Removed rpms
============

 - google-arimo-fonts
 - google-cousine-fonts
 - google-noto-fonts-doc
 - google-tinos-fonts

Added rpms
==========

 - google-noto-sans-jp-bold-fonts
 - google-noto-sans-jp-fonts
 - google-noto-sans-jp-regular-fonts
 - google-noto-sans-kr-bold-fonts
 - google-noto-sans-kr-fonts
 - google-noto-sans-kr-regular-fonts
 - google-noto-sans-sc-bold-fonts
 - google-noto-sans-sc-fonts
 - google-noto-sans-sc-regular-fonts
 - google-noto-sans-tc-bold-fonts
 - google-noto-sans-tc-fonts
 - google-noto-sans-tc-regular-fonts
 - google-noto-serif-jp-bold-fonts
 - google-noto-serif-jp-fonts
 - google-noto-serif-jp-regular-fonts
 - google-noto-serif-kr-bold-fonts
 - google-noto-serif-kr-fonts
 - google-noto-serif-kr-regular-fonts
 - google-noto-serif-sc-bold-fonts
 - google-noto-serif-sc-fonts
 - google-noto-serif-sc-regular-fonts
 - google-noto-serif-tc-bold-fonts
 - google-noto-serif-tc-fonts
 - google-noto-serif-tc-regular-fonts
 - libtiff6
 - noto-arimo-fonts
 - noto-cousine-fonts
 - noto-tinos-fonts

Package Source Changes
======================

ImageMagick
+- version update to 7.1.1.21
+  https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
+- modified patches
+  [bsc#1217014][bsc#1216811]
+  % ImageMagick-s390x-disable-tests.patch (refreshed)
+- deleted patches
+  - ImageMagick-correct-time-to-live.patch (upstreamed)
+- added patches
+  https://github.com/ImageMagick/ImageMagick/commit/8f3c56fabc619c1672865257e5aafe33cbfaaf3e
+  https://github.com/ImageMagick/ImageMagick/commit/3a7b915d9a810ce742987b37c935f6ae8b36df10
+  + ImageMagick-infinite-resource-time-limit.patch
+
curl
+  * [bsc#1217573, CVE-2023-46218] cookie mixed case PSL bypass
+  * [bsc#1217574, CVE-2023-46219] HSTS long file name clears contents
+  * Add curl-CVE-2023-46218.patch curl-CVE-2023-46219.patch
+
+- Security fixes:
desktop-file-utils
+- Add patches to support Desktop entry spec 1.5 (bsc#1216357):
+  * 0001-validate-support-SingleMainWindow-key-from-1.5.patch
+  * 0002-validate-Support-version-1.5.patch
+
e2fsprogs
-- libext2fs-add-sanity-check-to-extent-manipulation.patch: libext2fs: add
-  sanity check to extent manipulation (bsc#1198446 CVE-2022-1304)
+- libext2fs-add-sanity-check-to-extent-manipulation.patch: Merged upstream
+  in 1.46.6
+- References to old bugs fixed by updating to latest upstream version:
+  CVE-2015-0247 CVE-2015-1572 CVE-2019-5094 CVE-2019-5188 CVE-2022-1304
+  bsc#1009532 bsc#1038194 bsc#1128383 bsc#1145716 bsc#1152101 bsc#1154295
+  bsc#1160571 bsc#1160979 bsc#1170964 bsc#1183791 bsc#1198446 bsc#915402
+  bsc#918346 bsc#960273
-- Add references from old package:
-  Autoreconf removed from the spec file, just without bsc reference
-  (bsc#1183791)
-  Fix po-remove-unnecessary-buggy-positional-parameter-spe.patch in 1.45.3
-  (bsc#1170964)
-  Fix e2fsck-clarify-overflow-link-count-error-message.patch in 1.46.0
-  (bsc#1160979)
-  Fix ext2fs-update-allocation-info-earlier-in-ext2fs_mkdi.patch in 1.46.0
-  (bsc#1160979)
-  Fix ext2fs-implement-dir-entry-creation-in-htree-directo.patch in 1.46.0
-  (bsc#1160979)
-  Fix tests-add-test-to-excercise-indexed-directories-with.patch in 1.46.0
-  (bsc#1160979)
-  Fix tune2fs-update-dir-checksums-when-clearing-dir_index.patch in 1.46.0
-  (bsc#1160979)
-  Fix e2fsck-abort-if-there-is-a-corrupted-directory-block.patch in 1.45.5
-  (bsc#1160571 CVE-2019-5188)
-  Fix e2fsck-don-t-try-to-rehash-a-deleted-directory.patch in 1.45.5
-  (bsc#1160571 CVE-2019-5188)
-  Fix resize2fs-Make-minimum-size-estimates-more-reliable.patch in 1.45.5
-  (bsc#1154295)
-  Fix libsupport-add-checks-to-prevent-buffer-overrun-bugs.patch in 1.45.4
-  (bsc#1152101 CVE-2019-5094)
-  Fix libext2fs-call-fsync-2-to-clear-stale-errors-for-a-n.patch in 1.44.3
-  (bsc#1145716)
-  Fix e2fsck-check-and-fix-tails-of-all-bitmaps.patch in 1.45.1 (bsc#1128383)
-  Fix libext2fs-Fix-fsync-2-detection.patch in 1.44.0 (bsc#1038194)
-  Fix resize2fs-Fix-32-64-bit-overflow-when-multiplying-by-blocks-cl.patch
-  in 1.42.12 (bsc#1009532)
-  Fix libext2fs-fix-potential-buffer-overflow-in-closefs.patch
-  in 1.42.13 (bsc#918346 CVE-2015-1572)
-  Fix libext2fs-avoid-buffer-overflow-if-s_first_meta_bg-i.patch
-  in 1.42.12 (bsc#915402 CVE-2015-0247)
-  Got specfile fix through Factory (bsc#960273)
-  Fix libext2fs-don-t-ignore-fsync-errors.patch in 1.43.4 (bsc#1038194)
+- mke2fs-Drop-metadata_csum_seed-and-orphan_file-from-.patch: Update
+  mke2fs.conf to create filesystems only with features supported
+  by tools in SLE15-SP4/5 by default.
+
+- Update specfile to make sure regenerate_initrd_post macro is defined
+
+- Update to 1.47.0:
+  * Add support for the orphan_file feature, which speeds up workloads
+    that are deleting or truncating a large number files in parallel.
+    This compat feature was first supported in the v5.15 Linux kernel.
+  * The mke2fs program (via the mke2fs.conf file) now enables the
+    metadata_csum_seed and orphan_file features by default.
+    The metadata_csum_seed feature is an incompat feature which is
+    first supported in the Linux kernel starting in the 4.4 kernel.
+  * Mke2fs now supports the extended option "assume_storage_prezeroed"
+    which causes mke2fs to skip zeroing the journal and inode tables
+    and to mark the inode tables as zeroed.
+  * Add support to tune2fs and e2label to set the label and UUID for
+    a mounted file system using a ioctl, which is more reliable than
+    modifying the superblock via writing to the block device.
+    The kernel support for setting the label landed in v5.17, while
+    the support for adding the UUID landed in v6.0. If the ioctls
+    are not supported, tune2fs and e2label will fall back old
+    strategy of directly modifying the superblock.
+  * Allow tune2fs to disable the casefold feature after scanning all
+    of the directories do not have the Casefold flag set.
+
+- Replace transitional %usrmerged macro with regular version check (boo#1206798)
+
+- Refresh e2fsprogs.keyring based on currently provided keys.
+
+- Spec file cleanup:
+  + Drop remainders regarding -mini packages, which was not a thing
+    since Jan 2014.
+  + Split build of fuse2fs out into a sep build (_multibuild
+    enabled).
+
+- enabled fuse2fs build which enable to mount ext2/3/4 via FUSE
+
+- avoid empty preuninstall script
+
+- Update to 1.46.5:
+  * better handling for resizing to fs sizes which would exceed inode limits
+  * fix crash in e2fsck fastcommit handling
+  * fix possibly lost quota limits when e2fsck corrects quota files
+  * fix tune2fs to properly transfer quota limits when convertion quota files
+  * add support for handling of version 0 quota files in tune2fs
+  * teach libss to use libreadline.so.8
+  * optimize resize2fs cpu usage for large filesystems
+  * teach libuuid to use getrandom() or getentropy() if available
+- libss-add-newer-libreadline.so.8-to-dlopen-path.patch: Remove, merged upstream
+- quota-Add-support-to-version-0-quota-format.patch: Remove, merged upstream
+- quota-Fold-quota_read_all_dquots-into-quota_update_l.patch: Remove, merged upstream
+- quota-Rename-quota_update_limits-to-quota_read_all_d.patch: Remove, merged upstream
+- tune2fs-Fix-conversion-of-quota-files.patch: Remove, merged upstream
+- e2fsck-Do-not-trash-user-limits-when-processing-orph.patch: Remove, merged upstream
+- debugfs-Fix-headers-for-quota-commands.patch: Remove, merged upstream
+- quota-Drop-dead-code.patch: Remove, merged upstream
+
+- Drop ProtectClock hardening, can cause issues if other device acceess is needed
glibc
-- dl-map-segment-align-munmap.patch: elf: Align argument of __munmap to
-  page size (bsc#1215891, BZ #28676)
+- gb18030-2022.patch: add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)
-- gai-merge-continue-actions.patch: Simplify allocations and fix merge and
-  continue actions (CVE-2023-4813, bsc#1215286, BZ #28931)
+- dtors-reverse-ctor-order.patch: Remove, has been reverted
-- gb18030-2022.patch: add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)
+- Avoid use of SSE in i586 build
-- nscd-netlink-cache-invalidation.patch: nscd: Fix netlink cache
-  invalidation if epoll is used (bsc#1212910, BZ #29415)
+- Add systemd also to gshadow lookups (jsc#PED-5188)
+- For SLE continue to use nsswitch.conf without systemd
-- nss-files-hosts-v4mapped.patch: Restore lookup of IPv4 mapped addresses
-  in files database (bsc#1212819, BZ #25457)
+- setxid-propagate-glibc-tunables.patch: Propagate GLIBC_TUNABLES in
+  setxid binaries
+- tunables-string-parsing.patch: tunables: Terminate if end of input is
+  reached (CVE-2023-4911, bsc#1215501)
+
+- fstat-implementation.patch: io: Do not implement fstat with fstatat
+
+- getaddrinfo-memory-leak.patch: Fix leak in getaddrinfo introduced by the
+  fix for CVE-2023-4806 (CVE-2023-5156, bsc#1215714, BZ #30884)
+
+- getcanonname-use-after-free.patch: getaddrinfo: Fix use after free in
+  getcanonname (CVE-2023-4806, bsc#1215281, BZ #30843)
+- Do not build any cross packages in SLES
+
+- no-aaaa-read-overflow.patch: Stack read overflow with large TCP
+  responses in no-aaaa mode (CVE-2023-4527, bsc#1215280, BZ #30842)
+
+- Add systemd to passwd, group and shadow lookups (jsc#PED-5188)
+
+- ppc64-flock-fob64.patch: io: Fix record locking contants for powerpc64
+  with __USE_FILE_OFFSET64 (BZ #30804)
+- libio-io-vtables.patch: libio: Fix oversized __io_vtables
+- call-init-proxy-objects.patch: elf: Do not run constructors for proxy
+  objects
+- dtors-reverse-ctor-order.patch: elf: Always call destructors in reverse
+  constructor order (BZ #30785)
+
+- intl-c-utf-8-like-c-locale.patch: intl: Treat C.UTF-8 locale like C
+  locale (BZ #16621)
+- glibc-disable-gettext-for-c-utf8.patch: Removed
+
+- Add cross-ppc64le package
+
+- posix-memalign-fragmentation.patch: malloc: Enable merging of remainders
+  in memalign, remove bin scanning from memalign (BZ #30723)
+- Limit build counter sync to i686 flavor, to reduce needs for rebuilds
+
+- Add cross-s390x package (bsc#1214460)
+
+- Require that elf/check-localplt does not fail
+- glibc-2.3.90-langpackdir.diff: add hidden alias for __strcpy_chk
+- cache-amd-legacy.patch: x86: Fix for cache computation on AMD legacy
+  cpus
+- cache-intel-shared.patch: x86: Fix incorrect scope of setting
+  `shared_per_thread` (BZ# 30745)
+
+- Update to glibc 2.38
+  * When C2X features are enabled and the base argument is 0 or 2, the
+    following functions support binary integers prefixed by 0b or 0B as
+    input
+  * PRIb*, PRIB* and SCNb* macros from C2X have been added to
+    <inttypes.h>.
+  * printf-family functions now support the wN format length modifiers for
+    arguments of type intN_t, int_leastN_t, uintN_t or uint_leastN_t
+    and the wfN format
+    length modifiers for arguments of type int_fastN_t or uint_fastN_t, as
+    specified in draft ISO C2X
+  * A new tunable, glibc.pthread.stack_hugetlb, can be used to disable
+    Transparent Huge Pages (THP) in stack allocation at pthread_create
+  * Vector math library libmvec support has been added to AArch64
+  * The strlcpy and strlcat functions have been added
+  * CVE-2023-25139: When the printf family of functions is called with a
+    format specifier that uses an <apostrophe> (enable grouping) and a
+    minimum width specifier, the resulting output could be larger than
+    reasonably expected by a caller that computed a tight bound on the
+    buffer size
+- Enable build with _FORTIFY_SOURCE
+- glibc-2.3.90-langpackdir.diff: avoid reference to __strcpy_chk
+- iconv-error-verbosity.patch: iconv: restore verbosity with unrecognized
+  encoding names (BZ #30694)
+- printf-grouping.patch, strftime-time64.patch,
+  getlogin-no-loginuid.patch, fix-locking-in-_IO_cleanup.patch,
+  gshadow-erange-rhandling.patch, system-sigchld-block.patch,
+  gmon-buffer-alloc.patch, check-pf-cancel-handler.patch,
+  powerpc64-fcntl-lock.patch, realloc-limit-chunk-reuse.patch,
+  dl-find-object-return.patch; Removed
+- bsc#1211828
+- bsc#1212819
+
+- gshadow-erange-rhandling.patch: gshadow: Matching sgetsgent, sgetsgent_r
+  ERANGE handling (BZ #30151)
+- system-sigchld-block.patch: posix: Fix system blocks SIGCHLD erroneously
+  (BZ #30163)
+- gmon-buffer-alloc.patch: gmon: Fix allocated buffer overflow
+  (CVE-2023-0687, bsc#1207975, BZ #29444)
+- check-pf-cancel-handler.patch: __check_pf: Add a cancellation cleanup
+  handler (BZ #20975)
+- powerpc64-fcntl-lock.patch: io: Fix F_GETLK, F_SETLK, and F_SETLKW for
+  powerpc64
+- realloc-limit-chunk-reuse.patch: realloc: Limit chunk reuse to only
+  growing requests (BZ #30579)
+- dl-find-object-return.patch: elf: _dl_find_object may return 1 during
+  early startup (BZ #30515)
-- remove-excessive-p-align-check.patch: elf: Remove excessive p_align
-  check on PT_LOAD segments (bsc#1211829, BZ #28688)
-- segment-align.patch: elf: Properly align PT_LOAD segments (bsc#1211829,
-  BZ #28676)
-- ld-so-always-use-map-copy.patch: ld.so: Always use MAP_COPY to map the
-  first segment (BZ #30452)
+- Need to build with GCC 12 as minimum
-- resolv-conf-lock.patch: resolv_conf: release lock on allocation failure
-  (bsc#1211828, BZ #30527)
+- fix-locking-in-_IO_cleanup.patch: Update to final version
-- ulp-prologue-into-asm-functions.patch: Add support for livepatches
-  in ASM written functions (bsc#1211726)
+- ulp-prologue-into-asm-functions.patch: Add support for livepatches in
+  ASM written functions (bsc#1210777, bsc#1211726)
-- amd-cacheinfo.patch: x86: Cache computation for AMD architecture
-  (bsc#1207957)
-
-- gmon-hash-table-size.patch: gmon: Fix allocated buffer overflow
-  (CVE-2023-0687, bsc#1207975, BZ #29444)
-
-- strncmp-avx2-boundary.patch: Fix avx2 strncmp offset compare condition
-  check (bsc#1208358, BZ #25933)
-
-- dlopen-filter-object.patch: elf: Allow dlopen of filter object to work
-  (bsc#1207571, BZ #16272)
-- powerpc-tst-ucontext.patch: powerpc: Fix unrecognized instruction errors
-  with recent GCC
-
-- x86-shared-non-temporal-threshold.patch: Reversing calculation of
-  __x86_shared_non_temporal_threshold (bsc#1201942)
+- Update to glibc 2.37
+  * The getent tool now supports the --no-addrconfig option
+  * The dynamic linker no longer loads shared objects from the "tls"
+    subdirectories on the library search path or the subdirectory that
+    corresponds to the AT_PLATFORM system name, or employs the legacy AT_HWCAP
+    search mechanism, which was deprecated in version 2.33
+- printf-grouping.patch: Account for grouping in printf width (BZ #30068)
+- strftime-time64.patch: Use 64-bit time_t interfaces in strftime and
+  strptime (BZ #30053)
+- glibcextract-compile-c-snippet.patch, sys-mount-kernel-definition.patch,
+  sys-mount-usage.patch, nscd-netlink-cache-invalidation.patch,
+  syslog-large-messages.patch, dlmopen-libc-early-init.patch,
+  ldd-vdso-dependency.patch, syslog-extra-whitespace.patch,
+  errlist-edeadlock.patch, makeflags.patch, get-nscd-addresses.patch,
+  x86-64-avx2-string-functions.patch, nscd-aicache.patch,
+  dl-debug-bindings.patch, floatn.patch: Removed
+- bsc#1207957
+- bsc#1208358
+- bsc#1212910
+
+- Remove reference to obsolete %usrmerged macro (boo#1206798)
+
+- floatn.patch: Update _FloatN header support for C++ in GCC 13
+
+- nscd: Convert to systemd-sysusers
+
+- dl-debug-bindings.patch: elf: Reinstate on DL_DEBUG_BINDINGS
+  _dl_lookup_symbol_x (bsc#1204710)
+
+- get-nscd-addresses.patch: get_nscd_addresses: Fix subscript typos (BZ
+  [#29605])
+- x86-64-avx2-string-functions.patch: check for required cpu features in
+  AVX2 string functions (BZ #29611)
+- nscd-aicache.patch: nscd: Drop local address tuple variable (BZ #29607)
+
+- makeflags.patch: Makerules: fix MAKEFLAGS assignment for upcoming
+  make-4.4 (BZ# 29564)
+
+- errlist-edeadlock.patch: errlist: add missing entry for EDEADLOCK (BZ
+  [#29545])
+
+- syslog-large-messages.patch: syslog: Fix large messages (CVE-2022-39046,
+  bsc#1203011, BZ #29536)
+- dlmopen-libc-early-init.patch: elf: Call __libc_early_init for reused
+  namespaces (BZ #29528)
+- ldd-vdso-dependency.patch: elf: Restore how vDSO dependency is printed
+  with LD_TRACE_LOADED_OBJECTS (BZ #29539)
+- syslog-extra-whitespace.patch: syslog: Remove extra whitespace between
+  timestamp and message (BZ #29544)
-- memcmp-power10.patch: powerpc: Optimized memcmp for power10
-  (jsc#PED-987)
-
-- disable-check-consistency.patch: i386: Disable check_consistency for GCC
-  5 and above (bsc#1201640, BZ #25788)
+- nscd-netlink-cache-invalidation.patch: nscd: Fix netlink cache
+  invalidation if epoll is used (boo#1199964, BZ #29415)
-- static-tls-surplus.patch: Remove tunables (bsc#1201560)
+- glibcextract-compile-c-snippet.patch: glibcextract.py: Add
+  compile_c_snippet
+- sys-mount-kernel-definition.patch: linux: Mimic kernel definition for
+  BLOCK_SIZE
+- sys-mount-usage.patch: linux: Fix sys/mount.h usage with kernel headers
+
+- Update to glibc 2.36
+  Major new features:
+  * Support for DT_RELR relative relocation format has been added to
+    glibc
+  * On Linux, the pidfd_open, pidfd_getfd, and pidfd_send_signal functions
+    have been added
+  * On Linux, the process_madvise function has been added
+  * On Linux, the process_mrelease function has been added
+  * The “no-aaaa” DNS stub resolver option has been added
+  * On Linux, the fsopen, fsmount, move_mount, fsconfig, fspick, open_tree,
+    and mount_setattr have been added
+  * localedef now accepts locale definition files encoded in UTF-8
+  * Support for the mbrtoc8 and c8rtomb multibyte/UTF-8 character conversion
+    functions has been added per the ISO C2X N2653 and C++20 P0482R6 proposals
+  * The functions arc4random, arc4random_buf, and arc4random_uniform have been
+    added
+  Deprecated and removed features, and other changes affecting compatibility:
+  * Support for prelink will be removed in the next release
+  * The Linux kernel version check has been removed along with the
+    LD_ASSUME_KERNEL environment variable
+  * On Linux, The LD_LIBRARY_VERSION environment variable has been removed
+- get-nprocs-sched-uninit-read.patch, get-nprocs-inaccurate.patch,
+  strcmp-rtm-fallback.path, pt-load-invalid-hole.patch,
+  localedef-ld-monetary.patch, nptl-spurious-eintr.patch,
+  strncpy-power9-vsx.patch, nptl-cleanup-async-restore.patch,
+  read-chk-cancel.patch, wcrtomb-fortify.patch,
+  nptl-cleanup-async-restore-2.patch: Removed
+- CVE-2023-4813, bsc#1215286
+- bsc#1198751
+- bsc#1200334
+
+- nptl-cleanup-async-restore-2.patch: nptl: Fix
+  ___pthread_unregister_cancel_restore asynchronous restore (bsc#1200093,
+  BZ #29214)
+
+- read-chk-cancel.patch: debug: make __read_chk a cancellation point
+  (bsc#1200682, BZ #29274)
+- wcrtomb-fortify.patch: wcrtomb: Make behavior POSIX compliant
+  (bsc#1200688)
-- static-tls-surplus.patch: rtld: Avoid using up static TLS surplus for
-  optimizations (bsc#1200855, BZ #25051)
+- Set SUSE_ZNOW=0
-  __strncpy_power9 (bsc#1200334, BZ #29197)
+  __strncpy_power9 (BZ #29197)
+- nptl-cleanup-async-restore.patch: nptl: Fix __libc_cleanup_pop_restore
+  asynchronous restore (bsc#1200093, BZ #29214)
+
+- nptl-spurious-eintr.patch: nptl: Handle spurious EINTR when thread
+  cancellation is disabled (BZ #29029)
+
+- Follow the distro default gcc version to build the cross
+  bootstrap packages.
+
+- switched to https urls
+
+- get-nprocs-sched-uninit-read.patch: linux: __get_nprocs_sched: do not
+  feed CPU_COUNT_S with garbage (BZ #28850)
+- get-nprocs-inaccurate.patch: linux: fix accuracy of get_nprocs and
+  get_nprocs_conf (BZ #28865)
+- strcmp-rtm-fallback.path: x86: Fallback {str|wcs}cmp RTM in the ncmp
+  overflow case (BZ #28896)
+- pt-load-invalid-hole.patch: elf: Check invalid hole in PT_LOAD segments
+  (BZ #28838)
+- localedef-ld-monetary.patch: localedef: Update LC_MONETARY handling (BZ
+  [#28845])
+
+- Update to glibc 2.35
+  Major new features:
+  * Unicode 14.0.0 Support
+  * Bump r_version in the debugger interface to 2
+  * Support for the C.UTF-8 locale has been added to glibc
+  * <math.h> functions that round their results to a narrower type, and
+    corresponding <tgmath.h> macros, are added from TS 18661-1:2014, TS
+    18661-3:2015 and draft ISO C2X
+  * <math.h> functions for floating-point maximum and minimum,
+    corresponding to new operations in IEEE 754-2019, and corresponding
+    <tgmath.h> macros, are added from draft ISO C2X
+  * <math.h> macros for single-precision float constants are added as a
+    GNU extension
+  * The __STDC_IEC_60559_BFP__ and __STDC_IEC_60559_COMPLEX__ macros are
+    predefined as specified in TS 18661-1:2014
+  * The exp10 functions in <math.h> now have a corresponding type-generic
+    macro in <tgmath.h>
+  * The ISO C2X macro _PRINTF_NAN_LEN_MAX has been added to <stdio.h>
+  * printf-family functions now support the %b format for output of
+    integers in binary, as specified in draft ISO C2X, and the %B variant
+    of that format recommended by draft ISO C2X
+  * A new DSO sorting algorithm has been added in the dynamic linker that uses
+    topological sorting by depth-first search (DFS), solving performance issues
+    of the existing sorting algorithm when encountering particular circular
+    object dependency cases
+  * A new tunable, glibc.rtld.dynamic_sort, can be used to select between
+    the two DSO sorting algorithms
+  * ABI support for a new function '__memcmpeq'. '__memcmpeq' is meant
+    to be used by compilers for optimizing usage of 'memcmp' when its
+    return value is only used for its boolean status
+  * Support for automatically registering threads with the Linux rseq
+    system call has been added
+  * A symbolic link to the dynamic linker is now installed under
+    /usr/bin/ld.so (or more precisely, '${bindir}/ld.so')
+  * All programs and the testsuite in glibc are now built as position independent
+    executables (PIE) by default on toolchains and architectures that support it
+  * On Linux, a new tunable, glibc.malloc.hugetlb, can be used to
+    either make malloc issue madvise plus MADV_HUGEPAGE on mmap and sbrk
+    or to use huge pages directly with mmap calls with the MAP_HUGETLB
+    flags)
+  * The printf family of functions now handles the flagged %#m conversion
+    specifier, printing errno as an error constant (similar to strerrorname_np)
+  * The function _dl_find_object has been added
+  * On Linux, the epoll_pwait2 function has been added
+  * The function posix_spawn_file_actions_addtcsetpgrp_np has been added,
+    enabling posix_spawn and posix_spawnp to set the controlling terminal in
+    the new process in a race free manner
+  * Source fortification (_FORTIFY_SOURCE) level 3 is now available for
+    applications compiling with glibc and gcc 12 and later
+  Deprecated and removed features, and other changes affecting compatibility:
+  * On x86-64, the LD_PREFER_MAP_32BIT_EXEC environment variable support
+    has been removed since the first PT_LOAD segment is no longer executable
+    due to defaulting to -z separate-code
+  * The r_version update in the debugger interface makes the glibc binary
+    incompatible with GDB
+  * Intel MPX support (lazy PLT, ld.so profile, and LD_AUDIT) has been removed
+  * The catchsegv script and associated libSegFault.so shared object have
+    been removed
+  * Support for prelink will be removed in the next release; this includes
+    removal of the LD_TRACE_PRELINKING, and LD_USE_LOAD_BIAS, environment
+    variables and their functionality in the dynamic loader
+  Changes to build and runtime requirements:
+  * The audit module interface version LAV_CURRENT is increased to enable
+    proper bind-now support
+  * The audit interface on aarch64 is extended to support both the indirect
+    result location register (x8) and NEON Q register
+  Security related changes:
+  * CVE-2022-23219: Passing an overlong file name to the clnt_create
+    legacy function could result in a stack-based buffer overflow when
+    using the "unix" protocol
+  * CVE-2022-23218: Passing an overlong file name to the svcunix_create
+    legacy function could result in a stack-based buffer overflow
+  * CVE-2021-3998: Passing a path longer than PATH_MAX to the realpath
+    function could result in a memory leak and potential access of
+    uninitialized memory
+  * CVE-2021-3999: Passing a buffer of size exactly 1 byte to the getcwd
+    function may result in an off-by-one buffer underflow and overflow
+    when the current working directory is longer than PATH_MAX and also
+    corresponds to the / directory through an unprivileged mount
+    namespace
+- copy-and-spawn-sgid-double-close.patch,
+  fcntl-time-bits-64-redirect.patch, gaiconf-init-double-free.patch,
+  gconv-parseconfdir-memory-leak.patch, getcwd-attribute-access.patch,
+  glibc-c-utf8-locale.patch, iconv-charmap-close-output.patch,
+  ld-show-auxv-colon.patch, ldconfig-leak-empty-paths.patch,
+  librt-null-pointer.patch, pthread-kill-fail-after-exit.patch,
+  pthread-kill-race-thread-exit.patch, pthread-kill-return-esrch.patch,
+  pthread-kill-send-specific-thread.patch,
+  pthread-mutexattr-getrobust-np-type.patch,
+  setxid-deadlock-blocked-signals.patch,
+  sysconf-nprocessors-affinity.patch, x86-string-control-test.patch:
+  Removed.
+- bsc#1194640
+- bsc#1194768
+- bsc#1194770
+- bsc#1197718
+- bsc#1211829
+- bsc#1215891
-- selinux-deprecated.patch: Disable warnings due to deprecated libselinux
-  symbols used by nss and nscd (bsc#1197718)
-- systemtap-altmacro.patch: i386: Remove broken CAN_USE_REGISTER_ASM_EBP
-  (bsc#1197718, BZ #28771)
-
-- Add s390-add-z16-name.diff for bsc#1198751.
-
-- getcwd-erange.patch: getcwd: Set errno to ERANGE for size == 1
-  (CVE-2021-3999, bsc#1194640, BZ #28769)
-
-- 0001-powerpc-Optimized-strcpy-for-POWER9.patch,
-  0002-powerpc-Optimized-stpcpy-for-POWER9.patch,
-  0003-powerpc-Optimized-rawmemchr-for-POWER9.patch,
-  0004-powerpc64le-add-optimized-strlen-for-P9.patch,
-  0005-powerpc-fix-ifunc-implementation-list-for-POWER9-str.patch,
-  0006-powerpc-Add-optimized-strncpy-for-POWER9.patch,
-  0007-powerpc-Add-optimized-stpncpy-for-POWER9.patch,
-  0008-powerpc-Add-optimized-ilogb-for-POWER9.patch,
-  0009-powerpc-Add-optimized-llogb-for-POWER9.patch,
-  0010-powerpc-Add-optimized-strlen-for-POWER10.patch,
-  0011-powerpc64le-Optimized-memmove-for-POWER10.patch,
-  0012-powerpc64le-Optimize-memcpy-for-POWER10.patch,
-  0013-powerpc64le-Optimize-memset-for-POWER10.patch,
-  0014-powerpc64le-Fix-ifunc-selection-for-memset-memmove-b.patch,
-  0015-powerpc-Add-optimized-rawmemchr-for-POWER10.patch: ppc64le ifunc
-  improvements (bsc#1194785, jsc#SLE-18195)
-
-- clnt-create-unix-overflow.patch: Buffer overflow in sunrpc clnt_create
-  for "unix" (CVE-2022-23219, bsc#1194768, BZ #22542)
-- svcunix-create-overflow.patch: Buffer overflow in sunrpc svcunix_create
-  (CVE-2022-23218, bsc#1194770, BZ #28768)
+- Enable building the cross packages in rings.
+- Add ExtraBuildFlags for build flags that cannot be passed to configure.
-- Enable livepatching on x86_64.
-- 0001-s390x-Align-child-stack-while-clone.-BZ-27968.patch,
-  0002-S390-Optimize-__memcpy_z196.patch,
-  0003-S390-Optimize-__memset_z196.patch,
-  0004-S390-Sync-HWCAP-names-with-kernel-by-adding-aliases-.patch,
-  0005-S390-Add-new-hwcap-values.patch,
-  0006-S390-Add-PCI_MIO-and-SIE-HWCAPs.patch: [15sp4 FEAT] GNU2007 -
-  GLIBC: Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869)
+- glibc.rpmlintrc: Update for rpmlint2
-- mq-notify-use-after-free.patch: Use __pthread_attr_copy in mq_notify
-  (CVE-2021-33574, bsc#1186489, BZ #27896)
+- ld-show-auxv-colon.patch: elf: Fix missing colon in LD_SHOW_AUXV output
+  (BZ #282539
+- x86-string-control-test.patch: x86-64: Use testl to check
+  __x86_string_control
+- pthread-kill-fail-after-exit.patch: nptl: pthread_kill, pthread_cancel
+  should not fail after exit (BZ #19193)
+- pthread-kill-race-thread-exit.patch: nptl: Fix race between pthread_kill
+  and thread exit (BZ #12889)
+- getcwd-attribute-access.patch: posix: Fix attribute access mode on
+  getcwd (BZ #27476)
+- pthread-kill-return-esrch.patch: nptl: pthread_kill needs to return
+  ESRCH for old programs (BZ #19193)
+- pthread-mutexattr-getrobust-np-type.patch: nptl: Fix type of
+  pthread_mutexattr_getrobust_np, pthread_mutexattr_setrobust_np (BZ
+  [#28036])
+- setxid-deadlock-blocked-signals.patch: nptl: Avoid setxid deadlock with
+  blocked signals in thread exit (BZ #28361)
+- pthread-kill-send-specific-thread.patch: nptl: pthread_kill must send
+  signals to a specific thread (BZ #28407)
+- sysconf-nprocessors-affinity.patch: linux: Revert the use of
+  sched_getaffinity on get_nproc (BZ #28310)
+- iconv-charmap-close-output.patch: renamed from
+  icon-charmap-close-output.patch
+
+- Don't create separate debuginfo packages for cross packages
+
+- ldconfig-leak-empty-paths.patch: ldconfig: avoid leak on empty paths in
+  config file
+- gconv-parseconfdir-memory-leak.patch: gconv_parseconfdir: Fix memory leak
+- gaiconf-init-double-free.patch: gaiconf_init: Avoid double-free in label
+  and precedence lists
+- copy-and-spawn-sgid-double-close.patch: copy_and_spawn_sgid: Avoid
+  double calls to close()
+- icon-charmap-close-output.patch: iconv_charmap: Close output file when
+  done
+- fcntl-time-bits-64-redirect.patch: Linux: Fix fcntl, ioctl, prctl
+  redirects for _TIME_BITS=64 (BZ #28182)
+- librt-null-pointer.patch: librt: fix NULL pointer dereference (BZ
+  [#28213])
+
+- Add cross development packages for aarch64 and riscv64.
+
+- Update to glibc 2.34
+  Major new features:
+  * When _DYNAMIC_STACK_SIZE_SOURCE or _GNU_SOURCE are defined,
+    PTHREAD_STACK_MIN is no longer constant and is redefined to
+    sysconf(_SC_THREAD_STACK_MIN)
+  * Add _SC_MINSIGSTKSZ and _SC_SIGSTKSZ
+  * The dynamic linker implements the --list-diagnostics option, printing
+    a dump of information related to IFUNC resolver operation and
+    glibc-hwcaps subdirectory selection
+  * On Linux, the function execveat has been added
+  * The ISO C2X function timespec_getres has been added
+  * The feature test macro __STDC_WANT_IEC_60559_EXT__, from draft ISO
+    C2X, is supported to enable declarations of functions defined in Annex F
+    of C2X
+  * Add support for 64-bit time_t on configurations like x86 where time_t
+    is traditionally 32-bit
+  * The main gconv-modules file in glibc now contains only a small set of
+    essential converter modules and the rest have been moved into a supplementary
+    configuration file gconv-modules-extra.conf in the gconv-modules.d directory
+    in the same GCONV_PATH
+  * On Linux, a new tunable, glibc.pthread.stack_cache_size, can be used
+    to configure the size of the thread stack cache
+  * The function _Fork has been added as an async-signal-safe fork replacement
+    since Austin Group issue 62 droped the async-signal-safe requirement for
+    fork (and it will be included in the future POSIX standard)
+  * On Linux, the close_range function has been added
+  * The function closefrom has been added
+  * The posix_spawn_file_actions_closefrom_np function has been added, enabling
+    posix_spawn and posix_spawnp to close all file descriptors great than or
+    equal to a giver integer
+  Deprecated and removed features, and other changes affecting compatibility:
+  * The function pthread_mutex_consistent_np has been deprecated
+  * The function pthread_mutexattr_getrobust_np has been deprecated
+  * The function pthread_mutexattr_setrobust_np has been deprecated
+  * The function pthread_yield has been deprecated
+  * The function inet_neta declared in <arpa/inet.h> has been deprecated
+  * Various rarely-used functions declared in <resolv.h> and
+    <arpa/nameser.h> have been deprecated
+  * The pthread cancellation handler is now installed with SA_RESTART and
+    pthread_cancel will always send the internal SIGCANCEL on a cancellation
+    request
+  * The symbols mallwatch and tr_break are now deprecated and no longer used in
+    mtrace
+  * The __morecore and __after_morecore_hook malloc hooks and the default
+    implementation __default_morecore have been removed from the API
+  * Debugging features in malloc such as the MALLOC_CHECK_ environment variable
+    (or the glibc.malloc.check tunable), mtrace() and mcheck() have now been
+    disabled by default in the main C library
+  * The deprecated functions malloc_get_state and malloc_set_state have been
+    moved from the core C library into libc_malloc_debug.so
+  * The deprecated memory allocation hooks __malloc_hook, __realloc_hook,
+    __memalign_hook and __free_hook are now removed from the API
+  Changes to build and runtime requirements:
+  * On Linux, the shm_open, sem_open, and related functions now expect the
+    file shared memory file system to be mounted at /dev/shm
+  Security related changes:
+    CVE-2021-27645: The nameserver caching daemon (nscd), when processing
+    a request for netgroup lookup, may crash due to a double-free,
+    potentially resulting in degraded service or Denial of Service on the
+    local system
+    CVE-2021-33574: The mq_notify function has a potential use-after-free
+    issue when using a notification type of SIGEV_THREAD and a thread
+    attribute with a non-default affinity mask
+    CVE-2021-35942: The wordexp function may overflow the positional
+    parameter number when processing the expansion resulting in a crash
+- nss-database-check-reload.patch, nss-load-chroot.patch,
+  x86-isa-level.patch, nscd-netgroupcache.patch,
+  nss-database-lookup.patch, select-modify-timeout.patch,
+  nptl-db-libpthread-load-order.patch, rawmemchr-warning.patch,
+  tst-cpu-features-amx.patch, mq-notify-use-after-free.patch: Removed
+- bsc#1181403
+- bsc#1184035
+- bsc#1187911
+- jsc#PED-987
-- wordexp-param-overflow.patch: wordexp: handle overflow in positional
-  parameter number (CVE-2021-35942, bsc#1187911, BZ #28011)
+- Enable usrmerge in Factory always as it's default there
+- Add conflict with pre-usrmerge filesystem package
-- s390-memmove-ifunc-selector-arch13.patch: S390: Also check vector
-  support in memmove ifunc-selector (bsc#1184035, BZ #27511)
+- mq-notify-use-after-free.patch: Use __pthread_attr_copy in mq_notify
+  (CVE-2021-33574, bsc#1186489, BZ #27896)
+- Drop glibc-usrmerge-bootstrap-helper package
-- Update glibc-2.31-HTM-vzeroupper.diff with a AVX-SSE transition
-  fix.
+- tst-cpu-features-amx.patch: x86: tst-cpu-features-supports.c: Update AMX
+  check
-- Add glibc-2.31-HTM-vzeroupper.diff to avoid VZEROUPPER in the
-  AVX2 accelerated string routines which cause HTM transaction
-  aborts.  Instead use EVEX or SSE.  (bsc#1181403)
+- rawmemchr-warning.patch: string: Work around GCC PR 98512 in rawmemchr
+- nptl-db-libpthread-load-order.patch: nptl_db: Support different
+  libpthread/ld.so load orders (bsc#1184214, BZ #27744)
+
+- Enable support for static PIE (bsc#1184646)
+- select-modify-timeout.patch: linux: always update select timeout
+  (bsc#1184339, BZ #27706)
+
+- Don't remove -f[asynchronous-]unwind-tables during configure run, no
+  longer needed
+
+- nss-database-check-reload.patch: nsswitch: return result when nss
+  database is locked (BZ #27343)
+- nss-load-chroot.patch: nss: Re-enable NSS module loading after chroot
+  (bsc#1182323, BZ #27389)
+- x86-isa-level.patch: x86: Set minimum x86-64 level marker (bsc#1182522,
+  BZ #27318)
+- nss-database-lookup.patch: nss: fix nss_database_lookup2's alternate
+  handling (bsc#1182247, BZ #27416)
+- nss-revert-api.patch: remove
-- gconv-assertion-iso-2022-jp.patch: gconv: Fix assertion failure in
-  ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256)
+- Disable x86 ISA level for now (bsc#1182522, BZ #27318)
+- nss-revert-api.patch: Workaround for nss-compat brokeness (bsc#1182247,
+  BZ #27416)
+
+- Fix build of utils flavor for usrmerge
+
+- Prepare for usrmerge (bsc#1029961)
+
+- Add --enable-memory-tagging for aarch64
+
+- Update to glibc 2.33
+  * The dynamic linker accepts the --list-tunables argument which prints
+    all the supported tunables.
+  * The dynamic linker accepts the --argv0 argument and provides opportunity
+    to change argv[0] string.
+  * The dynamic linker loads optimized implementations of shared objects
+    from subdirectories under the glibc-hwcaps directory on the library
+    search path if the system's capabilities meet the requirements for
+    that subdirectory.
+  * The new --help option of the dynamic linker provides usage and
+    information and library search path diagnostics.
+  * The mallinfo2 function is added to report statistics as per mallinfo,
+    but with larger field widths to accurately report values that are
+    larger than fit in an integer.
+  * Add <sys/platform/x86.h> to provide query macros for x86 CPU features.
+  * A new fortification level _FORTIFY_SOURCE=3 is available.
+  * The mallinfo function is marked deprecated.
+  * When dlopen is used in statically linked programs, alternative library
+    implementations from HWCAP subdirectories are no longer loaded.
+  * The deprecated <sys/vtimes.h> header and the function vtimes have been
+    removed.
+  * On s390(x), the type float_t is now derived from the macro
+    __FLT_EVAL_METHOD__ that is defined by the compiler, instead of being
+    hardcoded to double.
+  * A future version of glibc will stop loading shared objects from the
+    "tls" subdirectories on the library search path, the subdirectory that
+    corresponds to the AT_PLATFORM system name, and also stop employing
+    the legacy AT_HWCAP search mechanism.
+  * CVE-2021-3326: An assertion failure during conversion from the
+    ISO-20220-JP-3 character set using the iconv function has been fixed.
+- Remove obsolete, unused /etc/default/nss
+- aarch64-static-pie.patch, euc-kr-overrun.patch,
+  get-nprocs-cpu-online-parsing.patch, iconv-redundant-shift.patch,
+  iconv-ucs4-loop-bounds.patch, ifunc-fma4.patch,
+  intl-codeset-suffixes.patch, nscd-gc-cycle.patch,
+  printf-long-double-non-normal.patch, strerrorname-np.patch,
+  syslog-locking.patch, sysvipc.patch: Removed
+- bsc#1180557
+- bsc#1181505
+- bsc#1191592
+- bsc#1201942
-- sysvipc-sem-stat-any.patch: sysvipc: Fix SEM_STAT_ANY kernel argument
-  pass (bsc#1180557, BZ #26637)
+- Remove support for %optimize_power
+- Move to power4 baseline on ppc
-- aarch64-getauxval.patch: aarch64: Accept PLT calls to __getauxval within
-  libc.so (bsc#1167939)
+- aarch64-static-pie.patch: fix static PIE start code for BTI
+  (bsc#1179450, BZ #27068)
-- power10-support.patch: Add support for POWER10 (jsc#SLE-13520)
-- iconv-option-parsing.patch: Rewrite iconv option parsing
-  (CVE-2016-10228, bsc#1027496, BZ #19519)
-
-- Update to glibc 2.31
-- glibc-2.14-crypt.diff, crypt_blowfish-const.patch,
-  crypt_blowfish-1.2-sha.diff, crypt_blowfish-gensalt.patch,
-  crypt_blowfish-1.2-hack_around_arm.diff, glibc-nodate.patch,
-  powerpc-elision-enable-envvar.patch, s390-elision-enable-envvar.patch,
-  crt-nocompress-debug-sections.patch, resolv-context-leak.patch,
-  dl-runtime-resolve-opt-avx512f.patch, libpthread-compat-wrappers.patch,
-  math-c++-compat.patch, remove-nss-nis-compat.patch,
-  eh-frame-zero-terminator.patch, ld-so-hwcap-x86-64.patch,
-  assert-pedantic.patch, getaddrinfo-errno.patch, resolv-conf-oom.patch,
-  dynarray-allocation.patch, nearbyint-inexact.patch, nss-compat.patch,
-  nscd-libnsl.patch, malloc-tcache-leak.patch,
-  falkor-memcpy-memmove.patch, aarch64-cpu-features.patch,
-  nss-files-large-buffers.patch, sysconf-uio-maxiov.patch,
-  glob-tilde-overflow.patch, dl-runtime-resolve-xsave.patch,
-  spawni-assert.patch, x86-64-dl-platform.patch, glob64-s390.patch,
-  tst-tlsopt-powerpc.patch, powerpc-hwcap-bits.patch,
-  malloc-tcache-check-overflow.patch, dl-init-paths-overflow.patch,
-  fillin-rpath-empty-tokens.patch, getcwd-absolute.patch,
-  memalign-overflow.patch, stack-guard-size-accounting.patch,
-  libgcc-rtld-now.patch, res-send-enomem.patch,
-  glibc-fix-avx512-mempcpy.patch, i386-memmove-sse2-unaligned.patch,
-  realpath-ssize-max-overflow.patch, localtime-2039.patch,
-  math-remove-slow-path.patch, aarch64-hwcap-atomics.patch,
-  glibc-fix-aarch64-build.diff, absolute-symbols.patch,
-  x86-haswell-string-flags.patch,
-  pthread-cond-broadcast-waiters-after-spinning.patch,
-  mman-map-sync.patch, mman-linux-map-shared-validate.patch,
-  nptl-setxid-error.patch, pthread-mutex-trylock-barrier.patch,
-  getaddrinfo-parse-ipv4-address.patch, japanese-era-name-may-2019.patch,
-  force-elision-race.patch, regex-read-overrun.patch,
-  regex-parse-reg-exp.patch,
-  0001-S390-Add-configure-check-to-detect-z10-as-mininum-ar.patch,
-  0002-S390-Use-hwcap-instead-of-dl_hwcap-in-ifunc-resolver.patch,
-  0003-S390-Unify-31-64bit-memcpy.patch,
-  0004-S390-Refactor-memcpy-mempcpy-ifunc-handling.patch,
-  0005-S390-Remove-s390-specific-implementation-of-bcopy.patch,
-  0006-S390-Use-memcpy-for-forward-cases-in-memmove.patch,
-  0007-S390-Add-configure-check-to-detect-z13-as-mininum-ar.patch,
-  0008-S390-Add-z13-memmove-ifunc-variant.patch,
-  0009-S390-Add-z13-strstr-ifunc-variant.patch,
-  0010-S390-Add-z13-memmem-ifunc-variant.patch,
-  0011-S390-Cleanup-ifunc-resolve.h.patch,
-  0012-S390-Mark-vx-and-vxe-as-important-hwcap.patch,
-  0013-S390-Add-new-hwcap-values-for-new-cpu-architecture-a.patch,
-  0014-S390-Add-configure-check-to-detect-support-for-arch1.patch,
-  0015-S390-Add-arch13-memmove-ifunc-variant.patch,
-  0016-S390-Add-arch13-strstr-ifunc-variant.patch,
-  0017-S390-Add-arch13-memmem-ifunc-variant.patch,
-  prefer-map-32bit-exec.patch, s390-strstr-page-boundary.patch,
-  ppc-tle-htm-nosc.patch,
-  posix-Add-internal-symbols-for-posix_spawn-interface.patch,
-  glibc-2.29-posix-Use-posix_spawn-on-popen.patch,
-  backtrace-powerpc.patch, pthread-rwlock-pwn.patch,
-  manual-memory-protection.patch, ldbl-96-rem-pio2l.patch,
-  dl-sort-maps.patch, dlopen-filter-object.patch,
-  glob-use-after-free.patch, nptl-setxid-race.patch, nscd-senfile.patch,
-  ldd-system-interp.patch, abort-no-flush.patch,
-  fnmatch-collating-elements.patch, nss-files-long-lines-2.patch,
-  iconv-reset-input-buffer.patch, nscd-prune.patch, syslog-locking.patch:
-  Removed.
-- long-double-alias.patch, glibc-nsswitch-usr.diff, euc-kr-overrun.patch,
-  riscv-syscall-clobber.patch, nscd-gc-cycle.patch: Added.
+- intl-codeset-suffixes.patch: intl: Handle translation output codesets
+  with suffixes (BZ #26383)
+- strerrorname-np.patch: string: Fix strerrorname_np return value (BZ
+  [#26555])
+- sysvipc.patch: sysvipc: Fix SEM_STAT_ANY kernel argument pass (BZ
+  [#26637], BZ #26639, BZ #26636)
+
+- Use --enable-cet on x86_64 to instrument glibc for indirect branch
+  tracking and shadow stack use.  Enable indirect branch tracking
+  and shadow stack in the dynamic loader (jsc#PM-2110, bsc#1175154)
-- nscd-senfile.patch: Fix concurrent changes on nscd aware files
-  (bsc#1171878, BZ #23178)
-- nscd-prune.patch: nscd: bump GC cycle during cache pruning (bsc#1171878,
-  BZ #26130)
+- Keep nsswitch.conf in /etc for SLES15
+- ifunc-fma4.patch: x86-64: Fix FMA4 detection in ifunc (BZ #26534)
-- nptl-setxid-race.patch: nptl: wait for pending setxid request also in
-  detached thread (bsc#1162930, BZ #25942)
+- Update to glibc 2.32
+  * Unicode 13.0.0 Support
+  * New locale added: ckb_IQ
+  * The GNU C Library now loads audit modules listed in the DT_AUDIT and
+    DT_DEPAUDIT dynamic section entries of the main executable
+  * powerpc64le supports IEEE128 long double libm/libc redirects when
+    using the -mabi=ieeelongdouble to compile C code on supported GCC
+    toolchains
+  * To help detect buffer overflows and other out-of-bounds accesses
+    several APIs have been annotated with GCC 'access' attribute
+  * On Linux, functions the pthread_attr_setsigmask_np and
+    pthread_attr_getsigmask_np have been added
+  * The GNU C Library now provides the header file <sys/single_threaded.h>
+    which declares the variable __libc_single_threaded
+  * The functions sigabbrev_np and sigdescr_np have been added
+  * The functions strerrorname_np and strerrordesc_np have been added
+  * AArch64 now supports standard branch protection security hardening
+    in glibc when it is built with a GCC that is configured with
+  - -enable-standard-branch-protection (or if -mbranch-protection=standard
+    flag is passed when building both GCC target libraries and glibc,
+    in either case a custom GCC is needed)
+  * The deprecated <sys/sysctl.h> header and the sysctl function have been
+    removed
+  * The sstk function is no longer available to newly linked binaries
+  * The legacy signal handling functions siginterrupt, sigpause, sighold,
+    sigrelse, sigignore and sigset, and the sigmask macro have been
+    deprecated
+  * ldconfig now defaults to the new format for ld.so.cache
+  * The deprecated arrays sys_siglist, _sys_siglist, and sys_sigabbrev
+    are no longer available to newly linked binaries, and their declarations
+    have been removed from <string.h>
+  * The deprecated symbols sys_errlist, _sys_errlist, sys_nerr, and _sys_nerr
+    are no longer available to newly linked binaries, and their declarations
+    have been removed from from <stdio.h>
+  * Both strerror and strerror_l now share the same internal buffer in the
+    calling thread, meaning that the returned string pointer may be invalided
+    or contents might be overwritten on subsequent calls in the same thread or
+    if the thread is terminated
+  * Using weak references to libpthread functions such as pthread_create
+    or pthread_key_create to detect the singled-threaded nature of a
+    program is an obsolescent feature
+  * The "files" NSS module no longer supports the "key" database (used for
+    secure RPC)
+  * The __morecore and __after_morecore_hook malloc hooks and the default
+    implementation __default_morecore have been deprecated
+  * The hesiod NSS module has been deprecated and will be removed in a
+    future version of glibc
+  * CVE-2016-10228: An infinite loop has been fixed in the iconv program when
+    invoked with the -c option and when processing invalid multi-byte input
+    sequences
+  * CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
+    corruption when they were passed a pseudo-zero argument
+  * CVE-2020-1752: A use-after-free vulnerability in the glob function when
+    expanding ~user has been fixed.
+  * CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
+    memmove functions has been fixed
+- riscv-syscall-clobber.patch, ldbl-96-rem-pio2l.patch,
+  long-double-alias.patch: Removed
+- bsc#1027496
+- bsc#1162930
+- bsc#1166106
+- bsc#1167631
+- bsc#1167939
+- bsc#1194785, jsc#SLE-18195
+- bsc#1200855
+- bsc#1201560
+- bsc#1201640
+- bsc#1207571
+- jsc#SLE-13520
+
+- long-double-alias.patch: Fix build with GCC 10 when long double = double
+- nscd-gc-cycle.patch: nscd: bump GC cycle during cache pruning
+  (bsc#1171878, BZ #26130)
+
+- glibc-nsswitch-usr.diff: read /usr/etc/nsswitch.conf if
+  /etc/nsswitch.conf does not exist
+- Install default nsswitch.conf in /usr/etc
+- Don't install gai.conf in /etc
-- glob-use-after-free.patch: Fix use-after-free in glob when expanding
-  ~user (CVE-2020-1752, bsc#1167631, BZ #25414)
-
-- dl-sort-maps.patch, dlopen-filter-object.patch: Allow dlopen of filter
-  object to work (bsc#1166106, BZ #16272)
+- Split off %lang_package
+- riscv-syscall-clobber.patch: riscv: Avoid clobbering register parameters
+  in syscall
-- pthread-rwlock-pwn.patch: Fix rwlock stall with
-  PREFER_WRITER_NONRECURSIVE_NP (bsc#1164505, BZ #23861)
-- manual-memory-protection.patch: manual: Document mprotect and introduce
-  section on memory protection (bsc#1163184)
+- nsswitch.conf: comment out initgroups setting, so that it defaults to
+  the group setting (bsc#1164075)
-- backtrace-powerpc.patch: Fix array overflow in backtrace on PowerPC
-  (CVE-2020-1751, bsc#1158996, BZ #25423)
-
-- posix-Add-internal-symbols-for-posix_spawn-interface.patch,
-  glibc-2.29-posix-Use-posix_spawn-on-popen.patch: Use posix_spawn on
-  popen (bsc#1149332, BZ #22834)
+- fix-locking-in-_IO_cleanup.patch: update to latest version
-- ppc-tle-htm-nosc.patch: powerpc: Fix syscalls during early process
-  initialization (SLE-8348, BZ #22685)
+- Update to glibc 2.31
+  * The GNU C Library now supports a feature test macro _ISOC2X_SOURCE to
+    enable features from the draft ISO C2X standard
+  * The <math.h> functions that round their results to a narrower type now
+    have corresponding type-generic macros in <tgmath.h>
+  * The function pthread_clockjoin_np has been added, enabling join with a
+    terminated thread with a specific clock
+  * New locale added: mnw_MM (Mon language spoken in Myanmar).
+  * The DNS stub resolver will optionally send the AD (authenticated data) bit
+    in queries if the trust-ad option is set via the options directive in
+    /etc/resolv.conf (or if RES_TRUSTAD is set in _res.options)
+  * The totalorder and totalordermag functions, and the corresponding
+    functions for other floating-point types, now take pointer arguments to
+    avoid signaling NaNs possibly being converted to quiet NaNs in argument
+    passing
+  * The obsolete function stime is no longer available to newly linked
+    binaries, and its declaration has been removed from <time.h>
+  * The gettimeofday function no longer reports information about a
+    system-wide time zone
+  * If a lazy binding failure happens during dlopen, during the execution of
+    an ELF constructor, the process is now terminated
+- malloc-info-whitespace.patch, riscv-vfork.patch,
+  prefer-map-32bit-exec.patch, backtrace-powerpc.patch,
+  ldconfig-dynstr.patch: Removed.
+- bsc#1157893
+- bsc#1163184
+- fate#325815, fate#325879, fate#325880, fate#325881, fate#325882
+- fate#325962
-- s390-strstr-page-boundary.patch: S390: Fix handling of needles crossing
-  a page in strstr z15 ifunc-variant (bsc#1157893, BZ #25226)
+- backtrace-powerpc.patch: Fix array overflow in backtrace on PowerPC
+  (CVE-2020-1751, bsc#1158996, BZ #25423)
+- Drop support for pluggable gconv modules (bsc#1159851)
-- GNU1815 - Hardware support in toolchain (bsc#1151582)
-  0001-S390-Add-configure-check-to-detect-z10-as-mininum-ar.patch
-  0002-S390-Use-hwcap-instead-of-dl_hwcap-in-ifunc-resolver.patch
-  0003-S390-Unify-31-64bit-memcpy.patch
-  0004-S390-Refactor-memcpy-mempcpy-ifunc-handling.patch
-  0005-S390-Remove-s390-specific-implementation-of-bcopy.patch
-  0006-S390-Use-memcpy-for-forward-cases-in-memmove.patch
-  0007-S390-Add-configure-check-to-detect-z13-as-mininum-ar.patch
-  0008-S390-Add-z13-memmove-ifunc-variant.patch
-  0009-S390-Add-z13-strstr-ifunc-variant.patch
-  0010-S390-Add-z13-memmem-ifunc-variant.patch
-  0011-S390-Cleanup-ifunc-resolve.h.patch
-  0012-S390-Mark-vx-and-vxe-as-important-hwcap.patch
-  0013-S390-Add-new-hwcap-values-for-new-cpu-architecture-a.patch
-  0014-S390-Add-configure-check-to-detect-support-for-arch1.patch
-  0015-S390-Add-arch13-memmove-ifunc-variant.patch
-  0016-S390-Add-arch13-strstr-ifunc-variant.patch
-  0017-S390-Add-arch13-memmem-ifunc-variant.patch
-
-- regex-parse-reg-exp.patch: ERE '0|()0|\1|0' causes regexec undefined
-  behavior (CVE-2009-5155, bsc#1127223, BZ #18986)
-- regex-read-overrun.patch: regex: fix read overrun (CVE-2019-9169,
-  bsc#1127308, BZ #24114)
+- nsswitch.conf: add usrfiles for services, protocols, rpc, ethers
+  and aliases for /usr/etc move
-- crt-nocompress-debug-sections.patch: Don't compress debug sections in
-  crt*.o files (bsc#1123710)
+- euc-kr-overrun.patch: Fix buffer overrun in EUC-KR conversion module
+  (CVE-2019-25013, BZ #24973)
-- ldconfig-concurrency.patch: Avoid concurrency problem in ldconfig
-  (bsc#1117993, BZ #23973)
+- ldconfig-dynstr.patch: ldconfig: handle .dynstr located in separate
+  segment (bsc#1153149, BZ #25087)
-- force-elision-race.patch: Fix race in pthread_mutex_lock while promoting
-  to PTHREAD_MUTEX_ELISION_NP (bsc#1131330, BZ #23275)
+- Package gconv-modules.cache as %ghost
+- Regenerate it also in the %post of glibc-local-base-<targettype>
+
+- move mo files to glibc-locale as that's where all the other
+  informations for those locales are. glibc-locale-base only has English
+  anyways.
+
+- riscv-vfork.patch: Fix RISC-V vfork build with Linux 5.3 kernel headers
+
+- Remove NoSource tags (bsc#994835)
+
+- pwdutils is long gone and replaced by shadow
+
+- Update to glibc 2.30
+  * Unicode 12.1.0 Support
+  * The dynamic linker accepts the --preload argument to preload shared
+    objects
+  * The twalk_r function has been added
+  * On Linux, the getdents64, gettid, and tgkill functions have been added
+  * Minguo (Republic of China) calendar support has been added
+  * The entry for the new Japanese era has been added
+  * Memory allocation functions malloc, calloc, realloc, reallocarray, valloc,
+    pvalloc, memalign, and posix_memalign fail now with total object size
+    larger than PTRDIFF_MAX
+  * The dynamic linker no longer refuses to load objects which reference
+    versioned symbols whose implementation has moved to a different soname
+    since the object has been linked
+  * Add new POSIX-proposed pthread_cond_clockwait, pthread_mutex_clocklock,
+    pthread_rwlock_clockrdlock, pthread_rwlock_clockwrlock and sem_clockwait
+    functions
+  * On AArch64 the GNU IFUNC resolver call ABI changed
+  * The copy_file_range function fails with ENOSYS if the kernel does not
+    support the system call of the same name
+  * The functions clock_gettime, clock_getres, clock_settime,
+    clock_getcpuclockid, clock_nanosleep were removed from the librt library
+    for new applications (on architectures which had them)
+  * The obsolete and never-implemented XSI STREAMS header files <stropts.h>
+    and <sys/stropts.h> have been removed
+  * Support for the "inet6" option in /etc/resolv.conf and the RES_USE_INET6
+    resolver flag (deprecated in glibc 2.25) have been removed
+  * The obsolete RES_INSECURE1 and RES_INSECURE2 option flags for the DNS stub
+    resolver have been removed from <resolv.h>
+  * With --enable-bind-now, installed programs are now linked with the
+    BIND_NOW flag.
+  * On 32-bit Arm, support for the port-based I/O emulation and the <sys/io.h>
+    header have been removed
+  * The Linux-specific <sys/sysctl.h> header and the sysctl function have been
+    deprecated and will be removed from a future version of glibc
+  * CVE-2019-7309: x86-64 memcmp used signed Jcc instructions to check
+    size
+  * CVE-2019-9169: Attempted case-insensitive regular-expression match
+    via proceed_next_node in posix/regexec.c leads to heap-based buffer
+    over-read
+- pthread-rwlock-trylock-stalls.patch,
+  arm-systemtap-probe-constraint.patch, pthread-mutex-barrier.patch,
+  fork-handler-lock.patch, pthread-join-probe.patch,
+  riscv-clone-unwind.patch, add-new-Fortran-vector-math-header-file.patch,
+  regex-read-overrun.patch, japanese-era-name-may-2019.patch,
+  dl-show-auxv.patch, s390-vx-vxe-hwcap.patch, taisho-era-string.patch,
+  malloc-tracing-hooks.patch, pldd-inf-loop.patch,
+  malloc-large-bin-corruption-check.patch, wfile-sync-crash.patch,
+  malloc-tests-warnings.patch, fnmatch-collating-elements.patch,
+  iconv-reset-input-buffer.patch: Removed
+- malloc-info-whitespace.patch: Remove unwanted leading whitespace in
+  malloc_info (BZ #24867)
+- bsc#1100396
+- bsc#1130045
+
+- Move /var/lib/misc/Makefile to /usr/share/misc/Makefile.makedb (bsc#1138726)
+
+- malloc-tests-warnings.patch: Fix warnings in malloc tests with GCC 9
+
+- Set optflags for i686 after _lto_cflags is set (boo#1138807).
+
+- Disable LTO due to a usage of top-level assembler that
+  causes LTO issues (boo#1138807).
+
+- nss-files-long-lines-2.patch: Remove obsolete patch
+
+- dl-show-auxv.patch: Fix output of LD_SHOW_AUXV=1
+- s390-vx-vxe-hwcap.patch: S390: Mark vx and vxe as important hwcap
+- taisho-era-string.patch: ja_JP: Change the offset for Taisho gan-nen
+  from 2 to 1 (BZ #24162)
+- malloc-tracing-hooks.patch: malloc: Set and reset all hooks for tracing
+  (BZ #16573)
+- pldd-inf-loop.patch: elf: Fix pldd (BZ#18035)
+- malloc-large-bin-corruption-check.patch: malloc: Check for large bin
+  list corruption when inserting unsorted chunk (BZ #24216)
+- wfile-sync-crash.patch: Fix crash in _IO_wfile_sync (BZ #20568)
-  Japanese era (bsc#1100396, BZ #22964)
+  Japanese era (BZ #22964)
+- Replace glibc_post_upgrade with lua script
-- pthread-mutex-trylock-barrier.patch: pthread_mutex_trylock does not use
-  the correct order of instructions while maintaining the robust mutex
-  list due to missing compiler barriers (bsc#1130045, BZ #24180)
-- getaddrinfo-parse-ipv4-address.patch: getaddrinfo: Fully parse IPv4
-  address strings (CVE-2016-10739, bsc#1122729, BZ #20018)
-
-- mman-map-sync.patch: Add MAP_SYNC from Linux 4.15 (bsc#1126590)
-- mman-linux-map-shared-validate.patch: Add MAP_SHARED_VALIDATE from Linux
-  4.15 (bsc#1126590)
-- nptl-setxid-error.patch: nptl: Preserve error in setxid thread broadcast
-  in coredumps (bsc#1063675, BZ #22153)
+- add-new-Fortran-vector-math-header-file.patch: Update from upstream
-- x86-haswell-string-flags.patch: Fix Haswell CPU string flags
-  (bsc#1114984, BZ #23709)
-- pthread-cond-broadcast-waiters-after-spinning.patch: Fix
-  waiters-after-spinning case (bsc#1114993, BZ #23538)
+- regex-read-overrun.patch: fix read overrun (CVE-2019-9169, bsc#1127308,
+  BZ #24114)
+- ldconfig-concurrency.patch: Avoid concurrency problem in ldconfig
+  (bsc#1117993, BZ #23973)
+
+- Add add-new-Fortran-vector-math-header-file.patch.
-- absolute-symbols.patch: Don't relocate absolute symbols (bsc#1112570, BZ
-  [#19818])
+- pthread-rwlock-trylock-stalls.patch: nptl: Fix pthread_rwlock_try*lock
+  stalls (BZ #23844)
+- arm-systemtap-probe-constraint.patch: arm: Use "nr" constraint for
+  Systemtap probes (BZ #24164)
+- pthread-mutex-barrier.patch: Add compiler barriers around modifications
+  of the robust mutex list for pthread_mutex_trylock (BZ #24180)
+- fork-handler-lock.patch: nptl: Avoid fork handler lock for
+  async-signal-safe fork (BZ #24161)
+- pthread-join-probe.patch: nptl: Fix invalid Systemtap probe in
+  pthread_join (BZ #24211)
+- riscv-clone-unwind.patch: RISC-V: Fix elfutils testsuite unwind failures
+  (BZ #24040)
+
+- Update to glibc 2.29
+  * The getcpu wrapper function has been added, which returns the currently
+    used CPU and NUMA node
+  * Optimized generic exp, exp2, log, log2, pow, sinf, cosf, sincosf and tanf
+  * The reallocarray function is now declared under _DEFAULT_SOURCE, not just
+    for _GNU_SOURCE, to match BSD environments
+  * For powercp64le ABI, Transactional Lock Elision is now enabled iff kernel
+    indicates that it will abort the transaction prior to entering the kernel
+    (PPC_FEATURE2_HTM_NOSC on hwcap2)
+  * The functions posix_spawn_file_actions_addchdir_np and
+    posix_spawn_file_actions_addfchdir_np have been added, enabling
+    posix_spawn and posix_spawnp to run the new process in a different
+    directory
+  * The popen and system do not run atfork handlers anymore (BZ#17490)
+  * strftime's default formatting of a locale's alternative year (%Ey)
+    has been changed to zero-pad the year to a minimum of two digits,
+    like "%y"
+  * As a GNU extension, the '_' and '-' flags can now be applied to
+    "%EY" to control how the year number is formatted
+  * The glibc.tune tunable namespace has been renamed to glibc.cpu and the
+    tunable glibc.tune.cpu has been renamed to glibc.cpu.name
+  * The type of the pr_uid and pr_gid members of struct elf_prpsinfo, defined
+    in <sys/procfs.h>, has been corrected to match the type actually used by
+    the Linux kernel
+  * An archaic GNU extension to scanf, under which '%as', '%aS', and '%a[...]'
+    meant to scan a string and allocate space for it with malloc, is now
+    restricted to programs compiled in C89 or C++98 mode with _GNU_SOURCE
+    defined
+- unwind-ctor.patch, old-getdents64.patch, nss-files-leak.patch,
+  riscv-feholdexcept-setround.patch,
+  pthread-cond-broadcast-waiters-after-spinning.patch,
+  regex-uninit-memory-access.patch, spawni-maybe-script-execute.patch,
+  gethostid-gethostbyname-failure.patch, strstr-huge-needle.patch,
+  pthread-mutex-lock-elision-race.patch, x86-haswell-string-flags.patch,
+  if-nametoindex-descr-leak.patch, riscv-flush-icache.patch: Removed
+- CVE-2016-10739
+- bsc#1114984
+- bsc#1114993
+- bsc#1122729
+- bsc#1131330
+- bsc#1149332
+- bsc#1151582
+- bsc#1164505
+
+- fnmatch-collating-elements.patch: update
+- riscv-flush-icache.patch: fix for compiling against 4.20 headers
+
+- if-nametoindex-descr-leak.patch: if_nametoindex: Fix descriptor leak for
+  overlong name (CVE-2018-19591, BZ #23927, bsc#1117603)
+
+- Fix typography for glibc-locale-base.
+
+- pthread-mutex-lock-elision-race.patch: Fix race in pthread_mutex_lock
+  while promoting to PTHREAD_MUTEX_ELISION_NP (BZ #23275)
+- x86-haswell-string-flags.patch: x86: Fix Haswell CPU string flags (BZ
+  [#23709])
+
+- unwind-ctor.patch: Add missing unwind information to ld.so on powerpc32
+  (BZ #23707)
+- old-getdents64.patch: Rewrite __old_getdents64 (BZ #23497)
+- nss-files-leak.patch: Fix file stream leak in aliases lookup (BZ #23521)
+- riscv-feholdexcept-setround.patch: Fix rounding save/restore bug
+- pthread-cond-broadcast-waiters-after-spinning.patch: Fix
+  waiters-after-spinning case (BZ #23538)
+- regex-uninit-memory-access.patch: fix uninitialized memory access (BZ
+  [#23578])
+- spawni-maybe-script-execute.patch: Fix segfault in maybe_script_execute
+- gethostid-gethostbyname-failure.patch: Check for NULL value from
+  gethostbyname_r (BZ #23679)
+- strstr-huge-needle.patch: Fix strstr bug with huge needles (BZ #23637)
-- glibc-fix-aarch64-build.diff: Fix build on aarch64 with
-  binutils newer than 2.30.
+- Add libpng-devel and zlib-devel for utils build
-- aarch64-hwcap-atomics.patch: aarch64: add HWCAP_ATOMICS to
-  HWCAP_IMPORTANT (fate#325962)
+- Update to glibc 2.28
+  * The localization data for ISO 14651 is updated to match the 2016
+    Edition 4 release of the standard, this matches data provided by
+    Unicode 9.0.0
+  * Unicode 11.0.0 Support: Character encoding, character type info, and
+    transliteration tables are all updated to Unicode 11.0.0, using
+    generator scripts contributed by Mike FABIAN (Red Hat)
+  * <math.h> functions that round their results to a narrower type are added
+    from TS 18661-1:2014 and TS 18661-3:2015
+  * Two grammatical forms of month names are now supported
+  * The renameat2 function has been added, a variant of the renameat function
+    which has a flags argument
+  * The statx function has been added, a variant of the fstatat64
+    function with an additional flags argument
+  * IDN domain names in getaddrinfo and getnameinfo now use the system libidn2
+    library if installed
+  * Parsing of dynamic string tokens in DT_RPATH, DT_RUNPATH, DT_NEEDED,
+    DT_AUXILIARY, and DT_FILTER has been expanded to support the full
+    range of ELF gABI expressions including such constructs as
+    '$ORIGIN$ORIGIN' (if valid)
+  * Support for ISO C threads (ISO/IEC 9899:2011) has been added.
+  * The nonstandard header files <libio.h> and <_G_config.h> are no longer
+    installed
+  * The stdio functions 'getc' and 'putc' are no longer defined as macros
+  * All stdio functions now treat end-of-file as a sticky condition
+  * The macros 'major', 'minor', and 'makedev' are now only available from
+    the header <sys/sysmacros.h>
+  * The obsolete function ustat is no longer available to newly linked
+    binaries; the headers <ustat.h> and <sys/ustat.h> have been removed
+  * The obsolete function nfsservctl is no longer available to newly linked
+    binaries
+  * The obsolete function name llseek is no longer available to newly linked
+    binaries
+  * The AI_IDN_ALLOW_UNASSIGNED and NI_IDN_ALLOW_UNASSIGNED flags for the
+    getaddrinfo and getnameinfo functions have been deprecated
+  * The AI_IDN_USE_STD3_ASCII_RULES and NI_IDN_USE_STD3_ASCII_RULES flags for
+    the getaddrinfo and getnameinfo functions have been deprecated
+  * The fcntl function now have a Long File Support variant named fcntl64
+  * CVE-2016-6261, CVE-2016-6263, CVE-2017-14062: Various vulnerabilities have
+    been fixed by removing the glibc-internal IDNA implementation and using
+    the system-provided libidn2 library instead
+- Split off all libcrypt related functions into package libxcrypt
+- fix-locking-in-_IO_cleanup.patch, fnmatch-collating-elements.patch:
+  Rediff
+- aarch64-sys-ptrace-update.patch,
+  crypt_blowfish-1.2-hack_around_arm.diff, crypt_blowfish-1.2-sha.diff,
+  crypt_blowfish-const.patch, crypt_blowfish-gensalt.patch,
+  glibc-2.14-crypt.diff, i386-memmove-sse2-unaligned.patch,
+  i386-sigaction-sa-restorer.patch, mempcpy-avx512.patch,
+  netgroup-cache-keys.patch, nss-database-multiple-dfn.patch,
+  pkey-get-reserved-name.patch, powerpc-sys-ptrace-undefine-macros.patch,
+  powerpc-sys-ptrace-update.patch, realpath-ssize-max-overflow.patch,
+  res-send-enomem.patch, riscv-fmax-fmin-nan.patch,
+  riscv-kernel-sigaction.patch, riscv-readelflib.patch,
+  riscv-tls-init.patch: Removed
+- glibc_post_upgrade.c: Don't reload init (bsc#1103124)
+- CVE-2009-5155, CVE-2015-8985
+- bsc#1092877
+- bsc#1102526
+- bsc#1112570
+- bsc#1126590
+- bsc#1127223
+
+- Use python3-pexpect instead of python-pexpect
-- math-remove-slow-path.patch: Remove slow paths from math routines
-  (fate#325815, fate#325879, fate#325880, fate#325881, fate#325882)
+- riscv-kernel-sigaction.patch: fix struct kernel_sigaction to match the
+  kernel version (BZ #23069)
-- localtime-2039.patch: Fix year 2039 bug for localtime with 64-bit time_t
-  (bsc#1102526, BZ #22639)
+- glibc-2.3.90-langpackdir.diff: No longer search in /usr/share/locale-bundle
-- i386-memmove-sse2-unaligned.patch: Fix SSE2 memmove issue when crossing
-  2GB boundary (CVE-2017-18269, bnc#1094150, BZ #22644)
+- mempcpy-avx512.patch: Don't write beyond destination in
+  __mempcpy_avx512_no_vzeroupper (CVE-2018-11237, bsc#1094154)
-- glibc-fix-avx512-mempcpy.patch: replace with upstream version
-
-- Use %license also for COPYING and COPYING.LIB (bsc#1082318)
-
-- Add glibc-fix-avx512-mempcpy.patch as quick fix for mempcpy
-  buffer overwrite in memmove-avx512-no-vzeroupper.S for Knights
-  Landing CPUs (CVE-2018-11237, bnc#1094154, bnc#1092877, BZ #23196)
+- Use %license also for COPYING, COPYING.LIB
+- i386-memmove-sse2-unaligned.patch: Fix SSE2 memmove issue when crossing
+  2GB boundary (CVE-2017-18269, bnc#1094150, BZ #22644)
+
-- Use %license (bsc#1082318)
-
-- stack-guard-size-accounting.patch: Fix stack guard size accounting
-  (bsc#1074208, BZ #22637)
-- libgcc-rtld-now.patch: Open libgcc.so with RTLD_NOW during
-  pthread_cancel (bsc#1074208, BZ #22636)
-
-- Mark source0 as nosource in non-main source rpms
-
-- Add systemtap-headers to BuildRequires.
-- Add --enable-systemtap to configure arguments. (fate#324969,
-  bsc#1073636)
-
-- memalign-overflow.patch: Fix integer overflows in internal memalign and
-  malloc functions (CVE-2018-6485, CVE-2018-6551, bsc#1079036, BZ #22343,
-  BZ #22774)
+- pkey-get-reserved-name.patch: Linux: use reserved name __key in pkey_get
+  (BZ #22797)
+- aarch64-sys-ptrace-update.patch: linux/aarch64: sync sys/ptrace.h with
+  Linux 4.15 (BZ #22433)
+- powerpc-sys-ptrace-undefine-macros.patch: powerpc: Undefine Linux ptrace
+  macros that conflict with __ptrace_request
+- powerpc-sys-ptrace-update.patch: linux/powerpc: sync sys/ptrace.h with
+  Linux 4.15 (BZ #22433, BZ #22807)
+- netgroup-cache-keys.patch: Fix netgroup cache keys (BZ #22342)
+- i386-sigaction-sa-restorer.patch: i386: Fix i386 sigaction sa_restorer
+  initialization (BZ #21269)
+- riscv-tls-init.patch: RISC-V: Do not initialize $gp in TLS macros
+- riscv-fmax-fmin-nan.patch: RISC-V: fmax/fmin: Handle signalling NaNs
+  correctly (BZ #22884)
+
+- nss-database-multiple-dfn.patch: Fix multiple definitions of
+  __nss_*_database (BZ #22918)
+
+- Use %license (boo#1082318)
+
+- Add systemtap-headers to BuildRequires
+- Add --enable-systemtap to configure arguments (fate#324969, bsc#1073636)
+
+- riscv-readelflib.patch: Fix parsing flags in ELF64 files on riscv
+
+- Update to glibc 2.27
+  * Optimized x86-64 asin, atan2, exp, expf, log, pow, atan, sin, cosf,
+    sinf, sincosf and tan with FMA
+  * Optimized x86-64 trunc and truncf for processors with SSE4.1
+  * Optimized generic expf, exp2f, logf, log2f, powf, sinf, cosf and
+    sincosf
+  * In order to support faster and safer process termination the malloc API
+    family of functions will no longer print a failure address and stack
+    backtrace after detecting heap corruption
+  * The abort function terminates the process immediately, without flushing
+    stdio streams
+  * On platforms where long double has the IEEE binary128 format (aarch64,
+    alpha, mips64, riscv, s390 and sparc), the math library now implements
+    _Float128 interfaces for that type, as defined by ISO/IEC TS 18661-3:2015
+    These are the same interfaces added in version 2.26 for some platforms where
+    this format is supported but is not the format of long double
+  * On platforms with support for _Float64x (aarch64, alpha, i386, ia64,
+    mips64, powerpc64le, riscv, s390, sparc and x86_64), the math library now
+    implements interfaces for that type, as defined by ISO/IEC TS
+    18661-3:2015
+  * The math library now implements interfaces for the _Float32, _Float64 and
+    _Float32x types, as defined by ISO/IEC TS 18661-3:2015
+  * glibc now implements the memfd_create and mlock2 functions on Linux
+  * Support for memory protection keys was added
+  * The copy_file_range function was added
+  * The ldconfig utility now processes `include' directives using the C/POSIX
+    collation ordering
+  * Support for two grammatical forms of month names has been added
+  * Support for the RISC-V ISA running on Linux has been added
+  * Statically compiled applications attempting to load locales compiled for the
+    GNU C Library version 2.27 will fail and fall back to the builtin C/POSIX
+    locale
+  * Support for statically linked applications which call dlopen is deprecated
+    and will be removed in a future version of glibc
+  * Support for old programs which use internal stdio data structures and
+    functions is deprecated
+  * On GNU/Linux, the obsolete Linux constant PTRACE_SEIZE_DEVEL is no longer
+    defined by <sys/ptrace.h>
+  * libm no longer supports SVID error handling (calling a user-provided
+    matherr function on error) or the _LIB_VERSION variable to control error
+    handling
+  * The libm functions pow10, pow10f and pow10l are no longer supported for
+    new programs
+  * The mcontext_t type is no longer the same as struct sigcontext
+  * The add-ons mechanism for building additional packages at the same time as
+    glibc has been removed
+  * The res_hnok, res_dnok, res_mailok and res_ownok functions now check that
+    the specified string can be parsed as a domain name
+  * In the malloc_info output, the <heap> element may contain another <aspace>
+    element, "subheaps", which contains the number of sub-heaps
+  * In the malloc_info output, the <heap> element may contain another <aspace>
+    element, "subheaps", which contains the number of sub-heaps
+  * The nonstandard header files <libio.h> and <_G_config.h> are deprecated
+    and will be removed in a future release
+  * CVE-2018-6485, CVE-2018-6551: The posix_memalign and memalign
+    functions, when called with an object size near the value of SIZE_MAX,
+    would return a pointer to a buffer which is too small, instead of NULL
+    (bsc#1079036)
+- Support for Sun RPC is no longer available, use libtirpc instead
+- glibc-nodate.patch, powerpc-elision-enable-envvar.patch,
+  s390-elision-enable-envvar.patch, resolv-context-leak.patch,
+  dl-runtime-resolve-opt-avx512f.patch, libpthread-compat-wrappers.patch,
+  math-c++-compat.patch, remove-nss-nis-compat.patch,
+  eh-frame-zero-terminator.patch, ld-so-hwcap-x86-64.patch,
+  assert-pedantic.patch, getaddrinfo-errno.patch, resolv-conf-oom.patch,
+  dynarray-allocation.patch, nearbyint-inexact.patch, nss-compat.patch,
+  nscd-libnsl.patch, malloc-tcache-leak.patch,
+  falkor-memcpy-memmove.patch, aarch64-cpu-features.patch,
+  nss-files-large-buffers.patch. sysconf-uio-maxiov.patch,
+  glob-tilde-overflow.patch, dl-runtime-resolve-xsave.patch,
+  spawni-assert.patch, x86-64-dl-platform.patch, glob64-s390.patch,
+  tst-tlsopt-powerpc.patch, powerpc-hwcap-bits.patch,
+  malloc-tcache-check-overflow.patch, dl-init-paths-overflow.patch,
+  fillin-rpath-empty-tokens.patch, getcwd-absolute.patch,
+  ldd-system-interp.patchabort-no-flush.patch: Removed
+- All patches refreshed
+- bsc#1063675
+- bsc#1074208
google-noto-fonts
+fix: bsc#1202279 and gh#notofonts/Arimo#13
+- fix-arimo.patch
+
+fix: summary and descriptions not mentioning font being Serif
+  add: README.FAQ to answer some questions about Noto Fonts packaging
+
+feat: create new metapackage noto-fonts with all Noto Fonts except CJK and Emoji
+
+update: 20220524 -> 20220607
+- Noto Sans and Noto Sans Myanmar have been updated
+  fix(spec): add LICENSE to every package, remove redundant doc package
+- It is likely a legal requirement that the license must be included with the package (rather than only recommends)
+- Using the %license macro and including the license in every subpackage is the norm
+  fix(sh): prevent redundant .svn files from being compressed into archive
+  chore(spec): use install instead of mkdir and cp
+  chore(sh): fix typo
+
+- Add obsoletes and provides for google-{arimo,cousine,tinos}-fonts
+
+- Switch back to hinted ttf as unhinted otf causes blurring (boo#1199938)
+
+- Add obsoletes and provides for:
+  - noto-mono-fonts: Got merged into noto-sans-mono-fonts
+  - noto-sans-syriac* variants: Got merged into noto-sans-syriac-fonts
+  - noto-sans-tibetan-fonts: Got renamed to noto-serif-tibetan-fonts
+- Update to version 20220524
+  - Updated Noto Sans Myanmar and Noto Sans Tangsa Fonts
+
+- Clarify sources
+
+- Fix unversioned obsoletes
+- Merge noto-sans-display-fonts into noto-sans-fonts
+  - Fixes inconsistent font family names see Github issue #2315
+- Bump version to 20220516
+  - Start using OTF fonts to be in-line with Noto CJK and Emoji
+  - No new fonts
+
+- Update URL and source for zips
+- Update to version 20220509
+  - 96 new fonts, details at https://pastebin.com/ycnpAn88
+
gstreamer-plugins-bad
-- Add gstreamer-plugins-bad-CVE-2023-40474.patch: Backporting
-  ff91a3d8 from upstream, Fix possible overflow using
-  max_sub_layers_minus1 (CVE-2023-40474 bsc#1215793).
+- Add gstreamer-plugins-bad-CVE-2023-40474.patch:
+  Backporting ce17e968 from upstream, Fix integer overflow causing
+  out of bounds writes when handling invalid uncompressed video.
+  (CVE-2023-40474 bsc#1215796)
-- Add patch from upstream to fix a heap overwrite in PGS subtitle
+- Add gstreamer-plugins-bad-CVE-2023-40476.patch:
+  Backporting ff91a3d8 from upstream, Fix possible overflow using
+  max_sub_layers_minus1.
+  (CVE-2023-40476 bsc#1215793)
+
+- Add 0001-dvdspu-Make-sure-enough-data-is-allocated-for-the.patch:
+  from upstream to fix a heap overwrite in PGS subtitle
-  execution (bsc#1213126, CVE-2023-37329):
-  * 0001-dvdspu-Make-sure-enough-data-is-allocated-for-the.patch
+  execution (CVE-2023-37329 bsc#1213126).
less
+- add zstd support to lessopen
+
+- Update to 643:
+  * Fix problem when a program piping into less reads from the tty,
+    like sudo asking for password (github #368).
+  * Fix search modifier ^E after ^W.
+  * Fix bug using negated (^N) search (github #374).
+  * Fix bug setting colors with -D on Windows build (github #386).
+  * Fix reading special chars like PageDown on Windows (github #378).
+  * Fix mouse wheel scrolling on Windows (github #379).
+  * Fix erroneous EOF when terminal window size changes (github #372).
+  * Fix compile error with some definitions of ECHONL (github #395).
+  * Fix crash on Windows when writing logfile (github #405).
+  * Fix regression in exit code when stdin is /dev/null and
+    output is a file (github #373).
+  * Add lesstest test suite to production release (github #344).
+  * Change lesstest output to conform with
+    automake Simple Test Format (github #399).
+
+- Update to 633
+  * This release fixes a build problem found in less-632 on systems
+    which have termcap.h in a subdirectory (ncurses/termcap.h or
+    ncursesw/termcap.h). There is no functional difference between
+    less-632 and less-633
+
+- Update to 632 (differences between 608 and 632)
+  * Add LESSUTFCHARDEF environment variable (github #275).
+  * Add # command (github #330).
+  * Add ^S search modifier (github #196).
+  * Add --wordwrap option (github #113).
+  * Add --no-vbell option (github #304).
+  * Add --no-search-headers option (github #44).
+  * Add --modelines option (github #89).
+  * Add --intr option (github #224).
+  * Add --proc-backspace, --proc-tab and --proc-return options (github #335).
+  * Add --show-preproc-errors option (github #258).
+  * Add LESS_LINES and LESS_COLUMNS environment variables (github #84).
+  * Add LESS_DATA_DELAY environment variable (github #337).
+  * Allow empty "lines" field in --header option.
+  * Update Unicode tables.
+  * Improve ability of ^X to interrupt F command (github #49).
+  * Status column (-J) shows off-screen matches.
+  * Parenthesized sub-patterns in searches are colored with unique colors, if supported by the regular expression library (github #196).
+  * Don't allow opening a tty as file input unless -f is set (github #309).
+  * Don't require newline input after +&... option (github #339).
+  * Fix incorrect handling of some Private Use Unicode characters.
+  * Fix ANSI color bug when overstriking with colored chars (github #276).
+  * Fix compiler const warning (github #279).
+  * Fix signal race in iread (github #280).
+  * Fix reading procfs files on Linux (github #282).
+  * Fix --ignore-case with ctrl-R (no regex) search (github #300).
+  * Fix bug doing repeat search after setting & filter (github #299).
+  * Fix bug doing repeat search before non-repeat search.
+  * Fix crash with -R and certain line lengths (github #338).
+  * Fix input of Windows dead keys (github #352).
+  * Don't retain search options from a cancelled search (github #302).
+  * Don't call realpath on fake filenames like "-" (github #289).
+  * Implement lesstest test suite.
+  * Convert function parameter definitions from K&R to C89 (github #316).
+- Drop patch cve-2022-46663.patch (merged).
+
+- Refreshed all other patches with quilt to an uniform -p1 patch
+  style, which allows us to use %autosetup and simplify the spec
+  file a bit.
+
+- Update to 608:
+  * Add the --header option (github #43).
+  * Add the --no-number-headers option (github #178).
+  * Add the --status-line option.
+  * Add the --redraw-on-quit option (github #36).
+  * Add the --search-options option (github #213).
+  * Add the --exit-follow-on-close option (github #244).
+  * Add 'H' color type to set color of header lines.
+  * Add #version conditional to lesskey.
+  * Add += syntax to variable section in lesskey files.
+  * Allow option name in -- command to end with '=' in addition to '\n'.
+  * Add $HOME/.config to possible locations of lesskey file (github #153).
+  * Add $XDG_STATE_HOME and $HOME/.local/state to possible locations
+    of history file (github #223).
+  * Don't read or write history file in secure mode (github #201).
+  * Fix display of multibyte and double-width chars in prompt.
+  * Fix ESC-BACKSPACE command when BACKSPACE key does not send 0x08
+    (github #188).
+  * Add more \k codes to lesskey format.
+  * Fix bug when empty file is modified while viewing it.
+  * Fix bug when parsing a malformed lesskey file (githb #234).
+  * Fix bug scrolling history when --incsearch is set (github #214).
+  * Fix buffer overflow when invoking lessecho with more than 63 -m/-n
+    options (github #198).
+  * Fix buffer overflow in bin_file (github #271).
+  * Fix bug restoring color at end of highlighted text.
+  * Fix bug in parsing lesskey file.
+  * Defer moving cursor to lower left in some more cases.
+  * Suppress TAB filename expansion in some cases where it doesn't make sense.
+  * Fix termlib detection when compiler doesn't accept
+    calls to undeclared functions.
+  * Escape filenames when invoking LESSCLOSE.
+  * Fix bug using multibyte UTF-8 char in search string
+    with --incsearch (github #273).
+
+- Which need one /usr/bin/which, not the package which
libhugetlbfs
+- Add libhugetlbfs-noexecstack.patch (bsc#1213639)
+- Increase buffer size in libhugetlbfs-increase-mount-buffer.patch
+  as in the provided fix (bsc#1213639)
+
+- Add libhugetlbfs-increase-mount-buffer.patch for upstream issue gh#43
+  (boo#1216576, bsc#1213639)
+
-- update to 2.17:
-  * PPC segement alignment restrictions can be disabled
-  * Added Aarch64 support
-  * Allow compiler overrides for 64 and 32 bit builds
-  * hugeadm now handles /etc/mtab being a simlink properly
-  * ppc64 fixes
-- remove libhugetlbfs.ia64-libdir.patch:
-  ia64 is no longer supported by openSUSE
-- add ignore-perl-modules.diff: do not install perl modules, unused
-  and are installed in the wrong place to be found anyway
-- add ARM support
-- add disable-rw-on-non-ldscripts.diff: Skip rw tests
-- Do not install tests anymore
-
-- Tests compile fine for s390(x), also include them in the package, the same
-  way it is done for other archs as well.
-
libmbim
+- Fix build with RPM 4.19: unnumbered patches are no longer
+  supported.
+
poppler-data
+- update to 0.4.12:
+  * updated files from the adobe-type-tools repositories
+
-- Update to version 0.4.5:
-  + New data from Adobe.
-  + New data from xpdf.
-
psmisc
+- Fix version at configure time as there was no .tarball-version
+
rsync
+- Update to latest version from Factory (3.2.7)
+- Deleted the following patches, already included in that version:
+  - rsync-CVE-2020-14387.patch
+  - rsync-CVE-2022-29154-trust-sender-1.patch
+  - rsync-CVE-2022-29154-trust-sender-2.patch
+  - rsync-CVE-2022-29154.patch
+  - rsync-fix-delay-updates-never-updates-after-interruption.patch
+
+- Rename patch to follow naming patch policies:
+  fortified-strlcpy-fix.patch -> rsync-fortified-strlcpy-fix.patch
+
+- Use "slp" for bcond, not "openslp", like we use for all other
+  packages, too.
+- Disable slp patch and configure option if bcond slp is disabled.
+
+- add fortified-strlcpy-fix.patch (bsc#1214616, bsc#1214249)
+
+- Disable openslp support on new distros (bsc#1214884)
+
+- Add support directory to %docdir.
+  Includes some upstream provided scripts such as rrsync. (bsc#1212198)
+
+- Switch rsyncd symlink to a wrapper script to allow setting a distinct
+  SELinux type (bsc#1209654)
+
+- New version fixes bug (boo#1203727): implicit containing directory
+  sometimes rejected as unrequested
+- update to 3.2.7
+  * BUG FIXES:
+  - Fixed the client-side validating of the remote sender's filtering behavior.
+  - More fixes for the "unrequested file-list name" name, including a copy of
+    "/" with `--relative` enabled and a copy with a lot of related paths with
+    `--relative` enabled (often derived from a `--files-from` list).
+  - When rsync gets an unpack error on an ACL, mention the filename.
+  - Avoid over-setting sanitize_paths when a daemon is serving "/" (even if
+    "use chroot" is false).
+  * ENHANCEMENTS:
+  - Added negotiated daemon-auth support that allows a stronger checksum digest
+    to be used to validate a user's login to the daemon.  Added SHA512, SHA256,
+    and SHA1 digests to MD5 & MD4.  These new digests are at the highest priority
+    in the new daemon-auth negotiation list.
+  - Added support for the SHA1 digest in file checksums.  While this tends to be
+    overkill, it is available if someone really needs it.  This overly-long
+    checksum is at the lowest priority in the normal checksum negotiation list.
+    See [`--checksum-choice`](rsync.1#opt) (`--cc`) and the `RSYNC_CHECKSUM_LIST`
+    environment var for how to customize this.
+  - Improved the xattr hash table to use a 64-bit key without slowing down the
+    key's computation.  This should make extra sure that a hash collision doesn't
+    happen.
+  - If the `--version` option is repeated (e.g. `-VV`) then the information is
+    output in a (still readable) JSON format.  Client side only.
+  - The script `support/json-rsync-version` is available to get the JSON style
+    version output from any rsync.  The script accepts either text on stdin
+  * *or** an arg that specifies an rsync executable to run with a doubled
+    `--version` option.  If the text we get isn't already in JSON format, it is
+    converted. Newer rsync versions will provide more complete json info than
+    older rsync versions. Various tweaks are made to keep the flag names
+    consistent across versions.
+  - The [`use chroot`](rsyncd.conf.5#) daemon parameter now defaults to "unset"
+    so that rsync can use chroot when it works and a sanitized copy when chroot
+    is not supported (e.g., for a non-root daemon).  Explicitly setting the
+    parameter to true or false (on or off) behaves the same way as before.
+  - The `--fuzzy` option was optimized a bit to try to cut down on the amount of
+    computations when considering a big pool of files. The simple heuristic from
+    Kenneth Finnegan resuled in about a 2x speedup.
+  - If rsync is forced to use protocol 29 or before (perhaps due to talking to an
+    rsync before 3.0.0), the modify time of a file is limited to 4-bytes.  Rsync
+    now interprets this value as an unsigned integer so that a current year past
+    2038 can continue to be represented. This does mean that years prior to 1970
+    cannot be represented in an older protocol, but this trade-off seems like the
+    right choice given that (1) 2038 is very rapidly approaching, and (2) newer
+    protocols support a much wider range of old and new dates.
+  - The rsync client now treats an empty destination arg as an error, just like
+    it does for an empty source arg. This doesn't affect a `host:` arg (which is
+    treated the same as `host:.`) since the arg is not completely empty.  The use
+    of [`--old-args`](rsync.1#opt) (including via `RSYNC_OLD_ARGS`) allows the
+    prior behavior of treating an empty destination arg as a ".".
+  * PACKAGING RELATED:
+  - The checksum code now uses openssl's EVP methods, which gets rid of various
+    deprecation warnings and makes it easy to support more digest methods.  On
+    newer systems, the MD4 digest is marked as legacy in the openssl code, which
+    makes openssl refuse to support it via EVP.  You can choose to ignore this
+    and allow rsync's MD4 code to be used for older rsync connections (when
+    talking to an rsync prior to 3.0.0) or you can choose to configure rsync to
+    tell openssl to enable legacy algorithms (see below).
+  - A simple openssl config file is supplied that can be installed for rsync to
+    use.  If you install packaging/openssl-rsync.cnf to a public spot (such as
+    `/etc/ssl/openssl-rsync.cnf`) and then run configure with the option
+    `--with-openssl-conf=/path/name.cnf`, this will cause rsync to export the
+    configured path in the OPENSSL_CONF environment variable (when the variable
+    is not already set).  This will enable openssl's MD4 code for rsync to use.
+  - The packager may wish to include an explicit "use chroot = true" in the top
+    section of their supplied /etc/rsyncd.conf file if the daemon is being
+    installed to run as the root user (though rsync should behave the same even
+    with the value unset, a little extra paranoia doesn't hurt).
+  - I've noticed that some packagers haven't installed support/nameconvert for
+    users to use in their chrooted rsync configs.  Even if it is not installed
+    as an executable script (to avoid a python3 dependency) it would be good to
+    install it with the other rsync-related support scripts.
+  - It would be good to add support/json-rsync-version to the list of installed
+    support scripts.
+
+- Use bundled SLP patch now that upstream fixed it:
+  * Remove rsync-3.2.5-slp.patch
+
+- update to 3.2.6:
+  * More path-cleaning improvements in the file-list validation code to avoid
+    rejecting of valid args.
+  * A file-list validation fix for a --files-from file that ends without a
+    line-terminating character.
+  * Added a safety check that prevents the sender from removing destination
+    files when a local copy using --remove-source-files has some files that are
+    shared between the sending & receiving hierarchies, including the case
+    where the source dir & destination dir are identical.
+  * Fixed a bug in the internal MD4 checksum code that could cause the digest
+    to be sporadically incorrect (the openssl version was/is fine).
+  * A minor tweak to rrsync added "copy-devices" to the list of known args, but
+    left it disabled by default.
+
+- Build SLE version with g++-11
+  to work around nondeterministic g++-7 (boo#1193895)
+
+- Migration to /usr/etc: Saving user changed configuration files
+  in /etc and restoring them while an RPM update.
+
+- Add upstream patch rsync-3.2.5-slp.patch, as the one included in
+  the released tarball doesn't fully apply.
+- Drop patch rsync-CVE-2022-29154.patch, already included upstream.
+- Update to 3.2.5
+  * SECURITY FIXES:
+  - Added some file-list safety checking that helps to ensure that a rogue
+    sending rsync can't add unrequested top-level names and/or include recursive
+    names that should have been excluded by the sender.  These extra safety
+    checks only require the receiver rsync to be updated.  When dealing with an
+    untrusted sending host, it is safest to copy into a dedicated destination
+    directory for the remote content (i.e. don't copy into a destination
+    directory that contains files that aren't from the remote host unless you
+    trust the remote host). Fixes CVE-2022-29154.
+  - A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue).
+  * BUG FIXES:
+  - Fixed the handling of filenames specified with backslash-quoted wildcards
+    when the default remote-arg-escaping is enabled.
+  - Fixed the configure check for signed char that was causing a host that
+    defaults to unsigned characters to generate bogus rolling checksums. This
+    made rsync send mostly literal data for a copy instead of finding matching
+    data in the receiver's basis file (for a file that contains high-bit
+    characters).
+  - Lots of manpage improvements, including an attempt to better describe how
+    include/exclude filters work.
+  - If rsync is compiled with an xxhash 0.8 library and then moved to a system
+    with a dynamically linked xxhash 0.7 library, we now detect this and disable
+    the XX3 hashes (since these routines didn't stabilize until 0.8).
+  * ENHANCEMENTS:
+  - The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the
+    extra file-list safety checking (should that be required).
+  * PACKAGING RELATED:
+  - A note to those wanting to patch older rsync versions: the changes in this
+    release requires the quoted argument change from 3.2.4. Then, you'll want
+    every single code change from 3.2.5 since there is no fluff in this release.
+  - The build date that goes into the manpages is now based on the developer's
+    release date, not on the build's local-timezone interpretation of the date.
+  * DEVELOPER RELATED:
+  - Configure now defaults GETGROUPS_T to gid_t when cross compiling.
+  - Configure now looks for the bsd/string.h include file in order to fix the
+    build on a host that has strlcpy() in the main libc but not defined in the
+    main string.h file.
+
-  * Added patch rsync-rsync-CVE-2022-29154.patch
+  * Added patch rsync-CVE-2022-29154.patch
+
+- Removed %config flag for files in /usr directory.
+
+- Moved logrotate files from user specific directory /etc/logrotate.d
+  to vendor specific directory /usr/etc/logrotate.d.
+
+- Update to 3.2.4
+  * A new form of arg protection was added that works similarly to
+    the older `--protect-args` (`-s`) option but in a way that
+    avoids breaking things like rrsync.
+  * A long-standing bug was preventing rsync from figuring out the
+    current locale's decimal point character, which made rsync
+    always output numbers using the "C" locale.
+  * Too many changes to list, see included NEWS.md file.
+- Drop rsync-CVE-2020-14387.patch, already included upstream.
+
+- Added hardening to systemd service(s) (bsc#1181400). Modified:
+  * rsyncd.service
sqlite3
+- Sync version 3.44.0 from Factory
+  * Fixes bsc#1210660, CVE-2023-2137: Heap buffer overflow
+  * sqlite3-rtree-i686.patch: temporary build fix for 32-bit x86.
+  * Obsoletes sqlite-CVE-2022-46908.patch
+  * Obsoletes sqlite-src-3390000-func7-pg-181.patch
+
squashfs
+- For reference: previous updates fixed
+  * CVE-2021-40153 (bsc#1189936)
+  * CVE-2015-4645, CVE-2015-4646 (bsc#935380)
+
+- update to 4.6.1:
+  * Race condition which can cause corruption of the "fragment
+    table" fixed.  This is a regression introduced in August 2022,
+    and it has been seen when tailend packing is used (-tailends option).
+  * Fix build failure when the tools are being built without
+    extended attribute (XATTRs) support.
+  * Fix XATTR error message when an unrecognised prefix is
+    found
+  * Fix incorrect free of pointer when an unrecognised XATTR
+    prefix is found.
+  * Major improvements in extended attribute handling,
+    pseudo file handling, and miscellaneous new options and
+    improvements
+  * Extended attribute handling improved in Mksquashfs and
+    Sqfstar
+  * New Pseudo file xattr definition to add extended
+    attributes to files.
+  * New xattrs-add Action to add extended attributes to files
+  * Extended attribute handling improved in Unsquashfs
+  * Other major improvements
+  * Unsquashfs can now output Pseudo files to standard out.
+  * Mksquashfs can now input Pseudo files from standard in.
+  * Squashfs filesystems can now be converted (different
+    block size compression etc) without unpacking to an
+    intermediate filesystem or mounting, by piping the output of
+    Unsquashfs to Mksquashfs.
+  * Pseudo files are now supported by Sqfstar.
+  * "Non-anchored" excludes are now supported by Unsquashfs.
+
+- Do not repeat openSUSE / SLE version tests
+- Actually format and package the man pages
+
+- set LZMA_XZ_SUPPORT=1 so you can (un)squash -comp lzma images
+
+- update to 4.5.1 (bsc#1190531, CVE-2021-41072):
+  * This release adds Manpages for Mksquashfs(1), Unsquashfs(1),
+    Sqfstar(1) and Sqfscat(1).
+  * The -help text output from the utilities has been improved
+    and extended as well (but the Manpages are now more
+    comprehensive).
+  * CVE-2021-41072 which is a writing outside of destination
+    exploit, has been fixed.
+  * The number of hard-links in the filesystem is now also
+    displayed by Mksquashfs in the output summary.
+  * The number of hard-links written by Unsquashfs is now
+    also displayed in the output summary.
+  * Unsquashfs will now write to a pre-existing destination
+    directory, rather than aborting.
+  * Unsquashfs now allows "." to used as the destination, to
+    extract to the current directory.
+  * The Unsquashfs progress bar now tracks empty files and
+    hardlinks, in addition to data blocks.
+  * -no-hardlinks option has been implemented for Sqfstar.
+  * More sanity checking for "corrupted" filesystems, including
+    checks for multiply linked directories and directory loops.
+  * Options that may cause filesystems to be unmountable have
+    been moved into a new "experts" category in the Mksquashfs
+    help text (and Manpage).
+  * Maximum cpiostyle filename limited to PATH_MAX.  This
+    prevents attempts to overflow the stack, or cause system
+    calls to fail with a too long pathname.
+  * Don't always use "max open file limit" when calculating
+    length of queues, as a very large file limit can cause
+    Unsquashfs to abort.  Instead use the smaller of max open
+    file limit and cache size.
+  * Fix Mksquashfs silently ignoring Pseudo file definitions
+    when appending.
+  * Don't abort if no XATTR support has been built in, and
+    there's XATTRs in the filesystem.  This is a regression
+    introduced in 2019 in Version 4.4.
+  * Fix duplicate check when the last file block is sparse.
+
+- update to 4.5:
+  * Mksquashfs now supports "Actions".
+  * New sqfstar command which will create a Squashfs image from a tar archive.
+  * Tar style handling of source pathnames in Mksquashfs.
+  * Cpio style handling of source pathnames in Mksquashfs.
+  * New option to throttle the amount of CPU and I/O.
+  * Mksquashfs now allows no source directory to be specified.
+  * New Pseudo file "R" definition which allows a Regular file
+    o be created with data stored within the Pseudo file.
+  * Symbolic links are now followed in extract files
+  * Unsquashfs now supports "exclude" files.
+  * Max depth traversal option added.
+  * Unsquashfs can now output a "Pseudo file" representing the
+    input Squashfs filesystem.
+  * New -one-file-system option in Mksquashfs.
+  * New -no-hardlinks option in Mksquashfs.
+  * Exit code in Unsquashfs changed to distinguish between
+    non-fatal errors (exit 2), and fatal errors (exit 1).
+  * Xattr id count added in Unsquashfs "-stat" output.
+  * Unsquashfs "write outside directory" exploit fixed.
+  * Error handling in Unsquashfs writer thread fixed.
+  * Fix failure to truncate destination if appending aborted.
+  * Prevent Mksquashfs reading the destination file.
+
tiff
-- security update:
-  * CVE-2023-38289 [bsc#1213589]
-    + tiff-CVE-2023-38289.patch
-  * CVE-2023-38288 [bsc#1213590]
-    + tiff-CVE-2023-38288.patch
-  * CVE-2023-3576 [bsc#1213273]
-    + tiff-CVE-2023-3576.patch
-  * CVE-2020-18768 [bsc#1214574]
-    + tiff-CVE-2020-18768.patch
-  * CVE-2023-26966 [bsc#1212881]
-    + tiff-CVE-2023-26966.patch
-  * CVE-2023-3618 [bsc#1213274]
-    + tiff-CVE-2023-3618.patch
-  * CVE-2023-2908 [bsc#1212888]
-    + tiff-CVE-2023-2908.patch
-  * CVE-2023-3316 [bsc#1212535]
-    + tiff-CVE-2023-3316.patch
+- Update to version 4.6.0:
+  * API/ABI breaks: none
+  * WebP decoder: validate WebP blob width, height, band count against
+    TIFF parameters to avoid use of uninitialized variable, or decoding
+    corrupted content without explicit error (fixes issue #581, issue #582).
+  * WebP codec: turn exact mode when creating lossless files to avoid
+    altering R,G,B values in areas where alpha=0
+  * Fix TransferFunction writing of only two transfer functions.
+  * TIFFReadDirectoryCheckOrder: avoid integer overflow. When it occurs,
+    it should be harmless in practice though
+  * tiffcp: remove -i option (ignore errors)
+  * This version removes a big number of utilities that have suffered from
+    lack of maintenance over the years and were the source of various
+    reported security issues:
+    + fax2ps
+    + fax2tiff
+    + pal2rgb
+    + ppm2tiff
+    + raw2tiff
+    + rgb2ycbcr
+    + thumbnail
+    + tiff2bw
+    + tiff2rgba
+    + tiffcmp
+    + tiffcrop
+    + tiffdither
+    + tiffgt
+    + tiffmedian
+    + tiff2ps
+    + tiff2pdf
+- Remove no longer needed tiff-4.0.3-compress-warning.patch.
+
+- Update to version 4.5.1:
+  * Definition of tags reformatted (clang-format off) for better readability of tag comments in tiff.h and tif_dirinfo.c
+  * Do not install libtiff-4.pc when tiff-install is reset.
+  * Add versioninfo resource files for DLL and tools compiled with Windows MSVC and MINGW.
+  * Disable clang-formatting for tif_config.h.cmake.in and tiffconf.h.cmake.in because sensitive for CMake scripts.
+  * CMake: make WebP component name compatible with upstream ConfigWebP.cmake
+  * CMake: make Findliblzma with upstream CMake config file
+  * CMake: FindDeflate.cmake: fix several errors (issue #526).
+  * CMake: FindLERC.cmake: version string return added.
+  * CMake: export TiffConfig.cmake and TiffConfigVersion.cmake files
+  * CMake: fix export of INTERFACE_INCLUDE_DIRECTORIES
+  * Hardcode HOST_FILLORDER to FILLORDER_LSB2MSB and make 'H' flag of TIFFOpen() to warn and an alias of FILLORDER_MSB2LSB. tif_lerc.c: use WORDS_BIGENDIAN instead of HOST_BIGENDIAN.
+  * Optimize relative seeking within TIFFSetDirectory() by using the learned list of IFD offsets.
+  * Improve internal IFD offset and directory number map handling.
+  * Behavior of TIFFOpen() mode "r+" in the Windows implementation adjusted to that of Linux.
+  * TIFFDirectory td_fieldsset type changed from unsigned long, which can be 32 or 64 bits, to uint32_t (fixes issue #484).
+  * tif_ojpeg.c: checking for division by zero (fixes issue #554).
+  * LZWDecode(): avoid crash when trying to read again from a strip whith a missing end-of-information marker (fixes issue #548).
+  * Fixed runtime error: applying zero offset to null pointer in countInkNamesString().
+  * Fixing crash in TIFFUnlinkDirectory() when called with directory number zero ("TIFFUnlinkDirectory(0)") as well as fixing incorrect behaviour when unlinking the first directory.
+  * tif_luv: check and correct for NaN data in uv_encode() (issue #530).
+  * TIFFClose() avoid NULL pointer dereferencing (issue #515).
+  * tif_hash_set.c: include tif_hash_set.h after tif_config.h to let a chance for GDAL symbol renaming trick.
+  * Fax3: fix failure to decode some fax3 number_of_images and add test for Fax3 decoding issues (issue #513).
+  * TIFFSetDirectory() and TIFFWriteDirectorySec() avoid harmless unsigned-integer-overflow (due to gdal oss-fuzz #54311 and #54343).
+  * tif_ojpeg.c: fix issue #554 by checking for division by zero in OJPEGWriteHeaderInfo().
+  * LZWDecode(): avoid crash when trying to read again from a strip whith a missing end-of-information marker (issue #548).
+- Drop no longer needed patches:
+  * tiff-CVE-2023-0795,CVE-2023-0796,CVE-2023-0797,CVE-2023-0798,CVE-2023-0799.patch
+  * tiff-CVE-2022-48281.patch
+  * tiff-CVE-2023-0800,CVE-2023-0801,CVE-2023-0802,CVE-2023-0803,CVE-2023-0804.patch
-  * CVE-2023-25433 [bsc#1212883]
+- Update to 4.5.0:
+  * tdir_t type updated to uint32_t. This type is now used for the return
+    value of TIFFCurrentDirectory() and TIFFNumberOfDirectories(), and as
+    the argument of TIFFSetDirectory() and TIFFUnlinkDirectory()
+  * Addition of an open option concept with the new functions TIFFOpenExt(),
+    TIFFOpenWExt(), TIFFFdOpenExt(), TIFFClientOpenExt(), TIFFOpenOptionsAlloc(),
+    TIFFOpenOptionsFree()
+  * Leveraging above mentioned open option concept, addition of a new capability
+    to limit the size of a single dynamic memory allocation done by the library
+    with TIFFOpenOptionsSetMaxSingleMemAlloc()
+  * Related to IFD-Loop detection refactoring, the number of IFDs that libtiff
+    can browse through has been extended from 65535 to 1048576. This value is
+    a build-time setting that can be configured with CMake's TIFF_MAX_DIR_COUNT
+    variable or autoconf's --with-max-dir-count option.
+  * Whole code base reformatting of .c/.h files using new .clang-format format
+  * Documentation changed from static HTML and man pages to
+    Restructured Text (rst). HTML and man pages are now build artifacts.
+  * SONAME version bumped to 6 due to changes in symbol versioning.
+  * autoconf/cmake: detect (not yet released) libjpeg-turbo 2.2 to take into
+    its capability of handling both 8-bit JPEG and 12-bit JPEG in a single build.
+  * autoconf/cmake: detect sphinx-build to build HTML and man pages
+  * CMakeLists.txt: fix warning with -Wdev
+  * CMake: correctly set default value of 'lzma' option when liblzma is detected
+  * CMake: Moved linking of CMath::CMath into CMath_LIBRARY check.
+  * Fix CMake build to be compatible with FetchContent.
+  * cmake: Correct duplicate definition of _CRT_SECURE_NO_WARNINGS
+  * cmake: Fixes for Visual Studio 2022.
+  * Adds Requires.private generation so that pkg-config can correctly find
+    the dependencies of libtiff.
+  * Fix dependency on libm on Android
+  * Fix build in tif_lzw.c
+  * CMake: Add options for disabling tools, tests, contrib and docs.
+  * tiffcrop: Fix memory allocation to require a larger buffer (CVE-2022-3570, CVE-2022-3598)
+    [bsc#1205422]
+  * tiffcrop: disable incompatibility of -Z, -X, -Y, -z options with any PAGE_MODE_x option
+    (CVE-2022-3627, CVE-2022-3597, CVE-2022-3626)
+  * tiffcrop: fix floating-point exception (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058)
+  * _TIFFCheckFieldIsValidForCodec(): return FALSE when passed a codec-specific tag
+    and the codec is not configured (CVE-2022-34526)
+  * Revised handling of TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value (CVE-2022-3599)
+  * tiffcrop: -S option mutually exclusive (CVE-2022-2519, CVE-2022-2520, CVE-2022-2521)
+- Drop tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch
+- Drop tiff-CVE-2022-34526.patch
+- Drop tiff-CVE-2022-3599.patch
+- Drop tiff-CVE-2022-3598.patch
+- Drop tiff-CVE-2022-3970.patch
+- Drop tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch
+- Drop tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch
+
-  * CVE-2022-3570 [bsc#1205422]
-  * CVE-2022-3598 [bsc#1204642]
-    + tiff-CVE-2022-3598,3570.patch
+  * CVE-2022-3970 [bsc#1205392]
+    + tiff-CVE-2022-3970.patch
-  * CVE-2022-3970 [bsc#1205392]
-    + tiff-CVE-2022-3970.patch
+  * CVE-2022-3598 [bsc#1204642]
+    + tiff-CVE-2022-3598.patch
-  * CVE-2022-2867 [bsc#1202466]
-  * CVE-2022-2868 [bsc#1202467]
-  * CVE-2022-2869 [bsc#1202468]
-    + tiff-CVE-2022-2867,CVE-2022-2868,CVE-2022-2869.patch
-
-- CVE-2022-34266 [bsc#1201971] and [bsc#1201723]:
-  Rename tiff-CVE-2022-0561.patch to
-  tiff-CVE-2022-0561,CVE-2022-34266.patch
-  This CVE is actually a duplicate.
+- update to 4.4.0:
+  * TIFFIsBigTiff() function added.
+  * Functions TIFFFieldSetGetSize() and TIFFieldSetGetCountSize() added.
+  * LZWDecode(): major speed improvements (~30% faster)
+  * Predictor 2 (horizontal differenciation): support 64-bit
+  * Support libjpeg 9d
+  * avoid hang in TIFFRewriteDirectory() if a classic file > 4 GB is attempted
+    to be created
+  * tif_jbig.c: fix crash when reading a file with multiple IFD in
+    memory-mapped mode and when bit reversal is needed
+  * TIFFFetchNormalTag(): avoid calling memcpy() with a null source pointer and
+    size of zero
+  * TIFFWriteDirectoryTagData(): turn assertion on data length into a runtime
+    check
+  * TIFFFetchStripThing(): avoid calling memcpy() with a null source pointer
+    and size of zero
+  * TIFFReadDirectory(): avoid calling memcpy() with a null source pointer and
+    size of zero
+  * TIFFYCbCrToRGBInit(): avoid Integer-overflow
+  * TIFFGetField(TIFFTAG_STRIPBYTECOUNTS/TIFFTAG_STRIPOFFSETS): return error if
+    returned pointer is NULL (fixes #342)
+  * OJPEG: avoid assertion when using TIFFReadScanline()
+  * TIFFReadDirectory: fix OJPEG hack
+  * LZW codec: fix support for strips/tiles > 2 GB on Windows
+  * TIFFAppendToStrip(): fix rewrite-in-place logic
+  * Fix TIFFRewriteDirectory discarding directories.
+  * TIFFReadCustomDirectory(): avoid crash when reading SubjectDistance tag on
+    a non EXIF directory
+  * Fix Segmentation fault printing GPS directory if Altitude tag is present
+  * tif_jpeg.c: do not emit progressive scans with mozjpeg. (#266)
+  * _TIFFRewriteField(): fix when writing a IFD with a single tile that is a
+    sparse one, on big endian hosts
+  * Fix all remaining uses of legacy Deflate compression id and warn on use.
+  * CVE-2022-22844 bsc#1194539
+  * CVE-2022-2867 bsc#1202466
+  * CVE-2022-2868 bsc#1202467
+  * CVE-2022-2869 bsc#1202468
+- drop tiff-CVE-2022-0907.patch, tiff-CVE-2022-0561.patch, tiff-CVE-2022-0562.patch,
+  tiff-CVE-2022-0865.patch, tiff-CVE-2022-0909.patch, tiff-CVE-2022-0924.patch,
+  tiff-CVE-2022-0908.patch, tiff-CVE-2022-1056,CVE-2022-0891.patch: all upstream
+- add signature validation, adds tiff.keyring
+
+- security update:
+  * CVE-2022-0907 [bsc#1197070]
+    + tiff-CVE-2022-0907.patch
+
+  * CVE-2022-34266 [bsc#1201723] [bsc#1201971]
-- security update: Fix buffer overwrite
-  * CVE-2019-17546[bsc#1154365]
-    + tiff-CVE-2019-17546.patch
-- security update: Fix heap based buffer overflow in pal2rgb
-  * CVE-2017-17095[bsc#1071031]
-    + tiff-CVE-2017-17095.patch
-- security update: Fix OOB in _TIFFmemcpy
-  * CVE-2022-22844[bsc#1194539]
-    + tiff-CVE-2022-22844.patch
-- security update: Fix memory allocation failure in tif_read.c
-  * CVE-2020-35521[bsc#1182808] CVE-2020-35522[bsc#1182809]
-    + tiff-CVE-2020-35521,CVE-2020-35522.patch
-- security update: Fix DOS via invertImage()
-  * CVE-2020-19131[bsc#1190312]
-    + tiff-CVE-2020-19131.patch
-- security update: Fix heap-based buffer overflow in TIFF2PDF tool
-  * CVE-2020-35524[bsc#1182812]
-    + tiff-CVE-2020-35524.patch
-- security update: Fix integer overflow in tif_getimage
-  * CVE-2020-35523 [bsc#1182811]
-    + tiff-CVE-2020-35523.patch
-
-- security update: amend patch to fix test
-- modified patches
-  % tiff-CVE-2019-14973.patch (refreshed)
-
-- security update: Fix integer overflow in _TIFFCheckMalloc()
-  * CVE-2019-14973 [bsc#1146608]
-    + tiff-CVE-2019-14973.patch
+- switch source url to https
+
+- version update to 4.3.0
+  * Build and usage of the library and its utilities requires a C99
+    capable compiler.
+  * New optional codec for the LERC (Limited Error Raster Compression)
+    compression scheme. To have it available, configure libtiff against
+    the SDK available at https://github.com/esri/lerc
+  * Removal of unused, or now useless due to C99 availability,
+    functions in port/
+  * tiffcmp: fix comparaison with pixels that are
+    fractional number of bytes
+  * tiff2ps: exit the loop in case of error
+  * tiff2pdf: check that tiff_datasize fits in a signed tsize_t
+
+- version update to 4.2.0
+  Major changes:
+  * Optional support for using libdeflate is added.
+  * Many of the tools now support a memory usage limit.
+  See http://www.simplesystems.org/libtiff/v4.2.0.html for more.
+  * CVE-2020-35521 bsc#1182808
+  * CVE-2020-35522 bsc#1182809
+  * CVE-2020-35523 bsc#1182811
+  * CVE-2020-35524 bsc#1182812
+
+- Drop webp support as it would introduce build cycle
+
+- Enable zstd and webp support
+
+- version update to 4.1.0
+  * fixes several CVEs mentioned below and more,
+    see ChangeLog
+  * CVE-2019-17546 bsc#1154365
+  * CVE-2017-17095 bsc#1071031
+  * CVE-2019-14973 bsc#1146608
+  * CVE-2020-19131 bsc#1190312
+- deleted patches
+  - tiff-CVE-2018-12900.patch (upstreamed)
+  - tiff-CVE-2018-17000,19210.patch (upstreamed)
+  - tiff-CVE-2019-6128.patch (upstreamed)
+  - tiff-CVE-2019-7663.patch (upstreamed)
+- amend tiff-CVE-2018-12900.patch: fix wrong error message
+  [bsc#1099257]
+
+- Support only SLE12+ and remove the no longer needed conditions
+
-  * CVE-2018-18661 [bsc#1113672]
-    + tiff-CVE-2018-18661.patch
-  * CVE-2018-18557 [bsc#1113094]
-    + tiff-CVE-2018-18557.patch
-- asan_build: build ASAN included
-- debug_build: build more suitable for debugging
+- upddated to 4.0.10:
+  * fixes several CVEs mentioned below plus CVE-2018-18557 [bsc#1113094]
+  and CVE-2018-18661 [bsc#1113672] and more
+- removed patches
+  * tiff-CVE-2017-11613,CVE-2018-16335,15209.patch
+  * tiff-CVE-2017-18013.patch
+  * tiff-CVE-2017-9935,CVE-2018-17795.patch
+  * tiff-CVE-2018-10779.patch
+  * tiff-CVE-2018-10963.patch
+  * tiff-CVE-2018-17100.patch
+  * tiff-CVE-2018-17101.patch
+  * tiff-CVE-2018-7456.patch
+  * tiff-CVE-2018-8905.patch
+  * tiff-4.0.9-bsc1081690-CVE-2018-5784.patch
-  * CVE-2018-17100 [bsc#1108637]
-    + tiff-CVE-2018-17100.patch
-  * CVE-2018-17101 [bsc#1108627]
-    + tiff-CVE-2018-17101.patch
+  * CVE-2018-17100 [bsc#1108637]
+    + tiff-CVE-2018-17100.patch
+  * CVE-2018-17101 [bsc#1108627]
+    + tiff-CVE-2018-17101.patch
+
+- remove pal2rgb tool [bsc#1071031]
+
+- security update
traceroute
+- security update
+- added patches
+  fix CVE-2023-46316 [bsc#1216591], wrapper scripts do not properly parse command lines
+  + traceroute-CVE-2023-46316.patch
+
yast2-trans
+- Update to version 84.87.20231121.7869d671a6:
+  * New POT for text domain 'hana-ha'.
+
+- Update to version 84.87.20231117.f12231d4de:
+  * New POT for text domain 'cc'.
+
+- Update to version 84.87.20231104.b73ad6fbc9:
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Czech)
+  * Translated using Weblate (Dutch)
+  * Translated using Weblate (Catalan)
+  * Translated using Weblate (Japanese)
+  * Translated using Weblate (Japanese)
+  * New POT for text domain 'storage'.
+  * New POT for text domain 'installation'.
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * New POT for text domain 'update'.
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+
+- Update to version 84.87.20231027.a9c9df2125:
+  * Translated using Weblate (Galician)
+  * Translated using Weblate (Macedonian)
+  * Translated using Weblate (Macedonian)
+  * Translated using Weblate (Macedonian)
+  * Translated using Weblate (Macedonian)
+  * Translated using Weblate (Macedonian)
+  * Translated using Weblate (Macedonian)
+  * Translated using Weblate (Italian)
+  * Translated using Weblate (Catalan)
+  * Translated using Weblate (Czech)
+  * Translated using Weblate (Czech)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Dutch)
+  * Translated using Weblate (Japanese)
+  * New POT for text domain 'storage'.
+  * New POT for text domain 'country'.
+  * Translated using Weblate (Dutch)
+  * Translated using Weblate (Catalan)
+  * Translated using Weblate (Japanese)
+  * Translated using Weblate (French)
+  * New POT for text domain 'qt-pkg'.
+
+- Update to version 84.87.20231004.bd479b5f2d:
+  * Translated using Weblate (Portuguese (Brazil))
+  * Translated using Weblate (Portuguese (Brazil))
+  * Translated using Weblate (German)
+  * Translated using Weblate (German)
+  * Translated using Weblate (German)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Catalan)
+  * Translated using Weblate (Catalan)
+
+- Update to version 84.87.20230930.5f9e01162a:
+  * Translated using Weblate (Italian)
+  * Translated using Weblate (Italian)
+  * Translated using Weblate (Italian)
+  * Translated using Weblate (Italian)
+  * Translated using Weblate (Italian)
+  * Translated using Weblate (Italian)
+  * Translated using Weblate (Spanish)
+  * Translated using Weblate (Spanish)
+  * Translated using Weblate (Spanish)
+  * Translated using Weblate (Spanish)
+  * New POT for text domain 'storage'.
+
+- Update to version 84.87.20230922.91d997adab:
+  * New POT for text domain 'packager'.
+  * New POT for text domain 'iscsi-client'.
+
+- Update to version 84.87.20230913.43f962446c:
+  * Translated using Weblate (Indonesian)
+  * New POT for text domain 'control'.
+
+- Update to version 84.87.20230909.35988571be:
+  * Translated using Weblate (Swedish)
+  * Translated using Weblate (Swedish)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Russian)
+
+- Update to version 84.87.20230901.be24cb382f:
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Dutch)
+  * Translated using Weblate (Japanese)
+  * Translated using Weblate (Czech)
+  * Translated using Weblate (Catalan)
+  * New POT for text domain 'bootloader'.
+  * Translated using Weblate (Kurdish)
+  * Translated using Weblate (Kurdish)
+
+- Update to version 84.87.20230818.ea489402e5:
+  * Translated using Weblate (Latvian)
+  * Translated using Weblate (Catalan)
+  * Translated using Weblate (Catalan)
+  * Translated using Weblate (Catalan)
+
+- Update to version 84.87.20230811.13616e3be9:
+  * Translated using Weblate (Georgian)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Japanese)
+  * Translated using Weblate (Japanese)
+  * Translated using Weblate (Japanese)
+  * Translated using Weblate (Czech)
+  * Translated using Weblate (Dutch)
+  * Translated using Weblate (Czech)
+  * Translated using Weblate (Dutch)
+  * Translated using Weblate (Czech)
+  * New POT for text domain 'users'.
+  * New POT for text domain 'storage'.
+  * New POT for text domain 'sap-installation-wizard'.
+  * New POT for text domain 'qt-pkg'.
+  * New POT for text domain 'qt'.
+  * New POT for text domain 'pam'.
+  * New POT for text domain 'ncurses'.
+  * New POT for text domain 'migration_sle'.
+  * New POT for text domain 'kdump'.
+  * New POT for text domain 'installation'.
+  * New POT for text domain 'control'.
+
+- Update to version 84.87.20230729.64eca7e0a1:
+  * Translated using Weblate (Kurdish)
+  * Translated using Weblate (Czech)
+
+- Update to version 84.87.20230720.09601d9b28:
+  * Translated using Weblate (English (United Kingdom))
+  * Translated using Weblate (English (United Kingdom))
+  * Translated using Weblate (Russian)
+
+- Update to version 84.87.20230714.966688ddd0:
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+
+- Update to version 84.87.20230708.d1de37aed1:
+  * Translated using Weblate (Chinese (China) (zh_CN))
+  * Translated using Weblate (Kurdish)
+
+- Update to version 84.87.20230630.ccfa6add46:
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Finnish)
+
+- Update to version 84.87.20230619.113a4fdc71:
+  * Translated using Weblate (Kurdish)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Kurdish)
+  * Translated using Weblate (Kurdish)
+  * Translated using Weblate (Kurdish)
+  * Translated using Weblate (Kurdish)
+  * Translated using Weblate (Arabic)
+  * Translated using Weblate (Kurdish)
+  * Translated using Weblate (Italian)
+  * New POT for text domain 'users'.
+  * New POT for text domain 's390'.
+  * New POT for text domain 'storage'.
+  * New POT for text domain 'apparmor'.
+
+- Update to version 84.87.20230602.240a95214f:
+  * New POT for text domain 'control'.
+  * Translated using Weblate (Macedonian)
+  * New POT for text domain 'autoinst'.
+