containerd
- Add patch for CVE-2022-23648. bsc#1196441
  + CVE-2022-23648.patch
cyrus-sasl
- CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store
  in plugins/sql.c (bsc#1196036)
  o add upstream patch:
    0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
expat
- Security fixes:
  * (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows
    attackers to insert namespace-separator characters into
    namespace URIs
  - Added expat-CVE-2022-25236.patch
  * (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before
    2.4.5 does not check whether a UTF-8 character is valid in a
    certain context.
  - Added expat-CVE-2022-25235.patch
  * (CVE-2022-25313, bsc#1196168) Stack exhaustion in
    build_model() via uncontrolled recursion
  - Added expat-CVE-2022-25313.patch
  - The fix upstream introduced a regression that was later
    amended in 2.4.6 version
    + Added expat-CVE-2022-25313-fix-regression.patch
  * (CVE-2022-25314, bsc#1196169) Integer overflow in copyString
  - Added expat-CVE-2022-25314.patch
  * (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames
  - Added expat-CVE-2022-25315.patch
gnutls
- Security fix: [bsc#1196167, CVE-2021-4209]
  * Null pointer dereference in MD_UPDATE
  * Add gnutls-CVE-2021-4209.patch
kernel-default
- Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403)
  Deleted:
  patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch
- commit 0c68bb9
- Update patch reference for iov security fix (CVE-2022-0847 bsc#1196584)
- commit 1dafeb6
- arm64: Use the clearbhb instruction in mitigations (bsc#1191580
  CVE-2022-0001 CVE-2022-0002).
- arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1191580
  CVE-2022-0001 CVE-2022-0002).
- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered
  and migrated (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit b546cd9
- arm64: Mitigate spectre style branch history side channels
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- Update config files.
- commit d035616
- KVM: arm64: Add templates for BHB mitigation sequences
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- Refresh
  patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch.
- commit 8c9b0c2
- arm64: Add Cortex-X2 CPU part definition (bsc#1191580
  CVE-2022-0001 CVE-2022-0002).
- commit c3c4a06
- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: Add part number for Arm Cortex-A77 (bsc#1191580
  CVE-2022-0001 CVE-2022-0002).
- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part
  of Spectre-v2 (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: Add percpu vectors for EL1 (bsc#1191580 CVE-2022-0001
  CVE-2022-0002).
- arm64: entry: Add macro for reading symbol addresses from the
  trampoline (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Add vectors that have the bhb mitigation sequences
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Add non-kpti __bp_harden_el1_vectors for
  mitigations (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Allow the trampoline text to occupy multiple pages
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Make the kpti trampoline's kpti sequence optional
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Move trampoline macros out of ifdef'd section
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Don't assume tramp_vectors is the start of the
  vectors (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Allow tramp_alias to access symbols after the
  4K boundary (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Move the trampoline data page before the text page
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Free up another register on kpti's tramp_exit path
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Make the trampoline cleanup optional (bsc#1191580
  CVE-2022-0001 CVE-2022-0002).
- arm64: entry.S: Add ventry overflow sanity checks (bsc#1191580
  CVE-2022-0001 CVE-2022-0002).
- commit 284cd49
- lib/iov_iter: initialize "/flags"/ in new pipe_buffer
  (bsc#1196584).
- commit 4f3bbf5
- x86/speculation: Use generic retpoline by default on AMD
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit bed48b1
- ibmvnic: Allow queueing resets during probe (bsc#1196516
  ltc#196391).
- ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391).
- ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391).
- ibmvnic: register netdev after init of adapter (bsc#1196516
  ltc#196391).
- ibmvnic: complete init_done on transport events (bsc#1196516
  ltc#196391).
- ibmvnic: define flush_reset_queue helper (bsc#1196516
  ltc#196391).
- ibmvnic: initialize rc before completing wait (bsc#1196516
  ltc#196391).
- ibmvnic: free reset-work-item when flushing (bsc#1196516
  ltc#196391).
- commit 1cc99d0
- tracing: Have traceon and traceoff trigger honor the instance
  (git-fixes).
- commit 92ab7ec
- tracing: Dump stacktrace trigger to the corresponding instance
  (git-fixes).
- commit a3c85e9
- nvme: also mark passthrough-only namespaces ready in
  nvme_update_ns_info (git-fixes).
- nvme: don't return an error from nvme_configure_metadata
  (git-fixes).
- nvme: let namespace probing continue for unsupported features
  (git-fixes).
- commit a5b2a87
- blk-mq: avoid to iterate over stale request (bsc#1193787).
- blk-mq: fix is_flush_rq (bsc#1193787 git-fixes).
- blk-mq: fix kernel panic during iterating over flush request
  (bsc#1193787 git-fixes).
- blk-mq: don't grab rq's refcount in blk_mq_check_expired()
  (bsc#1193787 git-fixes).
- blk-mq: always allow reserved allocation in hctx_may_queue
  (bsc#1193787).
- commit cc53802
- drm/i915: Fix bw atomic check when switching between SAGV
  vs. no SAGV (git-fixes).
- commit 209cee8
- drm/i915: Correctly populate use_sagv_wm for all pipes
  (git-fixes).
- commit 5d7b5fe
- kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972
  LTC#194674).
- KVM: remember position in kvm->vcpus array (bsc#1190972
  LTC#194674).
- commit 81f3dbb
- s390/cpumf: Support for CPU Measurement Sampling Facility LS
  bit (bsc#1195081 LTC#196088).
- s390/cpumf: Support for CPU Measurement Facility CSVN 7
  (bsc#1195081 LTC#196088).
- commit 0ce3482
- s390/cio: verify the driver availability for path_event call
  (bsc#1195928 LTC#196418).
- commit 4741f1a
- scsi: zfcp: Fix failed recovery on gone remote port with
  non-NPIV FCP devices (bsc#1195378 LTC#196244).
- commit 6fb3d19
- s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233
  LTC#195540).
- commit 79f1350
- s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967
  LTC#196028).
- commit 512e596
- s390/cio: make ccw_device_dma_* more robust (bsc#1193243
  LTC#195549).
- commit 6f84bff
- block: do not send a rezise udev event for hidden block device
  (bsc#1193096).
- commit c3addda
- s390/bpf: Fix optimizing out zero-extensions (git-fixes).
- commit 542287e
- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
  (git-fixes).
- commit 774f927
- ibmvnic: schedule failover only if vioctl fails (bsc#1196400
  ltc#195815).
- commit 7099d61
- ext4: prevent partial update of the extent blocks (bsc#1194163
  bsc#1196339).
- commit 9b7f6a6
- ext4: check for inconsistent extents between index and leaf
  block (bsc#1194163 bsc#1196339).
- commit 8a25180
- ext4: check for out-of-order index extents in
  ext4_valid_extent_entries() (bsc#1194163 bsc#1196339).
- commit b72afd9
- i2c: brcmstb: fix support for DSL and CM variants (git-fixes).
- mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status
  (git-fixes).
- mtd: rawnand: gpmi: don't leak PM reference in error path
  (git-fixes).
- mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe()
  (git-fixes).
- ASoC: Revert "/ASoC: mediatek: Check for error clk pointer"/
  (git-fixes).
- ASoC: ops: Fix stereo change notifications in
  snd_soc_put_volsw_range() (git-fixes).
- ASoC: ops: Fix stereo change notifications in
  snd_soc_put_volsw() (git-fixes).
- ALSA: hda: Fix missing codec probe on Shenker Dock 15
  (git-fixes).
- ALSA: hda: Fix regression on forced probe mask option
  (git-fixes).
- drm/radeon: Fix backlight control on iMac 12,1 (git-fixes).
- HID:Add support for UGTABLET WP5540 (git-fixes).
- ata: libata-core: Disable TRIM on M88V29 (git-fixes).
- drm/rockchip: dw_hdmi: Do not leave clock enabled in error case
  (git-fixes).
- net: macb: Align the dma and coherent dma masks (git-fixes).
- net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).
- drm/amdgpu: fix logic inversion in check (git-fixes).
- ax25: improve the incomplete fix to avoid UAF and NPD bugs
  (git-fixes).
- commit ea7f847
- blk-tag: Hide spin_lock (bsc#1193787).
- commit 78741a7
- blk-mq: clearing flush request reference in tags->rqs
  (bsc#1193787).
- blk-mq: clear stale request in tags->rq before freeing one
  request pool (bsc#1193787).
- blk-mq: grab rq->refcount before calling ->fn in
  blk_mq_tagset_busy_iter (bsc#1193787).
- block: avoid double io accounting for flush request
  (bsc#1193787).
- block: mark flush request as IDLE when it is really finished
  (bsc#1193787).
- blk-mq: mark flush request as IDLE in flush_end_io()
  (bsc#1193787).
- commit 2d33352
- btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195).
- commit 445785b
- btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195).
- commit 436acc9
- btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195).
- commit a9ec6c0
- btrfs: don't include the global rsv size in the preemptive used amount (bsc#1196195).
- commit ace9b16
- btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195).
- commit 4beb0b0
- btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195).
- Refresh patches.suse/btrfs-reduce-the-preemptive-flushing-threshold-to-90.patch.
- commit 41c6188
- btrfs: only clamp the first time we have to start flushing (bsc#1196195).
- commit b25996b
- btrfs: check worker before need_preemptive_reclaim (bsc#1196195).
- commit f36b423
- btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195).
- commit ef6e83a
- x86/speculation: Include unprivileged eBPF status in Spectre v2
  mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit d42fa20
- Documentation/hw-vuln: Update spectre doc (bsc#1191580
  CVE-2022-0001 CVE-2022-0002).
- commit a48cfcc
- x86/speculation: Add eIBRS + Retpoline options (bsc#1191580
  CVE-2022-0001 CVE-2022-0002).
- commit 1a20a7e
- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit 80f47a3
- x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit 1f9dd65
- kABI: Fix kABI for AMD IOMMU driver (git-fixes).
- commit 718c631
- blacklist.conf: Add 2cbc61a1b166 iommu/dma: Account for min_align_mask w/swiotlb
- commit 142c6ac
- iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
  (git-fixes).
- iommu/vt-d: Fix potential memory leak in
  intel_setup_irq_remapping() (git-fixes).
- iommu/iova: Fix race between FQ timeout and teardown
  (git-fixes).
- iommu/io-pgtable-arm: Fix table descriptor paddr formatting
  (git-fixes).
- iommu/amd: Remove useless irq affinity notifier (git-fixes).
- iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume
  (git-fixes).
- iommu/amd: X2apic mode: setup the INTX registers on mask/unmask
  (git-fixes).
- iommu/amd: X2apic mode: re-enable after resume (git-fixes).
- iommu/amd: Restore GA log/tail pointer on host resume
  (git-fixes).
- iommu/io-pgtable-arm-v7s: Add error handle for page table
  allocation failure (git-fixes).
- commit 50e60e3
- Update patch reference for USB gadget fix (CVE-2022-25375 bsc#1196235)
- commit b7dc18b
- net/ibmvnic: Cleanup workaround doing an EOI after partition
  migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes).
- commit 0dfd4da
- drm/i915/opregion: check port number bounds for SWSCI display
  power state (git-fixes).
- drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes).
- drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes).
- iwlwifi: fix use-after-free (git-fixes).
- iwlwifi: pcie: gen2: fix locking when "/HW not ready"/
  (git-fixes).
- iwlwifi: pcie: fix locking when "/HW not ready"/ (git-fixes).
- libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes).
- USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes).
- USB: serial: cp210x: add NCR Retail IO box id (git-fixes).
- USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
  (git-fixes).
- USB: serial: option: add ZTE MF286D modem (git-fixes).
- USB: serial: ch341: add support for GW Instek USB2.0-Serial
  devices (git-fixes).
- usb: gadget: rndis: check size of RNDIS_MSG_SET command
  (git-fixes).
- usb: gadget: f_uac2: Define specific wTerminalType (git-fixes).
- ACPI/IORT: Check node revision for PMCG resources (git-fixes).
- net: phy: marvell: Fix RGMII Tx/Rx delays setting in
  88e1121-compatible PHYs (git-fixes).
- net: phy: marvell: Fix MDI-x polarity setting in
  88e1118-compatible PHYs (git-fixes).
- usb: dwc2: gadget: don't try to disable ep0 in
  dwc2_hsotg_suspend (git-fixes).
- PM: hibernate: Remove register_nosave_region_late() (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the 1Netbook
  OneXPlayer (git-fixes).
- net: phy: marvell: configure RGMII delays for 88E1118
  (git-fixes).
- commit cc7a24c
- NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957).
- commit 9af94a7
- Drop PCI xgene patch that caused a regression for mxl4 (bsc#1195352)
  Delete patches.suse/PCI-xgene-Fix-IB-window-setup.patch
  Also update blacklist
- commit 4f68062
- gve: Recording rx queue before sending to napi (bsc#1191655).
- gve: Add consumed counts to ethtool stats (bsc#1191655).
- gve: Implement suspend/resume/shutdown (bsc#1191655).
- gve: Add optional metadata descriptor type GVE_TXD_MTD
  (bsc#1191655).
- gve: remove memory barrier around seqno (bsc#1191655).
- gve: Update gve_free_queue_page_list signature (bsc#1191655).
- gve: Move the irq db indexes out of the ntfy block struct
  (bsc#1191655).
- gve: Correct order of processing device options (bsc#1191655).
- gve: fix for null pointer dereference (bsc#1191655).
- gve: fix unmatched u64_stats_update_end() (bsc#1191655).
- gve: Fix off by one in gve_tx_timeout() (bsc#1191655).
- gve: Add a jumbo-frame device option (bsc#1191655).
- gve: Implement packet continuation for RX (bsc#1191655).
- gve: Add RX context (bsc#1191655).
- gve: Recover from queue stall due to missed IRQ (bsc#1191655).
- gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655).
- commit 4a8e1e2
- scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL
  (bsc#1195506).
- commit c74c330
- scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506).
- commit 8ef8f22
- md/raid5: fix oops during stripe resizing (bsc#1181588).
- commit bcd3697
- powerpc/pseries: read the lpar name from the firmware
  (bsc#1187716 ltc#193451).
- commit 181541b
- Refresh patches.suse/rpadlpar_io-Add-MODULE_DESCRIPTION-entries-to-kernel.patch
- commit c964381
- powerpc: add link stack flush mitigation status in debugfs
  (bsc#1157038 bsc#1157923 ltc#182612 git-fixes).
- powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038
  bsc#1157923 ltc#182612 git-fixes).
- commit 5862a79
- powerpc: Set crashkernel offset to mid of RMA region
  (bsc#1190812).
- powerpc/64: Move paca allocation later in boot (bsc#1190812).
- commit 11e3668
- nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts()
  (bsc#1195012).
- commit 4d29ac4
- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
- commit 73dbd5c
- scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from
  scsi_qla_host_t (bsc#1195823).
- scsi: qla2xxx: Add qla2x00_async_done() for async routines
  (bsc#1195823).
- scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823).
- scsi: qla2xxx: Check for firmware dump already collected
  (bsc#1195823).
- scsi: qla2xxx: Add devids and conditionals for 28xx
  (bsc#1195823).
- scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
  (bsc#1195823).
- scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for
  28XX adapters (bsc#1195823).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1195823).
- scsi: qla2xxx: Fix warning for missing error code (bsc#1195823).
- scsi: qla2xxx: Fix device reconnect in loop topology
  (bsc#1195823).
- scsi: qla2xxx: Add ql2xnvme_queues module param to configure
  number of NVMe queues (bsc#1195823).
- scsi: qla2xxx: Fix wrong FDMI data for 64G adapter
  (bsc#1195823).
- scsi: qla2xxx: Add retry for exec firmware (bsc#1195823).
- scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823).
- scsi: qla2xxx: Fix premature hw access after PCI error
  (bsc#1195823).
- scsi: qla2xxx: Fix warning message due to adisc being flushed
  (bsc#1195823).
- scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823).
- scsi: qla2xxx: Implement ref count for SRB (bsc#1195823).
- scsi: qla2xxx: Refactor asynchronous command initialization
  (bsc#1195823).
- scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823).
- scsi: qla2xxx: edif: Fix inconsistent check of db_flags
  (bsc#1195823).
- scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823).
- scsi: qla2xxx: edif: Tweak trace message (bsc#1195823).
- scsi: qla2xxx: edif: Replace list_for_each_safe with
  list_for_each_entry_safe (bsc#1195823).
- scsi: qla2xxx: Remove a declaration (bsc#1195823).
- scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823).
- scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823).
- commit c358f38
- ice: fix IPIP and SIT TSO offload (git-fixes).
- ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878).
- net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE
  (bsc#1176447).
- nfp: flower: fix ida_idx not being released (bsc#1154353).
- bonding: pair enable_port with slave_arr_updates (git-fixes).
- ixgbevf: Require large buffers for build_skb on 82599VF
  (git-fixes).
- RDMA/cma: Use correct address when leaving multicast group
  (bsc#1181147).
- IB/cma: Do not send IGMP leaves for sendonly Multicast groups
  (git-fixes).
- commit 679175c
- USB: serial: mos7840: remove duplicated 0xac24 device ID
  (git-fixes).
- commit 546d043
- tracing: Don't inc err_log entry count if entry allocation fails
  (git-fixes).
- commit 5c45742
- tracing: Propagate is_signed to expression (git-fixes).
- commit a834cba
- blacklist.conf: b59f2f2b865c ("/tracing: Fix smatch warning for do while check in event_hist_trigger_parse()"/)
  Cosmetic only.
- commit f0fcec9
- tracing: Fix smatch warning for null glob in
  event_hist_trigger_parse() (git-fixes).
- commit 329e4ac
- powerpc/pseries/ddw: Revert "/Extend upper limit for huge DMA
  window for persistent memory"/ (bsc#1195995 ltc#196394).
- commit 877b9c1
- misc: fastrpc: avoid double fput() on failed usercopy
  (git-fixes).
- staging: fbtft: Fix error path in fbtft_driver_module_init()
  (git-fixes).
- usb: dwc3: gadget: Prevent core from processing stale TRBs
  (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE
  transition (git-fixes).
- usb: ulpi: Call of_node_put correctly (git-fixes).
- usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).
- usb: f_fs: Fix use-after-free for epfile (git-fixes).
- PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes).
- drm/rockchip: vop: Correct RK3399 VOP register fields
  (git-fixes).
- drm/panel: simple: Assign data from panel_dpi_probe() correctly
  (git-fixes).
- drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd
  (git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
  (git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
  (git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
  (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus
  Xtreme after reboot from Windows (git-fixes).
- ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus
  Master (newer chipset) (git-fixes).
- ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte
  X570 ALC1220 quirks (git-fixes).
- staging/fbtft: Fix backlight (git-fixes).
- commit 033cee4
- usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes).
- commit 7b9eed7
- blacklist.conf: misattributed upstream
- commit f62cf37
- usb: gadget: s3c: remove unused 'udc' variable (git-fixes).
- commit a103972
- tipc: improve size validations for received domain records
  (bsc#1195254, CVE-2022-0435).
- commit 48911da
- scsi: target: iscsi: Fix cmd abort fabric stop race
  (bsc#1195286).
- commit 52d26b6
- kabi: Hide changes to s390/AP structures (jsc#SLE-20807).
- commit 3d90f3c
- nfsd: don't admin-revoke NSv4.0 state ids (bsc#1192483).
- nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow lock state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow open state ids to be revoked and then freed (bsc#1192483).
- nfsd: prepare for supporting admin-revocation of state (bsc#1192483).
- commit c0baca0
- EDAC/xgene: Fix deferred probing (bsc#1178134).
- commit 9308a14
- s390/protvirt: fix error return code in uv_info_init()
  (jsc#SLE-22135).
- commit 7f8b088
- s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807).
- commit 004f3c6
- KVM: s390: Return error on SIDA memop on normal guest
  (bsc#1195516 CVE-2022-0516).
- commit d46602b
- ceph: set pool_ns in new inode layout for async creates
  (bsc#1195799).
- ceph: properly put ceph_string reference after async create
  attempt (bsc#1195798).
- commit 8f44ef0
- btrfs: make sure SB_I_VERSION doesn't get unset by remount (bsc#1192210).
- commit 9acc804
- s390/uv: fix prot virt host indication compilation
  (jsc#SLE-22135).
- s390/uv: add prot virt guest/host indication files
  (jsc#SLE-22135).
- commit f479d35
- ibmvnic: don't release napi in __ibmvnic_open() (bsc#1195668
  ltc#195811).
- commit 902d854
- btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
- commit ccd41ed
- cgroup-v1: Require capabilities to set release_agent
  (bsc#1195543 CVE-2022-0492).
- commit 413d689
- RDMA/ucma: Protect mc during concurrent multicast leaves
  (bsc#1181147).
- IB/hfi1: Fix AIP early init panic (jsc#SLE-13208).
- net/mlx5e: Fix handling of wrong devices during bond netevent
  (jsc#SLE-15172).
- gve: fix the wrong AdminQ buffer queue index check
  (bsc#1176940).
- gve: Fix GFP flags when allocing pages (git-fixes).
- i40e: fix unsigned stat widths (git-fixes).
- i40e: Fix for failed to init adminq while VF reset (git-fixes).
- i40e: Fix queues reservation for XDP (git-fixes).
- i40e: Fix issue when maximum queues is exceeded (git-fixes).
- i40e: Increase delay to 1 s after global EMP reset (git-fixes).
- commit 6aa87c4
- Update patch reference for HD-audio fix (bsc#1183872)
- commit 1e16eaa
- usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe()
  (git-fixes).
- commit 2492c7d
- mmc: sdhci-of-esdhc: Check for error num after setting mask
  (git-fixes).
- ima: Do not print policy rule with inactive LSM labels
  (git-fixes).
- ima: Allow template selection with ima_template[_fmt]= after
  ima_hash= (git-fixes).
- ima: Remove ima_policy file before directory (git-fixes).
- integrity: check the return value of audit_log_start()
  (git-fixes).
- integrity: double check iint_cache was initialized (git-fixes).
- integrity: Make function integrity_add_key() static (git-fixes).
- commit a8bf0cb
- RDMA/core: Always release restrack object (git-fixes)
- commit a4c74f1
- RDMA/siw: Release xarray entry (git-fixes)
- commit cfa201c
- RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes)
- commit 06f1504
- blacklist.conf: blacklist a672b2e36a64 bpf: Fix ringbuf memory type confusion when passing to helpers
- commit 2bfec1b
- bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD)
  (git-fixes).
- bpf: Adjust BTF log size limit (git-fixes).
- commit 5e3ed1a
- s390/sclp: fix Secure-IPL facility detection (bsc#1191741
  LTC#194816).
- commit 5aa085e
- usb: dwc3: don't set gadget->is_otg flag (git-fixes).
- commit 5b20187
- scsi: qla2xxx: Add marginal path handling support (bsc#1195506).
- scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506).
- scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506).
- scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506).
- scsi: core: No retries on abort success (bsc#1195506).
- scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506).
- scsi: core: Add limitless cmd retry support (bsc#1195506).
- commit af99987
- Align s390 NVME target options with other architectures
  (bsc#1188404, jsc#SLE-22494).
  CONFIG_NVME_TARGET=m
  CONFIG_NVME_TARGET_PASSTHRU=y
  CONFIG_NVME_TARGET_LOOP=m
  CONFIG_NVME_TARGET_RDMA=m
  CONFIG_NVME_TARGET_FC=m
  CONFIG_NVME_TARGET_FCLOOP=m
  CONFIG_NVME_TARGET_TCP=m
- commit 5b2b9f6
libseccomp
- check if we have NR_openat2, avoid using its definition when not
  (bsc#1196825)
  Added seccomp-openat2.patch
- buildrequire python-rpm-macros
- reenable python bindings at least for the distro default python3
  package:
  - adds make-python-build.patch
- Update to release 2.5.3
  * Update the syscall table for Linux v5.15
  * Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2
  * Document that seccomp_rule_add() may return -EACCES
- Skip 11-basic-basic_errors test on qemu linux-user emulation
- Update to release 2.5.2
  * Update the syscall table for Linux v5.14-rc7
  * Add a function, get_notify_fd(), to the Python bindings to
    get the nofication file descriptor.
  * Consolidate multiplexed syscall handling for all
    architectures into one location.
  * Add multiplexed syscall support to PPC and MIPS
  * The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within
    the kernel. libseccomp's fd notification logic was modified
    to support the kernel's previous and new usage of
    SECCOMP_IOCTL_NOTIF_ID_VALID.
- update to 2.5.1:
  * Fix a bug where seccomp_load() could only be called once
  * Change the notification fd handling to only request a notification fd if
  * the filter has a _NOTIFY action
  * Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage
  * Clarify the maintainers' GPG keys
- remove testsuite-riscv64-missing-syscalls.patch
- Do not rely on gperf: pass GPERF=/bin/true to configure and
  remove gperf BuildRequires. The syscalls.perf file it would
  generate is part of the tarball already.
- testsuite-riscv64-missing-syscalls.patch: Fix testsuite failure on
  riscv64
- Ignore failure of tests/52-basic-load on qemu linux-user emulation
- Update to release 2.5.0
  * Add support for the seccomp user notifications, see the
    seccomp_notify_alloc(3), seccomp_notify_receive(3),
    seccomp_notify_respond(3) manpages for more information
  * Add support for new filter optimization approaches, including a balanced
    tree optimization, see the SCMP_FLTATR_CTL_OPTIMIZE filter attribute for
    more information
  * Add support for the 64-bit RISC-V architecture
  * Performance improvements when adding new rules to a filter thanks to the
    use of internal shadow transactions and improved syscall lookup tables
  * Properly document the libseccomp API return values and include them in the
    stable API promise
  * Improvements to the s390 and s390x multiplexed syscall handling
  * Multiple fixes and improvements to the libseccomp manpages
  * Moved from manually maintained syscall tables to an automatically generated
    syscall table in CSV format
  * Update the syscall tables to Linux v5.8.0-rc5
  * Python bindings and build now default to Python 3.x
  * Improvements to the tests have boosted code coverage to over 93%
- libseccomp.keyring: replaced by Paul Moore <pmoore@redhat.com> key.
- Update to release 2.4.3
  * Add list of authorized release signatures to README.md
  * Fix multiplexing issue with s390/s390x shm* syscalls
  * Remove the static flag from libseccomp tools compilation
  * Add define for __SNR_ppoll
  * Fix potential memory leak identified by clang in the
    scmp_bpf_sim tool
- Drop no-static.diff, libseccomp-fix_aarch64-test.patch,
  SNR_ppoll.patch (merged)
- Add patch to fix ntpsec and others build (accidental drop of symbols):
  * SNR_ppoll.patch
- Tests are passing on all architectures
- Backport patch to fix test on aarch64:
  * libseccomp-fix_aarch64-test.patch
- Update to release 2.4.2
  * Add support for io-uring related system calls
libzypp
- Fix handling of redirected command in-/output (bsc#1195326)
  This fixes delays at the end of zypper operations, where
  zypper unintentionally waits for appdata plugin scripts to
  complete.
- version 17.29.4 (22)
openldap2
- jsc#PM-3288 - restore CLDAP functionality in CLI tools
pciutils
- Add pciutils-Add-PCIe-5.0-data-rate-32-GT-s-support.patch
  Add pciutils-Add-PCIe-6.0-data-rate-64-GT-s-support.patch
  (bsc#1192862)
rsyslog
- add service dependencies for remote logging (bsc#1194669)
- update config example in remote.conf to match upstream documentation
shadow
- The legacy code does not support /etc/login.defs.d used by YaST.
  Enable libeconf to read it (bsc#1192954).
sudo
- Add support in the LDAP filter for negated users, patch taken
  from upstream (jsc#20068)
  * Adds sudo-feature-negated-LDAP-users.patch
- Restrict use of sudo -U other -l to people who have permission
  to run commands as that user (bsc#1181703, jsc#SLE-22569)
  * feature-upstream-restrict-sudo-U-other-l.patch
supportutils-plugin-suse-public-cloud
- Update to version 1.0.6 (bsc#1195095, bsc#1195096)
  + Include cloud-init logs whenever they are present
  + Update the packages we track in AWS, Azure, and Google
  + Include the ecs logs for AWS ECS instances
suse-build-key
- extended expiry of SUSE PTF key, move it to suse_ptf_key_old.asc
- added new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494)
- extended expiry of SUSE SLES11 key (bsc#1194845)
- added SUSE Contaner signing key in PEM format for use e.g. by cosign.
- SUSE security key replaced with 2022 edition (E-Mail usage only). (bsc#1196495)
tcpdump
- Security fix: [bsc#1195825, CVE-2018-16301]
  * Fix segfault when handling large files
  * Add tcpdump-CVE-2018-16301.patch
update-alternatives
- break bash <-> update-alternatives cycle by coolo's rewrite
  of %post in lua [bsc#1195654]
util-linux
- Fix unauthorized umount (CVE-2021-3995, CVE-2021-3996,
  bsc#1194976,
  util-linux-libmount-check-fuse-umount-CVE-2021-3995.patch,
  util-linux-libmount-fix-deleted-suffix-CVE-2021-3996.patch).
- blockdev: Remove NBSP character in values (bsc#1188507#c31,
  blockdev-remove-nbsp.patch).
- The legacy code does not support /etc/login.defs.d used by YaST.
  Enable libeconf to read it (bsc#1192954).
- blockdev: allow for larger values for start sector (bsc#1188507)
  blockdev-allow-for-larger-values-for-start-sector.patch
util-linux-systemd
- Fix unauthorized umount (CVE-2021-3995, CVE-2021-3996,
  bsc#1194976,
  util-linux-libmount-check-fuse-umount-CVE-2021-3995.patch,
  util-linux-libmount-fix-deleted-suffix-CVE-2021-3996.patch).
- blockdev: Remove NBSP character in values (bsc#1188507#c31,
  blockdev-remove-nbsp.patch).
- The legacy code does not support /etc/login.defs.d used by YaST.
  Enable libeconf to read it (bsc#1192954).
- blockdev: allow for larger values for start sector (bsc#1188507)
  blockdev-allow-for-larger-values-for-start-sector.patch
vim
- Minimal fix for Bug 1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim:
  Heap-based Buffer Overflow in vim prior to 8.2.
  / vim-8.0.1568-CVE-2022-0413.patch
- Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in
  normal.c / vim-8.0.1568-CVE-2021-3796.patch
- Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in
  win_redr_status() drawscreen.c / vim-8.0.1568-CVE-2021-3872.patch
- Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to
  Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-3927.patch
- Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to
  Stack-based Buffer Overflow / vim-8.0.1568-CVE-2021-3928.patch
- Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to
  Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-4019.patch
- Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting
  could lead to Heap Buffer Overflow / vim-8.0.1568-CVE-2021-3984.patch
- Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c
  / vim-8.0.1568-CVE-2021-3778.patch
- Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read
  / vim-8.0.1568-CVE-2021-4193.patch
- Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability
  exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which
  causes a denial of service. / vim-8.0.1568-CVE-2021-46059.patch
- Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim
  prior to 8.2. / vim-8.0.1568-CVE-2022-0319.patch
- Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7()
  / vim-8.0.1568-CVE-2022-0351.patch
- Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim
  prior to 8.2. / vim-8.0.1568-CVE-2022-0361.patch
- Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c
  / vim-8.0.1568-CVE-2022-0413.patch