bind
- Update to release 9.16.42
  Security Fixes:
  * The overmem cleaning process has been improved, to prevent the
    cache from significantly exceeding the configured
    max-cache-size limit. (CVE-2023-2828)
  * A query that prioritizes stale data over lookup triggers a
    fetch to refresh the stale data in cache. If the fetch is
    aborted for exceeding the recursion quota, it was possible for
    named to enter an infinite callback loop and crash due to stack
    overflow. This has been fixed. (CVE-2023-2911)
  Bug Fixes:
  * Previously, it was possible for a delegation from cache to be
    returned to the client after the stale-answer-client-timeout
    duration. This has been fixed.
  [bsc#1212544, bsc#1212567, jsc#SLE-24600]
- Update to release 9.16.41
  Bug Fixes:
  * When removing delegations from an opt-out range,
    empty-non-terminal NSEC3 records generated by those delegations
    were not cleaned up. This has been fixed.
  [jsc#SLE-24600]
- Update to release 9.16.40
  Bug Fixes:
  * Logfiles using timestamp-style suffixes were not always
    correctly removed when the number of files exceeded the limit
    set by versions. This has been fixed for configurations which
    do not explicitly specify a directory path as part of the file
    argument in the channel specification.
  * Performance of DNSSEC validation in zones with many DNSKEY
    records has been improved.
- Update to release 9.16.39
  Feature Changes:
  * libuv support for receiving multiple UDP messages in a single
    recvmmsg() system call has been tweaked several times between
    libuv versions 1.35.0 and 1.40.0; the current recommended libuv
    version is 1.40.0 or higher. New rules are now in effect for
    running with a different version of libuv than the one used at
    compilation time. These rules may trigger a fatal error at
    startup:
  - Building against or running with libuv versions 1.35.0 and
    1.36.0 is now a fatal error.
  - Running with libuv version higher than 1.34.2 is now a
    fatal error when named is built against libuv version
    1.34.2 or lower.
  - Running with libuv version higher than 1.39.0 is now a
    fatal error when named is built against libuv version
    1.37.0, 1.38.0, 1.38.1, or 1.39.0.
  * This prevents the use of libuv versions that may trigger an
    assertion failure when receiving multiple UDP messages in a
    single system call.
  Bug Fixes:
  * named could crash with an assertion failure when adding a new
    zone into the configuration file for a name which was already
    configured as a member zone for a catalog zone. This has been
    fixed.
  * When named starts up, it sends a query for the DNSSEC key for
    each configured trust anchor to determine whether the key has
    changed. In some unusual cases, the query might depend on a
    zone for which the server is itself authoritative, and would
    have failed if it were sent before the zone was fully loaded.
    This has now been fixed by delaying the key queries until all
    zones have finished loading.
  [jsc#SLE-24600]
c-ares
- Update to version 1.19.1
  Security:
  * CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
    (bsc#1211604)
  * CVE-2023-31147 Moderate. Insufficient randomness in generation
    of DNS query IDs (bsc#1211605)
  * CVE-2023-31130. Moderate. Buffer Underwrite in
    ares_inet_net_pton() (bsc#1211606)
  * CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE
    during cross compilation (bsc#1211607)
  Bug fixes:
  * Fix uninitialized memory warning in test
  * ares_getaddrinfo() should allow a port of 0
  * Fix memory leak in ares_send() on error
  * Fix comment style in ares_data.h
  * Fix typo in ares_init_options.3
  * Sync ax_pthread.m4 with upstream
  * Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
cloud-init
- Sensitive data exposure (bsc#1210277, CVE-2023-1786)
  + Add hidesensitivedata
  + Add cloud-init-cve-2023-1786-redact-inst-data.patch
  + Do not expose sensitive data gathered from the CSP
- Update to version 23.1
  + Remove patches included upstream:
  - cloud-init-btrfs-queue-resize.patch
  - cloud-init-micro-is-suse.patch
  - cloud-init-suse-afternm.patch
  - cloud-init-prefer-nm.patch
  - cloud-init-transact-up.patch
  + Forward port
  - cloud-init-write-routes.patch
  + Added
  - cloud-init-fix-ca-test.patch
  + Support transactional-updates for SUSE based distros (#1997)
    [Robert Schweikert]
  + Set ownership for new folders in Write Files Module (#1980)
    [Jack] (LP: #1990513)
  + add OpenCloudOS and TencentOS support (#1964) [wynnfeng]
  + lxd: Retry if the server isn't ready (#2025)
  + test: switch pycloudlib source to pypi (#2024)
  + test: Fix integration test deprecation message (#2023)
  + Recognize opensuse-microos, dev tooling fixes [Robert Schweikert]
  + sources/azure: refactor imds handler into own module (#1977)
    [Chris Patterson]
  + docs: deprecation generation support [1/2] (#2013)
  + add function is_virtual to distro/FreeBSD (#1957) [Mina Galić]
  + cc_ssh: support multiple hostcertificates (#2018) (LP: #1999164)
  + Fix minor schema validation regression and fixup typing (#2017)
  + doc: Reword user data debug section (#2019)
  + Overhaul/rewrite of certificate handling as follows: (#1962)
    [dermotbradley] (LP: #1931174)
  + disk_setup: use byte string when purging the partition table (#2012)
    [Stefan Prietl]
  + cli: schema also validate vendordata*.
  + ci: sort and add checks for cla signers file [Stefan Prietl]
  + Add "/ederst"/ as contributor (#2010) [Stefan Prietl]
  + readme: add reference to packages dir (#2001)
  + docs: update downstream package list (#2002)
  + docs: add google search verification (#2000) [s-makin]
  + docs: fix 404 render use default notfound_urls_prefix in RTD conf (#2004)
  + Fix OpenStack datasource detection on bare metal (#1923)
    [Alexander Birkner] (LP: #1815990)
  + docs: add themed RTD 404 page and pointer to readthedocs-hosted (#1993)
  + schema: fix gpt labels, use type string for GUID (#1995)
  + cc_disk_setup: code cleanup (#1996)
  + netplan: keep custom strict perms when 50-cloud-init.yaml exists
  + cloud-id: better handling of change in datasource files
    [d1r3ct0r] (LP: #1998998)
  + tests: Remove restart check from test
  + Ignore duplicate macs from mscc_felix and fsl_enetc (LP: #1997922)
  + Warn on empty network key (#1990)
  + Fix Vultr cloud_interfaces usage (#1986) [eb3095]
  + cc_puppet: Update puppet service name (#1970) [d1r3ct0r] (LP: #2002969)
  + docs: Clarify networking docs (#1987)
  + lint: remove httpretty (#1985) [sxt1001]
  + cc_set_passwords: Prevent traceback when restarting ssh (#1981)
  + tests: fix lp1912844 (#1978)
  + tests: Skip ansible test on bionic (#1984)
  + Wait for NetworkManager (#1983) [Robert Schweikert]
  + docs: minor polishing (#1979) [s-makin]
  + CI: migrate integration-test to GH actions (#1969)
  + Fix permission of SSH host keys (#1971) [Ron Gebauer]
  + Fix default route rendering on v2 ipv6 (#1973) (LP: #2003562)
  + doc: fix path in net_convert command (#1975)
  + docs: update net_convert docs (#1974)
  + doc: fix dead link
  + cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if it's empty
    (#1967) [Emanuele Giuseppe Esposito]
  + distros/rhel.py: _read_hostname() missing strip on "/hostname"/ (#1941)
    [Mark Mielke]
  + integration tests: add  IBM VPC support (SC-1352) (#1915)
  + machine-id: set to uninitialized to trigger regeneration on clones
    (LP: #1999680)
  + sources/azure: retry on connection error when fetching metdata (#1968)
    [Chris Patterson]
  + Ensure ssh state accurately obtained (#1966)
  + bddeb: drop dh-systemd dependency on newer deb-based releases [d1r3ct0r]
  + doc: fix `config formats` link in cloudsigma.rst (#1960)
  + Fix wrong subp syntax in cc_set_passwords.py (#1961)
  + docs: update the PR template link to readthedocs (#1958) [d1r3ct0r]
  + ci: switch unittests to gh actions (#1956)
  + Add mount_default_fields for PhotonOS. (#1952) [Shreenidhi Shedi]
  + sources/azure: minor refactor for metadata source detection logic
    (#1936) [Chris Patterson]
  + add "/CalvoM"/ as contributor (#1955) [d1r3ct0r]
  + ci: doc to gh actions (#1951)
  + lxd: handle 404 from missing devices route for LXD 4.0 (LP: #2001737)
  + docs: Diataxis overhaul (#1933) [s-makin]
  + vultr: Fix issue regarding cache and region codes (#1938) [eb3095]
  + cc_set_passwords: Move ssh status checking later (SC-1368) (#1909)
    (LP: #1998526)
  + Improve Wireguard module idempotency (#1940) [Fabian Lichtenegger-Lukas]
  + network/netplan: add gateways as on-link when necessary (#1931)
    [Louis Sautier] (LP: #2000596)
  + tests: test_lxd assert features.networks.zones when present (#1939)
  + Use btrfs enquque when available (#1926) [Robert Schweikert]
  + sources/azure: drop description for report_failure_to_fabric() (#1934)
    [Chris Patterson]
  + cc_disk_setup.py: fix MBR single partition creation (#1932)
    [dermotbradley] (LP: #1851438)
  + Fix typo with package_update/package_upgrade (#1927) [eb3095]
  + sources/azure: fix device driver matching for net config (#1914)
    [Chris Patterson]
  + BSD: fix duplicate macs in Ifconfig parser (#1917) [Mina Galić]
  + test: mock dns calls (#1922)
  + pycloudlib: add lunar support for integration tests (#1928)
  + nocloud: add support for dmi variable expansion for seedfrom URL
    (LP: #1994980)
  + tools: read-version drop extra call to git describe --long
  + doc: improve cc_write_files doc (#1916)
  + read-version: When insufficient tags, use cloudinit.version.get_version
  + mounts: document weird prefix in schema (#1913)
  + add utility function test cases (#1910) [sxt1001]
  + test: mock file deletion in dhcp tests (#1911)
  + Ensure network ready before cloud-init service runs on RHEL (#1893)
    (LP: #1998655)
  + docs: add copy button to code blocks (#1890) [s-makin]
  + netplan: define features.NETPLAN_CONFIG_ROOT_READ_ONLY flag
  + azure: fix support for systems without az command installed (#1908)
  + Networking Clarification (#1892)
  + Fix the distro.osfamily output problem in the openEuler system. (#1895)
    [sxt1001] (LP: #1999042)
  + pycloudlib: bump commit dropping azure api smoke test
  + net: netplan config root read-only as wifi config can contain creds
  + autoinstall: clarify docs for users
  + sources/azure: encode health report as utf-8 (#1897) [Chris Patterson]
  + Add back gateway4/6 deprecation to docs (#1898)
  + networkd: Add support for multiple [Route] sections (#1868)
    [Nigel Kukard]
  + doc: add qemu tutorial (#1863)
  + lint: fix tip-flake8 and tip-mypy (#1896)
  + Add support for setting uid when creating users on FreeBSD (#1888)
    [einsibjarni]
  + Fix exception in BSD networking code-path (#1894) [Mina Galić]
  + Append derivatives to is_rhel list in cloud.cfg.tmpl (#1887) [Louis Abel]
  + FreeBSD init: use cloudinit_enable as only rcvar (#1875) [Mina Galić]
  + feat: add support aliyun metadata security harden mode (#1865)
    [Manasseh Zhou]
  + docs: uprate analyze to performance page [s-makin]
  + test: fix lxd preseed managed network config (#1881)
  + Add support for static IPv6 addresses for FreeBSD (#1839) [einsibjarni]
  + Make 3.12 failures not fail the build (#1873)
  + Docs: adding relative links [s-makin]
  + Update read-version
  + Fix setup.py to align with PEP 440 versioning replacing trailing
  + travis: promote 3.11-dev to 3.11 (#1866)
  + test_cloud_sigma: delete useless test (#1828) [sxt1001]
  + Add "/nkukard"/ as contributor (#1864) [Nigel Kukard]
  + tests: ds-id mocks for vmware-rpctool as utility may not exist in env
  + doc: add how to render new module doc (#1855)
  + doc: improve module creation explanation (#1851)
  + Add Support for IPv6 metadata to OpenStack (#1805)
    [Marvin Vogt] (LP: #1906849)
  + add xiaoge1001 to .github-cla-signers (#1854) [sxt1001]
  + network: Deprecate gateway{4,6} keys in network config v2 (#1794)
    (LP: #1992512)
  + VMware: Move Guest Customization transport from OVF to VMware (#1573)
    [PengpengSun]
  + doc: home page links added (#1852) [s-makin]
  From 22.4.2
  + status: handle ds not defined in status.json (#1876) (LP: #1997559)
  From 22.4.1
  + net: skip duplicate mac check for netvsc nic and its VF (#1853)
    [Anh Vo] (LP: #1844191)
  + ChangeLog: whitespace cleanup (#1850)
  + changelog: capture 22.3.1-4 releases
- Add cloud-init-transact-up.patch to support transactional-updates
- Add cloud-init-prefer-nm.patch
  + Prefer NetworkManager of sysconfig when available
- Update to version 22.4
  + Remove patches included upstream:
  - cloud-init-vmware-test.patch
  - cloud-init-sysctl-not-in-bin.patch
  + Forward port:
  - cloud-init-write-routes.patch
  - cloud-init-break-resolv-symlink.patch
  - cloud-init-sysconf-path.patch
  - cloud-init-no-tempnet-oci.patch
  + Add cloud-init-btrfs-queue-resize.patch (bsc#1171511)
  + Add cloud-init-micro-is-suse.patch (bsc#1203393) [Martin Petersen]
  + Add cloud-init-suse-afternm.patch
  + test: fix pro integration test [Alberto Contreras]
  + cc_disk_setup: pass options in correct order to utils (#1829)
    [dermotbradley]
  + tests: text_lxd basic_preseed verify_clean_log (#1826)
  + docs: switch sphinx theme to furo (SC-1327) (#1821) [Alberto Contreras]
  + tests: activate Ubuntu Pro tests (only on Jenkins) (#1777)
    [Alberto Contreras]
  + tests: test_lxd assert features.storage.buckets when present (#1827)
  + tests: replace missed ansible install-method with underscore (#1825)
  + tests: replace ansible install-method with underscore
  + ansible: standardize schema keys
  + ci: run json tool on 22.04 rather than 20.04 (#1823)
  + Stop using devices endpoint for LXD network config (#1819)
  + apport: address new curtin log and config locations (#1812)
  + cc_grub: reword docs for clarity (#1818)
  + tests: Fix preseed test (#1820)
  + Auto-format schema (#1810)
  + Ansible Control Module (#1778)
  + Fix last reported event possibly not being sent (#1796) (LP: #1993836)
  + tests: Ignore unsupported lxd project keys (#1817) [Alberto Contreras]
  + udevadm settle should handle non-udev system gracefully (#1806)
    [dermotbradley]
  + add mariner support (#1780) [Minghe Ren]
  + Net: add BSD ifconfig(8) parser and state class (#1779) [Mina Galić]
  + adding itjamie to .github-cla-signers [Jamie (Bear) Murphy]
  + Fix inconsistency between comment and statement (#1809) [Guillaume Gay]
  + Update .github-cla-signers (#1811) [Guillaume Gay]
  + alpine.py: Add Alpine-specific manage_service function and update tests
    (#1804) [dermotbradley]
  + test: add 3.12-dev to Travis CI (#1798) [Alberto Contreras]
  + add NWCS datasource (#1793) [shell-skrimp]
  + Adding myself as CLA signer (#1799) [s-makin]
  + apport: fix some data collection failures due to symlinks (#1797)
    [Dan Bungert]
  + read-version: Make it compatible with bionic (#1795) [Alberto Contreras]
  + lxd: add support for lxd preseed config(#1789)
  + Enable hotplug for LXD datasource (#1787)
  + cli: collect logs and apport subiquity support
  + add support for Container-Optimized OS (#1748) [vteratipally]
  + test: temporarily disable failing integration test (#1792)
  + Fix LXD/nocloud detection on lxd vm tests (#1791)
  + util: Implement __str__ and __iter__ for Version (#1790)
  + cc_ua: consume ua json api for enable commands [Alberto Contreras]
  + Add clarity to cc_final_message docs (#1788)
  + cc_ntp: add support for BSDs (#1759) [Mina Galić] (LP: #1990041)
  + make Makefile make agnostic (#1786) [Mina Galić]
  + Remove hardcoding and unnecessary overrides in Makefile (#1783)
    [Joseph Mingrone]
  + Add my username (Jehops) to .github-cla-signers (#1784) [Joseph Mingrone]
  + Temporarily remove broken test (#1781)
  + Create reference documentation for base config
  + cc_ansible: add support for galaxy install (#1736)
  + distros/manage_services: add support to disable service (#1772)
    [Mina Galić] (LP: #1991024)
  + OpenBSD: remove pkg_cmd_environ function (#1773)
    [Mina Galić] (LP: 1991567)
  + docs: Correct typo in the FAQ (#1774) [Maximilian Wörner]
  + tests: Use LXD metadata to determine NoCloud status (#1776)
  + analyze: use init-local as start of boot record (#1767) [Chris Patterson]
  + docs: use opensuse for distro name in package doc (#1771)
  + doc: clarify packages as dev only (#1769) [Alberto Contreras]
  + Distro manage service: Improve BSD support (#1758)
    [Mina Galić] (LP: #1990070)
  + testing: check logs for critical errors (#1765) [Chris Patterson]
  + cc_ubuntu_advantage: Handle already attached on Pro [Alberto Contreras]
  + doc: Add configuration explanation (SC-1169)
  + Fix Oracle DS primary interface when using IMDS (#1757) (LP: #1989686)
  + style: prefer absolute imports over relative imports [Mina Galić]
  + tests: Fix ip log during instance destruction (#1755) [Alberto Contreras]
  + cc_ubuntu_advantage: add ua_config in auto-attach [Alberto Contreras]
  + apt configure: sources write/append mode (#1738)
    [Fabian Lichtenegger-Lukas]
  + networkd: Add test and improve typing. (#1747) [Alberto Contreras]
  + pycloudlib: bump commit for gce cpu architecture support (#1750)
  + commit ffcb29bc8315d1e1d6244eeb1cbd8095958f7bad (LP: #1307667)
  + testing: workaround LXD vendor data (#1740)
  + support dhcp{4,6}-overrides in networkd renderer (#1710) [Aidan Obley]
  + tests: Drop httpretty in favor of responses (#1720) [Alberto Contreras]
  + cc_ubuntu_advantage: Implement custom auto-attach behaviors (#1583)
    [Alberto Contreras]
  + Fix Oracle DS not setting subnet when using IMDS (#1735) (LP: #1989686)
  + testing: focal lxd datasource discovery (#1734)
  + cc_ubuntu_advantage: Redact token from logs (#1726) [Alberto Contreras]
  + docs: make sure echo properly evaluates the string (#1733) [Mina Galić]
  + net: set dhclient lease and pid files (#1715)
  + cli: status machine-readable output --format yaml/json (#1663)
    (LP: #1883122)
  + tests: Simplify does_not_raise (#1731) [Alberto Contreras]
  + Refactor: Drop inheritance from object (#1728) [Alberto Contreras]
  + testing: LXD datasource now supported on Focal (#1732)
  + Allow jinja templating in /etc/cloud (SC-1170) (#1722) (LP: #1913461)
  + sources/azure: ensure instance id is always correct (#1727)
    [Chris Patterson]
  + azure: define new attribute for pre-22.3 pickles (#1725)
  + doc: main page Diátaxis rewording (SC-967) (#1701)
  + ubuntu advantage: improved idempotency, enable list is now strict
  + [Fabian Lichtenegger-Lukas]
  + test: bump pycloudlib (#1724) [Alberto Contreras]
  + cloud.cfg.tmpl: make sure "/centos"/ settings are identical to "/rhel"/
    (#1639) [Emanuele Giuseppe Esposito]
  + lxd: fetch 1.0/devices content (#1712) [Alberto Contreras]
  + Update docs according to ad8f406a (#1719)
  + testing: Port unittests/analyze to pytest (#1708) [Alberto Contreras]
  + doc: Fix rtd builds. (#1718) [Alberto Contreras]
  + testing: fully mock noexec calls (#1717) [Alberto Contreras]
  + typing: Add types to cc_<module>.handle (#1700) [Alberto Contreras]
  + Identify 3DS Outscale Datasource as Ec2 (#1686) [Maxime Dufour]
  + config: enable bootstrapping pip in ansible (#1707)
  + Fix cc_chef typing issue (#1716)
  + Refactor instance json files to use Paths (SC-1238) (#1709)
  + tools: read-version check GITHUB_REF and git branch --show-current
    (#1677)
  + net: Ensure a tmp with exec permissions for dhcp (#1690)
    [Alberto Contreras] (LP: #1962343)
  + testing: Fix test regression in test_combined (#1713) [Alberto Contreras]
  + Identify Huawei Cloud as OpenStack (#1689) [huang xinjie]
  + doc: add reporting suggestion to FAQ (SC-1236) (#1698)
  From 22.3
  + sources: obj.pkl cache should be written anyime get_data is run (#1669)
  + schema: drop release number from version file (#1664)
  + pycloudlib: bump to quiet azure HTTP info logs (#1668)
  + test: fix wireguard integration tests (#1666)
  + Github is deprecating the 18.04 runner starting 12.1 (#1665)
  + integration tests: Ensure one setup for all tests (#1661)
  + tests: ansible test fixes (#1660)
  + Prevent concurrency issue in test_webhook_hander.py (#1658)
  + Workaround net_setup_link race with udev (#1655) (LP: #1983516)
  + test: drop erroneous lxd assertion, verify command succeeded (#1657)
  + Fix Chrony usage on Centos Stream (#1648) [Sven Haardiek] (LP: #1885952)
  + sources/azure: handle network unreachable errors for savable PPS (#1642)
    [Chris Patterson]
  + Return cc_set_hostname to PER_INSTANCE frequency (#1651) (LP: #1983811)
  + test: Collect integration test time by default (#1638)
  + test: Drop forced package install hack in lxd integration test (#1649)
  + schema: Resolve user-data if --system given (#1644)
    [Alberto Contreras] (LP: #1983306)
  + test: use fake filesystem to avoid file removal (#1647)
    [Alberto Contreras]
  + tox: Fix tip-flake8 and tip-mypy (#1635) [Alberto Contreras]
  + config: Add wireguard config module (#1570) [Fabian Lichtenegger-Lukas]
  + tests: can run without azure-cli, tests expect inactive ansible (#1643)
  + typing: Type UrlResponse.contents (#1633) [Alberto Contreras]
  + testing: fix references to `DEPRECATED.` (#1641) [Alberto Contreras]
  + ssh_util: Handle sshd_config.d folder [Alberto Contreras] (LP: #1968873)
  + schema: Enable deprecations in cc_update_etc_hosts (#1631)
    [Alberto Contreras]
  + Add Ansible Config Module (#1579)
  + util: Support Idle process state in get_proc_ppid() (#1637)
  + schema: Enable deprecations in cc_growpart (#1628) [Alberto Contreras]
  + schema: Enable deprecations in cc_users_groups (#1627)
    [Alberto Contreras]
  + util: Fix error path and parsing in get_proc_ppid()
  + main: avoid downloading full contents cmdline urls (#1606)
    [Alberto Contreras] (LP: #1937319)
  + schema: Enable deprecations in cc_scripts_vendor (#1629)
    [Alberto Contreras]
  + schema: Enable deprecations in cc_set_passwords (#1630)
    [Alberto Contreras]
  + sources/azure: add experimental support for preprovisioned os disks
    (#1622) [Chris Patterson]
  + Remove configobj a_to_u calls (#1632) [Stefano Rivera]
  + cc_debug: Drop this module (#1614) [Alberto Contreras]
  + schema: add aggregate descriptions in anyOf/oneOf (#1636)
  + testing: migrate test_sshutil to pytest (#1617) [Alberto Contreras]
  + testing: Fix test_ca_certs integration test (#1626) [Alberto Contreras]
  + testing: add support for pycloudlib's pro images (#1604)
    [Alberto Contreras]
  + testing: migrate test_cc_set_passwords to pytest (#1615)
    [Alberto Contreras]
  + network: add system_info network activator cloud.cfg overrides (#1619)
    (LP: #1958377)
  + docs: Align git remotes with uss-tableflip setup (#1624)
    [Alberto Contreras]
  + testing: cover active config module checks (#1609) [Alberto Contreras]
  + lxd: lvm avoid thinpool when kernel module absent
  + lxd: enable MTU configuration in cloud-init
  + doc: pin doc8 to last passing version
  + cc_set_passwords fixes (#1590)
  + Modernise importer.py and type ModuleDetails (#1605) [Alberto Contreras]
  + config: Def activate_by_schema_keys for t-z (#1613) [Alberto Contreras]
  + config: define activate_by_schema_keys for p-r mods (#1611)
    [Alberto Contreras]
  + clean: add param to remove /etc/machine-id for golden image creation
  + config: define `activate_by_schema_keys` for a-f mods (#1608)
    [Alberto Contreras]
  + config: define activate_by_schema_keys for s mods (#1612)
    [Alberto Contreras]
  + sources/azure: reorganize tests for network config (#1586)
  + [Chris Patterson]
  + config: Define activate_by_schema_keys for g-n mods (#1610)
    [Alberto Contreras]
  + meta-schema: add infra to skip inapplicable modules [Alberto Contreras]
  + sources/azure: don't set cfg["/password"/] for default user pw (#1592)
    [Chris Patterson]
  + schema: activate grub-dpkg deprecations (#1600) [Alberto Contreras]
  + docs: clarify user password purposes (#1593)
  + cc_lxd: Add btrfs and lvm lxd storage options (SC-1026) (#1585)
  + archlinux: Fix distro naming[1] (#1601) [Kristian Klausen]
  + cc_ubuntu_autoinstall: support live-installer autoinstall config
  + clean: allow third party cleanup scripts in /etc/cloud/clean.d (#1581)
  + sources/azure: refactor chassis asset tag handling (#1574)
    [Chris Patterson]
  + Add "/netcho"/ as contributor (#1591) [Kaloyan Kotlarski]
  + testing: drop impish support (#1596) [Alberto Contreras]
  + black: fix missed formatting issue which landed in main (#1594)
  + bsd: Don't assume that root user is in root group (#1587)
  + docs: Fix comment typo regarding use of packages (#1582)
    [Peter Mescalchin]
  + Update govc command in VMWare walkthrough (#1576) [manioo8]
  + Update .github-cla-signers (#1588) [Daniel Mullins]
  + Rename the openmandriva user to omv (#1575) [Bernhard Rosenkraenzer]
  + sources/azure: increase read-timeout to 60 seconds for wireserver
    (#1571) [Chris Patterson]
  + Resource leak cleanup (#1556)
  + testing: remove appereances of FakeCloud (#1584) [Alberto Contreras]
  + Fix expire passwords for hashed passwords (#1577)
    [Sadegh Hayeri] (LP: #1979065)
  + mounts: fix suggested_swapsize for > 64GB hosts (#1569) [Steven Stallion]
  + Update chpasswd schema to deprecate password parsing (#1517)
  + tox: Remove entries from default envlist (#1578) (LP: #1980854)
  + tests: add test for parsing static dns for existing devices (#1557)
    [Jonas Konrad]
  + testing: port cc_ubuntu_advantage test to pytest (#1559)
    [Alberto Contreras]
  + Schema deprecation handling (#1549) [Alberto Contreras]
  + Enable pytest to run in parallel (#1568)
  + sources/azure: refactor ovf-env.xml parsing (#1550) [Chris Patterson]
  + schema: Force stricter validation (#1547)
  + ubuntu advantage config: http_proxy, https_proxy (#1512)
    [Fabian Lichtenegger-Lukas]
  + net: fix interface matching support (#1552) (LP: #1979877)
  + Fuzz testing jsonchema (#1499) [Alberto Contreras]
  + testing: Wait for changed boot-id in test_status.py (#1548)
  + CI: Fix GH pinned-format jobs (#1558) [Alberto Contreras]
  + Typo fix (#1560) [Jaime Hablutzel]
  + tests: mock dns lookup that causes long timeouts (#1555)
  + tox: add unpinned env for do_format and check_format (#1554)
  + cc_ssh_import_id: Substitute deprecated warn (#1553) [Alberto Contreras]
  + Remove schema errors from log (#1551) (LP: #1978422) (CVE-2022-2084)
  + Update WebHookHandler to run as background thread (SC-456) (#1491)
    (LP: #1910552)
  + testing: Don't run custom cloud dir test on Bionic (#1542)
  + bash completion: update schema command (#1543) (LP: #1979547)
  + CI: add non-blocking run against the linters tip versions (#1531)
    [Paride Legovini]
  + Change groups within the users schema to support lists and strings
    (#1545) [RedKrieg]
  + make it clear which username should go in the contributing doc (#1546)
  + Pin setuptools for Travis (SC-1136) (#1540)
  + Fix LXD datasource crawl when BOOT enabled (#1537)
  + testing: Fix wrong path in dual stack test (#1538)
  + cloud-config: honor cloud_dir setting (#1523)
    [Alberto Contreras] (LP: #1976564)
  + Add python3-debconf to pkg-deps.json Build-Depends (#1535)
    [Alberto Contreras]
  + redhat spec: udev/rules.d lives under /usr/lib on rhel-based systems
    (#1536)
  + tests/azure: add test coverage for DisableSshPasswordAuthentication
    (#1534) [Chris Patterson]
  + summary: Add david-caro to the cla signers (#1527) [David Caro]
  + Add support for OpenMandriva (https://openmandriva.org/) (#1520)
    [Bernhard Rosenkraenzer]
  + tests/azure: refactor ovf creation (#1533) [Chris Patterson]
  + Improve DataSourceOVF error reporting when script disabled (#1525) [rong]
  + tox: integration-tests-jenkins: softfail if only some test failed
    (#1528) [Paride Legovini]
  + CI: drop linters from Travis CI (moved to GH Actions) (#1530)
    [Paride Legovini]
  + sources/azure: remove unused encoding support for customdata (#1526)
    [Chris Patterson]
  + sources/azure: remove unused metadata captured when parsing ovf (#1524)
    [Chris Patterson]
  + sources/azure: remove dscfg parsing from ovf-env.xml (#1522)
    [Chris Patterson]
  + Remove extra space from ec2 dual stack crawl message (#1521)
  + tests/azure: use namespaces in generated ovf-env.xml documents (#1519)
    [Chris Patterson]
  + setup.py: adjust udev/rules default path (#1513)
    [Emanuele Giuseppe Esposito]
  + Add python3-deconf dependency (#1506) [Alberto Contreras]
  + Change match macadress param for network v2 config (#1518)
    [Henrique Caricatti Capozzi]
  + sources/azure: remove unused userdata property from ovf (#1516)
    [Chris Patterson]
  + sources/azure: minor refactoring to network config generation (#1497)
    [Chris Patterson]
  + net: Implement link-local ephemeral ipv6
  + Rename function to avoid confusion (#1501)
  + Fix cc_phone_home requiring 'tries' (#1500) (LP: #1977952)
  + datasources: replace networking functions with stdlib and cloudinit.net
  + code
  + Remove xenial references (#1472) [Alberto Contreras]
  + Oracle ds changes (#1474) [Alberto Contreras] (LP: #1967942)
  + improve runcmd docs (#1498)
  + add 3.11-dev to Travis CI (#1493)
  + Only run github actions on pull request (#1496)
  + Fix integration test client creation (#1494) [Alberto Contreras]
  + tox: add link checker environment, fix links (#1480)
  + cc_ubuntu_advantage: Fix doc (#1487) [Alberto Contreras]
  + cc_yum_add_repo: Fix repo id canonicalization (#1489)
    [Alberto Contreras] (LP: #1975818)
  + Add linitio as contributor in the project (#1488) [Kevin Allioli]
  + net-convert: use yaml.dump for debugging python NetworkState obj (#1484)
    (LP: #1975907)
  + test_schema: no relative $ref URLs, replace $ref with local path (#1486)
  + cc_set_hostname: do not write "/localhost"/ when no hostname is given
  + (#1453) [Emanuele Giuseppe Esposito]
  + Update .github-cla-signers (#1478) [rong]
  + schema: write_files defaults, versions $ref full URL and add vscode
    (#1479)
  + docs: fix external links, add one more to the list (#1477)
  + doc: Document how to change module frequency (#1481)
  + tests: bump pycloudlib (#1482)
  + tests: bump pycloudlib pinned commit for kinetic Azure (#1476)
  + testing: fix test_status.py (#1475)
  + integration tests: If KEEP_INSTANCE = True, log IP (#1473)
  + Drop mypy excluded files (#1454) [Alberto Contreras]
  + Docs additions (#1470)
  + Add "/formatting tests"/ to Github Actions
  + Remove unused arguments in function signature (#1471)
  + Changelog: correct errant classification of LP issues as GH (#1464)
  + Use Network-Manager and Netplan as default renderers for RHEL and Fedora
    (#1465) [Emanuele Giuseppe Esposito]
  From 22.2
  + Fix test due to caplog incompatibility (#1461) [Alberto Contreras]
  + Align rhel custom files with upstream (#1431)
    [Emanuele Giuseppe Esposito]
  + cc_write_files: Improve schema. (#1460) [Alberto Contreras]
  + cli: Redact files with permission errors in commands (#1440)
  + [Alberto Contreras] (LP: #1953430)
  + Improve cc_set_passwords. (#1456) [Alberto Contreras]
  + testing: make fake cloud-init wait actually wait (#1459)
  + Scaleway: Fix network configuration for netplan 0.102 and later (#1455)
    [Maxime Corbin]
  + Fix 'ephmeral' typos in disk names(#1452) [Mike Hucka]
  + schema: version schema-cloud-config-v1.json (#1424)
  + cc_modules: set default meta frequency value when no config available
    (#1457)
  + Log generic warning on non-systemd systems. (#1450) [Alberto Contreras]
  + cc_snap.maybe_install_squashfuse no longer needed in Bionic++. (#1448)
    [Alberto Contreras]
  + Drop support of *-sk keys in cc_ssh (#1451) [Alberto Contreras]
  + testing: Fix console_log tests (#1437)
  + tests: cc_set_passoword update for systemd, non-systemd distros  (#1449)
  + Fix bug in url_helper/dual_stack() logging (#1426)
  + schema: render schema paths from _CustomSafeLoaderWithMarks (#1391)
  + testing: Make integration tests kinetic friendly (#1441)
  + Handle error if SSH service no present. (#1422)
    [Alberto Contreras] (LP: #1969526)
  + Fix network-manager activator availability and order (#1438)
  + sources/azure: remove reprovisioning marker (#1414) [Chris Patterson]
  + upstart: drop vestigial support for upstart (#1421)
  + testing: Ensure NoCloud detected in test (#1439)
  + Update .github-cla-signers kallioli [Kevin Allioli]
  + Consistently strip top-level network key (#1417) (LP: #1906187)
  + testing: Fix LXD VM metadata test (#1430)
  + testing: Add NoCloud setup for NoCloud test (#1425)
  + Update linters and adapt code for compatibility (#1434) [Paride Legovini]
  + run-container: add support for LXD VMs (#1428) [Paride Legovini]
  + integration-reqs: bump pycloudlib pinned commit (#1427) [Paride Legovini]
  + Fix NoCloud docs (#1423)
  + Docs fixes (#1406)
  + docs: Add docs for module creation (#1415)
  + Remove cheetah from templater (#1416)
  + tests: verify_ordered_items fallback to re.escape if needed (#1420)
  + Misc module cleanup (#1418)
  + docs: Fix doc warnings and enable errors (#1419)
    [Alberto Contreras] (LP: #1876341)
  + Refactor cloudinit.sources.NetworkConfigSource to enum (#1413)
    [Alberto Contreras] (LP: #1874875)
  + Don't fail if IB and Ethernet devices 'collide' (#1411)
  + Use cc_* module meta defintion over hardcoded vars (SC-888) (#1385)
  + Fix cc_rsyslog.py initialization (#1404) [Alberto Contreras]
  + Promote cloud-init schema from devel to top level subcommand (#1402)
  + mypy: disable missing imports warning for httpretty (#1412)
    [Chris Patterson]
  + users: error when home should not be created AND ssh keys provided
    [Jeffrey 'jf' Lim]
  + Allow growpart to resize encrypted partitions (#1316)
  + Fix typo in integration_test.rst (#1405) [Alberto Contreras]
  + cloudinit.net refactor: apply_network_config_names (#1388)
    [Alberto Contreras] (LP: #1884602)
  + tests/azure: add fixtures for hardcoded paths (markers and data_dir)
    (#1399) [Chris Patterson]
  + testing: Add responses workaround for focal/impish (#1403)
  + cc_ssh_import_id: fix is_key_in_nested_dict to avoid early False
  + Fix ds-identify not detecting NoCloud seed in config (#1381)
    (LP: #1876375)
  + sources/azure: retry dhcp for failed processes (#1401) [Chris Patterson]
  + Move notes about refactorization out of CONTRIBUTING.rst (#1389)
  + Shave ~8ms off generator runtime (#1387)
  + Fix provisioning dhcp timeout to 20 minutes (#1394) [Chris Patterson]
  + schema: module example strict testing fix seed_random
  + cc_set_hostname: examples small typo (perserve vs preserve)
    [Wouter Schoot]
  + sources/azure: refactor http_with_retries to remove **kwargs (#1392)
    [Chris Patterson]
  + declare dependency on ssh-import-id (#1334)
  + drop references to old dependencies and old centos script
  + sources/azure: only wait for primary nic to be attached during restore
    (#1378) [Anh Vo]
  + cc_ntp: migrated legacy schema to cloud-init-schema.json (#1384)
  + Network functions refactor and bugfixes (#1383)
  + schema: add JSON defs for modules cc_users_groups (#1379)
    (LP: #1858930)
  + Fix doc typo (#1382) [Alberto Contreras]
  + Add support for dual stack IPv6/IPv4 IMDS to Ec2 (#1160)
  + Fix KeyError when rendering sysconfig IPv6 routes (#1380) (LP: #1958506)
  + Return a namedtuple from subp() (#1376)
  + Mypy stubs and other tox maintenance (SC-920) (#1374)
  + Distro Compatibility Fixes (#1375)
  + Pull in Gentoo patches (#1372)
  + schema: add json defs for modules U-Z (#1360)
    (LP: #1858928, #1858929, #1858931, #1858932)
  + util: atomically update sym links to avoid Suppress FileNotFoundError
  + when reading status (#1298) [Adam Collard] (LP: #1962150)
  + schema: add json defs for modules scripts-timezone (SC-801) (#1365)
  + docs: Add first tutorial (SC-900) (#1368)
  + BUG 1473527: module ssh-authkey-fingerprints fails Input/output error…
    (#1340) [Andrew Lee] (LP: #1473527)
  + add arch hosts template (#1371)
  + ds-identify: detect LXD for VMs launched from host with > 5.10 kernel
    (#1370) (LP: #1968085)
  + Support EC2 tags in instance metadata (#1309) [Eduardo Dobay]
  + schema: add json defs for modules e-install (SC-651) (#1366)
  + Improve "/(no_create_home|system): true"/ test (#1367) [Jeffrey 'jf' Lim]
  + Expose https_proxy env variable to ssh-import-id cmd (#1333)
    [Michael Rommel]
  + sources/azure: remove bind/unbind logic for hot attached nic (#1332)
    [Chris Patterson]
  + tox: add types-* packages to check_format env (#1362)
  + tests: python 3.10 is showing up in cloudimages (#1364)
  + testing: add additional mocks to test_net tests (#1356) [yangzz-97]
  + schema: add JSON schema for mcollective, migrator and mounts modules
    (#1358)
  + Honor system locale for RHEL (#1355) [Wei Shi]
  + doc: Fix typo in cloud-config-run-cmds.txt example (#1359) [Ali Shirvani]
  + ds-identify: also discover LXD by presence from DMI board_name = LXD
    (#1311)
  + black: bump pinned version to 22.3.0 to avoid click dependency issues
    (#1357)
  + Various doc fixes (#1330)
  + testing: Add missing is_FreeBSD mock to networking test (#1353)
  + Add --no-update to add-apt-repostory call (SC-880) (#1337)
  + schema: add json defs for modules K-L (#1321)
    (LP: #1858899, #1858900, #1858901, #1858902)
  + docs: Re-order readthedocs install (#1354)
  + Stop cc_ssh_authkey_fingerprints from ALWAYS creating home (#1343)
    [Jeffrey 'jf' Lim]
  + docs: add jinja2 pin (#1352)
  + Vultr: Use find_candidate_nics, use ipv6 dns (#1344) [eb3095]
  + sources/azure: move get_ip_from_lease_value out of shim (#1324)
    [Chris Patterson]
  + Fix cloud-init status --wait when no datasource found (#1349)
    (LP: #1966085)
  + schema: add JSON defs for modules resize-salt (SC-654) (#1341)
  + Add myself as a future contributor (#1345) [Neal Gompa (ニール・ゴンパ)]
  + Update .github-cla-signers (#1342) [Jeffrey 'jf' Lim]
  + add Requires=cloud-init-hotplugd.socket in cloud-init-hotplugd.service
  + file (#1335) [yangzz-97]
  + Fix sysconfig render when set-name is missing (#1327)
    [Andrew Kutz] (LP: #1855945)
  + Refactoring helper funcs out of NetworkState (#1336) [Andrew Kutz]
  + url_helper: add tuple support for readurl timeout (#1328)
    [Chris Patterson]
  + Make fs labels match for ds-identify and docs (#1329)
  + Work around bug in LXD VM detection (#1325)
  + Remove redundant generator logs (#1318)
  + tox: set verbose flags for integration tests (#1323) [Chris Patterson]
  + net: introduce find_candidate_nics() (#1313) [Chris Patterson]
  + Revert "/Ensure system_cfg read before ds net config on Oracle (#1174)"/
    (#1326)
  + Add vendor_data2 support for ConfigDrive source (#1307) [cvstealth]
  + Make VMWare data source test host independent and expand testing (#1308)
    [Robert Schweikert]
  + Add json schemas for modules starting with P
  + sources/azure: remove lease file parsing (#1302) [Chris Patterson]
  + remove flaky test from ci (#1322)
  + ci: Switch to python 3.10 in Travis CI (#1320)
  + Better interface handling for Vultr, expect unexpected DHCP servers
    (#1297) [eb3095]
  + Remove unused init local artifact (#1315)
  + Doc cleanups (#1317)
  + docs improvements (#1312)
  + add support for jinja do statements, add unit test (#1314)
    [Paul Bruno] (LP: #1962759)
  + sources/azure: prevent tight loops for DHCP retries (#1285)
    [Chris Patterson]
  + net/dhcp: surface type of DHCP lease failure to caller (#1276)
    [Chris Patterson]
  + Stop hardcoding systemctl location (#1278) [Robert Schweikert]
  + Remove python2 syntax from docs (#1310)
  + [tools/migrate-lp-user-to-github] Rename master branch to main (#1301)
    [Adam Collard]
  + redhat: Depend on "/hostname"/ package (#1288) [Lubomir Rintel]
  + Add native NetworkManager support (#1224) [Lubomir Rintel]
  + Fix link in CLA check to point to contribution guide. (#1299)
    [Adam Collard]
  + check for existing symlink while force creating symlink (#1281)
    [Shreenidhi Shedi]
  + Do not silently ignore integer uid (#1280) (LP: #1875772)
  + tests: create a IPv4/IPv6 VPC in Ec2 integration tests (#1291)
  + Integration test fix ppa  (#1296)
  + tests: on official EC2. cloud-id actually startswith aws not ec2 (#1289)
  + test_ppa_source: accept both http and https URLs (#1292)
    [Paride Legovini]
  + Fix apt test on azure
  + add "/lkundrak"/ as contributor [Lubomir Rintel]
  + Holmanb/integration test fix ppa (#1287)
  + Include missing subcommand in manpage (#1279)
  + Clean up artifacts from pytest, packaging, release with make clean
    (#1277)
  + sources/azure: ensure retries on IMDS request failure (#1271)
    [Chris Patterson]
  + sources/azure: removed unused savable PPS paths (#1268) [Chris Patterson]
  + integration tests: fix Azure failures (#1269)
  From 22.1
  + sources/azure: report ready in local phase (#1265) [Chris Patterson]
  + sources/azure: validate IMDS network configuration metadata (#1257)
    [Chris Patterson]
  + docs: Add more details to runcmd docs (#1266)
  + use PEP 589 syntax for TypeDict (#1253)
  + mypy: introduce type checking (#1254) [Chris Patterson]
  + Fix extra ipv6 issues, code reduction and simplification (#1243) [eb3095]
  + tests: when generating crypted password, generate in target env (#1252)
  + sources/azure: address mypy/pyright typing complaints (#1245)
    [Chris Patterson]
  + Docs for x-shellscript* userdata (#1260)
  + test_apt_security: azure platform has specific security URL overrides
    (#1263)
  + tests: lsblk --json output changes mountpoint key to mountpoinst []
    (#1261)
  + mounts: fix mount opts string for ephemeral disk (#1250)
    [Chris Patterson]
  + Shell script handlers by freq (#1166) [Chris Lalos]
  + minor improvements to documentation (#1259) [Mark Esler]
  + cloud-id: publish /run/cloud-init/cloud-id-<cloud-type> files (#1244)
  + add "/eslerm"/ as contributor (#1258) [Mark Esler]
  + sources/azure: refactor ssh key handling (#1248) [Chris Patterson]
  + bump pycloudlib (#1256)
  + sources/hetzner: Use EphemeralDHCPv4 instead of static configuration
    (#1251) [Markus Schade]
  + bump pycloudlib version (#1255)
  + Fix IPv6 netmask format for sysconfig (#1215) [Harald] (LP: #1959148)
  + sources/azure: drop debug print (#1249) [Chris Patterson]
  + tests: do not check instance.pull_file().ok() (#1246)
  + sources/azure: consolidate ephemeral DHCP configuration (#1229)
    [Chris Patterson]
  + cc_salt_minion freebsd fix for rc.conf (#1236)
  + sources/azure: fix metadata check in _check_if_nic_is_primary() (#1232)
    [Chris Patterson]
  + Add _netdev option to mount Azure ephemeral disk (#1213) [Eduardo Otubo]
  + testing: stop universally overwriting /etc/cloud/cloud.cfg.d (#1237)
  + Integration test changes (#1240)
  + Fix Gentoo Locales (#1205)
  + Add "/slingamn"/ as contributor (#1235) [Shivaram Lingamneni]
  + integration: do not LXD bind mount /etc/cloud/cloud.cfg.d (#1234)
  + Integration testing docs and refactor (#1231)
  + vultr: Return metadata immediately when found (#1233) [eb3095]
  + spell check docs with spellintian (#1223)
  + docs: include upstream python version info (#1230)
  + Schema a d (#1211)
  + Move LXD to end ds-identify DSLIST (#1228) (LP: #1959118)
  + fix parallel tox execution (#1214)
  + sources/azure: refactor _report_ready_if_needed and _poll_imds (#1222)
    [Chris Patterson]
  + Do not support setting up archive.canonical.com as a source (#1219)
    [Steve Langasek] (LP: #1959343)
  + Vultr: Fix lo being used for DHCP, try next on cmd fail (#1208) [eb3095]
  + sources/azure: refactor _should_reprovision[_after_nic_attach]() logic
    (#1206) [Chris Patterson]
  + update ssh logs to show ssh private key gens pub and simplify code
    (#1221) [Steve Weber]
  + Remove mitechie from stale PR github action (#1217)
  + Include POST format in cc_phone_home docs (#1218) (LP: #1959149)
  + Add json parsing of ip addr show (SC-723) (#1210)
  + cc_rsyslog: fix typo in docstring (#1207) [Louis Sautier]
  + Update .github-cla-signers (#1204) [Chris Lalos]
  + sources/azure: drop unused case in _report_failure() (#1200)
    [Chris Patterson]
  + sources/azure: always initialize _ephemeral_dhcp_ctx on unpickle (#1199)
    [Chris Patterson]
  + Add support for gentoo templates and cloud.cfg (#1179) [vteratipally]
  + sources/azure: unpack ret tuple in crawl_metadata() (#1194)
    [Chris Patterson]
  + tests: focal caplog has whitespace indentation for multi-line logs
    (#1201)
  + Seek interfaces, skip dummy interface, fix region codes (#1192) [eb3095]
  + integration: test against the Ubuntu daily images (#1198)
    [Paride Legovini]
  + cmd: status and cloud-id avoid change in behavior for 'not run' (#1197)
  + tox: pass PYCLOUDLIB_* env vars into integration tests when present
    (#1196)
  + sources/azure: set ovf_is_accessible when OVF is read successfully
    (#1193) [Chris Patterson]
  + Enable OVF environment transport via ISO in example (#1195) [Megian]
  + sources/azure: consolidate DHCP variants to EphemeralDHCPv4WithReporting
    (#1190) [Chris Patterson]
  + Single JSON schema validation in early boot (#1175)
  + Add DatasourceOVF network-config propery to Ubuntu OVF example (#1184)
    [Megian]
  + testing: support pycloudlib config file (#1189)
  + Ensure system_cfg read before ds net config on Oracle (SC-720) (#1174)
    (LP: #1956788)
  + Test Optimization Proposal (SC-736) (#1188)
  + cli: cloud-id report not-run or disabled state as cloud-id (#1162)
  + Remove distutils usage (#1177) [Shreenidhi Shedi]
  + add .python-version to gitignore (#1186)
  + print error if datasource import fails (#1170)
    [Emanuele Giuseppe Esposito]
  + Add new config module to set keyboard layout (#1176)
    [maxnet] (LP: #1951593)
  + sources/azure: rename metadata_type -> MetadataType (#1181)
    [Chris Patterson]
  + Remove 3.5 and xenial support (SC-711) (#1167)
  + tests: mock LXD datasource detection in ds-identify on LXD containers
    (#1178)
  + pylint: silence errors on compat code for old jsonschema (#1172)
    [Paride Legovini]
  + testing: Add 3.10 Test Coverage (#1173)
  + Remove unittests from integration test job in travis (#1141)
  + Don't throw exceptions for empty cloud config (#1130)
  + bsd/resolv.d/ avoid duplicated entries (#1163) [Gonéri Le Bouder]
  + sources/azure: do not persist failed_desired_api_version flag (#1159)
    [Chris Patterson]
  + Update cc_ubuntu_advantage calls to assume-yes (#1158)
    [John Chittum] (LP: #1954842)
  + openbsd: properly restart the network on 7.0 (#1150) [Gonéri Le Bouder]
  + Add .git-blame-ignore-revs (#1161)
  + Adopt Black and isort (SC-700) (#1157)
  + Include dpkg frontend lock in APT_LOCK_FILES (#1153)
  + tests/cmd/query: fix test run as root and add coverage for defaults
    (#1156) [Chris Patterson] (LP: #1825027)
  + Schema processing changes (SC-676) (#1144)
  + Add dependency workaround for impish in bddeb (#1148)
  + netbsd: install new dep packages (#1151) [Gonéri Le Bouder]
  + find_devs_with_openbsd: ensure we return the last entry (#1149)
    [Gonéri Le Bouder]
  + sources/azure: remove unnecessary hostname bounce (#1143)
    [Chris Patterson]
  + find_devs/openbsd: accept ISO on disk (#1132)
    [Gonéri Le Bouder]
  + Improve error log message when mount failed (#1140) [Ksenija Stanojevic]
  + add KsenijaS as a contributor (#1145) [Ksenija Stanojevic]
  + travis - don't run integration tests if no deb (#1139)
  + factor out function for getting top level directory of cloudinit (#1136)
  + testing: Add deterministic test id (#1138)
  + mock sleep() in azure test (#1137)
  + Add miraclelinux support (#1128) [Haruki TSURUMOTO]
  + docs: Make MACs lowercase in network config (#1135) (LP: #1876941)
  + Add Strict Metaschema Validation (#1101)
  + update dead link (#1133)
  + cloudinit/net: handle two different routes for the same ip (#1124)
    [Emanuele Giuseppe Esposito]
  + docs: pin mistune dependency (#1134)
  + Reorganize unit test locations under tests/unittests (#1126)
  + Fix exception when no activator found (#1129) (LP: #1948681)
  + jinja: provide and document jinja-safe key aliases in instance-data
    (SC-622) (#1123)
  + testing: Remove date from final_message test (SC-638) (#1127)
  + Move GCE metadata fetch to init-local (SC-502) (#1122)
  + Fix missing metadata routes for vultr (#1125) [eb3095]
  + cc_ssh_authkey_fingerprints.py: prevent duplicate messages on console
    (#1081) [dermotbradley]
  + sources/azure: remove unused remnants related to agent command (#1119)
    [Chris Patterson]
  + github: update PR template's contributing URL (#1120) [Chris Patterson]
  + docs: Rename HACKING.rst to CONTRIBUTING.rst (#1118)
  + testing: monkeypatch system_info call in unit tests (SC-533) (#1117)
  + Fix Vultr timeout and wait values (#1113) [eb3095]
  + lxd: add preference for LXD cloud-init.* config keys over user keys
    (#1108)
  + VMware: source /etc/network/interfaces.d/* on Debian
    [chengcheng-chcheng] (LP: #1950136)
  + Add cjp256 as contributor (#1109) [Chris Patterson]
  + integration_tests: Ensure log directory exists before symlinking to it
    (#1110)
  + testing: add growpart integration test (#1104)
  + integration_test: Speed up CI run time (#1111)
  + Some miscellaneous integration test fixes (SC-606) (#1103)
  + tests: specialize lxd_discovery test for lxd_vm vendordata (#1106)
  + Add convenience symlink to integration test output (#1105)
  + Fix for set-name bug in networkd renderer (#1100)
    [Andrew Kutz] (LP: #1949407)
  + Wait for apt lock (#1034) (LP: #1944611)
  + testing: stop chef test from running on openstack (#1102)
  + alpine.py: add options to the apk upgrade command (#1089) [dermotbradley]
containerd
- Update to containerd v1.6.21 for Docker v23.0.6-ce. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.21> bsc#1211578
- Require a minimum Go version explicitly rather than using golang(API).
  Fixes the change for bsc#1210298.
[ This was only released in SLE. ]
- unversion to golang requires to always use the current default go.
  (bsc#1210298)
- Update to containerd v1.6.20 for Docker v23.0.4-ce. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.20>
cups
- cups-2.2.7-CVE-2023-34241.patch fixes CVE-2023-34241
  "/use-after-free in cupsdAcceptClient()"/
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25
  bsc#1212230
- cups-2.2.7-CVE-2023-32324.patch fixes CVE-2023-32324
  "/Heap buffer overflow in cupsd"/
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
  bsc#1211643
curl
  * [bsc#1211230, CVE-2023-28319] use-after-free in SSH sha256
    fingerprint check.
  - Add curl-CVE-2023-28319.patch
  * [bsc#1211231, CVE-2023-28320] siglongjmp race condition
  - Add curl-CVE-2023-28320.patch
  * [bsc#1211232, CVE-2023-28321] IDN wildcard matching
  - Add curl-CVE-2023-28321.patch
  * [bsc#1211233, CVE-2023-28322] POST-after-PUT confusion
  - Add curl-CVE-2023-28322.patch
- Update to 8.0.1: [jsc#PED-2580]
  * Rebase curl-secure-getenv.patch
  * Remove patches fixed in the update:
  - curl-CVE-2022-22576.patch curl-CVE-2022-27776.patch
  - curl-CVE-2022-27781.patch curl-CVE-2022-27782.patch
  - curl-CVE-2022-32206.patch curl-CVE-2022-32208.patch
  - curl-CVE-2022-32221.patch curl-CVE-2022-35252.patch
  - curl-CVE-2022-43552.patch curl-CVE-2023-23916.patch
  - curl-CVE-2022-27774.patch curl-CVE-2022-27774-2.patch
  - curl-CVE-2022-27774-disabletest-1568.patch
  - curl-CVE-2022-27775.patch curl-CVE-2022-32205.patch
  - curl-CVE-2022-32207.patch curl-CVE-2022-42916.patch
  - curl-CVE-2022-43551.patch curl-CVE-2023-23914-23915.patch
  - curl-CVE-2023-27533.patch curl-CVE-2023-27533-no-sscanf.patch
  - curl-CVE-2023-27534.patch curl-CVE-2023-27535.patch
  - curl-CVE-2023-27536.patch curl-CVE-2023-27538.patch
- Update to 8.0.1:
  * Bugfixes:
  - fix crash in curl_easy_cleanup
- Update to 8.0.0:
  * Security fixes:
  - TELNET option IAC injection [bsc#1209209, CVE-2023-27533]
  - SFTP path ~ resolving discrepancy [bsc#1209210, CVE-2023-27534]
  - FTP too eager connection reuse [bsc#1209211, CVE-2023-27535]
  - GSS delegation too eager connection re-use [bsc#1209212, CVE-2023-27536]
  - HSTS double-free [bsc#1209213, CVE-2023-27537]
  - SSH connection too eager reuse still [bsc#1209214, CVE-2023-27538]
  * Changes:
  - build: remove support for curl_off_t < 8 bytes
  * Bugfixes:
  - aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3
  - BINDINGS: add Fortran binding
  - cf-socket: use port 80 when resolving name for local bind
  - cookie: don't load cookies again when flushing
  - curl_path: create the new path with dynbuf
  - CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe
  - DYNBUF.md: note Curl_dyn_add* calls Curl_dyn_free on failure
  - ftp: active mode with SSL, add the filter
  - hostip: avoid sscanf and extra buffer copies
  - http2: fix for http2-prior-knowledge when reusing connections
  - http2: fix handling of RST and GOAWAY to recognize partial transfers
  - http: don't send 100-continue for short PUT requests
  - http: fix unix domain socket use in https connects
  - libssh: use dynbuf instead of realloc
  - ngtcp2-gnutls.yml: bump to gnutls 3.8.0
  - sectransp: make read_cert() use a dynbuf when loading
  - telnet: only accept option arguments in ascii
  - telnet: parse telnet options without sscanf
  - url: fix the SSH connection reuse check
  - url: only reuse connections with same GSS delegation
  - urlapi: '%' is illegal in host names
  - ws: keep the socket non-blocking
  * Rebase libcurl-ocloexec.patch
- Security fixes:
- Update to 7.88.1:
  * Bugfix release
- Drop upstreamed patch:
  * curl-fix-uninitialized-value-in-tests.patch
- Update to 7.88.0: [bsc#1207990, CVE-2023-23914]
  [bsc#1207991, CVE-2023-23915] [bsc#1207992, CVE-2023-23916]
  * Security fixes:
  - CVE-2023-23914: HSTS ignored on multiple requests
  - CVE-2023-23915: HSTS amnesia with --parallel
  - CVE-2023-23916: HTTP multi-header compression denial of service
  * Changes:
  - curl.h: add CURL_HTTP_VERSION_3ONLY
  - share: add sharing of HSTS cache among handles
  - src: add --http3-only
  - tool_operate: share HSTS between handles
  - urlapi: add CURLU_PUNYCODE
  - writeout: add %{certs} and %{num_certs}
  * Bugfixes:
  - cf-socket: keep sockaddr local in the socket filters
  - cfilters:Curl_conn_get_select_socks: use the first non-connected filter
  - curl.h: allow up to 10M buffer size
  - curl.h: mark CURLSSLBACKEND_MESALINK as deprecated
  - curl/websockets.h: extend the websocket frame struct
  - curl: output warning at --verbose output for debug-enabled version
  - curl_free.3: fix return type of `curl_free`
  - curl_log: for failf/infof and debug logging implementations
  - dict: URL decode the entire path always
  - docs/DEPRECATE.md: deprecate gskit
  - easyoptions: fix header printing in generation script
  - haxproxy: send before TLS handhshake
  - hsts.d: explain hsts more
  - hsts: handle adding the same host name again
  - HTTP/[23]: continue upload when state.drain is set
  - http: decode transfer encoding first
  - http_aws_sigv4: remove typecasts from HMAC_SHA256 macro
  - http_proxy: do not assign data->req.p.http use local copy
  - lib: connect/h2/h3 refactor
  - libssh2: try sha2 algos for hostkey methods
  - md4: fix build with GnuTLS + OpenSSL v1
  - ngtcp2: replace removed define and stop using removed function
  - noproxy: support for space-separated names is deprecated
  - nss: implement data_pending method
  - openldap: fix missing sasl symbols at build in specific configs
  - openssl: adapt to boringssl's error code type
  - openssl: don't ignore CA paths when using Windows CA store (redux)
  - openssl: don't log raw record headers
  - openssl: make the BIO_METHOD a local variable in the connection filter
  - openssl: only use CA_BLOB if verifying peer
  - openssl: remove attached easy handles from SSL instances
  - openssl: store the CA after first send (ClientHello)
  - setopt: use >, not >=, when checking if uarg is larger than uint-max
  - smb: return error on upload without size
  - socketpair: allow localhost MITM sniffers
  - strdup: name it Curl_strdup
  - tool_getparam: fix hiding of command line secrets
  - tool_operate: fix error codes on bad URL & OOM
  - tool_operate: repair --rate
  - transfer: break the read loop when RECV is cleared
  - typecheck: accept expressions for option/info parameters
  - urlapi: avoid Curl_dyn_addf() for hex outputs
  - urlapi: skip path checks if path is just "//"/
  - urlapi: skip the extra dedotdot alloc if no dot in path
  - urldata: cease storing TLS auth type
  - urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP
  - urldata: make set.http200aliases conditional on HTTP being present
  - urldata: move the cookefilelist to the 'set' struct
  - urldata: remove unused struct fields, made more conditional
  - vquic: stabilization and improvements
  - vtls: fix hostname handling in filters
  - vtls: manage current easy handle in nested cfilter calls
  - vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used
  * Rebase libcurl-ocloexec.patch
  * Fix regression tests: f1d09231adfc695d15995b9ef2c8c6e568c28091
  - runtests: fix "/uninitialized value $port"/
  - Add curl-fix-uninitialized-value-in-tests.patch
- Update to 7.87.0:
  * Security fixes:
  - CVE-2022-43551, bsc#1206308: another HSTS bypass via IDN
  - CVE-2022-43552, bsc#1206309: HTTP Proxy deny use-after-free
  * Changes
  - curl: add --url-query
  - CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit
  - lib: add CURL_WRITEFUNC_ERROR to signal write callback error
  - openssl: reduce CA certificate bundle reparsing by caching
  - version: add a feature names array to curl_version_info_data
  * Bugfixes
  - altsvc: fix rejection of negative port numbers
  - aws_sigv4: consult x-%s-content-sha256 for payload hash
  - aws_sigv4: fix typos in aws_sigv4.c
  - base64: better alloc size
  - base64: encode without using snprintf
  - base64: faster base64 decoding
  - build: assume assert.h is always available
  - build: assume errno.h is always available
  - c-hyper: CONNECT respones are not server responses
  - c-hyper: fix multi-request mechanism
  - CI: Change FreeBSD image from 12.3 to 12.4
  - CI: LGTM.com will be shut down in December 2022
  - ci: Remove zuul fuzzing job as it's superseded by CIFuzz
  - cmake: check for cross-compile, not for toolchain
  - CMake: fix build with `CURL_USE_GSSAPI`
  - cmake: really enable warnings with clang
  - cmake: set the soname on the shared library
  - cmdline-opts/gen.pl: fix the linkifier
  - cmdline-opts/page-footer: remove long option nroff formatting
  - config-mac: define HAVE_SYS_IOCTL_H
  - config-mac: fix typo: size_T -> size_t
  - config-mac: remove HAVE_SYS_SELECT_H
  - config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW
  - configure: require fork for NTLM-WB
  - contributors.sh: actually use $CURLWWW instead of just setting it
  - cookie: compare cookie prefixes case insensitively
  - cookie: expire cookies at once when max-age is negative
  - cookie: open cookie jar as a binary file
  - curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS
  - curl-rustls.m4: on macOS, rustls also needs the Security framework
  - curl.h: include <sys/select.h> on SerenityOS
  - curl.h: name all public function parameters
  - curl.h: reword comment to not use deprecated option
  - curl: override the numeric locale and set "/C"/ by force
  - curl: timeout in the read callback
  - curl_endian: remove Curl_write64_le from header
  - curl_get_line: allow last line without newline char
  - curl_path: do not add '/' if homedir ends with one
  - curl_url_get.3: remove spurious backtick
  - curl_url_set.3: document CURLU_DISALLOW_USER
  - curl_url_set.3: fix typo
  - CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE
  - CURLOPT_COOKIEFILE.3: advice => advise
  - CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example
  - CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "/raw"/
  - CURLOPT_POST.3: Explain setting to 0 changes request type
  - docs/curl_ws_send: Fixed typo in websocket docs
  - docs/EARLY-RELEASE.md: how to determine an early release
  - docs/examples: spell correction ('Retrieve')
  - docs/INSTALL.md: expand on static builds
  - docs/WEBSOCKET.md: explain the URL use
  - docs: add missing parameters for --retry flag
  - docs: add more "/SEE ALSO"/ links to CA related pages
  - docs: explain the noproxy CIDR notation support
  - docs: extend the dump-header documentation
  - docs: remove performance note in CURLOPT_SSL_VERIFYPEER
  - examples/10-at-a-time: fix possible skipped final transfers
  - examples: update descriptions
  - ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH
  - gen.pl: do not generate CURLHELP bitmask lines > 79 characters
  - GHA: clarify workflows permissions, set least possible privilege
  - GHA: NSS use clang instead of clang-9
  - gnutls: use common gnutls init and verify code for ngtcp2
  - headers: add endif comments
  - HTTP-COOKIES.md: mention that http://localhost is a secure context
  - HTTP-COOKIES.md: update the 6265bis link to draft-11
  - http: do not send PROXY more than once
  - http: fix the ::1 comparison for IPv6 localhost for cookies
  - http: set 'this_is_a_follow' in the Location: logic
  - http: use the IDN decoded name in HSTS checks
  - hyper: classify headers as CONNECT and 1XX
  - hyper: fix handling of hyper_task's when reusing the same address
  - idn: remove Curl_win32_ascii_to_idn
  - INSTALL: update operating systems and CPU archs
  - KNOWN_BUGS: remove eight entries
  - lib1560: add some basic IDN host name tests
  - lib: connection filters (cfilter) addition to curl:
  - lib: feature deprecation warnings in gcc >= 4.3
  - lib: fix some type mismatches and remove unneeded typecasts
  - lib: parse numbers with fixed known base 10
  - lib: remove bad set.opt_no_body assignments
  - lib: rewind BEFORE request instead of AFTER previous
  - lib: sync guard for Curl_getaddrinfo_ex() definition and use
  - lib: use size_t or int etc instead of longs
  - libcurl-errors.3: remove duplicate word
  - libssh2: return error when ssh_hostkeyfunc returns error
  - limit-rate.d: see also --rate
  - log2changes.pl: wrap long lines at 80 columns
  - Makefile.mk: address minor issues
  - Makefile.mk: improve a GNU Make hack
  - Makefile.mk: portable Makefile.m32
  - maketgz: set the right version in lib/libcurl.plist
  - mime: relax easy/mime structures binding
  - misc: Fix incorrect spelling
  - misc: remove duplicated include files
  - misc: typo and grammar fixes
  - negtelnetserver.py: have it call its close() method
  - netrc.d: provide mutext info
  - netware: remove leftover traces
  - noproxy: also match with adjacent comma
  - noproxy: guard against empty hostnames in noproxy check
  - noproxy: tailmatch like in 7.85.0 and earlier
  - nroff-scan.pl: detect double highlights
  - ntlm: improve comment for encrypt_des
  - ntlm: silence ubsan warning about copying from null target_info pointer
  - openssl/mbedtls: use %d for outputing port with failf (int)
  - openssl: prefix errors with '[lib]/[version]: '
  - os400: use platform socklen_t in Curl_getnameinfo_a
  - page-header: grammar improvement (display transfer rate)
  - proxy: refactor haproxy protocol handling as connection filter
  - README.md: remove badges and xmas-tree garnish
  - rtsp: fix RTSP auth
  - runtests: --no-debuginfod now disables DEBUGINFOD_URLS
  - runtests: do CRLF replacements per section only
  - scripts/checksrc.pl: detect duplicated include files
  - sendf: change Curl_read_plain to wrap Curl_recv_plain
  - sendf: remove unnecessary if condition
  - setup: do not require __MRC__ defined for Mac OS 9 builds
  - smb/telnet: do not free the protocol struct in *_done()
  - socks: fix username max size is 255 (0xFF)
  - spellcheck.words: remove 'github' as an accepted word
  - ssl-reqd.d: clarify that this is for upgrading connections only
  - strcase: use curl_str(n)equal for case insensitive matches
  - styled-output.d: this option does not work on Windows
  - system.h: fix socklen_t, curl_off_t, long long for Classic Mac OS
  - system.h: support 64-bit curl_off_t for NonStop 32-bit
  - test1421: fix typo
  - test3026: reduce runtime in legacy mingw builds
  - tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+
  - tests: add authorityInfoAccess to generated certs
  - tests: add HTTP/3 test case, custom location for proper nghttpx
  - tls: backends use connection filters for IO, enabling HTTPS-proxy
  - tool: determine the correct fopen option for -D
  - tool_cfgable: free the ssl_ec_curves on exit
  - tool_cfgable: make socks5_gssapi_nec a boolean
  - tool_formparse: avoid clobbering on function params
  - tool_getparam: make --no-get work as the opposite of --get
  - tool_operate: provide better errmsg for -G with bad URL
  - tool_operate: when aborting, make sure there is a non-NULL error buffer
  - tool_paramhlp: free the proto strings on exit
  - url: move back the IDN conversion of proxy names
  - urlapi: reject more bad letters from the host name: &+()
  - urldata: change port num storage to int and unsigned short
  - vms: remove SIZEOF_SHORT
  - vtls: fix build without proxy support
  - vtls: localization of state data in filters
  - WEBSOCKET.md: fix broken link
  - Websocket: fixes for partial frames and buffer updates
  - websockets: fix handling of partial frames
  - windows: fail early with a missing windres in autotools
  - windows: fix linking .rc to shared curl with autotools
  - winidn: drop WANT_IDN_PROTOTYPES
  - ws: if no connection is around, return error
  - ws: return CURLE_NOT_BUILT_IN when websockets not built in
  - x509asn1: avoid freeing unallocated pointers
- Add 1.50.0 as the minimum libnghttp2 build requirement version as
  a bandaid. Curl's 7.86.0 release introduces the use of
  nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation,
  introduced by nghttp2 1.50.0 release, without introducing a check
  for the function/right version in their build scripts. This will
  make Zypper/cURL unusable in some corner cases where users
  installing something that requires libcurl4 before doing full
  system upgrade, thus updating the cURL stack, but not
  libnghttp2's. Background: boo#1204983, Factory mailing list
  threadd:
  "/? broken dependency in curl and/or *zyp* ?"/, and forums thread:
  Curl-is-broken-after-an-update-which-subsequently-breaks-zypper.
- Update to 7.86.0:
  * Security fixes:
  - POST following PUT confusion [bsc#1204383, CVE-2022-32221]
  - .netrc parser out-of-bounds access [bsc#1204384, CVE-2022-35260]
  - HTTP proxy double-free [bsc#1204385, CVE-2022-42915]
  - HSTS bypass via IDN [bsc#1204386, CVE-2022-42916]
  * Changes:
  - NPN: remove support for and use of
  - Websockets: initial support
  * Bugfixes:
  - altsvc: reject bad port numbers
  - autotools: reduce brute-force when detecting recv/send arg list
  - aws_sigv4: fix header computation
  - cli tool: do not use disabled protocols
  - connect: change verbose IPv6 address:port to [address]:port
  - connect: fix builds without AF_INET6
  - connect: fix Curl_updateconninfo for TRNSPRT_UNIX
  - connect: fix the wrong error message on connect failures
  - content_encoding: use writer struct subclasses for different encodings
  - cookie: reject cookie names or content with TAB characters
  - curl/add_file_name_to_url: use the libcurl URL parser
  - curl/get_url_file_name: use libcurl URL parser
  - curl: warn for --ssl use, considered insecure
  - docs/libcurl/symbols-in-versions: add several missing symbols
  - ftp: ignore a 550 response to MDTM
  - functypes: provide the recv and send arg and return types
  - getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled
  - header: define public API functions as extern c
  - headers: reset the requests counter at transfer start
  - hostip: guard PF_INET6 use
  - hostip: lazily wait to figure out if IPv6 works until needed
  - http, vauth: always provide Curl_allow_auth_to_host() functionality
  - http2: make nghttp2 less picky about field whitespace
  - http: try parsing Retry-After: as a number first
  - http_proxy: restore the protocol pointer on error
  - lib: add missing limits.h includes
  - lib: prepare the incoming of additional protocols
  - lib: sanitize conditional exclusion around MIME
  - libssh: if sftp_init fails, don't get the sftp error code
  - mprintf: reject two kinds of precision for the same argument
  - mqtt: return error for too long topic
  - netrc: compare user name case sensitively
  - netrc: replace fgets with Curl_get_line
  - netrc: use the URL-decoded user
  - ngtcp2: fix build errors due to changes in ngtcp2 library
  - noproxy: support proxies specified using cidr notation
  - openssl: make certinfo available for QUIC
  - resolve: make forced IPv4 resolve only use A queries
  - schannel: ban server ALPN change during recv renegotiation
  - schannel: don't reset recv/send function pointers on renegotiation
  - schannel: when importing PFX, disable key persistence
  - setopt: use the handler table for protocol name to number conversions
  - setopt: when POST is set, reset the 'upload' field
  - single_transfer: use the libcurl URL parser when appending query parts
  - smb: replace CURL_WIN32 with WIN32
  - tool: avoid generating ambiguous escaped characters in --libcurl
  - tool_main: exit at once if out of file descriptors
  - tool_operate: more transfer cleanup after parallel transfer fail
  - tool_operate: prevent over-queuing in parallel mode
  - tool_paramhelp: asserts verify maximum sizes for string loading
  - tool_xattr: save the original URL, not the final redirected one
  - url: a zero-length userinfo part in the URL is still a (blank) user
  - url: allow non-HTTPS HSTS-matching for debug builds
  - url: rename function due to name-clash in Watt-32
  - url: use IDN decoded names for HSTS checks
  - urlapi: detect scheme better when not guessing
  - urlapi: fix parsing URL without slash with CURLU_URLENCODE
  - urlapi: reject more bad characters from the host name field
  * Remove patch upstream:
  - connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch
- Update connection info when using UNIX socket as endpoint
  connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch
- Change the deprecated configure option --enable-hidden-symbols
  to the new --enable-symbol-hiding.
- Update to 7.85.0:
  * Security fixes: [bsc#1202593, CVE-2022-35252]
  - control code in cookie denial of service
  * Changes:
  - quic: add support via wolfSSL
  - schannel: Add TLS 1.3 support
  - setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR
  * Bugfixes:
  - asyn-thread: fix socket leak on OOM
  - asyn-thread: make getaddrinfo_complete return CURLcode
  - base64: base64url encoding has no padding
  - configure: fix broken m4 syntax in TLS options
  - configure: if asked to use TLS, fail if no TLS lib was detected
  - connect: add quic connection information
  - connect: set socktype/protocol correctly
  - cookie: reject cookies with "/control bytes"/
  - cookie: treat a blank domain in Set-Cookie: as non-existing
  - curl: output warning when a cookie is dropped due to size
  - Curl_close: call Curl_resolver_cancel to avoid memory-leak
  - digest: fix memory leak, fix not quoted 'opaque'
  - digest: fix missing increment of 'nc' value for auth-int
  - digest: pass over leading spaces in qop values
  - digest: reject broken header with session protocol but without qop
  - doh: use https protocol by default
  - easy_lock.h: include sched.h if available to fix build
  - easy_lock.h: use __asm__ instead of asm to fix build
  - easy_lock: switch to using atomic_int instead of bool
  - ftp: use a correct expire ID for timer expiry
  - h2h3: fix overriding the 'TE: Trailers' header
  - hostip: resolve *.localhost to 127.0.0.1/::1
  - HTTP3.md: update to msh3 v0.4.0
  - hyper: use wakers for curl pause/resume
  - lib3026: reduce the number of threads to 100
  - libssh2: make atime/mtime date overflow return error
  - libssh2: provide symlink name in SFTP dir listing
  - multi: have curl_multi_remove_handle close CONNECT_ONLY transfer
  - multi: use larger dns hash table for multi interface
  - multi_wait: fix skipping to populate revents for extra_fds
  - netrc: Use the password from lines without login
  - ngtcp2: Fix build error due to change in nghttp3 prototypes
  - ngtcp2: fix stall or busy loop on STOP_SENDING with upload data
  - ngtcp2: implement cb_h3_stop_sending and cb_h3_reset_stream callbacks
  - openssl: add 'CURL_BORINGSSL_VERSION' to identify BoringSSL
  - openssl: add cert path in error message
  - openssl: add details to "/unable to set client certificate"/ error
  - openssl: fix BoringSSL symbol conflicts with LDAP and Schannel
  - select: do not return fatal error on EINTR from poll()
  - sendf: fix paused header writes since after the header API
  - sendf: skip storing HTTP headers if HTTP disabled
  - url: really use the user provided in the url when netrc entry exists
  - url: reject URLs with hostnames longer than 65535 bytes
  - url: treat missing usernames in netrc as empty
  - urldata: reduce size of several struct fields
  - vtls: make Curl_ssl_backend() return the enum type curl_sslbackend
  * Remove tests-for-32bit.patch fixed in the update
  * Rebase libcurl-ocloexec.patch
- add tests-for-32bit.patch to fix testsuite on 32bit platforms
- Update to 7.84.0:
  * Security fixes:
  - (bsc#1200737, CVE-2022-32208): FTP-KRB bad message verification
  - (bsc#1200736, CVE-2022-32207): Unpreserved file permissions
  - (bsc#1200735, CVE-2022-32206): HTTP compression denial of service
  - (bsc#1200734, CVE-2022-32205): Set-Cookie denial of service
  * Changes:
  - curl: add --rate to set max request rate per time unit
  - curl: deprecate --random-file and --egd-file
  - curl_version_info: add CURL_VERSION_THREADSAFE
  - CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl
  - lib: make curl_global_init() threadsafe when possible
  - libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION
  - opts: deprecate RANDOM_FILE and EGDSOCKET
  - socks: support unix sockets for socks proxy
  * Bugfixes:
  - aws-sigv4: fix potentional NULL pointer arithmetic
  - bindlocal: don't use a random port if port number would wrap
  - c-hyper: mark status line as status for Curl_client_write()
  - ci: avoid `cmake -Hpath`
  - CI: bump FreeBSD 13.0 to 13.1
  - ci: update github actions
  - cmake: add libpsl support
  - cmake: do not add libcurl.rc to the static libcurl library
  - cmake: enable curl.rc for all Windows targets
  - cmake: fix detecting libidn2
  - cmake: support adding a suffix to the OS value
  - configure: skip libidn2 detection when winidn is used
  - configure: use the SED value to invoke sed
  - configure: warn about rustls being experimental
  - content_encoding: return error on too many compression steps
  - cookie: address secure domain overlay
  - cookie: apply limits
  - copyright.pl: parse and use .reuse/dep5 for skips
  - copyright: make repository REUSE compliant
  - curl.1: add a few see also --tls-max
  - curl.1: mention exit code zero too
  - curl: re-enable --no-remote-name
  - curl_easy_pause.3: remove explanation of progress function
  - curl_getdate.3: document that some illegal dates pass through
  - Curl_parsenetrc: don't access local pwbuf outside of scope
  - curl_url_set.3: clarify by default using known schemes only
  - CURLOPT_ALTSVC.3: document the file format
  - CURLOPT_FILETIME.3: fix the protocols this works with
  - CURLOPT_HTTPHEADER.3: improve comment in example
  - CURLOPT_NETRC.3: document the .netrc file format
  - CURLOPT_PORT.3: We discourage using this option
  - CURLOPT_RANGE.3: remove ranged upload advice
  - digest: added detection of more syntax error in server headers
  - digest: tolerate missing "/realm"/
  - digest: unquote realm and nonce before processing
  - DISABLED: disable 1021 for hyper again
  - docs/cmdline-opts: add copyright and license identifier to each file
  - docs/CONTRIBUTE.md: document the 'needs-votes' concept
  - docs: clarify data replacement policy for MIME API
  - doh: remove UNITTEST macro definition
  - examples/crawler.c: use the curl license
  - examples: remove fopen.c and rtsp.c
  - FAQ: Clarify Windows double quote usage
  - fopen: add Curl_fopen() for better overwriting of files
  - ftp: restore protocol state after http proxy CONNECT
  - ftp: when failing to do a secure GSSAPI login, fail hard
  - GHA/hyper: enable debug in the build
  - gssapi: improve handling of errors from gss_display_status
  - gssapi: initialize gss_buffer_desc strings
  - headers api: remove EXPERIMENTAL tag
  - http2: always debug print stream id in decimal with %u
  - http2: reject overly many push-promise headers
  - http: restore header folding behavior
  - hyper: use 'alt-used'
  - krb5: return error properly on decode errors
  - lib: make more protocol specific struct fields #ifdefed
  - libcurl-security.3: add "/Secrets in memory"/
  - libcurl-security.3: document CRLF header injection
  - libssh: skip the fake-close when libssh does the right thing
  - links: update dead links to the curl-wiki
  - log2changes: do not indent empty lines [ci skip]
  - macos9: remove partial support
  - Makefile.am: fix portability issues
  - Makefile.m32: delete obsolete options, improve -On [ci skip]
  - Makefile.m32: delete two obsolete OpenSSL options [ci skip]
  - Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip]
  - max-time.d: clarify max-time sets max transfer time
  - mprintf: ignore clang non-literal format string
  - netrc: check %USERPROFILE% as well on Windows
  - netrc: support quoted strings
  - ngtcp2: allow curl to send larger UDP datagrams
  - ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types
  - ngtcp2: enable Linux GSO
  - ngtcp2: extend QUIC transport parameters buffer
  - ngtcp2: fix alert_read_func return value
  - ngtcp2: fix typo in preprocessor condition
  - ngtcp2: handle error from ngtcp2_conn_submit_crypto_data
  - ngtcp2: send appropriate connection close error code
  - ngtcp2: support boringssl crypto backend
  - ngtcp2: use helper funcs to simplify TLS handshake integration
  - ntlm: provide a fixed fake host name
  - projects: fix third-party SSL library build paths for Visual Studio
  - quic: add Curl_quic_idle
  - quiche: support ca-fallback
  - rand: stop detecting /dev/urandom in cross-builds
  - remote-name.d: mention --output-dir
  - runtests.pl: add the --repeat parameter to the --help output
  - runtests: fix skipping tests not done event-based
  - runtests: skip starting the ssh server if user name is lacking
  - scripts/copyright.pl: fix the exclusion to not ignore man pages
  - sectransp: check for a function defined when __BLOCKS__ is undefined
  - select: return error from "/lethal"/ poll/select errors
  - server/sws: support spaces in the HTTP request path
  - speed-limit/time.d: mention these affect transfers in either direction
  - strcase: some optimisations
  - test 2081: add a valid reply for the second request
  - test 675: add missing CR so the test passes when run through Privoxy
  - test414: add the '--resolve' keyword
  - test681: verify --no-remote-name
  - tests 266, 116 and 1540: add a small write delay
  - tests/data/test1501: kill ftp server after slow LIST response
  - tests/getpart: fix getpartattr to work with "/data"/ and "/data2"/
  - tests/server/sws.c: change the HTTP writedelay unit to milliseconds
  - test{440,441,493,977}: add "/HTTP proxy"/ keywords
  - tool_getparam: fix --parallel-max maximum value constraint
  - tool_operate: make sure --fail-with-body works with --retry
  - transfer: fix potential NULL pointer dereference
  - transfer: maintain --path-as-is after redirects
  - transfer: upload performance; avoid tiny send
  - url: free old conn better on reuse
  - url: remove redundant #ifdefs in allocate_conn()
  - url: URL encode the path when extracted, if spaces were set
  - urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts
  - urlapi: support CURLU_URLENCODE for curl_url_get()
  - urldata: reduce size of a few struct fields
  - urldata: remove three unused booleans from struct UserDefined
  - urldata: store tcp_keepidle and tcp_keepintvl as ints
  - version: allow stricmp() for sorting the feature list
  - vtls: make curl_global_sslset thread-safe
  - wolfssh.h: removed
  - wolfssl: correct the failf() message when a handle can't be made
  - wolfSSL: explicitly use compatibility layer
  - x509asn1: mark msnprintf return as unchecked
- Update to 7.83.1:
  * Security fixes:
  - (bsc#1199225, CVE-2022-30115) HSTS bypass via trailing dot
  - (bsc#1199224, CVE-2022-27782) TLS and SSH connection too eager reuse
  - (bsc#1199223, CVE-2022-27781) CERTINFO never-ending busy-loop
  - (bsc#1199222, CVE-2022-27780) percent-encoded path separator in URL host
  - (bsc#1199221, CVE-2022-27779) cookie for trailing dot TLD
  - (bsc#1199220, CVE-2022-27778) removes wrong file on error
  * Bugfixes:
  - altsvc: fix host name matching for trailing dots
  - cirrus: Update to FreeBSD 12.3
  - cirrus: Use pip for Python packages on FreeBSD
  - conn: fix typo 'connnection' -> 'connection' in two function names
  - cookies: make bad_domain() not consider a trailing dot fine
  - curl: free resource in error path
  - curl: guard against size_t wraparound in no-clobber code
  - CURLOPT_DOH_URL.3: mention the known bug
  - CURLOPT_HSTS*FUNCTION.3: document the involved structs as well
  - CURLOPT_SSH_AUTH_TYPES.3: fix the default
  - data/test376: set a proper name
  - GHA/mbedtls: enabled nghttp2 in the build
  - gha: build msh3
  - gskit: fixed bogus setsockopt calls
  - gskit: remove unused function set_callback
  - hsts: ignore trailing dots when comparing hosts names
  - HTTP-COOKIES: add missing CURLOPT_COOKIESESSION
  - http: move Curl_allow_auth_to_host()
  - http_proxy/hyper: handle closed connections
  - hyper: fix test 357
  - Makefile: fix "/make ca-firefox"/
  - mbedtls: bail out if rng init fails
  - mbedtls: fix compile when h2-enabled
  - mbedtls: fix some error messages
  - misc: use "/autoreconf -fi"/ instead buildconf
  - msh3: get msh3 version from MsH3Version
  - msh3: print boolean value as text representation
  - msh3: psss remote_port to MsH3ConnectionOpen
  - ngtcp2: add ca-fallback support for OpenSSL backend
  - nss: return error if seemingly stuck in a cert loop
  - openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl
  - post_per_transfer: remove the updated file name
  - sectransp: bail out if SSLSetPeerDomainName fails
  - tests/server: declare variable 'reqlogfile' static
  - tests: fix markdown formatting in README
  - test{898,974,976}: add 'HTTP proxy' keywords
  - tls: check more TLS details for connection reuse
  - url: check SSH config match on connection reuse
  - urlapi: address (harmless) UndefinedBehavior sanitizer warning
  - urlapi: reject percent-decoding host name into separator bytes
  - x509asn1: make do_pubkey handle EC public keys
- Patches rework:
  * Refreshed all patches as -p1.
  * Use autopatch macro.
  * Renamed:
  - dont-mess-with-rpmoptflags.diff -> dont-mess-with-rpmoptflags.patch
  * Removed (already upstream):
  - curl-fix-verifyhost.patch
- Update to 7.83.0:
  * Security fixes:
  - (bsc#1198766, CVE-2022-27776) Auth/cookie leak on redirect
  - (bsc#1198723, CVE-2022-27775) Bad local IPv6 connection reuse
  - (bsc#1198608, CVE-2022-27774) Credential leak on redirect
  - (bsc#1198614, CVE-2022-22576) OAUTH2 bearer bypass in connection re-use
  * Changes:
  - curl: add %header{name} experimental support in -w handling
  - curl: add %{header_json} experimental support in -w handling
  - curl: add --no-clobber
  - curl: add --remove-on-error
  - header api: add curl_easy_header and curl_easy_nextheader
  - msh3: add support for QUIC and HTTP/3 using msh3
  * Bugfixes:
  - appveyor: add Cygwin build
  - appveyor: only add MSYS2 to PATH where required
  - BearSSL: add CURLOPT_SSL_CIPHER_LIST support
  - BearSSL: add CURLOPT_SSL_CTX_FUNCTION support
  - BINDINGS.md: add Hollywood binding
  - CI: Do not use buildconf. Instead, just use: autoreconf -fi
  - CI: install Python package impacket to run SMB test 1451
  - configure.ac: move -pthread CFLAGS setting back where it used to be
  - configure: bump the copyright year range int the generated output
  - conncache: include the zone id in the "/bundle"/ hashkey
  - connecache: remove duplicate connc->closure_handle check
  - connect: make Curl_getconnectinfo work with conn cache from share handle
  - connect: use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined
  - cookie.d: clarify when cookies are sent
  - cookies: improve errorhandling for reading cookiefile
  - curl/system.h: update ifdef condition for MCST-LCC compiler
  - curl: error out if -T and -d are used for the same URL
  - curl: error out when options need features not present in libcurl
  - curl: escape '?' in generated --libcurl code
  - curl: fix segmentation fault for empty output file names.
  - curl_easy_header: fix typos in documentation
  - CURLINFO_PRIMARY_PORT.3: clarify which port this is
  - CURLOPT*TLSAUTH.3: they only work with OpenSSL or GnuTLS
  - CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL
  - CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs
  - CURLOPT_PROGRESSFUNCTION.3: fix typo in example
  - CURLOPT_UNRESTRICTED_AUTH.3: extended explanation
  - CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype
  - docs/HYPER.md: updated to reflect current hyper build needs
  - docs/opts: Mention Schannel client cert type is P12
  - docs: Fix missing semicolon in example code
  - docs: lots of minor language polish
  - English: use American spelling consistently
  - fail.d: tweak the description
  - firefox-db2pem.sh: make the shell script safer
  - ftp: fix error message for partial file upload
  - gen.pl: change wording for mutexed options
  - GHA: add openssl3 jobs moved over from zuul
  - GHA: build hyper with nightly rustc
  - GHA: move bearssl jobs over from zuul
  - gha: move the event-based test over from Zuul
  - gtls: fix build for disabled TLS-SRP
  - http2: handle DONE called for the paused stream
  - http2: RST the stream if we stop it on our own will
  - http: avoid auth/cookie on redirects same host diff port
  - http: close the stream (not connection) on time condition abort
  - http: reject header contents with nul bytes
  - http: return error on colon-less HTTP headers
  - http: streamclose "/already downloaded"/
  - hyper: fix status_line() return code
  - hyper: fix tests 580 and 581 for hyper
  - hyper: no h2c support
  - infof: consistent capitalization of warning messages
  - ipv4/6.d: clarify that they are about using IP addresses
  - json.d: fix typo (overriden -> overridden)
  - keepalive-time.d: It takes many probes to detect brokenness
  - lib/warnless.[ch]: only check for WIN32 and ignore _WIN32
  - lib670: avoid double check result
  - lib: #ifdef on USE_HTTP2 better
  - lib: fix some misuse of curlx_convert_wchar_to_UTF8
  - lib: remove exclamation marks
  - libssh2: compare sha256 strings case sensitively
  - libssh2: make the md5 comparison fail if wrong length
  - libssh: fix build with old libssh versions
  - libssh: fix double close
  - libssh: Improve fix for missing SSH_S_ stat macros
  - libssh: unstick SFTP transfers when done event-based
  - macos: set .plist version in autoconf
  - mbedtls: remove 'protocols' array from backend when ALPN is not used
  - mbedtls: remove server_fd from backend
  - mk-ca-bundle.pl: Use stricter logic to process the certificates
  - mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl
  - mlc_config.json: add file to ignore known troublesome URLs
  - mqtt: better handling of TCP disconnect mid-message
  - ngtcp2: add client certificate authentication for OpenSSL
  - ngtcp2: avoid busy loop in low CWND situation
  - ngtcp2: deal with sub-millisecond timeout
  - ngtcp2: disconnect the QUIC connection proper
  - ngtcp2: enlarge H3_SEND_SIZE
  - ngtcp2: fix HTTP/3 upload stall and avoid busy loop
  - ngtcp2: fix memory leak
  - ngtcp2: fix QUIC_IDLE_TIMEOUT
  - ngtcp2: make curl 1ms faster
  - ngtcp2: remove remote_addr which is not used in a meaningful way
  - ngtcp2: update to work after recent ngtcp2 updates
  - ngtcp2: use token when detecting :status header field
  - nonblock: restore setsockopt method to curlx_nonblock
  - openssl: check SSL_get_peer_cert_chain return value
  - openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL
  - openssl: fix CN check error code
  - options: remove mistaken space before paren in prototype
  - perl: removed a double semicolon at end of line
  - pop3/smtp: return *WEIRD_SERVER_REPLY when not understood
  - projects/README: converted to markdown
  - projects: Update VC version names for VS2017, VS2022
  - rtsp: don't let CSeq error override earlier errors
  - runtests: add 'bearssl' as testable feature
  - runtests: make 'oldlibssh' be before 0.9.4
  - schannel: remove dead code that will never run
  - scripts/copyright.pl: ignore the new mlc_config.json file
  - scripts: move three scripts from lib/ to scripts/
  - test1135: sync with recent API updates
  - test1459: disable for oldlibssh
  - test375: fix line endings on Windows
  - test386: Fix an incorrect test markup tag
  - test718: edited slightly to return better HTTP
  - tests/server/util.h: align WIN32 condition with util.c
  - tests: refactor server/socksd.c to support --unix-socket
  - timediff.[ch]: add curlx helper functions for timeval conversions
  - tls: make mbedtls and NSS check for h2, not nghttp2
  - tool and tests: force flush of all buffers at end of program
  - tool_cb_hdr: Turn the Location: into a terminal hyperlink
  - tool_getparam: error out on missing -K file
  - tool_listhelp.c: uppercase URL
  - tool_operate: fix a scan-build warning
  - tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3)
  - transfer: redirects to other protocols or ports clear auth
  - unit1620: call global_init before calling Curl_open
  - url: check sasl additional parameters for connection reuse.
  - vtls: provide a unified APLN-disagree string for all backends
  - vtls: use a backend standard message for "/ALPN: offers %s"/
  - vtls: use a generic "/ALPN, server accepted"/ message
  - winbuild/README.md: fixup dead link
  - winbuild: Add a Visual Studio example to the README
  - wolfssl: fix compiler error without IPv6
- Fix: openssl: fix CN check error code
  * Add curl-fix-verifyhost.patch
- Update to 7.82.0:
  * curl: add --json command line option
  * curl: make it so that sensitive command line arguments do not
    show as easily in the output of ps(1)
  * curl_multi_socket.3: remove callback and typical usage descriptions
  * ftp: provide error message for control bytes in path
  * ldap: return CURLE_URL_MALFORMAT for bad URL
  * lib: remove support for CURL_DOES_CONVERSIONS
  * mqtt: plug some memory leaks
  * multi: allow user callbacks to call curl_multi_assign
  * multi: remember connection_id before returning connection to pool
  * multi: set in_callback for multi interface callbacks
  * netware: remove support
  * ngtcp2: adapt to changed end of headers callback proto
  * openldap: implement SASL authentication
  * openssl: return error if TLS 1.3 is requested when not supported
  * sectransp: mark a 3DES cipher as weak
  * smb: pass socket for writing and reading data instead of FIRSTSOCKET
  * tool_getparam: DNS options that need c-ares now fail without it
  * TPF: drop support
  * url: given a user in the URL, find pwd for that user in netrc
  * url: keep trailing dot in host name
  * urlapi: handle "/redirects"/ smarter
  * urldata: CONN_IS_PROXIED replaces bits.proxy when proxy can be disabled
  * urldata: remove conn->bits.user_passwd
- update to 7.81.0:
  * mime: use percent-escaping for multipart form field and file names
  * asyn-ares: ares_getaddrinfo needs no happy eyeballs timer
  * azure: make the "/w/o HTTP/SMTP/IMAP"/ build disable SSL proper
  * BINDINGS: add cURL client for PostgreSQL
  * BINDINGS: add one from Everything curl and update a link
  * checksrc: detect more kinds of NULL comparisons we avoid
  * CI: build examples for additional code verification
  * CI: bump job to use mbedtls 3.1.0
  * cmake: don't set _USRDLL on a static Windows build
  * cmake: prevent dev warning due to mismatched arg
  * cmake: private identifiers use CURL_ instead of CMAKE_ prefix
  * config.d: update documentation to match the path search
  * configure: add -lm to configure for rustls build.
  * configure: better diagnostics if hyper is built wrong
  * configure: don't enable TLS when --without-* flags are used
  * configure: fix runtime-lib detection on macOS
  * curl.1: require "/see also"/ for every documented option
  * curl: improve error message for --head with -J
  * curl_easy_cleanup.3: remove from multi handle first
  * curl_easy_escape.3: call curl_easy_cleanup in example
  * curl_easy_unescape.3: call curl_easy_cleanup in example
  * curl_multi_init.3: fix EXAMPLE formatting
  * curl_multi_perform/socket_action.3: clarify what errors mean
  * curl_share_setopt.3: split out options into their own manpages
  * CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL
  * digest: compute user:realm:pass digest w/o userhash
  * docs/checksrc: Add documentation for STRERROR
  * docs/cmdline-opts: do not say "/protocols: all"/
  * docs/examples: workaround broken -Wno-pedantic-ms-format
  * docs/HTTP3: describe how to setup a h3 reverse-proxy for testing
  * docs/INSTALL.md: typo fix : added missing "/get"/ verb
  * docs/URL-SYNTAX.md: space is not fine in a given URL
  * docs: add known bugs list to HTTP3.md
  * docs: address proselint nits
  * docs: consistent manpage SYNOPSIS
  * docs: fix dead links, remove ECH.md
  * docs: fix typo in OpenSSL 3 build instructions
  * docs: Update the Reducing Size section
  * example/progressfunc: remove code for old libcurls
  * examples/multi-single.c: remove WAITMS()
  * FAQ: typo fix : "/yout"/ ➤ "/your"/
  * ftp: disable warning 4706 in MSVC
  * gen.pl: improve example output format
  * github workflow: add wolfssl (removed from zuul)
  * github/workflows: add mbedtls and mbedtls-clang (removed from zuul)
  * gtls: check return code for gnutls_alpn_set_protocols
  * hash: lazy-alloc the table in Curl_hash_add()
  * http2:set_transfer_url() return early on OOM
  * HTTP3: update quiche build instructions
  * http: enable haproxy support for hyper backend
  * http: Fix CURLOPT_HTTP200ALIASES
  * http_proxy: don't close the socket (too early)
  * insecure.d: detail its use for SFTP and SCP as well
  * insecure.d: expand and clarify
  * libcurl-multi.3: "/SOCKS proxy handshakes"/ are not blocking
  * libcurl-security.3: mention address and URL mitigations
  * libssh2: fix error message for sha256 mismatch
  * libtest: avoid "/assignment within conditional expression"/
  * lift: ignore is a deprecated config option, use ignoreRules
  * linkcheck.yml: add CI job that checks markdown links
  * m4/curl-compilers: tell clang -Wno-pointer-bool-conversion
  * Makefile.m32: rename -winssl option to -schannel and tidy up
  * mbedTLS: add support for CURLOPT_CAINFO_BLOB
  * mbedtls: fix CURLOPT_SSLCERT_BLOB
  * mbedtls: fix private member designations for v3.1.0
  * misc: remove unused doh flags when CURL_DISABLE_DOH is defined
  * misc: s/e-mail/email
  * multi: cleanup the socket hash when destroying it
  * multi: handle errors returned from socket/timer callbacks
  * multi: shut down CONNECT in Curl_detach_connnection
  * netrc.d: edit the .netrc example to look nicer
  * ngtcp2: verify the server cert on connect (quictls)
  * ngtcp2: verify the server certificate for the gnutls case
  * nss:set_cipher don't clobber the cipher list
  * openldap: implement STARTTLS
  * openldap: process search query response messages one by one
  * openldap: several minor improvements
  * openldap: simplify ldif generation code
  * openssl: check the return value of BIO_new()
  * openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+
  * openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable
  * openssl: remove usage of deprecated `SSL_get_peer_certificate`
  * openssl: use non-deprecated API to read key parameters
  * page-footer: add a mention of how to report bugs to the man page
  * page-footer: document more environment variables
  * request.d: refer to 'method' rather than 'command'
  * retry-all-errors.d: make the example complete
  * runtests: make the SSH library a testable feature
  * rustls: read of zero bytes might be okay
  * rustls: remove comment about checking handshaking
  * rustls: remove incorrect EOF check
  * sha256/md5: return errors when init fails
  * socks5: use appropriate ATYP for numerical IP address host names
  * test1156: enable for hyper
  * test1156: fixup the stdout check for Windows
  * test1525: tweaked for hyper
  * test1526: enable for hyper
  * test1527: enable for hyper
  * test1528: enable for hyper
  * test1554: adjust for hyper
  * test1556: adjust for hyper
  * test302[12]: run only with the libssh2 backend
  * test661: enable for hyper
  * tests/CI.md: add more information on CI environments
  * tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256
  * tftp: mark protocol as not possible to do over CONNECT
  * tool_findfile: updated search for a file in the homedir
  * tool_operate: only set SSH related libcurl options for SSH URLs
  * tool_operate: warn if too many output arguments were found
  * url.c: fix the SIGPIPE comment for Curl_close
  * url: check ssl_config when re-use proxy connection
  * url: reduce ssl backend count for CURL_DISABLE_PROXY builds
  * urlapi: accept port number zero
  * urlapi: if possible, shorten given numerical IPv6 addresses
  * urlapi: provide more detailed return codes
  * urlapi: reject short file URLs
  * version_win32: Check build number and platform id
  * vtls/rustls: adapt to the updated rustls_version proto
  * writeout: fix %{http_version} for HTTP/3
  * x509asn1: return early on errors
  * zuul.d: update rustls-ffi to version 0.8.2
  * zuul: fix quiche build pointing to wrong Cargo
- Update to 7.80.0:
  * Changes:
  - CURLOPT_MAXLIFETIME_CONN: maximum allowed lifetime for conn reuse
  - CURLOPT_PREREQFUNCTION: add new callback
  - libssh2: add SHA256 fingerprint support
  - urlapi: add curl_url_strerror()
  * Bugfixes:
  - aws-sigv4: make signature work when post data is binary
  - c-hyper: don't abort CONNECT responses early when auth-in-progress
  - c-hyper: make CURLOPT_SUPPRESS_CONNECT_HEADERS work
  - cmake: add CURL_ENABLE_SSL option
  - cmake: with OpenSSL, define OPENSSL_SUPPRESS_DEPRECATED
  - configure.ac: replace krb5-config with pkg-config
  - configure: when hyper is selected, deselect nghttp2
  - curl-confopts.m4: remove --enable/disable-hidden-symbols
  - curl-openssl.m4: modify library order for openssl linking
  - curl_ntlm_core: use OpenSSL only if DES is available
  - Curl_updateconninfo: store addresses for QUIC connections too
  - ftp: make the MKD retry to retry once per directory
  - http: fix Basic auth with empty name field in URL
  - http: reject HTTP response codes < 100
  - http: remove assert that breaks hyper
  - http: set content length earlier
  - imap: display quota information
  - libssh2: Get the version at runtime if possible
  - md5: fix compilation with OpenSSL 3.0 API
  - ngtcp2: advertise h3 as well as h3-29
  - ngtcp2: compile with the latest nghttp3
  - ngtcp2: use latest QUIC TLS RFC9001
  - NTLM: use DES_set_key_unchecked with OpenSSL
  - openssl: if verifypeer is not requested, skip the CA loading
  - openssl: with OpenSSL 1.1.0+ a failed RAND_status means goaway
  - schannel: fix memory leak due to failed SSL connection
  - sendf: accept zero-length data in Curl_client_write()
  - sha256: use high-level EVP interface for OpenSSL
  - sws: fix memory leak on exit
  - tool_operate: a failed etag save now only fails that transfer
  - url: check the return value of curl_url()
  - url: set "/k->size"/ -1 at start of request
  - urlapi: skip a strlen(), pass in zero
  - urlapi: URL decode percent-encoded host names
  - vtls: Fix a memory leak if an SSL session cannot be added to the cache
  - wolfssl: use for SHA256, MD4, MD5, and setting DES odd parity
  * Use --with-openssl configure option, --with-ssl is now deprecated
docker
- Update to Docker 23.0.6-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/23.0/#2306>. bsc#1211578
- Rebase patches:
  * cli-0001-docs-include-required-tools-in-source-tree.patch
- Re-unify packaging for SLE-12 and SLE-15.
- Add patch to fix build on SLE-12 by switching back to libbtrfs-devel headers
  (the uapi headers in SLE-12 are too old).
  + 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- Re-numbered patches:
  - 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  + 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch`
- Update to Docker 23.0.5-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/23.0/#2305>.
- Rebase patches:
  * cli-0001-docs-include-required-tools-in-source-tree.patch
- Update to Docker 23.0.4-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/23.0/#2304>. bsc#1208074
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Renumbered patches:
  - 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Remove upstreamed patches:
  - 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
  - 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
  - 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- Backport <https://github.com/docker/cli/pull/4228> to allow man pages to be
  built without internet access in OBS.
  + cli-0001-docs-include-required-tools-in-source-tree.patch
dracut
- Update to version 055+suse.344.g3d5cd8fb:
  * fix(dracut-install): continue parsing if ldd prints "/cannot execute binary file"/ (bsc#1212662)
- Update to version 055+suse.342.g2e6dce8e:
  fips=1 and separate /boot break s390x (bsc#1204478):
  * fix(fips): move fips-boot script to pre-pivot
  * fix(fips): only unmount /boot if it was mounted by the fips module
  * feat(fips): add progress messages
  * fix(fips): do not blindly remove /boot
  * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640)
gcc12
- Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204
  * includes regression bug fixes
- Add gcc12-testsuite-fixes.patch to pick testsuite related fixes
  from the branch after the release.
- Speed up builds with --enable-link-serialization.
- Update to gcc-12 branch head, 193f7e62815b4089dfaed4c2bd3, git749
- Don't rely on %usrmerged, set it based on standard %suse_version
- Update to gcc-12 branch head, e4b5fec75aa8d0d01f6e042ec28, git696
  * remove gcc12-fifo-jobserver-support.patch which is now
    included upstream
- avoid trailing backslashes at the end of post install scripts
- Update to gcc-12 branch head, 0aaef83351473e8f4eb774f8f99, git537
- Update embedded newlib to version 4.2.0
  * includes newlib-4.1.0-aligned_alloc.patch
- add gcc12-riscv-inline-atomics.patch,
  gcc12-riscv-pthread.patch: handle subword size inline atomics
  (needed by several openSUSE packages)
grub2
- grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563)
- Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581)
  * 0001-ieee1275-implement-vec5-for-cas-negotiation.patch
  * 0002-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch
  * 0003-kern-ieee1275-init-Extended-support-in-Vec5.patch
hwdata
- update to 0.371:
  * Update pci, usb and vendor ids
- update to 0.370:
  * Update pci, usb and vendor ids
- update to 0.369:
  * Update pci, usb and vendor ids
kbd
- Add 'ara' vc keymap (bsc#1210702)
  'ara' is slightly better than 'arabic' as it matches the name of its x11
  layout counterpart. Keep 'arabic' for backward compatibility sake.
kernel-default
- x86/topology: Fix duplicated core ID within a package (git-fixes).
- commit 98adc02
- Update "/drm/i915/gem: add missing boundary check in vm_access"/ (bsc#1211263 CVE-2023-28410)
  Add bug and CVE number to the References tag.
- commit f799efb
- x86/topology: Fix multiple packages shown on a single-package system (git-fixes).
- commit 70a1ce4
- x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes).
- commit 4309e22
- kabi/severities: ignore kABI in bq27xxx_battery module
  Those are local symbols that are used only by child drivers
- commit 8d7e23d
- kABI workaround for btbcm.c (git-fixes).
- commit ab2692b
- nvme: fix passthrough csi check (git-fixes).
- nvme: move the Samsung X5 quirk entry to the core quirks
  (git-fixes).
- commit d03fbdf
- power: supply: bq27xxx: expose battery data when CI=1
  (git-fixes).
- Refresh
  patches.suse/power-supply-bq27xxx-Fix-bq27xxx_battery_update-race.patch.
- commit 3c4cf6c
- KEYS: asymmetric: Copy sig and digest in
  public_key_verify_signature() (git-fixes).
- power: supply: bq27xxx: Ensure power_supply_changed() is called
  on current sign changes (git-fixes).
- power: supply: bq27xxx: Move bq27xxx_battery_update() down
  (git-fixes).
- power: supply: bq27xxx: Fix poll_interval handling and races
  on remove (git-fixes).
- bluetooth: Add cmd validity checks at the start of
  hci_sock_ioctl() (git-fixes).
- Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if
  not set (git-fixes).
- commit 31ed077
- ASoC: rt5682: Disable jack detection interrupt during suspend
  (git-fixes).
- Refresh patches.kabi/snd-soc-rt5682-kABI-workaround.patch.
- commit ce0cf1d
- misc: fastrpc: reject new invocations during device removal
  (git-fixes).
- misc: fastrpc: return -EPIPE to invocations on device removal
  (git-fixes).
- iio: imu: inv_icm42600: fix timestamp reset (git-fixes).
- iio: adc: ad_sigma_delta: Fix IRQ issue by setting
  IRQ_DISABLE_UNLAZY flag (git-fixes).
- dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476
  compatible value (git-fixes).
- iio: dac: mcp4725: Fix i2c_master_send() return value handling
  (git-fixes).
- iio: light: vcnl4035: fixed chip ID check (git-fixes).
- iio: adc: ad7192: Change "/shorted"/ channels to differential
  (git-fixes).
- iio: accel: st_accel: Fix invalid mount_matrix on devices
  without ACPI _ONT method (git-fixes).
- iio: adc: mxs-lradc: fix the order of two cleanup operations
  (git-fixes).
- tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break
  instead of UARTCTRL_SBK (git-fixes).
- serial: 8250_tegra: Fix an error handling path in
  tegra_uart_probe() (git-fixes).
- usb: usbfs: Use consistent mmap functions (git-fixes).
- usb: usbfs: Enforce page requirements for mmap (git-fixes).
- dt-bindings: usb: snps,dwc3: Fix "/snps,hsphy_interface"/ type
  (git-fixes).
- usb: gadget: f_fs: Add unbind event before functionfs_unbind
  (git-fixes).
- mmc: vub300: fix invalid response handling (git-fixes).
- selinux: don't use make's grouped targets feature yet
  (git-fixes).
- mtd: rawnand: marvell: don't set the NAND frequency select
  (git-fixes).
- mtd: rawnand: marvell: ensure timing values are written
  (git-fixes).
- mtd: rawnand: ingenic: fix empty stub helper definitions
  (git-fixes).
- selftests: mptcp: sockopt: skip if MPTCP is not supported
  (git-fixes).
- selftests: mptcp: pm nl: skip if MPTCP is not supported
  (git-fixes).
- selftests: mptcp: connect: skip if MPTCP is not supported
  (git-fixes).
- net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
  (git-fixes).
- HID: wacom: avoid integer overflow in wacom_intuos_inout()
  (git-fixes).
- ata: libata-scsi: Use correct device no in ata_find_dev()
  (git-fixes).
- firmware: arm_ffa: Set reserved/MBZ fields to zero in the
  memory descriptors (git-fixes).
- firmware: arm_ffa: Check if ffa_driver remove is present before
  executing (git-fixes).
- dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type
  (git-fixes).
- gpio: mockup: Fix mode of debugfs files (git-fixes).
- drm/sched: Remove redundant check (git-fixes).
- 3c589_cs: Fix an error handling path in tc589_probe()
  (git-fixes).
- power: supply: sbs-charger: Fix INHIBITED bit for Status reg
  (git-fixes).
- power: supply: bq27xxx: After charger plug in/out wait 0.5s
  for things to stabilize (git-fixes).
- power: supply: bq27xxx: Add cache parameter to
  bq27xxx_battery_current_and_status() (git-fixes).
- power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes).
- power: supply: bq27xxx: Fix bq27xxx_battery_update() race
  condition (git-fixes).
- power: supply: leds: Fix blink to LED on transition (git-fixes).
- ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes).
- ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg
  (git-fixes).
- ASoC: lpass: Fix for KASAN use_after_free out of bounds
  (git-fixes).
- ALSA: hda: Fix unhandled register update during auto-suspend
  period (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes).
- dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries
  (git-fixes).
- net: mdio: mvusb: Fix an error handling path in
  mvusb_mdio_probe() (git-fixes).
- watchdog: sp5100_tco: Immediately trigger upon starting
  (git-fixes).
- dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes).
- commit 2ec09cc
- net: rpl: fix rpl header size calculation (CVE-2023-2156
  bsc#1211131).
- commit c308d83
- thunderbolt: Mask ring interrupt on Intel hardware as well
  (bsc#1210165).
- commit 4a76dd6
- net: mellanox: mlxbf_gige: Fix skb_panic splat under memory
  pressure (bsc#1211564).
- commit 8e0fc37
- blacklist: add nvme bogus nsid check
  We don't not need these quirks as we don't ship the check.
- commit bbebeaf
- x86/resctrl: Fix min_cbm_bits for AMD (git-fixes).
- commit f0be05e
- x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).
- commit 89bdacb
- Update patch-mainline metadata for a lockdown patch
- commit ff4a857
- x86/tsx: Add a feature bit for TSX control MSR support (git-fixes).
- commit b67ebd4
- x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes).
- commit 3cd00dd
- nvme-tcp: fix a possible UAF when failing to allocate an io
  queue (git-fixes).
- nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes).
- nvme-fc: fix a missing queue put in
  nvmet_fc_ls_create_association (git-fixes).
- nvme: also return I/O command effects from nvme_command_effects
  (git-fixes).
- nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it
  (git-fixes).
- nvme: fix multipath crash caused by flush request when blktrace
  is enabled (git-fixes).
- nvme-pci: clear the prp2 field when not used (git-fixes).
- nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked
  (git-fixes).
- nvme-pci: disable write zeroes on various Kingston SSD
  (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs
  (git-fixes).
- nvmet-tcp: add bounds check on Transfer Tag (git-fixes).
- nvme-pci: set min_align_mask before calculating max_hw_sectors
  (git-fixes).
- nvmet: fix mar and mor off-by-one errors (git-fixes).
- nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
  (git-fixes).
- nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during
  queue teardown (git-fixes).
- nvme: handle the persistent internal error AER (git-fixes).
  Refresh:
  - patches.suse/nvme-fix-async-event-trace-event.patc
- nvme: fix regression when disconnect a recovering ctrl
  (git-fixes).
  Refresh:
  - patches.suse/nvme-rdma-fix-possible-hang-caused-during-ctrl-delet.patch
  - patches.suse/nvme-tcp-fix-possible-hang-caused-during-ctrl-deleti.patch
- nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH
  (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs
  (git-fixes).
- nvme: set non-mdts limits in nvme_scan_work (git-fixes).
- nvme-pci: fix a NULL pointer dereference in
  nvme_alloc_admin_tags (git-fixes).
- block: add a bdev_max_zone_append_sectors helper (git-fixes).
- nvme-multipath: fix hang when disk goes live over reconnect
  (git-fixes).
- nvme-pci: add quirks for Samsung X5 SSDs (git-fixes).
- nvmet: move the call to nvmet_ns_changed out of
  nvmet_ns_revalidate (git-fixes).
- nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes).
- nvme: check for duplicate identifiers earlier (git-fixes).
- nvme: cleanup __nvme_check_ids (git-fixes).
- nvmet: use i_size_read() to set size for file-ns (git-fixes).
  Refresh:
  - patches.suse/nvmet-only-allocate-a-single-slab-for-bvecs.patch
- nvme-tcp: fix bogus request completion when failing to send AER
  (git-fixes).
- nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600
  SSDs (git-fixes).
- commit c657707
- tipc: add an extra conn_get in tipc_conn_alloc (bsc#1209288
  CVE-2023-1382).
- commit e3a141d
- x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes).
- commit 43cdfba
- blacklist.conf: Exclude an irrelevant patch for us.
  We don't have the fp_init.size et al variables so this patch doesn't
  apply to our kernel.
- commit 30f92bf
- tipc: set con sock in tipc_conn_alloc (bsc#1209288
  CVE-2023-1382).
- commit a68b414
- x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes).
- commit 244216a
- purgatory: fix disabling debug info (git-fixes).
- commit 1ebc547
- x86/microcode: Rip out the OLD_INTERFACE (git-fixes).
- commit d380760
- x86/microcode: Add explicit CPU vendor dependency (git-fixes).
- commit 44d8ccb
- x86/microcode/AMD: Track patch allocation size explicitly (git-fixes).
- Refresh patches.suse/x86-microcode-amd-fix-mixed-steppings-support.patch.
- commit c6646fc
- x86/static_call: Serialize __static_call_fixup() properly (git-fixes).
- commit d2f3f53
- x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes).
- commit 3a9f080
- net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters
  (git-fixes).
- scsi: storvsc: Don't pass unused PFNs to Hyper-V host
  (git-fixes).
- x86/hyperv: Block root partition functionality in a Confidential
  VM (git-fixes).
- commit 85569e3
- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not  available (git-fixes).
- commit bf87aed
- scsi: qla2xxx: Replace all non-returning strlcpy() with
  strscpy() (bsc#1211960).
- scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960).
- scsi: qla2xxx: Wait for io return on terminate rport
  (bsc#1211960).
- scsi: qla2xxx: Fix mem access after free (bsc#1211960).
- scsi: qla2xxx: Fix hang in task management (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd fail due to unavailable
  resource (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
- scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
- scsi: qla2xxx: Refer directly to the qla2xxx_driver_template
  (bsc#1211960).
- scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960).
- scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting()
  (bsc#1211960).
- commit 4c4bf74
- lpfc: update metadata
- Refresh
  patches.suse/scsi-lpfc-Add-new-RCQE-status-for-handling-DMA-failu.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-double-free-in-lpfc_cmpl_els_logo_acc-.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-verbose-logging-for-SCSI-commands-issu.patch.
- Refresh
  patches.suse/scsi-lpfc-Match-lock-ordering-of-lpfc_cmd-buf_lock-a.patch.
- Refresh
  patches.suse/scsi-lpfc-Replace-blk_irq_poll-intr-handler-with-thr.patch.
- Refresh
  patches.suse/scsi-lpfc-Update-congestion-warning-notification-per.patch.
- Refresh
  patches.suse/scsi-lpfc-Update-lpfc-version-to-14.2.0.12.patch.
- commit 497ebb3
- RDMA/irdma: Fix Local Invalidate fencing (git-fixes)
- commit aaaea1e
- RDMA/irdma: Prevent QP use after free (git-fixes)
- commit 34e3a35
- RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes)
- commit 6c40b4b
- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)
- commit 1c28ea3
- RDMA/hns: Modify the value of long message loopback slice (git-fixes)
- commit c5d0c28
- RDMA/hns: Fix base address table allocation (git-fixes)
- commit c15c063
- RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes)
- commit c581318
- RDMA/efa: Fix unsupported page sizes in device (git-fixes)
- commit f7d5b0b
- RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes)
- commit 8102023
- scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes).
- scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes).
- scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes).
- scsi: ses: Handle enclosure with just a primary component
  gracefully (git-fixes).
- scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes).
- scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes).
- scsi: libsas: Grab the ATA port lock in
  sas_ata_device_link_abort() (git-fixes).
- scsi: libsas: Add sas_ata_device_link_abort() (git-fixes).
- commit 9f00bdd
- Update CVE reference to
  patches.suse/arm64-Add-AMPERE1-to-the-Spectre-BHB-affected-list.patch
  (git-fixes bsc#1205153 bsc#1211855 CVE-2023-3006).
- commit 7d0a08a
- media: radio-shark: Add endpoint checks (git-fixes).
- commit fb4ddc1
- USB: sisusbvga: Add endpoint checks (git-fixes).
- commit d88241f
- blacklist.conf: prerequisites way too intrusive
- commit b6394eb
- blacklist.conf: prerequisites too intrusive
- commit 7aaa267
- scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847).
- scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ
  (bsc#1211847).
- scsi: lpfc: Add new RCQE status for handling DMA failures
  (bsc#1211847).
- scsi: lpfc: Update congestion warning notification period
  (bsc#1211847).
- scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and
  hbalock for abort paths (bsc#1211847).
- commit b6545fd
- scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused
  by lpfc_nlp_not_used() (bsc#1211847).
- scsi: lpfc: Fix verbose logging for SCSI commands issued to
  SES devices (bsc#1211847).
- commit 31cb016
- RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes)
- commit 5587605
- usb: dwc3: gadget: Execute gadget stop after halting the
  controller (git-fixes).
- Refresh
  patches.suse/usb-dwc3-gadget-Improve-dwc3_gadget_suspend-and-dwc3.patch.
- commit 35f936b
- usb: typec: tcpm: fix multiple times discover svids error
  (git-fixes).
- commit a381d7f
- net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
  (git-fixes).
- commit 6b5ad0e
- blacklist.conf: Add c0f2df49cf24 cgroup: Fix build failure when CONFIG_SHRINKER_DEBUG
- commit 7772962
- cifs: mapchars mount option ignored (bsc#1193629).
- commit 516a6c4
- smb3: display debug information better for encryption
  (bsc#1193629).
- commit 7f16b38
- cifs: fix smb1 mount regression (bsc#1193629).
- commit 565aa62
- SMB3: drop reference to cfile before sending oplock break
  (bsc#1193629).
- commit 714d17f
- SMB3: Close all deferred handles of inode in case of handle
  lease break (bsc#1193629).
- commit 31916b9
- cifs: release leases for deferred close handles when freezing
  (bsc#1193629).
- commit fba9221
- smb3: fix problem remounting a share after shutdown
  (bsc#1193629).
- commit 8678043
- SMB3: force unmount was failing to close deferred close files
  (bsc#1193629).
- commit b75c848
- smb3: improve parallel reads of large files (bsc#1193629).
- commit 739a949
- do not reuse connection if share marked as isolated
  (bsc#1193629).
- commit 50ed2cc
- SMB3: Close deferred file handles in case of handle lease break
  (bsc#1193629).
- commit 79b4858
- SMB3.1.1: add new tree connect ShareFlags (bsc#1193629).
- commit 64fbbd7
- cifs: fix pcchunk length type in smb2_copychunk_range
  (bsc#1193629).
- commit 278a0ed
- cifs: print smb3_fs_context::source when mounting (bsc#1193629).
- commit eeed402
- cifs: update internal module version number for cifs.ko
  (bsc#1193629).
- commit 2c9169a
- cifs: Avoid a cast in add_lease_context() (bsc#1193629).
- commit 61dd23b
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- commit 90eaeae
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- commit 0f1ffd2
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- commit b2da20f
- dm ioctl: fix nested locking in table_clear() to remove deadlock
  concern (bsc#1210806, CVE-2023-2269).
- commit 2bbfc45
- fuse: always revalidate rename target dentry (bsc#1211808).
- fuse: fix attr version comparison in fuse_read_update_size()
  (bsc#1211807).
- commit cfbffb5
- blacklist.conf: Add 659c0ce1cb9e kernel/sys.c: fix and improve control flow in __sys_setres[ug]id()
- commit 93ea3c4
- cgroup: Reorganize css_set_lock and kernfs path processing
  (bsc#1205650).
- cgroup: Make cgroup_get_from_id() prettier (bsc#1205650).
- cgroup: Homogenize cgroup_get_from_id() return value
  (bsc#1205650).
- cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup
  id (bsc#1205650).
- blacklist.conf: Remove 4534dee94 to ease dependant backports
- cgroup: Honor caller's cgroup NS when resolving path
  (bsc#1205650).
- cgroup.c: add helper __cset_cgroup_from_root to cleanup
  duplicated codes (bsc#1203906).
- commit 45f8307
- cgroup: reduce dependency on cgroup_mutex (bsc#1205650).
- Refresh
  patches.suse/cgroup-cgroup_get_from_id-must-check-the-looked-up-kn-is-a-directory.patch.
- blacklist.conf: Remove patch from blacklist (became prereq)
- commit 249c983
- Remove usrmerge compatibility symlink in buildroot (boo#1211796)
  Besides Makefile depmod.sh needs to be patched to prefix /lib/modules.
  Requires corresponding patch to kmod.
- commit b8e00c5
- ceph: force updating the msg pointer in non-split case
  (bsc#1211804).
- commit a688822
- blacklist.conf: 03cab65a07e0 ("/selftests/futex: fix build for clang"/)
- commit 19afb99
- locking/rwsem: Add __always_inline annotation to
  __down_read_common() and inlined callers (git-fixes).
- commit e0ba102
- rtmutex: Ensure that the top waiter is always woken up
  (git-fixes).
- commit 0184302
- futex: Resend potentially swallowed owner death notification
  (git-fixes).
- commit c8b2fc6
- blacklist.conf: s390/maccess: rework absolute lowcore accessors
- commit 6e763ee
- blacklist.conf: s390/smp: cleanup control register update routines
- commit 869cbe8
- blacklist.conf: s390/smp: cleanup target CPU callback starting
- commit ac0ad39
- blacklist.conf: s390/dump: fix old lowcore virtual vs physical address confusion
- commit f2ccc2e
- blacklist.conf: s390/traps: improve panic message for translation-specification exception
- commit 1cb3dd4
- blacklist.conf: s390/dump: fix os_info virtual vs physical address confusion
- commit 82b75e7
- blacklist.conf: LLVM test case fix
- commit 8a6e662
- s390/vdso: remove -nostdlib compiler flag (git-fixes
  bsc#1211714).
- commit 3aedab5
- blacklist.conf: s390/boot: allocate amode31 section in decompressor
- commit 3a70444
- Update
  patches.suse/HID-asus-use-spinlock-to-protect-concurrent-accesses.patch
  (bsc#1208604 CVE-2023-1079).
  Added bugzilla and CVE
- commit 1bf4240
- Update
  patches.suse/HID-asus-use-spinlock-to-safely-schedule-workers.patch
  (bsc#1208604 CVE-2023-1079).
  Added bugzilla and CVE
- commit a4b9147
- regulator: mt6359: add read check for PMIC MT6359 (git-fixes).
- regulator: pca9450: Fix BUCK2 enable_mask (git-fixes).
- serial: Add support for Advantech PCI-1611U card (git-fixes).
- serial: 8250_exar: Add support for USR298x PCI Modems
  (git-fixes).
- usb-storage: fix deadlock when a scsi command timeouts more
  than once (git-fixes).
- USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value
  (git-fixes).
- USB: usbtmc: Fix direction for 0-length ioctl control messages
  (git-fixes).
- nilfs2: fix use-after-free bug of nilfs_root in
  nilfs_evict_inode() (git-fixes).
- net: phy: dp83867: add w/a for packet errors seen with short
  cables (git-fixes).
- tpm/tpm_tis: Disable interrupts for more Lenovo devices
  (git-fixes).
- soundwire: qcom: gracefully handle too many ports in DT
  (git-fixes).
- phy: st: miphy28lp: use _poll_timeout functions for waits
  (git-fixes).
- staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE
  (git-fixes).
- serial: 8250: Reinit port->pm on port specific driver unbind
  (git-fixes).
- spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes).
- wifi: ath11k: Fix SKB corruption in REO destination ring
  (git-fixes).
- wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write
  backtrace (git-fixes).
- wifi: iwlwifi: pcie: Fix integer overflow in
  iwl_write_to_user_buf (git-fixes).
- wifi: iwlwifi: pcie: fix possible NULL pointer dereference
  (git-fixes).
- wifi: ath: Silence memcpy run-time false positive warning
  (git-fixes).
- wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
  (git-fixes).
- remoteproc: stm32_rproc: Add mutex protection for workqueue
  (git-fixes).
- regmap: cache: Return error in cache sync operations for
  REGCACHE_NONE (git-fixes).
- platform/x86: hp-wmi: Support touchpad on/off (git-fixes).
- commit 17eb14e
- Input: xpad - add constants for GIP interface numbers
  (git-fixes).
- commit ae95fb0
- mmc: sdhci-esdhc-imx: make "/no-mmc-hs400"/ works (git-fixes).
- drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio
  header (git-fixes).
- mfd: dln2: Fix memory leak in dln2_probe() (git-fixes).
- clk: tegra20: fix gcc-7 constant overflow warning (git-fixes).
- HID: wacom: generic: Set battery quirk only when we see battery
  data (git-fixes).
- HID: logitech-hidpp: Reconcile USB and Unifying serials
  (git-fixes).
- HID: logitech-hidpp: Don't use the USB serial for USB devices
  (git-fixes).
- Bluetooth: L2CAP: fix "/bad unlock balance"/ in
  l2cap_disconnect_rsp (git-fixes).
- Bluetooth: btintel: Add LE States quirk support (git-fixes).
- ACPI: EC: Fix oops when removing custom query handlers
  (git-fixes).
- ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in
  acpi_db_display_objects (git-fixes).
- ACPICA: Avoid undefined behavior: applying zero offset to null
  pointer (git-fixes).
- memstick: r592: Fix UAF bug in r592_remove due to race condition
  (bsc#1211449).
- media: pci: tw68: Fix null-ptr-deref bug in buf prepare and
  finish (git-fixes).
- media: cx23885: Fix a null-ptr-deref bug in buffer_prepare()
  and buffer_finish() (git-fixes).
- drm/amd: Fix an out of bounds error in BIOS parser (git-fixes).
- drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes).
- drm/tegra: Avoid potential 32-bit integer overflow (git-fixes).
- drm/amd/display: Use DC_LOG_DC in the trasform pixel function
  (git-fixes).
- drm/displayid: add displayid_get_header() and check bounds
  better (git-fixes).
- arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes).
- HID: wacom: add three styli to wacom_intuos_get_tool_type
  (git-fixes).
- HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs
  (git-fixes).
- HID: wacom: Force pen out of prox if no events have been
  received in a while (git-fixes).
- drm/msm/dpu: Add INTF_5 interrupts (git-fixes).
- commit d814c1f
- s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes
  bsc#1211693).
- s390/dasd: fix hanging blockdevice after request requeue
  (git-fixes bsc#1211687).
- s390/kprobes: fix current_kprobe never cleared after kprobes
  reenter (git-fixes bsc#1211688).
- s390/kprobes: fix irq mask clobbering on kprobe reenter from
  post_handler (git-fixes bsc#1211689).
- s390/mem_detect: fix detect_memory() error handling (git-fixes
  bsc#1211691).
- s390/lcs: Fix return type of lcs_start_xmit() (git-fixes
  bsc#1211690).
- s390/netiucv: Fix return type of netiucv_tx() (git-fixes
  bsc#1211692).
- s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes
  bsc#1211686).
- commit dcbf1cc
- dmaengine: idxd: Only call idxd_enable_system_pasid() if
  succeeded in enabling SVA feature (git-fixes).
- commit bdaf824
- kABI workaround for mt76_poll_msec() (git-fixes).
- commit 8310024
- wifi: mt76: mt7921e: improve reliability of dma reset
  (git-fixes).
- wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes).
- wifi: mt76: add flexible polling wait-interval support
  (git-fixes).
- dmaengine: idxd: Do not enable user type Work Queue without
  Shared Virtual Addressing (git-fixes).
- dmaengine: idxd: Separate user and kernel pasid enabling
  (git-fixes).
- drm/amdgpu: update drm_display_info correctly when the edid
  is read (git-fixes).
- commit 5f45933
- Update
  patches.suse/scsi-iscsi_tcp-Fix-UAF-during-login-when-accessing-the-shost-ipaddress.patch
  (git-fixes CVE-2023-2162 bsc#1210647).
- commit ef8f1cf
- configfs: fix possible memory leak in configfs_create_dir()
  (git-fixes).
- debugfs: fix error when writing negative value to atomic_t
  debugfs file (git-fixes).
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
  (git-fixes).
- commit 1a0085a
- can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
  (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf:
  Rename {leaf,usbcan}_cmd_error_event to
  {leaf,usbcan}_cmd_can_error_event (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
  (git-fixes).
- commit 686ab31
- can: kvaser_usb_leaf: Fix overread with an invalid command
  (git-fixes).
- commit 9e9ebea
- drivers: base: dd: fix memory leak with using debugfs_lookup()
  (git-fixes).
- drivers: base: component: fix memory leak with using
  debugfs_lookup() (git-fixes).
- commit 537af53
- virtio_net: suppress cpu stall when free_unused_bufs
  (git-fixes).
- commit da7bbcd
- usb: gadget: u_ether: Fix host MAC address case (git-fixes).
- commit ab5927c
- virtio_net: bugfix overflow inside xdp_linearize_page()
  (git-fixes).
- commit 7b42c19
- ASoC: fsl_micfil: Fix error handler with pm_runtime_enable
  (git-fixes).
- ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings
  (git-fixes).
- ACPI: bus: Ensure that notify handlers are not running after
  removal (git-fixes).
- ata: pata_octeon_cf: drop kernel-doc notation (git-fixes).
- commit bc3d0e5
- usb: dwc3: gadget: Improve dwc3_gadget_suspend() and
  dwc3_gadget_resume() (git-fixes).
- commit b5c53da
- virtio-net: Keep stop() to follow mirror sequence of open()
  (git-fixes).
- commit 0d2ec00
- virtio-net: execute xdp_do_flush() before napi_complete_done()
  (git-fixes).
- commit 1fe332b
- tools/virtio: fix the vringh test for virtio ring changes
  (git-fixes).
- commit 7846dae
- vhost/net: Clear the pending messages when the backend is
  removed (git-fixes).
- commit ed68aca
- tools/virtio: initialize spinlocks in vring_test.c (git-fixes).
- commit 5a7e7d8
- virtio_net: split free_unused_bufs() (git-fixes).
- commit 00244a7
- tools/virtio: compile with -pthread (git-fixes).
- commit efe7e12
- usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive
  (git-fixes).
- commit 97aa26c
- tools/virtio: fix virtio_test execution (git-fixes).
- commit ab7f233
- vdpa: fix use-after-free on vp_vdpa_remove (git-fixes).
- commit a4fbbfa
- blacklist.conf: add 838d6d3461db ("/virtio: unexport virtio_finalize_features"/)
- commit daac2ad
- RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes)
- commit a805982
- RDMA/mlx5: Fix flow counter query via DEVX (git-fixes)
- commit 7af3d10
- blacklist.conf: black list non applicable fix
- commit 0b43409
- power: supply: bq24190_charger: using pm_runtime_resume_and_get
  instead of pm_runtime_get_sync (git-fixes).
- Refresh
  patches.suse/power-supply-bq24190-Fix-use-after-free-bug-in-bq241.patch.
- commit 32112a8
- net: skip virtio_net_hdr_set_proto if protocol already set
  (git-fixes).
- commit 04b2165
- IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes)
- commit b034548
- IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes)
- commit bc9efec
- RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes)
- commit 5d5e37e
- RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes)
- commit 5ca599d
- RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes)
- commit 711a6c8
- RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes)
- commit dc85357
- RDMA/rdmavt: Delete unnecessary NULL check (git-fixes)
- commit f6fa4f5
- RDMA/siw: Fix potential page_array out of range access (git-fixes)
- commit 9b285aa
- IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes)
- commit 4de26a7
- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).
- commit c8c1599
- x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578).
- x86/alternative: Support relocations in alternatives
  (bsc#1206578).
- x86/alternative: Make debug-alternative selective (bsc#1206578).
- commit 3be7202
- net: virtio_net_hdr_to_skb: count transport header in UFO
  (git-fixes).
- commit 435a431
- PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes).
- commit 4efb06a
- usb: dwc3: Fix a repeated word checkpatch warning (git-fixes).
- commit 39f5ae5
- usb: dwc3: Fix ep0 handling when getting reset while doing
  control transfer (git-fixes).
- commit acaaa13
- USB / dwc3: Fix a checkpatch warning in core.c (git-fixes).
- commit 838022e
- usb: dwc3: gadget: Delay issuing End Transfer (git-fixes).
- commit 19b0a32
- usb: dwc3: gadget: Only End Transfer for ep0 data phase
  (git-fixes).
- commit 7e9b934
- usb: dwc3: remove a possible unnecessary 'out of memory'
  message (git-fixes).
- commit 59239b9
- usb: dwc3: Align DWC3_EP_* flag macros (git-fixes).
- Refresh
  patches.suse/usb-dwc3-gadget-Wait-for-ep0-xfers-to-complete-durin.patch.
- commit 4a16748
- usb: dwc3: drd: use helper to get role-switch-default-mode
  (git-fixes).
- commit ee299c9
- tracing: Fix permissions for the buffer_percent file
  (git-fixes).
- commit 0318a81
- ring-buffer: Sync IRQ works before buffer destruction
  (git-fixes).
- commit a78e19a
- ring-buffer: Ensure proper resetting of atomic variables in
  ring_buffer_reset_online_cpus (git-fixes).
- commit 2b75346
- ring-buffer: Fix kernel-doc (git-fixes).
- commit 6ecbbdc
- net: qrtr: correct types of trace event parameters (git-fixes).
- commit dbac4e1
- f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes).
- commit 6ed4e1b
- usb: dwc3: ep0: Don't prepare beyond Setup stage (git-fixes).
- Refresh
  patches.suse/usb-dwc3-gadget-Avoid-duplicate-requests-to-enable-R.patch.
- commit eccafbc
- ipv6: sr: fix out-of-bounds read when setting HMAC data
  (bsc#1211592).
- commit 5a240f0
- Correct the bq24190 fix patch to apply at the right place (CVE-2023-33288 bsc#1211590)
- commit 9ac2993
- power: supply: bq24190: Fix use after free bug in bq24190_remove
  due to race condition (CVE-2023-33288 bsc#1211590).
- commit 373505c
- KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC
  Self-IPI (git-fixes).
- commit 742c6c3
- KVM: x86/vmx: Do not skip segment attributes if unusable bit
  is set (git-fixes).
- commit 9eaecda
- KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter()
  (git-fixes).
- commit 30d94a9
- KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU doesn't
  support global_ctrl (git-fixes).
- commit aa84341
- KVM: x86: Protect the unused bits in MSR exiting flags
  (git-fixes).
- commit 28b2cff
- KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user()
  (git-fixes).
- commit 4df9796
- KVM: x86: do not set st->preempted when going back to user space
  (git-fixes).
- commit 757f49a
- KVM: SVM: Don't rewrite guest ICR on AVIC IPI virtualization
  failure (git-fixes).
- commit f034027
- KVM: x86: Do not change ICR on write to APIC_SELF_IPI
  (git-fixes).
- commit 71266ce
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Fix error return code in gve_prefill_rx_pages()
  (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path
  (bsc#1211519).
- google/gve:fix repeated words in comments (bsc#1211519).
- gve: Fix spelling mistake "/droping"/ -> "/dropping"/ (bsc#1211519).
- gve: enhance no queue page list detection (bsc#1211519).
- commit e7ab3d9
- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing
  bugs (git-fixes).
- commit 0592eea
- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt
  is advertised (git-fixes).
- commit b3bd831
- kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always
  catchup mode (git-fixes).
- commit 61c19ae
- KVM: x86: Report deprecated x87 features in supported CPUID
  (git-fixes).
- commit f103d79
- KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER
  (git-fixes).
- commit 28c6c36
- KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when
  eVMCS (git-fixes).
- commit aa258cd
- KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking
  shadow (git-fixes).
- commit 10c2c56
- kernel-source: Remove unused macro variant_symbols
- commit 915ac72
- KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper
  (git-fixes).
- commit 7736978
- KVM: nVMX: Don't use Enlightened MSR Bitmap for L3 (git-fixes).
- commit a6f9309
- blacklist.conf: add 9dba4d24cbb55 ("/86/kvm: remove unused ack_notifier
  callbacks"/
- commit 7c642cd
- KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid()
  (git-fixes).
- commit 28c590c
- s390/extmem: return correct segment type in __segment_load()
  (bsc#1210450 git-fixes).
- commit 0040ffc
- s390/uaccess: add missing earlyclobber annotations to __clear_user()
  (bsc#1209856 git-fixes).
- commit 66fb793
- xen/netback: use same error messages for same errors
  (git-fixes).
- commit a7eb923
- powerpc/iommu: DMA address offset is incorrectly calculated
  with 2MB TCEs (jsc#SLE-19556 git-fixes).
- commit 893c217
- net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes).
- s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes).
- commit 0720e89
- fbdev: udlfb: Fix endpoint check (git-fixes).
- fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes).
- USB: core: Add routines for endpoint checks in old drivers
  (git-fixes).
- fbdev: ep93xx-fb: Add missing clk_disable_unprepare in
  ep93xxfb_probe() (git-fixes).
- fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards
  (git-fixes).
- commit b351847
- vc_screen: reload load of struct vc_data pointer in vcs_write()
  to avoid UAF (git-fixes).
- serial: qcom-geni: fix enabling deactivated interrupt
  (git-fixes).
- serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes).
- serial: 8250_bcm7271: balance clk_enable calls (git-fixes).
- serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
  (git-fixes).
- thunderbolt: Clear registers properly when auto clear isn't
  in use (bsc#1210165).
- xhci: Fix incorrect tracking of free space on transfer rings
  (git-fixes).
- xhci-pci: Only run d3cold avoidance quirk for s2idle
  (git-fixes).
- usb: typec: altmodes/displayport: fix pin_assignment_show
  (git-fixes).
- usb: dwc3: debugfs: Resume dwc3 before accessing registers
  (git-fixes).
- commit 8584d07
- ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
  (git-fixes).
- ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for yet another
  HP laptop (git-fixes).
- ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go
  (git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops
  (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes).
- ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes).
- commit 6ddb5bd
- drm/msm/dpu: Remove duplicate register defines from INTF
  (git-fixes).
- drm/msm/dp: unregister audio driver during unbind (git-fixes).
- drm/exynos: fix g2d_open/close helper function definitions
  (git-fixes).
- Documentation/filesystems: ramfs-rootfs-initramfs: use :Author:
  (git-fixes).
- Documentation/filesystems: sharedsubtree: add section headings
  (git-fixes).
- ALSA: cs46xx: mark snd_cs46xx_download_image as static
  (git-fixes).
- ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion
  15 (git-fixes).
- ALSA: firewire-digi00x: prevent potential use after free
  (git-fixes).
- commit 473b547
- Move upstreamed media patches into sorted section
- commit 201322a
- media: dvb_net: kABI workaround (CVE-2022-45886 bsc#1205760).
- media: dvb_frontend: kABI workaround (CVE-2022-45885
  bsc#1205758).
- commit 93a2fd7
- media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
  (CVE-2022-45887 bsc#1205762).
- media: dvb-core: Fix use-after-free due to race condition at
  dvb_ca_en50221 (CVE-2022-45919 bsc#1205803).
- media: dvb-core: Fix use-after-free due to race at
  dvb_register_device() (CVE-2022-45884 bsc#1205756).
- media: dvb-core: Fix use-after-free due on race condition at
  dvb_net (CVE-2022-45886 bsc#1205760).
- media: dvb-core: Fix kernel WARNING for blocking operation in
  wait_event*() (CVE-2023-31084 bsc#1210783).
- media: dvb-core: Fix use-after-free on race condition at
  dvb_frontend (CVE-2022-45885 bsc#1205758).
- commit 3c0eba9
- can: kvaser_pciefd: Disable interrupts in probe error path
  (git-fixes).
- can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt
  (git-fixes).
- can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes).
- can: kvaser_pciefd: Call request_irq() before enabling
  interrupts (git-fixes).
- can: kvaser_pciefd: Clear listen-only bit if not explicitly
  requested (git-fixes).
- can: kvaser_pciefd: Set CAN_STATE_STOPPED in
  kvaser_pciefd_stop() (git-fixes).
- wifi: iwlwifi: mvm: don't trust firmware n_channels (git-fixes).
- wifi: iwlwifi: mvm: fix OEM's name in the tas approved list
  (git-fixes).
- wifi: iwlwifi: fix OEM's name in the ppag approved list
  (git-fixes).
- wifi: iwlwifi: fw: fix DBGI dump (git-fixes).
- wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock
  (git-fixes).
- wifi: mac80211: fix min center freq offset tracing (git-fixes).
- cassini: Fix a memory leak in the error handling path of
  cas_init_one() (git-fixes).
- can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- selftets: seg6: disable rp_filter by default in
  srv6_end_dt4_l3vpn_test (git-fixes).
- selftests: seg6: disable DAD on IPv6 router cfg for
  srv6_end_dt4_l3vpn_test (git-fixes).
- media: netup_unidvb: fix use-after-free at del_timer()
  (git-fixes).
- selftests/sgx: Add "/test_encl.elf"/ to TEST_FILES (git-fixes).
- selftests: srv6: make srv6_end_dt46_l3vpn_test more robust
  (git-fixes).
- commit 41844ce
- Update References
  patches.suse/bluetooth-Perform-careful-capability-checks-in-hci_s.patch
  (git-fixes bsc#1210533 CVE-2023-2002).
- commit 0d52fb3
- net: sched: sch_qfq: prevent slab-out-of-bounds in
  qfq_activate_agg (bsc#1210940 CVE-2023-31436).
- commit 8a9beae
- drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling
  legacy gfx ras (git-fixes).
- drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled
  in suspend (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Dexp Ursus
  KX210i (git-fixes).
- platform/x86: touchscreen_dmi: Add upside-down quirk for
  GDIX1002 ts on the Juno Tablet (git-fixes).
- drm/amd/display: Fix hang when skipping modeset (git-fixes).
- HID: wacom: Set a default resolution for older tablets
  (git-fixes).
- drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and
  319.89 MHz (git-fixes).
- drm/i915/dg2: Add additional HDMI pixel clock frequencies
  (git-fixes).
- drm/i915/dg2: Support 4k@30 on HDMI (git-fixes).
- commit 2af09b7
- Add a bug reference to two existing drm-hyperv changes (bsc#1211281).
- commit 5df9068
- cifs: fix sharing of DFS connections (bsc#1208758).
- commit eca9f8a
- cifs: avoid potential races when handling multiple dfs tcons
  (bsc#1208758).
- commit 63e23c3
- cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath
  (bsc#1208758).
- commit afe04d7
- cifs: fix potential race when tree connecting ipc (bsc#1208758).
- commit e5ca6c5
- cifs: fix potential use-after-free bugs in
  TCP_Server_Info::hostname (bsc#1208758).
- commit c684f06
- cifs: protect session status check in smb2_reconnect()
  (bsc#1208758).
- commit a5777d5
- smb3: move some common open context structs to smbfs_common
  (bsc#1193629).
- commit 584d68d
- smb3: make query_on_disk_id open context consistent and move
  to common code (bsc#1193629).
- commit c9e01f8
- cifs: missing lock when updating session status (bsc#1193629).
- commit 54a1882
- SMB3: Add missing locks to protect deferred close file list
  (git-fixes).
- commit de29309
- cifs: avoid dup prefix path in dfs_get_automount_devname()
  (git-fixes).
- commit ed1670a
- cifs: sanitize paths in cifs_update_super_prepath (git-fixes).
- commit afc9290
- Refresh
  patches.suse/net-ice-Add-support-for-enable_iwarp-and-enable_roce.patch.
- Delete
  patches.suse/devlink-Add-enable_iwarp-generic-device-param.patch.
  Fixed broken kABI (bsc#1208050 bsc#1211414).
- commit 118de8c
- Refresh
  patches.suse/net-mana-Add-new-MANA-VF-performance-counters-for-ea.patch.
  Fix backport.
- commit 6887ae9
- HID: microsoft: Add rumble support to latest xbox controllers
  (bsc#1211280).
- commit a92cf6c
- kabi/severities: added Microsoft mana symbold (bsc#1210551)
- commit 9c4a05e
- net: mana: Check if netdev/napi_alloc_frag returns single page
  (bsc#1210551).
- net: mana: Rename mana_refill_rxoob and remove some empty lines
  (bsc#1210551).
- net: mana: Add support for jumbo frame (bsc#1210551).
- net: mana: Enable RX path to handle various MTU sizes
  (bsc#1210551).
- net: mana: Refactor RX buffer allocation code to prepare for
  various MTU (bsc#1210551).
- net: mana: Use napi_build_skb in RX path (bsc#1210551).
- net: mana: Add new MANA VF performance counters for easier
  troubleshooting (bsc#1209982).
- commit ac98332
- kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest
  (git-fixes)
- commit ef4b42f
- ACPI: tables: Add support for NBFT (bsc#1195921).
- commit 90b0d13
- drm/amdgpu: Fix vram recover doesn't work after whole GPU reset
  (v2) (git-fixes).
- drm/i915/dp: prevent potential div-by-zero (git-fixes).
- drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes).
- docs: networking: fix x25-iface.rst heading & index order
  (git-fixes).
- gve: Remove the code of clearing PBA bit (git-fixes).
- nilfs2: do not write dirty data after degenerating to read-only
  (git-fixes).
- nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes).
- clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling
  (git-fixes).
- pstore: Revert pmsg_lock back to a normal mutex (git-fixes).
- wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND
  if unset (git-fixes).
- selftests: xsk: Disable IPv6 on VETH1 (git-fixes).
- wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes).
- mailbox: zynqmp: Fix typo in IPI documentation (git-fixes).
- mailbox: zynqmp: Fix IPI isr handling (git-fixes).
- drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes).
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step
  (git-fixes).
- ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes).
- selftests/resctrl: Check for return value after write_schemata()
  (git-fixes).
- selftests/resctrl: Allow ->setup() to return errors (git-fixes).
- selftests/resctrl: Move ->setup() call outside of test specific
  branches (git-fixes).
- selftests/resctrl: Return NULL if malloc_and_init_memory()
  did not alloc mem (git-fixes).
- tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed
  (git-fixes).
- tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE
  register (git-fixes).
- iio: adc: palmas_gpadc: fix NULL dereference on rmmod
  (git-fixes).
- selftests mount: Fix mount_setattr_test builds failed
  (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One
  7 B1-750 (git-fixes).
- ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County'
  NUC M15 (git-fixes).
- ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init()
  for dpcm (git-fixes).
- asm-generic/io.h: suppress endianness warnings for readq()
  and writeq() (git-fixes).
- drm/ttm: optimize pool allocations a bit v2 (git-fixes).
- clk: qcom: regmap: add PHY clock source implementation
  (git-fixes).
- ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes).
- arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000
  (git-fixes).
- ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes).
- selftests/resctrl: Extend CPU vendor detection (git-fixes).
- spi: spi-imx: using pm_runtime_resume_and_get instead of
  pm_runtime_get_sync (git-fixes).
- media: rcar_fdp1: Fix the correct variable assignments
  (git-fixes).
- arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500
  (git-fixes).
- serial: stm32: re-introduce an irq flag condition in
  usart_receive_chars (git-fixes).
- media: rcar_fdp1: Make use of the helper function
  devm_platform_ioremap_resource() (git-fixes).
- commit c094bdc
- KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted
  (git-fixes).
- commit d64e14c
- KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX
  handler (git-fixes).
- commit 56061d9
- KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4()
  (git-fixes).
- commit a6ab5bb
- KVM: SVM: Fix benign "/bool vs. int"/ comparison in svm_set_cr0()
  (git-fixes).
- commit f475ade
- KVM: SVM: hyper-v: placate modpost section mismatch error
  (git-fixes).
- commit 816e1bf
- KVM: SVM: Fix potential overflow in SEV's
  send|receive_update_data() (git-fixes).
- commit 16c4f84
- KVM: SVM: Require logical ID to be power-of-2 for AVIC entry
  (git-fixes).
- commit aed233d
- platform/x86: thinkpad_acpi: Fix platform profiles on T490
  (git-fixes).
- commit 1c69e0b
- KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page()
  (git-fixes).
- commit 81f590f
- KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1
  (git-fixes).
- commit 77c8954
- KVM: nVMX: Document that ignoring memory failures for VMCLEAR
  is deliberate (git-fixes).
- commit b84688a
- KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC
  reconfigure race (git-fixes).
- commit 5d05f90
- x86/nospec: Unwreck the RSB stuffing (git-fixes).
- commit b1c4544
- x86/amd: Use IBPB for firmware calls (git-fixes).
- Refresh patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch.
- commit 98a0873
- KVM: nVMX: Inject #GP, not #UD, if "/generic"/ VMXON CR0/CR4
  check fails (git-fixes).
- commit 8d3f5e6
- x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes).
- commit 55ad85a
- x86/bugs: Add "/unknown"/ reporting for MMIO Stale Data (git-fixes).
- commit c9d308d
- KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid
  (git-fixes).
- commit 341c774
- ECO for QAT driver update was approved (PED-3955).
  Allow kABI changes below drivers/crypto/qat and remove
  the corresponding kABI padding patch.
- commit d46b3f1
- x86/speculation/mmio: Print SMT warning (git-fixes).
- commit b61badb
- x86/bugs: Warn when "/ibrs"/ mitigation is selected on Enhanced IBRS  parts (git-fixes).
- commit 309477d
- x86/alternative: Report missing return thunk details (git-fixes).
- commit a6de731
- KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception
  (git-fixes).
- commit b95c292
- KVM: VMX: Resume guest immediately when injecting #GP on ECREATE
  (git-fixes).
- commit 028e88b
- blacklist.conf: Blacklist already integrated patch
- commit f08adc0
- blacklist.conf: Remove alread-integrated patch
- commit 6038830
- KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes).
- commit f34367a
- KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag
  (git-fixes).
- commit 4d26615
- KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like
  (git-fixes).
- commit 1c41646
- KVM: x86: Mask off unsupported and unknown bits of
  IA32_ARCH_CAPABILITIES (git-fixes).
- commit e7d58ae
- KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness
  (git-fixes).
- commit 31729ed
- KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes)
- commit e94cf3b
- KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes)
- commit 7aef2ca
- KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes)
- commit 1e49eb1
- Fix bug reference.
- Update patches.suse/powerpc-64s-Fix-local-irq-disable-when-PMIs-are-disa.patch
  (bsc#1195655 ltc#195733 git-fixes).
- Update patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch
  (bsc#1195655 ltc#195733).
- commit 75b352e
- KVM: x86/emulator: Emulate RDPID only if it is enabled in guest
  (git-fixes).
- commit 8e78e7b
- KVM: arm64: Don't arm a hrtimer for an already pending timer (git-fixes)
- commit 7242bab
- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes)
- commit 24e09a6
- KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes)
- commit 94fc8c2
- KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes)
- commit a2031d5
- KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes)
- commit 57c82ed
- KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes)
- commit 4084e39
- KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes)
- commit 80e5dc8
- KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes)
- commit b34a907
- KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes)
- commit 18fdaaf
- powerpc/rtas: use memmove for potentially overlapping buffer
  copy (bsc#1065729).
- powerpc: Don't try to copy PPR for task with NULL pt_regs
  (bsc#1065729).
- commit a0f9fd4
- KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes)
- commit 1e56a5b
- KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes)
- commit 32b2eb1
- KVM: arm64: Don't return from void function (git-fixes)
- commit 929b4b8
- KVM: Don't set Accessed/Dirty bits for ZERO_PAGE (git-fixes)
- commit d5c7f0a
- KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes)
- commit c528fa6
- KVM: Don't create VM debugfs files outside of the VM directory (git-fixes)
- commit f35aa14
- x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205).
- commit 5c67650
- Revert "/KVM: set owner of cpu and vm file operations"/ (git-fixes)
- commit 641eec4
- KVM: Prevent module exit until all VMs are freed (git-fixes)
- commit d75ff37
- KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes)
- commit e7649a0
- KVM: Disallow user memslot with size that exceeds "/unsigned long"/ (git-fixes)
- commit 3d5e854
- arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes)
  Enable workaround and fix kABI breakage.
- commit 65ad1d7
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
- commit 66d6673
- RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022).
- commit f8b8352
- RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter
  (bsc#1210741 jsc#PED-4022).
- Update config files.
- supported.conf: mark mana_ib supported
- commit 1a4c2c7
- net: mana: Move header files to a common location (bsc#1210741
  jsc#PED-4022).
- Refresh
  patches.suse/net-mana-Fix-IRQ-name-add-PCI-and-queue-number.patch.
- commit 5b586a1
- RDMA/mana_ib: Fix a bug when the PF indicates more entries for
  registering memory on first packet (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw()
  (bsc#1210741 jsc#PED-4022).
- RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741
  jsc#PED-4022).
- commit 34e74c1
- net: mana: Define data structures for protection domain and
  memory registration (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for allocating doorbell page
  from GDMA (bsc#1210741 jsc#PED-4022).
- net: mana: Define and process GDMA response code
  GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022).
- net: mana: Define max values for SGL entries (bsc#1210741
  jsc#PED-4022).
- net: mana: Record port number in netdev (bsc#1210741
  jsc#PED-4022).
- net: mana: Export Work Queue functions for use by RDMA driver
  (bsc#1210741 jsc#PED-4022).
- net: mana: Set the DMA device max segment size (bsc#1210741
  jsc#PED-4022).
- net: mana: Handle vport sharing between devices (bsc#1210741
  jsc#PED-4022).
- net: mana: Record the physical address for doorbell page region
  (bsc#1210741 jsc#PED-4022).
- net: mana: Add support for auxiliary device (bsc#1210741
  jsc#PED-4022).
- commit f92c525
- KVM: nVMX: add missing consistency checks for CR0 and CR4
  (bsc#1210294 CVE-2023-30456).
- commit ef9d3af
- blacklist.conf: cleanup of a comment
- commit 84e5a2f
- blacklist.conf: dependencies cannot be met
- commit e3d82fb
- iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm
  (bsc#1207553).
- commit f66a3d1
- apparmor: add a kernel label to use on kernel objects
  (bsc#1211113).
- commit 51d9c3d
- crypto: qat - add resubmit logic for decompression (jsc#PED-3692)
- commit 0291fd1
- crypto: acomp - define max size for destination (jsc#PED-3692)
- commit 85592d8
- crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692)
- commit e4a787e
- crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692)
- commit 0a12d82
- crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692)
- commit 84eb593
- crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692)
- commit b8f6153
- crypto: qat - relocate backlog related structures (jsc#PED-3692)
- commit 4cc71cc
- crypto: qat - extend buffer list interface (jsc#PED-3692)
- commit add926d
- crypto: qat - generalize crypto request buffers (jsc#PED-3692)
- commit 53057db
- crypto: qat - change bufferlist logic interface (jsc#PED-3692)
- commit e94a222
- crypto: qat - rename bufferlist functions (jsc#PED-3692)
- commit 6fb4fa4
- crypto: qat - relocate bufferlist logic (jsc#PED-3692)
- commit babeef7
- crypto: qat - fix error return code in adf_probe (jsc#PED-3692)
- commit 8fbb831
- crypto: qat - add limit to linked list parsing (jsc#PED-3692)
- commit 57cf8db
- crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692)
- commit 191d933
- crypto: qat - fix DMA transfer direction (jsc#PED-3692)
- commit 8033e5b
- crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692)
- commit 2893932
- crypto: qat - add check to validate firmware images (jsc#PED-3692)
- commit 638d767
- crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692)
- commit da7d730
- crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692)
- commit 9d2ec7c
- crypto: qat - change behaviour of (jsc#PED-3692)
- commit 88b302a
- crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692)
- commit c9aee29
- crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692)
- commit b693728
- crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692)
- commit e064970
- crypto: qat - add support for 401xx devices (jsc#PED-3692)
- commit f05d9dc
- crypto: qat - re-enable registration of algorithms (jsc#PED-3692)
- commit 68596ea
- crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692)
- commit e4d21be
- crypto: qat - add param check for DH (jsc#PED-3692)
- commit da607b7
- crypto: qat - add param check for RSA (jsc#PED-3692)
- commit 7eefa16
- crypto: qat - add backlog mechanism (jsc#PED-3692)
- commit 624d1d0
- crypto: qat - refactor submission logic (jsc#PED-3692)
- commit b8e53cb
- crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692)
- commit bd15683
- crypto: qat - Fix unsigned function returning negative (jsc#PED-3692)
- commit c617c8f
- crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692)
- commit b866596
- crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692)
- commit e40b5cb
- crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692)
- commit 02bc64e
- crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692)
- commit 4d65255
- crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692)
- commit b225eca
- crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692)
- commit 2b6fd0a
- crypto: qat - fix wording and formatting in code comment (jsc#PED-3692)
- commit 1e0a7c3
- crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692)
- commit c5057e2
- crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692)
- commit 9de3f9b
- crypto: qat - add missing restarting event notification in (jsc#PED-3692)
- commit a8dbb60
- crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692)
- commit 1848290
- crypto: qat - remove unused PFVF stubs (jsc#PED-3692)
- commit 1cf3054
- crypto: qat - remove unneeded braces (jsc#PED-3692)
- commit a02a4ee
- crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692)
- commit 56dd6e7
- crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692)
- commit dd0685f
- crypto: qat - stop using iommu_present() (jsc#PED-3692)
- commit e463f30
- crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692)
- commit c63cf22
- crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692)
- commit 29cae5c
- crypto: qat - remove unneeded assignment (jsc#PED-3692)
- commit 988ee72
- crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692)
- commit d524451
- crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692)
- commit 5536852
- crypto: qat - add misc workqueue (jsc#PED-3692)
- commit cb5c3b7
- crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692)
- commit 89bd3f8
- crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692)
- commit a7f67e3
- crypto: qat - fix definition of ring reset results (jsc#PED-3692)
- commit 151593d
- crypto: qat - add support for compression for 4xxx (jsc#PED-3692)
- commit dfc51e6
- crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692)
- commit 8557674
- crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692)
- commit 5d143f2
- crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692)
- commit 916a77e
- crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692)
- commit 6601ff4
- crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692)
- commit e8ce44d
- crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692)
- commit 986f0e6
- crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692)
- commit 7d28fba
- crypto: qat - introduce support for PFVF block messages (jsc#PED-3692)
- commit 6155681
- crypto: qat - store the ring-to-service mapping (jsc#PED-3692)
- commit 77f298d
- crypto: qat - store the PFVF protocol version of the (jsc#PED-3692)
- commit da2daed
- crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692)
- commit a184282
- crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692)
- commit e08ef29
- crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692)
- commit 77c5d55
- crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692)
- commit 22808a8
- crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692)
- commit 529c178
- crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692)
- commit 2cfdf60
- crypto: qat - make PFVF message construction direction (jsc#PED-3692)
- commit 192475a
- crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692)
- commit 029b3f8
- crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692)
- commit b21ae8f
- crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692)
- commit 86b6de1
- crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692)
- commit c36c1b5
- crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692)
- commit 5a6ccb5
- crypto: qat - get compression extended capabilities (jsc#PED-3692)
- commit 6bc8ecc
- crypto: qat - improve logging of PFVF messages (jsc#PED-3692)
- commit 69ac24d
- crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692)
- commit a09ab7d
- crypto: qat - do not rely on min version (jsc#PED-3692)
- commit 1fbc50a
- crypto: qat - refactor pfvf version request messages (jsc#PED-3692)
- commit bd91022
- crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692)
- commit ce27ee1
- crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692)
- commit 07d0530
- crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692)
- commit dfcb218
- crypto: qat - reorganize PFVF code (jsc#PED-3692)
- commit ebf7e16
- crypto: qat - abstract PFVF receive logic (jsc#PED-3692)
- commit 4ac3bf8
- crypto: qat - abstract PFVF send function (jsc#PED-3692)
- commit 3228a9b
- crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692)
- commit 7a44395
- crypto: qat - add pfvf_ops (jsc#PED-3692)
- commit 5960736
- crypto: qat - relocate PFVF disabled function (jsc#PED-3692)
- commit 1aa65a8
- crypto: qat - relocate PFVF VF related logic (jsc#PED-3692)
- commit 53e0309
- crypto: qat - relocate PFVF PF related logic (jsc#PED-3692)
- commit b869385
- crypto: qat - handle retries due to collisions in (jsc#PED-3692)
- commit 27aa4db
- crypto: qat - split PFVF message decoding from handling (jsc#PED-3692)
- commit 375be54
- crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692)
- commit 253518f
- crypto: qat - change PFVF ACK behaviour (jsc#PED-3692)
- commit b8f6615
- crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692)
- commit 2d2c8ab
- crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692)
- commit 08b5439
- crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692)
- commit 32a2e31
- crypto: qat - refactor PF top half for PFVF (jsc#PED-3692)
- commit b27b05c
- crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692)
- commit c5402df
- crypto: qat - simplify adf_enable_aer() (jsc#PED-3692)
- commit ef47805
- crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692)
- commit 3c38713
- crypto: qat - extract send and wait from (jsc#PED-3692)
- commit d88c673
- crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692)
- commit 688556e
- crypto: qat - rename pfvf collision constants (jsc#PED-3692)
- commit 4f0c483
- crypto: qat - move pfvf collision detection values (jsc#PED-3692)
- commit 7d933b4
- crypto: qat - use hweight for bit counting (jsc#PED-3692)
- commit f443d35
- crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692)
- commit 4276cd3
- crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692)
- commit 89e9e5e
- crypto: qat - remove unneeded packed attribute (jsc#PED-3692)
- commit abcbfac
- crypto: qat - free irq in case of failure (jsc#PED-3692)
- commit 227e146
- crypto: qat - free irqs only if allocated (jsc#PED-3692)
- commit a4d86dd
- crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692)
- commit e9e0672
- crypto: qat - replace deprecated MSI API (jsc#PED-3692)
- commit 4f29ad0
- crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692)
- commit 49708c6
- crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692)
- commit dd303d7
- crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692)
- commit 167b6ae
- crypto: qat - remove empty sriov_configure() (jsc#PED-3692)
- commit 0767718
- crypto: qat - fix a typo in a comment (jsc#PED-3692)
- commit 8a91dc4
- crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692)
- commit df8b85d
- crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692)
- commit dbe426c
- crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692)
- commit ac1c697
- sfc: fix TX channel offset when using legacy interrupts
  (git-fixes).
- net: tun: avoid disabling NAPI twice (git-fixes).
- commit 03bb08f
- workqueue: Print backtraces from CPUs with hung CPU bound
  workqueues (bsc#1211044).
- commit edb7f74
- workqueue: Warn when a rescuer could not be created
  (bsc#1211044).
- commit bbf3c79
- workqueue: Interrupted create_worker() is not a repeated event
  (bsc#1211044).
- commit 86794c5
- workqueue: Warn when a new worker could not be created
  (bsc#1211044).
- commit eb3a726
- workqueue: Fix hung time report of worker pools (bsc#1211044).
- commit 3a59651
- x86/boot: Skip realmode init code when running as Xen PV guest   (git-fixes).
- Refresh    patches.kabi/kABI-Fix-kABI-after-x86-mm-cpa-Generalize-__set_memo.patch.
- commit e90b7a1
- RDMA/irdma: Remove excess error variables (jsc#SLE-18383).
- Refresh
  patches.suse/RDMA-irdma-Validate-udata-inlen-and-outlen.patch.
- commit 4d4fa6d
- x86/signal: Fix the value returned by strict_sas_size() (git-fixes).
- commit d3c6791
- RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383).
- Refresh
  patches.suse/RDMA-irdma-Prevent-some-integer-underflows.patch.
- Refresh
  patches.suse/RDMA-irdma-Return-correct-WC-error-for-bind-operatio.patch.
- Refresh
  patches.suse/RDMA-irdma-Return-error-on-MR-deregister-CQP-failure.patch.
- Refresh
  patches.suse/RDMA-irdma-Validate-udata-inlen-and-outlen.patch.
- commit 11ed66b
- sfc: Fix module EEPROM reporting for QSFP modules (git-fixes).
- sfc: Fix use-after-free due to selftest_work (git-fixes).
- RDMA/irdma: Do not generate SW completions for NOPs
  (jsc#SLE-18383).
- gve: Secure enough bytes in the first TX desc for all TCP pkts
  (git-fixes).
- sfc: ef10: don't overwrite offload features at NIC reset
  (git-fixes).
- gve: Cache link_speed value from device (git-fixes).
- sfc: correctly advertise tunneled IPv6 segmentation (git-fixes).
- RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383).
- RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383).
- iavf: Do not restart Tx queues after reset task failure
  (jsc#SLE-18385).
- iavf: Fix a crash during reset task (jsc#SLE-18385).
- net: tun: fix bugs for oversize packet when napi frags enabled
  (git-fixes).
- sfc: include vport_id in filter spec hash and equal()
  (git-fixes).
- sfc: Change VF mac via PF as first preference if available
  (git-fixes).
- sfc: fix null pointer dereference in efx_hard_start_xmit
  (git-fixes).
- RDMA/irdma: Fix drain SQ hang with no completion
  (jsc#SLE-18383).
- net: tun: stop NAPI when detaching queues (git-fixes).
- net: tun: unlink NAPI from device on destruction (git-fixes).
- sfc: fix wrong tx channel offset with efx_separate_tx_channels
  (git-fixes).
- sfc: fix considering that all channels have TX queues
  (git-fixes).
- RDMA/irdma: Add SW mechanism to generate completions on error
  (jsc#SLE-18383).
- commit b8a7c09
- x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
- commit ca9f52b
- x86/mm: Use proper mask when setting PUD mapping (git-fixes).
- commit d9bb4d3
- x86/MCE/AMD: Use an u64 for bank_map (git-fixes).
- commit 4d91aa8
- x86/pat: Fix x86_has_pat_wp() (git-fixes).
- commit 9499df5
- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- commit 1c1a4cd
- act_mirred: use the backlog for nested calls to mirred ingress
  (CVE-2022-4269 bsc#1206024).
- net/sched: act_mirred: better wording on protection against
  excessive stack growth (CVE-2022-4269 bsc#1206024).
- commit 0660aaf
- netfilter: nf_tables: deactivate anonymous set from preparation
  phase (CVE-2023-32233 bsc#1211043).
- commit a0bdb58
- igc: read before write to SRRCTL register (jsc#SLE-18377).
- ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384).
- RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
  (jsc#SLE-19255).
- ixgbe: Enable setting RSS table to default values
  (jsc#SLE-18384).
- ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384).
- i40e: fix i40e_setup_misc_vector() error handling
  (jsc#SLE-18378).
- i40e: fix accessing vsi->active_filters without holding lock
  (jsc#SLE-18378).
- i40e: fix registers dump after run ethtool adapter self test
  (jsc#SLE-18378).
- i40e: fix flow director packet filter programming
  (jsc#SLE-18378).
- iavf: fix hang on reboot with ice (jsc#SLE-18385).
- igc: fix the validation logic for taprio's gate list
  (jsc#SLE-18377).
- igbvf: Regard vf reset nack as success (jsc#SLE-18379).
- intel/igbvf: free irq on the error path in igbvf_request_msix()
  (jsc#SLE-18379).
- igb: Enable SR-IOV after reinit (jsc#SLE-18379).
- igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379).
- iavf: fix non-tunneled IPv6 UDP packet type and hashing
  (jsc#SLE-18385).
- iavf: fix inverted Rx hash condition leading to disabled hash
  (jsc#SLE-18385).
- i40e: Fix kernel crash during reboot when adapter is in recovery
  mode (jsc#SLE-18378).
- igb: conditionalize I2C bit banging on external thermal sensor
  support (jsc#SLE-18379).
- ixgbe: add double of VLAN header when computing the max MTU
  (jsc#SLE-18384).
- i40e: add double of VLAN header when computing the max MTU
  (jsc#SLE-18378).
- ixgbe: allow to increase MTU to 3K with XDP enabled
  (jsc#SLE-18384).
- i40e: Add checking for null for nlmsg_find_attr()
  (jsc#SLE-18378).
- igc: Add ndo_tx_timeout support (jsc#SLE-18377).
- igc: return an error if the mac type is unknown in
  igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377).
- iavf/iavf_main: actually log ->src mask when talking about it
  (jsc#SLE-18385).
- igc: Fix PPS delta between two synchronized end-points
  (jsc#SLE-18377).
- ixgbe: fix pci device refcount leak (jsc#SLE-18384).
- igc: Set Qbv start_time and end_time to end_time if not being
  configured in GCL (jsc#SLE-18377).
- igc: recalculate Qbv end_time by considering cycle time
  (jsc#SLE-18377).
- igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377).
- igc: Add checking for basetime less than zero (jsc#SLE-18377).
- igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377).
- igc: Enhance Qbv scheduling by using first flag bit
  (jsc#SLE-18377).
- igb: Initialize mailbox message for VF reset (jsc#SLE-18379).
- i40e: Fix the inability to attach XDP program on downed
  interface (jsc#SLE-18378).
- i40e: Fix for VF MAC address 0 (jsc#SLE-18378).
- iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385).
- iavf: Fix race condition between iavf_shutdown and iavf_remove
  (jsc#SLE-18385).
- i40e: Fix flow-type by setting GL_HASH_INSET registers
  (jsc#SLE-18378).
- i40e: Fix VF hang when reset is triggered on another VF
  (jsc#SLE-18378).
- i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378).
- i40e: Fix DMA mappings leak (jsc#SLE-18378).
- i40e: Fix set max_tx_rate when it is lower than 1 Mbps
  (jsc#SLE-18378).
- i40e: Fix VF set max MTU size (jsc#SLE-18378).
- iavf: Fix set max MTU size with port VLAN and jumbo frames
  (jsc#SLE-18385).
- iavf: Fix bad page state (jsc#SLE-18385).
- iavf: Fix cached head and tail value for iavf_get_tx_pending
  (jsc#SLE-18385).
- iavf: Detach device during reset task (jsc#SLE-18385).
- i40e: Fix kernel crash during module removal (jsc#SLE-18378).
- i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378).
- i40e: Fix incorrect address type for IPv6 flow rules
  (jsc#SLE-18378).
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
  (jsc#SLE-18384).
- igb: Add lock to avoid data race (jsc#SLE-18379).
- iavf: Fix 'tc qdisc show' listing too many queues
  (jsc#SLE-18385).
- iavf: Fix max_rate limiting (jsc#SLE-18385).
- i40e: Refactor tc mqprio checks (jsc#SLE-18378).
- igc: Lift TAPRIO schedule restriction (jsc#SLE-18377).
- i40e: Fix interface init with MSI interrupts (no MSI-X)
  (jsc#SLE-18378).
- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq
  (jsc#SLE-18385).
- i40e: Fix erroneous adapter reinitialization during recovery
  process (jsc#SLE-18378).
- igc: Reinstate IGC_REMOVED logic and implement it properly
  (jsc#SLE-18377).
- i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378).
- i40e: Fix calculating the number of queue pairs (jsc#SLE-18378).
- i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378).
- ice: Fix interrupt moderation settings getting cleared
  (jsc#SLE-18375).
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation
  (jsc#SLE-18375).
- commit 80d0092
- ACPI: processor: Fix evaluating _PDC method when running as
  Xen dom0 (git-fixes).
- commit 9762d65
- xen/netback: don't do grant copy across page boundary
  (git-fixes).
- commit f4517dd
- crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs()
  (git-fixes).
- commit 46b1fec
- SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt
  (bsc#1210775).
- commit 2b91689
- ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop
  (git-fixes).
- ALSA: caiaq: input: Add error handling for unsupported input
  methods in `snd_usb_caiaq_input_init` (git-fixes).
- ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes).
- ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED
  (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41
  (git-fixes).
- ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes).
- commit 9ac9894
- r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes).
- r8152: fix the poor throughput for 2.5G devices (git-fixes).
- r8152: fix flow control issue of RTL8156A (git-fixes).
- i2c: omap: Fix standard mode false ACK readings (git-fixes).
- i2c: tegra: Fix PEC support for SMBUS block read (git-fixes).
- drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes).
- drm/amd/display: fix flickering caused by S/G mode (git-fixes).
- commit bec3ff8
- Update references to patch
  patches.suse/wifi-brcmfmac-slab-out-of-bounds-read-in-brcmf_get_a.patch
  (git-fixes bsc#1209287 CVE-2023-1380).
- commit 1374551
- Remove obsolete rpm spec constructs
  defattr does not need to be specified anymore
  buildroot does not need to be specified anymore
- commit c963185
- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate
  obsoletes correctly (boo#1172073 bsc#1191731).
  rpm only supports full length release, no provides
- commit c9b5bc4
- bnxt_en: Do not initialize PTP on older P3/P4 chips
  (jsc#SLE-18978).
- bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978).
- bnxt_en: Fix typo in PCI id to device description string mapping
  (jsc#SLE-18978).
- bnxt_en: Fix reporting of test result in ethtool selftest
  (jsc#SLE-18978).
- qed/qed_sriov: guard against NULL derefs from
  qed_iov_get_vf_info (jsc#SLE-19001).
- qed/qed_mng_tlv: correctly zero out ->min instead of ->hour
  (jsc#SLE-19001).
- qed/qed_dev: guard against a possible division by zero
  (jsc#SLE-19001).
- bnxt_en: Avoid order-5 memory allocation for TPA data
  (jsc#SLE-18978).
- bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978).
- qede: execute xdp_do_flush() before napi_complete_done()
  (jsc#SLE-19001).
- bnxt: Do not read past the end of test names (jsc#SLE-18978).
- qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001).
- cxgb4: fix missing unlock on ETHOFLD desc collect fail path
  (jsc#SLE-18992).
- bnxt: prevent skb UAF after handing over to PTP worker
  (jsc#SLE-18978).
- bnxt_en: fix NQ resource accounting during vf creation on
  57500 chips (jsc#SLE-18978).
- bnxt_en: set missing reload flag in devlink features
  (jsc#SLE-18978).
- commit aee4a77
- x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes).
- commit bb4fcce
- watchdog: dw_wdt: Fix the error handling path of
  dw_wdt_drv_probe() (git-fixes).
- commit 01087d8
- Update tags in
  patches.suse/ext4-fix-use-after-free-in-ext4_xattr_set_entry.patch
  (bsc#1206878 bsc#1211105 CVE-2023-2513).
- commit ce8b695
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- commit d6c8c20
- x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes).
- commit 91bdec8
- x86/microcode/AMD: Fix mixed steppings support (git-fixes).
- commit 4cd1b96
- x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes).
- commit 01bca28
- x86/crash: Disable virt in core NMI crash handler to avoid double  shootdown (git-fixes).
- commit aa4ba49
- x86/microcode: Adjust late loading result reporting message (git-fixes).
- commit fa7132b
- x86/microcode: Check CPU capabilities after late microcode update  correctly (git-fixes).
- commit a7e591b
- x86/microcode: Add a parameter to microcode_check() to store CPU  capabilities (git-fixes).
- commit 24950dd
- Update
  patches.suse/net-qcom-emac-Fix-use-after-free-bug-in-emac_remove-.patch
  (bsc#1211037 CVE-2023-2483).
- commit b748693
- Refresh
  patches.suse/powerpc-64-Always-build-with-128-bit-long-double.patch.
- commit 0cbc080
- PM: hibernate: Turn snapshot_test into global variable
  (git-fixes).
- Refresh
  patches.suse/0007-PM-hibernate-encrypt-hidden-area.patch.
- commit df2c292
- PM: hibernate: Do not get block device exclusively in
  test_resume mode (git-fixes).
- PM: hibernate: fix load_image_and_restore() error path
  (git-fixes).
- commit 5109b71
- pwm: meson: Fix g12a ao clk81 name (git-fixes).
- pwm: meson: Fix axg ao mux parents (git-fixes).
- soundwire: qcom: correct setting ignore bit on v1.5.1
  (git-fixes).
- phy: tegra: xusb: Add missing tegra_xusb_port_unregister for
  usb2_port and ulpi_port (git-fixes).
- dmaengine: at_xdmac: do not enable all cyclic channels
  (git-fixes).
- dmaengine: dw-edma: Fix to enable to issue dma request on DMA
  processing (git-fixes).
- dmaengine: dw-edma: Fix to change for continuous transfer
  (git-fixes).
- dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes).
- dmaengine: mv_xor_v2: Fix an error code (git-fixes).
- commit d0a5bb0
- blacklist.conf: cleanup designed to break kABI
- commit d13ef2b
- mt76: mt7915: fix incorrect testmode ipg on band 1 caused by
  wmm_idx (git-fixes).
- commit 06c84d1
- swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup
  (git-fixes).
- commit 2260701
- blacklist.conf: add nvme git-fixes
- commit e6d21df
- nvme: fix discard support without oncs (git-fixes).
- nvmet: fix workqueue MEM_RECLAIM flushing dependency
  (git-fixes).
- nvme: generalize the nvme_multi_css check in nvme_scan_ns
  (git-fixes).
- nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns
  (git-fixes).
- nvme: fix interpretation of DMRSL (git-fixes).
- nvmet: use a private workqueue instead of the system workqueue
  (git-fixes).
  Refresh:
  - patches.suse/nvmet-don-t-defer-passthrough-commands-with-trivial-.patch
  - patches.suse/nvmet-only-allocate-a-single-slab-for-bvecs.patch
- commit d34faf0
- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes).
- commit 4e894db
- mce: fix set_mce_nospec to always unmap the whole page (git-fixes).
- commit 5998565
- x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes).
  This is a preparation for the next patch
- commit bde7887
- blacklist.conf: Disable already integrated patch
  Despite not having it as a separate commit we already have
  x86_spec_ctrl_current declared via DECLARE_PER_CPU
- commit 3a23dac
- x86: drop bogus "/cc"/ clobber from __try_cmpxchg_user_asm() (git-fixes).
- commit 821679e
- blacklist.conf: Blacklist i386 speculation fix
  We don't care about 32 bit so might as well blacklist this commit
- commit 85cd434
- x86: Fix return value of __setup handlers (git-fixes).
- commit 4af5381
- x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes).
- commit 4ec04e5
- blacklist.conf: the commit might cause regression (bsc#1210947)
- commit 373f459
- x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes).
- commit b654685
- x86, sched: Fix undefined reference to init_freq_invariance_cppc()  build error (git-fixes).
- commit 2520bfd
- blacklist.conf: add one char git-fixes
- commit 442298b
- pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux
  configuration (git-fixes).
- pinctrl: qcom: lpass-lpi: set output value before enabling
  output (git-fixes).
- mfd: tqmx86: Correct board names for TQMxE39x (git-fixes).
- mfd: tqmx86: Do not access I2C_DETECT register through io_base
  (git-fixes).
- leds: tca6507: Fix error handling of using
  fwnode_property_read_string (git-fixes).
- leds: Fix reference to led_set_brightness() in doc (git-fixes).
- leds: TI_LMU_COMMON: select REGMAP instead of depending on it
  (git-fixes).
- commit d6008ec
- xfs: verify buffer contents when we skip log replay (bsc#1210498
  CVE-2023-2124).
- commit c6f30c5
- usb: mtu3: fix kernel panic at qmu transfer done irq handler
  (git-fixes).
- commit 7fcf832
- blacklist.conf: prerequisites break kABI
- commit 0cfe9b1
- struct ci_hdrc: hide new member at end (git-fixes).
- commit d06f402
- usb: chipidea: core: fix possible concurrent when switch role
  (git-fixes).
- commit d07905a
- rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE
  This new form was added in commit e89c2e815e76 ("/riscv: Handle
  zicsr/zifencei issues between clang and binutils"/).
- commit 234baea
- commit 84d7ba8
- commit d292a81
libcap
- Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create()
  (bsc#1211418 / CVE-2023-2602) CVE-2023-2602.patch
- Fixed integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup()
  (bsc#1211419 / CVE-2023-2603) CVE-2023-2603.patch
libjansson
- Update to 2.14 (boo#1201817):
  * New Features:
    + Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the
    corresponding `nocheck` functions.
    + Add jansson_version_str() and jansson_version_cmp() for runtime
    version checking
    + Add json_object_update_new(), json_object_update_existing_new()
    and json_object_update_missing_new() functions
    + Add json_object_update_recursive()
    + Add `json_pack()` format specifiers s*, o* and O* for values
    that can be omitted if null (#339).
    + Add `json_error_code()` to retrieve numeric error codes
    (#365, #380, #381).
    + Enable thread safety for `json_dump()` on all systems.
    Enable thread safe `json_decref()` and `json_incref()` for
    modern compilers (#389).
    + Add `json_sprintf()` and `json_vsprintf()` (#393).
  * Fixes:
    + Handle `sprintf` corner cases.
    + Add infinite loop check in json_deep_copy()
    + Enhance JANSSON_ATTRS macro to support earlier C standard(C89)
    + Update version detection for sphinx-build
    + Fix error message in `json_pack()` for NULL object (#409).
    + Avoid invalid memory read in `json_pack()` (#421).
    + Call va_end after va_copy in `json_vsprintf()` (#427).
    + Improve handling of formats with '?' and '*' in `json_pack()`
    (#438).
    + Remove inappropriate `jsonp_free()` which caused
    segmentation fault in error handling (#444).
    + Fix incorrect report of success from `json_dump_file()` when
    an error is returned by `fclose()` (#359).
    + Make json_equal() const-correct (#344).
    + Fix incomplete stealing of references by `json_pack()` (#374)
- Use GitHub as source URLs: Release hasn't been uploaded to digip.org.
- Add check section.
librelp
- update to librelp 1.11.0 (bsc#1210649)
  the previous version became incompatible with current rsyslog
  version 8.2106.0
- Important changes per version
  Version 1.11.0 - 2023-01-10
- code cleanup
- AIX: Changed ERRNO handling after connect in tcp.c
- AIX: Add handling for other ERRNO codes in tcp.c
- bugfix/TCP: relpTcpGetRtryDirection onyl needs to check direction if SSL is active.
- AIX: in relpTcpRcv we need to set RETRY_recv if errno is 0
- openssl: fix openssl exit code avoid double free of ctx
- librelp hardening: Fix multiple minor issues causing debugging trouble
- OpenSSL: fix depreacted API issues for OpenSSL 3.x
- bugfix: compatiblity problem with openssl 1.1
- bugfix: Forward return code from relpEngineSetTLSLib to relpEngineSetTLSLibName
- bugfix: make relpEngineSetTLSLib debug safe
- bugfix: warnings reported by coverity scan
- gnutls drvr bugfix: library called exit() under some circumstances
  Version 1.10.0 - 2021-02-16
- TLS handling bugfix
  Version 1.9.0 - 2020-11-24
- openssl bugfix: preprocessor check for tlsconfigcmd code
- solaris compatibility fix: add strndup compatibility code
  Version 1.8.0 - 2020-09-29
- gnutls "/bugfix"/: handle receives who break connection on close
- gnutls bugfix: per-session memory leak
- tls bugfix: RETRY not correctly handled in TLS Mode & CI improvement
- bugfix: librelp.h contains duplicate function definition
- removed some more externally visible symbols not being part of API
  Version 1.7.0 - 2020-08-25
- some internal cleanup (const attributes and such)
- bugfix: library did export non-API symbols
- openssl: Fix chained certificate files for older OpenSSL Version.
- fix FD leak when socket shutdown is one-sided
- TLS: Added call to destruct OpenSSL remains to relpEngineDestruct
- fix memory leak on session break
  Version 1.6.0 - 2020-04-21
- fix namespace pollution - some non-API functions were exported
- replsess: fix double free of sendbuf in some cases.
- improve support for libressl
- Modified GnuTLS priority according to standard crypto-policy guideline
- tcp: Missing pUsr Copy to relpTcp Pointer fixed in relpTcpAcceptConnReq
- report io errors for plain tcp connections
  Version 1.5.0 - 2020-01-14
- bugfix: too late termination of relp Engine on shutdown
- build system fix: invalid default in configure help text
- error message on invalid TLS library request added
  Version 1.4.0 - 2019-03-05
- build system: enable openssl by default, this means both TLS drivers
  are now build by default
- support that both GnuTLS and openssl TLS drivers are active together
- portability: use GCC __attribute__ only where supported
- bugfix: build problem when HAVE_STRERROR_R is undefined
- bugfix: openssl driver did not properly handle retries when sending
- bugfix: in openssl mode, cert name validation did not work properly
- bugfix: invalid handling of connection fail could lead to abort
- a couple of minor and cosmetic nitfixes, improvements and cleanup
  Version 1.3.0 - 2018-12-11
- improved error reporting
- bugfix openssl: anon mode did not work with openssl 1.1.0+
- bugfix: do not send multiple open commands
  Version 1.2.18 - 2018-09-18
- added non-standard "/certvalid"/ auth mode to TLS authentication
- bugfix CI: make distcheck did not work
  Version 1.2.17 - 2018-08-02
- added support for openssl
- improve code quality: replace strerror() by portable equivalent
- improve error message on connection failure
- bugfix: 100% CPU utilization due to busy loop
- bugfix: do not expose symbols that are not part of public API
- bugfix: potential segfault when listener could not be bound
  Version 1.2.16 - 2018-05-14
- API changes
  * add new API: relpSrvSetOversizeMode()
  * add new API: relpSrvSetLstnAddr()
- support additional hashes for fingerprint mode
- bugfix: potential memory leak
- bugfix: memory leak on protocol error
- fixed a couple of minor issues:
  * fix memory leak when relp frame construction fails
  * removed unnecessary code
  * fix memory leak
  * fix memory leak on relpSrvRun() error
  * fix memory leak on relp listener construction error
  * also resolved all other issues reported by Coverity scan
libsigc++2
- Add libsigc++2-remove-unnecessary-executable-flag-from-file.patch:
  cancel executable permission for file
  /usr/share/doc/packages/libsigc-2_0-0/NEWS(bsc#1209094,bsc#1209140).
libsolv
- handle learnt rules in solver_alternativeinfo()
- support x86_64_v[234] architecture levels
- implement decision sorting for package decisionlists
- add back findutils requires for the libsolv-tools packagse
  [bsc#1195633]
- bump version to 0.7.24
libzypp
- build: honor libproxy.pc's includedir (bsc#1212222)
- Curl: trim all custom headers (bsc#1212187)
  HTTP/2 RFC 9113 forbids fields ending with a space. So we make
  sure all custom headers are trimmed. This also includes headers
  returned by URL-Resolver plugins.
- version 17.31.14 (22)
- curl: Trim user agent string (bsc#1212187)
  HTTP/2 RFC 9113 forbids fields ending with a space. Violation
  results in curl error: 92: HTTP/2 PROTOCOL_ERROR.
- version 17.31.13 (22)
- Do not unconditionally release a medium if provideFile failed
  (bsc#1211661)
- libzypp.spec.cmake: remove duplicate file listing.
- version 17.31.12 (22)
- MediaCurl: Fix endless loop if wrong credentials are stored in
  credentials.cat (bsc#1210870)
  Since libzypp-17.31.7 wrong credentials stored in credentials.cat
  may lead to an endless loop. Rather than asking for the right
  credentials, the stored ones are used again and again.
- zypp.conf: Introduce 'download.connect_timeout' [60 sec.]
  (bsc#1208329)
  Maximum time in seconds that you allow the connection phase to
  the server to take. This only limits the connection phase, it has
  no impact once it has connected. (see also CURLOPT_CONNECTTIMEOUT)
- commit: Try to provide /dev fs if not present (fixes #444)
- fix build with boost 1.82.
- version 17.31.11 (22)
- fix build with boost 1.82
- BuildRequires: libsolv-devel >= 0.7.24 for x86_64_v[234]
  support.
- version 17.31.10 (22)
- Workround bsc#1195633 while libsolv <= 0.7.23 is used.
- Fix potential endless loop in new ZYPP_MEDIANETWORK.
- ZYPP_METALINK_DEBUG=1: Log URL and priority of the mirrors
  parsed from a metalink file.
- multicurl: propagate ssl settings stored in repo url
  (boo#1127591)
  Closes #335.
- Teach MediaNetwork to retry on HTTP2 errors.
- fix CapDetail to return Rel::NONE if an EXPRESSION is used as a
  NAMED cap.
- Capability: support parsing richdeps from string.
- defaultLoadSystem: default to LS_NOREFRESH if not root.
- Detect x86_64_v[234]: Fix LZCNT bit used in detection (fixes
  [#439])
  Merges rpm-software-management/rpm#2412: The bit for LZCNT is in
  CPUID 0x80000001, not 1.
- Detect x86_64_v[234] architecture levels (fixes #439)
- Support x86_64_v[234] architecture levels (for #439)
- version 17.31.9 (22)
openldap2
- bsc#1211795 - CVE-2023-2953 - Null pointer deref in ber_memalloc_x
  * 0244-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch
openssl-1_1
- Security Fix: [bsc#1207534, CVE-2022-4304]
  * Reworked the Fix for the Timing Oracle in RSA Decryption
    The previous fix for this timing side channel turned out to cause
    a severe 2-3x performance regression in the typical use case
    compared to 1.1.1s.
  * Add openssl-CVE-2022-4304.patch
  * Removed patches:
  - openssl-CVE-2022-4304-1of2.patch
  - openssl-CVE-2022-4304-2of2.patch
  * Refreshed patches:
  - openssl-CVE-2023-0464.patch
  - openssl-CVE-2023-0465.patch
- Update further expiring certificates that affect tests [bsc#1201627]
  * Add openssl-Update-further-expiring-certificates.patch
- Security Fix: [CVE-2023-2650, bsc#1211430]
  * Possible DoS translating ASN.1 object identifiers
  * Add openssl-CVE-2023-2650.patch
python-packaging
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Add patch to fix testsuite on big-endian targets
  + fix-big-endian-build.patch
- Ignore python3.6.2 since the test doesn't support it.
- update to 21.3:
  * Add a pp3-none-any tag (gh#pypa/packaging#311)
  * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion
    (gh#pypa/packaging#481), (gh#pypa/packaging#486)
  * Fix a spelling mistake (gh#pypa/packaging#479)
- update to 21.2:
  * Update documentation entry for 21.1.
  * Update pin to pyparsing to exclude 3.0.0.
  * PEP 656: musllinux support
  * Drop support for Python 2.7, Python 3.4 and Python 3.5.
  * Replace distutils usage with sysconfig
  * Add support for zip files in ``parse_sdist_filename``
  * Use cached ``_hash`` attribute to short-circuit tag equality comparisons
  * Specify the default value for the ``specifier`` argument to ``SpecifierSet``
  * Proper keyword-only "/warn"/ argument in packaging.tags
  * Correctly remove prerelease suffixes from ~= check
  * Fix type hints for ``Version.post`` and ``Version.dev``
  * Use typing alias ``UnparsedVersion``
  * Improve type inference for ``packaging.specifiers.filter()``
  * Tighten the return type of ``canonicalize_version()``
- Add Provides: for python*dist(packaging): work around boo#1186870
- skip tests failing because of no-legacyversion-warning.patch
- add no-legacyversion-warning.patch to restore compatibility with 20.4
- update to 20.9:
  * Run [isort](https://pypi.org/project/isort/) over the code base (:issue:`377`)
  * Add support for the ``macosx_10_*_universal2`` platform tags (:issue:`379`)
  * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()``
- update to 20.8:
  * Revert back to setuptools for compatibility purposes for some Linux distros (:issue:`363`)
  * Do not insert an underscore in wheel tags when the interpreter version number
    is more than 2 digits (:issue:`372`)
  * Fix flit configuration, to include LICENSE files (:issue:`357`)
  * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag (:issue:`361`)
  * Add some missing type hints to `packaging.requirements` (issue:`350`)
  * Officially support Python 3.9 (:issue:`343`)
  * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes (:issue:`321`)
  * Handle ``OSError`` on non-dynamic executables when attempting to resolve
    the glibc version string.
- update to 20.4:
  * Canonicalize version before comparing specifiers. (:issue:`282`)
  * Change type hint for ``canonicalize_name`` to return
  ``packaging.utils.NormalizedName``.
  This enables the use of static typing tools (like mypy) to detect mixing of
  normalized and un-normalized names.
python-ply

      
python3
- Add 99366-patch.dict-can-decorate-async.patch fixing
  gh#python/cpython#98086 (backport from Python 3.10 patch in
  gh#python/cpython!99366), fixing bsc#1211158.
- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
  CVE-2007-4559 (bsc#1203750) by adding the filter for
  tarfile.extractall (PEP 706).
- Use python3 modules to build the documentation.
runc
- Update to runc v1.1.7. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.7>.
- Update runc.keyring to upstream version.
- Update to runc v1.1.6. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.6>.
  * Fix the inability to use `/dev/null` when inside a container. bsc#1168481
    (a regression in 1.1.1). bsc#1207004
supportutils
- Changes to supportconfig version 3.1.11-46.3
  + Added missed sanitation check on crash.txt (bsc#1203818)
- Changes to supportconfig.rc version 3.1.11-30
  + Added check to _sanitize_file
  + Using variable for replement text in _sanitize_file
suseconnect-ng
- Update to version 1.1.0~git2.f42b4b2a060e:
  * Keep keepalive timer states when replacing SUSEConnect (bsc#1211588)
systemd
- Import commit 6441bb41141aaa8bfb63559917362748a3044c15
  165ca0d018 udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410)
- Update 1001-udev-use-lock-when-selecting-the-highest-priority-de.patch (bsc#1203141)
  Optimize when hundred workers claim the same symlink with the same priority.
- Update 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch
  Since commit 38f3e20883ff658935aae5c9 (v248), the symlinks /dev/cdrw and
  /dev/dvdrw could have no longer been created. Futhermore the rule added by
  this patch dealing with /dev/cdrom was redundant with the upstream one
- Import commit dad0071f15341be2b24c2c9d073e62617e0b4673 (merge of v249.16)
systemd-rpm-macros
- Bump version to 13
- Fix %sysctl_apply() and %binfmt_apply() so they are disabled when called from
  a chroot (bsc#1211272)
util-linux
- Add upstream patch fix-lib-internal-cache-size.patch
  bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9
util-linux-systemd
- Add upstream patch fix-lib-internal-cache-size.patch
  bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9
vim
- Updated to version 9.0 with patch level 1572, fixes the following security problems
  * Fixing bsc#1210996 (CVE-2023-2426) - VUL-0: CVE-2023-2426: vim: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
  * Fixing bsc#1211256 (CVE-2023-2609) - VUL-1: CVE-2023-2609: vim: NULL Pointer Dereference prior to 9.0.1531
  * Fixing bsc#1211257 (CVE-2023-2610) - VUL-1: CVE-2023-2610: vim: Integer Overflow or Wraparound prior to 9.0.1532
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1443...v9.0.1572
- Fixing bsc#1211144 - [Build 96.1] openQA test fails in zypper_migration - conflict between xxd and vim
  * Revert the creation standalone xxd packages
xen
- bsc#1209237 - xen-syms doesn't contain debug-info
  643e3810-CONFIG_DEBUG_INFO-no-EXPERT.patch
  6447a8fd-x86-EFI-permit-crash-dump-analysis.patch
- Update to Xen 4.16.4 bug fix release (bsc#1027519)
  xen-4.16.4-testing-src.tar.bz2
  * No upstream changelog found in sources or webpage
- Drop patches contained in new tarball
  63a03e28-x86-high-freq-TSC-overflow.patch
  63c05478-VMX-calculate-model-specific-LBRs-once.patch
  63c05478-VMX-support-CPUs-without-model-specific-LBR.patch
  63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch
  63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch
  63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch
  63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch
  63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch
  641041e8-VT-d-constrain-IGD-check.patch
  6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch
  64199e0c-x86-shadow-account-for-log-dirty-mode.patch
  64199e0d-x86-HVM-bound-number-of-pca-regions.patch
  64199e0e-x86-HVM-serialize-pca-list-manipulation.patch
  64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch
  libxl.fix-guest-kexec-skip-cpuid-policy.patch
- Upstream bug fixes (bsc#1027519)
  63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch
  63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch
  63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch
  63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch
  641041e8-VT-d-constrain-IGD-check.patch
  6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch
- Use "/proper"/ upstream backports:
  64199e0c-x86-shadow-account-for-log-dirty-mode.patch
  64199e0d-x86-HVM-bound-number-of-pca-regions.patch
  64199e0e-x86-HVM-serialize-pca-list-manipulation.patch
  64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch
- ... in place of:
  xsa427.patch
  xsa428-1.patch
  xsa428-2.patch
  xsa429.patch
- bsc#1209245 - fix host-assisted kexec/kdump for HVM domUs
  libxl.fix-guest-kexec-skip-cpuid-policy.patch
zlib
- Fix deflateBound() before deflateInit(), bsc#1210593
  bsc1210593.patch
zypper
- targetos: Add an error note if XPath:/product/register/target
  is not defined in /etc/products.d/baseproduct (bsc#1211261)
- targetos: Update help and man page (bsc#1211261)
- version 1.14.61
- Fix selecting installed patterns from picklist (bsc#1209406)
- man: better explanation of --priority (fixes #480)
- version 1.14.60