SUSEConnect
- Update to 0.3.31
- Disallow registering via SUSEConnect if the system is managed by SUSE Manager.
- Add subscription name to output of 'SUSEConnect --status'
- Update to 0.3.30
- send payload of GET requests as part of the url,
  not in the body (see bsc#1185611)
augeas
- Allow all printable ASCII characters in WPA-PSK definition
  * augeas-allow_printable_ASCII.patch
  * bsc#1187512
  * Sourced from https://github.com/hercules-team/augeas/pull/723/commits
  * Credit to Michal Filka <mfilka@suse.com
bind
- Fix off-by-one error when calculating new hashtable size
  When calculating the new hashtable bitsize, there was an off-by-one
  error that would allow the new bitsize to be larger than maximum allowed
  causing assertion failure in the rehash() function.
  [bsc#1188763, 0001-Fix-off-by-one-error-when-calculating-new-hashtable.patch]
- Since BIND 9.9, it has been easier to use tsig-keygen and
  ddns-confgen to generare TSIG keys. In 9.13, TSIG support was
  removed from dnssec-keygen, so now it is just for DNSKEY (and KEY
  for obscure cases). tsig-keygen is now used to generate DDNS keys.
  [bsc#1187921, vendor-files.tar.bz2]
c-ares
- 5c995d5.patch: augment input validation on hostnames to allow _
  as part of DNS response (bsc#1190225)
- Version update to git snapshot 1.17.1+20200724:
  * fixes missing input validation on hostnames returned by DNS
    servers (bsc#1188881, CVE-2021-3672)
  * If ares_getaddrinfo() was terminated by an ares_destroy(),
    it would cause crash
  * Crash in sortaddrinfo() if the list size equals 0 due to
    an unexpected DNS response
  * Expand number of escaped characters in DNS replies as
    per RFC1035 5.1 to prevent spoofing
  * Use unbuffered /dev/urandom for random data to prevent early startup
    performance issues
- missing_header.patch: upstreamed
ca-certificates-mozilla
- remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021.
  (bsc#1190858)
cloud-init
- Add cloud-init-log-file-mode.patch (bsc#1183939)
  + Change log file creation mode to 640
- Add cloud-init-no-pwd-in-log.patch (bsc#1184758)
  + Do not write the generated password to the log file
- Add cloud-init-purge-cache-py-ver-change.patch
containerd
- Update to containerd v1.4.11, to fix CVE-2021-41103 bsc#1191121. bsc#1191355
- Switch to Go 1.16.x compiler, in line with upstream.
- Install systemd service file as well (fixes bsc#1190826)
- Update to containerd v1.4.8, to fix CVE-2021-32760. bsc#1188282
- Remove upstreamed patches:
  - bsc1188282-use-chmod-path-for-checking-symlink.patch
[ This patch was only released in SLES and Leap. ]
- Add patch for GHSA-c72p-9xmj-rx3w. CVE-2021-32760 bsc#1188282
- Build with go1.15 for reproducible build results (boo#1102408)
cpio
- Add another patch to fix regression (bsc#1189465)
  * fix-CVE-2021-38185_3.patch
- Fix regression in last update (bsc#1189465)
  * fix-CVE-2021-38185_2.patch
- Fix CVE-2021-38185 Remote code execution caused by an integer overflow in ds_fgetstr
  (CVE-2021-38185, bsc#1189206)
  * fix-CVE-2021-38185.patch
curl
- MIME: Properly check Content-Type even if it has parameters
  * Add curl-check-content-type.patch [bsc#1190153]
- Security fix: [bsc#1190374, CVE-2021-22947]
  * STARTTLS protocol injection via MITM
  * Add curl-CVE-2021-22947.patch
- Security fix: [bsc#1190373, CVE-2021-22946]
  * Protocol downgrade required TLS bypassed
  * Add curl-CVE-2021-22946.patch
dbus-1
- Add missing patch for CVE-2020-12049
  * fix-upstream-CVE-2020-12049_2.patch
- Fix CVE-2020-12049 truncated messages lead to resource exhaustion
  (CVE-2020-12049, bsc#1172505)
  * fix-upstream-CVE-2020-12049.patch
- Rebased fix-CVE-2019-12749.patch
docker
- Update to Docker 20.10.9-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1191355
  CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
  * 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
- Switch to Go 1.16.x compiler, in line with upstream.
- Add patch to return ENOSYS for clone3 to avoid breaking glibc again.
  bsc#1190670
  + 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
- Add shell requires for the *-completion subpackages.
dracut
- Update to version 049.1+suse.209.gebcf4f33:
  * fix(systemd): add unit files for systemd-coredump (bsc#1190845)
- Update to version 049.1+suse.207.g72a93d93:
  * fcoe/fcoe-genrules.sh: use $name instead of $env{INTERFACE} (bsc#1186260)
  * fix: /var/lib/nfs/statd/sm is /var/lib/nfs/sm on SUSE (bsc#1184970)
- Update to version 049.1+suse.203.g8ee14a90:
  * fix(suse-initrd): use $kernel rather than $(uname -r)
  * fix(suse-initrd): exclude modules that are built-in (bsc#1185646)
  * fix(suse-initrd): inform on usage of obsolete -f parameter (bsc#1187470)
  * docs: fix reference to insmodpost module (bsc#1187774)
- Update to version 049.1+suse.196.g8706843b:
  * fix(suse-initrd): restore INITRD_MODULES in mkinitrd script
  * fix(suse-initrd): call dracut_instmods with hostonly=
- Update to version 049.1+suse.192.g00425ead:
  * fix(suse-initrd): remove references to INITRD_MODULES (bsc#1187115)
  * fix(suse-initrd) fix list of modprobe.d directories
  * fix(install): handle $LIB in ldd output parsing (bsc#1185615)
file
- Add patch bsc1189996-9fbe768a.patch to fix bsc#1189996
glibc
- wordexp-param-overflow.patch: wordexp: handle overflow in positional
  parameter number (CVE-2021-35942, bsc#1187911, BZ #28011)
- mq-notify-use-after-free.patch: Use __pthread_attr_copy in mq_notify
  (CVE-2021-33574, bsc#1186489, BZ #27896)
grub2
- Fix error gfxterm isn't found with multiple terminals (bsc#1187565)
- Patch refreshed
  * grub2-fix-error-terminal-gfxterm-isn-t-found.patch
- Fix boot failure after kdump due to the content of grub.cfg is not
  completed with pending modificaton in xfs journal (bsc#1186975)
- Patch refreshed
  * grub-install-force-journal-draining-to-ensure-data-i.patch
  * grub2-mkconfig-default-entry-correction.patch
kdump
- kdump-do-not-iterate-past-end-of-string.patch:
  URLParser::extractAuthority(): Do not iterate past end of string
  (bsc#1186037).
- kdump-fix-incorrect-exit-code-checking.patch: Fix incorrect exit
  code checking after "/local"/ with assignment (bsc#1184616
  LTC#192282).
- kdump-Add-bootdev-to-dracut-command-line.patch: Add 'bootdev=' to
  dracut command line (bsc#1182309).
- kdump-install-etc-resolv.conf-using-resolved-path.patch: Install
  /etc/resolv.conf using its resolved path (bsc#1183070).
- kdump-avoid-endless-loop-EAI_AGAIN.patch: Avoid an endless loop
  when resolving a hostname fails with EAI_AGAIN (bsc#1183070).
- kdump-query-systemd-network.service.patch: Query systemd
  network.service to find out if wicked is used (bsc#1182309).
- kdump-check-explicit-ip-options.patch: Do not add network-related
  dracut options if ip= is set explicitly (bsc#1182309 bsc#1188090
  LTC#193461).
- kdump-ensure-initrd.target.wants-directory.patch: Make sure that
  initrd.target.wants directory exists (bsc#1172670).
kernel-default
- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
- powercap: intel_rapl: add support for Sapphire Rapids
  (jsc#SLE-15289).
- commit 053c38b
- series.conf: cleanup
- move a kabi workaround into correct section:
  patches.kabi/ipvs-Fix-up-kabi-for-expire_nodest_conn_work-additio.patch
- commit bc02214
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq
  (bsc#1191292).
- commit d8d828e
- blacklist.conf: Update for 51e1bb9eeaf7
- commit fe28675
- x86/alternatives: Teach text_poke_bp() to emulate instructions
  (bsc#1185302).
- Refresh
  patches.suse/x86-alternatives-sync-bp_patching-update-for-avoiding-null-pointer-exception.patch.
- commit ef191ae
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: don't deactivate hctx if managed irq isn't used
  (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- commit 57a6cb7
- hwmon: (tmp421) fix rounding for negative values (git-fixes).
- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
- hwmon: (mlxreg-fan) Return non-zero value when fan current
  state is enforced from sysfs (git-fixes).
- commit 2560193
- ipc: remove memcg accounting for sops objects in do_semtimedop()
  (bsc#1190115).
- Delete
  patches.suse/ipc-remove-memcg-accounting-for-sops-objects.patch.
  Refreshing patch with upstream metadata.
- commit 2d6ef2e
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
- commit 628c3ee
- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
- commit 466f31b
- powerpc/powernv: Fix machine check reporting of async store
  errors (bsc#1065729).
- commit 0b715ae
- powerpc/perf: Fix the check for SIAR value (bsc#1065729).
- powerpc/perf: Drop the case of returning 0 as instruction
  pointer (bsc#1065729).
- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
- powerpc/perf: Fix crash in perf_instruction_pointer() when
  ppmu is not set (bsc#1065729).
- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
- powerpc/perf: Use the address from SIAR register to set cpumode
  flags (bsc#1065729).
- commit f3110f1
- apparmor: remove duplicate macro list_entry_is_head()
  (git-fixes).
- commit 514b75b
- xhci: Set HCD flag to defer primary roothub registration
  (git-fixes).
- commit 8f4e75e
- USB: serial: option: add device id for Foxconn T99W265
  (git-fixes).
- USB: serial: cp210x: add ID for GW Instek GDM-834x Digital
  Multimeter (git-fixes).
- USB: serial: option: add Telit LN920 compositions (git-fixes).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
  (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration
  (git-fixes).
- commit 0a6378c
- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- mac80211: limit injected vht mcs/nss in
  ieee80211_parse_tx_radiotap (git-fixes).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
  (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
- tty: synclink_gt, drop unneeded forward declarations
  (git-fixes).
- commit dbd9f90
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
  (git-fixes).
- ALSA: firewire-motu: fix truncated bytes in message tracepoints
  (git-fixes).
- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
- ASoC: fsl_micfil: register platform component before registering
  cpu dai (git-fixes).
- ASoC: mediatek: common: handle NULL case in suspend/resume
  function (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- watchdog/sb_watchdog: fix compilation problem due to
  COMPILE_TEST (git-fixes).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs
  (git-fixes).
- dmaengine: ioat: depends on !UML (git-fixes).
- console: consume APC, DM, DCS (git-fixes).
- commit 71b860e
- thermal/core: Potential buffer overflow in
  thermal_build_list_of_policies() (git-fixes).
- rtc: rx8010: select REGMAP_I2C (git-fixes).
- pwm: stm32-lp: Don't modify HW state in .remove() callback
  (git-fixes).
- pwm: rockchip: Don't modify HW state in .remove() callback
  (git-fixes).
- pwm: img: Don't modify HW state in .remove() callback
  (git-fixes).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register
  (git-fixes).
- PCI: pci-bridge-emul: Fix array overruns, improve safety
  (git-fixes).
- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
- commit a8d4022
- fpga: machxo2-spi: Fix missing error code in
  machxo2_write_complete() (git-fixes).
- fpga: machxo2-spi: Return an error on failure (git-fixes).
- serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
- USB: serial: option: remove duplicate USB device ID (git-fixes).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
  (git-fixes).
- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
- gpio: uniphier: Fix void functions to remove return value
  (git-fixes).
- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B
  (git-fixes).
- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
- commit 79aec8d
- clk: at91: clk-generated: pass the id of changeable parent at
  registration (git-fixes).
- Refresh
  patches.suse/clk-at91-clk-generated-Limit-the-requested-rate-to-o.patch.
- commit 39cefdd
- drm/amd/amdgpu: Update debugfs link_settings output link_rate
  field in hex (git-fixes).
- drm: avoid blocking in drm_clients_info's rcu section
  (git-fixes).
- drm/gma500: Fix end of loop tests for list_for_each_entry
  (git-fixes).
- drm/amdgpu: Fix BUG_ON assert (git-fixes).
- staging: board: Fix uninitialized spinlock when attaching genpd
  (git-fixes).
- ath9k: fix sleeping in atomic context (git-fixes).
- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
- include/linux/list.h: add a macro to test if entry is pointing
  to the head (git-fixes).
- commit 60017cf
- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix
  possible uninitialized-variable access in
  amdgpu_i2c_router_select_ddc_port() (git-fixes).
- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
- media: TDA1997x: fix tda1997x_query_dv_timings() return value
  (git-fixes).
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops
  (git-fixes).
- media: imx258: Limit the max analogue gain to 480 (git-fixes).
- iio: dac: ad5624r: Fix incorrect handling of an optional
  regulator (git-fixes).
- staging: ks7010: Fix the initialization of the 'sleep_status'
  structure (git-fixes).
- iwlwifi: mvm: fix a memory leak in
  iwl_mvm_mac_ctxt_beacon_changed (git-fixes).
- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object
  to 0 in amdgpu_dm_update_backlight_caps (git-fixes).
- commit 4c6f48f
- PCI: Add AMD GPU multi-function power dependencies (git-fixes).
- mfd: Don't use irq_create_mapping() to resolve a mapping
  (git-fixes).
- media: imx258: Rectify mismatch of VTS value (git-fixes).
- media: rc-loopback: return number of emitters rather than error
  (git-fixes).
- media: uvc: don't do DMA on stack (git-fixes).
- media: dib8000: rewrite the init prbs logic (git-fixes).
- parport: remove non-zero check on count (git-fixes).
- mmc: core: Return correct emmc response in case of ioctl error
  (git-fixes).
- mmc: rtsx_pci: Fix long reads when clock is prescaled
  (git-fixes).
- mmc: sdhci-of-arasan: Check return value of non-void funtions
  (git-fixes).
- commit 9209c5a
- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
  (git-fixes).
- PCI: aardvark: Increase polling delay to 1.5s while waiting
  for PIO response (git-fixes).
- PCI: aardvark: Fix checking for PIO status (git-fixes).
- PM: base: power: don't try to use non-existing RTC for storing
  data (git-fixes).
- PCI: Add ACS quirks for Cavium multi-function devices
  (git-fixes).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms
  (git-fixes).
- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
  (git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags()
  (git-fixes).
- commit 61f24a4
- rtc: tps65910: Correct driver module alias (git-fixes).
- USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable()
  (git-fixes).
- usb: gadget: u_ether: fix a potential null pointer dereference
  (git-fixes).
- usb: host: fotg210: fix the actual_length of an iso packet
  (git-fixes).
- serial: sh-sci: fix break handling for sysrq (git-fixes).
- serial: 8250_pci: make setup_port() parameters explicitly
  unsigned (git-fixes).
- serial: 8250: Define RX trigger levels for OxSemi 950 devices
  (git-fixes).
- tty: serial: jsm: hold port lock when reporting modem line
  changes (git-fixes).
- staging: rts5208: Fix get_ms_information() heap buffer size
  (git-fixes).
- commit f3797b6
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
- video: fbdev: riva: Error out if 'pixclock' equals zero
  (git-fixes).
- video: fbdev: kyro: Error out if 'pixclock' equals zero
  (git-fixes).
- video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
  (git-fixes).
- video: fbdev: kyro: fix a DoS bug by restricting user input
  (git-fixes).
- usbip:vhci_hcd USB port can get stuck in the disabled state
  (git-fixes).
- usbip: give back URBs for unsent unlink requests during cleanup
  (git-fixes).
- usb: musb: musb_dsps: request_irq() after initializing musb
  (git-fixes).
- usb: host: fotg210: fix the endpoint's transactional
  opportunities calculation (git-fixes).
- commit f1407f0
- kabi/severities: skip kABI check for ath9k-local symbols (CVE-2020-3702 bsc#1191193)
  ath9k modules have some exported symbols for the common helpers
  and the recent fixes broke kABI of those.  They are specific to
  ath9k's own usages, so safe to ignore.
- commit 7579b4b
- kABI compatibility for ath_key_delete() changes (CVE-2020-3702
  bsc#1191193).
- commit bc02804
- ath9k: Postpone key cache entry deletion for TXQ frames
  reference it (CVE-2020-3702 bsc#1191193).
- ath: Modify ath_key_delete() to not need full key entry
  (CVE-2020-3702 bsc#1191193).
- ath: Export ath_hw_keysetmac() (CVE-2020-3702 bsc#1191193).
- commit 5fe383f
- Update patches.kabi/NFS-pass-cred-explicitly-for-access-tests.patch
  (bsc#1190746 bsc#1191172).
  cache.group_info (aka cache.cred) was not properly initialized when
  - >access() was called.
- commit 9ff84db
- ipc: replace costly bailout check in sysvipc_find_ipc()
  (bsc#1159886 bsc#1188986 CVE-2021-3669).
- ipc/util.c: use binary search for max_idx (bsc#1159886).
- commit af97833
- fix patch metadata
- fix Patch-mainline:
  - patches.suse/net-mana-Fix-a-memory-leak-in-an-error-handling-path.patch
- commit 12cbf84
- series.conf: cleanup
- move submitted patches to "/almost mainline"/ section:
  - patches.suse/NFS-change-nfs_access_get_cached-to-only-report-the-.patch
  - patches.suse/NFS-pass-cred-explicitly-for-access-tests.patch
  - patches.suse/NFS-don-t-store-struct-cred-in-struct-nfs_access_ent.patch
- commit a3b4285
- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
- commit b88ab2e
- blacklist.conf: too intrusive, gone in through SP3
- commit a81e8d3
- blacklist.conf: too intrusive, gone in through SP3
- commit 4bedee6
- blacklist.conf: too intrusive, gone in through SP3
- commit 0474866
- blacklist.conf: kABI
- commit e8337cf
- x86/mm: Fix kern_addr_valid() to cope with existing but not
  present entries (bsc#1152489).
- commit 1efaf04
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).
- commit 44e26ca
- nvme: avoid race in shutdown namespace removal (bsc#1188067).
- commit bac299d
- nvme: fix refcounting imbalance when all paths are down
  (bsc#1188067).
- Refresh
  patches.suse/nvme-only-call-synchronize_srcu-when-clearing-curren.patch.
- commit 44b2d54
- series: Update meta data and resort
  Refresh the metad data and sort into correct position:
  patches.suse/scsi-lpfc-Fix-CPU-to-from-endian-warnings-introduced.patch
  patches.suse/scsi-lpfc-Fix-compilation-errors-on-kernels-with-no-.patch
  patches.suse/scsi-lpfc-Fix-gcc-Wstringop-overread-warning-again.patch
  patches.suse/scsi-lpfc-Fix-sprintf-overflow-in-lpfc_display_fpin_.patch
  patches.suse/scsi-lpfc-Remove-unneeded-variable.patch
  patches.suse/scsi-lpfc-Use-correct-scnprintf-limit.patch
- commit 12f1564
- Update
  patches.suse/Bluetooth-check-for-zapped-sk-before-connecting.patch
  (CVE-2021-3752 bsc#1190023).
- commit 65458cc
- Restore kabi after NFS: pass cred explicitly for access tests
  (bsc#1190746).
- NFS: don't store 'struct cred *' in struct nfs_access_entry
  (bsc#1190746).
- NFS: pass cred explicitly for access tests (bsc#1190746).
- NFS: change nfs_access_get_cached to only report the mask
  (bsc#1190746).
- commit 907996a
- usb: musb: tusb6010: uninitialized data in
  tusb_fifo_write_unaligned() (git-fixes).
- commit 11a541f
- erofs: fix up erofs_lookup tracepoint (git-fixes).
- commit 3009743
- EDAC/synopsys: Fix wrong value type assignment for edac_mode
  (bsc#1152489).
- commit 15eb225
- kernel-binary.spec: Do not sign kernel when no key provided
  (bsc#1187167 bsc#1191240 ltc#194716).
- commit c909dd5
- powerpc: fix function annotations to avoid section mismatch
  warnings with gcc-10 (bsc#1148868).
- commit 9e9276f
- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543
  ltc#194523).
- Refresh patches.suse/pseries-drmem-update-LMBs-after-LPM.patch
- commit e17894e
- Revert "/rpm: Abolish scritplet templating (bsc#1189841)."/ (bsc#1190598)
  This reverts commit e98096d5cf85dbe90f74a930eb1f0e3fe4a70c7f.
  These changes depend on a suse-module-tools update which has not reached
  SLE15-SP2/3 and Leap 15.2/3 yet, causing both build failures and
  unsatisfiable dependency of resulting binary packages.
  Revert the commit temporarily until suse-module-tools is updated.
- commit 7d43568
- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
- commit 9763078
- powerpc/pseries: Prevent free CPU ids being reused on another
  node (bsc#1190620 ltc#194498).
- commit 7097b6c
- net: sched: sch_teql: fix null-pointer dereference
  (bsc#1190717).
- commit 0a89f09
- mm/swap: consider max pages in iomap_swapfile_add_extent
  (bsc#1190785).
- commit afb626e
- iomap: Fix negative assignment to unsigned sis->pages in
  iomap_swapfile_activate (bsc#1190784).
- commit 7126cba
- scsi: lpfc: Fix gcc -Wstringop-overread warning, again
  (bsc#1190576).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn()
  (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
- scsi: lpfc: Improve PBDE checks during SGL processing
  (bsc#1190576).
- scsi: lpfc: Zero CGN stats only during initial driver load
  and stat reset (bsc#1190576).
- scsi: lpfc: Fix I/O block after enabling managed congestion mode
  (bsc#1190576).
- scsi: lpfc: Adjust bytes received vales during cmf timer
  interval (bsc#1190576).
- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines
  (bsc#1190576).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path
  (bsc#1190576).
- scsi: lpfc: Don't remove ndlp on PRLI errors in P2P mode
  (bsc#1190576).
- scsi: lpfc: Fix rediscovery of tape device after LIP
  (bsc#1190576).
- scsi: lpfc: Fix hang on unload due to stuck fport node
  (bsc#1190576).
- scsi: lpfc: Fix premature rpi release for unsolicited TPLS
  and LS_RJT (bsc#1190576).
- scsi: lpfc: Don't release final kref on Fport node while ABTS
  outstanding (bsc#1190576).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
  (bsc#1190576).
- scsi: lpfc: Remove unneeded variable (bsc#1190576).
- scsi: lpfc: Fix compilation errors on kernels with no
  CONFIG_DEBUG_FS (bsc#1190576).
- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS
  processing (bsc#1190576).
- commit 1435c13
- blacklist.conf: kABI
- commit 3cb18d9
- blacklist.conf: kABI
- commit dcb25ee
- blacklist.conf: kABI
- commit d400b4c
- docs: Fix infiniband uverbs minor number (git-fixes).
- commit 0fb9cd2
- usb: dwc2: Avoid leaving the error_debugfs label unused
  (git-fixes).
- commit fb08350
- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758
  ltc#191943).
- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758
  ltc#191943).
- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758
  ltc#191943).
- ibmvnic: Fix up some comments and messages (bsc#1190758
  ltc#191943).
- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758
  ltc#191943).
- commit dea5bd2
- x86/resctrl: Fix a maybe-uninitialized build warning treated
  as error (bsc#1152489).
- x86/resctrl: Fix default monitoring groups reporting
  (bsc#1152489).
- commit 450cdb2
- vmxnet3: update to version 6 (bsc#1190406).
- commit 8d3dc67
- vmxnet3: increase maximum configurable mtu to 9190
  (bsc#1190406).
- commit bd5109d
- vmxnet3: set correct hash type based on rss information
  (bsc#1190406).
- commit e1e474b
- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
- commit 1687646
- vmxnet3: remove power of 2 limitation on the queues
  (bsc#1190406).
- commit f3834f6
- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
- commit fbdf2fe
- vmxnet3: prepare for version 6 changes (bsc#1190406).
- commit 7e0fe82
- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
- commit 73351a3
- xfs: sync lazy sb accounting on quiesce of read-only mounts
  (bsc#1190679).
- commit 668fdef
- blacklist.conf: 3bff147b187d x86/mce: Defer processing of early errors
- commit 7e0dc1d
- s390/unwind: use current_frame_address() to unwind current task
  (bsc#1185677).
- commit 92c31e7
- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI
  (bsc#1190576).
- scsi: lpfc: Copyright updates for 14.0.0.1 patches
  (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
- scsi: lpfc: Add bsg support for retrieving adapter cmf data
  (bsc#1190576).
- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
- scsi: lpfc: Add debugfs support for cm framework buffers
  (bsc#1190576).
- scsi: lpfc: Add support for maintaining the cm statistics buffer
  (bsc#1190576).
- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
- scsi: lpfc: Add support for the CM framework (bsc#1190576).
- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
- scsi: lpfc: Add EDC ELS support (bsc#1190576).
- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info
  to firmware (bsc#1190576).
- scsi: fc: Add EDC ELS definition (bsc#1190576).
  Refresh and update:
  - patches.kabi/scsi-fc-kABI-fixes-for-new-ELS_RDP-definition.patch
- scsi: core: Add helper to return number of logical blocks in
  a request (bsc#1190576).
- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
  (bsc#1190576).
- scsi: core: Introduce the scsi_cmd_to_rq() function
  (bsc#1190576).
- scsi: fc: Update formal FPIN descriptor definitions
  (bsc#1190576).
- commit e13d431
- Refresh patches.suse/msft-hv-2119-irqdomain-treewide-Keep-firmware-node-unconditionall.patch.
  Add else braces.
- commit f230c58
- series.conf: cleanup
- update upstream reference and resort:
  - patches.suse/ibmvnic-check-failover_pending-in-login-response.patch
- commit 2b5f056
- kernel-binary.spec: Check for no kernel signing certificates.
  Also remove unused variable.
- commit bdc323e
- Revert "/rpm/kernel-binary.spec: Use only non-empty certificates."/
  This reverts commit 30360abfb58aec2c9ee7b6a27edebe875c90029d.
- commit 413e05b
- fuse: flush extending writes (bsc#1190595).
- cuse: fix broken release (bsc#1190596).
- commit 232b4ea
- rpm/kernel-binary.spec: Use only non-empty certificates.
- commit 30360ab
- ipvs: Fix up kabi for expire_nodest_conn_work addition
  (bsc#1190467).
- ipvs: queue delayed work to expire no destination connections
  if expire_nodest_conn=1 (bsc#1190467).
- ipvs: allow connection reuse for unconfirmed conntrack
  (bsc#1190467).
- ipvs: avoid expiring many connections from timer (bsc#1190467).
- commit e0da213
- ext4: fix race writing to an inline_data file while its xattrs
  are changing (bsc#1190159 CVE-2021-40490).
- commit 4fadd7d
- crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
  (bsc#1189884 CVE-2021-3744 bsc#1190534 CVE-2021-3764).
- commit 4ee91a7
- xfs: allow mount/remount when stripe width alignment is zero
  (bsc#1188651).
- commit e701c22
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
  (git-fixes).
- debugfs: Return error during {full/open}_proxy_open() on rmmod
  (bsc#1173746).
- devlink: Break parameter notification sequence to be
  before/after unload/load driver (bsc#1154353).
- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
- ionic: cleanly release devlink instance (bsc#1167773).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
- cxgb4: dont touch blocked freelist bitmap after free
  (git-fixes).
- e1000e: Do not take care about recovery NVM checksum
  (jsc#SLE-8100).
- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
- xgene-v2: Fix a resource leak in the error handling path of
  'xge_probe()' (git-fixes).
- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init()
  (bsc#1170774).
- iavf: Fix ping is lost after untrusted VF had tried to change
  MAC (jsc#SLE-7940).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
  (git-fixes).
- bnxt_en: Add missing DMA memory barriers (git-fixes).
- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
- bnxt: count Tx drops (git-fixes).
- bnxt: make sure xmit_more + errors does not miss doorbells
  (git-fixes).
- bnxt: disable napi before canceling DIM (git-fixes).
- bnxt: don't lock the tx queue from napi poll (git-fixes).
- net/mlx5: Fix return value from tracer initialization
  (git-fixes).
- net/mlx5e: Avoid creating tunnel headers for local route
  (git-fixes).
- iavf: Set RSS LUT and key in reset handle path (git-fixes).
- ice: Prevent probing virtual functions (git-fixes).
- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
- nfp: update ethtool reporting of pauseframe control (git-fixes).
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- net/mlx5: Unload device upon firmware fatal error (git-fixes).
- net/mlx5: E-Switch, handle devcom events only for ports on
  the same device (git-fixes).
- net/mlx5: Fix flow table chaining (git-fixes).
- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
- ionic: count csum_none when offload enabled (bsc#1167773).
- i40e: Fix log TC creation failure when max num of queues is
  exceeded (git-fixes).
- i40e: Fix queue-to-TC mapping on Tx (git-fixes).
- i40e: Add additional info to PHY type error (git-fixes).
- i40e: Fix firmware LLDP agent related warning (git-fixes).
- i40e: Fix logic of disabling queues (git-fixes).
- bnxt_en: Do not enable legacy TX push on older firmware
  (git-fixes).
- bnxt_en: Store the running firmware version code (git-fixes).
- commit f97144d
- fbmem: don't allow too huge resolutions (git-fixes).
- backlight: pwm_bl: Improve bootloader/kernel device handover
  (git-fixes).
- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats
  (git-fixes).
- tty: Fix data race between tiocsti() and flush_to_ldisc()
  (git-fixes).
- PM: EM: Increase energy calculation precision (git-fixes).
- libata: fix ata_host_start() (git-fixes).
- power: supply: max17042_battery: fix typo in MAx17042_TOFF
  (git-fixes).
- power: supply: axp288_fuel_gauge: Report register-address on
  readb / writeb errors (git-fixes).
- regmap: fix the offset of register error log (git-fixes).
- regmap: fix page selection for noinc writes (git-fixes).
- regmap: fix page selection for noinc reads (git-fixes).
- commit 0c36126
- time: Handle negative seconds correctly in timespec64_to_ns()
  (git-fixes).
- mm: always have io_remap_pfn_range() set pgprot_decrypted()
  (git-fixes).
- commit b2d42ef
- ibmvnic: check failover_pending in login response (bsc#1190523
  ltc#194510).
- commit 9f9cec0
- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
- Refresh
  patches.suse/0002-x86-msi-Only-use-high-bits-of-MSI-address-for-DMAR-u.patch.
- Refresh
  patches.suse/0004-x86-apic-Support-15-bits-of-APIC-ID-in-IOAPIC-MSI-wh.patch.
- Refresh
  patches.suse/msft-hv-2119-irqdomain-treewide-Keep-firmware-node-unconditionall.patch.
- commit a89813f
- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
- commit 9def092
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V
  (bsc#1189297).
- commit 913942c
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT
  state (bsc#1190062).
- commit e5272e8
- clk: at91: clk-generated: Limit the requested rate to our range
  (git-fixes).
- commit c432b6b
- blacklist.conf: add efa non backportable patch
- commit ebbcbd1
- usb: dwc2: Add missing cleanups when usb_add_gadget_udc()
  fails (git-fixes).
- commit bc5a062
- ipc: remove memcg accounting for sops objects in do_semtimedop()
  (bsc#1190115).
- commit 561fbd8
- series.conf: refresh
- update upstream references and resort:
  - patches.suse/nvme-multipath-revalidate-paths-during-rescan.patch
  - patches.suse/nvme-only-call-synchronize_srcu-when-clearing-curren.patch
  - patches.suse/nvme-tcp-Do-not-reset-transport-on-data-digest-error.patch
- commit ebb6bcb
- fixup "/rpm: support gz and zst compression methods"/ once more
  (bsc#1190428, bsc#1190358)
  Fixes: 3b8c4d9bcc24 ("/rpm: support gz and zst compression methods"/)
  Fixes: 23510fce36ec ("/fixup "/rpm: support gz and zst compression methods"/"/)
- commit 165378a
- PCI: xilinx-nwl: Enable the clock through CCF (git-fixes).
- PCI: iproc: Fix BCMA probe resource handling (git-fixes).
- usb: dwc2: Fix error path in gadget registration (git-fixes).
- commit 59e7328
- thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
  (git-fixes).
- drm/panfrost: Simplify lock_region calculation (git-fixes).
- dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
  (git-fixes).
- mfd: lpc_sch: Rename GPIOBASE to prevent build error
  (git-fixes).
- mfd: tqmx86: Clear GPIO IRQ resource when no IRQ is set
  (git-fixes).
- mfd: axp20x: Update AXP288 volatile ranges (git-fixes).
- gpio: mpc8xxx: Fix a resources leak in the error handling path
  of 'mpc8xxx_probe()' (git-fixes).
- commit 75d69a6
- pwm: lpc32xx: Don't modify HW state in .probe() after the PWM
  chip was registered (git-fixes).
- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
  (git-fixes).
- PCI: Fix pci_dev_str_match_path() alloc while atomic bug
  (git-fixes).
- PCI/portdrv: Enable Bandwidth Notification only if port supports
  it (git-fixes).
- PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
  (git-fixes).
- PCI: Call Max Payload Size-related fixup quirks early
  (git-fixes).
- ALSA: hda/realtek: Workaround for conflicting SSID on ASUS
  ROG Strix G17 (git-fixes).
- reset: reset-zynqmp: Fixed the argument data type (git-fixes).
- gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for
  (semi)planar U/V formats (git-fixes).
- commit f395ad9
- Drop two intel_int0002_vgpio patches that cause Oops (bsc#1190412)
  Deleted and blacklisted:
  patches.suse/platform-x86-intel_int0002_vgpio-Only-call-enable_ir.patch
  patches.suse/platform-x86-intel_int0002_vgpio-Pass-irqchip-when-a.patch
- commit bebba41
- fixup "/rpm: support gz and zst compression methods"/ once more
  Fixes: 3b8c4d9bcc24 ("/rpm: support gz and zst compression methods"/)
  Fixes: 23510fce36ec ("/fixup "/rpm: support gz and zst compression methods"/"/)
- commit 34e68f4
- fixup "/rpm: support gz and zst compression methods"/
  Fixes: 3b8c4d9bcc24 ("/rpm: support gz and zst compression methods"/)
- commit 23510fc
- kernel-cert-subpackage: Fix certificate location in scriptlets
  (bsc#1189841).
  Fixes: d9a1357edd73 ("/rpm: Define $certs as rpm macro (bsc#1189841)."/)
- commit 8684de8
- kernel-binary.spec.in Stop templating the scriptlets for subpackages
  (bsc#1190358).
  The script part for base package case is completely separate from the
  part for subpackages. Remove the part for subpackages from the base
  package script and use the KMP scripts for subpackages instead.
- commit 5d1f677
- kernel-binary.spec: Do not fail silently when KMP is empty
  (bsc#1190358).
  Copy the code from kernel-module-subpackage that deals with empty KMPs.
- commit d7d2e6e
- mm/vmscan: fix infinite loop in drop_slab_node (VM
  Functionality, bsc#1189301).
- commit 016e8e0
- blacklist.conf: blacklist an unwanted commit
- commit 910824e
- SUNRPC: Simplify socket shutdown when not reusing TCP ports
  (git-fixes).
- SUNRPC: Fix potential memory corruption (git-fixes).
- NFSv4/pNFS: Fix a layoutget livelock loop (git-fixes).
- nfsd4: Fix forced-expiry locking (git-fixes).
- lockd: Fix invalid lockowner cast after vfs_test_lock
  (git-fixes).
- commit 59642ba
- scsi: mpt3sas: Fix ReplyPostFree pool allocation (bsc#1181006).
- commit a70a19d
- Sort nvme patches into linux-block.
- commit 090f7ef
- btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1135481).
- Delete
  patches.suse/btrfs-dump_space_info-when-encountering-total_bytes_pinned-0-at-umount.patch.
- commit bfb1107
- btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#1135481).
- commit 9722825
- btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1135481).
- commit 350aa4f
- btrfs: rip out may_commit_transaction (bsc#1135481).
- commit 4606638
- btrfs: add a trace class for dumping the current ENOSPC state (bsc#1135481).
- commit 631f16e
- btrfs: adjust the flush trace point to include the source (bsc#1135481).
- commit e32ea57
- btrfs: implement space clamping for preemptive flushing (bsc#1135481).
- commit ca710c1
- btrfs: simplify the logic in need_preemptive_flushing (bsc#1135481).
- commit 4b02073
- btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1135481).
- commit 7205c9f
- btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1135481).
- Refresh
  patches.suse/btrfs-account-ticket-size-at-add-delete-time.patch.
- commit bcb2da5
- btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1135481).
- commit fba4763
- btrfs: rename need_do_async_reclaim (bsc#1135481).
- commit f764126
- btrfs: improve preemptive background space flushing (bsc#1135481).
- commit 874aca2
- btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1135481).
- commit 7ec1638
- btrfs: tracepoints: convert flush states to using EM macros (bsc#1135481).
- commit c78869d
- btrfs: tracepoints: fix btrfs_trigger_flush symbolic string for flags (bsc#1135481).
- commit c805821
- btrfs: add a trace point for reserve tickets (bsc#1135481).
- commit ed22c30
- btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#1135481).
- commit f6a0397
- SUNRPC: improve error response to over-size gss credential
  (bsc#1190022).
- commit 0678bd3
- scsi: sg: add sg_remove_request in sg_write (bsc#1171420
  CVE2020-12770).
- commit 59a4a94
- Bluetooth: schedule SCO timeouts with delayed_work
  (CVE-2021-3640 bsc#1188172).
- Refresh
  patches.suse/Bluetooth-fix-repeated-calls-to-sco_sock_kill.patch.
- Refresh patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch.
- commit 69c5b94
- sched/fair: Ensure that the CFS parent is added after unthrottling (git-fixes).
- commit f3a38fb
- rpm/kernel-source.spec.in: do some more for vanilla_only
  Make sure:
  * sources are NOT executable
  * env is not used as interpreter
  * timestamps are correct
  We do all this for normal kernel builds, but not for vanilla_only
  kernels (linux-next and vanilla).
- commit b41e4fd
- Revert "/memcg: enable accounting for file lock caches (bsc#1190115)."/
  This reverts commit 78b761616bfb31a0d54806624e7c8db23fbeda9c.
  It's effectively upstream commit
  3754707bcc3e190e5dadc978d172b61e809cb3bd applied to kernel-source (to
  avoid proliferation of patches). Make a note in blacklist.conf too.
- commit eba498f
- Update kabi files.
- update from September 2021 maintenance update submission (commit 21030bc7f9be)
- commit 63b67d5
- fix patch metadata
- fix Patch-mainline:
  - patches.suse/mm-vmscan-guarantee-drop_slab_node-termination.patch
- commit bddec27
- blacklist.conf: kABI
- commit 2b1e710
- mm, vmscan: guarantee drop_slab_node() termination (VM
  Functionality, bsc#1189301).
- commit 56cc71b
- blacklist.conf: cosmetic fix
- commit c872ce5
- blacklist.conf: 33cba859220b ("/fscache: Fix fscache_cookie_put() to not deref after dec"/)
  Needs prerequisites to backport which could be problematic.
- commit 648a5e5
- usb: dwc3: core: Properly default unspecified speed (git-fixes).
- commit 714137e
- libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
  (git-fixes).
- commit 5a2ecd2
- kABI: revert change in struct bpf_insn_aux_data (bsc#1188983,
  bsc#1188985, CVE-2021-34556, CVE-2021-35477).
- commit 425bbd2
- memcg: enable accounting of ipc resources (bsc#1190115
  CVE-2021-3759).
- memcg: enable accounting for file lock caches (bsc#1190115).
- commit 925e30c
- Refresh
  patches.suse/KVM-nSVM-avoid-picking-up-unsupported-bits-from-L2-i.patch.
- commit f3cba28
- series.conf: cleanup
- update upstream references and resort:
  - patches.suse/powerpc-stacktrace-Include-linux-delay.h.patch
- commit 0d42678
- update nvme patch references and move them out of sorted section
  Within a few days, nvme repository was not only rebased again but the
  patches has been also reordered. To avoid further spurious git-sort errors,
  move the nvme patches out of sorted section until they reach mainline or
  some better behaving subsystem repository.
- update Git-commit and move out of sorted section:
  - patches.suse/nvme-multipath-revalidate-paths-during-rescan.patch
  - patches.suse/nvme-only-call-synchronize_srcu-when-clearing-curren.patch
  - patches.suse/nvme-tcp-Do-not-reset-transport-on-data-digest-error.patch
- commit 95e9f8b
- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
  (bsc#1189841).
  These are unchanged since 2011 when they were introduced. No need to
  track them separately.
- commit 692d38b
- rpm: Abolish image suffix (bsc#1189841).
  This is used only with vanilla kernel which is not supported in any way.
  The only effect is has is that the image and initrd symlinks are created
  with this suffix.
  These symlinks are not used except on s390 where the unsuffixed symlinks
  are used by zipl.
  There is no reason why a vanilla kernel could not be used with zipl as
  well as it's quite unexpected to not be able to boot when only a vanilla
  kernel is installed.
  Finally we now have a backup zipl kernel so if the vanilla kernel is
  indeed unsuitable the backup kernel can be used.
- commit e2f37db
- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
- commit e602b0f
- rpm: Define $certs as rpm macro (bsc#1189841).
  Also pass around only the shortened hash rather than full filename.
  As has been discussed in bsc#1124431 comment 51
  https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of
  the certificates is an API which cannot be changed unless we can ensure
  that no two kernels that use different certificate location can be built
  with the same certificate.
- commit d9a1357
- HID: input: do not report stylus battery state as "/full"/
  (git-fixes).
- HID: i2c-hid: Fix Elan touchpad regression (git-fixes).
- pinctrl: samsung: Fix pinctrl bank pin count (git-fixes).
- pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast
  (git-fixes).
- pinctrl: single: Fix error return code in
  pcs_parse_bits_in_pinctrl_entry() (git-fixes).
- clk: kirkwood: Fix a clocking boot regression (git-fixes).
- mailbox: sti: quieten kernel-doc warnings (git-fixes).
- overflow: Correct check_shl_overflow() comment (git-fixes).
- commit 835ad7d
- mtd: rawnand: cafe: Fix a resource leak in the error handling
  path of 'cafe_nand_probe()' (git-fixes).
- USB: serial: option: add new VID/PID to support Fibocom FG150
  (git-fixes).
- drm/nouveau/disp: power down unused DP links during init
  (git-fixes).
- drm: Copy drm_wait_vblank to user before returning (git-fixes).
- virtio_pci: Support surprise removal of virtio pci device
  (git-fixes).
- commit ce46f13
- ocfs2: ocfs2_downconvert_lock failure results in deadlock
  (bsc#1188439).
- commit d85d8fa
- cgroup1: fix leaked context root causing sporadic NULL deref
  in LTP (bsc#1190181).
- commit d57aed6
- Refresh patches.suse/powerpc-stacktrace-Include-linux-delay.h.patch.
- commit aec8493
- series.conf: cleanup
- update upstream references and resort:
  - patches.suse/scsi-core-Add-scsi_prot_ref_tag-helper.patch
  - patches.suse/scsi-ibmvfc-Do-not-wait-for-initial-device-scan.patch
  - patches.suse/scsi-lpfc-Add-256-Gb-link-speed-support.patch
  - patches.suse/scsi-lpfc-Add-PCI-ID-support-for-LPe37000-LPe38000-s.patch
  - patches.suse/scsi-lpfc-Call-discovery-state-machine-when-handling.patch
  - patches.suse/scsi-lpfc-Clear-outstanding-active-mailbox-during-PC.patch
  - patches.suse/scsi-lpfc-Copyright-updates-for-12.8.0.11-patches.patch
  - patches.suse/scsi-lpfc-Copyright-updates-for-14.0.0.0-patches.patch
  - patches.suse/scsi-lpfc-Delay-unregistering-from-transport-until-G.patch
  - patches.suse/scsi-lpfc-Discovery-state-machine-fixes-for-LOGO-han.patch
  - patches.suse/scsi-lpfc-Enable-adisc-discovery-after-RSCN-by-defau.patch
  - patches.suse/scsi-lpfc-Fix-KASAN-slab-out-of-bounds-in-lpfc_unreg.patch
  - patches.suse/scsi-lpfc-Fix-NULL-ptr-dereference-with-NPIV-ports-f.patch
  - patches.suse/scsi-lpfc-Fix-NVMe-support-reporting-in-log-message.patch
  - patches.suse/scsi-lpfc-Fix-cq_id-truncation-in-rq-create.patch
  - patches.suse/scsi-lpfc-Fix-function-description-comments-for-vmid.patch
  - patches.suse/scsi-lpfc-Fix-memory-leaks-in-error-paths-while-issu.patch
  - patches.suse/scsi-lpfc-Fix-possible-ABBA-deadlock-in-nvmet_xri_ab.patch
  - patches.suse/scsi-lpfc-Fix-target-reset-handler-from-falsely-retu.patch
  - patches.suse/scsi-lpfc-Improve-firmware-download-logging.patch
  - patches.suse/scsi-lpfc-Keep-NDLP-reference-until-after-freeing-th.patch
  - patches.suse/scsi-lpfc-Remove-REG_LOGIN-check-requirement-to-issu.patch
  - patches.suse/scsi-lpfc-Remove-redundant-assignment-to-pointer-pcm.patch
  - patches.suse/scsi-lpfc-Remove-use-of-kmalloc-in-trace-event-loggi.patch
  - patches.suse/scsi-lpfc-Revise-Topology-and-RAS-support-checks-for.patch
  - patches.suse/scsi-lpfc-Skip-issuing-ADISC-when-node-is-in-NPR-sta.patch
  - patches.suse/scsi-lpfc-Skip-reg_vpi-when-link-is-down-for-SLI3-in.patch
  - patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.11.patch
  - patches.suse/scsi-lpfc-Update-lpfc-version-to-14.0.0.0.patch
  - patches.suse/scsi-lpfc-Use-PBDE-feature-enabled-bit-to-determine-.patch
  - patches.suse/scsi-qla2xxx-Fix-spelling-mistakes-allloc-alloc.patch
  - patches.suse/scsi-qla2xxx-Fix-use-after-free-in-debug-code.patch
  - patches.suse/scsi-qla2xxx-Remove-redundant-continue-statement-in-.patch
  - patches.suse/scsi-qla2xxx-Remove-redundant-initialization-of-vari.patch
  - patches.suse/scsi-qla2xxx-Remove-unused-variable-status.patch
  - patches.suse/scsi-qla2xxx-Update-version-to-10.02.00.107-k.patch
  - patches.suse/scsi-qla2xxx-Use-the-proper-SCSI-midlayer-interfaces.patch
  - patches.suse/scsi-qla2xxx-edif-Add-authentication-pass-fail-bsgs.patch
  - patches.suse/scsi-qla2xxx-edif-Add-detection-of-secure-device.patch
  - patches.suse/scsi-qla2xxx-edif-Add-doorbell-notification-for-app.patch
  - patches.suse/scsi-qla2xxx-edif-Add-encryption-to-I-O-path.patch
  - patches.suse/scsi-qla2xxx-edif-Add-extraction-of-auth_els-from-th.patch
  - patches.suse/scsi-qla2xxx-edif-Add-getfcinfo-and-statistic-bsgs.patch
  - patches.suse/scsi-qla2xxx-edif-Add-key-update.patch
  - patches.suse/scsi-qla2xxx-edif-Add-send-receive-and-accept-for-au.patch
  - patches.suse/scsi-qla2xxx-edif-Add-start-stop-bsgs.patch
  - patches.suse/scsi-qla2xxx-edif-Increment-command-and-completion-c.patch
- commit 9a3c219
- update patches metadata
  Once again, the nvme repository branch has been rebased so that patches
  from it must have their Git-commit tags updated to avoid git-sort errors.
- commit cca729c
- fix patch metadata
- fix Patch-mainline:
  patches.suse/NFS-Correct-size-calculation-for-create-reply-length.patch
- commit fbde034
- series.conf: refresh
- update upstream references and resort:
  - patches.suse/nvme-code-command_id-with-a-genctr-for-use-after-fre.patch
  - patches.suse/nvme-pci-limit-maximum-queue-depth-to-4095.patch
  - patches.suse/nvme-tcp-don-t-check-blk_mq_tag_to_rq-when-receiving.patch
  - patches.suse/params-lift-param_set_uint_minmax-to-common-code.patch
- commit 5b98a5d
- cgroup: verify that source is a string (bsc#1190131).
- commit b8204f1
- blacklist.conf: Add 2ca11b0e043b cgroup: Fix kernel-doc
- commit 0b9195b
- Update patch reference for virtio_console fix (CVE-2021-38160 bsc#1190117)
- commit c8baed7
- scsi: libfc: Fix array index out of bound exception
  (bsc#1188616).
- commit de260d1
- nvme-tcp: Do not reset transport on data digest errors
  (bsc#1188418).
- nvme: only call synchronize_srcu when clearing current path
  (bsc#1188067).
- commit bbe789f
- VMCI: fix NULL pointer dereference when unmapping queue pair
  (git-fixes).
- commit 45162f9
- usb: host: xhci-rcar: Don't reload firmware after the completion
  (git-fixes).
- usb: bdc: Fix an error handling path in 'bdc_probe()' when no
  suitable DMA config is available (git-fixes).
- usb: ehci-orion: Handle errors of clk_prepare_enable() in probe
  (git-fixes).
- usb: gadget: mv_u3d: request_irq() after initializing UDC
  (git-fixes).
- usb: phy: tahvo: add IRQ check (git-fixes).
- usb: host: ohci-tmio: add IRQ check (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse
  (git-fixes).
- usb: mtu3: fix the wrong HS mult value (git-fixes).
- usb: mtu3: use @mult for HS isoc or intr (git-fixes).
- usb: phy: twl6030: add IRQ checks (git-fixes).
- commit 2b2a9dc
- soc: qcom: smsm: Fix missed interrupts if state changes while
  masked (git-fixes).
- soc: qcom: rpmhpd: Use corner in power_off (git-fixes).
- soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes).
- soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes).
- usb: phy: fsl-usb: add IRQ check (git-fixes).
- usb: gadget: udc: at91: add IRQ check (git-fixes).
- usb: dwc3: meson-g12a: add IRQ check (git-fixes).
- tty: serial: fsl_lpuart: fix the wrong mapbase value
  (git-fixes).
- staging: rtl8192u: Fix bitwise vs logical operator in
  TranslateRxSignalStuff819xUsb() (git-fixes).
- commit 7e7cd62
- media: venus: venc: Fix potential null pointer dereference on
  pointer fmt (git-fixes).
- media: em28xx-input: fix refcount bug in em28xx_usb_disconnect
  (git-fixes).
- media: stkwebcam: fix memory leak in stk_camera_probe
  (git-fixes).
- media: go7007: remove redundant initialization (git-fixes).
- media: go7007: fix memory leak in go7007_usb_probe (git-fixes).
- media: dvb-usb: Fix error handling in dvb_usb_i2c_init
  (git-fixes).
- media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
  (git-fixes).
- media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
  (git-fixes).
- media: cxd2880-spi: Fix an error handling path (git-fixes).
- commit c67010c
- drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes).
- drm/msm/dsi: Fix some reference counted resource leaks
  (git-fixes).
- drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear
  necessary LMs (git-fixes).
- drm/amdgpu/acp: Make PM domain really work (git-fixes).
- drm/panfrost: Fix missing clk_disable_unprepare() on error in
  panfrost_clk_init() (git-fixes).
- media: TDA1997x: enable EDID support (git-fixes).
- fpga: zynqmp-fpga: Address warning about unused variable
  (git-fixes).
- fpga: xiilnx-spi: Address warning about unused variable
  (git-fixes).
- fpga: altera-freeze-bridge: Address warning about unused
  variable (git-fixes).
- commit 6aaa769
- dmaengine: imx-sdma: remove duplicated sdma_load_context
  (git-fixes).
- Revert "/dmaengine: imx-sdma: refine to load context only once"/
  (git-fixes).
- ASoC: wcd9335: Disable irq on slave ports in the remove function
  (git-fixes).
- ASoC: wcd9335: Fix a memory leak in the error handling path
  of the probe function (git-fixes).
- ASoC: wcd9335: Fix a double irq free in the remove function
  (git-fixes).
- ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs
  (git-fixes).
- ASoC: ti: delete some dead code in omap_abe_probe() (git-fixes).
- ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes).
- ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC
  (git-fixes).
- commit bdcb5b3
- xprtrdma: Pad optimization, revisited (bsc#1189760).
- commit 0acbfd0
- Refresh
  patches.suse/btrfs-fix-NULL-pointer-dereference-when-deleting-dev.patch.
- commit 2264bac
- Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
  (CVE-2021-3640 bsc#1188172).
- commit a21f4da
- Move upstreamed BT fixes into sorted section
- commit 0de160e
- brcmfmac: pcie: fix oops on failure to resume and reprobe
  (git-fixes).
- bcma: Fix memory leak for internally-handled cores (git-fixes).
- ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point()
  (git-fixes).
- rsi: fix an error code in rsi_probe() (git-fixes).
- rsi: fix error code in rsi_load_9116_firmware() (git-fixes).
- mac80211: Fix insufficient headroom issue for AMSDU (git-fixes).
- Bluetooth: add timeout sanity check to hci_inquiry (git-fixes).
- Bluetooth: fix repeated calls to sco_sock_kill (git-fixes).
- Bluetooth: increase BTNAMSIZ to 21 chars to fix potential
  buffer overflow (git-fixes).
- Bluetooth: sco: prevent information leak in
  sco_conn_defer_accept() (git-fixes).
- leds: trigger: audio: Add an activate callback to ensure the
  initial brightness is set (git-fixes).
- i2c: mt65xx: fix IRQ check (git-fixes).
- i2c: s3c2410: fix IRQ check (git-fixes).
- i2c: iop3xx: fix deferred probing (git-fixes).
- i2c: highlander: add IRQ check (git-fixes).
- mmc: moxart: Fix issue with uninitialized dma_slave_config
  (git-fixes).
- mmc: dw_mmc: Fix issue with uninitialized dma_slave_config
  (git-fixes).
- PCI: PM: Enable PME if it can be signaled from D3cold
  (git-fixes).
- PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently
  (git-fixes).
- commit 9a711f4
- Add alt-commit for a BT fix patch (git-fixes)
- commit 3dbcbb3
- nvme-multipath: revalidate paths during rescan (bsc#1187211)
- commit b61f128
- usb: dwc3: Add support for DWC_usb32 IP (git-fixes).
- Refresh
  patches.suse/usb-dwc3-gadget-Enable-suspend-events.patch.
- commit 8846c72
- vt_kdsetmode: extend console locking (bsc#1190025
  CVE-2021-3753).
- commit 025c5d0
- nbd: Aovid double completion of a request (git-fixes).
- commit 7a1bece
- nbd: Fix NULL pointer in flush_workqueue (git-fixes).
- dm rq: fix double free of blk_mq_tag_set in dev remove after
  table load fails (git-fixes).
- dm integrity: fix missing goto in bitmap_flush_interval error
  handling (git-fixes).
- drivers/block/null_blk/main: Fix a double free in null_init
  (git-fixes).
- dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes).
- nbd: don't update block size after device is started
  (git-fixes).
- commit 6df7d5d
- blacklist.conf: add following commit IDs,
- 27ba3e8ff3ab86449e63d38a8d623053591e65fa
- 0ebcdd702f49aeb0ad2e2d894f8c124a0acc6e23
- 854f32648b8a5e424d682953b1a9f3b7c3322701
- a4c8dd9c2d0987cf542a2a0c42684c9c6d78a04e
- 24f6b6036c9eec21191646930ad42808e6180510
- 5b0fab508992c2e120971da658ce80027acbc405
- commit eb9efeb
- rpm: Abolish scritplet templating (bsc#1189841).
  Outsource kernel-binary and KMP scriptlets to suse-module-tools.
  This allows fixing bugs in the scriptlets as well as defining initrd
  regeneration policy independent of the kernel packages.
- commit e98096d
- usb: dwc2: Postponed gadget registration to the udc class driver
  (git-fixes).
- commit e55ae9a
- rpm/kernel-binary.spec.in: Use kmod-zstd provide.
  This makes it possible to use kmod with ZSTD support on non-Tumbleweed.
- commit 357f09a
- crypto: qat - use proper type for vf_mask (git-fixes).
- lib/mpi: use kcalloc in mpi_resize (git-fixes).
- power: supply: max17042: handle fails of reading status register
  (git-fixes).
- spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes).
- spi: spi-pic32: Fix issue with uninitialized dma_slave_config
  (git-fixes).
- spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config
  (git-fixes).
- regulator: vctrl: Avoid lockdep warning in enable/disable ops
  (git-fixes).
- regulator: vctrl: Use locked regulator_get_voltage in probe path
  (git-fixes).
- PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes).
- commit d2a4523
- mm: swap: properly update readahead statistics in
  unuse_pte_range() (bsc#1187619).
- commit 6ceb471
- NFS: Correct size calculation for create reply length
  (bsc#1189870).
- commit 7843408
- sched/rt: Fix RT utilization tracking during policy change (git-fixes)
- commit 8fc8b7f
- sched/fair: Correctly insert cfs_rq's to list on unthrottle (git-fixes)
- commit 1732b9b
- rpm/kernel-binary.spec.in: avoid conflicting suse-release
  suse-release has arbitrary values in staging, we can't use it for
  dependencies. The filesystem one has to be enough (boo#1184804).
- commit 56f2cba
- kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes).
- commit 53f17d6
- usb: dwc3: gadget: Stop EP0 transfers during pullup disable
  (git-fixes).
- usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes).
- Revert "/USB: serial: ch341: fix character loss at high transfer
  rates"/ (git-fixes).
- can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange
  of the CAN RX and TX error counters (git-fixes).
- dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if
  controller is not yet available (git-fixes).
- dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe()
  (git-fixes).
- usb: dwc3: gadget: Properly track pending and queued SG
  (git-fixes).
- ath9k: Clear key cache explicitly on disabling hardware
  (git-fixes).
- ath: Use safer key clearing with key cache entries (git-fixes).
- Bluetooth: hidp: use correct wait queue when removing ctrl_wait
  (git-fixes).
- commit 6ee1085
- Revert "/mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN
  on BCM2711"/ (git-fixes).
- PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes).
- mmc: dw_mmc: Fix hang on data CRC error (git-fixes).
- dmaengine: xilinx_dma: Fix read-after-free bug when terminating
  transfers (git-fixes).
- USB: core: Avoid WARNings for 0-length descriptor requests
  (git-fixes).
- media: drivers/media/usb: fix memory leak in zr364xx_probe
  (git-fixes).
- media: zr364xx: fix memory leaks in probe() (git-fixes).
- media: zr364xx: propagate errors from zr364xx_start_readpipe()
  (git-fixes).
- commit de359d6
- cpuidle: Consolidate disabled state checks (bsc#1175543)
  patches.suse/cpuidle-Poll-for-a-minimum-of-30ns-and-poll-for-a-tick-if-lower-c-states-are-disabled.patch
  was refreshed as well by this patch for code adjustment.
- commit 486ca9f
- cpuidle: cpuidle_state kABI fix (bsc#1175543)
  The patch bsc1175543-cpuidle-Drop-disabled-field-from-struct-cpuidle_stat.patch
  Dropped the 'disabled' field in struct cpuidle_state because no drivers
  use it, They use the state flag instead.
  Fix kABI to avoid offset changes.
- commit aa615e8
- intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141)
- commit da07134
- intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543)
- commit 81641db
- intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543)
- commit b93fbf1
- cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543)
- commit d669a61
- cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543)
- commit 8d2d96f
- intel_idle: Customize IceLake server support (bsc#1175543)
- commit 25d205d
- intel_idle: Annotate init time data structures (bsc#1175543)
  The patches.suse/intel_idle-Customize-IceLake-server-support.patch was
  refreshed as well by this patch for code adjustment.
- commit 2ed77d7
- Documentation: admin-guide: PM: Add intel_idle document (bsc#1175543)
- commit 65d3c96
- intel_idle: Use ACPI _CST on server systems (bsc#1175543)
  Below 2 patches were refreshed as well by this patch for code
  adjustment:
  patches.suse/intel_idle-convert-to-new-x86-cpu-match-macros.patch
  patches.suse/intel_idle-Customize-IceLake-server-support.patch
- commit f10f8c4
- intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543)
- commit 79ec477
- intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543)
- commit ecacb28
- cpuidle: Allow idle states to be disabled by default (bsc#1175543)
- commit 48a3541
- intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543)
- commit 9dbf3f1
- intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543)
- commit 462302a
- ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543)
- commit 70c6258
- ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543)
- commit c99fda3
- ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543)
- commit 9eb9d8c
- ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543)
- commit c0d7249
- ACPI: processor: Export function to claim _CST control (bsc#1175543)
- commit 66eadb0
- cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543)
- commit c479621
- net: qrtr: fix another OOB Read in qrtr_endpoint_post
  (CVE-2021-3743 bsc#1189883).
- net: qrtr: fix OOB Read in qrtr_endpoint_post (CVE-2021-3743
  bsc#1189883).
- commit 78ff8ba
- x86/kvm: fix vcpu-id indexed array sizes (git-fixes).
- commit 3288077
- btrfs: fix NULL pointer dereference when deleting device by
  invalid id (bsc#1189832 CVE-2021-3739).
- commit 6bfce07
- xen/events: Fix race in set_evtchn_to_irq (git-fixes).
- commit cfb3b9b
- nvme: code command_id with a genctr for use-after-free
  validation (bsc#1181972).
- nvme-tcp: don't check blk_mq_tag_to_rq when receiving pdu data
  (bsc#1181972).
- nvme-pci: limit maximum queue depth to 4095 (bsc#1181972).
- params: lift param_set_uint_minmax to common code (bsc#1181972).
- nvme: avoid possible double fetch in handling CQE (bsc#1181972).
- nvme-pci: fix NULL req in completion handler (bsc#1181972).
- nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth
  (bsc#1181972).
- nvme-pci: use unsigned for io queue depth (bsc#1181972).
- commit 01de302
- post.sh: detect /usr mountpoint too
- commit c7b3d74
- md/raid10: properly indicate failure when ending a failed
  write request (git-fixes).
- Refresh for the above change,
  patches.suse/md-display-timeout-error.patch.
- commit 2088aff
- kernel, fs: Introduce and use set_restart_fn() and
  arch_set_restart_data() (bsc#1189153).
- commit 8bf2f14
- kABI fix of usb_dcd_config_params (git-fixes).
- commit 8726268
- x86/fpu: Limit xstate copy size in xstateregs_set()
  (bsc#1152489).
- commit 33182b7
- blacklist.conf: 9625895011d1 x86/fpu: Fix copy_xstate_to_kernel() gap handling
- commit 50f6bfa
- scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650).
- commit 41aa06c
- usb: gadget: Export recommended BESL values (git-fixes).
- commit 96bbeda
- ovl: prevent private clone if bind mount is not allowed
  (bsc#1189706, CVE-2021-3732).
- commit d40514b
- blacklist.conf: 6c34df6f350d ("/tracing: Apply trace filters on all output channels"/)
  Requires at least commit 8cfcf15503f6 ("/tracing: kprobes: Output kprobe
  event to printk buffer"/) too. Let's wait if there is an actual problem
  for someone.
- commit ef40598
- kernel-binary.spec.in: make sure zstd is supported by kmod if used
- commit f36412b
- kernel-binary.spec.in: add zstd to BuildRequires if used
- commit aa61dba
- tracing / histogram: Fix NULL pointer dereference on strcmp()
  on NULL event name (git-fixes).
- commit bf4be33
- x86/signal: Detect and prevent an alternate signal stack
  overflow (bsc#1152489).
- commit 72c8a0d
- slimbus: ngd: reset dma setup during runtime pm (git-fixes).
- slimbus: messaging: check for valid transaction id (git-fixes).
- slimbus: messaging: start transaction ids from 1 instead of zero
  (git-fixes).
- mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on
  BCM2711 (git-fixes).
- mmc: sdhci-iproc: Cap min clock frequency on BCM2711
  (git-fixes).
- commit cc02968
- Fix breakage of swap over NFS (bsc#1188924).
- commit 9f3f2ef
- ASoC: intel: atom: Fix breakage for PCM buffer address setup
  (git-fixes).
- commit 0bed191
- rpm: support gz and zst compression methods
  Extend commit 18fcdff43a00 ("/rpm: support compressed modules"/) for
  compression methods other than xz.
- commit 3b8c4d9
- SUNRPC: 'Directory with parent 'rpc_clnt' already
  present!' (bsc#1168202 bsc#1188924).
- SUNRPC: fix use-after-free in rpc_free_client_work()
  (bsc#1168202 bsc#1188924).
- kabi fix for SUNRPC: defer slow parts of rpc_free_client()
  to a workqueue (bsc#1168202 bsc#1188924).
- SUNRPC: defer slow parts of rpc_free_client() to a workqueue
  (bsc#1168202 bsc#1188924).
- commit a690151
- PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes).
- PCI/MSI: Correct misleading comments (git-fixes).
- PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes).
- PCI/MSI: Enforce that MSI-X table entry is masked for update
  (git-fixes).
- PCI/MSI: Mask all unused MSI-X entries (git-fixes).
- i2c: dev: zero out array used for i2c reads from userspace
  (git-fixes).
- commit 4d62c8f
- ALSA: hda/via: Apply runtime PM workaround for ASUS B23E
  (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15
  9510 laptop (git-fixes).
- ALSA: hda - fix the 'Capture Switch' value change notifications
  (git-fixes).
- commit bb87ddf
- s390/boot: fix use of expolines in the DMA code (bsc#1188878
  ltc#193771).
- commit 46381a6
- series.conf: cleanup
- move mainline backports to sorted section:
  - patches.suse/KVM-nSVM-avoid-picking-up-unsupported-bits-from-L2-i.patch
  - patches.suse/KVM-nSVM-always-intercept-VMLOAD-VMSAVE-when-nested.patch
- commit 30636ef
- Fix kabi of prepare_to_wait_exclusive() (bsc#1189575).
- commit da7e3ca
- ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
  (bsc#1189587).
- commit ae93a20
- ubifs: journal: Fix error return code in ubifs_jnl_write_inode()
  (bsc#1189586).
- commit 50b39b2
- ubifs: Only check replay with inode type to judge if inode
  linked (bsc#1187455).
- commit 3cfd5e7
- ubifs: Fix error return code in alloc_wbufs() (bsc#1189585).
- blacklist.conf:
- commit d0fe9df
- ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583).
- commit abd23d2
- ocfs2: issue zeroout to EOF blocks (bsc#1189582).
- commit 7960ad8
- ocfs2: fix snprintf() checking (bsc#1189581).
- commit ca894bd
- ocfs2: fix zero out valid data (bsc#1189579).
- commit 42e68bc
- writeback: fix obtain a reference to a freeing memcg css
  (bsc#1189577).
- commit b318f10
- ext4: fix potential htree corruption when growing large_dir
  directories (bsc#1189576).
- commit 13d68f1
- rq-qos: fix missed wake-ups in rq_qos_throttle try two
  (bsc#1189575).
- commit edbcd21
- fanotify: fix copy_event_to_user() fid error clean up
  (bsc#1189574).
- commit a8937b5
- bdi: Do not use freezable workqueue (bsc#1189573).
- commit 60e4174
- mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page()
  (bsc#1189569).
- commit 1b1dfcf
- ext4: cleanup in-core orphan list if ext4_truncate() failed
  to get a transaction handle (bsc#1189568).
- commit 0ace36d
- ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567).
- commit 4329025
- ext4: fix avefreec in find_group_orlov (bsc#1189566).
- commit d7bfbbd
- ext4: remove check for zero nr_to_scan in ext4_es_scan()
  (bsc#1189565).
- commit 3ca5f18
- ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
  (bsc#1189564).
- commit cd60859
- ext4: return error code when ext4_fill_flex_info() fails
  (bsc#1189563).
- commit 200d004
- ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562).
- commit fd9a225
- scsi: lpfc: Move initialization of phba->poll_list earlier to
  avoid crash (git-fixes).
- commit 92c63a5
- KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
  (bsc#1189399, CVE-2021-3653).
- KVM: nSVM: always intercept VMLOAD/VMSAVE when nested
  (bsc#1189400, CVE-2021-3656).
- KVM: X86: MMU: Use the correct inherited permissions to get
  shadow page (CVE-2021-38198 bsc#1189262).
- commit 7902615
- usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes).
- commit 2a94579
- Revert "/xfrm: policy: Read seqcount outside of rcu-read side
  in xfrm_policy_lookup_bytype"/ (bsc#1185675).
  This revert was initially applied to SLE15-SP2-RT (70e4d04b75f). Since
  the reverted commit went into SLE15-SP2 (96f285dfa8b), the revert needs
  to move from SLE15-SP2-RT to SLE15-SP2.
- commit f32a28c
- Update
  patches.suse/ibmvnic-Allow-device-probe-if-the-device-is-not-read.patch
  (bsc#1167032 ltc#184087 bsc#1184114 ltc#192237).
- commit 8a87839
- blacklist.conf: add an entry for the reverted iTCO_wdt
- commit 4c97ae2
- usb: dwc3: gadget: Fix handling ZLP (git-fixes).
- commit 5e0eec9
- tracing: Reject string operand in the histogram expression
  (git-fixes).
- commit edab067
- tracing / histogram: Give calculation hist_fields a size
  (git-fixes).
- commit 49985ee
- blacklist.conf: 1e3bac71c505 ("/tracing/histogram: Rename "/cpu"/ to "/common_cpu"/"/)
  Better not to backport the commit as it changes the semantics of an
  existing field.
- commit 00d0183
- blacklist.conf: 6c881ca0b304 ("/afs: Fix tracepoint string placement with built-in AFS"/)
  CONFIG_AFS_FS is not set on SLE15-SP2. It is on SLE15-SP3 but only as a
  module, not built-in. No need to backport the commit.
- commit 43483b1
- bpf: Fix leakage due to insufficient speculative store
  bypass mitigation (bsc#1188983, bsc#1188985, CVE-2021-34556,
  CVE-2021-35477).
- bpf: Introduce BPF nospec instruction for mitigating Spectre v4
  (bsc#1188983, bsc#1188985, CVE-2021-34556, CVE-2021-35477).
- commit f87c7ce
- blk-iolatency: error out if blk_get_queue() failed in
  iolatency_set_limit() (bsc#1189507).
- commit b15ef07
- blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling
  (bsc#1189506).
- commit 7fe32f7
- block: fix trace completion for chained bio (bsc#1189505).
- commit 47344da
- blk-wbt: make sure throttle is enabled properly (bsc#1189504).
- commit 7b07185
- blk-wbt: introduce a new disable state to prevent false positive
  by rwb_enabled() (bsc#1189503).
- commit 798c57a
- misc: rtsx: do not setting OC_POWER_DOWN reg in
  rtsx_pci_init_ocp() (git-fixes).
- misc: atmel-ssc: lock with mutex instead of spinlock
  (git-fixes).
- commit 55d9570
- gpio: eic-sprd: break loop when getting NULL device resource
  (git-fixes).
- Revert "/gpio: eic-sprd: Use devm_platform_ioremap_resource()"/
  (git-fixes).
- commit 990b695
- Revert a BT patch that was reverted on stable trees (git-fixes)
  Delete patches.suse/Bluetooth-Shutdown-controller-after-workqueues-are-f.patch
- commit 127d54b
- mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards
  (git-fixes).
- commit 0a223c6
- x86/fpu: Make init_fpstate correct with optimized XSAVE
  (bsc#1152489).
- commit 603fc19
- kernel-binary.spec: Require dwarves for kernel-binary-devel when BTF is
  enabled (jsc#SLE-17288).
  About the pahole version: v1.18 should be bare mnimum, v1.22 should be
  fully functional, for now we ship git snapshot with fixes on top of
  v1.21.
- commit 8ba3382
- x86/fpu: Reset state for all signal restore failures
  (bsc#1152489).
- commit f42aa15
- blacklist.conf: blacklist davicom legacy ethernet driver
- commit 78e9c10
- usb: dwc3: gadget: Check MPS of the request length (git-fixes).
- commit 0d1e1fe
- Drop watchdog iTCO_wdt patch that causes incompatible behavior (bsc#1189449)
  Also blacklisted
- commit e5dd4ab
- s390/ap: Fix hanging ioctl caused by wrong msg counter
  (bsc#1188982 LTC#193817).
- commit 7e146ac
- Bluetooth: switch to lock_sock in SCO (CVE-2021-3640
  bsc#1188172).
- Bluetooth: avoid circular locks in sco_sock_connect
  (CVE-2021-3640 bsc#1188172).
- commit f2d375d
- Update patch reference for a BT fix (CVE-2021-3640 bsc#1188172)
- commit 98aa089
- powerpc/pseries: Fix update of LPAR security flavor after LPM
  (bsc#1188885 ltc#193722 git-fixes).
- commit fbccd6a
- usb: dwc3: gadget: Clear DEP flags after stop transfers in ep
  disable (git-fixes).
- commit 5733c23
- usb: dwc3: gadget: Disable gadget IRQ during pullup disable
  (git-fixes).
- usb: dwc3: gadget: Prevent EP queuing while stopping transfers
  (git-fixes).
- commit 124c915
- PCI/MSI: Do not set invalid bits in MSI mask (git-fixes).
- PCI/MSI: Enable and mask MSI-X early (git-fixes).
- ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes).
- iio: adc: Fix incorrect exit of for-loop (git-fixes).
- iio: humidity: hdc100x: Add margin to the conversion time
  (git-fixes).
- iio: adc: ti-ads7950: Ensure CS is deasserted after reading
  channels (git-fixes).
- USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes).
- usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup
  (git-fixes).
- usb: dwc3: Stop active transfers before halting the controller
  (git-fixes).
- commit 627b67a
- config: refresh
- commit a299bb8
- ceph: take snap_empty_lock atomically with snaprealm refcount
  change (bsc#1189427).
- ceph: reduce contention in ceph_check_delayed_caps()
  (bsc#1187468).
- commit 93c7440
- blacklist.conf: Add 'fix poly1305_core_setkey() declaration'
  Commit 8d195e7a8ada ("/crypto: poly1305 - fix poly1305_core_setkey()
  declaration"/) is a cleanup which breaks kABI.
- commit 37e4183
- scsi: blkcg: Fix application ID config options (bsc#1189385
  jsc#SLE-18970).
- Update config files.
- commit 1317caa
- crypto: x86/curve25519 - fix cpu feature checking logic in
  mod_exit (git-fixes).
- wireguard: allowedips: free empty intermediate nodes when
  removing single node (git-fixes).
- wireguard: allowedips: allocate nodes in kmem_cache (git-fixes).
- wireguard: allowedips: remove nodes in O(1) (git-fixes).
- commit 6aa0bda
- USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2
  (git-fixes).
- USB: serial: option: add Telit FD980 composition 0x1056
  (git-fixes).
- USB: serial: ch341: fix character loss at high transfer rates
  (git-fixes).
- usb: gadget: f_hid: idle uses the highest byte for duration
  (git-fixes).
- usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers
  (git-fixes).
- usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes).
- commit f089244
- ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes).
- ASoC: xilinx: Fix reference to PCM buffer address (git-fixes).
- ASoC: intel: atom: Fix reference to PCM buffer address
  (git-fixes).
- ASoC: tlv320aic31xx: Fix jack detection after suspend
  (git-fixes).
- spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes).
- virt_wifi: fix error on connect (git-fixes).
- commit 690710b
- staging: rtl8712: get rid of flush_scheduled_work (git-fixes).
- staging: rtl8723bs: Fix a resource leak in sd_int_dpc
  (git-fixes).
- serial: 8250_mtk: fix uart corruption issue when rx power off
  (git-fixes).
- soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes).
- soc: ixp4xx: fix printing resources (git-fixes).
- spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation
  (git-fixes).
- spi: meson-spicc: fix memory leak in meson_spicc_remove
  (git-fixes).
- pcmcia: i82092: fix a null pointer dereference bug (git-fixes).
- libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes).
- spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay
  (git-fixes).
- commit 24af025
- ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes).
- ASoC: cs42l42: Remove duplicate control for WNF filter frequency
  (git-fixes).
- ASoC: cs42l42: Fix inversion of ADC Notch Switch control
  (git-fixes).
- ASoC: cs42l42: Don't allow SND_SOC_DAIFMT_LEFT_J (git-fixes).
- ASoC: cs42l42: Correct definition of ADC Volume control
  (git-fixes).
- firmware_loader: use -ETIMEDOUT instead of -EAGAIN in
  fw_load_sysfs_fallback (git-fixes).
- Revert "/ACPICA: Fix memory leak caused by _CID repair function"/
  (git-fixes).
- dmaengine: imx-dma: configure the generic DMA type to make it
  work (git-fixes).
- ALSA: usb-audio: fix incorrect clock source setting (git-fixes).
- commit 20c4d69
- scsi: qla2xxx: Remove redundant initialization of variable
  num_cnt (bsc#1189392).
- scsi: qla2xxx: Fix use after free in debug code (bsc#1189392).
- scsi: qla2xxx: Fix spelling mistakes "/allloc"/ -> "/alloc"/
  (bsc#1189392).
- scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392).
- scsi: qla2xxx: edif: Increment command and completion counts
  (bsc#1189392).
- scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392).
- scsi: qla2xxx: edif: Add doorbell notification for app
  (bsc#1189392).
- scsi: qla2xxx: edif: Add detection of secure device
  (bsc#1189392).
- scsi: qla2xxx: edif: Add authentication pass + fail bsgs
  (bsc#1189392).
- scsi: qla2xxx: edif: Add key update (bsc#1189392).
- scsi: qla2xxx: edif: Add extraction of auth_els from the wire
  (bsc#1189392).
- scsi: qla2xxx: edif: Add send, receive, and accept for auth_els
  (bsc#1189392).
- scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs
  (bsc#1189392).
- scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392).
- scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392).
- scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI
  (bsc#1189392).
- scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392).
- scsi: qla2xxx: Remove redundant continue statement in a for-loop
  (bsc#1189392).
- scsi: qla2xxx: Add heartbeat check (bsc#1189392).
- scsi: qla2xxx: Use list_move_tail() instead of
  list_del()/list_add_tail() (bsc#1189392).
- scsi: qla2xxx: Remove duplicate declarations (bsc#1189392).
- scsi: qla2xxx: Log PCI address in
  qla_nvme_unregister_remote_port() (bsc#1189392).
- scsi: qla2xxx: Remove redundant assignment to rval
  (bsc#1189392).
- scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal
  (bsc#1189392).
- scsi: qla2xxx: Fix error return code in
  qla82xx_write_flash_dword() (bsc#1189392).
- commit 4f97d8a
- scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted()
  (bsc#1189385).
- scsi: lpfc: Remove redundant assignment to pointer pcmd
  (bsc#1189385).
- scsi: lpfc: Copyright updates for 14.0.0.0 patches
  (bsc#1189385).
- scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385).
- scsi: lpfc: Add 256 Gb link speed support (bsc#1189385).
- scsi: lpfc: Revise Topology and RAS support checks for new
  adapters (bsc#1189385).
- scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385).
- scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series
  adapters (bsc#1189385).
- scsi: lpfc: Copyright updates for 12.8.0.11 patches
  (bsc#1189385).
- scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385).
- scsi: lpfc: Skip issuing ADISC when node is in NPR state
  (bsc#1189385).
- scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC
  cmpl path (bsc#1189385).
- scsi: lpfc: Call discovery state machine when handling
  PLOGI/ADISC completions (bsc#1189385).
- scsi: lpfc: Delay unregistering from transport until GIDFT or
  ADISC completes (bsc#1189385).
- scsi: lpfc: Enable adisc discovery after RSCN by default
  (bsc#1189385).
- scsi: lpfc: Use PBDE feature enabled bit to determine PBDE
  support (bsc#1189385).
- scsi: lpfc: Clear outstanding active mailbox during PCI function
  reset (bsc#1189385).
- scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi()
  routine (bsc#1189385).
- scsi: lpfc: Remove REG_LOGIN check requirement to issue an
  ELS RDF (bsc#1189385).
- scsi: lpfc: Fix memory leaks in error paths while issuing ELS
  RDF/SCR request (bsc#1189385).
- scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF
  handling (bsc#1189385).
- scsi: lpfc: Keep NDLP reference until after freeing the IOCB
  after ELS handling (bsc#1189385).
- scsi: lpfc: Fix target reset handler from falsely returning
  FAILURE (bsc#1189385).
- scsi: lpfc: Discovery state machine fixes for LOGO handling
  (bsc#1189385).
- scsi: lpfc: Fix function description comments for vmid routines
  (bsc#1189385).
- scsi: lpfc: Improve firmware download logging (bsc#1189385).
- scsi: lpfc: Remove use of kmalloc() in trace event logging
  (bsc#1189385).
- scsi: lpfc: Fix NVMe support reporting in log message
  (bsc#1189385).
- scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385).
- scsi: lpfc: Use list_move_tail() instead of
  list_del()/list_add_tail() (bsc#1189385).
- scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker
  thread (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Append the VMID to the wqe before sending
  (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Implement ELS commands for appid
  (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Add support for VMID in mailbox command
  (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc
  (bsc#1189385 jsc#SLE-18970).
- scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970).
- Update config files
  Add kABI fixup patch
- patches.kabi/blk-cgroup-kABI-fixes-for-new-fc_app_id-definition.patch
- scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: Remove redundant assignment to pointer temp_hdr
  (bsc#1189385).
- commit e47f569
- nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384).
- commit da8a2b6
- README: Modernize build instructions.
- commit 8cc5c28
- ovl: allow upperdir inside lowerdir (bsc#1189323).
- ovl: fix missing revert_creds() on error path (bsc#1189323).
- ovl: skip getxattr of security labels (bsc#1189323).
- ovl: perform vfs_getxattr() with mounter creds (bsc#1189323).
- ovl: expand warning in ovl_d_real() (bsc#1189323).
- commit d2a0c13
- rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305)
- commit 7f9ade7
- platform/x86: pcengines-apuv2: Add missing terminating entries
  to gpio-lookup tables (git-fixes).
- commit e6925d8
- fix patches metadata
- fix Patch-mainline:
  - patches.suse/NFSv4-Initialise-connection-to-the-server-in-nfs4_al.patch
  - patches.suse/NFSv4-pNFS-Don-t-call-_nfs4_pnfs_v3_ds_connect-multi.patch
  - patches.suse/SUNRPC-Fix-the-batch-tasks-count-wraparound.patch
  - patches.suse/SUNRPC-Should-wake-up-the-privileged-task-firstly.patch
  - patches.suse/nfs-fix-acl-memory-leak-of-posix_acl_create.patch
- commit bd541fa
- net: ll_temac: Fix TX BD buffer overwrite (CVE-2021-38207
  bsc#1189298).
- commit 64dedf9
- scsi: zfcp: Report port fc_security as unknown early during
  remote cable pull (git-fixes).
- commit 071c9e5
- net: xilinx_emaclite: Do not print real IOMEM pointer
  (CVE-2021-38205 bsc#1189292).
- commit 1e538f8
- Update patch reference for a USB max3421 HCD fix (CVE-2021-38204 bsc#1189291)
- commit 68d7672
- scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST
  state (bsc#1184180).
- commit 435d2bf
- usb: dwc3: gadget: Don't setup more than requested (git-fixes).
- commit d278880
- usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init
  (git-fixes).
- commit bc358f9
- ocfs2: initialize ip_next_orphan (bsc#1186731).
- commit fd80e8c
- NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times
  (git-fixes).
- SUNRPC: Should wake up the privileged task firstly (git-fixes).
- SUNRPC: Fix the batch tasks count wraparound (git-fixes).
- nfs: fix acl memory leak of posix_acl_create() (git-fixes).
- commit 1bdda2d
- NFSv4: Initialise connection to the server in
  nfs4_alloc_client() (bsc#1040364).
- Delete
  patches.suse/0001-NFSv4-don-t-let-hanging-mounts-block-other-mounts.patch.
  Upstream now has a fix for this bug, so use their version instead of ours.
- commit 350271e
- usb: dwc3: gadget: Give back staled requests (git-fixes).
- commit c4cb23f
- usb: dwc3: support continuous runtime PM with dual role
  (git-fixes).
- commit f340e0b
- iommu/vt-d: Global devTLB flush when present context entry
  changed (bsc#1189220).
- iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229).
- iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214).
- iommu/amd: Fix extended features logging (bsc#1189213).
- iommu/vt-d: Define counter explicitly as unsigned int
  (bsc#1189216).
- iommu/arm-smmu-v3: Decrease the queue size of evtq and priq
  (bsc#1189210).
- crypto: ccp - Annotate SEV Firmware file names (bsc#1189212).
- iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218).
- iommu/vt-d: Check for allocation failure in aux_detach_device()
  (bsc#1189215).
- iommu/vt-d: Force to flush iotlb before creating superpage
  (bsc#1189219).
- iommu/vt-d: Invalidate PASID cache when root/context entry
  changed (bsc#1189221).
- iommu/vt-d: Don't set then clear private data in
  prq_event_thread() (bsc#1189217).
- iommu/vt-d: Reject unsupported page request modes (bsc#1189222).
- iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK
  (bsc#1189209).
- commit f116a8f
- blacklist.conf: Add two IOMMU fixes
  b9abb19fa5fd iommu: Check dev->iommu in iommu_dev_xxx functions
  474dd1c65064 iommu/vt-d: Fix clearing real DMA device's scalable-mode context entries
- commit 2db8dfc
- powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats
  unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769
  git-fixes).
- commit c109f3e
- Fix filesystem requirement and suse-release requires
  Reduce filesystem conflict to anything less than 16 to allow pulling the
  change into the next major stable version.
  Don't require suse-release as that's not technically required. Conflict
  with a too old one instead.
- commit 913f755
- iwlwifi: rs-fw: don't support stbc for HE 160 (git-fixes).
- commit 981ddc7
- blacklist.conf: obsoleted by 8d396bb0a5b62b326f6be7594d8bd46b088296bd
- commit d9ae913
- USB: usbtmc: Fix RCU stall warning (git-fixes).
- commit 8c8f7df
- powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148
  ltc#190702 git-fixes).
- commit 8c2e999
- powerpc/pseries: Fix regression while building external modules
  (bsc#1160010 ltc#183046 git-fixes).
  This changes a GPL symbol to general symbol which is kABI change but not
  kABI break.
- commit 5db0ce9
- powerpc/papr_scm: Reduce error severity if nvdimm stats
  inaccessible (bsc#1189197 ltc#193906).
- commit 9021659
- firmware_loader: fix use-after-free in firmware_fallback_sysfs
  (git-fixes).
- serial: tegra: Only print FIFO error message when an error
  occurs (git-fixes).
- serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes).
- spi: mediatek: Fix fifo transfer (git-fixes).
- ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits
  (git-fixes).
- spi: stm32h7: fix full duplex irq handler handling (git-fixes).
- regulator: rt5033: Fix n_voltages settings for BUCK and LDO
  (git-fixes).
- commit 8f575e8
- fix patches metadata
- fix Patch-mainline:
  - patches.suse/ALSA-hda-realtek-Fix-headset-mic-for-Acer-SWIFT-SF31.patch
  - patches.suse/ALSA-hda-realtek-add-mic-quirk-for-Acer-SF314-42.patch
  - patches.suse/ALSA-seq-Fix-racy-deletion-of-subscriber.patch
  - patches.suse/ALSA-usb-audio-Add-registration-quirk-for-JBL-Quantu-4b0556b96e1f.patch
  - patches.suse/ALSA-usb-audio-Fix-superfluous-autosuspend-recovery.patch
- commit 486a747
- ALSA: seq: Fix racy deletion of subscriber (git-fixes).
- ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes).
- ALSA: usb-audio: Add registration quirk for JBL Quantum 600
  (git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56
  (ALC256) (git-fixes).
- ALSA: usb-audio: Fix superfluous autosuspend recovery
  (git-fixes).
- commit 57d9208
- net: dsa: mv88e6xxx: also read STU state in
  mv88e6250_g1_vtu_getnext (git-fixes).
- commit 4d3a9e0
- Bluetooth: defer cleanup of resources in hci_unregister_dev()
  (git-fixes).
- commit 38ad73f
- fix patches metadata
- fix Patch-mainline:
  - patches.suse/NFSv4.1-Don-t-rebind-to-the-same-source-port-when-re.patch
  - patches.suse/SUNRPC-prevent-port-reuse-on-transports-which-don-t-.patch
- commit 5e54e89
- blacklist.conf: kABI changes due to kvm_mmu_rule struct.
- commit f3e0e69
- Refresh patches.suse/Input-ili210x-add-missing-negation-for-touch-indicat.patch
  Fix missing parentheses in the input backport patch.
- commit 0913716
- rpm/kernel-source.rpmlintrc: ignore new include/config files
  In 5.13, since 0e0345b77ac4, config files have no longer .h suffix.
  Adapt the zero-length check.
  Based on Martin Liska's change.
- commit b6f021b
- gpio: tqmx86: really make IRQ optional (git-fixes).
- media: videobuf2-core: dequeue if start_streaming fails
  (git-fixes).
- media: rtl28xxu: fix zero-length control request (git-fixes).
- clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes).
- clk: stm32f4: fix post divisor setup for I2S/SAI PLLs
  (git-fixes).
- cfg80211: Fix possible memory leak in function
  cfg80211_bss_update (git-fixes).
- commit 7dd3f8c
- SUNRPC: prevent port reuse on transports which don't request it
  (bnc#1186264 bnc#1189021).
- commit a89b568
- kabi fix for NFSv4.1: Don't rebind to the same source port when
  reconnecting to the server
  (bnc#1186264 bnc#1189021)
- commit 844eb4c
- NFSv4.1: Don't rebind to the same source port when
  (bnc#1186264 bnc#1189021)
- commit 4b89a40
- btrfs: rework chunk allocation to avoid exhaustion of the
  system chunk array (bsc#1189077).
- btrfs: fix deadlock with concurrent chunk allocations involving
  system chunks (bsc#1189077).
- btrfs: move the chunk_mutex in btrfs_read_chunk_tree
  (bsc#1189077).
- btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk
  (bsc#1189077).
- btrfs: parameterize dev_extent_min for chunk allocation
  (bsc#1189077).
- btrfs: factor out create_chunk() (bsc#1189077).
- btrfs: factor out decide_stripe_size() (bsc#1189077).
- btrfs: factor out gather_device_info() (bsc#1189077).
- btrfs: factor out init_alloc_chunk_ctl (bsc#1189077).
- btrfs: introduce alloc_chunk_ctl (bsc#1189077).
- btrfs: refactor find_free_dev_extent_start() (bsc#1189077).
- btrfs: introduce chunk allocation policy (bsc#1189077).
- btrfs: handle invalid profile in chunk allocation (bsc#1189077).
- commit 707ed65
- tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop
  (CVE-2021-3679 bsc#1189057).
- commit 49b5ebf
- net/mlx5: Properly convey driver version to firmware
  (git-fixes).
- commit 44d8f42
- net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes).
- commit ac61742
- can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes).
- commit 75096f3
- net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes).
- commit 524d35f
- Update kabi files.
- update from August 2021 maintenance update submission (commit a13100d5f167)
- commit 75dc981
- blacklist.conf: add macsonic driver
- commit 688a554
- cifs: do not share tcp sessions of dfs connections
  (bsc#1185902).
- commit 78eb685
- cifs: prevent NULL deref in cifs_compose_mount_options()
  (bsc#1185902).
- commit a798607
- cifs: missing null pointer check in cifs_mount (bsc#1185902).
- commit 17b0494
- cifs: fix check of dfs interlinks (bsc#1185902).
- commit 1db4f4d
- cifs: avoid starvation when refreshing dfs cache (bsc#1185902).
- commit 064a32d
- cifs: do not share tcp servers with dfs mounts (bsc#1185902).
- commit 65332c5
- cifs: set a minimum of 2 minutes for refreshing dfs cache
  (bsc#1185902).
- commit 1a16c86
- cifs: fix path comparison and hash calc (bsc#1185902).
- commit 9ae40ff
- cifs: handle different charsets in dfs cache (bsc#1185902).
- commit 7b185cd
- cifs: keep referral server sessions alive (bsc#1185902).
- commit a6fba08
- workqueue: fix UAF in pwq_unbound_release_workfn()
  (bsc#1188973).
- commit b02980f
- can: esd_usb2: fix memory leak (git-fixes).
- can: ems_usb: fix memory leak (git-fixes).
- can: usb_8dev: fix memory leak (git-fixes).
- can: mcba_usb_start(): add missing urb->transfer_dma
  initialization (git-fixes).
- can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes).
- nfc: nfcsim: fix use after free during module unload
  (git-fixes).
- can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
  (git-fixes).
- Revert "/ACPI: resources: Add checks for ACPI IRQ override"/
  (git-fixes).
- firmware: arm_scmi: Fix range check for the maximum number of
  pending messages (git-fixes).
- firmware: arm_scmi: Fix possible scmi_linux_errmap buffer
  overflow (git-fixes).
- commit 7ff2c84
- fix patch metadata
- fix Patch-mainline:
  patches.suse/xfrm-xfrm_state_mtu-should-return-at-least-1280-for-.patch
- commit e52bdda
- ixgbe: Fix packet corruption due to missing DMA sync
  (git-fixes).
- bnxt_en: Check abort error state in bnxt_half_open_nic()
  (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in
  bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe()
  (jsc#SLE-8371 bsc#1153274).
- bnxt_en: don't disable an already disabled PCI device
  (git-fixes).
- cxgb4: fix IRQ free race during driver unload (git-fixes).
- igb: Fix position of assignment to *ring (git-fixes).
- igb: Check if num of q_vectors is smaller than max before
  array access (git-fixes).
- iavf: Fix an error handling path in 'iavf_probe()' (git-fixes).
- e1000e: Fix an error handling path in 'e1000_probe()'
  (git-fixes).
- igb: Fix an error handling path in 'igb_probe()' (git-fixes).
- igc: Fix an error handling path in 'igc_probe()' (git-fixes).
- ixgbe: Fix an error handling path in 'ixgbe_probe()'
  (git-fixes).
- igc: change default return of igc_read_phy_reg() (git-fixes).
- igb: Fix use-after-free error during reset (git-fixes).
- igc: Fix use-after-free error during reset (git-fixes).
- virtio_net: move tx vq operation under tx queue lock
  (git-fixes).
- Revert "/be2net: disable bh with spin_lock in be_process_mcc"/
  (git-fixes).
- e1000e: Check the PCIm state (git-fixes).
- i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes).
- i40e: Fix error handling in i40e_vsi_open (git-fixes).
- vxlan: add missing rcu_read_lock() in neigh_reduce()
  (git-fixes).
- mvpp2: suppress warning (git-fixes).
- net: mvpp2: Put fwnode in error case during ->probe()
  (git-fixes).
- net/mlx5e: Block offload of outer header csum for GRE tunnel
  (git-fixes).
- commit 3de5d62
- powerpc/security: Fix link stack flush instruction (bsc#1188885
  ltc#193722).
- commit 6d617e8
- cifs: get rid of @noreq param in __dfs_cache_find()
  (bsc#1185902).
- commit 7f4ff26
- cifs: do not send tree disconnect to ipc shares (bsc#1185902).
- commit 96ce669
- cifs: Remove unused inline function is_sysvol_or_netlogon()
  (bsc#1185902).
- commit 7d7b6d5
- powerpc/64s: Move branch cache flushing bcctr variant to
  ppc-ops.h (bsc#1188885 ltc#193722).
- commit 837e7fa
- powerpc/security: Allow for processors that flush the link
  stack using the special bcctr (bsc#1188885 ltc#193722).
- powerpc/security: split branch cache flush toggle from code
  patching (bsc#1188885 ltc#193722).
- powerpc/security: make display of branch cache flush more
  consistent (bsc#1188885 ltc#193722).
- powerpc/security: change link stack flush state to the flush
  type enum (bsc#1188885 ltc#193722).
- Delete patches.suse/powerpc-add-link-stack-flush-mitigation-in-debugfs.patch
- replaced with upstream security mitigation cleanup
- powerpc/security: re-name count cache flush to branch cache
  flush (bsc#1188885 ltc#193722).
- commit e35bcce
- powerpc/pesries: Get STF barrier requirement from
  H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
- powerpc/security: Add a security feature for STF barrier
  (bsc#1188885 ltc#193722).
- powerpc/pseries: Get entry and uaccess flush required bits
  from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
- powerpc/pseries: export LPAR security flavor in lparcfg
  (bsc#1188885 ltc#193722).
- powerpc/64s: rename pnv|pseries_setup_rfi_flush to
  _setup_security_mitigations (bsc#1188885 ltc#193722).
- Refresh patches.suse/powerpc-pseries-mobility-notify-network-peers-after-.patch.
- powerpc/pseries: add new branch prediction security bits for
  link stack (bsc#1188885 ltc#193722).
- commit 3f019e2
- Update patch-mainline and git-commit tags
  Refresh:
  - patches.suse/0001-netfilter-conntrack-add-new-sysctl-to-disable-RST-ch.patch
  - patches.suse/0001-netfilter-conntrack-improve-RST-handling-when-tuple-.patch
- commit 758ec5c
- Move upstreamed patches to sorted section
- commit e174d5e
- net: mac802154: Fix general protection fault (CVE-2021-3659
  bsc#1188876).
- commit 61caeac
- USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
  (git-fixes).
- USB: serial: option: add support for u-blox LARA-R6 family
  (git-fixes).
- USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
  (git-fixes).
- usb: hub: Disable USB 3 device initiated lpm if exit latency
  is too high (git-fixes).
- usb: hub: Fix link power management max exit latency (MEL)
  calculations (git-fixes).
- xhci: Fix lost USB 2 remote wake (git-fixes).
- spi: imx: add a check for speed_hz before calculating the clock
  (git-fixes).
- commit cbaa23f
- firmware/efi: Tell memblock about EFI iomem reservations
  (git-fixes).
- ALSA: usb-audio: Add registration quirk for JBL Quantum headsets
  (git-fixes).
- ASoC: rt5631: Fix regcache sync errors on resume (git-fixes).
- ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes).
- ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes).
- drm: Return -ENOTTY for non-drm ioctls (git-fixes).
- regulator: hi6421: Fix getting wrong drvdata (git-fixes).
- regulator: hi6421: Use correct variable type for regmap api
  val argument (git-fixes).
- iio: accel: bma180: Use explicit member assignment (git-fixes).
- commit 4603b01
- xfrm: xfrm_state_mtu should return at least 1280 for ipv6
  (bsc#1185377).
- commit c3c4cb5
- use 3.0 SPDX identifier in rpm License tags
  As requested by Maintenance, change rpm License tags from "/GPL-2.0"/
  (SPDX 2.0) to "/GPL-2.0-only"/ (SPDX 3.0) so that their scripts do not have
  to adjust the tags with each maintenance update submission.
- commit f888e0b
- platform/x86: intel_int0002_vgpio: Only call enable_irq_wake()
  when using s2idle (git-fixes).
- commit 28541e7
- platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios
  (git-fixes).
- commit ffedcc6
- platform/x86: intel_int0002_vgpio: Remove dev_err() usage
  after platform_get_irq() (git-fixes).
- commit 4131c57
- platform/x86: intel_int0002_vgpio: Pass irqchip when adding
  gpiochip (git-fixes).
- commit 88a6182
- KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (bsc#1188838
  CVE-2021-37576).
- commit 0162dcd
- platform/x86: intel_int0002_vgpio: Use device_init_wakeup
  (git-fixes).
- commit 017d588
- platform/chrome: cros_ec_lightbar: Reduce ligthbar get version
  command (git-fixes).
- commit a8f01e1
- Input: ili210x - add missing negation for touch indication on
  ili210x (git-fixes).
- commit 0575cf5
- KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790).
- commit 81b4c99
- KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit
  RSB path (bsc#1188788).
- commit f2e225f
- KVM: VMX: Enable machine check support for 32bit targets
  (bsc#1188787).
- commit 388d3fb
- KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4()
  (bsc#1188786).
- commit c5de014
- KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check
  in !64-bit (bsc#1188784).
- commit 08b2951
- KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration
  (bsc#1188783).
- commit 5f8f317
- KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02
  (bsc#1188782).
- commit ef7bd2d
- KVM: nVMX: Reset the segment cache when stuffing guest segs
  (bsc#1188781).
- commit 8984ecb
- KVM: nVMX: Really make emulated nested preemption timer pinned
  (bsc#1188780).
- commit 597c5f3
- KVM: nVMX: Preserve exception priority irrespective of exiting
  behavior (bsc#1188777).
- commit 9024fbf
- KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap
  (bsc#1188774).
- commit 7334e84
- KVM: nVMX: Consult only the "/basic"/ exit reason when routing
  nested exit (bsc#1188773).
- commit f7ab15a
- kvm: LAPIC: Restore guard to prevent illegal APIC register
  access (bsc#1188772).
- commit 8a9a1d5
- KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic
  is hw disabled (bsc#1188771).
- commit 7610884
- kvm: i8254: remove redundant assignment to pointer s
  (bsc#1188770).
- commit f768a8a
- ceph: don't WARN if we're still opening a session to an MDS
  (bsc#1188748).
- rbd: don't hold lock_rwsem while running_list is being drained
  (bsc#1188747).
- rbd: always kick acquire on "/acquired"/ and "/released"/
  notifications (bsc#1188746).
- commit 5813020
- mt76: set dma-done flag for flushed descriptors (git-fixes).
- commit aaa3cb6
- mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom
  (git-fixes).
- commit 43e0b14
- mt76: mt7615: increase MCU command timeout (git-fixes).
- commit 1ca559f
- mt76: mt7603: set 0 as min coverage_class value (git-fixes).
- commit 606bd07
- ibmvnic: retry reset if there are no other resets (bsc#1184350
  ltc#191533).
- commit fccec64
- cifs: do not fail __smb_send_rqst if non-fatal signals are
  pending (git-fixes).
- commit 80eef04
- cifs: fix interrupted close commands (git-fixes).
- commit 9eae08a
- cifs: Fix preauth hash corruption (git-fixes).
- commit a2ac7b0
- cifs: Return correct error code from smb2_get_enc_key
  (git-fixes).
- commit ffe15e7
- cifs: fix memory leak in smb2_copychunk_range (git-fixes).
- commit f974156
- uuid: Add inline helpers to import / export UUIDs (FATE#326628,
  bsc#1113295, git-fixes).
- commit 5ef7dcb
- Drop media rtl28xxu fix patch (bsc#1188683)
  The recent backport of
  patches.suse/media-rtl28xxu-fix-zero-length-control-request.patch
  caused a regression on Astrometa DVB-T2.
  Revert and blacklist it for now.
- commit 1ae8d64
- series.conf: cleanup
- update upstream references and move into sorted section:
  - patches.suse/r8152-Fix-a-deadlock-by-doubly-PM-resume.patch
  - patches.suse/r8152-Fix-potential-PM-refcount-imbalance.patch
- commit 425c935
- powerpc/stacktrace: Include linux/delay.h (bsc#1156395).
- commit fb8c7fc
- ceph: clean up and optimize ceph_check_delayed_caps()
  (bsc#1187468).
- commit 33a74a3
- sfp: Fix error handing in sfp_probe() (git-fixes).
- commit 3f0aed6
- cadence: force nonlinear buffers to be cloned (git-fixes).
- commit 4b76907
- gtp: fix an use-before-init in gtp_newlink() (git-fixes).
- commit 6e609d3
- ravb: Fix bit fields checking in ravb_hwtstamp_get()
  (git-fixes).
- commit ed39fda
- net: hns3: Clear the CMDQ registers before unmapping BAR region
  (git-fixes).
- commit 57704e2
- wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes).
- commit 23af1ba
- net: wilc1000: clean up resource in error path of init mon
  interface (git-fixes).
- commit aa75b92
- Update patches.suse/ibmvnic-account-for-bufs-already-saved-in-indir_buf.patch
  (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 bsc#1188620
  ltc#192221).
- Update patches.suse/ibmvnic-free-tx_pool-if-tso_pool-alloc-fails.patch
  (bsc#1085224 ltc#164363 bsc#1188620 ltc#192221).
- Update patches.suse/ibmvnic-parenthesize-a-check.patch
  (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes
  bsc#1188620 ltc#192221).
- Update patches.suse/ibmvnic-set-ltb-buff-to-NULL-after-freeing.patch
  (bsc#1094840 ltc#167098 bsc#1188620 ltc#192221).
- commit 8147958
- ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075).
- commit 8bf9d02
- blacklist.conf: kABI
- commit 7c940a5
- blacklist.conf: cosmetic cleanup
- commit 29705c7
- blacklist.conf: kABI
- commit 839f900
- rtc: max77686: Do not enforce (incorrect) interrupt trigger type
  (git-fixes).
- rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes).
- thermal/core: Correct function name
  thermal_zone_device_unregister() (git-fixes).
- reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes).
- soc/tegra: fuse: Fix Tegra234-only builds (git-fixes).
- commit c39f899
- USB: serial: cp210x: fix comments for GE CS1000 (git-fixes).
- Revert "/USB: quirks: ignore remote wake-up on Fibocom L850-GL
  LTE modem"/ (git-fixes).
- usb: dwc2: gadget: Fix sending zero length packet in DDMA mode
  (git-fixes).
- usb: renesas_usbhs: Fix superfluous irqs happen after
  usb_pkt_pop() (git-fixes).
- usb: max-3421: Prevent corruption of freed memory (git-fixes).
- commit c637f14
- net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes).
- commit 2c19bb5
- scsi: fc: Add 256GBit speed setting to SCSI FC transport
  (bsc#1188101).
- commit 62c8708
- r8152: Fix a deadlock by doubly PM resume (bsc#1186194).
- r8152: Fix potential PM refcount imbalance (bsc#1186194).
- commit 539ea44
- drm/panel: raspberrypi-touchscreen: Prevent double-free
  (git-fixes).
- media: ngene: Fix out-of-bounds bug in
  ngene_command_config_free_buf() (git-fixes).
- liquidio: Fix unintentional sign extension issue on left shift
  of u16 (git-fixes).
- spi: cadence: Correct initialisation of runtime PM again
  (git-fixes).
- spi: mediatek: fix fifo rx mode (git-fixes).
- commit 44fe76d
- bcache: avoid oversized read request in cache missing code path
  (bsc#1184631).
- bcache: remove bcache device self-defined readahead
  (bsc#1184631).
- commit aaf8eb0
- KVM: do not allow mapping valid but non-reference-counted pages
  (bsc#1186482, CVE-2021-22543).
- KVM: Use kvm_pfn_t for local PFN variable in
  hva_to_pfn_remapped() (bsc#1186482, CVE-2021-22543).
- KVM: do not assume PTE is writable after follow_pfn
  (bsc#1186482, CVE-2021-22543).
- commit 3795669
- xen/events: reset active flag for lateeoi events later
  (git-fixes).
- Refresh patches.suse/xen-events-fix-setting-irq-affinity.patch.
- commit e51ccb0
- RDMA/cma: Fix incorrect Packet Lifetime calculation
  (jsc#SLE-8449).
- RDMA/cma: Protect RMW with qp_mutex (git-fixes).
- bpf: Fix integer overflow in argument calculation for
  bpf_map_area_alloc (bsc#1154353).
- ice: Re-organizes reqstd/avail {R, T}XQ check/code for
  efficiency (jsc#SLE-7926).
- commit 94fef56
- series.conf: cleanup
- update upstream reference and move into sorted section:
  - patches.suse/seq_file-Disallow-extremely-large-seq-buffer-allocations.patch
- commit 07df461
- Update
  patches.suse/ARM-ensure-the-signal-page-contains-defined-contents.patch
  (CVE-2021-21781 bsc#1188445).
- commit 47f3aa1
- watchdog: iTCO_wdt: Account for rebooting on second timeout
  (git-fixes).
- watchdog: Fix possible use-after-free by calling
  del_timer_sync() (git-fixes).
- watchdog: sc520_wdt: Fix possible use-after-free in
  wdt_turnoff() (git-fixes).
- watchdog: Fix possible use-after-free in wdt_startup()
  (git-fixes).
- w1: ds2438: fixing bug that would always get page0 (git-fixes).
- commit 0fe04be
- virtio_console: Assure used length from device is limited
  (git-fixes).
- pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes).
- pwm: imx1: Don't disable clocks at device remove time
  (git-fixes).
- pwm: spear: Don't modify HW state in .remove callback
  (git-fixes).
- power: supply: ab8500: add missing MODULE_DEVICE_TABLE
  (git-fixes).
- usb: gadget: hid: fix error return code in hid_bind()
  (git-fixes).
- usb: gadget: f_hid: fix endianness issue with descriptors
  (git-fixes).
- tty: serial: 8250: serial_cs: Fix a memory leak in error
  handling path (git-fixes).
- tty: serial: fsl_lpuart: fix the potential risk of division
  or modulo by zero (git-fixes).
- staging: rtl8723bs: fix macro value for 2.4Ghz only device
  (git-fixes).
- commit 966e79d
- PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes).
- power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
  (git-fixes).
- power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE
  (git-fixes).
- power: supply: max17042: Do not enforce (incorrect) interrupt
  trigger type (git-fixes).
- power: supply: ab8500: Avoid NULL pointers (git-fixes).
- power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE
  (git-fixes).
- power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE
  (git-fixes).
- misc: alcor_pci: fix inverted branch condition (git-fixes).
- net: usb: fix possible use-after-free in smsc75xx_bind
  (git-fixes).
- commit 74628f5
- iio: magn: bmc150: Balance runtime pm + use
  pm_runtime_resume_and_get() (git-fixes).
- iio: gyro: fxa21002c: Balance runtime pm + use
  pm_runtime_resume_and_get() (git-fixes).
- misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge
  (git-fixes).
- misc/libmasm/module: Fix two use after free in ibmasm_init_one
  (git-fixes).
- mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes).
- mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE
  (git-fixes).
- Input: hideep - fix the uninitialized use in hideep_nvm_unlock()
  (git-fixes).
- i2c: core: Disable client irq on reboot/shutdown (git-fixes).
- lib/decompress_unlz4.c: correctly handle zero-padding around
  initrds (git-fixes).
- commit 14f42b7
- backlight: lm3630a: Fix return code of .update_status() callback
  (git-fixes).
- dmaengine: fsl-qdma: check dma_set_mask return value
  (git-fixes).
- gpio: pca953x: Add support for the On Semi pca9655 (git-fixes).
- gpio: zynq: Check return value of pm_runtime_get_sync
  (git-fixes).
- ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below
  20 characters (git-fixes).
- ASoC: soc-core: Fix the error return code in
  snd_soc_of_parse_audio_routing() (git-fixes).
- ASoC: img: Fix PM reference leak in img_i2s_in_probe()
  (git-fixes).
- ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions
  (git-fixes).
- ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes).
- ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return
  values (git-fixes).
- commit 006f207
- ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes).
- ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes).
- ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes).
- ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count
  (git-fixes).
- ALSA: bebob: add support for ToneWeal FW66 (git-fixes).
- ALSA: ppc: fix error return code in snd_pmac_probe()
  (git-fixes).
- ALSA: sb: Fix potential double-free of CSP mixer elements
  (git-fixes).
- ALSA: ac97: fix PM reference leak in ac97_bus_remove()
  (git-fixes).
- ALSA: usx2y: Don't call free_pages_exact() with NULL address
  (git-fixes).
- commit eaa8acd
- config: refresh
- drop GVE on arm64 and s390x (no longer available due to dependency update)
- commit d6ed2bf
- crypto: sun4i-ss - initialize need_fallback (git-fixes).
- crypto: sun4i-ss - IV register does not work on A10 and A13
  (git-fixes).
- crypto: sun4i-ss - checking sg length is not sufficient
  (git-fixes).
- crypto: virtio: Fix dest length calculation in
  __virtio_crypto_skcipher_do_req() (git-fixes).
- crypto: virtio: Fix src/dst scatterlist calculation in
  __virtio_crypto_skcipher_do_req() (git-fixes).
- commit 2b4c8a1
- blacklist.conf: add 4c9c26f1e67648f41f
- commit db6c764
- powerpc/papr_scm: Properly handle UUID types and API
  (FATE#326628, bsc#1113295, git-fixes).
- commit 9bcaa28
- powerpc: Offline CPU in stop_this_cpu() (bsc#1156395).
- commit 01547d1
- powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395).
- commit b063178
- powerpc/stacktrace: Fix spurious "/stale"/ traces in
  raise_backtrace_ipi() (bsc#1156395).
- commit f074894
- gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940).
- Refresh
  patches.suse/gve-Fix-an-error-handling-path-in-gve_probe.patch.
- commit fc90ec1
- gve: DQO: Remove incorrect prefetch (bsc#1176940).
- gve: Simplify code and axe the use of a deprecated API
  (bsc#1176940).
- gve: Propagate error codes to caller (bsc#1176940).
- gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940).
- gve: Fix warnings reported for DQO patchset (bsc#1176940).
- gve: DQO: Add RX path (bsc#1176940).
- gve: DQO: Add TX path (bsc#1176940).
- gve: DQO: Configure interrupts on device up (bsc#1176940).
- gve: DQO: Add ring allocation and initialization (bsc#1176940).
- gve: DQO: Add core netdev features (bsc#1176940).
- gve: Update adminq commands to support DQO queues (bsc#1176940).
- gve: Add DQO fields for core data structures (bsc#1176940).
- gve: Add dqo descriptors (bsc#1176940).
- gve: Add support for DQO RX PTYPE map (bsc#1176940).
- gve: adminq: DQO specific device descriptor logic (bsc#1176940).
- gve: Introduce a new model for device options (bsc#1176940).
- gve: Make gve_rx_slot_page_info.page_offset an absolute offset
  (bsc#1176940).
- gve: gve_rx_copy: Move padding to an argument (bsc#1176940).
- gve: Move some static functions to a common file (bsc#1176940).
- gve: Check TX QPL was actually assigned (bsc#1176940).
- net: gve: remove duplicated allowed (bsc#1176940).
- net: gve: convert strlcpy to strscpy (bsc#1176940).
- gve: Add support for raw addressing in the tx path
  (bsc#1176940).
- gve: Rx Buffer Recycling (bsc#1176940).
- gve: Add support for raw addressing to the rx path
  (bsc#1176940).
- gve: Add support for raw addressing device option (bsc#1176940).
- gve: Replace zero-length array with flexible-array member
  (bsc#1176940).
- gve: Enable Link Speed Reporting in the driver (bsc#1176940).
- gve: Use link status register to report link status
  (bsc#1176940).
- gve: Batch AQ commands for creating and destroying queues
  (bsc#1176940).
- gve: NIC stats for report-stats and for ethtool (bsc#1176940).
- gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags
  (bsc#1176940).
- gve: Use dev_info/err instead of netif_info/err (bsc#1176940).
- gve: Add stats for gve (bsc#1176940).
- gve: Get and set Rx copybreak via ethtool (bsc#1176940).
- commit ffc7e3d
- cpu/hotplug: Cure the cpusets trainwreck (git fixes
  (sched/hotplug)).
- commit ea5f05d
- blacklist.conf: duplication
- commit eff56f7
- kprobes: Fix to check probe enabled before
  disarm_kprobe_ftrace() (git-fixes).
- commit 9aba4a6
- kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE
  (git-fixes).
- commit a579f68
- kABI workaround for pci/quirks.c (git-fixes).
- commit 04fb196
- Add a cherry-picked ID for AMDGPU fix patch
- commit ba73832
- wl1251: Fix possible buffer overflow in wl1251_cmd_scan
  (git-fixes).
- wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
  (git-fixes).
- commit e3971fc
- PCI: iproc: Support multi-MSI only on uniprocessor kernel
  (git-fixes).
- PCI: iproc: Fix multi-MSI base vector number allocation
  (git-fixes).
- PCI: aardvark: Implement workaround for the readback value of
  VEND_ID (git-fixes).
- pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq()
  (git-fixes).
- pinctrl: mcp23s08: fix race condition in irq handler
  (git-fixes).
- pinctrl/amd: Add device HID for new AMD GPIO controller
  (git-fixes).
- wireless: wext-spy: Fix out-of-bounds warning (git-fixes).
- rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes).
- r8169: avoid link-up interrupt issue on RTL8106e if user
  enables ASPM (git-fixes).
- qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute
  (git-fixes).
- commit 0ca454f
- PCI: aardvark: Fix checking for PIO Non-posted Request
  (git-fixes).
- PCI: Leave Apple Thunderbolt controllers on for s2idle or
  standby (git-fixes).
- media, bpf: Do not copy more entries than user space requested
  (git-fixes).
- iwlwifi: pcie: free IML DMA memory allocation (git-fixes).
- iwlwifi: mvm: don't change band on bound PHY contexts
  (git-fixes).
- mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes).
- media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
  (git-fixes).
- mmc: core: Allow UHS-I voltage switch for SDSC cards if
  supported (git-fixes).
- commit f7d13b4
- drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes).
- drm/radeon: Add the missed drm_gem_object_put() in
  radeon_user_framebuffer_create() (git-fixes).
- drm/amd/display: fix incorrrect valid irq check (git-fixes).
- drm/amdkfd: Walk through list with dqm lock hold (git-fixes).
- drm/amd/display: Verify Gamma & Degamma LUT sizes in
  amdgpu_dm_atomic_check (git-fixes).
- drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init()
  (git-fixes).
- drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes).
- drm/amd/display: Update scaling settings on modeset (git-fixes).
- drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer()
  (git-fixes).
- drm/amd/display: fix use_max_lb flag for 420 pixel formats
  (git-fixes).
- commit d72cf42
- drm/amd/amdgpu/sriov disable all ip hw status by default
  (git-fixes).
- drm/sched: Avoid data corruptions (git-fixes).
- drm/virtio: Fix double free on probe failure (git-fixes).
- drm/msm/mdp4: Fix modifier support enabling (git-fixes).
- drm/arm/malidp: Always list modifiers (git-fixes).
- drm/vc4: fix argument ordering in vc4_crtc_get_margins()
  (git-fixes).
- drm/zte: Don't select DRM_KMS_FB_HELPER (git-fixes).
- drm/mxsfb: Don't select DRM_KMS_FB_HELPER (git-fixes).
- drm/tegra: Don't set allow_fb_modifiers explicitly (git-fixes).
- commit b02b3f8
- ASoC: tegra: Set driver_name=tegra for all machine drivers
  (git-fixes).
- clk: tegra: Ensure that PLLU configuration is applied properly
  (git-fixes).
- clk: renesas: r8a77995: Add ZA2 clock (git-fixes).
- Bluetooth: btusb: fix bt fiwmare downloading failure issue
  for qca btsoc (git-fixes).
- Bluetooth: Shutdown controller after workqueues are flushed
  or cancelled (git-fixes).
- Bluetooth: Fix the HCI to MGMT status conversion table
  (git-fixes).
- Bluetooth: btusb: Fixed too many in-token issue for Mediatek
  Chip (git-fixes).
- cw1200: add missing MODULE_DEVICE_TABLE (git-fixes).
- clocksource/arm_arch_timer: Improve Allwinner A64 timer
  workaround (git-fixes).
- commit c7cdd5b
- ARM: ensure the signal page contains defined contents (bsc#1188445).
- commit a1eecda
- kprobes: fix kill kprobe which has been marked as gone
  (git-fixes).
- commit ee1820f
- kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
  (git-fixes).
- commit 865421f
- kprobes: Do not expose probe addresses to non-CAP_SYSLOG
  (git-fixes).
- commit e2cb2ae
- net: atlantic: fix ip dst and ipv6 address filters (git-fixes).
- commit 4278aab
- net/mlx5: Don't fail driver on failure to create debugfs (git-fixes).
- commit c19d4f7
- net: marvell: Fix OF_MDIO config check (git-fixes).
- commit f372318
- net: dp83867: Fix OF_MDIO config check (git-fixes).
- commit c2ac3ff
- net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes).
- commit 0997bfc
- net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes).
- commit 2e479b6
- PCI: quirks: fix false kABI positive (git-fixes).
- commit a2a8059
- tpm: efi: Use local variable for calculating final log size
  (git-fixes).
- commit 69be865
- tracing: Do not reference char * as a string in histograms
  (git-fixes).
- commit 5ff7921
- PCI: iproc: Fix multi-MSI base vector number allocation
  (git-fixes).
- commit 9e70011
- PCI: aardvark: Implement workaround for the readback value of
  VEND_ID (git-fixes).
- commit 4bfb1fd
- PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
  (git-fixes).
- commit dbaa5b3
- PCI: Leave Apple Thunderbolt controllers on for s2idle or
  standby (git-fixes).
- commit 900ca03
- Update patches.suse/Revert-ibmvnic-remove-duplicate-napi_schedule-call-i.patch
  (bsc#1065729 bsc#1188405 ltc#193509 bsc#1187476 ltc#193646).
- commit f55c672
- fix patch metadata
- fix Patch-mainline, drop Git-repo:
  patches.suse/bpftool-Properly-close-va_list-ap-by-va_end-on-error.patch
- commit ec7585c
- Update kabi files.
- update from second July 2021 maintenance update submission (commit 44308a6ad508)
- commit ee121a0
- fbmem: Do not delete the mode that is still in use (git-fixes).
- dma-buf/sync_file: Don't leak fences on merge failure
  (git-fixes).
- fbmem: add margin check to fb_check_caps() (git-fixes).
- commit 1116a4b
- Update patches.suse/Revert-ibmvnic-remove-duplicate-napi_schedule-call-i.patch
  (bsc#1065729 bsc#1188405 ltc#193509).
- Update patches.suse/Revert-ibmvnic-simplify-reset_long_term_buff-functio.patch
  (bsc#1186206 ltc#191041 bsc#1188405 ltc#193509).
- commit 5fcaf8a
- rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap
  (boo#1184804).
- commit 5b51131
- bpftool: Properly close va_list 'ap' by va_end() on error
  (bsc#1155518).
- libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518).
- commit a14bd1d
- blacklist.conf: add "/block: blk-mq.c: fix @at_head kernel-doc warning"/
  Also removed a remnant of a merge conflict.
- commit ebd24f1
- blk-mq: Rerun dispatching in the case of budget contention
  (bsc#1180092).
- blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092).
- blk-mq: In blk_mq_dispatch_rq_list() "/no budget"/ is a reason
  to kick (bsc#1180092).
- commit e31a7fc
- blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no
  budget (bsc#1180092).
- commit ccd1ac3
- blk-mq: insert flush request to the front of dispatch queue
  (bsc#1180092).
- commit acc744b
- blk-mq: insert passthrough request into hctx->dispatch directly
  (bsc#1180092).
- Refresh
  patches.suse/blk-mq-call-commit_rqs-while-list-empty-but-error-ha.patch.
- Refresh
  patches.suse/blk-mq-insert-request-not-through-queue_rq-into-sw-s.patch.
- commit 4ba4b0f
- cifs: constify get_normalized_path() properly (bsc#1185902).
- commit f4ccabe
- cifs: don't cargo-cult strndup() (bsc#1185902).
- commit 2296da2
- btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481).
- commit 9c3cf71
- btrfs: account for new extents being deleted in total_bytes_pinned (bsc#1135481).
- commit fed2922
- btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself (bsc#1135481).
- commit 5426822
- btrfs: shrink delalloc pages instead of full inodes (bsc#1135481).
- commit 5e89cd2
- btrfs: fix possible infinite loop in data async reclaim (bsc#1135481).
- commit f95f181
- btrfs: add a comment explaining the data flush steps (bsc#1135481).
- commit a308556
- btrfs: do async reclaim for data reservations (bsc#1135481).
- commit deae828
- btrfs: flush delayed refs when trying to reserve data space (bsc#1135481).
- commit d82c207
- btrfs: run delayed iputs before committing the transaction for data (bsc#1135481).
- commit 6af13e4
- btrfs: don't force commit if we are data (bsc#1135481).
- commit 3380b09
- btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481).
- commit c6ed5f3
- btrfs: use the same helper for data and metadata reservations (bsc#1135481).
- commit 188e042
- btrfs: serialize data reservations if we are flushing (bsc#1135481).
- commit 9a68295
- btrfs: use ticketing for data space reservations (bsc#1135481).
- commit 0cad012
- btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481).
- commit 7c494a4
- btrfs: add the data transaction commit logic into may_commit_transaction (bsc#1135481).
- commit 9327930
- btrfs: add flushing states for handling data reservations (bsc#1135481).
- commit ee0a32c
- btrfs: check tickets after waiting on ordered extents (bsc#1135481).
- commit e9723f6
- btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481).
- commit 08a821e
- btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc#1135481).
- commit e18060c
- btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481).
- commit e684a31
- btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#1135481).
- commit df0d484
- btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#1135481).
- commit 4167827
- btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481).
- commit 6287797
- btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481).
- commit 1eb212c
- btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481).
- commit acedfaf
- btrfs: remove orig from shrink_delalloc (bsc#1135481).
- commit 02659bb
- btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481).
- commit 5b57ee8
- usb: dwc3: core: don't do suspend for device mode if already
  suspended (git-fixes).
- commit 82b18d4
- usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set
  (git-fixes).
- commit 072728a
- usb: dwc3: gadget: Set link state to RX_Detect on disconnect
  (git-fixes).
- commit 6a1e8b7
- usb: dwc3: gadget: Don't send unintended link state change
  (git-fixes).
- commit acdee65
- usb: dwc3: of-simple: add a shutdown (git-fixes).
- commit 15b84b1
- usb: dwc3: debug: Remove newline printout (git-fixes).
- commit 5104cc5
- usb: dwc3: Disable phy suspend after power-on reset (git-fixes).
- commit a403162
- usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes).
- commit e16e74a
- usb: dwc3: gadget: Set BESL config parameter (git-fixes).
- commit b02b13d
- usb: dwc3: Separate field holding multiple properties
  (git-fixes).
- commit 1087836
- usb: dwc3: st: Add of_dev_put() in probe function (git-fixes).
- commit b4290b9
- usb: dwc3: st: Add of_node_put() before return in probe function
  (git-fixes).
- commit a5796ab
- usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes).
- commit 638e28a
- usb: dwc3: Use devres to get clocks (git-fixes).
- commit e717ac7
kmod
- Remove enum padding constants, add enum.patch (boo#1097869).
krb5
- Fix KDC null pointer dereference via a FAST inner body that
  lacks a server field; (CVE-2021-37750); (bsc#1189929);
- Added patches:
  * 0012-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch
- Fix KDC null deref on bad encrypted challenge; (CVE-2021-36222);
  (bsc#1188571);
- Added patches:
  * 0011-Fix-KDC-null-deref-on-bad-encrypted-challenge.patch
libcroco
- Add libcroco-CVE-2020-12825.patch: limit recursion in block and
  any productions (boo#1171685 CVE-2020-12825).
libesmtp
- Add libesmtp-fix-cve-2019-19977.patch: Fix stack-based buffer
  over-read in ntlm/ntlmstruct.c (bsc#1160462 bsc#1189097).
libsolv
- fix misparsing of '&' in attributes with libxml2
- choice rules: treat orphaned packages as newest [bsc#1190465]
- fix compatibility with Python 3.10
- new SOLVER_EXCLUDEFROMWEAK job type
- support for environments in comps parser
- bump version to 0.7.20
- Disable python2 usage on suse_version >= 1550 by default (still
  possible to use osc build --with=python).
libzypp
- Downloader does not respect checkExistsOnly flag (bsc#1190712)
  A missing check causes zyppng::Downloader to always download full
  files even if the checkExistsOnly flag is set. This patch adds
  the missing logic.
- Fix kernel-*-livepatch removal in purge-kernels (bsc#1190815)
  The kernel-*-livepatch packages are supposed to serve as a stable
  handle for the ephemeral kernel livepatch packages. See
  FATE#320268 for details. As part of the kernel live patching
  ecosystem, kernel-*-livepatch packages should not block the
  purge-kernels step.
- version 17.28.5 (22)
- Make sure to keep states alives while transitioning
  (bsc#1190199)
- May set techpreview variables for testing in /etc/zypp/zypp.conf.
  If environment variables are unhandy one may enable the desired
  techpreview in zypp.conf as well:
    [main]
    techpreview.ZYPP_SINGLE_RPMTRANS=1
    techpreview.ZYPP_MEDIANETWORK=1
- version 17.28.4 (22)
- CMake/spec: Add option to force SINGLE_RPMTRANS as default for
  zypper (fixes #340)
- Make sure singleTrans is zypper-only for now.
- Do not double check signatures and keys (bsc#1190059)
- version 17.28.3 (22)
- Workaround Bug 1189788: Don't allow ZYPP_SINGLE_RPMTRANS=1 on a
  not UsrMerged Tumbleweed system.
- version 17.28.2 (22)
- Fix crashes in logging code when shutting down (bsc#1189031)
- version 17.28.1 (22)
- Rephrase vendor conflict message in case 2 packages are
  involved (bsc#1187760)
  This covers the case where not the packages itself would change
  its vendor, but replaces a package from a different vendor.
- Fix solver jobs for PTFs (bsc#1186503)
- spec: switch to pkgconfig(openssl)
- Show key fpr from signature when signature check fails
  (bsc#1187224)
  Rpm by default only shows the short key ID when checking the
  signature of a package fails. This patch reads the signatures
  from the RPM headers and replaces she short IDs with the key
  fingerprints fetched from the signatures.
- Implement alternative single transaction commit strategy.
  This patch adds a experimental commit strategy that runs all
  operations in a single rpm transaction, speeding up the execution
  a lot.
- Use ZYPP_MEDIANETWORK=1 to enable the experimental new media
  backend.
- Implement zchunk download, refactor Downloader backend.
- Fix purge-kernels fails with kernels from Kernel:HEAD
  (bsc#1187738)
  There recently was a change in the kernel package naming scheme
  in regards to rc kernels. Since kernel upstream uses characters
  in the version that are not allowed in rpm versions a "/-rc"/ was
  previously replaced with "/.rc"/ which broke sorting by version, to
  fix this issue it was replaced with "/~rc"/, which unfortunately
  broke the purge-kernels logic. This patch makes sure purge-kernel
  does apply the same conversion.
- version 17.28.0 (22)
lvm2
- vgextend crash when extending VG with missing PV (bsc#1191019)
  + bug-1191019_vgextend-check-missing-device-during-block-size-chec.patch
mozilla-nss
- Removed nss-fips-kdf-self-tests.patch.  This was made
  obsolete by upstream changes. (bmo#1660304)
- Rebase nss-fips-stricter-dh.patch needed due to upstream changes.
- Update nss-fips-constructor-self-tests.patch to fix crashes
  reported by upstream. This was likely affecting WebRTC calls.
- update to NSS 3.68
  * bmo#1713562 - Fix test leak.
  * bmo#1717452 - NSS 3.68 should depend on NSPR 4.32.
  * bmo#1693206 - Implement PKCS8 export of ECDSA keys.
  * bmo#1712883 - DTLS 1.3 draft-43.
  * bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
  * bmo#1713562 - Validate ECH public names.
  * bmo#1717610 - Add function to get seconds from epoch from pkix::Time.
- update to NSS 3.67
  * bmo#1683710 - Add a means to disable ALPN.
  * bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66).
  * bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja.
  * bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c.
  * bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte.
- update to NSS 3.66
  * bmo#1710716 - Remove Expired Sonera Class2 CA from NSS.
  * bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority.
  * bmo#1708307 - Remove Trustis FPS Root CA from NSS.
  * bmo#1707097 - Add Certum Trusted Root CA to NSS.
  * bmo#1707097 - Add Certum EC-384 CA to NSS.
  * bmo#1703942 - Add ANF Secure Server Root CA to NSS.
  * bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS.
  * bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database.
  * bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler.
  * bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h.
  * bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators.
  * bmo#1709291 - Add VerifyCodeSigningCertificateChain.
  * Use GNU tar for the release helper script.
- update to NSS 3.65
  * bmo#1709654 - Update for NetBSD configuration.
  * bmo#1709750 - Disable HPKE test when fuzzing.
  * bmo#1566124 - Optimize AES-GCM for ppc64le.
  * bmo#1699021 - Add AES-256-GCM to HPKE.
  * bmo#1698419 - ECH -10 updates.
  * bmo#1692930 - Update HPKE to final version.
  * bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
  * bmo#1703936 - New coverity/cpp scanner errors.
  * bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
  * bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
  * bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.
- refreshed patches
- Firefox 90.0 requires NSS 3.66
- update to NSS 3.64
  * bmo#1705286 - Properly detect mips64.
  * bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and
    disable_crypto_vsx.
  * bmo#1698320 - replace __builtin_cpu_supports("/vsx"/) with
    ppc_crypto_support() for clang.
  * bmo#1613235 - Add POWER ChaCha20 stream cipher vector
    acceleration.
- update to NSS 3.63.1
  * no upstream release notes for 3.63.1 (yet)
  Fixed in 3.63
  * bmo#1697380 - Make a clang-format run on top of helpful contributions.
  * bmo#1683520 - ECCKiila P384, change syntax of nested structs
    initialization to prevent build isses with GCC 4.8.
  * bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual
    scalar multiplication.
  * bmo#1683520 - ECCKiila P521, change syntax of nested structs
    initialization to prevent build isses with GCC 4.8.
  * bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual
    scalar multiplication.
  * bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683.
  * bmo#1694214 - tstclnt can't enable middlebox compat mode.
  * bmo#1694392 - NSS does not work with PKCS #11 modules not supporting
    profiles.
  * bmo#1685880 - Minor fix to prevent unused variable on early return.
  * bmo#1685880 - Fix for the gcc compiler version 7 to support setenv
    with nss build.
  * bmo#1693217 - Increase nssckbi.h version number for March 2021 batch
    of root CA changes, CA list version 2.48.
  * bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's
    'Chambers of Commerce' and 'Global Chambersign' roots.
  * bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER.
  * bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS.
  * bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS.
  * bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs
    from NSS.
  * bmo#1687822 - Turn off Websites trust bit for the “Staat der
    Nederlanden Root CA - G3” root cert in NSS.
  * bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce
    Root - 2008' and 'Global Chambersign Root - 2008’.
  * bmo#1694291 - Tracing fixes for ECH.
- required for Firefox 88
- update to NSS 3.62
  * bmo#1688374 - Fix parallel build NSS-3.61 with make
  * bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add()
    can corrupt "/cachedCertTable"/
  * bmo#1690583 - Fix CH padding extension size calculation
  * bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail
  * bmo#1690421 - Install packaged libabigail in docker-builds image
  * bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing
  * bmo#1674819 - Fixup a51fae403328, enum type may be signed
  * bmo#1681585 - Add ECH support to selfserv
  * bmo#1681585 - Update ECH to Draft-09
  * bmo#1678398 - Add Export/Import functions for HPKE context
  * bmo#1678398 - Update HPKE to draft-07
- required for Firefox 87
- Add nss-btrfs-sqlite.patch to address bmo#1690232
- update to NSS 3.61
  * required for Firefox 86
  * bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key
    values under certain conditions.
  * bmo#1684300 - Fix default PBE iteration count when NSS is compiled
    with NSS_DISABLE_DBM.
  * bmo#1651411 - Improve constant-timeness in RSA operations.
  * bmo#1677207 - Upgrade Google Test version to latest release.
  * bmo#1654332 - Add aarch64-make target to nss-try.
- update to NSS 3.60.1
  Notable changes in NSS 3.60:
  * TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support
    has been added, replacing the previous ESNI (draft-ietf-tls-esni-01)
    implementation. See bmo#1654332 for more information.
  * December 2020 batch of Root CA changes, builtins library updated
    to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769
    for more information.
- removed obsolete ppc-old-abi-v3.patch
- update to NSS 3.59.1
  * bmo#1679290 - Fix potential deadlock with certain third-party
    PKCS11 modules
- update to NSS 3.59
  Notable changes
  * Exported two existing functions from libnss:
    CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData
  Bugfixes
  * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race
  * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
  * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent
  * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy
  * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed
    root certs when SHA1 signatures are disabled.
  * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to
    solve some test intermittents
  * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in
    our CVE-2020-25648 fix that broke purple-discord
    (boo#1179382)
  * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP
  * bmo#1667989 - Fix gyp linking on Solaris
  * bmo#1668123 - Export CERT_AddCertToListHeadWithData and
    CERT_AddCertToListTailWithData from libnss
  * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
  * bmo#1663091 - Remove unnecessary assertions in the streaming
    ASN.1 decoder that affected decoding certain PKCS8
    private keys when using NSS debug builds
  * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS.
- update to NSS 3.58
  Bugs fixed:
  * bmo#1641480 (CVE-2020-25648)
    Tighten CCS handling for middlebox compatibility mode.
  * bmo#1631890 - Add support for Hybrid Public Key Encryption
    (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello
    (draft-ietf-tls-esni).
  * bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto
    extensions.
  * bmo#1668328 - Handle spaces in the Python path name when using
    gyp on Windows.
  * bmo#1667153 - Add PK11_ImportDataKey for data object import.
  * bmo#1665715 - Pass the embedded SCT list extension (if present)
    to TrustDomain::CheckRevocation instead of the notBefore value.
- install libraries in %{_libdir} (boo#1029961)
- Fix build with RPM 4.16: error: bare words are no longer
  supported, please use "/..."/:  lib64 == lib64.
- update to NSS 3.57
  * The following CA certificates were Added:
    bmo#1663049 - CN=Trustwave Global Certification Authority
    SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8
    bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority
    SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4
    bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority
    SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
  * The following CA certificates were Removed:
    bmo#1651211 - CN=EE Certification Centre Root CA
    SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76
    bmo#1656077 - O=Government Root Certification Authority; C=TW
    SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
  * Trust settings for the following CA certificates were Modified:
    bmo#1653092 - CN=OISTE WISeKey Global Root GA CA
    Websites (server authentication) trust bit removed.
  * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes
- requires NSPR 4.29
- removed obsolete nss-freebl-fix-aarch64.patch (bmo#1659256)
- introduced _constraints due to high memory requirements especially
  for LTO on Tumbleweed
- Add patch to fix build on aarch64 - boo#1176934:
  * nss-freebl-fix-aarch64.patch
- Update nss-fips-approved-crypto-non-ec.patch to match RC2 code
  being moved to deprecated/.
- Remove nss-fix-dh-pkcs-derive-inverted-logic.patch. This was made
  obsolete by upstream changes.
- update to NSS 3.56
  Notable changes
  * bmo#1650702 - Support SHA-1 HW acceleration on ARMv8
  * bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS.
  * bmo#1654142 - Add CPU feature detection for Intel SHA extension.
  * bmo#1648822 - Add stricter validation of DH keys in FIPS mode.
  * bmo#1656986 - Properly detect arm64 during GYP build architecture
    detection.
  * bmo#1652729 - Add build flag to disable RC2 and relocate to
    lib/freebl/deprecated.
  * bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay.
  * bmo#1588941 - Send empty certificate message when scheme selection
    fails.
  * bmo#1652032 - Fix failure to build in Windows arm64 makefile
    cross-compilation.
  * bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent.
  * bmo#1653975 - Fix 3.53 regression by setting "/all"/ as the default
    makefile target.
  * bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert.
  * bmo#1659814 - Fix interop.sh failures with newer tls-interop
    commit and dependencies.
  * bmo#1656519 - NSPR dependency updated to 4.28
- do not hard require mozilla-nss-certs-32bit via baselibs
  (boo#1176206)
- update to NSS 3.55
  Notable changes
  * P384 and P521 elliptic curve implementations are replaced with
    verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
  * PK11_FindCertInSlot is added. With this function, a given slot
    can be queried with a DER-Encoded certificate, providing performance
    and usability improvements over other mechanisms. (bmo#1649633)
  * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)
  Relevant Bugfixes
  * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and
    P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
  * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
  * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
  * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part
    ChaCha20 (which was not functioning correctly) and more strictly
    enforce tag length.
  * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
  * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
  * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
  * bmo#1653202 - Fix initialization bug in blapitest when compiled
    with NSS_DISABLE_DEPRECATED_SEED.
  * bmo#1646594 - Fix AVX2 detection in makefile builds.
  * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot
    for a DER-encoded certificate.
  * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
  * bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
  * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
  * bmo#1649226 - Add Wycheproof ECDSA tests.
  * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
  * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in
    RSA_CheckSignRecover.
  * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the
    signature_algorithms extension.
- update to NSS 3.54
  Notable changes
  * Support for TLS 1.3 external pre-shared keys (bmo#1603042).
  * Use ARM Cryptography Extension for SHA256, when available
    (bmo#1528113)
  * The following CA certificates were Added:
    bmo#1645186 - certSIGN Root CA G2.
    bmo#1645174 - e-Szigno Root CA 2017.
    bmo#1641716 - Microsoft ECC Root Certificate Authority 2017.
    bmo#1641716 - Microsoft RSA Root Certificate Authority 2017.
  * The following CA certificates were Removed:
    bmo#1645199 - AddTrust Class 1 CA Root.
    bmo#1645199 - AddTrust External CA Root.
    bmo#1641718 - LuxTrust Global Root 2.
    bmo#1639987 - Staat der Nederlanden Root CA - G2.
    bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4.
    bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4.
    bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3.
  * A number of certificates had their Email trust bit disabled.
    See bmo#1618402 for a complete list.
  Bugs fixed
  * bmo#1528113 - Use ARM Cryptography Extension for SHA256.
  * bmo#1603042 - Add TLS 1.3 external PSK support.
  * bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows.
  * bmo#1645186 - Add "/certSIGN Root CA G2"/ root certificate.
  * bmo#1645174 - Add Microsec's "/e-Szigno Root CA 2017"/ root certificate.
  * bmo#1641716 - Add Microsoft's non-EV root certificates.
  * bmo1621151 - Disable email trust bit for "/O=Government
    Root Certification Authority; C=TW"/ root.
  * bmo#1645199 - Remove AddTrust root certificates.
  * bmo#1641718 - Remove "/LuxTrust Global Root 2"/ root certificate.
  * bmo#1639987 - Remove "/Staat der Nederlanden Root CA - G2"/ root
    certificate.
  * bmo#1618402 - Remove Symantec root certificates and disable email trust
    bit.
  * bmo#1640516 - NSS 3.54 should depend on NSPR 4.26.
  * bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c.
  * bmo#1642153 - Fix infinite recursion building NSS.
  * bmo#1642638 - Fix fuzzing assertion crash.
  * bmo#1642871 - Enable SSL_SendSessionTicket after resumption.
  * bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs.
  * bmo#1643557 - Fix numerous compile warnings in NSS.
  * bmo#1644774 - SSL gtests to use ClearServerCache when resetting
    self-encrypt keys.
  * bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c.
  * bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding.
ncurses
- Add patch bsc1190793-63ca9e06.patch to fix bsc#1190793 for
  CVE-2021-39537: ncurses: heap-based buffer overflow in
  _nc_captoinfo in captoinfo.c
netcfg
- add submissions port number [bsc#1189683]
- modified patches
  % services-suse.diff
openssl-1_1
- Other OpenSSL functions that print ASN.1 data have been found to assume that
  the ASN1_STRING byte array will be NUL terminated, even though this is not
  guaranteed for strings that have been directly constructed. Where an application
  requests an ASN.1 structure to be printed, and where that ASN.1 structure
  contains ASN1_STRINGs that have been directly constructed by the application
  without NUL terminating the "/data"/ field, then a read buffer overrun can occur.
  * CVE-2021-3712 continued
  * bsc#1189521
  * Add CVE-2021-3712-other-ASN1_STRING-issues.patch
  * Sourced from openssl-CVE-2021-3712.tar.bz2 posted on bsc-1189521
    2021-08-24 00:47 PDT by Marcus Meissner
- A bug in the implementation of the SM2 decryption code means that the
  calculation of the buffer size required to hold the plaintext returned by the
  first call to EVP_PKEY_decrypt() can be smaller than the actual size required by
  the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is
  called by the application a second time with a buffer that is too small.
  * CVE-2021-3711
  * bsc#1189520
  * Add:
    CVE-2021-3711-1-Correctly-calculate-the-length-of-SM2-plaintext-give.patch
    CVE-2021-3711-2-Extend-tests-for-SM2-decryption.patch
    CVE-2021-3711-3-Check-the-plaintext-buffer-is-large-enough-when-decr.patch
- The function X509_aux_print() has a bug which may cause a read buffer overrun
  when printing certificate details. A malicious actor could construct a
  certificate to deliberately hit this bug, which may result in a crash of the
  application (causing a Denial of Service attack).
  * CVE-2021-3712
  * bsc#1189521
  * Add CVE-2021-3712-Fix-read-buffer-overrun-in-X509_aux_print.patch
pam
- Added tmpfiles for pam to set up directory for pam_faillock.
  [pam.conf]
- Corrected macros.pam entry for %_pam_moduledir
  Cleanup in pam.spec:
  * Replaced all references to ${_lib}/security in pam.spec by
  %{_pam_moduledir}
  * Removed definition of (unused) "/amdir"/.
- Added new file macros.pam on request of systemd.
  [bsc#1190052, macros.pam]
- Added pam_faillock to the set of modules.
  [jsc#sle-20638, pam-sle20638-add-pam_faillock.patch]
pcre2
- Added 0001-Fixed-atomic-group-backtracking-bug.patch
  * bsc#1187937
  * PHP 7.6.4 on s390x returns different results for preg_match
    function as compared to older PHP versions and x86
  * Sourced from upstream subversion commit:
    $ svn log -r965 svn://vcs.pcre.org/pcre2/code/trunk
python-pyasn1

      
python-pycparser

      
python-pytz
- Add %pyunittest shim for platforms where it is missing.
- Remove real directory of %{python_sitelib}/pytz/zoneinfo when
  upgrading, before it is replaced by a symlink (bsc#1185748).
- %check: use %pyunittest rpm macro
- Bump tzdata_version
- update to 2021.1:
  * update to IANA 2021a timezone release
- update to 2020.5:
  * update to IANA 2020e timezone release
- update to 2020.4:
  * update to IANA 2020d timezone release
- specfile:
  * be more specific in %files section
  * README.txt -> README.rst
- update to version 2020.1:
  * Test against Python 3.8 and Python 3.9
  * Bump version numbers to 2020.1/2020a
  * Base class for all errors
  * Add flake8 settings
  * IANA 2020a
  * Fix remaining references to README.txt
  * Update README.md
  * Use .rst extension for reStructuredText
  * typo
  * highlight codes
  * use .rst extension name
  * Tidelift links
  * Add links for security reports
  * Update LICENSE.txt
  * Create FUNDING.yml
  * Make FixedOffset part of public API
- Update to 2019.3
  * IANA 2019c
- Add versioned dependency on timezone database to ensure the
  correct data is installed
- Remove system_zoneinfo.patch, and instead add a symlink to the
  system timezone database
- Replace unnecessary pytest, adding a missing __init__.py in the
  tests to allow the test suite to work on Python 2.7 without pytest
- update to 2019.2
  * IANA 2019b
  * Defer generating case-insensitive lookups
python-urllib3
- Add %dir declaration for %{_licensedir}
- Add CVE-2021-33503.patch (bsc#1187045, CVE-2021-33503)
  * Improve performance of sub-authority splitting in URL
- Update in SLE-15 (bsc#1182422, jsc#ECO-3352, jsc#PM-2485)
- Enable python2 builds
- Re-add file permissions in %file section
- Undo python2/3 split in %install section
- Skip test for RECENT_DATE. It is a test purely for developers.
  To maintain reproducibility, keep upstreams possibly outdated
  RECENT_DATE in the source code.
- Add CI variable, which makes timeouts in the test suite longer
  (gh#urllib3/urllib3#2109, bsc#1176389) and
  test_timeout_errors_cause_retries should not fail.
- Generate pyc for ssl_match_hostname too
- update to 1.25.10:
  * Added support for ``SSLKEYLOGFILE`` environment variable for
    logging TLS session keys with use with programs like
    Wireshark for decrypting captured web traffic (Pull #1867)
  * Fixed loading of SecureTransport libraries on macOS Big Sur
    due to the new dynamic linker cache (Pull #1905)
  * Collapse chunked request bodies data and framing into one
  call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull #1906)
  * Don't insert ``None`` into ``ConnectionPool`` if the pool
    was empty when requesting a connection (Pull #1866)
  * Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull #1858)
- update to 1.25.9 (bsc#1177120, CVE-2020-26137):
  * Added ``InvalidProxyConfigurationWarning`` which is raised when
    erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently
    support connecting to HTTPS proxies but will soon be able to
    and we would like users to migrate properly without much breakage.
  * Drain connection after ``PoolManager`` redirect (Pull #1817)
  * Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull #1812)
  * Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull #1805)
  * Allow the CA certificate data to be passed as a string (Pull #1804)
  * Raise ``ValueError`` if method contains control characters (Pull #1800)
  * Add ``__repr__`` to ``Timeout`` (Pull #1795)
- Explicitly switch off building python 2 version.
- update to 1.25.8
  * Drop support for EOL Python 3.4
  * Optimize _encode_invalid_chars
  * Preserve chunked parameter on retries
  * Allow unset SERVER_SOFTWARE in App Engine
  * Fix issue where URL fragment was sent within the request target.
  * Fix issue where an empty query section in a URL would fail to parse.
  * Remove TLS 1.3 support in SecureTransport due to Apple removing support.
- Require a new enough release of python-six. 1.25.6 needs at least
  1.12.0 for ensure_text() and friends.
- Updae to 1.25.6:
  * Fix issue where tilde (~) characters were incorrectly percent-encoded in the path. (Pull #1692)
- Restrict the tornado dep from tom to 5 or older release as the
  6.x changed the API
- Update to 1.25.5:
  * Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which caused certificate verification to be enabled when using cert_reqs=CERT_NONE. (Issue #1682)
  * Propagate Retry-After header settings to subsequent retries. (Pull #1607)
  * Fix edge case where Retry-After header was still respected even when explicitly opted out of. (Pull #1607)
  * Remove dependency on rfc3986 for URL parsing.
  * Fix issue where URLs containing invalid characters within Url.auth would raise an exception instead of percent-encoding those characters.
  * Add support for HTTPResponse.auto_close = False which makes HTTP responses work well with BufferedReaders and other io module features. (Pull #1652)
  * Percent-encode invalid characters in URL for HTTPConnectionPool.request() (Pull #1673)
- Drop patch urllib3-ssl-default-context.patch
- Drop patch python-urllib3-recent-date.patch the date is recent
  enough on its own
- Use have/skip_python2/3 macros to allow building only one flavour
- Use old pytest 3.x as newer do not work with this release
  * this will be fixed with next release, just spread among
    numerous fixes in the git for quick backporting
- Fixup pre script: the migration issue happens when changing from
  python-urllib3 to python2-urllib3: the number of installed
  instances of python2-urlliib3 is at this moment 1, unlike in
  regular updates. This is due to a name change, which consists not
  of a pure package update.
- Provides/Obsoletes does not fix the issue: we have a
  directory-to-symlink switch, which cannot be handled by RPM
  internally. Assist using pre script (boo#1138715).
- Fix Upgrade from Leap 42.1/42.2 by adding Obsoletes/Provides:
  python-urllib3, fixes boo#1138746
- Add more test to skip as with new openssl some behaviour changed
  and we can't rely on them anymore
- Unbundle the six, rfc3986, and backports.ssl_match_hostname
- Add missing dependency on python-six (bsc#1150895)
- Update to 1.25.3:
  * Change HTTPSConnection to load system CA certificates when ca_certs, ca_cert_dir, and ssl_context are unspecified. (Pull #1608, Issue #1603)
  * Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605)
- Update to 1.25.2:
  * Change is_ipaddress to not detect IPvFuture addresses. (Pull #1583)
  * Change parse_url to percent-encode invalid characters within the path, query, and target components. (Pull #1586)
  * Add support for Google's Brotli package. (Pull #1572, Pull #1579)
  * Upgrade bundled rfc3986 to v1.3.1 (Pull #1578)
- Require all the deps from the secure list rather than Recommend.
  This makes the check to be run always and ensure the urls are
  "/secure"/.
- Remove ndg-httpsclient as it is not needed since 2015
- Add missing dependency on brotlipy
- Fix the tests to pass again
- update to 1.25 (bsc#1132663, bsc#1129071, CVE-2019-9740, CVE-2019-11236):
  * Require and validate certificates by default when using HTTPS
  * Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant.
  * Added support for ``key_password`` for ``HTTPSConnectionPool`` to use
    encrypted ``key_file`` without creating your own ``SSLContext`` object.
  * Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext``
    implementations. (Pull #1496)
  * Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft.
  * Fixed issue where OpenSSL would block if an encrypted client private key was
    given and no password was given. Instead an ``SSLError`` is raised.
  * Added support for Brotli content encoding. It is enabled automatically if
  ``brotlipy`` package is installed which can be requested with
  ``urllib3[brotli]`` extra.
  * Drop ciphers using DSS key exchange from default TLS cipher suites.
    Improve default ciphers when using SecureTransport.
  * Implemented a more efficient ``HTTPResponse.__iter__()`` method.
- Drop urllib3-test-ssl-drop-sslv3.patch . No longer needed
- Update to 1.24.2 (bsc#1132900, CVE-2019-11324):
  - Implemented a more efficient HTTPResponse.__iter__() method.
    (Issue #1483)
  - Upgraded urllib3.utils.parse_url() to be RFC 3986 compliant.
    (Pull #1487)
  - Remove Authorization header regardless of case when
    redirecting to cross-site. (Issue #1510)
  - Added support for key_password for HTTPSConnectionPool to use
    encrypted key_file without creating your own SSLContext
    object. (Pull #1489)
  - Fixed issue where OpenSSL would block if an encrypted client
    private key was given and no password was given. Instead an
    SSLError is raised. (Pull #1489)
  - Require and validate certificates by default when using HTTPS
    (Pull #1507)
  - Added support for Brotli content encoding. It is enabled
    automatically if brotlipy package is installed which can be
    requested with urllib3[brotli] extra. (Pull #1532)
  - Add TLSv1.3 support to CPython, pyOpenSSL, and
    SecureTransport SSLContext implementations. (Pull #1496)
  - Drop ciphers using DSS key exchange from default TLS cipher
    suites. Improve default ciphers when using SecureTransport.
    (Pull #1496)
  - Add support for IPv6 addresses in subjectAltName section of
    certificates. (Issue #1269)
  - Switched the default multipart header encoder from RFC 2231
    to HTML 5 working draft. (Issue #303, PR #1492)
- Update to 1.24.1:
  * Remove quadratic behavior within GzipDecoder.decompress()
    (Issue #1467)
  * Restored functionality of ciphers parameter for
    create_urllib3_context(). (Issue #1462)
runc
- Update to runc v1.0.2. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.2
  * Fixed a failure to set CPU quota period in some cases on cgroup v1.
  * Fixed the inability to start a container with the "/adding seccomp filter
    rule for syscall ..."/ error, caused by redundant seccomp rules (i.e. those
    that has action equal to the default one). Such redundant rules are now
    skipped.
  * Made release builds reproducible from now on.
  * Fixed a rare debug log race in runc init, which can result in occasional
    harmful "/failed to decode ..."/ errors from runc run or exec.
  * Fixed the check in cgroup v1 systemd manager if a container needs to be
    frozen before Set, and add a setting to skip such freeze unconditionally.
    The previous fix for that issue, done in runc 1.0.1, was not working.
- Update to runc v1.0.1. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.1
  * Fixed occasional runc exec/run failure ("/interrupted system call"/) on an
    Azure volume.
  * Fixed "/unable to find groups ... token too long"/ error with /etc/group
    containing lines longer than 64K characters.
  * cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is
    frozen. This is a regression in 1.0.0, not affecting runc itself but some
    of libcontainer users (e.g Kubernetes).
  * cgroupv2: bpf: Ignore inaccessible existing programs in case of
    permission error when handling replacement of existing bpf cgroup
    programs. This fixes a regression in 1.0.0, where some SELinux
    policies would block runc from being able to run entirely.
  * cgroup/systemd/v2: don't freeze cgroup on Set.
  * cgroup/systemd/v1: avoid unnecessary freeze on Set.
- Remove upstreamed patches:
  + boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch
- Backport <https://github.com/opencontainers/runc/pull/3055> to fix issues
  with runc under openSUSE MicroOS's SELinux policy. boo#1187704
  + boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch
- Update to runc v1.0.0. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0
  ! The usage of relative paths for mountpoints will now produce a warning
    (such configurations are outside of the spec, and in future runc will
    produce an error when given such configurations).
  * cgroupv2: devices: rework the filter generation to produce consistent
    results with cgroupv1, and always clobber any existing eBPF
    program(s) to fix runc update and avoid leaking eBPF programs
    (resulting in errors when managing containers).
  * cgroupv2: correctly convert "/number of IOs"/ statistics in a
    cgroupv1-compatible way.
  * cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
  * cgroupv2: wait for freeze to finish before returning from the freezing
    code, optimize the method for checking whether a cgroup is frozen.
  * cgroups/systemd: fixed "/retry on dbus disconnect"/ logic introduced in rc94
  * cgroups/systemd: fixed returning "/unit already exists"/ error from a systemd
    cgroup manager (regression in rc94)
  + cgroupv2: support SkipDevices with systemd driver
  + cgroup/systemd: return, not ignore, stop unit error from Destroy
  + Make "/runc --version"/ output sane even when built with go get or
    otherwise outside of our build scripts.
  + cgroups: set SkipDevices during runc update (so we don't modify
    cgroups at all during runc update).
  + cgroup1: blkio: support BFQ weights.
  + cgroupv2: set per-device io weights if BFQ IO scheduler is available.
- Update to runc v1.0.0~rc95. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95
  This release of runc contains a fix for CVE-2021-30465, and users are
  strongly recommended to update (especially if you are providing
  semi-limited access to spawn containers to untrusted users). bsc#1185405
- Update to runc v1.0.0~rc94. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94
  Breaking Changes:
  * cgroupv1: kernel memory limits are now always ignored, as kmemcg has
    been effectively deprecated by the kernel. Users should make use of regular
    memory cgroup controls.
  Regression Fixes:
  * seccomp: fix 32-bit compilation errors
  * runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
  * runc start: fix "/chdir to cwd: permission denied"/ for some setups
- Remove upstreamed patches:
  - 0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch
    syscalls unusable for glibc.
samba
- Add msDS-AdditionalDnsHostName to the keytab; (bso#14396);
  (bsc#1185420);
- Add net-ads-join dnshostname option; (bso#14396); (bsc#1185420);
- Fix adding msDS-AdditionalDnsHostName to keytab with Windows DC;
  (bso#14406); (bsc#1185420);
sudo
- Update to 1.8.27
  - jsc#SLE-17083
  - Rebased the following patches:
    sudo-1.8.22-CVE-2019-18634.patch
    sudo-1.8.22-fix_listpw.patch
    sudo-1.8.22-pam_xauth.patch
    sudo-CVE-2019-14287.patch
    sudo-CVE-2021-23239.patch
    sudo-CVE-2021-23240.patch
    sudo-CVE-2021-3156.patch
    sudo-fix-bsc-1180687.patch
    sudo-sudoers.patch
  - Deleted sudoers2ldif-env.patch
  - Added from SLE-12-SP5:
  * sudo-1.8.27-ipa_hostname.patch
  * sudo-1.8.27-ldap-respect-SUDOERS_TIMED.patch
  - Major changes between version 1.8.27 and 1.8.26:
  * Fixes and clarifications to the sudo plugin documentation.
  * The sudo manuals no longer require extensive post-processing to hide
    system-specific features. Conditionals in the roff source are now used
    instead. This fixes corruption of the sudo manual on systems without BSD
    login classes. Bug #861.
  * If an I/O logging plugin is configured but the plugin does not actually
    log any I/O, sudo will no longer force the command to be run in a pseudo-tty.
  * In visudo, it is now possible to specify the path to sudoers without
    using the -f option. Bug #864.
  * Fixed a bug introduced in sudo 1.8.22 where the utmp (or utmpx) file
    would not be updated when a command was run in a pseudo-tty. Bug #865.
  * Sudo now sets the silent flag when opening the PAM session except when
    running a shell via sudo -s or sudo -i. This prevents the pam_lastlog
    module from printing the last login information for each sudo command.
    Bug #867.
  - Major changes between version 1.8.26 and 1.8.25p1:
  * Fixed a bug in cvtsudoers when converting to JSON format when alias
    expansion is enabled. Bug #853.
  * Sudo no long sets the USERNAME environment variable when running
    commands. This is a non-standard environment variable that was set on
    some older Linux systems.
  * Sudo now treats the LOGNAME and USER environment variables (as well as
    the LOGIN variable on AIX) as a single unit. If one is preserved or removed
    from the environment using env_keep, env_check or env_delete, so is the
    other.
  * Added support for OpenLDAP's TLS_REQCERT setting in ldap.conf.
  * Sudo now logs when the command was suspended and resumed in the I/O logs.
    This information is used by sudoreplay to skip the time suspended when
    replaying the session unless the new -S flag is used.
  * Fixed documentation problems found by the igor utility. Bug #854.
  * Sudo now prints a warning message when there is an error or end of file
    while reading the password instead of exiting silently.
  * Fixed a bug in the sudoers LDAP back-end parsing the command_timeout,
    role, type, privs and limitprivs sudoOptions. This also affected cvtsudoers
    conversion from LDIF to sudoers or JSON.
  * Fixed a bug that prevented timeout settings in sudoers from functioning
    unless a timeout was also specified on the command line.
  * Asturian translation for sudo from translationproject.org.
  * When generating LDIF output, cvtsudoers can now be configured to pad the
    sudoOrder increment such that the start order is used as a prefix. Bug #856.
  * If the user specifies a group via sudo's -g option that matches any of
    the target user's groups, it is now allowed even if no groups are present
    in the Runas_Spec. Previously, it was only allowed if it matched the target
    user's primary group.
  * The sudoers LDAP back-end now supports negated sudoRunAsUser and
    sudoRunAsGroup entries.
  * Sudo now provides a proper error message when the "/fqdn"/ sudoers option
    is set and it is unable to resolve the local host name. Bug #859.
  * Portuguese translation for sudo and sudoers from translationproject.org.
  * Sudo now includes sudoers LDAP schema for the on-line configuration
    supported by OpenLDAP.
  - Major changes between version 1.8.25p1 and 1.8.25:
  * Fixed a bug introduced in sudo 1.8.25 that caused a crash on systems that
    have the poll() function but not the ppoll() function. Bug #851.
  - Major changes between version 1.8.25 and 1.8.24:
  * Fixed a bug introduced in sudo 1.8.20 that broke formatting of I/O log
    timing file entries on systems without a C99-compatible snprintf()
    function. Our replacement snprintf() doesn't support floating point so we
    can't use the %f format directive.
  * I/O log timing file entries now use a monotonic timer and include
    nanosecond precision. A monotonic timer that does not increment while the
    system is sleeping is used where available.
  * When sudo runs a command in a pseudo-tty, the slave device is now closed
    in the main process immediately after starting the monitor process. This
    removes the need for an AIX-specific workaround that was added in sudo 1.8.24.
  * Fixed a bug displaying timeout values the "/sudo -V"/ output. The value
    displayed was 3600 times the actual value. Bug #846.
  * The testsudoers utility now supports querying an LDIF-format policy.
  * Fixed a regression introduced in sudo 1.8.24 where the LDAP and SSSD
    backends evaluated the rules in reverse sudoOrder. Bug #849.
  - Major changes between version 1.8.24 and 1.8.23:
  * The LDAP and SSS back-ends now use the same rule evaluation code as the
    sudoers file backend. This builds on the work in sudo 1.8.23 where the
    formatting functions for sudo -l output were shared. The handling of
    negated commands in SSS and LDAP is unchanged.
  * Fixed a regression introduced in 1.8.23 where sudo -i could not be used
    in conjunction with --preserve-env=VARIABLE. Bug #835.
  * cvtsudoers can now parse base64-encoded attributes in LDIF files.
  * Random insults are now more random.
  * Added SUDO_CONV_PREFER_TTY flag for conversation function to tell sudo to
    try writing to /dev/tty first. Can be used in conjunction with SUDO_CONV_
    INFO_MSG and SUDO_CONV_ERROR_MSG.
  * Fixed typos in the OpenLDAP sudo schema. Bugs #839 and #840. Bug #839 and
    bug #840.
  * Fixed a race condition when building with parallel make. Bug #842.
  * Fixed a duplicate free when netgroup_base in ldap.conf is set to an
    invalid value.
  * On systems using PAM, sudo now ignores the PAM_NEW_AUTHTOK_REQD and
    PAM_AUTHTOK_EXPIRED errors from PAM account management if authentication is
    disabled for the user. This fixes a regression introduced in sudo 1.8.23.
    Bug #843.
  * Fixed an ambiguity in the sudoers manual in the description and
    definition of User, Runas, Host, and Cmnd Aliases. Bug #834.
  * Fixed a bug that resulted in only the first window size change event
    being logged.
  * Fixed a compilation problem on systems that define O_PATH or O_SEARCH in
    fnctl.h but do not define O_DIRECTORY. Bug #844.
  - Major changes between version 1.8.23 and 1.8.22:
  * PAM account management modules and BSD auth approval modules are now run
    even when no password is required.
  * For kernel-based time stamps, if no terminal is present, fall back to
    parent-pid style time stamps.
  * The new cvtsudoers utility replaces both the sudoers2ldif script and the
    visudo -x functionality. It can read a file in either sudoers or LDIF
    format and produce JSON, LDIF or sudoers output. It is also possible to
    filter the generated output file by user, group or host name.
  * The file, ldap and sss sudoers backends now share a common set of
    formatting functions for "/sudo -l"/ output, which is also used by the
    cvtsudoers utility.
  * The /run directory is now used in preference to /var/run if it exists.
    Bug #822.
  * More accurate descriptions of the --with-rundir and --with-vardir
    configure options. Bug #823.
  * The setpassent() and setgroupent() functions are now used on systems that
    support them to keep the passwd and group database open. Sudo performs a
    lot of passwd and group lookups so it can be beneficial to avoid opening
    and closing the files each time.
  * The new case_insensitive_user and case_insensitive_group sudoers options
    can be used to control whether sudo does case-sensitive matching of users
    and groups in sudoers. Case insensitive matching is now the default.
  * Fixed a bug on some systems where sudo could hang on command exit when
    I/O logging was enabled. Bug #826.
  * Fixed a problem with the process start time test in make check when run
    in a Linux container. The test now uses the "/btime"/ field in /proc/stat to
    get the system start time instead of using /proc/uptime, which is the
    container uptime. Bug #829.
  * When determining which temporary directory to use, sudoedit now checks
    the directory for writability before using it. Previously, sudoedit only
    performed an existence check. Bug #827.
  * Sudo now includes an optional set of Monty Python-inspired insults.
  * Chinese (Taiwan) translation for sudo from translationproject.org.
- Add sudo-1.8.27-ipa_hostname.patch to fix special handling of
  ipa_hostname that was lost in sudo 1.8.24.
  We now include the long and short hostname in sudo parser container
  [bsc#1181371]
- Restore sudo ldap behavior to ignore expire dates when SUDOERS_TIMED
  option is not set in /etc/ldap.conf
  * [bsc#1176473]
  * Added sudo-1.8.27-ldap-respect-SUDOERS_TIMED.patch
    From: https://www.sudo.ws/repos/sudo/rev/d1e1bb5a6cc1
supportutils
- Changes to version 3.1.17
  + Adding ethtool options g l m to network.txt (jsc#SLE-18240)
- Changes to version 3.1.16
  + lsof options to improve performance (bsc#1186687)
- Fixes to supportconfig
  + Exclude rhn.conf from etc.txt (bsc#1186347)
- analyzevmcore supports local directories (bsc#1186397)
- getappcore checks for valid compression binary (bsc#1185991)
- getappcore does not trigger errors with help message (bsc#1185993)
suse-module-tools
- Update to version 15.2.13:
  * Import kernel scriptlets from kernel-source
    (bsc#1189841, bsc#1190598)
  * Provide "/suse-kernel-rpm-scriptlets"/
- Update to version 15.2.12:
  * modprobe.d: Remove dma=none setting for parport_pc
    (bsc#1177695)
sysconfig
- Link as Position Independent Executable (bsc#1184124).
systemd
- Import commit dc982a577e6d3eea8832083f470e48f6fbf227cc
  ddc6c90310 basic/unit-name: adjust comments
  390bc4e04f basic/unit-name: do not use strdupa() on a path (bsc#1188063 CVE-2021-33910)
  b83b235cac unit-name: generate a clear error code when converting an overly long fs path to a unit name
  4fd60931a5 unit-name: tighten checks for building valid unit names
  513c103faf manager: reexecute on SIGRTMIN+25, user instances only
  ff761f71a9 logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018)
  b236f23d9d units: make fsck/grows/makefs/makeswap units conflict against shutdown.target
- Dropped 1001-unit-name-tighten-checks-for-building-valid-unit-nam.patch
  Dropped 1002-unit-name-generate-a-clear-error-code-when-convertin.patch
  Dropped 1003-basic-unit-name-do-not-use-strdupa-on-a-path.patch
  Dropped 1004-basic-unit-name-adjust-comments.patch
  These patches have been merged in branch SUSE/v234.
- Update 60-io-scheduler.rules (jsc#SLE-21032, bsc#1134353)
  * rules weren't applied to dm devices (multipath), fix it
    (bsc#1188713)
  * ignore obsolete "/elevator"/ kernel parameter (bsc#1184994, bsc#1190234)
    ("/elevator"/ did falsely overide settings even for blk-mq, fixed).
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480)
- Avoid the error message when udev is updated due to udev being
  already active when the sockets are started again (bsc#1188291)
- Allow the systemd sysusers config files to be overriden during
  system installation (bsc#1171962).
- While at it, add a comment to explain why we don't use
  %sysusers_create in %pre and why it should be safe in %post.
timezone
- Install tzdata.zi (bsc#1188127)
xen
- bsc#1189632 - VUL-0: CVE-2021-28701: xen: Another race in
  XENMAPSPACE_grant_table handling (XSA-384)
  xsa384.patch
- Upstream bug fixes (bsc#1027519)
  5e5001ee-x86-p2m-PoD-accounting-in-gpae.patch (Replaces xsa378-0a.patch)
  5e86fa2a-x86-p2m_remove_page-retval.patch (Replaces xsa378-0b.patch)
  5e86fa57-x86-p2m-remove-MFN-check.patch (Replaces xsa378-0c.patch)
  61001231-x86-work-around-GNU-ld-2-37-issue.patch
  611a7e38-x86-CET-shstk-WARN-manipulation.patch
  611cba4e-VT-d-Tylersburg-errata-more-steppings.patch
  6128a856-gnttab-radix-tree-node-init.patch
  611f844b-AMD-IOMMU-dont-leave-pt-mapped.patch
  61122ac6-credit2-avoid-spuriously-picking-idle.patch (Replaces
    credit2-avoid-picking-a-spurious-idle-unit-when-caps-are-used.patch)
  6126339d-AMD-IOMMU-global-ER-extending.patch (Replaces xsa378-1.patch)
  6126344f-AMD-IOMMU-unity-map-handling.patch (Replaces xsa378-2.patch)
  61263464-IOMMU-pass-access-to-p2m_get_iommu_flags.patch (Replaces xsa378-3.patch)
  6126347d-IOMMU-generalize-VT-d-mapped-RMRR-tracking.patch (Replaces xsa378-4.patch)
  6126349a-AMD-IOMMU-rearrange-reassignment.patch (Replaces xsa378-5.patch)
  612634ae-AMD-IOMMU-rearrange-ER-UM-recording.patch (Replaces xsa378-6.patch)
  612634c3-x86-p2m-introduce-p2m_is_special.patch (Replaces xsa378-7.patch)
  612634dc-x86-p2m-guard-identity-mappings.patch (Replaces xsa378-8.patch)
  612634f4-x86-mm-widen-locked-region-in-xatp1.patch (Replaces xsa379.patch)
  6126350a-gnttab-release-mappings-preemption.patch (Replaces xsa380-1.patch
  6126351f-gnttab-replace-mapkind.patch (Replaces xsa380-2.patch)
  6126353d-gnttab-get-status-frames-array-capacity.patch (Replaces xsa382.patch)
  61263553-Arm-restrict-maxmem-for-dom0less.patch (Replaces xsa383.patch)
- bsc#1189882 - refresh libxc.sr.superpage.patch
  prevent superpage allocation in the LAPIC and ACPI_INFO range
- bsc#1189373 - VUL-0: CVE-2021-28694,CVE-2021-28695,
  CVE-2021-28696: xen: IOMMU page mapping issues on x86 (XSA-378)
  xsa378-0a.patch
  xsa378-0b.patch
  xsa378-0c.patch
  xsa378-1.patch
  xsa378-2.patch
  xsa378-3.patch
  xsa378-4.patch
  xsa378-5.patch
  xsa378-6.patch
  xsa378-7.patch
  xsa378-8.patch
- bsc#1189376 - VUL-0: CVE-2021-28697: xen: grant table v2 status
  pages may remain accessible after de-allocation. (XSA-379)
  xsa379.patch
- bsc#1189378 - VUL-0: CVE-2021-28698: xen: long running loops in
  grant table handling. (XSA-380)
  xsa380-1.patch
  xsa380-2.patch
- bsc#1189380 - VUL-0: CVE-2021-28699: xen: inadequate grant-v2
  status frames array bounds check. (XSA-382)
  xsa382.patch
- bsc#1189381 - VUL-0: CVE-2021-28700: xen: xen/arm: No memory
  limit for dom0less domUs. (XSA-383)
  xsa383.patch
- bsc#1188050 - L3: Xen guest yval1a80 SLES11SP4 hangs on cluster
  See also bsc#1179246.
  credit2-avoid-picking-a-spurious-idle-unit-when-caps-are-used.patch
- Drop aarch64-maybe-uninitialized.patch as the fix is in tarball.
- bsc#1176189 - xl monitoring process exits during xl save -p|-c
  keep the monitoring process running to cleanup the domU during shutdown
  xl-save-pc.patch
- bsc#1179246 - Dom0 hangs when pinning CPUs for dom0 with HVM guest
  60be0e24-credit2-pick-runnable-unit.patch
  60be0e42-credit2-per-entity-load-tracking-when-continuing.patch
- Upstream bug fixes (bsc#1027519)
  60be3097-x86-CPUID-fix-HLE-and-RTM-handling-again.patch
  60bf9e19-Arm-create-dom0less-domUs-earlier.patch (Replaces xsa372-1.patch)
  60bf9e1a-Arm-boot-modules-scrubbing.patch (Replaces xsa372-2.patch)
  60bf9e1b-VT-d-size-qinval-queue-dynamically.patch (Replaces xsa373-1.patch)
  60bf9e1c-AMD-IOMMU-size-command-buffer-dynamically.patch (Replaces xsa373-2.patch)
  60bf9e1d-VT-d-eliminate-flush-related-timeouts.patch (Replaces xsa373-2.patch)
  60bf9e1e-x86-spec-ctrl-protect-against-SCSB.patch (Replaces xsa375.patch)
  60bf9e1f-x86-spec-ctrl-mitigate-TAA-after-S3.patch (Replaces xsa377.patch)
  60bfa904-AMD-IOMMU-wait-for-command-slot.patch (Replaces xsa373-4.patch)
  60bfa906-AMD-IOMMU-drop-command-completion-timeout.patch (Replaces xsa373-5.patch)
  60c8a7ac-x86-vpt-fully-init-timers-before-enlisting.patch
  60d49689-VT-d-undo-device-mappings-upon-error.patch
  60d496b9-VT-d-adjust-domid-map-updating-on-unmap.patch
  60d496d6-VT-d-clear_fault_bits-should-clear-all.patch
  60d496ee-VT-d-dont-lose-errors-on-multi-IOMMU-flush.patch
  60d5c6df-IOMMU-PCI-dont-let-domain-cleanup-continue.patch
- bsc#1183243 - L3: Core cannot be opened when using xl dump-core
  of VM with PTF
  60ba695e-tools-libs-ctrl-fix-xc_core_arch_map_p2m-to-support.patch
- Update logrotate.conf, move global options into per-file sections
  to prevent globbering of global state (bsc#1187406)
- Fix shell macro expansion in xen.spec, so that ExecStart=
  in xendomains-wait-disks.service is created correctly (bsc#1183877)
- bsc#1186428 - VUL-0: CVE-2021-28693: xen: xen/arm: Boot modules
  are not scrubbed (XSA-372)
  xsa372-1.patch
  xsa372-2.patch
- bsc#1186429 - VUL-0: CVE-2021-28692: xen: inappropriate x86 IOMMU
  timeout detection / handling (XSA-373)
  xsa373-1.patch
  xsa373-2.patch
  xsa373-3.patch
  xsa373-4.patch
  xsa373-5.patch
- bsc#1186433 - VUL-0: CVE-2021-0089: xen: Speculative Code Store
  Bypass (XSA-375)
  xsa375.patch
- bsc#1186434 - VUL-0: CVE-2021-28690: xen: x86: TSX Async Abort
  protections not restored after S3 (XSA-377)
  xsa377.patch
- bsc#1180491 - "/Panic on CPU 0: IO-APIC + timer doesn't work!"/
  6011bbc7-x86-timer-fix-boot-without-PIT.patch
- Upstream bug fixes (bsc#1027519)
  60631c38-VT-d-QI-restore-flush-hooks.patch
  60700077-x86-vpt-avoid-pt_migrate-rwlock.patch
  60787714-x86-HPET-avoid-legacy-replacement-mode.patch
  60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch
  608676f2-VT-d-register-based-invalidation-optional.patch
  60a27288-x86emul-gas-2-36-test-harness-build.patch
  60afe616-x86-CPUID-rework-HLE-and-RTM-handling.patch
- Drop gcc10-fixes.patch
- Add xen.sysconfig-fillup.patch to make sure xencommons is in a
  format as expected by fillup. (bsc#1185682)
  Each comment needs to be followed by an enabled key. Otherwise
  fillup will remove manually enabled key=value pairs, along with
  everything that looks like a stale comment, during next pkg update
- Refresh xenstore-launch.patch to cover also daemon case
- Update to Xen 4.13.3 bug fix release (bsc#1027519)
  xen-4.13.3-testing-src.tar.bz2
- Drop patches contained in new tarball
  5faa974f-evtchn-rework-per-channel-lock.patch
  5faa978b-evtchn-revert-52e1fc47abc3a0123.patch
  5faac497-xen-arm-Always-trap-AMU-system-registers.patch
  5fbcdf2e-evtchn-FIFO-access-last.patch
  5fbcdf99-x86-DMI-fix-SMBIOS-pointer-check.patch
  5fbd042b-memory-off-by-one-in-XSA-346.patch
  5fc4ee23-evtchn-FIFO-queue-locking.patch
  5fd8aebb-x86-replace-reset_stack_and_jump_nolp.patch
  5fd8aee5-x86-fold-guest_idle_loop.patch
  5fd8aef3-x86-avoid-calling-do_resume.patch
  5fd8af4b-evtchn-FIFO-add-2nd-smp_rmb.patch
  5fd8b02d-evtchn-FIFO-reorder-and-synchronize.patch
  5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch
  5ff71655-x86-dpci-EOI-regardless-of-masking.patch
  5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch
  600999ad-x86-dpci-do-not-remove-pirqs-from.patch
  600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch
  6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch
  6013e546-x86-HVM-reorder-domain-init-error-path.patch
  601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch
  602bd768-page_alloc-only-flush-after-scrubbing.patch
  602cfe3d-IOMMU-check-if-initialized-before-teardown.patch
  602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch
  602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch
  6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch
  60410127-gcc11-adjust-rijndaelEncrypt.patch
  60422428-x86-shadow-avoid-fast-fault-path.patch
  xen-4.13.2-testing-src.tar.bz2
  xsa115-1.patch
  xsa115-10.patch
  xsa115-2.patch
  xsa115-3.patch
  xsa115-4.patch
  xsa115-5.patch
  xsa115-6.patch
  xsa115-7.patch
  xsa115-8.patch
  xsa115-9.patch
  xsa322.patch
  xsa324.patch
  xsa325.patch
  xsa351-1.patch
  xsa351-2.patch
  xsa368.patch
- bsc#1137251 - Restore changes for xen-dom0-modules.service which
  were silently removed on 2019-10-17
- bsc#1183072 - VUL-0: CVE-2021-28687: xen: HVM soft-reset crashes
  toolstack (XSA-368). Also resolves,
  bsc#1179148 - kdump of HVM fails, soft-reset not handled by libxl
  bsc#1181989 - openQA job causes libvirtd to dump core when
  running kdump inside domain
xfsprogs
- xfs_bmap: remove -c from manpage (bsc#1189552)
- xfs_bmap: don't reject -e (bsc#1189552)
  * Add xfsprogs-xfs_bmap-remove-c-from-manpage.patch
  * Add xfsprogs-xfs_bmap-don-t-reject-e.patch
- xfs_repair: check plausibility of root dir pointer before trashing it
  (bsc#1188651)
  * Add xfsprogs-xfs_repair-refactor-fixed-inode-location-checks.patch
  * Add xfsprogs-xfs_repair-check-plausibility-of-root-dir-pointer-be.patch
- xfsprogs: split libhandle1 into a separate package, since nothing
  within xfsprogs dynamically links against it. The shared library
  is still required by xfsdump as a runtime dependency.
- mkfs.xfs: fix ASSERT on too-small device with stripe geometry
  (bsc#1181536)
  * Add xfsprogs-mkfs.xfs-fix-ASSERT-on-too-small-device-with-stripe-.patch
- mkfs.xfs: if either sunit or swidth is nonzero, the other must be as
  well (bsc#1085917, bsc#1181535)
  * Add xfsprogs-mkfs.xfs-if-either-sunit-or-swidth-is-nonzero-the-ot.patch
- xfs_growfs: refactor geometry reporting (bsc#1181306)
  * Add xfsprogs-xfs_growfs-refactor-geometry-reporting.patch
- xfs_growfs: allow mounted device node as argument (bsc#1181299)
  * Add xfsprogs-libfrog-fs_table_lookup_mount-should-realpath-the-ar.patch
  * Add xfsprogs-xfs_fsr-refactor-mountpoint-finding-to-use-libfrog-p.patch
  * Add xfsprogs-xfs_growfs-allow-mounted-device-node-as-argument.patch
- xfs_repair: rebuild directory when non-root leafn blocks claim block 0
  (bsc#1181309)
  * Add xfsprogs-xfs_repair-rebuild-directory-when-non-root-leafn-blo.patch
zypper
- Avoid calling 'su' to detect a too restrictive sudo user umask
  (bsc#1186602)
- Fix typo in German translation (fixes #395)
- BuildRequires:  libzypp-devel >= 17.28.3.
- version 1.14.49
- Support new reports for singletrans rpm commit.
- BuildRequires:  libzypp-devel >= 17.27.1.
  For lock/query comments.
- Prompt: choose exact match if prompt options are not prefix
  free (bsc#1188156)
- Install summary: Show new and removed packages closer to the
  prompt (fixes #403)
  These packages are usually more interesting than the updated
  ones. In case of doubt less scrolling is needed to see them.
- Add need reboot/restart hint to XML install summary
  (bsc#1188435)
- Add comment option for lock command (fixes #388).
- version 1.14.48
- Quick fix obs:// platform guessing for Leap (bsc#1187425)
- man: point out more clearly that patches update affected
  packages to the latest version (bsc#1187466)
- version 1.14.47