Removed rpms
============

 - kernel-livepatch-6_4_0-150600_16-default
 - libSDL2_image-2_0-0-32bit
 - libSDL2_image-devel
 - libSDL2_image-devel-32bit
 - liblalframe13
 - liblalmetaio10
 - remmina-plugin-kwallet
 - remmina-plugin-st
 - remmina-plugin-xdmcp

Added rpms
==========

 - Mesa-demo
 - gleam
 - gping
 - kernel-livepatch-6_4_0-150600_17-default
 - libGLEW2_1
 - libGLEW2_1-32bit
 - liblalframe14
 - liblalmetaio11
 - libprotobuf-lite3_21_12
 - libprotobuf3_21_12
 - libprotoc3_21_12
 - libpxbackend-1_0-mini
 - lxc-ja-doc
 - lxc-ko-doc
 - protobuf21-devel
 - remmina-plugin-gvnc
 - remmina-plugin-python-wrapper

Package Source Changes
======================

SDL2_image
+- Update to release 2.8.2
+  * Fixed crash loading LBM images
+  * Automatically set the colorkey for indexed PNG images with
+    transparency
+
+- Update to release 2.8.1
+  * Indexed PNG images with alpha have blending automatically enabled
+  * Fixed a crash in the 32-bit webp DLLs on Windows
+
+- Update to release 2.8.0
+  * Updated image decoding libraries
+  * Added support for loading WEBP animations
+  * PNG images with a palette are loaded as SDL surfaces with a
+    palette
+
+- Update to release 2.6.3
+  * Fixed loading of 4-bit .ico files
+
+- Add back Provides: SDL2_image = %version-%release to the library
+  package: the python deps somewhat depend on that to not have to
+  know about all soversion changes.
+
+- Update to release 2.6.2
+  * Build updates for non-Linux platforms
+- Enable AVIF, JXL
+
+- Update to release 2.6.1
+  * Fixing grayscale image loading using the built-in stb_image
+    (openSUSE uses libjpg/libpng, not stb)
+
+- Update to release 2.6.0
+  * Added stb_image as the default backend for JPG and PNG images loading.
+    To use libpng and libjpg instead, configure using --disable-stb-image
+  * Added IMG_LoadSizedSVG_RW()
+  * Added support for AVIF images (https://github.com/AOMediaCodec/libavif [github.com])
+  * Added IMG_ReadXPMFromArrayToRGB888()
+  * Added support for JXL images (https://jpegxl.info/ [jpegxl.info])
+  * Added support for QOI images (https://qoiformat.org/ [qoiformat.org])
+  * Fixed XCF regression introduced in 2.0.5
+  * Added support for loading animated GIFs
+  * LoadBMP() now loads files using SDL2
+  * Allow using libwebpdecoder instead libwebp
+- Remove CVE-2019-13616.patch (merged)
+- Rename -devel subpackage based on SRPM name
+- Drop baselibs.conf (no SDL2_ttf-dependent Tumbleweed packages
+  themselves have baselibs).
+
-- Fix undefined s on BigEndian platforms (bigendian_undefined_s.patch)
-
-- Some metadata spruce-up: add current URLs, softer wildcarding
-  in the files list, more robust make install call
-
aardvark-dns
+- Update to version 1.10.0:
+  * Release 1.10.0
+  * Release notes for 1.10.0
+  * chore(deps): update rust crate chrono to 0.4.32
+  * chore(deps): update dependency containers/automation_images to v20240102
+  * fix(deps): update rust crate futures-util to 0.3.30
+  * fix(deps): update rust crate anyhow to 1.0.79
+  * fix(deps): update rust crate tokio to 1.35.1
+  * chore(deps): update dependency containers/automation_images to v20231208
+  * fix(deps): update rust crate tokio to 1.35.0
+  * fix duplicated IP CI flake
+  * server: remove unused kill switch
+  * fix(deps): update rust crate clap to ~4.4.10
+  * Bump working version to v1.10.0-dev
+
+- Update to version 1.9.0:
+  * Release v1.9.0
+  * v1.9.0 Update release notes
+  * run cargo update
+  * chore(deps): update dependency containers/automation_images to v20231116
+  * fix(deps): update rust crate tokio to 1.34.0
+  * fix(deps): update rust crate async-broadcast to 0.6.0
+  * update trust-dns to hickory
+  * fix(deps): update rust crate futures-util to 0.3.29
+  * fix(deps): update rust crate trust-dns-server to 0.23.2
+  * fix(deps): update rust crate trust-dns-proto to 0.23.2
+  * tmt: initial enablement
+  * aardvark main: change error reporting
+  * chore(deps): update dependency containers/automation_images to v20231004
+  * fix(deps): update rust crate trust-dns-proto to 0.23.1
+  * fix(deps): update rust crate trust-dns-client to 0.23.1
+  * clippy: some format fixes
+  * fix(deps): update rust crate tokio to 1.33.0
+  * Bump to v1.9.0-dev
+
+- Update to version 1.8.0:
+  * Release v1.8.0
+  * update release notes for v1.8.0
+  * run cargo update
+  * Packit: switch to @containers/packit-build team for copr failure notification comments
+  * [CI:BUILD] Packit: tag @lsm5 on copr build failures
+  * chore(deps): update rust crate chrono to 0.4.31
+  * cargo: bump chrono to 0.4.30
+  * test: IPv6 format is changed in v1.72.0
+  * bump nix to 0.27.1
+  * vendor: bump trust_dns_proto and trust_dns_client to 0.23.0
+  * fix(deps): update rust crate trust-dns-server to 0.23.0
+  * [CI:BUILD] rpm: spdx compatible license field
+  * fix(deps): update rust crate anyhow to 1.0.75
+  * fix(deps): update rust crate tokio to 1.32.0
+  * chore(deps): update dependency containers/automation_images to v20230816
+  * fix(deps): update rust crate tokio to 1.31.0
+  * fix(deps): update rust crate anyhow to 1.0.74
+  * fix(deps): update rust crate anyhow to 1.0.73
+  * fix(deps): update rust crate log to 0.4.20
+  * chore(deps): update dependency containers/automation_images to v20230809
+  * fix(deps): update rust crate tokio to 1.30.0
+  * fix(deps): update rust crate clap to 4.3.21
+  * packit: Build PRs into default packit COPRs
+  * chore(deps): update dependency containers/automation_images to v20230807
+  * fix(deps): update rust crate anyhow to 1.0.72
+  * fix(deps): update rust crate signal-hook to 0.3.17
+  * fix(deps): update rust crate clap to 4.3.19
+  * fix(deps): update rust crate clap to 4.3.15
+  * fix(deps): update rust crate signal-hook to 0.3.16
+  * [CI:BUILD] Packit: remove pre-sync action
+  * fix(deps): update rust crate clap to 4.3.11
+  * fix(deps): update rust crate tokio to 1.29.1
+  * fix(deps): update rust crate clap to 4.3.10
+  * [CI:BUILD] RPM: cleanup spec and fix eln builds
+  * bump to v1.8.0-devel
+
buildah
+- Add patch for CVE-2024-1753 / bsc#1221677:
+  0001-CVE-2024-1753-container-escape-fix.patch
+
+- Require cni-plugins (bsc#1220568)
+
+- Update to version 1.34.1:
+  * [release-1.34] Bump to v1.34.1
+  * [release-1.34] Vendor bumps (fixes bsc#1219563)
+  * manifest: addCompression use default from containers.conf
+  * Build with CNI support on FreeBSD
+  * tests: retrofit test for heredoc summary
+  * build, heredoc: show heredoc summary in build output
+  * docs: correct default authfile path
+  * Make buildah match podman for handling of ulimits
+  * imagebuildah: fix crash with empty RUN
+  * docs: move footnotes to where they're applicable
+  * Run codespell on code
+  * Fix FreeBSD version parsing
+  * Allow users to specify no-dereference
+  * Fix a build break on FreeBSD
+  * Remove a bad FROM line
+  * commit: force omitHistory if the parent has layers but no history
+  * docs: fix a couple of typos
+  * stage_executor,heredoc: honor interpreter in heredoc
+  * stage_executor,layers: burst cache if heredoc content is changed
+  * Replace map[K]bool with map[K]struct{} where it makes sense
+  * Replace strings.SplitN with strings.Cut
+  * Document use of containers-transports values in buildah
+  * commit: add a --add-file flag
+  * mkcw: populate the rootfs using an overlay
+  * Ignore errors if label.Relabel returns ENOSUP
+  * manifest: addCompression use default from containers.conf
+
+- Allow to disable apparmor support (ALP supports only SELinux)
+
+- Drop 0001-set-makefile-target-entrypoint.gz-as-.PHONY-on-non-x.patch
+  (merged upstream; https://github.com/containers/buildah/pull/5183)
+- Update to version 1.34.0:
+  * Bump to v1.34.0
+  * fix(deps): update module github.com/containerd/containerd to v1.7.11
+  * fix(deps): update github.com/containers/storage digest to 15c3cb7
+  * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.13.2
+  * fix(deps): update github.com/containers/common digest to 630c929
+  * fix(deps): update module github.com/moby/buildkit to v0.12.4
+  * fix(deps): update github.com/openshift/imagebuilder digest to ef2a5fe
+  * [CI:DOCS] man pages: underscores, too-wide lines
+  * fix(deps): update module github.com/containerd/containerd to v1.7.10
+  * run.bats: use --quiet --pull=false when using a prefetched image
+  * internal/mkcw/embed/entrypoint.gz: rename to include the arch
+  * internal/mkcw/embed/entrypoint.gz: compress with -n9
+  * fix(deps): update module golang.org/x/crypto to v0.16.0
+  * Integration tests: make skip_if_no_unshare check --map-users
+  * fix(deps): update module golang.org/x/term to v0.15.0
+  * fix(deps): update module golang.org/x/sys to v0.15.0
+  * fix(deps): update module github.com/onsi/ginkgo to v2
+  * vendor: update c/{common,image,storage}
+  * run: Allow using just one jail per container on FreeBSD
+  * Remove makefile targets entrypoint{,.gz} for non x86_64
+
+- Update to version 1.33.2:
+  * [release-1.33.2] Bump to v1.33.2
+  * Update minimum to golang 1.20
+  * fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.0
+  * fix(deps): update module github.com/moby/buildkit to v0.12.3
+  * Bump to v1.33.2-dev
+
+- Add patch:
+  * 0001-set-makefile-target-entrypoint.gz-as-.PHONY-on-non-x.patch (fixes
+    builds on non x86_64)
+- Update to version 1.33.1:
+  * Bump to v1.33.1
+  * Bump to v1.31.2-dev
+  * Bump to v1.31.1
+  * fix(deps): update module github.com/moby/buildkit to v0.11.4 [security]
+  * test,heredoc: use fedora instead of docker.io/library/python:latest
+  * Bump to v1.33.1-dev
+  * Bump to v1.33.0
+  * Never omit layers for emptyLayer instructions when squashing/cwing
+  * Add OverrideChanges and OverrideConfig to CommitOptions
+  * buildah: add heredoc support for RUN, COPY and ADD
+  * vendor: bump imagebuilder to v1.2.6-0.20231110114814-35a50d57f722
+  * conformance tests: archive the context directory as 0:0 (#5171)
+  * blobcacheinfo,test: blobs must be resued when pushing across registry
+  * Bump c/storage v1.51.0, c/image v5.29.0, c/common v0.57.0
+  * pkg/util.MirrorToTempFileIfPathIsDescriptor(): don't leak an fd
+  * StageExecutor.Execute: force a commit for --unsetenv, too
+  * Increase a copier+chroot test timeout
+  * Add support for --compat-auth-file in login/logout
+  * Update existing tests for error message change
+  * Update c/image and c/common to latest
+  * fix(deps): update module github.com/containerd/containerd to v1.7.9
+  * build: downgrade to go 1.20
+  * Add godoc for pkg/parse.GetTempDir
+  * conformance tests: use go-dockerclient for BuildKit builds
+  * Make TEE types case-insensitive
+  * fix(deps): update module golang.org/x/crypto to v0.15.0
+  * Tweak some help descriptions
+  * Stop using DefaultNetworkSysctl and use containers.conf only
+  * Implement ADD checksum flag #5135
+  * vendor of openshift/imagebuilder #5135
+  * Pass secrets from the host down to internal podman containers
+  * Update cirrus and version of golang
+  * image: replace GetStoreImage with ResolveReference
+  * vendor: bump c/image to 373c52a9466f
+  * pkg/parse.Platform(): minor simplification
+  * createConfigsAndManifests: clear history before cw-specific logic
+  * Use a constant definition instead of "scratch"
+  * conformance: use require.NoErrorf() more
+  * fix(deps): update module golang.org/x/term to v0.14.0
+  * fix(deps): update module golang.org/x/sync to v0.5.0
+  * fix(deps): update module github.com/spf13/cobra to v1.8.0
+  * fix(deps): update module golang.org/x/sys to v0.14.0
+  * fix(deps): update github.com/containers/common digest to 8354404
+  * fix(deps): update module github.com/opencontainers/runc to v1.1.10
+  * fix(deps): update github.com/containers/luksy digest to b5a7f79
+  * Log the platform for build errors during multi-platform builds
+  * Use mask definitions from containers/common
+  * Vendor in latest containers/common
+  * fix(deps): update module github.com/containerd/containerd to v1.7.8
+  * fix(deps): update module go.etcd.io/bbolt to v1.3.8
+  * container.conf: support attributed string slices
+  * fix(deps): update module sigs.k8s.io/yaml to v1.4.0
+  * Use cutil.StringInSlice rather then contains
+  * Add --no-hostname option to buildah containers
+  * vendor c/common: appendable containers.conf strings, Part 1
+  * fix(deps): update module github.com/onsi/gomega to v1.28.1
+  * chroot.setupChrootBindMounts: pay more attention to flags
+  * chore(deps): update dependency containers/automation_images to v20231004
+  * Vendor containers/common
+  * chore(deps): update module golang.org/x/net to v0.17.0 [security]
+  * run: use internal.GetTempDir with os.MkdirTemp
+  * fix(deps): update module github.com/containerd/containerd to v1.7.7
+  * imagebuildah,multi-stage: do not remove base images
+  * gitignore: add mkcw binary
+  * mkcw: remove entrypoint binaries
+  * fix(deps): update module golang.org/x/crypto to v0.14.0
+  * fix(deps): update module golang.org/x/sys to v0.13.0
+  * fix(deps): update module golang.org/x/sync to v0.4.0
+  * Update some comments related to confidential workload
+  * Use the parent's image ID in the config that we pass to imagebuilder
+  * fix(deps): update github.com/containers/common digest to 8892536
+  * fix(deps): update github.com/containers/luksy digest to 6df88cb
+  * bug: Ensure the mount type is always BindMount by default
+  * Protocol can be specified with --port. Ex. --port 514/udp
+  * fix(deps): update module github.com/onsi/gomega to v1.28.0
+  * build,config: add support for --unsetlabel
+  * tests/bud: add tests
+  * [CI:BUILD] Packit: tag @containers/packit-build on copr build failures
+  * stage_executor: allow images without layers
+  * vendor of containers/common
+  * Removing selinux_tag.sh as no longer needed after 580356f [NO NEW TESTS NEEDED]
+  * add/copy: make sure we handle relative path names correctly
+  * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5
+  * Bump to v1.33.0-dev
+  * imagebuildah: consider ignorefile with --build-context
+
+- Update to version 1.32.2:
+  * Mask /sys/devices/virtual/powercap by default
+  * tag v1.32.2
+
+- Update to version 1.32.1:
+  * tag v1.32.1
+  * chroot.setupChrootBindMounts: pay more attention to flags
+  * .cirrus.yml: run tests relative to the release-1.32 branch
+
+- Bump BuildRequired golang version to >= 1.21, fixes bsc#1216005
+
+- Update to version 1.32.0:
+  * Tag v1.32.0
+  * GetTmpDir is not using ImageCopyTmpdir correctly
+  * Run codespell on code
+  * Bump vendor containers/(common, storage, image)
+  * Cirrus: Remove multi-arch buildah image builds
+  * fix(deps): update module github.com/containerd/containerd to v1.7.6
+  * Split GetTempDir from internal/util
+  * Move most of internal/parse to internal/volumes
+  * copier: remove libimage dependency via util package
+  * Add some docs for `build --cw`, `commit --cw`, and `mkcw`
+  * Add `buildah mkcw`, add `--cw` to `buildah commit` and `buildah build`
+  * Make sure that pathnames picked up from the environment are absolute
+  * fix(deps): update module github.com/cyphar/filepath-securejoin to v0.2.4
+  * fix(deps): update module github.com/docker/docker to v24.0.6+incompatible
+  * Don't try to look up names when committing images
+  * fix(deps): update module golang.org/x/crypto to v0.13.0
+  * docs: use valid github repo
+  * fix(deps): update module golang.org/x/sys to v0.12.0
+  * vendor containers/common@12405381ff45
+  * push: --force-compression should be true with --compression-format
+  * Update module github.com/containerd/containerd to v1.7.5
+  * [skip-ci] Update tim-actions/commit-message-checker-with-regex action to v0.3.2
+  * docs: add reference to oci-hooks
+  * Support passing of ULimits as -1 to mean max
+  * GHA: Attempt to fix discussion_lock workflow
+  * Fixing the owner of the storage.conf.
+  * pkg/chrootuser: Ignore comments when parsing /etc/group on FreeBSD
+  * Use buildah repo rather then podman repo
+  * GHA: Closed issue/PR comment-lock test
+  * fix(deps): update module github.com/containers/storage to v1.49.0
+  * chore(deps): update dependency containers/automation_images to v20230816
+  * Replace troff code with markdown in buildah-{copy,add}.1.md
+  * [CI:BUILD] rpm: spdx compatible license field
+  * executor: build-arg warnings must honor global args
+  * fix(deps): update module github.com/containers/ocicrypt to v1.1.8
+  * chroot: `setSeccomp` add support for `ArchPARISC(64)` and `ArchRISCV64`
+  * make,cross: restore loong64
+  * Clear CommonBuildOpts when loading Builder status
+  * buildah/push/manifest-push: add support for --force-compression
+  * vendor: bump c/common to v0.55.1-0.20230811093040-524b4d5c12f9
+  * chore(deps): update dependency containers/automation_images to v20230809
+  * [CI:BUILD] RPM: fix buildtags
+  * fix(deps): update module github.com/opencontainers/runc to v1.1.9
+  * chore(deps): update dependency ubuntu to v22
+  * chore(deps): update dependency containers/automation_images to v20230807
+  * [CI:BUILD] Packit: add fedora-eln targets
+  * [CI:BUILD] RPM: build docs with vendored go-md2man
+  * packit: Build PRs into default packit COPRs
+  * Update install.md
+  * Update install.md changes current Debian stable version name
+  * fix(deps): update module golang.org/x/term to v0.11.0
+  * fix(deps): update module golang.org/x/crypto to v0.12.0
+  * tests: fix layer-label tests
+  * buildah: add --layer-label for setting labels on layers
+  * Cirrus: container/rootless env. var. passthrough
+  * Cirrus: Remove duplicate env. var. definitions
+  * fix(deps): update github.com/containers/storage digest to c3da76f
+  * Add a missing .Close() call on an ImageSource
+  * Create only a reference when that's all we need
+  * Add a missing .Close() call on an ImageDestination
+  * CI:BUILD] RPM: define gobuild macro for rhel/centos stream
+  * manifest/push: add support for --add-compression
+  * manifest/inspect: add support for tls-verify and authfile
+  * vendor: bump c/common to v0.55.1-0.20230727095721-647ed1d4d79a
+  * vendor: bump c/image to v5.26.1-0.20230726142307-8c387a14f4ac
+  * fix(deps): update module github.com/containerd/containerd to v1.7.3
+  * fix(deps): update module github.com/onsi/gomega to v1.27.10
+  * fix(deps): update module github.com/docker/docker to v24.0.5+incompatible
+  * fix(deps): update module github.com/containers/image/v5 to v5.26.1
+  * fix(deps): update module github.com/opencontainers/runtime-spec to v1.1.0
+  * Update vendor of containers/(storage,image,common)
+  * fix(deps): update module github.com/opencontainers/runc to v1.1.8
+  * [CI:BUILD] Packit: remove pre-sync action
+  * fix(deps): update module github.com/containers/common to v0.55.2
+  * [CI:BUILD] Packit: downstream task script needs GOPATH
+  * Vendor in containers/(common, image, storage)
+  * fix(deps): update module golang.org/x/term to v0.10.0
+  * [CI:BUILD] Packit: fix pre-sync action for downstream tasks
+  * contrib/buildahimage: set config correctly for rootless build user
+  * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc4
+  * Bump to v1.32.0-dev
+  * Update debian install instructions
+  * pkg/overlay: add limited support for FreeBSD
+
+- Update to version 1.31.3:
+  * [release-1.31] Bump to v1.31.3
+  * [release-1.31] Bump c/common 0.55.4, c/image 5.26.2, c/storage 1.48.1
+  * rpm: spdx compatible license field
+  * RPM: fix buildtags
+  * [release-1.31] Bump to v1.31.3-dev
+
crmsh
+- Update to version 4.6.0+20240422.73eaf02a:
+  * Fix: bootstrap: Detect cluster service on init node before saving the canonical hostname (bsc#1222714)
+  * Dev: report: Collect quorum/qdevice/qnetd status
+  * Fix: utils: set env `CIB_shadow` using `os.environ` (bsc#1205925)
+  * Fix: pass env to child process explicitly (bsc#1205925)
+  * Fix: term: unset env `COLUMNS` and `ROWS` (bsc#1205925)
+  * Fix: sh: pass env to child process explicitly (bsc#1205925)
+  * Fix: bootstrap: Remove unused -i option when calling csync2_remote and ssh_remote stage (bsc#1212080)
+
docker
-- update to Docker 24.0.5-ce. See upstream changelog online at
+- Add patch to fix bsc#1220339
+  * 0007-daemon-overlay2-remove-world-writable-permission-fro.patch
+- rebase patches:
+  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
+  * 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch
+
+- Allow to disable apparmor support (ALP supports only SELinux)
+
+- Vendor latest buildkit v0.11:
+  Add patch 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch that
+  vendors in the latest v0.11 buildkit branch including bugfixes for the following:
+  * bsc#1219438: CVE-2024-23653
+  * bsc#1219268: CVE-2024-23652
+  * bsc#1219267: CVE-2024-23651
+- rebase patches:
+  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
+- switch from %patchN to %patch -PN syntax
+- remove unused rpmlint filters and add filters to silence pointless bash & zsh
+  completion warnings
+
+- Update to Docker 24.0.7-ce. See upstream changelong online at
+  <https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513
+  * Deny containers access to /sys/devices/virtual/powercap by default.
+  - CVE-2020-8694 bsc#1170415
+  - CVE-2020-8695 bsc#1170446
+  - CVE-2020-12912 bsc#1178760
+- Rebase patches:
+  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
+  * cli-0001-docs-include-required-tools-in-source-tree.patch
+
+- Add a patch to fix apparmor on SLE-12, reverting the upstream removal of
+  version-specific templating for the default apparmor profile. bsc#1213500
+  + 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
+- Rebase patches:
+  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+
+- Update to Docker 24.0.6-ce. See upstream changelong online at
+  <https://docs.docker.com/engine/release-notes/24.0/#2406>. bsc#1215323
+- Rebase patches:
+  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+  * cli-0001-docs-include-required-tools-in-source-tree.patch
+- Switch from disabledrun to manualrun in _service.
+- Add a docker.socket unit file, but with socket activation effectively
+  disabled to ensure that Docker will always run even if you start the socket
+  individually. Users should probably just ignore this unit file. bsc#1210141
+
+- Update to Docker 24.0.5-ce. See upstream changelong online at
-  (jsc#PED-5840)
+- Fixes:
+  * bsc#1214107 - CVE-2023-28840
+  * bsc#1214108 - CVE-2023-28841
+  * bsc#1214109 - CVE-2023-28842
dtb-aarch64
+- Update kabi files: updated for post-PublicRC
+- commit f978f5f
+
+- Update
+  patches.suse/Bluetooth-btrtl-fix-out-of-bounds-memory-access.patch
+  (git-fixes CVE-2024-26890 bsc#1223192).
+- Update
+  patches.suse/RDMA-mlx5-Fix-fortify-source-warning-while-accessing.patch
+  (jsc#PED-3311 CVE-2024-26907 bsc#1223203).
+- Update
+  patches.suse/Revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-e.patch
+  (git-fixes CVE-2024-26916 bsc#1223137).
+- Update
+  patches.suse/crypto-xilinx-call-finalize-with-bh-disabled.patch
+  (git-fixes CVE-2024-26877 bsc#1223140).
+- Update
+  patches.suse/dm-call-the-resume-method-on-internal-suspend-65e8.patch
+  (git-fixes CVE-2024-26880 bsc#1223188).
+- Update
+  patches.suse/drm-amd-display-Fix-dcn35-8k30-Underflow-Corruption-.patch
+  (git-fixes CVE-2024-26913 bsc#1223204).
+- Update
+  patches.suse/drm-amd-display-fix-incorrect-mpc_combine-array-size.patch
+  (git-fixes CVE-2024-26914 bsc#1223205).
+- Update patches.suse/drm-amdgpu-Reset-IH-OVERFLOW_CLEAR-bit.patch
+  (git-fixes CVE-2024-26915 bsc#1223207).
+- Update
+  patches.suse/firmware-arm_scmi-Fix-double-free-in-SMC-transport-c.patch
+  (git-fixes CVE-2024-26893 bsc#1223196).
+- Update
+  patches.suse/net-tls-fix-use-after-free-with-partial-reads-and-as.patch
+  (bsc#1221858 CVE-2024-26582 bsc#1220214).
+- Update
+  patches.suse/wifi-ath9k-delay-all-of-ath9k_wmi_event_tasklet-unti.patch
+  (git-fixes CVE-2024-26897 bsc#1223323).
+- Update
+  patches.suse/wifi-mt76-mt7921e-fix-use-after-free-in-free_irq.patch
+  (git-fixes CVE-2024-26892 bsc#1223195).
+- Update
+  patches.suse/wifi-wilc1000-prevent-use-after-free-on-vif-when-cle.patch
+  (git-fixes CVE-2024-26895 bsc#1223197).
+- commit d9b565f
+
+- Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing
+  Adv Monitor (bsc#1219216).
+- commit 81c5485
+
+- Update
+  patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch
+  (bsc#1219264 CVE-2024-0841 CVE-2024-26688 bsc#1222482).
+- Update
+  patches.suse/0002-iommu-vt-d-Don-t-issue-ATS-Invalidation-request-when.patch
+  (git-fixes CVE-2024-26891 bsc#1223037).
+- Update
+  patches.suse/ACPI-processor_idle-Fix-memory-leak-in-acpi_processo.patch
+  (git-fixes CVE-2024-26894 bsc#1223043).
+- Update
+  patches.suse/ASoC-qcom-Fix-uninitialized-pointer-dmactl.patch
+  (git-fixes CVE-2024-26799 bsc#1222415).
+- Update
+  patches.suse/Bluetooth-Avoid-potential-use-after-free-in-hci_erro.patch
+  (git-fixes CVE-2024-26801 bsc#1222413).
+- Update patches.suse/Bluetooth-af_bluetooth-Fix-deadlock.patch
+  (git-fixes CVE-2024-26886 bsc#1223044).
+- Update
+  patches.suse/IB-hfi1-Fix-a-memleak-in-init_credit_return.patch
+  (git-fixes CVE-2024-26839 bsc#1222975).
+- Update
+  patches.suse/RDMA-irdma-Fix-KASAN-issue-with-tasklet.patch
+  (git-fixes CVE-2024-26838 bsc#1222974).
+- Update
+  patches.suse/RDMA-srpt-Do-not-register-event-handler-until-srpt-d.patch
+  (git-fixes CVE-2024-26872 bsc#1223115).
+- Update
+  patches.suse/afs-Fix-endless-loop-in-directory-parsing.patch
+  (git-fixes CVE-2024-26848 bsc#1223030).
+- Update
+  patches.suse/afs-Increase-buffer-size-in-afs_update_volume_status.patch
+  (git-fixes CVE-2024-26736 bsc#1222586).
+- Update
+  patches.suse/btrfs-fix-double-free-of-anonymous-device-after-snap.patch
+  (bsc#1219126 CVE-2024-23850 CVE-2024-26792 bsc#1222430).
+- Update
+  patches.suse/cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch
+  (bsc#1220265 CVE-2024-26840 bsc#1222976).
+- Update
+  patches.suse/ceph-prevent-use-after-free-in-encode_cap_msg.patch
+  (bsc#1221391 CVE-2024-26689 bsc#1222503).
+- Update
+  patches.suse/clk-meson-Add-missing-clocks-to-axg_clk_regmaps.patch
+  (git-fixes CVE-2024-26879 bsc#1223066).
+- Update
+  patches.suse/crypto-algif_hash-Remove-bogus-SGL-free-on-zero-leng.patch
+  (git-fixes CVE-2024-26824 bsc#1223081).
+- Update
+  patches.suse/dmaengine-fsl-qdma-init-irq-after-reg-initialization.patch
+  (git-fixes CVE-2024-26788 bsc#1222783).
+- Update
+  patches.suse/dmaengine-idxd-Ensure-safe-user-copy-of-completion-r.patch
+  (bsc#1221428 git-fixes CVE-2024-26746 bsc#1222444).
+- Update
+  patches.suse/drm-amd-display-Fix-MST-Null-Ptr-for-RV.patch
+  (git-fixes CVE-2024-26700 bsc#1222870).
+- Update
+  patches.suse/drm-amd-display-Fix-memory-leak-in-dm_sw_fini.patch
+  (git-fixes CVE-2024-26833 bsc#1223036).
+- Update
+  patches.suse/drm-amd-display-Fix-potential-null-pointer-dereferen.patch
+  (git-fixes CVE-2024-26729 bsc#1222552).
+- Update
+  patches.suse/drm-amd-display-Prevent-potential-buffer-overflow-in.patch
+  (git-fixes CVE-2024-26797 bsc#1222425).
+- Update
+  patches.suse/drm-bridge-adv7511-fix-crash-on-irq-during-probe.patch
+  (git-fixes CVE-2024-26876 bsc#1223119).
+- Update
+  patches.suse/drm-buddy-Fix-alloc_range-error-handling-code.patch
+  (git-fixes CVE-2024-26911 bsc#1223055).
+- Update
+  patches.suse/drm-mediatek-Fix-a-null-pointer-crash-in-mtk_drm_crt.patch
+  (git-fixes CVE-2024-26874 bsc#1223048).
+- Update
+  patches.suse/drm-nouveau-fix-several-DMA-buffer-leaks.patch
+  (git-fixes CVE-2024-26912 bsc#1223064).
+- Update
+  patches.suse/efi-runtime-Fix-potential-overflow-of-soft-reserved-.patch
+  (git-fixes CVE-2024-26843 bsc#1223014).
+- Update
+  patches.suse/fbcon-always-restore-the-old-font-data-in-fbcon_do_s.patch
+  (git-fixes CVE-2024-26798 bsc#1222798).
+- Update
+  patches.suse/i40e-Do-not-allow-untrusted-VF-to-remove-administrat.patch
+  (git-fixes CVE-2024-26830 bsc#1223012).
+- Update
+  patches.suse/iio-adc-ad4130-zero-initialize-clock-init-data.patch
+  (git-fixes CVE-2024-26711 bsc#1222420).
+- Update
+  patches.suse/md-Don-t-suspend-the-array-for-interrupted-reshape-9e46.patch
+  (git-fixes CVE-2024-26755 bsc#1222529).
+- Update patches.suse/media-ir_toy-fix-a-memleak-in-irtoy_tx.patch
+  (git-fixes CVE-2024-26829 bsc#1223027).
+- Update
+  patches.suse/media-pvrusb2-fix-uaf-in-pvr2_context_set_notify.patch
+  (git-fixes CVE-2024-26875 bsc#1223118).
+- Update
+  patches.suse/msft-hv-2942-hv_netvsc-Register-VF-in-netvsc_probe-if-NET_DEVICE_.patch
+  (git-fixes CVE-2024-26820 bsc#1223078).
+- Update
+  patches.suse/net-bnx2x-Prevent-access-to-a-freed-page-in-page_poo.patch
+  (bsc#1215322 CVE-2024-26859 bsc#1223049).
+- Update
+  patches.suse/net-veth-clear-GRO-when-clearing-XDP-even-when-down.patch
+  (git-fixes CVE-2024-26803 bsc#1222788).
+- Update
+  patches.suse/nfc-nci-free-rx_data_reassembly-skb-on-NCI-device-cl.patch
+  (git-fixes CVE-2024-26825 bsc#1223065).
+- Update
+  patches.suse/nilfs2-fix-data-corruption-in-dsync-block-recovery-f.patch
+  (git-fixes CVE-2024-26697 bsc#1222550).
+- Update
+  patches.suse/nilfs2-fix-hang-in-nilfs_lookup_dirty_data_buffers.patch
+  (git-fixes CVE-2024-26696 bsc#1222549).
+- Update
+  patches.suse/powerpc-iommu-Fix-the-missing-iommu_group_put-during.patch
+  (jsc#PED-7779 jsc#PED-7780 git-fixes CVE-2024-26709
+  bsc#1222418).
+- Update
+  patches.suse/powerpc-kasan-Limit-KASAN-thread-size-increase-to-32.patch
+  (bsc#1215199 CVE-2024-26710 bsc#1222419).
+- Update
+  patches.suse/powerpc-pseries-iommu-DLPAR-add-doesn-t-completely-i.patch
+  (bsc#1215199 bsc#1219077 ltc#204477 CVE-2024-26738 bsc#1222607).
+- Update
+  patches.suse/powerpc-rtas-use-correct-function-name-for-resetting.patch
+  (bsc#1215199 CVE-2024-26847 bsc#1223026).
+- Update patches.suse/ppp_async-limit-MRU-to-64K.patch (git-fixes
+  CVE-2024-26675 bsc#1222379).
+- Update
+  patches.suse/scsi-Revert-scsi-fcoe-Fix-potential-deadlock-on-fip-ctlr_lock.patch
+  (git-fixes bsc#1219141 CVE-2024-26917 bsc#1223056).
+- Update
+  patches.suse/wifi-iwlwifi-mvm-fix-a-crash-when-we-run-out-of-stat.patch
+  (git-fixes CVE-2024-26693 bsc#1222451).
+- Update
+  patches.suse/wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch
+  (git-fixes CVE-2024-26779 bsc#1222772).
+- Update
+  patches.suse/wifi-wfx-fix-memory-leak-when-starting-AP.patch
+  (git-fixes CVE-2024-26896 bsc#1223042).
+- Update
+  patches.suse/xen-events-close-evtchn-after-mapping-cleanup.patch
+  (git-fixes CVE-2024-26687 bsc#1222435).
+- commit a69636a
+
+- Update
+  patches.suse/iio-core-fix-memleak-in-iio_device_register_sysfs.patch
+  (git-fixes CVE-2023-52643 bsc#1222960).
+- Update
+  patches.suse/media-rc-bpf-attach-detach-requires-write-permission.patch
+  (git-fixes CVE-2023-52642 bsc#1223031).
+- Update
+  patches.suse/wifi-b43-Stop-wake-correct-queue-in-DMA-Tx-path-when.patch
+  (git-fixes CVE-2023-52644 bsc#1222961).
+- commit 2c2d37f
+
+- Update patch reference of iio fix (CVE-2024-26702 bsc#1222424)
+- commit 9436142
+
+- nvme-tcp: strict pdu pacing to avoid send stalls on TLS
+  (bsc#1221858).
+- tls: fix peeking with sync+async decryption (bsc#1221858).
+- tls: don't skip over different type records from the rx_list
+  (bsc#1221858).
+- tls: stop recv() if initial process_rx_list gave us non-DATA
+  (bsc#1221858).
+- tls: break out of main loop when PEEK gets a non-data record
+  (bsc#1221858).
+- net: tls: fix returned read length with async decrypt
+  (bsc#1221858).
+- net: tls: fix use-after-free with partial reads and async
+  (bsc#1221858).
+- net: tls, fix WARNIING in __sk_msg_free (bsc#1221858).
+- commit 9d8d293
+
ffmpeg-4
+- Add ffmpeg-CVE-2024-31578.patch:
+  Backporting ab0fdaed from upstream, Fix heap use after free when
+  vulkan_frames_init failed.
+  (CVE-2024-31578 bsc#1223070)
+
+- Add ffmpeg-CVE-2023-51793.patch:
+  Backporting 0ecc1f0e from upstream, Fix odd height handling, Fix
+  out of array access.
+  (CVE-2023-51793 bsc#1223272)
+
+- Add ffmpeg-CVE-2023-49502.patch
+  Backporting 737ede40 from upstream, Adjusts the logic to consider
+  the chroma planes and makes the change to all three bwdif
+  implementations.
+  (CVE-2023-49502 bsc#1223235)
+
flatpak
+- Update to version 1.14.6:
+  * Security fixes:
+  - Don't allow an executable name to be misinterpreted as a
+    command-line option for bwrap(1). This prevents a sandbox
+    escape where a malicious or compromised app could ask
+    xdg-desktop-portal to generate a .desktop file with access
+    to files outside the sandbox. (CVE-2024-32462, bsc#1223110)
+  * Other bug fixes:
+  - Don't parse <developer><name/></developer> as the application
+    name
+
glib2
+- require dbus-launch only if dbus-service is wanted. This helps
+  with stripping down container-only builds (jsc#PED-8153)
+
glib2:doc
+- require dbus-launch only if dbus-service is wanted. This helps
+  with stripping down container-only builds (jsc#PED-8153)
+
glibc
+- glibc-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch:
+  nscd: Stack-based buffer overflow in netgroup cache
+  (CVE-2024-33599, bsc#1223423)
+- glibc-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch:
+  nscd: Avoid null pointer crashes after notfound response
+  (CVE-2024-33600, bsc#1223424)
+- glibc-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch:
+  nscd: Do not send missing not-found response in addgetnetgrentX
+  (CVE-2024-33600, bsc#1223424)
+- glibc-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two.patch:
+  netgroup: Use two buffers in addgetnetgrentX (CVE-2024-33601,
+  CVE-2024-33602, bsc#1223425)
+
+- iconv-iso-2022-cn-ext.patch: iconv: ISO-2022-CN-EXT: fix out-of-bound
+  writes when writing escape sequence (CVE-2024-2961, bsc#1222992)
+
glibc:i686
+- glibc-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch:
+  nscd: Stack-based buffer overflow in netgroup cache
+  (CVE-2024-33599, bsc#1223423)
+- glibc-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch:
+  nscd: Avoid null pointer crashes after notfound response
+  (CVE-2024-33600, bsc#1223424)
+- glibc-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch:
+  nscd: Do not send missing not-found response in addgetnetgrentX
+  (CVE-2024-33600, bsc#1223424)
+- glibc-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two.patch:
+  netgroup: Use two buffers in addgetnetgrentX (CVE-2024-33601,
+  CVE-2024-33602, bsc#1223425)
+
+- iconv-iso-2022-cn-ext.patch: iconv: ISO-2022-CN-EXT: fix out-of-bound
+  writes when writing escape sequence (CVE-2024-2961, bsc#1222992)
+
glibc:utils
+- glibc-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch:
+  nscd: Stack-based buffer overflow in netgroup cache
+  (CVE-2024-33599, bsc#1223423)
+- glibc-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch:
+  nscd: Avoid null pointer crashes after notfound response
+  (CVE-2024-33600, bsc#1223424)
+- glibc-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch:
+  nscd: Do not send missing not-found response in addgetnetgrentX
+  (CVE-2024-33600, bsc#1223424)
+- glibc-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two.patch:
+  netgroup: Use two buffers in addgetnetgrentX (CVE-2024-33601,
+  CVE-2024-33602, bsc#1223425)
+
+- iconv-iso-2022-cn-ext.patch: iconv: ISO-2022-CN-EXT: fix out-of-bound
+  writes when writing escape sequence (CVE-2024-2961, bsc#1222992)
+
jasper
+- security update: Fix assertion failure in jpc_streamlist_remove()
+  * CVE-2024-31744 [bsc#1223155]
+    Add jasper-CVE-2024-31744.patch
+
java-21-openjdk
+- Update to upstream tag jdk-21.0.3+9 (April 2024 CPU)
+  * Security fixes
+    + JDK-8315708, CVE-2024-21012, bsc#1222987: Enhance HTTP/2
+    client usage
+    + JDK-8318340: Improve RSA key implementations
+    + JDK-8319851, CVE-2024-21011, bsc#1222979: Improve exception
+    logging
+    + JDK-8322122, CVE-2024-21068, bsc#1222983: Enhance generation
+    of addresses
+  * Other changes
+    + JDK-6928542: Chinese characters in RTF are not decoded
+    + JDK-8009550: PlatformPCSC should load versioned so
+    + JDK-8077371: Binary files in JAXP test should be removed
+    + JDK-8169475: WheelModifier.java fails by timeout
+    + JDK-8209595: MonitorVmStartTerminate.java timed out
+    + JDK-8210410: Refactor java.util.Currency:i18n shell tests to
+    plain java tests
+    + JDK-8261837: SIGSEGV in ciVirtualCallTypeData::translate_from
+    + JDK-8263256: Test java/net/Inet6Address/serialize/
+    /Inet6AddressSerializationTest.java fails due to dynamic
+    reconfigurations of network interface during test
+    + JDK-8264899: C1: -XX:AbortVMOnException does not work if all
+    methods in the call stack are compiled with C1 and there are
+    no exception handlers
+    + JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java
+    fails in Windows 11
+    + JDK-8295343: sun/security/pkcs11 tests fail on Linux RHEL 8.6
+    and newer
+    + JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts
+    + JDK-8301310: The SendRawSysexMessage test may cause a JVM
+    crash
+    + JDK-8304020: Speed up test/jdk/java/util/zip/ZipFile/
+    /TestTooManyEntries.java and clarify its purpose
+    + JDK-8304292: Memory leak related to
+    ClassLoader::update_class_path_entry_list
+    + JDK-8305962: update jcstress to 0.16
+    + JDK-8305971: NPE in JavacProcessingEnvironment for missing
+    enum constructor body
+    + JDK-8306922: IR verification fails because IR dump is chopped
+    up
+    + JDK-8307408: Some jdk/sun/tools/jhsdb tests don't pass test
+    JVM args to the debuggee JVM
+    + JDK-8309109: AArch64: [TESTBUG] compiler/intrinsics/sha/cli/
+    /TestUseSHA3IntrinsicsOptionOnSupportedCPU.java fails on
+    Neoverse N2 and V1
+    + JDK-8309203: C2: remove copy-by-value of GrowableArray for
+    InterfaceSet
+    + JDK-8309302: java/net/Socket/Timeouts.java fails with
+    AssertionError on test temporal post condition
+    + JDK-8309697: [TESTBUG] Remove "@requires vm.flagless" from
+    jtreg vectorization tests
+    + JDK-8310031: Parallel: Implement better work distribution for
+    large object arrays in old gen
+    + JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/
+    /bug6889007.java fails
+    + JDK-8310308: IR Framework: check for type and size of vector
+    nodes
+    + JDK-8310629: java/security/cert/CertPathValidator/OCSP/
+    /OCSPTimeout.java fails with RuntimeException
+    Server not ready
+    + JDK-8310631: test/jdk/sun/nio/cs/TestCharsetMapping.java is
+    spuriously passing
+    + JDK-8310807: java/nio/channels/DatagramChannel/Connect.java
+    timed out
+    + JDK-8310844: [AArch64] C1 compilation fails because monitor
+    offset in OSR buffer is too large for immediate
+    + JDK-8310919: runtime/ErrorHandling/
+    /TestAbortVmOnException.java times out due to core dumps
+    taking a long time on OSX
+    + JDK-8310923: Refactor Currency tests to use JUnit
+    + JDK-8311081: KeytoolReaderP12Test.java fail on localized
+    Windows platform
+    + JDK-8311279: TestStressIGVNAndCCP.java failed with different
+    IGVN traces for the same seed
+    + JDK-8311581: Remove obsolete code and comments in TestLVT.java
+    + JDK-8311588: C2: RepeatCompilation compiler directive does
+    not choose stress seed randomly
+    + JDK-8311663: Additional refactoring of Locale tests to JUnit
+    + JDK-8311893: Interactive component with ARIA role 'tabpanel'
+    does not have a programmatically associated name
+    + JDK-8311986: Disable runtime/os/TestTracePageSizes.java for
+    ShenandoahGC
+    + JDK-8311992: Test java/lang/Thread/virtual/
+    /JfrEvents::testVirtualThreadPinned failed
+    + JDK-8312136: Modify runtime/ErrorHandling/TestDwarf.java to
+    split dwarf and decoder testing
+    + JDK-8312416: Tests in Locale should have more descriptive
+    names
+    + JDK-8312428: PKCS11 tests fail with NSS 3.91
+    + JDK-8312916: Remove remaining usages of -Xdebug from
+    test/hotspot/jtreg
+    + JDK-8313082: Enable CreateCoredumpOnCrash for testing in
+    makefiles
+    + JDK-8313229: DHEKeySizing.java should be modified to use TLS
+    versions TLSv1, TLSv1.1, TLSv1.2
+    + JDK-8313507: Remove pkcs11/Cipher/TestKATForGCM.java from
+    ProblemList
+    + JDK-8313621: test/jdk/jdk/internal/math/FloatingDecimal/
+    /TestFloatingDecimal should use RandomFactory
+    + JDK-8313638: Add test for dump of resolved references
+    + JDK-8313670: Simplify shared lib name handling code in some
+    tests
+    + JDK-8313720: C2 SuperWord: wrong result with
+  - XX:+UseVectorCmov -XX:+UseCMoveUnconditionally
+    + JDK-8313816: Accessing jmethodID might lead to spurious
+    crashes
+    + JDK-8313854: Some tests in serviceability area fail on
+    localized Windows platform
+    + JDK-8314164: java/net/HttpURLConnection/
+    /HttpURLConnectionExpectContinueTest.java fails intermittently
+    in timeout
+    + JDK-8314220: Configurable InlineCacheBuffer size
+    + JDK-8314283: Support for NSS tests on aarch64 platforms
+    + JDK-8314320: Mark runtime/CommandLine/ tests as flagless
+    + JDK-8314333: Update com/sun/jdi/ProcessAttachTest.java to use
+    ProcessTools.createTestJvm(..)
+    + JDK-8314513: [IR Framework] Some internal IR Framework tests
+    are failing after JDK-8310308 on PPC and Cascade Lake
+    + JDK-8314578: Non-verifiable code is emitted when two guards
+    declare pattern variables in colon-switch
+    + JDK-8314610: hotspot can't compile with the latest of gtest
+    because of <iomanip>
+    + JDK-8314612: TestUnorderedReduction.java fails with
+  - XX:MaxVectorSize=32 and -XX:+AlignVector
+    + JDK-8314629: Generational ZGC: Clearing All SoftReferences
+    log line lacks GCId
+    + JDK-8314829: serviceability/sa/jmap-hprof/
+    /JMapHProfLargeHeapTest.java ignores vm flags
+    + JDK-8314830: runtime/ErrorHandling/ tests ignore external VM
+    flags
+    + JDK-8314831: NMT tests ignore vm flags
+    + JDK-8314835: gtest wrappers should be marked as flagless
+    + JDK-8314837: 5 compiled/codecache tests ignore VM flags
+    + JDK-8314838: 3 compiler tests ignore vm flags
+    + JDK-8314990: Generational ZGC: Strong OopStorage stats
+    reported as weak roots
+    + JDK-8315034: File.mkdirs() occasionally fails to create
+    folders on Windows shared folder
+    + JDK-8315042: NPE in PKCS7.parseOldSignedData
+    + JDK-8315097: Rename createJavaProcessBuilder
+    + JDK-8315241: (fs) Move toRealPath tests in
+    java/nio/file/Path/Misc.java to separate JUnit 5 test
+    + JDK-8315406: [REDO] serviceability/jdwp/
+    /AllModulesCommandTest.java ignores VM flags
+    + JDK-8315594: Open source few headless Swing misc tests
+    + JDK-8315600: Open source few more headless Swing misc tests
+    + JDK-8315602: Open source swing security manager test
+    + JDK-8315611: Open source swing text/html and tree test
+    + JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should
+    run with -Xbatch
+    + JDK-8315721: CloseRace.java#id0 fails transiently on libgraal
+    + JDK-8315726: Open source several AWT applet tests
+    + JDK-8315731: Open source several Swing Text related tests
+    + JDK-8315761: Open source few swing JList and JMenuBar tests
+    + JDK-8315891: java/foreign/TestLinker.java failed with "error
+    occurred while instantiating class TestLinker: null"
+    + JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/
+    /bug4654927.java: component must be showing on the screen to
+    determine its location
+    + JDK-8315988: Parallel: Make TestAggressiveHeap use
+    createTestJvm
+    + JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use
+    createTestJvm
+    + JDK-8316028: Update FreeType to 2.13.2
+    + JDK-8316106: Open source few swing JInternalFrame and
+    JMenuBar tests
+    + JDK-8316132: CDSProtectionDomain::get_shared_protection_domain
+    should check for exception
+    + JDK-8316229: Enhance class initialization logging
+    + JDK-8316309: AArch64: VMError::print_native_stack() crashes
+    on Java native method frame
+    + JDK-8316319: Generational ZGC: The SoftMaxHeapSize might be
+    wrong when CDS decreases the MaxHeapSize
+    + JDK-8316392: compiler/interpreter/
+    /TestVerifyStackAfterDeopt.java failed with SIGBUS in
+    PcDescContainer::find_pc_desc_internal
+    + JDK-8316410: GC: Make TestCompressedClassFlags use
+    createTestJvm
+    + JDK-8316445: Mark com/sun/management/HotSpotDiagnosticMXBean/
+    /CheckOrigin.java as vm.flagless
+    + JDK-8316446: 4 sun/management/jdp tests ignore VM flags
+    + JDK-8316447: 8 sun/management/jmxremote tests ignore VM flags
+    + JDK-8316462: sun/jvmstat/monitor/MonitoredVm/
+    /MonitorVmStartTerminate.java ignores VM flags
+    + JDK-8316464: 3 sun/tools tests ignore VM flags
+    + JDK-8316562: serviceability/sa/jmap-hprof/
+    /JMapHProfLargeHeapTest.java times out after JDK-8314829
+    + JDK-8316594: C2 SuperWord: wrong result with hand unrolled
+    loops
+    + JDK-8316661: CompilerThread leaks CodeBlob memory when
+    dynamically stopping compiler thread in non-product
+    + JDK-8316693: Simplify at-requires checkDockerSupport()
+    + JDK-8316947: Write a test to check textArea triggers
+    MouseEntered/MouseExited events properly
+    + JDK-8316961: Fallback implementations for 64-bit
+    Atomic::{add,xchg} on 32-bit platforms
+    + JDK-8316973: GC: Make TestDisableDefaultGC use createTestJvm
+    + JDK-8317042: G1: Make TestG1ConcMarkStepDurationMillis use
+    createTestJvm
+    + JDK-8317144: Exclude sun/security/pkcs11/sslecc/
+    /ClientJSSEServerJSSE.java on Linux ppc64le
+    + JDK-8317188: G1: Make  TestG1ConcRefinementThreads use
+    createTestJvm
+    + JDK-8317218: G1: Make TestG1HeapRegionSize use createTestJvm
+    + JDK-8317228: GC: Make TestXXXHeapSizeFlags use createTestJvm
+    + JDK-8317300: javac erroneously allows "final" in front of a
+    record pattern
+    + JDK-8317307: test/jdk/com/sun/jndi/ldap/
+    /LdapPoolTimeoutTest.java fails with ConnectException:
+    Connection timed out: no further information
+    + JDK-8317316: G1: Make TestG1PercentageOptions use
+    createTestJvm
+    + JDK-8317317: G1: Make TestG1RemSetFlags use createTestJvm
+    + JDK-8317343: GC: Make TestHeapFreeRatio use createTestJvm
+    + JDK-8317347: Parallel: Make TestInitialTenuringThreshold use
+    createTestJvm
+    + JDK-8317358: G1: Make TestMaxNewSize use createTestJvm
+    + JDK-8317522: Test logic for BODY_CF in
+    AbstractThrowingSubscribers.java is wrong
+    + JDK-8317535: Shenandoah: Remove unused code
+    + JDK-8317771: [macos14] Expand/collapse a JTree using keyboard
+    freezes the application in macOS 14 Sonoma
+    + JDK-8317804: com/sun/jdi/JdwpAllowTest.java fails on Alpine
+    3.17 / 3.18
+    + JDK-8318039: GHA: Bump macOS and Xcode versions
+    + JDK-8318082: ConcurrentModificationException from IndexWriter
+    + JDK-8318154: Improve stability of WheelModifier.java test
+    + JDK-8318157: RISC-V: implement ensureMaterializedForStackWalk
+    intrinsic
+    + JDK-8318158: RISC-V: implement roundD/roundF intrinsics
+    + JDK-8318410: jdk/java/lang/instrument/BootClassPath/
+    /BootClassPathTest.sh fails on Japanese Windows
+    + JDK-8318468: compiler/tiered/LevelTransitionTest.java fails
+    with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1
+    + JDK-8318490: Increase timeout for JDK tests that are close to
+    the limit when run with libgraal
+    + JDK-8318590: JButton ignores margin when painting HTML text
+    + JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java
+    + JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni
+    tests
+    + JDK-8318608: Enable parallelism in
+    vmTestbase/nsk/stress/threads tests
+    + JDK-8318613: ChoiceFormat patterns are not well tested
+    + JDK-8318689: jtreg is confused when folder name is the same
+    as the test name
+    + JDK-8318696: Do not use LFS64 symbols on Linux
+    + JDK-8318737: Fallback linker passes bad JNI handle
+    + JDK-8318809: java/util/concurrent/ConcurrentLinkedQueue/
+    /WhiteBox.java shows intermittent failures on linux ppc64le
+    and aarch64
+    + JDK-8318964: Fix build failures caused by 8315097
+    + JDK-8318971: Better Error Handling for Jar Tool When
+    Processing Non-existent Files
+    + JDK-8318983: Fix comment typo in PKCS12Passwd.java
+    + JDK-8319103: Popups that request focus are not shown on Linux
+    with Wayland
+    + JDK-8319124: Update XML Security for Java to 3.0.3
+    + JDK-8319128: sun/security/pkcs11 tests fail on OL 7.9 aarch64
+    + JDK-8319136: Skip pkcs11 tests on linux-aarch64
+    + JDK-8319137: release _object in ObjectMonitor dtor to avoid
+    races
+    + JDK-8319213: Compatibility.java reads both stdout and stderr
+    of JdkUtils
+    + JDK-8319314: NMT detail report slow or hangs for large number
+    of mappings
+    + JDK-8319372: C2 compilation fails with "Bad immediate
+    dominator info"
+    + JDK-8319382: com/sun/jdi/JdwpAllowTest.java shows failures on
+    AIX if prefixLen of mask is larger than 32 in IPv6 case
+    + JDK-8319456: jdk/jfr/event/gc/collection/
+    /TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker
+    Initiated GC' not in the valid causes
+    + JDK-8319548: Unexpected internal name for Filler array klass
+    causes error in VisualVM
+    + JDK-8319569: Several java/util tests should be updated to
+    accept VM flags
+    + JDK-8319633: runtime/posixSig/TestPosixSig.java intermittent
+    timeouts on UNIX
+    + JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh
+    + JDK-8319777: Zero: Support 8-byte cmpxchg
+    + JDK-8319879: Stress mode to randomize incremental inlining
+    decision
+    + JDK-8319883: Zero: Use atomic built-ins for 64-bit accesses
+    + JDK-8319897: Move StackWatermark handling out of
+    LockStack::contains
+    + JDK-8319938: TestFileChooserSingleDirectorySelection.java
+    fails with "getSelectedFiles returned empty array"
+    + JDK-8320052: Zero: Use __atomic built-ins for atomic RMW
+    operations
+    + JDK-8320145: Compiler should accept final variable in Record
+    Pattern
+    + JDK-8320168: handle setsocktopt return values
+    + JDK-8320206: Some intrinsics/stubs missing vzeroupper on
+    x86_64
+    + JDK-8320208: Update Public Suffix List to b5bf572
+    + JDK-8320300: Adjust hs_err output in malloc/mmap error cases
+    + JDK-8320303: Allow PassFailJFrame to accept single window
+    creator
+    + JDK-8320309: AIX: pthreads created by foreign test library
+    don't work as expected
+    + JDK-8320383: refresh libraries cache on AIX in VMError::report
+    + JDK-8320582: Zero: Misplaced CX8 enablement flag
+    + JDK-8320798: Console read line with zero out should zero out
+    underlying buffer
+    + JDK-8320807: [PPC64][ZGC] C1 generates wrong code for atomics
+    + JDK-8320830: [AIX] Dont mix os::dll_load() with direct
+    dlclose() calls
+    + JDK-8320877: Shenandoah: Remove
+    ShenandoahUnloadClassesFrequency support
+    + JDK-8320888: Shenandoah: Enable ShenandoahVerifyOptoBarriers
+    in debug builds
+    + JDK-8320890: [AIX] Find a better way to mimic dl handle
+    equality
+    + JDK-8320898: exclude compiler/vectorapi/reshape/
+    /TestVectorReinterpret.java on ppc64(le) platforms
+    + JDK-8320907: Shenandoah: Remove ShenandoahSelfFixing flag
+    + JDK-8320921: GHA: Parallelize hotspot_compiler test jobs
+    + JDK-8320937: support latest VS2022 MSC_VER in
+    abstract_vm_version.cpp
+    + JDK-8320943: Files/probeContentType/Basic.java fails on
+    latest Windows 11 - content type mismatch
+    + JDK-8321120: Shenandoah: Remove ShenandoahElasticTLAB flag
+    + JDK-8321122: Shenandoah: Remove
+    ShenandoahLoopOptsAfterExpansion flag
+    + JDK-8321131: Console read line with zero out should zero out
+    underlying buffer in JLine
+    + JDK-8321151: JDK-8294427 breaks Windows L&F on all older
+    Windows versions
+    + JDK-8321164: javac with annotation processor throws
+    AssertionError: Filling jrt:/... during JarFileObject[/...]
+    + JDK-8321215: Incorrect x86 instruction encoding for VSIB
+    addressing mode
+    + JDK-8321269: Require platforms to define
+    DEFAULT_CACHE_LINE_SIZE
+    + JDK-8321374: Add a configure option to explicitly set
+    CompanyName property in VersionInfo resource for Windows
+    exe/dll
+    + JDK-8321408: Add Certainly roots R1 and E1
+    + JDK-8321409: Console read line with zero out should zero out
+    underlying buffer in JLine (redux)
+    + JDK-8321410: Shenandoah: Remove ShenandoahSuspendibleWorkers
+    flag
+    + JDK-8321480: ISO 4217 Amendment 176 Update
+    + JDK-8321542: C2: Missing ChaCha20 stub for x86_32 leads to
+    crashes
+    + JDK-8321582: yield <primitive-type>.class not parsed
+    correctly.
+    + JDK-8321599: Data loss in AVX3 Base64 decoding
+    + JDK-8321619: Generational ZGC: ZColorStoreGoodOopClosure is
+    only valid for young objects
+    + JDK-8321894: Bump update version for OpenJDK: 21.0.3
+    + JDK-8321972: test runtime/Unsafe/InternalErrorTest.java
+    timeout on linux-riscv64 platform
+    + JDK-8321974: Crash in ciKlass::is_subtype_of because
+    TypeAryPtr::_klass is not initialized
+    + JDK-8322040: Missing array bounds check in
+    ClassReader.parameter
+    + JDK-8322098: os::Linux::print_system_memory_info enhance the
+    THP output with
+    /sys/kernel/mm/transparent_hugepage/hpage_pmd_size
+    + JDK-8322142: JFR: Periodic tasks aren't orphaned between
+    recordings
+    + JDK-8322159: ThisEscapeAnalyzer crashes for erroneous code
+    + JDK-8322255: Generational ZGC: ZPageSizeMedium should be set
+    before MaxTenuringThreshold
+    + JDK-8322279: Generational ZGC: Use ZFragmentationLimit and
+    ZYoungCompactionLimit as percentage instead of multiples
+    + JDK-8322282: Incorrect LoaderConstraintTable::add_entry after
+    JDK-8298468
+    + JDK-8322321: Add man page doc for -XX:+VerifySharedSpaces
+    + JDK-8322417: Console read line with zero out should zero out
+    when throwing exception
+    + JDK-8322418: Problem list gc/TestAllocHumongousFragment.java
+    subtests for 8298781
+    + JDK-8322512: StringBuffer.repeat does not work correctly
+    after toString() was called
+    + JDK-8322583: RISC-V: Enable fast class initialization checks
+    + JDK-8322725: (tz) Update Timezone Data to 2023d
+    + JDK-8322750: Test "api/java_awt/interactive/
+    /SystemTrayTests.html" failed because A blue ball icon is
+    added outside of the system tray
+    + JDK-8322772: Clean up code after JDK-8322417
+    + JDK-8322783: prioritize /etc/os-release over
+    /etc/SuSE-release in hs_err/info output
+    + JDK-8322790: RISC-V: Tune costs for shuffles with no
+    conversion
+    + JDK-8322957: Generational ZGC: Relocation selection must join
+    the STS
+    + JDK-8323008: filter out harmful -std* flags added by autoconf
+    from CXX
+    + JDK-8323021: Shenandoah: Encountered reference count always
+    attributed to first worker thread
+    + JDK-8323065: Unneccesary CodeBlob lookup in
+    CompiledIC::internal_set_ic_destination
+    + JDK-8323086: Shenandoah: Heap could be corrupted by oom
+    during evacuation
+    + JDK-8323101: C2: assert(n->in(0) == nullptr) failed:
+    divisions with zero check should already have bailed out
+    earlier in split-if
+    + JDK-8323154: C2: assert(cmp != nullptr && cmp->Opcode() ==
+    Op_Cmp(bt)) failed: no exit test
+    + JDK-8323243: JNI invocation of an abstract instance method
+    corrupts the stack
+    + JDK-8323331: fix typo hpage_pdm_size
+    + JDK-8323428: Shenandoah: Unused memory in regions compacted
+    during a full GC should be mangled
+    + JDK-8323515: Create test alias "all" for all test roots
+    + JDK-8323637: Capture hotspot replay files in GHA
+    + JDK-8323640: [TESTBUG]testMemoryFailCount in
+    jdk/internal/platform/docker/TestDockerMemoryMetrics.java
+    always fail because OOM killed
+    + JDK-8323659: LinkedTransferQueue add and put methods call
+    overridable offer
+    + JDK-8323664: java/awt/font/JNICheck/FreeTypeScalerJNICheck.java
+    still fails with JNI warning on some Windows configurations
+    + JDK-8323667: Library debug files contain non-reproducible
+    full gcc include paths
+    + JDK-8323671: DevKit build gcc libraries contain full paths to
+    source location
+    + JDK-8323717: Introduce test keyword for tests that need
+    external dependencies
+    + JDK-8323964: runtime/Thread/ThreadCountLimit.java fails
+    intermittently on AIX
+    + JDK-8324050: Issue store-store barrier after re-materializing
+    objects during deoptimization
+    + JDK-8324280: RISC-V: Incorrect implementation in
+    VM_Version::parse_satp_mode
+    + JDK-8324347: Enable "maybe-uninitialized" warning for
+    FreeType 2.13.1
+    + JDK-8324514: ClassLoaderData::print_on should print address
+    of class loader
+    + JDK-8324598: use mem_unit when working with sysinfo memory
+    and swap related information
+    + JDK-8324637: [aix] Implement support for reporting swap space
+    in jdk.management
+    + JDK-8324647: Invalid test group of lib-test after JDK-8323515
+    + JDK-8324659: GHA: Generic jtreg errors are not reported
+    + JDK-8324753: [AIX] adjust os_posix after JDK-8318696
+    + JDK-8324858: [vectorapi] Bounds checking issues when
+    accessing memory segments
+    + JDK-8324874: AArch64: crypto pmull based CRC32/CRC32C
+    intrinsics clobber V8-V15 registers
+    + JDK-8324937: GHA: Avoid multiple test suites per job
+    + JDK-8325074: ZGC fails assert(index == 0 ||
+    is_power_of_2(index)) failed: Incorrect load shift: 11
+    + JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/
+    /AKISerialNumber.java is failing
+    + JDK-8325150: (tz) Update Timezone Data to 2024a
+    + JDK-8325194: GHA: Add macOS M1 testing
+    + JDK-8325254: CKA_TOKEN private and secret keys are not
+    necessarily sensitive
+    + JDK-8325444: GHA: JDK-8325194 causes a regression
+    + JDK-8325470: [AIX] use fclose after fopen in read_psinfo
+    + JDK-8325496: Make TrimNativeHeapInterval a product switch
+    + JDK-8325672: C2: allocate PhaseIdealLoop::_loop_or_ctrl from
+    C->comp_arena()
+    + JDK-8325876: crashes in docker container tests on
+    Linuxppc64le Power8 machines
+    + JDK-8326000: Remove obsolete comments for class
+    sun.security.ssl.SunJSSE
+    + JDK-8327391: Add SipHash attribution file
+    + JDK-8329838: [21u] Remove designator
+    DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.3
+- Modified patches:
+  * disable-doclint-by-default.patch
+  * fips.patch
+  * java-21-openjdk.spec
+  * java-atk-wrapper-security.patch
+  * loadAssistiveTechnologies.patch
+  * memory-limits.patch
+  * multiple-pkcs11-library-init.patch
+  * system-pcsclite.patch
+  * zero-ranges.patch
+    + rediff to apply without fuzz
+
+- Added patch:
+  * reproducible-jlink.patch
+    + make the timestamp in jmods reproducible
+
+- Removed patch:
+  * alternative-tzdb_dat.patch
+    + Remove the possibility to use the system timezone-java. It
+    creates more problems then it solves (bsc#1213470)
+
+- Use %patch -P N instead of deprecated %patchN.
+
kernel-64kb
+- Update kabi files: updated for post-PublicRC
+- commit f978f5f
+
+- Update
+  patches.suse/Bluetooth-btrtl-fix-out-of-bounds-memory-access.patch
+  (git-fixes CVE-2024-26890 bsc#1223192).
+- Update
+  patches.suse/RDMA-mlx5-Fix-fortify-source-warning-while-accessing.patch
+  (jsc#PED-3311 CVE-2024-26907 bsc#1223203).
+- Update
+  patches.suse/Revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-e.patch
+  (git-fixes CVE-2024-26916 bsc#1223137).
+- Update
+  patches.suse/crypto-xilinx-call-finalize-with-bh-disabled.patch
+  (git-fixes CVE-2024-26877 bsc#1223140).
+- Update
+  patches.suse/dm-call-the-resume-method-on-internal-suspend-65e8.patch
+  (git-fixes CVE-2024-26880 bsc#1223188).
+- Update
+  patches.suse/drm-amd-display-Fix-dcn35-8k30-Underflow-Corruption-.patch
+  (git-fixes CVE-2024-26913 bsc#1223204).
+- Update
+  patches.suse/drm-amd-display-fix-incorrect-mpc_combine-array-size.patch
+  (git-fixes CVE-2024-26914 bsc#1223205).
+- Update patches.suse/drm-amdgpu-Reset-IH-OVERFLOW_CLEAR-bit.patch
+  (git-fixes CVE-2024-26915 bsc#1223207).
+- Update
+  patches.suse/firmware-arm_scmi-Fix-double-free-in-SMC-transport-c.patch
+  (git-fixes CVE-2024-26893 bsc#1223196).
+- Update
+  patches.suse/net-tls-fix-use-after-free-with-partial-reads-and-as.patch
+  (bsc#1221858 CVE-2024-26582 bsc#1220214).
+- Update
+  patches.suse/wifi-ath9k-delay-all-of-ath9k_wmi_event_tasklet-unti.patch
+  (git-fixes CVE-2024-26897 bsc#1223323).
+- Update
+  patches.suse/wifi-mt76-mt7921e-fix-use-after-free-in-free_irq.patch
+  (git-fixes CVE-2024-26892 bsc#1223195).
+- Update
+  patches.suse/wifi-wilc1000-prevent-use-after-free-on-vif-when-cle.patch
+  (git-fixes CVE-2024-26895 bsc#1223197).
+- commit d9b565f
+
+- Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing
+  Adv Monitor (bsc#1219216).
+- commit 81c5485
+
+- Update
+  patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch
+  (bsc#1219264 CVE-2024-0841 CVE-2024-26688 bsc#1222482).
+- Update
+  patches.suse/0002-iommu-vt-d-Don-t-issue-ATS-Invalidation-request-when.patch
+  (git-fixes CVE-2024-26891 bsc#1223037).
+- Update
+  patches.suse/ACPI-processor_idle-Fix-memory-leak-in-acpi_processo.patch
+  (git-fixes CVE-2024-26894 bsc#1223043).
+- Update
+  patches.suse/ASoC-qcom-Fix-uninitialized-pointer-dmactl.patch
+  (git-fixes CVE-2024-26799 bsc#1222415).
+- Update
+  patches.suse/Bluetooth-Avoid-potential-use-after-free-in-hci_erro.patch
+  (git-fixes CVE-2024-26801 bsc#1222413).
+- Update patches.suse/Bluetooth-af_bluetooth-Fix-deadlock.patch
+  (git-fixes CVE-2024-26886 bsc#1223044).
+- Update
+  patches.suse/IB-hfi1-Fix-a-memleak-in-init_credit_return.patch
+  (git-fixes CVE-2024-26839 bsc#1222975).
+- Update
+  patches.suse/RDMA-irdma-Fix-KASAN-issue-with-tasklet.patch
+  (git-fixes CVE-2024-26838 bsc#1222974).
+- Update
+  patches.suse/RDMA-srpt-Do-not-register-event-handler-until-srpt-d.patch
+  (git-fixes CVE-2024-26872 bsc#1223115).
+- Update
+  patches.suse/afs-Fix-endless-loop-in-directory-parsing.patch
+  (git-fixes CVE-2024-26848 bsc#1223030).
+- Update
+  patches.suse/afs-Increase-buffer-size-in-afs_update_volume_status.patch
+  (git-fixes CVE-2024-26736 bsc#1222586).
+- Update
+  patches.suse/btrfs-fix-double-free-of-anonymous-device-after-snap.patch
+  (bsc#1219126 CVE-2024-23850 CVE-2024-26792 bsc#1222430).
+- Update
+  patches.suse/cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch
+  (bsc#1220265 CVE-2024-26840 bsc#1222976).
+- Update
+  patches.suse/ceph-prevent-use-after-free-in-encode_cap_msg.patch
+  (bsc#1221391 CVE-2024-26689 bsc#1222503).
+- Update
+  patches.suse/clk-meson-Add-missing-clocks-to-axg_clk_regmaps.patch
+  (git-fixes CVE-2024-26879 bsc#1223066).
+- Update
+  patches.suse/crypto-algif_hash-Remove-bogus-SGL-free-on-zero-leng.patch
+  (git-fixes CVE-2024-26824 bsc#1223081).
+- Update
+  patches.suse/dmaengine-fsl-qdma-init-irq-after-reg-initialization.patch
+  (git-fixes CVE-2024-26788 bsc#1222783).
+- Update
+  patches.suse/dmaengine-idxd-Ensure-safe-user-copy-of-completion-r.patch
+  (bsc#1221428 git-fixes CVE-2024-26746 bsc#1222444).
+- Update
+  patches.suse/drm-amd-display-Fix-MST-Null-Ptr-for-RV.patch
+  (git-fixes CVE-2024-26700 bsc#1222870).
+- Update
+  patches.suse/drm-amd-display-Fix-memory-leak-in-dm_sw_fini.patch
+  (git-fixes CVE-2024-26833 bsc#1223036).
+- Update
+  patches.suse/drm-amd-display-Fix-potential-null-pointer-dereferen.patch
+  (git-fixes CVE-2024-26729 bsc#1222552).
+- Update
+  patches.suse/drm-amd-display-Prevent-potential-buffer-overflow-in.patch
+  (git-fixes CVE-2024-26797 bsc#1222425).
+- Update
+  patches.suse/drm-bridge-adv7511-fix-crash-on-irq-during-probe.patch
+  (git-fixes CVE-2024-26876 bsc#1223119).
+- Update
+  patches.suse/drm-buddy-Fix-alloc_range-error-handling-code.patch
+  (git-fixes CVE-2024-26911 bsc#1223055).
+- Update
+  patches.suse/drm-mediatek-Fix-a-null-pointer-crash-in-mtk_drm_crt.patch
+  (git-fixes CVE-2024-26874 bsc#1223048).
+- Update
+  patches.suse/drm-nouveau-fix-several-DMA-buffer-leaks.patch
+  (git-fixes CVE-2024-26912 bsc#1223064).
+- Update
+  patches.suse/efi-runtime-Fix-potential-overflow-of-soft-reserved-.patch
+  (git-fixes CVE-2024-26843 bsc#1223014).
+- Update
+  patches.suse/fbcon-always-restore-the-old-font-data-in-fbcon_do_s.patch
+  (git-fixes CVE-2024-26798 bsc#1222798).
+- Update
+  patches.suse/i40e-Do-not-allow-untrusted-VF-to-remove-administrat.patch
+  (git-fixes CVE-2024-26830 bsc#1223012).
+- Update
+  patches.suse/iio-adc-ad4130-zero-initialize-clock-init-data.patch
+  (git-fixes CVE-2024-26711 bsc#1222420).
+- Update
+  patches.suse/md-Don-t-suspend-the-array-for-interrupted-reshape-9e46.patch
+  (git-fixes CVE-2024-26755 bsc#1222529).
+- Update patches.suse/media-ir_toy-fix-a-memleak-in-irtoy_tx.patch
+  (git-fixes CVE-2024-26829 bsc#1223027).
+- Update
+  patches.suse/media-pvrusb2-fix-uaf-in-pvr2_context_set_notify.patch
+  (git-fixes CVE-2024-26875 bsc#1223118).
+- Update
+  patches.suse/msft-hv-2942-hv_netvsc-Register-VF-in-netvsc_probe-if-NET_DEVICE_.patch
+  (git-fixes CVE-2024-26820 bsc#1223078).
+- Update
+  patches.suse/net-bnx2x-Prevent-access-to-a-freed-page-in-page_poo.patch
+  (bsc#1215322 CVE-2024-26859 bsc#1223049).
+- Update
+  patches.suse/net-veth-clear-GRO-when-clearing-XDP-even-when-down.patch
+  (git-fixes CVE-2024-26803 bsc#1222788).
+- Update
+  patches.suse/nfc-nci-free-rx_data_reassembly-skb-on-NCI-device-cl.patch
+  (git-fixes CVE-2024-26825 bsc#1223065).
+- Update
+  patches.suse/nilfs2-fix-data-corruption-in-dsync-block-recovery-f.patch
+  (git-fixes CVE-2024-26697 bsc#1222550).
+- Update
+  patches.suse/nilfs2-fix-hang-in-nilfs_lookup_dirty_data_buffers.patch
+  (git-fixes CVE-2024-26696 bsc#1222549).
+- Update
+  patches.suse/powerpc-iommu-Fix-the-missing-iommu_group_put-during.patch
+  (jsc#PED-7779 jsc#PED-7780 git-fixes CVE-2024-26709
+  bsc#1222418).
+- Update
+  patches.suse/powerpc-kasan-Limit-KASAN-thread-size-increase-to-32.patch
+  (bsc#1215199 CVE-2024-26710 bsc#1222419).
+- Update
+  patches.suse/powerpc-pseries-iommu-DLPAR-add-doesn-t-completely-i.patch
+  (bsc#1215199 bsc#1219077 ltc#204477 CVE-2024-26738 bsc#1222607).
+- Update
+  patches.suse/powerpc-rtas-use-correct-function-name-for-resetting.patch
+  (bsc#1215199 CVE-2024-26847 bsc#1223026).
+- Update patches.suse/ppp_async-limit-MRU-to-64K.patch (git-fixes
+  CVE-2024-26675 bsc#1222379).
+- Update
+  patches.suse/scsi-Revert-scsi-fcoe-Fix-potential-deadlock-on-fip-ctlr_lock.patch
+  (git-fixes bsc#1219141 CVE-2024-26917 bsc#1223056).
+- Update
+  patches.suse/wifi-iwlwifi-mvm-fix-a-crash-when-we-run-out-of-stat.patch
+  (git-fixes CVE-2024-26693 bsc#1222451).
+- Update
+  patches.suse/wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch
+  (git-fixes CVE-2024-26779 bsc#1222772).
+- Update
+  patches.suse/wifi-wfx-fix-memory-leak-when-starting-AP.patch
+  (git-fixes CVE-2024-26896 bsc#1223042).
+- Update
+  patches.suse/xen-events-close-evtchn-after-mapping-cleanup.patch
+  (git-fixes CVE-2024-26687 bsc#1222435).
+- commit a69636a
+
+- Update
+  patches.suse/iio-core-fix-memleak-in-iio_device_register_sysfs.patch
+  (git-fixes CVE-2023-52643 bsc#1222960).
+- Update
+  patches.suse/media-rc-bpf-attach-detach-requires-write-permission.patch
+  (git-fixes CVE-2023-52642 bsc#1223031).
+- Update
+  patches.suse/wifi-b43-Stop-wake-correct-queue-in-DMA-Tx-path-when.patch
+  (git-fixes CVE-2023-52644 bsc#1222961).
+- commit 2c2d37f
+
+- Update patch reference of iio fix (CVE-2024-26702 bsc#1222424)
+- commit 9436142
+
+- nvme-tcp: strict pdu pacing to avoid send stalls on TLS
+  (bsc#1221858).
+- tls: fix peeking with sync+async decryption (bsc#1221858).
+- tls: don't skip over different type records from the rx_list
+  (bsc#1221858).
+- tls: stop recv() if initial process_rx_list gave us non-DATA
+  (bsc#1221858).
+- tls: break out of main loop when PEEK gets a non-data record
+  (bsc#1221858).
+- net: tls: fix returned read length with async decrypt
+  (bsc#1221858).
+- net: tls: fix use-after-free with partial reads and async
+  (bsc#1221858).
+- net: tls, fix WARNIING in __sk_msg_free (bsc#1221858).
+- commit 9d8d293
+
kernel-azure
+- Refresh
+  patches.suse/kdump-implement-reserve_crashkernel_cma.patch.
+  (don't print about zero-sized CMA reservation)
+- commit 14e6598
+
+- Update
+  patches.suse/usb-roles-fix-NULL-pointer-issue-when-put-module-s-r.patch
+  (bsc#1222609 CVE-2024-26747).
+  Added CVE reference
+- commit 5db3e1d
+
+- powerpc/pseries/iommu: LPAR panics when rebooted with a frozen
+  PE (bsc#1222011 ltc#205900).
+- commit a6aad75
+
+- Update
+  patches.suse/0001-s390-cio-fix-race-condition-during-online-processing.patch
+  (bsc#1219485 bsc#1219451).
+- Update patches.suse/0001-s390-qdio-handle-deferred-cc1.patch
+  (bsc#1219485 bsc#1219451).
+- Update
+  patches.suse/s390-cio-fix-invalid-EBUSY-on-ccw_device_start.patch
+  (git-fixes bsc#1220360 bsc#1219485 bsc#1219451).
+- Update patches.suse/s390-qeth-handle-deferred-cc1.patch
+  (bsc#1219485 git-fixes bsc#1219451).
+- commit 097f888
+
+- Update
+  patches.suse/fbdev-savage-Error-out-if-pixclock-equals-zero.patch
+  (git-fixes CVE-2024-26778 bsc#1222770).
+- commit fbfa53e
+
+- Update
+  patches.suse/fbdev-sis-Error-out-if-pixclock-equals-zero.patch
+  (git-fixes CVE-2024-26777 bsc#1222765).
+- commit 4648979
+
+- Update
+  patches.suse/tls-fix-use-after-free-on-failed-backlog-decryption.patch
+  (CVE-2024-26584 bsc#1220186 CVE-2024-26800 bsc#1222728).
+- commit 6cb76c6
+
+- crash: use macro to add crashk_res into iomem early for specific
+  arch (jsc#PED-7249, bsc#1222742).
+  Refresh patches.suse/kdump-implement-reserve_crashkernel_cma.patch.
+- commit b256f70
+
+- blacklist.conf: Disable irrelevant patch
+  We don't have syscall hardening in our kernels.
+- commit 36739c9
+
+- x86/bugs: Fix BHI documentation (git-fixes).
+- commit b981493
+
+- kprobes: Fix double free of kretprobe_holder (bsc#1220901).
+- commit 6f75bb6
+
+- "nouveau: offload fence uevents work to workqueue"
+  Reference bug report and CVE number.
+- commit 92c99bd
+
+- Update patches.suse/RDMA-srpt-Support-specifying-the-srpt_service_guid-p.patch
+  (git-fixes bsc#1222449 CVE-2024-26744)
+- Update patches.suse/RDMA-qedr-Fix-qedr_create_user_qp-error-flow.patch
+  (git-fixes bsc#1222677 CVE-2024-26743)
+- Update patches.suse/IB-hfi1-Fix-sdma.h-tx-num_descs-off-by-one-error.patch
+  (git-fixes bsc#1222726 CVE-2024-26766)
+- commit 3b16fea
+
+- Revert patches.suse/tcp-get-rid-of-sysctl_tcp_adv_win_scale.patch
+  (bsc#1220419 bsc#1222656).
+- Revert patches.suse/mptcp-fix-rcv-buffer-auto-tuning.patch
+  (bsc#1220419 bsc#1222656).
+- Refresh
+  patches.suse/tcp-reorganize-tcp_sock-fast-path-variables.patch.
+  Revert dfa2f0483360 ("tcp: get rid of sysctl_tcp_adv_win_scale") to
+  resolve a performance regression in HTML traffic.
+- commit e2e7d0b
+
+- udp: Avoid call to compute_score on multiple sites
+  (bsc#1220709).
+- commit 78244c6
+
+- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes).
+- commit 3d18f9a
+
+- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto  (git-fixes).
+- Update config files.
+- commit b2f373b
+
+- x86/bugs: Fix BHI handling of RRSBA (git-fixes).
+- commit 66c46fb
+
+- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (git-fixes).
+- commit 6aec207
+
+- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes).
+- commit 1fdb38f
+
+- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes).
+- commit 13662e2
+
+- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (bsc#1222823).
+- Refresh patches.suse/x86-bhi-Add-BHI-mitigation-knob.patch.
+- commit 1bc31f7
+
+- KVM: x86: Add BHI_NO (bsc#1222823).
+- commit 07366ce
+
+- x86/bhi: Mitigate KVM by default (bsc#1222823).
+- commit 64cbcbe
+
+- x86/bhi: Add BHI mitigation knob (bsc#1222823).
+- Update config files.
+- commit 65ced6f
+
+- x86/bhi: Enumerate Branch History Injection (BHI) bug (bsc#1222823).
+- commit 5ca568d
+
+- x86/bhi: Define SPEC_CTRL_BHI_DIS_S (bsc#1222823).
+- commit 496b11d
+
+- x86/bhi: Add support for clearing branch history at syscall entry (bsc#1222823).
+- commit dee5dff
+
+- Update
+  patches.suse/net-pds_core-Fix-possible-double-free-in-error-handl.patch
+  (git-fixes CVE-2024-26652 bsc#1222115).
+  Added CVE reference.
+- commit 070cd49
+
+- Update
+  patches.suse/net-atlantic-Fix-DMA-mapping-for-PTP-hwts-ring.patch
+  (git-fixes bsc#1222427 CVE-2024-26680).
+  Added CVE reference.
+- commit 97f0341
+
+- s390/cio: fix race condition during online processing
+  (bsc#1219485).
+- commit 83d7614
+
+- s390/qdio: handle deferred cc1 (bsc#1219485).
+- commit aec0983
+
+- s390/qeth: handle deferred cc1 (bsc#1219485 git-fixes).
+- commit 6c10bf2
+
+- Update
+  patches.suse/s390-cio-fix-invalid-EBUSY-on-ccw_device_start.patch
+  (git-fixes bsc#1220360 bsc#1219485).
+- commit 174a4e8
+
+- Update patches.suse/mmc-mmci-stm32-fix-DMA-API-overlapping-mappings-warn.patch (git-fixes CVE-2024-26787 bsc#1222781)
+- commit 2816ca9
+
+- Update patches.suse/dmaengine-fsl-qdma-fix-SoC-may-hang-on-16-byte-unali.patch (git-fixes CVE-2024-26790 bsc#1222784)
+- commit 0d6086f
+
+- Update patches.suse/spi-hisi-sfc-v3xx-Return-IRQ_NONE-if-no-interrupts-w.patch (git-fixes CVE-2024-26776 bsc#1222764)
+- commit ec068f3
+
+- Update to add bsc#1222531, CVE-2024-26756 references,
+  patches.suse/md-Don-t-register-sync_thread-for-reshape-directly-ad39.patch
+  (bsc#1219596, bsc#1222531, CVE-2024-26756).
+- commit de5884e
+
+- Update to add bsc#1222527, CVE-2024-26757 references,
+  patches.suse/md-Don-t-ignore-read-only-array-in-md_check_recovery-55a4.patch
+  (bsc#1219596, bsc#1222527, CVE-2024-26757).
+- commit 0b6b491
+
+- Update to add bsc# and CVE tags,
+  patches.suse/dm-crypt-dm-verity-disable-tasklets-0a9b.patch
+  (bsc#1222416, CVE-2024-26718).
+- commit 59bf5a5
+
+- Update to add bsc# and CVE tags,
+  patches.suse/dm-crypt-don-t-modify-the-data-when-using-authentica-50c7.patch
+  (bsc#1222720, CVE-2024-26763).
+- commit 710cd5e
+
+- Update patches.suse/ARM-ep93xx-Add-terminator-to-gpiod_lookup_table.patch (git-fixes CVE-2024-26751 bsc#1222724)
+- commit a85b7fa
+
+- Update patches.suse/dmaengine-ti-edma-Add-some-null-pointer-checks-to-th.patch (git-fixes CVE-2024-26771 bsc#1222610)
+- commit b7bab4f
+
+- Update
+  patches.suse/gtp-fix-use-after-free-and-null-ptr-deref-in-gtp_gen.patch
+  (git-fixes CVE-2024-26754 bsc#1222632).
+- commit 0bddcea
+
+- Update
+  patches.suse/crypto-arm64-neonbs-fix-out-of-bounds-access-on-shor.patch
+  (git-fixes CVE-2024-26789 bsc#1222626).
+- commit 9c3828e
+
+- KVM: arm64: pmu: Resync EL0 state on counter rotation
+  (bsc#1219475).
+- commit 99d8e75
+
+- KVM: arm64: Always invalidate TLB for stage-2 permission faults
+  (bsc#1219478).
+- commit 1762ca5
+
+- Update
+  patches.suse/usb-cdns3-fixed-memory-use-after-free-at-cdns3_gadge.patch
+  (git-fixes CVE-2024-26749 bsc#1222680).
+- commit e627f8d
+
+- Update
+  patches.suse/powerpc-pseries-iommu-IOMMU-table-is-not-initialized.patch
+  (bsc#1220492 ltc#205270 CVE-2024-26745 bsc#1222678).
+- commit 6398fc1
+
+- Update
+  patches.suse/l2tp-pass-correct-message-length-to-ip6_append_data.patch
+  (bsc#1220419 CVE-2024-26752 bsc#1222667).
+- commit 1a3becd
+
+- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
+  (bsc#1222619).
+- commit a9c1ee0
+
+- Update
+  patches.suse/crypto-arm64-neonbs-fix-out-of-bounds-access-on-shor.patch
+  (git-fixes CVE-2024-26789).
+- commit 270f850
+
+- Update
+  patches.suse/usb-cdns3-fix-memory-double-free-when-handle-zero-pa.patch
+  (bsc#1222513 CVE-2024-26748).
+  Added CVE references
+- commit b3e425f
+
+- Update
+  patches.suse/usb-dwc3-gadget-Fix-NULL-pointer-dereference-in-dwc3.patch
+  (bsc#1222561 CVE-2024-26715).
+  Added CVE reference
+- commit ebacab7
+
+- Update
+  patches.suse/powerpc-pseries-iommu-DLPAR-add-doesn-t-completely-i.patch
+  (bsc#1215199 bsc#1219077 ltc#204477 CVE-2024-26738).
+- commit d6e4ef3
+
+- Update
+  patches.suse/drm-amd-display-Fix-array-index-out-of-bounds-in-dcn.patch
+  (git-fixes CVE-2024-26699 bsc#1222602).
+- commit f52d16e
+
+- Update
+  patches.suse/crypto-virtio-akcipher-Fix-stack-overflow-on-memcpy.patch
+  (git-fixes CVE-2024-26753 bsc#1222601).
+- commit 0099199
+
+- Update
+  patches.suse/ceph-prevent-use-after-free-in-encode_cap_msg.patch
+  (bsc#1221391 CVE-2024-26689).
+- commit 8a44287
+
+- Update
+  patches.suse/btrfs-do-not-ASSERT-if-the-newly-created-subvolume-a.patch
+  (bsc#1219126 CVE-2024-26727 bsc#1222536).
+- commit 7bb93e9
+
+- Update
+  patches.suse/net-mlx5-DPLL-Fix-possible-use-after-free-after-dela.patch
+  (git-fixes CVE-2024-26724 bsc#1222523).
+- commit bb60edc
+
+- Update
+  patches.suse/ASoC-rt5645-Fix-deadlock-in-rt5645_jack_detect_work.patch
+  (git-fixes CVE-2024-26722 bsc#1222520).
+- commit f0aaca0
+
+- Update
+  patches.suse/netdevsim-avoid-potential-loop-in-nsim_dev_trap_repo.patch
+  (git-fixes CVE-2024-26681 bsc#1222431).
+- commit 12b3ceb
+
+- Update patches.suse/wifi-iwlwifi-fix-double-free-bug.patch
+  (git-fixes CVE-2024-26694 bsc#1222466).
+- commit 5048255
+
+- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
+  (bsc#1219264 CVE-2024-0841).
+- commit 440934e
+
+- Update
+  patches.suse/HID-i2c-hid-of-fix-NULL-deref-on-failed-power-up.patch
+  (git-fixes CVE-2024-26717 bsc#1222360).
+- Update
+  patches.suse/arm64-entry-fix-ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD.patch
+  (git-fixes CVE-2024-26670 bsc#1222356).
+- Update
+  patches.suse/crypto-ccp-Fix-null-pointer-dereference-in-__sev_pla.patch
+  (git-fixes CVE-2024-26695 bsc#1222373).
+- Update
+  patches.suse/dpll-fix-possible-deadlock-during-netlink-dump-opera.patch
+  (jsc#PED-6079 CVE-2024-26725 bsc#1222369).
+- Update
+  patches.suse/drm-amd-display-Add-NULL-test-for-timing-generator-i.patch
+  (git-fixes CVE-2024-26661 bsc#1222323).
+- Update
+  patches.suse/drm-amd-display-Fix-panel_cntl-could-be-null-in-dcn2.patch
+  (git-fixes CVE-2024-26662 bsc#1222324).
+- Update
+  patches.suse/drm-amd-display-Implement-bounds-check-for-stream-en.patch
+  (git-fixes CVE-2024-26660 bsc#1222266).
+- Update
+  patches.suse/drm-amd-display-fix-null-pointer-dereference-on-edid.patch
+  (git-fixes CVE-2024-26728 bsc#1222370).
+- Update
+  patches.suse/drm-amdgpu-Fix-variable-mca_funcs-dereferenced-befor.patch
+  (git-fixes CVE-2024-26672 bsc#1222358).
+- Update
+  patches.suse/drm-i915-dsc-Fix-the-macro-that-calculates-DSCC_-DSC.patch
+  (git-fixes CVE-2024-26721 bsc#1222365).
+- Update
+  patches.suse/drm-msm-dpu-check-for-valid-hw_pp-in-dpu_encoder_hel.patch
+  (git-fixes CVE-2024-26667 bsc#1222331).
+- Update
+  patches.suse/hwmon-coretemp-Fix-out-of-bounds-memory-access.patch
+  (git-fixes CVE-2024-26664 bsc#1222355).
+- Update
+  patches.suse/lan966x-Fix-crash-when-adding-interface-under-a-lag.patch
+  (git-fixes CVE-2024-26723 bsc#1222367).
+- Update
+  patches.suse/mm-writeback-fix-possible-divide-by-zero-in-wb_dirty_limits-again.patch
+  (git-fixes CVE-2024-26720 bsc#1222364).
+- Update
+  patches.suse/msft-hv-2940-hv_netvsc-Fix-race-condition-between-netvsc_probe-an.patch
+  (git-fixes CVE-2024-26698 bsc#1222374).
+- Update
+  patches.suse/sr9800-Add-check-for-usbnet_get_endpoints.patch
+  (git-fixes CVE-2024-26651 bsc#1221337).
+- Update
+  patches.suse/usb-core-Prevent-null-pointer-dereference-in-update_.patch
+  (git-fixes CVE-2024-26716 bsc#1222359).
+- Update
+  patches.suse/wifi-mac80211-fix-RCU-use-in-TDLS-fast-xmit.patch
+  (git-fixes CVE-2024-26666 bsc#1222293).
+- Update
+  patches.suse/xhci-handle-isoc-Babble-and-Buffer-Overrun-events-pr.patch
+  (git-fixes CVE-2024-26659 bsc#1222317).
+- commit 967a843
+
+- Update
+  patches.suse/KVM-s390-vsie-fix-race-during-shadow-creation.patch
+  (git-fixes bsc#1219810 CVE-2023-52639 bsc#1222300).
+- Update
+  patches.suse/can-j1939-Fix-UAF-in-j1939_sk_match_filter-during-se.patch
+  (git-fixes CVE-2023-52637 bsc#1222291).
+- Update
+  patches.suse/can-j1939-prevent-deadlock-by-changing-j1939_socks_l.patch
+  (git-fixes CVE-2023-52638 bsc#1222299).
+- Update
+  patches.suse/drm-amd-display-Fix-disable_otg_wa-logic.patch
+  (git-fixes CVE-2023-52634 bsc#1222278).
+- Update
+  patches.suse/drm-amd-display-Refactor-DMCUB-enter-exit-idle-inter.patch
+  (git-fixes CVE-2023-52625 bsc#1222085).
+- Update
+  patches.suse/drm-amd-display-Wake-DMCUB-before-executing-GPINT-co.patch
+  (git-fixes CVE-2023-52624 bsc#1222083).
+- Update
+  patches.suse/drm-amdkfd-Fix-lock-dependency-warning-with-srcu.patch
+  (git-fixes CVE-2023-52632 bsc#1222274).
+- Update
+  patches.suse/libceph-just-wait-for-more-data-to-be-available-on-th.patch
+  (bsc#1221390 CVE-2023-52636 bsc#1222247).
+- Update
+  patches.suse/netfilter-nftables-exthdr-fix-4-byte-stack-OOB-write.patch
+  (CVE-2023-4881 bsc#1215221 CVE-2023-52628 bsc#1222117).
+- commit dc877fc
+
+- selinux: saner handling of policy reloads (bsc#1222230).
+- commit 35fdf2d
+
+- Move upstreamed patches into sorted section
+- commit ebe113d
+
+- blacklist.conf: fbdev: flush deferred IO before closing (bsc#1221814)
+- commit 6339fe4
+
+- netfilter: nf_tables: skip set commit for deleted/destroyed sets
+  (CVE-2024-0193 bsc#1218495).
+- commit e7bf1c3
+
+- Revert "fbdev: flush deferred IO before closing (git-fixes)." (bsc#1221814)
+  This reverts commit 81476d7e609a6d383f3d404542eebc93cebd0a4d.
+  This fixes bsc#1221814
+- commit a7a9087
+
+- net: pds_core: Fix possible double free in error handling path
+  (git-fixes).
+- commit 2613145
+
kernel-debug
+- Update kabi files: updated for post-PublicRC
+- commit f978f5f
+
+- Update
+  patches.suse/Bluetooth-btrtl-fix-out-of-bounds-memory-access.patch
+  (git-fixes CVE-2024-26890 bsc#1223192).
+- Update
+  patches.suse/RDMA-mlx5-Fix-fortify-source-warning-while-accessing.patch
+  (jsc#PED-3311 CVE-2024-26907 bsc#1223203).
+- Update
+  patches.suse/Revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-e.patch
+  (git-fixes CVE-2024-26916 bsc#1223137).
+- Update
+  patches.suse/crypto-xilinx-call-finalize-with-bh-disabled.patch
+  (git-fixes CVE-2024-26877 bsc#1223140).
+- Update
+  patches.suse/dm-call-the-resume-method-on-internal-suspend-65e8.patch
+  (git-fixes CVE-2024-26880 bsc#1223188).
+- Update
+  patches.suse/drm-amd-display-Fix-dcn35-8k30-Underflow-Corruption-.patch
+  (git-fixes CVE-2024-26913 bsc#1223204).
+- Update
+  patches.suse/drm-amd-display-fix-incorrect-mpc_combine-array-size.patch
+  (git-fixes CVE-2024-26914 bsc#1223205).
+- Update patches.suse/drm-amdgpu-Reset-IH-OVERFLOW_CLEAR-bit.patch
+  (git-fixes CVE-2024-26915 bsc#1223207).
+- Update
+  patches.suse/firmware-arm_scmi-Fix-double-free-in-SMC-transport-c.patch
+  (git-fixes CVE-2024-26893 bsc#1223196).
+- Update
+  patches.suse/net-tls-fix-use-after-free-with-partial-reads-and-as.patch
+  (bsc#1221858 CVE-2024-26582 bsc#1220214).
+- Update
+  patches.suse/wifi-ath9k-delay-all-of-ath9k_wmi_event_tasklet-unti.patch
+  (git-fixes CVE-2024-26897 bsc#1223323).
+- Update
+  patches.suse/wifi-mt76-mt7921e-fix-use-after-free-in-free_irq.patch
+  (git-fixes CVE-2024-26892 bsc#1223195).
+- Update
+  patches.suse/wifi-wilc1000-prevent-use-after-free-on-vif-when-cle.patch
+  (git-fixes CVE-2024-26895 bsc#1223197).
+- commit d9b565f
+
+- Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing
+  Adv Monitor (bsc#1219216).
+- commit 81c5485
+
+- Update
+  patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch
+  (bsc#1219264 CVE-2024-0841 CVE-2024-26688 bsc#1222482).
+- Update
+  patches.suse/0002-iommu-vt-d-Don-t-issue-ATS-Invalidation-request-when.patch
+  (git-fixes CVE-2024-26891 bsc#1223037).
+- Update
+  patches.suse/ACPI-processor_idle-Fix-memory-leak-in-acpi_processo.patch
+  (git-fixes CVE-2024-26894 bsc#1223043).
+- Update
+  patches.suse/ASoC-qcom-Fix-uninitialized-pointer-dmactl.patch
+  (git-fixes CVE-2024-26799 bsc#1222415).
+- Update
+  patches.suse/Bluetooth-Avoid-potential-use-after-free-in-hci_erro.patch
+  (git-fixes CVE-2024-26801 bsc#1222413).
+- Update patches.suse/Bluetooth-af_bluetooth-Fix-deadlock.patch
+  (git-fixes CVE-2024-26886 bsc#1223044).
+- Update
+  patches.suse/IB-hfi1-Fix-a-memleak-in-init_credit_return.patch
+  (git-fixes CVE-2024-26839 bsc#1222975).
+- Update
+  patches.suse/RDMA-irdma-Fix-KASAN-issue-with-tasklet.patch
+  (git-fixes CVE-2024-26838 bsc#1222974).
+- Update
+  patches.suse/RDMA-srpt-Do-not-register-event-handler-until-srpt-d.patch
+  (git-fixes CVE-2024-26872 bsc#1223115).
+- Update
+  patches.suse/afs-Fix-endless-loop-in-directory-parsing.patch
+  (git-fixes CVE-2024-26848 bsc#1223030).
+- Update
+  patches.suse/afs-Increase-buffer-size-in-afs_update_volume_status.patch
+  (git-fixes CVE-2024-26736 bsc#1222586).
+- Update
+  patches.suse/btrfs-fix-double-free-of-anonymous-device-after-snap.patch
+  (bsc#1219126 CVE-2024-23850 CVE-2024-26792 bsc#1222430).
+- Update
+  patches.suse/cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch
+  (bsc#1220265 CVE-2024-26840 bsc#1222976).
+- Update
+  patches.suse/ceph-prevent-use-after-free-in-encode_cap_msg.patch
+  (bsc#1221391 CVE-2024-26689 bsc#1222503).
+- Update
+  patches.suse/clk-meson-Add-missing-clocks-to-axg_clk_regmaps.patch
+  (git-fixes CVE-2024-26879 bsc#1223066).
+- Update
+  patches.suse/crypto-algif_hash-Remove-bogus-SGL-free-on-zero-leng.patch
+  (git-fixes CVE-2024-26824 bsc#1223081).
+- Update
+  patches.suse/dmaengine-fsl-qdma-init-irq-after-reg-initialization.patch
+  (git-fixes CVE-2024-26788 bsc#1222783).
+- Update
+  patches.suse/dmaengine-idxd-Ensure-safe-user-copy-of-completion-r.patch
+  (bsc#1221428 git-fixes CVE-2024-26746 bsc#1222444).
+- Update
+  patches.suse/drm-amd-display-Fix-MST-Null-Ptr-for-RV.patch
+  (git-fixes CVE-2024-26700 bsc#1222870).
+- Update
+  patches.suse/drm-amd-display-Fix-memory-leak-in-dm_sw_fini.patch
+  (git-fixes CVE-2024-26833 bsc#1223036).
+- Update
+  patches.suse/drm-amd-display-Fix-potential-null-pointer-dereferen.patch
+  (git-fixes CVE-2024-26729 bsc#1222552).
+- Update
+  patches.suse/drm-amd-display-Prevent-potential-buffer-overflow-in.patch
+  (git-fixes CVE-2024-26797 bsc#1222425).
+- Update
+  patches.suse/drm-bridge-adv7511-fix-crash-on-irq-during-probe.patch
+  (git-fixes CVE-2024-26876 bsc#1223119).
+- Update
+  patches.suse/drm-buddy-Fix-alloc_range-error-handling-code.patch
+  (git-fixes CVE-2024-26911 bsc#1223055).
+- Update
+  patches.suse/drm-mediatek-Fix-a-null-pointer-crash-in-mtk_drm_crt.patch
+  (git-fixes CVE-2024-26874 bsc#1223048).
+- Update
+  patches.suse/drm-nouveau-fix-several-DMA-buffer-leaks.patch
+  (git-fixes CVE-2024-26912 bsc#1223064).
+- Update
+  patches.suse/efi-runtime-Fix-potential-overflow-of-soft-reserved-.patch
+  (git-fixes CVE-2024-26843 bsc#1223014).
+- Update
+  patches.suse/fbcon-always-restore-the-old-font-data-in-fbcon_do_s.patch
+  (git-fixes CVE-2024-26798 bsc#1222798).
+- Update
+  patches.suse/i40e-Do-not-allow-untrusted-VF-to-remove-administrat.patch
+  (git-fixes CVE-2024-26830 bsc#1223012).
+- Update
+  patches.suse/iio-adc-ad4130-zero-initialize-clock-init-data.patch
+  (git-fixes CVE-2024-26711 bsc#1222420).
+- Update
+  patches.suse/md-Don-t-suspend-the-array-for-interrupted-reshape-9e46.patch
+  (git-fixes CVE-2024-26755 bsc#1222529).
+- Update patches.suse/media-ir_toy-fix-a-memleak-in-irtoy_tx.patch
+  (git-fixes CVE-2024-26829 bsc#1223027).
+- Update
+  patches.suse/media-pvrusb2-fix-uaf-in-pvr2_context_set_notify.patch
+  (git-fixes CVE-2024-26875 bsc#1223118).
+- Update
+  patches.suse/msft-hv-2942-hv_netvsc-Register-VF-in-netvsc_probe-if-NET_DEVICE_.patch
+  (git-fixes CVE-2024-26820 bsc#1223078).
+- Update
+  patches.suse/net-bnx2x-Prevent-access-to-a-freed-page-in-page_poo.patch
+  (bsc#1215322 CVE-2024-26859 bsc#1223049).
+- Update
+  patches.suse/net-veth-clear-GRO-when-clearing-XDP-even-when-down.patch
+  (git-fixes CVE-2024-26803 bsc#1222788).
+- Update
+  patches.suse/nfc-nci-free-rx_data_reassembly-skb-on-NCI-device-cl.patch
+  (git-fixes CVE-2024-26825 bsc#1223065).
+- Update
+  patches.suse/nilfs2-fix-data-corruption-in-dsync-block-recovery-f.patch
+  (git-fixes CVE-2024-26697 bsc#1222550).
+- Update
+  patches.suse/nilfs2-fix-hang-in-nilfs_lookup_dirty_data_buffers.patch
+  (git-fixes CVE-2024-26696 bsc#1222549).
+- Update
+  patches.suse/powerpc-iommu-Fix-the-missing-iommu_group_put-during.patch
+  (jsc#PED-7779 jsc#PED-7780 git-fixes CVE-2024-26709
+  bsc#1222418).
+- Update
+  patches.suse/powerpc-kasan-Limit-KASAN-thread-size-increase-to-32.patch
+  (bsc#1215199 CVE-2024-26710 bsc#1222419).
+- Update
+  patches.suse/powerpc-pseries-iommu-DLPAR-add-doesn-t-completely-i.patch
+  (bsc#1215199 bsc#1219077 ltc#204477 CVE-2024-26738 bsc#1222607).
+- Update
+  patches.suse/powerpc-rtas-use-correct-function-name-for-resetting.patch
+  (bsc#1215199 CVE-2024-26847 bsc#1223026).
+- Update patches.suse/ppp_async-limit-MRU-to-64K.patch (git-fixes
+  CVE-2024-26675 bsc#1222379).
+- Update
+  patches.suse/scsi-Revert-scsi-fcoe-Fix-potential-deadlock-on-fip-ctlr_lock.patch
+  (git-fixes bsc#1219141 CVE-2024-26917 bsc#1223056).
+- Update
+  patches.suse/wifi-iwlwifi-mvm-fix-a-crash-when-we-run-out-of-stat.patch
+  (git-fixes CVE-2024-26693 bsc#1222451).
+- Update
+  patches.suse/wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch
+  (git-fixes CVE-2024-26779 bsc#1222772).
+- Update
+  patches.suse/wifi-wfx-fix-memory-leak-when-starting-AP.patch
+  (git-fixes CVE-2024-26896 bsc#1223042).
+- Update
+  patches.suse/xen-events-close-evtchn-after-mapping-cleanup.patch
+  (git-fixes CVE-2024-26687 bsc#1222435).
+- commit a69636a
+
+- Update
+  patches.suse/iio-core-fix-memleak-in-iio_device_register_sysfs.patch
+  (git-fixes CVE-2023-52643 bsc#1222960).
+- Update
+  patches.suse/media-rc-bpf-attach-detach-requires-write-permission.patch
+  (git-fixes CVE-2023-52642 bsc#1223031).
+- Update
+  patches.suse/wifi-b43-Stop-wake-correct-queue-in-DMA-Tx-path-when.patch
+  (git-fixes CVE-2023-52644 bsc#1222961).
+- commit 2c2d37f
+
+- Update patch reference of iio fix (CVE-2024-26702 bsc#1222424)
+- commit 9436142
+
+- nvme-tcp: strict pdu pacing to avoid send stalls on TLS
+  (bsc#1221858).
+- tls: fix peeking with sync+async decryption (bsc#1221858).
+- tls: don't skip over different type records from the rx_list
+  (bsc#1221858).
+- tls: stop recv() if initial process_rx_list gave us non-DATA
+  (bsc#1221858).
+- tls: break out of main loop when PEEK gets a non-data record
+  (bsc#1221858).
+- net: tls: fix returned read length with async decrypt
+  (bsc#1221858).
+- net: tls: fix use-after-free with partial reads and async
+  (bsc#1221858).
+- net: tls, fix WARNIING in __sk_msg_free (bsc#1221858).
+- commit 9d8d293
+
kernel-default
+- Update kabi files: updated for post-PublicRC
+- commit f978f5f
+
+- Update
+  patches.suse/Bluetooth-btrtl-fix-out-of-bounds-memory-access.patch
+  (git-fixes CVE-2024-26890 bsc#1223192).
+- Update
+  patches.suse/RDMA-mlx5-Fix-fortify-source-warning-while-accessing.patch
+  (jsc#PED-3311 CVE-2024-26907 bsc#1223203).
+- Update
+  patches.suse/Revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-e.patch
+  (git-fixes CVE-2024-26916 bsc#1223137).
+- Update
+  patches.suse/crypto-xilinx-call-finalize-with-bh-disabled.patch
+  (git-fixes CVE-2024-26877 bsc#1223140).
+- Update
+  patches.suse/dm-call-the-resume-method-on-internal-suspend-65e8.patch
+  (git-fixes CVE-2024-26880 bsc#1223188).
+- Update
+  patches.suse/drm-amd-display-Fix-dcn35-8k30-Underflow-Corruption-.patch
+  (git-fixes CVE-2024-26913 bsc#1223204).
+- Update
+  patches.suse/drm-amd-display-fix-incorrect-mpc_combine-array-size.patch
+  (git-fixes CVE-2024-26914 bsc#1223205).
+- Update patches.suse/drm-amdgpu-Reset-IH-OVERFLOW_CLEAR-bit.patch
+  (git-fixes CVE-2024-26915 bsc#1223207).
+- Update
+  patches.suse/firmware-arm_scmi-Fix-double-free-in-SMC-transport-c.patch
+  (git-fixes CVE-2024-26893 bsc#1223196).
+- Update
+  patches.suse/net-tls-fix-use-after-free-with-partial-reads-and-as.patch
+  (bsc#1221858 CVE-2024-26582 bsc#1220214).
+- Update
+  patches.suse/wifi-ath9k-delay-all-of-ath9k_wmi_event_tasklet-unti.patch
+  (git-fixes CVE-2024-26897 bsc#1223323).
+- Update
+  patches.suse/wifi-mt76-mt7921e-fix-use-after-free-in-free_irq.patch
+  (git-fixes CVE-2024-26892 bsc#1223195).
+- Update
+  patches.suse/wifi-wilc1000-prevent-use-after-free-on-vif-when-cle.patch
+  (git-fixes CVE-2024-26895 bsc#1223197).
+- commit d9b565f
+
+- Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing
+  Adv Monitor (bsc#1219216).
+- commit 81c5485
+
+- Update
+  patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch
+  (bsc#1219264 CVE-2024-0841 CVE-2024-26688 bsc#1222482).
+- Update
+  patches.suse/0002-iommu-vt-d-Don-t-issue-ATS-Invalidation-request-when.patch
+  (git-fixes CVE-2024-26891 bsc#1223037).
+- Update
+  patches.suse/ACPI-processor_idle-Fix-memory-leak-in-acpi_processo.patch
+  (git-fixes CVE-2024-26894 bsc#1223043).
+- Update
+  patches.suse/ASoC-qcom-Fix-uninitialized-pointer-dmactl.patch
+  (git-fixes CVE-2024-26799 bsc#1222415).
+- Update
+  patches.suse/Bluetooth-Avoid-potential-use-after-free-in-hci_erro.patch
+  (git-fixes CVE-2024-26801 bsc#1222413).
+- Update patches.suse/Bluetooth-af_bluetooth-Fix-deadlock.patch
+  (git-fixes CVE-2024-26886 bsc#1223044).
+- Update
+  patches.suse/IB-hfi1-Fix-a-memleak-in-init_credit_return.patch
+  (git-fixes CVE-2024-26839 bsc#1222975).
+- Update
+  patches.suse/RDMA-irdma-Fix-KASAN-issue-with-tasklet.patch
+  (git-fixes CVE-2024-26838 bsc#1222974).
+- Update
+  patches.suse/RDMA-srpt-Do-not-register-event-handler-until-srpt-d.patch
+  (git-fixes CVE-2024-26872 bsc#1223115).
+- Update
+  patches.suse/afs-Fix-endless-loop-in-directory-parsing.patch
+  (git-fixes CVE-2024-26848 bsc#1223030).
+- Update
+  patches.suse/afs-Increase-buffer-size-in-afs_update_volume_status.patch
+  (git-fixes CVE-2024-26736 bsc#1222586).
+- Update
+  patches.suse/btrfs-fix-double-free-of-anonymous-device-after-snap.patch
+  (bsc#1219126 CVE-2024-23850 CVE-2024-26792 bsc#1222430).
+- Update
+  patches.suse/cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch
+  (bsc#1220265 CVE-2024-26840 bsc#1222976).
+- Update
+  patches.suse/ceph-prevent-use-after-free-in-encode_cap_msg.patch
+  (bsc#1221391 CVE-2024-26689 bsc#1222503).
+- Update
+  patches.suse/clk-meson-Add-missing-clocks-to-axg_clk_regmaps.patch
+  (git-fixes CVE-2024-26879 bsc#1223066).
+- Update
+  patches.suse/crypto-algif_hash-Remove-bogus-SGL-free-on-zero-leng.patch
+  (git-fixes CVE-2024-26824 bsc#1223081).
+- Update
+  patches.suse/dmaengine-fsl-qdma-init-irq-after-reg-initialization.patch
+  (git-fixes CVE-2024-26788 bsc#1222783).
+- Update
+  patches.suse/dmaengine-idxd-Ensure-safe-user-copy-of-completion-r.patch
+  (bsc#1221428 git-fixes CVE-2024-26746 bsc#1222444).
+- Update
+  patches.suse/drm-amd-display-Fix-MST-Null-Ptr-for-RV.patch
+  (git-fixes CVE-2024-26700 bsc#1222870).
+- Update
+  patches.suse/drm-amd-display-Fix-memory-leak-in-dm_sw_fini.patch
+  (git-fixes CVE-2024-26833 bsc#1223036).
+- Update
+  patches.suse/drm-amd-display-Fix-potential-null-pointer-dereferen.patch
+  (git-fixes CVE-2024-26729 bsc#1222552).
+- Update
+  patches.suse/drm-amd-display-Prevent-potential-buffer-overflow-in.patch
+  (git-fixes CVE-2024-26797 bsc#1222425).
+- Update
+  patches.suse/drm-bridge-adv7511-fix-crash-on-irq-during-probe.patch
+  (git-fixes CVE-2024-26876 bsc#1223119).
+- Update
+  patches.suse/drm-buddy-Fix-alloc_range-error-handling-code.patch
+  (git-fixes CVE-2024-26911 bsc#1223055).
+- Update
+  patches.suse/drm-mediatek-Fix-a-null-pointer-crash-in-mtk_drm_crt.patch
+  (git-fixes CVE-2024-26874 bsc#1223048).
+- Update
+  patches.suse/drm-nouveau-fix-several-DMA-buffer-leaks.patch
+  (git-fixes CVE-2024-26912 bsc#1223064).
+- Update
+  patches.suse/efi-runtime-Fix-potential-overflow-of-soft-reserved-.patch
+  (git-fixes CVE-2024-26843 bsc#1223014).
+- Update
+  patches.suse/fbcon-always-restore-the-old-font-data-in-fbcon_do_s.patch
+  (git-fixes CVE-2024-26798 bsc#1222798).
+- Update
+  patches.suse/i40e-Do-not-allow-untrusted-VF-to-remove-administrat.patch
+  (git-fixes CVE-2024-26830 bsc#1223012).
+- Update
+  patches.suse/iio-adc-ad4130-zero-initialize-clock-init-data.patch
+  (git-fixes CVE-2024-26711 bsc#1222420).
+- Update
+  patches.suse/md-Don-t-suspend-the-array-for-interrupted-reshape-9e46.patch
+  (git-fixes CVE-2024-26755 bsc#1222529).
+- Update patches.suse/media-ir_toy-fix-a-memleak-in-irtoy_tx.patch
+  (git-fixes CVE-2024-26829 bsc#1223027).
+- Update
+  patches.suse/media-pvrusb2-fix-uaf-in-pvr2_context_set_notify.patch
+  (git-fixes CVE-2024-26875 bsc#1223118).
+- Update
+  patches.suse/msft-hv-2942-hv_netvsc-Register-VF-in-netvsc_probe-if-NET_DEVICE_.patch
+  (git-fixes CVE-2024-26820 bsc#1223078).
+- Update
+  patches.suse/net-bnx2x-Prevent-access-to-a-freed-page-in-page_poo.patch
+  (bsc#1215322 CVE-2024-26859 bsc#1223049).
+- Update
+  patches.suse/net-veth-clear-GRO-when-clearing-XDP-even-when-down.patch
+  (git-fixes CVE-2024-26803 bsc#1222788).
+- Update
+  patches.suse/nfc-nci-free-rx_data_reassembly-skb-on-NCI-device-cl.patch
+  (git-fixes CVE-2024-26825 bsc#1223065).
+- Update
+  patches.suse/nilfs2-fix-data-corruption-in-dsync-block-recovery-f.patch
+  (git-fixes CVE-2024-26697 bsc#1222550).
+- Update
+  patches.suse/nilfs2-fix-hang-in-nilfs_lookup_dirty_data_buffers.patch
+  (git-fixes CVE-2024-26696 bsc#1222549).
+- Update
+  patches.suse/powerpc-iommu-Fix-the-missing-iommu_group_put-during.patch
+  (jsc#PED-7779 jsc#PED-7780 git-fixes CVE-2024-26709
+  bsc#1222418).
+- Update
+  patches.suse/powerpc-kasan-Limit-KASAN-thread-size-increase-to-32.patch
+  (bsc#1215199 CVE-2024-26710 bsc#1222419).
+- Update
+  patches.suse/powerpc-pseries-iommu-DLPAR-add-doesn-t-completely-i.patch
+  (bsc#1215199 bsc#1219077 ltc#204477 CVE-2024-26738 bsc#1222607).
+- Update
+  patches.suse/powerpc-rtas-use-correct-function-name-for-resetting.patch
+  (bsc#1215199 CVE-2024-26847 bsc#1223026).
+- Update patches.suse/ppp_async-limit-MRU-to-64K.patch (git-fixes
+  CVE-2024-26675 bsc#1222379).
+- Update
+  patches.suse/scsi-Revert-scsi-fcoe-Fix-potential-deadlock-on-fip-ctlr_lock.patch
+  (git-fixes bsc#1219141 CVE-2024-26917 bsc#1223056).
+- Update
+  patches.suse/wifi-iwlwifi-mvm-fix-a-crash-when-we-run-out-of-stat.patch
+  (git-fixes CVE-2024-26693 bsc#1222451).
+- Update
+  patches.suse/wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch
+  (git-fixes CVE-2024-26779 bsc#1222772).
+- Update
+  patches.suse/wifi-wfx-fix-memory-leak-when-starting-AP.patch
+  (git-fixes CVE-2024-26896 bsc#1223042).
+- Update
+  patches.suse/xen-events-close-evtchn-after-mapping-cleanup.patch
+  (git-fixes CVE-2024-26687 bsc#1222435).
+- commit a69636a
+
+- Update
+  patches.suse/iio-core-fix-memleak-in-iio_device_register_sysfs.patch
+  (git-fixes CVE-2023-52643 bsc#1222960).
+- Update
+  patches.suse/media-rc-bpf-attach-detach-requires-write-permission.patch
+  (git-fixes CVE-2023-52642 bsc#1223031).
+- Update
+  patches.suse/wifi-b43-Stop-wake-correct-queue-in-DMA-Tx-path-when.patch
+  (git-fixes CVE-2023-52644 bsc#1222961).
+- commit 2c2d37f
+
+- Update patch reference of iio fix (CVE-2024-26702 bsc#1222424)
+- commit 9436142
+
+- nvme-tcp: strict pdu pacing to avoid send stalls on TLS
+  (bsc#1221858).
+- tls: fix peeking with sync+async decryption (bsc#1221858).
+- tls: don't skip over different type records from the rx_list
+  (bsc#1221858).
+- tls: stop recv() if initial process_rx_list gave us non-DATA
+  (bsc#1221858).
+- tls: break out of main loop when PEEK gets a non-data record
+  (bsc#1221858).
+- net: tls: fix returned read length with async decrypt
+  (bsc#1221858).
+- net: tls: fix use-after-free with partial reads and async
+  (bsc#1221858).
+- net: tls, fix WARNIING in __sk_msg_free (bsc#1221858).
+- commit 9d8d293
+
kernel-docs
+- Update kabi files: updated for post-PublicRC
+- commit f978f5f
+
+- Update
+  patches.suse/Bluetooth-btrtl-fix-out-of-bounds-memory-access.patch
+  (git-fixes CVE-2024-26890 bsc#1223192).
+- Update
+  patches.suse/RDMA-mlx5-Fix-fortify-source-warning-while-accessing.patch
+  (jsc#PED-3311 CVE-2024-26907 bsc#1223203).
+- Update
+  patches.suse/Revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-e.patch
+  (git-fixes CVE-2024-26916 bsc#1223137).
+- Update
+  patches.suse/crypto-xilinx-call-finalize-with-bh-disabled.patch
+  (git-fixes CVE-2024-26877 bsc#1223140).
+- Update
+  patches.suse/dm-call-the-resume-method-on-internal-suspend-65e8.patch
+  (git-fixes CVE-2024-26880 bsc#1223188).
+- Update
+  patches.suse/drm-amd-display-Fix-dcn35-8k30-Underflow-Corruption-.patch
+  (git-fixes CVE-2024-26913 bsc#1223204).
+- Update
+  patches.suse/drm-amd-display-fix-incorrect-mpc_combine-array-size.patch
+  (git-fixes CVE-2024-26914 bsc#1223205).
+- Update patches.suse/drm-amdgpu-Reset-IH-OVERFLOW_CLEAR-bit.patch
+  (git-fixes CVE-2024-26915 bsc#1223207).
+- Update
+  patches.suse/firmware-arm_scmi-Fix-double-free-in-SMC-transport-c.patch
+  (git-fixes CVE-2024-26893 bsc#1223196).
+- Update
+  patches.suse/net-tls-fix-use-after-free-with-partial-reads-and-as.patch
+  (bsc#1221858 CVE-2024-26582 bsc#1220214).
+- Update
+  patches.suse/wifi-ath9k-delay-all-of-ath9k_wmi_event_tasklet-unti.patch
+  (git-fixes CVE-2024-26897 bsc#1223323).
+- Update
+  patches.suse/wifi-mt76-mt7921e-fix-use-after-free-in-free_irq.patch
+  (git-fixes CVE-2024-26892 bsc#1223195).
+- Update
+  patches.suse/wifi-wilc1000-prevent-use-after-free-on-vif-when-cle.patch
+  (git-fixes CVE-2024-26895 bsc#1223197).
+- commit d9b565f
+
+- Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing
+  Adv Monitor (bsc#1219216).
+- commit 81c5485
+
+- Update
+  patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch
+  (bsc#1219264 CVE-2024-0841 CVE-2024-26688 bsc#1222482).
+- Update
+  patches.suse/0002-iommu-vt-d-Don-t-issue-ATS-Invalidation-request-when.patch
+  (git-fixes CVE-2024-26891 bsc#1223037).
+- Update
+  patches.suse/ACPI-processor_idle-Fix-memory-leak-in-acpi_processo.patch
+  (git-fixes CVE-2024-26894 bsc#1223043).
+- Update
+  patches.suse/ASoC-qcom-Fix-uninitialized-pointer-dmactl.patch
+  (git-fixes CVE-2024-26799 bsc#1222415).
+- Update
+  patches.suse/Bluetooth-Avoid-potential-use-after-free-in-hci_erro.patch
+  (git-fixes CVE-2024-26801 bsc#1222413).
+- Update patches.suse/Bluetooth-af_bluetooth-Fix-deadlock.patch
+  (git-fixes CVE-2024-26886 bsc#1223044).
+- Update
+  patches.suse/IB-hfi1-Fix-a-memleak-in-init_credit_return.patch
+  (git-fixes CVE-2024-26839 bsc#1222975).
+- Update
+  patches.suse/RDMA-irdma-Fix-KASAN-issue-with-tasklet.patch
+  (git-fixes CVE-2024-26838 bsc#1222974).
+- Update
+  patches.suse/RDMA-srpt-Do-not-register-event-handler-until-srpt-d.patch
+  (git-fixes CVE-2024-26872 bsc#1223115).
+- Update
+  patches.suse/afs-Fix-endless-loop-in-directory-parsing.patch
+  (git-fixes CVE-2024-26848 bsc#1223030).
+- Update
+  patches.suse/afs-Increase-buffer-size-in-afs_update_volume_status.patch
+  (git-fixes CVE-2024-26736 bsc#1222586).
+- Update
+  patches.suse/btrfs-fix-double-free-of-anonymous-device-after-snap.patch
+  (bsc#1219126 CVE-2024-23850 CVE-2024-26792 bsc#1222430).
+- Update
+  patches.suse/cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch
+  (bsc#1220265 CVE-2024-26840 bsc#1222976).
+- Update
+  patches.suse/ceph-prevent-use-after-free-in-encode_cap_msg.patch
+  (bsc#1221391 CVE-2024-26689 bsc#1222503).
+- Update
+  patches.suse/clk-meson-Add-missing-clocks-to-axg_clk_regmaps.patch
+  (git-fixes CVE-2024-26879 bsc#1223066).
+- Update
+  patches.suse/crypto-algif_hash-Remove-bogus-SGL-free-on-zero-leng.patch
+  (git-fixes CVE-2024-26824 bsc#1223081).
+- Update
+  patches.suse/dmaengine-fsl-qdma-init-irq-after-reg-initialization.patch
+  (git-fixes CVE-2024-26788 bsc#1222783).
+- Update
+  patches.suse/dmaengine-idxd-Ensure-safe-user-copy-of-completion-r.patch
+  (bsc#1221428 git-fixes CVE-2024-26746 bsc#1222444).
+- Update
+  patches.suse/drm-amd-display-Fix-MST-Null-Ptr-for-RV.patch
+  (git-fixes CVE-2024-26700 bsc#1222870).
+- Update
+  patches.suse/drm-amd-display-Fix-memory-leak-in-dm_sw_fini.patch
+  (git-fixes CVE-2024-26833 bsc#1223036).
+- Update
+  patches.suse/drm-amd-display-Fix-potential-null-pointer-dereferen.patch
+  (git-fixes CVE-2024-26729 bsc#1222552).
+- Update
+  patches.suse/drm-amd-display-Prevent-potential-buffer-overflow-in.patch
+  (git-fixes CVE-2024-26797 bsc#1222425).
+- Update
+  patches.suse/drm-bridge-adv7511-fix-crash-on-irq-during-probe.patch
+  (git-fixes CVE-2024-26876 bsc#1223119).
+- Update
+  patches.suse/drm-buddy-Fix-alloc_range-error-handling-code.patch
+  (git-fixes CVE-2024-26911 bsc#1223055).
+- Update
+  patches.suse/drm-mediatek-Fix-a-null-pointer-crash-in-mtk_drm_crt.patch
+  (git-fixes CVE-2024-26874 bsc#1223048).
+- Update
+  patches.suse/drm-nouveau-fix-several-DMA-buffer-leaks.patch
+  (git-fixes CVE-2024-26912 bsc#1223064).
+- Update
+  patches.suse/efi-runtime-Fix-potential-overflow-of-soft-reserved-.patch
+  (git-fixes CVE-2024-26843 bsc#1223014).
+- Update
+  patches.suse/fbcon-always-restore-the-old-font-data-in-fbcon_do_s.patch
+  (git-fixes CVE-2024-26798 bsc#1222798).
+- Update
+  patches.suse/i40e-Do-not-allow-untrusted-VF-to-remove-administrat.patch
+  (git-fixes CVE-2024-26830 bsc#1223012).
+- Update
+  patches.suse/iio-adc-ad4130-zero-initialize-clock-init-data.patch
+  (git-fixes CVE-2024-26711 bsc#1222420).
+- Update
+  patches.suse/md-Don-t-suspend-the-array-for-interrupted-reshape-9e46.patch
+  (git-fixes CVE-2024-26755 bsc#1222529).
+- Update patches.suse/media-ir_toy-fix-a-memleak-in-irtoy_tx.patch
+  (git-fixes CVE-2024-26829 bsc#1223027).
+- Update
+  patches.suse/media-pvrusb2-fix-uaf-in-pvr2_context_set_notify.patch
+  (git-fixes CVE-2024-26875 bsc#1223118).
+- Update
+  patches.suse/msft-hv-2942-hv_netvsc-Register-VF-in-netvsc_probe-if-NET_DEVICE_.patch
+  (git-fixes CVE-2024-26820 bsc#1223078).
+- Update
+  patches.suse/net-bnx2x-Prevent-access-to-a-freed-page-in-page_poo.patch
+  (bsc#1215322 CVE-2024-26859 bsc#1223049).
+- Update
+  patches.suse/net-veth-clear-GRO-when-clearing-XDP-even-when-down.patch
+  (git-fixes CVE-2024-26803 bsc#1222788).
+- Update
+  patches.suse/nfc-nci-free-rx_data_reassembly-skb-on-NCI-device-cl.patch
+  (git-fixes CVE-2024-26825 bsc#1223065).
+- Update
+  patches.suse/nilfs2-fix-data-corruption-in-dsync-block-recovery-f.patch
+  (git-fixes CVE-2024-26697 bsc#1222550).
+- Update
+  patches.suse/nilfs2-fix-hang-in-nilfs_lookup_dirty_data_buffers.patch
+  (git-fixes CVE-2024-26696 bsc#1222549).
+- Update
+  patches.suse/powerpc-iommu-Fix-the-missing-iommu_group_put-during.patch
+  (jsc#PED-7779 jsc#PED-7780 git-fixes CVE-2024-26709
+  bsc#1222418).
+- Update
+  patches.suse/powerpc-kasan-Limit-KASAN-thread-size-increase-to-32.patch
+  (bsc#1215199 CVE-2024-26710 bsc#1222419).
+- Update
+  patches.suse/powerpc-pseries-iommu-DLPAR-add-doesn-t-completely-i.patch
+  (bsc#1215199 bsc#1219077 ltc#204477 CVE-2024-26738 bsc#1222607).
+- Update
+  patches.suse/powerpc-rtas-use-correct-function-name-for-resetting.patch
+  (bsc#1215199 CVE-2024-26847 bsc#1223026).
+- Update patches.suse/ppp_async-limit-MRU-to-64K.patch (git-fixes
+  CVE-2024-26675 bsc#1222379).
+- Update
+  patches.suse/scsi-Revert-scsi-fcoe-Fix-potential-deadlock-on-fip-ctlr_lock.patch
+  (git-fixes bsc#1219141 CVE-2024-26917 bsc#1223056).
+- Update
+  patches.suse/wifi-iwlwifi-mvm-fix-a-crash-when-we-run-out-of-stat.patch
+  (git-fixes CVE-2024-26693 bsc#1222451).
+- Update
+  patches.suse/wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch
+  (git-fixes CVE-2024-26779 bsc#1222772).
+- Update
+  patches.suse/wifi-wfx-fix-memory-leak-when-starting-AP.patch
+  (git-fixes CVE-2024-26896 bsc#1223042).
+- Update
+  patches.suse/xen-events-close-evtchn-after-mapping-cleanup.patch
+  (git-fixes CVE-2024-26687 bsc#1222435).
+- commit a69636a
+
+- Update
+  patches.suse/iio-core-fix-memleak-in-iio_device_register_sysfs.patch
+  (git-fixes CVE-2023-52643 bsc#1222960).
+- Update
+  patches.suse/media-rc-bpf-attach-detach-requires-write-permission.patch
+  (git-fixes CVE-2023-52642 bsc#1223031).
+- Update
+  patches.suse/wifi-b43-Stop-wake-correct-queue-in-DMA-Tx-path-when.patch
+  (git-fixes CVE-2023-52644 bsc#1222961).
+- commit 2c2d37f
+
+- Update patch reference of iio fix (CVE-2024-26702 bsc#1222424)
+- commit 9436142
+
+- nvme-tcp: strict pdu pacing to avoid send stalls on TLS
+  (bsc#1221858).
+- tls: fix peeking with sync+async decryption (bsc#1221858).
+- tls: don't skip over different type records from the rx_list
+  (bsc#1221858).
+- tls: stop recv() if initial process_rx_list gave us non-DATA
+  (bsc#1221858).
+- tls: break out of main loop when PEEK gets a non-data record
+  (bsc#1221858).
+- net: tls: fix returned read length with async decrypt
+  (bsc#1221858).
+- net: tls: fix use-after-free with partial reads and async
+  (bsc#1221858).
+- net: tls, fix WARNIING in __sk_msg_free (bsc#1221858).
+- commit 9d8d293
+
kernel-firmware-nvidia-gspx-G06
+- Update to 550.78
+  * addresses boo#1223454
+
kernel-kvmsmall
+- Update kabi files: updated for post-PublicRC
+- commit f978f5f
+
+- Update
+  patches.suse/Bluetooth-btrtl-fix-out-of-bounds-memory-access.patch
+  (git-fixes CVE-2024-26890 bsc#1223192).
+- Update
+  patches.suse/RDMA-mlx5-Fix-fortify-source-warning-while-accessing.patch
+  (jsc#PED-3311 CVE-2024-26907 bsc#1223203).
+- Update
+  patches.suse/Revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-e.patch
+  (git-fixes CVE-2024-26916 bsc#1223137).
+- Update
+  patches.suse/crypto-xilinx-call-finalize-with-bh-disabled.patch
+  (git-fixes CVE-2024-26877 bsc#1223140).
+- Update
+  patches.suse/dm-call-the-resume-method-on-internal-suspend-65e8.patch
+  (git-fixes CVE-2024-26880 bsc#1223188).
+- Update
+  patches.suse/drm-amd-display-Fix-dcn35-8k30-Underflow-Corruption-.patch
+  (git-fixes CVE-2024-26913 bsc#1223204).
+- Update
+  patches.suse/drm-amd-display-fix-incorrect-mpc_combine-array-size.patch
+  (git-fixes CVE-2024-26914 bsc#1223205).
+- Update patches.suse/drm-amdgpu-Reset-IH-OVERFLOW_CLEAR-bit.patch
+  (git-fixes CVE-2024-26915 bsc#1223207).
+- Update
+  patches.suse/firmware-arm_scmi-Fix-double-free-in-SMC-transport-c.patch
+  (git-fixes CVE-2024-26893 bsc#1223196).
+- Update
+  patches.suse/net-tls-fix-use-after-free-with-partial-reads-and-as.patch
+  (bsc#1221858 CVE-2024-26582 bsc#1220214).
+- Update
+  patches.suse/wifi-ath9k-delay-all-of-ath9k_wmi_event_tasklet-unti.patch
+  (git-fixes CVE-2024-26897 bsc#1223323).
+- Update
+  patches.suse/wifi-mt76-mt7921e-fix-use-after-free-in-free_irq.patch
+  (git-fixes CVE-2024-26892 bsc#1223195).
+- Update
+  patches.suse/wifi-wilc1000-prevent-use-after-free-on-vif-when-cle.patch
+  (git-fixes CVE-2024-26895 bsc#1223197).
+- commit d9b565f
+
+- Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing
+  Adv Monitor (bsc#1219216).
+- commit 81c5485
+
+- Update
+  patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch
+  (bsc#1219264 CVE-2024-0841 CVE-2024-26688 bsc#1222482).
+- Update
+  patches.suse/0002-iommu-vt-d-Don-t-issue-ATS-Invalidation-request-when.patch
+  (git-fixes CVE-2024-26891 bsc#1223037).
+- Update
+  patches.suse/ACPI-processor_idle-Fix-memory-leak-in-acpi_processo.patch
+  (git-fixes CVE-2024-26894 bsc#1223043).
+- Update
+  patches.suse/ASoC-qcom-Fix-uninitialized-pointer-dmactl.patch
+  (git-fixes CVE-2024-26799 bsc#1222415).
+- Update
+  patches.suse/Bluetooth-Avoid-potential-use-after-free-in-hci_erro.patch
+  (git-fixes CVE-2024-26801 bsc#1222413).
+- Update patches.suse/Bluetooth-af_bluetooth-Fix-deadlock.patch
+  (git-fixes CVE-2024-26886 bsc#1223044).
+- Update
+  patches.suse/IB-hfi1-Fix-a-memleak-in-init_credit_return.patch
+  (git-fixes CVE-2024-26839 bsc#1222975).
+- Update
+  patches.suse/RDMA-irdma-Fix-KASAN-issue-with-tasklet.patch
+  (git-fixes CVE-2024-26838 bsc#1222974).
+- Update
+  patches.suse/RDMA-srpt-Do-not-register-event-handler-until-srpt-d.patch
+  (git-fixes CVE-2024-26872 bsc#1223115).
+- Update
+  patches.suse/afs-Fix-endless-loop-in-directory-parsing.patch
+  (git-fixes CVE-2024-26848 bsc#1223030).
+- Update
+  patches.suse/afs-Increase-buffer-size-in-afs_update_volume_status.patch
+  (git-fixes CVE-2024-26736 bsc#1222586).
+- Update
+  patches.suse/btrfs-fix-double-free-of-anonymous-device-after-snap.patch
+  (bsc#1219126 CVE-2024-23850 CVE-2024-26792 bsc#1222430).
+- Update
+  patches.suse/cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch
+  (bsc#1220265 CVE-2024-26840 bsc#1222976).
+- Update
+  patches.suse/ceph-prevent-use-after-free-in-encode_cap_msg.patch
+  (bsc#1221391 CVE-2024-26689 bsc#1222503).
+- Update
+  patches.suse/clk-meson-Add-missing-clocks-to-axg_clk_regmaps.patch
+  (git-fixes CVE-2024-26879 bsc#1223066).
+- Update
+  patches.suse/crypto-algif_hash-Remove-bogus-SGL-free-on-zero-leng.patch
+  (git-fixes CVE-2024-26824 bsc#1223081).
+- Update
+  patches.suse/dmaengine-fsl-qdma-init-irq-after-reg-initialization.patch
+  (git-fixes CVE-2024-26788 bsc#1222783).
+- Update
+  patches.suse/dmaengine-idxd-Ensure-safe-user-copy-of-completion-r.patch
+  (bsc#1221428 git-fixes CVE-2024-26746 bsc#1222444).
+- Update
+  patches.suse/drm-amd-display-Fix-MST-Null-Ptr-for-RV.patch
+  (git-fixes CVE-2024-26700 bsc#1222870).
+- Update
+  patches.suse/drm-amd-display-Fix-memory-leak-in-dm_sw_fini.patch
+  (git-fixes CVE-2024-26833 bsc#1223036).
+- Update
+  patches.suse/drm-amd-display-Fix-potential-null-pointer-dereferen.patch
+  (git-fixes CVE-2024-26729 bsc#1222552).
+- Update
+  patches.suse/drm-amd-display-Prevent-potential-buffer-overflow-in.patch
+  (git-fixes CVE-2024-26797 bsc#1222425).
+- Update
+  patches.suse/drm-bridge-adv7511-fix-crash-on-irq-during-probe.patch
+  (git-fixes CVE-2024-26876 bsc#1223119).
+- Update
+  patches.suse/drm-buddy-Fix-alloc_range-error-handling-code.patch
+  (git-fixes CVE-2024-26911 bsc#1223055).
+- Update
+  patches.suse/drm-mediatek-Fix-a-null-pointer-crash-in-mtk_drm_crt.patch
+  (git-fixes CVE-2024-26874 bsc#1223048).
+- Update
+  patches.suse/drm-nouveau-fix-several-DMA-buffer-leaks.patch
+  (git-fixes CVE-2024-26912 bsc#1223064).
+- Update
+  patches.suse/efi-runtime-Fix-potential-overflow-of-soft-reserved-.patch
+  (git-fixes CVE-2024-26843 bsc#1223014).
+- Update
+  patches.suse/fbcon-always-restore-the-old-font-data-in-fbcon_do_s.patch
+  (git-fixes CVE-2024-26798 bsc#1222798).
+- Update
+  patches.suse/i40e-Do-not-allow-untrusted-VF-to-remove-administrat.patch
+  (git-fixes CVE-2024-26830 bsc#1223012).
+- Update
+  patches.suse/iio-adc-ad4130-zero-initialize-clock-init-data.patch
+  (git-fixes CVE-2024-26711 bsc#1222420).
+- Update
+  patches.suse/md-Don-t-suspend-the-array-for-interrupted-reshape-9e46.patch
+  (git-fixes CVE-2024-26755 bsc#1222529).
+- Update patches.suse/media-ir_toy-fix-a-memleak-in-irtoy_tx.patch
+  (git-fixes CVE-2024-26829 bsc#1223027).
+- Update
+  patches.suse/media-pvrusb2-fix-uaf-in-pvr2_context_set_notify.patch
+  (git-fixes CVE-2024-26875 bsc#1223118).
+- Update
+  patches.suse/msft-hv-2942-hv_netvsc-Register-VF-in-netvsc_probe-if-NET_DEVICE_.patch
+  (git-fixes CVE-2024-26820 bsc#1223078).
+- Update
+  patches.suse/net-bnx2x-Prevent-access-to-a-freed-page-in-page_poo.patch
+  (bsc#1215322 CVE-2024-26859 bsc#1223049).
+- Update
+  patches.suse/net-veth-clear-GRO-when-clearing-XDP-even-when-down.patch
+  (git-fixes CVE-2024-26803 bsc#1222788).
+- Update
+  patches.suse/nfc-nci-free-rx_data_reassembly-skb-on-NCI-device-cl.patch
+  (git-fixes CVE-2024-26825 bsc#1223065).
+- Update
+  patches.suse/nilfs2-fix-data-corruption-in-dsync-block-recovery-f.patch
+  (git-fixes CVE-2024-26697 bsc#1222550).
+- Update
+  patches.suse/nilfs2-fix-hang-in-nilfs_lookup_dirty_data_buffers.patch
+  (git-fixes CVE-2024-26696 bsc#1222549).
+- Update
+  patches.suse/powerpc-iommu-Fix-the-missing-iommu_group_put-during.patch
+  (jsc#PED-7779 jsc#PED-7780 git-fixes CVE-2024-26709
+  bsc#1222418).
+- Update
+  patches.suse/powerpc-kasan-Limit-KASAN-thread-size-increase-to-32.patch
+  (bsc#1215199 CVE-2024-26710 bsc#1222419).
+- Update
+  patches.suse/powerpc-pseries-iommu-DLPAR-add-doesn-t-completely-i.patch
+  (bsc#1215199 bsc#1219077 ltc#204477 CVE-2024-26738 bsc#1222607).
+- Update
+  patches.suse/powerpc-rtas-use-correct-function-name-for-resetting.patch
+  (bsc#1215199 CVE-2024-26847 bsc#1223026).
+- Update patches.suse/ppp_async-limit-MRU-to-64K.patch (git-fixes
+  CVE-2024-26675 bsc#1222379).
+- Update
+  patches.suse/scsi-Revert-scsi-fcoe-Fix-potential-deadlock-on-fip-ctlr_lock.patch
+  (git-fixes bsc#1219141 CVE-2024-26917 bsc#1223056).
+- Update
+  patches.suse/wifi-iwlwifi-mvm-fix-a-crash-when-we-run-out-of-stat.patch
+  (git-fixes CVE-2024-26693 bsc#1222451).
+- Update
+  patches.suse/wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch
+  (git-fixes CVE-2024-26779 bsc#1222772).
+- Update
+  patches.suse/wifi-wfx-fix-memory-leak-when-starting-AP.patch
+  (git-fixes CVE-2024-26896 bsc#1223042).
+- Update
+  patches.suse/xen-events-close-evtchn-after-mapping-cleanup.patch
+  (git-fixes CVE-2024-26687 bsc#1222435).
+- commit a69636a
+
+- Update
+  patches.suse/iio-core-fix-memleak-in-iio_device_register_sysfs.patch
+  (git-fixes CVE-2023-52643 bsc#1222960).
+- Update
+  patches.suse/media-rc-bpf-attach-detach-requires-write-permission.patch
+  (git-fixes CVE-2023-52642 bsc#1223031).
+- Update
+  patches.suse/wifi-b43-Stop-wake-correct-queue-in-DMA-Tx-path-when.patch
+  (git-fixes CVE-2023-52644 bsc#1222961).
+- commit 2c2d37f
+
+- Update patch reference of iio fix (CVE-2024-26702 bsc#1222424)
+- commit 9436142
+
+- nvme-tcp: strict pdu pacing to avoid send stalls on TLS
+  (bsc#1221858).
+- tls: fix peeking with sync+async decryption (bsc#1221858).
+- tls: don't skip over different type records from the rx_list
+  (bsc#1221858).
+- tls: stop recv() if initial process_rx_list gave us non-DATA
+  (bsc#1221858).
+- tls: break out of main loop when PEEK gets a non-data record
+  (bsc#1221858).
+- net: tls: fix returned read length with async decrypt
+  (bsc#1221858).
+- net: tls: fix use-after-free with partial reads and async
+  (bsc#1221858).
+- net: tls, fix WARNIING in __sk_msg_free (bsc#1221858).
+- commit 9d8d293
+
kernel-obs-build
+- Update kabi files: updated for post-PublicRC
+- commit f978f5f
+
+- Update
+  patches.suse/Bluetooth-btrtl-fix-out-of-bounds-memory-access.patch
+  (git-fixes CVE-2024-26890 bsc#1223192).
+- Update
+  patches.suse/RDMA-mlx5-Fix-fortify-source-warning-while-accessing.patch
+  (jsc#PED-3311 CVE-2024-26907 bsc#1223203).
+- Update
+  patches.suse/Revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-e.patch
+  (git-fixes CVE-2024-26916 bsc#1223137).
+- Update
+  patches.suse/crypto-xilinx-call-finalize-with-bh-disabled.patch
+  (git-fixes CVE-2024-26877 bsc#1223140).
+- Update
+  patches.suse/dm-call-the-resume-method-on-internal-suspend-65e8.patch
+  (git-fixes CVE-2024-26880 bsc#1223188).
+- Update
+  patches.suse/drm-amd-display-Fix-dcn35-8k30-Underflow-Corruption-.patch
+  (git-fixes CVE-2024-26913 bsc#1223204).
+- Update
+  patches.suse/drm-amd-display-fix-incorrect-mpc_combine-array-size.patch
+  (git-fixes CVE-2024-26914 bsc#1223205).
+- Update patches.suse/drm-amdgpu-Reset-IH-OVERFLOW_CLEAR-bit.patch
+  (git-fixes CVE-2024-26915 bsc#1223207).
+- Update
+  patches.suse/firmware-arm_scmi-Fix-double-free-in-SMC-transport-c.patch
+  (git-fixes CVE-2024-26893 bsc#1223196).
+- Update
+  patches.suse/net-tls-fix-use-after-free-with-partial-reads-and-as.patch
+  (bsc#1221858 CVE-2024-26582 bsc#1220214).
+- Update
+  patches.suse/wifi-ath9k-delay-all-of-ath9k_wmi_event_tasklet-unti.patch
+  (git-fixes CVE-2024-26897 bsc#1223323).
+- Update
+  patches.suse/wifi-mt76-mt7921e-fix-use-after-free-in-free_irq.patch
+  (git-fixes CVE-2024-26892 bsc#1223195).
+- Update
+  patches.suse/wifi-wilc1000-prevent-use-after-free-on-vif-when-cle.patch
+  (git-fixes CVE-2024-26895 bsc#1223197).
+- commit d9b565f
+
+- Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing
+  Adv Monitor (bsc#1219216).
+- commit 81c5485
+
+- Update
+  patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch
+  (bsc#1219264 CVE-2024-0841 CVE-2024-26688 bsc#1222482).
+- Update
+  patches.suse/0002-iommu-vt-d-Don-t-issue-ATS-Invalidation-request-when.patch
+  (git-fixes CVE-2024-26891 bsc#1223037).
+- Update
+  patches.suse/ACPI-processor_idle-Fix-memory-leak-in-acpi_processo.patch
+  (git-fixes CVE-2024-26894 bsc#1223043).
+- Update
+  patches.suse/ASoC-qcom-Fix-uninitialized-pointer-dmactl.patch
+  (git-fixes CVE-2024-26799 bsc#1222415).
+- Update
+  patches.suse/Bluetooth-Avoid-potential-use-after-free-in-hci_erro.patch
+  (git-fixes CVE-2024-26801 bsc#1222413).
+- Update patches.suse/Bluetooth-af_bluetooth-Fix-deadlock.patch
+  (git-fixes CVE-2024-26886 bsc#1223044).
+- Update
+  patches.suse/IB-hfi1-Fix-a-memleak-in-init_credit_return.patch
+  (git-fixes CVE-2024-26839 bsc#1222975).
+- Update
+  patches.suse/RDMA-irdma-Fix-KASAN-issue-with-tasklet.patch
+  (git-fixes CVE-2024-26838 bsc#1222974).
+- Update
+  patches.suse/RDMA-srpt-Do-not-register-event-handler-until-srpt-d.patch
+  (git-fixes CVE-2024-26872 bsc#1223115).
+- Update
+  patches.suse/afs-Fix-endless-loop-in-directory-parsing.patch
+  (git-fixes CVE-2024-26848 bsc#1223030).
+- Update
+  patches.suse/afs-Increase-buffer-size-in-afs_update_volume_status.patch
+  (git-fixes CVE-2024-26736 bsc#1222586).
+- Update
+  patches.suse/btrfs-fix-double-free-of-anonymous-device-after-snap.patch
+  (bsc#1219126 CVE-2024-23850 CVE-2024-26792 bsc#1222430).
+- Update
+  patches.suse/cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch
+  (bsc#1220265 CVE-2024-26840 bsc#1222976).
+- Update
+  patches.suse/ceph-prevent-use-after-free-in-encode_cap_msg.patch
+  (bsc#1221391 CVE-2024-26689 bsc#1222503).
+- Update
+  patches.suse/clk-meson-Add-missing-clocks-to-axg_clk_regmaps.patch
+  (git-fixes CVE-2024-26879 bsc#1223066).
+- Update
+  patches.suse/crypto-algif_hash-Remove-bogus-SGL-free-on-zero-leng.patch
+  (git-fixes CVE-2024-26824 bsc#1223081).
+- Update
+  patches.suse/dmaengine-fsl-qdma-init-irq-after-reg-initialization.patch
+  (git-fixes CVE-2024-26788 bsc#1222783).
+- Update
+  patches.suse/dmaengine-idxd-Ensure-safe-user-copy-of-completion-r.patch
+  (bsc#1221428 git-fixes CVE-2024-26746 bsc#1222444).
+- Update
+  patches.suse/drm-amd-display-Fix-MST-Null-Ptr-for-RV.patch
+  (git-fixes CVE-2024-26700 bsc#1222870).
+- Update
+  patches.suse/drm-amd-display-Fix-memory-leak-in-dm_sw_fini.patch
+  (git-fixes CVE-2024-26833 bsc#1223036).
+- Update
+  patches.suse/drm-amd-display-Fix-potential-null-pointer-dereferen.patch
+  (git-fixes CVE-2024-26729 bsc#1222552).
+- Update
+  patches.suse/drm-amd-display-Prevent-potential-buffer-overflow-in.patch
+  (git-fixes CVE-2024-26797 bsc#1222425).
+- Update
+  patches.suse/drm-bridge-adv7511-fix-crash-on-irq-during-probe.patch
+  (git-fixes CVE-2024-26876 bsc#1223119).
+- Update
+  patches.suse/drm-buddy-Fix-alloc_range-error-handling-code.patch
+  (git-fixes CVE-2024-26911 bsc#1223055).
+- Update
+  patches.suse/drm-mediatek-Fix-a-null-pointer-crash-in-mtk_drm_crt.patch
+  (git-fixes CVE-2024-26874 bsc#1223048).
+- Update
+  patches.suse/drm-nouveau-fix-several-DMA-buffer-leaks.patch
+  (git-fixes CVE-2024-26912 bsc#1223064).
+- Update
+  patches.suse/efi-runtime-Fix-potential-overflow-of-soft-reserved-.patch
+  (git-fixes CVE-2024-26843 bsc#1223014).
+- Update
+  patches.suse/fbcon-always-restore-the-old-font-data-in-fbcon_do_s.patch
+  (git-fixes CVE-2024-26798 bsc#1222798).
+- Update
+  patches.suse/i40e-Do-not-allow-untrusted-VF-to-remove-administrat.patch
+  (git-fixes CVE-2024-26830 bsc#1223012).
+- Update
+  patches.suse/iio-adc-ad4130-zero-initialize-clock-init-data.patch
+  (git-fixes CVE-2024-26711 bsc#1222420).
+- Update
+  patches.suse/md-Don-t-suspend-the-array-for-interrupted-reshape-9e46.patch
+  (git-fixes CVE-2024-26755 bsc#1222529).
+- Update patches.suse/media-ir_toy-fix-a-memleak-in-irtoy_tx.patch
+  (git-fixes CVE-2024-26829 bsc#1223027).
+- Update
+  patches.suse/media-pvrusb2-fix-uaf-in-pvr2_context_set_notify.patch
+  (git-fixes CVE-2024-26875 bsc#1223118).
+- Update
+  patches.suse/msft-hv-2942-hv_netvsc-Register-VF-in-netvsc_probe-if-NET_DEVICE_.patch
+  (git-fixes CVE-2024-26820 bsc#1223078).
+- Update
+  patches.suse/net-bnx2x-Prevent-access-to-a-freed-page-in-page_poo.patch
+  (bsc#1215322 CVE-2024-26859 bsc#1223049).
+- Update
+  patches.suse/net-veth-clear-GRO-when-clearing-XDP-even-when-down.patch
+  (git-fixes CVE-2024-26803 bsc#1222788).
+- Update
+  patches.suse/nfc-nci-free-rx_data_reassembly-skb-on-NCI-device-cl.patch
+  (git-fixes CVE-2024-26825 bsc#1223065).
+- Update
+  patches.suse/nilfs2-fix-data-corruption-in-dsync-block-recovery-f.patch
+  (git-fixes CVE-2024-26697 bsc#1222550).
+- Update
+  patches.suse/nilfs2-fix-hang-in-nilfs_lookup_dirty_data_buffers.patch
+  (git-fixes CVE-2024-26696 bsc#1222549).
+- Update
+  patches.suse/powerpc-iommu-Fix-the-missing-iommu_group_put-during.patch
+  (jsc#PED-7779 jsc#PED-7780 git-fixes CVE-2024-26709
+  bsc#1222418).
+- Update
+  patches.suse/powerpc-kasan-Limit-KASAN-thread-size-increase-to-32.patch
+  (bsc#1215199 CVE-2024-26710 bsc#1222419).
+- Update
+  patches.suse/powerpc-pseries-iommu-DLPAR-add-doesn-t-completely-i.patch
+  (bsc#1215199 bsc#1219077 ltc#204477 CVE-2024-26738 bsc#1222607).
+- Update
+  patches.suse/powerpc-rtas-use-correct-function-name-for-resetting.patch
+  (bsc#1215199 CVE-2024-26847 bsc#1223026).
+- Update patches.suse/ppp_async-limit-MRU-to-64K.patch (git-fixes
+  CVE-2024-26675 bsc#1222379).
+- Update
+  patches.suse/scsi-Revert-scsi-fcoe-Fix-potential-deadlock-on-fip-ctlr_lock.patch
+  (git-fixes bsc#1219141 CVE-2024-26917 bsc#1223056).
+- Update
+  patches.suse/wifi-iwlwifi-mvm-fix-a-crash-when-we-run-out-of-stat.patch
+  (git-fixes CVE-2024-26693 bsc#1222451).
+- Update
+  patches.suse/wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch
+  (git-fixes CVE-2024-26779 bsc#1222772).
+- Update
+  patches.suse/wifi-wfx-fix-memory-leak-when-starting-AP.patch
+  (git-fixes CVE-2024-26896 bsc#1223042).
+- Update
+  patches.suse/xen-events-close-evtchn-after-mapping-cleanup.patch
+  (git-fixes CVE-2024-26687 bsc#1222435).
+- commit a69636a
+
+- Update
+  patches.suse/iio-core-fix-memleak-in-iio_device_register_sysfs.patch
+  (git-fixes CVE-2023-52643 bsc#1222960).
+- Update
+  patches.suse/media-rc-bpf-attach-detach-requires-write-permission.patch
+  (git-fixes CVE-2023-52642 bsc#1223031).
+- Update
+  patches.suse/wifi-b43-Stop-wake-correct-queue-in-DMA-Tx-path-when.patch
+  (git-fixes CVE-2023-52644 bsc#1222961).
+- commit 2c2d37f
+
+- Update patch reference of iio fix (CVE-2024-26702 bsc#1222424)
+- commit 9436142
+
+- nvme-tcp: strict pdu pacing to avoid send stalls on TLS
+  (bsc#1221858).
+- tls: fix peeking with sync+async decryption (bsc#1221858).
+- tls: don't skip over different type records from the rx_list
+  (bsc#1221858).
+- tls: stop recv() if initial process_rx_list gave us non-DATA
+  (bsc#1221858).
+- tls: break out of main loop when PEEK gets a non-data record
+  (bsc#1221858).
+- net: tls: fix returned read length with async decrypt
+  (bsc#1221858).
+- net: tls: fix use-after-free with partial reads and async
+  (bsc#1221858).
+- net: tls, fix WARNIING in __sk_msg_free (bsc#1221858).
+- commit 9d8d293
+
kernel-obs-qa
+- Update kabi files: updated for post-PublicRC
+- commit f978f5f
+
+- Update
+  patches.suse/Bluetooth-btrtl-fix-out-of-bounds-memory-access.patch
+  (git-fixes CVE-2024-26890 bsc#1223192).
+- Update
+  patches.suse/RDMA-mlx5-Fix-fortify-source-warning-while-accessing.patch
+  (jsc#PED-3311 CVE-2024-26907 bsc#1223203).
+- Update
+  patches.suse/Revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-e.patch
+  (git-fixes CVE-2024-26916 bsc#1223137).
+- Update
+  patches.suse/crypto-xilinx-call-finalize-with-bh-disabled.patch
+  (git-fixes CVE-2024-26877 bsc#1223140).
+- Update
+  patches.suse/dm-call-the-resume-method-on-internal-suspend-65e8.patch
+  (git-fixes CVE-2024-26880 bsc#1223188).
+- Update
+  patches.suse/drm-amd-display-Fix-dcn35-8k30-Underflow-Corruption-.patch
+  (git-fixes CVE-2024-26913 bsc#1223204).
+- Update
+  patches.suse/drm-amd-display-fix-incorrect-mpc_combine-array-size.patch
+  (git-fixes CVE-2024-26914 bsc#1223205).
+- Update patches.suse/drm-amdgpu-Reset-IH-OVERFLOW_CLEAR-bit.patch
+  (git-fixes CVE-2024-26915 bsc#1223207).
+- Update
+  patches.suse/firmware-arm_scmi-Fix-double-free-in-SMC-transport-c.patch
+  (git-fixes CVE-2024-26893 bsc#1223196).
+- Update
+  patches.suse/net-tls-fix-use-after-free-with-partial-reads-and-as.patch
+  (bsc#1221858 CVE-2024-26582 bsc#1220214).
+- Update
+  patches.suse/wifi-ath9k-delay-all-of-ath9k_wmi_event_tasklet-unti.patch
+  (git-fixes CVE-2024-26897 bsc#1223323).
+- Update
+  patches.suse/wifi-mt76-mt7921e-fix-use-after-free-in-free_irq.patch
+  (git-fixes CVE-2024-26892 bsc#1223195).
+- Update
+  patches.suse/wifi-wilc1000-prevent-use-after-free-on-vif-when-cle.patch
+  (git-fixes CVE-2024-26895 bsc#1223197).
+- commit d9b565f
+
+- Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing
+  Adv Monitor (bsc#1219216).
+- commit 81c5485
+
+- Update
+  patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch
+  (bsc#1219264 CVE-2024-0841 CVE-2024-26688 bsc#1222482).
+- Update
+  patches.suse/0002-iommu-vt-d-Don-t-issue-ATS-Invalidation-request-when.patch
+  (git-fixes CVE-2024-26891 bsc#1223037).
+- Update
+  patches.suse/ACPI-processor_idle-Fix-memory-leak-in-acpi_processo.patch
+  (git-fixes CVE-2024-26894 bsc#1223043).
+- Update
+  patches.suse/ASoC-qcom-Fix-uninitialized-pointer-dmactl.patch
+  (git-fixes CVE-2024-26799 bsc#1222415).
+- Update
+  patches.suse/Bluetooth-Avoid-potential-use-after-free-in-hci_erro.patch
+  (git-fixes CVE-2024-26801 bsc#1222413).
+- Update patches.suse/Bluetooth-af_bluetooth-Fix-deadlock.patch
+  (git-fixes CVE-2024-26886 bsc#1223044).
+- Update
+  patches.suse/IB-hfi1-Fix-a-memleak-in-init_credit_return.patch
+  (git-fixes CVE-2024-26839 bsc#1222975).
+- Update
+  patches.suse/RDMA-irdma-Fix-KASAN-issue-with-tasklet.patch
+  (git-fixes CVE-2024-26838 bsc#1222974).
+- Update
+  patches.suse/RDMA-srpt-Do-not-register-event-handler-until-srpt-d.patch
+  (git-fixes CVE-2024-26872 bsc#1223115).
+- Update
+  patches.suse/afs-Fix-endless-loop-in-directory-parsing.patch
+  (git-fixes CVE-2024-26848 bsc#1223030).
+- Update
+  patches.suse/afs-Increase-buffer-size-in-afs_update_volume_status.patch
+  (git-fixes CVE-2024-26736 bsc#1222586).
+- Update
+  patches.suse/btrfs-fix-double-free-of-anonymous-device-after-snap.patch
+  (bsc#1219126 CVE-2024-23850 CVE-2024-26792 bsc#1222430).
+- Update
+  patches.suse/cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch
+  (bsc#1220265 CVE-2024-26840 bsc#1222976).
+- Update
+  patches.suse/ceph-prevent-use-after-free-in-encode_cap_msg.patch
+  (bsc#1221391 CVE-2024-26689 bsc#1222503).
+- Update
+  patches.suse/clk-meson-Add-missing-clocks-to-axg_clk_regmaps.patch
+  (git-fixes CVE-2024-26879 bsc#1223066).
+- Update
+  patches.suse/crypto-algif_hash-Remove-bogus-SGL-free-on-zero-leng.patch
+  (git-fixes CVE-2024-26824 bsc#1223081).
+- Update
+  patches.suse/dmaengine-fsl-qdma-init-irq-after-reg-initialization.patch
+  (git-fixes CVE-2024-26788 bsc#1222783).
+- Update
+  patches.suse/dmaengine-idxd-Ensure-safe-user-copy-of-completion-r.patch
+  (bsc#1221428 git-fixes CVE-2024-26746 bsc#1222444).
+- Update
+  patches.suse/drm-amd-display-Fix-MST-Null-Ptr-for-RV.patch
+  (git-fixes CVE-2024-26700 bsc#1222870).
+- Update
+  patches.suse/drm-amd-display-Fix-memory-leak-in-dm_sw_fini.patch
+  (git-fixes CVE-2024-26833 bsc#1223036).
+- Update
+  patches.suse/drm-amd-display-Fix-potential-null-pointer-dereferen.patch
+  (git-fixes CVE-2024-26729 bsc#1222552).
+- Update
+  patches.suse/drm-amd-display-Prevent-potential-buffer-overflow-in.patch
+  (git-fixes CVE-2024-26797 bsc#1222425).
+- Update
+  patches.suse/drm-bridge-adv7511-fix-crash-on-irq-during-probe.patch
+  (git-fixes CVE-2024-26876 bsc#1223119).
+- Update
+  patches.suse/drm-buddy-Fix-alloc_range-error-handling-code.patch
+  (git-fixes CVE-2024-26911 bsc#1223055).
+- Update
+  patches.suse/drm-mediatek-Fix-a-null-pointer-crash-in-mtk_drm_crt.patch
+  (git-fixes CVE-2024-26874 bsc#1223048).
+- Update
+  patches.suse/drm-nouveau-fix-several-DMA-buffer-leaks.patch
+  (git-fixes CVE-2024-26912 bsc#1223064).
+- Update
+  patches.suse/efi-runtime-Fix-potential-overflow-of-soft-reserved-.patch
+  (git-fixes CVE-2024-26843 bsc#1223014).
+- Update
+  patches.suse/fbcon-always-restore-the-old-font-data-in-fbcon_do_s.patch
+  (git-fixes CVE-2024-26798 bsc#1222798).
+- Update
+  patches.suse/i40e-Do-not-allow-untrusted-VF-to-remove-administrat.patch
+  (git-fixes CVE-2024-26830 bsc#1223012).
+- Update
+  patches.suse/iio-adc-ad4130-zero-initialize-clock-init-data.patch
+  (git-fixes CVE-2024-26711 bsc#1222420).
+- Update
+  patches.suse/md-Don-t-suspend-the-array-for-interrupted-reshape-9e46.patch
+  (git-fixes CVE-2024-26755 bsc#1222529).
+- Update patches.suse/media-ir_toy-fix-a-memleak-in-irtoy_tx.patch
+  (git-fixes CVE-2024-26829 bsc#1223027).
+- Update
+  patches.suse/media-pvrusb2-fix-uaf-in-pvr2_context_set_notify.patch
+  (git-fixes CVE-2024-26875 bsc#1223118).
+- Update
+  patches.suse/msft-hv-2942-hv_netvsc-Register-VF-in-netvsc_probe-if-NET_DEVICE_.patch
+  (git-fixes CVE-2024-26820 bsc#1223078).
+- Update
+  patches.suse/net-bnx2x-Prevent-access-to-a-freed-page-in-page_poo.patch
+  (bsc#1215322 CVE-2024-26859 bsc#1223049).
+- Update
+  patches.suse/net-veth-clear-GRO-when-clearing-XDP-even-when-down.patch
+  (git-fixes CVE-2024-26803 bsc#1222788).
+- Update
+  patches.suse/nfc-nci-free-rx_data_reassembly-skb-on-NCI-device-cl.patch
+  (git-fixes CVE-2024-26825 bsc#1223065).
+- Update
+  patches.suse/nilfs2-fix-data-corruption-in-dsync-block-recovery-f.patch
+  (git-fixes CVE-2024-26697 bsc#1222550).
+- Update
+  patches.suse/nilfs2-fix-hang-in-nilfs_lookup_dirty_data_buffers.patch
+  (git-fixes CVE-2024-26696 bsc#1222549).
+- Update
+  patches.suse/powerpc-iommu-Fix-the-missing-iommu_group_put-during.patch
+  (jsc#PED-7779 jsc#PED-7780 git-fixes CVE-2024-26709
+  bsc#1222418).
+- Update
+  patches.suse/powerpc-kasan-Limit-KASAN-thread-size-increase-to-32.patch
+  (bsc#1215199 CVE-2024-26710 bsc#1222419).
+- Update
+  patches.suse/powerpc-pseries-iommu-DLPAR-add-doesn-t-completely-i.patch
+  (bsc#1215199 bsc#1219077 ltc#204477 CVE-2024-26738 bsc#1222607).
+- Update
+  patches.suse/powerpc-rtas-use-correct-function-name-for-resetting.patch
+  (bsc#1215199 CVE-2024-26847 bsc#1223026).
+- Update patches.suse/ppp_async-limit-MRU-to-64K.patch (git-fixes
+  CVE-2024-26675 bsc#1222379).
+- Update
+  patches.suse/scsi-Revert-scsi-fcoe-Fix-potential-deadlock-on-fip-ctlr_lock.patch
+  (git-fixes bsc#1219141 CVE-2024-26917 bsc#1223056).
+- Update
+  patches.suse/wifi-iwlwifi-mvm-fix-a-crash-when-we-run-out-of-stat.patch
+  (git-fixes CVE-2024-26693 bsc#1222451).
+- Update
+  patches.suse/wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch
+  (git-fixes CVE-2024-26779 bsc#1222772).
+- Update
+  patches.suse/wifi-wfx-fix-memory-leak-when-starting-AP.patch
+  (git-fixes CVE-2024-26896 bsc#1223042).
+- Update
+  patches.suse/xen-events-close-evtchn-after-mapping-cleanup.patch
+  (git-fixes CVE-2024-26687 bsc#1222435).
+- commit a69636a
+
+- Update
+  patches.suse/iio-core-fix-memleak-in-iio_device_register_sysfs.patch
+  (git-fixes CVE-2023-52643 bsc#1222960).
+- Update
+  patches.suse/media-rc-bpf-attach-detach-requires-write-permission.patch
+  (git-fixes CVE-2023-52642 bsc#1223031).
+- Update
+  patches.suse/wifi-b43-Stop-wake-correct-queue-in-DMA-Tx-path-when.patch
+  (git-fixes CVE-2023-52644 bsc#1222961).
+- commit 2c2d37f
+
+- Update patch reference of iio fix (CVE-2024-26702 bsc#1222424)
+- commit 9436142
+
+- nvme-tcp: strict pdu pacing to avoid send stalls on TLS
+  (bsc#1221858).
+- tls: fix peeking with sync+async decryption (bsc#1221858).
+- tls: don't skip over different type records from the rx_list
+  (bsc#1221858).
+- tls: stop recv() if initial process_rx_list gave us non-DATA
+  (bsc#1221858).
+- tls: break out of main loop when PEEK gets a non-data record
+  (bsc#1221858).
+- net: tls: fix returned read length with async decrypt
+  (bsc#1221858).
+- net: tls: fix use-after-free with partial reads and async
+  (bsc#1221858).
+- net: tls, fix WARNIING in __sk_msg_free (bsc#1221858).
+- commit 9d8d293
+
kernel-source
+- Update kabi files: updated for post-PublicRC
+- commit f978f5f
+
+- Update
+  patches.suse/Bluetooth-btrtl-fix-out-of-bounds-memory-access.patch
+  (git-fixes CVE-2024-26890 bsc#1223192).
+- Update
+  patches.suse/RDMA-mlx5-Fix-fortify-source-warning-while-accessing.patch
+  (jsc#PED-3311 CVE-2024-26907 bsc#1223203).
+- Update
+  patches.suse/Revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-e.patch
+  (git-fixes CVE-2024-26916 bsc#1223137).
+- Update
+  patches.suse/crypto-xilinx-call-finalize-with-bh-disabled.patch
+  (git-fixes CVE-2024-26877 bsc#1223140).
+- Update
+  patches.suse/dm-call-the-resume-method-on-internal-suspend-65e8.patch
+  (git-fixes CVE-2024-26880 bsc#1223188).
+- Update
+  patches.suse/drm-amd-display-Fix-dcn35-8k30-Underflow-Corruption-.patch
+  (git-fixes CVE-2024-26913 bsc#1223204).
+- Update
+  patches.suse/drm-amd-display-fix-incorrect-mpc_combine-array-size.patch
+  (git-fixes CVE-2024-26914 bsc#1223205).
+- Update patches.suse/drm-amdgpu-Reset-IH-OVERFLOW_CLEAR-bit.patch
+  (git-fixes CVE-2024-26915 bsc#1223207).
+- Update
+  patches.suse/firmware-arm_scmi-Fix-double-free-in-SMC-transport-c.patch
+  (git-fixes CVE-2024-26893 bsc#1223196).
+- Update
+  patches.suse/net-tls-fix-use-after-free-with-partial-reads-and-as.patch
+  (bsc#1221858 CVE-2024-26582 bsc#1220214).
+- Update
+  patches.suse/wifi-ath9k-delay-all-of-ath9k_wmi_event_tasklet-unti.patch
+  (git-fixes CVE-2024-26897 bsc#1223323).
+- Update
+  patches.suse/wifi-mt76-mt7921e-fix-use-after-free-in-free_irq.patch
+  (git-fixes CVE-2024-26892 bsc#1223195).
+- Update
+  patches.suse/wifi-wilc1000-prevent-use-after-free-on-vif-when-cle.patch
+  (git-fixes CVE-2024-26895 bsc#1223197).
+- commit d9b565f
+
+- Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing
+  Adv Monitor (bsc#1219216).
+- commit 81c5485
+
+- Update
+  patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch
+  (bsc#1219264 CVE-2024-0841 CVE-2024-26688 bsc#1222482).
+- Update
+  patches.suse/0002-iommu-vt-d-Don-t-issue-ATS-Invalidation-request-when.patch
+  (git-fixes CVE-2024-26891 bsc#1223037).
+- Update
+  patches.suse/ACPI-processor_idle-Fix-memory-leak-in-acpi_processo.patch
+  (git-fixes CVE-2024-26894 bsc#1223043).
+- Update
+  patches.suse/ASoC-qcom-Fix-uninitialized-pointer-dmactl.patch
+  (git-fixes CVE-2024-26799 bsc#1222415).
+- Update
+  patches.suse/Bluetooth-Avoid-potential-use-after-free-in-hci_erro.patch
+  (git-fixes CVE-2024-26801 bsc#1222413).
+- Update patches.suse/Bluetooth-af_bluetooth-Fix-deadlock.patch
+  (git-fixes CVE-2024-26886 bsc#1223044).
+- Update
+  patches.suse/IB-hfi1-Fix-a-memleak-in-init_credit_return.patch
+  (git-fixes CVE-2024-26839 bsc#1222975).
+- Update
+  patches.suse/RDMA-irdma-Fix-KASAN-issue-with-tasklet.patch
+  (git-fixes CVE-2024-26838 bsc#1222974).
+- Update
+  patches.suse/RDMA-srpt-Do-not-register-event-handler-until-srpt-d.patch
+  (git-fixes CVE-2024-26872 bsc#1223115).
+- Update
+  patches.suse/afs-Fix-endless-loop-in-directory-parsing.patch
+  (git-fixes CVE-2024-26848 bsc#1223030).
+- Update
+  patches.suse/afs-Increase-buffer-size-in-afs_update_volume_status.patch
+  (git-fixes CVE-2024-26736 bsc#1222586).
+- Update
+  patches.suse/btrfs-fix-double-free-of-anonymous-device-after-snap.patch
+  (bsc#1219126 CVE-2024-23850 CVE-2024-26792 bsc#1222430).
+- Update
+  patches.suse/cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch
+  (bsc#1220265 CVE-2024-26840 bsc#1222976).
+- Update
+  patches.suse/ceph-prevent-use-after-free-in-encode_cap_msg.patch
+  (bsc#1221391 CVE-2024-26689 bsc#1222503).
+- Update
+  patches.suse/clk-meson-Add-missing-clocks-to-axg_clk_regmaps.patch
+  (git-fixes CVE-2024-26879 bsc#1223066).
+- Update
+  patches.suse/crypto-algif_hash-Remove-bogus-SGL-free-on-zero-leng.patch
+  (git-fixes CVE-2024-26824 bsc#1223081).
+- Update
+  patches.suse/dmaengine-fsl-qdma-init-irq-after-reg-initialization.patch
+  (git-fixes CVE-2024-26788 bsc#1222783).
+- Update
+  patches.suse/dmaengine-idxd-Ensure-safe-user-copy-of-completion-r.patch
+  (bsc#1221428 git-fixes CVE-2024-26746 bsc#1222444).
+- Update
+  patches.suse/drm-amd-display-Fix-MST-Null-Ptr-for-RV.patch
+  (git-fixes CVE-2024-26700 bsc#1222870).
+- Update
+  patches.suse/drm-amd-display-Fix-memory-leak-in-dm_sw_fini.patch
+  (git-fixes CVE-2024-26833 bsc#1223036).
+- Update
+  patches.suse/drm-amd-display-Fix-potential-null-pointer-dereferen.patch
+  (git-fixes CVE-2024-26729 bsc#1222552).
+- Update
+  patches.suse/drm-amd-display-Prevent-potential-buffer-overflow-in.patch
+  (git-fixes CVE-2024-26797 bsc#1222425).
+- Update
+  patches.suse/drm-bridge-adv7511-fix-crash-on-irq-during-probe.patch
+  (git-fixes CVE-2024-26876 bsc#1223119).
+- Update
+  patches.suse/drm-buddy-Fix-alloc_range-error-handling-code.patch
+  (git-fixes CVE-2024-26911 bsc#1223055).
+- Update
+  patches.suse/drm-mediatek-Fix-a-null-pointer-crash-in-mtk_drm_crt.patch
+  (git-fixes CVE-2024-26874 bsc#1223048).
+- Update
+  patches.suse/drm-nouveau-fix-several-DMA-buffer-leaks.patch
+  (git-fixes CVE-2024-26912 bsc#1223064).
+- Update
+  patches.suse/efi-runtime-Fix-potential-overflow-of-soft-reserved-.patch
+  (git-fixes CVE-2024-26843 bsc#1223014).
+- Update
+  patches.suse/fbcon-always-restore-the-old-font-data-in-fbcon_do_s.patch
+  (git-fixes CVE-2024-26798 bsc#1222798).
+- Update
+  patches.suse/i40e-Do-not-allow-untrusted-VF-to-remove-administrat.patch
+  (git-fixes CVE-2024-26830 bsc#1223012).
+- Update
+  patches.suse/iio-adc-ad4130-zero-initialize-clock-init-data.patch
+  (git-fixes CVE-2024-26711 bsc#1222420).
+- Update
+  patches.suse/md-Don-t-suspend-the-array-for-interrupted-reshape-9e46.patch
+  (git-fixes CVE-2024-26755 bsc#1222529).
+- Update patches.suse/media-ir_toy-fix-a-memleak-in-irtoy_tx.patch
+  (git-fixes CVE-2024-26829 bsc#1223027).
+- Update
+  patches.suse/media-pvrusb2-fix-uaf-in-pvr2_context_set_notify.patch
+  (git-fixes CVE-2024-26875 bsc#1223118).
+- Update
+  patches.suse/msft-hv-2942-hv_netvsc-Register-VF-in-netvsc_probe-if-NET_DEVICE_.patch
+  (git-fixes CVE-2024-26820 bsc#1223078).
+- Update
+  patches.suse/net-bnx2x-Prevent-access-to-a-freed-page-in-page_poo.patch
+  (bsc#1215322 CVE-2024-26859 bsc#1223049).
+- Update
+  patches.suse/net-veth-clear-GRO-when-clearing-XDP-even-when-down.patch
+  (git-fixes CVE-2024-26803 bsc#1222788).
+- Update
+  patches.suse/nfc-nci-free-rx_data_reassembly-skb-on-NCI-device-cl.patch
+  (git-fixes CVE-2024-26825 bsc#1223065).
+- Update
+  patches.suse/nilfs2-fix-data-corruption-in-dsync-block-recovery-f.patch
+  (git-fixes CVE-2024-26697 bsc#1222550).
+- Update
+  patches.suse/nilfs2-fix-hang-in-nilfs_lookup_dirty_data_buffers.patch
+  (git-fixes CVE-2024-26696 bsc#1222549).
+- Update
+  patches.suse/powerpc-iommu-Fix-the-missing-iommu_group_put-during.patch
+  (jsc#PED-7779 jsc#PED-7780 git-fixes CVE-2024-26709
+  bsc#1222418).
+- Update
+  patches.suse/powerpc-kasan-Limit-KASAN-thread-size-increase-to-32.patch
+  (bsc#1215199 CVE-2024-26710 bsc#1222419).
+- Update
+  patches.suse/powerpc-pseries-iommu-DLPAR-add-doesn-t-completely-i.patch
+  (bsc#1215199 bsc#1219077 ltc#204477 CVE-2024-26738 bsc#1222607).
+- Update
+  patches.suse/powerpc-rtas-use-correct-function-name-for-resetting.patch
+  (bsc#1215199 CVE-2024-26847 bsc#1223026).
+- Update patches.suse/ppp_async-limit-MRU-to-64K.patch (git-fixes
+  CVE-2024-26675 bsc#1222379).
+- Update
+  patches.suse/scsi-Revert-scsi-fcoe-Fix-potential-deadlock-on-fip-ctlr_lock.patch
+  (git-fixes bsc#1219141 CVE-2024-26917 bsc#1223056).
+- Update
+  patches.suse/wifi-iwlwifi-mvm-fix-a-crash-when-we-run-out-of-stat.patch
+  (git-fixes CVE-2024-26693 bsc#1222451).
+- Update
+  patches.suse/wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch
+  (git-fixes CVE-2024-26779 bsc#1222772).
+- Update
+  patches.suse/wifi-wfx-fix-memory-leak-when-starting-AP.patch
+  (git-fixes CVE-2024-26896 bsc#1223042).
+- Update
+  patches.suse/xen-events-close-evtchn-after-mapping-cleanup.patch
+  (git-fixes CVE-2024-26687 bsc#1222435).
+- commit a69636a
+
+- Update
+  patches.suse/iio-core-fix-memleak-in-iio_device_register_sysfs.patch
+  (git-fixes CVE-2023-52643 bsc#1222960).
+- Update
+  patches.suse/media-rc-bpf-attach-detach-requires-write-permission.patch
+  (git-fixes CVE-2023-52642 bsc#1223031).
+- Update
+  patches.suse/wifi-b43-Stop-wake-correct-queue-in-DMA-Tx-path-when.patch
+  (git-fixes CVE-2023-52644 bsc#1222961).
+- commit 2c2d37f
+
+- Update patch reference of iio fix (CVE-2024-26702 bsc#1222424)
+- commit 9436142
+
+- nvme-tcp: strict pdu pacing to avoid send stalls on TLS
+  (bsc#1221858).
+- tls: fix peeking with sync+async decryption (bsc#1221858).
+- tls: don't skip over different type records from the rx_list
+  (bsc#1221858).
+- tls: stop recv() if initial process_rx_list gave us non-DATA
+  (bsc#1221858).
+- tls: break out of main loop when PEEK gets a non-data record
+  (bsc#1221858).
+- net: tls: fix returned read length with async decrypt
+  (bsc#1221858).
+- net: tls: fix use-after-free with partial reads and async
+  (bsc#1221858).
+- net: tls, fix WARNIING in __sk_msg_free (bsc#1221858).
+- commit 9d8d293
+
kernel-source-azure
+- Refresh
+  patches.suse/kdump-implement-reserve_crashkernel_cma.patch.
+  (don't print about zero-sized CMA reservation)
+- commit 14e6598
+
+- Update
+  patches.suse/usb-roles-fix-NULL-pointer-issue-when-put-module-s-r.patch
+  (bsc#1222609 CVE-2024-26747).
+  Added CVE reference
+- commit 5db3e1d
+
+- powerpc/pseries/iommu: LPAR panics when rebooted with a frozen
+  PE (bsc#1222011 ltc#205900).
+- commit a6aad75
+
+- Update
+  patches.suse/0001-s390-cio-fix-race-condition-during-online-processing.patch
+  (bsc#1219485 bsc#1219451).
+- Update patches.suse/0001-s390-qdio-handle-deferred-cc1.patch
+  (bsc#1219485 bsc#1219451).
+- Update
+  patches.suse/s390-cio-fix-invalid-EBUSY-on-ccw_device_start.patch
+  (git-fixes bsc#1220360 bsc#1219485 bsc#1219451).
+- Update patches.suse/s390-qeth-handle-deferred-cc1.patch
+  (bsc#1219485 git-fixes bsc#1219451).
+- commit 097f888
+
+- Update
+  patches.suse/fbdev-savage-Error-out-if-pixclock-equals-zero.patch
+  (git-fixes CVE-2024-26778 bsc#1222770).
+- commit fbfa53e
+
+- Update
+  patches.suse/fbdev-sis-Error-out-if-pixclock-equals-zero.patch
+  (git-fixes CVE-2024-26777 bsc#1222765).
+- commit 4648979
+
+- Update
+  patches.suse/tls-fix-use-after-free-on-failed-backlog-decryption.patch
+  (CVE-2024-26584 bsc#1220186 CVE-2024-26800 bsc#1222728).
+- commit 6cb76c6
+
+- crash: use macro to add crashk_res into iomem early for specific
+  arch (jsc#PED-7249, bsc#1222742).
+  Refresh patches.suse/kdump-implement-reserve_crashkernel_cma.patch.
+- commit b256f70
+
+- blacklist.conf: Disable irrelevant patch
+  We don't have syscall hardening in our kernels.
+- commit 36739c9
+
+- x86/bugs: Fix BHI documentation (git-fixes).
+- commit b981493
+
+- kprobes: Fix double free of kretprobe_holder (bsc#1220901).
+- commit 6f75bb6
+
+- "nouveau: offload fence uevents work to workqueue"
+  Reference bug report and CVE number.
+- commit 92c99bd
+
+- Update patches.suse/RDMA-srpt-Support-specifying-the-srpt_service_guid-p.patch
+  (git-fixes bsc#1222449 CVE-2024-26744)
+- Update patches.suse/RDMA-qedr-Fix-qedr_create_user_qp-error-flow.patch
+  (git-fixes bsc#1222677 CVE-2024-26743)
+- Update patches.suse/IB-hfi1-Fix-sdma.h-tx-num_descs-off-by-one-error.patch
+  (git-fixes bsc#1222726 CVE-2024-26766)
+- commit 3b16fea
+
+- Revert patches.suse/tcp-get-rid-of-sysctl_tcp_adv_win_scale.patch
+  (bsc#1220419 bsc#1222656).
+- Revert patches.suse/mptcp-fix-rcv-buffer-auto-tuning.patch
+  (bsc#1220419 bsc#1222656).
+- Refresh
+  patches.suse/tcp-reorganize-tcp_sock-fast-path-variables.patch.
+  Revert dfa2f0483360 ("tcp: get rid of sysctl_tcp_adv_win_scale") to
+  resolve a performance regression in HTML traffic.
+- commit e2e7d0b
+
+- udp: Avoid call to compute_score on multiple sites
+  (bsc#1220709).
+- commit 78244c6
+
+- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes).
+- commit 3d18f9a
+
+- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto  (git-fixes).
+- Update config files.
+- commit b2f373b
+
+- x86/bugs: Fix BHI handling of RRSBA (git-fixes).
+- commit 66c46fb
+
+- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (git-fixes).
+- commit 6aec207
+
+- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes).
+- commit 1fdb38f
+
+- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes).
+- commit 13662e2
+
+- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (bsc#1222823).
+- Refresh patches.suse/x86-bhi-Add-BHI-mitigation-knob.patch.
+- commit 1bc31f7
+
+- KVM: x86: Add BHI_NO (bsc#1222823).
+- commit 07366ce
+
+- x86/bhi: Mitigate KVM by default (bsc#1222823).
+- commit 64cbcbe
+
+- x86/bhi: Add BHI mitigation knob (bsc#1222823).
+- Update config files.
+- commit 65ced6f
+
+- x86/bhi: Enumerate Branch History Injection (BHI) bug (bsc#1222823).
+- commit 5ca568d
+
+- x86/bhi: Define SPEC_CTRL_BHI_DIS_S (bsc#1222823).
+- commit 496b11d
+
+- x86/bhi: Add support for clearing branch history at syscall entry (bsc#1222823).
+- commit dee5dff
+
+- Update
+  patches.suse/net-pds_core-Fix-possible-double-free-in-error-handl.patch
+  (git-fixes CVE-2024-26652 bsc#1222115).
+  Added CVE reference.
+- commit 070cd49
+
+- Update
+  patches.suse/net-atlantic-Fix-DMA-mapping-for-PTP-hwts-ring.patch
+  (git-fixes bsc#1222427 CVE-2024-26680).
+  Added CVE reference.
+- commit 97f0341
+
+- s390/cio: fix race condition during online processing
+  (bsc#1219485).
+- commit 83d7614
+
+- s390/qdio: handle deferred cc1 (bsc#1219485).
+- commit aec0983
+
+- s390/qeth: handle deferred cc1 (bsc#1219485 git-fixes).
+- commit 6c10bf2
+
+- Update
+  patches.suse/s390-cio-fix-invalid-EBUSY-on-ccw_device_start.patch
+  (git-fixes bsc#1220360 bsc#1219485).
+- commit 174a4e8
+
+- Update patches.suse/mmc-mmci-stm32-fix-DMA-API-overlapping-mappings-warn.patch (git-fixes CVE-2024-26787 bsc#1222781)
+- commit 2816ca9
+
+- Update patches.suse/dmaengine-fsl-qdma-fix-SoC-may-hang-on-16-byte-unali.patch (git-fixes CVE-2024-26790 bsc#1222784)
+- commit 0d6086f
+
+- Update patches.suse/spi-hisi-sfc-v3xx-Return-IRQ_NONE-if-no-interrupts-w.patch (git-fixes CVE-2024-26776 bsc#1222764)
+- commit ec068f3
+
+- Update to add bsc#1222531, CVE-2024-26756 references,
+  patches.suse/md-Don-t-register-sync_thread-for-reshape-directly-ad39.patch
+  (bsc#1219596, bsc#1222531, CVE-2024-26756).
+- commit de5884e
+
+- Update to add bsc#1222527, CVE-2024-26757 references,
+  patches.suse/md-Don-t-ignore-read-only-array-in-md_check_recovery-55a4.patch
+  (bsc#1219596, bsc#1222527, CVE-2024-26757).
+- commit 0b6b491
+
+- Update to add bsc# and CVE tags,
+  patches.suse/dm-crypt-dm-verity-disable-tasklets-0a9b.patch
+  (bsc#1222416, CVE-2024-26718).
+- commit 59bf5a5
+
+- Update to add bsc# and CVE tags,
+  patches.suse/dm-crypt-don-t-modify-the-data-when-using-authentica-50c7.patch
+  (bsc#1222720, CVE-2024-26763).
+- commit 710cd5e
+
+- Update patches.suse/ARM-ep93xx-Add-terminator-to-gpiod_lookup_table.patch (git-fixes CVE-2024-26751 bsc#1222724)
+- commit a85b7fa
+
+- Update patches.suse/dmaengine-ti-edma-Add-some-null-pointer-checks-to-th.patch (git-fixes CVE-2024-26771 bsc#1222610)
+- commit b7bab4f
+
+- Update
+  patches.suse/gtp-fix-use-after-free-and-null-ptr-deref-in-gtp_gen.patch
+  (git-fixes CVE-2024-26754 bsc#1222632).
+- commit 0bddcea
+
+- Update
+  patches.suse/crypto-arm64-neonbs-fix-out-of-bounds-access-on-shor.patch
+  (git-fixes CVE-2024-26789 bsc#1222626).
+- commit 9c3828e
+
+- KVM: arm64: pmu: Resync EL0 state on counter rotation
+  (bsc#1219475).
+- commit 99d8e75
+
+- KVM: arm64: Always invalidate TLB for stage-2 permission faults
+  (bsc#1219478).
+- commit 1762ca5
+
+- Update
+  patches.suse/usb-cdns3-fixed-memory-use-after-free-at-cdns3_gadge.patch
+  (git-fixes CVE-2024-26749 bsc#1222680).
+- commit e627f8d
+
+- Update
+  patches.suse/powerpc-pseries-iommu-IOMMU-table-is-not-initialized.patch
+  (bsc#1220492 ltc#205270 CVE-2024-26745 bsc#1222678).
+- commit 6398fc1
+
+- Update
+  patches.suse/l2tp-pass-correct-message-length-to-ip6_append_data.patch
+  (bsc#1220419 CVE-2024-26752 bsc#1222667).
+- commit 1a3becd
+
+- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
+  (bsc#1222619).
+- commit a9c1ee0
+
+- Update
+  patches.suse/crypto-arm64-neonbs-fix-out-of-bounds-access-on-shor.patch
+  (git-fixes CVE-2024-26789).
+- commit 270f850
+
+- Update
+  patches.suse/usb-cdns3-fix-memory-double-free-when-handle-zero-pa.patch
+  (bsc#1222513 CVE-2024-26748).
+  Added CVE references
+- commit b3e425f
+
+- Update
+  patches.suse/usb-dwc3-gadget-Fix-NULL-pointer-dereference-in-dwc3.patch
+  (bsc#1222561 CVE-2024-26715).
+  Added CVE reference
+- commit ebacab7
+
+- Update
+  patches.suse/powerpc-pseries-iommu-DLPAR-add-doesn-t-completely-i.patch
+  (bsc#1215199 bsc#1219077 ltc#204477 CVE-2024-26738).
+- commit d6e4ef3
+
+- Update
+  patches.suse/drm-amd-display-Fix-array-index-out-of-bounds-in-dcn.patch
+  (git-fixes CVE-2024-26699 bsc#1222602).
+- commit f52d16e
+
+- Update
+  patches.suse/crypto-virtio-akcipher-Fix-stack-overflow-on-memcpy.patch
+  (git-fixes CVE-2024-26753 bsc#1222601).
+- commit 0099199
+
+- Update
+  patches.suse/ceph-prevent-use-after-free-in-encode_cap_msg.patch
+  (bsc#1221391 CVE-2024-26689).
+- commit 8a44287
+
+- Update
+  patches.suse/btrfs-do-not-ASSERT-if-the-newly-created-subvolume-a.patch
+  (bsc#1219126 CVE-2024-26727 bsc#1222536).
+- commit 7bb93e9
+
+- Update
+  patches.suse/net-mlx5-DPLL-Fix-possible-use-after-free-after-dela.patch
+  (git-fixes CVE-2024-26724 bsc#1222523).
+- commit bb60edc
+
+- Update
+  patches.suse/ASoC-rt5645-Fix-deadlock-in-rt5645_jack_detect_work.patch
+  (git-fixes CVE-2024-26722 bsc#1222520).
+- commit f0aaca0
+
+- Update
+  patches.suse/netdevsim-avoid-potential-loop-in-nsim_dev_trap_repo.patch
+  (git-fixes CVE-2024-26681 bsc#1222431).
+- commit 12b3ceb
+
+- Update patches.suse/wifi-iwlwifi-fix-double-free-bug.patch
+  (git-fixes CVE-2024-26694 bsc#1222466).
+- commit 5048255
+
+- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
+  (bsc#1219264 CVE-2024-0841).
+- commit 440934e
+
+- Update
+  patches.suse/HID-i2c-hid-of-fix-NULL-deref-on-failed-power-up.patch
+  (git-fixes CVE-2024-26717 bsc#1222360).
+- Update
+  patches.suse/arm64-entry-fix-ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD.patch
+  (git-fixes CVE-2024-26670 bsc#1222356).
+- Update
+  patches.suse/crypto-ccp-Fix-null-pointer-dereference-in-__sev_pla.patch
+  (git-fixes CVE-2024-26695 bsc#1222373).
+- Update
+  patches.suse/dpll-fix-possible-deadlock-during-netlink-dump-opera.patch
+  (jsc#PED-6079 CVE-2024-26725 bsc#1222369).
+- Update
+  patches.suse/drm-amd-display-Add-NULL-test-for-timing-generator-i.patch
+  (git-fixes CVE-2024-26661 bsc#1222323).
+- Update
+  patches.suse/drm-amd-display-Fix-panel_cntl-could-be-null-in-dcn2.patch
+  (git-fixes CVE-2024-26662 bsc#1222324).
+- Update
+  patches.suse/drm-amd-display-Implement-bounds-check-for-stream-en.patch
+  (git-fixes CVE-2024-26660 bsc#1222266).
+- Update
+  patches.suse/drm-amd-display-fix-null-pointer-dereference-on-edid.patch
+  (git-fixes CVE-2024-26728 bsc#1222370).
+- Update
+  patches.suse/drm-amdgpu-Fix-variable-mca_funcs-dereferenced-befor.patch
+  (git-fixes CVE-2024-26672 bsc#1222358).
+- Update
+  patches.suse/drm-i915-dsc-Fix-the-macro-that-calculates-DSCC_-DSC.patch
+  (git-fixes CVE-2024-26721 bsc#1222365).
+- Update
+  patches.suse/drm-msm-dpu-check-for-valid-hw_pp-in-dpu_encoder_hel.patch
+  (git-fixes CVE-2024-26667 bsc#1222331).
+- Update
+  patches.suse/hwmon-coretemp-Fix-out-of-bounds-memory-access.patch
+  (git-fixes CVE-2024-26664 bsc#1222355).
+- Update
+  patches.suse/lan966x-Fix-crash-when-adding-interface-under-a-lag.patch
+  (git-fixes CVE-2024-26723 bsc#1222367).
+- Update
+  patches.suse/mm-writeback-fix-possible-divide-by-zero-in-wb_dirty_limits-again.patch
+  (git-fixes CVE-2024-26720 bsc#1222364).
+- Update
+  patches.suse/msft-hv-2940-hv_netvsc-Fix-race-condition-between-netvsc_probe-an.patch
+  (git-fixes CVE-2024-26698 bsc#1222374).
+- Update
+  patches.suse/sr9800-Add-check-for-usbnet_get_endpoints.patch
+  (git-fixes CVE-2024-26651 bsc#1221337).
+- Update
+  patches.suse/usb-core-Prevent-null-pointer-dereference-in-update_.patch
+  (git-fixes CVE-2024-26716 bsc#1222359).
+- Update
+  patches.suse/wifi-mac80211-fix-RCU-use-in-TDLS-fast-xmit.patch
+  (git-fixes CVE-2024-26666 bsc#1222293).
+- Update
+  patches.suse/xhci-handle-isoc-Babble-and-Buffer-Overrun-events-pr.patch
+  (git-fixes CVE-2024-26659 bsc#1222317).
+- commit 967a843
+
+- Update
+  patches.suse/KVM-s390-vsie-fix-race-during-shadow-creation.patch
+  (git-fixes bsc#1219810 CVE-2023-52639 bsc#1222300).
+- Update
+  patches.suse/can-j1939-Fix-UAF-in-j1939_sk_match_filter-during-se.patch
+  (git-fixes CVE-2023-52637 bsc#1222291).
+- Update
+  patches.suse/can-j1939-prevent-deadlock-by-changing-j1939_socks_l.patch
+  (git-fixes CVE-2023-52638 bsc#1222299).
+- Update
+  patches.suse/drm-amd-display-Fix-disable_otg_wa-logic.patch
+  (git-fixes CVE-2023-52634 bsc#1222278).
+- Update
+  patches.suse/drm-amd-display-Refactor-DMCUB-enter-exit-idle-inter.patch
+  (git-fixes CVE-2023-52625 bsc#1222085).
+- Update
+  patches.suse/drm-amd-display-Wake-DMCUB-before-executing-GPINT-co.patch
+  (git-fixes CVE-2023-52624 bsc#1222083).
+- Update
+  patches.suse/drm-amdkfd-Fix-lock-dependency-warning-with-srcu.patch
+  (git-fixes CVE-2023-52632 bsc#1222274).
+- Update
+  patches.suse/libceph-just-wait-for-more-data-to-be-available-on-th.patch
+  (bsc#1221390 CVE-2023-52636 bsc#1222247).
+- Update
+  patches.suse/netfilter-nftables-exthdr-fix-4-byte-stack-OOB-write.patch
+  (CVE-2023-4881 bsc#1215221 CVE-2023-52628 bsc#1222117).
+- commit dc877fc
+
+- selinux: saner handling of policy reloads (bsc#1222230).
+- commit 35fdf2d
+
+- Move upstreamed patches into sorted section
+- commit ebe113d
+
+- blacklist.conf: fbdev: flush deferred IO before closing (bsc#1221814)
+- commit 6339fe4
+
+- netfilter: nf_tables: skip set commit for deleted/destroyed sets
+  (CVE-2024-0193 bsc#1218495).
+- commit e7bf1c3
+
+- Revert "fbdev: flush deferred IO before closing (git-fixes)." (bsc#1221814)
+  This reverts commit 81476d7e609a6d383f3d404542eebc93cebd0a4d.
+  This fixes bsc#1221814
+- commit a7a9087
+
+- net: pds_core: Fix possible double free in error handling path
+  (git-fixes).
+- commit 2613145
+
kernel-syms
+- Update kabi files: updated for post-PublicRC
+- commit f978f5f
+
+- Update
+  patches.suse/Bluetooth-btrtl-fix-out-of-bounds-memory-access.patch
+  (git-fixes CVE-2024-26890 bsc#1223192).
+- Update
+  patches.suse/RDMA-mlx5-Fix-fortify-source-warning-while-accessing.patch
+  (jsc#PED-3311 CVE-2024-26907 bsc#1223203).
+- Update
+  patches.suse/Revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-e.patch
+  (git-fixes CVE-2024-26916 bsc#1223137).
+- Update
+  patches.suse/crypto-xilinx-call-finalize-with-bh-disabled.patch
+  (git-fixes CVE-2024-26877 bsc#1223140).
+- Update
+  patches.suse/dm-call-the-resume-method-on-internal-suspend-65e8.patch
+  (git-fixes CVE-2024-26880 bsc#1223188).
+- Update
+  patches.suse/drm-amd-display-Fix-dcn35-8k30-Underflow-Corruption-.patch
+  (git-fixes CVE-2024-26913 bsc#1223204).
+- Update
+  patches.suse/drm-amd-display-fix-incorrect-mpc_combine-array-size.patch
+  (git-fixes CVE-2024-26914 bsc#1223205).
+- Update patches.suse/drm-amdgpu-Reset-IH-OVERFLOW_CLEAR-bit.patch
+  (git-fixes CVE-2024-26915 bsc#1223207).
+- Update
+  patches.suse/firmware-arm_scmi-Fix-double-free-in-SMC-transport-c.patch
+  (git-fixes CVE-2024-26893 bsc#1223196).
+- Update
+  patches.suse/net-tls-fix-use-after-free-with-partial-reads-and-as.patch
+  (bsc#1221858 CVE-2024-26582 bsc#1220214).
+- Update
+  patches.suse/wifi-ath9k-delay-all-of-ath9k_wmi_event_tasklet-unti.patch
+  (git-fixes CVE-2024-26897 bsc#1223323).
+- Update
+  patches.suse/wifi-mt76-mt7921e-fix-use-after-free-in-free_irq.patch
+  (git-fixes CVE-2024-26892 bsc#1223195).
+- Update
+  patches.suse/wifi-wilc1000-prevent-use-after-free-on-vif-when-cle.patch
+  (git-fixes CVE-2024-26895 bsc#1223197).
+- commit d9b565f
+
+- Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing
+  Adv Monitor (bsc#1219216).
+- commit 81c5485
+
+- Update
+  patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch
+  (bsc#1219264 CVE-2024-0841 CVE-2024-26688 bsc#1222482).
+- Update
+  patches.suse/0002-iommu-vt-d-Don-t-issue-ATS-Invalidation-request-when.patch
+  (git-fixes CVE-2024-26891 bsc#1223037).
+- Update
+  patches.suse/ACPI-processor_idle-Fix-memory-leak-in-acpi_processo.patch
+  (git-fixes CVE-2024-26894 bsc#1223043).
+- Update
+  patches.suse/ASoC-qcom-Fix-uninitialized-pointer-dmactl.patch
+  (git-fixes CVE-2024-26799 bsc#1222415).
+- Update
+  patches.suse/Bluetooth-Avoid-potential-use-after-free-in-hci_erro.patch
+  (git-fixes CVE-2024-26801 bsc#1222413).
+- Update patches.suse/Bluetooth-af_bluetooth-Fix-deadlock.patch
+  (git-fixes CVE-2024-26886 bsc#1223044).
+- Update
+  patches.suse/IB-hfi1-Fix-a-memleak-in-init_credit_return.patch
+  (git-fixes CVE-2024-26839 bsc#1222975).
+- Update
+  patches.suse/RDMA-irdma-Fix-KASAN-issue-with-tasklet.patch
+  (git-fixes CVE-2024-26838 bsc#1222974).
+- Update
+  patches.suse/RDMA-srpt-Do-not-register-event-handler-until-srpt-d.patch
+  (git-fixes CVE-2024-26872 bsc#1223115).
+- Update
+  patches.suse/afs-Fix-endless-loop-in-directory-parsing.patch
+  (git-fixes CVE-2024-26848 bsc#1223030).
+- Update
+  patches.suse/afs-Increase-buffer-size-in-afs_update_volume_status.patch
+  (git-fixes CVE-2024-26736 bsc#1222586).
+- Update
+  patches.suse/btrfs-fix-double-free-of-anonymous-device-after-snap.patch
+  (bsc#1219126 CVE-2024-23850 CVE-2024-26792 bsc#1222430).
+- Update
+  patches.suse/cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch
+  (bsc#1220265 CVE-2024-26840 bsc#1222976).
+- Update
+  patches.suse/ceph-prevent-use-after-free-in-encode_cap_msg.patch
+  (bsc#1221391 CVE-2024-26689 bsc#1222503).
+- Update
+  patches.suse/clk-meson-Add-missing-clocks-to-axg_clk_regmaps.patch
+  (git-fixes CVE-2024-26879 bsc#1223066).
+- Update
+  patches.suse/crypto-algif_hash-Remove-bogus-SGL-free-on-zero-leng.patch
+  (git-fixes CVE-2024-26824 bsc#1223081).
+- Update
+  patches.suse/dmaengine-fsl-qdma-init-irq-after-reg-initialization.patch
+  (git-fixes CVE-2024-26788 bsc#1222783).
+- Update
+  patches.suse/dmaengine-idxd-Ensure-safe-user-copy-of-completion-r.patch
+  (bsc#1221428 git-fixes CVE-2024-26746 bsc#1222444).
+- Update
+  patches.suse/drm-amd-display-Fix-MST-Null-Ptr-for-RV.patch
+  (git-fixes CVE-2024-26700 bsc#1222870).
+- Update
+  patches.suse/drm-amd-display-Fix-memory-leak-in-dm_sw_fini.patch
+  (git-fixes CVE-2024-26833 bsc#1223036).
+- Update
+  patches.suse/drm-amd-display-Fix-potential-null-pointer-dereferen.patch
+  (git-fixes CVE-2024-26729 bsc#1222552).
+- Update
+  patches.suse/drm-amd-display-Prevent-potential-buffer-overflow-in.patch
+  (git-fixes CVE-2024-26797 bsc#1222425).
+- Update
+  patches.suse/drm-bridge-adv7511-fix-crash-on-irq-during-probe.patch
+  (git-fixes CVE-2024-26876 bsc#1223119).
+- Update
+  patches.suse/drm-buddy-Fix-alloc_range-error-handling-code.patch
+  (git-fixes CVE-2024-26911 bsc#1223055).
+- Update
+  patches.suse/drm-mediatek-Fix-a-null-pointer-crash-in-mtk_drm_crt.patch
+  (git-fixes CVE-2024-26874 bsc#1223048).
+- Update
+  patches.suse/drm-nouveau-fix-several-DMA-buffer-leaks.patch
+  (git-fixes CVE-2024-26912 bsc#1223064).
+- Update
+  patches.suse/efi-runtime-Fix-potential-overflow-of-soft-reserved-.patch
+  (git-fixes CVE-2024-26843 bsc#1223014).
+- Update
+  patches.suse/fbcon-always-restore-the-old-font-data-in-fbcon_do_s.patch
+  (git-fixes CVE-2024-26798 bsc#1222798).
+- Update
+  patches.suse/i40e-Do-not-allow-untrusted-VF-to-remove-administrat.patch
+  (git-fixes CVE-2024-26830 bsc#1223012).
+- Update
+  patches.suse/iio-adc-ad4130-zero-initialize-clock-init-data.patch
+  (git-fixes CVE-2024-26711 bsc#1222420).
+- Update
+  patches.suse/md-Don-t-suspend-the-array-for-interrupted-reshape-9e46.patch
+  (git-fixes CVE-2024-26755 bsc#1222529).
+- Update patches.suse/media-ir_toy-fix-a-memleak-in-irtoy_tx.patch
+  (git-fixes CVE-2024-26829 bsc#1223027).
+- Update
+  patches.suse/media-pvrusb2-fix-uaf-in-pvr2_context_set_notify.patch
+  (git-fixes CVE-2024-26875 bsc#1223118).
+- Update
+  patches.suse/msft-hv-2942-hv_netvsc-Register-VF-in-netvsc_probe-if-NET_DEVICE_.patch
+  (git-fixes CVE-2024-26820 bsc#1223078).
+- Update
+  patches.suse/net-bnx2x-Prevent-access-to-a-freed-page-in-page_poo.patch
+  (bsc#1215322 CVE-2024-26859 bsc#1223049).
+- Update
+  patches.suse/net-veth-clear-GRO-when-clearing-XDP-even-when-down.patch
+  (git-fixes CVE-2024-26803 bsc#1222788).
+- Update
+  patches.suse/nfc-nci-free-rx_data_reassembly-skb-on-NCI-device-cl.patch
+  (git-fixes CVE-2024-26825 bsc#1223065).
+- Update
+  patches.suse/nilfs2-fix-data-corruption-in-dsync-block-recovery-f.patch
+  (git-fixes CVE-2024-26697 bsc#1222550).
+- Update
+  patches.suse/nilfs2-fix-hang-in-nilfs_lookup_dirty_data_buffers.patch
+  (git-fixes CVE-2024-26696 bsc#1222549).
+- Update
+  patches.suse/powerpc-iommu-Fix-the-missing-iommu_group_put-during.patch
+  (jsc#PED-7779 jsc#PED-7780 git-fixes CVE-2024-26709
+  bsc#1222418).
+- Update
+  patches.suse/powerpc-kasan-Limit-KASAN-thread-size-increase-to-32.patch
+  (bsc#1215199 CVE-2024-26710 bsc#1222419).
+- Update
+  patches.suse/powerpc-pseries-iommu-DLPAR-add-doesn-t-completely-i.patch
+  (bsc#1215199 bsc#1219077 ltc#204477 CVE-2024-26738 bsc#1222607).
+- Update
+  patches.suse/powerpc-rtas-use-correct-function-name-for-resetting.patch
+  (bsc#1215199 CVE-2024-26847 bsc#1223026).
+- Update patches.suse/ppp_async-limit-MRU-to-64K.patch (git-fixes
+  CVE-2024-26675 bsc#1222379).
+- Update
+  patches.suse/scsi-Revert-scsi-fcoe-Fix-potential-deadlock-on-fip-ctlr_lock.patch
+  (git-fixes bsc#1219141 CVE-2024-26917 bsc#1223056).
+- Update
+  patches.suse/wifi-iwlwifi-mvm-fix-a-crash-when-we-run-out-of-stat.patch
+  (git-fixes CVE-2024-26693 bsc#1222451).
+- Update
+  patches.suse/wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch
+  (git-fixes CVE-2024-26779 bsc#1222772).
+- Update
+  patches.suse/wifi-wfx-fix-memory-leak-when-starting-AP.patch
+  (git-fixes CVE-2024-26896 bsc#1223042).
+- Update
+  patches.suse/xen-events-close-evtchn-after-mapping-cleanup.patch
+  (git-fixes CVE-2024-26687 bsc#1222435).
+- commit a69636a
+
+- Update
+  patches.suse/iio-core-fix-memleak-in-iio_device_register_sysfs.patch
+  (git-fixes CVE-2023-52643 bsc#1222960).
+- Update
+  patches.suse/media-rc-bpf-attach-detach-requires-write-permission.patch
+  (git-fixes CVE-2023-52642 bsc#1223031).
+- Update
+  patches.suse/wifi-b43-Stop-wake-correct-queue-in-DMA-Tx-path-when.patch
+  (git-fixes CVE-2023-52644 bsc#1222961).
+- commit 2c2d37f
+
+- Update patch reference of iio fix (CVE-2024-26702 bsc#1222424)
+- commit 9436142
+
+- nvme-tcp: strict pdu pacing to avoid send stalls on TLS
+  (bsc#1221858).
+- tls: fix peeking with sync+async decryption (bsc#1221858).
+- tls: don't skip over different type records from the rx_list
+  (bsc#1221858).
+- tls: stop recv() if initial process_rx_list gave us non-DATA
+  (bsc#1221858).
+- tls: break out of main loop when PEEK gets a non-data record
+  (bsc#1221858).
+- net: tls: fix returned read length with async decrypt
+  (bsc#1221858).
+- net: tls: fix use-after-free with partial reads and async
+  (bsc#1221858).
+- net: tls, fix WARNIING in __sk_msg_free (bsc#1221858).
+- commit 9d8d293
+
kernel-syms-azure
+- Refresh
+  patches.suse/kdump-implement-reserve_crashkernel_cma.patch.
+  (don't print about zero-sized CMA reservation)
+- commit 14e6598
+
+- Update
+  patches.suse/usb-roles-fix-NULL-pointer-issue-when-put-module-s-r.patch
+  (bsc#1222609 CVE-2024-26747).
+  Added CVE reference
+- commit 5db3e1d
+
+- powerpc/pseries/iommu: LPAR panics when rebooted with a frozen
+  PE (bsc#1222011 ltc#205900).
+- commit a6aad75
+
+- Update
+  patches.suse/0001-s390-cio-fix-race-condition-during-online-processing.patch
+  (bsc#1219485 bsc#1219451).
+- Update patches.suse/0001-s390-qdio-handle-deferred-cc1.patch
+  (bsc#1219485 bsc#1219451).
+- Update
+  patches.suse/s390-cio-fix-invalid-EBUSY-on-ccw_device_start.patch
+  (git-fixes bsc#1220360 bsc#1219485 bsc#1219451).
+- Update patches.suse/s390-qeth-handle-deferred-cc1.patch
+  (bsc#1219485 git-fixes bsc#1219451).
+- commit 097f888
+
+- Update
+  patches.suse/fbdev-savage-Error-out-if-pixclock-equals-zero.patch
+  (git-fixes CVE-2024-26778 bsc#1222770).
+- commit fbfa53e
+
+- Update
+  patches.suse/fbdev-sis-Error-out-if-pixclock-equals-zero.patch
+  (git-fixes CVE-2024-26777 bsc#1222765).
+- commit 4648979
+
+- Update
+  patches.suse/tls-fix-use-after-free-on-failed-backlog-decryption.patch
+  (CVE-2024-26584 bsc#1220186 CVE-2024-26800 bsc#1222728).
+- commit 6cb76c6
+
+- crash: use macro to add crashk_res into iomem early for specific
+  arch (jsc#PED-7249, bsc#1222742).
+  Refresh patches.suse/kdump-implement-reserve_crashkernel_cma.patch.
+- commit b256f70
+
+- blacklist.conf: Disable irrelevant patch
+  We don't have syscall hardening in our kernels.
+- commit 36739c9
+
+- x86/bugs: Fix BHI documentation (git-fixes).
+- commit b981493
+
+- kprobes: Fix double free of kretprobe_holder (bsc#1220901).
+- commit 6f75bb6
+
+- "nouveau: offload fence uevents work to workqueue"
+  Reference bug report and CVE number.
+- commit 92c99bd
+
+- Update patches.suse/RDMA-srpt-Support-specifying-the-srpt_service_guid-p.patch
+  (git-fixes bsc#1222449 CVE-2024-26744)
+- Update patches.suse/RDMA-qedr-Fix-qedr_create_user_qp-error-flow.patch
+  (git-fixes bsc#1222677 CVE-2024-26743)
+- Update patches.suse/IB-hfi1-Fix-sdma.h-tx-num_descs-off-by-one-error.patch
+  (git-fixes bsc#1222726 CVE-2024-26766)
+- commit 3b16fea
+
+- Revert patches.suse/tcp-get-rid-of-sysctl_tcp_adv_win_scale.patch
+  (bsc#1220419 bsc#1222656).
+- Revert patches.suse/mptcp-fix-rcv-buffer-auto-tuning.patch
+  (bsc#1220419 bsc#1222656).
+- Refresh
+  patches.suse/tcp-reorganize-tcp_sock-fast-path-variables.patch.
+  Revert dfa2f0483360 ("tcp: get rid of sysctl_tcp_adv_win_scale") to
+  resolve a performance regression in HTML traffic.
+- commit e2e7d0b
+
+- udp: Avoid call to compute_score on multiple sites
+  (bsc#1220709).
+- commit 78244c6
+
+- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes).
+- commit 3d18f9a
+
+- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto  (git-fixes).
+- Update config files.
+- commit b2f373b
+
+- x86/bugs: Fix BHI handling of RRSBA (git-fixes).
+- commit 66c46fb
+
+- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (git-fixes).
+- commit 6aec207
+
+- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes).
+- commit 1fdb38f
+
+- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes).
+- commit 13662e2
+
+- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (bsc#1222823).
+- Refresh patches.suse/x86-bhi-Add-BHI-mitigation-knob.patch.
+- commit 1bc31f7
+
+- KVM: x86: Add BHI_NO (bsc#1222823).
+- commit 07366ce
+
+- x86/bhi: Mitigate KVM by default (bsc#1222823).
+- commit 64cbcbe
+
+- x86/bhi: Add BHI mitigation knob (bsc#1222823).
+- Update config files.
+- commit 65ced6f
+
+- x86/bhi: Enumerate Branch History Injection (BHI) bug (bsc#1222823).
+- commit 5ca568d
+
+- x86/bhi: Define SPEC_CTRL_BHI_DIS_S (bsc#1222823).
+- commit 496b11d
+
+- x86/bhi: Add support for clearing branch history at syscall entry (bsc#1222823).
+- commit dee5dff
+
+- Update
+  patches.suse/net-pds_core-Fix-possible-double-free-in-error-handl.patch
+  (git-fixes CVE-2024-26652 bsc#1222115).
+  Added CVE reference.
+- commit 070cd49
+
+- Update
+  patches.suse/net-atlantic-Fix-DMA-mapping-for-PTP-hwts-ring.patch
+  (git-fixes bsc#1222427 CVE-2024-26680).
+  Added CVE reference.
+- commit 97f0341
+
+- s390/cio: fix race condition during online processing
+  (bsc#1219485).
+- commit 83d7614
+
+- s390/qdio: handle deferred cc1 (bsc#1219485).
+- commit aec0983
+
+- s390/qeth: handle deferred cc1 (bsc#1219485 git-fixes).
+- commit 6c10bf2
+
+- Update
+  patches.suse/s390-cio-fix-invalid-EBUSY-on-ccw_device_start.patch
+  (git-fixes bsc#1220360 bsc#1219485).
+- commit 174a4e8
+
+- Update patches.suse/mmc-mmci-stm32-fix-DMA-API-overlapping-mappings-warn.patch (git-fixes CVE-2024-26787 bsc#1222781)
+- commit 2816ca9
+
+- Update patches.suse/dmaengine-fsl-qdma-fix-SoC-may-hang-on-16-byte-unali.patch (git-fixes CVE-2024-26790 bsc#1222784)
+- commit 0d6086f
+
+- Update patches.suse/spi-hisi-sfc-v3xx-Return-IRQ_NONE-if-no-interrupts-w.patch (git-fixes CVE-2024-26776 bsc#1222764)
+- commit ec068f3
+
+- Update to add bsc#1222531, CVE-2024-26756 references,
+  patches.suse/md-Don-t-register-sync_thread-for-reshape-directly-ad39.patch
+  (bsc#1219596, bsc#1222531, CVE-2024-26756).
+- commit de5884e
+
+- Update to add bsc#1222527, CVE-2024-26757 references,
+  patches.suse/md-Don-t-ignore-read-only-array-in-md_check_recovery-55a4.patch
+  (bsc#1219596, bsc#1222527, CVE-2024-26757).
+- commit 0b6b491
+
+- Update to add bsc# and CVE tags,
+  patches.suse/dm-crypt-dm-verity-disable-tasklets-0a9b.patch
+  (bsc#1222416, CVE-2024-26718).
+- commit 59bf5a5
+
+- Update to add bsc# and CVE tags,
+  patches.suse/dm-crypt-don-t-modify-the-data-when-using-authentica-50c7.patch
+  (bsc#1222720, CVE-2024-26763).
+- commit 710cd5e
+
+- Update patches.suse/ARM-ep93xx-Add-terminator-to-gpiod_lookup_table.patch (git-fixes CVE-2024-26751 bsc#1222724)
+- commit a85b7fa
+
+- Update patches.suse/dmaengine-ti-edma-Add-some-null-pointer-checks-to-th.patch (git-fixes CVE-2024-26771 bsc#1222610)
+- commit b7bab4f
+
+- Update
+  patches.suse/gtp-fix-use-after-free-and-null-ptr-deref-in-gtp_gen.patch
+  (git-fixes CVE-2024-26754 bsc#1222632).
+- commit 0bddcea
+
+- Update
+  patches.suse/crypto-arm64-neonbs-fix-out-of-bounds-access-on-shor.patch
+  (git-fixes CVE-2024-26789 bsc#1222626).
+- commit 9c3828e
+
+- KVM: arm64: pmu: Resync EL0 state on counter rotation
+  (bsc#1219475).
+- commit 99d8e75
+
+- KVM: arm64: Always invalidate TLB for stage-2 permission faults
+  (bsc#1219478).
+- commit 1762ca5
+
+- Update
+  patches.suse/usb-cdns3-fixed-memory-use-after-free-at-cdns3_gadge.patch
+  (git-fixes CVE-2024-26749 bsc#1222680).
+- commit e627f8d
+
+- Update
+  patches.suse/powerpc-pseries-iommu-IOMMU-table-is-not-initialized.patch
+  (bsc#1220492 ltc#205270 CVE-2024-26745 bsc#1222678).
+- commit 6398fc1
+
+- Update
+  patches.suse/l2tp-pass-correct-message-length-to-ip6_append_data.patch
+  (bsc#1220419 CVE-2024-26752 bsc#1222667).
+- commit 1a3becd
+
+- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
+  (bsc#1222619).
+- commit a9c1ee0
+
+- Update
+  patches.suse/crypto-arm64-neonbs-fix-out-of-bounds-access-on-shor.patch
+  (git-fixes CVE-2024-26789).
+- commit 270f850
+
+- Update
+  patches.suse/usb-cdns3-fix-memory-double-free-when-handle-zero-pa.patch
+  (bsc#1222513 CVE-2024-26748).
+  Added CVE references
+- commit b3e425f
+
+- Update
+  patches.suse/usb-dwc3-gadget-Fix-NULL-pointer-dereference-in-dwc3.patch
+  (bsc#1222561 CVE-2024-26715).
+  Added CVE reference
+- commit ebacab7
+
+- Update
+  patches.suse/powerpc-pseries-iommu-DLPAR-add-doesn-t-completely-i.patch
+  (bsc#1215199 bsc#1219077 ltc#204477 CVE-2024-26738).
+- commit d6e4ef3
+
+- Update
+  patches.suse/drm-amd-display-Fix-array-index-out-of-bounds-in-dcn.patch
+  (git-fixes CVE-2024-26699 bsc#1222602).
+- commit f52d16e
+
+- Update
+  patches.suse/crypto-virtio-akcipher-Fix-stack-overflow-on-memcpy.patch
+  (git-fixes CVE-2024-26753 bsc#1222601).
+- commit 0099199
+
+- Update
+  patches.suse/ceph-prevent-use-after-free-in-encode_cap_msg.patch
+  (bsc#1221391 CVE-2024-26689).
+- commit 8a44287
+
+- Update
+  patches.suse/btrfs-do-not-ASSERT-if-the-newly-created-subvolume-a.patch
+  (bsc#1219126 CVE-2024-26727 bsc#1222536).
+- commit 7bb93e9
+
+- Update
+  patches.suse/net-mlx5-DPLL-Fix-possible-use-after-free-after-dela.patch
+  (git-fixes CVE-2024-26724 bsc#1222523).
+- commit bb60edc
+
+- Update
+  patches.suse/ASoC-rt5645-Fix-deadlock-in-rt5645_jack_detect_work.patch
+  (git-fixes CVE-2024-26722 bsc#1222520).
+- commit f0aaca0
+
+- Update
+  patches.suse/netdevsim-avoid-potential-loop-in-nsim_dev_trap_repo.patch
+  (git-fixes CVE-2024-26681 bsc#1222431).
+- commit 12b3ceb
+
+- Update patches.suse/wifi-iwlwifi-fix-double-free-bug.patch
+  (git-fixes CVE-2024-26694 bsc#1222466).
+- commit 5048255
+
+- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
+  (bsc#1219264 CVE-2024-0841).
+- commit 440934e
+
+- Update
+  patches.suse/HID-i2c-hid-of-fix-NULL-deref-on-failed-power-up.patch
+  (git-fixes CVE-2024-26717 bsc#1222360).
+- Update
+  patches.suse/arm64-entry-fix-ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD.patch
+  (git-fixes CVE-2024-26670 bsc#1222356).
+- Update
+  patches.suse/crypto-ccp-Fix-null-pointer-dereference-in-__sev_pla.patch
+  (git-fixes CVE-2024-26695 bsc#1222373).
+- Update
+  patches.suse/dpll-fix-possible-deadlock-during-netlink-dump-opera.patch
+  (jsc#PED-6079 CVE-2024-26725 bsc#1222369).
+- Update
+  patches.suse/drm-amd-display-Add-NULL-test-for-timing-generator-i.patch
+  (git-fixes CVE-2024-26661 bsc#1222323).
+- Update
+  patches.suse/drm-amd-display-Fix-panel_cntl-could-be-null-in-dcn2.patch
+  (git-fixes CVE-2024-26662 bsc#1222324).
+- Update
+  patches.suse/drm-amd-display-Implement-bounds-check-for-stream-en.patch
+  (git-fixes CVE-2024-26660 bsc#1222266).
+- Update
+  patches.suse/drm-amd-display-fix-null-pointer-dereference-on-edid.patch
+  (git-fixes CVE-2024-26728 bsc#1222370).
+- Update
+  patches.suse/drm-amdgpu-Fix-variable-mca_funcs-dereferenced-befor.patch
+  (git-fixes CVE-2024-26672 bsc#1222358).
+- Update
+  patches.suse/drm-i915-dsc-Fix-the-macro-that-calculates-DSCC_-DSC.patch
+  (git-fixes CVE-2024-26721 bsc#1222365).
+- Update
+  patches.suse/drm-msm-dpu-check-for-valid-hw_pp-in-dpu_encoder_hel.patch
+  (git-fixes CVE-2024-26667 bsc#1222331).
+- Update
+  patches.suse/hwmon-coretemp-Fix-out-of-bounds-memory-access.patch
+  (git-fixes CVE-2024-26664 bsc#1222355).
+- Update
+  patches.suse/lan966x-Fix-crash-when-adding-interface-under-a-lag.patch
+  (git-fixes CVE-2024-26723 bsc#1222367).
+- Update
+  patches.suse/mm-writeback-fix-possible-divide-by-zero-in-wb_dirty_limits-again.patch
+  (git-fixes CVE-2024-26720 bsc#1222364).
+- Update
+  patches.suse/msft-hv-2940-hv_netvsc-Fix-race-condition-between-netvsc_probe-an.patch
+  (git-fixes CVE-2024-26698 bsc#1222374).
+- Update
+  patches.suse/sr9800-Add-check-for-usbnet_get_endpoints.patch
+  (git-fixes CVE-2024-26651 bsc#1221337).
+- Update
+  patches.suse/usb-core-Prevent-null-pointer-dereference-in-update_.patch
+  (git-fixes CVE-2024-26716 bsc#1222359).
+- Update
+  patches.suse/wifi-mac80211-fix-RCU-use-in-TDLS-fast-xmit.patch
+  (git-fixes CVE-2024-26666 bsc#1222293).
+- Update
+  patches.suse/xhci-handle-isoc-Babble-and-Buffer-Overrun-events-pr.patch
+  (git-fixes CVE-2024-26659 bsc#1222317).
+- commit 967a843
+
+- Update
+  patches.suse/KVM-s390-vsie-fix-race-during-shadow-creation.patch
+  (git-fixes bsc#1219810 CVE-2023-52639 bsc#1222300).
+- Update
+  patches.suse/can-j1939-Fix-UAF-in-j1939_sk_match_filter-during-se.patch
+  (git-fixes CVE-2023-52637 bsc#1222291).
+- Update
+  patches.suse/can-j1939-prevent-deadlock-by-changing-j1939_socks_l.patch
+  (git-fixes CVE-2023-52638 bsc#1222299).
+- Update
+  patches.suse/drm-amd-display-Fix-disable_otg_wa-logic.patch
+  (git-fixes CVE-2023-52634 bsc#1222278).
+- Update
+  patches.suse/drm-amd-display-Refactor-DMCUB-enter-exit-idle-inter.patch
+  (git-fixes CVE-2023-52625 bsc#1222085).
+- Update
+  patches.suse/drm-amd-display-Wake-DMCUB-before-executing-GPINT-co.patch
+  (git-fixes CVE-2023-52624 bsc#1222083).
+- Update
+  patches.suse/drm-amdkfd-Fix-lock-dependency-warning-with-srcu.patch
+  (git-fixes CVE-2023-52632 bsc#1222274).
+- Update
+  patches.suse/libceph-just-wait-for-more-data-to-be-available-on-th.patch
+  (bsc#1221390 CVE-2023-52636 bsc#1222247).
+- Update
+  patches.suse/netfilter-nftables-exthdr-fix-4-byte-stack-OOB-write.patch
+  (CVE-2023-4881 bsc#1215221 CVE-2023-52628 bsc#1222117).
+- commit dc877fc
+
+- selinux: saner handling of policy reloads (bsc#1222230).
+- commit 35fdf2d
+
+- Move upstreamed patches into sorted section
+- commit ebe113d
+
+- blacklist.conf: fbdev: flush deferred IO before closing (bsc#1221814)
+- commit 6339fe4
+
+- netfilter: nf_tables: skip set commit for deleted/destroyed sets
+  (CVE-2024-0193 bsc#1218495).
+- commit e7bf1c3
+
+- Revert "fbdev: flush deferred IO before closing (git-fixes)." (bsc#1221814)
+  This reverts commit 81476d7e609a6d383f3d404542eebc93cebd0a4d.
+  This fixes bsc#1221814
+- commit a7a9087
+
+- net: pds_core: Fix possible double free in error handling path
+  (git-fixes).
+- commit 2613145
+
kernel-zfcpdump
+- Update kabi files: updated for post-PublicRC
+- commit f978f5f
+
+- Update
+  patches.suse/Bluetooth-btrtl-fix-out-of-bounds-memory-access.patch
+  (git-fixes CVE-2024-26890 bsc#1223192).
+- Update
+  patches.suse/RDMA-mlx5-Fix-fortify-source-warning-while-accessing.patch
+  (jsc#PED-3311 CVE-2024-26907 bsc#1223203).
+- Update
+  patches.suse/Revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-e.patch
+  (git-fixes CVE-2024-26916 bsc#1223137).
+- Update
+  patches.suse/crypto-xilinx-call-finalize-with-bh-disabled.patch
+  (git-fixes CVE-2024-26877 bsc#1223140).
+- Update
+  patches.suse/dm-call-the-resume-method-on-internal-suspend-65e8.patch
+  (git-fixes CVE-2024-26880 bsc#1223188).
+- Update
+  patches.suse/drm-amd-display-Fix-dcn35-8k30-Underflow-Corruption-.patch
+  (git-fixes CVE-2024-26913 bsc#1223204).
+- Update
+  patches.suse/drm-amd-display-fix-incorrect-mpc_combine-array-size.patch
+  (git-fixes CVE-2024-26914 bsc#1223205).
+- Update patches.suse/drm-amdgpu-Reset-IH-OVERFLOW_CLEAR-bit.patch
+  (git-fixes CVE-2024-26915 bsc#1223207).
+- Update
+  patches.suse/firmware-arm_scmi-Fix-double-free-in-SMC-transport-c.patch
+  (git-fixes CVE-2024-26893 bsc#1223196).
+- Update
+  patches.suse/net-tls-fix-use-after-free-with-partial-reads-and-as.patch
+  (bsc#1221858 CVE-2024-26582 bsc#1220214).
+- Update
+  patches.suse/wifi-ath9k-delay-all-of-ath9k_wmi_event_tasklet-unti.patch
+  (git-fixes CVE-2024-26897 bsc#1223323).
+- Update
+  patches.suse/wifi-mt76-mt7921e-fix-use-after-free-in-free_irq.patch
+  (git-fixes CVE-2024-26892 bsc#1223195).
+- Update
+  patches.suse/wifi-wilc1000-prevent-use-after-free-on-vif-when-cle.patch
+  (git-fixes CVE-2024-26895 bsc#1223197).
+- commit d9b565f
+
+- Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing
+  Adv Monitor (bsc#1219216).
+- commit 81c5485
+
+- Update
+  patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch
+  (bsc#1219264 CVE-2024-0841 CVE-2024-26688 bsc#1222482).
+- Update
+  patches.suse/0002-iommu-vt-d-Don-t-issue-ATS-Invalidation-request-when.patch
+  (git-fixes CVE-2024-26891 bsc#1223037).
+- Update
+  patches.suse/ACPI-processor_idle-Fix-memory-leak-in-acpi_processo.patch
+  (git-fixes CVE-2024-26894 bsc#1223043).
+- Update
+  patches.suse/ASoC-qcom-Fix-uninitialized-pointer-dmactl.patch
+  (git-fixes CVE-2024-26799 bsc#1222415).
+- Update
+  patches.suse/Bluetooth-Avoid-potential-use-after-free-in-hci_erro.patch
+  (git-fixes CVE-2024-26801 bsc#1222413).
+- Update patches.suse/Bluetooth-af_bluetooth-Fix-deadlock.patch
+  (git-fixes CVE-2024-26886 bsc#1223044).
+- Update
+  patches.suse/IB-hfi1-Fix-a-memleak-in-init_credit_return.patch
+  (git-fixes CVE-2024-26839 bsc#1222975).
+- Update
+  patches.suse/RDMA-irdma-Fix-KASAN-issue-with-tasklet.patch
+  (git-fixes CVE-2024-26838 bsc#1222974).
+- Update
+  patches.suse/RDMA-srpt-Do-not-register-event-handler-until-srpt-d.patch
+  (git-fixes CVE-2024-26872 bsc#1223115).
+- Update
+  patches.suse/afs-Fix-endless-loop-in-directory-parsing.patch
+  (git-fixes CVE-2024-26848 bsc#1223030).
+- Update
+  patches.suse/afs-Increase-buffer-size-in-afs_update_volume_status.patch
+  (git-fixes CVE-2024-26736 bsc#1222586).
+- Update
+  patches.suse/btrfs-fix-double-free-of-anonymous-device-after-snap.patch
+  (bsc#1219126 CVE-2024-23850 CVE-2024-26792 bsc#1222430).
+- Update
+  patches.suse/cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch
+  (bsc#1220265 CVE-2024-26840 bsc#1222976).
+- Update
+  patches.suse/ceph-prevent-use-after-free-in-encode_cap_msg.patch
+  (bsc#1221391 CVE-2024-26689 bsc#1222503).
+- Update
+  patches.suse/clk-meson-Add-missing-clocks-to-axg_clk_regmaps.patch
+  (git-fixes CVE-2024-26879 bsc#1223066).
+- Update
+  patches.suse/crypto-algif_hash-Remove-bogus-SGL-free-on-zero-leng.patch
+  (git-fixes CVE-2024-26824 bsc#1223081).
+- Update
+  patches.suse/dmaengine-fsl-qdma-init-irq-after-reg-initialization.patch
+  (git-fixes CVE-2024-26788 bsc#1222783).
+- Update
+  patches.suse/dmaengine-idxd-Ensure-safe-user-copy-of-completion-r.patch
+  (bsc#1221428 git-fixes CVE-2024-26746 bsc#1222444).
+- Update
+  patches.suse/drm-amd-display-Fix-MST-Null-Ptr-for-RV.patch
+  (git-fixes CVE-2024-26700 bsc#1222870).
+- Update
+  patches.suse/drm-amd-display-Fix-memory-leak-in-dm_sw_fini.patch
+  (git-fixes CVE-2024-26833 bsc#1223036).
+- Update
+  patches.suse/drm-amd-display-Fix-potential-null-pointer-dereferen.patch
+  (git-fixes CVE-2024-26729 bsc#1222552).
+- Update
+  patches.suse/drm-amd-display-Prevent-potential-buffer-overflow-in.patch
+  (git-fixes CVE-2024-26797 bsc#1222425).
+- Update
+  patches.suse/drm-bridge-adv7511-fix-crash-on-irq-during-probe.patch
+  (git-fixes CVE-2024-26876 bsc#1223119).
+- Update
+  patches.suse/drm-buddy-Fix-alloc_range-error-handling-code.patch
+  (git-fixes CVE-2024-26911 bsc#1223055).
+- Update
+  patches.suse/drm-mediatek-Fix-a-null-pointer-crash-in-mtk_drm_crt.patch
+  (git-fixes CVE-2024-26874 bsc#1223048).
+- Update
+  patches.suse/drm-nouveau-fix-several-DMA-buffer-leaks.patch
+  (git-fixes CVE-2024-26912 bsc#1223064).
+- Update
+  patches.suse/efi-runtime-Fix-potential-overflow-of-soft-reserved-.patch
+  (git-fixes CVE-2024-26843 bsc#1223014).
+- Update
+  patches.suse/fbcon-always-restore-the-old-font-data-in-fbcon_do_s.patch
+  (git-fixes CVE-2024-26798 bsc#1222798).
+- Update
+  patches.suse/i40e-Do-not-allow-untrusted-VF-to-remove-administrat.patch
+  (git-fixes CVE-2024-26830 bsc#1223012).
+- Update
+  patches.suse/iio-adc-ad4130-zero-initialize-clock-init-data.patch
+  (git-fixes CVE-2024-26711 bsc#1222420).
+- Update
+  patches.suse/md-Don-t-suspend-the-array-for-interrupted-reshape-9e46.patch
+  (git-fixes CVE-2024-26755 bsc#1222529).
+- Update patches.suse/media-ir_toy-fix-a-memleak-in-irtoy_tx.patch
+  (git-fixes CVE-2024-26829 bsc#1223027).
+- Update
+  patches.suse/media-pvrusb2-fix-uaf-in-pvr2_context_set_notify.patch
+  (git-fixes CVE-2024-26875 bsc#1223118).
+- Update
+  patches.suse/msft-hv-2942-hv_netvsc-Register-VF-in-netvsc_probe-if-NET_DEVICE_.patch
+  (git-fixes CVE-2024-26820 bsc#1223078).
+- Update
+  patches.suse/net-bnx2x-Prevent-access-to-a-freed-page-in-page_poo.patch
+  (bsc#1215322 CVE-2024-26859 bsc#1223049).
+- Update
+  patches.suse/net-veth-clear-GRO-when-clearing-XDP-even-when-down.patch
+  (git-fixes CVE-2024-26803 bsc#1222788).
+- Update
+  patches.suse/nfc-nci-free-rx_data_reassembly-skb-on-NCI-device-cl.patch
+  (git-fixes CVE-2024-26825 bsc#1223065).
+- Update
+  patches.suse/nilfs2-fix-data-corruption-in-dsync-block-recovery-f.patch
+  (git-fixes CVE-2024-26697 bsc#1222550).
+- Update
+  patches.suse/nilfs2-fix-hang-in-nilfs_lookup_dirty_data_buffers.patch
+  (git-fixes CVE-2024-26696 bsc#1222549).
+- Update
+  patches.suse/powerpc-iommu-Fix-the-missing-iommu_group_put-during.patch
+  (jsc#PED-7779 jsc#PED-7780 git-fixes CVE-2024-26709
+  bsc#1222418).
+- Update
+  patches.suse/powerpc-kasan-Limit-KASAN-thread-size-increase-to-32.patch
+  (bsc#1215199 CVE-2024-26710 bsc#1222419).
+- Update
+  patches.suse/powerpc-pseries-iommu-DLPAR-add-doesn-t-completely-i.patch
+  (bsc#1215199 bsc#1219077 ltc#204477 CVE-2024-26738 bsc#1222607).
+- Update
+  patches.suse/powerpc-rtas-use-correct-function-name-for-resetting.patch
+  (bsc#1215199 CVE-2024-26847 bsc#1223026).
+- Update patches.suse/ppp_async-limit-MRU-to-64K.patch (git-fixes
+  CVE-2024-26675 bsc#1222379).
+- Update
+  patches.suse/scsi-Revert-scsi-fcoe-Fix-potential-deadlock-on-fip-ctlr_lock.patch
+  (git-fixes bsc#1219141 CVE-2024-26917 bsc#1223056).
+- Update
+  patches.suse/wifi-iwlwifi-mvm-fix-a-crash-when-we-run-out-of-stat.patch
+  (git-fixes CVE-2024-26693 bsc#1222451).
+- Update
+  patches.suse/wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch
+  (git-fixes CVE-2024-26779 bsc#1222772).
+- Update
+  patches.suse/wifi-wfx-fix-memory-leak-when-starting-AP.patch
+  (git-fixes CVE-2024-26896 bsc#1223042).
+- Update
+  patches.suse/xen-events-close-evtchn-after-mapping-cleanup.patch
+  (git-fixes CVE-2024-26687 bsc#1222435).
+- commit a69636a
+
+- Update
+  patches.suse/iio-core-fix-memleak-in-iio_device_register_sysfs.patch
+  (git-fixes CVE-2023-52643 bsc#1222960).
+- Update
+  patches.suse/media-rc-bpf-attach-detach-requires-write-permission.patch
+  (git-fixes CVE-2023-52642 bsc#1223031).
+- Update
+  patches.suse/wifi-b43-Stop-wake-correct-queue-in-DMA-Tx-path-when.patch
+  (git-fixes CVE-2023-52644 bsc#1222961).
+- commit 2c2d37f
+
+- Update patch reference of iio fix (CVE-2024-26702 bsc#1222424)
+- commit 9436142
+
+- nvme-tcp: strict pdu pacing to avoid send stalls on TLS
+  (bsc#1221858).
+- tls: fix peeking with sync+async decryption (bsc#1221858).
+- tls: don't skip over different type records from the rx_list
+  (bsc#1221858).
+- tls: stop recv() if initial process_rx_list gave us non-DATA
+  (bsc#1221858).
+- tls: break out of main loop when PEEK gets a non-data record
+  (bsc#1221858).
+- net: tls: fix returned read length with async decrypt
+  (bsc#1221858).
+- net: tls: fix use-after-free with partial reads and async
+  (bsc#1221858).
+- net: tls, fix WARNIING in __sk_msg_free (bsc#1221858).
+- commit 9d8d293
+
kubevirt
+- Improve the OrdinalPodInterfaceName mechanism (bsc#1222699)
+  0004-Improve-the-handling-of-ordinal-pod-interface-name-for-upgrade.patch
+
lal
+- Update to version 7.4.1:
+  * No release notes.
+- Enable builds on non-x84_64 archs, issue fixed.
+
+- Fix a couple of incorrect hashbangs on executable scripts.
+
+- version update to 7.3.1
+  * no changelog found
+- python-six is not required
+  https://trello.com/c/MO53MocR/143-remove-python3-six
+- deleted patches
+  - replace_numpy_object.patch (upstreamed)
+  - swig_4_1_compat.patch (upstreamed)
+
+- Fix build after numpy 1.24 API changes, add
+  replace_numpy_object.patch
+- Explicitly add python3-py dependency, no longer pulled in by
+  pytest
+- Replace broken python_compileall macro by correct compileall
+  invocation (>= 3.9 only, skip with 3.8), make reproducible
+- Disable build on all architecture where char is unsigned
+
+- Update to version 7.2.4:
+  * No release notes.
+- Fix build with Swig 4.1.0, add swig_4_1_compat.patch
+
lalframe
+- Update to version 3.0.3:
+  * No release notes.
+
+- Update to version 3.0.1:
+  * No release notes.
+- Update shlib package name in keeping with upstream so version.
+
+- Add python-py BuildRequires to fix tests that fail due to "No
+  module named 'py._path'" errors.
+
lalmetaio
+- Update to version 4.0.3:
+  * No release notes.
+
+- Update to version 4.0.1:
+  * No release notes.
+- Update shlib package name in keeping with upstream so version
+  update to 11.
+
+- Add python-py BuildRequires to fix tests that fail due to "No
+  module named 'py._path'" errors.
+
libproxy:backend
+- Do not use %elif by now since SLE, Leap does not have an rpm
+  supporting the tag.
+
+- Drop pkgconfig(libsoup-3.0) BuildRequires: no longer needed.
+
libproxy:client
+- Do not use %elif by now since SLE, Leap does not have an rpm
+  supporting the tag.
+
+- Drop pkgconfig(libsoup-3.0) BuildRequires: no longer needed.
+
lxc
+- fix builds on 15.5 or 5.5
+
+- update to 6.0.0:
+  The LXC team is pleased to announce the release of LXC 6.0 LTS!
+  This is the result of two years of work since the LXC 5.0 release
+  and is the sixth LTS release for the LXC project. This release
+  will be supported until June 2029.
+  * New multi-call binary¶
+    A new tools-multicall=true configuration option can be used to
+    produce a single lxc binary which can then have all other
+    lxc-XYZ commands be symlinked to.
+    This allows for a massive disk space reduction, particularly
+    useful for embedded platforms.
+  * Add a set_timeout function to the library
+    A new set_timeout function is available on the main
+    lxc_container struct and allow for setting a global timeout for
+    interactions with the LXC monitor.
+    Prior to this, there was no timeout, leading to potential
+    deadlocks as there's also no way to cancel an monitor request.
+    As a result of adding this new symbol to the library, we have
+    bumped the liblxc symbol version to 1.8.0.
+  * LXC bridge now has IPV6 enabled
+    The default lxcbr0 bridge now comes with IPv6 enabled by
+    default, using an IPv6 ULA subnet.
+    Support for uid/gid selection in lxc-usernsexec
+    The lxc-usernsexec tool now has both -u and -g options to
+    control what resulting UID and GID (respectively) the user
+    wishes to use (defaulting to 0/0).
+  * Improvements to lxc-checkconfig
+    lxc-checkconfig now only shows the version if lxc-start is
+    present (rather than failing).
+    Additionally, it's seen a number of other cosmetic improvements
+    as well as now listing the maximum number of allowed namespaces
+    for every namespace type.
+  * Support for squashfs OCI images
+    The built-in oci container template can now handle squashfs
+    compressed OCI images through the use of atomfs.
+  * Switched from systemd's dbus to dbus-1
+    LXC now uses libdbus-1 for DBus interactions with systemd
+    rather than using libsystemd.
+    The reason for this change is that libdbus-1 is readily
+    available for static builds.
+  * Removed Upstart support
+    Support for the Upstart init system has finally been removed
+    from LXC.
+    This shouldn't really affect anyone at this stage and allowed
+    for cleaning up some logic and config files from our
+    repository.
+
+- update to 5.0.3:
+  * Fix nftables syntax for IPv6 NAT
+  * Added support for squashfs OCI images
+  * Fixes when running LXC with io_uring
+  + detailed changelog at https://discuss.linuxcontainers.org/t/lxc-5-0-3-lts-has-been-released/17708
+
+- Update to version 5.0.2:
+  + Fix a variety of build issues resulting from the switch to
+    meson.
+  + lxc-attach: Fix missing return codes.
+  + core: Setup peer group for container's root.
+  + checkconfig: Make output more useful on modern kernels.
+  + lxc-user-nic: Fix issue resulting in leaking file existence to
+    unprivileged users (CVE-2022-47952, boo#1206779).
+- Drop upstream fixed patches:
+  + OPENSUSE-0001-meson.build-allow-explicit-distrosysconfdir.patch
+  + OPENSUSE-0002-build-detect-where-struct-mount_attr-is-declared.patch
+  + OPENSUSE-0003-build-detect-sys-pidfd.h-availability.patch
+  + OPENSUSE-0004-cgroups-fix-Waddress-warning.patch
+  + OPENSUSE-0005-build-fix-handling-of-dependancies-to-fix-build-on-o.patch
+  + OPENSUSE-0006-build-only-build-init.lxc.static-if-libcap-is-static.patch
+  + OPENSUSE-0007-build-drop-build-time-systemd-dependency.patch
+  + UPSTREAM-4187.patch
+
+- Add patch to fix build on Arm:
+  * UPSTREAM-4187.patch
+- Refresh OPENSUSE-0005-build-fix-handling-of-dependancies-to-fix-build-on-o.patch
+  due to the new patch
+
+- Update to LXC 5.0.1. boo#1204842
+  Bugfixes:
+  * Fixed a mount issue resulting in container startup failure when host
+    bind-mounts were used
+  * Various meson packaging fixes especially around libcap detection
+  Major changes from LXC 5.0:
+  * Switch to meson build tooling.
+  * New cgroup configuration options.
+  * Time namespace support.
+  * VLAN support on veth devices.
+  * Configurable tx/rx queues on veth devices.
+- Remove all of the missing_setuid warning logic -- all modern openSUSE
+  versions have the necessary permissions configuration and thus we don't need
+  to handle this case anymore.
+- Backport <https://github.com/lxc/lxc/pull/4215> in order to fix the build on
+  openSUSE:
+  + OPENSUSE-0001-meson.build-allow-explicit-distrosysconfdir.patch
+  + OPENSUSE-0002-build-detect-where-struct-mount_attr-is-declared.patch
+  + OPENSUSE-0003-build-detect-sys-pidfd.h-availability.patch
+  + OPENSUSE-0004-cgroups-fix-Waddress-warning.patch
+  + OPENSUSE-0005-build-fix-handling-of-dependancies-to-fix-build-on-o.patch
+  + OPENSUSE-0006-build-only-build-init.lxc.static-if-libcap-is-static.patch
+  + OPENSUSE-0007-build-drop-build-time-systemd-dependency.patch
+- Remove no longer needed backports:
+  - 0001-Backport-Commit-build-detect-where-struct-mount_attr.patch
+
+- re-enable FORTIFY_SOURCE=3
+- add patch 0001-Backport-Commit-build-detect-where-struct-mount_attr.patch
+  This patch backports the fix from
+  https://github.com/lxc/lxc/pull/4179/commits/c1115e1503bf955c97f4cf3b925a6a9f619764c3
+  The patch fixes the code so builds are no longer failing
+  due to gcc errors -Werror=implicit-function-declaration and
+  - Werror=incompatible-pointer-types
+
+- fix build by using FORTIFY_SOURCE=2
+
mumble
+- enable and fix tests: TestSettingsJSONSerialization fails loading
+  qt xcb in headless
+
+- Address licensedigger concerns:
+  * drop qttranslations from tarball, adjust licenses.patch
+  * The OCB design is in the public domain
+    add mumble-1.5.629-The-OCB-design-is-in-the-public-domain.patch
+  * drop unneeded installer files from tarball
+  * unbundle audio back-end headers from tarball:
+    pulseadio, jack, portadio, pipewire
+    add mumble-1.5.629-unbundle-audio-backends.patch
+- change from tarball to obscpio and build-time service
+
+- switch to source service generated tarball that has a number of
+  unused, bundled libraries removed. Patch the sources to not
+  require that they are present - add licenses.patch
+
+- mumble 1.5.629 (RC3)
+  * ReNameNoise as a replacement for RNNoise
+  * Accessibility across the entire application
+  * Add ability to record MP3s
+  * UI updates
+  * bug fixes
+- packaging changes:
+  * use system libraries where available and clean up dependencies
+  * move appdata to client package
+  * remove usage of tracy - mumble-unbundle-tracy.patch
+- drop patches:
+  * fix-pkg_get_variable.patch - reworked upstream
+  * mumble-1.5.517-qsystemlocaledate.patch - not needed
+  * reproducible.patch - merged
+  * mumble-leap-cxx17-filesystem.patch - not needed
+
+- Use %patch -P N instead of deprecated %patchN.
+
mutter
+- Add 0001-Revert-clutter-stage-Avoid-queueing-stage-updates-wh.patch:
+  Reverting commit 261f516a to fix black screen on Xorg when logging
+  in or logging out (glgo#GNOME/mutter#3452 bsc#1222612).
+
nautilus-share
-- Fix `'net usershare' returned error 255`; (bsc#1208375).
-  Add patch Bug1208375.patch.
+- Fix build with RPM 4.19: unnumbered patches are no longer
+  supported.
+
+- Add 5.patch: Fix `'net usershare' returned error 255`
+  (bsc#1208375).
+
+- Update to version 0.7.5:
+  + Fix dialogs for permission changes
+  + Fix misc issues
+- Changes from version 0.7.4:
+  + Port to libnautilus-extension-4 for Nautilus 43 compatibility
+  + Port to GTK4
+  + Port from autotools to Meson
+  + Fix misc issues
+- Switch to source service.
+- Add meson BuildRequires and macros following upstreams port.
+- Other changes in BuildRequires:
+  + Added: pkgconfig, pkgconfig(glib-2.0), pkgconfig(gtk4) and
+    pkgconfig(libnautilus-extension-4)
+  + Dropped: intltool, nautilus-devel and libtool.
+- Add nautilus-share-lang-fix.patch: Add LINGUAS file to po dir
+  https://gitlab.gnome.org/coreyberla/nautilus-share/-/issues/2
+- Drop upstream fixed patch: nautilus-share-ar-plural.patch
+
+- Remove obsolete translation-update-upstream support
+  (jsc#SLE-21105).
+
+- Require samba-client instead of samba: we need /usr/bin/net,
+  which is a client tool (identified as part of boo#1183047).
+
+- No longer recommend -lang: supplements are in use
+
+- Ensure neutrality of descriptions.
+
+- Drop Requires: gnome-icon-theme; the appropriate icon is
+  provided by adwaita-icon-theme (pulled in by gtk3) already.
-- Update to version 0.7.3:
-  + See previous entry for the list of changes; there is no new
-    change.
-- Drop nautilus-share-git20110615-6c0fa271.patch: part of upstream.
-
-- Add nautilus-share-git20110615-6c0fa271.patch. This is a patch
-  adding all changes to git from 0.7.2 to today (6c0fa271). This
-  contains the following changes:
-  + Allow actions to be undone without closing window
-  + Do not always require go+rx permissions
-  + Set the title of the sharing options window
-  + Standardize wording for writable option
-  + Change location of Comment field
-  + Use folder-remote icon
-  + Fix validation of false positives
-  + Fix false negative in detecting writable option
-  + Don't print status messages in session log
-  + Remove usage of deprecated libraries (libgnomeui, gnome-vfs,
-    eel, libglade)
-  + Build fixes.
-- Drop nautilus-share-drop-eel.patch and
-  nautilus-share-bnc358451-extension-dir.patch: they are included
-  in the patch.
-- Drop nautilus-share-po.tar.gz: translation-update-upstream does
-  the work of updating translations already.
-- Remove unneeded BuildRequires: fdupes, gnome-patch-translation,
-  libglade2-devel, update-desktop-files.
-- Fix build against GNOME 3, by packaging the file in the right
-  directory (which is versioned). We use pkg-config to find this
-  directory now, instead of manually defining it.
-- Update Url tag to git.gnome.org, since the old website is down.
-- Use spec-cleaner to cleanup spec file.
-
-- Change lang package Requires to Recommends since it is not
-  mandatory at runtime.
-
-- Added support for translation-update-upstream (FATE#301344).
-
-- Add nautilus-share-drop-eel.patch to let us drop eel and
-  gnome-vfs dependecies.
-- Adjust BuildRequires.
-
-- Translations update.
-
-- Translation update
-
netavark
+- Rely only on <major>.<minor> for aardvark-dns requires, even though
+  it is released in sync with netavark, relying on patch version is brittle.
+
+- Update to version 1.10.2:
+  * Release v1.10.2
+  * Release notes for v1.10.2
+  * [CI:BUILD] Packit/rpm: fix aardvark-dns handling
+  * Do not perform network namespace detection on AV update
+  * Release v1.10.1
+  * Updated release notes for v1.10.1
+  * update to nftables release 0.3 from crates.io
+  * DISTRO_PACKAGE: fix incorrect vendored tar archive URL
+  * Bump to 1.11.0-dev
+  * Release 1.10.0
+  * Release notes for 1.10.0
+  * RPM: update .cargo/config before building
+  * Add support for isolation to the nftables driver
+  * build(deps): bump h2 from 0.3.22 to 0.3.24
+  * chore(deps): update rust crate chrono to 0.4.32
+  * fix(deps): update rust crate env_logger to 0.11.0
+  * chore(deps): update dependency containers/automation_images to v20240102
+  * Bump nftables-rs to latest commit
+  * Netavark: nftables support
+  * fix(deps): update rust crate serde_json to 1.0.111
+  * feat: added the --firewall-driver option
+  * Document how to generate a code coverage report for netavark
+  * fix(deps): update rust crate clap to ~4.4.12
+  * fix(deps): update rust crate serde_json to 1.0.110
+  * fix(deps): update rust-futures monorepo to 0.3.30
+  * fix(deps): update rust crate nispor to 1.2.16
+  * chore(deps): update rust crate tempfile to 3.9.0
+  * Use tonic::transport::Uri instead of HTTP
+  * chore(deps): update dependency containers/automation_images to v20231208
+  * fix(deps): update rust crate tokio to 1.35
+  * dhcp-proxy: return actual error instead of generic one
+  * dhcp-proxy: skip set gateway if missing
+  * bump netlink-packet-route to 0.18.1
+  * chore(deps): update rust crate once_cell to 1.19.0
+  * fix(deps): update rust crate nispor to 1.2.15
+  * fix(deps): update rust crate serde to 1.0.193
+  * fix(deps): update rust crate clap to ~4.4.10
+  * aardvark: show error if process is in wrong netns
+  * aardvark: remove unessesary unlock lockfile calls
+  * fix(deps): update rust crate url to 2.5.0
+  * Bump working version to v1.10.0-dev
+
+- Update to version 1.9.0:
+  * v1.9.0 Release
+  * v1.9.0 Release notes
+  * test: fix syntax problem in helpers.bash
+  * run cargo update
+  * use OsString/Path over String for file paths
+  * chore(deps): update dependency containers/automation_images to v20231116
+  * firewalld-reload: fix CI tests
+  * firewalld-reload: prevent race which could leak fw rules
+  * fix(deps): update rust crate clap to ~4.4.8
+  * CI: skip broken firewalld test
+  * fix(deps): update rust crate http to 0.2.11
+  * rpm: add netavark-firewalld-reload.service to spec
+  * firewalld-reload: add integration tests
+  * firewall/state: make sure to ignore enoent on read
+  * firewall-reload: integrate actual logic to reload rules
+  * firewall/state: improve error messages
+  * firewall: add state functions to serialize configs
+  * firewalld: fix lint errors with rust v1.73
+  * firewall: do not use full Network in NetworkStruct
+  * firewall: add dns_port to SetupNetwork
+  * add firewalld-reload subcommand
+  * fix(deps): update rust crate http to 0.2.10
+  * fix(deps): update rust crate env_logger to 0.10.1
+  * fix(deps): update rust crate tokio to 1.34
+  * Update rust container build files
+  * bridge: force static mac on bridge interface
+  * fix(deps): update rust crate futures-core to 0.3.29
+  * fix(deps): update rust crate serde to 1.0.190
+  * fix(deps): update rust crate serde_json to 1.0.108
+  * fix(deps): update rust crate sysctl to 0.5.5
+  * fix(deps): update rust-futures monorepo to 0.3.29
+  * CI: Drop CI VM distro name
+  * chore(deps): update dependency containers/automation_images to v20231004
+  * fix(deps): update rust crate tokio to 1.33
+  * build-sys: Filter to tier 2 Linux declaratively
+  * fix(deps): update rust crate sha2 to 0.10.8
+  * fix podman.io community link
+  * Bump to v1.9.0-dev
+
+- Update to version 1.8.0:
+  * Release v1.8.0
+  * update release notes for v1.8.0
+  * run cargo update
+  * Add vrf support for bridges
+  * Packit: switch to @containers/packit-build team for copr failure notification comments
+  * fix(deps): update rust crate nispor to 1.2.14
+  * [CI:BUILD] Packit: tag @lsm5 on copr build failures
+  * chore(deps): update rust crate chrono to 0.4.31
+  * fix(deps): update rust crate serde_json to 1.0.107
+  * rust io safety: convert RawFd to BorrowedFd<>
+  * bump nix to 0.27.1
+  * chore(deps): update rust crate chrono to 0.4.30
+  * fix(deps): update rust crate serde_json to 1.0.106
+  * chore(deps): update rust crate chrono to 0.4.29
+  * fix(deps): update rust crate netlink-packet-route to 0.17.1
+  * Bump tonic and prost
+  * Update container image to F38
+  * Add ACCEPT rules in firewall for bridge network with internal dns.
+  * chore(deps): update rust crate tonic-build to 0.10
+  * fix(deps): update rust crate nispor to 1.2.13
+  * fix(deps): update rust crate serde to 1.0.188
+  * Fix clippy warnings about formatting
+  * update chrono crate
+  * fix(deps): update rust crate url to 2.4.1
+  * Add protoc dependency to README
+  * [CI:BUILD] rpm: spdx compatible license field
+  * fix(deps): update rust crate tokio to 1.32
+  * chore(deps): update dependency containers/automation_images to v20230816
+  * fix(deps): update rust crate serde_json to 1.0.105
+  * fix(deps): update rust crate tokio to 1.31
+  * fix(deps): update rust crate log to 0.4.20
+  * run cargo update
+  * update tonic-build to 0.9.2
+  * bump rust edition to 2021
+  * iptables: drop invalid packages
+  * fix(deps): update rust crate tokio to 1.30
+  * docs: Convert markdown with go-md2man instead of mandown
+  * fix(deps): update rust crate clap to 4.3.21
+  * packit: Build PRs into default packit COPRs
+  * chore(deps): update dependency containers/automation_images to v20230807
+  * fix(deps): update rust crate serde to 1.0.183
+  * fix(deps): update rust crate serde to 1.0.181
+  * fix(deps): update rust crate serde to 1.0.180
+  * fix(deps): update rust crate serde_json to 1.0.104
+  * fix(deps): update rust crate serde to 1.0.179
+  * fix(deps): update rust crate serde to 1.0.176
+  * fix(deps): update rust crate clap to 4.3.19
+  * fix(deps): update rust crate serde to 1.0.175
+  * fix(deps): update rust crate clap to 4.3.17
+  * fix(deps): update rust crate clap to 4.3.15
+  * fix(deps): update rust crate clap to 4.3.12
+  * fix(deps): update rust crate serde_json to 1.0.103
+  * [CI:BUILD] Packit: remove pre-sync action
+  * fix(deps): update rust crate serde_json to 1.0.102
+  * fix(deps): update rust crate nispor to 1.2.12
+  * macvlan: use netlink type for bclim
+  * bump netlink deps
+  * fix(deps): update rust crate serde to 1.0.171
+  * fix(deps): update rust crate serde to 1.0.167
+  * fix(deps): update rust crate clap to 4.3.11
+  * fix(deps): update rust crate serde to 1.0.166
+  * fix(deps): update rust crate serde_json to 1.0.100
+  * iptables: improve error when ip6?tables commands are missing
+  * fix(deps): update rust crate clap to 4.3.10
+  * fix(deps): update rust crate zbus to 3.14.1
+  * [CI:BUILD] RPM: Fix ELN build and cleanup spec
+  * bump to v1.8.0-dev
+
nsjail
+- Build with protobuf21 on Leap 15 if the version is greater than
+  15.3, protobuf25 has added to SLE15 since SP4 update (bsc#1222929)
+
+- Update to version 3.4+git14.b740dcf:
+  * Improved cgroups2 support
+  * Improved cgroups2 + docker interoperability
+  * New configs: hexchat, telegram
+  * Better support for clone3
+  * New signals displayed: SIGPWR
+  * Support for nvim+.clangd
+  * Improved .clang-format rules
+  * Print help to stdout if -h | --help was used
+
ntp
+- Get-rid-of-EVP_MD_CTX_FLAG_NON_FIPS_ALLOW.patch:
+  Allow certain usages of MD5 in FIPS mode. (bsc#1222865)
+
nvidia-open-driver-G06-signed
+- Update to 550.78
+  * addresses boo#1223454
+
-  * addresse boo#1222972
+  * addresses boo#1222972
openssl_tpm2_engine
+- Update to version 4.1.2
+  * test fixes for newer tpm emulators
+
openwsman
+- add upstream patch d266a62.patch (bsc#1222272)
+
pacemaker
+- scheduler: deprecate Nagios and Upstart resources even if built with --enable-compat-2.0 (gh#ClusterLabs/pacemaker#3417)
+  * pacemaker#3417-0001-Log-scheduler-deprecate-Nagios-and-Upstart-resources.patch
+
+- scheduler: correctly log resource IDs of the deprecated classes (gh#ClusterLabs/pacemaker#3415)
+  * pacemaker#3415-0001-Log-scheduler-correctly-log-resource-IDs-of-the-depr.patch
+
+- libcib: Don't incorrectly expand "++" and "+=" in XML attr values (gh#ClusterLabs/pacemaker#3413)
+  * pacemaker#3413-0003-Fix-libcib-Don-t-incorrectly-expand-and-in-XML-attr-.patch
+- cts-cli: Update for pcmk__inject_failcount() setting integer value (gh#ClusterLabs/pacemaker#3413)
+  * pacemaker#3413-0002-Test-cts-cli-Update-for-pcmk__inject_failcount-setti.patch
+- libpacemaker: pcmk__inject_failcount should set an integer value (gh#ClusterLabs/pacemaker#3413)
+  * pacemaker#3413-0001-Low-libpacemaker-pcmk__inject_failcount-should-set-a.patch
+- scheduler: log unknown nodes in location constraints (gh#ClusterLabs/pacemaker#3409, CLBZ#5415)
+  * pacemaker#3409-0007-Log-scheduler-log-unknown-nodes-in-location-constrai.patch
+- scheduler: correct lifetime deprecation warning (gh#ClusterLabs/pacemaker#3409)
+  * pacemaker#3409-0006-Log-scheduler-correct-lifetime-deprecation-warning.patch
+- tools: honor rules when getting utilization attributes with crm_resource (gh#ClusterLabs/pacemaker#3409)
+  * pacemaker#3409-0005-Fix-tools-honor-rules-when-getting-utilization-attri.patch
+- scheduler: deprecate support for default instance attributes (gh#ClusterLabs/pacemaker#3409)
+  * pacemaker#3409-0004-Low-scheduler-deprecate-support-for-default-instance.patch
+- scheduler: use default timeout (20s) if user configures 0 (gh#ClusterLabs/pacemaker#3409)
+  * pacemaker#3409-0003-Fix-scheduler-use-default-timeout-20s-if-user-config.patch
+- tools: use better value for crm_resource --force-* timeout (gh#ClusterLabs/pacemaker#3409)
+  * pacemaker#3409-0002-Low-tools-use-better-value-for-crm_resource-force-ti.patch
+- tools: crm_resource should ignore resource meta-attribute node expressions (gh#ClusterLabs/pacemaker#3409)
+  * pacemaker#3409-0001-Fix-tools-crm_resource-should-ignore-resource-meta-a.patch
+
+- fencer: always format time_t values as long long (gh#ClusterLabs/pacemaker#3407)
+  * pacemaker#3407-0001-Log-fencer-always-format-time_t-values-as-long-long.patch
+
+- libcrmcommon: NULL-check strdup() in pcmk__register_message() (gh#ClusterLabs/pacemaker#3394)
+  * pacemaker#3394-0004-Low-libcrmcommon-NULL-check-strdup-in-pcmk__register.patch
+- libcrmcommon: NULL-check strdup() in pcmk__register_format() (gh#ClusterLabs/pacemaker#3394)
+  * pacemaker#3394-0003-Low-libcrmcommon-NULL-check-strdup-in-pcmk__register.patch
+- libpacemaker: Correctly free graphs and synapses (gh#ClusterLabs/pacemaker#3394)
+  * pacemaker#3394-0002-Low-libpacemaker-Correctly-free-graphs-and-synapses.patch
+- libcrmcommon: Initialize some variables (gh#ClusterLabs/pacemaker#3394)
+  * pacemaker#3394-0001-Low-libcrmcommon-Initialize-some-variables.patch
+- HealthSMART:fix the description of temp_lower_limit (gh#ClusterLabs/pacemaker#3392)
+  * pacemaker#3392-0001-Doc-HealthSMART-fix-the-description-of-temp_lower_li.patch
+
+- cibsecret: Use 'ps axww' to avoid truncating issue (gh#ClusterLabs/pacemaker#3384)
+  * pacemaker#3384-0001-Fix-cibsecret-Use-ps-axww-to-avoid-truncating-issue.patch
+
+- libcrmcommon: pcmk__xml_read() recovery works for stdin (gh#ClusterLabs/pacemaker#3361)
+  * pacemaker#3361-0002-Fix-libcrmcommon-pcmk__xml_read-recovery-works-for-s.patch
+- libcrmcommon: Don't try to parse XML from bad .bz2 file (gh#ClusterLabs/pacemaker#3361)
+  * pacemaker#3361-0001-Low-libcrmcommon-Don-t-try-to-parse-XML-from-bad-.bz.patch
+
+- libcrmcommon: use uint32_t for 32-bit magic numbers (gh#ClusterLabs/pacemaker#3381)
+  * pacemaker#3381-0001-Fix-libcrmcommon-use-uint32_t-for-32-bit-magic-numbe.patch
+
+- libcrmcommon: Use free_xml in html_free_priv. (gh#ClusterLabs/pacemaker#3380)
+  * pacemaker#3380-0003-Low-libcrmcommon-Use-free_xml-in-html_free_priv.patch
+- libcrmcommon:  Free error strings in html/xml outputters. (gh#ClusterLabs/pacemaker#3380)
+  * pacemaker#3380-0002-Low-libcrmcommon-Free-error-strings-in-html-xml-outp.patch
+- libcrmcommon: Free text/curses private list data. (gh#ClusterLabs/pacemaker#3380)
+  * pacemaker#3380-0001-Low-libcrmcommon-Free-text-curses-private-list-data.patch
+- tools: Fix argument validation for crm_attribute update. (gh#ClusterLabs/pacemaker#3379)
+  * pacemaker#3379-0001-Low-tools-Fix-argument-validation-for-crm_attribute-.patch
+
podman
+- Add patch for CVE-2024-1753 (bsc#1221677):
+  0001-CVE-2024-1753-container-escape-fix.patch
+
+- Update to version 4.8.3:
+  * Release v4.8.3
+  * Update RELEASE_NOTES.md for v4.8.3
+  * update module golang.org/x/crypto to v0.17.0 [security]
+  * Error on HyperV VM start when gvproxy has failed to start
+  * bump release to v4.8.3-dev
+
+- Refactor network backend dependencies:
+  * podman requires either netavark or cni-plugins. On ALP, require
+    netavark, otherwise prefer netavark but don't force it.
+  * This fixes missing cni-plugins in some scenarios
+  * Default to netavark everywhere where it's available
+
+- Update to version 4.8.2:
+  * v4.8.2
+  * [CI:DOCS] Update RELEASE_NOTES.md for v4.8.2
+  * Kube Play - set ReportWriter when building an image
+  * Fix user-mode net init flag on first time install
+  * bump c/common to v0.57.1
+  * bump version to v4.8.2-dev
+
+- Default to the new networking backend, netavark, on openSUSE (bsc#1217828)
+
+- Update to version 4.8.1:
+  * v4.8.1
+  * Update RELEASE_NOTES.md for v4.8.1
+  * Handle symlinks when checking DB vs runtime configs
+  * libpod: Detect whether we have a private UTS namespace on FreeBSD
+  * pkg/bindings: add new APIVersionError error type
+  * fix podman-remote exec regression with v4.8
+  * sqlite: fix issue in ValidateDBConfig()
+  * sqlite: fix missing Commit() in RemovePodContainers()
+  * sqlite: set busy timeout to 100s
+  * Fix locking error in WSL machine rm -f
+  * Gating test fixes
+  * If API calls for kube play --replace, then replace pod
+  * Fix wsl.conf generation when user-mode-networking is disabled
+  * Bump to v4.8.1-dev
+
+- Update to version 4.8.0:
+  * Bump to v4.8.0
+  * Update release notes for 4.8.0
+  * Add notes on upcoming deprecations to release notes
+  * [v4.8] Bump to Buildah v1.33.2
+  * [CI:DOCS] Update release notes
+  * machine applehv: create better error on start failure
+  * Bump to v4.8.0-dev
+  * Bump to v4.8.0-rc1
+  * Create release notes for v4.8.0
+  * Update release notes from v4.7 branch
+  * Cirrus: Update operating branch
+  * rootless_tutorial: modernize
+  * Bump Buildah to v1.33.1
+  * Bump Buildah to v1.33.0
+  * Update to libhvee 0.5.0
+  * vmtypes names cannot be used as machine names
+  * Add support for --compat-auth-file in login/logout
+  * Update tests for a c/common error message change
+  * Update c/image and c/common to latest, c/buildah to main
+  * CI: test overlay and vfs
+  * [CI:DOCS] Add link to podman py docs
+  * Test fixes for debian
+  * pasta tests: remove some skips
+  * VM images: bump to 2023-11-16
+  * fix(deps): update module k8s.io/kubernetes to v1.28.4 [security]
+  * [CI:DOCS] Machine test timeout env var
+  * Quadlet - add support for UID and GID Mapping
+  * Quadlet - Allow using symlink on the base search paths
+  * [skip-ci] Update dessant/lock-threads action to v5
+  * Avoid empty SSH keys on applehv
+  * qemu,parseUSB: minor refactor
+  * fix(deps): update module github.com/gorilla/handlers to v1.5.2
+  * docs: fix relabeling command
+  * Pass secrets from the host down to internal podman containers
+  * (Temporary) Emergency CI fix: quay search is broken
+  * Update podman-stats.1.md.in
+  * [CI:BUILD] packit: handle builds for RC releases
+  * Quadlet test - add case for multi = sign in mount
+  * set RLIMIT_NOFILE soft limit to match the hard limit on mac
+  * rootless: use functionalities from c/storage
+  * CI: e2e: fix a smattering of test bugs that slipped in
+  * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.13.1
+  * vendor: update c/storage
+  * Improve the documentation of quadlet
+  * Fix socket mapping socket mapping nits
+  * fix(deps): update module golang.org/x/tools to v0.15.0
+  * fix(deps): update github.com/containers/libhvee digest to 9651e31
+  * [skip-ci] Update github/issue-labeler action to v3.3
+  * Document --userns=auto behaviour for rootless users
+  * machine: qemu: add usb host passthrough
+  * fix(deps): update module golang.org/x/net to v0.18.0
+  * fix(deps): update module github.com/onsi/gomega to v1.30.0
+  * Refactor Ignition configuration for virt providers
+  * [CI:BUILD] rpm: disable GOPROXY
+  * Automatic code cleanups - JetBrains
+  * Refactor key machine objects
+  * systests: add [NNN] prefix in logs, NNN = filename
+  * systests: add a last-minute check for db backend
+  * applehv: allow virtiofs to mount to /
+  * Run codespell on podman
+  * update completion scripts for cobra v1.8.0
+  * Fix man page display of podman-kube-generate
+  * Try to fix the broken formatting of man podman‐kube‐apply(1).
+  * fix(deps): update module golang.org/x/text to v0.14.0
+  * docs: make CNI removal explicit
+  * fix(deps): update module github.com/gorilla/mux to v1.8.1
+  * fix(deps): update module github.com/spf13/cobra to v1.8.0
+  * fix(deps): update module golang.org/x/sync to v0.5.0
+  * fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.18
+  * Podman push --help should reveal default compression
+  * Update container-device-interface (CDI) to v0.6.2
+  * fix: adjust helper string in machine_common
+  * fix: adjust helper string in machine_common
+  * remote,test: remove .dockerignore which is a symlink
+  * [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.2
+  * fix: adjust helper string in machine_common
+  * vendor: update github.com/coreos/go-systemd/v22 to latest main
+  * CI: default to sqlite
+  * vendor: update c/common
+  * check system connections before machine init
+  * Consume OCI images for machine image
+  * freebsd: drop dead code
+  * libpod: make removePodCgroup linux specific
+  * containers: drop special handling for ErrCgroupV1Rootless
+  * compose: fix compose provider debug message
+  * image: replace GetStoreImage with ResolveReference
+  * vendor: bump c/image to 373c52a9466f
+  * Refactor machine socket mapping
+  * AppleHV: Fix machine rm error message
+  * Add status messages to podman --remote commit
+  * End-of-Life policy for github issues
+  * fix(deps): update module github.com/shirou/gopsutil/v3 to v3.23.10
+  * Support passing of Ulimits as -1 to mean max
+  * fix(deps): update github.com/docker/go-connections digest to 0b8c1f4
+  * fix(deps): update github.com/crc-org/vfkit digest to f3c783d
+  * Log gvproxy and server9 to file on log-level=debug
+  * Change to using gopsutil for cross-OS process ops
+  * Initial addition of 9p code to Podman
+  * libpod: fix /etc/hostname with --uts=host
+  * systests: stty test: retry once on flake
+  * systests: pasta: avoid hangs
+  * Fix secrets scanning GHA Workflow
+  * [skip-ci] Update dawidd6/action-send-mail action to v3.9.0
+  * docs: clarify systemd cgroup mount
+  * podman build --remote URI Dockerfile shoud not be treated as file
+  * Small fixes for wacko CI environments
+  * Do not add powercap mask if no paths are masked
+  * compose: try all possible providers before throwing an error
+  * podman kube play --replace should force removal of pods and containers
+  * Sort kube options alphabetically
+  * container.conf: support attributed string slices
+  * CI: podman farm tests cleanup
+  * Mask /sys/devices/virtual/powercap
+  * Update module github.com/google/uuid to v1.4.0
+  * fix(deps): update module github.com/docker/docker to v24.0.7+incompatible
+  * fix(deps): update module go.etcd.io/bbolt to v1.3.8
+  * CI: systest: safer random_rfc1918_subnet
+  * CI: e2e: safer GetPort()
+  * Fix broken code block markup in Introduction.rst
+  * chore(deps): update module google.golang.org/grpc to v1.57.1 [security]
+  * chore: remove npipe const and use vmtype const for checking
+  * Update module github.com/onsi/gomega to v1.29.0
+  * CI: try to fix more networking flakes
+  * fix: check wsl npipe when executing podman compose
+  * [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.1
+  * Quadlet - explicit support for read-only-tmpfs
+  * compat API: fix image-prune --all
+  * Makefile - allow more control over Ginkgo parameters
+  * Add e2e tests for farm build
+  * vendor c/{buildah,common}: appendable containers.conf strings, Part 1
+  * Add podman farm build command
+  * Add emulation package
+  * Use buildah default isolation when working with podman play kube
+  * docs(API): Fix compat network (dis-)connect
+  * test/e2e: do not import buildah
+  * pkg/specgen: remove config_unsupported.go
+  * pkg/parallel/ctr: add !remote tag
+  * pkg/domain/filters: add !remote tag
+  * pkg/ps: add !remote tag
+  * pkg/systemd/generate: add !remote tag
+  * libpod: add !remote tag
+  * pkg/autoupdate: add !remote tag
+  * vendor latest c/common
+  * libpod: remove build support non linux/freebsd
+  * Fix typo
+  * test/apiv2: adapt apiv2 test on cgroups v1 environment
+  * ginkgo setup: retry cache pulls
+  * Support size option when creating tmpfs volumes
+  * not mounted layers should be reported as info not error
+  * CI: stop using registry.k8s.io
+  * fix(deps): update module github.com/vbatts/git-validation to v1.2.1
+  * test fixes for c/common tag chnages
+  * vendor latest c/common
+  * hyperV: Update lastUp time
+  * [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.0
+  * lint: disable testifylint
+  * lint: fix warnings found by perfsprint
+  * lint: fix warnings found by inamedparam
+  * lint: fix warnings found by protogetter
+  * libpod: skip DBUS_SESSION_BUS_ADDRESS in conmon
+  * Use node hostname in kube play when hostNetwork=true
+  * cirrus setup: special-case perl unicode
+  * network: document ports and macvlan interaction
+  * quadlet: document cgroupv2 requirement
+  * [skip-ci] Update actions/checkout digest to b4ffde6
+  * Revert "Emergency workaround for CI breakage"
+  * remote: exec: do not leak session IDs on errors
+  * fix(deps): update github.com/containers/storage digest to 79aa304
+  * fix(deps): update module k8s.io/kubernetes to v1.28.3
+  * System tests: fix broken silence127
+  * Add TERM iff TERM not defined in container when podman exec -t
+  * Emergency workaround for CI breakage
+  * Kill gvproxy when machine rm -f
+  * Fix path for omvf vars on Darwin/arm64
+  * Allow systemd specifiers in User and Group Quadlet keys
+  * libpod: rename confusing import name
+  * use FindInitBinary() for init binary
+  * vendor latest c/common
+  * exec: do not leak session IDs on errors
+  * systests: cp test: lots of cleanup
+  * Define better error message for container name conflicts with external storage.
+  * Quadlet - support ImageName for .image files
+  * test/system: ignore 127 if it is the expected rc
+  * test/apiv2/20-containers.at: fix NanoCPUs tests on cgroups v1
+  * image history: fix walking layers
+  * fix(api): Ensure compatibality for network connect
+  * [CI:DOCS] Add cross-build target info.
+  * machine set: document --rootful better
+  * libpod: restart+userns cleanup netns correctly
+  * Minor log and doc fixes
+  * Quadlet man page - discuss volume removal explicitly
+  * Quadlet - add support for KubeDownForce
+  * System Test - Quadlet kube oneshot
+  * Fix output of podman --remote top
+  * buildah-bud: test relative TMPDIR
+  * Fix handling of --read-only-tmpfs flag
+  * Vendor common and buildah main
+  * remote,build: wire unsetlabels
+  * test: build with TMPDIR as relative
+  * docs: add unsetlabel
+  * vendor: bump buildah to v1.32.1-0.20231012130144-244170240d85
+  * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.2
+  * fix: pull error response docker rest api compatibility
+  * Show client info even if remote connection fails
+  * fix(deps): update github.com/containers/libhvee digest to e51be96
+  * Run codespell
+  * SetLock for all virt providers
+  * Machine: Teardown on init failure
+  * healthcheck: make sure to always show health_status events
+  * Apply suggestions from code review
+  * [CI:DOCS]rtd: implement v2 build file
+  * Quadlet - support oneshot .kube files
+  * libpod: fix deadlock while parallel container create
+  * fix(deps): update module golang.org/x/net to v0.17.0
+  * api: add `compatMode` paramenter to libpod's pull endpoint
+  * api: break out compat image pull
+  * fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.3
+  * use sqlite as default database
+  * vendor latest c/common
+  * fix(deps): update module github.com/nxadm/tail to v1.4.11
+  * Check for image with /libpod/containers/create
+  * container: always check if mountpoint is mounted
+  * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.13.0
+  * vendor: update c/storage
+  * api: drop debug statement
+  * Quadlet - add support for global arguments
+  * Add system test
+  * fix(deps): update module golang.org/x/tools to v0.14.0
+  * Don't ignore containerfiles outside of build context
+  * fix(deps): update github.com/containers/libhvee digest to fcf1cc2
+  * fix(deps): update module golang.org/x/term to v0.13.0
+  * Update module golang.org/x/sys to v0.13.0
+  * [CI:DOCS] Add updating version on podman.io to release process
+  * containers.conf: add `privileged` field to containers table
+  * Implement secrets/credential scanning
+  * Cirrus: Execute Windows podman-machine e2e tests
+  * vendor: bump c/storage
+  * Update module golang.org/x/sync to v0.4.0
+  * [CI:DOCS] update swagger version on docs.podman.io
+  * Create Qemu command wrapper
+  * Adjust to path name change for resolved unit
+  * Revert "Fix WSL systemd detection"
+  * [CI:BUILD] rpm/copr: gvforwarder recommends for RHEL
+  * [CI:DOCS] update kube play delete endpoint docs
+  * [CI:DOCS] Remove dead link from README
+  * test/system: --env-file test fixes
+  * Revert "feat(env): support multiline in env-file"
+  * Revert "docs(env-file): improve document description"
+  * Revert "fix(env): parsing --env incorrect in cli"
+  * Filter health_check and exec events for logging in console
+  * inspect: ignore ENOENT during device lookup
+  * test, manifest: test push retry
+  * Fix locale issues with WSL version detection
+  * vendor: update module github.com/docker/distribution to v2.8.3+incompatible
+  * vendor: bump c/common to v0.56.1-0.20231002091908-745eaa498509
+  * Update github.com/containers/libhvee digest to e9b1811
+  * windows: Use prebuilt gvproxy/win-sshproxy binaries
+  * Volume create - fast exit when ignore is set and volume exists
+  * Update golang.org/x/exp digest to 9212866
+  * Update github.com/opencontainers/runtime-spec digest to c0e9043
+  * remove selinux tag as not needed anymore
+  * [skip-ci] Improve podmansh(1)
+  * Build applehv for Intel Macs
+  * Revert "GHA Workflow: Faster discussion-locking"
+  * update vfkit vendored code
+  * Add DefaultMode to kube play
+  * Fix broken podman images filters
+  * Remove `c.ExtraFiles` line in machine
+  * podman: run --replace prints only the new container id
+  * New machines should show Never as LastUp
+  * podman machine: disable zincati update service
+  * Revert "cirrus setup: install en_US.UTF-8 locale"
+  * Cirrus: CI VM images w/ newer automation-library
+  * CI VMs: bump to f39 + f38
+  * [CI:DOCS] Update podman load doc
+  * Update mac installer to latest gvproxy release
+  * Fix WSL systemd detection
+  * Add documentation for the vrf option on netavark
+  * fix(deps): update github.com/containers/common digest to 9342cdd
+  * fix: typos in links, path and code example
+  * e2e: ExitCleanly(): manual special cases
+  * e2e: ExitCleanly(): the final fron^Wcommit
+  * [CI:DOCS] Add win-sshproxy target to winmake
+  * wsl: enable machine init tests
+  * Update docs/source/markdown/options/rdt-class.md
+  * move IntelRdtClosID to HostConfig
+  * use default when user does not provide rdt-class
+  * Add documentation for Intel RDT support
+  * Add test for Intel RDT support
+  * Add Intel RDT support
+  * [CI:DOCS] Fix podman form update --help examples
+  * Quadlet container mount - support non key=val options
+  * test/e2e: default to netavark
+  * [skip-ci] Update dawidd6/action-send-mail action to v3.9.0
+  * fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.7.1
+  * fix(deps): update github.com/containers/common digest to 4619314
+  * applehv: enable machine tests for start
+  * applehv: machine tests for stop and rm
+  * Update machine tests README
+  * Add podman socket info to machine inspect
+  * Fix podman machine info test for hyperV
+  * libpod: pass entire environment to conmon
+  * e2e: ExitCleanly(): manual fixes to get tests working
+  * e2e: ExitCleanly(): a few more
+  * FCOS+podman-next: correct GHA conditional syntax
+  * pkg/machine/e2e: wsl stop
+  * wsl: machine tests for inspect
+  * wsl: machine tests for ssh
+  * fix(deps): update github.com/containers/common digest to e18cda8
+  * wsl: machine start test
+  * wsl machine tests: set
+  * wsl: machine tests
+  * Skip proxy test for hyperV
+  * Enable machine e2e test for applehv
+  * hyperV: Respect rootful option on machine init
+  * [CI:BUILD] FCOS image: enable nightly build
+  * e2e: use safe fedora-minimal image
+  * hyperv: machine e2e tests for set command
+  * podman build: correct default pull policy
+  * fix handling of static/volume dir
+  * unbreak CI: useradd not found
+  * hyperv: set more realistic starting state
+  * hyperv: use StopWithForce with remove
+  * Fix all ports exposed by kube play
+  * Fix setting timezone on HyperV
+  * fix(deps): update github.com/containers/gvisor-tap-vsock digest to 97028a6
+  * Fix farm update to check for connections
+  * Adjust machine CPU tests
+  * Bump version on main
+  * [CI:BUILD] Packit: show SHORT_SHA in `podman --version` for COPR builds
+  * Vendor c/common
+  * pod rm: do not log error if anonymous volume is still used
+  * e2e: ExitCleanly(): manual fixes to get tests passing
+  * e2e: ExitCleanly(): a few more
+  * fixes for pkg/machine/e2e on hyperv
+  * test: fix rootless propagation test
+  * [CI:BUILD] packit: tag @containers/packit-build team on copr build failures
+  * Enable disk resizing for applehv
+  * Various updates for hyperv and machine e2e tests
+  * test: update fedoraMinimal version
+  * specgen, rootless: fix mount of cgroup without a netns
+  * Automatically remove anonymous volumes when removing a container
+  * Use ActiveServiceDestination in ssh remoteConnectionUsername
+  * fix(deps): update github.com/containers/gvisor-tap-vsock digest to 9298405
+  * e2e: ExitCleanly(): generate_kube_test.go
+  * e2e: generate kube -> kube generate
+  * e2e: ExitCleanly(): generate_kube_test.go
+  * windows cannot "do" extra files
+  * e2e: ExitCleanly(): Fixes for breaking tests
+  * play kube -> kube play
+  * e2e: ExitCleanly(): play_kube_test.go
+  * introduce pkg/strongunits
+  * Makefile equiv Powershell script
+  * pass --syslog to the cleanup process
+  * vendor of containers/common
+  * fix --authfile auto-update test
+  * compat API: speed up network list
+  * Change priority for cli-flags for remotely operating Podman
+  * libpod: remove unused ContainerState() fucntion
+  * [CI:BUILD] Packit: Enable failure notifications for cockpit tests
+  * e2e: ExitCleanly(): more low-hanging fruit
+  * e2e: ExitCleanly(): more low-hanging fruit
+  * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.12.1
+  * Enable machine e2e tests for WSL
+  * systests: tighter checks for unwanted warnings
+  * GHA Workflow: Faster discussion-locking
+  * [CI:BUILD] FCOS + podman-next image: pull in wasm
+  * [CI:BUILD] rpm: remove gvproxy subpackage
+  * [CI:DOCS] Tweak podman to Podman in a few farm man pages
+  * Docs on sig-proxy are wrong, we support TTY
+  * e2e: ExitCleanly(): low-hanging fruit, part 2
+  * e2e: ExitCleanly(): low-hanging fruit, part 1
+  * Buildtag out unix commands for common OS files
+  * systests: clean up after tests; fix missing path in logs
+  * [CI:BUILD] followup PR for fcos with podman-next
+  * Implement gvproxy networking using cmdline wrapper
+  * fix, test: rmi should work with images w/o layers
+  * vendor: bump c/common to v0.56.1-0.20230919073449-d1d9d38d8282
+  * Quadlet Image test - rearrange test function
+  * e2e: continuing ExitCleanly() work: manual tweaks
+  * e2e: continuing ExitCleanly() work
+  * [CI:DOCS] Improve podman-tag man page
+  * [CI:DOCS] Improve podman-build man page
+  * [CI:DOCS] Include precheck to release process
+  * [CI:DOCS] consistentize filter options in man pages
+  * Quadlet - add support for .image units
+  * --env-host: use default from containers.conf
+  * error when --module is specified on the command level
+  * man page crossrefs: add --filter autocompletes
+  * Fix specification of unix:///run
+  * Add label! filter and tests to containers and pods
+  * Add test for legacy address without two slashes
+  * Use url with scheme and path for the unix address
+
+- Use crun only on selected archs
+
postgresql-libversion:postgresql12
+- update to 2.0.1:
+  * remove unused function wrap_version_compare_simple
+
postgresql-libversion:postgresql13
+- update to 2.0.1:
+  * remove unused function wrap_version_compare_simple
+
postgresql-libversion:postgresql14
+- update to 2.0.1:
+  * remove unused function wrap_version_compare_simple
+
postgresql-libversion:postgresql15
+- update to 2.0.1:
+  * remove unused function wrap_version_compare_simple
+
postgresql-libversion:postgresql16
+- update to 2.0.1:
+  * remove unused function wrap_version_compare_simple
+
python-Django
--  Update to 4.2.11 (CVE-2024-27351, bsc#1220358)
-  * CVE-2024-27351: Potential regular expression denial-of-service in
-    django.utils.text.Truncator.words()
-  * Fixed a regression in Django 4.2.10 where intcomma template filter
-    could return a leading comma for string representation of floats
-- Remove python3122.patch, already upstream
+- Import fix-safemimetext-set_payload.patch from the Factory version, fixes
+  tests on python 3.11.9+ (gh#django/django@b231bcd19e57, bsc#1222880)
-- Add python3122.patch to fix tests with python 3.12.2
-  gh#django/django#17843
-- Update to 4.2.10 (bsc#1219683, CVE-2024-24680):
-  - Django 4.2.10 fixes a security issue with severity "moderate" in
-    4.2.9.
-    CVE-2024-24680: Potential denial-of-service in intcomma template
-    filter The intcomma template filter was subject to a potential
-    denial-of-service attack when used with very long strings.
+- Add CVE-2024-27351.patch patch (CVE-2024-27351, bsc#1220358)
python-Flask-Mail
+- Update test syntax.
+- Skip two tests that have outdated expected results.
+
python-mocket
-- Remove test flavor from _multibuild, as it will require multiple
-  new packages in Backports
-
-- add pytest-asyncio and psutil to test build requirements
-- skip test_truesendall_with_dump_from_recording and test_no_dangling_fds as they require internet connection
-
-- update to 3.12.3:
-  * Fixes for allowing making a mixture of unmocked and mocked
-    HTTPS requests using aiohttp
-  * Merging external contribution
-  * Adding testcase for proving #209 was fixed
-
-- update to 3.12.2:
-  * Pook is now compatible with modern Python versions
-  * Excluding venvs from dist packages
-
python-rapidfuzz
-- update to 3.6.1:
-  * fix overflow error on systems with ``sizeof(size_t) < 8``
-  * fix pure python fallback implementation of ``fuzz.token_set_ratio``
-  * properly link with ``-latomic`` if ``std::atomic<uint64_t>``
-    is not natively supported
-  * add banded implementation of LCS / Indel. This improves the
-    runtime from ``O((|s1|/64) * |s2|)`` to
-    ``O((score_cutoff/64) * |s2|)``
-  * upgrade to ``Cython==3.0.7``
-  * cdist for many metrics now returns a matrix of ``uint32``
-    instead of ``int32`` by default
-
python311
+- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with
+  patched libexpat below 2.6.0 that doesn't update the version number,
+  just in SLE.
+
+- Remove not needed upstream patches:
+  * libexpat260.patch
+  * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666
+- Update to 3.11.9:
+  * Security
+  - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
+    (CVE-2023-52425,  bsc#1219559) by adding five new methods:
+    xml.etree.ElementTree.XMLParser.flush()
+    xml.etree.ElementTree.XMLPullParser.flush()
+    xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
+    xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
+    xml.sax.expatreader.ExpatParser.flush()
+  - gh-115399: Update bundled libexpat to 2.6.0
+  - gh-115243: Fix possible crashes in collections.deque.index()
+    when the deque is concurrently modified.
+  - gh-114572: ssl.SSLContext.cert_store_stats() and
+    ssl.SSLContext.get_ca_certs() now correctly lock access to the
+    certificate store, when the ssl.SSLContext is shared across
+    multiple threads.
+  * Core and Builtins
+  - gh-116296: Fix possible refleak in object.__reduce__() internal
+    error handling.
+  - gh-116034: Fix location of the error on a failed assertion.
+  - gh-115823: Properly calculate error ranges in the parser when
+    raising SyntaxError exceptions caused by invalid byte sequences.
+    Patch by Pablo Galindo
+  - gh-112087: For an empty reverse iterator for list will be
+    reduced to reversed(). Patch by Donghee Na.
+  - gh-115011: Setters for members with an unsigned integer type now
+    support the same range of valid values for objects that has a
+    __index__() method as for int.
+  - gh-96497: Fix incorrect resolution of mangled class variables
+    used in assignment expressions in comprehensions.
+  * Library
+  - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered
+    crash in ssl when creating a new _ssl._SSLContext if CPython was
+    built implausibly such that the default cipher list is empty or
+    the SSL library it was linked against reports a failure from its
+    C SSL_CTX_set_cipher_list() API.
+  - gh-117178: Fix regression in lazy loading of self-referential
+    modules, introduced in gh-114781.
+  - gh-117084: Fix zipfile extraction for directory entries with the
+    name containing backslashes on Windows.
+  - gh-117110: Fix a bug that prevents subclasses of typing.Any to
+    be instantiated with arguments. Patch by Chris Fu.
+  - gh-90872: On Windows, subprocess.Popen.wait() no longer calls
+    WaitForSingleObject() with a negative timeout: pass 0 ms if the
+    timeout is negative. Patch by Victor Stinner.
+  - gh-116957: configparser: Don’t leave ConfigParser values in an
+    invalid state (stored as a list instead of a str) after an
+    earlier read raised DuplicateSectionError or
+    DuplicateOptionError.
+  - gh-90095: Ignore empty lines and comments in .pdbrc
+  - gh-116764: Restore support of None and other false values in
+    urllib.parse functions parse_qs() and parse_qsl(). Also, they
+    now raise a TypeError for non-zero integers and non-empty
+    sequences.
+  - gh-116811: In PathFinder.invalidate_caches, delegate to
+    MetadataPathFinder.invalidate_caches.
+  - gh-116600: Fix repr() for global Flag members.
+  - gh-116484: Change automatically generated tkinter.Checkbutton
+    widget names to avoid collisions with automatically generated
+    tkinter.ttk.Checkbutton widget names within the same parent
+    widget.
+  - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on
+    opening named pipe.
+  - gh-116143: Fix a race in pydoc _start_server, eliminating a
+    window in which _start_server can return a thread that is
+    “serving” but without a docserver set.
+  - gh-116325: typing: raise SyntaxError instead of AttributeError
+    on forward references as empty strings.
+  - gh-90535: Fix support of interval values > 1 in
+    logging.TimedRotatingFileHandler for when='MIDNIGHT' and
+    when='Wx'.
+  - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on
+    WASI.
+  - Under wasmtime for WASI 0.2, these functions don’t pass
+    test_posix
+    (https://github.com/bytecodealliance/wasmtime/issues/7830).
+  - gh-88352: Fix the computation of the next rollover time in the
+    logging.TimedRotatingFileHandler handler. computeRollover() now
+    always returns a timestamp larger than the specified time and
+    works correctly during the DST change. doRollover() no longer
+    overwrite the already rolled over file, saving from data loss
+    when run at midnight or during repeated time at the DST change.
+  - gh-87115: Set __main__.__spec__ to None when running a script
+    with pdb
+  - gh-76511: Fix UnicodeEncodeError in email.Message.as_string()
+    that results when a message that claims to be in the ascii
+    character set actually has non-ascii characters. Non-ascii
+    characters are now replaced with the U+FFFD replacement
+    character, like in the replace error handler.
+  - gh-75988: Fixed unittest.mock.create_autospec() to pass the call
+    through to the wrapped object to return the real result.
+  - gh-115881: Fix issue where ast.parse() would incorrectly flag
+    conditional context managers (such as with (x() if y else z()):
+    ...) as invalid syntax if feature_version=(3, 8) was passed.
+    This reverts changes to the grammar made as part of gh-94949.
+  - gh-115886: Fix silent truncation of the name with an embedded
+    null character in multiprocessing.shared_memory.SharedMemory.
+  - gh-115809: Improve algorithm for computing which rolled-over log
+    files to delete in logging.TimedRotatingFileHandler. It is now
+    reliable for handlers without namer and with arbitrary
+    deterministic namer that leaves the datetime part in the file
+    name unmodified.
+  - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now
+    support bytes arguments containing raw and percent-encoded
+    non-ASCII data.
+  - gh-67044: csv.writer() now always quotes or escapes '\r' and
+    '\n', regardless of lineterminator value.
+  - gh-115712: csv.writer() now quotes empty fields if delimiter is
+    a space and skipinitialspace is true and raises exception if
+    quoting is not possible.
+  - gh-115618: Fix improper decreasing the reference count for None
+    argument in property methods getter(), setter() and deleter().
+  - gh-115570: A DeprecationWarning is no longer omitted on access
+    to the __doc__ attributes of the deprecated typing.io and
+    typing.re pseudo-modules.
+  - gh-112006: Fix inspect.unwrap() for types with the __wrapper__
+    data descriptor.
+  - gh-101293: Support callables with the __call__() method and
+    types with __new__() and __init__() methods set to class
+    methods, static methods, bound methods, partial functions, and
+    other types of methods and descriptors in
+    inspect.Signature.from_callable().
+  - gh-115392: Fix a bug in doctest where incorrect line numbers
+    would be reported for decorated functions.
+  - gh-114563: Fix several format() bugs when using the C
+    implementation of Decimal: * memory leak in some rare cases when
+    using the z format option (coerce negative 0) * incorrect output
+    when applying the z format option to type F (fixed-point with
+    capital NAN / INF) * incorrect output when applying the # format
+    option (alternate form)
+  - gh-115197: urllib.request no longer resolves the hostname before
+    checking it against the system’s proxy bypass list on macOS and
+    Windows.
+  - gh-115198: Fix support of Docutils >= 0.19 in distutils.
+  - gh-115165: Most exceptions are now ignored when attempting to
+    set the __orig_class__ attribute on objects returned when
+    calling typing generic aliases (including generic aliases
+    created using typing.Annotated). Previously only AttributeError
+    was ignored. Patch by Dave Shawley.
+  - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
+  - gh-115059: io.BufferedRandom.read1() now flushes the underlying
+    write buffer.
+  - gh-79382: Trailing ** no longer allows to match files and
+    non-existing paths in recursive glob().
+  - gh-114763: Protect modules loaded with importlib.util.LazyLoader
+    from race conditions when multiple threads try to access
+    attributes before the loading is complete.
+  - gh-97959: Fix rendering class methods, bound methods, method and
+    function aliases in pydoc. Class methods no longer have “method
+    of builtins.type instance” note. Corresponding notes are now
+    added for class and unbound methods. Method and function aliases
+    now have references to the module or the class where the origin
+    was defined if it differs from the current. Bound methods are
+    now listed in the static methods section. Methods of builtin
+    classes are now supported as well as methods of Python classes.
+  - gh-112281: Allow creating union of types for typing.Annotated
+    with unhashable metadata.
+  - gh-111775: Fix importlib.resources.simple.ResourceHandle.open()
+    for text mode, added missed stream argument.
+  - gh-90095: Make .pdbrc and -c work with any valid pdb commands.
+  - gh-107155: Fix incorrect output of help(x) where x is a lambda
+    function, which has an __annotations__ dictionary attribute with
+    a "return" key.
+  - gh-105866: Fixed _get_slots bug which caused error when defining
+    dataclasses with slots and a weakref_slot.
+  - gh-60346: Fix ArgumentParser inconsistent with parse_known_args.
+  - gh-100985: Update HTTPSConnection to consistently wrap IPv6
+    Addresses when using a proxy.
+  - gh-100884: email: fix misfolding of comma in address-lists over
+    multiple lines in combination with unicode encoding.
+  - gh-95782: Fix io.BufferedReader.tell(),
+    io.BufferedReader.seek(), _pyio.BufferedReader.tell(),
+    io.BufferedRandom.tell(), io.BufferedRandom.seek() and
+    _pyio.BufferedRandom.tell() being able to return negative
+    offsets.
+  - gh-96310: Fix a traceback in argparse when all options in a
+    mutually exclusive group are suppressed.
+  - gh-93205: Fixed a bug in
+    logging.handlers.TimedRotatingFileHandler where multiple
+    rotating handler instances pointing to files with the same name
+    but different extensions would conflict and not delete the
+    correct files.
+  - bpo-44865: Add missing call to localization function in
+    argparse.
+  - bpo-43952: Fix multiprocessing.connection.Listener.accept() to
+    accept empty bytes as authkey. Not accepting empty bytes as key
+    causes it to hang indefinitely.
+  - bpo-42125: linecache: get module name from __spec__ if
+    available. This allows getting source code for the __main__
+    module when a custom loader is used.
+  - gh-66543: Make mimetypes.guess_type() properly parsing of URLs
+    with only a host name, URLs containing fragment or query, and
+    filenames with only a UNC sharepoint on Windows. Based on patch
+    by Dong-hee Na.
+  - bpo-33775: Add ‘default’ and ‘version’ help text for
+    localization in argparse.
+  * Documentation
+  - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML
+    vulnerabilities”.
+  - gh-115233: Fix an example for LoggerAdapter in the Logging
+    Cookbook.
+  * Tests
+  - gh-83434: Disable JUnit XML output (--junit-xml=FILE command
+    line option) in regrtest when hunting for reference leaks (-R
+    option). Patch by Victor Stinner.
+  - gh-117187: Fix XML tests for vanilla Expat <2.6.0.
+  - gh-115979: Update test_importlib so that it passes under WASI
+    SDK 21.
+  - gh-116307: Added import helper isolated_modules as CleanImport
+    does not remove modules imported during the context.
+  - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of
+    the number of leaks found in each iteration.
+  - gh-115122: Add --bisect option to regrtest test runner: run
+    failed tests with test.bisect_cmd to identify failing tests.
+    Patch by Victor Stinner.
+  - gh-115596: Fix ProgramPriorityTests in test_os permanently
+    changing the process priority.
+  - gh-115198: Fix test_check_metadata_deprecate in distutils tests
+    with a newer Docutils.
+  * Build
+  - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI
+    0.2/preview2 primitives.
+  - gh-115167: Avoid vendoring vcruntime140_threads.dll when
+    building with Visual Studio 2022 version 17.8.
+  * Windows
+  - gh-116773: Fix instances of <_overlapped.Overlapped object at
+    0xXXX> still has pending operation at deallocation, the process
+    may crash.
+  - gh-91227: Fix the asyncio ProactorEventLoop implementation so
+    that sending a datagram to an address that is not listening does
+    not prevent receiving any more datagrams.
+  - gh-115554: The installer now has more strict rules about
+    updating the Python Launcher for Windows. In general, most users
+    only have a single launcher installed and will see no
+    difference. When multiple launchers have been installed, the
+    option to install the launcher is disabled until all but one
+    have been removed. Downgrading the launcher (which was never
+    allowed) is now more obviously blocked.
+  - gh-115543: Python Launcher for Windows can now detect Python
+    3.13 when installed from the Microsoft Store, and will install
+    Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set.
+  - gh-115009: Update Windows installer to use SQLite 3.45.1.
+  * IDLE
+  - gh-88516: On macOS show a proxy icon in the title bar of editor
+    windows to match platform behaviour.
+  * Tools/Demos
+  - gh-113516: Don’t set LDSHARED when building for WASI.
+  * C API
+  - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows
+    64-bit platforms.
+
+- Add reference to CVE-2024-0450 (bsc#1221854) to changelog.
+
+- Because of bsc#1189495 we have to revert use of %autopatch.
+
+- Rewrite %prep to use %autosetup et al. for compatibility with
+  rpm 4.20.
+
+- bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch
+  to eliminate ResourceWarning which broke the test suite in
+  test_asyncio.
+
+- Use the system-wide crypto-policies [bsc#1211301]
+  * Use the system default cipher list instead of hardcoded values
+  * Add the --with-ssl-default-suites=openssl configure option
+
+- (bsc#1219666, CVE-2023-6597) Add
+  CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from
+  gh#python/cpython!99930) fixing symlink bug in cleanup of
+  tempfile.TemporaryDirectory.
+
+- Remove double definition of /usr/bin/idle%%{version} in
+  %%files.
+
+- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
+  with Expat 2.6.0, gh#python/cpython#115289
+
+- Update to 3.11.8:
+  - Security
+  - gh-113659: Skip .pth files with names starting with a dot or
+    hidden file attribute.
+  - Core and Builtins
+  - gh-114887: Changed socket type validation in
+    create_datagram_endpoint() to accept all non-stream sockets.
+    This fixes a regression in compatibility with raw sockets.
+  - gh-114388: Fix a RuntimeWarning emitted when assign an
+    integer-like value that is not an instance of int to an
+    attribute that corresponds to a C struct member of type T_UINT
+    and T_ULONG. Fix a double RuntimeWarning emitted when assign a
+    negative integer value to an attribute that corresponds to a C
+    struct member of type T_UINT.
+  - gh-89811: Check for a valid tp_version_tag before performing
+    bytecode specializations that rely on this value being usable.
+  - gh-113602: Fix an error that was causing the parser to try to
+    overwrite existing errors and crashing in the process. Patch by
+    Pablo Galindo
+  - gh-113566: Fix a 3.11-specific crash when the repr of a Future
+    is requested after the module has already been
+    garbage-collected.
+  - gh-106905: Use per AST-parser state rather than global state to
+    track recursion depth within the AST parser to prevent potential
+    race condition due to simultaneous parsing.
+  - The issue primarily showed up in 3.11 by multithreaded users of
+    ast.parse(). In 3.12 a change to when garbage collection can be
+    triggered prevented the race condition from occurring.
+  - gh-112716: Fix SystemError in the import statement and in
+    __reduce__() methods of builtin types when __builtins__ is not a
+    dict.
+  - gh-105967: Workaround a bug in Apple’s macOS platform zlib
+    library where zlib.crc32() and binascii.crc32() could produce
+    incorrect results on multi-gigabyte inputs. Including when using
+    zipfile on zips containing large data.
+  - gh-94606: Fix UnicodeEncodeError when
+    email.message.get_payload() reads a message with a Unicode
+    surrogate character and the message content is not well-formed
+    for surrogateescape encoding. Patch by Sidney Markowitz.
+  - Library
+  - gh-114965: Update bundled pip to 24.0
+  - gh-114959: tarfile no longer ignores errors when trying to
+    extract a directory on top of a file.
+  - gh-109475: Fix support of explicit option value “–” in argparse
+    (e.g. --option=--).
+  - gh-110190: Fix ctypes structs with array on Windows ARM64
+    platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by
+    Diego Russo
+  - gh-113280: Fix a leak of open socket in rare cases when error
+    occurred in ssl.SSLSocket creation.
+  - gh-77749: email.policy.EmailPolicy.fold() now always encodes
+    non-ASCII characters in headers if utf8 is false.
+  - gh-114492: Make the result of termios.tcgetattr() reproducible
+    on Alpine Linux. Previously it could leave a random garbage in
+    some fields.
+  - gh-75128: Ignore an OSError in
+    asyncio.BaseEventLoop.create_server() when IPv6 is available but
+    the interface cannot actually support it.
+  - gh-114257: Dismiss the FileNotFound error in
+    ctypes.util.find_library() and just return None on Linux.
+  - gh-101438: Avoid reference cycle in ElementTree.iterparse. The
+    iterator returned by ElementTree.iterparse may hold on to a file
+    descriptor. The reference cycle prevented prompt clean-up of the
+    file descriptor if the returned iterator was not exhausted.
+  - gh-104522: OSError raised when run a subprocess now only has
+    filename attribute set to cwd if the error was caused by a
+    failed attempt to change the current directory.
+  - gh-109534: Fix a reference leak in
+    asyncio.selector_events.BaseSelectorEventLoop when SSL
+    handshakes fail. Patch contributed by Jamie Phan.
+  - gh-114077: Fix possible OverflowError in
+    socket.socket.sendfile() when pass count larger than 2 GiB on
+    32-bit platform.
+  - gh-114014: Fixed a bug in fractions.Fraction where an invalid
+    string using d in the decimals part creates a different error
+    compared to other invalid letters/characters. Patch by Jeremiah
+    Gabriel Pascual.
+  - gh-113951: Fix the behavior of tag_unbind() methods of
+    tkinter.Text and tkinter.Canvas classes with three arguments.
+    Previously, widget.tag_unbind(tag, sequence, funcid) destroyed
+    the current binding for sequence, leaving sequence unbound, and
+    deleted the funcid command. Now it removes only funcid from the
+    binding for sequence, keeping other commands, and deletes the
+    funcid command. It leaves sequence unbound only if funcid was
+    the last bound command.
+  - gh-113877: Fix tkinter method winfo_pathname() on 64-bit
+    Windows.
+  - gh-113781: Silence unraisable AttributeError when warnings are
+    emitted during Python finalization.
+  - gh-113594: Fix UnicodeEncodeError in email when re-fold lines
+    that contain unknown-8bit encoded part followed by
+    non-unknown-8bit encoded part.
+  - gh-113538: In asyncio.StreamReaderProtocol.connection_made(),
+    there is callback that logs an error if the task wrapping the
+    “connected callback” fails. This callback would itself fail if
+    the task was cancelled. Prevent this by checking whether the
+    task was cancelled first. If so, close the transport but don’t
+    log an error.
+  - gh-85567: Fix resource warnings for unclosed files in pickle and
+    pickletools command line interfaces.
+  - gh-101225: Increase the backlog for
+    multiprocessing.connection.Listener objects created by
+    multiprocessing.manager and multiprocessing.resource_sharer to
+    significantly reduce the risk of getting a connection refused
+    error when creating a multiprocessing.connection.Connection to
+    them.
+  - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends
+    webbrowser.open audit event.
+  - gh-113028: When a second reference to a string appears in the
+    input to pickle, and the Python implementation is in use, we are
+    guaranteed that a single copy gets pickled and a single object
+    is shared when reloaded. Previously, in protocol 0, when a
+    string contained certain characters (e.g. newline) it resulted
+    in duplicate objects.
+  - gh-113421: Fix multiprocessing logger for %(filename)s.
+  - gh-113358: Fix rendering tracebacks for exceptions with a broken
+    __getattr__.
+  - gh-113214: Fix an AttributeError during asyncio SSL protocol
+    aborts in SSL-over-SSL scenarios.
+  - gh-113246: Update bundled pip to 23.3.2.
+  - gh-113199: Make http.client.HTTPResponse.read1 and
+    http.client.HTTPResponse.readline close IO after reading all
+    data when content length is known. Patch by Illia Volochii.
+  - gh-113188: Fix shutil.copymode() and shutil.copystat() on
+    Windows. Previously they worked differenly if dst is a symbolic
+    link: they modified the permission bits of dst itself rather
+    than the file it points to if follow_symlinks is true or src is
+    not a symbolic link, and did not modify the permission bits if
+    follow_symlinks is false and src is a symbolic link.
+  - gh-61648: Detect line numbers of properties in doctests.
+  - gh-112559: signal.signal() and signal.getsignal() no longer call
+    repr on callable handlers. asyncio.run() and
+    asyncio.Runner.run() no longer call repr on the task results.
+    Patch by Yilei Yang.
+  - gh-110190: Fix ctypes structs with array on PPC64LE platform by
+    setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo.
+  - gh-79429: Ignore FileNotFoundError when remove a temporary
+    directory in the multiprocessing finalizer.
+  - gh-79325: Fix an infinite recursion error in
+    tempfile.TemporaryDirectory() cleanup on Windows.
+  - gh-110190: Fix ctypes structs with array on Arm platform by
+    setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo.
+  - gh-81194: Fix a crash in socket.if_indextoname() with specific
+    value (UINT_MAX). Fix an integer overflow in
+    socket.if_indextoname() on 64-bit non-Windows platforms.
+  - gh-75666: Fix the behavior of tkinter widget’s unbind() method
+    with two arguments. Previously, widget.unbind(sequence, funcid)
+    destroyed the current binding for sequence, leaving sequence
+    unbound, and deleted the funcid command. Now it removes only
+    funcid from the binding for sequence, keeping other commands,
+    and deletes the funcid command. It leaves sequence unbound only
+    if funcid was the last bound command.
+  - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in
+    tkinter._test().
+  - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now
+    raises BadZipFile when try to read an entry that overlaps with
+    other entry or central directory (bsc#1221854, CVE-2024-0450).
+  - gh-38807: Fix race condition in trace. Instead of checking if a
+    directory exists and creating it, directly call os.makedirs()
+    with the kwarg exist_ok=True.
+  - gh-75705: Set unixfrom envelope in mailbox.mbox and
+    mailbox.MMDF.
+  - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure
+    when the system endianness is the opposite of the classes.
+  - gh-104282: Fix null pointer dereference in
+    lzma._decode_filter_properties() due to improper handling of BCJ
+    filters with properties of zero length. Patch by Radislav
+    Chugunov.
+  - gh-102512: When os.fork() is called from a foreign thread (aka
+    _DummyThread), the type of the thread in a child process is
+    changed to _MainThread. Also changed its name and daemonic
+    status, it can be now joined.
+  - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup,
+    which now no longer dereferences symlinks when working around
+    file system permission errors.
+  - bpo-43153: On Windows, tempfile.TemporaryDirectory previously
+    masked a PermissionError with NotADirectoryError during
+    directory cleanup. It now correctly raises PermissionError if
+    errors are not ignored. Patch by Andrei Kulakov and Ken Jin.
+  - bpo-35332: The shutil.rmtree() function now ignores errors when
+    calling os.close() when ignore_errors is True, and os.close() no
+    longer retried after error.
+  - bpo-35928: io.TextIOWrapper now correctly handles the decoding
+    buffer after read() and write().
+  - bpo-26791: shutil.move() now moves a symlink into a directory
+    when that directory is the target of the symlink. This provides
+    the same behavior as the mv shell command. The previous behavior
+    raised an exception. Patch by Jeffrey Kintscher.
+  - bpo-36959: Fix some error messages for invalid ISO format string
+    combinations in strptime() that referred to directives not
+    contained in the format string. Patch by Gordon P. Hemsley.
+  - bpo-18060: Fixed a class inheritance issue that can cause
+    segfaults when deriving two or more levels of subclasses from a
+    base class of Structure or Union.
+  - Documentation
+  - gh-110746: Improved markup for valid options/values for methods
+    ttk.treeview.column and ttk.treeview.heading, and for Layouts.
+  - gh-95649: Document that the asyncio module contains code taken
+    from v0.16.0 of the uvloop project, as well as the required MIT
+    licensing information.
+  - Tests
+  - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS,
+    where system tar can include more information in the archive
+    than shutil.make_archive.
+  - gh-112769: The tests now correctly compare zlib version when
+    zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For
+    example zlib-ng defines the version as 1.3.0.zlib-ng.
+  - gh-105089: Fix
+    test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write
+    test in AIX by doing a bitwise AND of 0xFFFF on mode , so that
+    it will be in sync with zinfo.external_attr
+  - bpo-40648: Test modes that file can get with chmod() on Windows.
+  - Build
+  - gh-101778: Fix build error when there’s a dangling symlink in
+    the directory containing ffi.h.
+  - gh-112305: Fixed the check-clean-src step performed on out of
+    tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h
+    files and recommend appropriate source tree cleanup steps to get
+    a working build again.
+  - bpo-11102: The os.major(), os.makedev(), and os.minor()
+    functions are now available on HP-UX v3.
+  - bpo-36351: Do not set ipv6type when cross-compiling.
+  - IDLE
+  - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and
+    ‘object’.
+  - gh-72284: Improve the lists of features, editor key bindings,
+    and shell key bingings in the IDLE doc.
+  - gh-113903: Fix rare failure of test.test_idle, in
+    test_configdialog.
+  - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and
+    3.12.1.
+  - gh-113269: Fix test_editor hang on macOS Catalina.
+  - gh-112898: Fix processing unsaved files when quitting IDLE on
+    macOS.
+  - gh-103820: Revise IDLE bindings so that events from mouse button
+    4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not
+    mistaken for scrolling.
+  - bpo-13586: Enter the selected text when opening the “Replace”
+    dialog.
+  - Tools/Demos
+  - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and
+    multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1.
+  - gh-115015: Fix a bug in Argument Clinic that generated incorrect
+    code for methods with no parameters that use the METH_METHOD |
+    METH_FASTCALL | METH_KEYWORDS calling convention. Only the
+    positional parameter count was checked; any keyword argument
+    passed would be silently accepted.
+- Refresh all patches:
+  - CVE-2023-27043-email-parsing-errors.patch
+  - F00251-change-user-install-location.patch
+  - bpo-31046_ensurepip_honours_prefix.patch
+  - distutils-reproducible-compile.patch
+  - fix_configure_rst.patch
+  - python-3.3.0b1-fix_date_time_compiler.patch
+  - python-3.3.0b1-localpath.patch
+  - python-3.3.0b1-test-posix_fadvise.patch
+  - skip_if_buildbot-extend.patch
+  - subprocess-raise-timeout.patch
+  - support-expat-CVE-2022-25236-patched.patch
+
+- Update patch fix_configure_rst.patch
+- Update to 3.11.7:
+  - Core and Builtins
+  - gh-112625: Fixes a bug where a bytearray object could be cleared
+    while iterating over an argument in the bytearray.join() method
+    that could result in reading memory after it was freed.
+  - gh-112388: Fix an error that was causing the parser to try to
+    overwrite tokenizer errors. Patch by pablo Galindo
+  - gh-112387: Fix error positions for decoded strings with
+    backwards tokenize errors. Patch by Pablo Galindo
+  - gh-112266: Change docstrings of __dict__ and __weakref__.
+  - gh-109181: Speed up Traceback object creation by lazily compute
+    the line number. Patch by Pablo Galindo
+  - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004
+    codecs read out of bounds
+  - gh-111366: Fix an issue in the codeop that was causing
+    SyntaxError exceptions raised in the presence of invalid syntax
+    to not contain precise error messages. Patch by Pablo Galindo
+  - gh-111380: Fix a bug that was causing SyntaxWarning to appear
+    twice when parsing if invalid syntax is encountered later. Patch
+    by Pablo galindo
+  - gh-88116: Traceback location ranges involving wide unicode
+    characters (like emoji and asian characters) now are properly
+    highlighted. Patch by Batuhan Taskaya and Pablo Galindo.
+  - gh-94438: Fix a regression that prevented jumping across is None
+    and is not None when debugging. Patch by Savannah Ostrowski.
+  - gh-110696: Fix incorrect error message for invalid argument
+    unpacking. Patch by Pablo Galindo
+  - gh-110237: Fix missing error checks for calls to PyList_Append
+    in _PyEval_MatchClass.
+  - gh-109216: Fix possible memory leak in BUILD_MAP.
+  - Library
+  - gh-112618: Fix a caching bug relating to typing.Annotated.
+    Annotated[str, True] is no longer identical to Annotated[str,
+    1].
+  - gh-112509: Fix edge cases that could cause a key to be present
+    in both the __required_keys__ and __optional_keys__ attributes
+    of a typing.TypedDict. Patch by Jelle Zijlstra.
+  - gh-94722: Fix bug where comparison between instances of DocTest
+    fails if one of them has None as its lineno.
+  - gh-112105: Make readline.set_completer_delims() work with
+    libedit
+  - gh-111942: Fix SystemError in the TextIOWrapper constructor with
+    non-encodable “errors” argument in non-debug mode.
+  - gh-109538: Issue warning message instead of having RuntimeError
+    be displayed when event loop has already been closed at
+    StreamWriter.__del__().
+  - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when
+    pass invalid arguments, e.g. non-string encoding.
+  - gh-111804: Remove posix.fallocate() under WASI as the underlying
+    posix_fallocate() is not available in WASI preview2.
+  - gh-111841: Fix truncating arguments on an embedded null
+    character in os.putenv() and os.unsetenv() on Windows.
+  - gh-111541: Fix doctest for SyntaxError not-builtin subclasses.
+  - gh-110894: Call loop exception handler for exceptions in
+    client_connected_cb of asyncio.start_server() so that
+    applications can handle it. Patch by Kumar Aditya.
+  - gh-111531: Fix reference leaks in bind_class() and bind_all()
+    methods of tkinter widgets.
+  - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and
+    io.IncrementalNewlineDecoder to io.__all__.
+  - gh-68166: Remove mention of not supported “vsapi” element type
+    in tkinter.ttk.Style.element_create(). Add tests for
+    element_create() and other ttk.Style methods. Add examples for
+    element_create() in the documentation.
+  - gh-111251: Fix _blake2 not checking for errors when
+    initializing.
+  - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly
+    for empty BytesIO.
+  - gh-111187: Postpone removal version for
+    locale.getdefaultlocale() to Python 3.15.
+  - gh-111159: Fix doctest output comparison for exceptions with
+    notes.
+  - gh-110910: Fix invalid state handling in asyncio.TaskGroup and
+    asyncio.Timeout. They now raise proper RuntimeError if they are
+    improperly used and are left in consistent state after this.
+  - gh-111092: Make turtledemo run without default root enabled.
+  - gh-110590: Fix a bug in _sre.compile() where TypeError would be
+    overwritten by OverflowError when the code argument was a list
+    of non-ints.
+  - gh-65052: Prevent pdb from crashing when trying to display
+    undisplayable objects
+  - gh-110519: Deprecation warning about non-integer number in
+    gettext now alwais refers to the line in the user code where
+    gettext function or method is used. Previously it could refer to
+    a line in gettext code.
+  - gh-110378: contextmanager() and asynccontextmanager() context
+    managers now close an invalid underlying generator object that
+    yields more then one value.
+  - gh-110365: Fix termios.tcsetattr() bug that was overwritting
+    existing errors during parsing integers from term list.
+  - gh-110196: Add __reduce__ method to IPv6Address in order to keep
+    scope_id
+  - gh-109747: Improve errors for unsupported look-behind patterns.
+    Now re.error is raised instead of OverflowError or RuntimeError
+    for too large width of look-behind pattern.
+  - gh-109786: Fix possible reference leaks and crash when re-enter
+    the __next__() method of itertools.pairwise.
+  - gh-108791: Improved error handling in pdb command line
+    interface, making it produce more concise error messages.
+  - gh-73561: Omit the interface scope from an IPv6 address when
+    used as Host header by http.client.
+  - gh-86826: zipinfo now supports the full range of values in the
+    TZ string determined by RFC 8536 and detects all invalid
+    formats. Both Python and C implementations now raise exceptions
+    of the same type on invalid data.
+  - bpo-41422: Fixed memory leaks of pickle.Pickler and
+    pickle.Unpickler involving cyclic references via the internal
+    memo mapping.
+  - bpo-40262: The ssl.SSLSocket.recv_into() method no longer
+    requires the buffer argument to implement __len__ and supports
+    buffers with arbitrary item size.
+  - bpo-35191: Fix unexpected integer truncation in
+    socket.setblocking() which caused it to interpret multiples of
+    2**32 as False.
+  - Documentation
+  - gh-108826: dis module command-line interface is now mentioned in
+    documentation.
+  - Tests
+  - gh-110367: Make regrtest --verbose3 option compatible with
+  - -huntrleaks -jN options. The ./python -m test -j1 -R 3:3
+  - -verbose3 command now works as expected. Patch by Victor
+    Stinner.
+  - gh-111309: distutils tests can now be run via unittest.
+  - gh-111165: Remove no longer used functions run_unittest() and
+    run_doctest() and class BasicTestRunner from the test.support
+    module.
+  - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment
+    variable is defined: use the variable value as the random seed.
+    Patch by Victor Stinner.
+  - gh-110995: test_gdb: Fix detection of gdb built without Python
+    scripting support. Patch by Victor Stinner.
+  - gh-110918: Test case matching patterns specified by options
+  - -match, --ignore, --matchfile and --ignorefile are now tested
+    in the order of specification, and the last match determines
+    whether the test case be run or ignored.
+  - gh-110647: Fix test_stress_modifying_handlers() of test_signal.
+    Patch by Victor Stinner.
+  - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make
+    distclean” instead of “make clean” in the copied source
+    directory to remove also the “python” program. Patch by Victor
+    Stinner.
+  - gh-110167: Fix a deadlock in test_socket when server fails with
+    a timeout but the client is still running in its thread. Don’t
+    hold a lock to call cleanup functions in doCleanups(). One of
+    the cleanup function waits until the client completes, whereas
+    the client could deadlock if it called addCleanup() in such
+    situation. Patch by Victor Stinner.
+  - gh-110388: Add tests for tty.
+  - gh-81002: Add tests for termios.
+  - gh-110267: Add tests for pickling and copying PyStructSequence
+    objects. Patched by Xuehai Pan.
+  - gh-109974: Fix race conditions in test_threading lock tests.
+    Wait until a condition is met rather than using time.sleep()
+    with a hardcoded number of seconds. Patch by Victor Stinner.
+  - gh-109972: Split test_gdb.py file into a test_gdb package made
+    of multiple tests, so tests can now be run in parallel. Patch by
+    Victor Stinner.
+  - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on
+    Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt”
+    command output to detect when gdb fails to retrieve the
+    traceback. For example, skip a test if Backtrace stopped: frame
+    did not save the PC is found. Patch by Victor Stinner.
+  - gh-108927: Fixed order dependence in running tests in the same
+    process when a test that has submodules (e.g. test_importlib)
+    follows a test that imports its submodule (e.g.
+    test_importlib.util) and precedes a test (e.g. test_unittest or
+    test_compileall) that uses that submodule.
+  - Build
+  - gh-103053: “make check-clean-src” now also checks if the
+    “python” program is found in the source directory: fail with an
+    error if it does exist. Patch by Victor Stinner.
+  - gh-109191: Fix compile error when building with recent versions
+    of libedit.
+  - IDLE
+  - bpo-35668: Add docstrings to the IDLE debugger module. Fix two
+    bugs: initialize Idb.botframe (should be in Bdb); in
+    Idb.in_rpc_code, check whether prev_frame is None before trying
+    to use it. Greatly expand test_debugger.
+  - C API
+  - gh-112438: Fix support of format units “es”, “et”, “es#”, and
+    “et#” in nested tuples in PyArg_ParseTuple()-like functions.
+  - gh-109521: PyImport_GetImporter() now sets RuntimeError if it
+    fails to get sys.path_hooks or sys.path_importer_cache or they
+    are not list and dict correspondingly. Previously it could
+    return NULL without setting error in obscure cases, crash or
+    raise SystemError if these attributes have wrong type.
+
+- Refresh CVE-2023-27043-email-parsing-errors.patch to
+  gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
+- Thus we can remove Revert-gh105127-left-tests.patch, which is
+  now useless.
+
+- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch
+- Refresh patches:
+  - bpo-31046_ensurepip_honours_prefix.patch
+  - fix_configure_rst.patch
+- Update to 3.11.6:
+  - Core and Builtins
+  - gh-109351: Fix crash when compiling an invalid AST involving a
+    named (walrus) expression.
+  - gh-109207: Fix a SystemError in __repr__ of symtable entry
+    object.
+  - gh-109179: Fix bug where the C traceback display drops notes
+    from SyntaxError.
+  - gh-88943: Improve syntax error for non-ASCII character that
+    follows a numerical literal. It now points on the invalid
+    non-ASCII character, not on the valid numerical literal.
+  - gh-108959: Fix caret placement for error locations for subscript
+    and binary operations that involve non-semantic parentheses and
+    spaces. Patch by Pablo Galindo
+  - gh-108520: Fix
+    multiprocessing.synchronize.SemLock.__setstate__() to properly
+    initialize multiprocessing.synchronize.SemLock._is_fork_ctx.
+    This fixes a regression when passing a SemLock accross nested
+    processes.
+  - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to
+    multiprocessing.synchronize.SemLock._is_fork_ctx to avoid
+    exposing it as public API.
+  - Library
+  - gh-110036: On Windows, multiprocessing Popen.terminate() now
+    catchs PermissionError and get the process exit code. If the
+    process is still running, raise again the PermissionError.
+    Otherwise, the process terminated as expected: store its exit
+    code. Patch by Victor Stinner.
+  - gh-110038: Fixed an issue that caused KqueueSelector.select() to
+    not return all the ready events in some cases when a file
+    descriptor is registered for both read and write.
+  - gh-109631: re functions such as re.findall(), re.split(),
+    re.search() and re.sub() which perform short repeated matches
+    can now be interrupted by user.
+  - gh-109593: Avoid deadlocking on a reentrant call to the
+    multiprocessing resource tracker. Such a reentrant call, though
+    unlikely, can happen if a GC pass invokes the finalizer for a
+    multiprocessing object such as SemLock.
+  - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for
+    exceptions. Previously, on Python built in debug mode, these
+    functions could trigger a fatal Python error (and abort the
+    process) when a function succeeded with an exception set. Patch
+    by Victor Stinner.
+  - gh-109375: The pdb alias command now prevents registering
+    aliases without arguments.
+  - gh-107219: Fix a race condition in concurrent.futures. When a
+    process in the process pool was terminated abruptly (while the
+    future was running or pending), close the connection write end.
+    If the call queue is blocked on sending bytes to a worker
+    process, closing the connection write end interrupts the send,
+    so the queue can be closed. Patch by Victor Stinner.
+  - gh-50644: Attempts to pickle or create a shallow or deep copy of
+    codecs streams now raise a TypeError. Previously, copying failed
+    with a RecursionError, while pickling produced wrong results
+    that eventually caused unpickling to fail with a RecursionError.
+  - gh-108987: Fix _thread.start_new_thread() race condition. If a
+    thread is created during Python finalization, the newly spawned
+    thread now exits immediately instead of trying to access freed
+    memory and lead to a crash. Patch by Victor Stinner.
+  - gh-108843: Fix an issue in ast.unparse() when unparsing
+    f-strings containing many quote types.
+  - gh-108682: Enum: raise TypeError if super().__new__() is called
+    from a custom __new__.
+  - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock
+  - gh-64662: Fix support for virtual tables in
+    sqlite3.Connection.iterdump(). Patch by Aviv Palivoda.
+  - gh-107913: Fix possible losses of errno and winerror values in
+    OSError exceptions if they were cleared or modified by the
+    cleanup code before creating the exception object.
+  - gh-104372: On Linux where subprocess can use the vfork() syscall
+    for faster spawning, prevent the parent process from blocking
+    other threads by dropping the GIL while it waits for the
+    vfork’ed child process exec() outcome. This prevents spawning a
+    binary from a slow filesystem from blocking the rest of the
+    application.
+  - gh-84867: unittest.TestLoader no longer loads test cases from
+    exact unittest.TestCase and unittest.FunctionTestCase classes.
+  - Documentation
+  - gh-109209: The minimum Sphinx version required for the
+    documentation is now 4.2.
+  - gh-105052: Update timeit doc to specify that time in seconds is
+    just the default.
+  - gh-102823: Document the return type of x // y when x and y have
+    type float.
+  - Tests
+  - gh-110031: Skip test_threading tests using thread+fork if Python
+    is built with Address Sanitizer (ASAN). Patch by Victor Stinner.
+  - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum
+    duration, a test should not measure a CI performance. Only
+    measure the minimum duration when a task has a timeout or delay.
+    Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner.
+  - gh-110033: Fix test_interprocess_signal() of test_signal. Make
+    sure that the subprocess.Popen object is deleted before the test
+    raising an exception in a signal handler. Otherwise,
+    Popen.__del__() can get the exception which is logged as
+    Exception ignored in: ... and the test fails. Patch by Victor
+    Stinner.
+  - gh-109594: Fix test_timeout() of
+    test_concurrent_futures.test_wait. Remove the future which may
+    or may not complete depending if it takes longer than the
+    timeout ot not. Keep the second future which does not complete
+    before wait() timeout. Patch by Victor Stinner.
+  - gh-109748: Fix test_zippath_from_non_installed_posix() of
+    test_venv: don’t copy __pycache__/ sub-directories, because they
+    can be modified by other Python tests running in parallel. Patch
+    by Victor Stinner.
+  - gh-103053: Skip test_freeze_simple_script() of
+    test_tools.test_freeze if Python is built with ./configure
+  - -enable-optimizations, which means with Profile Guided
+    Optimization (PGO): it just makes the test too slow. The freeze
+    tool is tested by many other CIs with other (faster) compiler
+    flags. Patch by Victor Stinner.
+  - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a
+    longer key: FIPS mode requires at least of at least 112 bits.
+    The previous key was only 32 bits. Patch by Victor Stinner.
+  - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on
+    Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt”
+    command output to detect when gdb fails to retrieve the
+    traceback. For example, skip a test if Backtrace stopped: frame
+    did not save the PC is found. Patch by Victor Stinner.
+  - gh-109237: Fix test_site.test_underpth_basic() when the working
+    directory contains at least one non-ASCII character: encode the
+    ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for
+    the child process stdout. Patch by Victor Stinner.
+  - gh-109230: Fix test_pyexpat.test_exception(): it can now be run
+    from a directory different than Python source code directory.
+    Before, the test failed in this case. Skip the test if
+    Modules/pyexpat.c source is not available. Skip also the test on
+    Python implementations other than CPython. Patch by Victor
+    Stinner.
+  - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests
+    on FreeBSD if the TCP blackhole is enabled (sysctl
+    net.inet.tcp.blackhole). Skip the few tests which failed with
+    ETIMEDOUT which such non standard configuration. Currently, the
+    FreeBSD GCP image enables TCP and UDP blackhole (sysctl
+    net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1).
+    Patch by Victor Stinner.
+  - gh-91960: Skip test_gdb if gdb is unable to retrieve Python
+    frame objects: if a frame is <optimized out>. When Python is
+    built with “clang -Og”, gdb can fail to retrive the frame
+    parameter of _PyEval_EvalFrameDefault(). In this case, tests
+    like py_bt() are likely to fail. Without getting access to
+    Python frames, python-gdb.py is mostly clueless on retrieving
+    the Python traceback. Moreover, test_gdb is no longer skipped on
+    macOS if Python is built with Clang. Patch by Victor Stinner.
+  - gh-108962: Skip test_tempfile.test_flags() if chflags() fails
+    with “OSError: [Errno 45] Operation not supported” (ex: on
+    FreeBSD 13). Patch by Victor Stinner.
+  - gh-89392: Removed support of test_main() function in tests. They
+    now always use normal unittest test runner.
+  - gh-108851: Fix test_tomllib recursion tests for WASI buildbots:
+    reduce the recursion limit and compute the maximum nested
+    array/dict depending on the current available recursion limit.
+    Patch by Victor Stinner.
+  - gh-108851: Add get_recursion_available() and
+    get_recursion_depth() functions to the test.support module.
+    Patch by Victor Stinner.
+  - gh-108822: regrtest now computes statistics on all tests:
+    successes, failures and skipped. test_netrc, test_pep646_syntax
+    and test_xml_etree now return results in their test_main()
+    function. Patch by Victor Stinner and Alex Waygood.
+  - gh-108388: Convert test_concurrent_futures to a package of 7
+    sub-tests. Patch by Victor Stinner.
+  - gh-108388: Split test_multiprocessing_fork,
+    test_multiprocessing_forkserver and test_multiprocessing_spawn
+    into test packages. Each package is made of 4 sub-tests:
+    processes, threads, manager and misc. It allows running more
+    tests in parallel and so reduce the total test duration. Patch
+    by Victor Stinner.
+  - gh-101634: When running the Python test suite with -jN option,
+    if a worker stdout cannot be decoded from the locale encoding
+    report a failed testn so the exitcode is non-zero. Patch by
+    Victor Stinner.
+  - gh-100086: The Python test runner (libregrtest) now logs Python
+    build information like “debug” vs “release” build, or LTO and
+    PGO optimizations. Patch by Victor Stinner.
+  - gh-98903: The Python test suite now fails wit exit code 4 if no
+    tests ran. It should help detecting typos in test names and test
+    methods.
+  - gh-95027: On Windows, when the Python test suite is run with the
+  - jN option, the ANSI code page is now used as the encoding for
+    the stdout temporary file, rather than using UTF-8 which can
+    lead to decoding errors. Patch by Victor Stinner.
+  - gh-93353: regrtest now checks if a test leaks temporary files or
+    directories if run with -jN option. Patch by Victor Stinner.
+  - Build
+  - gh-63760: Fix Solaris build: no longer redefine the
+    gethostname() function. Solaris defines the function since 2005.
+    Patch by Victor Stinner, original patch by Jakub Kulík.
+  - gh-108740: Fix a race condition in make regen-all. The
+    deepfreeze.c source and files generated by Argument Clinic are
+    now generated or updated before generating “global objects”.
+    Previously, some identifiers may miss depending on the order in
+    which these files were generated. Patch by Victor Stinner.
+  - Windows
+  - gh-109991: Update Windows build to use OpenSSL 3.0.11.
+  - gh-107565: Update Windows build to use OpenSSL 3.0.10.
+  - macOS
+  - gh-109991: Update macOS installer to use OpenSSL 3.0.11.
+  - Tools/Demos
+  - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and
+    multissltests to use 1.1.1w, 3.0.11, and 3.1.3.
+
python311:base
+- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with
+  patched libexpat below 2.6.0 that doesn't update the version number,
+  just in SLE.
+
+- Remove not needed upstream patches:
+  * libexpat260.patch
+  * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666
+- Update to 3.11.9:
+  * Security
+  - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
+    (CVE-2023-52425,  bsc#1219559) by adding five new methods:
+    xml.etree.ElementTree.XMLParser.flush()
+    xml.etree.ElementTree.XMLPullParser.flush()
+    xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
+    xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
+    xml.sax.expatreader.ExpatParser.flush()
+  - gh-115399: Update bundled libexpat to 2.6.0
+  - gh-115243: Fix possible crashes in collections.deque.index()
+    when the deque is concurrently modified.
+  - gh-114572: ssl.SSLContext.cert_store_stats() and
+    ssl.SSLContext.get_ca_certs() now correctly lock access to the
+    certificate store, when the ssl.SSLContext is shared across
+    multiple threads.
+  * Core and Builtins
+  - gh-116296: Fix possible refleak in object.__reduce__() internal
+    error handling.
+  - gh-116034: Fix location of the error on a failed assertion.
+  - gh-115823: Properly calculate error ranges in the parser when
+    raising SyntaxError exceptions caused by invalid byte sequences.
+    Patch by Pablo Galindo
+  - gh-112087: For an empty reverse iterator for list will be
+    reduced to reversed(). Patch by Donghee Na.
+  - gh-115011: Setters for members with an unsigned integer type now
+    support the same range of valid values for objects that has a
+    __index__() method as for int.
+  - gh-96497: Fix incorrect resolution of mangled class variables
+    used in assignment expressions in comprehensions.
+  * Library
+  - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered
+    crash in ssl when creating a new _ssl._SSLContext if CPython was
+    built implausibly such that the default cipher list is empty or
+    the SSL library it was linked against reports a failure from its
+    C SSL_CTX_set_cipher_list() API.
+  - gh-117178: Fix regression in lazy loading of self-referential
+    modules, introduced in gh-114781.
+  - gh-117084: Fix zipfile extraction for directory entries with the
+    name containing backslashes on Windows.
+  - gh-117110: Fix a bug that prevents subclasses of typing.Any to
+    be instantiated with arguments. Patch by Chris Fu.
+  - gh-90872: On Windows, subprocess.Popen.wait() no longer calls
+    WaitForSingleObject() with a negative timeout: pass 0 ms if the
+    timeout is negative. Patch by Victor Stinner.
+  - gh-116957: configparser: Don’t leave ConfigParser values in an
+    invalid state (stored as a list instead of a str) after an
+    earlier read raised DuplicateSectionError or
+    DuplicateOptionError.
+  - gh-90095: Ignore empty lines and comments in .pdbrc
+  - gh-116764: Restore support of None and other false values in
+    urllib.parse functions parse_qs() and parse_qsl(). Also, they
+    now raise a TypeError for non-zero integers and non-empty
+    sequences.
+  - gh-116811: In PathFinder.invalidate_caches, delegate to
+    MetadataPathFinder.invalidate_caches.
+  - gh-116600: Fix repr() for global Flag members.
+  - gh-116484: Change automatically generated tkinter.Checkbutton
+    widget names to avoid collisions with automatically generated
+    tkinter.ttk.Checkbutton widget names within the same parent
+    widget.
+  - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on
+    opening named pipe.
+  - gh-116143: Fix a race in pydoc _start_server, eliminating a
+    window in which _start_server can return a thread that is
+    “serving” but without a docserver set.
+  - gh-116325: typing: raise SyntaxError instead of AttributeError
+    on forward references as empty strings.
+  - gh-90535: Fix support of interval values > 1 in
+    logging.TimedRotatingFileHandler for when='MIDNIGHT' and
+    when='Wx'.
+  - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on
+    WASI.
+  - Under wasmtime for WASI 0.2, these functions don’t pass
+    test_posix
+    (https://github.com/bytecodealliance/wasmtime/issues/7830).
+  - gh-88352: Fix the computation of the next rollover time in the
+    logging.TimedRotatingFileHandler handler. computeRollover() now
+    always returns a timestamp larger than the specified time and
+    works correctly during the DST change. doRollover() no longer
+    overwrite the already rolled over file, saving from data loss
+    when run at midnight or during repeated time at the DST change.
+  - gh-87115: Set __main__.__spec__ to None when running a script
+    with pdb
+  - gh-76511: Fix UnicodeEncodeError in email.Message.as_string()
+    that results when a message that claims to be in the ascii
+    character set actually has non-ascii characters. Non-ascii
+    characters are now replaced with the U+FFFD replacement
+    character, like in the replace error handler.
+  - gh-75988: Fixed unittest.mock.create_autospec() to pass the call
+    through to the wrapped object to return the real result.
+  - gh-115881: Fix issue where ast.parse() would incorrectly flag
+    conditional context managers (such as with (x() if y else z()):
+    ...) as invalid syntax if feature_version=(3, 8) was passed.
+    This reverts changes to the grammar made as part of gh-94949.
+  - gh-115886: Fix silent truncation of the name with an embedded
+    null character in multiprocessing.shared_memory.SharedMemory.
+  - gh-115809: Improve algorithm for computing which rolled-over log
+    files to delete in logging.TimedRotatingFileHandler. It is now
+    reliable for handlers without namer and with arbitrary
+    deterministic namer that leaves the datetime part in the file
+    name unmodified.
+  - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now
+    support bytes arguments containing raw and percent-encoded
+    non-ASCII data.
+  - gh-67044: csv.writer() now always quotes or escapes '\r' and
+    '\n', regardless of lineterminator value.
+  - gh-115712: csv.writer() now quotes empty fields if delimiter is
+    a space and skipinitialspace is true and raises exception if
+    quoting is not possible.
+  - gh-115618: Fix improper decreasing the reference count for None
+    argument in property methods getter(), setter() and deleter().
+  - gh-115570: A DeprecationWarning is no longer omitted on access
+    to the __doc__ attributes of the deprecated typing.io and
+    typing.re pseudo-modules.
+  - gh-112006: Fix inspect.unwrap() for types with the __wrapper__
+    data descriptor.
+  - gh-101293: Support callables with the __call__() method and
+    types with __new__() and __init__() methods set to class
+    methods, static methods, bound methods, partial functions, and
+    other types of methods and descriptors in
+    inspect.Signature.from_callable().
+  - gh-115392: Fix a bug in doctest where incorrect line numbers
+    would be reported for decorated functions.
+  - gh-114563: Fix several format() bugs when using the C
+    implementation of Decimal: * memory leak in some rare cases when
+    using the z format option (coerce negative 0) * incorrect output
+    when applying the z format option to type F (fixed-point with
+    capital NAN / INF) * incorrect output when applying the # format
+    option (alternate form)
+  - gh-115197: urllib.request no longer resolves the hostname before
+    checking it against the system’s proxy bypass list on macOS and
+    Windows.
+  - gh-115198: Fix support of Docutils >= 0.19 in distutils.
+  - gh-115165: Most exceptions are now ignored when attempting to
+    set the __orig_class__ attribute on objects returned when
+    calling typing generic aliases (including generic aliases
+    created using typing.Annotated). Previously only AttributeError
+    was ignored. Patch by Dave Shawley.
+  - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
+  - gh-115059: io.BufferedRandom.read1() now flushes the underlying
+    write buffer.
+  - gh-79382: Trailing ** no longer allows to match files and
+    non-existing paths in recursive glob().
+  - gh-114763: Protect modules loaded with importlib.util.LazyLoader
+    from race conditions when multiple threads try to access
+    attributes before the loading is complete.
+  - gh-97959: Fix rendering class methods, bound methods, method and
+    function aliases in pydoc. Class methods no longer have “method
+    of builtins.type instance” note. Corresponding notes are now
+    added for class and unbound methods. Method and function aliases
+    now have references to the module or the class where the origin
+    was defined if it differs from the current. Bound methods are
+    now listed in the static methods section. Methods of builtin
+    classes are now supported as well as methods of Python classes.
+  - gh-112281: Allow creating union of types for typing.Annotated
+    with unhashable metadata.
+  - gh-111775: Fix importlib.resources.simple.ResourceHandle.open()
+    for text mode, added missed stream argument.
+  - gh-90095: Make .pdbrc and -c work with any valid pdb commands.
+  - gh-107155: Fix incorrect output of help(x) where x is a lambda
+    function, which has an __annotations__ dictionary attribute with
+    a "return" key.
+  - gh-105866: Fixed _get_slots bug which caused error when defining
+    dataclasses with slots and a weakref_slot.
+  - gh-60346: Fix ArgumentParser inconsistent with parse_known_args.
+  - gh-100985: Update HTTPSConnection to consistently wrap IPv6
+    Addresses when using a proxy.
+  - gh-100884: email: fix misfolding of comma in address-lists over
+    multiple lines in combination with unicode encoding.
+  - gh-95782: Fix io.BufferedReader.tell(),
+    io.BufferedReader.seek(), _pyio.BufferedReader.tell(),
+    io.BufferedRandom.tell(), io.BufferedRandom.seek() and
+    _pyio.BufferedRandom.tell() being able to return negative
+    offsets.
+  - gh-96310: Fix a traceback in argparse when all options in a
+    mutually exclusive group are suppressed.
+  - gh-93205: Fixed a bug in
+    logging.handlers.TimedRotatingFileHandler where multiple
+    rotating handler instances pointing to files with the same name
+    but different extensions would conflict and not delete the
+    correct files.
+  - bpo-44865: Add missing call to localization function in
+    argparse.
+  - bpo-43952: Fix multiprocessing.connection.Listener.accept() to
+    accept empty bytes as authkey. Not accepting empty bytes as key
+    causes it to hang indefinitely.
+  - bpo-42125: linecache: get module name from __spec__ if
+    available. This allows getting source code for the __main__
+    module when a custom loader is used.
+  - gh-66543: Make mimetypes.guess_type() properly parsing of URLs
+    with only a host name, URLs containing fragment or query, and
+    filenames with only a UNC sharepoint on Windows. Based on patch
+    by Dong-hee Na.
+  - bpo-33775: Add ‘default’ and ‘version’ help text for
+    localization in argparse.
+  * Documentation
+  - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML
+    vulnerabilities”.
+  - gh-115233: Fix an example for LoggerAdapter in the Logging
+    Cookbook.
+  * Tests
+  - gh-83434: Disable JUnit XML output (--junit-xml=FILE command
+    line option) in regrtest when hunting for reference leaks (-R
+    option). Patch by Victor Stinner.
+  - gh-117187: Fix XML tests for vanilla Expat <2.6.0.
+  - gh-115979: Update test_importlib so that it passes under WASI
+    SDK 21.
+  - gh-116307: Added import helper isolated_modules as CleanImport
+    does not remove modules imported during the context.
+  - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of
+    the number of leaks found in each iteration.
+  - gh-115122: Add --bisect option to regrtest test runner: run
+    failed tests with test.bisect_cmd to identify failing tests.
+    Patch by Victor Stinner.
+  - gh-115596: Fix ProgramPriorityTests in test_os permanently
+    changing the process priority.
+  - gh-115198: Fix test_check_metadata_deprecate in distutils tests
+    with a newer Docutils.
+  * Build
+  - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI
+    0.2/preview2 primitives.
+  - gh-115167: Avoid vendoring vcruntime140_threads.dll when
+    building with Visual Studio 2022 version 17.8.
+  * Windows
+  - gh-116773: Fix instances of <_overlapped.Overlapped object at
+    0xXXX> still has pending operation at deallocation, the process
+    may crash.
+  - gh-91227: Fix the asyncio ProactorEventLoop implementation so
+    that sending a datagram to an address that is not listening does
+    not prevent receiving any more datagrams.
+  - gh-115554: The installer now has more strict rules about
+    updating the Python Launcher for Windows. In general, most users
+    only have a single launcher installed and will see no
+    difference. When multiple launchers have been installed, the
+    option to install the launcher is disabled until all but one
+    have been removed. Downgrading the launcher (which was never
+    allowed) is now more obviously blocked.
+  - gh-115543: Python Launcher for Windows can now detect Python
+    3.13 when installed from the Microsoft Store, and will install
+    Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set.
+  - gh-115009: Update Windows installer to use SQLite 3.45.1.
+  * IDLE
+  - gh-88516: On macOS show a proxy icon in the title bar of editor
+    windows to match platform behaviour.
+  * Tools/Demos
+  - gh-113516: Don’t set LDSHARED when building for WASI.
+  * C API
+  - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows
+    64-bit platforms.
+
+- Add reference to CVE-2024-0450 (bsc#1221854) to changelog.
+
+- Because of bsc#1189495 we have to revert use of %autopatch.
+
+- Rewrite %prep to use %autosetup et al. for compatibility with
+  rpm 4.20.
+
+- bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch
+  to eliminate ResourceWarning which broke the test suite in
+  test_asyncio.
+
+- Use the system-wide crypto-policies [bsc#1211301]
+  * Use the system default cipher list instead of hardcoded values
+  * Add the --with-ssl-default-suites=openssl configure option
+
+- (bsc#1219666, CVE-2023-6597) Add
+  CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from
+  gh#python/cpython!99930) fixing symlink bug in cleanup of
+  tempfile.TemporaryDirectory.
+
+- Remove double definition of /usr/bin/idle%%{version} in
+  %%files.
+
+- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
+  with Expat 2.6.0, gh#python/cpython#115289
+
+- Update to 3.11.8:
+  - Security
+  - gh-113659: Skip .pth files with names starting with a dot or
+    hidden file attribute.
+  - Core and Builtins
+  - gh-114887: Changed socket type validation in
+    create_datagram_endpoint() to accept all non-stream sockets.
+    This fixes a regression in compatibility with raw sockets.
+  - gh-114388: Fix a RuntimeWarning emitted when assign an
+    integer-like value that is not an instance of int to an
+    attribute that corresponds to a C struct member of type T_UINT
+    and T_ULONG. Fix a double RuntimeWarning emitted when assign a
+    negative integer value to an attribute that corresponds to a C
+    struct member of type T_UINT.
+  - gh-89811: Check for a valid tp_version_tag before performing
+    bytecode specializations that rely on this value being usable.
+  - gh-113602: Fix an error that was causing the parser to try to
+    overwrite existing errors and crashing in the process. Patch by
+    Pablo Galindo
+  - gh-113566: Fix a 3.11-specific crash when the repr of a Future
+    is requested after the module has already been
+    garbage-collected.
+  - gh-106905: Use per AST-parser state rather than global state to
+    track recursion depth within the AST parser to prevent potential
+    race condition due to simultaneous parsing.
+  - The issue primarily showed up in 3.11 by multithreaded users of
+    ast.parse(). In 3.12 a change to when garbage collection can be
+    triggered prevented the race condition from occurring.
+  - gh-112716: Fix SystemError in the import statement and in
+    __reduce__() methods of builtin types when __builtins__ is not a
+    dict.
+  - gh-105967: Workaround a bug in Apple’s macOS platform zlib
+    library where zlib.crc32() and binascii.crc32() could produce
+    incorrect results on multi-gigabyte inputs. Including when using
+    zipfile on zips containing large data.
+  - gh-94606: Fix UnicodeEncodeError when
+    email.message.get_payload() reads a message with a Unicode
+    surrogate character and the message content is not well-formed
+    for surrogateescape encoding. Patch by Sidney Markowitz.
+  - Library
+  - gh-114965: Update bundled pip to 24.0
+  - gh-114959: tarfile no longer ignores errors when trying to
+    extract a directory on top of a file.
+  - gh-109475: Fix support of explicit option value “–” in argparse
+    (e.g. --option=--).
+  - gh-110190: Fix ctypes structs with array on Windows ARM64
+    platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by
+    Diego Russo
+  - gh-113280: Fix a leak of open socket in rare cases when error
+    occurred in ssl.SSLSocket creation.
+  - gh-77749: email.policy.EmailPolicy.fold() now always encodes
+    non-ASCII characters in headers if utf8 is false.
+  - gh-114492: Make the result of termios.tcgetattr() reproducible
+    on Alpine Linux. Previously it could leave a random garbage in
+    some fields.
+  - gh-75128: Ignore an OSError in
+    asyncio.BaseEventLoop.create_server() when IPv6 is available but
+    the interface cannot actually support it.
+  - gh-114257: Dismiss the FileNotFound error in
+    ctypes.util.find_library() and just return None on Linux.
+  - gh-101438: Avoid reference cycle in ElementTree.iterparse. The
+    iterator returned by ElementTree.iterparse may hold on to a file
+    descriptor. The reference cycle prevented prompt clean-up of the
+    file descriptor if the returned iterator was not exhausted.
+  - gh-104522: OSError raised when run a subprocess now only has
+    filename attribute set to cwd if the error was caused by a
+    failed attempt to change the current directory.
+  - gh-109534: Fix a reference leak in
+    asyncio.selector_events.BaseSelectorEventLoop when SSL
+    handshakes fail. Patch contributed by Jamie Phan.
+  - gh-114077: Fix possible OverflowError in
+    socket.socket.sendfile() when pass count larger than 2 GiB on
+    32-bit platform.
+  - gh-114014: Fixed a bug in fractions.Fraction where an invalid
+    string using d in the decimals part creates a different error
+    compared to other invalid letters/characters. Patch by Jeremiah
+    Gabriel Pascual.
+  - gh-113951: Fix the behavior of tag_unbind() methods of
+    tkinter.Text and tkinter.Canvas classes with three arguments.
+    Previously, widget.tag_unbind(tag, sequence, funcid) destroyed
+    the current binding for sequence, leaving sequence unbound, and
+    deleted the funcid command. Now it removes only funcid from the
+    binding for sequence, keeping other commands, and deletes the
+    funcid command. It leaves sequence unbound only if funcid was
+    the last bound command.
+  - gh-113877: Fix tkinter method winfo_pathname() on 64-bit
+    Windows.
+  - gh-113781: Silence unraisable AttributeError when warnings are
+    emitted during Python finalization.
+  - gh-113594: Fix UnicodeEncodeError in email when re-fold lines
+    that contain unknown-8bit encoded part followed by
+    non-unknown-8bit encoded part.
+  - gh-113538: In asyncio.StreamReaderProtocol.connection_made(),
+    there is callback that logs an error if the task wrapping the
+    “connected callback” fails. This callback would itself fail if
+    the task was cancelled. Prevent this by checking whether the
+    task was cancelled first. If so, close the transport but don’t
+    log an error.
+  - gh-85567: Fix resource warnings for unclosed files in pickle and
+    pickletools command line interfaces.
+  - gh-101225: Increase the backlog for
+    multiprocessing.connection.Listener objects created by
+    multiprocessing.manager and multiprocessing.resource_sharer to
+    significantly reduce the risk of getting a connection refused
+    error when creating a multiprocessing.connection.Connection to
+    them.
+  - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends
+    webbrowser.open audit event.
+  - gh-113028: When a second reference to a string appears in the
+    input to pickle, and the Python implementation is in use, we are
+    guaranteed that a single copy gets pickled and a single object
+    is shared when reloaded. Previously, in protocol 0, when a
+    string contained certain characters (e.g. newline) it resulted
+    in duplicate objects.
+  - gh-113421: Fix multiprocessing logger for %(filename)s.
+  - gh-113358: Fix rendering tracebacks for exceptions with a broken
+    __getattr__.
+  - gh-113214: Fix an AttributeError during asyncio SSL protocol
+    aborts in SSL-over-SSL scenarios.
+  - gh-113246: Update bundled pip to 23.3.2.
+  - gh-113199: Make http.client.HTTPResponse.read1 and
+    http.client.HTTPResponse.readline close IO after reading all
+    data when content length is known. Patch by Illia Volochii.
+  - gh-113188: Fix shutil.copymode() and shutil.copystat() on
+    Windows. Previously they worked differenly if dst is a symbolic
+    link: they modified the permission bits of dst itself rather
+    than the file it points to if follow_symlinks is true or src is
+    not a symbolic link, and did not modify the permission bits if
+    follow_symlinks is false and src is a symbolic link.
+  - gh-61648: Detect line numbers of properties in doctests.
+  - gh-112559: signal.signal() and signal.getsignal() no longer call
+    repr on callable handlers. asyncio.run() and
+    asyncio.Runner.run() no longer call repr on the task results.
+    Patch by Yilei Yang.
+  - gh-110190: Fix ctypes structs with array on PPC64LE platform by
+    setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo.
+  - gh-79429: Ignore FileNotFoundError when remove a temporary
+    directory in the multiprocessing finalizer.
+  - gh-79325: Fix an infinite recursion error in
+    tempfile.TemporaryDirectory() cleanup on Windows.
+  - gh-110190: Fix ctypes structs with array on Arm platform by
+    setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo.
+  - gh-81194: Fix a crash in socket.if_indextoname() with specific
+    value (UINT_MAX). Fix an integer overflow in
+    socket.if_indextoname() on 64-bit non-Windows platforms.
+  - gh-75666: Fix the behavior of tkinter widget’s unbind() method
+    with two arguments. Previously, widget.unbind(sequence, funcid)
+    destroyed the current binding for sequence, leaving sequence
+    unbound, and deleted the funcid command. Now it removes only
+    funcid from the binding for sequence, keeping other commands,
+    and deletes the funcid command. It leaves sequence unbound only
+    if funcid was the last bound command.
+  - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in
+    tkinter._test().
+  - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now
+    raises BadZipFile when try to read an entry that overlaps with
+    other entry or central directory (bsc#1221854, CVE-2024-0450).
+  - gh-38807: Fix race condition in trace. Instead of checking if a
+    directory exists and creating it, directly call os.makedirs()
+    with the kwarg exist_ok=True.
+  - gh-75705: Set unixfrom envelope in mailbox.mbox and
+    mailbox.MMDF.
+  - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure
+    when the system endianness is the opposite of the classes.
+  - gh-104282: Fix null pointer dereference in
+    lzma._decode_filter_properties() due to improper handling of BCJ
+    filters with properties of zero length. Patch by Radislav
+    Chugunov.
+  - gh-102512: When os.fork() is called from a foreign thread (aka
+    _DummyThread), the type of the thread in a child process is
+    changed to _MainThread. Also changed its name and daemonic
+    status, it can be now joined.
+  - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup,
+    which now no longer dereferences symlinks when working around
+    file system permission errors.
+  - bpo-43153: On Windows, tempfile.TemporaryDirectory previously
+    masked a PermissionError with NotADirectoryError during
+    directory cleanup. It now correctly raises PermissionError if
+    errors are not ignored. Patch by Andrei Kulakov and Ken Jin.
+  - bpo-35332: The shutil.rmtree() function now ignores errors when
+    calling os.close() when ignore_errors is True, and os.close() no
+    longer retried after error.
+  - bpo-35928: io.TextIOWrapper now correctly handles the decoding
+    buffer after read() and write().
+  - bpo-26791: shutil.move() now moves a symlink into a directory
+    when that directory is the target of the symlink. This provides
+    the same behavior as the mv shell command. The previous behavior
+    raised an exception. Patch by Jeffrey Kintscher.
+  - bpo-36959: Fix some error messages for invalid ISO format string
+    combinations in strptime() that referred to directives not
+    contained in the format string. Patch by Gordon P. Hemsley.
+  - bpo-18060: Fixed a class inheritance issue that can cause
+    segfaults when deriving two or more levels of subclasses from a
+    base class of Structure or Union.
+  - Documentation
+  - gh-110746: Improved markup for valid options/values for methods
+    ttk.treeview.column and ttk.treeview.heading, and for Layouts.
+  - gh-95649: Document that the asyncio module contains code taken
+    from v0.16.0 of the uvloop project, as well as the required MIT
+    licensing information.
+  - Tests
+  - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS,
+    where system tar can include more information in the archive
+    than shutil.make_archive.
+  - gh-112769: The tests now correctly compare zlib version when
+    zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For
+    example zlib-ng defines the version as 1.3.0.zlib-ng.
+  - gh-105089: Fix
+    test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write
+    test in AIX by doing a bitwise AND of 0xFFFF on mode , so that
+    it will be in sync with zinfo.external_attr
+  - bpo-40648: Test modes that file can get with chmod() on Windows.
+  - Build
+  - gh-101778: Fix build error when there’s a dangling symlink in
+    the directory containing ffi.h.
+  - gh-112305: Fixed the check-clean-src step performed on out of
+    tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h
+    files and recommend appropriate source tree cleanup steps to get
+    a working build again.
+  - bpo-11102: The os.major(), os.makedev(), and os.minor()
+    functions are now available on HP-UX v3.
+  - bpo-36351: Do not set ipv6type when cross-compiling.
+  - IDLE
+  - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and
+    ‘object’.
+  - gh-72284: Improve the lists of features, editor key bindings,
+    and shell key bingings in the IDLE doc.
+  - gh-113903: Fix rare failure of test.test_idle, in
+    test_configdialog.
+  - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and
+    3.12.1.
+  - gh-113269: Fix test_editor hang on macOS Catalina.
+  - gh-112898: Fix processing unsaved files when quitting IDLE on
+    macOS.
+  - gh-103820: Revise IDLE bindings so that events from mouse button
+    4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not
+    mistaken for scrolling.
+  - bpo-13586: Enter the selected text when opening the “Replace”
+    dialog.
+  - Tools/Demos
+  - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and
+    multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1.
+  - gh-115015: Fix a bug in Argument Clinic that generated incorrect
+    code for methods with no parameters that use the METH_METHOD |
+    METH_FASTCALL | METH_KEYWORDS calling convention. Only the
+    positional parameter count was checked; any keyword argument
+    passed would be silently accepted.
+- Refresh all patches:
+  - CVE-2023-27043-email-parsing-errors.patch
+  - F00251-change-user-install-location.patch
+  - bpo-31046_ensurepip_honours_prefix.patch
+  - distutils-reproducible-compile.patch
+  - fix_configure_rst.patch
+  - python-3.3.0b1-fix_date_time_compiler.patch
+  - python-3.3.0b1-localpath.patch
+  - python-3.3.0b1-test-posix_fadvise.patch
+  - skip_if_buildbot-extend.patch
+  - subprocess-raise-timeout.patch
+  - support-expat-CVE-2022-25236-patched.patch
+
+- Update patch fix_configure_rst.patch
+- Update to 3.11.7:
+  - Core and Builtins
+  - gh-112625: Fixes a bug where a bytearray object could be cleared
+    while iterating over an argument in the bytearray.join() method
+    that could result in reading memory after it was freed.
+  - gh-112388: Fix an error that was causing the parser to try to
+    overwrite tokenizer errors. Patch by pablo Galindo
+  - gh-112387: Fix error positions for decoded strings with
+    backwards tokenize errors. Patch by Pablo Galindo
+  - gh-112266: Change docstrings of __dict__ and __weakref__.
+  - gh-109181: Speed up Traceback object creation by lazily compute
+    the line number. Patch by Pablo Galindo
+  - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004
+    codecs read out of bounds
+  - gh-111366: Fix an issue in the codeop that was causing
+    SyntaxError exceptions raised in the presence of invalid syntax
+    to not contain precise error messages. Patch by Pablo Galindo
+  - gh-111380: Fix a bug that was causing SyntaxWarning to appear
+    twice when parsing if invalid syntax is encountered later. Patch
+    by Pablo galindo
+  - gh-88116: Traceback location ranges involving wide unicode
+    characters (like emoji and asian characters) now are properly
+    highlighted. Patch by Batuhan Taskaya and Pablo Galindo.
+  - gh-94438: Fix a regression that prevented jumping across is None
+    and is not None when debugging. Patch by Savannah Ostrowski.
+  - gh-110696: Fix incorrect error message for invalid argument
+    unpacking. Patch by Pablo Galindo
+  - gh-110237: Fix missing error checks for calls to PyList_Append
+    in _PyEval_MatchClass.
+  - gh-109216: Fix possible memory leak in BUILD_MAP.
+  - Library
+  - gh-112618: Fix a caching bug relating to typing.Annotated.
+    Annotated[str, True] is no longer identical to Annotated[str,
+    1].
+  - gh-112509: Fix edge cases that could cause a key to be present
+    in both the __required_keys__ and __optional_keys__ attributes
+    of a typing.TypedDict. Patch by Jelle Zijlstra.
+  - gh-94722: Fix bug where comparison between instances of DocTest
+    fails if one of them has None as its lineno.
+  - gh-112105: Make readline.set_completer_delims() work with
+    libedit
+  - gh-111942: Fix SystemError in the TextIOWrapper constructor with
+    non-encodable “errors” argument in non-debug mode.
+  - gh-109538: Issue warning message instead of having RuntimeError
+    be displayed when event loop has already been closed at
+    StreamWriter.__del__().
+  - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when
+    pass invalid arguments, e.g. non-string encoding.
+  - gh-111804: Remove posix.fallocate() under WASI as the underlying
+    posix_fallocate() is not available in WASI preview2.
+  - gh-111841: Fix truncating arguments on an embedded null
+    character in os.putenv() and os.unsetenv() on Windows.
+  - gh-111541: Fix doctest for SyntaxError not-builtin subclasses.
+  - gh-110894: Call loop exception handler for exceptions in
+    client_connected_cb of asyncio.start_server() so that
+    applications can handle it. Patch by Kumar Aditya.
+  - gh-111531: Fix reference leaks in bind_class() and bind_all()
+    methods of tkinter widgets.
+  - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and
+    io.IncrementalNewlineDecoder to io.__all__.
+  - gh-68166: Remove mention of not supported “vsapi” element type
+    in tkinter.ttk.Style.element_create(). Add tests for
+    element_create() and other ttk.Style methods. Add examples for
+    element_create() in the documentation.
+  - gh-111251: Fix _blake2 not checking for errors when
+    initializing.
+  - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly
+    for empty BytesIO.
+  - gh-111187: Postpone removal version for
+    locale.getdefaultlocale() to Python 3.15.
+  - gh-111159: Fix doctest output comparison for exceptions with
+    notes.
+  - gh-110910: Fix invalid state handling in asyncio.TaskGroup and
+    asyncio.Timeout. They now raise proper RuntimeError if they are
+    improperly used and are left in consistent state after this.
+  - gh-111092: Make turtledemo run without default root enabled.
+  - gh-110590: Fix a bug in _sre.compile() where TypeError would be
+    overwritten by OverflowError when the code argument was a list
+    of non-ints.
+  - gh-65052: Prevent pdb from crashing when trying to display
+    undisplayable objects
+  - gh-110519: Deprecation warning about non-integer number in
+    gettext now alwais refers to the line in the user code where
+    gettext function or method is used. Previously it could refer to
+    a line in gettext code.
+  - gh-110378: contextmanager() and asynccontextmanager() context
+    managers now close an invalid underlying generator object that
+    yields more then one value.
+  - gh-110365: Fix termios.tcsetattr() bug that was overwritting
+    existing errors during parsing integers from term list.
+  - gh-110196: Add __reduce__ method to IPv6Address in order to keep
+    scope_id
+  - gh-109747: Improve errors for unsupported look-behind patterns.
+    Now re.error is raised instead of OverflowError or RuntimeError
+    for too large width of look-behind pattern.
+  - gh-109786: Fix possible reference leaks and crash when re-enter
+    the __next__() method of itertools.pairwise.
+  - gh-108791: Improved error handling in pdb command line
+    interface, making it produce more concise error messages.
+  - gh-73561: Omit the interface scope from an IPv6 address when
+    used as Host header by http.client.
+  - gh-86826: zipinfo now supports the full range of values in the
+    TZ string determined by RFC 8536 and detects all invalid
+    formats. Both Python and C implementations now raise exceptions
+    of the same type on invalid data.
+  - bpo-41422: Fixed memory leaks of pickle.Pickler and
+    pickle.Unpickler involving cyclic references via the internal
+    memo mapping.
+  - bpo-40262: The ssl.SSLSocket.recv_into() method no longer
+    requires the buffer argument to implement __len__ and supports
+    buffers with arbitrary item size.
+  - bpo-35191: Fix unexpected integer truncation in
+    socket.setblocking() which caused it to interpret multiples of
+    2**32 as False.
+  - Documentation
+  - gh-108826: dis module command-line interface is now mentioned in
+    documentation.
+  - Tests
+  - gh-110367: Make regrtest --verbose3 option compatible with
+  - -huntrleaks -jN options. The ./python -m test -j1 -R 3:3
+  - -verbose3 command now works as expected. Patch by Victor
+    Stinner.
+  - gh-111309: distutils tests can now be run via unittest.
+  - gh-111165: Remove no longer used functions run_unittest() and
+    run_doctest() and class BasicTestRunner from the test.support
+    module.
+  - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment
+    variable is defined: use the variable value as the random seed.
+    Patch by Victor Stinner.
+  - gh-110995: test_gdb: Fix detection of gdb built without Python
+    scripting support. Patch by Victor Stinner.
+  - gh-110918: Test case matching patterns specified by options
+  - -match, --ignore, --matchfile and --ignorefile are now tested
+    in the order of specification, and the last match determines
+    whether the test case be run or ignored.
+  - gh-110647: Fix test_stress_modifying_handlers() of test_signal.
+    Patch by Victor Stinner.
+  - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make
+    distclean” instead of “make clean” in the copied source
+    directory to remove also the “python” program. Patch by Victor
+    Stinner.
+  - gh-110167: Fix a deadlock in test_socket when server fails with
+    a timeout but the client is still running in its thread. Don’t
+    hold a lock to call cleanup functions in doCleanups(). One of
+    the cleanup function waits until the client completes, whereas
+    the client could deadlock if it called addCleanup() in such
+    situation. Patch by Victor Stinner.
+  - gh-110388: Add tests for tty.
+  - gh-81002: Add tests for termios.
+  - gh-110267: Add tests for pickling and copying PyStructSequence
+    objects. Patched by Xuehai Pan.
+  - gh-109974: Fix race conditions in test_threading lock tests.
+    Wait until a condition is met rather than using time.sleep()
+    with a hardcoded number of seconds. Patch by Victor Stinner.
+  - gh-109972: Split test_gdb.py file into a test_gdb package made
+    of multiple tests, so tests can now be run in parallel. Patch by
+    Victor Stinner.
+  - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on
+    Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt”
+    command output to detect when gdb fails to retrieve the
+    traceback. For example, skip a test if Backtrace stopped: frame
+    did not save the PC is found. Patch by Victor Stinner.
+  - gh-108927: Fixed order dependence in running tests in the same
+    process when a test that has submodules (e.g. test_importlib)
+    follows a test that imports its submodule (e.g.
+    test_importlib.util) and precedes a test (e.g. test_unittest or
+    test_compileall) that uses that submodule.
+  - Build
+  - gh-103053: “make check-clean-src” now also checks if the
+    “python” program is found in the source directory: fail with an
+    error if it does exist. Patch by Victor Stinner.
+  - gh-109191: Fix compile error when building with recent versions
+    of libedit.
+  - IDLE
+  - bpo-35668: Add docstrings to the IDLE debugger module. Fix two
+    bugs: initialize Idb.botframe (should be in Bdb); in
+    Idb.in_rpc_code, check whether prev_frame is None before trying
+    to use it. Greatly expand test_debugger.
+  - C API
+  - gh-112438: Fix support of format units “es”, “et”, “es#”, and
+    “et#” in nested tuples in PyArg_ParseTuple()-like functions.
+  - gh-109521: PyImport_GetImporter() now sets RuntimeError if it
+    fails to get sys.path_hooks or sys.path_importer_cache or they
+    are not list and dict correspondingly. Previously it could
+    return NULL without setting error in obscure cases, crash or
+    raise SystemError if these attributes have wrong type.
+
+- Refresh CVE-2023-27043-email-parsing-errors.patch to
+  gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
+- Thus we can remove Revert-gh105127-left-tests.patch, which is
+  now useless.
+
+- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch
+- Refresh patches:
+  - bpo-31046_ensurepip_honours_prefix.patch
+  - fix_configure_rst.patch
+- Update to 3.11.6:
+  - Core and Builtins
+  - gh-109351: Fix crash when compiling an invalid AST involving a
+    named (walrus) expression.
+  - gh-109207: Fix a SystemError in __repr__ of symtable entry
+    object.
+  - gh-109179: Fix bug where the C traceback display drops notes
+    from SyntaxError.
+  - gh-88943: Improve syntax error for non-ASCII character that
+    follows a numerical literal. It now points on the invalid
+    non-ASCII character, not on the valid numerical literal.
+  - gh-108959: Fix caret placement for error locations for subscript
+    and binary operations that involve non-semantic parentheses and
+    spaces. Patch by Pablo Galindo
+  - gh-108520: Fix
+    multiprocessing.synchronize.SemLock.__setstate__() to properly
+    initialize multiprocessing.synchronize.SemLock._is_fork_ctx.
+    This fixes a regression when passing a SemLock accross nested
+    processes.
+  - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to
+    multiprocessing.synchronize.SemLock._is_fork_ctx to avoid
+    exposing it as public API.
+  - Library
+  - gh-110036: On Windows, multiprocessing Popen.terminate() now
+    catchs PermissionError and get the process exit code. If the
+    process is still running, raise again the PermissionError.
+    Otherwise, the process terminated as expected: store its exit
+    code. Patch by Victor Stinner.
+  - gh-110038: Fixed an issue that caused KqueueSelector.select() to
+    not return all the ready events in some cases when a file
+    descriptor is registered for both read and write.
+  - gh-109631: re functions such as re.findall(), re.split(),
+    re.search() and re.sub() which perform short repeated matches
+    can now be interrupted by user.
+  - gh-109593: Avoid deadlocking on a reentrant call to the
+    multiprocessing resource tracker. Such a reentrant call, though
+    unlikely, can happen if a GC pass invokes the finalizer for a
+    multiprocessing object such as SemLock.
+  - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for
+    exceptions. Previously, on Python built in debug mode, these
+    functions could trigger a fatal Python error (and abort the
+    process) when a function succeeded with an exception set. Patch
+    by Victor Stinner.
+  - gh-109375: The pdb alias command now prevents registering
+    aliases without arguments.
+  - gh-107219: Fix a race condition in concurrent.futures. When a
+    process in the process pool was terminated abruptly (while the
+    future was running or pending), close the connection write end.
+    If the call queue is blocked on sending bytes to a worker
+    process, closing the connection write end interrupts the send,
+    so the queue can be closed. Patch by Victor Stinner.
+  - gh-50644: Attempts to pickle or create a shallow or deep copy of
+    codecs streams now raise a TypeError. Previously, copying failed
+    with a RecursionError, while pickling produced wrong results
+    that eventually caused unpickling to fail with a RecursionError.
+  - gh-108987: Fix _thread.start_new_thread() race condition. If a
+    thread is created during Python finalization, the newly spawned
+    thread now exits immediately instead of trying to access freed
+    memory and lead to a crash. Patch by Victor Stinner.
+  - gh-108843: Fix an issue in ast.unparse() when unparsing
+    f-strings containing many quote types.
+  - gh-108682: Enum: raise TypeError if super().__new__() is called
+    from a custom __new__.
+  - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock
+  - gh-64662: Fix support for virtual tables in
+    sqlite3.Connection.iterdump(). Patch by Aviv Palivoda.
+  - gh-107913: Fix possible losses of errno and winerror values in
+    OSError exceptions if they were cleared or modified by the
+    cleanup code before creating the exception object.
+  - gh-104372: On Linux where subprocess can use the vfork() syscall
+    for faster spawning, prevent the parent process from blocking
+    other threads by dropping the GIL while it waits for the
+    vfork’ed child process exec() outcome. This prevents spawning a
+    binary from a slow filesystem from blocking the rest of the
+    application.
+  - gh-84867: unittest.TestLoader no longer loads test cases from
+    exact unittest.TestCase and unittest.FunctionTestCase classes.
+  - Documentation
+  - gh-109209: The minimum Sphinx version required for the
+    documentation is now 4.2.
+  - gh-105052: Update timeit doc to specify that time in seconds is
+    just the default.
+  - gh-102823: Document the return type of x // y when x and y have
+    type float.
+  - Tests
+  - gh-110031: Skip test_threading tests using thread+fork if Python
+    is built with Address Sanitizer (ASAN). Patch by Victor Stinner.
+  - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum
+    duration, a test should not measure a CI performance. Only
+    measure the minimum duration when a task has a timeout or delay.
+    Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner.
+  - gh-110033: Fix test_interprocess_signal() of test_signal. Make
+    sure that the subprocess.Popen object is deleted before the test
+    raising an exception in a signal handler. Otherwise,
+    Popen.__del__() can get the exception which is logged as
+    Exception ignored in: ... and the test fails. Patch by Victor
+    Stinner.
+  - gh-109594: Fix test_timeout() of
+    test_concurrent_futures.test_wait. Remove the future which may
+    or may not complete depending if it takes longer than the
+    timeout ot not. Keep the second future which does not complete
+    before wait() timeout. Patch by Victor Stinner.
+  - gh-109748: Fix test_zippath_from_non_installed_posix() of
+    test_venv: don’t copy __pycache__/ sub-directories, because they
+    can be modified by other Python tests running in parallel. Patch
+    by Victor Stinner.
+  - gh-103053: Skip test_freeze_simple_script() of
+    test_tools.test_freeze if Python is built with ./configure
+  - -enable-optimizations, which means with Profile Guided
+    Optimization (PGO): it just makes the test too slow. The freeze
+    tool is tested by many other CIs with other (faster) compiler
+    flags. Patch by Victor Stinner.
+  - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a
+    longer key: FIPS mode requires at least of at least 112 bits.
+    The previous key was only 32 bits. Patch by Victor Stinner.
+  - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on
+    Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt”
+    command output to detect when gdb fails to retrieve the
+    traceback. For example, skip a test if Backtrace stopped: frame
+    did not save the PC is found. Patch by Victor Stinner.
+  - gh-109237: Fix test_site.test_underpth_basic() when the working
+    directory contains at least one non-ASCII character: encode the
+    ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for
+    the child process stdout. Patch by Victor Stinner.
+  - gh-109230: Fix test_pyexpat.test_exception(): it can now be run
+    from a directory different than Python source code directory.
+    Before, the test failed in this case. Skip the test if
+    Modules/pyexpat.c source is not available. Skip also the test on
+    Python implementations other than CPython. Patch by Victor
+    Stinner.
+  - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests
+    on FreeBSD if the TCP blackhole is enabled (sysctl
+    net.inet.tcp.blackhole). Skip the few tests which failed with
+    ETIMEDOUT which such non standard configuration. Currently, the
+    FreeBSD GCP image enables TCP and UDP blackhole (sysctl
+    net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1).
+    Patch by Victor Stinner.
+  - gh-91960: Skip test_gdb if gdb is unable to retrieve Python
+    frame objects: if a frame is <optimized out>. When Python is
+    built with “clang -Og”, gdb can fail to retrive the frame
+    parameter of _PyEval_EvalFrameDefault(). In this case, tests
+    like py_bt() are likely to fail. Without getting access to
+    Python frames, python-gdb.py is mostly clueless on retrieving
+    the Python traceback. Moreover, test_gdb is no longer skipped on
+    macOS if Python is built with Clang. Patch by Victor Stinner.
+  - gh-108962: Skip test_tempfile.test_flags() if chflags() fails
+    with “OSError: [Errno 45] Operation not supported” (ex: on
+    FreeBSD 13). Patch by Victor Stinner.
+  - gh-89392: Removed support of test_main() function in tests. They
+    now always use normal unittest test runner.
+  - gh-108851: Fix test_tomllib recursion tests for WASI buildbots:
+    reduce the recursion limit and compute the maximum nested
+    array/dict depending on the current available recursion limit.
+    Patch by Victor Stinner.
+  - gh-108851: Add get_recursion_available() and
+    get_recursion_depth() functions to the test.support module.
+    Patch by Victor Stinner.
+  - gh-108822: regrtest now computes statistics on all tests:
+    successes, failures and skipped. test_netrc, test_pep646_syntax
+    and test_xml_etree now return results in their test_main()
+    function. Patch by Victor Stinner and Alex Waygood.
+  - gh-108388: Convert test_concurrent_futures to a package of 7
+    sub-tests. Patch by Victor Stinner.
+  - gh-108388: Split test_multiprocessing_fork,
+    test_multiprocessing_forkserver and test_multiprocessing_spawn
+    into test packages. Each package is made of 4 sub-tests:
+    processes, threads, manager and misc. It allows running more
+    tests in parallel and so reduce the total test duration. Patch
+    by Victor Stinner.
+  - gh-101634: When running the Python test suite with -jN option,
+    if a worker stdout cannot be decoded from the locale encoding
+    report a failed testn so the exitcode is non-zero. Patch by
+    Victor Stinner.
+  - gh-100086: The Python test runner (libregrtest) now logs Python
+    build information like “debug” vs “release” build, or LTO and
+    PGO optimizations. Patch by Victor Stinner.
+  - gh-98903: The Python test suite now fails wit exit code 4 if no
+    tests ran. It should help detecting typos in test names and test
+    methods.
+  - gh-95027: On Windows, when the Python test suite is run with the
+  - jN option, the ANSI code page is now used as the encoding for
+    the stdout temporary file, rather than using UTF-8 which can
+    lead to decoding errors. Patch by Victor Stinner.
+  - gh-93353: regrtest now checks if a test leaks temporary files or
+    directories if run with -jN option. Patch by Victor Stinner.
+  - Build
+  - gh-63760: Fix Solaris build: no longer redefine the
+    gethostname() function. Solaris defines the function since 2005.
+    Patch by Victor Stinner, original patch by Jakub Kulík.
+  - gh-108740: Fix a race condition in make regen-all. The
+    deepfreeze.c source and files generated by Argument Clinic are
+    now generated or updated before generating “global objects”.
+    Previously, some identifiers may miss depending on the order in
+    which these files were generated. Patch by Victor Stinner.
+  - Windows
+  - gh-109991: Update Windows build to use OpenSSL 3.0.11.
+  - gh-107565: Update Windows build to use OpenSSL 3.0.10.
+  - macOS
+  - gh-109991: Update macOS installer to use OpenSSL 3.0.11.
+  - Tools/Demos
+  - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and
+    multissltests to use 1.1.1w, 3.0.11, and 3.1.3.
+
python311:doc
+- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with
+  patched libexpat below 2.6.0 that doesn't update the version number,
+  just in SLE.
+
+- Remove not needed upstream patches:
+  * libexpat260.patch
+  * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666
+- Update to 3.11.9:
+  * Security
+  - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
+    (CVE-2023-52425,  bsc#1219559) by adding five new methods:
+    xml.etree.ElementTree.XMLParser.flush()
+    xml.etree.ElementTree.XMLPullParser.flush()
+    xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
+    xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
+    xml.sax.expatreader.ExpatParser.flush()
+  - gh-115399: Update bundled libexpat to 2.6.0
+  - gh-115243: Fix possible crashes in collections.deque.index()
+    when the deque is concurrently modified.
+  - gh-114572: ssl.SSLContext.cert_store_stats() and
+    ssl.SSLContext.get_ca_certs() now correctly lock access to the
+    certificate store, when the ssl.SSLContext is shared across
+    multiple threads.
+  * Core and Builtins
+  - gh-116296: Fix possible refleak in object.__reduce__() internal
+    error handling.
+  - gh-116034: Fix location of the error on a failed assertion.
+  - gh-115823: Properly calculate error ranges in the parser when
+    raising SyntaxError exceptions caused by invalid byte sequences.
+    Patch by Pablo Galindo
+  - gh-112087: For an empty reverse iterator for list will be
+    reduced to reversed(). Patch by Donghee Na.
+  - gh-115011: Setters for members with an unsigned integer type now
+    support the same range of valid values for objects that has a
+    __index__() method as for int.
+  - gh-96497: Fix incorrect resolution of mangled class variables
+    used in assignment expressions in comprehensions.
+  * Library
+  - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered
+    crash in ssl when creating a new _ssl._SSLContext if CPython was
+    built implausibly such that the default cipher list is empty or
+    the SSL library it was linked against reports a failure from its
+    C SSL_CTX_set_cipher_list() API.
+  - gh-117178: Fix regression in lazy loading of self-referential
+    modules, introduced in gh-114781.
+  - gh-117084: Fix zipfile extraction for directory entries with the
+    name containing backslashes on Windows.
+  - gh-117110: Fix a bug that prevents subclasses of typing.Any to
+    be instantiated with arguments. Patch by Chris Fu.
+  - gh-90872: On Windows, subprocess.Popen.wait() no longer calls
+    WaitForSingleObject() with a negative timeout: pass 0 ms if the
+    timeout is negative. Patch by Victor Stinner.
+  - gh-116957: configparser: Don’t leave ConfigParser values in an
+    invalid state (stored as a list instead of a str) after an
+    earlier read raised DuplicateSectionError or
+    DuplicateOptionError.
+  - gh-90095: Ignore empty lines and comments in .pdbrc
+  - gh-116764: Restore support of None and other false values in
+    urllib.parse functions parse_qs() and parse_qsl(). Also, they
+    now raise a TypeError for non-zero integers and non-empty
+    sequences.
+  - gh-116811: In PathFinder.invalidate_caches, delegate to
+    MetadataPathFinder.invalidate_caches.
+  - gh-116600: Fix repr() for global Flag members.
+  - gh-116484: Change automatically generated tkinter.Checkbutton
+    widget names to avoid collisions with automatically generated
+    tkinter.ttk.Checkbutton widget names within the same parent
+    widget.
+  - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on
+    opening named pipe.
+  - gh-116143: Fix a race in pydoc _start_server, eliminating a
+    window in which _start_server can return a thread that is
+    “serving” but without a docserver set.
+  - gh-116325: typing: raise SyntaxError instead of AttributeError
+    on forward references as empty strings.
+  - gh-90535: Fix support of interval values > 1 in
+    logging.TimedRotatingFileHandler for when='MIDNIGHT' and
+    when='Wx'.
+  - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on
+    WASI.
+  - Under wasmtime for WASI 0.2, these functions don’t pass
+    test_posix
+    (https://github.com/bytecodealliance/wasmtime/issues/7830).
+  - gh-88352: Fix the computation of the next rollover time in the
+    logging.TimedRotatingFileHandler handler. computeRollover() now
+    always returns a timestamp larger than the specified time and
+    works correctly during the DST change. doRollover() no longer
+    overwrite the already rolled over file, saving from data loss
+    when run at midnight or during repeated time at the DST change.
+  - gh-87115: Set __main__.__spec__ to None when running a script
+    with pdb
+  - gh-76511: Fix UnicodeEncodeError in email.Message.as_string()
+    that results when a message that claims to be in the ascii
+    character set actually has non-ascii characters. Non-ascii
+    characters are now replaced with the U+FFFD replacement
+    character, like in the replace error handler.
+  - gh-75988: Fixed unittest.mock.create_autospec() to pass the call
+    through to the wrapped object to return the real result.
+  - gh-115881: Fix issue where ast.parse() would incorrectly flag
+    conditional context managers (such as with (x() if y else z()):
+    ...) as invalid syntax if feature_version=(3, 8) was passed.
+    This reverts changes to the grammar made as part of gh-94949.
+  - gh-115886: Fix silent truncation of the name with an embedded
+    null character in multiprocessing.shared_memory.SharedMemory.
+  - gh-115809: Improve algorithm for computing which rolled-over log
+    files to delete in logging.TimedRotatingFileHandler. It is now
+    reliable for handlers without namer and with arbitrary
+    deterministic namer that leaves the datetime part in the file
+    name unmodified.
+  - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now
+    support bytes arguments containing raw and percent-encoded
+    non-ASCII data.
+  - gh-67044: csv.writer() now always quotes or escapes '\r' and
+    '\n', regardless of lineterminator value.
+  - gh-115712: csv.writer() now quotes empty fields if delimiter is
+    a space and skipinitialspace is true and raises exception if
+    quoting is not possible.
+  - gh-115618: Fix improper decreasing the reference count for None
+    argument in property methods getter(), setter() and deleter().
+  - gh-115570: A DeprecationWarning is no longer omitted on access
+    to the __doc__ attributes of the deprecated typing.io and
+    typing.re pseudo-modules.
+  - gh-112006: Fix inspect.unwrap() for types with the __wrapper__
+    data descriptor.
+  - gh-101293: Support callables with the __call__() method and
+    types with __new__() and __init__() methods set to class
+    methods, static methods, bound methods, partial functions, and
+    other types of methods and descriptors in
+    inspect.Signature.from_callable().
+  - gh-115392: Fix a bug in doctest where incorrect line numbers
+    would be reported for decorated functions.
+  - gh-114563: Fix several format() bugs when using the C
+    implementation of Decimal: * memory leak in some rare cases when
+    using the z format option (coerce negative 0) * incorrect output
+    when applying the z format option to type F (fixed-point with
+    capital NAN / INF) * incorrect output when applying the # format
+    option (alternate form)
+  - gh-115197: urllib.request no longer resolves the hostname before
+    checking it against the system’s proxy bypass list on macOS and
+    Windows.
+  - gh-115198: Fix support of Docutils >= 0.19 in distutils.
+  - gh-115165: Most exceptions are now ignored when attempting to
+    set the __orig_class__ attribute on objects returned when
+    calling typing generic aliases (including generic aliases
+    created using typing.Annotated). Previously only AttributeError
+    was ignored. Patch by Dave Shawley.
+  - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
+  - gh-115059: io.BufferedRandom.read1() now flushes the underlying
+    write buffer.
+  - gh-79382: Trailing ** no longer allows to match files and
+    non-existing paths in recursive glob().
+  - gh-114763: Protect modules loaded with importlib.util.LazyLoader
+    from race conditions when multiple threads try to access
+    attributes before the loading is complete.
+  - gh-97959: Fix rendering class methods, bound methods, method and
+    function aliases in pydoc. Class methods no longer have “method
+    of builtins.type instance” note. Corresponding notes are now
+    added for class and unbound methods. Method and function aliases
+    now have references to the module or the class where the origin
+    was defined if it differs from the current. Bound methods are
+    now listed in the static methods section. Methods of builtin
+    classes are now supported as well as methods of Python classes.
+  - gh-112281: Allow creating union of types for typing.Annotated
+    with unhashable metadata.
+  - gh-111775: Fix importlib.resources.simple.ResourceHandle.open()
+    for text mode, added missed stream argument.
+  - gh-90095: Make .pdbrc and -c work with any valid pdb commands.
+  - gh-107155: Fix incorrect output of help(x) where x is a lambda
+    function, which has an __annotations__ dictionary attribute with
+    a "return" key.
+  - gh-105866: Fixed _get_slots bug which caused error when defining
+    dataclasses with slots and a weakref_slot.
+  - gh-60346: Fix ArgumentParser inconsistent with parse_known_args.
+  - gh-100985: Update HTTPSConnection to consistently wrap IPv6
+    Addresses when using a proxy.
+  - gh-100884: email: fix misfolding of comma in address-lists over
+    multiple lines in combination with unicode encoding.
+  - gh-95782: Fix io.BufferedReader.tell(),
+    io.BufferedReader.seek(), _pyio.BufferedReader.tell(),
+    io.BufferedRandom.tell(), io.BufferedRandom.seek() and
+    _pyio.BufferedRandom.tell() being able to return negative
+    offsets.
+  - gh-96310: Fix a traceback in argparse when all options in a
+    mutually exclusive group are suppressed.
+  - gh-93205: Fixed a bug in
+    logging.handlers.TimedRotatingFileHandler where multiple
+    rotating handler instances pointing to files with the same name
+    but different extensions would conflict and not delete the
+    correct files.
+  - bpo-44865: Add missing call to localization function in
+    argparse.
+  - bpo-43952: Fix multiprocessing.connection.Listener.accept() to
+    accept empty bytes as authkey. Not accepting empty bytes as key
+    causes it to hang indefinitely.
+  - bpo-42125: linecache: get module name from __spec__ if
+    available. This allows getting source code for the __main__
+    module when a custom loader is used.
+  - gh-66543: Make mimetypes.guess_type() properly parsing of URLs
+    with only a host name, URLs containing fragment or query, and
+    filenames with only a UNC sharepoint on Windows. Based on patch
+    by Dong-hee Na.
+  - bpo-33775: Add ‘default’ and ‘version’ help text for
+    localization in argparse.
+  * Documentation
+  - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML
+    vulnerabilities”.
+  - gh-115233: Fix an example for LoggerAdapter in the Logging
+    Cookbook.
+  * Tests
+  - gh-83434: Disable JUnit XML output (--junit-xml=FILE command
+    line option) in regrtest when hunting for reference leaks (-R
+    option). Patch by Victor Stinner.
+  - gh-117187: Fix XML tests for vanilla Expat <2.6.0.
+  - gh-115979: Update test_importlib so that it passes under WASI
+    SDK 21.
+  - gh-116307: Added import helper isolated_modules as CleanImport
+    does not remove modules imported during the context.
+  - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of
+    the number of leaks found in each iteration.
+  - gh-115122: Add --bisect option to regrtest test runner: run
+    failed tests with test.bisect_cmd to identify failing tests.
+    Patch by Victor Stinner.
+  - gh-115596: Fix ProgramPriorityTests in test_os permanently
+    changing the process priority.
+  - gh-115198: Fix test_check_metadata_deprecate in distutils tests
+    with a newer Docutils.
+  * Build
+  - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI
+    0.2/preview2 primitives.
+  - gh-115167: Avoid vendoring vcruntime140_threads.dll when
+    building with Visual Studio 2022 version 17.8.
+  * Windows
+  - gh-116773: Fix instances of <_overlapped.Overlapped object at
+    0xXXX> still has pending operation at deallocation, the process
+    may crash.
+  - gh-91227: Fix the asyncio ProactorEventLoop implementation so
+    that sending a datagram to an address that is not listening does
+    not prevent receiving any more datagrams.
+  - gh-115554: The installer now has more strict rules about
+    updating the Python Launcher for Windows. In general, most users
+    only have a single launcher installed and will see no
+    difference. When multiple launchers have been installed, the
+    option to install the launcher is disabled until all but one
+    have been removed. Downgrading the launcher (which was never
+    allowed) is now more obviously blocked.
+  - gh-115543: Python Launcher for Windows can now detect Python
+    3.13 when installed from the Microsoft Store, and will install
+    Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set.
+  - gh-115009: Update Windows installer to use SQLite 3.45.1.
+  * IDLE
+  - gh-88516: On macOS show a proxy icon in the title bar of editor
+    windows to match platform behaviour.
+  * Tools/Demos
+  - gh-113516: Don’t set LDSHARED when building for WASI.
+  * C API
+  - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows
+    64-bit platforms.
+
+- Add reference to CVE-2024-0450 (bsc#1221854) to changelog.
+
+- Because of bsc#1189495 we have to revert use of %autopatch.
+
+- Rewrite %prep to use %autosetup et al. for compatibility with
+  rpm 4.20.
+
+- bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch
+  to eliminate ResourceWarning which broke the test suite in
+  test_asyncio.
+
+- Use the system-wide crypto-policies [bsc#1211301]
+  * Use the system default cipher list instead of hardcoded values
+  * Add the --with-ssl-default-suites=openssl configure option
+
+- (bsc#1219666, CVE-2023-6597) Add
+  CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from
+  gh#python/cpython!99930) fixing symlink bug in cleanup of
+  tempfile.TemporaryDirectory.
+
+- Remove double definition of /usr/bin/idle%%{version} in
+  %%files.
+
+- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
+  with Expat 2.6.0, gh#python/cpython#115289
+
+- Update to 3.11.8:
+  - Security
+  - gh-113659: Skip .pth files with names starting with a dot or
+    hidden file attribute.
+  - Core and Builtins
+  - gh-114887: Changed socket type validation in
+    create_datagram_endpoint() to accept all non-stream sockets.
+    This fixes a regression in compatibility with raw sockets.
+  - gh-114388: Fix a RuntimeWarning emitted when assign an
+    integer-like value that is not an instance of int to an
+    attribute that corresponds to a C struct member of type T_UINT
+    and T_ULONG. Fix a double RuntimeWarning emitted when assign a
+    negative integer value to an attribute that corresponds to a C
+    struct member of type T_UINT.
+  - gh-89811: Check for a valid tp_version_tag before performing
+    bytecode specializations that rely on this value being usable.
+  - gh-113602: Fix an error that was causing the parser to try to
+    overwrite existing errors and crashing in the process. Patch by
+    Pablo Galindo
+  - gh-113566: Fix a 3.11-specific crash when the repr of a Future
+    is requested after the module has already been
+    garbage-collected.
+  - gh-106905: Use per AST-parser state rather than global state to
+    track recursion depth within the AST parser to prevent potential
+    race condition due to simultaneous parsing.
+  - The issue primarily showed up in 3.11 by multithreaded users of
+    ast.parse(). In 3.12 a change to when garbage collection can be
+    triggered prevented the race condition from occurring.
+  - gh-112716: Fix SystemError in the import statement and in
+    __reduce__() methods of builtin types when __builtins__ is not a
+    dict.
+  - gh-105967: Workaround a bug in Apple’s macOS platform zlib
+    library where zlib.crc32() and binascii.crc32() could produce
+    incorrect results on multi-gigabyte inputs. Including when using
+    zipfile on zips containing large data.
+  - gh-94606: Fix UnicodeEncodeError when
+    email.message.get_payload() reads a message with a Unicode
+    surrogate character and the message content is not well-formed
+    for surrogateescape encoding. Patch by Sidney Markowitz.
+  - Library
+  - gh-114965: Update bundled pip to 24.0
+  - gh-114959: tarfile no longer ignores errors when trying to
+    extract a directory on top of a file.
+  - gh-109475: Fix support of explicit option value “–” in argparse
+    (e.g. --option=--).
+  - gh-110190: Fix ctypes structs with array on Windows ARM64
+    platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by
+    Diego Russo
+  - gh-113280: Fix a leak of open socket in rare cases when error
+    occurred in ssl.SSLSocket creation.
+  - gh-77749: email.policy.EmailPolicy.fold() now always encodes
+    non-ASCII characters in headers if utf8 is false.
+  - gh-114492: Make the result of termios.tcgetattr() reproducible
+    on Alpine Linux. Previously it could leave a random garbage in
+    some fields.
+  - gh-75128: Ignore an OSError in
+    asyncio.BaseEventLoop.create_server() when IPv6 is available but
+    the interface cannot actually support it.
+  - gh-114257: Dismiss the FileNotFound error in
+    ctypes.util.find_library() and just return None on Linux.
+  - gh-101438: Avoid reference cycle in ElementTree.iterparse. The
+    iterator returned by ElementTree.iterparse may hold on to a file
+    descriptor. The reference cycle prevented prompt clean-up of the
+    file descriptor if the returned iterator was not exhausted.
+  - gh-104522: OSError raised when run a subprocess now only has
+    filename attribute set to cwd if the error was caused by a
+    failed attempt to change the current directory.
+  - gh-109534: Fix a reference leak in
+    asyncio.selector_events.BaseSelectorEventLoop when SSL
+    handshakes fail. Patch contributed by Jamie Phan.
+  - gh-114077: Fix possible OverflowError in
+    socket.socket.sendfile() when pass count larger than 2 GiB on
+    32-bit platform.
+  - gh-114014: Fixed a bug in fractions.Fraction where an invalid
+    string using d in the decimals part creates a different error
+    compared to other invalid letters/characters. Patch by Jeremiah
+    Gabriel Pascual.
+  - gh-113951: Fix the behavior of tag_unbind() methods of
+    tkinter.Text and tkinter.Canvas classes with three arguments.
+    Previously, widget.tag_unbind(tag, sequence, funcid) destroyed
+    the current binding for sequence, leaving sequence unbound, and
+    deleted the funcid command. Now it removes only funcid from the
+    binding for sequence, keeping other commands, and deletes the
+    funcid command. It leaves sequence unbound only if funcid was
+    the last bound command.
+  - gh-113877: Fix tkinter method winfo_pathname() on 64-bit
+    Windows.
+  - gh-113781: Silence unraisable AttributeError when warnings are
+    emitted during Python finalization.
+  - gh-113594: Fix UnicodeEncodeError in email when re-fold lines
+    that contain unknown-8bit encoded part followed by
+    non-unknown-8bit encoded part.
+  - gh-113538: In asyncio.StreamReaderProtocol.connection_made(),
+    there is callback that logs an error if the task wrapping the
+    “connected callback” fails. This callback would itself fail if
+    the task was cancelled. Prevent this by checking whether the
+    task was cancelled first. If so, close the transport but don’t
+    log an error.
+  - gh-85567: Fix resource warnings for unclosed files in pickle and
+    pickletools command line interfaces.
+  - gh-101225: Increase the backlog for
+    multiprocessing.connection.Listener objects created by
+    multiprocessing.manager and multiprocessing.resource_sharer to
+    significantly reduce the risk of getting a connection refused
+    error when creating a multiprocessing.connection.Connection to
+    them.
+  - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends
+    webbrowser.open audit event.
+  - gh-113028: When a second reference to a string appears in the
+    input to pickle, and the Python implementation is in use, we are
+    guaranteed that a single copy gets pickled and a single object
+    is shared when reloaded. Previously, in protocol 0, when a
+    string contained certain characters (e.g. newline) it resulted
+    in duplicate objects.
+  - gh-113421: Fix multiprocessing logger for %(filename)s.
+  - gh-113358: Fix rendering tracebacks for exceptions with a broken
+    __getattr__.
+  - gh-113214: Fix an AttributeError during asyncio SSL protocol
+    aborts in SSL-over-SSL scenarios.
+  - gh-113246: Update bundled pip to 23.3.2.
+  - gh-113199: Make http.client.HTTPResponse.read1 and
+    http.client.HTTPResponse.readline close IO after reading all
+    data when content length is known. Patch by Illia Volochii.
+  - gh-113188: Fix shutil.copymode() and shutil.copystat() on
+    Windows. Previously they worked differenly if dst is a symbolic
+    link: they modified the permission bits of dst itself rather
+    than the file it points to if follow_symlinks is true or src is
+    not a symbolic link, and did not modify the permission bits if
+    follow_symlinks is false and src is a symbolic link.
+  - gh-61648: Detect line numbers of properties in doctests.
+  - gh-112559: signal.signal() and signal.getsignal() no longer call
+    repr on callable handlers. asyncio.run() and
+    asyncio.Runner.run() no longer call repr on the task results.
+    Patch by Yilei Yang.
+  - gh-110190: Fix ctypes structs with array on PPC64LE platform by
+    setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo.
+  - gh-79429: Ignore FileNotFoundError when remove a temporary
+    directory in the multiprocessing finalizer.
+  - gh-79325: Fix an infinite recursion error in
+    tempfile.TemporaryDirectory() cleanup on Windows.
+  - gh-110190: Fix ctypes structs with array on Arm platform by
+    setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo.
+  - gh-81194: Fix a crash in socket.if_indextoname() with specific
+    value (UINT_MAX). Fix an integer overflow in
+    socket.if_indextoname() on 64-bit non-Windows platforms.
+  - gh-75666: Fix the behavior of tkinter widget’s unbind() method
+    with two arguments. Previously, widget.unbind(sequence, funcid)
+    destroyed the current binding for sequence, leaving sequence
+    unbound, and deleted the funcid command. Now it removes only
+    funcid from the binding for sequence, keeping other commands,
+    and deletes the funcid command. It leaves sequence unbound only
+    if funcid was the last bound command.
+  - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in
+    tkinter._test().
+  - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now
+    raises BadZipFile when try to read an entry that overlaps with
+    other entry or central directory (bsc#1221854, CVE-2024-0450).
+  - gh-38807: Fix race condition in trace. Instead of checking if a
+    directory exists and creating it, directly call os.makedirs()
+    with the kwarg exist_ok=True.
+  - gh-75705: Set unixfrom envelope in mailbox.mbox and
+    mailbox.MMDF.
+  - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure
+    when the system endianness is the opposite of the classes.
+  - gh-104282: Fix null pointer dereference in
+    lzma._decode_filter_properties() due to improper handling of BCJ
+    filters with properties of zero length. Patch by Radislav
+    Chugunov.
+  - gh-102512: When os.fork() is called from a foreign thread (aka
+    _DummyThread), the type of the thread in a child process is
+    changed to _MainThread. Also changed its name and daemonic
+    status, it can be now joined.
+  - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup,
+    which now no longer dereferences symlinks when working around
+    file system permission errors.
+  - bpo-43153: On Windows, tempfile.TemporaryDirectory previously
+    masked a PermissionError with NotADirectoryError during
+    directory cleanup. It now correctly raises PermissionError if
+    errors are not ignored. Patch by Andrei Kulakov and Ken Jin.
+  - bpo-35332: The shutil.rmtree() function now ignores errors when
+    calling os.close() when ignore_errors is True, and os.close() no
+    longer retried after error.
+  - bpo-35928: io.TextIOWrapper now correctly handles the decoding
+    buffer after read() and write().
+  - bpo-26791: shutil.move() now moves a symlink into a directory
+    when that directory is the target of the symlink. This provides
+    the same behavior as the mv shell command. The previous behavior
+    raised an exception. Patch by Jeffrey Kintscher.
+  - bpo-36959: Fix some error messages for invalid ISO format string
+    combinations in strptime() that referred to directives not
+    contained in the format string. Patch by Gordon P. Hemsley.
+  - bpo-18060: Fixed a class inheritance issue that can cause
+    segfaults when deriving two or more levels of subclasses from a
+    base class of Structure or Union.
+  - Documentation
+  - gh-110746: Improved markup for valid options/values for methods
+    ttk.treeview.column and ttk.treeview.heading, and for Layouts.
+  - gh-95649: Document that the asyncio module contains code taken
+    from v0.16.0 of the uvloop project, as well as the required MIT
+    licensing information.
+  - Tests
+  - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS,
+    where system tar can include more information in the archive
+    than shutil.make_archive.
+  - gh-112769: The tests now correctly compare zlib version when
+    zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For
+    example zlib-ng defines the version as 1.3.0.zlib-ng.
+  - gh-105089: Fix
+    test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write
+    test in AIX by doing a bitwise AND of 0xFFFF on mode , so that
+    it will be in sync with zinfo.external_attr
+  - bpo-40648: Test modes that file can get with chmod() on Windows.
+  - Build
+  - gh-101778: Fix build error when there’s a dangling symlink in
+    the directory containing ffi.h.
+  - gh-112305: Fixed the check-clean-src step performed on out of
+    tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h
+    files and recommend appropriate source tree cleanup steps to get
+    a working build again.
+  - bpo-11102: The os.major(), os.makedev(), and os.minor()
+    functions are now available on HP-UX v3.
+  - bpo-36351: Do not set ipv6type when cross-compiling.
+  - IDLE
+  - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and
+    ‘object’.
+  - gh-72284: Improve the lists of features, editor key bindings,
+    and shell key bingings in the IDLE doc.
+  - gh-113903: Fix rare failure of test.test_idle, in
+    test_configdialog.
+  - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and
+    3.12.1.
+  - gh-113269: Fix test_editor hang on macOS Catalina.
+  - gh-112898: Fix processing unsaved files when quitting IDLE on
+    macOS.
+  - gh-103820: Revise IDLE bindings so that events from mouse button
+    4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not
+    mistaken for scrolling.
+  - bpo-13586: Enter the selected text when opening the “Replace”
+    dialog.
+  - Tools/Demos
+  - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and
+    multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1.
+  - gh-115015: Fix a bug in Argument Clinic that generated incorrect
+    code for methods with no parameters that use the METH_METHOD |
+    METH_FASTCALL | METH_KEYWORDS calling convention. Only the
+    positional parameter count was checked; any keyword argument
+    passed would be silently accepted.
+- Refresh all patches:
+  - CVE-2023-27043-email-parsing-errors.patch
+  - F00251-change-user-install-location.patch
+  - bpo-31046_ensurepip_honours_prefix.patch
+  - distutils-reproducible-compile.patch
+  - fix_configure_rst.patch
+  - python-3.3.0b1-fix_date_time_compiler.patch
+  - python-3.3.0b1-localpath.patch
+  - python-3.3.0b1-test-posix_fadvise.patch
+  - skip_if_buildbot-extend.patch
+  - subprocess-raise-timeout.patch
+  - support-expat-CVE-2022-25236-patched.patch
+
+- Update patch fix_configure_rst.patch
+- Update to 3.11.7:
+  - Core and Builtins
+  - gh-112625: Fixes a bug where a bytearray object could be cleared
+    while iterating over an argument in the bytearray.join() method
+    that could result in reading memory after it was freed.
+  - gh-112388: Fix an error that was causing the parser to try to
+    overwrite tokenizer errors. Patch by pablo Galindo
+  - gh-112387: Fix error positions for decoded strings with
+    backwards tokenize errors. Patch by Pablo Galindo
+  - gh-112266: Change docstrings of __dict__ and __weakref__.
+  - gh-109181: Speed up Traceback object creation by lazily compute
+    the line number. Patch by Pablo Galindo
+  - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004
+    codecs read out of bounds
+  - gh-111366: Fix an issue in the codeop that was causing
+    SyntaxError exceptions raised in the presence of invalid syntax
+    to not contain precise error messages. Patch by Pablo Galindo
+  - gh-111380: Fix a bug that was causing SyntaxWarning to appear
+    twice when parsing if invalid syntax is encountered later. Patch
+    by Pablo galindo
+  - gh-88116: Traceback location ranges involving wide unicode
+    characters (like emoji and asian characters) now are properly
+    highlighted. Patch by Batuhan Taskaya and Pablo Galindo.
+  - gh-94438: Fix a regression that prevented jumping across is None
+    and is not None when debugging. Patch by Savannah Ostrowski.
+  - gh-110696: Fix incorrect error message for invalid argument
+    unpacking. Patch by Pablo Galindo
+  - gh-110237: Fix missing error checks for calls to PyList_Append
+    in _PyEval_MatchClass.
+  - gh-109216: Fix possible memory leak in BUILD_MAP.
+  - Library
+  - gh-112618: Fix a caching bug relating to typing.Annotated.
+    Annotated[str, True] is no longer identical to Annotated[str,
+    1].
+  - gh-112509: Fix edge cases that could cause a key to be present
+    in both the __required_keys__ and __optional_keys__ attributes
+    of a typing.TypedDict. Patch by Jelle Zijlstra.
+  - gh-94722: Fix bug where comparison between instances of DocTest
+    fails if one of them has None as its lineno.
+  - gh-112105: Make readline.set_completer_delims() work with
+    libedit
+  - gh-111942: Fix SystemError in the TextIOWrapper constructor with
+    non-encodable “errors” argument in non-debug mode.
+  - gh-109538: Issue warning message instead of having RuntimeError
+    be displayed when event loop has already been closed at
+    StreamWriter.__del__().
+  - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when
+    pass invalid arguments, e.g. non-string encoding.
+  - gh-111804: Remove posix.fallocate() under WASI as the underlying
+    posix_fallocate() is not available in WASI preview2.
+  - gh-111841: Fix truncating arguments on an embedded null
+    character in os.putenv() and os.unsetenv() on Windows.
+  - gh-111541: Fix doctest for SyntaxError not-builtin subclasses.
+  - gh-110894: Call loop exception handler for exceptions in
+    client_connected_cb of asyncio.start_server() so that
+    applications can handle it. Patch by Kumar Aditya.
+  - gh-111531: Fix reference leaks in bind_class() and bind_all()
+    methods of tkinter widgets.
+  - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and
+    io.IncrementalNewlineDecoder to io.__all__.
+  - gh-68166: Remove mention of not supported “vsapi” element type
+    in tkinter.ttk.Style.element_create(). Add tests for
+    element_create() and other ttk.Style methods. Add examples for
+    element_create() in the documentation.
+  - gh-111251: Fix _blake2 not checking for errors when
+    initializing.
+  - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly
+    for empty BytesIO.
+  - gh-111187: Postpone removal version for
+    locale.getdefaultlocale() to Python 3.15.
+  - gh-111159: Fix doctest output comparison for exceptions with
+    notes.
+  - gh-110910: Fix invalid state handling in asyncio.TaskGroup and
+    asyncio.Timeout. They now raise proper RuntimeError if they are
+    improperly used and are left in consistent state after this.
+  - gh-111092: Make turtledemo run without default root enabled.
+  - gh-110590: Fix a bug in _sre.compile() where TypeError would be
+    overwritten by OverflowError when the code argument was a list
+    of non-ints.
+  - gh-65052: Prevent pdb from crashing when trying to display
+    undisplayable objects
+  - gh-110519: Deprecation warning about non-integer number in
+    gettext now alwais refers to the line in the user code where
+    gettext function or method is used. Previously it could refer to
+    a line in gettext code.
+  - gh-110378: contextmanager() and asynccontextmanager() context
+    managers now close an invalid underlying generator object that
+    yields more then one value.
+  - gh-110365: Fix termios.tcsetattr() bug that was overwritting
+    existing errors during parsing integers from term list.
+  - gh-110196: Add __reduce__ method to IPv6Address in order to keep
+    scope_id
+  - gh-109747: Improve errors for unsupported look-behind patterns.
+    Now re.error is raised instead of OverflowError or RuntimeError
+    for too large width of look-behind pattern.
+  - gh-109786: Fix possible reference leaks and crash when re-enter
+    the __next__() method of itertools.pairwise.
+  - gh-108791: Improved error handling in pdb command line
+    interface, making it produce more concise error messages.
+  - gh-73561: Omit the interface scope from an IPv6 address when
+    used as Host header by http.client.
+  - gh-86826: zipinfo now supports the full range of values in the
+    TZ string determined by RFC 8536 and detects all invalid
+    formats. Both Python and C implementations now raise exceptions
+    of the same type on invalid data.
+  - bpo-41422: Fixed memory leaks of pickle.Pickler and
+    pickle.Unpickler involving cyclic references via the internal
+    memo mapping.
+  - bpo-40262: The ssl.SSLSocket.recv_into() method no longer
+    requires the buffer argument to implement __len__ and supports
+    buffers with arbitrary item size.
+  - bpo-35191: Fix unexpected integer truncation in
+    socket.setblocking() which caused it to interpret multiples of
+    2**32 as False.
+  - Documentation
+  - gh-108826: dis module command-line interface is now mentioned in
+    documentation.
+  - Tests
+  - gh-110367: Make regrtest --verbose3 option compatible with
+  - -huntrleaks -jN options. The ./python -m test -j1 -R 3:3
+  - -verbose3 command now works as expected. Patch by Victor
+    Stinner.
+  - gh-111309: distutils tests can now be run via unittest.
+  - gh-111165: Remove no longer used functions run_unittest() and
+    run_doctest() and class BasicTestRunner from the test.support
+    module.
+  - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment
+    variable is defined: use the variable value as the random seed.
+    Patch by Victor Stinner.
+  - gh-110995: test_gdb: Fix detection of gdb built without Python
+    scripting support. Patch by Victor Stinner.
+  - gh-110918: Test case matching patterns specified by options
+  - -match, --ignore, --matchfile and --ignorefile are now tested
+    in the order of specification, and the last match determines
+    whether the test case be run or ignored.
+  - gh-110647: Fix test_stress_modifying_handlers() of test_signal.
+    Patch by Victor Stinner.
+  - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make
+    distclean” instead of “make clean” in the copied source
+    directory to remove also the “python” program. Patch by Victor
+    Stinner.
+  - gh-110167: Fix a deadlock in test_socket when server fails with
+    a timeout but the client is still running in its thread. Don’t
+    hold a lock to call cleanup functions in doCleanups(). One of
+    the cleanup function waits until the client completes, whereas
+    the client could deadlock if it called addCleanup() in such
+    situation. Patch by Victor Stinner.
+  - gh-110388: Add tests for tty.
+  - gh-81002: Add tests for termios.
+  - gh-110267: Add tests for pickling and copying PyStructSequence
+    objects. Patched by Xuehai Pan.
+  - gh-109974: Fix race conditions in test_threading lock tests.
+    Wait until a condition is met rather than using time.sleep()
+    with a hardcoded number of seconds. Patch by Victor Stinner.
+  - gh-109972: Split test_gdb.py file into a test_gdb package made
+    of multiple tests, so tests can now be run in parallel. Patch by
+    Victor Stinner.
+  - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on
+    Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt”
+    command output to detect when gdb fails to retrieve the
+    traceback. For example, skip a test if Backtrace stopped: frame
+    did not save the PC is found. Patch by Victor Stinner.
+  - gh-108927: Fixed order dependence in running tests in the same
+    process when a test that has submodules (e.g. test_importlib)
+    follows a test that imports its submodule (e.g.
+    test_importlib.util) and precedes a test (e.g. test_unittest or
+    test_compileall) that uses that submodule.
+  - Build
+  - gh-103053: “make check-clean-src” now also checks if the
+    “python” program is found in the source directory: fail with an
+    error if it does exist. Patch by Victor Stinner.
+  - gh-109191: Fix compile error when building with recent versions
+    of libedit.
+  - IDLE
+  - bpo-35668: Add docstrings to the IDLE debugger module. Fix two
+    bugs: initialize Idb.botframe (should be in Bdb); in
+    Idb.in_rpc_code, check whether prev_frame is None before trying
+    to use it. Greatly expand test_debugger.
+  - C API
+  - gh-112438: Fix support of format units “es”, “et”, “es#”, and
+    “et#” in nested tuples in PyArg_ParseTuple()-like functions.
+  - gh-109521: PyImport_GetImporter() now sets RuntimeError if it
+    fails to get sys.path_hooks or sys.path_importer_cache or they
+    are not list and dict correspondingly. Previously it could
+    return NULL without setting error in obscure cases, crash or
+    raise SystemError if these attributes have wrong type.
+
+- Refresh CVE-2023-27043-email-parsing-errors.patch to
+  gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
+- Thus we can remove Revert-gh105127-left-tests.patch, which is
+  now useless.
+
+- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch
+- Refresh patches:
+  - bpo-31046_ensurepip_honours_prefix.patch
+  - fix_configure_rst.patch
+- Update to 3.11.6:
+  - Core and Builtins
+  - gh-109351: Fix crash when compiling an invalid AST involving a
+    named (walrus) expression.
+  - gh-109207: Fix a SystemError in __repr__ of symtable entry
+    object.
+  - gh-109179: Fix bug where the C traceback display drops notes
+    from SyntaxError.
+  - gh-88943: Improve syntax error for non-ASCII character that
+    follows a numerical literal. It now points on the invalid
+    non-ASCII character, not on the valid numerical literal.
+  - gh-108959: Fix caret placement for error locations for subscript
+    and binary operations that involve non-semantic parentheses and
+    spaces. Patch by Pablo Galindo
+  - gh-108520: Fix
+    multiprocessing.synchronize.SemLock.__setstate__() to properly
+    initialize multiprocessing.synchronize.SemLock._is_fork_ctx.
+    This fixes a regression when passing a SemLock accross nested
+    processes.
+  - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to
+    multiprocessing.synchronize.SemLock._is_fork_ctx to avoid
+    exposing it as public API.
+  - Library
+  - gh-110036: On Windows, multiprocessing Popen.terminate() now
+    catchs PermissionError and get the process exit code. If the
+    process is still running, raise again the PermissionError.
+    Otherwise, the process terminated as expected: store its exit
+    code. Patch by Victor Stinner.
+  - gh-110038: Fixed an issue that caused KqueueSelector.select() to
+    not return all the ready events in some cases when a file
+    descriptor is registered for both read and write.
+  - gh-109631: re functions such as re.findall(), re.split(),
+    re.search() and re.sub() which perform short repeated matches
+    can now be interrupted by user.
+  - gh-109593: Avoid deadlocking on a reentrant call to the
+    multiprocessing resource tracker. Such a reentrant call, though
+    unlikely, can happen if a GC pass invokes the finalizer for a
+    multiprocessing object such as SemLock.
+  - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for
+    exceptions. Previously, on Python built in debug mode, these
+    functions could trigger a fatal Python error (and abort the
+    process) when a function succeeded with an exception set. Patch
+    by Victor Stinner.
+  - gh-109375: The pdb alias command now prevents registering
+    aliases without arguments.
+  - gh-107219: Fix a race condition in concurrent.futures. When a
+    process in the process pool was terminated abruptly (while the
+    future was running or pending), close the connection write end.
+    If the call queue is blocked on sending bytes to a worker
+    process, closing the connection write end interrupts the send,
+    so the queue can be closed. Patch by Victor Stinner.
+  - gh-50644: Attempts to pickle or create a shallow or deep copy of
+    codecs streams now raise a TypeError. Previously, copying failed
+    with a RecursionError, while pickling produced wrong results
+    that eventually caused unpickling to fail with a RecursionError.
+  - gh-108987: Fix _thread.start_new_thread() race condition. If a
+    thread is created during Python finalization, the newly spawned
+    thread now exits immediately instead of trying to access freed
+    memory and lead to a crash. Patch by Victor Stinner.
+  - gh-108843: Fix an issue in ast.unparse() when unparsing
+    f-strings containing many quote types.
+  - gh-108682: Enum: raise TypeError if super().__new__() is called
+    from a custom __new__.
+  - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock
+  - gh-64662: Fix support for virtual tables in
+    sqlite3.Connection.iterdump(). Patch by Aviv Palivoda.
+  - gh-107913: Fix possible losses of errno and winerror values in
+    OSError exceptions if they were cleared or modified by the
+    cleanup code before creating the exception object.
+  - gh-104372: On Linux where subprocess can use the vfork() syscall
+    for faster spawning, prevent the parent process from blocking
+    other threads by dropping the GIL while it waits for the
+    vfork’ed child process exec() outcome. This prevents spawning a
+    binary from a slow filesystem from blocking the rest of the
+    application.
+  - gh-84867: unittest.TestLoader no longer loads test cases from
+    exact unittest.TestCase and unittest.FunctionTestCase classes.
+  - Documentation
+  - gh-109209: The minimum Sphinx version required for the
+    documentation is now 4.2.
+  - gh-105052: Update timeit doc to specify that time in seconds is
+    just the default.
+  - gh-102823: Document the return type of x // y when x and y have
+    type float.
+  - Tests
+  - gh-110031: Skip test_threading tests using thread+fork if Python
+    is built with Address Sanitizer (ASAN). Patch by Victor Stinner.
+  - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum
+    duration, a test should not measure a CI performance. Only
+    measure the minimum duration when a task has a timeout or delay.
+    Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner.
+  - gh-110033: Fix test_interprocess_signal() of test_signal. Make
+    sure that the subprocess.Popen object is deleted before the test
+    raising an exception in a signal handler. Otherwise,
+    Popen.__del__() can get the exception which is logged as
+    Exception ignored in: ... and the test fails. Patch by Victor
+    Stinner.
+  - gh-109594: Fix test_timeout() of
+    test_concurrent_futures.test_wait. Remove the future which may
+    or may not complete depending if it takes longer than the
+    timeout ot not. Keep the second future which does not complete
+    before wait() timeout. Patch by Victor Stinner.
+  - gh-109748: Fix test_zippath_from_non_installed_posix() of
+    test_venv: don’t copy __pycache__/ sub-directories, because they
+    can be modified by other Python tests running in parallel. Patch
+    by Victor Stinner.
+  - gh-103053: Skip test_freeze_simple_script() of
+    test_tools.test_freeze if Python is built with ./configure
+  - -enable-optimizations, which means with Profile Guided
+    Optimization (PGO): it just makes the test too slow. The freeze
+    tool is tested by many other CIs with other (faster) compiler
+    flags. Patch by Victor Stinner.
+  - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a
+    longer key: FIPS mode requires at least of at least 112 bits.
+    The previous key was only 32 bits. Patch by Victor Stinner.
+  - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on
+    Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt”
+    command output to detect when gdb fails to retrieve the
+    traceback. For example, skip a test if Backtrace stopped: frame
+    did not save the PC is found. Patch by Victor Stinner.
+  - gh-109237: Fix test_site.test_underpth_basic() when the working
+    directory contains at least one non-ASCII character: encode the
+    ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for
+    the child process stdout. Patch by Victor Stinner.
+  - gh-109230: Fix test_pyexpat.test_exception(): it can now be run
+    from a directory different than Python source code directory.
+    Before, the test failed in this case. Skip the test if
+    Modules/pyexpat.c source is not available. Skip also the test on
+    Python implementations other than CPython. Patch by Victor
+    Stinner.
+  - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests
+    on FreeBSD if the TCP blackhole is enabled (sysctl
+    net.inet.tcp.blackhole). Skip the few tests which failed with
+    ETIMEDOUT which such non standard configuration. Currently, the
+    FreeBSD GCP image enables TCP and UDP blackhole (sysctl
+    net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1).
+    Patch by Victor Stinner.
+  - gh-91960: Skip test_gdb if gdb is unable to retrieve Python
+    frame objects: if a frame is <optimized out>. When Python is
+    built with “clang -Og”, gdb can fail to retrive the frame
+    parameter of _PyEval_EvalFrameDefault(). In this case, tests
+    like py_bt() are likely to fail. Without getting access to
+    Python frames, python-gdb.py is mostly clueless on retrieving
+    the Python traceback. Moreover, test_gdb is no longer skipped on
+    macOS if Python is built with Clang. Patch by Victor Stinner.
+  - gh-108962: Skip test_tempfile.test_flags() if chflags() fails
+    with “OSError: [Errno 45] Operation not supported” (ex: on
+    FreeBSD 13). Patch by Victor Stinner.
+  - gh-89392: Removed support of test_main() function in tests. They
+    now always use normal unittest test runner.
+  - gh-108851: Fix test_tomllib recursion tests for WASI buildbots:
+    reduce the recursion limit and compute the maximum nested
+    array/dict depending on the current available recursion limit.
+    Patch by Victor Stinner.
+  - gh-108851: Add get_recursion_available() and
+    get_recursion_depth() functions to the test.support module.
+    Patch by Victor Stinner.
+  - gh-108822: regrtest now computes statistics on all tests:
+    successes, failures and skipped. test_netrc, test_pep646_syntax
+    and test_xml_etree now return results in their test_main()
+    function. Patch by Victor Stinner and Alex Waygood.
+  - gh-108388: Convert test_concurrent_futures to a package of 7
+    sub-tests. Patch by Victor Stinner.
+  - gh-108388: Split test_multiprocessing_fork,
+    test_multiprocessing_forkserver and test_multiprocessing_spawn
+    into test packages. Each package is made of 4 sub-tests:
+    processes, threads, manager and misc. It allows running more
+    tests in parallel and so reduce the total test duration. Patch
+    by Victor Stinner.
+  - gh-101634: When running the Python test suite with -jN option,
+    if a worker stdout cannot be decoded from the locale encoding
+    report a failed testn so the exitcode is non-zero. Patch by
+    Victor Stinner.
+  - gh-100086: The Python test runner (libregrtest) now logs Python
+    build information like “debug” vs “release” build, or LTO and
+    PGO optimizations. Patch by Victor Stinner.
+  - gh-98903: The Python test suite now fails wit exit code 4 if no
+    tests ran. It should help detecting typos in test names and test
+    methods.
+  - gh-95027: On Windows, when the Python test suite is run with the
+  - jN option, the ANSI code page is now used as the encoding for
+    the stdout temporary file, rather than using UTF-8 which can
+    lead to decoding errors. Patch by Victor Stinner.
+  - gh-93353: regrtest now checks if a test leaks temporary files or
+    directories if run with -jN option. Patch by Victor Stinner.
+  - Build
+  - gh-63760: Fix Solaris build: no longer redefine the
+    gethostname() function. Solaris defines the function since 2005.
+    Patch by Victor Stinner, original patch by Jakub Kulík.
+  - gh-108740: Fix a race condition in make regen-all. The
+    deepfreeze.c source and files generated by Argument Clinic are
+    now generated or updated before generating “global objects”.
+    Previously, some identifiers may miss depending on the order in
+    which these files were generated. Patch by Victor Stinner.
+  - Windows
+  - gh-109991: Update Windows build to use OpenSSL 3.0.11.
+  - gh-107565: Update Windows build to use OpenSSL 3.0.10.
+  - macOS
+  - gh-109991: Update macOS installer to use OpenSSL 3.0.11.
+  - Tools/Demos
+  - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and
+    multissltests to use 1.1.1w, 3.0.11, and 3.1.3.
+
python312
+- Add CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to fix tests with
+  patched libexpat below 2.6.0 that doesn't update the version number,
+  just in 15.6.
+- Drop libexpat260.patch, not needed anymore. This patch is merged
+  with the CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to keep
+  working on 15.6.
+- Add fix-test-recursion-limit-15.6.patch, gh#python/cpython#115083.
+
+- Update to 3.12.3:
+  - Security
+  - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
+    (CVE-2023-52425, bsc#1219559) by adding five new methods:
+    xml.etree.ElementTree.XMLParser.flush()
+    xml.etree.ElementTree.XMLPullParser.flush()
+    xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
+    xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
+    xml.sax.expatreader.ExpatParser.flush()
+  - gh-115399: Update bundled libexpat to 2.6.0 (bsc#1222075)
+  - gh-115243: Fix possible crashes in
+    collections.deque.index() when the deque is concurrently
+    modified.
+  - gh-114572: ssl.SSLContext.cert_store_stats() and
+    ssl.SSLContext.get_ca_certs() now correctly lock access to
+    the certificate store, when the ssl.SSLContext is shared
+    across multiple threads.
+  - Core and Builtins
+  - gh-109120: Added handle of incorrect star expressions, e.g
+    f(3, *). Patch by Grigoryev Semyon
+  - gh-99108: Updated the hashlib built-in HACL* project C code
+    from upstream that we use for many implementations when
+    they are not present via OpenSSL in a given build. This
+    also avoids the rare potential for a C symbol name one
+    definition rule linking issue.
+  - gh-116735: For INSTRUMENTED_CALL_FUNCTION_EX, set arg0 to
+    sys.monitoring.MISSING instead of None for CALL event.
+  - gh-113964: Starting new threads and process creation
+    through os.fork() are now only prevented once all
+    non-daemon threads exit.
+  - gh-116604: Respect the status of the garbage collector when
+    indirect calls are made via PyErr_CheckSignals() and the
+    evaluation breaker. Patch by Pablo Galindo
+  - gh-116626: Ensure INSTRUMENTED_CALL_FUNCTION_EX always
+    emits CALL
+  - gh-116296: Fix possible refleak in object.__reduce__()
+    internal error handling.
+  - gh-116034: Fix location of the error on a failed assertion.
+  - gh-115823: Properly calculate error ranges in the parser
+    when raising SyntaxError exceptions caused by invalid byte
+    sequences. Patch by Pablo Galindo
+  - gh-112087: For an empty reverse iterator for list will be
+    reduced to reversed(). Patch by Donghee Na.
+  - gh-115154: Fix a bug that was causing the
+    tokenize.untokenize() function to handle unicode named
+    literals incorrectly. Patch by Pablo Galindo
+  - gh-114828: Fix compilation crashes in uncommon code
+    examples using super() inside a comprehension in a class
+    body.
+  - gh-115011: Setters for members with an unsigned integer
+    type now support the same range of valid values for objects
+    that has a __index__() method as for int.
+  - gh-112215: Change the C recursion limits to more closely
+    reflect the underlying platform limits.
+  - gh-96497: Fix incorrect resolution of mangled class
+    variables used in assignment expressions in comprehensions.
+  - Library
+  - gh-117467: Preserve mailbox ownership when rewriting in
+    mailbox.mbox.flush(). Patch by Tony Mountifield.
+  - gh-117310: Fixed an unlikely early & extra Py_DECREF
+    triggered crash in ssl when creating a new _ssl._SSLContext
+    if CPython was built implausibly such that the
+    default cipher list is empty or the SSL library it
+    was linked against reports a failure from its C
+    SSL_CTX_set_cipher_list() API.
+  - gh-117178: Fix regression in lazy loading of
+    self-referential modules, introduced in gh-114781.
+  - gh-117084: Fix zipfile extraction for directory entries
+    with the name containing backslashes on Windows.
+  - gh-117110: Fix a bug that prevents subclasses of typing.Any
+    to be instantiated with arguments. Patch by Chris Fu.
+  - gh-90872: On Windows, subprocess.Popen.wait() no longer
+    calls WaitForSingleObject() with a negative timeout: pass 0
+    ms if the timeout is negative. Patch by Victor Stinner.
+  - gh-116957: configparser: Don’t leave ConfigParser values
+    in an invalid state (stored as a list instead of a str)
+    after an earlier read raised DuplicateSectionError or
+    DuplicateOptionError.
+  - gh-90095: Ignore empty lines and comments in .pdbrc
+  - gh-116764: Restore support of None and other false values
+    in urllib.parse functions parse_qs() and parse_qsl(). Also,
+    they now raise a TypeError for non-zero integers and
+    non-empty sequences.
+  - gh-116811: In PathFinder.invalidate_caches, delegate to
+    MetadataPathFinder.invalidate_caches.
+  - gh-116600: Fix repr() for global Flag members.
+  - gh-116484: Change automatically generated
+    tkinter.Checkbutton widget names to avoid collisions with
+    automatically generated tkinter.ttk.Checkbutton widget
+    names within the same parent widget.
+  - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on
+    opening named pipe.
+  - gh-116143: Fix a race in pydoc _start_server, eliminating a
+    window in which _start_server can return a thread that is
+    “serving” but without a docserver set.
+  - gh-116325: typing: raise SyntaxError instead of
+    AttributeError on forward references as empty strings.
+  - gh-90535: Fix support of interval values > 1 in
+    logging.TimedRotatingFileHandler for when='MIDNIGHT' and
+    when='Wx'.
+  - gh-115978: Disable preadv(), readv(), pwritev(), and
+    writev() on WASI.
+  - Under wasmtime for WASI 0.2, these
+    functions don’t pass test_posix
+    (https://github.com/bytecodealliance/wasmtime/issues/7830).
+  - gh-88352: Fix the computation of the next rollover
+    time in the logging.TimedRotatingFileHandler handler.
+    computeRollover() now always returns a timestamp larger
+    than the specified time and works correctly during the DST
+    change. doRollover() no longer overwrite the already rolled
+    over file, saving from data loss when run at midnight or
+    during repeated time at the DST change.
+  - gh-87115: Set __main__.__spec__ to None when running a
+    script with pdb
+  - gh-76511: Fix UnicodeEncodeError in
+    email.Message.as_string() that results when a message
+    that claims to be in the ascii character set actually has
+    non-ascii characters. Non-ascii characters are now replaced
+    with the U+FFFD replacement character, like in the replace
+    error handler.
+  - gh-116040: [Enum] fix by-value calls when second value is
+    falsey; e.g. Cardinal(1, 0)
+  - gh-75988: Fixed unittest.mock.create_autospec() to pass
+    the call through to the wrapped object to return the real
+    result.
+  - gh-115881: Fix issue where ast.parse() would incorrectly
+    flag conditional context managers (such as with (x() if y
+    else z()): ...) as invalid syntax if feature_version=(3,
+    8) was passed. This reverts changes to the grammar made as
+    part of gh-94949.
+  - gh-115886: Fix silent truncation of the
+    name with an embedded null character in
+    multiprocessing.shared_memory.SharedMemory.
+  - gh-115809: Improve algorithm for computing
+    which rolled-over log files to delete in
+    logging.TimedRotatingFileHandler. It is now reliable for
+    handlers without namer and with arbitrary deterministic
+    namer that leaves the datetime part in the file name
+    unmodified.
+  - gh-74668: urllib.parse functions parse_qs() and
+    parse_qsl() now support bytes arguments containing raw and
+    percent-encoded non-ASCII data.
+  - gh-67044: csv.writer() now always quotes or escapes '\r'
+    and '\n', regardless of lineterminator value.
+  - gh-115712: csv.writer() now quotes empty fields if
+    delimiter is a space and skipinitialspace is true and
+    raises exception if quoting is not possible.
+  - gh-112364: Fixed ast.unparse() to handle format_spec with
+    ", ' or \\. Patched by Frank Hoffmann.
+  - gh-111358: Fix a bug in
+    asyncio.BaseEventLoop.shutdown_default_executor() to ensure
+    the timeout passed to the coroutine behaves as expected.
+  - gh-115618: Fix improper decreasing the reference count for
+    None argument in property methods getter(), setter() and
+    deleter().
+  - gh-115570: A DeprecationWarning is no longer omitted
+    on access to the __doc__ attributes of the deprecated
+    typing.io and typing.re pseudo-modules.
+  - gh-112006: Fix inspect.unwrap() for types with the
+    __wrapper__ data descriptor.
+  - gh-101293: Support callables with the __call__() method
+    and types with __new__() and __init__() methods set to
+    class methods, static methods, bound methods, partial
+    functions, and other types of methods and descriptors in
+    inspect.Signature.from_callable().
+  - gh-115392: Fix a bug in doctest where incorrect line
+    numbers would be reported for decorated functions.
+  - gh-114563: Fix several format() bugs when using the C
+    implementation of Decimal: * memory leak in some rare
+    cases when using the z format option (coerce negative 0) *
+    incorrect output when applying the z format option to type
+    F (fixed-point with capital NAN / INF) * incorrect output
+    when applying the # format option (alternate form)
+  - gh-115197: urllib.request no longer resolves the hostname
+    before checking it against the system’s proxy bypass list
+    on macOS and Windows.
+  - gh-115165: Most exceptions are now ignored when attempting
+    to set the __orig_class__ attribute on objects returned
+    when calling typing generic aliases (including generic
+    aliases created using typing.Annotated). Previously only
+    AttributeError was ignored. Patch by Dave Shawley.
+  - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
+  - gh-115059: io.BufferedRandom.read1() now flushes the
+    underlying write buffer.
+  - gh-79382: Trailing ** no longer allows to match files and
+    non-existing paths in recursive glob().
+  - gh-114071: Support tuple subclasses using auto() for enum
+    member value.
+  - gh-114763: Protect modules loaded with
+    importlib.util.LazyLoader from race conditions when
+    multiple threads try to access attributes before the
+    loading is complete.
+  - gh-97959: Fix rendering class methods, bound methods,
+    method and function aliases in pydoc. Class methods
+    no longer have “method of builtins.type instance”
+    note. Corresponding notes are now added for class and
+    unbound methods. Method and function aliases now have
+    references to the module or the class where the origin
+    was defined if it differs from the current. Bound methods
+    are now listed in the static methods section. Methods of
+    builtin classes are now supported as well as methods of
+    Python classes.
+  - gh-112281: Allow creating union of types for
+    typing.Annotated with unhashable metadata.
+  - gh-111775: Fix
+    importlib.resources.simple.ResourceHandle.open() for text
+    mode, added missed stream argument.
+  - gh-90095: Make .pdbrc and -c work with any valid pdb
+    commands.
+  - gh-107155: Fix incorrect output of help(x) where x is a
+    lambda function, which has an __annotations__ dictionary
+    attribute with a "return" key.
+  - gh-105866: Fixed _get_slots bug which caused error when
+    defining dataclasses with slots and a weakref_slot.
+  - gh-60346: Fix ArgumentParser inconsistent with
+    parse_known_args.
+  - gh-100985: Update HTTPSConnection to consistently wrap IPv6
+    Addresses when using a proxy.
+  - gh-100884: email: fix misfolding of comma in address-lists
+    over multiple lines in combination with unicode encoding.
+  - gh-95782: Fix io.BufferedReader.tell(),
+    io.BufferedReader.seek(), _pyio.BufferedReader.tell(),
+    io.BufferedRandom.tell(), io.BufferedRandom.seek() and
+    _pyio.BufferedRandom.tell() being able to return negative
+    offsets.
+  - gh-96310: Fix a traceback in argparse when all options in a
+    mutually exclusive group are suppressed.
+  - gh-93205: Fixed a bug in
+    logging.handlers.TimedRotatingFileHandler where multiple
+    rotating handler instances pointing to files with the same
+    name but different extensions would conflict and not delete
+    the correct files.
+  - bpo-44865: Add missing call to localization function in
+    argparse.
+  - bpo-43952: Fix multiprocessing.connection.Listener.accept()
+    to accept empty bytes as authkey. Not accepting empty bytes
+    as key causes it to hang indefinitely.
+  - bpo-42125: linecache: get module name from __spec__ if
+    available. This allows getting source code for the __main__
+    module when a custom loader is used.
+  - gh-66543: Make mimetypes.guess_type() properly parsing
+    of URLs with only a host name, URLs containing fragment
+    or query, and filenames with only a UNC sharepoint on
+    Windows. Based on patch by Dong-hee Na.
+  - bpo-33775: Add ‘default’ and ‘version’ help text for
+    localization in argparse.
+  - Documentation
+  - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under
+    “XML vulnerabilities”.
+  - gh-115233: Fix an example for LoggerAdapter in the Logging
+    Cookbook.
+  - Tests
+  - gh-83434: Disable JUnit XML output (--junit-xml=FILE
+    command line option) in regrtest when hunting for reference
+    leaks (-R option). Patch by Victor Stinner.
+  - gh-117187: Fix XML tests for vanilla Expat <2.6.0.
+  - gh-116333: Tests of TLS related things (error codes, etc)
+    were updated to be more lenient about specific error
+    message strings and behaviors as seen in the BoringSSL and
+    AWS-LC forks of OpenSSL.
+  - gh-115979: Update test_importlib so that it passes under
+    WASI SDK 21.
+  - gh-112536: Add –tsan to test.regrtest for running TSAN
+    tests in reasonable execution times. Patch by Donghee Na.
+  - gh-116307: Added import helper isolated_modules as
+    CleanImport does not remove modules imported during the
+    context. Use it in importlib.resources tests to avoid
+    leaving mod around to impede importlib.metadata tests.
+  - gh-115720: Leak tests (-R, --huntrleaks) now show a summary
+    of the number of leaks found in each iteration.
+  - gh-115122: Add --bisect option to regrtest test runner:
+    run failed tests with test.bisect_cmd to identify failing
+    tests. Patch by Victor Stinner.
+  - gh-115596: Fix ProgramPriorityTests in test_os permanently
+    changing the process priority.
+  - Build
+  - gh-116313: Get WASI builds to work under wasmtime 18 w/
+    WASI 0.2/preview2 primitives.
+  - gh-116117: Backport libb2’s PR #42 to fix compiling CPython
+    on 32-bit Windows with clang-cl.
+  - gh-115167: Avoid vendoring vcruntime140_threads.dll when
+    building with Visual Studio 2022 version 17.8.
+  - gh-112536: Add support for thread sanitizer (TSAN)
+  - Windows
+  - gh-117267: Ensure DirEntry.stat().st_ctime behaves
+    consistently with os.stat() during the deprecation
+    period of st_ctime by containing the same value as
+    st_birthtime. After the deprecation period, st_ctime
+    will be the metadata change time (or unavailable through
+    DirEntry), and only st_birthtime will contain the creation
+    time.
+  - gh-116773: Fix instances of <_overlapped.Overlapped object
+    at 0xXXX> still has pending operation at deallocation, the
+    process may crash.
+  - gh-91227: Fix the asyncio ProactorEventLoop implementation
+    so that sending a datagram to an address that is not
+    listening does not prevent receiving any more datagrams.
+  - gh-115554: The installer now has more strict rules about
+    updating the Python Launcher for Windows. In general, most
+    users only have a single launcher installed and will see no
+    difference. When multiple launchers have been installed,
+    the option to install the launcher is disabled until all
+    but one have been removed. Downgrading the launcher (which
+    was never allowed) is now more obviously blocked.
+  - gh-115543: Python Launcher for Windows can now
+    detect Python 3.13 when installed from the Microsoft
+    Store, and will install Python 3.12 by default when
+    PYLAUNCHER_ALLOW_INSTALL is set.
+  - gh-115049: Fixes py.exe launcher failing when run as users
+    without user profiles.
+  - gh-115009: Update Windows installer to use SQLite 3.45.1.
+  - IDLE
+  - gh-88516: On macOS show a proxy icon in the title bar of
+    editor windows to match platform behaviour.
+  - Tools/Demos
+  - gh-113516: Don’t set LDSHARED when building for WASI.
+  - C API
+  - gh-117021: Fix integer overflow in PyLong_AsPid() on
+    non-Windows 64-bit platforms.
+  - gh-116869: Make the C API compatible with
+  - Werror=declaration-after-statement compiler flag
+    again. Patch by Victor Stinner.
+
+- Use the system-wide crypto-policies [bsc#1211301]
+  * Use the system default cipher list instead of hardcoded values
+  * Add the --with-ssl-default-suites=openssl configure option
+
+- (bsc#1219666, CVE-2023-6597) Add
+  CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from
+  gh#python/cpython!99930) fixing symlink bug in cleanup of
+  tempfile.TemporaryDirectory.
+
+- Switch to %%autopatch. Let’s try it as an experiment, and if we
+  need conditional patch, we should put condition inside of it.
+- Remove double definition of /usr/bin/idle%%{version} in
+  %%files.
+
+- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
+  with Expat 2.6.0, gh#python/cpython#115288
+
+- (bsc#1210638, CVE-2023-27043) Add
+  CVE-2023-27043-email-parsing-errors.patch, which rejects
+  malformed addresses in email.parseaddr() (gh#python/cpython!111116)
+  Detect email address parsing errors and return empty tuple to
+  indicate the parsing error (old API). Add an optional 'strict'
+  parameter to getaddresses() and parseaddr() functions. Patch by
+  Thomas Dwyer.
+
+- Update to 3.12.2:
+  - Security
+  - gh-113659: Skip .pth files with names starting with a dot or
+    hidden file attribute.
+  - Core and Builtins
+  - gh-114887: Changed socket type validation in
+    create_datagram_endpoint() to accept all non-stream sockets.
+    This fixes a regression in compatibility with raw sockets.
+  - gh-114388: Fix a RuntimeWarning emitted when assign an
+    integer-like value that is not an instance of int to an
+    attribute that corresponds to a C struct member of type T_UINT
+    and T_ULONG. Fix a double RuntimeWarning emitted when assign a
+    negative integer value to an attribute that corresponds to a C
+    struct member of type T_UINT.
+  - gh-113703: Fix a regression in the codeop module that was
+    causing it to incorrectly identify incomplete f-strings. Patch
+    by Pablo Galindo
+  - gh-89811: Check for a valid tp_version_tag before performing
+    bytecode specializations that rely on this value being usable.
+  - gh-113602: Fix an error that was causing the parser to try to
+    overwrite existing errors and crashing in the process. Patch by
+    Pablo Galindo
+  - gh-113297: Fix segfault in the compiler on with statement with
+    19 context managers.
+  - gh-106905: Use per AST-parser state rather than global state to
+    track recursion depth within the AST parser to prevent potential
+    race condition due to simultaneous parsing.
+  - The issue primarily showed up in 3.11 by multithreaded users of
+    ast.parse(). In 3.12 a change to when garbage collection can be
+    triggered prevented the race condition from occurring.
+  - gh-112943: Correctly compute end column offsets for multiline
+    tokens in the tokenize module. Patch by Pablo Galindo
+  - gh-112716: Fix SystemError in the import statement and in
+    __reduce__() methods of builtin types when __builtins__ is not a
+    dict.
+  - gh-94606: Fix UnicodeEncodeError when
+    email.message.get_payload() reads a message with a Unicode
+    surrogate character and the message content is not well-formed
+    for surrogateescape encoding. Patch by Sidney Markowitz.
+  - Library
+  - gh-114965: Update bundled pip to 24.0
+  - gh-114959: tarfile no longer ignores errors when trying to
+    extract a directory on top of a file.
+  - gh-109475: Fix support of explicit option value “–” in argparse
+    (e.g. --option=--).
+  - gh-110190: Fix ctypes structs with array on Windows ARM64
+    platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by
+    Diego Russo
+  - gh-113280: Fix a leak of open socket in rare cases when error
+    occurred in ssl.SSLSocket creation.
+  - gh-77749: email.policy.EmailPolicy.fold() now always encodes
+    non-ASCII characters in headers if utf8 is false.
+  - gh-114492: Make the result of termios.tcgetattr() reproducible
+    on Alpine Linux. Previously it could leave a random garbage in
+    some fields.
+  - gh-113267: Revert changes in gh-106584 which made calls of
+    TestResult methods startTest() and stopTest() unbalanced.
+  - gh-75128: Ignore an OSError in
+    asyncio.BaseEventLoop.create_server() when IPv6 is available but
+    the interface cannot actually support it.
+  - gh-114257: Dismiss the FileNotFound error in
+    ctypes.util.find_library() and just return None on Linux.
+  - gh-114328: The tty.setcbreak() and new tty.cfmakecbreak() no
+    longer clears the terminal input ICRLF flag. This fixes a
+    regression introduced in 3.12 that no longer matched how OSes
+    define cbreak mode in their stty(1) manual pages.
+  - gh-101438: Avoid reference cycle in ElementTree.iterparse. The
+    iterator returned by ElementTree.iterparse may hold on to a file
+    descriptor. The reference cycle prevented prompt clean-up of the
+    file descriptor if the returned iterator was not exhausted.
+  - gh-104522: OSError raised when run a subprocess now only has
+    filename attribute set to cwd if the error was caused by a
+    failed attempt to change the current directory.
+  - gh-114149: Enum: correctly handle tuple subclasses in custom
+    __new__.
+  - gh-109534: Fix a reference leak in
+    asyncio.selector_events.BaseSelectorEventLoop when SSL
+    handshakes fail. Patch contributed by Jamie Phan.
+  - gh-114077: Fix possible OverflowError in
+    socket.socket.sendfile() when pass count larger than 2 GiB on
+    32-bit platform.
+  - gh-114014: Fixed a bug in fractions.Fraction where an invalid
+    string using d in the decimals part creates a different error
+    compared to other invalid letters/characters. Patch by Jeremiah
+    Gabriel Pascual.
+  - gh-113951: Fix the behavior of tag_unbind() methods of
+    tkinter.Text and tkinter.Canvas classes with three arguments.
+    Previously, widget.tag_unbind(tag, sequence, funcid) destroyed
+    the current binding for sequence, leaving sequence unbound, and
+    deleted the funcid command. Now it removes only funcid from the
+    binding for sequence, keeping other commands, and deletes the
+    funcid command. It leaves sequence unbound only if funcid was
+    the last bound command.
+  - gh-113877: Fix tkinter method winfo_pathname() on 64-bit
+    Windows.
+  - gh-113661: unittest runner: Don’t exit 5 if tests were skipped.
+    The intention of exiting 5 was to detect issues where the test
+    suite wasn’t discovered at all. If we skipped tests, it was
+    correctly discovered.
+  - gh-113781: Silence unraisable AttributeError when warnings are
+    emitted during Python finalization.
+  - gh-112932: Restore the ability for zipfile to extractall from
+    zip files with a “/” directory entry in them as is commonly
+    added to zips by some wiki or bug tracker data exporters.
+  - gh-113594: Fix UnicodeEncodeError in email when re-fold lines
+    that contain unknown-8bit encoded part followed by
+    non-unknown-8bit encoded part.
+  - gh-113538: In asyncio.StreamReaderProtocol.connection_made(),
+    there is callback that logs an error if the task wrapping the
+    “connected callback” fails. This callback would itself fail if
+    the task was cancelled. Prevent this by checking whether the
+    task was cancelled first. If so, close the transport but don’t
+    log an error.
+  - gh-85567: Fix resource warnings for unclosed files in pickle and
+    pickletools command line interfaces.
+  - gh-101225: Increase the backlog for
+    multiprocessing.connection.Listener objects created by
+    multiprocessing.manager and multiprocessing.resource_sharer to
+    significantly reduce the risk of getting a connection refused
+    error when creating a multiprocessing.connection.Connection to
+    them.
+  - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends
+    webbrowser.open audit event.
+  - gh-113028: When a second reference to a string appears in the
+    input to pickle, and the Python implementation is in use, we are
+    guaranteed that a single copy gets pickled and a single object
+    is shared when reloaded. Previously, in protocol 0, when a
+    string contained certain characters (e.g. newline) it resulted
+    in duplicate objects.
+  - gh-113421: Fix multiprocessing logger for %(filename)s.
+  - gh-111784: Fix segfaults in the _elementtree module. Fix first
+    segfault during deallocation of _elementtree.XMLParser instances
+    by keeping strong reference to pyexpat module in module state
+    for capsule lifetime. Fix second segfault which happens in the
+    same deallocation process by keeping strong reference to
+    _elementtree module in XMLParser structure for _elementtree
+    module lifetime.
+  - gh-113407: Fix import of unittest.mock when CPython is built
+    without docstrings.
+  - gh-113320: Fix regression in Python 3.12 where Protocol classes
+    that were not marked as runtime-checkable would be unnecessarily
+    introspected, potentially causing exceptions to be raised if the
+    protocol had problematic members. Patch by Alex Waygood.
+  - gh-113358: Fix rendering tracebacks for exceptions with a broken
+    __getattr__.
+  - gh-113214: Fix an AttributeError during asyncio SSL protocol
+    aborts in SSL-over-SSL scenarios.
+  - gh-113246: Update bundled pip to 23.3.2.
+  - gh-113199: Make http.client.HTTPResponse.read1 and
+    http.client.HTTPResponse.readline close IO after reading all
+    data when content length is known. Patch by Illia Volochii.
+  - gh-113188: Fix shutil.copymode() and shutil.copystat() on
+    Windows. Previously they worked differenly if dst is a symbolic
+    link: they modified the permission bits of dst itself rather
+    than the file it points to if follow_symlinks is true or src is
+    not a symbolic link, and did not modify the permission bits if
+    follow_symlinks is false and src is a symbolic link.
+  - gh-61648: Detect line numbers of properties in doctests.
+  - gh-112559: signal.signal() and signal.getsignal() no longer call
+    repr on callable handlers. asyncio.run() and
+    asyncio.Runner.run() no longer call repr on the task results.
+    Patch by Yilei Yang.
+  - gh-110190: Fix ctypes structs with array on PPC64LE platform by
+    setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo.
+  - gh-79429: Ignore FileNotFoundError when remove a temporary
+    directory in the multiprocessing finalizer.
+  - gh-81194: Fix a crash in socket.if_indextoname() with specific
+    value (UINT_MAX). Fix an integer overflow in
+    socket.if_indextoname() on 64-bit non-Windows platforms.
+  - gh-112343: Improve handling of pdb convenience variables to
+    avoid replacing string contents.
+  - gh-111615: Fix a regression caused by a fix to gh-93162 whereby
+    you couldn’t configure a QueueHandler without specifying
+    handlers.
+  - gh-111049: Fix crash during garbage collection of the io.BytesIO
+    buffer object.
+  - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in
+    tkinter._test().
+  - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now
+    raises BadZipFile when try to read an entry that overlaps with
+    other entry or central directory.
+  - gh-114440: On Windows, closing the connection writer when
+    cleaning up a broken multiprocessing.Queue queue is now done for
+    all queues, rather than only in concurrent.futures manager
+    thread. This can prevent a deadlock when a multiprocessing
+    worker process terminates without cleaning up. This completes
+    the backport of patches by Victor Stinner and Serhiy Storchaka.
+  - gh-38807: Fix race condition in trace. Instead of checking if a
+    directory exists and creating it, directly call os.makedirs()
+    with the kwarg exist_ok=True.
+  - gh-75705: Set unixfrom envelope in mailbox.mbox and
+    mailbox.MMDF.
+  - gh-106233: Fix stacklevel in InvalidTZPathWarning during
+    zoneinfo module import.
+  - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure
+    when the system endianness is the opposite of the classes.
+  - gh-104282: Fix null pointer dereference in
+    lzma._decode_filter_properties() due to improper handling of BCJ
+    filters with properties of zero length. Patch by Radislav
+    Chugunov.
+  - gh-102512: When os.fork() is called from a foreign thread (aka
+    _DummyThread), the type of the thread in a child process is
+    changed to _MainThread. Also changed its name and daemonic
+    status, it can be now joined.
+  - bpo-35928: io.TextIOWrapper now correctly handles the decoding
+    buffer after read() and write().
+  - bpo-26791: shutil.move() now moves a symlink into a directory
+    when that directory is the target of the symlink. This provides
+    the same behavior as the mv shell command. The previous behavior
+    raised an exception. Patch by Jeffrey Kintscher.
+  - bpo-36959: Fix some error messages for invalid ISO format string
+    combinations in strptime() that referred to directives not
+    contained in the format string. Patch by Gordon P. Hemsley.
+  - bpo-18060: Fixed a class inheritance issue that can cause
+    segfaults when deriving two or more levels of subclasses from a
+    base class of Structure or Union.
+  - Documentation
+  - gh-110746: Improved markup for valid options/values for methods
+    ttk.treeview.column and ttk.treeview.heading, and for Layouts.
+  - gh-95649: Document that the asyncio module contains code taken
+    from v0.16.0 of the uvloop project, as well as the required MIT
+    licensing information.
+  - Tests
+  - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS,
+    where system tar can include more information in the archive
+    than shutil.make_archive.
+  - gh-105089: Fix
+    test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write
+    test in AIX by doing a bitwise AND of 0xFFFF on mode , so that
+    it will be in sync with zinfo.external_attr
+  - bpo-40648: Test modes that file can get with chmod() on Windows.
+  - Build
+  - gh-112305: Fixed the check-clean-src step performed on out of
+    tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h
+    files and recommend appropriate source tree cleanup steps to get
+    a working build again.
+  - gh-112867: Fix the build for the case that
+    WITH_PYMALLOC_RADIX_TREE=0 set.
+  - bpo-11102: The os.major(), os.makedev(), and os.minor()
+    functions are now available on HP-UX v3.
+  - bpo-36351: Do not set ipv6type when cross-compiling.
+  - IDLE
+  - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and
+    ‘object’.
+  - gh-72284: Improve the lists of features, editor key bindings,
+    and shell key bingings in the IDLE doc.
+  - gh-113903: Fix rare failure of test.test_idle, in
+    test_configdialog.
+  - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and
+    3.12.1.
+  - gh-113269: Fix test_editor hang on macOS Catalina.
+  - gh-112898: Fix processing unsaved files when quitting IDLE on
+    macOS.
+  - gh-103820: Revise IDLE bindings so that events from mouse button
+    4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not
+    mistaken for scrolling.
+  - bpo-13586: Enter the selected text when opening the “Replace”
+    dialog.
+  - Tools/Demos
+  - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and
+    multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1.
+  - gh-115015: Fix a bug in Argument Clinic that generated incorrect
+    code for methods with no parameters that use the METH_METHOD |
+    METH_FASTCALL | METH_KEYWORDS calling convention. Only the
+    positional parameter count was checked; any keyword argument
+    passed would be silently accepted.
+- Refresh patches:
+  - bpo-31046_ensurepip_honours_prefix.patch
+  - fix_configure_rst.patch
+  - no-skipif-doctests.patch
+  - python-3.3.0b1-fix_date_time_compiler.patch
+  - python-3.3.0b1-localpath.patch
+  - python-3.3.0b1-test-posix_fadvise.patch
+  - skip-test_pyobject_freed_is_freed.patch
+  - subprocess-raise-timeout.patch
+
python312:base
+- Add CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to fix tests with
+  patched libexpat below 2.6.0 that doesn't update the version number,
+  just in 15.6.
+- Drop libexpat260.patch, not needed anymore. This patch is merged
+  with the CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to keep
+  working on 15.6.
+- Add fix-test-recursion-limit-15.6.patch, gh#python/cpython#115083.
+
+- Update to 3.12.3:
+  - Security
+  - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
+    (CVE-2023-52425, bsc#1219559) by adding five new methods:
+    xml.etree.ElementTree.XMLParser.flush()
+    xml.etree.ElementTree.XMLPullParser.flush()
+    xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
+    xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
+    xml.sax.expatreader.ExpatParser.flush()
+  - gh-115399: Update bundled libexpat to 2.6.0 (bsc#1222075)
+  - gh-115243: Fix possible crashes in
+    collections.deque.index() when the deque is concurrently
+    modified.
+  - gh-114572: ssl.SSLContext.cert_store_stats() and
+    ssl.SSLContext.get_ca_certs() now correctly lock access to
+    the certificate store, when the ssl.SSLContext is shared
+    across multiple threads.
+  - Core and Builtins
+  - gh-109120: Added handle of incorrect star expressions, e.g
+    f(3, *). Patch by Grigoryev Semyon
+  - gh-99108: Updated the hashlib built-in HACL* project C code
+    from upstream that we use for many implementations when
+    they are not present via OpenSSL in a given build. This
+    also avoids the rare potential for a C symbol name one
+    definition rule linking issue.
+  - gh-116735: For INSTRUMENTED_CALL_FUNCTION_EX, set arg0 to
+    sys.monitoring.MISSING instead of None for CALL event.
+  - gh-113964: Starting new threads and process creation
+    through os.fork() are now only prevented once all
+    non-daemon threads exit.
+  - gh-116604: Respect the status of the garbage collector when
+    indirect calls are made via PyErr_CheckSignals() and the
+    evaluation breaker. Patch by Pablo Galindo
+  - gh-116626: Ensure INSTRUMENTED_CALL_FUNCTION_EX always
+    emits CALL
+  - gh-116296: Fix possible refleak in object.__reduce__()
+    internal error handling.
+  - gh-116034: Fix location of the error on a failed assertion.
+  - gh-115823: Properly calculate error ranges in the parser
+    when raising SyntaxError exceptions caused by invalid byte
+    sequences. Patch by Pablo Galindo
+  - gh-112087: For an empty reverse iterator for list will be
+    reduced to reversed(). Patch by Donghee Na.
+  - gh-115154: Fix a bug that was causing the
+    tokenize.untokenize() function to handle unicode named
+    literals incorrectly. Patch by Pablo Galindo
+  - gh-114828: Fix compilation crashes in uncommon code
+    examples using super() inside a comprehension in a class
+    body.
+  - gh-115011: Setters for members with an unsigned integer
+    type now support the same range of valid values for objects
+    that has a __index__() method as for int.
+  - gh-112215: Change the C recursion limits to more closely
+    reflect the underlying platform limits.
+  - gh-96497: Fix incorrect resolution of mangled class
+    variables used in assignment expressions in comprehensions.
+  - Library
+  - gh-117467: Preserve mailbox ownership when rewriting in
+    mailbox.mbox.flush(). Patch by Tony Mountifield.
+  - gh-117310: Fixed an unlikely early & extra Py_DECREF
+    triggered crash in ssl when creating a new _ssl._SSLContext
+    if CPython was built implausibly such that the
+    default cipher list is empty or the SSL library it
+    was linked against reports a failure from its C
+    SSL_CTX_set_cipher_list() API.
+  - gh-117178: Fix regression in lazy loading of
+    self-referential modules, introduced in gh-114781.
+  - gh-117084: Fix zipfile extraction for directory entries
+    with the name containing backslashes on Windows.
+  - gh-117110: Fix a bug that prevents subclasses of typing.Any
+    to be instantiated with arguments. Patch by Chris Fu.
+  - gh-90872: On Windows, subprocess.Popen.wait() no longer
+    calls WaitForSingleObject() with a negative timeout: pass 0
+    ms if the timeout is negative. Patch by Victor Stinner.
+  - gh-116957: configparser: Don’t leave ConfigParser values
+    in an invalid state (stored as a list instead of a str)
+    after an earlier read raised DuplicateSectionError or
+    DuplicateOptionError.
+  - gh-90095: Ignore empty lines and comments in .pdbrc
+  - gh-116764: Restore support of None and other false values
+    in urllib.parse functions parse_qs() and parse_qsl(). Also,
+    they now raise a TypeError for non-zero integers and
+    non-empty sequences.
+  - gh-116811: In PathFinder.invalidate_caches, delegate to
+    MetadataPathFinder.invalidate_caches.
+  - gh-116600: Fix repr() for global Flag members.
+  - gh-116484: Change automatically generated
+    tkinter.Checkbutton widget names to avoid collisions with
+    automatically generated tkinter.ttk.Checkbutton widget
+    names within the same parent widget.
+  - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on
+    opening named pipe.
+  - gh-116143: Fix a race in pydoc _start_server, eliminating a
+    window in which _start_server can return a thread that is
+    “serving” but without a docserver set.
+  - gh-116325: typing: raise SyntaxError instead of
+    AttributeError on forward references as empty strings.
+  - gh-90535: Fix support of interval values > 1 in
+    logging.TimedRotatingFileHandler for when='MIDNIGHT' and
+    when='Wx'.
+  - gh-115978: Disable preadv(), readv(), pwritev(), and
+    writev() on WASI.
+  - Under wasmtime for WASI 0.2, these
+    functions don’t pass test_posix
+    (https://github.com/bytecodealliance/wasmtime/issues/7830).
+  - gh-88352: Fix the computation of the next rollover
+    time in the logging.TimedRotatingFileHandler handler.
+    computeRollover() now always returns a timestamp larger
+    than the specified time and works correctly during the DST
+    change. doRollover() no longer overwrite the already rolled
+    over file, saving from data loss when run at midnight or
+    during repeated time at the DST change.
+  - gh-87115: Set __main__.__spec__ to None when running a
+    script with pdb
+  - gh-76511: Fix UnicodeEncodeError in
+    email.Message.as_string() that results when a message
+    that claims to be in the ascii character set actually has
+    non-ascii characters. Non-ascii characters are now replaced
+    with the U+FFFD replacement character, like in the replace
+    error handler.
+  - gh-116040: [Enum] fix by-value calls when second value is
+    falsey; e.g. Cardinal(1, 0)
+  - gh-75988: Fixed unittest.mock.create_autospec() to pass
+    the call through to the wrapped object to return the real
+    result.
+  - gh-115881: Fix issue where ast.parse() would incorrectly
+    flag conditional context managers (such as with (x() if y
+    else z()): ...) as invalid syntax if feature_version=(3,
+    8) was passed. This reverts changes to the grammar made as
+    part of gh-94949.
+  - gh-115886: Fix silent truncation of the
+    name with an embedded null character in
+    multiprocessing.shared_memory.SharedMemory.
+  - gh-115809: Improve algorithm for computing
+    which rolled-over log files to delete in
+    logging.TimedRotatingFileHandler. It is now reliable for
+    handlers without namer and with arbitrary deterministic
+    namer that leaves the datetime part in the file name
+    unmodified.
+  - gh-74668: urllib.parse functions parse_qs() and
+    parse_qsl() now support bytes arguments containing raw and
+    percent-encoded non-ASCII data.
+  - gh-67044: csv.writer() now always quotes or escapes '\r'
+    and '\n', regardless of lineterminator value.
+  - gh-115712: csv.writer() now quotes empty fields if
+    delimiter is a space and skipinitialspace is true and
+    raises exception if quoting is not possible.
+  - gh-112364: Fixed ast.unparse() to handle format_spec with
+    ", ' or \\. Patched by Frank Hoffmann.
+  - gh-111358: Fix a bug in
+    asyncio.BaseEventLoop.shutdown_default_executor() to ensure
+    the timeout passed to the coroutine behaves as expected.
+  - gh-115618: Fix improper decreasing the reference count for
+    None argument in property methods getter(), setter() and
+    deleter().
+  - gh-115570: A DeprecationWarning is no longer omitted
+    on access to the __doc__ attributes of the deprecated
+    typing.io and typing.re pseudo-modules.
+  - gh-112006: Fix inspect.unwrap() for types with the
+    __wrapper__ data descriptor.
+  - gh-101293: Support callables with the __call__() method
+    and types with __new__() and __init__() methods set to
+    class methods, static methods, bound methods, partial
+    functions, and other types of methods and descriptors in
+    inspect.Signature.from_callable().
+  - gh-115392: Fix a bug in doctest where incorrect line
+    numbers would be reported for decorated functions.
+  - gh-114563: Fix several format() bugs when using the C
+    implementation of Decimal: * memory leak in some rare
+    cases when using the z format option (coerce negative 0) *
+    incorrect output when applying the z format option to type
+    F (fixed-point with capital NAN / INF) * incorrect output
+    when applying the # format option (alternate form)
+  - gh-115197: urllib.request no longer resolves the hostname
+    before checking it against the system’s proxy bypass list
+    on macOS and Windows.
+  - gh-115165: Most exceptions are now ignored when attempting
+    to set the __orig_class__ attribute on objects returned
+    when calling typing generic aliases (including generic
+    aliases created using typing.Annotated). Previously only
+    AttributeError was ignored. Patch by Dave Shawley.
+  - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
+  - gh-115059: io.BufferedRandom.read1() now flushes the
+    underlying write buffer.
+  - gh-79382: Trailing ** no longer allows to match files and
+    non-existing paths in recursive glob().
+  - gh-114071: Support tuple subclasses using auto() for enum
+    member value.
+  - gh-114763: Protect modules loaded with
+    importlib.util.LazyLoader from race conditions when
+    multiple threads try to access attributes before the
+    loading is complete.
+  - gh-97959: Fix rendering class methods, bound methods,
+    method and function aliases in pydoc. Class methods
+    no longer have “method of builtins.type instance”
+    note. Corresponding notes are now added for class and
+    unbound methods. Method and function aliases now have
+    references to the module or the class where the origin
+    was defined if it differs from the current. Bound methods
+    are now listed in the static methods section. Methods of
+    builtin classes are now supported as well as methods of
+    Python classes.
+  - gh-112281: Allow creating union of types for
+    typing.Annotated with unhashable metadata.
+  - gh-111775: Fix
+    importlib.resources.simple.ResourceHandle.open() for text
+    mode, added missed stream argument.
+  - gh-90095: Make .pdbrc and -c work with any valid pdb
+    commands.
+  - gh-107155: Fix incorrect output of help(x) where x is a
+    lambda function, which has an __annotations__ dictionary
+    attribute with a "return" key.
+  - gh-105866: Fixed _get_slots bug which caused error when
+    defining dataclasses with slots and a weakref_slot.
+  - gh-60346: Fix ArgumentParser inconsistent with
+    parse_known_args.
+  - gh-100985: Update HTTPSConnection to consistently wrap IPv6
+    Addresses when using a proxy.
+  - gh-100884: email: fix misfolding of comma in address-lists
+    over multiple lines in combination with unicode encoding.
+  - gh-95782: Fix io.BufferedReader.tell(),
+    io.BufferedReader.seek(), _pyio.BufferedReader.tell(),
+    io.BufferedRandom.tell(), io.BufferedRandom.seek() and
+    _pyio.BufferedRandom.tell() being able to return negative
+    offsets.
+  - gh-96310: Fix a traceback in argparse when all options in a
+    mutually exclusive group are suppressed.
+  - gh-93205: Fixed a bug in
+    logging.handlers.TimedRotatingFileHandler where multiple
+    rotating handler instances pointing to files with the same
+    name but different extensions would conflict and not delete
+    the correct files.
+  - bpo-44865: Add missing call to localization function in
+    argparse.
+  - bpo-43952: Fix multiprocessing.connection.Listener.accept()
+    to accept empty bytes as authkey. Not accepting empty bytes
+    as key causes it to hang indefinitely.
+  - bpo-42125: linecache: get module name from __spec__ if
+    available. This allows getting source code for the __main__
+    module when a custom loader is used.
+  - gh-66543: Make mimetypes.guess_type() properly parsing
+    of URLs with only a host name, URLs containing fragment
+    or query, and filenames with only a UNC sharepoint on
+    Windows. Based on patch by Dong-hee Na.
+  - bpo-33775: Add ‘default’ and ‘version’ help text for
+    localization in argparse.
+  - Documentation
+  - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under
+    “XML vulnerabilities”.
+  - gh-115233: Fix an example for LoggerAdapter in the Logging
+    Cookbook.
+  - Tests
+  - gh-83434: Disable JUnit XML output (--junit-xml=FILE
+    command line option) in regrtest when hunting for reference
+    leaks (-R option). Patch by Victor Stinner.
+  - gh-117187: Fix XML tests for vanilla Expat <2.6.0.
+  - gh-116333: Tests of TLS related things (error codes, etc)
+    were updated to be more lenient about specific error
+    message strings and behaviors as seen in the BoringSSL and
+    AWS-LC forks of OpenSSL.
+  - gh-115979: Update test_importlib so that it passes under
+    WASI SDK 21.
+  - gh-112536: Add –tsan to test.regrtest for running TSAN
+    tests in reasonable execution times. Patch by Donghee Na.
+  - gh-116307: Added import helper isolated_modules as
+    CleanImport does not remove modules imported during the
+    context. Use it in importlib.resources tests to avoid
+    leaving mod around to impede importlib.metadata tests.
+  - gh-115720: Leak tests (-R, --huntrleaks) now show a summary
+    of the number of leaks found in each iteration.
+  - gh-115122: Add --bisect option to regrtest test runner:
+    run failed tests with test.bisect_cmd to identify failing
+    tests. Patch by Victor Stinner.
+  - gh-115596: Fix ProgramPriorityTests in test_os permanently
+    changing the process priority.
+  - Build
+  - gh-116313: Get WASI builds to work under wasmtime 18 w/
+    WASI 0.2/preview2 primitives.
+  - gh-116117: Backport libb2’s PR #42 to fix compiling CPython
+    on 32-bit Windows with clang-cl.
+  - gh-115167: Avoid vendoring vcruntime140_threads.dll when
+    building with Visual Studio 2022 version 17.8.
+  - gh-112536: Add support for thread sanitizer (TSAN)
+  - Windows
+  - gh-117267: Ensure DirEntry.stat().st_ctime behaves
+    consistently with os.stat() during the deprecation
+    period of st_ctime by containing the same value as
+    st_birthtime. After the deprecation period, st_ctime
+    will be the metadata change time (or unavailable through
+    DirEntry), and only st_birthtime will contain the creation
+    time.
+  - gh-116773: Fix instances of <_overlapped.Overlapped object
+    at 0xXXX> still has pending operation at deallocation, the
+    process may crash.
+  - gh-91227: Fix the asyncio ProactorEventLoop implementation
+    so that sending a datagram to an address that is not
+    listening does not prevent receiving any more datagrams.
+  - gh-115554: The installer now has more strict rules about
+    updating the Python Launcher for Windows. In general, most
+    users only have a single launcher installed and will see no
+    difference. When multiple launchers have been installed,
+    the option to install the launcher is disabled until all
+    but one have been removed. Downgrading the launcher (which
+    was never allowed) is now more obviously blocked.
+  - gh-115543: Python Launcher for Windows can now
+    detect Python 3.13 when installed from the Microsoft
+    Store, and will install Python 3.12 by default when
+    PYLAUNCHER_ALLOW_INSTALL is set.
+  - gh-115049: Fixes py.exe launcher failing when run as users
+    without user profiles.
+  - gh-115009: Update Windows installer to use SQLite 3.45.1.
+  - IDLE
+  - gh-88516: On macOS show a proxy icon in the title bar of
+    editor windows to match platform behaviour.
+  - Tools/Demos
+  - gh-113516: Don’t set LDSHARED when building for WASI.
+  - C API
+  - gh-117021: Fix integer overflow in PyLong_AsPid() on
+    non-Windows 64-bit platforms.
+  - gh-116869: Make the C API compatible with
+  - Werror=declaration-after-statement compiler flag
+    again. Patch by Victor Stinner.
+
+- Use the system-wide crypto-policies [bsc#1211301]
+  * Use the system default cipher list instead of hardcoded values
+  * Add the --with-ssl-default-suites=openssl configure option
+
+- (bsc#1219666, CVE-2023-6597) Add
+  CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from
+  gh#python/cpython!99930) fixing symlink bug in cleanup of
+  tempfile.TemporaryDirectory.
+
+- Switch to %%autopatch. Let’s try it as an experiment, and if we
+  need conditional patch, we should put condition inside of it.
+- Remove double definition of /usr/bin/idle%%{version} in
+  %%files.
+
+- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
+  with Expat 2.6.0, gh#python/cpython#115288
+
+- (bsc#1210638, CVE-2023-27043) Add
+  CVE-2023-27043-email-parsing-errors.patch, which rejects
+  malformed addresses in email.parseaddr() (gh#python/cpython!111116)
+  Detect email address parsing errors and return empty tuple to
+  indicate the parsing error (old API). Add an optional 'strict'
+  parameter to getaddresses() and parseaddr() functions. Patch by
+  Thomas Dwyer.
+
+- Update to 3.12.2:
+  - Security
+  - gh-113659: Skip .pth files with names starting with a dot or
+    hidden file attribute.
+  - Core and Builtins
+  - gh-114887: Changed socket type validation in
+    create_datagram_endpoint() to accept all non-stream sockets.
+    This fixes a regression in compatibility with raw sockets.
+  - gh-114388: Fix a RuntimeWarning emitted when assign an
+    integer-like value that is not an instance of int to an
+    attribute that corresponds to a C struct member of type T_UINT
+    and T_ULONG. Fix a double RuntimeWarning emitted when assign a
+    negative integer value to an attribute that corresponds to a C
+    struct member of type T_UINT.
+  - gh-113703: Fix a regression in the codeop module that was
+    causing it to incorrectly identify incomplete f-strings. Patch
+    by Pablo Galindo
+  - gh-89811: Check for a valid tp_version_tag before performing
+    bytecode specializations that rely on this value being usable.
+  - gh-113602: Fix an error that was causing the parser to try to
+    overwrite existing errors and crashing in the process. Patch by
+    Pablo Galindo
+  - gh-113297: Fix segfault in the compiler on with statement with
+    19 context managers.
+  - gh-106905: Use per AST-parser state rather than global state to
+    track recursion depth within the AST parser to prevent potential
+    race condition due to simultaneous parsing.
+  - The issue primarily showed up in 3.11 by multithreaded users of
+    ast.parse(). In 3.12 a change to when garbage collection can be
+    triggered prevented the race condition from occurring.
+  - gh-112943: Correctly compute end column offsets for multiline
+    tokens in the tokenize module. Patch by Pablo Galindo
+  - gh-112716: Fix SystemError in the import statement and in
+    __reduce__() methods of builtin types when __builtins__ is not a
+    dict.
+  - gh-94606: Fix UnicodeEncodeError when
+    email.message.get_payload() reads a message with a Unicode
+    surrogate character and the message content is not well-formed
+    for surrogateescape encoding. Patch by Sidney Markowitz.
+  - Library
+  - gh-114965: Update bundled pip to 24.0
+  - gh-114959: tarfile no longer ignores errors when trying to
+    extract a directory on top of a file.
+  - gh-109475: Fix support of explicit option value “–” in argparse
+    (e.g. --option=--).
+  - gh-110190: Fix ctypes structs with array on Windows ARM64
+    platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by
+    Diego Russo
+  - gh-113280: Fix a leak of open socket in rare cases when error
+    occurred in ssl.SSLSocket creation.
+  - gh-77749: email.policy.EmailPolicy.fold() now always encodes
+    non-ASCII characters in headers if utf8 is false.
+  - gh-114492: Make the result of termios.tcgetattr() reproducible
+    on Alpine Linux. Previously it could leave a random garbage in
+    some fields.
+  - gh-113267: Revert changes in gh-106584 which made calls of
+    TestResult methods startTest() and stopTest() unbalanced.
+  - gh-75128: Ignore an OSError in
+    asyncio.BaseEventLoop.create_server() when IPv6 is available but
+    the interface cannot actually support it.
+  - gh-114257: Dismiss the FileNotFound error in
+    ctypes.util.find_library() and just return None on Linux.
+  - gh-114328: The tty.setcbreak() and new tty.cfmakecbreak() no
+    longer clears the terminal input ICRLF flag. This fixes a
+    regression introduced in 3.12 that no longer matched how OSes
+    define cbreak mode in their stty(1) manual pages.
+  - gh-101438: Avoid reference cycle in ElementTree.iterparse. The
+    iterator returned by ElementTree.iterparse may hold on to a file
+    descriptor. The reference cycle prevented prompt clean-up of the
+    file descriptor if the returned iterator was not exhausted.
+  - gh-104522: OSError raised when run a subprocess now only has
+    filename attribute set to cwd if the error was caused by a
+    failed attempt to change the current directory.
+  - gh-114149: Enum: correctly handle tuple subclasses in custom
+    __new__.
+  - gh-109534: Fix a reference leak in
+    asyncio.selector_events.BaseSelectorEventLoop when SSL
+    handshakes fail. Patch contributed by Jamie Phan.
+  - gh-114077: Fix possible OverflowError in
+    socket.socket.sendfile() when pass count larger than 2 GiB on
+    32-bit platform.
+  - gh-114014: Fixed a bug in fractions.Fraction where an invalid
+    string using d in the decimals part creates a different error
+    compared to other invalid letters/characters. Patch by Jeremiah
+    Gabriel Pascual.
+  - gh-113951: Fix the behavior of tag_unbind() methods of
+    tkinter.Text and tkinter.Canvas classes with three arguments.
+    Previously, widget.tag_unbind(tag, sequence, funcid) destroyed
+    the current binding for sequence, leaving sequence unbound, and
+    deleted the funcid command. Now it removes only funcid from the
+    binding for sequence, keeping other commands, and deletes the
+    funcid command. It leaves sequence unbound only if funcid was
+    the last bound command.
+  - gh-113877: Fix tkinter method winfo_pathname() on 64-bit
+    Windows.
+  - gh-113661: unittest runner: Don’t exit 5 if tests were skipped.
+    The intention of exiting 5 was to detect issues where the test
+    suite wasn’t discovered at all. If we skipped tests, it was
+    correctly discovered.
+  - gh-113781: Silence unraisable AttributeError when warnings are
+    emitted during Python finalization.
+  - gh-112932: Restore the ability for zipfile to extractall from
+    zip files with a “/” directory entry in them as is commonly
+    added to zips by some wiki or bug tracker data exporters.
+  - gh-113594: Fix UnicodeEncodeError in email when re-fold lines
+    that contain unknown-8bit encoded part followed by
+    non-unknown-8bit encoded part.
+  - gh-113538: In asyncio.StreamReaderProtocol.connection_made(),
+    there is callback that logs an error if the task wrapping the
+    “connected callback” fails. This callback would itself fail if
+    the task was cancelled. Prevent this by checking whether the
+    task was cancelled first. If so, close the transport but don’t
+    log an error.
+  - gh-85567: Fix resource warnings for unclosed files in pickle and
+    pickletools command line interfaces.
+  - gh-101225: Increase the backlog for
+    multiprocessing.connection.Listener objects created by
+    multiprocessing.manager and multiprocessing.resource_sharer to
+    significantly reduce the risk of getting a connection refused
+    error when creating a multiprocessing.connection.Connection to
+    them.
+  - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends
+    webbrowser.open audit event.
+  - gh-113028: When a second reference to a string appears in the
+    input to pickle, and the Python implementation is in use, we are
+    guaranteed that a single copy gets pickled and a single object
+    is shared when reloaded. Previously, in protocol 0, when a
+    string contained certain characters (e.g. newline) it resulted
+    in duplicate objects.
+  - gh-113421: Fix multiprocessing logger for %(filename)s.
+  - gh-111784: Fix segfaults in the _elementtree module. Fix first
+    segfault during deallocation of _elementtree.XMLParser instances
+    by keeping strong reference to pyexpat module in module state
+    for capsule lifetime. Fix second segfault which happens in the
+    same deallocation process by keeping strong reference to
+    _elementtree module in XMLParser structure for _elementtree
+    module lifetime.
+  - gh-113407: Fix import of unittest.mock when CPython is built
+    without docstrings.
+  - gh-113320: Fix regression in Python 3.12 where Protocol classes
+    that were not marked as runtime-checkable would be unnecessarily
+    introspected, potentially causing exceptions to be raised if the
+    protocol had problematic members. Patch by Alex Waygood.
+  - gh-113358: Fix rendering tracebacks for exceptions with a broken
+    __getattr__.
+  - gh-113214: Fix an AttributeError during asyncio SSL protocol
+    aborts in SSL-over-SSL scenarios.
+  - gh-113246: Update bundled pip to 23.3.2.
+  - gh-113199: Make http.client.HTTPResponse.read1 and
+    http.client.HTTPResponse.readline close IO after reading all
+    data when content length is known. Patch by Illia Volochii.
+  - gh-113188: Fix shutil.copymode() and shutil.copystat() on
+    Windows. Previously they worked differenly if dst is a symbolic
+    link: they modified the permission bits of dst itself rather
+    than the file it points to if follow_symlinks is true or src is
+    not a symbolic link, and did not modify the permission bits if
+    follow_symlinks is false and src is a symbolic link.
+  - gh-61648: Detect line numbers of properties in doctests.
+  - gh-112559: signal.signal() and signal.getsignal() no longer call
+    repr on callable handlers. asyncio.run() and
+    asyncio.Runner.run() no longer call repr on the task results.
+    Patch by Yilei Yang.
+  - gh-110190: Fix ctypes structs with array on PPC64LE platform by
+    setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo.
+  - gh-79429: Ignore FileNotFoundError when remove a temporary
+    directory in the multiprocessing finalizer.
+  - gh-81194: Fix a crash in socket.if_indextoname() with specific
+    value (UINT_MAX). Fix an integer overflow in
+    socket.if_indextoname() on 64-bit non-Windows platforms.
+  - gh-112343: Improve handling of pdb convenience variables to
+    avoid replacing string contents.
+  - gh-111615: Fix a regression caused by a fix to gh-93162 whereby
+    you couldn’t configure a QueueHandler without specifying
+    handlers.
+  - gh-111049: Fix crash during garbage collection of the io.BytesIO
+    buffer object.
+  - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in
+    tkinter._test().
+  - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now
+    raises BadZipFile when try to read an entry that overlaps with
+    other entry or central directory.
+  - gh-114440: On Windows, closing the connection writer when
+    cleaning up a broken multiprocessing.Queue queue is now done for
+    all queues, rather than only in concurrent.futures manager
+    thread. This can prevent a deadlock when a multiprocessing
+    worker process terminates without cleaning up. This completes
+    the backport of patches by Victor Stinner and Serhiy Storchaka.
+  - gh-38807: Fix race condition in trace. Instead of checking if a
+    directory exists and creating it, directly call os.makedirs()
+    with the kwarg exist_ok=True.
+  - gh-75705: Set unixfrom envelope in mailbox.mbox and
+    mailbox.MMDF.
+  - gh-106233: Fix stacklevel in InvalidTZPathWarning during
+    zoneinfo module import.
+  - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure
+    when the system endianness is the opposite of the classes.
+  - gh-104282: Fix null pointer dereference in
+    lzma._decode_filter_properties() due to improper handling of BCJ
+    filters with properties of zero length. Patch by Radislav
+    Chugunov.
+  - gh-102512: When os.fork() is called from a foreign thread (aka
+    _DummyThread), the type of the thread in a child process is
+    changed to _MainThread. Also changed its name and daemonic
+    status, it can be now joined.
+  - bpo-35928: io.TextIOWrapper now correctly handles the decoding
+    buffer after read() and write().
+  - bpo-26791: shutil.move() now moves a symlink into a directory
+    when that directory is the target of the symlink. This provides
+    the same behavior as the mv shell command. The previous behavior
+    raised an exception. Patch by Jeffrey Kintscher.
+  - bpo-36959: Fix some error messages for invalid ISO format string
+    combinations in strptime() that referred to directives not
+    contained in the format string. Patch by Gordon P. Hemsley.
+  - bpo-18060: Fixed a class inheritance issue that can cause
+    segfaults when deriving two or more levels of subclasses from a
+    base class of Structure or Union.
+  - Documentation
+  - gh-110746: Improved markup for valid options/values for methods
+    ttk.treeview.column and ttk.treeview.heading, and for Layouts.
+  - gh-95649: Document that the asyncio module contains code taken
+    from v0.16.0 of the uvloop project, as well as the required MIT
+    licensing information.
+  - Tests
+  - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS,
+    where system tar can include more information in the archive
+    than shutil.make_archive.
+  - gh-105089: Fix
+    test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write
+    test in AIX by doing a bitwise AND of 0xFFFF on mode , so that
+    it will be in sync with zinfo.external_attr
+  - bpo-40648: Test modes that file can get with chmod() on Windows.
+  - Build
+  - gh-112305: Fixed the check-clean-src step performed on out of
+    tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h
+    files and recommend appropriate source tree cleanup steps to get
+    a working build again.
+  - gh-112867: Fix the build for the case that
+    WITH_PYMALLOC_RADIX_TREE=0 set.
+  - bpo-11102: The os.major(), os.makedev(), and os.minor()
+    functions are now available on HP-UX v3.
+  - bpo-36351: Do not set ipv6type when cross-compiling.
+  - IDLE
+  - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and
+    ‘object’.
+  - gh-72284: Improve the lists of features, editor key bindings,
+    and shell key bingings in the IDLE doc.
+  - gh-113903: Fix rare failure of test.test_idle, in
+    test_configdialog.
+  - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and
+    3.12.1.
+  - gh-113269: Fix test_editor hang on macOS Catalina.
+  - gh-112898: Fix processing unsaved files when quitting IDLE on
+    macOS.
+  - gh-103820: Revise IDLE bindings so that events from mouse button
+    4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not
+    mistaken for scrolling.
+  - bpo-13586: Enter the selected text when opening the “Replace”
+    dialog.
+  - Tools/Demos
+  - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and
+    multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1.
+  - gh-115015: Fix a bug in Argument Clinic that generated incorrect
+    code for methods with no parameters that use the METH_METHOD |
+    METH_FASTCALL | METH_KEYWORDS calling convention. Only the
+    positional parameter count was checked; any keyword argument
+    passed would be silently accepted.
+- Refresh patches:
+  - bpo-31046_ensurepip_honours_prefix.patch
+  - fix_configure_rst.patch
+  - no-skipif-doctests.patch
+  - python-3.3.0b1-fix_date_time_compiler.patch
+  - python-3.3.0b1-localpath.patch
+  - python-3.3.0b1-test-posix_fadvise.patch
+  - skip-test_pyobject_freed_is_freed.patch
+  - subprocess-raise-timeout.patch
+
python312:doc
+- Add CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to fix tests with
+  patched libexpat below 2.6.0 that doesn't update the version number,
+  just in 15.6.
+- Drop libexpat260.patch, not needed anymore. This patch is merged
+  with the CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to keep
+  working on 15.6.
+- Add fix-test-recursion-limit-15.6.patch, gh#python/cpython#115083.
+
+- Update to 3.12.3:
+  - Security
+  - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
+    (CVE-2023-52425, bsc#1219559) by adding five new methods:
+    xml.etree.ElementTree.XMLParser.flush()
+    xml.etree.ElementTree.XMLPullParser.flush()
+    xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
+    xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
+    xml.sax.expatreader.ExpatParser.flush()
+  - gh-115399: Update bundled libexpat to 2.6.0 (bsc#1222075)
+  - gh-115243: Fix possible crashes in
+    collections.deque.index() when the deque is concurrently
+    modified.
+  - gh-114572: ssl.SSLContext.cert_store_stats() and
+    ssl.SSLContext.get_ca_certs() now correctly lock access to
+    the certificate store, when the ssl.SSLContext is shared
+    across multiple threads.
+  - Core and Builtins
+  - gh-109120: Added handle of incorrect star expressions, e.g
+    f(3, *). Patch by Grigoryev Semyon
+  - gh-99108: Updated the hashlib built-in HACL* project C code
+    from upstream that we use for many implementations when
+    they are not present via OpenSSL in a given build. This
+    also avoids the rare potential for a C symbol name one
+    definition rule linking issue.
+  - gh-116735: For INSTRUMENTED_CALL_FUNCTION_EX, set arg0 to
+    sys.monitoring.MISSING instead of None for CALL event.
+  - gh-113964: Starting new threads and process creation
+    through os.fork() are now only prevented once all
+    non-daemon threads exit.
+  - gh-116604: Respect the status of the garbage collector when
+    indirect calls are made via PyErr_CheckSignals() and the
+    evaluation breaker. Patch by Pablo Galindo
+  - gh-116626: Ensure INSTRUMENTED_CALL_FUNCTION_EX always
+    emits CALL
+  - gh-116296: Fix possible refleak in object.__reduce__()
+    internal error handling.
+  - gh-116034: Fix location of the error on a failed assertion.
+  - gh-115823: Properly calculate error ranges in the parser
+    when raising SyntaxError exceptions caused by invalid byte
+    sequences. Patch by Pablo Galindo
+  - gh-112087: For an empty reverse iterator for list will be
+    reduced to reversed(). Patch by Donghee Na.
+  - gh-115154: Fix a bug that was causing the
+    tokenize.untokenize() function to handle unicode named
+    literals incorrectly. Patch by Pablo Galindo
+  - gh-114828: Fix compilation crashes in uncommon code
+    examples using super() inside a comprehension in a class
+    body.
+  - gh-115011: Setters for members with an unsigned integer
+    type now support the same range of valid values for objects
+    that has a __index__() method as for int.
+  - gh-112215: Change the C recursion limits to more closely
+    reflect the underlying platform limits.
+  - gh-96497: Fix incorrect resolution of mangled class
+    variables used in assignment expressions in comprehensions.
+  - Library
+  - gh-117467: Preserve mailbox ownership when rewriting in
+    mailbox.mbox.flush(). Patch by Tony Mountifield.
+  - gh-117310: Fixed an unlikely early & extra Py_DECREF
+    triggered crash in ssl when creating a new _ssl._SSLContext
+    if CPython was built implausibly such that the
+    default cipher list is empty or the SSL library it
+    was linked against reports a failure from its C
+    SSL_CTX_set_cipher_list() API.
+  - gh-117178: Fix regression in lazy loading of
+    self-referential modules, introduced in gh-114781.
+  - gh-117084: Fix zipfile extraction for directory entries
+    with the name containing backslashes on Windows.
+  - gh-117110: Fix a bug that prevents subclasses of typing.Any
+    to be instantiated with arguments. Patch by Chris Fu.
+  - gh-90872: On Windows, subprocess.Popen.wait() no longer
+    calls WaitForSingleObject() with a negative timeout: pass 0
+    ms if the timeout is negative. Patch by Victor Stinner.
+  - gh-116957: configparser: Don’t leave ConfigParser values
+    in an invalid state (stored as a list instead of a str)
+    after an earlier read raised DuplicateSectionError or
+    DuplicateOptionError.
+  - gh-90095: Ignore empty lines and comments in .pdbrc
+  - gh-116764: Restore support of None and other false values
+    in urllib.parse functions parse_qs() and parse_qsl(). Also,
+    they now raise a TypeError for non-zero integers and
+    non-empty sequences.
+  - gh-116811: In PathFinder.invalidate_caches, delegate to
+    MetadataPathFinder.invalidate_caches.
+  - gh-116600: Fix repr() for global Flag members.
+  - gh-116484: Change automatically generated
+    tkinter.Checkbutton widget names to avoid collisions with
+    automatically generated tkinter.ttk.Checkbutton widget
+    names within the same parent widget.
+  - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on
+    opening named pipe.
+  - gh-116143: Fix a race in pydoc _start_server, eliminating a
+    window in which _start_server can return a thread that is
+    “serving” but without a docserver set.
+  - gh-116325: typing: raise SyntaxError instead of
+    AttributeError on forward references as empty strings.
+  - gh-90535: Fix support of interval values > 1 in
+    logging.TimedRotatingFileHandler for when='MIDNIGHT' and
+    when='Wx'.
+  - gh-115978: Disable preadv(), readv(), pwritev(), and
+    writev() on WASI.
+  - Under wasmtime for WASI 0.2, these
+    functions don’t pass test_posix
+    (https://github.com/bytecodealliance/wasmtime/issues/7830).
+  - gh-88352: Fix the computation of the next rollover
+    time in the logging.TimedRotatingFileHandler handler.
+    computeRollover() now always returns a timestamp larger
+    than the specified time and works correctly during the DST
+    change. doRollover() no longer overwrite the already rolled
+    over file, saving from data loss when run at midnight or
+    during repeated time at the DST change.
+  - gh-87115: Set __main__.__spec__ to None when running a
+    script with pdb
+  - gh-76511: Fix UnicodeEncodeError in
+    email.Message.as_string() that results when a message
+    that claims to be in the ascii character set actually has
+    non-ascii characters. Non-ascii characters are now replaced
+    with the U+FFFD replacement character, like in the replace
+    error handler.
+  - gh-116040: [Enum] fix by-value calls when second value is
+    falsey; e.g. Cardinal(1, 0)
+  - gh-75988: Fixed unittest.mock.create_autospec() to pass
+    the call through to the wrapped object to return the real
+    result.
+  - gh-115881: Fix issue where ast.parse() would incorrectly
+    flag conditional context managers (such as with (x() if y
+    else z()): ...) as invalid syntax if feature_version=(3,
+    8) was passed. This reverts changes to the grammar made as
+    part of gh-94949.
+  - gh-115886: Fix silent truncation of the
+    name with an embedded null character in
+    multiprocessing.shared_memory.SharedMemory.
+  - gh-115809: Improve algorithm for computing
+    which rolled-over log files to delete in
+    logging.TimedRotatingFileHandler. It is now reliable for
+    handlers without namer and with arbitrary deterministic
+    namer that leaves the datetime part in the file name
+    unmodified.
+  - gh-74668: urllib.parse functions parse_qs() and
+    parse_qsl() now support bytes arguments containing raw and
+    percent-encoded non-ASCII data.
+  - gh-67044: csv.writer() now always quotes or escapes '\r'
+    and '\n', regardless of lineterminator value.
+  - gh-115712: csv.writer() now quotes empty fields if
+    delimiter is a space and skipinitialspace is true and
+    raises exception if quoting is not possible.
+  - gh-112364: Fixed ast.unparse() to handle format_spec with
+    ", ' or \\. Patched by Frank Hoffmann.
+  - gh-111358: Fix a bug in
+    asyncio.BaseEventLoop.shutdown_default_executor() to ensure
+    the timeout passed to the coroutine behaves as expected.
+  - gh-115618: Fix improper decreasing the reference count for
+    None argument in property methods getter(), setter() and
+    deleter().
+  - gh-115570: A DeprecationWarning is no longer omitted
+    on access to the __doc__ attributes of the deprecated
+    typing.io and typing.re pseudo-modules.
+  - gh-112006: Fix inspect.unwrap() for types with the
+    __wrapper__ data descriptor.
+  - gh-101293: Support callables with the __call__() method
+    and types with __new__() and __init__() methods set to
+    class methods, static methods, bound methods, partial
+    functions, and other types of methods and descriptors in
+    inspect.Signature.from_callable().
+  - gh-115392: Fix a bug in doctest where incorrect line
+    numbers would be reported for decorated functions.
+  - gh-114563: Fix several format() bugs when using the C
+    implementation of Decimal: * memory leak in some rare
+    cases when using the z format option (coerce negative 0) *
+    incorrect output when applying the z format option to type
+    F (fixed-point with capital NAN / INF) * incorrect output
+    when applying the # format option (alternate form)
+  - gh-115197: urllib.request no longer resolves the hostname
+    before checking it against the system’s proxy bypass list
+    on macOS and Windows.
+  - gh-115165: Most exceptions are now ignored when attempting
+    to set the __orig_class__ attribute on objects returned
+    when calling typing generic aliases (including generic
+    aliases created using typing.Annotated). Previously only
+    AttributeError was ignored. Patch by Dave Shawley.
+  - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
+  - gh-115059: io.BufferedRandom.read1() now flushes the
+    underlying write buffer.
+  - gh-79382: Trailing ** no longer allows to match files and
+    non-existing paths in recursive glob().
+  - gh-114071: Support tuple subclasses using auto() for enum
+    member value.
+  - gh-114763: Protect modules loaded with
+    importlib.util.LazyLoader from race conditions when
+    multiple threads try to access attributes before the
+    loading is complete.
+  - gh-97959: Fix rendering class methods, bound methods,
+    method and function aliases in pydoc. Class methods
+    no longer have “method of builtins.type instance”
+    note. Corresponding notes are now added for class and
+    unbound methods. Method and function aliases now have
+    references to the module or the class where the origin
+    was defined if it differs from the current. Bound methods
+    are now listed in the static methods section. Methods of
+    builtin classes are now supported as well as methods of
+    Python classes.
+  - gh-112281: Allow creating union of types for
+    typing.Annotated with unhashable metadata.
+  - gh-111775: Fix
+    importlib.resources.simple.ResourceHandle.open() for text
+    mode, added missed stream argument.
+  - gh-90095: Make .pdbrc and -c work with any valid pdb
+    commands.
+  - gh-107155: Fix incorrect output of help(x) where x is a
+    lambda function, which has an __annotations__ dictionary
+    attribute with a "return" key.
+  - gh-105866: Fixed _get_slots bug which caused error when
+    defining dataclasses with slots and a weakref_slot.
+  - gh-60346: Fix ArgumentParser inconsistent with
+    parse_known_args.
+  - gh-100985: Update HTTPSConnection to consistently wrap IPv6
+    Addresses when using a proxy.
+  - gh-100884: email: fix misfolding of comma in address-lists
+    over multiple lines in combination with unicode encoding.
+  - gh-95782: Fix io.BufferedReader.tell(),
+    io.BufferedReader.seek(), _pyio.BufferedReader.tell(),
+    io.BufferedRandom.tell(), io.BufferedRandom.seek() and
+    _pyio.BufferedRandom.tell() being able to return negative
+    offsets.
+  - gh-96310: Fix a traceback in argparse when all options in a
+    mutually exclusive group are suppressed.
+  - gh-93205: Fixed a bug in
+    logging.handlers.TimedRotatingFileHandler where multiple
+    rotating handler instances pointing to files with the same
+    name but different extensions would conflict and not delete
+    the correct files.
+  - bpo-44865: Add missing call to localization function in
+    argparse.
+  - bpo-43952: Fix multiprocessing.connection.Listener.accept()
+    to accept empty bytes as authkey. Not accepting empty bytes
+    as key causes it to hang indefinitely.
+  - bpo-42125: linecache: get module name from __spec__ if
+    available. This allows getting source code for the __main__
+    module when a custom loader is used.
+  - gh-66543: Make mimetypes.guess_type() properly parsing
+    of URLs with only a host name, URLs containing fragment
+    or query, and filenames with only a UNC sharepoint on
+    Windows. Based on patch by Dong-hee Na.
+  - bpo-33775: Add ‘default’ and ‘version’ help text for
+    localization in argparse.
+  - Documentation
+  - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under
+    “XML vulnerabilities”.
+  - gh-115233: Fix an example for LoggerAdapter in the Logging
+    Cookbook.
+  - Tests
+  - gh-83434: Disable JUnit XML output (--junit-xml=FILE
+    command line option) in regrtest when hunting for reference
+    leaks (-R option). Patch by Victor Stinner.
+  - gh-117187: Fix XML tests for vanilla Expat <2.6.0.
+  - gh-116333: Tests of TLS related things (error codes, etc)
+    were updated to be more lenient about specific error
+    message strings and behaviors as seen in the BoringSSL and
+    AWS-LC forks of OpenSSL.
+  - gh-115979: Update test_importlib so that it passes under
+    WASI SDK 21.
+  - gh-112536: Add –tsan to test.regrtest for running TSAN
+    tests in reasonable execution times. Patch by Donghee Na.
+  - gh-116307: Added import helper isolated_modules as
+    CleanImport does not remove modules imported during the
+    context. Use it in importlib.resources tests to avoid
+    leaving mod around to impede importlib.metadata tests.
+  - gh-115720: Leak tests (-R, --huntrleaks) now show a summary
+    of the number of leaks found in each iteration.
+  - gh-115122: Add --bisect option to regrtest test runner:
+    run failed tests with test.bisect_cmd to identify failing
+    tests. Patch by Victor Stinner.
+  - gh-115596: Fix ProgramPriorityTests in test_os permanently
+    changing the process priority.
+  - Build
+  - gh-116313: Get WASI builds to work under wasmtime 18 w/
+    WASI 0.2/preview2 primitives.
+  - gh-116117: Backport libb2’s PR #42 to fix compiling CPython
+    on 32-bit Windows with clang-cl.
+  - gh-115167: Avoid vendoring vcruntime140_threads.dll when
+    building with Visual Studio 2022 version 17.8.
+  - gh-112536: Add support for thread sanitizer (TSAN)
+  - Windows
+  - gh-117267: Ensure DirEntry.stat().st_ctime behaves
+    consistently with os.stat() during the deprecation
+    period of st_ctime by containing the same value as
+    st_birthtime. After the deprecation period, st_ctime
+    will be the metadata change time (or unavailable through
+    DirEntry), and only st_birthtime will contain the creation
+    time.
+  - gh-116773: Fix instances of <_overlapped.Overlapped object
+    at 0xXXX> still has pending operation at deallocation, the
+    process may crash.
+  - gh-91227: Fix the asyncio ProactorEventLoop implementation
+    so that sending a datagram to an address that is not
+    listening does not prevent receiving any more datagrams.
+  - gh-115554: The installer now has more strict rules about
+    updating the Python Launcher for Windows. In general, most
+    users only have a single launcher installed and will see no
+    difference. When multiple launchers have been installed,
+    the option to install the launcher is disabled until all
+    but one have been removed. Downgrading the launcher (which
+    was never allowed) is now more obviously blocked.
+  - gh-115543: Python Launcher for Windows can now
+    detect Python 3.13 when installed from the Microsoft
+    Store, and will install Python 3.12 by default when
+    PYLAUNCHER_ALLOW_INSTALL is set.
+  - gh-115049: Fixes py.exe launcher failing when run as users
+    without user profiles.
+  - gh-115009: Update Windows installer to use SQLite 3.45.1.
+  - IDLE
+  - gh-88516: On macOS show a proxy icon in the title bar of
+    editor windows to match platform behaviour.
+  - Tools/Demos
+  - gh-113516: Don’t set LDSHARED when building for WASI.
+  - C API
+  - gh-117021: Fix integer overflow in PyLong_AsPid() on
+    non-Windows 64-bit platforms.
+  - gh-116869: Make the C API compatible with
+  - Werror=declaration-after-statement compiler flag
+    again. Patch by Victor Stinner.
+
+- Use the system-wide crypto-policies [bsc#1211301]
+  * Use the system default cipher list instead of hardcoded values
+  * Add the --with-ssl-default-suites=openssl configure option
+
+- (bsc#1219666, CVE-2023-6597) Add
+  CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from
+  gh#python/cpython!99930) fixing symlink bug in cleanup of
+  tempfile.TemporaryDirectory.
+
+- Switch to %%autopatch. Let’s try it as an experiment, and if we
+  need conditional patch, we should put condition inside of it.
+- Remove double definition of /usr/bin/idle%%{version} in
+  %%files.
+
+- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
+  with Expat 2.6.0, gh#python/cpython#115288
+
+- (bsc#1210638, CVE-2023-27043) Add
+  CVE-2023-27043-email-parsing-errors.patch, which rejects
+  malformed addresses in email.parseaddr() (gh#python/cpython!111116)
+  Detect email address parsing errors and return empty tuple to
+  indicate the parsing error (old API). Add an optional 'strict'
+  parameter to getaddresses() and parseaddr() functions. Patch by
+  Thomas Dwyer.
+
+- Update to 3.12.2:
+  - Security
+  - gh-113659: Skip .pth files with names starting with a dot or
+    hidden file attribute.
+  - Core and Builtins
+  - gh-114887: Changed socket type validation in
+    create_datagram_endpoint() to accept all non-stream sockets.
+    This fixes a regression in compatibility with raw sockets.
+  - gh-114388: Fix a RuntimeWarning emitted when assign an
+    integer-like value that is not an instance of int to an
+    attribute that corresponds to a C struct member of type T_UINT
+    and T_ULONG. Fix a double RuntimeWarning emitted when assign a
+    negative integer value to an attribute that corresponds to a C
+    struct member of type T_UINT.
+  - gh-113703: Fix a regression in the codeop module that was
+    causing it to incorrectly identify incomplete f-strings. Patch
+    by Pablo Galindo
+  - gh-89811: Check for a valid tp_version_tag before performing
+    bytecode specializations that rely on this value being usable.
+  - gh-113602: Fix an error that was causing the parser to try to
+    overwrite existing errors and crashing in the process. Patch by
+    Pablo Galindo
+  - gh-113297: Fix segfault in the compiler on with statement with
+    19 context managers.
+  - gh-106905: Use per AST-parser state rather than global state to
+    track recursion depth within the AST parser to prevent potential
+    race condition due to simultaneous parsing.
+  - The issue primarily showed up in 3.11 by multithreaded users of
+    ast.parse(). In 3.12 a change to when garbage collection can be
+    triggered prevented the race condition from occurring.
+  - gh-112943: Correctly compute end column offsets for multiline
+    tokens in the tokenize module. Patch by Pablo Galindo
+  - gh-112716: Fix SystemError in the import statement and in
+    __reduce__() methods of builtin types when __builtins__ is not a
+    dict.
+  - gh-94606: Fix UnicodeEncodeError when
+    email.message.get_payload() reads a message with a Unicode
+    surrogate character and the message content is not well-formed
+    for surrogateescape encoding. Patch by Sidney Markowitz.
+  - Library
+  - gh-114965: Update bundled pip to 24.0
+  - gh-114959: tarfile no longer ignores errors when trying to
+    extract a directory on top of a file.
+  - gh-109475: Fix support of explicit option value “–” in argparse
+    (e.g. --option=--).
+  - gh-110190: Fix ctypes structs with array on Windows ARM64
+    platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by
+    Diego Russo
+  - gh-113280: Fix a leak of open socket in rare cases when error
+    occurred in ssl.SSLSocket creation.
+  - gh-77749: email.policy.EmailPolicy.fold() now always encodes
+    non-ASCII characters in headers if utf8 is false.
+  - gh-114492: Make the result of termios.tcgetattr() reproducible
+    on Alpine Linux. Previously it could leave a random garbage in
+    some fields.
+  - gh-113267: Revert changes in gh-106584 which made calls of
+    TestResult methods startTest() and stopTest() unbalanced.
+  - gh-75128: Ignore an OSError in
+    asyncio.BaseEventLoop.create_server() when IPv6 is available but
+    the interface cannot actually support it.
+  - gh-114257: Dismiss the FileNotFound error in
+    ctypes.util.find_library() and just return None on Linux.
+  - gh-114328: The tty.setcbreak() and new tty.cfmakecbreak() no
+    longer clears the terminal input ICRLF flag. This fixes a
+    regression introduced in 3.12 that no longer matched how OSes
+    define cbreak mode in their stty(1) manual pages.
+  - gh-101438: Avoid reference cycle in ElementTree.iterparse. The
+    iterator returned by ElementTree.iterparse may hold on to a file
+    descriptor. The reference cycle prevented prompt clean-up of the
+    file descriptor if the returned iterator was not exhausted.
+  - gh-104522: OSError raised when run a subprocess now only has
+    filename attribute set to cwd if the error was caused by a
+    failed attempt to change the current directory.
+  - gh-114149: Enum: correctly handle tuple subclasses in custom
+    __new__.
+  - gh-109534: Fix a reference leak in
+    asyncio.selector_events.BaseSelectorEventLoop when SSL
+    handshakes fail. Patch contributed by Jamie Phan.
+  - gh-114077: Fix possible OverflowError in
+    socket.socket.sendfile() when pass count larger than 2 GiB on
+    32-bit platform.
+  - gh-114014: Fixed a bug in fractions.Fraction where an invalid
+    string using d in the decimals part creates a different error
+    compared to other invalid letters/characters. Patch by Jeremiah
+    Gabriel Pascual.
+  - gh-113951: Fix the behavior of tag_unbind() methods of
+    tkinter.Text and tkinter.Canvas classes with three arguments.
+    Previously, widget.tag_unbind(tag, sequence, funcid) destroyed
+    the current binding for sequence, leaving sequence unbound, and
+    deleted the funcid command. Now it removes only funcid from the
+    binding for sequence, keeping other commands, and deletes the
+    funcid command. It leaves sequence unbound only if funcid was
+    the last bound command.
+  - gh-113877: Fix tkinter method winfo_pathname() on 64-bit
+    Windows.
+  - gh-113661: unittest runner: Don’t exit 5 if tests were skipped.
+    The intention of exiting 5 was to detect issues where the test
+    suite wasn’t discovered at all. If we skipped tests, it was
+    correctly discovered.
+  - gh-113781: Silence unraisable AttributeError when warnings are
+    emitted during Python finalization.
+  - gh-112932: Restore the ability for zipfile to extractall from
+    zip files with a “/” directory entry in them as is commonly
+    added to zips by some wiki or bug tracker data exporters.
+  - gh-113594: Fix UnicodeEncodeError in email when re-fold lines
+    that contain unknown-8bit encoded part followed by
+    non-unknown-8bit encoded part.
+  - gh-113538: In asyncio.StreamReaderProtocol.connection_made(),
+    there is callback that logs an error if the task wrapping the
+    “connected callback” fails. This callback would itself fail if
+    the task was cancelled. Prevent this by checking whether the
+    task was cancelled first. If so, close the transport but don’t
+    log an error.
+  - gh-85567: Fix resource warnings for unclosed files in pickle and
+    pickletools command line interfaces.
+  - gh-101225: Increase the backlog for
+    multiprocessing.connection.Listener objects created by
+    multiprocessing.manager and multiprocessing.resource_sharer to
+    significantly reduce the risk of getting a connection refused
+    error when creating a multiprocessing.connection.Connection to
+    them.
+  - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends
+    webbrowser.open audit event.
+  - gh-113028: When a second reference to a string appears in the
+    input to pickle, and the Python implementation is in use, we are
+    guaranteed that a single copy gets pickled and a single object
+    is shared when reloaded. Previously, in protocol 0, when a
+    string contained certain characters (e.g. newline) it resulted
+    in duplicate objects.
+  - gh-113421: Fix multiprocessing logger for %(filename)s.
+  - gh-111784: Fix segfaults in the _elementtree module. Fix first
+    segfault during deallocation of _elementtree.XMLParser instances
+    by keeping strong reference to pyexpat module in module state
+    for capsule lifetime. Fix second segfault which happens in the
+    same deallocation process by keeping strong reference to
+    _elementtree module in XMLParser structure for _elementtree
+    module lifetime.
+  - gh-113407: Fix import of unittest.mock when CPython is built
+    without docstrings.
+  - gh-113320: Fix regression in Python 3.12 where Protocol classes
+    that were not marked as runtime-checkable would be unnecessarily
+    introspected, potentially causing exceptions to be raised if the
+    protocol had problematic members. Patch by Alex Waygood.
+  - gh-113358: Fix rendering tracebacks for exceptions with a broken
+    __getattr__.
+  - gh-113214: Fix an AttributeError during asyncio SSL protocol
+    aborts in SSL-over-SSL scenarios.
+  - gh-113246: Update bundled pip to 23.3.2.
+  - gh-113199: Make http.client.HTTPResponse.read1 and
+    http.client.HTTPResponse.readline close IO after reading all
+    data when content length is known. Patch by Illia Volochii.
+  - gh-113188: Fix shutil.copymode() and shutil.copystat() on
+    Windows. Previously they worked differenly if dst is a symbolic
+    link: they modified the permission bits of dst itself rather
+    than the file it points to if follow_symlinks is true or src is
+    not a symbolic link, and did not modify the permission bits if
+    follow_symlinks is false and src is a symbolic link.
+  - gh-61648: Detect line numbers of properties in doctests.
+  - gh-112559: signal.signal() and signal.getsignal() no longer call
+    repr on callable handlers. asyncio.run() and
+    asyncio.Runner.run() no longer call repr on the task results.
+    Patch by Yilei Yang.
+  - gh-110190: Fix ctypes structs with array on PPC64LE platform by
+    setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo.
+  - gh-79429: Ignore FileNotFoundError when remove a temporary
+    directory in the multiprocessing finalizer.
+  - gh-81194: Fix a crash in socket.if_indextoname() with specific
+    value (UINT_MAX). Fix an integer overflow in
+    socket.if_indextoname() on 64-bit non-Windows platforms.
+  - gh-112343: Improve handling of pdb convenience variables to
+    avoid replacing string contents.
+  - gh-111615: Fix a regression caused by a fix to gh-93162 whereby
+    you couldn’t configure a QueueHandler without specifying
+    handlers.
+  - gh-111049: Fix crash during garbage collection of the io.BytesIO
+    buffer object.
+  - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in
+    tkinter._test().
+  - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now
+    raises BadZipFile when try to read an entry that overlaps with
+    other entry or central directory.
+  - gh-114440: On Windows, closing the connection writer when
+    cleaning up a broken multiprocessing.Queue queue is now done for
+    all queues, rather than only in concurrent.futures manager
+    thread. This can prevent a deadlock when a multiprocessing
+    worker process terminates without cleaning up. This completes
+    the backport of patches by Victor Stinner and Serhiy Storchaka.
+  - gh-38807: Fix race condition in trace. Instead of checking if a
+    directory exists and creating it, directly call os.makedirs()
+    with the kwarg exist_ok=True.
+  - gh-75705: Set unixfrom envelope in mailbox.mbox and
+    mailbox.MMDF.
+  - gh-106233: Fix stacklevel in InvalidTZPathWarning during
+    zoneinfo module import.
+  - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure
+    when the system endianness is the opposite of the classes.
+  - gh-104282: Fix null pointer dereference in
+    lzma._decode_filter_properties() due to improper handling of BCJ
+    filters with properties of zero length. Patch by Radislav
+    Chugunov.
+  - gh-102512: When os.fork() is called from a foreign thread (aka
+    _DummyThread), the type of the thread in a child process is
+    changed to _MainThread. Also changed its name and daemonic
+    status, it can be now joined.
+  - bpo-35928: io.TextIOWrapper now correctly handles the decoding
+    buffer after read() and write().
+  - bpo-26791: shutil.move() now moves a symlink into a directory
+    when that directory is the target of the symlink. This provides
+    the same behavior as the mv shell command. The previous behavior
+    raised an exception. Patch by Jeffrey Kintscher.
+  - bpo-36959: Fix some error messages for invalid ISO format string
+    combinations in strptime() that referred to directives not
+    contained in the format string. Patch by Gordon P. Hemsley.
+  - bpo-18060: Fixed a class inheritance issue that can cause
+    segfaults when deriving two or more levels of subclasses from a
+    base class of Structure or Union.
+  - Documentation
+  - gh-110746: Improved markup for valid options/values for methods
+    ttk.treeview.column and ttk.treeview.heading, and for Layouts.
+  - gh-95649: Document that the asyncio module contains code taken
+    from v0.16.0 of the uvloop project, as well as the required MIT
+    licensing information.
+  - Tests
+  - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS,
+    where system tar can include more information in the archive
+    than shutil.make_archive.
+  - gh-105089: Fix
+    test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write
+    test in AIX by doing a bitwise AND of 0xFFFF on mode , so that
+    it will be in sync with zinfo.external_attr
+  - bpo-40648: Test modes that file can get with chmod() on Windows.
+  - Build
+  - gh-112305: Fixed the check-clean-src step performed on out of
+    tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h
+    files and recommend appropriate source tree cleanup steps to get
+    a working build again.
+  - gh-112867: Fix the build for the case that
+    WITH_PYMALLOC_RADIX_TREE=0 set.
+  - bpo-11102: The os.major(), os.makedev(), and os.minor()
+    functions are now available on HP-UX v3.
+  - bpo-36351: Do not set ipv6type when cross-compiling.
+  - IDLE
+  - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and
+    ‘object’.
+  - gh-72284: Improve the lists of features, editor key bindings,
+    and shell key bingings in the IDLE doc.
+  - gh-113903: Fix rare failure of test.test_idle, in
+    test_configdialog.
+  - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and
+    3.12.1.
+  - gh-113269: Fix test_editor hang on macOS Catalina.
+  - gh-112898: Fix processing unsaved files when quitting IDLE on
+    macOS.
+  - gh-103820: Revise IDLE bindings so that events from mouse button
+    4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not
+    mistaken for scrolling.
+  - bpo-13586: Enter the selected text when opening the “Replace”
+    dialog.
+  - Tools/Demos
+  - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and
+    multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1.
+  - gh-115015: Fix a bug in Argument Clinic that generated incorrect
+    code for methods with no parameters that use the METH_METHOD |
+    METH_FASTCALL | METH_KEYWORDS calling convention. Only the
+    positional parameter count was checked; any keyword argument
+    passed would be silently accepted.
+- Refresh patches:
+  - bpo-31046_ensurepip_honours_prefix.patch
+  - fix_configure_rst.patch
+  - no-skipif-doctests.patch
+  - python-3.3.0b1-fix_date_time_compiler.patch
+  - python-3.3.0b1-localpath.patch
+  - python-3.3.0b1-test-posix_fadvise.patch
+  - skip-test_pyobject_freed_is_freed.patch
+  - subprocess-raise-timeout.patch
+
qclib
+- Applied a patch to change the _PATH_MOUNTED (bsc#1222143)
+  * qclib-change-_PATH_MOUNTED.patch
+
+- Upgrade to version 2.4.1 (jsc#PED-3285)
+  * Handle systems with `/sys/kernel/security/lockdown` enabled
+  * Consistency check: Fix accounting of reserved cores and CPUs
+  * Trace: Fix display of version information
+  * Doxygen config: Remove unused options
+- Removed obsolete patch qclib-sys-kernel-security-lockdown-enabled.patch
+
qemu
+- Backports and bugfixes:
+  * hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum() (bsc#1222841, CVE-2024-3567)
+  * hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)
+  * hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)
+  * hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)
+  * hw/virtio: Introduce virtio_bh_new_guarded() helper (bsc#1222843, CVE-2024-3446)
+  * hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (bsc#1222845, CVE-2024-3447)
+  * hw/nvme: Use pcie_sriov_num_vfs() (bsc#1220065, CVE-2024-26328)
+
+- Update to version 8.2.2. Full changelog here:
+  https://lore.kernel.org/qemu-devel/1709577077.783602.1474596.nullmailer@tls.msk.ru/
+  Some upstream backports:
+  * chardev/char-socket: Fix TLS io channels sending too much data to the backend
+  * tests/unit/test-util-sockets: Remove temporary file after test
+  * hw/usb/bus.c: PCAP adding 0xA in Windows version
+  * hw/intc/Kconfig: Fix GIC settings when using "--without-default-devices"
+  * gitlab: force allow use of pip in Cirrus jobs
+  * tests/vm: avoid re-building the VM images all the time
+  * tests/vm: update openbsd image to 7.4
+  * target/i386: leave the A20 bit set in the final NPT walk
+  * target/i386: remove unnecessary/wrong application of the A20 mask
+  * target/i386: Fix physical address truncation
+  * target/i386: check validity of VMCB addresses
+  * target/i386: mask high bits of CR3 in 32-bit mode
+  * pl031: Update last RTCLR value on write in case it's read back
+  * hw/nvme: fix invalid endian conversion
+  * update edk2 binaries to edk2-stable202402
+  * update edk2 submodule to edk2-stable202402
+  * target/ppc: Fix crash on machine check caused by ifetch
+  * target/ppc: Fix lxv/stxv MSR facility check
+  * .gitlab-ci.d/windows.yml: Drop msys2-32bit job
+  * system/vl: Update description for input grab key
+  * docs/system: Update description for input grab key
+  * hw/hppa/Kconfig: Fix building with "configure --without-default-devices"
+  * tests/qtest: Depend on dbus_display1_dep
+  * meson: Explicitly specify dbus-display1.h dependency
+  * audio: Depend on dbus_display1_dep
+  * ui/console: Fix console resize with placeholder surface
+  * ui/clipboard: add asserts for update and request
+  * ui/clipboard: mark type as not available when there is no data
+  * ui: reject extended clipboard message if not activated
+  * target/i386: Generate an illegal opcode exception on cmp instructions with lock prefix
+  * i386/cpuid: Move leaf 7 to correct group
+  * i386/cpuid: Decrease cpuid_i when skipping CPUID leaf 1F
+  * i386/cpu: Mask with XCR0/XSS mask for FEAT_XSAVE_XCR0_HI and FEAT_XSAVE_XSS_HI leafs
+  * i386/cpu: Clear FEAT_XSAVE_XSS_LO/HI leafs when CPUID_EXT_XSAVE is not available
+  * .gitlab-ci/windows.yml: Don't install libusb or spice packages on 32-bit
+  * iotests: Make 144 deterministic again
+  * target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking ARM_FEATURE_PMU
+  * target/arm: Fix SVE/SME gross MTE suppression checks
+  * target/arm: Handle mte in do_ldrq, do_ldro
+- Address bsc#1220310. Backported upstream commits:
+  * ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS
+  * ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs.
+
qemu:qemu-linux-user
+- Backports and bugfixes:
+  * hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum() (bsc#1222841, CVE-2024-3567)
+  * hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)
+  * hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)
+  * hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)
+  * hw/virtio: Introduce virtio_bh_new_guarded() helper (bsc#1222843, CVE-2024-3446)
+  * hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (bsc#1222845, CVE-2024-3447)
+  * hw/nvme: Use pcie_sriov_num_vfs() (bsc#1220065, CVE-2024-26328)
+
+- Update to version 8.2.2. Full changelog here:
+  https://lore.kernel.org/qemu-devel/1709577077.783602.1474596.nullmailer@tls.msk.ru/
+  Some upstream backports:
+  * chardev/char-socket: Fix TLS io channels sending too much data to the backend
+  * tests/unit/test-util-sockets: Remove temporary file after test
+  * hw/usb/bus.c: PCAP adding 0xA in Windows version
+  * hw/intc/Kconfig: Fix GIC settings when using "--without-default-devices"
+  * gitlab: force allow use of pip in Cirrus jobs
+  * tests/vm: avoid re-building the VM images all the time
+  * tests/vm: update openbsd image to 7.4
+  * target/i386: leave the A20 bit set in the final NPT walk
+  * target/i386: remove unnecessary/wrong application of the A20 mask
+  * target/i386: Fix physical address truncation
+  * target/i386: check validity of VMCB addresses
+  * target/i386: mask high bits of CR3 in 32-bit mode
+  * pl031: Update last RTCLR value on write in case it's read back
+  * hw/nvme: fix invalid endian conversion
+  * update edk2 binaries to edk2-stable202402
+  * update edk2 submodule to edk2-stable202402
+  * target/ppc: Fix crash on machine check caused by ifetch
+  * target/ppc: Fix lxv/stxv MSR facility check
+  * .gitlab-ci.d/windows.yml: Drop msys2-32bit job
+  * system/vl: Update description for input grab key
+  * docs/system: Update description for input grab key
+  * hw/hppa/Kconfig: Fix building with "configure --without-default-devices"
+  * tests/qtest: Depend on dbus_display1_dep
+  * meson: Explicitly specify dbus-display1.h dependency
+  * audio: Depend on dbus_display1_dep
+  * ui/console: Fix console resize with placeholder surface
+  * ui/clipboard: add asserts for update and request
+  * ui/clipboard: mark type as not available when there is no data
+  * ui: reject extended clipboard message if not activated
+  * target/i386: Generate an illegal opcode exception on cmp instructions with lock prefix
+  * i386/cpuid: Move leaf 7 to correct group
+  * i386/cpuid: Decrease cpuid_i when skipping CPUID leaf 1F
+  * i386/cpu: Mask with XCR0/XSS mask for FEAT_XSAVE_XCR0_HI and FEAT_XSAVE_XSS_HI leafs
+  * i386/cpu: Clear FEAT_XSAVE_XSS_LO/HI leafs when CPUID_EXT_XSAVE is not available
+  * .gitlab-ci/windows.yml: Don't install libusb or spice packages on 32-bit
+  * iotests: Make 144 deterministic again
+  * target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking ARM_FEATURE_PMU
+  * target/arm: Fix SVE/SME gross MTE suppression checks
+  * target/arm: Handle mte in do_ldrq, do_ldro
+- Address bsc#1220310. Backported upstream commits:
+  * ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS
+  * ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs.
+
remmina
+- Fix dependency on SLE-15-SP6
+
+- Update to 1.4.35 stable release.
+
+- Update to version 1.4.34~git.20240221 (boo#1220149):
+  * Updated call to set FreeRDP_LoadBalanceInfo
+  * Revert setting loadbalanceinfo to the old method used before FreeRDP3
+  * Add FreeRDP version to cmake status messages
+  * FreeRDP3: Fix crash with disablepasswordstoring enabled
+  * [REM-3047] fix issue compiling with gcc-14
+  * Check if WINPR_ASSERT is defined
+  * Allow running an SSH command when connecting via ssh tunnel
+  * Fix build for openssl-1.1
+
+- Update to version 1.4.33~git.20240124:
+  * Add support for FreeRDP 3.x
+  * Allow Remmina to be built without FreeRDP
+  * Made file not empty to allow setting for Service Desk
+
+- Update to version 1.4.33:
+  * Add shortcut for 'send clipboard as keystrokes'
+  * Make keeping window open on session disconnect configurable
+  * Fix crash cause by using freed memory
+
+- Update to remmina version 1.4.32:
+  * [REM2916] Added option to kill async process started by
+    exec plugin on tab close
+  * Fix search bar toggle behavior
+  * Fix memory leaks
+  * [REM-2920] Password visibility can now be toggled on remmina_message_panels
+  * Remove SSH file paths from remmina file when unchecking box in profile edit
+  * Solved issue #2910 - Added support for IPv6 with fallback to IPv4 for ssh
+  * Fix UI bugs in Remmina Preferences set new password
+  * Fix memory leaks and change GTK critical errors to remmina warnings
+    for null icon autostart file
+  * [REM-2926] Added ability to set a fixed aspect ratio for vnc connections
+  * [REM-2936] Fix crash related to unmap events
+  * [REM-2938] Improved ordering of tray icon menu items
+  * Fix memory leaks in remmina_plugin_manager_init with g_free and g_ptr_array_free
+  * Remote assistance
+  * Spelling: Various strings for assistance mode
+  * Fix some compiler warnings
+  * Ability to SPICE connect to unix domain socket
+  * update multi monitor icon
+  * Save toggle options when duplicating connection
+  * New feature: Allow user to specify use of modifiers when changing key preferences
+  * [REM-2914] Alert user of unexpected disconnect instead of immediately closing
+    the connection window
+  * Fix Remmina not using @REMMINA_BINARY_PATH@
+  * Highlight top bar when Grab all keyboard events is enabled
+  * [REM-2850] Add ability to automatically move mouse to keep RDP connections alive
+  * Remove unnecessary parameters from remmina_public_get_server_port_wrapper
+  * Fix freeze that occurs when loading in python modules properly
+  * [REM-1923] Fix handling of pause break key for RDP connections
+  * [REM-2971] When quiting Remmina from the system tray the are you sure
+    prompt now functions properly
+
+- Update to remmina version 1.4.31:
+  * [REM-2874] muli password changer search now matches partial
+    strings !2480
+  * Fix segfault in VNC when using domain socket !2481
+  * Switched pylist Append to SetItem !2482
+  * Template texts updated !2484
+  * Add menu option to delete multiple profiles at the same time !2483
+  * add 1080p as a default resolution to remmina_pref.c !2486
+  * Remove character limit on password length !2489
+  * Create better postats.html !2488
+  * Redesign santahat.png & add santahat.svg !2492
+  * Edit preferences UI !2491
+  * Change the icon of the new connection button !2493
+  * Modify the checkbox of the appearance-tab !2494
+  * Add valign to the switch of the debugging window !2495
+  * plugins/rdp: Ensure output redirection configuration applies to
+    both dynamic and static rdpsnd !2498
+
+- Update to remmina version 1.4.30
+  * Add text mime type formats to RDP clibpoard !2459
+  * Ensure timer is null after destruction !2462
+  * Ability to view passwords in the clear using a toggle in the
+    password field !2460
+  * Made icons viewable in lower resulution. !2463
+  * Improve mime file !2464
+  * [REM-2809] Appearance preferences now refresh in the main window when
+    the user... !2466
+  * This should be a message instead of a info print.
+    So that the user can see it by default. !2461
+  * remmina_rdp_monitor_get(): fix maxw, maxh and monitorids calculation !2467
+  * Rem 2864 !2469
+  * Fix undefined symbol error when importing gi in a python extension !2470
+  * Rem 2864 !2472
+  * [REM-1987] allow for dynamic resolution updates for vnc connections !2476
+  * Fix overlapping text in preferences menu, terminal tab !2477
+  * Allow could not authenticate banner to go away after successful
+    reauthentication !2478
+  * Add environments for easy manual testing !2473
+
+- Update to remmina version 1.4.29
+  * Hiroyuki Tanaka added to README :) !2451
+  * Initial macOS support !2453
+  * X2Go error-message consistency !2452
+  * Avoid crash when closing, fixes issue #2832 !2454
+  * Update Copyright for 2023 !2455
+  * Aligning local and downstream jsons !2456
+- Update to remmina version 1.4.28
+  * Some minor RDP fixes !2415
+  * Mathias Winterhalter's avatar Fix Unix socket support for VNC !2417
+  * GVNC: Fixed JPEG quality encoding advertizing !2418
+  * Fix missing null checks causing signal 11 !2419
+  * Add modified date to SFTP file list !2420
+  * Adding Labels/Tags !2421
+  * Spelling: Hostname !2422
+  * X2Go: Fix annoying default_username bug. !2423
+  * plugins/x2go/x2go_plugin.c: Fix tip and comment sentence !2424
+  * Remove webkit_settings_set_enable_frame_flattening() for newer WekbKitGTK, fixes #2780 !2425
+  * Change password including gateway !2427
+  * Improve rcw close !2429
+  * Multiple changes to build and run with libsoup 3.0 !2431
+  * X2Go: Add ssh_passphrase and ssh_privatekey settings. !2428
+  * RDP: Add option to disable output suppression !2432
+  * Spelling: "Passphrase" → "password" !2433
+  * Fix compile warnings and some spelling corrections !2434
+  * [Rem-2782] Display protocol name in tooltip for connections in the ... menu... !2436
+  * [Rem-2782] Added protocol icons in drop-down menu !2438
+  * Fix widget reparenting when entering/exiting fullscreen !2439
+  * Rem 2760 !2440
+  * Allow building on a Wayland-only environment - version 4 !2437
+  * [Rem-2564] Allow for VNC runtime adjustment of color depth !2442
+  * Fix floating toolbar not disappearing when in fullscreen and keyboard grabbed !2441
+  * Revert "Merge branch 'Rem-2564' into 'master'" !2443
+  * [Rem-2654] Allow for runtime adjustment of colour depth, both increasing and decreasing !2444
+  * [Rem-2564] Changed declaration of variables to be compatible with different Ubuntu version !2445
+  * [Rem-2682] Added view-only mode for RDP !2447
+  * Removing the news widget !2446
+  * Updated Flatpak manifest files to match GitHub !2448
+  * Add missing include for X11/Wayland conditional !2450
+- Drop libsoup_2_and_3_support.patch because now in upstream.
+
+- Add libsoup_2_and_3_support.patch: support libsoup 3.0
+  (boo#1204492).
+- Build against libsoup 3 on Tumbleweed.
+
+- Set CMAKE_SKIP_RPATH to avoid writing bogus RUNPATH to
+  binaries and modules
+- Spec cleanup
+
+- Updated to remmina version 1.4.27
+  * Fix dangling pointer after scrolled container destruction.
+  * Strengthen remmina file set string
+  * Refactoring and minor fixes
+  * launcher.sh is compatible with xfce4-terminal and gnome-terminal now.
+  * Fix #2473 - revive rcw_focus_out_event to avoid sticky Alt on Alt-TAB
+  * New SSH color schemes.
+  * Some grammar fixes.
+- Removed 2734-flatpak-crash.patch
+
+- Added 2734-flatpak-crash.patch to fix an issue reported on upstream:
+  [#2580]: "Closing RDP connection quits Remmina without an error message"
+
+- Do not recommend lang package: the lang package has smarter
+  supplements in place.
+
+- Updated to remmina version 1.4.26
+- Major improvements:
+  * A Python plugin/API (you can write Remmina plugins in Python now!!!)
+  * X11 Forward for the SSH plugin @marco.fortina
+  * Kiosk improvements and new command lines options
+- Other changes:
+  * Fix trial for 2577: Closing a VNC connection makes Remmina close all other...
+  * Handle after-auth connection errors in VNC properly
+  * Using Remmina from command-line for kiosked servers
+  * Manual page refactoring fixes #2056 (closed)
+  * Add mutex to protect RDP clipboard->srv_data. Fixes #2666 (closed)
+  * Add '--no-tray-icon' command-line option
+  * Make FreeRDPs TLS Security Level setting accessible in the advanced settings view
+  * Disable grabs for SSH and SFTP, #closes #2728 (closed)
+  * Cannot disable shared folder
+  * Use PyInitializeEx in order to skip signal handler registration
+  * Ignore add new connection button in kiosk mode
+  * WWW plugin refactoring
+
+- Updated to remmina version 1.4.25
+  * kiosk: Drop GNOME MediaKeys plugin !2377
+  * Honour soft links target in SFTP !2379
+  * Optional close confirmation !2380
+  * Fix some build warnings !2382
+  * Fix manpages !2378
+  * Snap cleanup + kwallet support !2381
+  * Deprecations and amend g_date_time_format_iso8601 !2383
+  * Fixes to snap build !2384
+  * Removing dependencies that are available as extensions !2385
+  * FreeRDP_OffscreenSupportLevel is of type UINT32 !2386
+  * Minor fixes !2387
+  * Get the right value for FreeRDP_AutoReconnectMaxRetries !2388
+
+- Updated to remmina version 1.4.24
+  * Contribution section added to issue template
+  * Language of VNC encoding cleaned up
+  * Remmina Hardening and Compliance
+  * Remmina_preferences language reworked
+  * Thanks 2021
+  * Resolve "Follow-up from "Remmina_preferences language reworked""
+  * Encryption level language reworked
+  * Issue 2122 : Confirm on close of window
+  * Adding flush and cairo clean up
+
+- Updated to remmina version 1.4.23
+  * Patch for a Remmina segfault and stats code cleaning !2358
+  * Make Appindicator optional !2359
+  * Added check-box to force tight encoding for VNC connections !2360
+  * remote resolution: use multiple of four !2353
+  * Add Keyboard mapping per client RDP !2361
+  * Improve TLS error message, fixes #2364 (closed) !2362
+  * Triage policy language reworked !2363
+
+- Updated to remmina version 1.4.22
+  * Fix crash if main window is closed #1692 (closed) !2330
+  * Main window position reset after opening a connection (issue 2587) !2331
+  * File Interface refactoring !2332
+  * CMake refactoring and build time warnings !2333
+  * Add Croatian language to desktop shortcuts and infos !2334
+  * Appdata corrections and renewal !2336
+  * Fixes for freerdp3 compatibility. !2337
+  * X2Go: Rewrite dialog-system; Ask users which session to resume... !2328
+  * int main(): print instructions how to enable a more verbose output of remmina !2338
+  * Mitigations for #2635 (closed) (default printer) with freerdp < 3 !2343
+  * X2Go: Add a session-terminate button into the session resuming selection menu !2339
+  * Properly warn users when using a plugin which requires GtkSocket !2340
+  * x2go_plugin.c: Make changes to source strings for translations. !2344
+  * Fix ubuntu-impish-amd64 build errors. !2345
+  * Hopefully fix Ubuntu Impish Build !2347
+  * Fix string format !2348
+  * 2634-ssh-opening-command !2342
+  * New debug strings reworked !2341
+  * Deduplicated "Started PyHoca" string !2346
+  * Removing the Remmina stats sender and repurposing Remmina stats !2350
+  * X2Go: Major rewrite of session-terminating system. !2349
+  * Message about debugging info reworked !2351
+  * Strings in rcw.c reworked !2352
+  * VNC custom encodings to avoid corrupted frames. !2354
+  * X2Go format string bugs !2355
+
+- Updated to remmina version 1.4.21
+  * Nullify host if qucikconnect isn't a valid address
+  * rdp_plugin.c: Fix dereferencing of NULL variable when profile name is empty
+  * Resolve label spacing in preferences window
+  * GNOME 40 runtime and other updates
+  * Add support for ESX web console login
+  * Added RDP general option to remap scancodes
+  * Back compatibility with WebKit < 2.32.0
+  * Make screenshot file names iso8601 compliant
+  * Typo in bug-report template
+  * Typo in merge-request template
+  * Implementing restricted-mode and password hash
+  * Unitialized var by @qarmin (Rafał Mikrut ). Closes #2594
+  * Add integer-only input field for plugin settings in Remmina Editor
+  * Adding VNCI Listen port field tooltip
+  * Fix the translation problem of "tooltip" in ssh window
+  * Rework x2go_plugin.c to comply with remmina coding style.
+  * Add validation system for Remmina Editor
+  * Small changes to README, AUTHORS and error message adjusting in remmina_file_editor.c
+  * remmina_file_editor.c: Readd by mistake removed '!'
+  * Mitigation for #1951 and extra RDP clibpoard debug messages
+  * Rollback Let's Encrypt SSL workaround
+  * Add RDP clipboard support for Microsoft HTML Clipboard Format
+  * Building FreeRDP with icu support
+  * Resource renaming to comply with the Freedesktop rules
+- Package all icons in the main package
+- The new x2go packages are not yet packaged, as x2go is not available in the
+  openSUSE distributions
+
+- the following plug-ins are no longer generated:
+  * remmina-plugin-xdmcp
+  * remmina-plugin-nx
+  * remmina-plugin-st
+- Removed obsolete mark-appindicator-as-required.patch
+- Update ro remmina 1.4.20
+  * Mark appindicator as required !2290
+  * Disabling XDMCP, NX, and ST !2291
+  * Remove plugins/st,xdmcp,nx for submodule replacement !2292
+  * SSH tunnel MFA !2293
+  * Adding connection profiles menu into the toolbar !2295
+  * Resolve "Preferences buttons not working since v1.4.19" !2296
+  * Some X11 related functions cleanup
+
+- App-Indicator is now required
+- Added upstream mark-appindicator-as-required.patch to see better error messages
+  when appindicator is not around
+- Update to 1.4.19
+  * Fix Freerdp Git Revision !2277
+  * UI improvements and cleanup !2278
+  * Desktop integration for the Remmina SNAP !2279
+  * Add process-control to the remmina snap !2276
+  * Adding SSH_AGENT support to the snap package !2280
+  * Adding option to disable smooth scrolling !2281
+  * Scrolled Viewport: use viewport_motion_handler as the only timeout indicator !2282
+  * Adding TCP redirection through rdp2tcp !2283
+  * Added setting for RDP number of reconnect attempts !2284
+  * Add RDP reconnect interrupt on window close, fix crash introduced with 7c13b918.
+    Should fix #2079 (closed) !2286
+  * Removing GtkStatusIcon as deprecated !2285
+  * Adding advanced option to share multiple folders !2287
+  * Profile list grabs the focus when search is hidden !2288
+
+- Update to 1.4.18
+  * Try more shells as launcher if default isn't found !2269
+  * Minor fixes for v1.4.17 !2270
+  * SSH session improvements !2271
+  * Fixes - Auto-start file created on tray icon disabled !2272
+  * RDP: Remove older usage of ClientHostname
+  * Fix libfreerdp version check
+  * Explicitly set user resolution to a multiple of 4
+  * Code refactoring - ASAN exceptions !2274
+- Fixed remmina-plugin-nx dependencies
+
+- Update to 1.4.17
+  * Fix build with musl libc
+  * Fix typos
+  * Improving CI cache
+  * Fix System Tray Icon Broken/Missing
+  * VNC quality deafults now to good
+  * Flatpak refactoring
+  * Adding Gateway websocket support
+  * Revert "Linking snap and flatpak to FreeRDP 2.3.1"
+  * Set FreeRDP config path to Remmina profiles path
+- Fixed build-logic for NX, enable per default
+- Enable kwallet and appindicator non SLE distributions
+
+- Rename internal bcond from nx to remmina_nx
+- Use cmake_build
+- Use bcond for kwallet, which defaults to enabled
+- Use bcond for appindicator, which defaults to disabled
+  GtkStatusIcon works everywhere, while Appindicator works just in KDE
+
+- Update to 1.4.16
+  * Fix Data PATH for the FreeRDP files
+
+- Update to 1.4.15
+  * Fixing SSH plugin colour palette initialization. !2255
+
+- Update to 1.4.14
+  * NEW: Experimental VNC plugin using GTK-VNC
+  * VNC - Ignore remote Bell option and other fixes !2237
+  * Fixing color palette size for themed SSH !2253
+  * Bump FreeRDP version to 2.3.2 !2226
+  * Fixes search bar shortcuts wrong bahavior
+  * Honour theme settings when run from command line
+  * FTP UI improvements
+  * Config SSH tunnel username takes precedence.
+  * Allow groups to be expanded and collapsed by using the keyboard
+  * Fixing VNC repeater logic.
+  * Send text clipboard content as keystrokes
+  * scrolled viewport: explicitly recheck whether the timeout is active
+  * Resolve Host+Page_Down triggers search text in SSH
+  * UNIX sockets initial support
+  * Fixed wrong freerdp_settings function use
+  * Fixing RemminaConnectionWindow map/unmap events
+  * Spelling: Comma-separated, List monitor IDs
+  * Set Remmina specific FreeRDP config data folder
+  * Optional port connection instead of server
+  * Resolve "Use LZO compression for Snap to improve startup speed"
+  * Make wayland not mandatory during compile time
+  * Do not use alpha as it is not used for the Desktop
+  * Refactoring: Deprecations and warnings
+  * Removing unneeded widgets in the headerbar
+
+- Update to 1.4.13
+  * Use freerdp_settings_get|set API
+  * rdp: Allow autoreconnect for ERRINFO_GRAPHICS_SUBSYSTEM_FAILED
+  * Disable cert file auth when libssh < 0.9.0
+  * Removing redundant subtitle
+  * Removing redundant ssh_userauth_none
+  * Fix build issues on openSUSE
+- Drop upstream_build_fixes.patch
+
+- Update to release 1.4.12
+  * New features:
+  - Multi-monitor support !2184 (merged) @antenore
+  - Adding SSH certificate authentication !2208 (merged) @antenore
+  * Improvements
+  - Improved spelling, fixed typos
+  - Some refactoring and fixes for 1.4.11 !2198 (merged) @antenore
+  - Revert "rdp/event: Fix wheel value for GDK_SCROLL_DOWN events"
+    !2199 (merged) @pnowack
+  - Resolve "Left-handed mouse support" !2200 (merged) @antenore
+  - Rafactoring: GResource based UI elements !2201 (merged) @antenore
+  - Refactoring SSH themes !2205 (merged) @antenore
+  - Removing legacy audio settings !2207 (merged) @antenore
+  - Refactoring SSH tunnel authentication. #2414 (closed) !2211 (merged) @antenore
+  - Improve pre-connection FreeRDP channel initializations !2212 (merged) @antenore
+  * Fixes
+  - Invalid connection option ":port" removed !2193 (merged) @kingu
+  - Add ifdefs for SPICE version less then 0.38
+    (fix #2408 (closed)) !2195 (merged) @hadogenes
+  - Fix for #2408 (closed) building with older SPICE libraries
+    !2194 (merged) @jweberhofer
+  - Ignoring GLib functions if on versions older than 2.56 !2196 (merged) @antenore
+  - Fixing compiler errors related to Python plugin support on master
+    !2178 (merged) @ToolsDevler
+  - Fixes for multi-monitor and Weblate !2202 (merged) @antenore
+  - Fixing memory leaks and minor bugs !2206 (merged) @antenore
+- Added  upstream_build_fixes.patch to fix several build issues on wayland
+- Removed patches fix_upstream_2196_older_glib_issue.patch
+  and fix_upstream_2195_spice_plugin.patch
+
+- Added fix_upstream_2196_older_glib_issue.patch  to allow building with
+  older glib versions
+
+- Added fix_upstream_2195_spice_plugin.patch to allow building on older
+  opensuse versions
+
+- Update to release 1.4.11
+  * New features:
+  - Implementing simple SSH multi factor authentication.
+    !2162 (merged) @antenore
+  - Implementing dynamic resolution in SPICE plugin
+    !2150 (merged) @hadogenes
+  - Disabling Python support by default !2158 (merged) @antenore
+  - Add capability to load Python plugins (not finished).
+    !2157 (merged) @ToolsDevler
+  * Improvements
+  - Suppress Output PDU when the RDP window is not visible
+    !2159 (merged) @antenore
+  - Several improvements on spelling
+  - Command line help improvements !2185 (merged) @antenore
+  - Improving error detection !2181 (merged) @antenore
+  - Using curly double quotes where possible !2182 (merged) @antenore
+  - Refactoring the RCW toolbar to use the right tool items types
+    !2188 (merged) @antenore
+  * Fixes
+  - rdp/cliprdr: Fix header of FormatList message !2147 (merged) @pnowack
+  - rdp/event: Fix wheel value for GDK_SCROLL_DOWN events !2149 (merged) @pnowack
+  - Resolve "Remmina does not handle file:///some/path/to/file.rdp syntax"
+    !2152 (merged) @antenore
+  - Resolve "SSH tunneling, honoring ssh_config (User, HostKeyAlias,
+    ProxyJump, HostKeyAlgorithms, IdentitiesOnly, etc.)"
+    !2154 (merged) @antenore
+  - Resolve "While in the main window, bind F10 keyboard shortcut to
+    toggling the main menubutton" !2156 (merged) @antenore
+  - Refactoring SSH plugin !2160 (merged) @antenore
+  - Remove extra parenthesis !2164 (merged) @yurchor
+  - Spice option to choose Prefered Video Codec and Image Compressor
+    !2165 (merged) @hadogenes
+  - Correct iterating lines in string - address sanitizer fix #2390 (closed)
+    !2174 (merged) @hadogenes
+  - Correct freeing memory in spice !2175 (merged) @hadogenes
+  - Issue/2391 randomness !2176 (merged) @antenore
+  - Resolve "Missing keyboard shortcuts to toggle search (Ctrl+F, Escape),
+    and closing the search doesn't clear the search" !2179 (merged) @antenore
+  - Resolve "Always false contition in remmina_ssh.c" !2180 (merged) @antenore
+  - Fix minor typo !2186 (merged) @yurchor
+  - Resolve "Remmina Crashes when opening the preferences with the accelerator"
+    !2189 (merged) @antenore
+  - Fixing #2401 (closed) - crash when using ctrl+p !2190 (merged) @antenore
+
+- Update to release 1.4.10
+  * Resolve "RDP Black Screen on connection" !2123 @antenore
+  * Correctly importing and exporting audiocapturemode, closes #2349 !2124 @antenore
+  * [RFC] rdp: add Use base credential for RD gateway authentication !2125 @Fantu
+  * Resolve "Auto accept changes to fingerprints and auto accept certificates" !2126 @antenore
+  * "Fingerprinters" corrected to "fingerprints". !2127 @kingu
+  * Implementing network type option !2128 @antenore
+  * Improving the terminal colour file picker !2129 @antenore
+  * Resolve "[RDP] Since v1.4.9 Audio is no longer working" !2130 @antenore
+  * New connection strings corrected !2131 @kingu
+  * Correct location of Terminal colour scheme setting !2132 @kingu
+  * Fixing pulseaudio LD_LIBRARY_PATH and staging PA libraries !2136 @antenore
+  * [RFC][v2] RDP: Add Use base credential for RD gateway authentication !2135 @Fantu
+  * fix incorrect name date log sessions ssh !2137 @acendrou
+  * Resolve "Strange padding in main window" !2138 @antenore
+  * Remove legacy rfx code !2139 @antenore
+  * Resolve "RDP export features does not properly include gatewayhostname" !2140 @antenore
+  * RDP log filters keep previous value across connections !2143 @antenore
+  * [RFC][v2] RDP: Add Use base credential for RD gateway authentication !2135 @Fantu
+  * Emit warning if libkf5wallet missing but required by -DWITH_KF5WALLET=ON !2144 @giox069
+  * Do not activate performance optimisations based on network type unless explicitly requested. !2145 @antenore
+
+- Update to release 1.4.9
+  * Updated color schemes from iTerm2-Color-Schemes
+  * Use previously defined DATADIR to install Kiosk files
+  * RDP and VNC: Fix smooth scrolling when abs(delta) < 1.0, see issue #2273
+  * Alexander Kapshuna added to remmina_about.glade
+  * remmina_main_quickconnect: recognize ip when textbox has ip:port in it,
+    and strip whitespaces
+  * Implementing text search in the SSH plugin
+  * Spelling: Plugin manager language reworked
+  * Save screenshot_name and use correct seconds format
+  * Resolve "Autostart checkbox setting not saved"
+  * rdp: document freerdp Performance Flags setted by quality setting
+  * Resolve "Terminal general preferences are not saved"
+  * Resolve "Typo in FindFREERDP3.cmake"
+  * rdp: add freerdp log filters setting
+  * Resolve "Extra underline character in "_Preferences" tooptip text"
+- Requires pcre2-devel
+
runc
+- Add upstream patch <https://github.com/opencontainers/runc/pull/4219> to
+  properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050
+  + 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
+  + 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
+  + 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
+
+- Update to runc v1.1.12. Upstream changelog is available from
+  <https://github.com/opencontainers/runc/releases/tag/v1.1.12>. bsc#1218894
+  * This release fixes a container breakout vulnerability (CVE-2024-21626). For
+    more details, see the upstream security advisory:
+    <https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv>
+  * Remove upstreamed patches:
+  - CVE-2024-21626.patch
+  * Update runc.keyring to match upstream changes.
+
+[ This was only ever released for SLES. ]
+- Add upstream patch to fix embargoed issue CVE-2024-21626. bsc#1218894
+  <https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv>
+  + CVE-2024-21626.patch
+
+- Update to runc v1.1.11. Upstream changelog is available from
+  <https://github.com/opencontainers/runc/releases/tag/v1.1.11>.
+
+- Update to runc v1.1.10. Upstream changelog is available from
+  <https://github.com/opencontainers/runc/releases/tag/v1.1.10>.
+
+- Update to runc v1.1.9. Upstream changelog is available from
+  <https://github.com/opencontainers/runc/releases/tag/v1.1.9>.
+
-  (jsc#PED-5840)
skopeo
-- Update to version 1.13.0:
-  * Bump to v1.13.0
-  * proxy: Policy verification of OCI Image before pulling
-  * Update module github.com/opencontainers/image-spec to v1.1.0-rc4
-  * Update module github.com/containers/common to v0.55.1
-  * Update module github.com/containers/common to v0.54.0
-  * Update module github.com/containers/image/v5 to v5.26.0
-  * [CI:BUILD] RPM: fix ELN builds
-  * Update module github.com/containers/storage to v1.47.0
-  * Packit: easier to read distro conditionals
-  * Update dependency golangci/golangci-lint to v1.53.3
-  * Help Renovate manage the golangci-lint version
-  * Minor: Cleanup renovate configuration
-  * Update dependency containers/automation_images to v20230614
-  * Update module golang.org/x/term to v0.9.0
-  * [CI:BUILD] Packit: add jobs for downstream Fedora package builds
-  * Update module github.com/sirupsen/logrus to v1.9.3
-  * Update dependency containers/automation_images to v20230601
-  * Update golang.org/x/exp digest to 2e198f4
-  * Update github.com/containers/image/v5 digest to e14c1c5
-  * Update module github.com/stretchr/testify to v1.8.4
-  * Update module github.com/stretchr/testify to v1.8.3
-  * Update dependency containers/automation_images to v20230517
-  * Update module github.com/sirupsen/logrus to v1.9.2
-  * Update module github.com/docker/distribution to v2.8.2+incompatible
-  * Trigger an update of the ostree_ext container image
-  * Update c/image with https://github.com/containers/image/pull/1944
-  * Update module github.com/containers/common to v0.53.0
-  * Update module golang.org/x/term to v0.8.0
-  * Update dependency containers/automation_images to v20230426
-  * Update golang.org/x/exp digest to 47ecfdc
-  * Emphasize the semantics of --preserve-digests a tiny bit
-  * Improve the static build documentation a tiny bit
-  * Bump to v1.12.1-dev
-
sshfs
+- Update to 3.7.4a:
+  - Reverting PR #1 from user-reported bug bsc#1215574.
+
swig
+- Use -fexcess-precision=fast as GCC 13 changes the default
+  for C++ compiler and without the change some tests fail on i586.
+  More info can be seen here:
+  https://gcc.gnu.org/gcc-13/porting_to.html#excess-precision
+
+- Update to 4.1.1
+  * Couple of stability fixes.
+  * Stability fix in ccache-swig when calculating hashes of inputs.
+  * Some template handling improvements.
+  * R - minor fixes plus deprecation for rtypecheck typemaps being
+    optional.
+
+- adapt source name to please build service
+
+- Update to version 4.1.0 from 4.1.0-beta1
+
+- Update to 4.1.0~beta1
+  * Add Javascript Node v12-v18 support, remove support prior to v6.
+  * Octave 6.0 to 6.4 support added.
+  * Add PHP 8 support.
+  * PHP wrapping is now done entirely via PHP's C API
+  - no more .php wrapper.
+  * Perl 5.8.0 is now the oldest version SWIG supports.
+  * Python 3.3 is now the oldest Python 3 version SWIG supports.
+  * Python 3.9-3.11 support added.
+  * Various memory leak fixes in Python generated code.
+  * Scilab 5.5-6.1 support improved.
+  * Many improvements for each and every target language.
+  * Various preprocessor expression handling improvements.
+  * Improved C99, C++11, C++14, C++17 support.
+    Start adding C++20 standard.
+  * Make SWIG much more move semantics friendly.
+  * Add C++ std::unique_ptr support.
+  * Few minor C++ template handling improvements.
+  * Various C++ using declaration fixes.
+  * Few fixes for handling Doxygen comments.
+  * GitHub Actions is now used instead of Travis CI for continuous
+    integration.
+  * Add building SWIG using CMake as a secondary build system.
+  * Update optional SWIG build dependency for regex support
+    from PCRE to PCRE2.
+- dropped patches, all upstream
+  * 15515f390c5e3316a7faf0cf85d661a297d45a50.patch
+  * fix-gcc12-error.patch
+  * swig-Define-PY_SSIZE_T_CLEAN-macro.patch
+  * swig-Define-PY_SSIZE_T_CLEAN-only-when-not-defined-yet.patch
+  * swig-Python-define-PY_SSIZE_T_CLEAN.patch
+  * swig-octave-6.patch
+  * swig-python310.patch
+  * swig308-isfinite.diff
+
+- Update to version rel-4.0.2:
+  * [R] Run destructors of local C++ objects on SWIG_fail
+  * [php] Update exception_memory_leak_runme.php
+  * [lua] Run destructors of local C++ objects on SWIG_fail
+  * Fix issues with exception_memory_leak testcase
+  * Define PY_SSIZE_T_CLEAN only when not defined yet
+  * Add missing SWIGTYPE *const& typemaps
+  * Revert "[xml] Move to "Experimental" target language status"
+  * Cleanup SWIG_VERSION definition
+  * Additional SWIG_VERSION testing
+
+- Cherrypick 15515f390c5e3316a7faf0cf85d661a297d45a50.patch from
+  upstream to replace obsolete pcre1 with pcre2
+
+- Add swig-python310.patch -- gh#swig/swig#2064, Fix swig test
+  suite with Python 3.10
+
+- Add fix-gcc12-error.patch in order to fix GCC 12 compilation error.
+
+- Add swig-octave-6.patch -- Allow swig to work with octave 6 and
+  above; patch part of upstream merge request [gh#swig/swig#2020].
+
+- Fixing package dependencies for CentOS
+
+- move examples to /usr/share/swig/examples
+
+- Update to 4.0.2
+  - A few fixes around doxygen comment handling.
+  - Ruby 2.7 support added.
+  - Various minor improvements to C#, D, Java, OCaml, Octave, Python,
+    R, Ruby.
+  - Considerable performance improvement running SWIG on large
+    interface files.
+- drop upstreamed patches
+  ruby-std-wstring-byte-order.patch
+  0001-Fix-code-generated-for-Ruby-global-variables.patch
+  0002-Add-support-for-Ruby-2.7.patch
+  0003-Move-new-macros-for-Ruby-to-their-dedicated-namespac.patch
+  0004-Improve-description-of-cast-macros-for-Ruby.patch
+
+- Revert last change, drop 0005-disable_li_std_wstring.patch
+- ruby-std-wstring-byte-order.patch: fix wstring encoding boo#1171368
+
+- Add 0005-disable_li_std_wstring.patch for BE arches
+  (ppc64 s390 s390x) as bypass boo#1171368
+
+- Ruby 2.7 support (cherry-picked from upstream)
+  0001-Fix-code-generated-for-Ruby-global-variables.patch
+  0002-Add-support-for-Ruby-2.7.patch
+  0003-Move-new-macros-for-Ruby-to-their-dedicated-namespac.patch
+  0004-Improve-description-of-cast-macros-for-Ruby.patch
+
+- Update to 4.0.1
+  - SWIG now cleans up on error by removing all generated files.
+  - Add Python 3.8 support.
+  - Python Sphinx compatibility added for Doxygen comments.
+  - Some minor regressions introduced in 4.0.0 were fixed.
+  - Fix some C++17 compatibility problems in Python and Ruby generated
+    code.
+  - Minor improvements/fixes for C#, Java, Javascript, Lua, MzScheme,
+    Ocaml, Octave and Python.
+  See https://raw.githubusercontent.com/swig/swig/master/CHANGES
+
+- Update to 4.0.0
+  - Support for Doxygen documentation comments which are parsed and
+    converted into JavaDoc or PyDoc comments.
+  - STL wrappers improved for C#, Java and Ruby.
+  - C++11 STL containers added for Java, Python and Ruby.
+  - Improved support for parsing C++11 and C++14 code.
+  - Various fixes for shared_ptr.
+  - Various C preprocessor corner case fixes.
+  - Corner case fixes for member function pointers.
+  - Python module overhaul by simplifying the generated code and turning
+    most optimizations on by default.
+  - %template improvements wrt scoping to align with C++ explicit
+    template instantiations.
+  - Added support for a command-line options file (sometimes
+    called a response file).
+  - Numerous enhancements and fixes for all supported target languages.
+  - SWIG now classifies the status of target languages into either
+    'Experimental' or 'Supported' to indicate the expected maturity
+    level.
+  - Support for CFFI, Allegrocl, Chicken, CLISP, S-EXP, UFFI, Pike,
+    Modula3 has been removed.
+  - Octave 4.4-5.1 support added.
+  - PHP5 support removed, PHP7 is now the supported PHP version.
+  - Minimum Python version required is now 2.7, 3.2-3.7 are the only
+    other versions supported.
+  - Added support for Javascript NodeJS versions 2-10.
+  - OCaml support is much improved and updated, minimum OCaml version
+    required is now 3.12.0.
+  See https://raw.githubusercontent.com/swig/swig/master/CHANGES
+- Drop patches (all included)
+  swig-3.0.12-Coverity-fix-issue-reported-for-SWIG_Python_FixMetho.patch
+  swig-3.0.12-Fix-generated-code-for-constant-expressions-containi.patch
+  swig-perl526.patch
+  swig-3.0.12-fix-collections.patch
+  swig-3.0.12-Fix-Coverity-issue-reported-for-setslice-pycontainer.patch
+  swig-3.0.12-Coverity-fix-issue-reported-for-wrapper-argument-che.patch
+  swig-3.0.12-support-octave-4.4.patch
+  swig-ocaml-int64.patch
+  swig-3.0.12-Coverity-fix-issue-reported-for-SWIG_Python_ConvertF.patch
+
+- Add swig-3.0.12-support-octave-4.4.patch to add support for
+  octave 4.4; patch taken from upstream git (gh#swig/swig#1256).
+
+- Add patches to build with python 3.7 properly:
+  * swig-3.0.12-Coverity-fix-issue-reported-for-SWIG_Python_ConvertF.patch
+  * swig-3.0.12-Coverity-fix-issue-reported-for-SWIG_Python_FixMetho.patch
+  * swig-3.0.12-Coverity-fix-issue-reported-for-wrapper-argument-che.patch
+  * swig-3.0.12-Fix-Coverity-issue-reported-for-setslice-pycontainer.patch
+  * swig-3.0.12-Fix-generated-code-for-constant-expressions-containi.patch
+  * swig-3.0.12-fix-collections.patch
+- Use version req to check for 1500 instead for non-existing release
+- Move to generic requires those that are true under both conditions
+- Use autopatch to apply all the patches at once
+
-- Fix syntax error in find command
-
-- support nested classes in ruby [bnc#892480]
-  new patch: nested_classes.diff
-
-- Update to 3.0.2
-  - Bug fix during install and a couple of other minor changes.
-
-- Update to 3.0.1
-  - Javascript module added. This supports JavascriptCore (Safari/Webkit),
-    v8 (Chromium) and node.js currently.
-  - A few notable regressions introduced in 3.0.0 have been fixed - in
-    Lua, nested classes and parsing of operator <<.
-  - The usual round of bug fixes and minor improvements for:
-    C#, GCJ, Go, Java, Lua, PHP and Python.
-
-- Update to 3.0.0
-  - This is a major new release focusing primarily on C++
-    improvements.
-  - C++11 support added. Please see documentation for details of
-    supported features:
-    http://www.swig.org/Doc3.0/CPlusPlus11.html
-  - Nested class support added. This has been taken full advantage
-    of in Java and C#. Other languages can use the nested classes,
-    but require further work for a more natural integration into
-    the target language.
-  - We urge folk knowledgeable in the other target languages to
-    step forward and help with this effort.
-  - Lua: improved metatables and support for %nspace.
-  - Go 1.3 support added.
-  - Python import improvements including relative imports.
-  - Python 3.3 support completed.
-  - Perl director support added.
-  - C# .NET 2 support is now the minimum. Generated using statements
-    are replaced by fully qualified names.
-  - Bug fixes and improvements to the following languages:
-    C#, Go, Guile, Java, Lua, Perl, PHP, Python, Octave, R, Ruby, Tcl
-  - Various other bug fixes and improvements affecting all
-    languages.
-  - Note that this release contains some backwards incompatible
-    changes in some languages.
-  - Full detailed release notes are in the changes file.
-- drop 0001-Fix-Ruby-tracking-code-to-use-C-hash.patch,
-  ruby-1.8.6-newobject.patch, and swig-fix_ocaml_type.patch.
-  All upstreamed.
-
-- set CCSHARED to "-fPIC" on s390/s390x
-
-- Update to 2.0.12
-  - This is a maintenance release backporting some fixes from the
-    pending 3.0.0 release.
-  - Octave 3.8 support added.
-  - C++11 support for new versions of erase/insert in the STL
-    containers.
-  - Compilation fixes on some systems for the generated Lua, PHP,
-    Python and R wrappers.
-  - Drop upstreamed patches:
-    swig-lua-fix-void-return-for-int-functions.patch
-    swig-support-octave-3.8.0.patch
-    ruby-2.0-encoding-utf8.patch
-
-- Add patch swig-support-octave-3.8.0.patch: adds support for
-  octave version 3.8.0 to swig; patch taken from upstream git
-  and rebased for present version.
-
-- Add swig-lua-fix-void-return-for-int-functions.patch to fix
-  void returns in non-void functions for its lua binding; patch
-  submitted upstream (bnc#84331,
-  https://github.com/swig/swig/issues/93).
-
-- Update to SWIG 2.0.11
-  - Minor bug fixes and enhancements mostly in Python, but also
-    C#, Lua, Ocaml, Octave, Perl, PHP, Python, R, Ruby, Tcl.
-
-- Ruby 1.8.6 (SLE10) tracks objects differently
-  Add ruby-1.8.6-newobject.patch
-- Remove skip-python-li_std_containers_int.patch, fixed upstream
-- Remove python-2.4.patch, fixed upstream
-- Fix Fedora/RHEL builds (BuildRequires:  perl-Test-Simple)
-
-- Change Ruby 1.9+ object tracking to use C hashes, fixes all
-  failed Ruby tests.
-  Patch added:   0001-Fix-Ruby-tracking-code-to-use-C-hash.patch
-  Patch removed: 0008-Ruby-Disable-broken-tests.patch
-
-- Ruby 2.0 strictly enforces encoding
-  Add ruby-2.0-encoding-utf8.patch
-
-- Update to SWIG 2.0.10
-  - Ruby 1.9 support is now complete.
-  - Add support for Guile 2.0 and Guile 1.6 support (GH interface) has
-    been dropped.
-  - Various small language neutral improvements and fixes.
-  - Various bug fixes and minor improvements specific to C#, CFFI, D,
-    Java, Octave, PHP, Python,
-  - Minor bug fix in ccache-swig.
-  - Development has moved to Github with Travis continuous integration
-    testing - patches using https://github.com/swig/swig are welcome.
-- drop 0012-Python-Disable-broken-test-in-threads_exception.patch
-
-- Add swig-fix_ocaml_type.patch to change the declaration of
-  caml_array_length to match that in ocaml's header.
-
-- Fix RHEL4 and 6 build
-
-- Update to SWIG 2.0.9
-  SWIG-2.0.9 summary:
-  - Improved typemap matching.
-  - Ruby 1.9 support is much improved.
-  - Various bug fixes and minor improvements in C#, CFFI, Go, Java,
-    Modula3, Octave, Perl, Python, R, Ruby, Tcl and in ccache-swig.
-- Removed patches (included in 2.0.9 release)
-  - 0001-Ruby-replace-obsolete-STR2CSTR-macro-with-StringValu.patch
-  - 0002-Ruby-use-RbConfig-instead-of-deprecated-Config-modul.patch
-  - 0003-Ruby-Fix-include-pathes-for-Ruby-1.9.patch
-  - 0004-Ruby-Add-local-dir-to-loadpath-for-Ruby-1.9.patch
-  - 0007-Ruby-1.9-methods-returns-array-of-Symbols-now.patch
-- Removed broken patch
-  - swig-2.0.4-guile2.patch
-- Disable tests failing on (deprecated) Python 2.4
-  - new patch: python-2.4.patch
-
-- fix build on SLE10: disable autogen.sh
-  Add patch: PyInt_FromSize_t unavailable under Python 2.4
-
-- Update to 2.0.8
-  * Fix a couple of regressions introduced in 2.0.5 and 2.0.7.
-  * Improved using declarations and using directives support.
-  * Minor fixes/enhancements for C#, Java, Octave, Perl and Python.
-
-- Fix segfault in constructor/destructor warning (upstream ID 3530078)
-
-- Port SWIG to Ruby 1.9 (various patches)
-- Disable broken tests
-
-- Update to 2.0.7
-  * Important regression fixes since 2.0.5 for typemaps in general and
-    in Python.
-  * Fixes and enhancements for Go, Java, Octave and PHP.
-
-- Update to 2.0.6
-  * Various fixes with templates and typedef types.
-  * Some template lookup problems fixed.
-  * Templated type fixes to use correct typemaps.
-  * Autodoc documentation generation improvements.
-  * Python STL container wrappers improvements including addition of
-    stepped slicing.
-  * Approximately 70 fixes and minor enhancements for the following
-    target languages: AllegroCL, C#, D, Go, Java, Lua, Ocaml, Octave,
-    Perl, PHP, Python, R, Ruby, Tcl, Xml.
-
-- Added a patch (r12814.patch) to fix regression leading to uncompilable code
-  when using typedef and function pointer references (taken from Debian).
-
-- The perl 5.12 packages are compiled with -Duse64bitint, which
-  means that IVs are 64-bits even on 32-bit architectures. When
-  converting IVs, SWIG assumes that an IV is the same size as a
-  long, which causes OverflowErrors with  unsigned longs when
-  the value is greater than 2^31.
-
-- fix SLES 10 build, disable failing test (bnc#750618)
-
-- fix build, add Group field to subpackages
-
-- fix license to be in spdx.org format
-
-- generate guile 2 friendly code
-
-- Update to swig 2.0.4
-  (see CHANGES.current for complete list)
-  * [Perl] Patch #3260265 fixing overloading of non-primitive types and integers in
-    Perl 5.12 and later.
-  * [Ruby] Fix %import where one of the imported files %include one of the STL include
-    files such as std_vector.i.
-  * [python] Additional fixes for python3.2 support.
-  * [python] Fixed PyGetSetDescr for python3.2.
-  * Bug 2635919: Convenience method to convert std::map to a python dict.
-  * Fixed bug 1163440: vararg typemaps.
-  * [Python] Applied patch #1932484: migrate PyCObject to PyCapsule.
-  * [Python] Merged in the szager-python-builtin branch, adding the -builtin feature
-    for python.  The -builtin option may provide a significant performance gain
-    in python wrappers.  For full details and limitations, refer to Doc/Manual/Python.html.
-    A small test suite designed to demonstrate the performance gain is in
-    Examples/python/performance.
-
-- Fix RHEL/Fedora build
-
-- Drop adapt-perl512.diff and replace it with swig-2.0.3-perl512.patch
-  which is applied upstream.
-
-- Add swig-2.0.3-perl514.patch: fix test failures with Perl 5.14
-
-- Update to swig 2.0.3
-  * Much better nested class/struct support.
-  * Much improved template partial specialization and explicit
-    specialization handling.
-  * Namespace support improved with the 'nspace' feature where
-    namespaces can be automatically translated into Java packages or C# namespaces.
-  * Improved typemap and symbol table debugging.
-  * Numerous subtle typemap matching rule changes when using the
-    default (SWIGTYPE) type. These now work much like C++ class template
-    partial specialization matching.
-  * Other small enhancements for typemaps.
-    Typemap fragments are also now official and documented.
-  * Warning and error display refinements.
-  * Wrapping of shared_ptr is improved and documented now.
-  * Numerous C++ unary scope operator (::) fixes.
-  * Better support for boolean expressions.
-  * Various bug fixes and improvements in the Allegrocl, C#, Java,
-    Lua, Octave, PHP, Python, R, Ruby and XML modules.
-
-- fix build with new perl 5.12: there is no Reference type anymore,
-  but references and integers are the same, so a 0L was seen as 0
-  pointer - breaking the test suite. The fix is to remove the check
-
-- take patch from swig svn to fix assertion on -xmlout (fix
-  yast2-storage build)
-
-- tune .spec file to build on multiple distros
-
-- package documentation as noarch
-
-- updated to 1.3.40
-  * SWIG now supports directors for PHP.
-  * PHP support improved in general.
-  * Octave 3.2 support added.
-  * Various bug fixes/enhancements for Allegrocl, C#, Java, Octave,
-    Perl, Python, Ruby and Tcl.
-  * Other generic fixes and minor new features.
-
-- updated to 1.3.39
-  * Python 3 support added
-  * PHP4 support dropped
-  * many bugfixes and improvements
-- ccache support disabled as it didn't work (todo after 11.2)
-
systemtap
+- Upgrade to version 5.0 (bsc#1223327):
+  * Performance improvements in uprobe registration and module startup.
+  * More probe point process details are printed in "-L" list mode with
+    more "-v".
+  * For the case where newer kernels may break systemtap runtime APIs,
+    better pass-4 failure diagnostics are printed.
+  * Tapset function print_ubacktrace_fileline() now understands DWARF5.
+  * The target(s) of process probes may be specified by path name
+    globs, as located selected debuginfod servers.  This requires the
+    debuginfod servers to support "metadata" queries.  The following
+    probes all of the binaries matching /usr/*/curl known to the
+    debuginfod servers, regardless of what's currently installed as the
+    system /usr/bin/curl:
+    [#] export DEBUGINFOD_URLS="URL1 URL2 ..."
+    [#] stap -e 'probe debuginfod.process("/usr/*/curl").begin { log("hi") }'
+    The archive glob may be given as an optional component to filter further:
+    [#] stap -e 'probe debuginfod.archive("*.fc38*")
+    .process("/usr/*/c*").function("main") { log("Hello World") }'
+  * The kernel-user message transport system added framing codes,
+    making the transport more reliable, but becoming incompatible
+    across pre-5.0 versions.  Use matching versions of stap and
+    staprun.
+  * RHEL6, kernel 2.6.32* as well as older releases have been
+    deprecated from the codebase.  RHEL7 and kernel version 3.10 are
+    now the oldest supported versions for Systemtap.
+  * The testsuite Makefile has been simplified to remove concurrency,
+    so "parallel" and "resume" modes are gone.
+  * New runtime macro STP_TIMING_NSECS is now supported for reporting
+    probe timing stats in nsecs instead of cycles.  This may become
+    default later.
+  * Add new runtime macro STP_FORCE_STDOUT_TTY to override
+    STP_STDOUT_NOT_ATTY.
+- Unlike OpenSUSE, SLE has no libdebufinfod.
+  However detection for the !libdebuginfod case is broken:
+  New patch: configure.ac-fix-broken-libdebuginfod-library-auto-detection.patch
+
systemtap-docs
+- Upgrade to version 5.0. See systemtap.spec for changelog
+
systemtap-dtrace
+- Upgrade to version 5.0. See systemtap.spec for changelog
+
systemtap-headers
+- Upgrade to version 5.0. See systemtap.spec for changelog
+
tryton
+- Version 6.0.39 - Bugfix Release
+
+- sources are not signed anymore
+
+- Use %patch -P N instead of deprecated %patchN.
+
+- Version 6.0.35 - Bugfix Release
+
trytond
+- Version 6.0.46 - Bugfix Release
+
+- sources are not signed anymore
+
+- Use %autosetup macro. Allows to eliminate the usage of deprecated
+  %patchN
+
trytond_account
+- Version 6.0.24 - Bugfix Release
+
+- sources are not signed anymore
+
+- Version 6.0.21 - Bugfix Release
+
trytond_account_invoice
+- Version 6.0.17 - Bugfix Release
+
+- sources are not signed anymore
+
+- Version 6.0.15 - Bugfix Release
+
trytond_account_product
+- Version 6.0.4 - Bugfix Release
+
+- sources not signed anymore
+
trytond_company
+- Version 6.0.7 - Bugfix Release
+
trytond_party
+- Version 6.0.6 - Bugfix Release
+
+- sources not signed anymore
+
trytond_purchase
+- Version 6.0.15 - Bugfix Release
+
+- sources not signed anymore
+
trytond_stock
+- Version 6.0.26 - Bugfix Release
+
+- sources not signed anymore
+
trytond_stock_supply
+- Version 6.0.8 - Bugfix Release
+
+- sources not signed anymore
+
+- Version 6.0.7 - Bugfix Release
+
ugrep-indexer
+- update to 1.0.0:
+  * loads a .ugrep-indexer configuration file from the working or
+    home directory when present, with user-defined default options
+    (see man page)
+  * outputs current indexing settings/options for confirmation
+    (suppress with --no-messages)
+  * improved indexing stats reporting
+  * updated manual page
+  * change default accuracy to 4 from 5
+  * option --check when used with --quiet is now quiet
+  * final release of ugrep-indexer as a stand-alone component
+
+- update to 0.9.6:
+  * fix missing C++ header
+  * fix an issue with option -z and compressed files
+
umockdev
+- Update to version 0.17.18:
+  * Fix some potential crashes spotted by Coverity.
+
+- Update to version 0.17.17:
+  * Fix uevent race condition in
+    umockdev_testbed_add_from_string().
+
+- Update to version 0.17.16:
+  * preload: Wrap __getcwd_chk().
+  * uevent_sender: Fix fd leak in sendmsg_one.
+  * Fix gcc -fanalyzer complaints.
+
+- Update to version 0.17.15:
+  * Fixes for tests.
+- Changes from version 0.17.14:
+  * ioctl: Make data object usable from Python.
+  * preload: Wrap statfs().
+  * Move to gnu11 C standard.
+  * Lots of small potential bug fixes spotted by Coverity.
+
+- Update to version 0.17.13:
+  * preload: Wrap fstatfs(), to work with systemd 251 also with Python tests
+  * Fix tests in Gentoo sandbox build
+
+- Update to version 0.17.12:
+  * Work around packit propose_downstream bug.
+
+- Update to version 0.17.9:
+  * preload: Wrap fortified version of readlinkat (thanks Martin
+    Liska)
+
+- Update to version 0.17.8:
+  * Fix some potential crashes spotted by Coverity.
+- Change from version 0.17.7:
+  * Fix uevent race condition in
+    umockdev_testbed_add_from_string().
+
+- Update to version 0.17.6:
+  * Increase uevent buffer size (gh#martinpitt/umockdev#167).
+  * Skip /umockdev-testbed-vala/detects_running_outside_testbed
+    during normal builds for the time being, as it is brittle on
+    several architectures (gh#martinpitt/umockdev#169).
+
+- BuildRequire pkgconfig(udev) instead of udev: this allows OBS to
+  properly shotcut through the -mini flavors.
+
+- Update to version 0.17.5:
+  * Relax overzealous stat nlink unit test.
+- Changes from versions 0.17.2 through to 0.17.4:
+  * Include udev properties in emulated netlink messages, to work
+    with recent libudev (gh#martinpitt/umockdev#165).
+  * tests: Work around broken HIDIOCGRDESCSIZE ioctl on big-endian
+    architectures.
+  * preload: Wrap statx() and fstatat(), to fix ls and other tools
+    on recent glibc versions (gh#martinpitt/umockdev#160).
+- Enable tests in a %check section; add BuildRequires: udev,
+  required for tests.
+
+- Update to version 0.17.1:
+  * Fix /sys/dev/* symlinks; regression from 0.15.3
+    (gh#martinpitt/umockdev#155).
+- Changes from version 0.17.0:
+  * Add ioctls necessary to record/replay hidraw devices.
+  * meson: Respect includedir option.
+  * tests: Fix for Fedora koji emulated architectures s390x and
+    arm.
+
znc
+- Update to version 1.9.0:
+  * Fixed crash when receiving SASL lines from server without having negotiated SASL via CAP.
+  * Fixed build with SWIG 4.2.0.
+  * Fixed build with LibreSSL.
+  * Fixed handling of timezones when parsing server-time tags received from server.
+  * Use module names as the module ident, otherwise some clients were merging conversations with different modules together.
+  * Stopped sending invalid 333 (`RPL_TOPICWHOTIME`) to client if topic owner is unknown.
+  * Fixed an ODR violation.
+  * Better hide password in PASS debug lines, sometimes it was not hidden.
+  * CAP REQ sent by client without CAP LS now suspends the registration as the spec requires.
+  * Removed 1841.patch (upstreamed).
+  * Modified harden_znc.service.patch to apply to latest release.
+
+- Provide user/group, as required by RPM 4.19 (boo#1219531).
+
+- Add 1841.patch: support SWIG 4.1.0 (boo#1205425).
+