SUSEConnect
- Update to 0.3.36
- Allow suseconnect-keepalive.service to recognize a configured proxy. (bsc#1200994)
- Remove the `WantedBy` statement from suseconnect-keepalive.service since it's only to be triggered by a systemd timer.
- SUSEConnect will now ensure that the `PROXY_ENABLED` environment variable is honored.
- Write services with ssl_verify=no when using connect with insecure
- Update to 0.3.35
- Rely on system-wide defaults for enabling the keepalive timer by systemd-presets-branding-SLE. (bsc#1200641)
aaa_base
- Add patch git-46-78b2a0b29381c16bec6b2a8fc7eabaa9925782d7.patch
  * The wrapper rootsh is not a restricted shell (bsc#1199492)
avahi
- Add avahi-bsc1163683.patch: do not cache responses generated
  locally (bsc#1163683).
bind
- Security Fix:
  * An UPDATE message flood could cause named to exhaust all
    available memory. This flaw was addressed by adding a new
    update-quota option that controls the maximum number of
    outstanding DNS UPDATE messages that named can hold in a queue
    at any given time (default: 100).
  [bsc#1207471, CVE-2022-3094, bind-CVE-2022-3094.patch]
- Add systemd drop-in directory for named service
  [bsc#1201689, bind.spec]
- Security Fixes:
  * Previously, there was no limit to the number of database lookups
  performed while processing large delegations, which could be abused
  to severely impact the performance of named running as a recursive
  resolver. This has been fixed.
  [bsc#1203614, CVE-2022-2795, bind-CVE-2022-2795.patch]
  * A memory leak was fixed that could be externally triggered in the
  DNSSEC verification code for the ECDSA algorithm.
  [bsc#1203619, CVE-2022-38177, bind-CVE-2022-38177.patch]
  * Memory leaks were fixed that could be externally triggered in the
  DNSSEC verification code for the EdDSA algorithm.
  [bsc#1203620, CVE-2022-38178, bind-CVE-2022-38178.patch]
- Changed ownership of /var/lib/named/master from named:named to
  root:root.
  [bsc#1201247, bind.conf]
c-ares
- Update to version 1.19.0
  Security:
  * Low. Stack overflow in ares_set_sortlist() which is used
    during c-ares initialization and typically provided by an
    administrator and not an end user.
    (bsc#1208067, CVE-2022-4904)
  Changes:
  * Add ARES_OPT_HOSTS_FILE similar to ARES_OPT_RESOLVCONF for
    specifying a custom hosts file location.
  Bug fixes:
  * Fix memory leak in reading /etc/hosts when using localhost
    fallback.
  * Fix chain building c-ares when libresolv is already included by
    another project.
  * File lookup should not immediately abort as there may be other
    tries due to search criteria.
  * Asterisks should be allowed in host validation as CNAMEs may
    reference wildcard domains.
  * AutoTools build system referenced bad STDC_HEADERS macro.
  * Even if one address class returns a failure for
    ares_getaddrinfo() we should still return the results we have.
  * Fix ares_getaddrinfo() numerical address resolution with
    AF_UNSPEC
  * Fix tools and help information.
  * Various documentation fixes and cleanups.
  * Add include guards to ares_data.h
  * c-ares could try to exceed maximum number of iovec entries
    supported by system.
  * The RFC6761 6.3 states localhost subdomains must be offline too
- update to 1.18.1. Changes since 1.17.2:
  * Allow '/' as a valid character for a returned name for
    CNAME in-addr.arpa delegation
  * no longer forwards requests for localhost resolution per RFC6761
  * During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so
    that the search process will continue to the next domain
    in the search.
  * Provide ares_nameser.h as a public interface as needed by NodeJS
  * Add support for URI(Uniform Resource Identifier) records via
    ares_parse_uri_reply()
- disable unit tests for SLE12 since GCC compiler too old to build
  unit tests
- 5c995d5.patch: upstreamed
- disable-live-tests.patch: refreshed
- new upstream website
- drop multibuild - tests do not require static library anymore
- spec file cleanup
- drop sources that were re-added to upstream distibution
  (c-ares-config.cmake.in ares_dns.h libcares.pc.cmake)
- update to 1.17.2:
  Security:
  * When building c-ares with CMake, the RANDOM_FILE would not be set
    and therefore downgrade to the less secure random number generator
    it would cause a crash
  * Expand number of escaped characters in DNS replies as per
    RFC1035 5.1 to prevent spoofing follow-up
    (bsc#1188881, CVE-2021-3672)
  * Perform validation on hostnames to prevent possible XSS
    due to applications not performing valiation themselves
  Changes:
  * ares_malloc(0) is now defined behavior (returns NULL) rather than system-specific to catch edge cases
  Bug fixes:
  * Building tests should not force building of static libraries except on Windows
  * Relative headers must use double quotes to prevent pulling in a system library
  for details see,
  https://c-ares.haxx.se/changelog.html#1_17_2
- update to 1.17.1:
    Travis: add iOS target built with CMake (#378)
    Issue #377 suggested that CMake builds for iOS with c-ares were broken. This PR adds an automatic Travis build for iOS CMake.
  - fix build
    External projects were using non-public header ares_dns.h, make public again (#376)
    It appears some outside projects were relying on macros in ares_dns.h, even
    though it doesn't appear that header was ever meant to be public.  That said,
    we don't want to break external integrators so we should distribute this header
    again.
  - note that so versioning has moved to configure.ac
  - note about 1.17.1
  - fix sed gone wrong
    autotools cleanup (#372)
  * buildconf: remove custom logic with autoreconf
- remove missing_header.patch (upstream)
ca-certificates-mozilla
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
  Removed CAs:
  - Global Chambersign Root
  - EC-ACC
  - Network Solutions Certificate Authority
  - Staat der Nederlanden EV Root CA
  - SwissSign Platinum CA - G2
  Added CAs:
  - DIGITALSIGN GLOBAL ROOT ECDSA CA
  - DIGITALSIGN GLOBAL ROOT RSA CA
  - Security Communication ECC RootCA1
  - Security Communication RootCA3
  Changed trust:
  - TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle "/valid before nov 30 2022"/
  and it is not clear how many certs were issued for SSL middleware by TrustCor:
  - TrustCor RootCert CA-1
  - TrustCor RootCert CA-2
  - TrustCor ECA-1
  Patch: remove-trustcor.patch
- Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
  Added:
  - Certainly Root E1
  - Certainly Root R1
  - DigiCert SMIME ECC P384 Root G5
  - DigiCert SMIME RSA4096 Root G5
  - DigiCert TLS ECC P384 Root G5
  - DigiCert TLS RSA4096 Root G5
  - E-Tugra Global Root CA ECC v3
  - E-Tugra Global Root CA RSA v3
  Removed:
  - Hellenic Academic and Research Institutions RootCA 2011
- Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
  Added:
  - Autoridad de Certificacion Firmaprofesional CIF A62634068
  - D-TRUST BR Root CA 1 2020
  - D-TRUST EV Root CA 1 2020
  - GlobalSign ECC Root CA R4
  - GTS Root R1
  - GTS Root R2
  - GTS Root R3
  - GTS Root R4
  - HiPKI Root CA - G1
  - ISRG Root X2
  - Telia Root CA v2
  - vTrus ECC Root CA
  - vTrus Root CA
  Removed:
  - Cybertrust Global Root
  - DST Root CA X3
  - DigiNotar PKIoverheid CA Organisatie - G2
  - GlobalSign ECC Root CA R4
  - GlobalSign Root CA R2
  - GTS Root R1
  - GTS Root R2
  - GTS Root R3
  - GTS Root R4
- updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added CAs:
  + HARICA Client ECC Root CA 2021
  + HARICA Client RSA Root CA 2021
  + HARICA TLS ECC Root CA 2021
  + HARICA TLS RSA Root CA 2021
  + TunTrust Root CA
- Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
- Added new root CAs:
  - NAVER Global Root Certification Authority
- Removed old root CA:
  - GeoTrust Global CA
  - GeoTrust Primary Certification Authority
  - GeoTrust Primary Certification Authority - G3
  - GeoTrust Universal CA
  - GeoTrust Universal CA 2
  - thawte Primary Root CA
  - thawte Primary Root CA - G2
  - thawte Primary Root CA - G3
  - VeriSign Class 3 Public Primary Certification Authority - G4
  - VeriSign Class 3 Public Primary Certification Authority - G5
catatonit
- Update to catatont v0.1.7
- This release adds the ability for catatonit to be used as the only
  process in a pause container, by passing the -P flag (in this mode no
  subprocess is spawned and thus no signal forwarding is done).
- Add 99bb9048f.patch: configure.ac: call AM_INIT_AUTOMAKE only
  once. Fix build with autocnf 2.71 / automake 1.16.5.
- Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to
  socket activation or features somewhat adjacent to socket activation (such as
  passing file descriptors).
- Update catatonit-rpmlintrc in order to cover that static binaries are now an
  error not a warning.
containerd
- Update to containerd v1.6.12 to fix CVE-2022-23471 bsc#1206235. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.11>
- Update to containerd v1.6.11. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.11>
- Update to containerd v1.6.9 for Docker v20.10.21-ce. Also includes a fix for
  CVE-2022-27191. boo#1206065 bsc#1197284 Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.9>
- add devel subpackage, which is needed by open-vm-tools
cups
- cups-branch-2.2-commit-3e4dd41459dabc5d18edbe06eb5b81291885204b.diff
  is 'git show 3e4dd41459dabc5d18edbe06eb5b81291885204b' for
  https://github.com/apple/cups/commit/3e4dd41459dabc5d18edbe06eb5b81291885204b
  (except the not needed hunk for patching CHANGES.md which fails)
  that fixes handling of MaxJobTime 0 (Issue #5438) in the CUPS 2.2 branch
  bsc#1201511:
  Stuck print jobs being cancelled immediately, despite MaxJobTime being set to 0
curl
- Security Fix: [bsc#1206309, CVE-2022-43552]
  * HTTP Proxy deny use-after-free
  * Add curl-CVE-2022-43552.patch
- Security Fix: [bsc#1204383, CVE-2022-32221]
  * POST following PUT confusion
  * Add curl-CVE-2022-32221.patch
- Security fix: [bsc#1202593, CVE-2022-35252]
  * Control codes in cookie denial of service
  * Add curl-CVE-2022-35252.patch
dbus-1
- Fix a potential crash that could be triggered by an invalid signature.
  (CVE-2022-42010, bsc#1204111)
  * fix-upstream-CVE-2022-42010.patch
- Fix an out of bounds read caused by a fixed length array (CVE-2022-42011,
  bsc#1204112)
  * fix-upstream-CVE-2022-42011.patch
- A message in non-native endianness with out-of-band Unix file descriptors
  would cause a use-after-free and possible memory corruption CVE-2022-42012,
  bsc#1204113)
  * fix-upstream-CVE-2022-42012.patch
- Disable asserts (bsc#1087072)
- Refreshed patches
  * fix-upstream-CVE-2020-35512.patch
dhcp
- bsc#1203988, CVE-2022-2928, dhcp-CVE-2022-2928.patch:
  An option refcount overflow exists in dhcpd
- bsc#1203989, CVE-2022-2929, dhcp-CVE-2022-2929.patch:
  DHCP memory leak
docker
- Backport <https://github.com/containerd/fifo/pull/32> to fix a crash-on-start
  issue with dockerd. bsc#1200022
  + 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
dracut
- Update to version 049.1+suse.247.gfb7df05c:
  * fix(systemd): add missing modprobe@.service (bsc#1203749)
  * fix(i18n): do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267)
  * fix(drm): consider also drm_dev_register when looking for gpu driver (bsc#1195618)
  * fix(integrity): do not display any error if there is no IMA certificate (bsc#1187654)
expat
- Security fix:
  * (CVE-2022-43680, bsc#1204708) use-after free caused by overeager
    destruction of a shared DTD in XML_ExternalEntityParserCreate in
    out-of-memory situations
  - Added patch expat-CVE-2022-43680.patch
- Security fix:
  * (CVE-2022-40674, bsc#1203438) use-after-free in the doContent
    function in xmlparse.c
  - Added patch expat-CVE-2022-40674.patch
freetype2
- disable brotli linkage / WOFF2 support for now to keep dependencies
  as before.
- Added patches:
  * CVE-2022-27404.patch
    + fixes bsc#1198830, CVE-2022-27404: Buffer Overflow
  * CVE-2022-27405.patch
    + fixes bsc#1198832, CVE-2022-27405: Segmentation Fault
  * CVE-2022-27406.patch
    + fixes bsc#1198823, CVE-2022-27406: Segmentation violation
- Update to version 2.10.4
  * Fix a heap buffer overflow has been found  in the handling of
    embedded PNG bitmaps, introduced in FreeType version 2.6
    (CVE-2020-15999 bsc#1177914)
  * Minor improvements to the B/W rasterizer.
  * Auto-hinter support for Medefaidrin script.
  * Fix various  memory leaks (mainly  for CFF) and other  issues that
    might cause crashes in rare circumstances.
- Update to version 2.10.2
  * Support for WOFF2 fonts, add BR on pkgconfig(libbrotlidec)
  * Function `FT_Get_Var_Axis_Flags' returned random data for Type 1
    MM fonts.
  * Type 1 fonts with non-integer metrics are now supported by the new
    (CFF) engine introduced in FreeType 2.9.
  * Drop support for Python 2 in Freetype's API reference generator
  * Auto-hinter support for Hanifi Rohingya
  * Document the `FT2_KEEP_ALIVE' debugging environment variable.
glibc
- x86-shared-non-temporal-threshold.patch: Reversing calculation of
  __x86_shared_non_temporal_threshold (bsc#1201942)
- memcmp-power10.patch: powerpc: Optimized memcmp for power10
  (jsc#PED-987)
gnutls
- Security Fix: [bsc#1208143, CVE-2023-0361]
  * Bleichenbacher oracle in TLS RSA key exchange
  * Add gnutls-CVE-2023-0361.patch
- Validate input when calling fmemopen() [bsc#1204511]
  * Add gnutls-check-system_priority_buf-input.patch
- Security fix: [bsc#1202020, CVE-2022-2509]
  * Fixed double free during verification of pkcs7 signatures
  * Add gnutls-CVE-2022-2509.patch
grub2
- Security fixes and hardenings
  * 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
  * 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
- Fix CVE-2022-2601 (bsc#1205178)
  * 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch
  * 0004-font-Remove-grub_font_dup_glyph.patch
  * 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch
  * 0006-font-Fix-integer-overflow-in-BMP-index.patch
  * 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch
  * 0008-fbutil-Fix-integer-overflow.patch
- Fix CVE-2022-3775 (bsc#1205182)
  * 0009-font-Fix-an-integer-underflow-in-blit_comb.patch
  * 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
  * 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
  * 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
- Bump upstream SBAT generation to 3
iputils
- Add fix for ICMP datagram socket ping6-Fix-device-binding.patch
  (bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927).
kdump
- unload.sh-support-kexec-unload-when-kexec_file_load.patch
  Fix unload when secure boot enabled (bsc#1186272)
- fix-network-related-dracut-options-handling-for-fadu.patch
  Fix network-related dracut options handling for fadump case
  (bsc#1201051)
kernel-default
- watchdog: diag288_wdt: do not use stack buffers for hardware
  data (bsc#1207497).
- commit f31eb64
- watchdog: diag288_wdt: fix __diag288() inline assembly
  (bsc#1207497).
- commit 2f246cf
- RDMA/core: Fix ib block iterator counter overflow (bsc#1207878).
- commit 64f6682
- libbpf: Fix null-pointer dereference in find_prog_by_sec_insn()
  (bsc#1204502 CVE-2022-3606).
- commit eef9e8d
- config.conf: Drop armv7l, Leap 15.3 is EOL.
- Delete config/armv7hl/default.
- Delete config/armv7hl/lpae.
- commit 022c807
- mm: /proc/pid/smaps_rollup: fix no vma's null-deref
  (bsc#1207769).
- commit be9727c
- scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes).
- scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
- scsi: fcoe: Fix transport not deattached when fcoe_if_init()
  fails (git-fixes).
- scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
- scsi: scsi_debug: Fix possible name leak in
  sdebug_add_host_helper() (git-fixes).
- scsi: fcoe: Fix possible name leak when device_register()
  fails (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
  (git-fixes).
- scsi: hpsa: Fix error handling in hpsa_add_sas_host()
  (git-fixes).
- scsi: mpt3sas: Fix possible resource leaks in
  mpt3sas_transport_port_add() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_init_one()
  (git-fixes).
- scsi: scsi_debug: Fix a warning in resp_write_scat()
  (git-fixes).
- scsi: core: Fix a race between scsi_done() and scsi_timeout()
  (git-fixes).
- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
  (git-fixes).
- scsi: core: Restrict legal sdev_state transitions via sysfs
  (git-fixes).
- scsi: 3w-9xxx: Avoid disabling device if failing to enable it
  (git-fixes).
- scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes).
- scsi: megaraid_sas: Fix double kfree() (git-fixes).
- scsi: Revert "/scsi: qla2xxx: Fix disk failure to rediscover"/
  (git-fixes).
- commit 25cb1e4
- dm thin: Use last transaction's pmd->root when commit failed
  (git-fixes).
- dm thin: resume even if in FAIL mode (git-fixes).
- dm cache: set needs_check flag after aborting metadata
  (git-fixes).
- dm cache: Fix ABBA deadlock between shrink_slab and
  dm_cache_metadata_abort (git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and
  dm_pool_abort_metadata (git-fixes).
- dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm clone: Fix UAF in clone_dtr() (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option
  enabled (git-fixes).
- dm integrity: flush the journal on suspend (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module
  loading (git-fixes).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- bcache: fix set_at_max_writeback_rate() for multiple attached
  devices (git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
  (git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- md: Notify sysfs sync_completed in md_reap_sync_thread()
  (git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal
  (git-fixes).
- nbd: call genl_unregister_family() first in nbd_cleanup()
  (git-fixes).
- md: protect md_unregister_thread from reentrancy (git-fixes).
- nbd: Fix hung on disconnect request if socket is closed before
  (git-fixes).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap()
  (git-fixes).
- dm btree: add a defensive bounds check to insert_at()
  (git-fixes).
- commit 223b9c6
- nbd: Fix incorrect error handle when first_minor is illegal
  in nbd_dev_add (git-fixes).
- Refresh for the above change,
  patches.suse/0019-nbd-fix-possible-overflow-on-first_minor-in-nbd_dev_.patch.
- commit 9c00c1c
- nbd: fix max value for 'first_minor' (git-fixes).
- Refresh for the above change,
  patches.suse/0012-nbd-fix-possible-overflow-for-first_minor-in-nbd_dev.patch.
- commit dd126a5
- dm space maps: don't reset space map allocation cursor when
  committing (git-fixes).
- dm verity: fix require_signatures module_param permissions
  (git-fixes).
- dm integrity: fix flush with external metadata device
  (git-fixes).
- dm integrity: select CRYPTO_SKCIPHER (git-fixes).
- dm verity: skip verity work if I/O error when system is shutting
  down (git-fixes).
- dm table: Remove BUG_ON(in_interrupt()) (git-fixes).
- nbd: make the config put is called before the notifying the
  waiter (git-fixes).
- nbd: restore default timeout when setting it to zero
  (git-fixes).
- loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes).
- blktrace: ensure our debugfs dir exists (git-fixes).
- commit 50ca764
- rbd: work around -Wuninitialized warning (git-fixes).
- Refresh for the above change,
  patches.suse/rbd-export-some-functions-used-by-lio-rbd-backend.patch.
- commit e923159
- blacklist.conf: add git-fixes commits which won't be backported
- commit 4601d33
- blacklist.conf: removing SCSI git-fix mistakenly added
  This fix was labelled as already present in our
  code base, but it was not.
- commit bcd8cfe
- scsi: pmcraid: Fix missing resource cleanup in error case
  (git-fixes).
- scsi: ipr: Fix missing/incorrect resource cleanup in error case
  (git-fixes).
- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
- scsi: myrb: Fix up null pointer access on myrb_cleanup()
  (git-fixes).
- scsi: megaraid: Fix error check return value of
  register_chrdev() (git-fixes).
- scsi: qedi: Fix failed disconnect handling (git-fixes).
- scsi: megaraid_sas: Target with invalid LUN ID is deleted
  during scan (git-fixes).
- scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
- scsi: libfc: Fix use after free in fc_exch_abts_resp()
  (git-fixes).
- scsi: aha152x: Fix aha152x_setup() __setup handler return value
  (git-fixes).
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
- scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: myrs: Fix crash in error case (git-fixes).
- scsi: qedf: Fix refcount issue when LOGO is received during TMF
  (git-fixes).
- scsi: sr: Don't use GFP_DMA (git-fixes).
- scsi: vmw_pvscsi: Set residual data length conditionally
  (git-fixes).
- scsi: libiscsi: Fix UAF in
  iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).
- scsi: core: sysfs: Fix setting device state to SDEV_RUNNING
  (git-fixes).
- scsi: core: sysfs: Fix hang when device state is set via sysfs
  (git-fixes).
- scsi: iscsi: Unblock session then wake up error handler
  (git-fixes).
- scsi: advansys: Fix kernel pointer leak (git-fixes).
- scsi: core: Fix shost->cmd_per_lun calculation in
  scsi_add_host_with_dma() (git-fixes).
- scsi: virtio_scsi: Fix spelling mistake "/Unsupport"/ ->
  "/Unsupported"/ (git-fixes).
- scsi: ses: Fix unsigned comparison with less than zero
  (git-fixes).
- scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes).
- scsi: ses: Retry failed Send/Receive Diagnostic commands
  (git-fixes).
- scsi: sd: Free scsi_disk device via put_device() (git-fixes).
- scsi: core: Fix hang of freezing queue between blocking and
  running device (git-fixes).
- scsi: core: Fix capacity set to zero after offlinining device
  (git-fixes).
- scsi: sr: Return correct event when media event code is 3
  (git-fixes).
- scsi: core: Avoid printing an error if target_alloc() returns
  - ENXIO (git-fixes).
- scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
  (git-fixes).
- scsi: megaraid_mm: Fix end of loop tests for
  list_for_each_entry() (git-fixes).
- scsi: qedf: Add check to synchronize abort and flush
  (git-fixes).
- scsi: libsas: Add LUN number check in .slave_alloc callback
  (git-fixes).
- scsi: aic7xxx: Fix unintentional sign extension issue on left
  shift of u8 (git-fixes).
- scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg()
  (git-fixes).
- scsi: scsi_dh_alua: Check for negative result value (git-fixes).
- scsi: qedi: Fix null ref during abort handling (git-fixes).
- scsi: iscsi: Fix shost->max_id use (git-fixes).
- scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes).
- scsi: megaraid_sas: Handle missing interrupts while re-enabling
  IRQs (git-fixes).
- scsi: megaraid_sas: Early detection of VD deletion through
  RaidMap update (git-fixes).
- scsi: megaraid_sas: Fix resource leak in case of probe failure
  (git-fixes).
- scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes).
- scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw()
  (git-fixes).
- scsi: sr: Return appropriate error code when disk is ejected
  (git-fixes).
- scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated
  irq (git-fixes).
- scsi: vmw_pvscsi: Set correct residual data length (git-fixes).
- scsi: bnx2fc: Return failure if io_req is already in ABTS
  processing (git-fixes).
- scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
  (git-fixes).
- scsi: libfc: Fix a format specifier (git-fixes).
- scsi: mpt3sas: Block PCI config access from userspace during
  reset (git-fixes).
- scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
  (git-fixes).
- scsi: st: Fix a use after free in st_open() (git-fixes).
- scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
  (git-fixes).
- scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes).
- scsi: ufs: Fix tm request when non-fatal error happens
  (git-fixes).
- scsi: sd: Suppress spurious errors when WRITE SAME is being
  disabled (git-fixes).
- scsi: scsi_transport_spi: Set RQF_PM for domain validation
  commands (git-fixes).
- scsi: ufs-pci: Ensure UFS device is in PowerDown mode for
  suspend-to-disk ->poweroff() (git-fixes).
- scsi: ufs: Fix wrong print message in dev_err() (git-fixes).
- scsi: mpt3sas: Increase IOCInit request timeout to 30s
  (git-fixes).
- commit cf6a959
- scsi: ufs: Make sure clk scaling happens only when HBA is
  runtime ACTIVE (git-fixes).
- scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by
  ufshcd_hold() (git-fixes).
- scsi: mpt3sas: Fix timeouts observed while reenabling IRQ
  (git-fixes).
- scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes).
- scsi: core: Don't start concurrent async scan on same host
  (git-fixes).
- scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes).
- scsi: qedf: Return SUCCESS if stale rport is encountered
  (git-fixes).
- scsi: qedi: Protect active command list to avoid list corruption
  (git-fixes).
- scsi: qedi: Fix list_del corruption while removing active I/O
  (git-fixes).
- scsi: ufs: ufs-qcom: Fix race conditions caused by
  ufs_qcom_testbus_config() (git-fixes).
- commit 0335e79
- sctp: fail if no bound addresses can be used for a given scope
  (bsc#1206677).
- commit dcee4fd
- scsi: ufs: Clean up completed request without interrupt
  notification (git-fixes).
- Refresh
  patches.suse/scsi-ufs-Properly-release-resources-if-a-task-is-aborted-successfully.
- commit 0e26434
- KVM: VMX: fix crash cleanup when KVM wasn't used (bsc#1207508).
- Refresh
  patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch.
- commit 8d5e108
- scsi: ufs: Improve interrupt handling for shared interrupts
  (git-fixes).
- scsi: ufs: Fix interrupt error message for shared interrupts
  (git-fixes).
- scsi: ufs: Fix possible infinite loop in ufshcd_hold
  (git-fixes).
- scsi: iscsi: Do not put host in iscsi_set_flashnode_param()
  (git-fixes).
- scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices
  (git-fixes).
- scsi: scsi_transport_spi: Fix function pointer check
  (git-fixes).
- scsi: sr: Fix sr_probe() missing deallocate of device minor
  (git-fixes).
- scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
  (git-fixes).
- scsi: hisi_sas: Do not reset phy timer to wait for stray phy up
  (git-fixes).
- scsi: cxlflash: Fix error return code in cxlflash_probe()
  (git-fixes).
- scsi: core: free sgtables in case command setup fails
  (git-fixes).
- scsi: pm: Balance pm_only counter of request queue during
  system resume (git-fixes).
- scsi: iscsi: Report unbind session event when the target has
  been removed (git-fixes).
- scsi: iscsi: Don't destroy session if there are outstanding
  connections (git-fixes).
- scsi: ufs: Fix a race condition in the tracing code (git-fixes).
- scsi: ufs: Make ufshcd_add_command_trace() easier to read
  (git-fixes).
- scsi: aic7xxx: Adjust indentation in ahc_find_syncrate
  (git-fixes).
- scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func
  (git-fixes).
- scsi: iscsi: Don't send data to unbound connection (git-fixes).
- scsi: NCR5380: Add disconnect_mask module parameter (git-fixes).
- scsi: scsi_debug: num_tgts must be >= 0 (git-fixes).
- scsi: ufs: Fix error handing during hibern8 enter (git-fixes).
- scsi: ufs: Fix irq return code (git-fixes).
- scsi: ufs: Fix up auto hibern8 enablement (git-fixes).
- scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of
  SG_NONE (git-fixes).
- scsi: ufs: fix potential bug which ends in system hang
  (git-fixes).
- scsi: hisi_sas: Check sas_port before using it (git-fixes).
- scsi: fnic: fix use after free (git-fixes).
- scsi: ufs: delete redundant function ufshcd_def_desc_sizes()
  (git-fixes).
- scsi: hisi_sas: Delete the debugfs folder of hisi_sas when
  the probe fails (git-fixes).
- commit e77b62a
- scsi: hisi_sas: Replace in_softirq() check in
  hisi_sas_task_exec() (git-fixes).
- Refresh patches.suse/scsi-hisi_sas-Remove-preemptible.
- commit ce7bed3
- blacklist.conf: add git-fixes to be skipped
- commit cb4a471
- netfilter: nft_payload: incorrect arithmetics when fetching
  VLAN header bits (CVE-2023-0179 bsc#1207034).
- commit 9fe77eb
- HID: check empty report_list in hid_validate_values()
  (git-fixes, bsc#1206784).
- commit 028641d
- HID: check empty report_list in bigben_probe() (git-fixes,
  bsc#1206784).
- commit c479b33
- HID: betop: check shape of output reports (git-fixes,
  bsc#1207186).
- commit f6860d6
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent
  UAF (CVE-2023-0266 bsc#1207134).
- commit 9014493
- sctp: sysctl: make extra pointers netns aware (bsc#1204760).
- commit 580597a
- net: sched: disallow noqueue for qdisc classes (bsc#1207237
  CVE-2022-47929).
- commit e015217
- blacklist.conf: 461ab10ef7e6 ("/ceph: switch to vfs_inode_has_locks() to fix file lock bug"/)
- commit b165b65
- ceph: avoid putting the realm twice when decoding snaps fails
  (bsc#1207198).
- ceph: do not update snapshot context when there is no new
  snapshot (bsc#1207218).
- commit 2f13b5a
- rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
- commit 6020754
- Update
  patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch
  (bsc#1207036 CVE-2023-23454).
- commit 88c4e72
- Update
  patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch
  (bsc#1207125 CVE-2023-23455).
- commit e595908
- SLE15-SP3 went to LTSS, hand over to L3
- commit c5e6bf0
- mm/memcg: optimize memory.numa_stat like memory.stat
  (bsc#1206663).
- commit d7619da
- drbd: destroy workqueue when drbd device was freed (git-fixes).
- drbd: use after free in drbd_create_device() (git-fixes).
- drbd: remove usage of list iterator variable after loop
  (git-fixes).
- commit ebdddc5
- powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
- powerpc/rtas: avoid device tree lookups in rtas_os_term()
  (bsc#1065729).
- commit da7ea39
- net: sched: atm: dont intepret cls results when asked to drop
  (bsc#1207036).
- commit 49dc51c
- net: sched: cbq: dont intepret cls results when asked to drop
  (bsc#1207036).
- commit 0726009
- ibmveth: Always stop tx queues during close (bsc#1065729).
- commit 8b8572d
- Refresh
  patches.suse/btrfs-avoid-unnecessary-lock-and-leaf-splits-when-up.patch.
  For bsc#1206904, see:
  https://bugzilla.suse.com/show_bug.cgi?id=1206904#c6
- commit dfcd116
- README.BRANCH: Added myself as co-maintainer
  And drop Oscars name.
- commit 0607a55
- ipv4: Handle attempt to delete multipath route when fib_info
  contains an nh reference (bsc#1204171 CVE-2022-3435).
- commit d2a1bb2
- net: ipv4: fix route with nexthop object delete warning
  (bsc#1204171 CVE-2022-3435).
- commit 51fb670
- module: avoid *goto*s in module_sig_check() (git-fixes).
- commit 95dc2c1
- module: merge repetitive strings in module_sig_check()
  (git-fixes).
- commit e890371
- module: set MODULE_STATE_GOING state when a module fails to load
  (git-fixes).
- commit bbf8a43
- modules: lockdep: Suppress suspicious RCU usage warning
  (git-fixes).
- commit a75abac
- module: Remove accidental change of module_enable_x()
  (git-fixes).
- commit c1799c7
- tracing: Verify if trace array exists before destroying it
  (git-fixes).
- commit 484ce03
- powerpc/powernv: add missing of_node_put (bsc#1065729).
- powerpc/boot: Fixup device-tree on little endian (bsc#1065729).
- powerpc/pseries: Stop calling printk in rtas_stop_self()
  (bsc#1065729).
- powerpc: Force inlining of cpu_has_feature() to avoid build
  failure (bsc#1065729).
- powerpc: improve handling of unrecoverable system reset
  (bsc#1065729).
- powerpc: sysdev: add missing iounmap() on error in
  mpic_msgr_probe() (bsc#1065729).
- powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729).
- powerpc/crashkernel: Take "/mem="/ option into account
  (bsc#1065729).
- powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729).
- powerpc/eeh: Only dump stack once if an MMIO loop is detected
  (bsc#1065729).
- powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV
  (bsc#1065729).
- powerpc/powernv/iov: Ensure the pdn for VFs always contains
  a valid PE number (bsc#1065729).
- commit f1282a1
- blacklist.conf: Add reverted commit
- commit 1048706
- powerpc: Ensure that swiotlb buffer is allocated from low memory
  (bsc#1156395).
- commit 6657d5f
- powerpc/powernv: Avoid re-registration of imc debugfs directory
  (bsc#1156395).
- powerpc/book3s/mm: Update Oops message to print the correct
  translation in use (bsc#1156395).
- commit 1967b85
- powerpc/pseries/cmm: Implement release() function for sysfs
  device (bsc#1065729).
- commit eef87f7
- rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs
  This makes in-tree KMPs more consistent with externally built KMPs and
  silences several rpmlint warnings.
- commit 02b7735
- mm: fix race between MADV_FREE reclaim and blkdev direct IO read
  (bsc#1204989,bsc#1205601).
- commit b1fad8e
- rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_*
  Dummy gcc pretends to support -mrecord-mcount option but actual gcc on
  ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS
  enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in
  check failure.
  As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT
  in the exception list, replace them with a general pattern. And add OBJTOOL
  as well.
- commit 887416f
- powerpc/xive/spapr: correct bitmap allocation size (fate#322438
  git-fixes).
- powerpc/xive: Add a check for memory allocation failure
  (fate#322438 git-fixes).
- commit 2423c59
- arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes)
- commit 5dff1e5
- arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes)
- commit 822d824
- blacklist.conf: ("/arm64: lse: Fix LSE atomics with LLVM"/)
- commit 22e012e
- arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes)
- commit 82f0058
- arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes)
- commit 2d24fe0
- arm64: dts: allwinner: H5: Add PMU node (git-fixes)
- commit 5f7b503
- arm64: dts: allwinner: H6: Add PMU mode (git-fixes)
- commit 3c56f93
- arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes)
- commit 10890a5
- blacklist.conf: ("/arm64: fix alternatives with LLVM's integrated assembler"/)
- commit a642f3b
- blacklist.conf: ("/arm64: lse: fix LSE atomics with LLVM's integrated assembler"/)
- commit 76593cf
- blacklist.conf: ("/arm64: dts: allwinner: a64: olinuxino: Fix eMMC supply regulator"/)
- commit 1caef50
- Refresh
  patches.suse/NFS-Handle-missing-attributes-in-OPEN-reply.patch.
  Update commit log to prevent patch and quilt from thinking it should apply the
  example hunks and fail.
- commit 78fab3f
- NFS: Handle missing attributes in OPEN reply (bsc#1203740).
- commit 75c0f21
- NFSv4.x: Fail client initialisation if state manager thread
  can't run (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname()
  (git-fixes).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()
  (git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper()
  and delegreturn (git-fixes).
- NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4.2: Fix a memory stomp in decode_attr_security_label
  (git-fixes).
- NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
  (git-fixes).
- SUNRPC: Don't leak netobj memory when gss_read_proxy_verf()
  fails (git-fixes).
- nfsd: don't call nfsd_file_put from client states seqfile
  display (git-fixes).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- NFSv4.2: Fixup CLONE dest file size for zero-length count
  (git-fixes).
- NFSv4: Retry LOCK on OLD_STATEID during delegation return
  (git-fixes).
- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
  (git-fixes).
- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- NFSv4/pNFS: Always return layout stats on layout return for
  flexfiles (git-fixes).
- NFSD: Return nfserr_serverfault if splice_ok but buf->pages
  have data (git-fixes).
- NFSD: Fix handling of oversized NFSv4 COMPOUND requests
  (git-fixes).
- NFSv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- xprtrdma: treat all calls not a bcall when bc_serv is NULL
  (git-fixes).
- NFSv4: Don't hold the layoutget locks across multiple RPC calls
  (git-fixes).
- SUNRPC: Fix socket waits for write buffer space (git-fixes).
- NFSv4: Protect the state recovery thread against direct reclaim
  (git-fixes).
- NFSv4 expose nfs_parse_server_name function (git-fixes).
- NFSv4 remove zero number of fs_locations entries error check
  (git-fixes).
- NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup()
  (git-fixes).
- NFSv4 only print the label when its queried (git-fixes).
- NFSD: Keep existing listeners on portlist error (git-fixes).
- lockd: lockd server-side shouldn't set fl_ops (git-fixes).
- rpc: fix gss_svc_init cleanup on failure (git-fixes).
- NFS: nfs_find_open_context() may only select open files
  (git-fixes).
- NFSD: fix error handling in NFSv4.0 callbacks (git-fixes).
- rpc: fix NULL dereference on kmalloc failure (git-fixes).
- fs: nfsd: fix kconfig dependency warning for NFSD_V4
  (git-fixes).
- nfs: we don't support removing system.nfs4_acl (git-fixes).
- nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes).
- SUNRPC: Handle 0 length opaque XDR object data properly
  (git-fixes).
- SUNRPC: Move simple_get_bytes and simple_get_netobj into
  private header (git-fixes).
- pNFS/NFSv4: Try to return invalid layout in
  pnfs_layout_process() (git-fixes).
- NFSv4: Fix a pNFS layout related use-after-free race when
  freeing the inode (git-fixes).
- NFS4: Fix oops when copy_file_range is attempted with NFS4.0
  source (git-fixes).
- SUNRPC: Mitigate cond_resched() in xprt_transmit() (git-fixes).
- SUNRPC: stop printk reading past end of string (git-fixes).
- NFS: Zero-stateid SETATTR should first return delegation
  (git-fixes).
- NFSv4.1 handle ERR_DELAY error reclaiming locking state on
  delegation recall (git-fixes).
- svcrdma: Fix another Receive buffer leak (git-fixes).
- NFS: nfs_xdr_status should record the procedure name
  (git-fixes).
- net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes).
- nfsd: safer handling of corrupted c_type (git-fixes).
- nfsd: Fix svc_xprt refcnt leak when setup callback client failed
  (git-fixes).
- sunrpc: check that domain table is empty at module unload
  (git-fixes).
- svcrdma: Fix backchannel return code (git-fixes).
- SUNRPC: Don't start a timer on an already queued rpc task
  (git-fixes).
- NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
  (git-fixes).
- NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context
  fails (git-fixes).
- NFSv4.2: error out when relink swapfile (git-fixes).
- NFSv4: Fix races between open and dentry revalidation
  (git-fixes).
- sunrpc: Fix potential leaks in sunrpc_cache_unhash()
  (git-fixes).
- nfsd: Clone should commit src file metadata too (git-fixes).
- NFS: Fix memory leaks (git-fixes).
- commit 5b3ba89
- memcg, kmem: further deprecate kmem.limit_in_bytes
  (bsc#1206896).
- commit c8d19aa
- blacklist.conf: blacklist 6fcbcec9cfc7
- commit de669f1
- arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes)
- commit b310aa7
- blacklist.conf: ("/arm64: dts: ls1028a: fix typo in TMU calibration data"/)
- commit 716a28c
- blacklist.conf: ("/arm64: Validate tagged addresses in access_ok() called from kernel"/)
- commit 9dd7e12
- blacklist.conf: ("/arm64: insn: consistently handle exit text"/)
- commit f816334
- blacklist.conf: blacklist 5c099c4fd
- commit 5b0fa49
- blacklist.conf: blacklist c3497fd009ef
- commit 359f3b8
- blacklist.conf: blacklist c915fb80eaa
- commit 02b35f9
- ext4: avoid BUG_ON when creating xattrs (bsc#1205496).
- commit b1bfe2a
- ext4: fix uninititialized value in 'ext4_evict_inode'
  (bsc#1206893).
- commit ff976a4
- ext4: fix corruption when online resizing a 1K bigalloc fs
  (bsc#1206891).
- commit 140cef5
- ext4: fix undefined behavior in bit shift for
  ext4_check_flag_values (bsc#1206890).
- commit 0696f69
- ext4: silence the warning when evicting inode with
  dioread_nolock (bsc#1206889).
- commit 8d66379
- ext4: fix use-after-free in ext4_ext_shift_extents
  (bsc#1206888).
- commit 027bd53
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- commit 5134642
- ext4: fix BUG_ON() when directory entry has invalid rec_len
  (bsc#1206886).
- commit 7d14bba
- Update tags in
  patches.suse/ext4-Fix-check-for-block-being-out-of-directory-size.patch.
- commit b651ac6
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- commit f8a1109
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- commit 100f2b7
- ext4: avoid crash when inline data creation follows DIO write
  (bsc#1206883).
- commit 05e8ed4
- ext4: continue to expand file system when the target size
  doesn't reach (bsc#1206882).
- commit 1b01bae
- ext4: fix bug in extents parsing when eh_entries == 0 and
  eh_depth > 0 (bsc#1206881).
- commit f1f3d4f
- blacklist.conf: blacklist 613c5a85898d
- commit 48dfb5e
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- commit f96243f
- blacklist.conf: blacklist b24e77ef1c6d
- commit 7ecc9d3
- ext4: correct the misjudgment in ext4_iget_extra_inode
  (bsc#1206878).
- commit b931654
- ext4: correct max_inline_xattr_value_size computing
  (bsc#1206878).
- commit fde0a78
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- commit a4c76a4
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
  (bsc#1206878).
- commit ecac58a
- ext4: fix extent status tree race in writeback error recovery
  path (bsc#1206877).
- commit 35c3734
- ext4: update s_overhead_clusters in the superblock during an
  on-line resize (bsc#1206876).
- commit 4ca9666
- ext4: correct the error path of ext4_write_inline_data_end()
  (bsc#1206875).
- commit 9ad9468
- blacklist.conf: blacklist 5dccdc5a1916
- commit 8417a93
- blacklist.conf: blacklist efc61345274d
- commit 8078536
- blacklist.conf: blacklist 5a3b590d4b2d
- commit 5590cb0
- ext4: Detect already used quota file early (bsc#1206873).
- commit 0136eeb
- blacklist.conf: Blacklist 0f5bde1db174
- commit 66ece1b
- blacklist.conf: blacklist f25391ebb475
- commit b3ab927
- ext4: avoid race conditions when remounting with options that
  change dax (bsc#1206860).
  Refresh patches.suse/ext4-dont-warn-when-enabling-DAX.patch
- commit 89b7d84
- blacklist.conf: Add ppc ddw fix only applicable to 5.15
- commit ce185e4
- ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859).
- commit c933ca2
- blacklist.conf: blacklist a17a9d935dc4
- commit 267ec30
- ext4: use matching invalidatepage in ext4_writepage
  (bsc#1206858).
- commit 9adbb3f
- ext4: mark block bitmap corrupted when found instead of BUGON
  (bsc#1206857).
- commit 0b7c7d5
- ext4: fix a data race at inode->i_disksize (bsc#1206855).
- commit 6032d35
- ext4: choose hardlimit when softlimit is larger than hardlimit
  in ext4_statfs_project() (bsc#1206854).
- commit 1fdf2d9
- blacklist.conf: blacklist 4068664e3cd2
- commit 3a30037
- blacklist.conf: Add active memory.high throttling fixups
- d397a45fc741 mm, memcg: fix corruption on 64-bit divisor in memory.high throttling
- e26733e0d0ec mm, memcg: throttle allocators based on ancestral memory.high
- 9b8b17541f13 mm, memcg: do not high throttle allocators based on wraparound
- commit 0508c0b
- sched/psi: Fix sampling error and rare div0 crashes with
  cgroups and high uptime (bsc#1206841).
- commit d518fcd
- scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445).
- scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445).
- scsi: lpfc: Fix crash involving race between FLOGI timeout
  and devloss handler (jsc#PED-1445).
- scsi: lpfc: Fix MI capability display in cmf_info sysfs
  attribute (jsc#PED-1445).
- scsi: lpfc: Correct bandwidth logging during receipt of
  congestion sync WCQE (jsc#PED-1445).
- scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445).
- scsi: lpfc: Use memset_startat() helper (jsc#PED-1445).
- scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445).
- string.h: Introduce memset_startat() for wiping trailing
  members and padding (jsc#PED-1445).
- commit 76decfc
- scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
- scsi: qla2xxx: Initialize vha->unknown_atio_[list, work]
  for NPIV hosts (jsc#PED-568).
- scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization
  (jsc#PED-568).
- scsi: qla2xxx: Remove unused variable 'found_devs'
  (jsc#PED-568).
- scsi: qla2xxx: Fix set-but-not-used variable warnings
  (jsc#PED-568).
- commit b04c714
- blacklist.conf: pSeries and powernv get dt from firmware
- commit 47ec098
- powerpc/pseries/eeh: use correct API for error log size
  (bsc#1065729).
- powerpc/perf: callchain validate kernel stack pointer bounds
  (bsc#1065729).
- powerpc/xive: add missing iounmap() in error path in
  xive_spapr_populate_irq_data() (fate#322438 git-fixes).
- powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
- powerpc/64: Init jump labels before parse_early_param()
  (bsc#1065729).
- commit 3405c6d
- powerpc/pseries: unregister VPA when hot unplugging a CPU
  (bsc#1205695 ltc#200603).
- commit 3d8dab2
- Fix kABI breakage in usb.h: struct usb_device:
  hide new member (bsc#1206664 CVE-2022-4662).
- commit a53ec27
- USB: core: Prevent nested device-reset calls (bsc#1206664
  CVE-2022-4662).
- commit 2d03a85
- drm: mali-dp: potential dereference of null pointer
  (CVE-2022-3115 bsc#1206393).
- commit 9246c67
- wifi: wilc1000: validate pairwise and authentication suite
  offsets (CVE-2022-47520 bsc#1206515).
- commit 10a48d9
- kabi/severities: ignore kABI change for meson driver fix (CVE-2022-3112 bsc#1206399)
- commit cecc04a
- media: meson: vdec: potential dereference of null pointer
  (CVE-2022-3112 bsc#1206399).
- commit 32c7d25
- Bluetooth: L2CAP: Fix use-after-free caused by
  l2cap_reassemble_sdu (CVE-2022-3564 bsc#1206073).
- commit 5495793
- Update patch reference for BT fix (CVE-2022-3564 bsc#1206073)
- commit a5136f0
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
  (bsc#1206649).
- commit 81eb278
- udf_get_extendedattr() had no boundary checks (bsc#1206648).
- commit 2ff0ceb
- udf: Fix iocharset=utf8 mount option (bsc#1206647).
- commit 6d30f6e
- udf: Fix NULL pointer dereference in udf_symlink function
  (bsc#1206646).
- commit aa42b50
- udf: fix silent AED tagLocation corruption (bsc#1206645).
- commit a3bf788
- udf: fix the problem that the disc content is not displayed
  (bsc#1206644).
- commit baed6fa
- udf: Limit sparing table size (bsc#1206643).
- commit 10a39e1
- udf: Avoid accessing uninitialized data on failed inode read
  (bsc#1206642).
- commit 8c98e30
- udf: Fix free space reporting for metadata and virtual
  partitions (bsc#1206641).
- commit 0743d18
- quota: Check next/prev free block number after reading from
  quota file (bsc#1206640).
- commit f8fb63e
- blacklist.conf: Blacklist dd5532a4994b
- commit 836bdfa
- blacklist.conf: Blacklist dfc2d2594e4a
- commit dd5297d
- blacklist.conf: Blacklist f4c2d372b89a
- commit fc7d11b
- ext4: iomap that extends beyond EOF should be marked dirty
  (bsc#1206637).
- commit e1b2dad
- blacklist.conf: Blacklist 02f03c4206c1
- commit bb8f69f
- isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636).
- commit 9374be1
- mm/filemap.c: clear page error before actual read (bsc#1206635).
- commit 5e80ff2
- lib/notifier-error-inject: fix error when writing -errno to
  debugfs file (bsc#1206634).
- commit dea9978
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
  (bsc#1206634).
- commit 2504e98
- blacklist.conf: Blacklist 9066e151c379
- commit 966d217
- sbitmap: fix lockup while swapping (bsc#1206602).
- commit 008171d
- struct usbnet: move new members to end (git-fixes).
- commit f647bb2
- net: usb: cdc_ncm: don't spew notifications (git-fixes).
- Refresh
  patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch.
- commit 6bb9cb6
- blacklist.conf: ("/arm64: dts: armada-3720-turris-mox: add firmware node"/)
- commit 77ea716
- arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes)
- commit 954a96f
- blacklist.conf: ("/crypto: arm64/aes-neonbs - add return value of skcipher_walk_done()"/)
- commit 8dcdb26
- arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes)
- commit c3c7089
- arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes).
- commit ae4388c
- net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
- commit 47e48bc
- rtc: pcf85063: Fix reading alarm (git-fixes).
- commit 3b1fc33
- efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes).
- commit 1dc7c8f
- Update metadata references
- commit 71ea896
- Update
  patches.suse/RDMA-uverbs-Check-for-null-return-of-kmalloc_array.patch
  (CVE-2022-3105 bsc#1206398 git-fixes).
- commit 66cd628
- Update
  patches.suse/drm-amdkfd-Check-for-null-pointer-after-calling-kmem.patch
  (CVE-2022-3108 bsc#1206389 git-fixes).
- commit 7c181a5
- RDMA/uverbs: Check for null return of kmalloc_array
  (CVE-2022-3105 bsc#1206398 git-fixes).
- commit 73b6bff
- Update
  patches.suse/sfc_ef100-potential-dereference-of-null-pointer.patch
  (jsc#SLE-16683 CVE-2022-3106 bsc#1206397).
- commit 3e8cb15
- Update
  patches.suse/msft-hv-2553-hv_netvsc-Add-check-for-kvmalloc_array.patch
  (CVE-2022-3107 bsc#1206395 git-fixes).
- commit d5698e3
- Update
  patches.suse/power-supply-wm8350-power-Add-missing-free-in-free_c.patch
  (CVE-2022-3111 bsc#1206394 git-fixes).
- commit 2ff0fd7
- blacklist.conf: cosmetic, does not fix a bug
- commit c7bc28a
- dt-bindings: clocks: imx8mp: Add ID for usb suspend clock
  (git-fixes).
- commit 4972874
- tracing: Free buffers when a used dynamic event is removed
  (git-fixes).
- commit 3703499
- tracing/dynevent: Delete all matched events (git-fixes).
- commit dcf29de
- tracing: Add tracing_reset_all_online_cpus_unlocked() function
  (git-fixes).
- commit 6ce4166
- blacklist.conf: Risky, requires reworking of mempolicies
- commit e11ba4b
- blacklist.conf: Risky semantic change for hugetlbfs runtime allocation
- commit 8dbcec6
- mm, page_alloc: avoid expensive reclaim when compaction may
  not succeed (bsc#1204250).
- commit f800975
- afs: Fix some tracing details (git-fixes).
- commit 161393a
- blacklist.conf: cosmetic fix
- commit 39c4f5a
- usb: host: xhci-hub: fix extra endianness conversion
  (git-fixes).
- commit 3574ccc
- memcg: Fix possible use-after-free in
  memcg_write_event_control() (bsc#1206344).
- commit d0798c9
- s390/boot: add secure boot trailer (bsc#1205256 LTC#1205256).
- commit 2e9f75b
- net: mana: Fix race on per-CQ variable napi work_done
  (git-fixes).
- commit 935369b
- Update patches.suse/drm-amd-display-memory-leak.patch
  (CVE-2019-19083 bsc#1157049 bnc#1151927 5.3.8).
  Update the metadata of this patch and in particular its commit ID.
  This fix was committed twice upstream, and we used one commit ID in
  all branches except SLE15-SP3 where we use the other one. Align this
  branch with what was done in all other branches. Benefits:
  * No need to blacklist the other commit ID as it was never mentioned
  in stable trees.
  * Minimize the differences between branches to lower the risk of merge
  conflicts.
  I verified that the resulting source tree is exactly the same before
  and after this change.
- commit 27c76af
- Rename 0001-drm-amd-display-memory-leak.patch
  Use the same name as in all other branches for consistency.
- commit 9d96a87
- ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
- commit 6426714
- proc: proc_skip_spaces() shouldn't think it is working on C
  strings (CVE-2022-4378 bsc#1206207).
- proc: avoid integer type confusion in get_proc_long
  (CVE-2022-4378 bsc#1206207).
- commit 1e50bbf
- ext4: Fixup pages without buffers (bsc#1205495).
- commit ad24b58
- kbuild: Unify options for BTF generation for vmlinux and modules
  (bsc#1204693).
- Refresh
  patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch.
- commit 5bc49fe
- fuse: lock inode unconditionally in fuse_fallocate()
  (bsc#1206179).
- fuse: fix use after free in fuse_read_interrupt() (bsc#1206178).
- cuse: prevent clone (bsc#1206177).
- fuse: fix the ->direct_IO() treatment of iov_iter (bsc#1206176).
- fuse: update attr_version counter on fuse_notify_inval_inode()
  (bsc#1206175).
- fuse: don't check refcount after stealing page (bsc#1206174).
- commit 8cb708c
- Refresh
  patches.kabi/kABI-remove-new-member-of-usbip_device.patch.
- commit bf09767
- Refresh
  patches.suse/x86-speculation-Disable-RRSBA-behavior.patch.
  Fix up after merge from cve/5.3. The patch can be closer to upstream in
  15sp3 as we have more than in the cve branch.
- commit 344ce75
- x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon
  resume from S3 (bsc#1206037).
- commit df768bd
- xen/netback: don't call kfree_skb() with interrupts disabled
  (bsc#1206114, XSA-424, CVE-2022-42328, CVE-2022-42329).
- commit 18b6c2b
- xen/netback: Ensure protocol headers don't fall in the
  non-linear area (bsc#1206113, XSA-423, CVE-2022-3643).
- commit ef1bd8e
- blacklist.conf: 2e5383d7904e cgroup1: don't call release_agent when it
  is "/"/
- commit dce5fa8
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit ff0c181
- docs/kernel-parameters: Update descriptions for "/mitigations="/
  param with retbleed (bsc#1199657 CVE-2022-29900 CVE-2022-29901
  bsc#1203271 bsc#1206032).
- commit 012ee9f
- Update
  patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901 bsc#1203271
  bsc#1206032).
- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
  Fix mitigations=off to imply retbleed=off (bsc#1206032).
- commit f959a8e
- Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573)
- commit 2043e6b
- ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989).
- ceph: lockdep annotations for try_nonblocking_invalidate
  (bsc#1205988).
- ceph: request Fw caps before updating the mtime in
  ceph_write_iter (bsc#1205987).
- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
  (bsc#1205986).
- ceph: fix fscache invalidation (bsc#1205985).
- ceph: do not access the kiocb after aio requests (bsc#1205984).
- commit 3a3eff6
- kabi: sk_buff.scm_io_uring (bsc#1204228 CVE-2022-2602).
- commit 1cb9473
- io_uring/af_unix: defer registered files gc to io_uring release
  (bsc#1204228 CVE-2022-2602).
- commit fee5862
- hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
  (git-fixes).
- hwmon: (coretemp) Check for null before removing sysfs attrs
  (git-fixes).
- hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc()
  fails (git-fixes).
- hwmon: (i5500_temp) fix missing pci_disable_device()
  (git-fixes).
- commit fdf27d9
- cifs: skip extra NULL byte in filenames (bsc#1204791).
- commit 482b418
- block: Do not reread partition table on exclusively open device
  (bsc#1190969).
- commit 1d888c0
- atm: idt77252: fix use-after-free bugs caused by tst_timer
  (CVE-2022-3635 bsc#1204631).
- commit 81a86f3
- Update patch reference for ATM fix (CVE-2022-3635 bsc#1204631)
- commit f11d21c
- Move upstreamed i915 patch into sorted section
- commit 4f7c541
- net: ethernet: renesas: ravb: Fix promiscuous mode after system
  resumed (git-fixes).
- wifi: mac8021: fix possible oob access in
  ieee80211_get_rate_duration (git-fixes).
- wifi: cfg80211: fix buffer overflow in elem comparison
  (git-fixes).
- net: ethernet: nixge: fix NULL dereference (git-fixes).
- net: phy: fix null-ptr-deref while probe() failed (git-fixes).
- can: cc770: cc770_isa_probe(): add missing free_cc770dev()
  (git-fixes).
- can: sja1000_isa: sja1000_isa_probe(): add missing
  free_sja1000dev() (git-fixes).
- commit c233552
- Add support for enabling livepatching related packages on -RT (jsc#PED-1706)
- commit 9d41244
- xen/privcmd: fix error exit of privcmd_ioctl_dm_op()
  (git-fixes).
- commit a2d69de
- xen/privcmd: Corrected error handling path (git-fixes).
- commit 9273ea4
- blacklist.conf: add 5c13a4a0291b3019
- commit f414b37
- xen/gntdev: Prevent leaking grants (git-fixes).
- commit d068003
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
  (git-fixes).
- commit 310f73b
- xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
- commit e66563b
- xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
  (git-fixes).
- commit 2026fbd
- blacklist.conf: add e8240addd0a39
- commit c8fea7d
- blacklist.conf: add 0f4558ae91870
- commit 1f46313
- xen: Fix XenStore initialisation for XS_LOCAL (git-fixes).
- commit b1da831
- xen/pcpu: fix possible memory leak in register_pcpu()
  (git-fixes).
- commit 7bcfa5e
- xen/balloon: fix cancelled balloon action (git-fixes).
- commit df9a18a
- Refresh patches.suse/ibmvnic-Properly-dispose-of-all-skbs-during-a-failov.patch.
  Fix metadata
- commit b7e4dba
- xen/balloon: fix balloon kthread freezing (git-fixes).
- commit 5c64258
- ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533
  git-fixes).
- commit 390f969
- Xen/gntdev: don't ignore kernel unmapping error (git-fixes).
- commit d1d28ba
- xen-netback: correct success/error reporting for the
  SKB-with-fraglist case (git-fixes).
- commit 26320ba
- xen/balloon: use a kernel thread instead a workqueue
  (git-fixes).
- commit cb178a9
- arm/xen: Don't probe xenbus as part of an early initcall
  (git-fixes).
- commit 6b23717
- x86/xen: Add xen_no_vector_callback option to test PCI INTX
  delivery (git-fixes).
- commit c3e71c4
- xen/xenbus: Fix granting of vmalloc'd memory (git-fixes).
- Refresh
  patches.suse/xen-xenbus-don-t-let-xenbus_grant_ring-remove-grants.patch.
- commit b773587
- xen: Fix event channel callback via INTX/GSI (git-fixes).
- commit f009c3f
- x86/xen: don't unbind uninitialized lock_kicker_irq (git-fixes).
- commit dc41a1f
- usb: dwc3: gadget: Clear ep descriptor last (git-fixes).
- commit 9eafa9a
- swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses
  (git-fixes).
- commit a448c92
- xen/xenbus: ensure xenbus_map_ring_valloc() returns proper
  grant status (git-fixes).
- commit eda3b54
- xenbus: req->err should be updated before req->state
  (git-fixes).
- commit b68f2a5
- xenbus: req->body should be updated before req->state
  (git-fixes).
- commit 43d862b
- x86/xen: Distribute switch variables for initialization
  (git-fixes).
- commit 0f71692
- xen/balloon: fix ballooned page accounting without hotplug
  enabled (git-fixes).
- commit e768449
- xen-blkback: prevent premature module unload (git-fixes).
- commit 55eaccd
- USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
- commit 5b34629
- USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
- commit 48c193f
- USB: serial: option: remove old LARA-R6 PID.
- commit 50cfc4c
- USB: serial: option: add Fibocom FM160 0x0111 composition
  (git-fixes).
- commit 3cf3877
- usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
- commit 6ac2249
- usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
- commit 774f54f
- drm/i915: fix TLB invalidation for Gen12 video and compute
  engines (CVE-2022-4139 bsc#1205700).
- commit 58aaa10
- Refresh patches.suse/misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch (CVE-2022-3424 bsc#1204166)
  Taken from v10 patch in char-misc subsystem tree
- commit 09cd28d
- blacklist.conf: duplicate
- commit 468555e
- blacklist.conf: cosmetic fix
- commit a8e199d
- net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes).
- commit bc1c359
- rndis_host: increase sleep time in the query-response loop
  (git-fixes).
- commit 1a77104
- net: usb: qmi_wwan: restore mtu min/max values after raw_ip
  switch (git-fixes).
- commit 43cdbc4
- HID: roccat: Fix use-after-free in roccat_read() (bsc#1203960
  CVE-2022-41850).
- commit 3bef7b9
- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
- v3 of "/PCI: hv: Only reuse existing IRTE allocation for Multi-MSI"/
- scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes).
- commit e4d40ab
- Bluetooth: L2CAP: Fix u8 overflow (CVE-2022-45934 bsc#1205796).
- commit 9a43bb4
- usb: dwc3: exynos: Fix remove() function (git-fixes).
- spi: spi-imx: Fix spi_bus_clk if requested clock is higher
  than input clock (git-fixes).
- USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
- USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
- USB: serial: option: remove old LARA-R6 PID (git-fixes).
- USB: serial: option: add Fibocom FM160 0x0111 composition
  (git-fixes).
- USB: serial: option: add Sierra Wireless EM9191 (git-fixes).
- usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
- usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
- slimbus: stream: correct presence rate frequencies (git-fixes).
- siox: fix possible memory leak in siox_device_add() (git-fixes).
- commit acc3c71
- iio: core: Fix entry not deleted when
  iio_register_sw_trigger_type() fails (git-fixes).
- iio: light: rpr0521: add missing Kconfig dependencies
  (git-fixes).
- iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
  (git-fixes).
- iio: health: afe4403: Fix oob read in afe4403_read_raw
  (git-fixes).
- iio: light: apds9960: fix wrong register for gesture gain
  (git-fixes).
- regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes).
- regulator: core: fix UAF in destroy_regulator() (git-fixes).
- regulator: core: fix kobject release warning and memory leak
  in regulator_register() (git-fixes).
- nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes).
- nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
  (git-fixes).
- NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes).
- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
  (git-fixes).
- nfc: nfcmrvl: Fix potential memory leak in
  nfcmrvl_i2c_nci_send() (git-fixes).
- nfc/nci: fix race with opening and closing (git-fixes).
- Input: i8042 - fix leaking of platform device on module removal
  (git-fixes).
- Input: iforce - invert valid length check when fetching device
  IDs (git-fixes).
- serial: 8250_lpss: Configure DMA also w/o DMA filter
  (git-fixes).
- serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
  (git-fixes).
- serial: imx: Add missing .thaw_noirq hook (git-fixes).
- serial: 8250: omap: Flush PM QOS work on remove (git-fixes).
- serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in
  omap8250_remove() (git-fixes).
- serial: 8250_omap: remove wait loop from Errata i202 workaround
  (git-fixes).
- parport_pc: Avoid FIFO port location truncation (git-fixes).
- misc/vmw_vmci: fix an infoleak in
  vmci_host_do_receive_datagram() (git-fixes).
- iio: adc: at91_adc: fix possible memory leak in
  at91_adc_allocate_trigger() (git-fixes).
- iio: pressure: ms5611: changed hardcoded SPI speed to value
  limited (git-fixes).
- iio: trigger: sysfs: fix possible memory leak in
  iio_sysfs_trig_init() (git-fixes).
- mmc: sdhci-pci: Fix possible memory leak caused by missing
  pci_dev_put() (git-fixes).
- mmc: sdhci-pci-o2micro: fix card detect fail issue caused by
  CD# debounce timeout (git-fixes).
- mmc: core: properly select voltage range without power cycle
  (git-fixes).
- mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
- mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
  (git-fixes).
- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
  (git-fixes).
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes).
- commit d87f9df
- ASoC: max98373: Add checks for devm_kcalloc (git-fixes).
- dma-buf: fix racing conflict of dma_heap_add() (git-fixes).
- bus: sunxi-rsb: Support atomic transfers (git-fixes).
- drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()
  (git-fixes).
- drm/drv: Fix potential memory leak in drm_dev_init()
  (git-fixes).
- drm/panel: simple: set bpc field for logic technologies displays
  (git-fixes).
- ALSA: usb-audio: Drop snd_BUG_ON() from
  snd_usbmidi_output_open() (git-fixes).
- ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
  (git-fixes).
- ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes).
- ALSA: hda: fix potential memleak in 'add_widget_node'
  (git-fixes).
- ALSA: usb-audio: Add DSD support for Accuphase DAC-60
  (git-fixes).
- ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes).
- i2c: i801: add lis3lv02d's I2C address for Vostro 5568
  (git-fixes).
- drm/imx: imx-tve: Fix return type of
  imx_tve_connector_mode_valid (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes).
- ASoC: codecs: jz4725b: Fix spelling mistake "/Sourc"/ -> "/Source"/,
  "/Routee"/ -> "/Route"/ (git-fixes).
- ASoC: codecs: jz4725b: fix capture selector naming (git-fixes).
- ASoC: codecs: jz4725b: use right control for Capture Volume
  (git-fixes).
- ASoC: codecs: jz4725b: fix reported volume for Master ctl
  (git-fixes).
- ASoC: codecs: jz4725b: add missed Line In power control bit
  (git-fixes).
- ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK
  (git-fixes).
- ASoC: wm8997: Revert "/ASoC: wm8997: Fix PM disable depth
  imbalance in wm8997_probe"/ (git-fixes).
- ASoC: wm5110: Revert "/ASoC: wm5110: Fix PM disable depth
  imbalance in wm5110_probe"/ (git-fixes).
- ASoC: wm5102: Revert "/ASoC: wm5102: Fix PM disable depth
  imbalance in wm5102_probe"/ (git-fixes).
- commit 27fe82f
- x86/kexec: Fix double-free of elf header buffer (bsc#1205567).
- commit 25c2f2d
- Refresh
  patches.suse/nfsd4-fix-NULL-dereference-in-nfsd-clients-display-c.patch.
- Delete patches.suse/nfsd-show_open-NULL-deref.patch.
  These patches are for the same git commit, so merging.
  "/return SEQ_SKIP"/ is changed to "/return 0"/ to match
  upstream.  Difference is only important if some content
  has already been generated.  In that case SEQ_SKIP discards it
  and 0 leaves it.  Here we haven't generated any content.
  bsc#1205753
- commit 4d06f59
- l2tp: Serialize access to sk_user_data with sk_callback_lock
  (bsc#1205711 CVE-2022-4129).
- commit add2103
- net: fix a concurrency bug in l2tp_tunnel_register()
  (bsc#1205711 CVE-2022-4129).
- commit ced1fd6
- Drop incorrectly doubly applied patches for brcmfmac and vc4 (bsc#1205753)
- commit 5941245
- arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes)
- commit 7b66fa8
- blacklist.conf: kvm_arch_no_poll() is called only once already
- commit 3bc62c2
- KVM: s390: pv: don't allow userspace to set the clock under PV
  (git-fixes).
- KVM: s390: Fix handle_sske page fault handling (git-fixes).
- KVM: s390: Add a routine for setting userspace CPU state
  (git-fixes).
- KVM: s390: Simplify SIGP Set Arch handling (git-fixes).
- KVM: s390: get rid of register asm usage (git-fixes).
- KVM: s390: reduce number of IO pins to 1 (git-fixes).
- commit 76c25b0
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory
  (CVE-2022-42895 bsc#1205705).
- Bluetooth: L2CAP: Fix accepting connection request for invalid
  SPSM (CVE-2022-42896 bsc#1205709).
- commit fc4b67c
- Update patch reference for Bluetooth fix (CVE-2022-42895 bsc#1205705)
- commit 0d77342
- blacklist.conf: Unnecessary build config fix.
- commit 68959f0
- scsi: zfcp: Fix double free of FSF request when qdio send fails
  (git-fixes).
- s390: fix nospec table alignments (git-fixes).
- s390: Remove arch_has_random, arch_has_random_seed (git-fixes).
- commit 55df511
- iwlwifi: dbg: disable ini debug in 9000 family and below
  (git-fixes).
- commit 152ef40
- blacklist.conf: kABI
- commit 509fe6c
- blacklist.conf: kABI
- commit 8bad736
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (bsc#1205671
  CVE-2022-41858).
- commit dd6f85a
- md/raid5: Ensure stripe_fill happens on non-read IO with journal
  (git-fixes).
- commit cac2314
- md: Replace snprintf with scnprintf (git-fixes).
- Replaced the in-house patch by the above upstream patch,
  patches.suse/md-raid0-fix-buffer-overflow-at-debug-print.patch.
- commit 8c3cff2
- dm raid: fix address sanitizer warning in raid_resume
  (git-fixes).
- dm raid: fix address sanitizer warning in raid_status
  (git-fixes).
- dm: return early from dm_pr_call() if DM device is suspended
  (git-fixes).
- dm thin: fix use-after-free crash in
  dm_sm_register_threshold_callback (git-fixes).
- dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
- dm raid: fix accesses beyond end of raid member array
  (git-fixes).
- dm mirror log: clear log bits up to BITS_PER_LONG boundary
  (git-fixes).
- dm era: commit metadata in postsuspend after worker stops
  (git-fixes).
- dm mpath: only use ktime_get_ns() in historical selector
  (git-fixes).
- dm integrity: set journal entry unused when shrinking device
  (git-fixes).
- dm verity fec: fix misaligned RS roots IO (git-fixes).
- dm writecache: fix writing beyond end of underlying device
  when shrinking (git-fixes).
- dm writecache: return the exact table values that were set
  (git-fixes).
- commit e0e374e
- dm: fix request-based DM to not bounce through indirect
  dm_submit_bio (git-fixes).
- Refresh for the above change,
  patches.suse/blk-mq-clear-stale-request-in-tags-rq-before-freeing.patch.
- commit 259862c
- dm: remove special-casing of bio-based immutable singleton
  target on NVMe (git-fixes).
- commit 31a00a1
- blacklist.conf: add non-backport git-fixes commit
- commit 42c7406
- nfsd: set the server_scope during service startup (bsc#1203746).
- commit 3d5973a
- NFSD: Cap rsize_bop result based on send buffer size
  (bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv3 READ
  (bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv2 READ
  (bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv3 READDIR
  (bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv2 READDIR
  (bsc#1205128 CVE-2022-43945).
- commit e93318a
- blacklist.conf: Add 74e4b956eb1c cgroup: Honor caller's cgroup NS when resolving path
- commit 99fc524
- add another bug reference to some hyperv changes (bsc#1205617).
- commit b575115
- blacklist.conf: cleanup
- commit b0b46b5
- media: vim2m: initialize the media device earlier (git-fixes).
- commit c5af813
- media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes).
- commit 2431c97
- rtc: mt6397: fix alarm register overwrite (git-fixes).
- commit 95d4e3d
- staging: greybus: light: fix a couple double frees (git-fixes).
- commit 58bdfb3
- blacklist.conf: duplicate
- commit 3dd1632
- tracing: Fix wild-memory-access in register_synth_event()
  (git-fixes).
- commit 7dac608
- ftrace: Fix null pointer dereference in ftrace_add_mod()
  (git-fixes).
- commit 4244693
- ring_buffer: Do not deactivate non-existant pages (git-fixes).
- commit 464f48f
- ftrace: Optimize the allocation for mcount entries (git-fixes).
- commit c7550d0
- ftrace: Fix the possible incorrect kernel message (git-fixes).
- commit 47e4dec
- ring-buffer: Include dropped pages in counting dirty patches
  (git-fixes).
- commit 284d26b
- tracing/ring-buffer: Have polling block on watermark
  (git-fixes).
- commit d2a2e4f
- ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
- commit b801309
- powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395).
- commit 3c8b93e
- powerpc/boot: Explicitly disable usage of SPE instructions
  (bsc#1156395).
- commit 0bc0054
- blacklist.conf: Add fixes for unsupported platforms
- commit 27bff58
- Update patch reference for rtl8712 driver fix (CVE-2022-4095 bsc#1205514)
- commit 8075958
- staging: rtl8712: fix use after free bugs (CVE-2022-4095
  bsc#1205514).
- commit d8c38e0
- ipv6: Fix data races around sk->sk_prot (bsc#1204414
  CVE-2022-3567).
- commit 12fec90
- ipv6: annotate some data-races around sk->sk_prot (bsc#1204414
  CVE-2022-3567).
- commit 3b01230
- KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT
  for L1 (git-fixes).
- commit d56f1ae
- KVM: nVMX: Validate the EPTP when emulating
  INVEPT(EXTENT_CONTEXT) (git-fixes).
- commit 26dc9e3
- kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes).
- commit 2f5ac01
- blacklist.conf: add 514ccc194971d0 ("/x86/kvm: fix a missing-prototypes
  "/vmread_error"/"/)
- commit c73c5e6
- KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec
  support (git-fixes).
- commit 038458a
- KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls
  only when apicv is globally disabled (git-fixes).
- commit c95874c
- mISDN: fix misuse of put_device() in mISDN_register_device()
  (git-fixes).
- commit fea2547
- x86/speculation: Disable RRSBA behavior (bsc#1201455
  CVE-2022-28693).
- commit 1c08940
- net: thunderbolt: Fix error handling in tbnet_init()
  (git-fixes).
- net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes).
- mISDN: fix possible memory leak in mISDN_dsp_element_register()
  (git-fixes).
- commit d89f3be
- Move upstreamed fbdev fix into sorted section
- commit c2656f7
- pinctrl: devicetree: fix null pointer dereferencing in
  pinctrl_dt_to_map (git-fixes).
- ata: libata-transport: fix error handling in ata_tdev_add()
  (git-fixes).
- ata: libata-transport: fix error handling in ata_tlink_add()
  (git-fixes).
- ata: libata-transport: fix error handling in ata_tport_add()
  (git-fixes).
- ata: libata-transport: fix double ata_host_put() in
  ata_tport_add() (git-fixes).
- dmaengine: at_hdmac: Check return code of
  dma_async_device_register (git-fixes).
- dmaengine: at_hdmac: Fix impossible condition (git-fixes).
- dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
  (git-fixes).
- dmaengine: at_hdmac: Fix completion of unissued descriptor in
  case of errors (git-fixes).
- dmaengine: at_hdmac: Don't start transactions at tx_submit level
  (git-fixes).
- dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes).
- dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
  (git-fixes).
- dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes).
- spi: stm32: Print summary 'callbacks suppressed' message
  (git-fixes).
- drm/i915/dmabuf: fix sg_table handling in map_dma_buf
  (git-fixes).
- drm/vc4: Fix missing platform_unregister_drivers() call in
  vc4_drm_register() (git-fixes).
- hamradio: fix issue of dev reference count leakage in
  bpq_device_event() (git-fixes).
- wifi: cfg80211: fix memory leak in query_regdb_file()
  (git-fixes).
- wifi: cfg80211: silence a sparse RCU warning (git-fixes).
- phy: stm32: fix an error code in probe (git-fixes).
- capabilities: fix undefined behavior in bit shift for
  CAP_TO_MASK (git-fixes).
- firmware: arm_scmi: Suppress the driver's bind attributes
  (git-fixes).
- drm/i915/sdvo: Setup DDC fully before output init (git-fixes).
- drm/i915/sdvo: Filter out invalid outputs more sensibly
  (git-fixes).
- drm/rockchip: dsi: Force synchronous probe (git-fixes).
- ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes).
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory
  (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by
  l2cap_reassemble_sdu (git-fixes).
- isdn: mISDN: netjet: fix wrong check of device registration
  (git-fixes).
- mISDN: fix possible memory leak in mISDN_register_device()
  (git-fixes).
- nfc: nfcmrvl: Fix potential memory leak in
  nfcmrvl_i2c_nci_send() (git-fixes).
- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
  (git-fixes).
- fbdev: smscufx: Fix several use-after-free bugs (git-fixes).
- xhci: Remove device endpoints from bandwidth list when freeing
  the device (git-fixes).
- media: venus: dec: Handle the case where find_format fails
  (git-fixes).
- media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation
  (git-fixes).
- media: meson: vdec: fix possible refcount leak in vdec_probe()
  (git-fixes).
- media: dvb-frontends/drxk: initialize err to 0 (git-fixes).
- HID: saitek: add madcatz variant of MMO7 mouse device ID
  (git-fixes).
- USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
  (git-fixes).
- commit 87c5230
- usbip: usbip_event: use global lock (git-fixes).
- commit dfdff40
- usbip: synchronize event handler with sysfs code paths
  (git-fixes).
- commit 02e148d
- usbip: vudc_sysfs: use global lock (git-fixes).
- commit 0d41db9
- usbip: vudc synchronize sysfs code paths (git-fixes).
- commit 436bc70
- usbip: stub_dev: remake locking for kABI (git-fixes).
- commit 9d2c460
- kABI: remove new member of usbip_device (git-fixes).
- usbip: stub-dev synchronize sysfs code paths (git-fixes).
- usbip: add sysfs_lock to synchronize sysfs code paths
  (git-fixes).
- commit a40ec71
- blacklist.conf: kABI
- commit 304049d
- blacklist.conf: kABI
- commit 18d7f9f
- usb: dwc3: fix PHY disable sequence (git-fixes).
- commit b0b38c0
- blacklist.conf: too intrusive
- commit c4ba71f
- x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
- commit 84f9a38
- blacklist.conf: inapplicable
- commit f1ebd1d
- vmlinux.lds.h: Fix placement of '.data..decrypted' section
  (git-fixes).
- commit 8070192
- x86/microcode/AMD: Apply the patch early on every logical thread
  (bsc#1205264).
- commit 761173c
- kabi: fix transport_add_device change (git-fixes).
- commit 9ff4597
- s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
  (bsc#1205428 LTC#200501).
- s390/uaccess: add missing EX_TABLE entries to __clear_user(),
  copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc()
  and __strnlen_user() (bsc#1205428 LTC#200501).
- commit 402d4fe
- scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
  (git-fixes).
- scsi: drivers: base: Propagate errors through the transport
  component (git-fixes).
- scsi: drivers: base: Support atomic version of
  attribute_container_device_trigger (git-fixes).
- commit 7f6d450
- blacklist.conf: skip git-fix that is too invasive
- commit e017099
- blk-mq: Properly init requests from blk_mq_alloc_request_hctx()
  (git-fixes).
- rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
- blk-wbt: call rq_qos_add() after wb_normal is initialized
  (git-fixes).
- loop: Check for overflow while configuring loop (git-fixes).
- blktrace: Trace remapped requests correctly (git-fixes).
- blk-mq: don't create hctx debugfs dir until q->debugfs_dir is
  created (git-fixes).
- block: fix infinite loop for invalid zone append (git-fixes).
- nbd: fix possible overflow on 'first_minor' in nbd_dev_add()
  (git-fixes).
- virtio_blk: fix the discard_granularity and discard_alignment
  queue limits (git-fixes).
- virtio_blk: eliminate anonymous module_init & module_exit
  (git-fixes).
- block: limit request dispatch loop duration (git-fixes).
- virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg
  is zero (git-fixes).
- block-map: add __GFP_ZERO flag for alloc_page in function
  bio_copy_kern (git-fixes).
- block: use "/unsigned long"/ for blk_validate_block_size()
  (git-fixes).
- nbd: fix possible overflow for 'first_minor' in nbd_dev_add()
  (git-fixes).
- block: ataflop: more blk-mq refactoring fixes (git-fixes).
- nbd: Fix use-after-free in pid_show (git-fixes).
- block: ataflop: fix breakage introduced at blk-mq refactoring
  (git-fixes).
- virtio-blk: Use blk_validate_block_size() to validate block size
  (git-fixes).
- block: Add a helper to validate the block size (git-fixes).
- scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND
  (git-fixes).
- block: nbd: add sanity check for first_minor (git-fixes).
- blk-crypto: fix check for too-large dun_bytes (git-fixes).
- nbd: handle device refs for DESTROY_ON_DISCONNECT properly
  (git-fixes).
- null_blk: Fail zone append to conventional zones (git-fixes).
- null_blk: synchronization fix for zoned device (git-fixes).
- commit 3b9349e
- Update references of
  patches.suse/s390-pci-add-missing-EX_TABLE-entries-to-__pcistg_mio_inuser-__pcilg_mio_inuser
  (bsc#1205428 LTC#200501).
- commit b4aa54c
- arm64: dts: juno: Add thermal critical trip points (git-fixes)
- commit 2be09ac
- blacklist.conf: ("/arm64: topology: move store_cpu_topology() to shared code"/)
- commit 68eedfd
- blacklist.conf: ("/arm64: topology: fix possible overflow in amu_fie_setup()"/)
- commit 4b45d2c
- arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes)
  Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default.
  Update patches.suse/KVM_arm64_Add-templates-for-BHB-mitigation-sequences.patch
  And refresh kABI patch.
- commit 543771f
- Drop NVMeoF support for TP 8013 & 8014 (bsc#1192761 bsc#1204827)
  The kernel side for the TP 8013 and 8014 support was added before we
  finished implementing the feature support in nvme-cli in 2.x.
  As it turns out the rather old base version of nvme-cli would require
  to completely re-implement the support for these feature for the 1.x
  branch.
  As SP3 is nearing it's end of the active update cycle, we decided
  against to update the nvme-cli package hence these patches for the
  kernel are not needed. In fact they introduce, regression due to the
  nvme-cli package not able to do handle the new API correctly. So let's
  remove these patches as there is no user for it.
- Refresh patches.suse/nvme-add-iopolicy-module-parameter.patch.
- Delete patches.kabi/kabi-fix-nvme-subsystype-change.patch.
- Delete patches.suse/nvme-Add-connect-option-discovery.patch.
- Delete
  patches.suse/nvme-add-CNTRLTYPE-definitions-for-identify-controll.patch.
- Delete
  patches.suse/nvme-add-new-discovery-log-page-entry-definitions.patch.
- Delete patches.suse/nvme-display-correct-subsystem-NQN.patch.
- Delete
  patches.suse/nvme-expose-subsystem-type-in-sysfs-attribute-subsys.patch.
- Delete patches.suse/nvmet-add-nvmet_is_disc_subsys-helper.patch.
- Delete patches.suse/nvmet-add-nvmet_req_subsys-helper.patch.
- Delete
  patches.suse/nvmet-don-t-check-iosqes-iocqes-for-discovery-contro.patch.
- Delete patches.suse/nvmet-make-discovery-NQN-configurable.patch.
- Delete
  patches.suse/nvmet-register-discovery-subsystem-as-current.patch.
- Delete
  patches.suse/nvmet-set-CNTRLTYPE-in-the-identify-controller-data.patch.
- Delete patches.suse/nvmet-switch-check-for-subsystem-type.patch.
- commit 65fe080
- panic, kexec: make __crash_kexec() NMI safe (git-fixes).
- kexec: turn all kexec_mutex acquisitions into trylocks
  (git-fixes).
- commit 3521cb1
- v3 of "/PCI: hv: Only reuse existing IRTE allocation for Multi-MSI"/ (bsc#1200845)
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845).
- hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850).
- scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
- scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
- PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017).
- PCI: hv: Add validation for untrusted Hyper-V values (git-fixes).
- PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017).
- Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017).
- Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017).
- Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017).
- PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017).
- Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017).
- Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
- hv_netvsc: Fix potential dereference of NULL pointer (git-fixes).
- hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes).
- net: hyperv: remove use of bpf_op_t (git-fixes).
- Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes).
- Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes).
- Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
- net: netvsc: remove break after return (git-fixes).
- x86/hyperv: Output host build info as normal Windows version number (git-fixes).
- hv_netvsc: Add check for kvmalloc_array (git-fixes).
- Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes).
- PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446).
- hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes).
- PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
- hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
- scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017).
- PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446).
- PCI: hv: Support for create interrupt v3 (bsc#1204446).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes).
- hv: hyperv.h: Remove unused inline functions (git-fixes).
- scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes).
- Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes).
- PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446).
- PCI: hv: Fix a race condition when removing the device (bsc#1204446).
- scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes).
- scsi: storvsc: Update error logging (git-fixes).
- scsi: storvsc: Miscellaneous code cleanups (git-fixes).
- PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446).
- drivers: hv: Fix missing error code in vmbus_connect() (git-fixes).
- hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes).
- scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017).
- PCI: hv: Drop msi_controller structure (bsc#1204446).
- hv_netvsc: Add error handling while switching data path (bsc#1204850).
- hv_netvsc: Add a comment clarifying batching logic (git-fixes).
- scsi: storvsc: Parameterize number hardware queues (git-fixes).
- Drivers: hv: vmbus: remove unused function (git-fixes).
- Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes).
- drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes).
- Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017).
- PCI: hv: Fix typo (bsc#1204446).
- scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).
- scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017).
- Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes).
- hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes).
- hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
- hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
- hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes).
- x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes).
- use __netdev_notify_peers in hyperv (git-fixes).
- drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes).
- drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes).
- hv_netvsc: Validate number of allocated sub-channels (git-fixes).
- drivers: hv: vmbus: Fix call msleep using < 20ms (git-fixes).
- drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes).
- drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes).
- drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes).
- hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017).
- Revert "/scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback()"/ (bsc#1204017).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- commit 5f3eadd
- fuse: add file_modified() to fallocate (bsc#1205330).
- fuse: fix readdir cache race (bsc#1205329).
- commit 199a84c
- netfilter: nfnetlink_osf: fix possible bogus match in
  nf_osf_find() (bsc#1204614).
- commit e9ccbaa
- usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being
  a V0.96 controller (git-fixes).
- commit 9593f85
- blacklist.conf: add some git-fixes commits which won't be backported
- commit 19d26a3
- media: mceusb: Use new usb_control_msg_*() routines
  (CVE-2022-3903 bsc#1205220).
- media: mceusb: fix control-message timeouts (CVE-2022-3903
  bsc#1205220).
- USB: core: return -EREMOTEIO on short usb_control_msg_recv()
  (CVE-2022-3903 bsc#1205220).
- USB: correct API of usb_control_msg_send/recv (CVE-2022-3903
  bsc#1205220).
- USB: core: message.c: use usb_control_msg_send() in a few places
  (CVE-2022-3903 bsc#1205220).
- USB: add usb_control_msg_send() and usb_control_msg_recv()
  (CVE-2022-3903 bsc#1205220).
- USB: move snd_usb_pipe_sanity_check into the USB core
  (CVE-2022-3903 bsc#1205220).
- commit 575009a
- drm/i915/gvt: fix double free bug in split_2MB_gtt_entry (bsc#1204780, CVE-2022-3707)
- commit 1da3c8a
- Refresh sorted patches.
- commit 759ab14
- scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
  (bsc#1156395).
- commit 6ad0462
- r8152: add PID for the Lenovo OneLink+ Dock (git-fixes).
- commit 3de57a1
- Refresh patches.suse/scsi-ibmvfc-Do-not-wait-for-initial-device-scan.patch.
  Refresh to upstream version of patch.
- commit 381d74e
- r8152: use new helper tcp_v6_gso_csum_prep (git-fixes).
- commit b1a7e6a
- scsi: ibmvfc: Avoid path failures during live migration
  (bsc#1065729 bsc#1204810 ltc#200162).
- commit 617a752
- rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE
  This new form was added in commit b8c86872d1dc (riscv: fix detection of
  toolchain Zicbom support).
- commit e9f2ba6
- ring-buffer: Check for NULL cpu_buffer in
  ring_buffer_wake_waiters() (git-fixes).
- commit f0e9f4a
- r8152: Add MAC passthrough support to new device (git-fixes).
- commit 2c0b0e4
- Add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149)
- commit 888e01e
- s390/ptrace: return -ENOSYS when invalid syscall is supplied
  (git-fixes).
- Refresh
  patches.suse/s390-ptrace-pass-invalid-syscall-numbers-to-tracing.
- commit 49c6928
- s390/pci: add missing EX_TABLE entries to
  __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes).
- s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing
  pavgroup (git-fixes).
- s390/boot: fix absolute zero lowcore corruption on boot
  (git-fixes).
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB
  hugepages (bsc#1203144 LTC#199881).
- s390: fix double free of GS and RI CBs on fork() failure
  (git-fixes).
- scsi: zfcp: Fix missing auto port scan and thus missing target
  ports (git-fixes).
- s390/zcore: fix race when reading from hardware system area
  (git-fixes).
- vfio/ccw: Do not change FSM state in subchannel event
  (git-fixes).
- KVM: s390: pv: leak the topmost page table when destroy fails
  (git-fixes).
- s390/mm: use non-quiescing sske for KVM switch to keyed guest
  (git-fixes).
- KVM: s390: pv: avoid stalls when making pages secure
  (git-fixes).
- s390/disassembler: increase ebpf disasm buffer size (git-fixes).
- s390/zcrypt: fix zcard and zqueue hot-unplug memleak
  (git-fixes).
- s390/cpcmd: fix inline assembly register clobbering (git-fixes).
- s390/vtime: fix inline assembly clobber list (git-fixes).
- s390: mark __cpacf_query() as __always_inline (git-fixes).
- commit 2fade04
- xfs: trylock underlying buffer on dquot flush (git-fixes).
- commit 114228e
- xfs: tail updates only need to occur when LSN changes
  (git-fixes).
- commit 9d404a5
- xfs: factor common AIL item deletion code (git-fixes).
- commit b1771cc
- xfs: Throttle commits on delayed background CIL push
  (git-fixes).
- commit e58ad94
- xfs: Lower CIL flush limit for large logs (git-fixes).
- commit 66c16cf
- xfs: Use scnprintf() for avoiding potential buffer overflow
  (git-fixes).
- commit 1495b79
- xfs: check owner of dir3 blocks (git-fixes).
- commit cb50471
- xfs: xfs_buf_corruption_error should take __this_address
  (git-fixes).
- commit 840c497
- xfs: rework collapse range into an atomic operation (git-fixes).
- commit cfa7b45
- xfs: rework insert range into an atomic operation (git-fixes).
- commit a96f43c
- xfs: open code insert range extent split helper (git-fixes).
- commit f1b0ddb
- blacklist.conf: ignore unapplicable rdma patches
- commit 38abdf0
- Refresh patches.suse/ppc64-kdump-Limit-kdump-base-to-512MB.patch
  to upstream version.
- commit bb3e9b2
- NFSv3: use nfs_add_or_obtain() to create and reference inodes
  (bsc#1204215).
- Refresh
  patches.suse/nfs-fix-acl-memory-leak-of-posix_acl_create.patch.
- commit d9aeac3
- NFS: Refactor nfs_instantiate() for dentry referencing callers
  (bsc#1204215).
- Refresh
  patches.suse/NFS-Don-t-revalidate-the-directory-permissions-on-a-.patch.
- commit 50b85ce
- Update patch references to
  patches.suse/0001-floppy-disable-FDRAWCMD-by-default.patch
  (bsc#1200692 CVE-2022-33981).
- commit 2a514c4
- wifi: brcmfmac: Fix potential buffer overflow in
  brcmf_fweh_event_worker() (CVE-2022-3628 bsc#1204868).
- commit c0bd14a
- selftests/livepatch: better synchronize test_klp_callbacks_busy
  (bsc#1071995).
- commit 5cc1f06
- blacklist.conf: livepatch: 32-bit only
- commit ed4af6c
- livepatch: Add a missing newline character in
  klp_module_coming() (bsc#1071995).
- commit cbc1bb8
- livepatch: fix race between fork and KLP transition
  (bsc#1071995).
- commit ed70923
- workqueue: don't skip lockdep work dependency in
  cancel_work_sync() (bsc#1204967).
- commit d7d8431
- scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
- commit e027fbe
- scsi: qla2xxx: Use transport-defined speed mask for
  supported_speeds (bsc#1204963).
- scsi: qla2xxx: Fix serialization of DCBX TLV data request
  (bsc#1204963).
- commit 2f0e70b
- usb: dwc3: qcom: fix runtime PM wakeup.
- commit 770ebb2
- usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup
  (git-fixes).
- commit 1b57243
- printk: wake waiters for safe and NMI contexts (bsc#1204934).
- commit 16527ab
- blacklist.conf: cleanup
- commit a1ca722
- printk: use atomic updates for klogd work (bsc#1204934).
- commit 60be5fc
- printk: add missing memory barrier to wake_up_klogd()
  (bsc#1204934).
- commit 270aa51
- blacklist.conf: this patch implements a feature implied, but not
  implemented
- commit d863db7
- usb: dwc3: gadget: Fix null pointer exception (git-fixes).
- commit b825ac2
- RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes)
- commit 2d07106
- RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes)
- commit 0dbe04a
- blacklist.conf: workqueue: put back cancel_work(); would be needed
  only when backporting recent amdgpu stuff
- commit 9a9dea9
- RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes)
- commit 8229886
- scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957).
- scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for
  transceiver info (bsc#1204957).
- scsi: lpfc: Log when congestion management limits are in effect
  (bsc#1204957).
- scsi: lpfc: Fix hard lockup when reading the rx_monitor from
  debugfs (bsc#1204957).
- scsi: lpfc: Set sli4_param's cmf option to zero when CMF is
  turned off (bsc#1204957).
- scsi: lpfc: Fix spelling mistake "/unsolicted"/ -> "/unsolicited"/
  (bsc#1204957).
- scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957).
- commit 641ed8b
- RDMA/rxe: Fix memory leak in error path code (git-fixes)
- commit 9c6ee14
- RDMA/core/sa_query: Remove unused argument (git-fixes)
- commit 23d84da
- RDMA/hns: Fix spelling mistakes of original (git-fixes)
- commit 1db7560
- blacklist.conf: Ignore build fixes for crypto selftest config
  Build fixes for crypto selftest with CRYPTO_MANAGER_DISABLE_TESTS!=y
  and CRYPTO=m
- commit 423d58a
- RDMA/mlx5: Use different doorbell memory for different processes (git-fixes)
  Refresh:
  - patches.suse/RDMA-mlx5-Remove-unused-parameter-udata.patch
- commit fd05a52
- Update patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch
  (bsc#1204693).
- commit 26595bd
- RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes)
- commit 293bf91
- IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes)
- commit f7baf6a
- RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes)
- commit d355c79
- RDMA/rxe: Fix the error caused by qp->sk (git-fixes)
- commit 6d0ef48
- RDMA/rxe: Fix "/kernel NULL pointer dereference"/ error (git-fixes)
- commit 9205fa0
- RDMA/siw: Pass a pointer to virt_to_page() (git-fixes)
- commit 7daf160
- RDMA/cma: Fix arguments order in net device validation (git-fixes)
- commit 7890ffd
- RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- commit cc2cd02
- RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes)
- commit 4332868
- RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes)
- commit 19e84c3
- RDMA/rxe: Fix rnr retry behavior (git-fixes)
- commit db88b1b
- RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes)
- commit c8db39b
- RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes)
- commit e28b8f5
- RDMA: remove useless condition in siw_create_cq() (git-fixes)
- commit 4c36066
- RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes)
- commit 3ec31d2
- RDMA/qedr: Fix reporting QP timeout attribute (git-fixes)
- commit 26de3e3
- RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes)
- commit 9d4253b
- RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes)
- commit 92bff10
- RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes)
- commit e806a5b
- RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes)
- commit 709fd3a
- IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes)
- commit 121ed63
- RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes)
- commit 1408298
- IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes)
- commit 8a4119a
- RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes)
- commit f1870dd
- RDMA/mlx4: Return missed an error if device doesn't support steering (git-fixes)
- commit 53e12a2
- RDMA/bnxt_re: Fix query SRQ failure (git-fixes)
- commit 3389a3f
- RDMA/rxe: Fix wrong port_cap_flags (git-fixes)
- commit a3b0ded
- RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes)
- commit 12260f5
- IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes)
- commit 7c89c4a
- IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes)
- commit 1259749
- RDMA/mlx5: Set user priority for DCT (git-fixes)
- commit b499161
- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes)
- commit 74e3ed2
- RDMA/efa: Remove double QP type assignment (git-fixes)
- commit 858283b
- RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes)
- commit 47de10e
- IB/hfi1: Adjust pkey entry in index 0 (git-fixes)
- commit 385ff05
- RDMA/efa: Free IRQ vectors on error flow (git-fixes)
- commit 2498525
- IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes)
- commit 96f828c
- RDMA/bnxt_re: Add missing spin lock initialization (git-fixes)
- commit 49315d8
- RDMA/rxe: Don't overwrite errno from ib_umem_get() (git-fixes)
- commit dc6482e
- RDMA/rxe: Fix redundant skb_put_zero (git-fixes)
- commit 4b744b6
- RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes)
- commit b0c4366
- RDMA/rxe: Remove unused pkt->offset (git-fixes)
- commit 2e0cf31
- RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes)
- commit 8d71bad
- RDMA/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes)
- commit 2b87978
- RDMA/rxe: Fix redundant call to ip_send_check (git-fixes)
- commit 6f47c39
- RDMA/rxe: Fix failure during driver load (git-fixes)
- commit bb23773
- RDMA/core: Sanitize WQ state received from the userspace (git-fixes)
- commit 1ebcca8
- IB/core: Only update PKEY and GID caches on respective events (git-fixes)
- commit 242d271
- IB/srpt: Remove redundant assignment to ret (git-fixes)
- commit 1421a09
- RDMA: Verify port when creating flow rule (git-fixes)
- commit 75b7985
- IB/mlx4: Use port iterator and validation APIs (git-fixes)
- commit c3aa778
- RDMA/mlx5: Block FDB rules when not in switchdev mode (git-fixes)
- commit 097d131
- RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes)
- commit 8811d6a
- RDMa/mthca: Work around -Wenum-conversion warning (git-fixes)
- commit e6dae53
- RDMA/cxgb4: Remove MW support (git-fixes)
- commit d49ea58
- RDMA/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes)
- commit fdca7b3
- RDMA/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes)
- commit 289115b
- RDMA/i40iw: Use ib_umem_num_dma_pages() (git-fixes)
- commit ad98a0c
- RDMA/efa: Use ib_umem_num_dma_pages() (git-fixes)
- commit cda973b
- RDMA/qib: Remove superfluous fallthrough statements (git-fixes)
- commit 0c97417
- IB/mlx4: Add support for REJ due to timeout (git-fixes)
- commit dd6c131
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit a77f876
- kbuild: remove the target in signal traps when interrupted
  (git-fixes).
- kbuild: sink stdout from cmd for silent build (git-fixes).
- commit d17022d
- blacklist.conf: Unnecessary S390 ARCHITECTURE fixes.
- commit 8f1bd85
- kbuild: Add skip_encoding_btf_enum64 option to pahole
  (git-fixes).
- kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21
  (jsc#SLE-24559).
- commit 7b939ad
- fbdev: cyber2000fb: fix missing pci_disable_device()
  (git-fixes).
- fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes).
- iio: adc: mcp3911: use correct id bits (git-fixes).
- iio: light: tsl2583: Fix module unloading (git-fixes).
- usb: dwc3: gadget: Don't set IMI for no_interrupt (git-fixes).
- usb: dwc3: gadget: Stop processing more requests on IMI
  (git-fixes).
- usb: bdc: change state when port disconnected (git-fixes).
- hwmon/coretemp: Handle large core ID value (git-fixes).
- ACPI: extlog: Handle multiple records (git-fixes).
- commit 77773fb
- ftrace: Fix char print issue in print_ip_ins() (git-fixes).
- commit d4a892d
- tracing: Do not free snapshot if tracer is on cmdline
  (git-fixes).
- commit 44c0d5c
- tracing: Simplify conditional compilation code in
  tracing_set_tracer() (git-fixes).
- commit 030e84d
- ring-buffer: Fix race between reset page and reading page
  (git-fixes).
- commit 500d3d5
- tracing: Wake up waiters when tracing is disabled (git-fixes).
- commit 3f63b61
- tracing: Add ioctl() to force ring buffer waiters to wake up
  (git-fixes).
- commit 1ac3e72
- tracing: Wake up ring buffer waiters on closing of the file
  (git-fixes).
- kABI: Fix after adding trace_iterator.wait_index (git-fixes).
- commit ee58509
- ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
- commit daffb44
- ring-buffer: Check pending waiters when doing wake ups as well
  (git-fixes).
- commit 8618e02
- ring-buffer: Have the shortest_full queue be the shortest not
  longest (git-fixes).
- commit ebf21e7
- ring-buffer: Allow splice to read previous partially read pages
  (git-fixes).
- commit 81e9520
- ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes).
- commit e2b6a1c
- tracing: Disable interrupt or preemption before acquiring
  arch_spinlock_t (git-fixes).
- commit 75ec285
- device property: Fix documentation for *_match_string() APIs
  (git-fixes).
- PM: domains: Fix handling of unavailable/disabled idle states
  (git-fixes).
- PM: hibernate: Allow hybrid sleep to work with s2idle
  (git-fixes).
- mmc: core: Fix kernel panic when remove non-standard SDIO card
  (git-fixes).
- mtd: rawnand: marvell: Use correct logic for nand-keep-config
  (git-fixes).
- ALSA: aoa: Fix I2S device accounting (git-fixes).
- ALSA: Use del_timer_sync() before freeing timer (git-fixes).
- ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
  (git-fixes).
- ALSA: rme9652: use explicitly signed char (git-fixes).
- ALSA: au88x0: use explicitly signed char (git-fixes).
- ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
  (git-fixes).
- drm/msm/hdmi: fix memory corruption with too many bridges
  (git-fixes).
- drm/msm/dsi: fix memory corruption with too many bridges
  (git-fixes).
- drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
  (git-fixes).
- can: kvaser_usb: Fix possible completions during init_completion
  (git-fixes).
- openvswitch: switch from WARN to pr_warn (git-fixes).
- can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing
  put_clock() in error path (git-fixes).
- mac802154: Fix LQI recording (git-fixes).
- media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check
  'interlaced' (git-fixes).
- media: v4l2-dv-timings: add sanity checks for blanking values
  (git-fixes).
- commit c820733
- Fix build warning
  Refreshed:
  patches.suse/mm-hugetlb-fix-races-when-looking-up-a-CONT-PTE-PMD-.patch
- commit ca5cb24
- Add CVE reference to
  patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
  (bsc#1196018 CVE-2022-28748 CVE-2022-2964).
- commit 94992c9
- block: assign bi_bdev for cloned bios in blk_rq_prep_clone
  (bsc#1204328).
- commit b9f2ea4
- thermal: intel_powerclamp: Use first online CPU as control_cpu
  (git-fixes).
- HID: magicmouse: Do not set BTN_MOUSE on double report
  (git-fixes).
- ALSA: oss: Fix potential deadlock at unregistration (git-fixes).
- ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
  (git-fixes).
- ALSA: hda/realtek: Add Intel Reference SSID to support headset
  keys (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes).
- clk: bcm2835: Make peripheral PLLC critical (git-fixes).
- clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate
  (git-fixes).
- clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes).
- staging: rtl8723bs: fix a potential memory leak in
  rtw_init_cmd_priv() (git-fixes).
- staging: vt6655: fix potential memory leak (git-fixes).
- iio: pressure: dps310: Reset chip after timeout (git-fixes).
- iio: pressure: dps310: Refactor startup procedure (git-fixes).
- usb: add quirks for Lenovo OneLink+ Dock (git-fixes).
- usb: idmouse: fix an uninit-value in idmouse_open (git-fixes).
- usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes).
- usb: host: xhci: Fix potential memory leak in
  xhci_alloc_stream_info() (git-fixes).
- power: supply: adp5061: fix out-of-bounds read in
  adp5061_get_chg_type() (git-fixes).
- HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes).
- HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes).
- HID: roccat: Fix use-after-free in roccat_read() (git-fixes).
- media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
  (git-fixes).
- ata: libahci_platform: Sanity check the DT child nodes number
  (git-fixes).
- ALSA: usb-audio: Fix potential memory leaks (git-fixes).
- ALSA: usb-audio: Fix NULL dererence at error path (git-fixes).
- drm/amdgpu: fix initial connector audio value (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Anbernic Win600
  (git-fixes).
- drm: Prevent drm_copy_field() to attempt copying a NULL pointer
  (git-fixes).
- drm: Use size_t type for len variable in drm_copy_field()
  (git-fixes).
- drm/nouveau/nouveau_bo: fix potential memory leak in
  nouveau_bo_alloc() (git-fixes).
- platform/x86: msi-laptop: Change DMI match / alias strings to
  fix module autoloading (git-fixes).
- mmc: sdhci-msm: add compatible string check for sdm670
  (git-fixes).
- Bluetooth: L2CAP: Fix user-after-free (git-fixes).
- Bluetooth: hci_sysfs: Fix attempting to call device_add multiple
  times (git-fixes).
- Bluetooth: L2CAP: initialize delayed works at
  l2cap_chan_create() (git-fixes).
- wifi: rt2x00: correctly set BBP register 86 for MT7620
  (git-fixes).
- wifi: rt2x00: set SoC wmac clock register (git-fixes).
- wifi: rt2x00: set VGC gain for both chains of MT7620
  (git-fixes).
- wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
  (git-fixes).
- wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620
  (git-fixes).
- wifi: brcmfmac: fix use-after-free bug in
  brcmf_netdev_start_xmit() (git-fixes).
- can: bcm: check the result of can_send() in bcm_can_tx()
  (git-fixes).
- wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
  (git-fixes).
- wifi: brcmfmac: fix invalid address access when enabling SCAN
  log level (git-fixes).
- openvswitch: Fix overreporting of drops in dropwatch
  (git-fixes).
- openvswitch: Fix double reporting of drops in dropwatch
  (git-fixes).
- thermal: intel_powerclamp: Use get_cpu() instead of
  smp_processor_id() to avoid crash (git-fixes).
- ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
  (git-fixes).
- HID: hidraw: fix memory leak in hidraw_release() (git-fixes).
- commit 89baab9
- kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753).
- commit 0463863
- mm/hugetlb: fix races when looking up a CONT-PTE/PMD size
  hugetlb page (bsc#1204575).
- commit 06c4f04
- xfs: reserve data and rt quota at the same time (bsc#1203496).
- commit fb82e46
- scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
  (git-fixes).
- scsi: mpt3sas: Fix return value check of dma_get_required_mask()
  (git-fixes).
- scsi: qla2xxx: Fix disk failure to rediscover (git-fixes).
- commit 0ca6891
- mm: memcontrol: fix occasional OOMs due to proportional
  memory.low reclaim (bsc#1204754).
- mm, memcg: avoid stale protection values when cgroup is above
  protection (bsc#1204754).
- commit 0e7d107
- cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
  (bsc#1204753).
- commit b8640ed
- blacklist.conf: Add cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id
- commit d9d65d4
- powerpc/fadump: align destination address to pagesize
  (bsc#1204728 ltc#200074).
- commit 618ab17
- fs: move S_ISGID stripping into the vfs_*() helpers (bsc#1198702
  CVE-2021-4037).
- commit 2f39bf9
- fs: Add missing umask strip in vfs_tmpfile (bsc#1198702
  CVE-2021-4037).
- commit ab394e7
- fs: add mode_strip_sgid() helper (bsc#1198702 CVE-2021-4037).
- commit 536e02f
- usb: mon: make mmapped memory read only (bsc#1204653
  CVE-2022-43750).
- commit 1f646df
- blacklist.conf: add commit from git-fixes
- commit c46aa6a
- devlink: Fix use-after-free after a failed reload (bsc#1204637
  CVE-2022-3625).
- commit 3567978
- nvmem: core: Check input parameter for NULL in
  nvmem_unregister() (bsc#1204241).
- commit 1b1642f
- kABI: arm64/crypto/sha512 Preserve function signature (git-fixes).
- commit 9ea634f
- arm64: assembler: add cond_yield macro (git-fixes)
- commit f628c0a
- net: mvpp2: fix mvpp2 debugfs leak (bsc#1204417 CVE-2022-3535).
- bnx2x: fix potential memory leak in bnx2x_tpa_stop()
  (bsc#1204402 CVE-2022-3542).
- nfp: fix use-after-free in area_cache_get() (bsc#1204415
  CVE-2022-3545).
- commit 9a28d9e
- nilfs2: fix leak of nilfs_root in case of writer thread creation
  failure (CVE-2022-3646 bsc#1204646).
- nilfs2: fix use-after-free bug of struct nilfs_root
  (CVE-2022-3649 bsc#1204647).
- vsock: Fix memory leak in vsock_connect() (CVE-2022-3629
  bsc#1204635).
- commit 772e9a5
- Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
  (CVE-2022-3640 bsc#1204619).
- commit b1ed4c2
- crypto: arm64/sha512-ce - simplify NEON yield (git-fixes)
- commit d60e491
- crypto: arm64/sha3-ce - simplify NEON yield (git-fixes)
- commit 477d56a
- KVM: s390: pv: don't present the ecall interrupt twice
  (git-fixes).
- KVM: s390x: fix SCK locking (git-fixes).
- KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes).
- KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu
  (git-fixes).
- KVM: s390: clear kicked_mask before sleeping again (git-fixes).
- KVM: s390: VSIE: fix MVPG handling for prefixing and MSO
  (git-fixes).
- KVM: s390: split kvm_s390_real_to_abs (git-fixes).
- commit 1c45296
- crypto: arm64/sha2-ce - simplify NEON yield (git-fixes)
- commit ec837bd
- crypto: arm64/sha1-ce - simplify NEON yield (git-fixes)
- commit bf7093a
- crypto: arm64/sha - fix function types (git-fixes)
- commit 887f265
- Update metadata references
- commit 980fadf
- blacklist.conf: ("/arm64: Introduce a way to disable the 32bit vdso"/)
- commit 0591754
- KVM: x86: do not report a vCPU as preempted outside instruction
  boundaries (bsc#1203066 CVE-2022-39189).
- commit 89982eb
- nilfs2: fix NULL pointer dereference at
  nilfs_bmap_lookup_at_level() (CVE-2022-3621 bsc#1204574).
- commit df5c951
- r8152: Rate limit overflow messages (CVE-2022-3594 bsc#1204479).
- commit 488dede
- HID: bigben: fix slab-out-of-bounds Write in bigben_probe
  (CVE-2022-3577 bsc#1204470).
- commit e57339b
- kcm: avoid potential race in kcm_tx_work (bsc#1204355
  CVE-2022-3521).
- commit d2eeccc
- tcp/udp: Fix memory leak in ipv6_renew_options() (bsc#1204354
  CVE-2022-3524).
- commit ec8a71d
- Update metadata references
- commit 6d888aa
- sch_sfb: Also store skb len before calling child enqueue
  (CVE-2022-3586 bsc#1204439).
- sch_sfb: Don't assume the skb is still around after enqueueing
  to child (CVE-2022-3586 bsc#1204439).
- commit bbd433f
- mISDN: fix use-after-free bugs in l1oip timer handlers
  (CVE-2022-3565 bsc#1204431).
- commit 1917bcf
- net: ieee802154: return -EINVAL for unknown addr type
  (git-fixes).
- commit 2d80805
- ACPI: HMAT: Release platform device in case of
  platform_device_add_data() fails (git-fixes).
- rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register()
  (git-fixes).
- ALSA: hda/realtek: Correct pin configs for ASUS G533Z
  (git-fixes).
- ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
  (git-fixes).
- Input: xpad - add supported devices as contributed on github
  (git-fixes).
- USB: serial: qcserial: add new usb-id for Dell branded EM7455
  (git-fixes).
- USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes).
- ALSA: hda: Fix position reporting on Poulsbo (git-fixes).
- mmc: core: Terminate infinite loop in SD-UHS voltage switch
  (git-fixes).
- firmware: arm_scmi: Add SCMI PM driver remove routine
  (git-fixes).
- net/ieee802154: fix uninit value bug in dgram_sendmsg
  (git-fixes).
- dmaengine: xilinx_dma: Report error in case of
  dma_set_mask_and_coherent API failure (git-fixes).
- dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores
  property (git-fixes).
- rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
  (git-fixes).
- mmc: core: Replace with already defined values for readability
  (git-fixes).
- commit ba86540
- struct pci_config_window kABI workaround (bsc#1204382).
- commit b2287af
- PCI: Dynamically map ECAM regions (bsc#1204382).
- commit dc89dd6
- powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h
  (bsc#1065729).
- Refresh patches.suse/powerpc-mm-radix-Create-separate-mappings-for-hot-pl.patch
- Refresh patches.suse/powerpc-mm-radix-Remove-split_kernel_mapping.patch
- commit 852bb71
- rpm/check-for-config-changes: loosen pattern for AS_HAS_*
  This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128.
- commit bdc0bf7
- Revert "/usb: storage: Add quirk for Samsung Fit flash"/
  (git-fixes).
- commit c4ea05c
- USB: serial: qcserial: add new usb-id for Dell branded EM7455
  (git-fixes).
- commit 72baa22
- powerpc/mm/64s: Drop pgd_huge() (bsc#1065729).
- powerpc/powernv: add missing of_node_put() in
  opal_export_attrs() (bsc#1065729).
- powerpc/pci_dn: Add missing of_node_put() (bsc#1065729).
- commit 11a4b1b
- powerpc/kprobes: Fix null pointer reference in
  arch_prepare_kprobe() (jsc#SLE-13847 git-fixes).
- powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246
  git-fixes).
- commit 98b4617
- xfs: remove obsolete AGF counter debugging (git-fixes).
- commit 6b3cbd8
- xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes).
- commit c80d128
- xfs: rename `new' to `delta' in xfs_growfs_data_private()
  (git-fixes).
- commit 7994309
- xfs: streamline xfs_attr3_leaf_inactive (git-fixes).
- commit d0ec732
- xfs: fix memory corruption during remote attr value buffer
  invalidation (git-fixes).
- commit 63ac0a8
- xfs: refactor remote attr value buffer invalidation (git-fixes).
- commit cdcab38
- xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes).
- commit 260cd8e
- xfs: move incore structures out of xfs_da_format.h (git-fixes).
- commit f916b39
- xfs: add missing assert in xfs_fsmap_owner_from_rmap
  (git-fixes).
- commit 7d88bfe
- xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes).
- commit dc70b98
- mmc: sdhci-sprd: Fix minimum clock limit (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at
  iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes).
- wifi: mac80211: do not drop packets smaller than the LLC-SNAP
  header on fast-rx (git-fixes).
- can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes).
- can: kvaser_usb_leaf: Fix TX queue out of sync after restart
  (git-fixes).
- can: kvaser_usb: Fix use of uninitialized completion
  (git-fixes).
- mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq
  (git-fixes).
- watchdog: armada_37xx_wdt: Fix .set_timeout callback
  (git-fixes).
- watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure
  (git-fixes).
- drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types
  (git-fixes).
- irqchip/ls-extirq: Fix invalid wait context by avoiding to
  use regmap (git-fixes).
- commit 90b2426
- wifi: cfg80211: update hidden BSSes to avoid WARN_ON
  (git-fixes).
- wifi: mac80211_hwsim: avoid mac80211 warning on bad rate
  (git-fixes).
- commit d78eec4
- Move upstreamed WiFi fixes into sorted section
- commit 2dec8da
- Move upstreamed WiFi fixes into sorted section
- commit 05342a3
- kABI: fix kABI after "/KVM: Add infrastructure and macro to mark
  VM as bugged"/ (bsc#1200788 CVE-2022-2153).
- commit 1ddb693
- KVM: Add infrastructure and macro to mark VM as bugged
  (bsc#1200788 CVE-2022-2153).
- commit 07862de
- locking/csd_lock: Change csdlock_debug from early_param to
  __setup (git-fixes).
- Refresh
  patches.suse/0002-kernel-smp-make-csdlock-timeout-depend-on-boot-param.patch.
- commit 4abed38
- s390/hypfs: avoid error message under KVM (bsc#1032323).
- commit 2cf708c
- KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't
  activated (bsc#1200788 CVE-2022-2153).
- commit 8712ddf
- KVM: x86: hyper-v: disallow configuring SynIC timers with no
  SynIC (bsc#1200788 CVE-2022-2153).
- commit 75749d4
- KVM: nVMX: Unconditionally purge queued/injected events on
  nested "/exit"/ (git-fixes).
- commit 04b8316
- KVM: x86: Avoid theoretical NULL pointer dereference in
  kvm_irq_delivery_to_apic_fast() (bsc#1200788 CVE-2022-2153).
- commit f23b172
- KVM: x86/emulator: Fix handing of POP SS to correctly set
  interruptibility (git-fixes).
- commit 3671e7c
- KVM: x86: Check lapic_in_kernel() before attempting to set a
  SynIC irq (bsc#1200788 CVE-2022-2153).
- commit e02caef
- io_uring: disable polling signalfd pollfree files (CVE-2022-3176
  bsc#1203391).
- fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-2978
  bsc#1202700).
- commit 8c7541d
- sbitmap: Avoid leaving waitqueue in invalid state in
  __sbq_wake_up() (git-fixes).
- commit 89e6f60
- staging: vt6655: fix some erroneous memory clean-up loops
  (git-fixes).
- Revert "/usb: storage: Add quirk for Samsung Fit flash"/
  (git-fixes).
- usb: mon: make mmapped memory read only (git-fixes).
- usb: gadget: function: fix dangling pnp_string in f_printer.c
  (git-fixes).
- xhci: Don't show warning for reinit on known broken suspend
  (git-fixes).
- USB: serial: console: move mutex_unlock() before
  usb_serial_put() (git-fixes).
- vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes).
- wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes).
- wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM
  (git-fixes).
- wifi: rtl8xxxu: Remove copy-paste leftover in
  gen2_update_rate_mask (git-fixes).
- wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
  (git-fixes).
- wifi: rtl8xxxu: Fix skb misuse in TX queue selection
  (git-fixes).
- wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
  (git-fixes).
- wifi: ath10k: add peer map clean up for peer delete in
  ath10k_sta_state() (git-fixes).
- wifi: mac80211: allow bw change during channel switch in mesh
  (git-fixes).
- commit d4e6eb9
- soc: sunxi_sram: Make use of the helper function
  devm_platform_ioremap_resource() (git-fixes).
- Refresh
  patches.suse/soc-sunxi-sram-Prevent-the-driver-from-being-unbound.patch.
- commit 1478c4f
- PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
  (git-fixes).
- PCI: Fix used_buses calculation in pci_scan_child_bus_extend()
  (git-fixes).
- pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback
  (git-fixes).
- pinctrl: armada-37xx: Checks for errors in gpio_request_enable
  callback (git-fixes).
- pinctrl: armada-37xx: Fix definitions for MPP pins 20-22
  (git-fixes).
- pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes).
- tty: serial: fsl_lpuart: disable dma rx/tx use flags in
  lpuart_dma_shutdown (git-fixes).
- drivers: serial: jsm: fix some leaks in probe (git-fixes).
- tty: xilinx_uartps: Fix the ignore_status (git-fixes).
- phy: qualcomm: call clk_disable_unprepare in the error handling
  (git-fixes).
- sbitmap: fix possible io hung due to lost wakeup (git-fixes).
- soc: qcom: smem_state: Add refcounting for the 'state->of_node'
  (git-fixes).
- soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
  (git-fixes).
- platform/x86: msi-laptop: Fix resource cleanup (git-fixes).
- platform/x86: msi-laptop: Fix old-ec check for backlight
  registering (git-fixes).
- spi: s3c64xx: Fix large transfers with DMA (git-fixes).
- spi/omap100k:Fix PM disable depth imbalance in
  omap1_spi100k_probe (git-fixes).
- spi: qup: add missing clk_disable_unprepare on error in
  spi_qup_pm_resume_runtime() (git-fixes).
- spi: qup: add missing clk_disable_unprepare on error in
  spi_qup_resume() (git-fixes).
- spi: mt7621: Fix an error message in mt7621_spi_probe()
  (git-fixes).
- regulator: qcom_rpm: Fix circular deferral regression
  (git-fixes).
- uas: ignore UAS for Thinkplus chips (git-fixes).
- usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes).
- uas: add no-uas quirk for Hiksemi usb_disk (git-fixes).
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
  (git-fixes).
- commit d4e37ac
- Input: i8042 - fix refount leak on sparc (git-fixes).
- Input: xpad - fix wireless 360 controller breaking after suspend
  (git-fixes).
- lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall
  (git-fixes).
- mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
  (git-fixes).
- iio: adc: ad7923: fix channel readings for some variants
  (git-fixes).
- iio: dac: ad5593r: Fix i2c read protocol requirements
  (git-fixes).
- iio: ABI: Fix wrong format of differential capacitance channel
  ABI (git-fixes).
- iio: inkern: only release the device node when done with it
  (git-fixes).
- iio: adc: at91-sama5d2_adc: lock around oversampling and sample
  freq (git-fixes).
- iio: adc: at91-sama5d2_adc: check return status for pressure
  and touch (git-fixes).
- iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
  (git-fixes).
- misc: ocxl: fix possible refcount leak in afu_ioctl()
  (git-fixes).
- mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes).
- mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct()
  (git-fixes).
- mtd: devices: docg3: check the return value of devm_ioremap()
  in the probe (git-fixes).
- mfd: sm501: Add check for platform_driver_register()
  (git-fixes).
- mfd: lp8788: Fix an error handling path in lp8788_irq_init()
  and lp8788_irq_init() (git-fixes).
- mfd: lp8788: Fix an error handling path in lp8788_probe()
  (git-fixes).
- mfd: fsl-imx25: Fix an error handling path in
  mx25_tsadc_setup_irq() (git-fixes).
- mfd: intel_soc_pmic: Fix an error handling path in
  intel_soc_pmic_i2c_probe() (git-fixes).
- HID: multitouch: Add memory barriers (git-fixes).
- media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
  (git-fixes).
- media: cedrus: Set the platform driver data earlier (git-fixes).
- memory: of: Fix refcount leak bug in of_get_ddr_timings()
  (git-fixes).
- memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe()
  (git-fixes).
- mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
  (git-fixes).
- mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
  (git-fixes).
- mISDN: fix use-after-free bugs in l1oip timer handlers
  (git-fixes).
- commit ea51746
- gpio: rockchip: request GPIO mux to pinctrl when setting
  direction (git-fixes).
- crypto: cavium - prevent integer overflow loading firmware
  (git-fixes).
- crypto: ccp - Release dma channels before dmaengine unrgister
  (git-fixes).
- crypto: akcipher - default implementation for setting a private
  key (git-fixes).
- crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr
  (git-fixes).
- efi: libstub: drop pointless get_memory_map() call (git-fixes).
- clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
  (git-fixes).
- firmware: google: Test spinlock on panic path to avoid lockups
  (git-fixes).
- fpga: prevent integer overflow in dfl_feature_ioctl_set_irq()
  (git-fixes).
- dyndbg: let query-modname override actual module name
  (git-fixes).
- dyndbg: fix module.dyndbg handling (git-fixes).
- dmaengine: ioat: stop mod_timer from resurrecting deleted
  timer in __cleanup() (git-fixes).
- hid: hid-logitech-hidpp: avoid unnecessary assignments in
  hidpp_connect_event (git-fixes).
- drm/udl: Restore display mode on resume (git-fixes).
- drm/omap: dss: Fix refcount leak bugs (git-fixes).
- drm/msm/dpu: Fix comment typo (git-fixes).
- drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes).
- drm/scheduler: quieten kernel-doc warnings (git-fixes).
- drm/bridge: megachips: Fix a null pointer dereference bug
  (git-fixes).
- drm: fix drm_mipi_dbi build errors (git-fixes).
- drm/msm: Make .remove and .shutdown HW shutdown consistent
  (git-fixes).
- drm:pl111: Add of_node_put() when breaking out of
  for_each_available_child_of_node() (git-fixes).
- drm/bridge: parade-ps8640: Fix regulator supply order
  (git-fixes).
- drm/mipi-dsi: Detach devices when removing the host (git-fixes).
- drm/bridge: Avoid uninitialized variable warning (git-fixes).
- drm/nouveau: fix a use-after-free in
  nouveau_gem_prime_import_sg_table() (git-fixes).
- drm: bridge: adv7511: fix CEC power down control register offset
  (git-fixes).
- efi: Correct Macmini DMI match in uefi cert quirk (git-fixes).
- docs: update mediator information in CoC docs (git-fixes).
- commit 6db482b
- ACPI: APEI: do not add task_work to kernel thread to avoid
  memory leak (git-fixes).
- clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying
  num_parents (git-fixes).
- clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent
  (git-fixes).
- clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
  (git-fixes).
- clk: tegra20: Fix refcount leak in tegra20_clock_init
  (git-fixes).
- clk: tegra: Fix refcount leak in tegra114_clock_init
  (git-fixes).
- clk: tegra: Fix refcount leak in tegra210_clock_init
  (git-fixes).
- clk: berlin: Add of_node_put() for of_get_parent() (git-fixes).
- clk: qoriq: Hold reference returned by of_get_parent()
  (git-fixes).
- clk: oxnas: Hold reference returned by of_get_parent()
  (git-fixes).
- ata: fix ata_id_has_dipm() (git-fixes).
- ata: fix ata_id_has_ncq_autosense() (git-fixes).
- ata: fix ata_id_has_devslp() (git-fixes).
- ata: fix ata_id_sense_reporting_enabled() and
  ata_id_has_sense_reporting() (git-fixes).
- ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe
  (git-fixes).
- ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
  (git-fixes).
- ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
  (git-fixes).
- ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
  (git-fixes).
- ASoC: eureka-tlv320: Hold reference returned from of_find_xxx
  API (git-fixes).
- ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes).
- ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes).
- ALSA: hda/hdmi: Don't skip notification handling during PM
  operation (git-fixes).
- ALSA: dmaengine: increment buffer pointer atomically
  (git-fixes).
- ALSA: asihpi - Remove useless code in hpi_meter_get_peak()
  (git-fixes).
- ASoC: wcd934x: fix order of Slimbus unprepare/disable
  (git-fixes).
- ASoC: wcd9335: fix order of Slimbus unprepare/disable
  (git-fixes).
- Bluetooth: hci_core: Fix not handling link timeouts propertly
  (git-fixes).
- commit 058f8fc
- Update
  patches.suse/mm-rmap-Fix-anon_vma-degree-ambiguity-leading-to-double-reuse.patch
  (CVE-2022-42703, bsc#1204168, git-fixes, bsc#1203098).
- commit 15fe693
- misc: sgi-gru: fix use-after-free error in
  gru_set_context_option, gru_fault and gru_handle_user_call_os
  (CVE-2022-3424 bsc#1204166).
- commit 721c580
- wifi: mac80211: fix crash in beacon protection for P2P-device
  (CVE-2022-42722 bsc#1204125).
- commit a6f4ca8
- wifi: mac80211: refactor elements parsing with parameter struct
  (CVE-2022-42719 bsc#1204051).
- commit 26c2d4f
- mac80211: fix memory leaks with element parsing (CVE-2022-42719
  bsc#1204051).
- commit a818808
- mac80211: always allocate struct ieee802_11_elems
  (CVE-2022-42719 bsc#1204051).
- commit a183a67
- blacklist.conf: Append 'drm/vc4: hdmi: Prevent access to crtc->state outside of KMS'
- commit 39988a9
- blacklist.conf: Append 'drm/vc4: hdmi: Use a mutex to prevent concurrent framework access'
- commit c6967e3
- blacklist.conf: Append 'drm/vc4: hdmi: Add a spinlock to protect register access'
- commit 7d9f3f3
- wifi: cfg80211: avoid nontransmitted BSS list corruption
  (CVE-2022-42721 bsc#1204060).
- commit 5fe81ec
- wifi: mac80211: fix MBSSID parsing use-after-free
  (CVE-2022-42719 bsc#1204051).
- commit 6462e9c
- wifi: mac80211: refactor elements parsing with parameter struct
  (CVE-2022-42719 bsc#1204051).
- commit 7b3171e
- mac80211: fix memory leaks with element parsing (CVE-2022-42719
  bsc#1204051).
- mac80211: always allocate struct ieee802_11_elems
  (CVE-2022-42719 bsc#1204051).
- commit 1d0e42c
- wifi: cfg80211: fix BSS refcounting bugs (CVE-2022-42720
  bsc#1204059).
- mac80211: mlme: find auth challenge directly (CVE-2022-42719
  bsc#1204051).
- mac80211: move CRC into struct ieee802_11_elems (CVE-2022-42719
  bsc#1204051).
- wifi: cfg80211: fix BSS refcounting bugs (CVE-2022-42720
  bsc#1204059).
- cfg80211: hold bss_lock while updating nontrans_list
  (CVE-2022-42719 bsc#1204051).
- mac80211: mlme: find auth challenge directly (CVE-2022-42719
  bsc#1204051).
- mac80211: move CRC into struct ieee802_11_elems (CVE-2022-42719
  bsc#1204051).
- mac80211: don't re-parse elems in ieee80211_assoc_success()
  (CVE-2022-42719 bsc#1204051).
- commit cf17eed
- exfat: Return ENAMETOOLONG consistently for oversized paths
  (bsc#1204053 bsc#1201725).
- commit 955135a
- selftests/powerpc: Skip energy_scale_info test on older firmware
  (git-fixes).
- commit 2a9f2c0
- blacklist.conf: prerequisite too risky
- commit 67fdf07
- Refresh metadata
  Refresh:
  patches.suse/nvme-ensure-subsystem-reset-is-single-threaded.patch
  patches.suse/nvme-restrict-management-ioctls-to-admin.patch
- commit 32aee9f
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 3394628
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
  (git-fixes).
- commit 71e1adc
- blacklist.conf: ignore unwanted nfs patches
- commit 5bb5269
- blacklist.conf: ignore unwanted md patches
- commit ff9f04a
- scsi: stex: Properly zero out the passthrough command structure
  (bsc#1203514 CVE-2022-40768).
- commit b5c1e4b
- xfs: enable big timestamps (bsc#1203387).
- commit e8c654f
- xfs: widen ondisk quota expiration timestamps to handle y2038+
  (bsc#1203387).
- commit f11211b
- quota: widen timestamps for the fs_disk_quota structure
  (bsc#1203387).
- commit 1a9210f
- xfs: widen ondisk inode timestamps to deal with y2038+
  (bsc#1203387).
- commit ef6704e
- ACPI: processor idle: Practically limit "/Dummy wait"/ workaround
  to old Intel systems (bnc#1203802).
- commit 5c74e0f
- xfs: redefine xfs_ictimestamp_t (bsc#1203387).
  Refresh
  patches.suse/xfs-repair-malformed-inode-items-during-log-recovery.patch.
- commit 79f8f1e
- xfs: redefine xfs_timestamp_t (bsc#1203387).
- commit f6d0842
- xfs: use a struct timespec64 for the in-core crtime
  (bsc#1203387).
- commit d683559
- xfs: quota: move to time64_t interfaces (bsc#1203387).
- commit e4afdb9
- xfs: explicitly define inode timestamp range (bsc#1203387).
- commit d8ae99a
- nvme: ensure subsystem reset is single threaded (bsc#1203290
  CVE-2022-3169).
- nvme: restrict management ioctls to admin (bsc#1203290
  CVE-2022-3169).
- commit fb89dd3
- media: aspeed-video: ignore interrupts that aren't enabled
  (git-fixes).
- commit 36a70fa
- media: coda: Add more H264 levels for CODA960 (git-fixes).
- commit 6094fd3
- media: coda: Fix reported H264 profile (git-fixes).
- commit af3ba3e
- xfs: enable new inode btree counters feature (bsc#1203387).
- commit 06361ad
- xfs: use the finobt block counts to speed up mount times
  (bsc#1203387).
- commit debb8f9
- xfs: store inode btree block counts in AGI header (bsc#1203387).
- commit f9fb0f8
- blacklist.conf: Append 'sysfb: Enable boot time VESA graphic mode selection'
- commit 49f0f34
- Revert "/constraints: increase disk space for all architectures"/
  (bsc#1203693).
  This reverts commit 43a9011f904bc7328d38dc340f5e71aecb6b19ca.
- commit 3d33373
- Add CVE reference on lightnvm removal patch
  modified:
  - patches.drivers/lightnvm-remove-lightnvm-implemenation.patch
- commit 6251214
- drm/amdgpu: don't register a dirty callback for non-atomic
  (git-fixes).
- commit 0b4b37a
- wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes).
- commit 0b58855
- usb: typec: ucsi: Remove incorrect warning (git-fixes).
- USB: serial: option: add Quectel RM520N (git-fixes).
- USB: serial: option: add Quectel BG95 0x0203 composition
  (git-fixes).
- Revert "/usb: add quirks for Lenovo OneLink+ Dock"/ (git-fixes).
- usb: add quirks for Lenovo OneLink+ Dock (git-fixes).
- video: fbdev: pxa3xx-gcu: Fix integer overflow in
  pxa3xx_gcu_write (git-fixes).
- usb: dwc3: gadget: Prevent repeat pullup() (git-fixes).
- usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
  (git-fixes).
- usb: xhci-mtk: fix issue of out-of-bounds array access
  (git-fixes).
- commit 2e55e74
- soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes).
- soc: sunxi: sram: Prevent the driver from being unbound
  (git-fixes).
- soc: sunxi: sram: Actually claim SRAM regions (git-fixes).
- usb: xhci-mtk: add some schedule error number (git-fixes).
- usb: xhci-mtk: add a function to (un)load bandwidth info
  (git-fixes).
- usb: xhci-mtk: use @sch_tt to check whether need do TT schedule
  (git-fixes).
- usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes).
- usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes).
- tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before
  sending data (git-fixes).
- commit e040102
- blacklist.conf: df5b035b5683 x86/cacheinfo: Add a cpu_llc_shared_mask() UP variant
- commit 51fbc8c
- media: dvb_vb2: fix possible out of bound access (git-fixes).
- clk: iproc: Do not rely on node name for correct PLL setup
  (git-fixes).
- clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI
  clocks (git-fixes).
- Revert "/drm: bridge: analogix/dp: add panel prepare/unprepare
  in suspend/resume time"/ (git-fixes).
- libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205
  (git-fixes).
- mmc: moxart: fix 4-bit bus width and remove 8-bit bus width
  (git-fixes).
- reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes).
- ASoC: tas2770: Reinit regcache on reset (git-fixes).
- serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx
  accounting (git-fixes).
- serial: tegra: Use uart_xmit_advance(), fixes icount.tx
  accounting (git-fixes).
- serial: Create uart_xmit_advance() (git-fixes).
- can: gs_usb: gs_can_open(): fix race dev->can.state condition
  (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes).
- ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack
  (git-fixes).
- ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530
  laptop (git-fixes).
- ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes).
- ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes).
- drm/rockchip: Fix return type of cdn_dp_connector_mode_valid
  (git-fixes).
- drm/amd/display: Limit user regamma to a valid value
  (git-fixes).
- drm/amdgpu: use dirty framebuffer helper (git-fixes).
- ASoC: nau8824: Fix semaphore unbalance at error paths
  (git-fixes).
- ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes).
- ALSA: hda/sigmatel: Fix unused variable warning for beep power
  change (git-fixes).
- ALSA: hda/sigmatel: Keep power up while beep is enabled
  (git-fixes).
- regulator: pfuze100: Fix the global-out-of-bounds access in
  pfuze100_regulator_probe() (git-fixes).
- net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
- commit e7744dc
- blacklist.conf: 00da0cb385d0 Documentation/ABI: Mention retbleed vulnerability info file for sysfs
- commit 24c89c9
- USB: serial: option: add Quectel RM520N (git-fixes).
- commit e500762
- USB: serial: option: add Quectel BG95 0x0203 composition
  (git-fixes).
- commit 75be355
- Revert "/drivers/video/backlight/platform_lcd.c: add support for (bsc#1152489)
- commit b42e64a
- parisc/sticon: fix reverse colors (bsc#1152489)
  Backporting notes:
  * context changes
- commit 206cd49
- parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489)
- commit f67e434
- char: pcmcia: synclink_cs: Fix use-after-free in mgslpc_ops
  (CVE-2022-41848 bsc#1203987).
- commit c6f643b
- fbdev: smscufx: Fix use-after-free in ufx_ops_open()
  (CVE-2022-41849 bsc#1203992).
- commit 1b1c9cc
- Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address
  (git-fixes).
- commit d6b115e
- Input: melfas_mip4 - fix return value check in mip4_probe()
  (git-fixes).
- commit 6863cfd
- blacklist.conf: cleanup that breaks kABI
- commit 9b1761f
- USB: core: Fix RST error in hub.c (git-fixes).
- commit 0a4bc80
- struct ehci_hcd: hide new member (git-fixes).
- commit 47be3bf
- usb: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes).
- commit 6d316e7
- struct otg_fsm: hide new boolean member in gap (git-fixes).
- commit f6f0e1f
- usb: otg-fsm: Fix hrtimer list corruption (git-fixes).
- commit 659ffb3
- blacklist.conf: breaks kABI for an issue relevant only in a minor HC
- commit 803fd47
- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
- commit cd54e08
- bpf: Compile out btf_parse_module() if module BTF is not enabled
  (git-fixes).
- commit 1eec519
- net: mana: Add rmb after checking owner bits (git-fixes).
- commit 78526f5
- arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes)
- commit 1907554
- arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes)
- commit b65f350
- arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes)
- commit bdc6c6e
- net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529).
- commit a9060b8
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- commit 25390e7
- scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).
- scsi: lpfc: Fix various issues reported by tools (bsc#1203939).
- scsi: lpfc: Add reporting capability for Link Degrade Signaling
  (bsc#1203939).
- scsi: lpfc: Rework FDMI attribute registration for unintential
  padding (bsc#1203939).
- scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and
  consistency (bsc#1203939).
- scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd
  (bsc#1203939).
- scsi: lpfc: Update congestion mode logging for Emulex SAN
  Manager application (bsc#1203939).
- scsi: lpfc: Move scsi_host_template outside dynamically
  allocated/freed phba (bsc#1185032 bsc#1203939).
  Dropped:
  patches.suse/lpfc-decouple-port_template-and-vport_template.patch
- scsi: lpfc: Fix multiple NVMe remoteport registration calls
  for the same NPort ID (bsc#1203939).
- scsi: lpfc: Add missing free iocb and nlp kref put for early
  return VMID cases (bsc#1203939).
- scsi: lpfc: Fix mbuf pool resource detected as busy at driver
  unload (bsc#1203939).
- scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology
  (bsc#1203939).
- scsi: lpfc: Fix prli_fc4_req checks in PRLI handling
  (bsc#1203939).
- scsi: lpfc: Remove unneeded result variable (bsc#1203939).
- scsi: lpfc: Remove the unneeded result variable (bsc#1203939).
- commit 829fcfa
- scsi: lpfc: Add missing destroy_workqueue() in error path
  (bsc#1203939).
- scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of
  DID_REQUEUE (bsc#1203939).
- commit 26a6fd8
- wifi: cfg80211: ensure length byte is present before access
  (CVE-2022-41674 bsc#1203770).
- wifi: cfg80211/mac80211: reject bad MBSSID elements
  (CVE-2022-41674 bsc#1203770).
- wifi: cfg80211: fix u8 overflow in
  cfg80211_update_notlisted_nontrans() (CVE-2022-41674
  bsc#1203770).
- commit a878ee7
- scsi: qla2xxx: Remove unused declarations for qla2xxx
  (bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image
  Status (bsc#1203935).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Fix response queue handler reading stale packets
  (bsc#1203935).
- scsi: qla2xxx: Revert "/scsi: qla2xxx: Fix response queue
  handler reading stale packets"/ (bsc#1203935).
- scsi: qla2xxx: Log message "/skipping scsi_scan_host()"/ as
  informational (bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from
  qlt_stop_phase1() (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- commit 7c106a6
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
  (bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port
  ISP27XX (bsc#1203935).
- commit 80690be
- kabi/severities: add mlx5 internal symbols
- commit 4fb94df
- net/mlx5: Dynamically resize flow counters query buffer
  (bsc#119175).
- net/mlx5: Fix flow counters SF bulk query len (bsc#119175).
- net/mlx5: Reduce flow counters bulk query buffer size for SFs
  (bsc#119175).
- net/mlx5: Allocate individual capability (bsc#119175).
- net/mlx5: Reorganize current and maximal capabilities to be
  per-type (bsc#119175).
- net/mlx5: Use order-0 allocations for EQs (bsc#119175).
- commit cb2b71a
- psi: Fix uaf issue when psi trigger is destroyed while being
  polled (bsc#1203909).
- commit fd0515b
- cgroup: cgroup_get_from_id() must check the looked-up kn is
  a directory (bsc#1203906).
- Refresh patches.suse/scsi-cgroup-Add-cgroup_get_from_id.patch.
- commit f918358
- mm/mremap: hold the rmap lock in write mode when moving page
  table entries (CVE-2022-41222 bsc#1203622).
- commit 07909f0
- USB: core: Prevent nested device-reset calls (git-fixes).
- commit 5a61004
- blacklist.conf: irrelevant in our kernel configurations
- commit 0547ac8
- usb: dwc3: disable USB core PHY management (git-fixes).
- commit 5595967
- blacklist.conf: black list commit 2fdbb8dd0155
  Add commit 2fdbb8dd0155 ("/fuse: fix deadlock between atomic O_TRUNC and page
  invalidation"/) to the blacklist.  It's a real bug, but it's been there for a
  long time, it seems to have low impact and the backport risks are high.
- commit e45fa09
- constraints: increase disk space for all architectures
  References: bsc#1203693
  aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is
  very close to the limit.
- commit 43a9011
- usb.h: struct usb_device: hide new member (git-fixes).
- commit 345c930
- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (CVE-2022-3303
  bsc#1203769).
- commit aa1dc74
- Revert "/SUNRPC: Remove unreachable error condition"/ (git-fixes).
- md: call __md_stop_writes in md_stop (git-fixes).
- SUNRPC: RPC level errors should set task->tk_rpc_status
  (git-fixes).
- SUNRPC: Reinitialise the backchannel request buffers before
  reuse (git-fixes).
- NFSv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- NFSv4: Fix races in the legacy idmapper upcall (git-fixes).
- sunrpc: fix expiry of auth creds (git-fixes).
- NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly
  (git-fixes).
- NFSv4.1: Don't decrease the value of seq_nr_highest_sent
  (git-fixes).
- md-raid10: fix KASAN warning (git-fixes).
- SUNRPC: Don't leak sockets in xs_local_connect() (git-fixes).
- SUNRPC: Don't call connect() more than once on a TCP socket
  (git-fixes).
- NFSD: Fix offset type in I/O trace points (git-fixes).
- SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes).
- sunrpc: Fix misplaced barrier in call_decode (git-fixes).
- xprtrdma: Fix cwnd update ordering (git-fixes).
- svcrdma: Hold private mutex while invoking rdma_accept()
  (git-fixes).
- commit 3437f45
- blacklist.conf: 441947019138 Documentation: Add documentation for Processor MMIO Stale Data
- commit 7da5a85
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit 2078b95
- padata: make padata_free_shell() to respect pd's ->refcnt
  (bsc#1202638).
- commit 2827da5
- padata: introduce internal padata_get/put_pd() helpers
  (bsc#1202638).
- commit 8fd1f6c
- ima: force signature verification when CONFIG_KEXEC_SIG is
  configured (bsc#1203737).
- kexec: do not verify the signature without the lockdown or
  mandatory signature (bsc#1203737).
- commit 6aaef78
- kABI: x86: kexec: hide new include from genksyms (bsc#1196444).
- commit f16766a
- kexec, KEYS, s390: Make use of built-in and secondary keyring
  for signature verification (bsc#1196444).
- arm64: kexec_file: use more system keyrings to verify kernel
  image signature (bsc#1196444).
- kexec, KEYS: make the code in bzImage64_verify_sig generic
  (bsc#1196444).
- kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).
- kexec: drop weak attribute from functions (bsc#1196444).
- kexec_file: drop weak attribute from functions (bsc#1196444).
- x86/kexec: fix memory leak of elf header buffer (bsc#1196444).
- kexec_file: drop weak attribute from
  arch_kexec_apply_relocations[_add] (bsc#1196444).
- commit 57f8f15
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: sg: Allow waiting for commands to complete on removed
  device (git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: core: Fix bad pointer dereference when ehandler kthread
  is invalid (git-fixes).
- commit 3a8854b
- blacklist.conf: add git-fixes not needed to list
- commit 0514bb0
- gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type
  in mpc85xx (git-fixes).
- pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH
  (git-fixes).
- drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).
- drm/meson: Correct OSD1 global alpha value (git-fixes).
- of/device: Fix up of_dma_configure_id() stub (git-fixes).
- of: fdt: fix off-by-one error in unflatten_dt_nodes()
  (git-fixes).
- efi: capsule-loader: Fix use-after-free in efi_capsule_write
  (git-fixes).
- soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
  (git-fixes).
- Input: iforce - add support for Boeder Force Feedback Wheel
  (git-fixes).
- vt: Clear selection before changing the font (git-fixes).
- drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk
  (git-fixes).
- usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS
  (git-fixes).
- USB: serial: cp210x: add Decagon UCA device id (git-fixes).
- USB: serial: option: add support for Cinterion MV32-WA/WB
  RmNet mode (git-fixes).
- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
  (git-fixes).
- USB: serial: option: add Quectel EM060K modem (git-fixes).
- USB: serial: option: add support for OPPO R11 diag port
  (git-fixes).
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
  (git-fixes).
- usb-storage: Add ignore-residue quirk for NXP PN7462AU
  (git-fixes).
- platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell
  Dot keymap fixes (git-fixes).
- ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).
- hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered
  message (git-fixes).
- HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
  (git-fixes).
- fbdev: chipsfb: Add missing pci_disable_device() in
  chipsfb_pci_init() (git-fixes).
- fbdev: fb_pm2fb: Avoid potential divide by zero error
  (git-fixes).
- drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly
  (git-fixes).
- drm/radeon: add a force flush to delay work when radeon
  (git-fixes).
- drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup
  (git-fixes).
- drm/gem: Fix GEM handle release errors (git-fixes).
- vt: selection, introduce vc_is_sel (git-fixes).
- commit 41cd9fa
- blacklist.conf: Remove vt patch entry that is needed by other fix
- commit d86dd83
- Revert "/ALSA: usb-audio: Split endpoint setups for hw_params
  and prepare"/ (git-fixes).
- ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes).
- ALSA: emu10k1: Fix out of bounds access in
  snd_emu10k1_pcm_channel_alloc() (git-fixes).
- ALSA: usb-audio: Fix an out-of-bounds bug in
  __snd_usb_parse_audio_interface() (git-fixes).
- ALSA: aloop: Fix random zeros in capture data when using
  jiffies timer (git-fixes).
- drm/msm/rd: Fix FIFO-full deadlock (git-fixes).
- ALSA: seq: Fix data-race at module auto-loading (git-fixes).
- ALSA: seq: oss: Fix data-race for max_midi_devs access
  (git-fixes).
- commit c844286
- Move upstreamed patches into sorted section
- commit 8fc0f8a
- media: dvb-core: Fix UAF due to refcount races at releasing
  (CVE-2022-41218 bsc#1202960).
- commit 260d985
- blacklist.conf: e9b6013a7ce3 x86/speculation: Update link to AMD speculation whitepaper
- commit 698f0eb
- Refresh
  patches.suse/netfilter-nf_conntrack_irc-Fix-forged-IP-logic.patch.
- commit a7baae2
- Delete
  patches.suse/net-usb-ax88179_178a-write-mac-to-hardware-in-get_ma.patch.
  (bsc#1203313)
- commit 95f983b
- blacklist.conf: ad2c302bc604 EDAC/sifive: Fix non-kernel-doc comment
- commit de5ca80
- media: em28xx: initialize refcount before kref_get
  (CVE-2022-3239 bsc#1203552).
- commit b9d53ba
- powerpc/memhotplug: Make lmb size 64bit (bsc#1203424
  ltc#199544).
- powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).
- commit 7105c05
- scsi: smartpqi: Shorten drive visibility after removal
  (bsc#1200622).
  Delete no longer needed SUSE-specific patch that adds tunable
  parameters for smartpqi reset.
  Deleted:
  patches.suse/scsi-smartpqi-create-module-parameters-for-LUN-reset.patch.
- commit 46fd862
- squashfs: fix divide error in calculate_skip() (git-fixes).
- commit 8eb4b9e
- arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341)
- commit 6f5d84d
- dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503,
  bsc#1202677).
- commit 8fdd2ed
- dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503,
  bsc#1202677).
- commit cb91fc5
- x86/bugs: Reenable retbleed=off
  While for older kernels the return thunks are statically built in and
  cannot be dynamically patched out, retbleed=off should still work so
  that it can be disabled.
- Refresh
  patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- commit 922ee7a
- md: unlock mddev before reap sync_thread in action_store
  (bsc#1197659).
- commit a26c618
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- commit b06f37e
- KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported
  value (git-fixes).
- commit 16015a8
- KVM: x86: Set error code to segment selector on LLDT/LTR
  non-canonical #GP (git-fixes).
- commit 3f756c3
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault
  checks (git-fixes).
- commit 56bf87e
- x86/xen: Remove undefined behavior in setup_features()
  (git-fixes).
- commit a4e3370
- Update references:
  - patches.kabi/kabi-return-type-change-of-secure_ipv-46-_port_ephem.patch
  - patches.suse/secure_seq-use-the-64-bits-of-the-siphash-for-port-o.patch
  - patches.suse/tcp-add-small-random-increments-to-the-source-port.patch
  - patches.suse/tcp-drop-the-hash_32-part-from-the-index-calculation.patch
  - patches.suse/tcp-dynamically-allocate-the-perturb-table-used-by-s.patch
  - patches.suse/tcp-increase-source-port-perturb-table-to-2-16.patch
  - patches.suse/tcp-resalt-the-secret-every-10-seconds.patch
  - patches.suse/tcp-use-different-parts-of-the-port_offset-for-index.patch
  (add CVE-2022-32296 bsc#1200288)
- commit 01ba066
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit 3a4afff
- Revert "/random: fix crash on multiple early calls to (bsc#1201645)"/
  This reverts commit d8168ccb1401eeeed63fa376ac53b5ab983f6d1e.
  This version of the patch causes regression of the problem it's supposed
  to fix, drop it again.
- commit 55b3759
- Refresh sorted patches, move out-of-tree ppc patches to ppc section.
- commit 4fb7690
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- commit d91e617
- JFS: more checks for invalid superblock (git-fixes).
- commit 9d9aa1f
- JFS: fix memleak in jfs_mount (git-fixes).
- commit aaf1dca
- jfs: prevent NULL deref in diFree (bsc#1203389).
- commit 55c4d53
- jfs: fix GPF in diFree (bsc#1203389).
- commit 48bda4c
- mmc: block: fix read single on recovery logic (CVE-2022-20008
  bsc#1199564).
- commit de3f02b
- tracing: hold caller_addr to hardirq_{enable,disable}_ip
  (git-fixes).
- commit 16424ba
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline
  when ftrace is dead (git-fixes).
- commit 5b60469
- arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes)
- commit 9208a35
- crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes)
- commit 790c147
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)
- commit 68c8906
- arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes)
- commit ec68a76
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes)
- commit 3cd5dd6
- arm64: mm: fix p?d_leaf() (git-fixes)
- commit a914a52
- blacklist.conf: ("/arm64: fix clang warning about TRAMP_VALIAS"/)
- commit 77f79cc
- arm64: tegra: Remove non existent Tegra194 reset (git-fixes)
- commit 500bc08
- arm64: tlb: fix the TTL value of tlb_get_level (git-fixes)
- commit 93eea81
- arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes)
- commit f1a43b3
- arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes)
- commit b0eb54a
- blacklist.conf: ("/arm64: Fix kernel address detection of __is_lm_address()"/)
- commit 2aab643
- arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes)
- commit f8968ca
- arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes)
- commit cfcfe62
- arm64/mm: Validate hotplug range before creating linear mapping (git-fixes)
- commit 067e57e
- blacklist.conf: ("/arm64: Drop unnecessary include from asm/smp.h"/)
- commit 998d48c
- netfilter: nf_tables: do not allow CHAIN_ID to refer to another
  table (CVE-2022-2586 bsc#1202095).
  Note: this patch is a backport of a 5.9-rc1 mainline commit which was only
  backported into SLE15-SP3 so that it cannot be added to cve/linux-5.3.
- commit 10f848d
- dccp: don't duplicate ccid when cloning dccp sock
  (CVE-2020-16119 bsc#1177471).
- commit 7c77568
- netfilter: nf_tables: do not allow RULE_ID to refer to another
  chain (CVE-2022-2586 bsc#1202095).
- netfilter: nf_tables: do not allow SET_ID to refer to another
  table (CVE-2022-2586 bsc#1202095).
- commit 9335568
- watchdog: wdat_wdt: Set the min and max timeout values properly
  (bsc#1194023).
- commit cc91c04
- ALSA: usb-audio: Split endpoint setups for hw_params and prepare
  (git-fixes).
- ALSA: usb-audio: Register card again for iface over
  delayed_register option (git-fixes).
- ALSA: usb-audio: Inform the delayed registration more properly
  (git-fixes).
- ALSA: usb-audio: fix spelling mistakes (git-fixes).
- commit b46a495
- s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607).
- s390/qeth: improve selection of ethtool link modes (bsc#1202984
  LTC#199607).
- s390/qeth: use QUERY OAT for initial link info (bsc#1202984
  LTC#199607).
- s390/qeth: clean up default cases for ethtool link mode
  (bsc#1202984 LTC#199607).
- s390/qeth: set static link info during initialization
  (bsc#1202984 LTC#199607).
- s390/qeth: improve QUERY CARD INFO processing (bsc#1202984
  LTC#199607).
- s390/qeth: tolerate error when querying card info (bsc#1202984
  LTC#199607).
- commit 9031a4b
- regulator: core: Clean up on enable failure (git-fixes).
- wifi: iwlegacy: 4965: corrected fix for potential off-by-one
  overflow in il4965_rs_fill_link_cmd() (git-fixes).
- commit e4c4fe1
- USB: serial: ch341: fix disabled rx timer on older devices
  (git-fixes).
- commit 85a0dd6
- USB: serial: ch341: fix lost character on LCR updates
  (git-fixes).
- commit bf1a320
- USB: serial: ch341: name prescaler, divisor registers
  (git-fixes).
- commit 63aa28e
- nvme-tcp: fix UAF when detecting digest errors (bsc#1200313
  bsc#1201489).
- commit d4bd81f
- nvme-rdma: Handle number of queue changes (bsc#1201865).
- nvme-tcp: Handle number of queue changes (bsc#1201865).
- nvmet: Expose max queues to configfs (bsc#1201865).
- commit cdc0881
- nvme-fabrics: parse nvme connect Linux error codes
  (bsc#1201865).
- commit 9e2c1de
- mm: pagewalk: Fix race between unmap and page walker (git-fixes,
  bsc#1203159).
- commit 173564a
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit ed68f11
- mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
  (CVE-2022-39188, bsc#1203107).
- commit 84aac57
- netfilter: nf_tables: disallow binding to already bound chain
  (bsc#1203117 CVE-2022-39190).
- commit 933f567
- fuse: Remove the control interface for virtio-fs (bsc#1203137).
- fuse: ioctl: translate ENOSYS (bsc#1203136).
- fuse: limit nsec (bsc#1203135).
- commit e82b600
- netfilter: nf_conntrack_irc: Tighten matching on DCC message
  (CVE-2022-2663 bsc#1202097).
- netfilter: nf_conntrack_irc: Fix forged IP logic (CVE-2022-2663
  bsc#1202097).
- commit a949534
- Revert "/clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops"/
  (git-fixes).
- Revert "/usb: gadget: udc-xilinx: replace memcpy with
  memcpy_toio"/ (git-fixes).
- commit 855ba08
- gpio: pca953x: Add mutex_lock for regcache sync in PM
  (git-fixes).
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
  (git-fixes).
- Input: rk805-pwrkey - fix module autoloading (git-fixes).
- tty: serial: lpuart: disable flow control while waiting for
  the transmit engine to complete (git-fixes).
- serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
- staging: rtl8712: fix use after free bugs (git-fixes).
- clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate
  (git-fixes).
- clk: core: Fix runtime PM sequence in clk_core_unprepare()
  (git-fixes).
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops
  (git-fixes).
- hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
- drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
  (git-fixes).
- drm/msm/dsi: fix the inconsistent indenting (git-fixes).
- drm/i915/reg: Fix spelling mistake "/Unsupport"/ -> "/Unsupported"/
  (git-fixes).
- driver core: Don't probe devices after bus_type.match() probe
  deferral (git-fixes).
- misc: fastrpc: fix memory corruption on open (git-fixes).
- misc: fastrpc: fix memory corruption on probe (git-fixes).
- iio: adc: mcp3911: use correct formula for AD conversion
  (git-fixes).
- iio: adc: mcp3911: make use of the sign bit (git-fixes).
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
  (git-fixes).
- usb: dwc2: fix wrong order of phy_power_on and phy_init
  (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
  (git-fixes).
- thunderbolt: Use the actual buffer in tb_async_error()
  (git-fixes).
- usb: typec: altmodes/displayport: correct pin assignment for
  UFP receptacles (git-fixes).
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
- ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
- Bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
  (git-fixes).
- wifi: mac80211: Don't finalize CSA in IBSS mode if state is
  disconnected (git-fixes).
- HID: steam: Prevent NULL pointer dereference in
  steam_{recv,send}_report (git-fixes).
- commit ed7b741
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- serial: mvebu-uart: uart2 error bits clearing (git-fixes).
- tty: vt: initialize unicode screen buffer (git-fixes).
- tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
- video: fbdev: i740fb: Check the argument of i740_calc_vclk()
  (git-fixes).
- usb: renesas: Fix refcount leak bug (git-fixes).
- usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
- usb: gadget: uvc: call uvc uvcg_warn on completed status
  instead of uvcg_info (git-fixes).
- vboxguest: Do not use devm for irq (git-fixes).
- wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
- wifi: mac80211_hwsim: add back erroneously removed cast
  (git-fixes).
- wifi: mac80211_hwsim: fix race condition in pending packet
  (git-fixes).
- spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
- spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
- commit 86912f8
- mmc: pxamci: Fix another error handling path in pxamci_probe()
  (git-fixes).
- mtd: rawnand: meson: Fix a potential double free issue
  (git-fixes).
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s
  error path (git-fixes).
- mtd: partitions: Fix refcount leak in parse_redboot_of
  (git-fixes).
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in
  sm_release (git-fixes).
- mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
- mtd: maps: Fix refcount leak in of_flash_probe_versatile
  (git-fixes).
- PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
- net: rose: fix netdev reference changes (git-fixes).
- commit b9934d3
- i2c: imx: Make sure to unregister adapter on remove()
  (git-fixes).
- mmc: pxamci: Fix an error handling path in pxamci_probe()
  (git-fixes).
- lib/list_debug.c: Detect uninitialized lists (git-fixes).
- mfd: max77620: Fix refcount leak in max77620_initialise_fps
  (git-fixes).
- mfd: t7l66xb: Drop platform disable callback (git-fixes).
- HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
- HID: wacom: Don't register pad_input for touch switch
  (git-fixes).
- intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
- intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
- intel_th: pci: Add Meteor Lake-P support (git-fixes).
- commit f90560c
- drm/amdgpu: remove useless condition in
  amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
- drm/sun4i: dsi: Prevent underflow when computing packet sizes
  (git-fixes).
- drm/meson: Fix refcount bugs in
  meson_vpu_has_available_connectors() (git-fixes).
- drm/meson: Fix overflow implicit truncation warnings
  (git-fixes).
- dmaengine: sprd: Cleanup in .remove() after
  pm_runtime_get_sync() failed (git-fixes).
- HID: wacom: Only report rotation for art pen (git-fixes).
- gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
- drm/amdgpu: Check BO's requested pinning domains against its
  preferred_domains (git-fixes).
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters
  (git-fixes).
- commit 9b0074c
- asm-generic: sections: refactor memory_intersects (git-fixes).
- ACPI: processor: Remove freq Qos request for all CPUs
  (git-fixes).
- ata: libata-eh: Add missing command name (git-fixes).
- ALSA: info: Fix llseek return value when using callback
  (git-fixes).
- ASoC: tas2770: Allow mono streams (git-fixes).
- ASoC: SOF: debug: Fix potential buffer overflow by snprintf()
  (git-fixes).
- ASoC: audio-graph-card: Add of_node_put() in fail path
  (git-fixes).
- ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp()
  (git-fixes).
- ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV
  (git-fixes).
- ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to
  S8_TLV (git-fixes).
- ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes).
- ASoC: mt6797-mt6351: Fix refcount leak in
  mt6797_mt6351_dev_probe (git-fixes).
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
- ACPI: LPSS: Fix missing check in register_device_clock()
  (git-fixes).
- ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes).
- ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from
  DMI quirks (git-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for
  HP machine (git-fixes).
- clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks
  (git-fixes).
- commit a8924db
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit f477eb5
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
  (git-fixes, bsc#1203098).
  kABI: Fix kABI after "/mm/rmap: Fix anon_vma->degree ambiguity
  leading to double-reuse"/ (git-fixes, bsc#1203098).
- commit cfac9ee
- scsi: lpfc: Copyright updates for 14.2.0.6 patches
  (bsc#1203063).
- scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
- scsi: lpfc: Remove SANDiags related code (bsc#1203063).
- scsi: lpfc: Add warning notification period to CMF_SYNC_WQE
  (bsc#1203063).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic
  (bsc#1203063).
- scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit
  path for GFT_ID (bsc#1203063).
- scsi: lpfc: Fix unsolicited FLOGI receive handling during
  PT2PT discovery (bsc#1203063).
- scsi: lpfc: Check the return value of alloc_workqueue()
  (bsc#1203063).
- commit e207225
- KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for
  !nested_run_pending case (git-fixes).
- commit 17df333
- blacklist.conf: add dbac14a5a05f, as it would break kabi
- commit 55dfee4
- KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending
  case (git-fixes).
- commit 1a5a475
- KVM: x86: accept userspace interrupt only if no event is
  injected (git-fixes).
- commit b61f5d7
- KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled
  (git-fixes).
- commit b27e2cd
- blacklist.conf: Add three patches
  44585f7bc0cb psi: fix "/defined but not used"/ warnings when CONFIG_PROC_FS=n
  5102bb1c9f82 psi: Fix "/defined but not used"/ warnings when CONFIG_PROC_FS=n
  ec2444530612 psi: Fix "/no previous prototype"/ warnings when CONFIG_CGROUPS=n
- commit f8fef55
- s390/mm: do not trigger write fault when vma does not allow
  VM_WRITE (git-fixes).
- s390/crash: fix incorrect number of bytes to copy to user space
  (git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes
  copied (git-fixes).
- s390/mm: fix 2KB pgtable release race (git-fixes).
- commit 32b8c39
- rpm/kernel-source.spec.in: simplify finding of broken symlinks
  "/find -xtype l"/ will report them, so use that to make the search a bit
  faster (without using shell).
- commit 13bbc51
- mkspec: eliminate @NOSOURCE@ macro
  This should be alsways used with @SOURCES@, just include the content
  there.
- commit 403d89f
- kernel-source: include the kernel signature file
  We assume that the upstream tarball is used for released kernels.
  Then we can also include the signature file and keyring in the
  kernel-source src.rpm.
  Because of mkspec code limitation exclude the signature and keyring from
  binary packages always - mkspec does not parse spec conditionals.
- commit e76c4ca
- kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages
- commit 4b42fb2
- dtb: Do not include sources in src.rpm - refer to kernel-source
  Same as other kernel binary packages there is no need to carry duplicate
  sources in dtb packages.
- commit 1bd288c
- nvme: fix RCU hole that allowed for endless looping in multipath
  round robin (bsc#1202636).
- commit e7e083b
- af_key: Do not call xfrm_probe_algs in parallel (bsc#1202898
  CVE-2022-3028).
- commit 50479c7
- usb: dwc3: gadget: Fix IN endpoint max packet size allocation
  (git-fixes).
- commit 4ad76ff
- Update patches.suse/watchdog-export-lockup_detector_reconfigure.patch (bsc#1202872 ltc#197920).
- commit 52cb092
- usb: dwc3: gadget: Store resource index of start cmd
  (git-fixes).
- commit 4fd8e68
- Update patch reference for USB gadget fix (CVE-2020-27784 bsc#1202895)
- commit 8033d12
- usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes).
- Refresh
  patches.suse/usb-dwc3-add-cancelled-reasons-for-dwc3-requests.patch.
- commit 32c5550
- usb: dwc3: gadget: Remove unnecessary checks (git-fixes).
- Refresh
  patches.suse/usb-dwc3-add-cancelled-reasons-for-dwc3-requests.patch.
- commit 7db43e6
- usb: dwc3: Switch to platform_get_irq_byname_optional()
  (git-fixes).
- commit 73d1e58
- xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like
  fallocate (bsc#1194272 CVE-2021-4155).
- commit 049d5e6
- usb: gadget: u_audio: fix race condition on endpoint stop
  (git-fixes).
- commit 152ca21
- usb: dwc3: ep0: Fix delay status handling (git-fixes).
- commit af1df0f
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- commit 9881846
- bpf: Don't use tnum_range on array range checking for poke
  descriptors (bsc#1202564 bsc#1202860 CVE-2022-2905).
- commit c59b8fc
- blacklist.conf: Add reverted patch
  d11219ad53dc amdgpu: disable powerpc support for the newer display engine
  c653c591789b drm/amdgpu: Re-enable DCN for 64-bit powerpc
- commit b8f5e97
- SUNRPC: Don't dereference xprt->snd_task if it's a cookie
  (git-fixes).
- commit 16c3d44
- vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
- vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
- vmxnet3: Record queue number to incoming packets (bsc#1200431).
- vmxnet3: disable overlay offloads if UPT device does not support
  (bsc#1200431).
- vmxnet3: update to version 7 (bsc#1200431).
- vmxnet3: use ext1 field to indicate encapsulated packet
  (bsc#1200431).
- vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
- vmxnet3: add command to set ring buffer sizes (bsc#1200431).
- vmxnet3: add support for out of order rx completion
  (bsc#1200431).
- vmxnet3: add support for large passthrough BAR register
  (bsc#1200431).
- vmxnet3: add support for capability registers (bsc#1200431).
- vmxnet3: prepare for version 7 changes (bsc#1200431).
- net: vmxnet3: fix possible NULL pointer dereference in
  vmxnet3_rq_cleanup() (bsc#1200431).
- net: vmxnet3: fix possible use-after-free bugs in
  vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
- vmxnet3: Remove useless DMA-32 fallback configuration
  (bsc#1200431).
- net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c
  (bsc#1200431).
- vmxnet3: do not stop tx queues after netif_device_detach()
  (bsc#1200431).
- vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
- commit b577aa9
- kbuild: do not create built-in objects for external module
  builds (jsc#SLE-24559 bsc#1202756).
- commit 56b8142
- tracing/probes: Have kprobes and uprobes use $COMM too
  (git-fixes).
- commit 26bf0d1
- spmi: trace: fix stack-out-of-bound access in SPMI tracing
  functions (git-fixes).
- commit 8c340f6
- tracing/histograms: Fix memory leak problem (git-fixes).
- commit 07d4ab9
- blacklist.conf: tracepoint cleanup for drivers/char/random
- commit f75eb58
- tracing/histogram: Fix a potential memory leak for kstrdup()
  (git-fixes).
- commit cce24b0
- ceph: don't truncate file in atomic_open (bsc#1202811).
- ceph: don't leak snap_rwsem in handle_cap_grant (bsc#1202810).
- commit 75744b6
- blacklist.conf: blacklist fea013e020e6
- commit 2fc68a2
- tracing: Add ustring operation to filtering string pointers
  (git-fixes).
- commit 3fbf519
- cgroup: Trace event cgroup id fields should be u64 (git-fixes).
- commit dade489
- blacklist.conf: not-relevant cleanup for drivers/char/random
- commit c90e359
- blktrace: fix blk_rq_merge documentation (git-fixes).
- commit c03c0ec
- hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet
  info (bsc#1202701).
- commit 173844d
- tpm: fix reference counting for struct tpm_chip (CVE-2022-2977
  bsc#1202672).
- commit b71aab0
- list: add "/list_del_init_careful()"/ to go with
  "/list_empty_careful()"/ (bsc#1202745).
- commit 71ed084
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 595e8a4
- blk-iocost: clamp inuse and skip noops in __propagate_weights()
  (bsc#1202722).
- commit f84d929
- blk-iocost: rename propagate_active_weights() to
  propagate_weights() (bsc#1202722).
- commit 2724a56
- blacklist.conf: Blacklist aebf5db91705
- commit 578fbe5
- blk-iocost: fix operation ordering in iocg_wake_fn()
  (bsc#1202720).
- commit 31b540e
- loop: Fix missing discard support when using LOOP_CONFIGURE
  (bsc#1202718).
- commit c85296f
- blk-iocost: fix weight updates of inner active iocgs
  (bsc#1202717).
- commit 06cf027
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered
  (bsc#1197763).
- commit f7b5cbd
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when
  journal aborted (bsc#1202716).
- commit d741558
- jbd2: fix outstanding credits assert in
  jbd2_journal_commit_transaction() (bsc#1202715).
- commit 4df2139
- fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages
  (bsc#1200873).
- commit b654d4c
- ocfs2: fix crash when initialize filecheck kobj fails
  (bsc#1197920).
- commit 137054f
- ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).
- commit 24a97d8
- ocfs2: drop acl cache for directories too (bsc#1191667).
- commit d8cc34a
- reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr
  (bsc#1202714).
- commit 4fc81aa
- ext4: recover csum seed of tmp_inode after migrating to extents
  (bsc#1202713).
- commit 79e5db2
- ext4: add reserved GDT blocks check (bsc#1202712).
- commit e96e640
- ext4: fix bug_on in ext4_writepages (bsc#1200872).
- commit 8d9a89d
- ext4: fix use-after-free in ext4_rename_dir_prepare
  (bsc#1200871).
- commit c9d1b13
- ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
- commit f4c59a1
- ext4: force overhead calculation if the s_overhead_cluster
  makes no sense (bsc#1200870).
- commit 24d5cfc
- ext4: fix overhead calculation to account for the reserved
  gdt blocks (bsc#1200869).
- commit 8fa6a02
- ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
- commit bc9242b
- ext4: fix symlink file size not match to file content
  (bsc#1200868).
- commit 888bc97
- ext4: fix error handling in ext4_restore_inline_data()
  (bsc#1197757).
- commit ed0d1f6
- ext4: don't use the orphan list when migrating an inode
  (bsc#1197756).
- commit 2d21beb
- ext4: Fix BUG_ON in ext4_bread when write quota data
  (bsc#1197755).
- commit 0551e1a
- ext4: fix potential infinite loop in ext4_dx_readdir()
  (bsc#1191662).
- commit 26c80a3
- ext4: fix loff_t overflow in ext4_max_bitmap_size()
  (bsc#1202709).
- commit bb20240
- ext4: do not set SB_ACTIVE in ext4_orphan_cleanup()
  (bsc#1202708).
- commit 070ad26
- ext4: fix invalid inode checksum (bsc#1179723).
- commit e670453
- ext4: fix error handling code in add_new_gdb (bsc#1179722).
- commit 5b945e4
- blacklist.conf: Blacklist ext2 since we don't even compile it
- commit 8f69ba8
- xfs: prevent a UAF when log IO errors race with unmount
  (git-fixes).
- commit f7eb5c7
- xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
- commit f514fcd
- xfs: make xfs_rtalloc_query_range input parameters const
  (git-fixes).
- commit 0b84c2b
- xfs: only reset incore inode health state flags when reclaiming
  an inode (git-fixes).
- commit a9e17d5
- xfs: bunmapi has unnecessary AG lock ordering issues
  (git-fixes).
- commit a76eaaf
- xfs: mark a data structure sick if there are cross-referencing
  errors (git-fixes).
- commit b0269a0
- xfs: Fix assert failure in xfs_setattr_size() (git-fixes).
- commit 1433b65
- fuse: handle kABI change in struct sock (bsc#1194535
  CVE-2021-4203).
- commit 53bc420
- usb: dwc3: qcom: fix missing optional irq warnings.
- commit de0c0d4
- usb: dwc3: gadget: Remove FS bInterval_m1 limitation
  (git-fixes).
- commit fff57cf
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
  (bsc#1194535 CVE-2021-4203).
- commit 603bd9d
- powerpc/perf: Optimize clearing the pending PMI and remove
  WARN_ON for PMI check in power_pmu_disable (bsc#1156395).
- commit d72c6fd
- powerpc/xive: Fix refcount leak in xive_get_max_prio
  (fate#322438 git-fixess).
- commit 76798e0
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- commit 35df6ef
- powerpc: define get_cycles macro for arch-override
  (bsc#1065729).
- commit 39ee615
- blacklist.conf: Add c26d4c5d4f0d powerpc/kvm: Remove obsolete and unneeded select
- commit b069bcf
- blacklist.conf: Add 235cee162459 KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ handling
- commit a0b9b11
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- net_sched: cls_route: remove from list when handle is 0
  (CVE-2022-2588 bsc#1202096).
- commit b08a235
- KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
- KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB
  (bsc#1156395).
- KVM: PPC: Book3S HV: Use GLOBAL_TOC for
  kvmppc_h_set_dabr/xdabr() (bsc#1156395).
- commit b08465c
- blacklist.conf: duplicate
- commit 23a0769
- usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command
  (git-fixes).
- Refresh
  patches.suse/usb-dwc3-add-cancelled-reasons-for-dwc3-requests.patch.
- commit 86ac68c
- KVM: PPC: Book3S HV: Context tracking exit guest context before
  enabling irqs (bsc#1065729).
- commit b7e4839
- blacklist.conf: later reverted in upstream
- commit 31b3f5b
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- commit f3043dc
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- commit 1ba1d86
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
  ZDI-CAN-17325).
- commit 1b534db
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- commit 47070d3
- ext4: Fix check for block being out of directory size
  (bsc#1198577 CVE-2022-1184).
- commit e41d129
- ext4: make sure ext4_append() always allocates new block
  (bsc#1198577 CVE-2022-1184).
- commit 5c3a0a2
- ext4: check if directory block is within i_size (bsc#1198577
  CVE-2022-1184).
- commit d289dcd
- Refresh
  patches.suse/locking-lockdep-Avoid-potential-access-of-invalid-me.patch.
  Fix builds with CONFIG_LOCKDEP on.
- commit b4f11f2
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI
  (bsc#1200845).
- PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
  (bsc#1200845).
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
- PCI: hv: Fix multi-MSI to allow more than one MSI vector
  (bsc#1200845).
- PCI: hv: Make the code arch neutral by adding arch specific
  interfaces (bsc#1200845).
- commit 7ab7313
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- commit 18b6fb8
- ext4: unindent codeblock in ext4_xattr_block_set()
  (bsc#1198971).
- commit 948b7e8
- ext4: remove EA inode entry from mbcache on inode eviction
  (bsc#1198971).
- commit d96ae24
- mbcache: add functions to delete entry if unused (bsc#1198971).
- commit dc90bf2
- mbcache: don't reclaim used entries (bsc#1198971).
- commit 9b2430e
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference
  stale pointer (git-fixes).
- commit 267c700
- ARM: 9077/1: PLT: Move struct plt_entries definition to header
  (git-fixes).
- commit ece08bc
- ARM: 9078/1: Add warn suppress parameter to
  arm_gen_branch_link() (git-fixes).
- commit 3398bca
- ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without
  DYNAMIC_FTRACE (git-fixes).
- commit 1d2e217
- ARM: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes).
- commit 83b5d04
- blacklist.conf: rework and optimization ftrace commits, not bug fixes
- commit e11832c
- Update config files.
- commit 7f7a8ef
- Update config files (bsc#1201361 bsc#1192968 https://github.com/rear/rear/issues/2554).
  ppc64: NVRAM=y
- commit 5e8bf01
- Refresh
  patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch.
- Updated
  patches.suse/x86-speculation-change-fill_return_buffer-to-work-with-objtool.patch.
  Add missing objtool annotations from upstream commits and update the latter
  patch to fix bsc#1202396.
- commit 8f03705
- objtool: Add support for intra-function calls (bsc#1202396).
- commit eabf007
- objtool: Remove INSN_STACK (bsc#1202396).
- commit c48377d
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- commit ef33ad6
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- commit cd6e886
- objtool: Support multiple stack_op per instruction
  (bsc#1202396).
- Refresh
  patches.suse/objtool-allow-no-op-cfi-ops-in-alternatives.patch.
- Refresh
  patches.suse/objtool-fix-cfi-insn_state-propagation.patch.
- Refresh patches.suse/objtool-fix-orc-vs-alternatives.patch.
- Refresh patches.suse/objtool-rename-struct-cfi_state.patch.
- commit 5c735b5
- s390/ptrace: pass invalid syscall numbers to tracing
  (bsc#1192594 LTC#197522).
- commit ad9e50e
- lib: bitmap: provide devm_bitmap_alloc() and
  devm_bitmap_zalloc() (git-fixes).
- commit 2469dd3
- firmware: tegra: bpmp: Do only aligned access to IPC memory area
  (git-fixes).
- commit 99eaa98
- module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined
  symbols (git-fixes).
- commit 35509ca
- blacklist.conf: unneeded and kABI-breaking module loader commits
- commit 3ccf763
- mm: memcontrol: fix potential oom_lock recursion deadlock
  (bsc#1202447).
- commit bc21375
- blacklist.conf: Add 7b3c36fc4c23 ptrace: fix task_join_group_stop() for the case when current is traced
- commit 572eadd
- rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385)
  We do the move only on 15.5+.
- commit 9c7ade3
- rpm/kernel-binary.spec.in: simplify find for usrmerged
  The type test and print line are the same for both cases. The usrmerged
  case only ignores more, so refactor it to make it more obvious.
- commit 583c9be
- net: enetc: Use pci_release_region() to release some resources
  (git-fixes).
- PCI: qcom: Fix pipe clock imbalance (git-fixes).
- net: cpsw: add missing of_node_put() in cpsw_probe_dt()
  (git-fixes).
- net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
- net: enetc: report software timestamping via SO_TIMESTAMPING
  (git-fixes).
- net:enetc: allocate CBD ring data memory using DMA coherent
  methods (git-fixes).
- arm64: signal: nofpsimd: Do not allocate fp/simd context when
  not available (git-fixes).
- dpaa2-eth: unregister the netdev before disconnecting from
  the PHY (git-fixes).
- net: cpsw: Properly initialise struct page_pool_params
  (git-fixes).
- pinctrl/rockchip: fix gpio device creation (git-fixes).
- spi: Fix incorrect cs_setup delay handling (git-fixes).
- random: fix crash on multiple early calls to
  add_bootloader_randomness() (git-fixes).
- tee: optee: Fix incorrect page free bug (git-fixes).
- ipmi: ssif: initialize ssif_info->client early (git-fixes).
- serial: tegra: Change lower tolerance baud rate limit for
  tegra20 and tegra30 (git-fixes).
- net: mscc: ocelot: correctly report the timestamping RX filters
  in ethtool (git-fixes).
- net: mscc: ocelot: don't downgrade timestamping RX filters in
  SIOCSHWTSTAMP (git-fixes).
- net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory
  (git-fixes).
- coresight: cti: Correct the parameter for pm_runtime_put
  (git-fixes).
- net: enetc: unmap DMA in enetc_send_cmd() (git-fixes).
- enetc: Fix endianness issues for enetc_qos (git-fixes).
- commit b9e0ed7
- selftests: futex: Use variable MAKE instead of make (git-fixes).
- commit 7d8ce88
- locking/lockdep: Avoid potential access of invalid memory in
  lock_class (git-fixes).
- commit 6e699d5
- Update
  patches.suse/can-ems_usb-ems_usb_start_xmit-fix-double-dev_kfree_.patch
  (CVE-2022-28390 bsc#1198031).
- commit 9c17688
- Update
  patches.suse/can-mcba_usb-mcba_usb_start_xmit-fix-double-dev_kfre.patch
  (CVE-2022-28389 bsc#1198033).
- commit 1983a37
- net: ethernet: ezchip: fix error handling (git-fixes).
- commit 5d377ed
- net: ethernet: ezchip: remove redundant check (git-fixes).
- commit cb426d4
- net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).
- commit ed56f34
- blacklist.conf: v5.16-rc2-1-gd257cc8cb8d5 introduces a rwsem regression
- commit edee2a5
- net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes).
- commit f83edca
- net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes).
- commit d5e4943
- perf bench: Share some global variables to fix build with gcc 10
  (git-fixes).
- commit a397021
- net: moxa: Use devm_platform_get_and_ioremap_resource()
  (git-fixes).
- commit d13dcd2
- ehea: fix error return code in ehea_restart_qps() (git-fixes).
- commit f14e06e
- net: pch_gbe: Propagate error from devm_gpio_request_one()
  (git-fixes).
- commit 51f37b6
- net: ethernet: fix potential use-after-free in ec_bhf_remove
  (git-fixes).
- commit 7175e70
- net: fec_ptp: add clock rate zero check (git-fixes).
- commit 16317aa
- net: stmmac: disable clocks in stmmac_remove_config_dt()
  (git-fixes).
- commit 1bbbc9a
- net: stmmac: dwmac1000: Fix extended MAC address registers
  definition (git-fixes).
- commit c6d0ccf
- ice: report supported and advertised autoneg using PHY
  capabilities (git-fixes).
- commit 2243129
- ixgbevf: add correct exception tracing for XDP (git-fixes).
- commit b4db988
- net/mlx5e: Check for needed capability for cvlan matching
  (git-fixes).
- commit e46f646
- net: hns: Fix kernel-doc (git-fixes).
- commit 80f2716
- net: dsa: mt7530: fix VLAN traffic leaks (git-fixes).
- commit 99b3a0b
- net: lantiq: fix memory corruption in RX ring (git-fixes).
- commit 55781d8
- net: fec: fix the potential memory leak in fec_enet_init()
  (git-fixes).
- commit 43431b4
- net: netcp: Fix an error message (git-fixes).
- commit 0432102
- qlcnic: Add null check after calling netdev_alloc_skb
  (git-fixes).
- commit 9764dcc
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
  (git-fixes).
- commit ca3de9d
- Revert "/niu: fix missing checks of niu_pci_eeprom_read"/
  (git-fixes).
- commit c1a547c
- net: stmicro: handle clk_prepare() failure during init
  (git-fixes).
- commit 1249947
- Revert "/net: stmicro: fix a missing check of clk_prepare"/
  (git-fixes).
- commit c8483b4
- Revert "/net: fujitsu: fix a potential NULL pointer dereference"/
  (git-fixes).
- commit 35e4846
- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
  (git-fixes).
- commit 11b1f00
- net: davinci_emac: Fix incorrect masking of tx and rx error
  channel (git-fixes).
- commit cef2ac2
- blacklist.conf: update blacklist
- commit e0f7a96
- blacklist.conf: Add 59b18a1e65b7 x86/msi: Fix msi message data shadow struct
- commit b422277
- ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes).
- commit 090b87e
- ALSA: hda/realtek: Fix deadlock by COEF mutex (git-fixes).
- ALSA: hda: realtek: Fix race at concurrent COEF updates
  (git-fixes).
- commit 5b77923
- ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes).
- ALSA: hda/realtek: Add quirk for TongFang devices with pop noise
  (git-fixes).
- ALSA: hda/realtek: Add quirk for the Framework Laptop
  (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes).
- commit 8286b1b
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for
  HP machines (git-fixes).
- Refresh
  patches.suse/ALSA-hda-realtek-Add-quirk-for-HP-Dev-One.patch.
- Refresh
  patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-HP-machin.patch.
- commit 3b1083d
- NTB: ntb_tool: uninitialized heap data in tool_fn_write()
  (git-fixes).
- ALSA: bcd2000: Fix a UAF bug on the error path of probing
  (git-fixes).
- commit e17531e
- ALSA: hda/realtek: fix mute/micmute LEDs for HP machines
  (git-fixes).
- commit 6646862
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx
  (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
  (git-fixes).
- ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes).
- commit 4dbfddf
- ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes).
- commit 99b2a82
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED
  (git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SF313-51
  (git-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop
  (git-fixes).
- commit a6cb05c
- ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes).
- ALSA: usb-audio: More comprehensive mixer map for ASUS ROG
  Zenith II (git-fixes).
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
  (git-fixes).
- ALSA: hda/realtek: Add quirk for another Asus K42JZ model
  (git-fixes).
- drm/gem: Properly annotate WW context on
  drm_gem_lock_reservations() error (git-fixes).
- commit fc95967
- xfrm: xfrm_policy: fix a possible double xfrm_pols_put()
  in xfrm_bundle_lookup() (CVE-2022-36879 bsc#1201948).
- commit 97b83f0
- devlink: Fix use-after-free after a failed reload (git-fixes).
- vsock: Set socket state back to SS_UNCONNECTED in
  vsock_connect_timeout() (git-fixes).
- vsock: Fix memory leak in vsock_connect() (git-fixes).
- can: ems_usb: fix clang's -Wunaligned-access warning
  (git-fixes).
- geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
- geneve: fix TOS inheriting for ipv4 (git-fixes).
- Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
  (git-fixes).
- atm: idt77252: fix use-after-free bugs caused by tst_timer
  (git-fixes).
- virtio_net: fix memory leak inside XPD_TX with mergeable
  (git-fixes).
- ACPI: property: Return type of acpi_add_nondev_subnodes()
  should be bool (git-fixes).
- pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
  (git-fixes).
- pinctrl: nomadik: Fix refcount leak in
  nmk_pinctrl_dt_subnode_to_map (git-fixes).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).
- Revert "/scripts/mod/modpost.c: permit '.cranges' secton for
  sh64 architecture."/ (git-fixes).
- ACPI: video: Force backlight native for some TongFang devices
  (git-fixes).
- thermal: Fix NULL pointer dereferences in of_thermal_ functions
  (git-fixes).
- commit 4ff3e1b
- blacklist.conf: Add 5f89468e2f06 swiotlb: manipulate orig_addr when tlb_addr has offset
- commit a6010ca
- iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes).
- commit f1b6523
- iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
- commit c36c19c
- iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
- commit 34bbfc0
- iommu/exynos: Handle failed IOMMU device registration properly
  (git-fixes).
- vfio/ccw: Remove UUID from s390 debug log (git-fixes).
- iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
- iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
- iommu/msm: Fix an incorrect NULL check on list iterator
  (git-fixes).
- iommu/omap: Fix regression in probe for NULL pointer dereference
  (git-fixes).
- iommu/iova: Improve 32-bit free space estimate (git-fixes).
- iommu/ipmmu-vmsa: Check for error num after setting mask
  (git-fixes).
- commit 040a9c6
- blacklist.conf: add various fixes
- commit 73738d1
- net/packet: fix slab-out-of-bounds access in packet_recvmsg()
  (CVE-2022-20368 bsc#1202346).
- commit e8bbbca
- media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers
  across ioctls (bsc#1202347 CVE-2022-20369).
- commit 36d8575
- iommu/vt-d: avoid invalid memory access via
  node_online(NUMA_NO_NODE) (git-fixes).
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking
  out of loop (git-fixes).
- commit c88bace
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862
  git-fixes).
- commit d5191b9
- mm: proc: smaps_rollup: do not stall write attempts on mmap_lock
  (bsc#1201990).
- mm: smaps*: extend smap_gather_stats to support specified
  beginning (bsc#1201990).
- mmap locking API: add mmap_lock_is_contended() (bsc#1201990).
- commit 7944adf
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- NFSD: Fix possible sleep during nfsd4_release_lockowner()
  (git-fixes).
- NFSD: prevent integer overflow on 32 bit systems (git-fixes).
- NFSD: prevent underflow in nfssvc_decode_writeargs()
  (git-fixes).
- NFSD: Clamp WRITE offsets (git-fixes).
- nfsd: fix use-after-free due to delegation race (git-fixes).
- SUNRPC: Prevent immediate close+reconnect (git-fixes).
- SUNRPC: Clean up scheduling of autoclose (git-fixes).
- NFSv4: Fix second deadlock in nfs4_evict_inode() (git-fixes).
- NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP
  on error (git-fixes).
- xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes).
- NFSD: Add missing NFSv2 .pc_func methods (git-fixes).
- silence nfscache allocation warnings with kvzalloc (git-fixes).
- NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID
  flag (git-fixes).
- NFS: fix nfs_path in case of a rename retry (git-fixes).
- SUNRPC reverting d03727b248d0 ("/NFSv4 fix CLOSE not waiting
  for direct IO compeletion"/) (git-fixes).
- commit a827eeb
- md/bitmap: don't set sb values if can't pass sanity check
  (bsc#1197158).
- commit 3927074
- kabi/severities: add stmmac driver local sumbols
- commit 31f077f
- net: lapbether: Prevent racing when checking whether the netif
  is running (git-fixes).
- commit 9af3eff
- octeontx2-af: fix infinite loop in unmapping NPC counter
  (git-fixes).
- commit c88fc73
- net: mvpp2: fix interrupt mask/unmask skip condition
  (git-fixes).
- commit 3584e08
- net: hdlc_x25: Return meaningful error code in x25_open
  (git-fixes).
- commit 212e2be
- Update metadata references
- commit b372491
- net: dsa: b53: fix an off by one in checking "/vlan->vid"/
  (git-fixes).
- commit ea4caa5
- can: m_can: process interrupt only when not runtime suspended
  (git-fixes).
- commit bd4c919
- VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
- VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635).
- VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635).
- VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635).
- VMCI: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635).
- commit 834df98
- remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config
  (git-fixes).
- remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
- watchdog: armada_37xx_wdt: check the return value of
  devm_ioremap() in armada_37xx_wdt_probe() (git-fixes).
- tools/thermal: Fix possible path truncations (git-fixes).
- thermal: sysfs: Fix cooling_device_stats_setup() error code path
  (git-fixes).
- serial: 8250_dw: Store LSR into lsr_saved_flags in
  dw8250_tx_wait_empty() (git-fixes).
- x86/olpc: fix 'logical not is only applied to the left hand
  side' (git-fixes).
- kfifo: fix kfifo_to_user() return type (git-fixes).
- profiling: fix shift too large makes kernel panic (git-fixes).
- video: fbdev: s3fb: Check the size of screen before memset_io()
  (git-fixes).
- video: fbdev: arkfb: Check the size of screen before memset_io()
  (git-fixes).
- video: fbdev: vt8623fb: Check the size of screen before
  memset_io() (git-fixes).
- video: fbdev: arkfb: Fix a divide-by-zero bug in
  ark_set_pixclock() (git-fixes).
- video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
- video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using
  giveback (git-fixes).
- kfifo: fix ternary sign extension bugs (git-fixes).
- commit c5d77c5
- x86/speculation: Add LFENCE to RSB fill sequence (bsc#1201726
  CVE-2022-26373).
- commit abba98d
- x86/speculation: Add RSB VM Exit protections (bsc#1201726
  CVE-2022-26373).
- commit 061bcfd
- x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
  (bsc#1201726 CVE-2022-26373).
- commit 16768aa
- acpi: Disable APEI error injection if the kernel is locked down
  (bsc#1023051, CVE-2016-3695).
- commit 80750a7
- net: ftgmac100: Fix crash when removing driver (git-fixes).
- commit 6458cfa
- net: stmmac: Modify configuration method of EEE timers
  (git-fixes).
- commit b6da91b
- net: stmmac: Use resolved link config in mac_link_up()
  (git-fixes).
- commit 4dba15f
- net/sonic: Fix a resource leak in an error handling path in
  'jazz_sonic_probe()' (git-fixes).
- commit 8d37be1
- blacklist.conf: update blacklist
- commit 51d7b18
- powerpc: powernv: kABI: add back powernv_get_random_long
  (bsc#1065729).
- commit f61a28c
- KVM: PPC: Use arch_get_random_seed_long instead of powernv
  variant (bsc#1156395).
- commit 3e6dc98
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_
  (bsc#1065729).
- powerpc/powernv: delay rng platform device creation until
  later in boot (bsc#1065729).
- commit 74ae44c
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9
  (bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- commit a69b0d7
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- Refresh patches.suse/powerpc-64s-rename-pnv-pseries_setup_rfi_flush-to-_s.patch
- powerpc/powernv: Staticify functions without prototypes
  (bsc#1065729).
- commit 98a575d
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442)
- commit ec6a677
- blacklist.conf: update blacklist
- commit 63fa2f9
- blacklist.conf: update blacklist
- commit cc1d04f
- mmc: cavium-thunderx: Add of_node_put() when breaking out of
  loop (git-fixes).
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop
  (git-fixes).
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
  (git-fixes).
- memstick/ms_block: Fix a memory leak (git-fixes).
- memstick/ms_block: Fix some incorrect memory allocation
  (git-fixes).
- mmc: sdhci-of-esdhc: Fix refcount leak in
  esdhc_signal_voltage_switch (git-fixes).
- PCI: tegra194: Fix link up retry sequence (git-fixes).
- PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep()
  (git-fixes).
- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses
  (git-fixes).
- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks
  (git-fixes).
- PCI: dwc: Always enable CDM check if "/snps,enable-cdm-check"/
  exists (git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors
  (git-fixes).
- PCI: dwc: Disable outbound windows only for controllers using
  iATU (git-fixes).
- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu()
  (git-fixes).
- PCI: dwc: Stop link on host_init errors and de-initialization
  (git-fixes).
- PCI/portdrv: Don't disable AER reporting in
  get_port_device_capability() (git-fixes).
- platform/olpc: Fix uninitialized data in debugfs write
  (git-fixes).
- USB: Follow-up to SPDX identifiers addition - remove now
  useless comments (git-fixes).
- staging: rtl8192u: Fix sleep in atomic context bug in
  dm_fsync_timer_callback (git-fixes).
- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command
  completion (git-fixes).
- USB: serial: fix tty-port initialized comments (git-fixes).
- usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
- usb: host: xhci: use snprintf() in xhci_decode_trb()
  (git-fixes).
- usb: xhci: tegra: Fix error check (git-fixes).
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
  (git-fixes).
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
  (git-fixes).
- iio: light: isl29028: Fix the warning in isl29028_remove()
  (git-fixes).
- soundwire: bus_type: fix remove and shutdown support
  (git-fixes).
- iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s1200: Fix alignment for DMA safety
  (git-fixes).
- iio: proximity: as3935: Fix alignment for DMA safety
  (git-fixes).
- intel_th: msu: Fix vmalloced buffers (git-fixes).
- intel_th: msu-sink: Potential dereference of null pointer
  (git-fixes).
- intel_th: Fix a resource leak in an error handling path
  (git-fixes).
- misc: rtsx: Fix an error handling path in rtsx_pci_probe()
  (git-fixes).
- commit 2bc728a
- iio: potentiometer: mcp4131: Fix alignment for DMA safety
  (git-fixes).
- iio: potentiometer: mcp41010: Fix alignment for DMA safety
  (git-fixes).
- iio: potentiometer: max5481: Fix alignment for DMA safety
  (git-fixes).
- iio: potentiometer: ad5272: Fix alignment for DMA safety
  (git-fixes).
- iio: gyro: fxas210002c: Fix alignment for DMA safety
  (git-fixes).
- iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4371: Fix alignment for DMA safety
  (git-fixes).
- iio: frequency: adf4350: Fix alignment for DMA safety
  (git-fixes).
- iio: frequency: ad9523: Fix alignment for DMA safety
  (git-fixes).
- iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac082s085: Fix alignment for DMA safety
  (git-fixes).
- iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
- iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
- commit 7981ef6
- clk: qcom: camcc-sdm845: Fix topology around titan_top power
  domain (git-fixes).
- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
  (git-fixes).
- clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock
  (git-fixes).
- clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
- clk: qcom: clk-krait: unlock spin after mux completion
  (git-fixes).
- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
  (git-fixes).
- HID: cp2112: prevent a buffer overflow in cp2112_xfer()
  (git-fixes).
- driver core: fix potential deadlock in __driver_attach
  (git-fixes).
- iio: amplifiers: ad8366: Fix alignment for DMA safety
  (git-fixes).
- iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads124s08: Fix alignment for DMA safety
  (git-fixes).
- iio: adc: ti-adc161s626: Fix alignment for DMA safety
  (git-fixes).
- iio: adc: ti-adc128s052: Fix alignment for DMA safety
  (git-fixes).
- iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc084s021: Fix alignment for DMA safety
  (git-fixes).
- iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
- iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
- iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
- iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
- iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently
  large (git-fixes).
- fpga: altera-pr-ip: fix unsigned comparison with less than zero
  (git-fixes).
- commit 9bda156
- openvswitch: fix OOB access in reserve_sfa_size() (CVE-2022-2639
  bsc#1202154).
- commit bfc6551
- blacklist.conf: update blacklist
- commit 847721e
- virtio-gpu: fix a missing check to avoid NULL dereference
  (git-fixes).
- media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
- media: tw686x: Register the irq at the end of probe (git-fixes).
- wifi: wil6210: debugfs: fix uninitialized variable use in
  `wil_write_file_wmi()` (git-fixes).
- wifi: libertas: Fix possible refcount leak in if_usb_probe()
  (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at
  iwl_mvm_mac_wake_tx_queue (git-fixes).
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
  (git-fixes).
- wifi: p54: add missing parentheses in p54_flush() (git-fixes).
- wifi: p54: Fix an error handling path in p54spi_probe()
  (git-fixes).
- mediatek: mt76: mac80211: Fix missing of_node_put() in
  mt76_led_init() (git-fixes).
- mt76: mt76x02u: fix possible memory leak in
  __mt76x02u_mcu_send_msg (git-fixes).
- can: pch_can: pch_can_error(): initialize errc before using it
  (git-fixes).
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in
  il4965_rs_fill_link_cmd() (git-fixes).
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
  (git-fixes).
- thermal/tools/tmon: Include pthread and time headers in tmon.h
  (git-fixes).
- regulator: of: Fix refcount leak bug in
  of_get_regulation_constraints() (git-fixes).
- soc: fsl: guts: machine variable might be unset (git-fixes).
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
  (git-fixes).
- virtio-net: fix the race between refill work and close
  (git-fixes).
- mt7601u: add USB device ID for some versions of XiaoDu WiFi
  Dongle (git-fixes).
- commit 347666b
- drm/amd/display: Enable building new display engine with KCOV
  enabled (git-fixes).
- drm/exynos/exynos7_drm_decon: free resources when
  clk_set_parent() failed (git-fixes).
- drm/msm/mdp5: Fix global state lock backoff (git-fixes).
- drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform
  (git-fixes).
- drm/mediatek: dpi: Only enable dpi after the bridge is enabled
  (git-fixes).
- drm/mediatek: dpi: Remove output format of YUV (git-fixes).
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff
  function (git-fixes).
- drm: bridge: sii8620: fix possible off-by-one (git-fixes).
- drm/rockchip: Fix an error handling path rockchip_dp_probe()
  (git-fixes).
- drm/rockchip: vop: Don't crash for invalid duplicate_state()
  (git-fixes).
- drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
- drm/radeon: fix potential buffer overflow in
  ni_set_mc_special_registers() (git-fixes).
- drm/vc4: hdmi: Correct HDMI timing registers for interlaced
  modes (git-fixes).
- drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
- drm/vc4: dsi: Add correct stop condition to
  vc4_dsi_encoder_disable iteration (git-fixes).
- drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
- drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
- drm/vc4: plane: Fix margin calculations for the right/bottom
  edges (git-fixes).
- drm/vc4: plane: Remove subpixel positioning check (git-fixes).
- drm/doc: Fix comment typo (git-fixes).
- drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register
  (git-fixes).
- drm: adv7511: override i2c address of cec before accessing it
  (git-fixes).
- drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
- drm/st7735r: Fix module autoloading for Okaya RH128128T
  (git-fixes).
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop
  (git-fixes).
- i2c: cadence: Support PEC for SMBus block read (git-fixes).
- i2c: Fix a potential use after free (git-fixes).
- commit cce0615
- drm/bridge: tc358767: Make sure Refclk clock are enabled
  (git-fixes).
- Bluetooth: hci_intel: Add check for platform_driver_register
  (git-fixes).
- can: error: specify the values of data[5..7] of CAN error frames
  (git-fixes).
- can: usb_8dev: do not report txerr and rxerr during bus-off
  (git-fixes).
- can: kvaser_usb_leaf: do not report txerr and rxerr during
  bus-off (git-fixes).
- can: kvaser_usb_hydra: do not report txerr and rxerr during
  bus-off (git-fixes).
- can: sun4i_can: do not report txerr and rxerr during bus-off
  (git-fixes).
- can: hi311x: do not report txerr and rxerr during bus-off
  (git-fixes).
- can: sja1000: do not report txerr and rxerr during bus-off
  (git-fixes).
- can: rcar_can: do not report txerr and rxerr during bus-off
  (git-fixes).
- can: pch_can: do not report txerr and rxerr during bus-off
  (git-fixes).
- ath10k: do not enforce interrupt trigger type (git-fixes).
- can: Break loopback loop on loopback documentation (git-fixes).
- ACPI: video: Shortening quirk list by identifying Clevo by
  board_name only (git-fixes).
- ACPI: APEI: Better fix to avoid spamming the console with old
  error logs (git-fixes).
- bus: hisi_lpc: fix missing platform_device_put() in
  hisi_lpc_acpi_probe() (git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future
  (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
  (git-fixes).
- ath10k: Fix error handling in ath10k_setup_msa_resources
  (git-fixes).
- commit 6ee2d65
- ipv4: avoid using shared IP generator for connected sockets
  (CVE-2020-36516 bsc#1196616).
- ipv4: tcp: send zero IPID in SYNACK messages (CVE-2020-36516
  bsc#1196616).
- commit 6c53c05
- blacklist.conf: add "/sched: Reenable interrupts in do_sched_yield()"/
  This patch caused unexplained regressions and it's not fixing any
  important issue.
- commit 7b4ecae
- Revert "/Refresh patches.suse/random-fix-crash-on-multiple-early-calls..."/ (bsc#1201645)
  This reverts commit f01d1a85f6c5334e324db629b3d43a8be5461b46.
- commit ef555c8
- media: smipcie: fix interrupt handling and IR timeout
  (git-fixes).
- commit 72251a4
- sched/fair: Revise comment about lb decision matrix (git fixes
  (sched/fair)).
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation
  (git fixes (kernel/time)).
- random: remove useless header comment (git fixes).
- profiling: fix shift-out-of-bounds bugs (git fixes).
- sched/membarrier: fix missing local execution of
  ipi_sync_rq_state() (git fixes (sched/membarrier)).
- mm: fix page reference leak in soft_offline_page() (git fixes
  (mm/memory-failure)).
- commit b0029fe
- blacklist.conf: xtensa not used
- commit c7e553d
- blacklist.conf: UML not used
- commit d38c3c3
- blacklist.conf: Cosmetic patch
- commit 137482b
- blacklist.conf: GCC-12 not used
- commit b35581e
- blacklist.conf: KASAN not configured
- commit ddca4d2
- blacklist.conf: Clang not used for build
- commit f6cb05a
- blacklist.conf: KASAN not configured
- commit db5c6ef
- blacklist.conf: 6ffbb45826f5d9ae09aa60cd88594b7816c96190
- commit ae569d4
- blacklist.conf: Build time micro-optimisation
- commit 091232d
- blacklist.conf: Build time micro-optimisation
- commit 06fea81
- blacklist.conf: Build time micro-optimisation
- commit c5a48f8
- blacklist.conf: Build fix that assumes bash does not exist
- commit a35739b
- blacklist.conf: Comment fix only
- commit 1f940f0
- blacklist.conf: Fixes pointing to misleading commit
- commit b94c0dc
- blacklist.conf: Patch has a number of high risk dependencies
- commit 58c61ac
- Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- commit 9816878
- media: rtl28xxu: add missing sleep before probing slave demod
  (git-fixes).
- commit ac926ca
- media: usb: dvb-usb-v2: rtl28xxu: convert to use
  i2c_new_client_device() (git-fixes).
- commit 47f6029
- media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T
  dongle (git-fixes).
- commit cf3cc2d
- media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes).
- commit 27a23c1
- media: rc: increase rc-mm tolerance and add debug message
  (git-fixes).
- commit 532733e
- media: v4l2-mem2mem: always consider OUTPUT queue during poll
  (git-fixes).
- commit 981dce5
- media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll()
  (git-fixes).
- commit 691e7d8
- PM: runtime: Remove link state checks in rpm_get/put_supplier()
  (git-fixes).
- commit 2786445
- usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes).
- Refresh
  patches.suse/Revert-usb-dwc3-gadget-Use-list_replace_init-before-.patch.
- Refresh
  patches.suse/usb-dwc3-gadget-Use-list_replace_init-before-travers.patch.
- commit de6720f
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit bafbca0
- sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
- commit a77b059
- KVM: x86: Update vCPU's hv_clock before back to guest when
  tsc_offset is adjusted (git-fixes).
- commit 143ba5a
- Updated commit IDs from a rebased upstream branch:
- patches.suse/powerpc-pseries-mobility-set-NMI-watchdog-factor-dur.patch.
- patches.suse/powerpc-watchdog-introduce-a-NMI-watchdog-s-factor.patch.
- patches.suse/watchdog-export-lockup_detector_reconfigure.patch.
- commit a3cdcd5
- KVM: x86: Fix split-irqchip vs interrupt injection window
  request (git-fixes).
- commit 69e8da6
- KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint
  (git-fixes).
- commit 156ec3b
- net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).
- commit 2fe0bb0
- net: usb: use eth_hw_addr_set() (git-fixes).
- commit cd08705
- KVM: VMX: Don't freeze guest when event delivery causes an
  APIC-access exit (git-fixes).
- commit 13e27e5
- net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes).
- commit 5a414a0
- net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes).
- commit 65c08ec
- net: usb: ax88179_178a: remove redundant assignment to variable
  ret (git-fixes).
- commit 75d1e2c
- ax88179_178a: add ethtool_op_get_ts_info() (git-fixes).
- commit 8bcd286
- net: usb: ax88179_178a: write mac to hardware in get_mac_addr
  (git-fixes).
- commit 18afbc0
- KVM: VMX: Add non-canonical check on writes to RTIT address MSRs
  (git-fixes).
- commit ad2b012
- lkdtm: Disable return thunks in rodata.c (bsc#1178134).
- commit 564965b
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).
- commit 8fc5407
- netfilter: nf_queue: do not allow packet truncation below
  transport header offset (bsc#1201940 CVE-2022-36946).
- commit f4f33cd
- kvm/emulate: Fix SETcc emulation function offsets with SLS
  (bsc#1201930).
- commit 0a6851d
- nvme: consider also host_iface when checking ip options
  (bsc#1199670).
- commit edd56ec
- drivers/net: Fix kABI in tun.c (git-fixes).
- commit 3adafd5
- FDDI: defxx: Make MMIO the configuration default except for EISA
  (git-fixes).
- commit 49c7c8d
- FDDI: defxx: Bail out gracefully with unassigned PCI resource
  for CSR (git-fixes).
- commit 87b1bf0
- net: tun: set tun->dev->addr_len during TUNSETLINK processing
  (git-fixes).
- commit 11d0ba1
- net: macb: restore cmp registers on resume path (git-fixes).
- commit 73e4cc3
- drivers: net: fix memory leak in peak_usb_create_dev
  (git-fixes).
- commit bf7b83d
- drivers: net: fix memory leak in atusb_probe (git-fixes).
- commit 1811ff5
- amd-xgbe: Update DMA coherency values (git-fixes).
- commit 58be63e
- net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII
  clock (git-fixes).
- commit 5683f5d
- net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes
  (git-fixes).
- commit a1e8450
- ftgmac100: Restart MAC HW once (git-fixes).
- commit 9b2ea44
- net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port
  (git-fixes).
- commit 74dff8e
- net/mlx5e: When changing XDP program without reset, take refs
  for XSK RQs (git-fixes).
- commit 4584eb8
- net: lapbether: Remove netif_start_queue / netif_stop_queue
  (git-fixes).
- commit 9195d10
- net: stmmac: fix incorrect DMA channel intr enable setting of
  EQoS v4.10 (git-fixes).
- commit 3eac36a
- net: enetc: keep RX ring consumer index in sync with hardware
  (git-fixes).
- commit 5b9c123
- net: enetc: fix incorrect TPID when receiving 802.1ad tagged
  packets (git-fixes).
- commit d2c7696
- net: hns3: fix error mask definition of flow director
  (git-fixes).
- commit e86b116
- blacklist.conf: update blacklist
- commit 545a342
- scsi: lpfc: Copyright updates for 14.2.0.5 patches
  (bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into
  lpfc_sli_prep_abort_xri() (bsc#1201956).
- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved
  configuration (bsc#1201956).
- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test
  (bsc#1201956 bsc#1200521).
- scsi: lpfc: Fix attempted FA-PWWN usage after feature disable
  (bsc#1201956).
- scsi: lpfc: Fix possible memory leak when failing to issue
  CMF WQE (bsc#1201956).
- scsi: lpfc: Remove extra atomic_inc on cmd_pending in
  queuecommand after VMID (bsc#1201956).
- scsi: lpfc: Set PU field when providing D_ID in
  XMIT_ELS_RSP64_CX iocb (bsc#1201956).
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with
  malformed user input (bsc#1201956).
- scsi: lpfc: Fix uninitialized cqe field in
  lpfc_nvme_cancel_iocb() (bsc#1201956).
- commit 6e7b732
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology
  (bsc#1201958).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
- scsi: qla2xxx: Fix response queue handler reading stale packets
  (bsc#1201958).
- scsi: qla2xxx: Zero undefined mailbox IN registers
  (bsc#1201958).
- scsi: qla2xxx: Fix incorrect display of max frame size
  (bsc#1201958).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()
  (bsc#1201958).
- commit d5c3642
- Drop qla2xxx patch which prevented nvme port discovery
  (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958)
  Upstream fixed the problem by reverting the offending commit.
  Delete:
  - patches.suse/scsi-qla2xxx-Fix-disk-failure-to-rediscover.patch.
- commit 1cb16fb
- hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
- hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).
- hv_netvsc: Fix validation in netvsc_linkstatus_callback()
  (bsc#1199364).
- net, xdp: Introduce xdp_build_skb_from_frame utility routine
  (bsc#1199364).
- net, xdp: Introduce __xdp_build_skb_from_frame utility routine
  (bsc#1199364).
- hv_netvsc: Copy packets sent by Hyper-V out of the receive
  buffer (bsc#1199364).
- hv_netvsc: Add (more) validation for untrusted Hyper-V values
  (bsc#1199364).
- bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb
  signature (bsc#1199364).
- commit cffae99
- KVM: emulate: do not adjust size of fastop and setcc subroutines
  (bsc#1201930).
- commit 317f350
- Refresh
  patches.suse/x86-prepare-asm-files-for-straight-line-speculation.patch.
- commit c513474
- Update
  patches.suse/netfilter-nf_tables-disallow-non-stateful-expression.patch
  references (add CVE-2022-32250).
- commit 8871b3f
- net/sched: cls_u32: fix netns refcount changes in u32_change()
  (CVE-2022-29581 bsc#1199665).
- commit e1d6992
- random: fix typo in comments (git-fixes).
- commit 49bfcbe
- blacklist.conf: a cleanup that breaks kABI
- commit f8d13cb
- random: document add_hwgenerator_randomness() with other input
  functions (git-fixes).
- commit 9a03f2f
- drbd: fix potential silent data corruption (git-fixes).
- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code'
  explicit (git-fixes).
- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
  (git-fixes).
- linux/random.h: Use false with bool (git-fixes).
- linux/random.h: Remove arch_has_random, arch_has_random_seed
  (git-fixes).
- commit a9f5081
- kABI workaround for including mm.h in fs/sysfs/file.c
  (bsc#1200598 cve-2022-20166).
- commit 29d7d8a
- net: stmmac: fix watchdog timeout during suspend/resume stress
  test (git-fixes).
- commit b651717
- net: stmmac: stop each tx channel independently (git-fixes).
- commit 3ba5a53
- net: stmmac: fix CBS idleslope and sendslope calculation
  (git-fixes).
- commit e0b11c6
- net: ag71xx: remove unnecessary MTU reservation (git-fixes).
- commit 6020ebf
- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE
  SFP (git-fixes).
- commit 858de54
- net: amd-xgbe: Reset link when the link never comes back
  (git-fixes).
- commit 75c3dff
- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout
  warning (git-fixes).
- commit 2d480f1
- net: amd-xgbe: Reset the PHY rx data path when mailbox command
  timeout (git-fixes).
- commit 5734e3e
- net: axienet: Handle deferred probe on clock properly
  (git-fixes).
- commit c2493d6
- net: mvneta: Remove per-cpu queue mapping for Armada 3700
  (git-fixes).
- commit 421a813
- igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes).
- commit f6ff8de
- macvlan: remove redundant null check on data (git-fixes).
- commit 37296a9
- net: dsa: bcm_sf2: put device node before return (git-fixes).
- commit d83cfd7
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM
  (bsc#1201846 ltc#198761).
- powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846
  ltc#198761).
- watchdog: export lockup_detector_reconfigure (bsc#1201846
  ltc#198761).
- powerpc/mobility: wait for memory transfer to complete
  (bsc#1201846 ltc#198761).
- commit 4aa9f78
- net: macb: unprepare clocks in case of failure (git-fixes).
- commit 9b3aefc
- net: macb: add function to disable all macb clocks (git-fixes).
- commit e67caf5
- net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes).
- commit 2629e74
- octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes).
- commit 12700d6
- net/sonic: Fix some resource leaks in error handling paths (git-fixes).
- commit 823b92f
- net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes).
- commit 3311dc2
- net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes).
- commit 0e7bc32
- net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown
  (git-fixes).
- commit 0b9accc
- cxgb4: Fix the -Wmisleading-indentation warning (git-fixes).
- commit 96affe9
- net: ll_temac: Fix potential NULL dereference in temac_probe()
  (git-fixes).
- commit 9f3a68c
- net: stmmac: dwmac1000: provide multicast filter fallback
  (git-fixes).
- commit 173655e
- net: ll_temac: Use devm_platform_ioremap_resource_byname()
  (git-fixes).
- commit bd77f60
- net: mscc: Fix OF_MDIO config check (git-fixes).
- commit 6a2a9df
- blacklist.conf: update blacklist
- commit 5495889
- blacklist.conf: update blacklist
- commit ccb0438
- i2c: cadence: Change large transfer count reset logic to be
  unconditional (git-fixes).
- gpio: pca953x: use the correct register address when regcache
  sync during init (git-fixes).
- gpio: pca953x: use the correct range when do regmap sync
  (git-fixes).
- gpio: pca953x: only use single read/write for No AI mode
  (git-fixes).
- commit 20d420c
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- serial: 8250: fix return error code in
  serial8250_request_std_resource() (git-fixes).
- wifi: mac80211: fix queue selection for mesh/OCB interfaces
  (git-fixes).
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
  (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
  with alc221 (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
  with alc671 (git-fixes).
- ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3
  model (git-fixes).
- ASoC: madera: Fix event generation for rate controls
  (git-fixes).
- ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
- ASoC: cs47l15: Fix event generation for low power mux control
  (git-fixes).
- ASoC: wm5110: Fix DRE control (git-fixes).
- ASoC: ops: Fix off by one in range control validation
  (git-fixes).
- soc: ixp4xx/npe: Fix unused match warning (git-fixes).
- NFC: nxp-nci: don't print header length mismatch on i2c error
  (git-fixes).
- platform/x86: hp-wmi: Ignore Sanitization Mode event
  (git-fixes).
- virtio_mmio: Restore guest page size on resume (git-fixes).
- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
- commit 7b686cc
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- cgroup: Use separate src/dst nodes when preloading css_sets
  for migration (bsc#1201610).
- commit fecc544
- Update patches.suse/vt-vt_ioctl-fix-race-in-VT_RESIZEX.patch
  (git-fixes bsc#1200910 CVE-2020-36558).
  Add references.
- commit d84e9d7
- Update
  patches.suse/vt-vt_ioctl-fix-VT_DISALLOCATE-freeing-in-use-virtua.patch
  (git-fixes bsc#1201429 CVE-2020-36557).
  Add references.
- commit 76ab189
- lockdown: Fix kexec lockdown bypass with ima policy
  (CVE-2022-21505 bsc#1201458).
- commit 5806b46
- arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes)
- commit b51a741
- Fix 1201644, 1201664, 1201672, 1201673, 1201676
  All are reports of the same problem - the IBRS_* regs push/popping was
  wrong but it needs
  1b331eeea7b8 ("/x86/entry: Remove skip_r11rcx"/)
  too.
- commit 7226005
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- commit e2263d4
- blacklist.conf: updated blacklist for new issue
- commit 93feb45
- mm: and drivers core: Convert hugetlb_report_node_meminfo to
  sysfs_emit (bsc#1200598 cve-2022-20166).
- commit 6f05f26
- drivers core: Miscellaneous changes for sysfs_emit (bsc#1200598
  cve-2022-20166).
- commit 6ff7ebb
- drivers core: Remove strcat uses around sysfs_emit and neaten
  (bsc#1200598 cve-2022-20166).
- commit 4cafd1f
- vt: drop old FONT ioctls (bsc#1201636 CVE-2021-33656).
- commit bcf7213
- drivers core: Use sysfs_emit and sysfs_emit_at for show(device
  * ...) functions (bsc#1200598 cve-2022-20166).
- commit 747b6a7
- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
  (bsc#1200598 cve-2022-20166).
- commit 4aaf7f0
- fbmem: Check virtual screen sizes in fb_set_var()
  (CVE-2021-33655 bsc#1201635).
- fbcon: Prevent that screen size is smaller than font size
  (CVE-2021-33655 bsc#1201635).
- fbcon: Disallow setting font bigger than screen size
  (CVE-2021-33655 bsc#1201635).
- commit a7693d8
- Delete patches.suse/hwmon-Make-chip-parameter-for-with_info-API-mandator.patch (bsc#1201206)
  The patch seems causing a regression on Mac.
- commit f885f68
- arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA (git-fixes)
- commit 036b703
- arm64: stackleak: fix current_top_of_stack() (git-fixes)
- commit 9d510a3
- cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes)
- commit e7722fa
- arm64: module: remove (NOLOAD) from linker script (git-fixes)
- commit 2f78693
- arm64 module: set plt* section addresses to 0x0 (git-fixes)
- commit 5213f10
- kABI workaround for rtsx_usb (git-fixes).
- commit 4ee0d92
- x86/bugs: Remove apostrophe typo (bsc#1178134).
- commit 0dca060
- power/reset: arm-versatile: Fix refcount leak in
  versatile_reboot_probe (git-fixes).
- serial: stm32: Clear prev values before setting RTS delays
  (git-fixes).
- serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
  (git-fixes).
- spi: amd: Limit max transfer and message size (git-fixes).
- drm/i915/gt: Serialize TLB invalidates with GT resets
  (git-fixes).
- drm/i915/selftests: fix a couple IS_ERR() vs NULL tests
  (git-fixes).
- raw: Fix a data-race around sysctl_raw_l3mdev_accept
  (git-fixes).
- sysctl: Fix data-races in proc_dointvec_ms_jiffies()
  (git-fixes).
- sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
- sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_douintvec() (git-fixes).
- sysctl: Fix data races in proc_dointvec() (git-fixes).
- ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
- ima: Fix a potential integer overflow in
  ima_appraise_measurement (git-fixes).
- drm/panfrost: Fix shrinker list corruption by madvise IOCTL
  (git-fixes).
- drm/panfrost: Put mapping instead of shmem obj on
  panfrost_mmu_map_fault_addr() error (git-fixes).
- drm/i915: fix a possible refcount leak in
  intel_dp_add_mst_connector() (git-fixes).
- ida: don't use BUG_ON() for debugging (git-fixes).
- dmaengine: pl330: Fix lockdep warning about non-static key
  (git-fixes).
- misc: rtsx_usb: set return value in rsp_buf alloc err path
  (git-fixes).
- misc: rtsx_usb: use separate command and response buffers
  (git-fixes).
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
  transfer (git-fixes).
- i2c: cadence: Unregister the clk notifier in error path
  (git-fixes).
- memregion: Fix memregion_free() fallback definition (git-fixes).
- fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
- fbcon: Prevent that screen size is smaller than font size
  (git-fixes).
- fbcon: Disallow setting font bigger than screen size
  (git-fixes).
- video: of_display_timing.h: include errno.h (git-fixes).
- fbdev: fbmem: Fix logo center image dx issue (git-fixes).
- r8169: fix accessing unset transport header (git-fixes).
- net: rose: fix UAF bug caused by rose_t0timer_expiry
  (git-fixes).
- pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
- pinctrl: sunxi: a83t: Fix NAND function name for some pins
  (git-fixes).
- commit aa669e5
- ASoC: Intel: Skylake: Correct the handling of fmt_config
  flexible array (git-fixes).
- ASoC: Intel: Skylake: Correct the ssp rate discovery in
  skl_get_ssp_clks() (git-fixes).
- ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
  correctly (git-fixes).
- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
- dmaengine: ti: Add missing put_device in
  ti_dra7_xbar_route_allocate (git-fixes).
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
  (git-fixes).
- can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
- ASoC: Remove unused hw_write_t type (git-fixes).
- commit 2be6c70
- arm64: fix compat syscall return truncation (git-fixes)
- commit 24bf105
- arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes)
- commit 992de8b
- arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
- commit 867aa84
- arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes)
- commit ad8af15
- arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes)
- commit 02d9d74
- arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes)
- commit 4265617
- arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes)
- commit 080c096
- arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes)
- commit ddc1d85
- KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
- commit aff711b
- arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
- commit d286e63
- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes)
- commit 437cb00
- usb: typec: add missing uevent when partner support PD
  (git-fixes).
- commit 8f7dacd
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- commit 052f747
- blacklist.conf: will speed up booting in exchange for breaking charging
  from a switched off laptop with some firmwares
- commit bd8e45d
- blacklist.conf: build fix that does not matter on a released kernel
- commit 3296a39
- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
- commit a69d674
- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
- commit 1caf14d
- Sort in RETbleed backport into the sorted section
  Now that it is upstream..
- Refresh
  patches.suse/KVM-VMX-Convert-launched-argument-to-flags.patch.
- Refresh
  patches.suse/KVM-VMX-Fix-IBRS-handling-after-vmexit.patch.
- Refresh patches.suse/KVM-VMX-Flatten-__vmx_vcpu_run.patch.
- Refresh
  patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch.
- Refresh
  patches.suse/KVM-VMX-Prevent-guest-RSB-poisoning-attacks-with-eIBRS.patch.
- Refresh
  patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch.
- Refresh
  patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch.
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh patches.suse/x86-Undo-return-thunk-damage.patch.
- Refresh patches.suse/x86-Use-return-thunk-in-asm-code.patch.
- Refresh patches.suse/x86-bpf-Use-alternative-RET-encoding.patch.
- Refresh
  patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
- Refresh
  patches.suse/x86-bugs-Add-Cannon-lake-to-RETBleed-affected-CPU-list.patch.
- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
- Refresh
  patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch.
- Refresh
  patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- Refresh
  patches.suse/x86-bugs-Group-MDS-TAA-Processor-MMIO-Stale-Data-mitigations.patch.
- Refresh
  patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch.
- Refresh
  patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch.
- Refresh
  patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch.
- Refresh
  patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch.
- Refresh
  patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch.
- Refresh
  patches.suse/x86-common-Stamp-out-the-stepping-madness.patch.
- Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch.
- Refresh patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch.
- Refresh
  patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch.
- Refresh
  patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- Refresh
  patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch.
- Refresh patches.suse/x86-retpoline-Use-mfunction-return.patch.
- Refresh
  patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch.
- Refresh
  patches.suse/x86-speculation-Add-a-common-function-for-MD_CLEAR-mitigation-update.patch.
- Refresh
  patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Refresh
  patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch.
- Refresh
  patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch.
- Refresh
  patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch.
- Refresh
  patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch.
- Refresh
  patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Add-mitigation-for-Processor-MMIO-Stale-Data.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Add-sysfs-reporting-for-Processor-MMIO-Stale-Data.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Enable-CPU-Fill-buffer-clearing-on-idle.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Enumerate-Processor-MMIO-Stale-Data-bug.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Reuse-SRBDS-mitigation-for-SBDS.patch.
- Refresh
  patches.suse/x86-speculation-srbds-Update-SRBDS-mitigation-selection.patch.
- Refresh
  patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch.
- Refresh patches.suse/x86-xen-Rename-SYS-entry-points.patch.
- commit 94dfede
- arm64: dts: marvell: espressobin: add ethernet alias (git-fixes)
- commit ed82a39
- blacklist.conf: blocks a driver from building
- commit 2f8d19f
- arm64: dts: mcbin: support 2W SFP modules (git-fixes)
- commit 1950671
- arm64: lib: Use modern annotations for assembly functions (git-fixes)
  Refresh patches.suse/arm64-clear_page-shouldn-t-use-DC-ZVA-when-DCZID_EL0.DZP-1.patch.
- commit fb5a868
- spi: <linux/spi/spi.h>: add missing struct kernel-doc entry
  (git-fixes).
- Refresh
  patches.kabi/move-devm_allocate-to-end-of-structure-for-kABI.patch.
- commit 8e36894
- arm64: asm: Add new-style position independent function annotations (git-fixes)
- commit a5d53f5
- usbnet: fix memory leak in error case (git-fixes).
- commit 988ba16
- arm64: module: rework special section handling (git-fixes)
- commit 7d368bc
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit fb0447a
- dm mirror log: round up region bitmap size to BITS_PER_LONG
  (git-fixes).
- md: bcache: check the return value of kzalloc() in
  detached_dev_do_request() (git-fixes).
- dm crypt: make printing of the key constant-time (git-fixes).
- dm integrity: fix error code in dm_integrity_ctr() (git-fixes).
- dm stats: add cond_resched when looping over entries
  (git-fixes).
- md/raid0: Ignore RAID0 layout if the second zone has only one
  device (git-fixes).
- hex2bin: make the function hex_to_bin constant-time (git-fixes).
- dm integrity: fix memory corruption when tag_size is less than
  digest size (git-fixes).
- block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes).
- dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
  (git-fixes).
- block: don't delete queue kobject before its children
  (git-fixes).
- block: bio-integrity: Advance seed correctly for larger interval
  sizes (git-fixes).
- block: Fix wrong offset in bio_truncate() (git-fixes).
- block: Fix fsync always failed if once failed (git-fixes).
- dm btree remove: fix use after free in rebalance_children()
  (git-fixes).
- dm: fix mempool NULL pointer race when completing IO
  (git-fixes).
- dm crypt: Avoid percpu_counter spinlock contention in
  crypt_page_alloc() (git-fixes).
- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
  (git-fixes).
- blk-zoned: allow zone management send operations without
  CAP_SYS_ADMIN (git-fixes).
- dm btree remove: assign new_root only when removal succeeds
  (git-fixes).
- dm snapshot: properly fix a crash when an origin has no
  snapshots (git-fixes).
- dm snapshot: fix crash with transient storage and zero chunk
  size (git-fixes).
- dm raid: fix inconclusive reshape layout on fast raid4/5/6
  table reload sequences (git-fixes).
- dm space map common: fix division bug in sm_ll_find_free_block()
  (git-fixes).
- dm persistent data: packed struct should have an aligned()
  attribute too (git-fixes).
- md/bitmap: wait for external bitmap writes to complete during
  tear down (git-fixes).
- dm verity: fix FEC for RS roots unaligned to block size
  (git-fixes).
- dm bufio: subtract the number of initial sectors in
  dm_bufio_get_device_size (git-fixes).
- md: Set prev_flush_start and flush_bio in an atomic way
  (git-fixes).
- dm integrity: conditionally disable "/recalculate"/ feature
  (git-fixes).
- dm integrity: fix a crash if "/recalculate"/ used without
  "/internal_hash"/ (git-fixes).
- dm integrity: fix the maximum number of arguments (git-fixes).
- dm snapshot: flush merged data before committing metadata
  (git-fixes).
- lib/string.c: implement stpcpy (git-fixes).
- commit ab41893
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty
  rx queue (bsc#1201381).
- commit ae4d431
- Refresh
  patches.suse/crypto-qat-remove-dma_free_coherent-for-DH.patch.
  revert the effect of mainline 453431a54934d917153 on patch.
- Refresh
  patches.suse/crypto-qat-remove-dma_free_coherent-for-RSA.patch.
  revert the effect of mainline 453431a54934d917153 on patch.
- commit 5e710e7
- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
- crypto: qat - fix memory leak in RSA (git-fixes).
- crypto: qat - set to zero DH parameters before free (git-fixes).
- crypto: qat - disable registration of algorithms (git-fixes).
- commit 8d18bba
- rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer
  Dwarves 1.22 or newer is required to build kernels with BTF information
  embedded in modules.
- commit 2dbbe9d
- scripts: dummy-tools, add pahole (jsc#SLE-24559).
- commit 6a3fc85
- pty: do tty_flip_buffer_push without port->lock in pty_write
  (bsc#1198829 CVE-2022-1462).
- commit ce8f318
- tty: use new tty_insert_flip_string_and_push_buffer() in
  pty_write() (bsc#1198829 CVE-2022-1462).
- tty: extract tty_flip_buffer_commit() from
  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
- commit cbf8ad3
- bpf: Add config to allow loading modules with BTF mismatches (jsc#SLE-24559).
- Update config files:
  - MODULE_ALLOW_BTF_MISMATCH=y
- commit 0660602
- bpf: Keep module's btf_data_size intact after load (jsc#SLE-24559).
- Refresh
  patches.kabi/kabi-create-module-private-struct-to-hold-btf-size-data.patch.
- commit 6a4211c
- bpf: Sanitize BTF data pointer after module is loaded (jsc#SLE-24559).
- Refresh
  patches.kabi/kabi-create-module-private-struct-to-hold-btf-size-data.patch.
- commit ec84a18
- kbuild: Skip module BTF generation for out-of-tree external
  modules (jsc#SLE-24559).
- commit b411a90
- bpf: Load and verify kernel module BTFs (jsc#SLE-24559).
- kabi: create module private struct to hold btf size/data (jsc#SLE-24559).
- commit dd48d54
- kbuild: Build kernel module BTFs if BTF is enabled and pahole
  supports it (jsc#SLE-24559).
- Update config files:
  - PAHOLE_HAS_SPLIT_BTF=y
  - DEBUG_INFO_BTF_MODULES=y
- commit 00469b9
- bpf: Assign ID to vmlinux BTF and return extra info for BTF
  in GET_OBJ_INFO (jsc#SLE-24559).
- commit bf525c4
- bpf: Add in-kernel split BTF support (jsc#SLE-24559).
- commit de75fe3
- bpf: Provide function to get vmlinux BTF information (jsc#SLE-24559).
- Refresh
  patches.suse/bpf-Add-bpf_patch_call_args-prototype-to-include-lin.patch.
- commit 97960b8
- kbuild: rename any-prereq to newer-prereqs (jsc#SLE-24559).
- commit d74c2bd
- kbuild: drop $(wildcard $^) check in if_changed* for faster
  rebuild (jsc#SLE-24559).
- commit 2b23691
- kbuild: split final module linking out into Makefile.modfinal (jsc#SLE-24559).
- Refresh
  patches.suse/0008-scripts-Coccinelle-script-for-namespace-dependencies.patch.
- Refresh
  patches.suse/0026-modpost-do-not-invoke-extra-modpost-for-nsdeps.patch.
- Refresh
  patches.suse/0028-modpost-dump-missing-namespaces-into-a-single-module.patch.
- Refresh
  patches.suse/0029-scripts-nsdeps-support-nsdeps-for-external-module-bu.patch.
- commit 860eb7e
- kbuild: rebuild modules when module linker scripts are updated (jsc#SLE-24559).
- Refresh
  patches.suse/kbuild-stop-filtering-out-GCC_PLUGINS_CFLAGS-from-cc.patch.
- commit e48ca3e
- kbuild: add marker for build log of *.mod.o (jsc#SLE-24559).
- commit 089d37f
- io_uring: fix fs->users overflow  (CVE-2022-1116, bsc#1199647).
- commit e8dfed6
- scsi: sd: Fix potential NULL pointer dereference (git-fixes).
- scsi: scsi_debug: Sanity check block descriptor length in
  resp_mode_select() (git-fixes).
- scsi: core: Put LLD module refcnt after SCSI device is released
  (git-fixes).
- scsi: core: Retry I/O for Notify (Enable Spinup) Required error
  (git-fixes).
- scsi: core: Only put parent device if host state differs from
  SHOST_CREATED (git-fixes).
- scsi: core: Put .shost_dev in failure path if host state
  changes to RUNNING (git-fixes).
- scsi: core: Fix failure handling of scsi_add_host_with_dma()
  (git-fixes).
- scsi: core: Fix error handling of scsi_host_alloc() (git-fixes).
- scsi: ufs: handle cleanup correctly on devm_reset_control_get
  error (git-fixes).
- scsi: ufs: Release clock if DMA map fails (git-fixes).
- commit cad0d5f
- don't call utsname() after ->nsproxy is NULL (bsc#1201196).
- commit 12197a1
- mm/slub: add missing TID updates on slab deactivation
  (git-fixes).
- commit af73675
- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
- commit 89b5cfc
- xen: don't continue xenstore initialization in case of errors
  (git-fixes).
- commit a397042
- x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes).
- commit 223f7ba
- KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in
  intel_pmu_refresh() (git-fixes).
- commit 2a600a1
- KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS
  GPAs (git-fixes).
- commit a048eb5
- KVM: apic: avoid calculating pending eoi from an uninitialized
  val (git-fixes).
- commit bd607c6
- KVM: nVMX: handle nested posted interrupts when apicv is
  disabled for L1 (git-fixes).
- commit a486b7a
- KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF
  attacks (git-fixes).
- commit eb73c2f
- KVM: x86: Don't let userspace set host-reserved cr4 bits
  (git-fixes).
- commit 404b24a
- net: hso: bail out on interrupt URB allocation failure
  (git-fixes).
- commit f562212
- blacklist.conf: misattributed in upstream
- commit 202e210
- net: rose: fix UAF bugs caused by timer handler (CVE-2022-2318
  bsc#1201251).
- commit 84c7e09
- Update patch reference for rose fix (CVE-2022-2318 bsc#1201251)
- commit 4566057
- scsi: smartpqi: Update LUN reset handler (bsc#1200622).
- commit 8890fb5
- xen/netfront: force data bouncing when backend is untrusted
  (bsc#1200762, CVE-2022-33741, XSA-403).
- commit 7daee4f
- xen/netfront: fix leaking data in shared pages (bsc#1200762,
  CVE-2022-33740, XSA-403).
- commit bfb8cc2
- xen/blkfront: force data bouncing when backend is untrusted
  (bsc#1200762, CVE-2022-33742, XSA-403).
- commit 9c6c1df
- xen/blkfront: fix leaking data in shared pages (bsc#1200762,
  CVE-2022-26365, XSA-403).
- commit 7095954
- SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297).
- commit 72392d0
- blacklist.conf: Add 6a2d90ba027a ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
- commit 272b7b1
- selftest/powerpc: Add PAPR sysfs attributes sniff test
  (bsc#1200465 ltc#197256 jsc#PED-1931).
- powerpc/pseries: Interface to represent PAPR firmware attributes
  (bsc#1200465 ltc#197256 jsc#PED-1931).
- commit 9795281
- Add dtb-starfive
- commit 85335b1
- config: enable DEBUG_INFO_BTF
  This option allows users to access the btf type information for vmlinux
  but not kernel modules.
- commit fb07e10
- Add dtb-microchip
- commit c797107
- rpm/kernel-source.spec.in: temporary workaround for a build failure
  Upstream c6x architecture removal left a dangling link behind which
  triggers openSUSE post-build check in kernel-source, failing
  kernel-source build.
  A fix deleting the danglink link has been submitted but it did not make
  it into 5.12-rc1. Unfortunately we cannot add it as a patch as patch
  utility does not handle symlink removal. Add a temporary band-aid which
  deletes all dangling symlinks after unpacking the kernel source tarball.
  [jslaby] It's not that temporary as we are dragging this for quite some
  time in master. The reason is that this can happen any time again, so
  let's have this in packaging instead.
- commit 52a1ad7
- blacklist.conf: Add b4e00444cab4 fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
- commit b1b6d4b
krb5
- Fix integer overflows in PAC parsing; (CVE-2022-42898);
  (bso#15203), (bsc#1205126).
- Added patches:
  * 0010-Fix-integer-overflows-in-PAC-parsing.patch
libassuan
- update to 2.5.5:
  * Fix a crash in the logging code
  * Upgrade autoconf
- update to 2.5.4:
  * Fix some minor build annoyances
- Update to 2.5.3:
  * Add a timeout for writing to a SOCKS5 proxy.
  * Add workaround for a problem with LD_LIBRARY_PATH on newer systems.
- qemu-disable-fdpassing-test.patch: remove
-Update to 2.5.2:
  * configure.ac: Bump LT version to C8/A8/R2
  * include libassuan.pc in the spec file
libgpg-error
- Drop --with-pic (no effect with --disable-static).
- update to 1.42:
  * Improve cross-compiling support
  * Improve $libdir determination by gpgrt-config
  * Support --disable-thread by gen-lock-obj.sh
  * Interface changes relative to the 1.40 release
    GPG_ERR_SOURCE_TPM2D
- update to 1.41:
  * Fixes another glitch in the "/ignore"/ meta command.
  * Fixes two typos in the German translation.
  * New function gpgrt_access.
  * Make "/ignore"/ meta command work correctly in the option parser.
  * Interface changes relative to the 1.39 release:
  gpgrt_access                     NEW.
- Update to 1.39:
  * "/gpg-error --lib-version"/ works again.
  * New function gpgrt_fcancel as alternative to gpgrt_close. This
    function avoid flushing out buffered data and also tries to delete
    a newly created file.
  * Update the gnupg project keyring
  * Interface changes relative to the 1.38 release:
  - gpgrt_fcancel: NEW.
- Update to 1.38:
  * New option parser features to implement system wide
    configuration files
  * New functions to build file names
  * New function to help reallocating arrays
  * Protect gpgrt_inc_errorcount against counter overflow
- drop needless autotools build dependencies that were added for
  gawk5.patch
- Update to 1.37
  Release-info: https://dev.gnupg.org/T4772
  * Fixes a build problems when using Gawk 5.0  [#4459]
  * Improves cross-compiling support.  [#4643]
  * New error codes to map SQLite primary error codes.
  * Now uses poll(2) instead of select(2) in gpgrt_poll if possible.
  * Fixes a bug in gpgrt_close.  [#4698]
  * Fixes a few minor portability bugs.
  * New interfaces in this release:
    GPG_ERR_NO_KEYBOXD    GPG_ERR_KEYBOXD       GPG_ERR_NO_SERVICE
    GPG_ERR_SERVICE       GPG_ERR_SQL_OK        GPG_ERR_SQL_ERROR
    GPG_ERR_SQL_INTERNAL  GPG_ERR_SQL_PERM      GPG_ERR_SQL_ABORT
    GPG_ERR_SQL_BUSY      GPG_ERR_SQL_LOCKED    GPG_ERR_SQL_NOMEM
    GPG_ERR_SQL_READONLY  GPG_ERR_SQL_INTERRUPT GPG_ERR_SQL_IOERR
    GPG_ERR_SQL_CORRUPT   GPG_ERR_SQL_NOTFOUND  GPG_ERR_SQL_FULL
    GPG_ERR_SQL_CANTOPEN  GPG_ERR_SQL_PROTOCOL  GPG_ERR_SQL_EMPTY
    GPG_ERR_SQL_SCHEMA    GPG_ERR_SQL_TOOBIG    GPG_ERR_SQL_CONSTRAINT
    GPG_ERR_SQL_MISMATCH  GPG_ERR_SQL_MISUSE    GPG_ERR_SQL_NOLFS
    GPG_ERR_SQL_AUTH      GPG_ERR_SQL_FORMAT    GPG_ERR_SQL_RANGE
    GPG_ERR_SQL_NOTADB    GPG_ERR_SQL_NOTICE    GPG_ERR_SQL_WARNING
    GPG_ERR_SQL_ROW       GPG_ERR_SQL_DONE
- Remove patch fixed upstream.
  * gawk5.patch
- Add patch to fix buidling with gawk 5.0 and newer:
  * gawk5.patch
- Update to 1.36:
  * Two new error codes to better support PIV cards
  * Support armv7a-unknown-linux-gnueabihf
- Update to 1.35:
  * Distribute the correct gpgrt-config
- update to 1.34:
  * Support for riscv32
  * New API to allow emergency cleanup after internal fatal errors
  * Minor bug and portability fixes
- update to 1.33:
  * New unified config script gpgrt-config
  * The log functions now sanitize strings printed with the "/%s"/
    format specifier
  * New fprintf style function to apply a custom filter for string
    arguments
  * New function to compare version strings
- Update to 1.32:
  * Fixes a problem with gpgrt_fflush and gpgrt_fopencookie
  * Fixes a problem with the C11 header stdnoreturn.h
- Fix %install_info_delete usage:
  * It has to be performed in %preun not in %postun.
  * See https://en.opensuse.org/openSUSE:Packaging_Conventions_RPM_Macros#.25install_info_delete.
- update to 1.31:
  * Fixes for platforms other than GNU/Linux
  * New translation for Spanish
- update to 1.30:
  * fixes for platforms other than GNU/Linux
  * Use %license (boo#1082318)
libksba
- Security fix: [bsc#1206579, CVE-2022-47629]
  * Integer overflow in the CRL signature parser.
  * Add libksba-CVE-2022-47629.patch
- Security fix: [bsc#1204357, CVE-2022-3515]
  * Detect a possible overflow directly in the TLV parser.
  * Add libksba-CVE-2022-3515.patch
libtasn1
- Add libtasn1-CVE-2021-46848.patch: Fixed off-by-one array size check
  that affects asn1_encode_simple_der (CVE-2021-46848, bsc#1204690).
libtirpc
- consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding
  to a random port (bsc#1199467)
  - add binddynport-honor-ip_local_reserved_ports.patch
- fix CVE-2021-46828: libtirpc: DoS vulnerability with lots of
  connections (bsc#1201680)
  - add 0001-Fix-DoS-vulnerability-in-libtirpc.patch
-exclude ipv6 addresses in client protocol 2 code (bsc#1200800)
  - update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
- fix memory leak in params.r_addr assignement (bsc#1198752)
  - add 0001-fix-parms.r_addr-memory-leak.patch
libxml2
- Add W3C conformance tests to the testsuite (bsc#1204585):
  * Added file xmlts20080827.tar.gz
- Security fixes:
  * [CVE-2022-40303, bsc#1204366] Fix integer overflows with
    XML_PARSE_HUGE
    + Added patch libxml2-CVE-2022-40303.patch
  * [CVE-2022-40304, bsc#1204367] Fix dict corruption caused by
    entity reference cycles
    + Added patch libxml2-CVE-2022-40304.patch
- Security fix: [bsc#1201978, CVE-2016-3709]
  * Cross-site scripting vulnerability after commit 960f0e2
  * Add libxml2-CVE-2016-3709.patch
libyajl
- add libyajl-CVE-2022-24795.patch (CVE-2022-24795, bsc#1198405)
libzypp
- Resolver: Fix missing --[no]-recommends initialization in
  update (fixes #openSUSE/zypper#459, bsc#1201972)
- Log ONLY_NAMESPACE_RECOMMENDED because this is what corresponds
  to --[no]-recommends.
- version 17.31.2 (22)
- UsrEtc: Store logrotate files in %{_distconfdir} if defined
  (fixes #402)
- Log backtrace on SIGABRT too.
- Need to explicitly enable building experimental code. Otherwise
  an old Notcurses++ package which happens to be present in the
  buildenv breaks the build (fixes #412).
- Work around libyui/libyui#78 on code 15.4 and older.
- Stop using std::*ary_function; deprecated and removed in c++17.
- Don't expose header files which use types not available in
  c++11.  In 15.3 and older, YAST and PK compile with -std=c++11.
- Remove no longer needed %post code (bsc#1203649)
- Enable zck support for SLE15-SP4 and newer. On Leap it is enabled
  since 15.1 (bsc#1189282)
- version 17.31.1 (22)
- Add PoolItem::statusReinit to reset the status it's initial
  state in the ResPool (might help bsc#1199895)
  This may either be 'KEEP_STATE bySOLVER' or 'LOCKED byUSER' if
  the PoolItem matched a hard lock defined in /etc/zypp/locks.
- Fix building with GCC 13 on i586 (fixes #407, fixes #396)
- Be prepared to receive exceptions from curl_easy_cleanup
  (bsc#1201092)
- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
- Remove Medianetwork and dependend code.
  This commit removes the MediaNetwork tech preview and all related
  code. First reason for this is that MediaNetwork was just meant
  as a way to test the new CURL based downloader and second: since
  the Provide API is going to completely replace the current media
  backend it would be extra work to ensure that changes on the
  Downloader do not break MediaNetwork.
- version 17.31.0 (22)
- Fix building with GCC 12.x release (#396)
- version 17.30.3 (22)
lvm2
- killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216)
  - bug-1203216_lvmlockd-purge-the-lock-resources-left-in-previous-l.patch
- dracut-initqueue timeouts with 5.3.18-150300.59.63 kernel on ppc64le (bsc#1199074)
  - in lvm2.spec, change device_mapper_version from 1.02.163 to %{lvm2_version}_1.02.163
- lvm2.spec %post deletes libdevmapper and triggers kernel panic (bsc#1198523)
  - change %post behaviour, only do deleting job for non-link folder
nfs-utils
- add 0025-nfsdcltrack-getopt_long-fails-on-a-non-x86_64-archs.patch
  Fix nfsdcltrack bug that affected non-x86 archs.
  (bsc#1202627)
- 0024-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch
  Ensure sysctl setting work (bsc#1199856)
nfsidmap
- 0001-Removed-some-unused-and-set-but-not-used-warnings.patch
  0002-Handle-NULL-names-better.patch
  0003-Strip-newlines-out-of-IDMAP_LOG-messages.patch
  0004-onf_parse_line-Ignore-whitespace-at-the-beginning-of.patch
  0005-nss.c-wrong-check-of-return-value.patch
  0006-Fixed-a-memory-leak-nss_name_to_gid.patch
  Various bugfixes and improvemes from upstream
  In particular, 0001 fixes a crash that can happen when
  a 'static' mapping is configured.
  (bnc#1200901)
oniguruma
- Added d3e402928b6eb3327f8f7d59a9edfa622fec557b.patch: (boo#1157805 CVE-2019-19246)
  oniguruma: Heap-based buffer over-read in str_lower_case_match in regexec.c
- Added 6eb4aca6a7f2f60f473580576d86686ed6a6ebec.patch: (boo#1164569 CVE-2019-19204)
  oniguruma: heap-based buffer over-read in function fetch_interval_quantifier in regparse.c
- Added aa0188eaedc056dca8374ac03d0177429b495515.patch: (boo#1164550 CVE-2019-19203)
  oniguruma: heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c
- Added 4097828d7cc87589864fecf452f2cd46c5f37180.patch: (boo#1150130 CVE-2019-16163)
  oniguruma: stack Exhaustion in regcomp.c because of recursion in regparse.c.
- Added cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0.patch: (boo#1177179 CVE-2020-26159)
  oniguruma: Buffer overflow in concat_opt_exact_str could result in DoS
- Added 0f7f61ed1b7b697e283e37bd2d731d0bd57adb55.patch: (boo#1142847 CVE-2019-13224)
  oniguruma: use-after-free in onig_new_deluxe() in regext.c
open-iscsi
- Modify SPEC file so systemd unit files are mode 644 (not 755)
  (bsc#1200570)
- For Tumbleweed, moved logrotate files from user-specific
  directory /etc/logrotate.d to vendor-specific
  /usr/etc/logrotate.d
  (for Stefan Schubert <schubi@suse.com>)
openldap2
- bsc#1198341 - Prevent memory reuse which may lead to instability
  * 0243-Change-malloc-to-use-calloc-to-prevent-memory-reuse-.patch
openssh
- Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish: Make ssh
  connections update their dbus environment (bsc#1179465).
- Add openssh-do-not-send-empty-message.patch: Prevent empty
  messages from being sent. This avoids a superfluous new line
  (bsc#1192439).
openssl-1_1
- Security Fix: [bsc#1207533, CVE-2023-0286]
  * Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp
    for x400Address
  * Add openssl-CVE-2023-0286.patch
- Security Fix: [bsc#1207536, CVE-2023-0215]
  * Use-after-free following BIO_new_NDEF()
  * Add patches:
  - openssl-CVE-2023-0215-1of4.patch
  - openssl-CVE-2023-0215-2of4.patch
  - openssl-CVE-2023-0215-3of4.patch
  - openssl-CVE-2023-0215-4of4.patch
- Security Fix: [bsc#1207538, CVE-2022-4450]
  * Double free after calling PEM_read_bio_ex()
  * Add patches:
  - openssl-CVE-2022-4450-1of2.patch
  - openssl-CVE-2022-4450-2of2.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
  * Timing Oracle in RSA Decryption
  * Add patches:
  - openssl-CVE-2022-4304-1of2.patch
  - openssl-CVE-2022-4304-2of2.patch
- FIPS: list only FIPS approved public key algorithms
  [bsc#1121365, bsc#1198472]
  * Add openssl-1_1-fips-list-only-approved-pubkey-algorithms.patch
- Added openssl-1_1-paramgen-default_to_rfc7919.patch
  * bsc#1180995
  * Default to RFC7919 groups when generating ECDH parameters
    using 'genpkey' or 'dhparam' in FIPS mode.
- Fix memory leaks introduced by openssl-1.1.1-fips.patch [bsc#1203046]
  * Add patch openssl-1.1.1-fips-fix-memory-leaks.patch
pam
- Update pam_motd to the most current version. This fixes various issues
  and adds support for mot.d directories [jsc#PED-1712].
  * Added: pam-ped1712-pam_motd-directory-feature.patch
perl
- fix File::Path rmtree/remove_tree race condition
  [bnc#1047178] [CVE-2017-6512]
  new patch: perl-file_path_rmtree_fchmod.diff
permissions
  * Backport postfix to SLE-15-SP2 (bsc#1206738)
- Update to version 20181225:
  * Revert "/drop ping capabilities in favor of ICMP_PROTO sockets"/. Older
    SLE-15 versions don't properly support this feature yet (bsc#1204137)
- Update to version 20181225:
  * fix regression introduced by backport of security fix (bsc#1203911)
- Update to version 20181225:
  * chkstat: also consider group controlled paths (bsc#1203018, CVE-2022-31252)
- Update to version 20181225:
procps
- Extend patch procps-3.3.17-library-bsc1181475.patch (bsc#1206412)
- Make sure that correct library version is installed (bsc#1206412)
- Add the patches
  * procps-3.3.17-library-bsc1181475.patch
  * procps-3.3.17-top-bsc1181475.patch
  which are backports of current newlib tree to solve bug bsc#1181475
  * 'free' command reports misleading "/used"/ value
protobuf
- Fix a potential DoS issue in protobuf-cpp and protobuf-python,
  CVE-2022-1941, bsc#1203681
  * Add protobuf-CVE-2022-1941.patch
- Fix a potential DoS issue when parsing with binary data in
  protobuf-java, CVE-2022-3171, bsc#1204256
  * Add protobuf-CVE-2022-3171.patch
- Refresh protobuf-CVE-2021-22570.patch
- Backport changes from 3.16.x tree for apply recent CVE patches
  * Add protobuf-51026d922970e06475f005b39287963594134b96.patch
  * Add protobuf-6ee16a9c60e734104aeb738503fe3f411c97bd88.patch
  * Add protobuf-73e0d748b9acdc40b693f2879ce82ecb1a849b81.patch
  * Add protobuf-7bff8393cab939bfbb9b5c69b3fe76b4d83c41ee.patch
  * Add protobuf-4f02f056b5cea99052bfdfb6698afe47a3cf2964.patch
  * Add protobuf-763c3588740b97e8e80b1b1a1a2dc4f417647133.patch
  * Add protobuf-6c92f9dff1807c142edf6780d775b58a3b078591.patch
  * Add protobuf-4e93585e8bb234efeacb7737b8d080968c5ab91e.patch
  * Add protobuf-58d4420e2dd8a3cd354fff9db0052881c25369ce.patch
- Reorganize patch set ordering
- Fix potential Denial of Service in protobuf-java in the parsing procedure
  for binary data, CVE-2021-22569, bsc#1194530
  * Add protobuf-improve-performance-of-parsing-unknown-fields-in-Java.patch
python-certifi
- remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle
  certs (bsc#1206212 CVE-2022-23491)
  - TrustCor RootCert CA-1
  - TrustCor RootCert CA-2
  - TrustCor ECA-1
- Add removeTrustCor.patch
python-cryptography
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)
- Refresh patches for new version
  + 5507-mitigate-Bleichenbacher-attacks.patch
- update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331):
  * SECURITY ISSUE: Fixed a bug where certain sequences of update()
    calls when symmetrically encrypting very large payloads (>2GB) could
    result in an integer overflow, leading to buffer overflows.
    CVE-2020-36242
  - drops CVE-2020-36242-buffer-overflow.patch on older dists
- update to 3.3.1:
  * Re-added a legacy symbol causing problems for older ``pyOpenSSL`` use
- Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
- update to 3.3.0
  - BACKWARDS INCOMPATIBLE: Support for Python 3.5 has been removed
    due to low usage and maintenance burden.
  - BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit
    to 1024-bit (8 byte to 128 byte) initialization vectors. This
    change is to conform with an upcoming OpenSSL release that will
    no longer support sizes outside this window.
  - BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we
    now raise ValueError rather than UnsupportedAlgorithm when an
    unsupported cipher is used. This change is to conform with an
    upcoming OpenSSL release that will no longer distinguish
    between error types.
  - BACKWARDS INCOMPATIBLE: We no longer allow loading of finite
    field Diffie-Hellman parameters of less than 512 bits in
    length. This change is to conform with an upcoming OpenSSL
    release that no longer supports smaller sizes. These keys were
    already wildly insecure and should not have been used in any
    application outside of testing.
  - Updated Windows, macOS, and manylinux wheels to be compiled
    with OpenSSL 1.1.1i.
  - Python 2 support is deprecated in cryptography. This is the
    last release that will support Python 2.
  - Added the recover_data_from_signature() function to
    RSAPublicKey for recovering the signed data from an RSA
    signature.
- Remove unnecessary dependency virtualenv.
- update to 3.2.1:
  Disable blinding on RSA public keys to address an error with
  some versions of OpenSSL.
- update to 3.2 (bsc#1178168, CVE-2020-25659):
  * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time,
    to protect against Bleichenbacher vulnerabilities. Due to limitations imposed
    by our API, we cannot completely mitigate this vulnerability.
  * Support for OpenSSL 1.0.2 has been removed.
  * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.
- drops 5507-mitigate-Bleichenbacher-attacks.patch on older dists
- update to 3.1.1:
  * wheels compiled with OpenSSL 1.1.1h.
- update to 3.1:
  * **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based
    :term:`U-label` parsing in various X.509 classes. This support was originally
    deprecated in version 2.1 and moved to an extra in 2.5.
  * Deprecated OpenSSL 1.0.2 support. OpenSSL 1.0.2 is no longer supported by
    the OpenSSL project. The next version of ``cryptography`` will drop support
    for it.
  * Deprecated support for Python 3.5. This version sees very little use and will
    be removed in the next release.
  * ``backend`` arguments to functions are no longer required and the
    default backend will automatically be selected if no ``backend`` is provided.
  * Added initial support for parsing certificates from PKCS7 files with
    :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`
    and
    :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`
    .
  * Calling ``update`` or ``update_into`` on
    :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data``
    longer than 2 :sup:`31` bytes no longer raises an ``OverflowError``. This
    also resolves the same issue in :doc:`/fernet`.
- update to 3.0
- refreshed disable-uneven-sizes-tests.patch and  skip_openssl_memleak_test.patch
  * Removed support for passing an Extension instance
    to from_issuer_subject_key_identifier(), as per our deprecation policy.
  * Support for LibreSSL 2.7.x, 2.8.x, and 2.9.0 has been removed
  * Dropped support for macOS 10.9, macOS users must upgrade to 10.10 or newer.
  * RSA generate_private_key() no longer accepts public_exponent values except
    65537 and 3 (the latter for legacy purposes).
  * X.509 certificate parsing now enforces that the version field contains
    a valid value, rather than deferring this check until version is accessed.
  * Deprecated support for Python 2
  * Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa
    private keys: load_ssh_private_key() for loading and OpenSSH for writing.
  * Added support for OpenSSH certificates to load_ssh_public_key().
  * Added encrypt_at_time() and decrypt_at_time() to Fernet.
  * Added support for the SubjectInformationAccess X.509 extension.
  * Added support for parsing SignedCertificateTimestamps in OCSP responses.
  * Added support for parsing attributes in certificate signing requests via get_attribute_for_oid().
  * Added support for encoding attributes in certificate signing requests via add_attribute().
  * On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL’s built-in CSPRNG
    instead of its own OS random engine because these versions of OpenSSL properly reseed on fork.
  * Added initial support for creating PKCS12 files with serialize_key_and_certificates().
- update to 2.9.2
  * 2.9.2 - 2020-04-22
  - Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15.
  * 2.9.1 - 2020-04-21
  - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g.
  * 2.9 - 2020-04-02
  - BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to
    low usage and maintenance burden.
  - BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.
    Users on older version of OpenSSL will need to upgrade.
  - BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
  - Removed support for calling public_bytes() with no arguments, as per
    our deprecation policy. You must now pass encoding and format.
  - BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()
    returns the RDNs as required by RFC 4514.
  - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f.
  - Added support for parsing single_extensions in an OCSP response.
  - NameAttribute values can now be empty strings.
- Add openSSL_111d.patch to make this version of the package
  compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792.
- bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in
  finalize_with_tag API
  * add disallow_implicit_tag_truncation.patch from
    https://github.com/pyca/cryptography/commit/688e0f673bfb.patch
python-py
- Remove all traces of py._path.svn{url,wc}. (bsc#1204364, CVE-2022-42969)
- Add patch remove-svn-remants.patch to help with that goal.
- Refresh pr_222.patch as needed for above.
python-pytz
- update to 2022.1
  * matches tzdata 2022a
  * declare python 3.10 compatibility
- update to 2021.3
  * matches tzdata 2021c
python-setuptools
- Add CVE-2022-40897-ReDos.patch to fix Regular Expression Denial of Service
  (ReDoS) in package_index.py.
  bsc#1206667
python3
- Add bpo27321-email-no-replace-header.patch to stop
  email.generator.py from replacing a non-existent header
  (bsc#1208443, gh#python/cpython#71508).
- Add bsc1188607-pythreadstate_clear-decref.patch to fix crash in
  the garbage collection (bsc#1188607).
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
  CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.
- Add CVE-2022-37454-sha3-buffer-overflow.patch to fix
  bsc#1204577 (CVE-2022-37454, gh#python/cpython#98517) buffer
  overflow in hashlib.sha3_* implementations (originally from the
  XKCP library).
- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
  CVE-2020-10735 (bsc#1203125) to limit amount of digits
  converting text to int and vice vera (potential for DoS).
  Originally by Victor Stinner of Red Hat.
- Add patch CVE-2021-28861-double-slash-path.patch:
  * http.server: Fix an open redirection vulnerability in the HTTP server
    when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
- Remove merged patch CVE-2020-8492-urllib-ReDoS.patch,
  CRLF_injection_via_host_part.patch, and
  CVE-2019-18348-CRLF_injection_via_host_part.patch.
rsyslog
-  fix parsing of legacy config syntax (bsc#1205275)
  * add:
    0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch
    0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch
- - fix segfault in qDeqLinkedList during shutdown (bsc#1199283)
  * add 0001-queue-Add-NULL-check-in-qDeqLinkedList.patch
ruby2
- Update suse.patch to 41adc98ad1:
  - Cookie Prefix Spoofing in CGI::Cookie.parse (boo#1193081 CVE-2021-41819)
- add back some lost chunks to the suse.patch
runc
- Update to runc v1.1.4. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.4.
  * Fix mounting via wrong proc fd. When the user and mount namespaces are
    used, and the bind mount is followed by the cgroup mount in the spec,
    the cgroup was mounted using the bind mount's mount fd.
  * Switch kill() in libcontainer/nsenter to sane_kill().
  * Fix "/permission denied"/ error from runc run on noexec fs.
  * Fix failed exec after systemctl daemon-reload. Due to a regression
    in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and
    was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded.
    (boo#1202821)
- Update to runc v1.1.4. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.4.
  bsc#1202021
  * Fix mounting via wrong proc fd. When the user and mount namespaces are
    used, and the bind mount is followed by the cgroup mount in the spec,
    the cgroup was mounted using the bind mount's mount fd.
  * Switch kill() in libcontainer/nsenter to sane_kill().
  * Fix "/permission denied"/ error from runc run on noexec fs.
  * Fix failed exec after systemctl daemon-reload. Due to a regression
    in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and
    was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded.
    (boo#1202821)
samba
- CVE-2022-38023 Additional patches for the PDC role's netlogon
  server; (bso#15240); (bsc#1206504);
- CVE-2021-20251: samba: Bad password count not incremented
  atomically; (bso#14611); (bsc#1206546).
- Update to 4.15.13
  * CVE-2022-37966 rc4-hmac Kerberos session keys issued to
    modern servers; (bso#15237); (bsc#1205385);
  * CVE-2022-37967 Kerberos constrained delegation ticket forgery
    possible against Samba AD DC; (bso#15231); (bsc#1205386);
  * CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
    and should be avoided; (bso#15240); (bsc#1206504);
  * filter-subunit is inefficient with large numbers of
    knownfails; (bso#15258);
  * The KDC logic arround msDs-supportedEncryptionTypes differs
    from Windows; (bso#13135);
  * Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue;
    (bso#15197);
- Remove the systemd drop-in file for named service to allow
  read/write access to the DLZ directory as bind is not using
  systemd filesystem namespaces but bind-chrootenv; (bsc#1205946);
- Install a systemd drop-in file for named service to allow
  read/write access to the DLZ directory; (bsc#1201689);
- Update to 4.15.12
  * CVE-2022-42898: samba: heimdal: Samba buffer overflow
    vulnerabilities on 32-bit systems; (bso#15203); (bsc#1205126).
- Update to 4.15.11
  * Allow rebuild of Centos 8 images after move to vault for
    Samba 4.15; (bso#15193).
  * CVE-2022-3437: samba: Buffer overflow in Heimdal unwrap_des3();
    (bso#15134); (bsc#1204254)
- Update to 4.15.10
  * Possible use after free of connection_struct when iterating
    smbd_server_connection->connections; (bso#15128);
    (bsc#1200102).
  * smbXsrv_connection_shutdown_send result leaked; (bso#15174).
  * Spotlight RPC service returns wrong response when Spotlight
    is disabled on a share; (bso#15086).
  * acl_xattr VFS module may unintentionally use filesystem
    permissions instead of ACL from xattr; (bso#15126).
  * Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1;
    (bso#15153).
  * assert failed: !is_named_stream(smb_fname)"/) at
    ../../lib/util/fault.c:197; (bso#15161).
  * Missing READ_LEASE break could cause data corruption;
    (bso#15148).
  * rpcclient can crash using setuserinfo(2); (bso#15124).
  * Samba fails to build with glibc 2.36 caused by including
    <sys/mount.h> in libreplace; (bso#15132).
  * SMB1 negotiation can fail to handle connection errors;
    (bso#15152).
  * samba-tool domain join segfault when joining a samba ad
    domain; (bso#15078).
- Update to 4.15.9
  * CVE-2022-32742:SMB1 code does not correct verify SMB1write,
    SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
    (bsc#1201496).
  * CVE-2022-32746: samba: Use-after-free occurring in database
    audit logging; (bso#15009); (bso#15096); (bsc#1201490).
  * CVE-2022-2031: samba, ldb: AD users can bypass certain
    restrictions associated with changing passwords; (bso#15047);
    (bsc#1201495);
  * CVE-2022-32745: samba: ldb: AD users can crash the server
    process with an LDAP add or modify request; (bso#15008);
    (bso#15096); (bsc#1201492).
  * CVE-2022-2031: samba, ldb: AD users can bypass certain
    restrictions associated with changing passwords; (bso#15047);
    (bsc#1201495);
  * CVE-2022-32744: samba, ldb: AD users can forge password change
    requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- CVE-2022-1615: Do not ignore errors in random number generation;
  (bso#15103); (bsc#1202976);
- CVE-2022-32743: Implement validated dnsHostName write rights;
  (bso#14833); (bsc#1202803);
- Fix Use after free when iterating
  smbd_server_connection->connections after tree disconnect
  failure; (bso#15128); (bsc#1200102).
sqlite3
- bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch:
  relying on --safe for execution of an untrusted CLI script
- update to 3.39.3:
  * Use a statement journal on DML statement affecting two or more
    database rows if the statement makes use of a SQL functions
    that might abort.
  * Use a mutex to protect the PRAGMA temp_store_directory and
    PRAGMA data_store_directory statements, even though they are
    decremented and documented as not being threadsafe.
- update to 3.39.2:
  * Fix a performance regression in the query planner associated
    with rearranging the order of FROM clause terms in the
    presences of a LEFT JOIN.
  * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
    1345947, forum post 3607259d3c, and other minor problems
    discovered by internal testing. [boo#1201783]
- update to 3.39.1:
  * Fix an incorrect result from a query that uses a view that
    contains a compound SELECT in which only one arm contains a
    RIGHT JOIN and where the view is not the first FROM clause term
    of the query that contains the view
  * Fix a long-standing problem with ALTER TABLE RENAME that can
    only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set
    to a very small value.
  * Fix a long-standing problem in FTS3 that can only arise when
    compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time
    option.
  * Fix the initial-prefix optimization for the REGEXP extension so
    that it works correctly even if the prefix contains characters
    that require a 3-byte UTF8 encoding.
  * Enhance the sqlite_stmt virtual table so that it buffers all of
    its output.
- update to 3.39.0:
  * Add (long overdue) support for RIGHT and FULL OUTER JOIN
  * Add new binary comparison operators IS NOT DISTINCT FROM and
    IS DISTINCT FROM that are equivalent to IS and IS NOT,
    respective, for compatibility with PostgreSQL and SQL standards
  * Add a new return code (value "/3"/) from the sqlite3_vtab_distinct()
    interface that indicates a query that has both DISTINCT and
    ORDER BY clauses
  * Added the sqlite3_db_name() interface
  * The unix os interface resolves all symbolic links in database
    filenames to create a canonical name for the database before
    the file is opened
  * Defer materializing views until the materialization is actually
    needed, thus avoiding unnecessary work if the materialization
    turns out to never be used
  * The HAVING clause of a SELECT statement is now allowed on any
    aggregate query, even queries that do not have a GROUP BY
    clause
  * Many microoptimizations collectively reduce CPU cycles by about
    2.3%.
- drop sqlite-src-3380100-atof1.patch, included upstream
- add sqlite-src-3390000-func7-pg-181.patch to skip float precision
  related test failures on 32 bit
- update to 3.38.5:
  * Fix a blunder in the CLI of the 3.38.4 release
- includes changes from 3.38.4:
  * fix a byte-code problem in the Bloom filter pull-down
    optimization added by release 3.38.0 in which an error in the
    byte code causes the byte code engine to enter an infinite loop
    when the pull-down optimization encounters a NULL key
- update to 3.38.3:
  * Fix a case of the query planner be overly aggressive with
    optimizing automatic-index and Bloom-filter construction,
    using inappropriate ON clause terms to restrict the size of the
    automatic-index or Bloom filter, and resulting in missing rows
    in the output.
  * Other minor patches. See the timeline for details.
- update to 3.38.2:
  * Fix a problem with the Bloom filter optimization that might
    cause an incorrect answer when doing a LEFT JOIN with a WHERE
    clause constraint that says that one of the columns on the
    right table of the LEFT JOIN is NULL.
  * Other minor patches.
- Remove obsolete configure flags
- Package the Tcl bindings here again so that we only ship one copy
  of SQLite (bsc#1195773).
- update to 3.38.1:
  * Fix problems with the new Bloom filter optimization that might
    cause some obscure queries to get an incorrect answer.
  * Fix the localtime modifier of the date and time functions so
    that it preserves fractional seconds.
  * Fix the sqlite_offset SQL function so that it works correctly
    even in corner cases such as when the argument is a virtual
    column or the column of a view.
  * Fix row value IN operator constraints on virtual tables so that
    they work correctly even if the virtual table implementation
    relies on bytecode to filter rows that do not satisfy the
    constraint.
  * Other minor fixes to assert() statements, test cases, and
    documentation. See the source code timeline for details.
- add upstream patch to run atof1 tests only on x86_64
  sqlite-src-3380100-atof1.patch
- update to 3.38.0
  * Add the -> and ->> operators for easier processing of JSON
  * The JSON functions are now built-ins
  * Enhancements to date and time functions
  * Rename the printf() SQL function to format() for better
    compatibility, with alias for backwards compatibility.
  * Add the sqlite3_error_offset() interface for helping localize
    an SQL error to a specific character in the input SQL text
  * Enhance the interface to virtual tables
  * CLI columnar output modes are enhanced to correctly handle tabs
    and newlines embedded in text, and add options like "/--wrap N"/,
    "/--wordwrap on"/, and "/--quote"/ to the columnar output modes.
  * Query planner enhancements using a Bloom filter to speed up
    large analytic queries, and a balanced merge tree to evaluate
    UNION or UNION ALL compound SELECT statements that have an
    ORDER BY clause.
  * The ALTER TABLE statement is changed to silently ignores
    entries in the sqlite_schema table that do not parse when
    PRAGMA writable_schema=ON
- update to 3.37.2:
  * Fix a bug introduced in version 3.35.0 (2021-03-12) that can
    cause database corruption if a SAVEPOINT is rolled back while
    in PRAGMA temp_store=MEMORY mode, and other changes are made,
    and then the outer transaction commits
  * Fix a long-standing problem with ON DELETE CASCADE and ON
    UPDATE CASCADE in which a cache of the bytecode used to
    implement the cascading change was not being reset following a
    local DDL change
- update to 3.37.1:
  * Fix a bug introduced by the UPSERT enhancements of version
    3.35.0 that can cause incorrect byte-code to be generated for
    some obscure but valid SQL, possibly resulting in a NULL-
    pointer dereference.
  * Fix an OOB read that can occur in FTS5 when reading corrupt
    database files.
  * Improved robustness of the --safe option in the CLI.
  * Other minor fixes to assert() statements and test cases.
- SQLite3 3.37.0:
  * STRICT tables provide a prescriptive style of data type
    management, for developers who prefer that kind of thing.
  * When adding columns that contain a CHECK constraint or a
    generated column containing a NOT NULL constraint, the
    ALTER TABLE ADD COLUMN now checks new constraints against
    preexisting rows in the database and will only proceed if no
    constraints are violated.
  * Added the PRAGMA table_list statement.
  * Add the .connection command, allowing the CLI to keep multiple
    database connections open at the same time.
  * Add the --safe command-line option that disables dot-commands
    and SQL statements that might cause side-effects that extend
    beyond the single database file named on the command-line.
  * CLI: Performance improvements when reading SQL statements that
    span many lines.
  * Added the sqlite3_autovacuum_pages() interface.
  * The sqlite3_deserialize() does not and has never worked
    for the TEMP database. That limitation is now noted in the
    documentation.
  * The query planner now omits ORDER BY clauses on subqueries and
    views if removing those clauses does not change the semantics
    of the query.
  * The generate_series table-valued function extension is modified
    so that the first parameter ("/START"/) is now required. This is
    done as a way to demonstrate how to write table-valued
    functions with required parameters. The legacy behavior is
    available using the -DZERO_ARGUMENT_GENERATE_SERIES
    compile-time option.
  * Added new sqlite3_changes64() and sqlite3_total_changes64()
    interfaces.
  * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
  * Use less memory to hold the database schema.
  * bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert
    extension when a column has no collating sequence.
sudo
- Added sudo-CVE-2023-22809.patch
  * CVE-2023-22809
  * bsc#1207082
  * Prevent '--' in the EDITOR environment variable which can allow
    users to edit sensitive files as root.
- Added sudo-utf8-ldap-schema.patch
  * Change sudo-ldap schema from ASCII to UTF8.
  * Fixes bsc#1197998
  * Credit to William Brown <william.brown@suse.com>
  * https://github.com/sudo-project/sudo/pull/163
- Added sudo-observe-SIGCHLD.patch
  * Make sure SIGCHLD is not ignored when sudo is executed; fixes
    race condition.
  * bsc#1203201
  * Sourced from https://github.com/sudo-project/sudo/commit/727056e
- Added sudo-CVE-2022-43995.patch
  * CVE-2022-43995
  * bsc#1204986
  * Fixed a potential heap-based buffer over-read when entering a password
    of seven characters or fewer and using the crypt() password backend.
- Fixed an issue where some redundant entries in a sudo configuration
  file caused freed memory to be accessed in the error message thus
  wrong information was output in the error message.
  * [bsc#1190818]
  * Added [sudo-1.9.5p2-no_free_alias_name.patch]
    Sourced from the following git commit hashes:
    | 9ed14870c Add garbage collection to the sudoers parser to clean
    up on error. This makes it possible to avoid memory leaks when
    there is a parse error.
    | bdb02b1ef Got back to calling alias_free() on alias_add() failure.
    We now need to remove the name and members from the leak list
  * before* calling alias_add() since alias_add() will consume them
    for both success and failure.
    | b4cabdb39 Don't free the alias name in alias_add() if the alias
    already exists. We need to be able to display it using
    alias_error(). Only free what we actually allocated in alias_add()
    on error and let the caller handle cleanup.  Note that we cannot
    completely fill in the alias until it is inserted.  Otherwise,
    we will have modified the file and members parameters even if
    there was an error. As a result, we have to remove those from the
    leak list after alias_add(), not before.
supportutils
- Added lifecycle information (issue#140)
- Changes to version 3.1.21
  + Added type output with df command in fs-diskio.txt (issue#141)
  + Gather all files in /etc/security/limits.d/ (issue#142)
  + Fixed KVM virtualization detection on bare metal (bsc#1184689)
  + Added logging using journalctl (bsc#1200330)
  + Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818)
  + Added system logging configuration and checking in messages_config.txt (issue#103)
  + If rsyslog not installed collect more from journalctl (issue#120)
  + Added systemd-status.txt for the status of all service units (issue#125)
  + autofs includes files in (+dir:<path>) (issue#111)
  + Get current sar data before collecting files (bsc#1192648)
  + Collects everything in /etc/multipath/ (bsc#1192252)
  + Collects power management information in hardware.txt (bsc#1197428)
  + Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337)
  + Fixed conf_files and conf_text_files so y2log is gathered (issue#134, bsc#1202269)
  + Update to nvme_info and block_info #133 (bsc#1202417)
  + Added IO scheduler (issue#136)
  + Added includedir directories from /etc/sudoers (bsc#1188086)
- Added a listing to /dev/mapper/. #129
suse-build-key
- Establish multiple new 4096 RSA keys that we will switch
  to mid of 2023. (jsc#PED-2777)
  - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SLE (RPM+repos).
  - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserver key for SLE (RPM+repos).
  - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF RPMs.
  - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem:
    new RSA 4096 key for the SUSE registry registry.suse.com, installed as
    suse-container-key-2023.pem and suse-container-key-2023.asc
  - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem:
    New PTF container signing key for registry.suse.com/ptf/ space.
- added /usr/share/pki/containers directory for container pem keys
  (cosign/sigstore style), put our PEM key there too (bsc#1204706)
sysconfig
- version 0.85.9
- spec: revert to recommend wicked-service on <= 15.4
- netconfig: remove sed dependency
- netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093)
- netconfig: cleanup /var/run leftovers (bsc#1194557)
- netconfig: update ntp man page documentation, fix typos
- spec: drop legacy migration (from sle11) and rpm-utils
- version 0.85.8
- netconfig: revert NM default policy change change (boo#1185882)
  With the change to the default policy, netconfig with NetworkManager
  as network.service accepted settings from all services/programs
  directly instead only from NetworkManager, where plugins/services
  have to deliver their settings to apply them.
- version 0.85.7
- spec: Drop hard dependency on /sbin/ifup
- spec: Suggest instead of recommend wicked-service
- spec: Mention that the .spec file is in git as well
- Also support service(network) provides
systemd
- Fix systemd-coredump to not allow user to access coredumps with changed
  uid/gid/capabilities (bsc#1205000 CVE-2022-4415)
  Add 5000-coredump-Fix-format-string-type-mismatch.patch
  Add 5001-coredump-drop-an-unused-variable.patch
  Add 5002-coredump-adjust-whitespace.patch
  Add 5003-coredump-do-not-allow-user-to-access-coredumps-with-.patch
- Import commit b83846dc8a5db633cc6cf05a33ddc054f725214e
  4d53a5440f udev/net_id: show the correct identifier in the debug output of dev_pci_onboard()
  f70647a7b7 udev/net_id: add debug logging for construction of device names
  48f40fbc8e pid1: set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857)
  7e4434d883 docs: $SYSTEMD_NSS_BYPASS_BUS is not honoured anymore, don't document it
  2bdfc2d8cf pid1: lookup owning PID of BusName= name of services asynchronously
  dba888a4d3 pid1: watch bus name always when we have it
  f524807b89 udev: add one more assertion
  8558101c73 udev: drop assertion which is always false
  566a66dc5c udev: support by-path devlink for multipath nvme block devices (bsc#1200723)
  b4c4edaada tests: minor simplification in test-execute
  76d510c625 tests: make test-execute pass on openSUSE
- Drop the following patches which are part of 'SUSE/v246' now:
    6000-udev-net_id-add-debug-logging-for-construction-of-de.patch
    6001-udev-net_id-show-the-correct-identifier-in-the-debug.patch
- 80-hotplug-cpu-mem.rules: restrict cpu rule to x86_64 (bsc#1204423)
  Also update the rule files to make use of the "/CONST{arch}"/ syntax (available
  since v244).
- Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2
  42a26330fc time-util: fix buffer-over-run (bsc#1204968 CVE-2022-3821)
  8a70235d8a core: Add trigger limit for path units
  93e544f3a0 core/mount: also add default before dependency for automount mount units
  5916a7748c logind: fix crash in logind on user-specified message string
- Add 1010-man-describe-the-net-naming-schemes-specific-to-SLE.patch (bsc#1204179)
- Update 1009-Drop-or-soften-some-of-the-deprecation-warnings.patch (jsc#PED-944)
  To decrease log level of messages about use of KillMode=none from warning to
  debug. SAP still uses this deprecated option and the warnings emitted by PID1
  confuse both SAP customers and support.
- Import commit e7211d27e1bd26b976aa74ff620cc22a0267b5b8
  1300e134a0 tmpfiles: check the directory we were supposed to create, not its parent
  e4bb32dc65 stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call
  d8d0c083bd logind: don't delay login for root even if systemd-user-sessions.service is not activated yet (bsc#1195059)
systemd-presets-common-SUSE
- enable ignition-delete-config by default (bsc#1199524)
- Modify branding-preset-states to fix systemd-presets-common-SUSE
  not enabling new user systemd service preset configuration just
  as it handles system service presets. By passing an (optional)
  second parameter "/user"/, the save/apply-changes commands now
  work with user services instead of system ones (boo#1200485)
- Add the wireplumber user service preset to enable it by default
  in SLE15-SP4 where it replaced pipewire-media-session, but keep
  pipewire-media-session preset so we don't have to branch the
  systemd-presets-common-SUSE package for SP4 (boo#1200485)
tar
- Fix CVE-2022-48303, tar has a one-byte out-of-bounds read that
  results in use of uninitialized memory for a conditional jump
  (CVE-2022-48303, bsc#1207753)
  * fix-CVE-2022-48303.patch
- Fix hang when unpacking test tarball, bsc#1202436
  * remove bsc1202436.patch
  * bsc1202436-1.patch
  * bsc1202436-1.patch
- Fix hang when unpacking test tarball, bsc#1202436
  * bsc1202436.patch
- Fix unexpected inconsistency when making directory, bsc#1203600
  * tar-avoid-overflow-in-symlinks-tests.patch
  * tar-fix-extract-unlink.patch
- Update race condition fix, bsc#1200657
  * tar-fix-race-condition.patch
- Refresh bsc1200657.patch
timezone
- timezone update 2022g (bsc#1177460):
  * In the Mexican state of Chihuahua, the border strip near the US
    will change to agree with nearby US locations on 2022-11-30.
    The strip's western part, represented by Ciudad Juárez, switches
    from -06 all year to -07/-06 with US DST rules, like El Paso, TX.
    The eastern part, represented by Ojinaga, will observe US DST next
    year, like Presidio, TX.
    A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
  * Much of Greenland, represented by America/Nuuk, stops observing
    winter time after March 2023, so its daylight saving time becomes
    standard time.
  * Changes for pre-1996 northern Canada
  * Update to past DST transition in Colombia (1993), Singapore
    (1981)
  * timegm is now supported by default
- timezone update 2022f (bsc#1177460):
  * Mexico will no longer observe DST except near the US border
  * Chihuahua moves to year-round -06 on 2022-10-30
  * Fiji no longer observes DST
  * Move links to 'backward'
  * In vanguard form, GMT is now a Zone and Etc/GMT a link
  * zic now supports links to links, and vanguard form uses this
  * Simplify four Ontario zones
  * Fix a Y2438 bug when reading TZif data
  * Enable 64-bit time_t on 32-bit glibc platforms
  * Omit large-file support when no longer needed
  * In C code, use some C23 features if available
  * Remove no-longer-needed workaround for Qt bug 53071
- Refreshed patches:
  * fat.patch
  * tzdata-china.diff
- timezone update 2022e (bsc#1177460):
  * Jordan and Syria switch from +02/+03 with DST to year-round +03
- timezone update 2022d:
  * Palestine transitions are now Saturdays at 02:00
  * Simplify three Ukraine zones into one
- timezone update 2022c:
  * Work around awk bug
  * Improve tzselect on intercontinental Zones
- timezone update 2022b:
  * Chile's DST is delayed by a week in September 2022 boo#1202324
  * Iran no longer observes DST after 2022
  * Rename Europe/Kiev to Europe/Kyiv
  * New zic -R option
  * Vanguard form now uses %z
  * Finish moving duplicate-since-1970 zones to 'backzone'
- Refresh tzdata-china.diff
- Remove upstreamed bsc1202310.patch
- Update to reflect new Chile DST change, bsc#1202310
  * bsc1202310.patch
util-linux
- Fix tests not passing when '@' character is in build path:
  Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
- Add util-linux-fix-tests-when-at-symbol-in-path.patch
- libuuid continuous clock handling for time based UUIDs:
  Prevent use of the new libuuid ABI by uuidd %post before update
  of libuuid1 (bsc#1205646).
- util-linux-uuidd-prevent-root-owning.patch: Use chown --quiet
  to prevent error message if /var/lib/libuuid/clock.txt does not
  exist.
- Fix file conflict during upgrade (boo#1204211).
- libuuid improvements (bsc#1201959, PED-1150):
  * libuuid: Fix range when parsing UUIDs
    (util-linux-libuuid-uuid_parse-overrun.patch).
  * Improve cache handling for short running applications-increment
    the cache size over runtime
    (util-linux-libuuid-improve-cache-handling.patch).
  * Implement continuous clock handling for time based UUIDs
    (util-linux-libuuid-continuous-clock-handling.patch).
  * Check clock value from clock file to provide seamless libuuid
    update (util-linux-libuuid-check-clock-value.patch).
- su: Change owner and mode for pty (bsc#1200842,
  util-linux-login-move-generic-setting-to-ttyutils.patch,
  util-linux-su-change-owner-and-mode-for-pty.patch).
- mesg: use only stat() to get the current terminal status
  (bsc#1200842, util-linux-mesg-use-only-stat.patch).
- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
  util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
- libmount: When moving a mount point, update all sub mount entries
  in utab (bsc#1198731,
  util-linux-libmount-moving-mount-point-sub-mounts.patch,
  util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
util-linux-systemd
- libuuid continuous clock handling for time based UUIDs:
  Prevent use of the new libuuid ABI by uuidd %post before update
  of libuuid1 (bsc#1205646).
- util-linux-uuidd-prevent-root-owning.patch: Use chown --quiet
  to prevent error message if /var/lib/libuuid/clock.txt does not
  exist.
- Fix file conflict during upgrade (boo#1204211).
- libuuid improvements (bsc#1201959, PED-1150):
  * libuuid: Fix range when parsing UUIDs
    (util-linux-libuuid-uuid_parse-overrun.patch).
  * Improve cache handling for short running applications-increment
    the cache size over runtime
    (util-linux-libuuid-improve-cache-handling.patch).
  * Implement continuous clock handling for time based UUIDs
    (util-linux-libuuid-continuous-clock-handling.patch).
  * Check clock value from clock file to provide seamless libuuid
    update (util-linux-libuuid-check-clock-value.patch).
- su: Change owner and mode for pty (bsc#1200842,
  util-linux-login-move-generic-setting-to-ttyutils.patch,
  util-linux-su-change-owner-and-mode-for-pty.patch).
- mesg: use only stat() to get the current terminal status
  (bsc#1200842, util-linux-mesg-use-only-stat.patch).
- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
  util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
- libmount: When moving a mount point, update all sub mount entries
  in utab (bsc#1198731,
  util-linux-libmount-moving-mount-point-sub-mounts.patch,
  util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
vim
- Updated to version 9.0 with patch level 1234, fixes the following security problems
  * Fixing bsc#1207396 VUL-0: CVE-2023-0433: vim: Heap-based Buffer Overflow in vim prior to 9.0.1225
  * Fixing bsc#1207162 VUL-1: CVE-2023-0288: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
  * Fixing bsc#1206868 VUL-1: CVE-2023-0054: vim: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
  * Fixing bsc#1206867 VUL-1: CVE-2023-0051: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
  * Fixing bsc#1206866 VUL-1: CVE-2023-0049: vim: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
- refreshed vim-7.4-highlight_fstab.patch
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1040...v9.0.1234
- Updated to version 9.0 with patch level 1040, fixes the following security problems
  * Fixing bsc#1206028 VUL-0: CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742
  * Fixing bsc#1206071 VUL-0: CVE-2022-3520: vim: Heap-based Buffer Overflow
  * Fixing bsc#1206072 VUL-0: CVE-2022-3591: vim: Use After Free
  * Fixing bsc#1206075 VUL-0: CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882.
  * Fixing bsc#1206077 VUL-0: CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
  * Fixing bsc#1205797 VUL-0: CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11
  * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.814...v9.0.1040
- Updated to version 9.0 with patch level 0814, fixes the following problems
  * Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
  * Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483.
  * Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490.
  * Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598.
  * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
  * Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer()
  * Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c
  * Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c
  * Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c
  * Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag()
  * Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
  * Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c
  * Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free
  * Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse()
  * Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321
- ignore-flaky-test-failure.patch: Ignore failure of flaky tests
- disable-unreliable-tests-arch.patch: Removed
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.0313...v9.0.0814
- Updated to version 9.0 with patch level 0313, fixes the following problems
  * Fixing bsc#1200884 Vim: Error on startup
  * Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32
  * Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37
  * Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37
  * Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl()
  * Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044
  * Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045
  * Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046.
  * Fixing bsc#1201620 PUBLIC SUSE Linux Enterprise Server 15 SP4 Basesystem zbalogh@suse.com NEW --- SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue
  * Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock()
  * Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar()
  * Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char
  * Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote()
  * Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent()
  * Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk()
  * Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both()
  * Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name()
  * Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc()
  * Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len()
  * Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow
  * Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes()
  * Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk()
  * Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite()
  * Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int()
  * Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check()
  * Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs()
  * Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special()
  * Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr()
  * Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand
  * Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line()
  * Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string()
  * Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr()
  * Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput()
  * Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails()
  * Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet()
  * Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function()
  * Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len()
  * Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar()
  * Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c
  * Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240
  * Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval
  * Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00
wget
- Update 0001-possibly-truncate-pathname-components.patch
  * Truncate file name even if no directory structure
  * [bsc#1204720]
wicked
- version 0.6.70
- build: Link as Position Independent Executable (bsc#1184124)
- dhcp4: Fix issues in reuse of last lease (bsc#1187655)
- dhcp6: Add option to refresh lease (jsc#SLE-9492,jsc#SLE-24307)
- dhcp6: Remove address before release (USGv6 DHCPv6_1_2_07b)
- dhcp6: Ignore lease release status (USGv6 DHCPv6_1_2_07e,1_3_03)
- dhcp6: Consider ppp interfaces supported (gh#openSUSE/wicked#924)
- team: Fix to configure port priority in teamd (bsc#1200505)
- firewall-ext: No config change on ifdown (bsc#1201053,bsc#118950)
- wireless: Fix SEGV on supplicant restart (gh#openSUSE/wicked#931)
- wireless: Add support for WPA3 and PMF (bsc#1198894)
- wireless: Remove libiw dependencies (gh#openSUSE/wicked#910)
- client: Fix SEGV on empty xpath results (gh#openSUSE/wicked#919)
- client: Add release options to ifdown/ifreload (jsc#SLE-10249)
- dbus: Clear string array before append (gh#openSUSE/wicked#913)
- socket: Fix SEGV on heavy socket restart errors (bsc#1192508)
- systemd: Remove systemd-udev-settle dependency (bsc#1186787)
- version 0.6.69
- redfish: decode smbios and setup host interface
  Add initial support to decode the SMBIOS Management Controller Host
  Interface (Type 42) structure and expose it as wicked `firmware:redfish`
  configuration to setup a Host Network Interface (to the BMC) using the
  `Redfish over IP` protocol allowing access to the Redfish Service (via
  redfish-localhost in /etc/hosts) used to manage the computer system.
  Tech Preview (jsc#SLE-17762).
- buffer: fix size_t length downcast to uint, add guards to init functions
- wireless: fix to not expect colons in 64byte long wpa-psk hex hash string
- xml-schema: reference counting fix to not crash at exit on schema errors
- compat-suse: match sysctl.d /etc vs. /run read order with systemd-sysctl,
  remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5.
- compat-suse: fix reading of sysctl addr_gen_mode to wrong variable
- auto6: fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429)
- removed obsolete patch included in the master sources (bsc#1194392)
  [- 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch]
- dbus: cleanup the dbus-service.h file and unused property macros
  e.g. tso has been split into several features and the
- cleanup: add missing/explicit designated field initializers
- dhcp: support to define and request custom options (bsc#988954),
- utils: fixed last byte formatting in ni_format_hex
- ifconfig: re-add broadcast calculation (bcs#971629).
- version 0.6.27
xen
- Upstream bug fixes (bsc#1027519)
  63624fa6-xenstored-call-remove_domid_from_perm-for-special.patch
  637b5f4f-efifb-ignore-invalid.patch
  63a03e28-x86-high-freq-TSC-overflow.patch
- Re-order some patches back into their proper upstream sequence.
- bsc#1205209 - VUL-0: CVE-2022-23824: xen: x86: Multiple
  speculative security issues (XSA-422)
  636a9130-x86-spec-ctrl-Enumeration-for-IBPB_RET.patch
  636a9130-x86-spec-ctrl-Mitigate-IBPB-not-flushing-the-RSB-RAS.patch
- bsc#1193923 - VUL-1: xen: Frontends vulnerable to backends
  (XSA-376)
  61dd5f64-limit-support-statement-for-Linux-and-Windows-frontends.patch
- bsc#1204482 - VUL-0: CVE-2022-42311, CVE-2022-42312,
  CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316,
  CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let
  xenstored run out of memory (XSA-326)
  xsa326-10.patch (correction)
- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may
  take excessively long (XSA-410)
  63455f82-Arm-P2M-prevent-adding-mapping-when-dying.patch
  63455fa8-Arm-P2M-preempt-when-freeing-intermediate.patch
  63455fc3-x86-p2m_teardown-allow-skip-root-pt-removal.patch
  63455fe4-x86-HAP-monitor-table-error-handling.patch
  63456000-x86-tolerate-sh_set_toplevel_shadow-failure.patch
  6345601d-x86-tolerate-shadow_prealloc-failure.patch
  6345603a-x86-P2M-refuse-new-alloc-for-dying.patch
  63456057-x86-P2M-truly-free-paging-pool-for-dying.patch
  63456075-x86-P2M-free-paging-pool-preemptively.patch
  63456090-x86-p2m_teardown-preemption.patch
- bcs#1203804 - VUL-0: CVE-2022-33747: xen: unbounded memory consumption
  for 2nd-level page tables on ARM systems (XSA-409)
  63456175-libxl-per-arch-extra-default-paging-memory.patch
  63456177-Arm-construct-P2M-pool-for-guests.patch
  6345617a-Arm-XEN_DOMCTL_shadow_op.patch
  6345617c-Arm-take-P2M-pages-P2M-pool.patch
- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in
  transitive grant copy handling (XSA-411)
  634561aa-gnttab-locking-on-transitive-copy-error-path.patch
- Upstream bug fixes (bsc#1027519)
  6306185f-x86-XSTATE-CPUID-subleaf-1-EBX.patch
  6346e404-VMX-correct-error-handling-in-vmx_create_vmcs.patch
  6351095c-Arm-rework-p2m_init.patch
  6351096a-Arm-P2M-populate-pages-for-GICv2-mapping.patch
  635274c0-EFI-dont-convert-runtime-mem-to-RAM.patch
  635665fb-sched-fix-restore_vcpu_affinity.patch
  63569723-x86-shadow-replace-bogus-assertions.patch
- Drop patches replaced by upstream versions:
  xsa410-01.patch
  xsa410-02.patch
  xsa410-03.patch
  xsa410-04.patch
  xsa410-05.patch
  xsa410-06.patch
  xsa410-07.patch
  xsa410-08.patch
  xsa410-09.patch
  xsa410-10.patch
  xsa411.patch
- bsc#1204482 - VUL-0: CVE-2022-42311, CVE-2022-42312,
  CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316,
  CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let
  xenstored run out of memory (XSA-326)
  xsa326-01.patch
  xsa326-02.patch
  xsa326-03.patch
  xsa326-04.patch
  xsa326-05.patch
  xsa326-06.patch
  xsa326-07.patch
  xsa326-08.patch
  xsa326-09.patch
  xsa326-10.patch
  xsa326-11.patch
  xsa326-12.patch
  xsa326-13.patch
  xsa326-14.patch
  xsa326-15.patch
  xsa326-16.patch
- bsc#1204485 - VUL-0: CVE-2022-42309: xen: Xenstore: Guests can
  crash xenstored (XSA-414)
  xsa414.patch
- bsc#1204487 - VUL-0: CVE-2022-42310: xen: Xenstore: Guests can
  create orphaned Xenstore nodes (XSA-415)
  xsa415.patch
- bsc#1204488 - VUL-0: CVE-2022-42319: xen: Xenstore: Guests can
  cause Xenstore to not free temporary memory (XSA-416)
  xsa416.patch
- bsc#1204489 - VUL-0: CVE-2022-42320: xen: Xenstore: Guests can
  get access to Xenstore nodes of deleted domains (XSA-417)
  xsa417.patch
- bsc#1204490 - VUL-0: CVE-2022-42321: xen: Xenstore: Guests can
  crash xenstored via exhausting the stack (XSA-418)
  xsa418-01.patch
  xsa418-02.patch
  xsa418-03.patch
  xsa418-04.patch
  xsa418-05.patch
  xsa418-06.patch
- bsc#1204494 - VUL-0: CVE-2022-42322,CVE-2022-42323: xen:
  Xenstore: cooperating guests can create arbitrary numbers of
  nodes (XSA-419)
  xsa419-01.patch
  xsa419-02.patch
  xsa419-03.patch
- bsc#1204496 - VUL-0: CVE-2022-42325,CVE-2022-42326: xen:
  Xenstore: Guests can create arbitray number of nodes via
  transactions (XSA-421)
  xsa421-01.patch
  xsa421-02.patch
- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may
  take excessively long (XSA-410)
  xsa410-01.patch
  xsa410-02.patch
  xsa410-03.patch
  xsa410-04.patch
  xsa410-05.patch
  xsa410-06.patch
  xsa410-07.patch
  xsa410-08.patch
  xsa410-09.patch
  xsa410-10.patch
- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in
  transitive grant copy handling (XSA-411)
  xsa411.patch
- bsc#1197081 - dom0 fails to boot with constrained vcpus and nodes
  62f4cfee-sched-setup-dom0-vCPU-affinity-once.patch
- Upstream bug fixes (bsc#1027519)
  62d65105-x86-spec-ctrl-MD_CLEAR-reporting.patch
  62d807c1-x86-suppress-MMX.patch
  62ecfc08-VMX-use-IST-RSB-protection.patch
  62f27ebd-x86-expose-more-MSR_ARCH_CAPS-to-hwdom.patch
  62f51e16-x86-spec-ctrl-enum-PBRSB_NO.patch
  62f523da-AMD-setup_force_cpu_cap-BSP-only.patch
- bsc#1200762 - VUL-0: CVE-2022-26365,CVE-2022-33740,
  CVE-2022-33741,CVE-2022-33742: xen: Linux disk/nic frontends data
  leaks (XSA-403)
  xsa403.patch
- bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush
  for x86 PV guests in shadow mode (XSA-408)
  62dfe40a-x86-mm-gpt-TLB-flush-condition.patch
- Drop patch replaced by upstream version
  xsa408.patch
- bsc#1185104 - VUL-0: CVE-2021-28689: xen: x86: Speculative
  vulnerabilities with bare (non-shim) 32-bit PV guests (XSA-370)
  Part of already released 4.14.5 tarball
- bsc#1167608, bsc#1201631 - fix built-in default of max_event_channels
  A previous change to the built-in default had a logic error,
  effectively restoring the upstream limit of 1023 channels per domU.
  Fix the logic to calculate the default based on the number of vcpus.
  adjust libxl.max_event_channels.patch
zlib
- Follow up fix for bsc#1203652 due to libxml2 breakage
  * bsc1203652-2.patch
- Fix bsc#1203652, inflate() does not update strm.adler if DFLTCC is used
  * bsc1203652.patch
- Fix heap-based buffer over-read or buffer overflow in inflate via
  large gzip header extra field (bsc#1202175, CVE-2022-37434,
  CVE-2022-37434-extra-header-1.patch,
  CVE-2022-37434-extra-header-2.patch).
zypper
- BuildRequires:  libzypp-devel >= 17.31.2.
- Fix --[no]-allow-vendor-change feedback in install command
  (bsc#1201972)
- version 1.14.57
- UsrEtc: Store logrotate files in %{_distconfdir} if defined
  (fixes #441, fixes #444)
- Remove unneeded code to compute the PPP status.
  Since libzypp 17.23.0 the PPP status is auto established. No
  extra solver run is needed.
- Make sure 'up' respects solver related CLI options (bsc#1201972)
- Fix tests to use locale "/C.UTF-8"/ rather than "/en_US"/.
- Fix man page (fixes #451)
- version 1.14.56
- lr: Allow shortening the Name column if table is wider than the
  terminal (bsc#1201638)
- Don't accepts install/remove modifier without argument
  (bsc#1201576)
- zypper-download: Set correct ExitInfoCode when failing to
  resolve argument.
- zypper-download: Handle unresolvable arguments as error.
  This commit changes zypper-download such that it behaves more
  consistent to zypper-install when an argument can't be resolved.
- version 1.14.55
- Fix building with GCC 13 (fixes #448)
- Put signing key supplying repository name in quotes.
- version 1.14.54