LaserJet Pro 4202dn
+  * HP Color LaserJet Pro 4202dw
+  * HP Color LaserJet Pro 4203dn
+  * HP Color LaserJet Pro 4203dw
+  * HP Color LaserJet Pro 4203cdn
+  * HP Color LaserJet Pro 4203cdw
+  * HP DeskJet 2800 All-in-One Printer series
+  * HP DeskJet 2800e All-in-One Printer series
+  * HP DeskJet Ink Advantage 2800 All-in-One Printer series
+  * HP DeskJet 4200 All-in-One Printer series
+  * HP DeskJet 4200e All-in-One Printer series
+  * HP DeskJet Ink Advantage 4200 All-in-One Printer series
+  * HP DeskJet Ink Advantage Ultra 4900 All-in-One Printer series
+
+- Update to hplip 3.23.5
+  * added new CUPS filter hpcdmfax
+- Support for new printers:
+  * HP Smart Tank 520_540 series
+  * HP Smart Tank 580-590 series
+  * HP Smart Tank 5100 series
+  * HP Smart Tank 210-220 series
+  * HP Color LaserJet Enterprise 6700dn
+  * HP Color LaserJet Enterprise 6700
+  * HP Color LaserJet Enterprise 6701dn
+  * HP Color LaserJet Enterprise 6701
+  * HP Color LaserJet Enterprise X654dn
+  * HP Color LaserJet Enterprise X65455dn
+  * HP Color LaserJet Enterprise X654
+  * HP Color LaserJet Enterprise X65465dn
+  * HP Color LaserJet Enterprise X654 65 PPM
+  * HP Color LaserJet Enterprise X654 55 to 65ppm License
+  * HP Color LaserJet Enterprise X654 Down License
+  * HP Color LaserJet Enterprise MFP 6800dn
+  * HP Color LaserJet Enterprise Flow MFP 6800zf
+  * HP Color LaserJet Enterprise Flow MFP 6800zfsw
+  * HP Color LaserJet Enterprise Flow MFP 6800zfw+
+  * HP Color LaserJet Enterprise MFP 6800
+  * HP Color LaserJet Enterprise MFP 6801
+  * HP Color LaserJet Enterprise MFP 6801 zfsw
+  * HP Color LaserJet Enterprise Flow MFP 6801zfw+
+  * HP Color LaserJet Enterprise MFP X677 55 to 65ppm License
+  * HP Color LaserJet Enterprise MFP X677 65ppm
+  * HP Color LaserJet Enterprise MFP X677s
+  * HP Color LaserJet Enterprise Flow MFP X677z
+  * HP Color LaserJet Enterprise MFP X67765dn
+  * HP Color LaserJet Enterprise Flow MFP X67765zs
+  * HP Color LaserJet Enterprise Flow MFP X67765z+
+  * HP Color LaserJet Enterprise MFP X677
+  * HP Color LaserJet Enterprise MFP X67755dn
+  * HP Color LaserJet Enterprise Flow MFP X67755zs
+  * HP Color LaserJet Enterprise Flow MFP X67755z+
+  * HP Color LaserJet Enterprise MFP X677dn
+  * HP Color LaserJet Enterprise Flow MFP X677zs
+  * HP Color LaserJet Enterprise Flow MFP X677z+
+  * HP Color LaserJet Enterprise 5700dn
+  * HP Color LaserJet Enterprise 5700
+  * HP Color LaserJet Enterprise X55745dn
+  * HP Color LaserJet Enterprise X55745
+  * HP Color LaserJet Enterprise MFP 5800dn
+  * HP Color LaserJet Enterprise MFP 5800f
+  * HP Color LaserJet Enterprise Flow MFP 5800zf
+  * HP Color LaserJet Enterprise MFP 5800
+  * HP Color LaserJet Enterprise MFP X57945
+  * HP Color LaserJet Enterprise Flow MFP X57945zs
+  * HP Color LaserJet Enterprise MFP X57945dn
+  * HP Color LaserJet Enterprise Flow MFP X57945z
+
+- Add patch to fix hplip applying printf string format parsing to
+  printer attributes returned from CUPS (such as
+  "dnssd://foo%20series._ipp._tcp.local/?uuid=...") which results
+  in a segfault (boo#1209866, lp#2013185):
-- Add hplip-3.20.6-python-includes.patch to fix C compiler flags
-  (boo#1198794)
+- Update to 3.22.10
+  * drop no-systray-failure-message.patch (fixed upstream)
+  * adapt Use-lsb_release-fallback-code-if-import-distro-fails.patch
+    (code moved to different source file upstream)
+
+- Update disable_hp-upgrade.patch: Log the 'openSUSE disabled this
+  for security message' is 'info', not 'error'.
+
+- Move the hplip-udev-rules requirement from hplip to hplip-hpijs.
+  The main package will get it via indirect dependencies then.
+
+- Split off hplip-udev-rules hplip-udev-rules so that you can install
+  hplip-sane only and scan as a normal user, fixes boo#1203811
+
+- Update to 3.22.6
+  Added support for following new Distro's:
+  * Mx Linux 21.1
+  * Ubuntu 22.04
+  * Fedora 36
+  Added support for the following new Printers:
+  * HP Color LaserJet Managed MFP E785dn
+  * HP Color LaserJet Managed MFP E78523dn
+  * HP Color LaserJet Managed MFP E78528dn
+  * HP Color LaserJet Managed MFP E786dn
+  * HP Color LaserJet Managed MFP E786 Core Printer
+  * HP Color LaserJet Managed MFP E78625dn
+  * HP Color LaserJet  Managed FlowMFP E786z
+  * HP Color LaserJet Managed Flow MFP E78625z
+  * HP Color LaserJet Managed MFP E78630dn
+  * HP Color LaserJet Managed Flow MFP E78630z
+  * HP Color LaserJet Managed MFP E78635dn
+  * HP Color LaserJet Managed Flow MFP E78635z
+  * HP LaserJet Managed MFP E731dn
+  * HP LaserJet Managed MFP E731 Core Printer
+  * HP LaserJet Managed MFP E73130dn
+  * HP LaserJet Managed Flow MFP E731z
+  * HP LaserJet Managed Flow MFP E73130z
+  * HP LaserJet Managed MFP E73135dn
+  * HP LaserJet Managed Flow MFP E73135z
+  * HP LaserJet Managed MFP E73140dn
+  * HP LaserJet Managed Flow MFP E73140z
+  * HP Color LaserJet Managed MFP E877dn
+  * HP Color LaserJet Managed MFP E877 Core Printer
+  * HP Color LaserJet Managed MFP E87740dn
+  * HP Color LaserJet Managed Flow MFP E877z
+  * HP Color LaserJet Managed Flow MFP E87740z
+  * HP Color LaserJet Managed MFP E87750dn
+  * HP Color LaserJet Managed Flow MFP E87750z
+  * HP Color LaserJet Managed MFP E87760dn
+  * HP Color LaserJet Managed Flow MFP E87760z
+  * HP Color LaserJet Managed MFP E87770dn
+  * HP Color LaserJet Managed Flow MFP E87770z
+  * HP LaserJet Managed MFP E826dn
+  * HP LaserJet Managed MFP E826 Core Printer
+  * HP LaserJet Managed MFP E82650dn
+  * HP LaserJet Managed Flow MFP E826z
+  * HP LaserJet Managed Flow MFP E82650z
+  * HP LaserJet Managed MFP E82660dn
+  * HP LaserJet Managed Flow MFP E82660z
+  * HP LaserJet Managed MFP E82670dn
+  * HP LaserJet Managed Flow MFP E82670z
+  * HP LaserJet Managed MFP E730dn
+  * HP LaserJet Managed MFP E73025dn
+  * HP LaserJet Managed MFP E73030dn
+  * HP LaserJet Pro MFP 3101fdwe
+  * HP LaserJet Pro MFP 3101fdw
+  * HP LaserJet Pro MFP 3102fdwe
+  * HP LaserJet Pro MFP 3102fdw
+  * HP LaserJet Pro MFP 3103fdw
+  * HP LaserJet Pro MFP 3104fdw
+  * HP LaserJet Pro MFP 3101fdne
+  * HP LaserJet Pro MFP 3101fdn
+  * HP LaserJet Pro MFP 3102fdne
+  * HP LaserJet Pro MFP 3102fdn
+  * HP LaserJet Pro MFP 3103fdn
+  * HP LaserJet Pro MFP 3104fdn
+  * HP LaserJet Pro 3001dwe
+  * HP LaserJet Pro 3001dw
+  * HP LaserJet Pro 3002dwe
+  * HP LaserJet Pro 3002dw
+  * HP LaserJet Pro 3003dw
+  * HP LaserJet Pro 3004dw
+  * HP LaserJet Pro 3001dne
+  * HP LaserJet Pro 3001dn
+  * HP LaserJet Pro 3002dne
+  * HP LaserJet Pro 3002dn
+  * HP LaserJet Pro 3003dn
+  * HP LaserJet Pro 3004dn
+
+- Add rebased hplip-3.20.6-python-includes.patch to fix the non-
+  functional scanning: libsane-hpaio.so.1: undefined symbol: _DBG
+  (fixes boo#1198794)
+
+- Update to 3.22.4
+  Added support for following new Distro's:
+  * Manjaro 21.2
+  Added support for the following new Printers:
+  * HP LaserJet Pro 4001ne
+  * HP LaserJet Pro 4001n
+  * HP LaserJet Pro 4001dne
+  * HP LaserJet Pro 4001dn
+  * HP LaserJet Pro 4001dwe
+  * HP LaserJet Pro 4001dw
+  * HP LaserJet Pro 4001d
+  * HP LaserJet Pro 4001de
+  * HP LaserJet Pro 4002ne
+  * HP LaserJet Pro 4002n
+  * HP LaserJet Pro 4002dne
+  * HP LaserJet Pro 4002dn
+  * HP LaserJet Pro 4002dwe
+  * HP LaserJet Pro 4002dw
+  * HP LaserJet Pro 4002d
+  * HP LaserJet Pro 4002de
+  * HP LaserJet Pro 4003dn
+  * HP LaserJet Pro 4003dw
+  * HP LaserJet Pro 4003n
+  * HP LaserJet Pro 4003d
+  * HP LaserJet Pro 4004d
+  * HP LaserJet Pro 4004dn
+  * HP LaserJet Pro 4004dw
+  * HP LaserJet Pro MFP 4101dwe
+  * HP LaserJet Pro MFP 4101dw
+  * HP LaserJet Pro MFP 4101fdn
+  * HP LaserJet Pro MFP 4101fdne
+  * HP LaserJet Pro MFP 4101fdw
+  * HP LaserJet Pro MFP 4101fdwe
+  * HP LaserJet Pro MFP 4102dwe
+  * HP LaserJet Pro MFP 4102dw
+  * HP LaserJet Pro MFP 4102fdn
+  * HP LaserJet Pro MFP 4102fdw
+  * HP LaserJet Pro MFP 4102fdwe
+  * HP LaserJet Pro MFP 4102fdne
+  * HP LaserJet Pro MFP 4102fnw
+  * HP LaserJet Pro MFP 4102fnwe
+  * HP LaserJet Pro MFP 4103dw
+  * HP LaserJet Pro MFP 4103dn
+  * HP LaserJet Pro MFP 4103fdn
+  * HP LaserJet Pro MFP 4103fdw
+  * HP LaserJet Pro MFP 4104dw
+  * HP LaserJet Pro MFP 4104fdw
+  * HP LaserJet Pro MFP 4104fdn
+  * HP ScanJet Pro 3600 f1
+  * HP ScanJet Pro N4600 fnw1
+  * HP ScanJet Pro 2600 f1
+  * HP ScanJet Enterprise Flow N6600 fnw1
+- Changes from 3.22.2
+  Added support for following new Distro's:
+  * Elementary OS 6.1
+  * RHEL 8.5
+  * Linux Mint 20.3
+  Added support for the following new Printers:
+  * HP LaserJet Tank MFP 1602a
+  * HP LaserJet Tank MFP 1602w
+  * HP LaserJet Tank MFP 1604w
+  * HP LaserJet Tank MFP 2602dn
+  * HP LaserJet Tank MFP 2602sdn
+  * HP LaserJet Tank MFP 2602sdw
+  * HP LaserJet Tank MFP 2602dw
+  * HP LaserJet Tank MFP 2604dw
+  * HP LaserJet Tank MFP 2604sdw
+  * HP LaserJet Tank MFP 2603dw
+  * HP LaserJet Tank MFP 2603sdw
+  * HP LaserJet Tank MFP 2605sdw
+  * HP LaserJet Tank MFP 2606dn
+  * HP LaserJet Tank MFP 2606sdn
+  * HP LaserJet Tank MFP 2606sdw
+  * HP LaserJet Tank MFP 2606dw
+  * HP LaserJet Tank MFP 2606dc
+  * HP LaserJet Tank MFP 1005
+  * HP LaserJet Tank MFP 1005w
+  * HP LaserJet Tank MFP 1005nw
+  * HP LaserJet Tank 1502a
+  * HP LaserJet Tank 1502w
+  * HP LaserJet Tank 1504w
+  * HP LaserJet Tank 2502dw
+  * HP LaserJet Tank 2502dn
+  * HP LaserJet Tank 2504dw
+  * HP LaserJet Tank 2503dw
+  * HP LaserJet Tank 2506dw
+  * HP LaserJet Tank 2506d
+  * HP LaserJet Tank 2506dn
+  * HP LaserJet Tank 1020
+  * HP LaserJet Tank 1020w
+  * HP LaserJet Tank 1020nw
+- Changes from 3.21.12
+  Added support for following new Distro's:
+  * MX Linux 21
+  * Elementary OS 6
+  * Fedora 35
+- Drop photocard-fix-import-error-for-pcardext.patch,
+  because now in upstream.
+- Rebase Use-lsb_release-fallback-code-if-import-distro-fails.patch,
+  bacause some is in upstream now.
+- Reabse hplip-missing-drivers.patch
javapackages-tools
+- Added patches:
+  * 0005-Interpolate-properties-also-in-the-current-artifact.patch
+    + interpolate variables also in current artifactId, groupId and
+    version
+  * 0006-Test-variable-expansion-in-artifactId.patch
+    + test previous changes
+  * 0007-Test-that-we-don-t-bomb-on-relativePath.patch
+    + test gracious handling of empty <relativePath/> in parent
+    reference of a pom file
+
+- Added patch:
+  * 0004-Reproducible-builds-keep-order-of-aliases-and-depend.patch
+    + make the aliases and dependencies lists so that the order is
+    kept
+
+- Added patch:
+  * 0003-Reproducible-exclusions-order-in-maven-metadata.patch
+    + sort exclusions in maven metadata
+
+- Modified patch:
+  * 0001-Make-the-alias-generation-reproducible.patch ->
+    0001-Make-maven_depmap-order-of-aliases-reproducible.patch
+    + replace by the version of patch integrated by upstream
+- Added patch:
+  * 0002-Do-not-bomb-on-relativePath-construct.patch
+    + integrated patch fixing parent recursion with empty
+    <relativePath/> element
+
+- Upgrade to upstream version 6.2.0
+  * ÃŽntegrate our changes from javapackages-6.1.0-maven-depmap.patch
+- Removed patch:
+  * javapackages-6.1.0-maven-depmap.patch
+    + upstreamed
+- Added patch:
+  * 0001-Make-the-alias-generation-reproducible.patch
+    + separate patch for our reproducible changes that was not
+    part of the integrated pull request
+
+- Modified patch:
+  * javapackages-6.1.0-maven-depmap.patch
+    + try to make the list of aliases more reproducible
+
+- Enable the tests also for older distributions
+- Require python3-xml (python-xml for distributions that use
+  versioned modules), since module xml needed by some scripts.
+
less
+- add zstd support to lessopen
+
+- Update to 643:
+  * Fix problem when a program piping into less reads from the tty,
+    like sudo asking for password (github #368).
+  * Fix search modifier ^E after ^W.
+  * Fix bug using negated (^N) search (github #374).
+  * Fix bug setting colors with -D on Windows build (github #386).
+  * Fix reading special chars like PageDown on Windows (github #378).
+  * Fix mouse wheel scrolling on Windows (github #379).
+  * Fix erroneous EOF when terminal window size changes (github #372).
+  * Fix compile error with some definitions of ECHONL (github #395).
+  * Fix crash on Windows when writing logfile (github #405).
+  * Fix regression in exit code when stdin is /dev/null and
+    output is a file (github #373).
+  * Add lesstest test suite to production release (github #344).
+  * Change lesstest output to conform with
+    automake Simple Test Format (github #399).
+
+- Update to 633
+  * This release fixes a build problem found in less-632 on systems
+    which have termcap.h in a subdirectory (ncurses/termcap.h or
+    ncursesw/termcap.h). There is no functional difference between
+    less-632 and less-633
+
+- Update to 632 (differences between 608 and 632)
+  * Add LESSUTFCHARDEF environment variable (github #275).
+  * Add # command (github #330).
+  * Add ^S search modifier (github #196).
+  * Add --wordwrap option (github #113).
+  * Add --no-vbell option (github #304).
+  * Add --no-search-headers option (github #44).
+  * Add --modelines option (github #89).
+  * Add --intr option (github #224).
+  * Add --proc-backspace, --proc-tab and --proc-return options (github #335).
+  * Add --show-preproc-errors option (github #258).
+  * Add LESS_LINES and LESS_COLUMNS environment variables (github #84).
+  * Add LESS_DATA_DELAY environment variable (github #337).
+  * Allow empty "lines" field in --header option.
+  * Update Unicode tables.
+  * Improve ability of ^X to interrupt F command (github #49).
+  * Status column (-J) shows off-screen matches.
+  * Parenthesized sub-patterns in searches are colored with unique colors, if supported by the regular expression library (github #196).
+  * Don't allow opening a tty as file input unless -f is set (github #309).
+  * Don't require newline input after +&... option (github #339).
+  * Fix incorrect handling of some Private Use Unicode characters.
+  * Fix ANSI color bug when overstriking with colored chars (github #276).
+  * Fix compiler const warning (github #279).
+  * Fix signal race in iread (github #280).
+  * Fix reading procfs files on Linux (github #282).
+  * Fix --ignore-case with ctrl-R (no regex) search (github #300).
+  * Fix bug doing repeat search after setting & filter (github #299).
+  * Fix bug doing repeat search before non-repeat search.
+  * Fix crash with -R and certain line lengths (github #338).
+  * Fix input of Windows dead keys (github #352).
+  * Don't retain search options from a cancelled search (github #302).
+  * Don't call realpath on fake filenames like "-" (github #289).
+  * Implement lesstest test suite.
+  * Convert function parameter definitions from K&R to C89 (github #316).
+- Drop patch cve-2022-46663.patch (merged).
+
+- Refreshed all other patches with quilt to an uniform -p1 patch
+  style, which allows us to use %autosetup and simplify the spec
+  file a bit.
+
+- Update to 608:
+  * Add the --header option (github #43).
+  * Add the --no-number-headers option (github #178).
+  * Add the --status-line option.
+  * Add the --redraw-on-quit option (github #36).
+  * Add the --search-options option (github #213).
+  * Add the --exit-follow-on-close option (github #244).
+  * Add 'H' color type to set color of header lines.
+  * Add #version conditional to lesskey.
+  * Add += syntax to variable section in lesskey files.
+  * Allow option name in -- command to end with '=' in addition to '\n'.
+  * Add $HOME/.config to possible locations of lesskey file (github #153).
+  * Add $XDG_STATE_HOME and $HOME/.local/state to possible locations
+    of history file (github #223).
+  * Don't read or write history file in secure mode (github #201).
+  * Fix display of multibyte and double-width chars in prompt.
+  * Fix ESC-BACKSPACE command when BACKSPACE key does not send 0x08
+    (github #188).
+  * Add more \k codes to lesskey format.
+  * Fix bug when empty file is modified while viewing it.
+  * Fix bug when parsing a malformed lesskey file (githb #234).
+  * Fix bug scrolling history when --incsearch is set (github #214).
+  * Fix buffer overflow when invoking lessecho with more than 63 -m/-n
+    options (github #198).
+  * Fix buffer overflow in bin_file (github #271).
+  * Fix bug restoring color at end of highlighted text.
+  * Fix bug in parsing lesskey file.
+  * Defer moving cursor to lower left in some more cases.
+  * Suppress TAB filename expansion in some cases where it doesn't make sense.
+  * Fix termlib detection when compiler doesn't accept
+    calls to undeclared functions.
+  * Escape filenames when invoking LESSCLOSE.
+  * Fix bug using multibyte UTF-8 char in search string
+    with --incsearch (github #273).
+
+- Which need one /usr/bin/which, not the package which
libhugetlbfs
+- Add libhugetlbfs-noexecstack.patch (bsc#1213639)
+- Increase buffer size in libhugetlbfs-increase-mount-buffer.patch
+  as in the provided fix (bsc#1213639)
+
+- Add libhugetlbfs-increase-mount-buffer.patch for upstream issue gh#43
+  (boo#1216576, bsc#1213639)
+
-- update to 2.17:
-  * PPC segement alignment restrictions can be disabled
-  * Added Aarch64 support
-  * Allow compiler overrides for 64 and 32 bit builds
-  * hugeadm now handles /etc/mtab being a simlink properly
-  * ppc64 fixes
-- remove libhugetlbfs.ia64-libdir.patch:
-  ia64 is no longer supported by openSUSE
-- add ignore-perl-modules.diff: do not install perl modules, unused
-  and are installed in the wrong place to be found anyway
-- add ARM support
-- add disable-rw-on-non-ldscripts.diff: Skip rw tests
-- Do not install tests anymore
-
-- Tests compile fine for s390(x), also include them in the package, the same
-  way it is done for other archs as well.
-
libmbim
+- Fix build with RPM 4.19: unnumbered patches are no longer
+  supported.
+
libosinfo
-- jsc#PED-2104 [Virt Tools] Refresh Virtualization Tools for Xen
+- Update to version 1.11.0 (jsc#PED-2104)
+  Changes in this release include:
+  * Several minor memory leak fixes
+  * Several CI improvements
+  * Several translations improvements
+- Drop 3a0fef72.patch as it is now part of the tarball
+
+- jsc#PED-2113 [Virt Tools] Refresh Virtualization Tools for Xen
mariadb
+- Update to 10.11.6:
+    https://mariadb.com/kb/en/mariadb-10-11-6-release-notes/
+    https://mariadb.com/kb/en/mariadb-10-11-6-changelog/
+  * fixes for the following security vulnerabilities:
+    10.11:6: CVE-2023-22084, (bsc#1217405)
+- Refreshed patches:
+  * mariadb-10.4.12-fix-install-db.patch
+
poppler-data
+- update to 0.4.12:
+  * updated files from the adobe-type-tools repositories
+
-- Update to version 0.4.5:
-  + New data from Adobe.
-  + New data from xpdf.
-
psmisc
+- Fix version at configure time as there was no .tarball-version
+
rsync
+- Update to latest version from Factory (3.2.7)
+- Deleted the following patches, already included in that version:
+  - rsync-CVE-2020-14387.patch
+  - rsync-CVE-2022-29154-trust-sender-1.patch
+  - rsync-CVE-2022-29154-trust-sender-2.patch
+  - rsync-CVE-2022-29154.patch
+  - rsync-fix-delay-updates-never-updates-after-interruption.patch
+
+- Rename patch to follow naming patch policies:
+  fortified-strlcpy-fix.patch -> rsync-fortified-strlcpy-fix.patch
+
+- Use "slp" for bcond, not "openslp", like we use for all other
+  packages, too.
+- Disable slp patch and configure option if bcond slp is disabled.
+
+- add fortified-strlcpy-fix.patch (bsc#1214616, bsc#1214249)
+
+- Disable openslp support on new distros (bsc#1214884)
+
+- Add support directory to %docdir.
+  Includes some upstream provided scripts such as rrsync. (bsc#1212198)
+
+- Switch rsyncd symlink to a wrapper script to allow setting a distinct
+  SELinux type (bsc#1209654)
+
+- New version fixes bug (boo#1203727): implicit containing directory
+  sometimes rejected as unrequested
+- update to 3.2.7
+  * BUG FIXES:
+  - Fixed the client-side validating of the remote sender's filtering behavior.
+  - More fixes for the "unrequested file-list name" name, including a copy of
+    "/" with `--relative` enabled and a copy with a lot of related paths with
+    `--relative` enabled (often derived from a `--files-from` list).
+  - When rsync gets an unpack error on an ACL, mention the filename.
+  - Avoid over-setting sanitize_paths when a daemon is serving "/" (even if
+    "use chroot" is false).
+  * ENHANCEMENTS:
+  - Added negotiated daemon-auth support that allows a stronger checksum digest
+    to be used to validate a user's login to the daemon.  Added SHA512, SHA256,
+    and SHA1 digests to MD5 & MD4.  These new digests are at the highest priority
+    in the new daemon-auth negotiation list.
+  - Added support for the SHA1 digest in file checksums.  While this tends to be
+    overkill, it is available if someone really needs it.  This overly-long
+    checksum is at the lowest priority in the normal checksum negotiation list.
+    See [`--checksum-choice`](rsync.1#opt) (`--cc`) and the `RSYNC_CHECKSUM_LIST`
+    environment var for how to customize this.
+  - Improved the xattr hash table to use a 64-bit key without slowing down the
+    key's computation.  This should make extra sure that a hash collision doesn't
+    happen.
+  - If the `--version` option is repeated (e.g. `-VV`) then the information is
+    output in a (still readable) JSON format.  Client side only.
+  - The script `support/json-rsync-version` is available to get the JSON style
+    version output from any rsync.  The script accepts either text on stdin
+  * *or** an arg that specifies an rsync executable to run with a doubled
+    `--version` option.  If the text we get isn't already in JSON format, it is
+    converted. Newer rsync versions will provide more complete json info than
+    older rsync versions. Various tweaks are made to keep the flag names
+    consistent across versions.
+  - The [`use chroot`](rsyncd.conf.5#) daemon parameter now defaults to "unset"
+    so that rsync can use chroot when it works and a sanitized copy when chroot
+    is not supported (e.g., for a non-root daemon).  Explicitly setting the
+    parameter to true or false (on or off) behaves the same way as before.
+  - The `--fuzzy` option was optimized a bit to try to cut down on the amount of
+    computations when considering a big pool of files. The simple heuristic from
+    Kenneth Finnegan resuled in about a 2x speedup.
+  - If rsync is forced to use protocol 29 or before (perhaps due to talking to an
+    rsync before 3.0.0), the modify time of a file is limited to 4-bytes.  Rsync
+    now interprets this value as an unsigned integer so that a current year past
+    2038 can continue to be represented. This does mean that years prior to 1970
+    cannot be represented in an older protocol, but this trade-off seems like the
+    right choice given that (1) 2038 is very rapidly approaching, and (2) newer
+    protocols support a much wider range of old and new dates.
+  - The rsync client now treats an empty destination arg as an error, just like
+    it does for an empty source arg. This doesn't affect a `host:` arg (which is
+    treated the same as `host:.`) since the arg is not completely empty.  The use
+    of [`--old-args`](rsync.1#opt) (including via `RSYNC_OLD_ARGS`) allows the
+    prior behavior of treating an empty destination arg as a ".".
+  * PACKAGING RELATED:
+  - The checksum code now uses openssl's EVP methods, which gets rid of various
+    deprecation warnings and makes it easy to support more digest methods.  On
+    newer systems, the MD4 digest is marked as legacy in the openssl code, which
+    makes openssl refuse to support it via EVP.  You can choose to ignore this
+    and allow rsync's MD4 code to be used for older rsync connections (when
+    talking to an rsync prior to 3.0.0) or you can choose to configure rsync to
+    tell openssl to enable legacy algorithms (see below).
+  - A simple openssl config file is supplied that can be installed for rsync to
+    use.  If you install packaging/openssl-rsync.cnf to a public spot (such as
+    `/etc/ssl/openssl-rsync.cnf`) and then run configure with the option
+    `--with-openssl-conf=/path/name.cnf`, this will cause rsync to export the
+    configured path in the OPENSSL_CONF environment variable (when the variable
+    is not already set).  This will enable openssl's MD4 code for rsync to use.
+  - The packager may wish to include an explicit "use chroot = true" in the top
+    section of their supplied /etc/rsyncd.conf file if the daemon is being
+    installed to run as the root user (though rsync should behave the same even
+    with the value unset, a little extra paranoia doesn't hurt).
+  - I've noticed that some packagers haven't installed support/nameconvert for
+    users to use in their chrooted rsync configs.  Even if it is not installed
+    as an executable script (to avoid a python3 dependency) it would be good to
+    install it with the other rsync-related support scripts.
+  - It would be good to add support/json-rsync-version to the list of installed
+    support scripts.
+
+- Use bundled SLP patch now that upstream fixed it:
+  * Remove rsync-3.2.5-slp.patch
+
+- update to 3.2.6:
+  * More path-cleaning improvements in the file-list validation code to avoid
+    rejecting of valid args.
+  * A file-list validation fix for a --files-from file that ends without a
+    line-terminating character.
+  * Added a safety check that prevents the sender from removing destination
+    files when a local copy using --remove-source-files has some files that are
+    shared between the sending & receiving hierarchies, including the case
+    where the source dir & destination dir are identical.
+  * Fixed a bug in the internal MD4 checksum code that could cause the digest
+    to be sporadically incorrect (the openssl version was/is fine).
+  * A minor tweak to rrsync added "copy-devices" to the list of known args, but
+    left it disabled by default.
+
+- Build SLE version with g++-11
+  to work around nondeterministic g++-7 (boo#1193895)
+
+- Migration to /usr/etc: Saving user changed configuration files
+  in /etc and restoring them while an RPM update.
+
+- Add upstream patch rsync-3.2.5-slp.patch, as the one included in
+  the released tarball doesn't fully apply.
+- Drop patch rsync-CVE-2022-29154.patch, already included upstream.
+- Update to 3.2.5
+  * SECURITY FIXES:
+  - Added some file-list safety checking that helps to ensure that a rogue
+    sending rsync can't add unrequested top-level names and/or include recursive
+    names that should have been excluded by the sender.  These extra safety
+    checks only require the receiver rsync to be updated.  When dealing with an
+    untrusted sending host, it is safest to copy into a dedicated destination
+    directory for the remote content (i.e. don't copy into a destination
+    directory that contains files that aren't from the remote host unless you
+    trust the remote host). Fixes CVE-2022-29154.
+  - A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue).
+  * BUG FIXES:
+  - Fixed the handling of filenames specified with backslash-quoted wildcards
+    when the default remote-arg-escaping is enabled.
+  - Fixed the configure check for signed char that was causing a host that
+    defaults to unsigned characters to generate bogus rolling checksums. This
+    made rsync send mostly literal data for a copy instead of finding matching
+    data in the receiver's basis file (for a file that contains high-bit
+    characters).
+  - Lots of manpage improvements, including an attempt to better describe how
+    include/exclude filters work.
+  - If rsync is compiled with an xxhash 0.8 library and then moved to a system
+    with a dynamically linked xxhash 0.7 library, we now detect this and disable
+    the XX3 hashes (since these routines didn't stabilize until 0.8).
+  * ENHANCEMENTS:
+  - The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the
+    extra file-list safety checking (should that be required).
+  * PACKAGING RELATED:
+  - A note to those wanting to patch older rsync versions: the changes in this
+    release requires the quoted argument change from 3.2.4. Then, you'll want
+    every single code change from 3.2.5 since there is no fluff in this release.
+  - The build date that goes into the manpages is now based on the developer's
+    release date, not on the build's local-timezone interpretation of the date.
+  * DEVELOPER RELATED:
+  - Configure now defaults GETGROUPS_T to gid_t when cross compiling.
+  - Configure now looks for the bsd/string.h include file in order to fix the
+    build on a host that has strlcpy() in the main libc but not defined in the
+    main string.h file.
+
-  * Added patch rsync-rsync-CVE-2022-29154.patch
+  * Added patch rsync-CVE-2022-29154.patch
+
+- Removed %config flag for files in /usr directory.
+
+- Moved logrotate files from user specific directory /etc/logrotate.d
+  to vendor specific directory /usr/etc/logrotate.d.
+
+- Update to 3.2.4
+  * A new form of arg protection was added that works similarly to
+    the older `--protect-args` (`-s`) option but in a way that
+    avoids breaking things like rrsync.
+  * A long-standing bug was preventing rsync from figuring out the
+    current locale's decimal point character, which made rsync
+    always output numbers using the "C" locale.
+  * Too many changes to list, see included NEWS.md file.
+- Drop rsync-CVE-2020-14387.patch, already included upstream.
+
+- Added hardening to systemd service(s) (bsc#1181400). Modified:
+  * rsyncd.service
sqlite3
+- Sync version 3.44.0 from Factory
+  * Fixes bsc#1210660, CVE-2023-2137: Heap buffer overflow
+  * sqlite3-rtree-i686.patch: temporary build fix for 32-bit x86.
+  * Obsoletes sqlite-CVE-2022-46908.patch
+  * Obsoletes sqlite-src-3390000-func7-pg-181.patch
+
squashfs
+- For reference: previous updates fixed
+  * CVE-2021-40153 (bsc#1189936)
+  * CVE-2015-4645, CVE-2015-4646 (bsc#935380)
+
+- update to 4.6.1:
+  * Race condition which can cause corruption of the "fragment
+    table" fixed.  This is a regression introduced in August 2022,
+    and it has been seen when tailend packing is used (-tailends option).
+  * Fix build failure when the tools are being built without
+    extended attribute (XATTRs) support.
+  * Fix XATTR error message when an unrecognised prefix is
+    found
+  * Fix incorrect free of pointer when an unrecognised XATTR
+    prefix is found.
+  * Major improvements in extended attribute handling,
+    pseudo file handling, and miscellaneous new options and
+    improvements
+  * Extended attribute handling improved in Mksquashfs and
+    Sqfstar
+  * New Pseudo file xattr definition to add extended
+    attributes to files.
+  * New xattrs-add Action to add extended attributes to files
+  * Extended attribute handling improved in Unsquashfs
+  * Other major improvements
+  * Unsquashfs can now output Pseudo files to standard out.
+  * Mksquashfs can now input Pseudo files from standard in.
+  * Squashfs filesystems can now be converted (different
+    block size compression etc) without unpacking to an
+    intermediate filesystem or mounting, by piping the output of
+    Unsquashfs to Mksquashfs.
+  * Pseudo files are now supported by Sqfstar.
+  * "Non-anchored" excludes are now supported by Unsquashfs.
+
+- Do not repeat openSUSE / SLE version tests
+- Actually format and package the man pages
+
+- set LZMA_XZ_SUPPORT=1 so you can (un)squash -comp lzma images
+
+- update to 4.5.1 (bsc#1190531, CVE-2021-41072):
+  * This release adds Manpages for Mksquashfs(1), Unsquashfs(1),
+    Sqfstar(1) and Sqfscat(1).
+  * The -help text output from the utilities has been improved
+    and extended as well (but the Manpages are now more
+    comprehensive).
+  * CVE-2021-41072 which is a writing outside of destination
+    exploit, has been fixed.
+  * The number of hard-links in the filesystem is now also
+    displayed by Mksquashfs in the output summary.
+  * The number of hard-links written by Unsquashfs is now
+    also displayed in the output summary.
+  * Unsquashfs will now write to a pre-existing destination
+    directory, rather than aborting.
+  * Unsquashfs now allows "." to used as the destination, to
+    extract to the current directory.
+  * The Unsquashfs progress bar now tracks empty files and
+    hardlinks, in addition to data blocks.
+  * -no-hardlinks option has been implemented for Sqfstar.
+  * More sanity checking for "corrupted" filesystems, including
+    checks for multiply linked directories and directory loops.
+  * Options that may cause filesystems to be unmountable have
+    been moved into a new "experts" category in the Mksquashfs
+    help text (and Manpage).
+  * Maximum cpiostyle filename limited to PATH_MAX.  This
+    prevents attempts to overflow the stack, or cause system
+    calls to fail with a too long pathname.
+  * Don't always use "max open file limit" when calculating
+    length of queues, as a very large file limit can cause
+    Unsquashfs to abort.  Instead use the smaller of max open
+    file limit and cache size.
+  * Fix Mksquashfs silently ignoring Pseudo file definitions
+    when appending.
+  * Don't abort if no XATTR support has been built in, and
+    there's XATTRs in the filesystem.  This is a regression
+    introduced in 2019 in Version 4.4.
+  * Fix duplicate check when the last file block is sparse.
+
+- update to 4.5:
+  * Mksquashfs now supports "Actions".
+  * New sqfstar command which will create a Squashfs image from a tar archive.
+  * Tar style handling of source pathnames in Mksquashfs.
+  * Cpio style handling of source pathnames in Mksquashfs.
+  * New option to throttle the amount of CPU and I/O.
+  * Mksquashfs now allows no source directory to be specified.
+  * New Pseudo file "R" definition which allows a Regular file
+    o be created with data stored within the Pseudo file.
+  * Symbolic links are now followed in extract files
+  * Unsquashfs now supports "exclude" files.
+  * Max depth traversal option added.
+  * Unsquashfs can now output a "Pseudo file" representing the
+    input Squashfs filesystem.
+  * New -one-file-system option in Mksquashfs.
+  * New -no-hardlinks option in Mksquashfs.
+  * Exit code in Unsquashfs changed to distinguish between
+    non-fatal errors (exit 2), and fatal errors (exit 1).
+  * Xattr id count added in Unsquashfs "-stat" output.
+  * Unsquashfs "write outside directory" exploit fixed.
+  * Error handling in Unsquashfs writer thread fixed.
+  * Fix failure to truncate destination if appending aborted.
+  * Prevent Mksquashfs reading the destination file.
+
tiff
-- security update:
-  * CVE-2023-38289 [bsc#1213589]
-    + tiff-CVE-2023-38289.patch
-  * CVE-2023-38288 [bsc#1213590]
-    + tiff-CVE-2023-38288.patch
-  * CVE-2023-3576 [bsc#1213273]
-    + tiff-CVE-2023-3576.patch
-  * CVE-2020-18768 [bsc#1214574]
-    + tiff-CVE-2020-18768.patch
-  * CVE-2023-26966 [bsc#1212881]
-    + tiff-CVE-2023-26966.patch
-  * CVE-2023-3618 [bsc#1213274]
-    + tiff-CVE-2023-3618.patch
-  * CVE-2023-2908 [bsc#1212888]
-    + tiff-CVE-2023-2908.patch
-  * CVE-2023-3316 [bsc#1212535]
-    + tiff-CVE-2023-3316.patch
+- Update to version 4.6.0:
+  * API/ABI breaks: none
+  * WebP decoder: validate WebP blob width, height, band count against
+    TIFF parameters to avoid use of uninitialized variable, or decoding
+    corrupted content without explicit error (fixes issue #581, issue #582).
+  * WebP codec: turn exact mode when creating lossless files to avoid
+    altering R,G,B values in areas where alpha=0
+  * Fix TransferFunction writing of only two transfer functions.
+  * TIFFReadDirectoryCheckOrder: avoid integer overflow. When it occurs,
+    it should be harmless in practice though
+  * tiffcp: remove -i option (ignore errors)
+  * This version removes a big number of utilities that have suffered from
+    lack of maintenance over the years and were the source of various
+    reported security issues:
+    + fax2ps
+    + fax2tiff
+    + pal2rgb
+    + ppm2tiff
+    + raw2tiff
+    + rgb2ycbcr
+    + thumbnail
+    + tiff2bw
+    + tiff2rgba
+    + tiffcmp
+    + tiffcrop
+    + tiffdither
+    + tiffgt
+    + tiffmedian
+    + tiff2ps
+    + tiff2pdf
+- Remove no longer needed tiff-4.0.3-compress-warning.patch.
+
+- Update to version 4.5.1:
+  * Definition of tags reformatted (clang-format off) for better readability of tag comments in tiff.h and tif_dirinfo.c
+  * Do not install libtiff-4.pc when tiff-install is reset.
+  * Add versioninfo resource files for DLL and tools compiled with Windows MSVC and MINGW.
+  * Disable clang-formatting for tif_config.h.cmake.in and tiffconf.h.cmake.in because sensitive for CMake scripts.
+  * CMake: make WebP component name compatible with upstream ConfigWebP.cmake
+  * CMake: make Findliblzma with upstream CMake config file
+  * CMake: FindDeflate.cmake: fix several errors (issue #526).
+  * CMake: FindLERC.cmake: version string return added.
+  * CMake: export TiffConfig.cmake and TiffConfigVersion.cmake files
+  * CMake: fix export of INTERFACE_INCLUDE_DIRECTORIES
+  * Hardcode HOST_FILLORDER to FILLORDER_LSB2MSB and make 'H' flag of TIFFOpen() to warn and an alias of FILLORDER_MSB2LSB. tif_lerc.c: use WORDS_BIGENDIAN instead of HOST_BIGENDIAN.
+  * Optimize relative seeking within TIFFSetDirectory() by using the learned list of IFD offsets.
+  * Improve internal IFD offset and directory number map handling.
+  * Behavior of TIFFOpen() mode "r+" in the Windows implementation adjusted to that of Linux.
+  * TIFFDirectory td_fieldsset type changed from unsigned long, which can be 32 or 64 bits, to uint32_t (fixes issue #484).
+  * tif_ojpeg.c: checking for division by zero (fixes issue #554).
+  * LZWDecode(): avoid crash when trying to read again from a strip whith a missing end-of-information marker (fixes issue #548).
+  * Fixed runtime error: applying zero offset to null pointer in countInkNamesString().
+  * Fixing crash in TIFFUnlinkDirectory() when called with directory number zero ("TIFFUnlinkDirectory(0)") as well as fixing incorrect behaviour when unlinking the first directory.
+  * tif_luv: check and correct for NaN data in uv_encode() (issue #530).
+  * TIFFClose() avoid NULL pointer dereferencing (issue #515).
+  * tif_hash_set.c: include tif_hash_set.h after tif_config.h to let a chance for GDAL symbol renaming trick.
+  * Fax3: fix failure to decode some fax3 number_of_images and add test for Fax3 decoding issues (issue #513).
+  * TIFFSetDirectory() and TIFFWriteDirectorySec() avoid harmless unsigned-integer-overflow (due to gdal oss-fuzz #54311 and #54343).
+  * tif_ojpeg.c: fix issue #554 by checking for division by zero in OJPEGWriteHeaderInfo().
+  * LZWDecode(): avoid crash when trying to read again from a strip whith a missing end-of-information marker (issue #548).
+- Drop no longer needed patches:
+  * tiff-CVE-2023-0795,CVE-2023-0796,CVE-2023-0797,CVE-2023-0798,CVE-2023-0799.patch
+  * tiff-CVE-2022-48281.patch
+  * tiff-CVE-2023-0800,CVE-2023-0801,CVE-2023-0802,CVE-2023-0803,CVE-2023-0804.patch
-  * CVE-2023-25433 [bsc#1212883]
+- Update to 4.5.0:
+  * tdir_t type updated to uint32_t. This type is now used for the return
+    value of TIFFCurrentDirectory() and TIFFNumberOfDirectories(), and as
+    the argument of TIFFSetDirectory() and TIFFUnlinkDirectory()
+  * Addition of an open option concept with the new functions TIFFOpenExt(),
+    TIFFOpenWExt(), TIFFFdOpenExt(), TIFFClientOpenExt(), TIFFOpenOptionsAlloc(),
+    TIFFOpenOptionsFree()
+  * Leveraging above mentioned open option concept, addition of a new capability
+    to limit the size of a single dynamic memory allocation done by the library
+    with TIFFOpenOptionsSetMaxSingleMemAlloc()
+  * Related to IFD-Loop detection refactoring, the number of IFDs that libtiff
+    can browse through has been extended from 65535 to 1048576. This value is
+    a build-time setting that can be configured with CMake's TIFF_MAX_DIR_COUNT
+    variable or autoconf's --with-max-dir-count option.
+  * Whole code base reformatting of .c/.h files using new .clang-format format
+  * Documentation changed from static HTML and man pages to
+    Restructured Text (rst). HTML and man pages are now build artifacts.
+  * SONAME version bumped to 6 due to changes in symbol versioning.
+  * autoconf/cmake: detect (not yet released) libjpeg-turbo 2.2 to take into
+    its capability of handling both 8-bit JPEG and 12-bit JPEG in a single build.
+  * autoconf/cmake: detect sphinx-build to build HTML and man pages
+  * CMakeLists.txt: fix warning with -Wdev
+  * CMake: correctly set default value of 'lzma' option when liblzma is detected
+  * CMake: Moved linking of CMath::CMath into CMath_LIBRARY check.
+  * Fix CMake build to be compatible with FetchContent.
+  * cmake: Correct duplicate definition of _CRT_SECURE_NO_WARNINGS
+  * cmake: Fixes for Visual Studio 2022.
+  * Adds Requires.private generation so that pkg-config can correctly find
+    the dependencies of libtiff.
+  * Fix dependency on libm on Android
+  * Fix build in tif_lzw.c
+  * CMake: Add options for disabling tools, tests, contrib and docs.
+  * tiffcrop: Fix memory allocation to require a larger buffer (CVE-2022-3570, CVE-2022-3598)
+    [bsc#1205422]
+  * tiffcrop: disable incompatibility of -Z, -X, -Y, -z options with any PAGE_MODE_x option
+    (CVE-2022-3627, CVE-2022-3597, CVE-2022-3626)
+  * tiffcrop: fix floating-point exception (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058)
+  * _TIFFCheckFieldIsValidForCodec(): return FALSE when passed a codec-specific tag
+    and the codec is not configured (CVE-2022-34526)
+  * Revised handling of TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value (CVE-2022-3599)
+  * tiffcrop: -S option mutually exclusive (CVE-2022-2519, CVE-2022-2520, CVE-2022-2521)
+- Drop tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch
+- Drop tiff-CVE-2022-34526.patch
+- Drop tiff-CVE-2022-3599.patch
+- Drop tiff-CVE-2022-3598.patch
+- Drop tiff-CVE-2022-3970.patch
+- Drop tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch
+- Drop tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch
+
-  * CVE-2022-3570 [bsc#1205422]
-  * CVE-2022-3598 [bsc#1204642]
-    + tiff-CVE-2022-3598,3570.patch
+  * CVE-2022-3970 [bsc#1205392]
+    + tiff-CVE-2022-3970.patch
-  * CVE-2022-3970 [bsc#1205392]
-    + tiff-CVE-2022-3970.patch
+  * CVE-2022-3598 [bsc#1204642]
+    + tiff-CVE-2022-3598.patch
-  * CVE-2022-2867 [bsc#1202466]
-  * CVE-2022-2868 [bsc#1202467]
-  * CVE-2022-2869 [bsc#1202468]
-    + tiff-CVE-2022-2867,CVE-2022-2868,CVE-2022-2869.patch
-
-- CVE-2022-34266 [bsc#1201971] and [bsc#1201723]:
-  Rename tiff-CVE-2022-0561.patch to
-  tiff-CVE-2022-0561,CVE-2022-34266.patch
-  This CVE is actually a duplicate.
+- update to 4.4.0:
+  * TIFFIsBigTiff() function added.
+  * Functions TIFFFieldSetGetSize() and TIFFieldSetGetCountSize() added.
+  * LZWDecode(): major speed improvements (~30% faster)
+  * Predictor 2 (horizontal differenciation): support 64-bit
+  * Support libjpeg 9d
+  * avoid hang in TIFFRewriteDirectory() if a classic file > 4 GB is attempted
+    to be created
+  * tif_jbig.c: fix crash when reading a file with multiple IFD in
+    memory-mapped mode and when bit reversal is needed
+  * TIFFFetchNormalTag(): avoid calling memcpy() with a null source pointer and
+    size of zero
+  * TIFFWriteDirectoryTagData(): turn assertion on data length into a runtime
+    check
+  * TIFFFetchStripThing(): avoid calling memcpy() with a null source pointer
+    and size of zero
+  * TIFFReadDirectory(): avoid calling memcpy() with a null source pointer and
+    size of zero
+  * TIFFYCbCrToRGBInit(): avoid Integer-overflow
+  * TIFFGetField(TIFFTAG_STRIPBYTECOUNTS/TIFFTAG_STRIPOFFSETS): return error if
+    returned pointer is NULL (fixes #342)
+  * OJPEG: avoid assertion when using TIFFReadScanline()
+  * TIFFReadDirectory: fix OJPEG hack
+  * LZW codec: fix support for strips/tiles > 2 GB on Windows
+  * TIFFAppendToStrip(): fix rewrite-in-place logic
+  * Fix TIFFRewriteDirectory discarding directories.
+  * TIFFReadCustomDirectory(): avoid crash when reading SubjectDistance tag on
+    a non EXIF directory
+  * Fix Segmentation fault printing GPS directory if Altitude tag is present
+  * tif_jpeg.c: do not emit progressive scans with mozjpeg. (#266)
+  * _TIFFRewriteField(): fix when writing a IFD with a single tile that is a
+    sparse one, on big endian hosts
+  * Fix all remaining uses of legacy Deflate compression id and warn on use.
+  * CVE-2022-22844 bsc#1194539
+  * CVE-2022-2867 bsc#1202466
+  * CVE-2022-2868 bsc#1202467
+  * CVE-2022-2869 bsc#1202468
+- drop tiff-CVE-2022-0907.patch, tiff-CVE-2022-0561.patch, tiff-CVE-2022-0562.patch,
+  tiff-CVE-2022-0865.patch, tiff-CVE-2022-0909.patch, tiff-CVE-2022-0924.patch,
+  tiff-CVE-2022-0908.patch, tiff-CVE-2022-1056,CVE-2022-0891.patch: all upstream
+- add signature validation, adds tiff.keyring
+
+- security update:
+  * CVE-2022-0907 [bsc#1197070]
+    + tiff-CVE-2022-0907.patch
+
+  * CVE-2022-34266 [bsc#1201723] [bsc#1201971]
-- security update: Fix buffer overwrite
-  * CVE-2019-17546[bsc#1154365]
-    + tiff-CVE-2019-17546.patch
-- security update: Fix heap based buffer overflow in pal2rgb
-  * CVE-2017-17095[bsc#1071031]
-    + tiff-CVE-2017-17095.patch
-- security update: Fix OOB in _TIFFmemcpy
-  * CVE-2022-22844[bsc#1194539]
-    + tiff-CVE-2022-22844.patch
-- security update: Fix memory allocation failure in tif_read.c
-  * CVE-2020-35521[bsc#1182808] CVE-2020-35522[bsc#1182809]
-    + tiff-CVE-2020-35521,CVE-2020-35522.patch
-- security update: Fix DOS via invertImage()
-  * CVE-2020-19131[bsc#1190312]
-    + tiff-CVE-2020-19131.patch
-- security update: Fix heap-based buffer overflow in TIFF2PDF tool
-  * CVE-2020-35524[bsc#1182812]
-    + tiff-CVE-2020-35524.patch
-- security update: Fix integer overflow in tif_getimage
-  * CVE-2020-35523 [bsc#1182811]
-    + tiff-CVE-2020-35523.patch
-
-- security update: amend patch to fix test
-- modified patches
-  % tiff-CVE-2019-14973.patch (refreshed)
-
-- security update: Fix integer overflow in _TIFFCheckMalloc()
-  * CVE-2019-14973 [bsc#1146608]
-    + tiff-CVE-2019-14973.patch
+- switch source url to https
+
+- version update to 4.3.0
+  * Build and usage of the library and its utilities requires a C99
+    capable compiler.
+  * New optional codec for the LERC (Limited Error Raster Compression)
+    compression scheme. To have it available, configure libtiff against
+    the SDK available at https://github.com/esri/lerc
+  * Removal of unused, or now useless due to C99 availability,
+    functions in port/
+  * tiffcmp: fix comparaison with pixels that are
+    fractional number of bytes
+  * tiff2ps: exit the loop in case of error
+  * tiff2pdf: check that tiff_datasize fits in a signed tsize_t
+
+- version update to 4.2.0
+  Major changes:
+  * Optional support for using libdeflate is added.
+  * Many of the tools now support a memory usage limit.
+  See http://www.simplesystems.org/libtiff/v4.2.0.html for more.
+  * CVE-2020-35521 bsc#1182808
+  * CVE-2020-35522 bsc#1182809
+  * CVE-2020-35523 bsc#1182811
+  * CVE-2020-35524 bsc#1182812
+
+- Drop webp support as it would introduce build cycle
+
+- Enable zstd and webp support
+
+- version update to 4.1.0
+  * fixes several CVEs mentioned below and more,
+    see ChangeLog
+  * CVE-2019-17546 bsc#1154365
+  * CVE-2017-17095 bsc#1071031
+  * CVE-2019-14973 bsc#1146608
+  * CVE-2020-19131 bsc#1190312
+- deleted patches
+  - tiff-CVE-2018-12900.patch (upstreamed)
+  - tiff-CVE-2018-17000,19210.patch (upstreamed)
+  - tiff-CVE-2019-6128.patch (upstreamed)
+  - tiff-CVE-2019-7663.patch (upstreamed)
+- amend tiff-CVE-2018-12900.patch: fix wrong error message
+  [bsc#1099257]
+
+- Support only SLE12+ and remove the no longer needed conditions
+
-  * CVE-2018-18661 [bsc#1113672]
-    + tiff-CVE-2018-18661.patch
-  * CVE-2018-18557 [bsc#1113094]
-    + tiff-CVE-2018-18557.patch
-- asan_build: build ASAN included
-- debug_build: build more suitable for debugging
+- upddated to 4.0.10:
+  * fixes several CVEs mentioned below plus CVE-2018-18557 [bsc#1113094]
+  and CVE-2018-18661 [bsc#1113672] and more
+- removed patches
+  * tiff-CVE-2017-11613,CVE-2018-16335,15209.patch
+  * tiff-CVE-2017-18013.patch
+  * tiff-CVE-2017-9935,CVE-2018-17795.patch
+  * tiff-CVE-2018-10779.patch
+  * tiff-CVE-2018-10963.patch
+  * tiff-CVE-2018-17100.patch
+  * tiff-CVE-2018-17101.patch
+  * tiff-CVE-2018-7456.patch
+  * tiff-CVE-2018-8905.patch
+  * tiff-4.0.9-bsc1081690-CVE-2018-5784.patch
-  * CVE-2018-17100 [bsc#1108637]
-    + tiff-CVE-2018-17100.patch
-  * CVE-2018-17101 [bsc#1108627]
-    + tiff-CVE-2018-17101.patch
+  * CVE-2018-17100 [bsc#1108637]
+    + tiff-CVE-2018-17100.patch
+  * CVE-2018-17101 [bsc#1108627]
+    + tiff-CVE-2018-17101.patch
+
+- remove pal2rgb tool [bsc#1071031]
+
+- security update
traceroute
+- security update
+- added patches
+  fix CVE-2023-46316 [bsc#1216591], wrapper scripts do not properly parse command lines
+  + traceroute-CVE-2023-46316.patch
+
upower
+- Update to version 0.99.17 (bsc#1217052):
+  + New ChargeCycles D-Bus property
+  + New async GLib APIs
+  + Various fixes
+
xerces-c
+- Fix CVE-2023-37536: an integer overflow could potentially lead to
+  out-of-bounds memory accesses (bsc#1216156).
+  * Add xerces-c-CVE-2023-37536.patch.
+
xxhash
+- Update to release 0.8.2
+  * ARM NEON speed improvements; on M1 Pro it is +20% speed for
+    XXH3 and XXH128 (from 30.0 GB/s to 36 GB/s).
+  * Added support for ARM's SVE vector extension.
+  * Resolved some issues with XXH3's s390x vector implementation.
+- Delete xxhash-avoid-armv6-unaligned-access.patch (should be
+  fixed by c0dd448b), delete 836f4e735cf368542f14005e41d2f84ec29dfd60.patch
+  (merged), delete 15ce80f9f2760609d8cc68cea76d3f3217ab70e1.patch
+  aka xxhash-ppc64le-gcc7.patch (merged)
+
+- Add 15ce80f9f2760609d8cc68cea76d3f3217ab70e1.patch: fix build
+  failure on ppc64le when using gcc 7 (boo#1208794).
+
yast2-trans
+- Update to version 84.87.20231121.7869d671a6:
+  * New POT for text domain 'hana-ha'.
+
+- Update to version 84.87.20231117.f12231d4de:
+  * New POT for text domain 'cc'.
+
+- Update to version 84.87.20231104.b73ad6fbc9:
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Czech)
+  * Translated using Weblate (Dutch)
+  * Translated using Weblate (Catalan)
+  * Translated using Weblate (Japanese)
+  * Translated using Weblate (Japanese)
+  * New POT for text domain 'storage'.
+  * New POT for text domain 'installation'.
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * New POT for text domain 'update'.
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+
+- Update to version 84.87.20231027.a9c9df2125:
+  * Translated using Weblate (Galician)
+  * Translated using Weblate (Macedonian)
+  * Translated using Weblate (Macedonian)
+  * Translated using Weblate (Macedonian)
+  * Translated using Weblate (Macedonian)
+  * Translated using Weblate (Macedonian)
+  * Translated using Weblate (Macedonian)
+  * Translated using Weblate (Italian)
+  * Translated using Weblate (Catalan)
+  * Translated using Weblate (Czech)
+  * Translated using Weblate (Czech)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Dutch)
+  * Translated using Weblate (Japanese)
+  * New POT for text domain 'storage'.
+  * New POT for text domain 'country'.
+  * Translated using Weblate (Dutch)
+  * Translated using Weblate (Catalan)
+  * Translated using Weblate (Japanese)
+  * Translated using Weblate (French)
+  * New POT for text domain 'qt-pkg'.
+
+- Update to version 84.87.20231004.bd479b5f2d:
+  * Translated using Weblate (Portuguese (Brazil))
+  * Translated using Weblate (Portuguese (Brazil))
+  * Translated using Weblate (German)
+  * Translated using Weblate (German)
+  * Translated using Weblate (German)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Catalan)
+  * Translated using Weblate (Catalan)
+
+- Update to version 84.87.20230930.5f9e01162a:
+  * Translated using Weblate (Italian)
+  * Translated using Weblate (Italian)
+  * Translated using Weblate (Italian)
+  * Translated using Weblate (Italian)
+  * Translated using Weblate (Italian)
+  * Translated using Weblate (Italian)
+  * Translated using Weblate (Spanish)
+  * Translated using Weblate (Spanish)
+  * Translated using Weblate (Spanish)
+  * Translated using Weblate (Spanish)
+  * New POT for text domain 'storage'.
+
+- Update to version 84.87.20230922.91d997adab:
+  * New POT for text domain 'packager'.
+  * New POT for text domain 'iscsi-client'.
+
+- Update to version 84.87.20230913.43f962446c:
+  * Translated using Weblate (Indonesian)
+  * New POT for text domain 'control'.
+
+- Update to version 84.87.20230909.35988571be:
+  * Translated using Weblate (Swedish)
+  * Translated using Weblate (Swedish)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Russian)
+
+- Update to version 84.87.20230901.be24cb382f:
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Dutch)
+  * Translated using Weblate (Japanese)
+  * Translated using Weblate (Czech)
+  * Translated using Weblate (Catalan)
+  * New POT for text domain 'bootloader'.
+  * Translated using Weblate (Kurdish)
+  * Translated using Weblate (Kurdish)
+
+- Update to version 84.87.20230818.ea489402e5:
+  * Translated using Weblate (Latvian)
+  * Translated using Weblate (Catalan)
+  * Translated using Weblate (Catalan)
+  * Translated using Weblate (Catalan)
+
+- Update to version 84.87.20230811.13616e3be9:
+  * Translated using Weblate (Georgian)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Japanese)
+  * Translated using Weblate (Japanese)
+  * Translated using Weblate (Japanese)
+  * Translated using Weblate (Czech)
+  * Translated using Weblate (Dutch)
+  * Translated using Weblate (Czech)
+  * Translated using Weblate (Dutch)
+  * Translated using Weblate (Czech)
+  * New POT for text domain 'users'.
+  * New POT for text domain 'storage'.
+  * New POT for text domain 'sap-installation-wizard'.
+  * New POT for text domain 'qt-pkg'.
+  * New POT for text domain 'qt'.
+  * New POT for text domain 'pam'.
+  * New POT for text domain 'ncurses'.
+  * New POT for text domain 'migration_sle'.
+  * New POT for text domain 'kdump'.
+  * New POT for text domain 'installation'.
+  * New POT for text domain 'control'.
+
+- Update to version 84.87.20230729.64eca7e0a1:
+  * Translated using Weblate (Kurdish)
+  * Translated using Weblate (Czech)
+
+- Update to version 84.87.20230720.09601d9b28:
+  * Translated using Weblate (English (United Kingdom))
+  * Translated using Weblate (English (United Kingdom))
+  * Translated using Weblate (Russian)
+
+- Update to version 84.87.20230714.966688ddd0:
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+
+- Update to version 84.87.20230708.d1de37aed1:
+  * Translated using Weblate (Chinese (China) (zh_CN))
+  * Translated using Weblate (Kurdish)
+
+- Update to version 84.87.20230630.ccfa6add46:
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Finnish)
+
+- Update to version 84.87.20230619.113a4fdc71:
+  * Translated using Weblate (Kurdish)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Kurdish)
+  * Translated using Weblate (Kurdish)
+  * Translated using Weblate (Kurdish)
+  * Translated using Weblate (Kurdish)
+  * Translated using Weblate (Arabic)
+  * Translated using Weblate (Kurdish)
+  * Translated using Weblate (Italian)
+  * New POT for text domain 'users'.
+  * New POT for text domain 's390'.
+  * New POT for text domain 'storage'.
+  * New POT for text domain 'apparmor'.
+
+- Update to version 84.87.20230602.240a95214f:
+  * New POT for text domain 'control'.
+  * Translated using Weblate (Macedonian)
+  * New POT for text domain 'autoinst'.
+