NetworkManager
- Add 0001-supplicant-interface-Match-more-ciphers-to-determine.patch:
  supplicant/interface: Match more ciphers todetermine AP security
  (glfo#NetworkManager/NetworkManager/commit/e0191320, bsc#1198381);
- Add 0001-rdisc-fix-parsing-ndp_msg_opt_dnssl_lifetime-from-IP.patch:
  rdisc: fix parsing ndp_msg_opt_dnssl_lifetime() from IPv6 RA
  (bsc#1195222).
- Add 0001-ndisc-don-t-artificially-extend-the-lifetime-of-DNSS.patch:
  ndisc: don't artificially extend the lifetime of DNSSL/RDNSS
  options (bsc#1195222).
- Add NetworkManager-RFC8106.patch: Backport upstream fixes to
  implement RFC 8106(glfo#NetworkManager/NetworkManager#874,
  bsc#1195173).
SUSEConnect
- Update to 0.3.34
- Manage the `System-Token` header. The `System-Token` header as delivered by
  SCC will be stored inside of the credentials file for later use on API calls.
  This way we add system clone detection for systems using this version of SUSE
  Connect.
- Update to 0.3.33
- Add --keepalive command to send pings to SCC.
- Add service/timer to periodically call --keepalive command to make system
  information in SCC and proxies more accurate. (bsc#1196076)
amazon-ssm-agent
- Fix mangled ExlusiveArch field
- Update to version 3.1.1260.0
  + Added missing check for invalid S3 path parameter
  + Added support for domain join using a non-local username
  + Fixed broken links in README.md
  + Fixed ECS Exec issue where agent was using environment variables for credentials
  + Updated Ec2Detector test to query smbios directly for system information
- from version 3.1.1208.0
  + Updated ec2detector module to use Get-CmiInstance instead of wmic.exe
  + Fixed file creation mode of ssm-agent-users sudoer file (bsc#1196556, CVE-2022-29527)
- from version 3.1.1188.0
  + Added new ec2detector module to determine if agent is on EC2
  + Added support for port forwarding to remote host
  + Added quotes around inventory parameter ValueName on Windows
  + Fix for domain join DNS IP assignments in shared directories
  + Replaced namedpipe updater test with ec2detector test
- from version 3.1.1141.0
  + Add application inventory by file for Bottlerocket
  + Fix infinite retry logic to send failed replies in MGSInteractor
  + Remove usage of io/fs package
- from version 3.1.1080.0
  + (windows only) Remove symlink scan during update
- from version 3.1.1045.0
  + Fixed sourceHash validation for aws:application document plugin
  + Added document parameter validation for values passed to target document of aws:runDocument plugin
  + (windows only) Fix process leak when legacy cloudwatch plugin is enabled
  + (windows only) Fail installation if C:ProgramDataAmazonSSM has symlinks
- from version 3.1.1004.0
  + Added platform detection for Bottlerocket OS
  + Consolidated regional endpoint generation to common endpoint module
- from version 3.1.941.0
  + Added support for Rocky linux
  + Fixed sharefile/shareprofile not being propagated to updateutil
  + Fixed incorrect darwin platform detection post BigSur
  + Fixed log flush issue in updater
  + Updated .NET dependencies for domainjoin and cloudwatch (windows only)
  + Updated go version to 1.17.6
- from version 3.1.821.0
  + Implement new core module named MessageService to start processing commands from both MGS and MDS
  * Merge functionalities from RunCommandService core module and Session core module.
  * Receive run command documents through MGS if connected and fallback to MDS otherwise.
    This functionality requires appropriate permissions for both endpoints and will be rolled
    out gradually to end users.
  * Provide filesystem based idempotency check to avoid duplicate run command document execution.
  * Increase default run command pool buffer size from 1 to 5 to load additional documents
    before-hand for processing.
  + Fix nil pointer deference panic produced in named pipe test case during agent update
  + Remove StopType concept in ssm-agent-worker and add different waits for reboot and shutdown stop
- from version 3.1.804.0
  + Add support for upstart when running get-diagnostic command using ssm-cli
  + Fix systemctl service name to support older versions of systemctl
  + Include changes to facilitate testing
  + Update DNS server selection logic for seamless domain join on linux and darwin
  + Update go version to go1.17.5
  + Update golang sys package dependency
- from version 3.1.715.0
  + Derive default directories from appconfig on Darwin
  + Set x-bit on newly-created directories
- from version 3.1.634.0
  + Fix for ssm-setup-cli to be able to select service manager without the agent being installed
- from version 3.1.630.0
  + Added greengrass component recipe for the new SystemsManagerAgent component
  + Added support for registering agent on a greengrass device
  + Added support for downloading more than 1000 objects in downloadContent
  + Fixed retry logic for onprem and s3 upload
  + Fixed unit tests when running on Mac
  + Update AWS SDK to v1.41.4
  + Update logic to retrieve platform details for Rocky Linux
- from version 3.1.501.0
  + Add diagnostics command to ssm-cli
  + Fix caching for onprem credentials
  + Additional configuration options for Seamless Domain Join
  + Gracefully exit session if group of runas user is modified
  + Skip retries for cert validation errors in S3 HEAD requests
  + Fix DNS failures on CentOS 8.2
  + Update several dependencies
- from version 3.1.459.0
  + Fixed a bug with powershell command for Inventory
- from version 3.1.426.0
  + Fixed cpu spike issue manifesting on snap
  + Fixed issue with version comparison in EC2Config update plugin
  + Fixed panic when command output was being truncated
  + Updated build to use go1.16.8
  + Removed Profile from inventory powershell commands on Windows
- from version 3.1.338.0
  + Fix to eliminate WaitGroup reuse panic triggered during agent reboot
  + Fix to include applications without UninstallString in Inventory for Windows
  + Fixed a bug where multi-plugin documents with large outputs would timeout RunCommand
  + Fixed a bug where RunCommand could delay executions for up to 15 minutes
- from version 3.1.282.0
  + Add serial port logging of AwsNitroEnclaves package version on windows during startup
  + Allow usage of existing loggroup/logstream when the user does not have create permission
  + Change service interrogate request log to debug
  + Cleanup old surveyor channel files on startup
  + Fix filehandle leak in windows leading to agent going offline
  + Fix to schedule correct next run time during orchestration directories cleanup
  + Fix to sequentially update correct runcount value in the document bookkeeping file
  + Fix a bug with version parsing EC2Config updater
  + Updated rpm packaging for fips compliance
- from version 3.1.192.0
  + Added darwin arm64 to makefile
  + Added logic to limit orchestration directory cleanup
  + Added packaging for public SSM Agent container image
  + Fixed cloudwatch endpoint for telemetry metrics requests
  + Fixed handling of Windows filepaths and mutex locks
  + Fixed agent worker handling of OS signals and termination channel requests
  + Updated datachannel retry strategy to not retry for a specific error scenario
  + Updated default gomaxproc value for Windows
  + Update build to use go1.16.6
- from version 3.1.127.0
  + Added a workaround for windows random halts
  + Fixed race condition during reboot document execution
- from version 3.1.90.0
  + Updated to version 3.1
  + Updated build to build statically linked binaries for linux 64bit
  * Minimum supported linux kernel version for linux 64bit is 3.2+
  + Fixed permissions for docker config file
  + Fixed issue with ubuntu prerm and postinst scripts
  + Fixed issue where processor stop was being called twice
- from version 3.0.1390.0
  + Added config option to delete orchestration folder
  + Added snapcraft packaging config
  + Added workaround for aws:runDocument status bug
  + Added improved handling of file closure
  + Added support for go mod and updated build to use go 1.16.4
  + Fixed bug parsing vpce s3 urls
  + Refactored use of agent identity in agent cli
  + Updated check if agent is running as windows service
  + Updated handling of session cancellation to still send output to client side
  + Updated interactive session exit code logic to match non-interactive mode
  + Updated vendor dependencies
- Update directory path for GOPATH
- Update to version 3.0.1295.0
  + Added configurable custom identity and identity consumption order
  + Added cross-account domain join
  + Added cleanup for older versions of updater artifacts
  + Added a workaround for MacOS kernel bug that sometimes kept RunCommand from launching
  + Added a workaround for log file contention on Windows
  + Added synchronization to RunCommand service stop
  + Changed hibernation log level
  + MacOS executables are now signed
  + Removed delay in non-interactive session type
apache2
- added patches:
  fix CVE-2022-26377 [bsc#1200338], possible request smuggling in mod_proxy_ajp
  + apache2-CVE-2022-26377.patch
  fix CVE-2022-28614 [bsc#1200340], read beyond bounds via ap_rwrite()
  + apache2-CVE-2022-28614.patch
  fix CVE-2022-28615 [bsc#1200341], read beyond bounds in ap_strcmp_match()
  + apache2-CVE-2022-28615.patch
  fix CVE-2022-29404 [bsc#1200345], denial of service in mod_lua r:parsebody
  + apache2-CVE-2022-29404.patch
  fix CVE-2022-30556 [bsc#1200350], information disclosure in mod_lua with websockets
  + apache2-CVE-2022-30556.patch
  fix CVE-2022-30522 [bsc#1200352], mod_sed denial of service
  + apache2-CVE-2022-30522.patch
  fix CVE-2022-31813 [bsc#1200348], mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism
  + apache2-CVE-2022-31813.patch
- security update
- mod_php8 provides php_module [bsc#1195130]
- modified sources
  % apache2-script-helpers
augeas
- add augeas-sysctl_parsing.patch (bsc#1197443)
  * backport original patch and rebase
autofs
- autofs-5.1.6-fix-quoted-string-length-calc-in-expand.patch
  Fix problem with quote handling
  (bsc#1181715)
- 0005-autofs-5.1.4-fix-incorrect-locking-in-sss-lookup.patch
  Fix locking problem that causes deadlock when sss used.
  (bsc#1196485)
- 0004-autofs-5.1.3-add-port-parameter-to-rpc_ping.patch
  Suppress portmap calls when port explicitly given
  (bsc#1195697)
autoyast2
- Fix detection disk serial and size in the "/disks"/ ERB helper
  (bsc#1199000).
- Fix rules validation when using a dialog (bsc#1199165).
- 4.3.102
- Respect general/signature-handling settings during the 2nd
  stage (bsc#1197655).
- 4.3.101
binutils
- For building shim 15.6~rc1 (and later versions) aarch64 image, objcopy
  needs to support efi-app-aarch64 target. (bsc#1198458)
  Adds binutils-add-efi-aarch64-1.diff,
  binutils-add-efi-aarch64-2.diff, binutils-add-efi-aarch64-3.diff .
- Add binutils-fix-keepdebug.diff for fix bsc#1191908, a problem
  in crash not accepting some of our .ko.debug files.
- Add binutils-revert-rela.diff to revert back to old behaviour
  of not ignoring the in-section content of to be relocated
  fields on x86-64, even though that's a RELA architecture.
  Compatibility with buggy object files generated by old tools.
  [bsc#1198422]
- Add binutils-add-z16-name.diff so that the now official name
  z16 for arch14 is recognized.  [bsc#1198237]
c3p0
- update to version c3p0 0.9.5.5 and
  mchange-commons-java 0.2.19
  * Address CVE-2018-20433
  * Address CVE-2019-5427 - XML-config parsing related attacks
    (bsc#1133198)
  * Properly implement the JDBC 4.1 abort method
  Removed:
  * fix-CVE-2018-20433.patch included upstream
cifs-utils
- CVE-2022-27239: mount.cifs: fix length check for ip option
  parsing; (bsc#1197216) (bso#15025); CVE-2022-27239.
  * add 0016-CVE-2022-27239-mount.cifs-fix-length-check-for-ip-op.patch
cloud-regionsrv-client
- Update to version 10.0.3 (bsc#1198389)
  - Descend into the extension tree even if top level module is recommended
  - Cache license state for AHB support to detect type switch
  - Properly clean suse.com credentials when switching from SCC to update
    infrastructure
  - New log message to indicate base product registration success
containerd
- Update to containerd v1.6.6 to fix CVE-2022-31030 and meet the requirements
  of Docker v20.10.17-ce. bsc#1200145
- Remove upstreamed patches:
  - bsc1200145-Limit-the-response-size-of-ExecSync.patch
[ This patch was only released in SLES and Leap. ]
- Backport patch to fix GHSA-5ffw-gxpp-mxpf CVE-2022-31030. bsc#1200145
  + bsc1200145-Limit-the-response-size-of-ExecSync.patch
- Update to containerd v1.5.12. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.5.12>
- Update to containerd v1.5.11 to fix CVE-2022-24769. bsc#1197517
- Update to containerd v1.4.13 to fix CVE-2022-23648. bsc#1196441
- Remove upstreamed patch:
  - CVE-2022-23648.patch
[ This patch was only released in SLES and Leap. ]
cups
- cups-2.2.7-CVE-2022-26691.patch fixes CVE-2022-26691
  cups: authentication bypass and code execution (bsc#1199474)
- SUSE_bsc_1189517.patch is
  https://github.com/apple/cups/commit/821b3cc956d46b811facd50986acc9f24f0e1c79
  which belongs to https://github.com/apple/cups/issues/5288
  that fixes bsc#1189517
  "/cups printservice takes much longer than before
  with a big number of printers"/
  see in particular
  https://github.com/apple/cups/issues/5288#issuecomment-921626381
- SUSE_bsc_1195115.patch is
  https://github.com/apple/cups/commit/ba9d68cc7467a7a47ef219071902b9e9eb6dbc44
  which belongs to https://github.com/apple/cups/issues/5538
  that fixes bsc#1195115
  "/CUPS PreserveJobHistory doesn't work with seconds"/
curl
- Security fix: [bsc#1200735, CVE-2022-32206]
  * HTTP compression denial of service
  * Add curl-CVE-2022-32206.patch
- Security fix: [bsc#1200737, CVE-2022-32208]
  * FTP-KRB bad message verification
  * Add curl-CVE-2022-32208.patch
- Securiy fix: [bsc#1199223, CVE-2022-27781]
  * CERTINFO never-ending busy-loop
  * Add curl-CVE-2022-27781.patch
- Securiy fix: [bsc#1199224, CVE-2022-27782]
  * TLS and SSH connection too eager reuse
  * Add curl-CVE-2022-27782.patch
- Security fix: [bsc#1198766, CVE-2022-27776]
  * Auth/cookie leak on redirect
  * Add backported curl-CVE-2022-27776.patch
- Security fix: [bsc#1198723, CVE-2022-27775]
  * Bad local IPv6 connection reuse
  * Add backported curl-CVE-2022-27775.patch
- Security fix: [bsc#1198614, CVE-2022-22576]
  * OAUTH2 bearer bypass in connection re-use
  * Add backported curl-CVE-2022-22576.patch
dhcp
- bsc#1198657: properly handle DHCRELAY(6)_OPTIONS.
docker
- Update to Docker 20.10.17-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/#201017>. bsc#1200145
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
  * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
- Add patch to update golang.org/x/crypto for CVE-2021-43565 and CVE-2022-27191.
  bsc#1193930 bsc#1197284
  * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
- Update to Docker 20.10.14-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/#201014>. bsc#1197517
  CVE-2022-24769
dracut
- Update to version 049.1+suse.234.g902e489c:
  * fix(dracut-install): copy files preserving ownership attributes (bsc#1197967)
- Update to version 049.1+suse.232.g2ccee559:
  * fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508)
  * fix(dracut-functions.sh): ip route parsing (bsc#1195011)
e2fsprogs
- libext2fs-add-sanity-check-to-extent-manipulation.patch: libext2fs: add
  sanity check to extent manipulation (bsc#1198446 CVE-2022-1304)
- libss-add-newer-libreadline.so.7-to-dlopen-path.patch: libss: Add support
  for libreadline.so.7 for Leap 15.3 (bsc#1196939)
fence-agents
- fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.8.1 broken in
  GCP due to missing "/--zone"/ parameter (bsc#1198872)
  - Apply proposed patch
    0001-fence_gce-Make-zone-optional-for-get_nodes_list-487.patch
- fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.8.1 broken in GCP due to missing "/--zone"/ parameter
  (bsc#1198872)
firewalld
- Fix regression introduced in previous patch (an api change to a
  function also needed backporting) (bsc#1198814)
  * feature-upstream-new-check-config-1.patch
  * feature-upstream-new-check-config-2.patch
- Provide dummy firewalld-prometheus-config package (bsc#1197042)
gcc11
- Update to the GCC 11.3.0 release.
  * includes SLS hardening backport on x86_64.  [bsc#1195283]
- Update to gcc-11 branch head (691af15031e00227ba6d5935c), git1635
  * includes gcc11-pr104931.patch
  * includes fix for Firefox ICE  [gcc#105256]
- Add provides/conflicts to glibc crosses since only one GCC version
  for the same target can be installed at the same time.
- Add provides/conflicts to libgccjit.
- Update to gcc-11 branch head (6a1150d1524aeda3381b21717), git1406
  * includes change to adjust gnats idea of the target, fixing
    the build of gprbuild.  [bsc#1196861]
- Add gcc11-pr104931.patch to fix miscompile of embedded premake
  in 0ad on i586.  [bsc#1197065]
- drop armv5tel, merge arm and armv6hl
- use --with-cpu rather than specifying --with-arch/--with-tune
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
  packages provided by older GCC work.  Add a requires from that
  package to the corresponding libstc++6 package to keep those
  at the same version.  [bsc#1196107]
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
  to Recoomends.
- Remove sys/rseq.h from include-fixed
- Update to gcc-11 branch head (d4a1d3c4b377f1d4acb), git1173
  * Fix D memory corruption in -M output.
  * Fix ICE in is_this_parameter with coroutines.  [boo#1193659]
- Enable the cross compilers also on i586
- Enable some cross compilers also in rings
- Remove cross compilers for i386 target
- Update to gcc-11 branch head (7510c23c1ec53aa4a62705f03), git1018
  * fixes issue with debug dumping together with -o /dev/null
  * fixes libgccjit issue showing up in emacs build  [boo#1192951]
- Package mwaitintrin.h
- Remove spurious exit from change_spec.
- Enable the full cross compiler, cross-aarch64-gcc11 and
  cross-riscv64-gcc11 now provide a fully hosted C (and C++)
  cross compiler, not just a freestanding one.  I.e. with a cross
  glibc.  They don't yet support the sanitizer libraries.
  Part of [jsc#OBS-124].
gcc8
- Add gcc7-sanitizer-cyclades.patch, gcc8-pr100144.patch and
  gcc8-pr92154.patch to fix build against SP4.  [bsc#1197716]
- Remove bogus fixed include bits/statx.h from glibc 2.30.
  [gcc#91085, bsc#1197716]
giflib
- prep section should just extract and patch,
  further modifications have to be done in the build section
- Added patch:
  * PIE.patch
    + build path independent objects and inherit CFLAGS from the
    build system (bsc#1184123)
- Update to version 5.2.1
  * In gifbuild.c, avoid a core dump on no color map.
  * Restore inadvertently removed library version numbers in Makefile.
- Changes in version 5.2.0
  * The undocumented and deprecated GifQuantizeBuffer() entry point
    has been moved to the util library to reduce libgif size and attack
    surface. Applications needing this function are couraged to link the
    util library or make their own copy.
  * The following obsolete utility programs are no longer installed:
    gifecho, giffilter, gifinto, gifsponge. These were either installed in
    error or have been obsolesced by modern image-transformmation tools
    like ImageMagick convert. They may be removed entirely in a future
    release.
  * Address SourceForge issue #136: Stack-buffer-overflow in gifcolor.c:84
  * Address SF bug #134: Giflib fails to slurp significant number of gifs
  * Apply SPDX convention for license tagging.
- Changes in version 5.1.9
  * The documentation directory now includes an HTMlified version of the
    GIF89 standard, and a more detailed description of how LZW compression
    is applied to GIFs.
  * Address SF bug #129: The latest version of giflib cannot be build on windows.
  * Address SF bug #126: Cannot compile giflib using c89
- Changes in version 5.1.8
  * Address SF bug #119: MemorySanitizer: FPE on unknown address (CVE-2019-15133 bsc#1146299)
  * Address SF bug #125: 5.1.7: xmlto is still required for tarball
  * Address SF bug #124: 5.1.7: ar invocation is not crosscompile compatible
  * Address SF bug #122: 5.1.7 installs manpages to wrong directory
  * Address SF bug #121: make: getversion: Command not found
  * Address SF bug #120: 5.1.7 does not build a proper library - no
- Changes in version 5.1.7
  * Correct a minor packaging error (superfluous symlinks) in the 5.1.6 tarballs.
- Changes in version 5.1.6
  * Fix library installation in the Makefile.
- Changes in version 5.1.5
  * Fix SF bug #114: Null dereferences in main() of gifclrmp
  * Fix SF bug #113: Heap Buffer Overflow-2 in function DGifDecompressLine()
    in cgif.c.  This had been assigned (CVE-2018-11490 bsc#1094832).
  * Fix SF bug #111: segmentation fault in PrintCodeBlock
  * Fix SF bug #109: Segmentation fault of giftool reading a crafted file
  * Fix SF bug #107: Floating point exception in giftext utility
  * Fix SF bug #105: heap buffer overflow in DumpScreen2RGB in gif2rgb.c:317
  * Fix SF bug #104: Ineffective bounds check in DGifSlurp
  * Fix SF bug #103: GIFLIB 5.1.4: DGifSlurp fails on empty comment
  * Fix SF bug #87: Heap buffer overflow in 5.1.2 (gif2rgb). (CVE-2016-3977 bsc#974847)
  * The horrible old autoconf build system has been removed with extreme prejudice.
    You now build this simply by running "/make"/ from the top-level directory.
- Run spec-cleaner
- Drop patches fixed upstream:
  * giflib-visibility.patch
  * giflib-automake-1_13.patch
  * giflib-CVE-2016-3977.patch
  * fix-autoconf11.patch
- Change build system to Make only (upstream not using autoconf)
- Remove unused build requires on X libraries
- Use %license
glib2
- Add glib2-CVE-2021-28153.patch: fix CREATE_REPLACE_DESTINATION
  with symlinks (boo#1183533 glgo#GNOME/glib#2325 CVE-2021-28153).
glibc
- static-tls-surplus.patch: rtld: Avoid using up static TLS surplus for
  optimizations (bsc#1200855, BZ #25051)
- strncpy-power9-vsx.patch: powerpc: Fix VSX register number on
  __strncpy_power9 (bsc#1200334, BZ #29197)
- selinux-deprecated.patch: Disable warnings due to deprecated libselinux
  symbols used by nss and nscd (bsc#1197718)
- systemtap-altmacro.patch: i386: Remove broken CAN_USE_REGISTER_ASM_EBP
  (bsc#1197718, BZ #28771)
- Add s390-add-z16-name.diff for bsc#1198751.
google-gson
- Build with Java >= 9 in order to produce a modular jar by
  compiling the module-info.java sources with all other classes
  built with release 8 and still compatible with Java 8
- Removed patch:
  * allow-build-with-java8.patch
    + not needed in this setting
- Upgrade to version 2.8.9 (jsc#SLE-24261)
  * fixes bsc#1199064, CVE-2022-25647
- Removed patch:
  * sun-misc.patch
    + integrated upstream
- Build with source and target levels 8
- Upgrade to version 2.8.8
- Removed patch:
  * fix-test.patch
    + integrated upstream
- Modified patches:
  * no-template-plugin.patch
  * osgi-export-internal.patch
    + rediff to changed context
- Added patches:
  * allow-build-with-java8.patch
    + lower the unnecessary requirement of Java 9
  * sun-misc.patch
    + make import of sun.misc optional since not all versions of
    jdk export it
grep
- Make profiling deterministic (bsc#1040589, SLE-24115)
grub2
- Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)
  * 0001-video-Remove-trailing-whitespaces.patch
  * 0002-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch
  * 0003-video-readers-jpeg-Catch-files-with-unsupported-quan.patch
  * 0004-video-readers-jpeg-Catch-OOB-reads-writes-in-grub_jp.patch
  * 0005-video-readers-jpeg-Don-t-decode-data-before-start-of.patch
  * 0006-misc-Format-string-for-grub_error-should-be-a-litera.patch
  * 0007-loader-efi-chainloader-Simplify-the-loader-state.patch
  * 0008-commands-boot-Add-API-to-pass-context-to-loader.patch
- Fix CVE-2022-28736 (bsc#1198496)
  * 0009-loader-efi-chainloader-Use-grub_loader_set_ex.patch
- Fix CVE-2022-28735 (bsc#1198495)
  * 0010-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch
  * 0011-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch
  * 0012-video-readers-png-Abort-sooner-if-a-read-operation-f.patch
  * 0013-video-readers-png-Refuse-to-handle-multiple-image-he.patch
- Fix CVE-2021-3695 (bsc#1191184)
  * 0014-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
- Fix CVE-2021-3696 (bsc#1191185)
  * 0015-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch
  * 0016-video-readers-png-Sanity-check-some-huffman-codes.patch
  * 0017-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
  * 0018-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch
  * 0019-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
- Fix CVE-2021-3697 (bsc#1191186)
  * 0020-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch
  * 0021-normal-charset-Fix-array-out-of-bounds-formatting-un.patch
- Fix CVE-2022-28733 (bsc#1198460)
  * 0022-net-ip-Do-IP-fragment-maths-safely.patch
  * 0023-net-netbuff-Block-overly-large-netbuff-allocs.patch
  * 0024-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch
  * 0025-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch
  * 0026-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch
  * 0027-net-tftp-Avoid-a-trivial-UAF.patch
  * 0028-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch
- Fix CVE-2022-28734 (bsc#1198493)
  * 0029-net-http-Fix-OOB-write-for-split-http-headers.patch
- Fix CVE-2022-28734 (bsc#1198493)
  * 0030-net-http-Error-out-on-headers-with-LF-without-CR.patch
  * 0031-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch
  * 0032-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch
  * 0033-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch
  * 0034-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch
  * 0035-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch
  * 0036-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch
  * 0037-Use-grub_loader_set_ex-for-secureboot-chainloader.patch
- Update SBAT security contact (boo#1193282)
- Bump grub's SBAT generation to 2
- Use boot disks in OpenFirmware, fixing regression caused by
  0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch, when
  the root LV is completely in the boot LUN (bsc#1197948)
  * 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch
gzip
- Add support to zstd in zgrep, fixes bsc#1198922
  * xz_lzma.patch -> xz_lzma_zstd.patch
- Fix escaping of malicious filenames (CVE-2022-1271 bsc#1198062)
  * bsc1198062.patch
  * bsc1198062-2.patch
hwdata
- Update to version 0.358 (bsc#1196332):
  + Updated pci, usb and vendor ids.
java-11-openjdk
- Update to upstream tag jdk-11.0.15+10 (April 2022 CPU)
  * Security fixes:
    + JDK-8284920: Incorrect Token type causes XPath expression to
    return empty result
    + JDK-8284548: Invalid XPath expression causes
    StringIndexOutOfBoundsException
    + JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo
    + JDK-8282397: createTempFile method of java.io.File is failing
    when called with suffix of spaces character
    + JDK-8278356: Improve file creation
    + JDK-8270504, bsc#1198672, CVE-2022-21426: Better Xpath
    expression handling
    + JDK-8272594: Better record of recordings
    + JDK-8277672, bsc#1198674, CVE-2022-21434: Better invocation
    handler handling
    + JDK-8282300: Throws NamingException instead of
    InvalidNameException after JDK-8278972
    + JDK-8278972, bsc#1198673, CVE-2022-21496: Improve URL supports
    + JDK-8272261: Improve JFR recording file processing
    + JDK-8269938: Enhance XML processing passes redux
    + JDK-8272255: Completely handle MIDI files
    + JDK-8278805: Enhance BMP image loading
    + JDK-8278449: Improve keychain support
    + JDK-8277227: Better identification of OIDs
    + JDK-8275151, bsc#1198675, CVE-2022-21443: Improved Object
    Identification
    + JDK-8274221: More definite BER encodings
    + JDK-8278798: Improve supported intrinsic
  * Other changes:
    + JDK-8283778: 11u GHA: Fix GCC 9 ubuntu package names
    + JDK-8283018: 11u GHA: Update GCC 9 minor versions
    + JDK-8275082, bsc#1198671, CVE-2022-21476: Update XML Security
    for Java to 2.3.0
    + JDK-8282761: XPathFactoryImpl remove setProperty and
    getProperty methods
    + JDK-8283270: [11u] broken JRT_ENTRY_NO_ASYNC after Backport
    of JDK-8253795
    + JDK-8275703: System.loadLibrary fails on Big Sur for
    libraries hidden from filesystem
    + JDK-8277795: ldap connection timeout not honoured under
    contention
    + JDK-8276141: XPathFactory set/getProperty method
    + JDK-8255410: Add ChaCha20 and Poly1305 support to SunPKCS11
    provider
    + JDK-8211333: AArch64: Fix another build failure after
    JDK-8211029
    + JDK-8279669: test/jdk/com/sun/jdi/TestScaffold.java uses
    wrong condition
    + JDK-8261107: ArrayIndexOutOfBoundsException in the
    ICC_Profile.getInstance(InputStream)
    + JDK-8282372: [11] build issue on MacOS/aarch64 12.2.1 using
    Xcode 13.1: call to 'log2_intptr' is ambiguous
    + JDK-8214004: Missing space between compiler thread name and
    task info in hs_err
    + JDK-8250750: JDK-8247515 fix for OSX pc_to_symbol() lookup
    fails with some symbols
    + JDK-8277488: Add expiry exception for Digicert
    (geotrustglobalca) expiring in May 2022
    + JDK-8247515: OSX pc_to_symbol() lookup does not work with
    core files
    + JDK-8254085: javax/swing/text/Caret/
    /TestCaretPositionJTextPane.java failed with
    "/RuntimeException: Wrong caret position"/
    + JDK-8247272: SA ELF file support has never worked for 64-bit
    causing address to symbol name mapping to fail
    + JDK-8233986: ProblemList javax/swing/plaf/basic/BasicTextUI/
    /8001470/bug8001470.java for windows-x64
    + JDK-8274524: SSLSocket.close() hangs if it is called during
    the ssl handshake
    + JDK-8255239: The timezone of the hs_err_pid log file is
    corrupted in Japanese locale
    + JDK-8272541: Incorrect overflow test in Toom-Cook branch of
    BigInteger multiplication
    + JDK-8254072: AArch64: Get rid of --disable-warnings-as-errors
    on Windows+ARM64 build
    + JDK-8262894: [macos_aarch64] SIGBUS in Assembler::ld_st2
    + JDK-8266889: [macosx-aarch64] Crash with SIGBUS in
    MarkActivationClosure::do_code_blob during
    vmTestbase/nsk/jvmti/.../bi04t002 test run
    + JDK-8241004: NMT tests fail on unaligned thread size with
    debug build
    + JDK-8253795: Implementation of JEP 391: macOS/AArch64 Port
    + JDK-8280414: Memory leak in DefaultProxySelector
    + JDK-8280526: x86_32 Math.sqrt performance regression with
  - XX:UseSSE={0,1}
    + JDK-8279076: C2: Bad AD file when matching SqrtF with UseSSE=0
    + JDK-8281520: JFR: A wrong parameter is passed to the
    constructor of LeakKlassWriter
    + JDK-8281599: test/lib/jdk/test/lib/KnownOIDs.java is
    redundant since JDK-8268801
    + JDK-8190748: java/text/Format/DateFormat/DateFormatTest.java
    and NonGregorianFormatTest fail intermittently
    + JDK-8281061: [s390] JFR runs into assertions while validating
    interpreter frames
    + JDK-8280155: [PPC64, s390] frame size checks are not yet
    correct
    + JDK-8279924: [PPC64, s390] implement
    frame::is_interpreted_frame_valid checks
    + JDK-8261205: AssertionError: Cannot add metadata to an
    intersection type
    + JDK-8277992: Add fast jdk_svc subtests to jdk:tier3
    + JDK-8216969: ParseException thrown for certain months with
    russian locale
    + JDK-8278381: [GCC 11] Address::make_raw() does not initialize
    rspec
    + JDK-8264650: Cross-compilation to macos/aarch64
    + JDK-8256321: Some "/inactive"/ color profiles use the wrong
    profile class
    + JDK-8280999: array_bounds should be array-bounds after 8278507
    + JDK-8177814: jdk/editpad is not in jdk TEST.groups
    + JDK-8279702: [macosx] ignore xcodebuild warnings on M1
    + JDK-8280786: Build failure on Solaris after 8262392
    + JDK-8218546: Unable to connect to https://google.com using
    java.net.HttpClient
    + JDK-8278758: runtime/BootstrapMethod/BSMCalledTwice.java
    fails with release VMs after JDK-8262134
    + JDK-8279833: Loop optimization issue in
    String.encodeUTF8_UTF16
    + JDK-8273277: C2: Move conditional negation into rc_predicate
    + JDK-8253197: vmTestbase/nsk/jvmti/StopThread/stopthrd007/
    /TestDescription.java fails with "/ERROR:
    DebuggeeSleepingThread: ThreadDeath lost"/
    + JDK-8236210: javac generates wrong annotation for fields
    generated from record components
    + JDK-8236505: Mark jdk/editpad/EditPadTest.java as @headful
    + JDK-8270874: JFrame paint artifacts when dragged from
    standard monitor to HiDPI monitor
    + JDK-8271202: C1: assert(false) failed: live_in set of first
    block must be empty
    + JDK-8277447: Hotspot C1 compiler crashes on Kotlin suspend
    fun with loop
    + JDK-8275610: C2: Object field load floats above its null
    check resulting in a segfault
    + JDK-8266421: Deadlock in Sound System
    + JDK-8274795: AArch64: avoid spilling and restoring r18 in
    macro assembler
    + JDK-8232533: G1 uses only a single thread for pretouching the
    java heap
    + JDK-8273933: [TESTBUG] Test must run without preallocated
    exceptions
    + JDK-8268542: serviceability/logging/TestFullNames.java tests
    only 1st test case
    + JDK-8251998: remove usage of PropertyResolvingWrapper in
    vmTestbase/jit/t
    + JDK-8273438: Enable parallelism in
    vmTestbase/metaspace/stressHierarchy tests
    + JDK-8273433: Enable parallelism in vmTestbase_nsk_sysdict
    tests
    + JDK-8273341: Update Siphash to version 1.0
    + JDK-8278871: [JVMCI] assert((uint)reason < 2*
    _trap_hist_limit) failed: oob
    + JDK-8275326: C2: assert(no_dead_loop) failed: dead loop
    detected
    + JDK-8251127: clean up FileInstaller $test.src $cwd in
    remaining vmTestbase_vm_compiler tests
    + JDK-8252005: narrow disabling of allowSmartActionArgs in
    vmTestbase
    + JDK-8279998: PPC64 debug builds fail with "/untested:
    RangeCheckStub: predicate_failed_trap_id"/
    + JDK-8193277: SimpleFileObject inconsistency between getName
    and getShortName
    + JDK-8225559: assertion error at TransTypes.visitApply
    + JDK-8220634: SymLinkArchiveTest should handle not being able
    to create symlinks
    + JDK-8214026: Canonicalized archive paths appearing in
    diagnostics
    + JDK-8251126: nsk.share.GoldChecker should read golden file
    from ${test.src}
    + JDK-8237798: rewrite vmTestbase/jit/tiered from shell to java
    + JDK-8262134: compiler/uncommontrap/TestDeoptOOM.java failed
    with "/guarantee(false) failed: wrong number of expression
    stack elements during deopt"/
    + JDK-8210194: [TESTBUG] jvmti_FollowRefObjects.cpp missing
    initializer for member
    _jvmtiHeapCallbacks::heap_reference_callback
    + JDK-8277441: CompileQueue::add fails with
    assert(_last->next() == __null) failed: not last
    + JDK-8273704: DrawStringWithInfiniteXform.java failed :
    drawString with InfiniteXform transform takes long time
    + JDK-8277328: jdk/jshell/CommandCompletionTest.java failures
    on Windows
    + JDK-8251132: make main classes public in vmTestbase/jit tests
    + JDK-8274465: Fix javax/swing/text/ParagraphView/6364882/
    /bug6364882.java failures
    + JDK-8273634: [TEST_BUG] Improve javax/swing/text/
    /ParagraphView/6364882/bug6364882.java
    + JDK-8249019: clean up FileInstaller $test.src $cwd in
    vmTestbase_vm_compiler tests
    + JDK-8274338: com/sun/jdi/RedefineCrossEvent.java failed
    "/assert(m != __null) failed: NULL mirror"/
    + JDK-8279300: [arm32] SIGILL when running
    GetObjectSizeIntrinsicsTest
    + JDK-8273682: Upgrade Jline to 3.20.0
    + JDK-8256154: Some TestNG tests require default constructors
    + JDK-8237787: rewrite vmTestbase/vm/compiler/CodeCacheInfo*
    from shell to java
    + JDK-8223142: Clean-up WS and CB.
    + JDK-8278384: Bytecodes::result_type() for arraylength returns
    T_VOID instead of T_INT
    + JDK-8278172: java/nio/channels/FileChannel/
    /BlockDeviceSize.java should only run on Linux
    + JDK-8279077: JFR crashes on Linux ppc due to missing crash
    protector in signal handler
    + JDK-8279225: [arm32] C1 longs comparison operation destroys
    argument registers
    + JDK-8276623: JDK-8275650 accidentally pushed "/out"/ file
    + JDK-8279379: GHA: Print tests that are in error
    + JDK-8275536: Add test to check that File::lastModified
    returns same time stamp as Files.getLastModifiedTime
    + JDK-8274658: ISO 4217 Amendment 170 Update
    + JDK-8239502: [TEST_BUG] Test javax/swing/text/FlowView/
    /6318524/bug6318524.java never fails
    + JDK-8277342: vmTestbase/nsk/stress/strace/strace004.java
    fails with SIGSEGV in InstanceKlass::jni_id_for
    + JDK-8275650: Problemlist java/io/File/createTempFile/
    /SpecialTempFile.java for Windows 11
    + JDK-8268014: Build failure on SUSE Linux Enterprise Server
    11.4 (s390x) due to 'SYS_get_mempolicy' was not declared
    + JDK-8241423: NUMA APIs fail to work in dockers due to
    dependent syscalls are disabled by default
    + JDK-8065704: Set LC_ALL=C for all relevant commands in the
    build system
    + JDK-8254827: JVMCI: Enable it for Windows+AArch64
    + JDK-8276314: [JVMCI] check alignment of call displacement
    during code installation
    + JDK-8265150: AsyncGetCallTrace crashes on ResourceMark
    + JDK-8276177: nsk/jvmti/RedefineClasses/
    /StressRedefineWithoutBytecodeCorruption failed with
    "/assert(def_ik->is_being_redefined()) failed: should be
    being redefined to get here"/
    + JDK-8273638: javax/swing/JTable/4235420/bug4235420.java fails
    in GTK L&F
    + JDK-8258554: javax/swing/JTable/4235420/bug4235420.java fails
    in GTK L&F
    + JDK-8277385: Zero: Enable CompactStrings support
    + JDK-8278116: runtime/modules/LoadUnloadModuleStress.java has
    duplicate -Xmx
    + JDK-8278115: gc/stress/gclocker/TestGCLockerWithSerial.java
    has duplicate -Xmx
    + JDK-8274736: Concurrent read/close of SSLSockets causes
    SSLSessions to be invalidated unnecessarily
    + JDK-8278309: [windows] use of uninitialized OSThread::_state
    + JDK-8202142: jfr/event/io/TestInstrumentation is unstable
    + JDK-8207793: [TESTBUG] runtime/Metaspace/
    /FragmentMetaspace.java fails: heap needs to be increased
    + JDK-8211170: AArch64: Warnings in C1 and template interpreter
    + JDK-8273575: memory leak in appendBootClassPath(), paths must
    be deallocated
    + JDK-8266187: Memory leak in appendBootClassPath()
    + JDK-8240904: Screen flashes on test failures when running
    tests from make
    + JDK-8234930: Use MAP_JIT when allocating pages for code cache
    on macOS
    + JDK-8275811: Incorrect instance to dispose
    + JDK-8186780: clang fastdebug assertion failure in
    os_linux_x86:os::verify_stack_alignment()
    + JDK-8266171: -Warray-bounds happens in imageioJPEG.c
    + JDK-8266170: -Wnonnull happens in classLoaderData.inline.hpp
    + JDK-8207011: Remove uses of the register storage class
    specifier
    + JDK-8266172: -Wstringop-overflow happens in vmError.cpp
    + JDK-8274714: Incorrect verifier protected access error message
    + JDK-8273514: java/util/DoubleStreamSums/CompensatedSums.java
    failure
    + JDK-8214761: Bug in parallel Kahan summation implementation
    + JDK-8272473: Parsing epoch seconds at a DST transition with a
    non-UTC parser is wrong
    + JDK-8255035: Update BCEL to Version 6.5.0
    + JDK-8257769: Cipher.getParameters() throws NPE for
    ChaCha20-Poly1305
    + JDK-8233827: Enable screenshots in the enhanced failure
    handler on Linux/macOS
    + JDK-8210236: Prepare
    ciReceiverTypeData::translate_receiver_data_from for
    concurrent class unloading
    + JDK-8273366: [testbug] javax/swing/UIDefaults/6302464/
    /bug6302464.java fails on macOS12
    + JDK-8199079: Test javax/swing/UIDefaults/6302464/
    /bug6302464.java is unstable
    + JDK-8256373: [Windows/HiDPI] The Frame#setBounds does not
    work in a minimized state
    + JDK-8274523:  java/lang/management/MemoryMXBean/
    /MemoryTest.java test should handle Shenandoah
    + JDK-8208074: [TESTBUG] vmTestbase/nsk/jvmti/RedefineClasses/
    /StressRedefineWithoutBytecodeCorruption/TestDescription.java
    failed with NullPointerException
    + JDK-8266168: -Wmaybe-uninitialized happens in check_code.c
    + JDK-8266174: -Wmisleading-indentation happens in
    libmlib_image sources
    + JDK-8251558: J2DBench should support shaped and translucent
    windows
    + JDK-8254940: AArch64: Cleanup non-product thread members
    + JDK-8266173: -Wmaybe-uninitialized happens in jni_util.c
    + JDK-8263185: Mallinfo deprecated in glibc 2.33
    + JDK-8257467: [TESTBUG] -Wdeprecated-declarations is reported
    at sigset() in exesigtest.c
    + JDK-8266176: -Wmaybe-uninitialized happens in
    libArrayIndexOutOfBoundsExceptionTest.c
    + JDK-8274265: Suspicious string concatenation in
    logTestUtils.inline.hpp
    + JDK-8222825: ARM32 SIGILL issue on single core CPU (not
    supported PLDW instruction)
    + JDK-8276105: C2: Conv(D|F)2(I|L)Nodes::Ideal should handle
    rounding correctly
    + JDK-8268882: C2: assert(n->outcnt() != 0 || C->top() == n ||
    n->is_Proj()) failed: No dead instructions after post-alloc
    + JDK-8272345: macos doesn't check `os::set_boot_path()` result
    + JDK-8277796: Bump update version for OpenJDK: jdk-11.0.15
- Modified patch:
  * fips.patch
    + rediff to changed context
- Stop adding the JavaEE modules when building for Factory
jboss-logging
- Build against the provider of mvn(log4j:log4j:1.2.16) instead of
  mvn(log4j:log4j), in order to be able to build both on systems
  with and without reload4j (bsc#1197642)
- Do not build against the log4j12 packages
- Fix the source url
- Update to 3.4.1
kernel-default
- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit ef1c2ca
- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 41afdd9
- x86/bugs: Add Cannon lake to RETBleed affected CPU list
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 6b54061
- ibmvnic: Properly dispose of all skbs during a failover
  (bsc#1200925).
- commit 06221e8
- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit b7a3331
- x86/common: Stamp out the stepping madness (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 3962a01
- KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit a2b7d09
- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit fd58624
- KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 79152af
- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit f625aa5
- KVM: VMX: Convert launched argument to flags (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit e0dd694
- KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 528b21e
- KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 5c70c82
- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 4f79cdb
- x86/speculation: Use cached host SPEC_CTRL value for guest
  entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 140d756
- x86/speculation: Fix SPEC_CTRL write on SMT state change
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 43488f5
- x86/speculation: Fix firmware entry SPEC_CTRL handling
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 410bedf
- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 3ed82bb
- x86/bugs: Do IBPB fallback check only once (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 914bf03
- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 0636a43
- net: rose: fix UAF bugs caused by timer handler (git-fixes).
- net: usb: ax88179_178a: Fix packet receiving (git-fixes).
- usbnet: fix memory allocation in helpers (git-fixes).
- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
  (git-fixes).
- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
  (git-fixes).
- linux/dim: Fix divide by 0 in RDMA DIM (git-fixes).
- virtio-net: fix race between ndo_open() and
  virtio_device_ready() (git-fixes).
- soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in
  brcmstb_pm_probe (git-fixes).
- iio: accel: mma8452: ignore the return value of reset operation
  (git-fixes).
- usb: chipidea: udc: check request status before setting device
  address (git-fixes).
- USB: serial: option: add Quectel RM500K module support
  (git-fixes).
- USB: serial: option: add Quectel EM05-G modem (git-fixes).
- USB: serial: option: add Telit LE910Cx 0x1250 composition
  (git-fixes).
- mtd: rawnand: gpmi: Fix setting busy timeout setting
  (git-fixes).
- regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask
  chips (git-fixes).
- virtio_net: fix xdp_rxq_info bug after suspend/resume
  (git-fixes).
- commit 3920c43
- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
  (git-fixes).
- hwmon: (ibmaem) don't call platform_device_del() if
  platform_device_add() fails (git-fixes).
- caif_virtio: fix race between virtio_device_ready() and
  ndo_open() (git-fixes).
- iio: adc: vf610: fix conversion mode sysfs node name
  (git-fixes).
- iio:chemical:ccs811: rearrange iio trigger get and register
  (git-fixes).
- iio:accel:bma180: rearrange iio trigger get and register
  (git-fixes).
- iio: trigger: sysfs: fix use-after-free on remove (git-fixes).
- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up()
  (git-fixes).
- iio: adc: axp288: Override TS pin bias current for some models
  (git-fixes).
- gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes).
- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf
  (git-fixes).
- drm/msm: Fix double pm_runtime_disable() call (git-fixes).
- drm/sun4i: Fix crash during suspend after component bind failure
  (git-fixes).
- ata: libata: add qc->flags in ata_qc_complete_template
  tracepoint (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes).
- ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes).
- commit aa4e5a5
- block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762).
- blacklist.conf:
  remove this entry
- commit 6e5bc29
- blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762)
  This patches never made it to mainline. Instead a simpler solution was
  added upstream 14dc7a18abbe ("/block: Fix handling of offline queues in
  blk_mq_alloc_request_hctx().
- commit a4e1276
- blacklist.conf: breaks kABI in an unfixable manner
- commit de9d595
- kabi: nvme workaround header include (bsc#1201193).
- commit 1e4257b
- x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit b3da909
- intel_idle: Disable IBRS during long idle (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit bff00e1
- xhci: Add reset resume quirk for AMD xhci controller
  (git-fixes).
- commit 144d367
- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 9a4b6fa
- usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC
  (git-fixes).
- Refresh
  patches.suse/usb-pci-quirks-disable-D3cold-on-xhci-suspend-for-s2.patch.
- Refresh
  patches.suse/usb-xhci-do-not-perform-Soft-Retry-for-some-xHCI-hos.patch.
- commit 1d0d070
- x86/bugs: Split spectre_v2_select_mitigation() and
  spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit eda1e45
- x86/speculation: Add spectre_v2=ibrs option to support Kernel
  IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit c12a655
- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 94eb4a2
- x86/entry: Add kernel IBRS implementation (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 7077b17
- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit c21cae3
- netfilter: nf_tables: stricter validation of element data
  (CVE-2022-34918 bsc#1201171).
- commit d3cb893
- scsi: nvme: Added a new sysfs attribute appid_store
  (bsc#1201193).
- commit 946af0d
- blacklist.conf: update
- blacklist.conf: Add new commit
- commit 6c8c02b
- block/keyslot-manager: prevent crash when num_slots=1
  (git-fixes).
- blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats
  (git-fixes).
- commit ef13f5c
- nvmet: fix freeing unallocated p2pmem (git-fixes).
- nvmet-rdma: Fix NULL deref when SEND is completed with error
  (git-fixes).
- nvmet-rdma: Fix NULL deref when setting pi_enable and traddr
  INADDR_ANY (git-fixes).
- commit ad1ec47
- blacklist.conf: Add nvmet patch
- commit f8744f6
- nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes).
- commit 781a006
- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 3a3473f
- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- Update config files.
- commit 89f84ec
- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 13522d3
- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit b13e1ec
- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit ba20e78
- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit e26025b
- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit a16eea7
- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 1744d2e
- x86/bpf: Use alternative RET encoding (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 3599ff8
- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 9c190f7
- scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193).
- scsi: lpfc: Allow reduced polling rate for
  nvme_admin_async_event cmd completion (bsc#1201193).
- scsi: lpfc: Add more logging of cmd and cqe information for
  aborted NVMe cmds (bsc#1201193).
- scsi: lpfc: Fix port stuck in bypassed state after LIP in
  PT2PT topology (bsc#1201193).
- scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is
  aborted (bsc#1201193).
- scsi: lpfc: Address NULL pointer dereference after
  starget_to_rport() (bsc#1201193).
- scsi: lpfc: Resolve some cleanup issues following SLI path
  refactoring (bsc#1201193).
- scsi: lpfc: Resolve some cleanup issues following abort path
  refactoring (bsc#1201193).
- scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in
  lpfc_ct_reject_event() (bsc#1201193).
- scsi: lpfc: Add support for ATTO Fibre Channel devices
  (bsc#1201193).
- scsi: lpfc: Add support for VMID tagging of NVMe I/Os
  (bsc#1201193).
- scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol
  independent (bsc#1201193).
- scsi: lpfc: Commonize VMID code location (bsc#1201193).
- scsi: nvme-fc: Add new routine nvme_fc_io_getuuid()
  (bsc#1201193).
- commit 7f7c840
- net: stmmac: reset Tx desc base address before restarting Tx
  (git-fixes).
- commit db66d0c
- net: lantiq: Add locking for TX DMA channel (git-fixes).
- commit 021df50
- net: ethernet: stmmac: Disable hardware multicast filter
  (git-fixes).
- commit 36ce5b8
- sunvnet: use icmp_ndo_send helper (git-fixes).
- commit 22762aa
- gtp: use icmp_ndo_send helper (git-fixes).
- commit b9a3ced
- veth: fix races around rq->rx_notify_masked (git-fixes).
- commit c90500d
- net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
- commit 8c700c0
- Update config files.
- commit d2069d8
- scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160).
- scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error
  injection (bsc#1201160).
- scsi: qla2xxx: Fix losing FCP-2 targets on long port disable
  with I/Os (bsc#1201160).
  Refresh:
  - patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch
- scsi: qla2xxx: Add debug prints in the device remove path
  (bsc#1201160).
- scsi: qla2xxx: Fix losing target when it reappears during delete
  (bsc#1201160).
- scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation
  tests (bsc#1201160).
- scsi: qla2xxx: Fix crash due to stale SRB access around I/O
  timeouts (bsc#1201160).
- scsi: qla2xxx: Turn off multi-queue for 8G adapters
  (bsc#1201160).
- scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160).
- scsi: qla2xxx: Add a new v2 dport diagnostic feature
  (bsc#1201160).
- scsi: qla2xxx: Fix excessive I/O error messages by default
  (bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160).
- scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160).
- scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time
  (bsc#1201160).
- scsi: qla2xxx: edif: Fix no logout on delete for N2N
  (bsc#1201160).
- scsi: qla2xxx: edif: Fix session thrash (bsc#1201160).
- scsi: qla2xxx: edif: Tear down session if keys have been removed
  (bsc#1201160).
- scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160).
- scsi: qla2xxx: edif: Reduce disruption due to multiple app start
  (bsc#1201160).
- scsi: qla2xxx: edif: Send LOGO for unexpected IKE message
  (bsc#1201160).
- scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription
  (bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160).
- scsi: qla2xxx: edif: Fix n2n login retry for secure device
  (bsc#1201160).
- scsi: qla2xxx: edif: Fix n2n discovery issue with secure target
  (bsc#1201160).
- scsi: qla2xxx: edif: Remove old doorbell interface
  (bsc#1201160).
- scsi: qla2xxx: edif: Add retry for ELS passthrough
  (bsc#1201160).
- scsi: qla2xxx: edif: Synchronize NPIV deletion with
  authentication application (bsc#1201160).
- scsi: qla2xxx: edif: Fix potential stuck session in sa update
  (bsc#1201160).
- scsi: qla2xxx: edif: Add bsg interface to read doorbell events
  (bsc#1201160).
- scsi: qla2xxx: edif: Wait for app to ack on sess down
  (bsc#1201160).
- scsi: qla2xxx: edif: bsg refactor (bsc#1201160).
- scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing
  (bsc#1201160).
- commit d2cb0ed
- Revert "/block: Fix a lockdep complaint triggered by request
  queue flushing"/ (git-fixes).
- commit 4eca7cd
- scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter
  (bsc#1201160).
- scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters
  (bsc#1201160).
- commit 4780b01
- nvme-multipath: set nr_zones for zoned namespaces (git-fixes). - Refresh patches.suse/nvme-fix-refcounting-imbalance-when-all-paths-are-do.patch.
- commit 76d2349
- ceph: clean up locking annotation for ceph_get_snap_realm and
  __lookup_snap_realm (bsc#1201149).
- Refresh
  patches.suse/ceph-take-snap_empty_lock-atomically-with-snaprealm-refcount-change.patch.
- commit d26c619
- ceph: add some lockdep assertions around snaprealm handling
  (bsc#1201147).
- Refresh
  patches.suse/ceph-take-snap_empty_lock-atomically-with-snaprealm-refcount-change.patch.
- commit 2f1c9fc
- blacklist.conf: add commit
- commit aaeabea
- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 9a7c312
- fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143).
- commit 8a0b165
- bio: fix page leak bio_add_hw_page failure (git-fixes).
- blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes).
- block: advance iov_iter on bio_add_hw_page failure (git-fixes).
- commit 7e67c38
- blacklist.conf: ignore documentation fix
- commit ea0880a
- scsi: core: Show SCMD_LAST in text form (git-fixes).
- commit d76d5ab
- scsi: sd_zbc: Support disks with more than 2**32 logical
  (git-fixes).
- scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE
  (git-fixes).
- scsi: sd: sd_zbc: Don't pass GFP_NOIO to kvcalloc (git-fixes).
- commit 29c91b5
- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit ea71447
- crypto: x86/poly1305 - Fixup SLS (bsc#1201050 CVE-2021-26341).
- commit af7f65a
- scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes).
- commit 9db78a9
- scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks
  (git-fixes).
- blacklist.conf: Remove entry from blacklist
- commit 5cb2eb0
- scsi: sd_zbc: Improve zone revalidation (git-fixes).
- scsi: sd_zbc: Don't limit max_zone_append sectors to
  (git-fixes).
- scsi: sd_zbc: Remove unused inline functions (git-fixes).
- scsi: sd: Signal drive managed SMR disks (git-fixes).
- commit 6f51c10
- x86: Add straight-line-speculation mitigation (bsc#1201050
  CVE-2021-26341).
- Update config files.
- Refresh
  patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch.
- commit d2ed44a
- x86/alternative: Relax text_poke_bp() constraint (bsc#1201050
  CVE-2021-26341).
- commit 2e7822c
- x86/alternatives: Teach text_poke_bp() to emulate RET
  (bsc#1201050 CVE-2021-26341).
- commit 4eb3542
- x86/alternatives: Implement a better poke_int3_handler()
  completion scheme (bsc#1201050 CVE-2021-26341).
- commit cf0f438
- x86/alternative: Shrink text_poke_loc (bsc#1201050
  CVE-2021-26341).
- commit db3f434
- x86/alternative: Remove text_poke_loc::len (bsc#1201050
  CVE-2021-26341).
- commit 90aebc8
- x86/alternative: Add text_opcode_size() (bsc#1201050
  CVE-2021-26341).
- commit 83d7faa
- x86/alternatives: Add and use text_gen_insn() helper
  (bsc#1201050 CVE-2021-26341).
- commit 5121e4e
- x86/alternatives, jump_label: Provide better text_poke()
  batching interface (bsc#1201050 CVE-2021-26341).
- commit 1b220c6
- x86: Prepare inline-asm for straight-line-speculation
  (bsc#1201050 CVE-2021-26341).
- commit 6687132
- x86: Prepare asm files for straight-line-speculation
  (bsc#1201050 CVE-2021-26341).
- commit f2fec2e
- x86/lib/atomic64_386_32: Rename things (bsc#1201050
  CVE-2021-26341).
- commit 88d97d1
- x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds
  (bsc#1201050 CVE-2021-26341).
- commit 59b7688
- Update metadata references
- commit 45bbc74
- usb: gadget: u_ether: fix regression in setting fixed MAC
  address (git-fixes).
- commit 23f9eaa
- move devm_allocate to end of structure for kABI (git-fixes).
- commit 39ff4a9
- spi: Fix use-after-free with devm_spi_alloc_* (git-fixes).
- commit 531527e
- sctp: handle kABI change in struct sctp_endpoint (CVE-2022-20154
  bsc#1200599).
- commit b1e8eec
- sctp: use call_rcu to free endpoint (CVE-2022-20154
  bsc#1200599).
- commit 44ec44b
- kABI fix of sysctl_run_estimation (git-fixes).
- ipvs: add sysctl_run_estimation to support disable estimation
  (bsc#1195504).
- commit 326d103
- bcache: avoid unnecessary soft lockup in kworker
  update_writeback_rate() (bsc#1197362).
- bcache: memset on stack variables in bch_btree_check() and
  bch_sectors_dirty_init() (git-fixes).
- bcache: avoid journal no-space deadlock by reserving 1 journal
  bucket (git-fixes).
- bcache: remove incremental dirty sector counting for
  bch_sectors_dirty_init() (git-fixes).
- bcache: improve multithreaded bch_sectors_dirty_init()
  (git-fixes).
- bcache: improve multithreaded bch_btree_check() (git-fixes).
- nvdimm: Fix firmware activation deadlock scenarios (git-fixes).
- nvdimm/region: Fix default alignment for small regions
  (git-fixes).
- bcache: fixup multiple threads crash (git-fixes).
- md: fix update super 1.0 on rdev size change (git-fixes).
- commit 702bf9b
- Fixup !CONFIG_BLK_CGROUP build in
  patches.suse/block-don-t-merge-across-cgroup-boundaries-if-blkcg-.patch.
- commit bfec8fb
- phy: aquantia: Fix AN when higher speeds than 1G are not
  advertised (git-fixes).
- ALSA: hda/via: Fix missing beep setup (git-fixes).
- ALSA: hda/conexant: Fix missing beep setup (git-fixes).
- bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()
  (git-fixes).
- i2c: designware: Use standard optional ref clock implementation
  (git-fixes).
- tty: goldfish: Fix free_irq() on remove (git-fixes).
- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
  (git-fixes).
- usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes).
- USB: serial: option: add support for Cinterion MV31 with new
  baseline (git-fixes).
- USB: serial: io_ti: add Agilent E5805A support (git-fixes).
- virtio-mmio: fix missing put_device() when vm_cmdline_parent
  registration failed (git-fixes).
- ata: libata-core: fix NULL pointer deref in
  ata_host_alloc_pinfo() (git-fixes).
- ALSA: hda/realtek - Add HW8326 support (git-fixes).
- ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put()
  (git-fixes).
- ASoC: es8328: Fix event generation for deemphasis control
  (git-fixes).
- ASoC: wm8962: Fix suspend while playing music (git-fixes).
- ASoC: cs42l56: Correct typo in minimum level for SX volume
  controls (git-fixes).
- ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes).
- ASoC: cs53l30: Correct number of volume levels on SX controls
  (git-fixes).
- ASoC: cs35l36: Update digital volume TLV (git-fixes).
- ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes).
- ASoC: nau8822: Add operation for internal PLL off and on
  (git-fixes).
- nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
  (git-fixes).
- virtio-pci: Remove wrong address verification in vp_del_vqs()
  (git-fixes).
- commit 3c059bb
- arm64: ftrace: fix branch range checks (git-fixes)
- commit 78ca39c
- block: Fix kABI in blk-merge.c (bsc#1198020).
- commit fa9f9d3
- ext4: add check to prevent attempting to resize an fs with
  sparse_super2 (bsc#1197754).
- commit 063f013
- kabi/severities: ignore KABI for NVMe target (bsc#1192761)
  Exported symbols under drivers/nvme/target/ are only used by the
  nvmet subsystem itself.
- commit 60db37f
- blacklist.conf: Blacklist 14dc7a18abbe
- commit e3d2bff
- vmxnet3: fix minimum vectors alloc issue (bsc#1199489).
- commit 5d5a2b9
- nvme: kabi fix nvme subsystype change (bsc#1192761)
- commit e2cebc4
- blacklist.conf: Blacklist e583b5c472bd
- commit e1ae80a
- iomap: iomap_write_failed fix (bsc#1200829).
- commit c8ee717
- jfs: fix divide error in dbNextAG (bsc#1200828).
- commit 8668968
- ext4: make variable "/count"/ signed (bsc#1200820).
- commit 8506661
- init: Initialize noop_backing_dev_info early (bsc#1200822).
- commit 9bcd180
- writeback: Fix inode->i_io_list not be protected by
  inode->i_lock error (bsc#1200821).
- commit 5276354
- blk-mq: do not update io_ticks with passthrough requests
  (bsc#1200816).
- commit 25cf6a6
- blacklist.conf: Blacklist 14362a254179 and e730558adffb
- commit 84080f8
- blacklist.conf: Blacklist 623af4f538b5
- commit e09c291
- inotify: show inotify mask flags in proc fdinfo (bsc#1200600).
- commit dd7c510
- Update tags in:
  patches.suse/bfq-Drop-pointless-unlock-lock-pair.patch.
  patches.suse/bfq-Get-rid-of-__bio_blkcg-usage.patch.
  patches.suse/bfq-Make-sure-bfqg-for-which-we-are-queueing-request.patch.
  patches.suse/bfq-Remove-pointless-bfq_init_rq-calls.patch.
  patches.suse/bfq-Split-shared-queues-on-move-between-cgroups.patch.
  patches.suse/bfq-Track-whether-bfq_group-is-still-online.patch.
  patches.suse/bfq-Update-cgroup-information-before-merging-bio.patch.
- commit fa82b91
- writeback: Avoid skipping inode writeback (bsc#1200813).
- commit fbc0033
- blk-iolatency: Fix inflight count imbalances and IO hangs on
  offline (bsc#1200825).
- commit 77a71d2
- block: don't merge across cgroup boundaries if blkcg is enabled
  (bsc#1198020).
- commit 08df09c
- ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810).
- commit 90ad366
- ext4: fix bug_on in __es_tree_search (bsc#1200809).
- commit 599d1b0
- blacklist.conf: Blacklist cb8435dc8ba3
- commit 82be35e
- ext4: fix race condition between ext4_write and
  ext4_convert_inline_data (bsc#1200807).
- commit ab76d02
- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
  (bsc#1200806).
- commit 6fb9b0d
- nvmet: register discovery subsystem as 'current' (bsc#1192761).
- nvmet: switch check for subsystem type (bsc#1192761).
- nvme: add new discovery log page entry definitions
  (bsc#1192761).
- nvme: display correct subsystem NQN (bsc#1192761).
- nvme: Add connect option 'discovery' (bsc#1192761).
  Refresh:
  - patches.suse/nvme-add-iopolicy-module-parameter.patch
- nvme: expose subsystem type in sysfs attribute 'subsystype'
  (bsc#1192761).
  Refresh:
  - patches.suse/nvme-add-iopolicy-module-parameter.patch
- nvmet: set 'CNTRLTYPE' in the identify controller data
  (bsc#1192761).
- nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761).
- nvme: add CNTRLTYPE definitions for 'identify controller'
  (bsc#1192761).
- nvmet: make discovery NQN configurable (bsc#1192761).
- nvmet: don't check iosqes,iocqes for discovery controllers
  (bsc#1192761).
- nvmet: add nvmet_req_subsys() helper (bsc#1192761).
- commit 829b0a6
- blk-mq: clear active_queues before clearing
  BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263).
- commit e0430df
- rpm/check-for-config-changes: ignore GCC12/CC_NO_ARRAY_BOUNDS
  Upstream commit f0be87c42cbd (gcc-12: disable '-Warray-bounds'
  universally for now) added two new compiler-dependent configs:
  * CC_NO_ARRAY_BOUNDS
  * GCC12_NO_ARRAY_BOUNDS
  Ignore them -- they are unset by dummy tools (they depend on gcc version
  == 12), but set as needed during real compilation.
- commit a14607c
- ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (CVE-2022-1679
  bsc#1199487).
- commit 1ae14c9
- powerpc/perf: Fix the threshold compare group constraint for
  power9 (bsc#1065729).
- powerpc/idle: Fix return value of __setup() handler
  (bsc#1065729).
- commit 60a1a9d
- scsi: ibmvfc: Store vhost pointer during subcrq allocation
  (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
- scsi: ibmvfc: Allocate/free queue resource only during
  probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
- commit 161dd5d
- pNFS: Don't keep retrying if the server replied
  NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).
- SUNRPC: Fix the calculation of xdr->end in
  xdr_get_next_encode_buffer() (git-fixes).
- NFS: Further fixes to the writeback error handling (git-fixes).
- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS
  layout (git-fixes).
- NFS: Memory allocation failures are not server fatal errors
  (git-fixes).
- NFS: Don't report errors from nfs_pageio_complete() more than
  once (git-fixes).
- NFS: Do not report flush errors in nfs_write_end() (git-fixes).
- NFS: Do not report EINTR/ERESTARTSYS as mapping errors
  (git-fixes).
- commit b6dcac2
- Update patches.suse/pNFS-flexfiles-fix-incorrect-size-check-in-decode_nf.patch
  (git-fixes CVE-2021-4157 bnc#1194013).
- commit fccebe3
- random: Add and use pr_fmt() (bsc#1184924).
- commit 565b0b7
- random: remove unnecessary unlikely() (bsc#1184924).
- commit 30b0d5d
- Refresh patches.suse/random-fix-crash-on-multiple-early-calls-to-add_bootloader_randomness.patch.
  Update to  upstream version.
- commit f01d1a8
- powerpc/rtas: Allow ibm,platform-dump RTAS call with null
  buffer address (bsc#1200343 ltc#198477).
- commit eae5ebe
- exec: Force single empty string when argv is empty
  (bsc#1200571).
- commit dffa04e
- scsi: smartpqi: create module parameters for LUN reset
  (bsc#1179195 bsc#1200622).
- commit 96f3f82
- HID: add USB_HID dependancy to hid-prodikeys (CVE-2022-20132
  bsc#1200619).
- HID: add USB_HID dependancy to hid-chicony (CVE-2022-20132
  bsc#1200619).
- HID: bigbenff: prevent null pointer dereference (CVE-2022-20132
  bsc#1200619).
- HID: add USB_HID dependancy on some USB HID drivers
  (CVE-2022-20132 bsc#1200619).
- commit f2f08be
- HID: holtek: fix mouse probing (CVE-2022-20132 bsc#1200619).
- commit f8ff78e
- HID: check for valid USB device for many HID drivers
  (CVE-2022-20132 bsc#1200619).
- HID: add hid_is_usb() function to make it simpler for USB
  detection (CVE-2022-20132 bsc#1200619).
- commit 3fe30db
- blacklist.conf: add already cherry-picked usb revert commit
- commit 5b3636f
- certs/blacklist_hashes.c: fix const confusion in certs blacklist
  (git-fixes).
- commit 6e1c6be
- drm/i915/reset: Fix error_state_read ptr + offset use
  (git-fixes).
- net: ax25: Fix deadlock caused by skb_recv_datagram in
  ax25_recvmsg (git-fixes).
- commit 24d4858
- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1200604
  CVE-2022-20141).
- commit 34bf464
- ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes).
- commit 4bfd1c5
- vringh: Fix loop descriptors check in the indirect cases
  (git-fixes).
- mmc: block: Fix CQE recovery reset success (git-fixes).
- modpost: fix undefined behavior of is_arm_mapping_symbol()
  (git-fixes).
- modpost: fix removing numeric suffixes (git-fixes).
- misc: rtsx: set NULL intfdata when probe fails (git-fixes).
- USB: new quirk for Dell Gen 2 devices (git-fixes).
- USB: serial: option: add Quectel BG95 modem (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration
  (git-fixes).
- usb: dwc2: gadget: don't reset gadget's driver->bus (git-fixes).
- USB: hcd-pci: Fully suspend across freeze/thaw cycle
  (git-fixes).
- drivers: usb: host: Fix deadlock in oxu_bus_suspend()
  (git-fixes).
- USB: host: isp116x: check return value after calling
  platform_get_resource() (git-fixes).
- serial: msm_serial: disable interrupts in __msm_console_write()
  (git-fixes).
- drivers: tty: serial: Fix deadlock in sa1100_set_termios()
  (git-fixes).
- tty: Fix a possible resource leak in icom_probe (git-fixes).
- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
  (git-fixes).
- staging: rtl8712: fix uninit-value in r871xu_drv_init()
  (git-fixes).
- staging: rtl8712: fix uninit-value in usb_read8() and friends
  (git-fixes).
- drivers: staging: rtl8192e: Fix deadlock in
  rtllib_beacons_stop() (git-fixes).
- drivers: staging: rtl8192u: Fix deadlock in
  ieee80211_beacons_stop() (git-fixes).
- watchdog: wdat_wdt: Stop watchdog when rebooting the system
  (git-fixes).
- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes).
- video: fbdev: pxa3xx-gcu: release the resources correctly in
  pxa3xx_gcu_probe/remove() (git-fixes).
- rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes).
- rtl818x: Prevent using not initialized queues (git-fixes).
- mwifiex: add mutex lock for call in
  mwifiex_dfs_chan_sw_work_queue (git-fixes).
- media: cx25821: Fix the warning when removing the module
  (git-fixes).
- media: pci: cx23885: Fix the error handling in cx23885_initdev()
  (git-fixes).
- media: venus: hfi: avoid null dereference in deinit (git-fixes).
- PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes).
- spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes).
- spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width}
  based on DMA direction (git-fixes).
- mmc: jz4740: Apply DMA engine limits to maximum segment size
  (git-fixes).
- pinctrl: sunxi: fix f1c100s uart2 function (git-fixes).
- platform/chrome: cros_ec_proto: Send command again when timeout
  occurs (git-fixes).
- commit f8749e6
- efi: Do not import certificates from UEFI Secure Boot for T2
  Macs (git-fixes).
- Refresh
  patches.suse/0003-MODSIGN-load-blacklist-from-MOKx.patch.
- commit 316d54d
- drm/atomic: Force bridge self-refresh-exit on CRTC switch
  (git-fixes).
- drm/bridge: analogix_dp: Support PSR-exit to disable transition
  (git-fixes).
- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
  (git-fixes).
- iio: dummy: iio_simple_dummy: check the return value of
  kstrdup() (git-fixes).
- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour
  (git-fixes).
- drm/radeon: fix a possible null pointer dereference (git-fixes).
- i2c: cadence: Increase timeout per message if necessary
  (git-fixes).
- drm/amdgpu/ucode: Remove firmware load type check in
  amdgpu_ucode_free_bo (git-fixes).
- drm: msm: fix error check return value of irq_of_parse_and_map()
  (git-fixes).
- drm/plane: Move range check for format_count earlier
  (git-fixes).
- drm/komeda: return early if drm_universal_plane_init() fails
  (git-fixes).
- fbcon: Consistently protect deferred_takeover with
  console_lock() (git-fixes).
- drm/virtio: fix NULL pointer dereference in
  virtio_gpu_conn_get_modes (git-fixes).
- drm/i915: Fix -Wstringop-overflow warning in call to
  intel_read_wm_latency() (git-fixes).
- iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes).
- mac80211: upgrade passive scan to active scan on DFS channels
  after beacon rx (git-fixes).
- ipw2x00: Fix potential NULL dereference in libipw_xmit()
  (git-fixes).
- HID: bigben: fix slab-out-of-bounds Write in bigben_probe
  (git-fixes).
- HID: multitouch: Add support for Google Whiskers Touchpad
  (git-fixes).
- hwmon: Make chip parameter for with_info API mandatory
  (git-fixes).
- irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes).
- irqchip/armada-370-xp: Do not touch Performance Counter Overflow
  on A375, A38x, A39x (git-fixes).
- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
  (git-fixes).
- irqchip/exiu: Fix acknowledgment of edge triggered interrupts
  (git-fixes).
- efi: Add missing prototype for efi_capsule_setup_info
  (git-fixes).
- drivers: i2c: thunderx: Allow driver to work with ACPI defined
  TWSI controllers (git-fixes).
- i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging
  (git-fixes).
- Input: goodix - fix spurious key release events (git-fixes).
- commit 71b82f0
- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
  (git-fixes).
- ALSA: hda/conexant - Fix loopback issue with CX20632
  (git-fixes).
- ALSA: usb-audio: Set up (implicit) sync for Saffire 6
  (git-fixes).
- ALSA: usb-audio: Skip generic sync EP parse for secondary EP
  (git-fixes).
- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map()
  return value (git-fixes).
- clocksource/drivers/sp804: Avoid error on multiple instances
  (git-fixes).
- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size
  data type (git-fixes).
- ASoC: max98357a: remove dependency on GPIOLIB (git-fixes).
- ASoC: rt5645: Fix errorenous cleanup order (git-fixes).
- ASoC: tscs454: Add endianness flag in snd_soc_component_driver
  (git-fixes).
- ASoC: dapm: Don't fold register value changes into notifications
  (git-fixes).
- ALSA: usb-audio: Workaround for clock setup on TEAC devices
  (git-fixes).
- ath9k: fix QCA9561 PA bias level (git-fixes).
- b43: Fix assigning negative value to unsigned variable
  (git-fixes).
- b43legacy: Fix assigning negative value to unsigned variable
  (git-fixes).
- ACPI: sysfs: Fix BERT error region memory mapping (git-fixes).
- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
  (git-fixes).
- cfg80211: set custom regdomain after wiphy registration
  (git-fixes).
- ACPI: sysfs: Make sparse happy about address space in use
  (git-fixes).
- commit d8922a7
- kabi: return type change of secure_ipv_port_ephemeral()
  (CVE-2022-1012 bsc#1199482).
- tcp: drop the hash_32() part from the index calculation
  (CVE-2022-1012 bsc#1199482).
- tcp: increase source port perturb table to 2^16 (CVE-2022-1012
  bsc#1199482).
- tcp: dynamically allocate the perturb table used by source ports
  (CVE-2022-1012 bsc#1199482).
- tcp: add small random increments to the source port
  (CVE-2022-1012 bsc#1199482).
- tcp: resalt the secret every 10 seconds (CVE-2022-1012
  bsc#1199482).
- tcp: use different parts of the port_offset for index and offset
  (CVE-2022-1012 bsc#1199482).
- secure_seq: use the 64 bits of the siphash for port offset
  calculation (CVE-2022-1012 bsc#1199482).
- commit f0bb4ae
- arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes)
- commit 000b775
- Refresh 0002-PKCS-7-Check-codeSigning-EKU-for-kernel-module-and-k.patch
- commit 4835ae7
- kernel-binary.spec: check s390x vmlinux location
  As a side effect of mainline commit edd4a8667355 ("/s390/boot: get rid of
  startup archive"/), vmlinux on s390x moved from "/compressed"/ subdirectory
  directly into arch/s390/boot. As the specfile is shared among branches,
  check both locations and let objcopy use one that exists.
- commit cd15543
- platform/x86: wmi: Fix driver->notify() vs ->probe() race
  (git-fixes).
- commit e932131
- platform/x86: wmi: Replace read_takes_no_args with a flags field
  (git-fixes).
- commit 2771a0e
- Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442)
- commit 93b1375
- Update config files
- commit 0d6e862
- s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST
  flag (git-fixes).
- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
  (git-fixes).
- s390/lcs: fix variable dereferenced before check (git-fixes).
- s390/ctcm: fix potential memory leak (git-fixes).
- s390/ctcm: fix variable dereferenced before check (git-fixes).
- s390/dasd: Fix read inconsistency for ESE DASD devices
  (bsc#1200206 LTC#198455).
- s390/dasd: Fix read for ESE with blksize < 4k (bsc#1200206
  LTC#198455).
- s390/dasd: prevent double format of tracks for ESE devices
  (bsc#1200207 LTC#198454).
- s390/dasd: fix data corruption for ESE devices (bsc#1200207
  LTC#198454).
- KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes).
- s390/nmi: handle vector validity failures for KVM guests
  (git-fixes).
- s390/nmi: handle guarded storage validity failures for KVM
  guests (git-fixes).
- vfio/ccw: Remove unneeded GFP_DMA (git-fixes).
- KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes).
- KVM: s390: pv: avoid double free of sida page (git-fixes).
- KVM: s390: pv: add macros for UVC CC values (git-fixes).
- s390: fix strrchr() implementation (git-fixes).
- s390/pv: fix the forcing of the swiotlb (git-fixes).
- s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
- s390/qdio: fix roll-back after timeout on ESTABLISH ccw
  (git-fixes).
- s390/ftrace: fix ftrace_update_ftrace_func implementation
  (git-fixes).
- s390/cio: dont call css_wait_for_slow_path() inside a lock
  (git-fixes).
- s390/cio: Fix the "/type"/ field in s390_cio_tpi tracepoint
  (git-fixes).
- s390/mcck: fix invalid KVM guest condition check (git-fixes).
- vfio-ccw: Check initialized flag in cp_init() (git-fixes).
- s390: fix detection of vector enhancements facility 1 vs. vector
  packed decimal facility (git-fixes).
- s390/vfio-ap: fix circular lockdep when setting/clearing crypto
  masks (git-fixes).
- virtio/s390: implement virtio-ccw revision 2 correctly
  (git-fixes).
- commit 61a09d5
- NFS: Don't report ENOSPC write errors twice (git-fixes).
- nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes).
- md: fix an incorrect NULL check in md_reload_sb (git-fixes).
- md: fix an incorrect NULL check in does_sb_need_changing
  (git-fixes).
- raid5: introduce MD_BROKEN (git-fixes).
- commit a49fc21
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit 070ca14
- blk-mq: Fix wrong wakeup batch configuration which will cause
  hang (bsc#1200263).
- commit d25a54b
- blk-mq: fix tag_get wait task can't be awakened (bsc#1200263).
- commit 0a1fb57
- PCI: hv: Fix NUMA node assignment when kernel boots with custom
  NUMA topology (bsc#1199365).
- commit 533234b
- cifs: fix uninitialized pointer in error case in
  dfs_cache_get_tgt_share (bsc#1200217).
- commit 61fbb01
- cifs: skip trailing separators of prefix paths (bsc#1200217).
- commit ee56e7d
- cifs: update internal module number (bsc#1200217).
- commit f5cdb99
- cifs: version operations for smb20 unneeded when legacy support
  disabled (bsc#1200217).
- commit 1734132
- cifs: do not build smb1ops if legacy support is disabled
  (bsc#1200217).
- commit aba3c47
- cifs: fix potential deadlock in direct reclaim (bsc#1200217).
- commit e9cc20c
- cifs: when extending a file with falloc we should make files
  not-sparse (bsc#1200217).
- commit 294d1b1
- cifs: remove repeated debug message on cifs_put_smb_ses()
  (bsc#1200217).
- commit 98c0db1
- cifs: fix potential double free during failed mount
  (bsc#1200217).
- commit bce142b
- cifs: avoid parallel session setups on same channel
  (bsc#1200217).
- commit 1f42004
- cifs: use new enum for ses_status (bsc#1200217).
- commit 7268b31
- cifs: do not use tcpStatus after negotiate completes
  (bsc#1200217).
- commit 7674d31
- smb3: add mount parm nosparse (bsc#1200217).
- commit 2ffada9
- smb3: don't set rc when used and unneeded in query_info_compound
  (bsc#1200217).
- commit 6fd63ad
- smb3: check for null tcon (bsc#1200217).
- commit b858070
- cifs: fix minor compile warning (bsc#1200217).
- commit fd0fc4d
- Add various fsctl structs (bsc#1200217).
- commit 90bede3
- smb3: add trace point for oplock not found (bsc#1200217).
- commit 346f7ed
- cifs: return the more nuanced writeback error on close()
  (bsc#1200217).
- commit 7742646
- smb3: add trace point for lease not found issue (bsc#1200217).
- commit 0658354
- cifs: smbd: fix typo in comment (bsc#1200217).
- commit c4afc8a
- cifs: set the CREATE_NOT_FILE when opening the directory in
  use_cached_dir() (bsc#1200217).
- commit 706627f
- cifs: check for smb1 in open_cached_dir() (bsc#1200217).
- commit 6a639c3
- cifs: move definition of cifs_fattr earlier in cifsglob.h
  (bsc#1200217).
- commit f6bc702
- cifs: print TIDs as hex (bsc#1200217).
- commit e89f4ca
- cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217).
- commit 415ae81
- cifs: don't call cifs_dfs_query_info_nonascii_quirk() if nodfs
  was set (bsc#1200217).
- commit a90922b
- cifs: fix signed integer overflow when fl_end is OFFSET_MAX
  (bsc#1200217).
- commit 586cc75
- SMB3: EBADF/EIO errors in rename/open caused by race condition
  in smb2_compound_op (bsc#1200217).
- commit ee0782f
- cifs: destage any unwritten data to the server before calling
  copychunk_write (bsc#1200217).
- commit 1bda1c7
- cifs: use correct lock type in cifs_reconnect() (bsc#1200217).
- commit 8a9f3fb
- cifs: fix NULL ptr dereference in refresh_mounts()
  (bsc#1200217).
- commit 6a33928
- cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217).
- commit b1096ec
- cifs: verify that tcon is valid before dereference in
  cifs_kill_sb (bsc#1200217).
- commit 7b9058f
- cifs: potential buffer overflow in handling symlinks
  (bsc#1200217).
- commit 6cb9820
- cifs: Split the smb3_add_credits tracepoint (bsc#1200217).
- commit 349ed65
- cifs: release cached dentries only if mount is complete
  (bsc#1200217).
- commit 6b464d5
- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217).
- commit dde64e8
- cifs: update internal module number (bsc#1193629).
- commit 92220f4
- cifs: force new session setup and tcon for dfs (bsc#1200217).
- commit 83df40d
- cifs: remove check of list iterator against head past the loop
  body (bsc#1200217).
- commit c041716
- cifs: fix potential race with cifsd thread (bsc#1200217).
- commit 4db1b1e
- smb3: fix ksmbd bigendian bug in oplock break, and move its
  struct to smbfs_common (bsc#1200217).
  [ ematsumiya: remove ksmbd parts ]
- commit 49a5253
- smb3: cleanup and clarify status of tree connections
  (bsc#1200217).
- commit 7a8d282
- smb3: move defines for query info and query fsinfo to
  smbfs_common (bsc#1200217).
  [ ematsumiya: remove ksmbd parts ]
- commit 980c599
- smb3: move defines for ioctl protocol header and SMB2 sizes
  to smbfs_common (bsc#1200217).
  [ ematsumiya: remove ksmbd parts ]
- commit 4816364
- [smb3] move more common protocol header definitions to
  smbfs_common (bsc#1200217).
  [ ematsumiya: remove ksmbd parts ]
- commit 6224ee1
- cifs: fix incorrect use of list iterator after the loop
  (bsc#1200217).
- commit aef3af4
- cifs: change smb2_query_info_compound to use a cached fid,
  if available (bsc#1200217).
- commit 351d3bd
- cifs: use a different reconnect helper for non-cifsd threads
  (bsc#1200217).
- commit f30e918
- cifs: we do not need a spinlock around the tree access during
  umount (bsc#1200217).
- commit 7cfcd55
- cifs: fix handlecache and multiuser (bsc#1200217).
- commit 3ed19f3
- smb3: fix incorrect session setup check for multiuser mounts
  (bsc#1200217).
- commit 7016d61
- cifs: fix confusing unneeded warning message on smb2.1 and
  earlier (bsc#1200217).
- commit 5c8e870
- cifs: modefromsids must add an ACE for authenticated users
  (bsc#1200217).
- commit 48a34af
- cifs: fix double free race when mount fails in cifs_get_root()
  (bsc#1200217).
- commit f99992c
- cifs: do not use uninitialized data in the owner/group sid
  (bsc#1200217).
- commit 84b55ef
- cifs: fix set of group SID via NTSD xattrs (bsc#1200217).
- commit eb184a1
- smb3: fix snapshot mount option (bsc#1200217).
- commit 874c094
- cifs: mark sessions for reconnection in helper function
  (bsc#1200217).
- commit 0a58bbf
- cifs: call helper functions for marking channels for reconnect
  (bsc#1200217).
- commit 9ee8dff
- cifs: call cifs_reconnect when a connection is marked
  (bsc#1200217).
- commit da0085d
- [smb3] improve error message when mount options conflict with
  posix (bsc#1200217).
- commit 2105c8f
- cifs: fix workstation_name for multiuser mounts (bsc#1200217).
- commit 5c19405
- cifs: unlock chan_lock before calling cifs_put_tcp_session
  (bsc#1200217).
- commit 154c129
- Fix a warning about a malformed kernel doc comment in cifs
  (bsc#1200217).
- commit b2b7511
- cifs: update internal module number (bsc#1200217).
- commit fd57627
- smb3: send NTLMSSP version information (bsc#1200217).
- commit 713e861
- cifs: cifs_ses_mark_for_reconnect should also update reconnect
  bits (bsc#1200217).
- commit 9a2f0ac
- cifs: update tcpStatus during negotiate and sess setup
  (bsc#1200217).
- commit d9e3178
- cifs: make status checks in version independent callers
  (bsc#1200217).
- commit bd7b0d4
- cifs: remove repeated state change in dfs tree connect
  (bsc#1200217).
- commit 010f86c
- cifs: fix the cifs_reconnect path for DFS (bsc#1200217).
- commit 8872018
- cifs: remove unused variable ses_selected (bsc#1200217).
- commit ff25a18
- cifs: protect all accesses to chan_* with chan_lock
  (bsc#1200217).
- commit 570e7fa
- cifs: fix the connection state transitions with multichannel
  (bsc#1200217).
- commit 9e04600
- cifs: check reconnects for channels of active tcons too
  (bsc#1200217).
- commit 7d36579
- cifs: serialize all mount attempts (bsc#1200217).
- commit 551fdd3
- cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for
  non-ASCII dfs refs (bsc#1200217).
- commit c9efbf1
- cifs: alloc_path_with_tree_prefix: do not append sep. if the
  path is empty (bsc#1200217).
- commit 764a91d
- cifs: clean up an inconsistent indenting (bsc#1200217).
- commit 248e46d
- cifs: free ntlmsspblob allocated in negotiate (bsc#1200217).
- commit 43eb5cf
- cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217).
- commit 41d17b7
- cifs: move superblock magic defitions to magic.h (bsc#1200217).
- commit ef6d710
- cifs: Fix smb311_update_preauth_hash() kernel-doc comment
  (bsc#1200217).
- commit f53ea90
- cifs: avoid race during socket reconnect between send and recv
  (bsc#1200217).
- commit 722c8b7
- cifs: maintain a state machine for tcp/smb/tcon sessions
  (bsc#1200217).
- commit 51b486f
- cifs: fix hang on cifs_get_next_mid() (bsc#1200217).
- commit fd0e196
- cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217).
- commit 27f6fb8
- cifs: reconnect only the connection and not smb session where
  possible (bsc#1200217).
- commit 16bf87d
- cifs: add WARN_ON for when chan_count goes below minimum
  (bsc#1200217).
- commit a58714b
- cifs: adjust DebugData to use chans_need_reconnect for conn
  status (bsc#1200217).
- commit 7ddcbf5
- cifs: use the chans_need_reconnect bitmap for reconnect status
  (bsc#1200217).
- commit d6f970b
- cifs: track individual channel status using chans_need_reconnect
  (bsc#1200217).
- commit b7aed75
- cifs: remove redundant assignment to pointer p (bsc#1200217).
- commit a5a52e3
- cifs: sanitize multiple delimiters in prepath (bsc#1200217).
- commit d076172
- cifs: ignore resource_id while getting fscache super cookie
  (bsc#1200217).
- commit 2d5c0e6
- cifs: fix ntlmssp auth when there is no key exchange
  (bsc#1200217).
- commit 93704ce
- cifs: wait for tcon resource_id before getting fscache super
  (bsc#1200217).
- commit b7f6657
- cifs: fix missed refcounting of ipc tcon (bsc#1200217).
- commit e83f639
- kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has
  architectural PMU (git-fixes).
- commit b46bf26
- KVM: x86/emulator: Defer not-present segment check in
  __load_segment_descriptor() (git-fixes).
- commit 27bee90
- KVM: x86: Fix emulation in writing cr8 (git-fixes).
- commit a28f4e5
- KVM: nVMX: Query current VMCS when determining if MSR bitmaps
  are in use (git-fixes).
- commit d008aa3
- kvm: fix wrong exception emulation in check_rdtsc (git-fixes).
- commit 5797afc
- KVM: nVMX: Unconditionally clear nested.pi_pending on nested
  VM-Enter (git-fixes).
- commit acadff0
- KVM: VMX: Use current VMCS to query WAITPKG support for MSR
  emulation (git-fixes).
- commit e4539a4
- KVM: x86: Don't force set BSP bit when local APIC is managed
  by userspace (git-fixes).
- commit eb244fb
- KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any
  BSP (git-fixes).
- commit e4d1ca5
- KVM: nVMX: Set LDTR to its architecturally defined value on
  nested VM-Exit (git-fixes).
- commit 738798b
- KVM: x86: Immediately reset the MMU context when the SMM flag
  is cleared (git-fixes).
- commit 09330a5
- floppy: disable FDRAWCMD by default (bsc#1198866 CVE-2022-1836).
- Update config files.
- commit f9d0532
- KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in
  intel_arch_events[] (git-fixes).
- commit d9ed32f
- KVM: x86: clflushopt should be treated as a no-op by emulation
  (git-fixes).
- commit 9620f9a
- kvm: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode
  (git-fixes).
- commit ef4dd36
- kvm: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode
  (git-fixes).
- commit f6cd4b8
- KVM: x86: Mark CR4.TSD as being possibly owned by the guest
  (git-fixes).
- commit 0207dce
- KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in
  64-bit mode (git-fixes).
- commit 167dd6e
- Revert "/KVM: x86: work around leak of uninitialized stack
  contents"/ (git-fixes).
- commit 750d1b0
- nfc: st21nfca: fix incorrect sizing calculations in
  EVT_TRANSACTION (git-fixes).
- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
  (git-fixes).
- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
  (git-fixes).
- drm: imx: fix compiler warning with gcc-12 (git-fixes).
- commit 31b71c0
- KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
  (git-fixes).
- commit 006ad54
- KVM: nVMX: Invalidate all roots when emulating INVVPID without
  EPT (git-fixes).
- commit 6adfb0f
- KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush
  (git-fixes).
- commit a06b778
- ftrace: Clean up hash direct_functions on register failures
  (git-fixes).
- commit adaac4e
- tilcdc: tilcdc_external: fix an incorrect NULL check on list
  iterator (git-fixes).
- commit 8f16892
- Refresh
  patches.suse/drm-vmwgfx-Initialize-drm_mode_fb_cmd2.patch.
  Alt-commit
- commit 30ee9bf
- Refresh
  patches.suse/0001-drm-vmwgfx-Remove-unused-compile-options.patch.
  Alt-commit
- commit e57beef
- blacklist.conf: Remove blacklisting of backported patch
- Refresh
  patches.suse/drm-vc4-hdmi-Move-the-HSM-clock-enable-to-runtime_pm.patch.
  Alt-commit
- commit 64d3607
- block: fix bio_clone_blkg_association() to associate with
  proper blkcg_gq (bsc#1200259).
- commit ce6dfd1
- Refresh
  patches.suse/drm-i915-Call-i915_globals_exit-if-pci_register_devi.patch.
  Alt-commit
- commit fbaa188
- drm/msm/dsi: fix address for second DSI PHY on SDM660
  (git-fixes).
- commit 2435776
- Refresh
  patches.suse/drm-i915-gem-add-missing-boundary-check-in-vm_access.patch.
  Alt-commit
- commit 693f083
- Refresh patches.suse/drm-amdkfd-Fix-GWS-queue-count.patch.
  Alt-commit
- commit cef7148
- Refresh
  patches.suse/drm-amdgpu-smu10-fix-SoC-fclk-units-in-auto-mode.patch.
  Alt-commit
- commit 7e7296e
- dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
  (git-fixes).
- commit 25b074b
- drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes).
- commit cd35e5a
- blacklist.conf: 0d979509539e drm/ttm: remove ttm_bo_vm_insert_huge()
- commit b0d7e4a
- blacklist.conf: 10a6de19cad6 seq_file: fix passing wrong private data
- commit 88787ec
- drm/i915: fix i915_globals_exit() section mismatch error
  (git-fixes).
- commit f035fef
- add mainline tag for a pci-hyperv change
- commit 77f42e9
- netfilter: nf_tables: sanitize nft_set_desc_concat_parse()
  (CVE-2022-1972 bsc#1200019).
- commit 323e166
- netfilter: nf_tables: disallow non-stateful expression in sets
  earlier (CVE-2022-1966 bsc#1200015).
- commit 41de480
- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
  (git-fixes).
- scsi: dc395x: Fix a missing check on list iterator (git-fixes).
- scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes).
- scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes).
- drbd: fix duplicate array initializer (git-fixes).
- drbd: use bdev_alignment_offset instead of
  queue_alignment_offset (git-fixes).
- drbd: use bdev based limit helpers in drbd_send_sizes
  (git-fixes).
- drbd: remove assign_p_sizes_qlim (git-fixes).
- commit d165ee8
- Added blacklist git-fix: just fixes compiler warning but breaks kabi
- commit 2f740d4
- jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG
  (bsc#1198971).
- Update config files to disable mistakenly enabled CONFIG_JBD2_DEBUG
- commit 1c1f326
- net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes).
- commit 3c1ac51
- net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes).
- commit a293be9
- net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes).
- commit 5ddd111
- net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes).
- commit b7d0c5f
- net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes).
- commit ac2aae4
- net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes).
- commit dd8afe7
- net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes).
- commit de37b40
- net: ethernet: Fix memleak in ethoc_probe (git-fixes).
- commit b06c831
- qlcnic: Fix error code in probe (git-fixes).
- commit 34dcd67
- net: korina: fix return value (git-fixes).
- commit 2399b03
- ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes).
- commit ecd49f2
- net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes).
- commit 5655db7
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- commit 9d94c81
- netdevice: demote the type of some dev_addr_set() helpers
  (bsc#1200216).
- commit eaa7009
- ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
  (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15
  9520 laptop (git-fixes).
- ALSA: hda/realtek - Add new type for ALC245 (git-fixes).
- ASoC: rt5514: Fix event generation for "/DSP Voice Wake Up"/
  control (git-fixes).
- ALSA: ctxfi: Add SB046x PCI ID (git-fixes).
- commit f5268ed
- gpio: adp5588: Remove support for platform setup and teardown
  callbacks (git-fixes).
- gpio: pca953x: use the correct register address to do regcache
  sync (git-fixes).
- driver core: fix deadlock in __device_attach (git-fixes).
- driver: base: fix UAF when driver_attach failed (git-fixes).
- selftests: firmware: Use smaller dictionary for XZ compression
  (git-fixes).
- bus: ti-sysc: Fix warnings for unbind for serial (git-fixes).
- firmware: dmi-sysfs: Fix memory leak in
  dmi_sysfs_register_handle (git-fixes).
- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure
  (git-fixes).
- phy: qcom-qmp: fix reset-controller leak on probe errors
  (git-fixes).
- phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes).
- iio: adc: sc27xx: Fine tune the scale calibration values
  (git-fixes).
- iio: adc: sc27xx: fix read big scale voltage not right
  (git-fixes).
- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return
  value check (git-fixes).
- iio: adc: ad7124: Remove shift from scan_type (git-fixes).
- firmware: stratix10-svc: fix a missing check on list iterator
  (git-fixes).
- usb: ehci-omap: drop unused ehci_read() function (git-fixes).
- usb: typec: mux: Check dev_set_name() return value (git-fixes).
- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking
  (git-fixes).
- usb: musb: Fix missing of_node_put() in omap2430_probe
  (git-fixes).
- USB: storage: karma: fix rio_karma_init return (git-fixes).
- usb: usbip: add missing device lock on tweak configuration cmd
  (git-fixes).
- usb: usbip: fix a refcount leak in stub_probe() (git-fixes).
- serial: stm32-usart: Correct CSIZE, bits, and parity
  (git-fixes).
- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
  (git-fixes).
- serial: sifive: Sanitize CSIZE and c_iflag (git-fixes).
- serial: sh-sci: Don't allow CS5-6 (git-fixes).
- serial: txx9: Don't allow CS5-6 (git-fixes).
- serial: rda-uart: Don't allow CS5-6 (git-fixes).
- serial: digicolor-usart: Don't allow CS5-6 (git-fixes).
- serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485
  (git-fixes).
- serial: meson: acquire port->lock in startup() (git-fixes).
- serial: pch: don't overwrite xmit->buf[0] by x_char (git-fixes).
- serial: 8250: pxa: Remove unneeded <linux/pm_runtime.h>
  (git-fixes).
- serial: 8250: core: Remove unneeded <linux/pm_runtime.h>
  (git-fixes).
- tty: serial: fsl_lpuart: fix potential bug when using both
  of_alias_get_id and ida_simple_get (git-fixes).
- tty: serial: owl: Fix missing clk_disable_unprepare() in
  owl_uart_probe (git-fixes).
- tty: goldfish: Use tty_port_destroy() to destroy port
  (git-fixes).
- staging: fieldbus: Fix the error handling path in
  anybuss_host_common_probe() (git-fixes).
- ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes).
- commit e15e5e6
- powerpc/xive: Add some error handling code to
  'xive_spapr_init()' (fate#322438 git-fixes).
- commit 29a15ff
- net: sched: fixed barrier to prevent skbuff sticking in qdisc
  backlog (bsc#1183405).
- commit 5f8489b
- tracing: Fix return value of trace_pid_write() (git-fixes).
- commit 332fdc6
- tracing: Fix potential double free in create_var_ref()
  (git-fixes).
- commit 142f9d7
- wireguard: device: check for metadata_dst with skb_valid_dst()
  (git-fixes).
- commit 9790edc
- nvme-tcp: use __dev_get_by_name instead dev_get_by_name for
  OPT_HOST_IFACE (bsc#1199670).
- commit a8aa700
- ceph: fix setting of xattrs on async created inodes
  (bsc#1200192).
- commit 91687d7
- i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes).
- commit 9250a63
- soc: rockchip: Fix refcount leak in rockchip_grf_init
  (git-fixes).
- wifi: mac80211: fix use-after-free in chanctx code (git-fixes).
- assoc_array: Fix BUG_ON during garbage collect (git-fixes).
- rtc: mt6397: check return value after calling
  platform_get_resource() (git-fixes).
- watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe
  (git-fixes).
- pwm: raspberrypi-poe: Fix endianness in firmware struct
  (git-fixes).
- pwm: lp3943: Fix duty calculation in case period was clamped
  (git-fixes).
- i2c: at91: use dma safe buffers (git-fixes).
- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
  (git-fixes).
- commit db358bc
- powerpc/xive: Fix refcount leak in xive_spapr_init (fate#322438
  git-fixes).
- commit 4062633
- NFC: netlink: fix sleep in atomic bug when firmware download
  timeout (CVE-2022-1975 bsc#1200143).
- commit bcae1e0
- nfc: replace improper check device_is_registered() in netlink
  related functions (CVE-2022-1974 bsc#1200144).
- Refresh
  patches.suse/NFC-SUSE-specific-brutal-fix-for-runtime-PM.patch.
- commit 8ab4a08
- certs: Add EFI_CERT_X509_GUID support for dbx entries
  (bsc#1177282 CVE-2020-26541).
- Update config files.
- commit 6bf28b7
- ARM: omap: remove debug-leds driver (git-fixes)
- commit 43f073a
- arm: mediatek: select arch timer for mt7629 (git-fixes)
- commit 013d17b
- ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes)
- commit 42eec11
- ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes)
- commit 93d1bda
- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes)
- commit 7e7bd88
- ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes)
- commit 5ee912a
- ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes)
- commit 8161416
- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes)
- commit 4e538b6
- ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes)
- commit 676db9a
- ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes)
- commit 70b2b9b
- ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes)
- commit 50fc702
- ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes)
- commit 12ddc7c
- ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes)
- commit 123bc41
- ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes)
- commit d5627c3
- ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes)
- commit 5b0fb4f
- ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes)
- commit 7371c56
- ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes)
- commit f4ca8bd
- blacklist.conf: ("/ARM: dts: spear1340: Update serial node properties"/)
- commit 2719ba1
- blacklist.conf: ("/ARM: dts: spear13xx: Update SPI dma properties"/)
- commit d4905d6
- ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes)
- commit 23153db
- ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes)
- commit 5fc1380
- ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes)
- commit 71afe29
- ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes)
- commit afc6580
- ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes)
- commit bc1fb03
- ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes)
- commit fee81b1
- blacklist.conf: ("/ARM: iop32x: offset IRQ numbers by 1"/)
- commit abcec77
- ARM: tegra: Move panels to AUX bus (git-fixes)
- commit 50fd172
- ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes)
- commit 0f51816
- ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes)
- commit 40ff6d7
- ARM: dts: meson: Fix the UART compatible strings (git-fixes)
- commit 27df56a
- ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes)
- commit 62b05df
- ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes)
- commit 587bb4a
- ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes)
- commit 8309249
- ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes)
- commit 2e353f0
- ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes)
- commit c7c1408
- ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes)
- commit ca31c5d
- ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes)
- commit 43a6857
- ARM: socfpga: dts: fix qspi node compatible (git-fixes)
- commit 8773156
- nvme-tcp: allow selecting the network interface for connections
  (bsc#1199670).
- commit 24adf25
- scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046).
- scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046).
- scsi: qla2xxx: Remove free_sg command flag (bsc#1200046).
- scsi: qla2xxx: Fix missed DMA unmap for aborted commands
  (bsc#1200046).
- commit 0e2231e
- Refresh
  patches.suse/nvme-multipath-use-vmalloc-for-ana-log-buffer.patch.
- commit 971fe0e
- scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045).
- scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for
  NVMe I/O (bsc#1200045).
- scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045).
- scsi: lpfc: Rework FDMI initialization after link up
  (bsc#1200045).
- scsi: lpfc: Change VMID registration to be based on fabric
  parameters (bsc#1200045).
- scsi: lpfc: Decrement outstanding gidft_inp counter if
  lpfc_err_lost_link() (bsc#1200045).
- scsi: lpfc: Use list_for_each_entry_safe() in
  rscn_recovery_check() (bsc#1200045).
- scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event()
  (bsc#1200045).
- scsi: lpfc: Inhibit aborts if external loopback plug is inserted
  (bsc#1200045).
- scsi: lpfc: Fix ndlp put following a LOGO completion
  (bsc#1200045).
- scsi: lpfc: Fill in missing ndlp kref puts in error paths
  (bsc#1200045).
- scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4()
  (bsc#1200045).
- scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call
  (bsc#1200045).
- scsi: lpfc: Fix additional reference counting in
  lpfc_bsg_rport_els() (bsc#1200045).
- scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()
  (bsc#1200045).
- scsi: lpfc: Remove unnecessary null ndlp check in
  lpfc_sli_prep_wqe() (bsc#1200045).
- scsi: lpfc: Remove unneeded variable (bsc#1200045).
- scsi: lpfc: Copyright updates for 14.2.0.2 patches
  (bsc#1200045).
- scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045).
- scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE
  (bsc#1200045).
- scsi: lpfc: Update stat accounting for READ_STATUS mbox command
  (bsc#1200045).
- scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045).
- scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045).
- scsi: lpfc: Fix field overload in lpfc_iocbq data structure
  (bsc#1200045).
- scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post
  RSCN completion (bsc#1200045).
- scsi: lpfc: Register for Application Services FC-4 type in
  Fabric topology (bsc#1200045).
- scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports
  (bsc#1200045).
- scsi: lpfc: Revise FDMI reporting of supported port speed for
  trunk groups (bsc#1200045).
- scsi: lpfc: Fix call trace observed during I/O with CMF enabled
  (bsc#1200045).
- scsi: lpfc: Correct CRC32 calculation for congestion stats
  (bsc#1200045).
- scsi: lpfc: Move MI module parameter check to handle dynamic
  disable (bsc#1200045).
- scsi: lpfc: Remove unnecessary NULL pointer assignment for
  ELS_RDF path (bsc#1200045).
- scsi: lpfc: Transition to NPR state upon LOGO cmpl if link
  down or aborted (bsc#1200045).
- scsi: lpfc: Update fc_prli_sent outstanding only after
  guaranteed IOCB submit (bsc#1200045).
- scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT
  (bsc#1200045).
- scsi: lpfc: Fix null pointer dereference after failing to
  issue FLOGI and PLOGI (bsc#1200045).
- scsi: lpfc: Clear fabric topology flag before initiating a
  new FLOGI (bsc#1200045).
- scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock
  (bsc#1200045).
- scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports
  link down (bsc#1200045).
- scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field
  (bsc#1200045).
- scsi: lpfc: Fix diagnostic fw logging after a function reset
  (bsc#1200045).
- scsi: lpfc: Move cfg_log_verbose check before calling
  lpfc_dmp_dbg() (bsc#1200045).
- scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe
  rescan (bsc#1200045).
- blk-cgroup: move blkcg_{get,set}_fc_appid out of line
  (bsc#1200045).
- scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE
  (bsc#1200045 bsc#1198989 bsc#1197675).
- scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045
  bsc#1198989 bsc#1197675).
- commit d7157b7
- iommu/amd: Increase timeout waiting for GA log enablement
  (bsc#1199052).
- commit fe9fbe6
- lpfc: Readd update to version 14.2.0.1 (bsc#1197675 bsc#1196478 bsc#1198989)
  The update was reverted due to some regression on older
  hardware. These have been fixed in the meantime, thus update the
  driver.
- commit 200ac05
- revert scsi: qla2xxx: Changes to support FCP2 Target
  (bsc#1198438).
- commit 12ff2a5
- net: rtlwifi: properly check for alloc_workqueue() failure
  (git-fixes).
- Revert "/rtlwifi: fix a potential NULL pointer dereference"/
  (git-fixes).
- commit 24fe374
- mt76: check return value of mt76_txq_send_burst in
  mt76_txq_schedule_list (git-fixes).
- commit 962a439
- spi: Introduce device-managed SPI controller allocation
  (git-fixes).
- commit 9cd5722
- powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521
  git-fixes).
- powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask
  (bsc#1061840 git-fixes).
- commit 6362663
- blacklist.conf: kABI, cleanup that renames constants
- commit e8bfcff
- blacklist.conf: kABI, renames declarations
- commit 1b506e7
- blacklist.conf: switches off compilation of a driver on some arches. Either irrelevant or breaks kABI.
- commit a8132c8
- media: netup_unidvb: Don't leak SPI master in probe error path
  (git-fixes).
- commit 539b59b
- Refresh
  patches.suse/lockdown-also-lock-down-previous-kgdb-use.patch.
  In this case, we can not simply use __GENKSYMS__ to wrap new
  LOCKDOWN_DBG_WRITE/READ_KERNEL fields in enum lockdown_reason
  struct. So let's remove __GENKSYMS__ and add a kabi workaround
  patch. (bsc#1199426 CVE-2022-21499)
- commit 88eddb5
- lockdown: kABI workaround for lockdown_reason changes
  (bsc#1199426, CVE-2022-21499).
- commit fe7a29a
- powerpc/powernv: Get STF barrier requirements from device-tree
  (bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Get L1D flush requirements from device-tree
  (bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Add __init attribute to eligible functions
  (bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Remove POWER9 PVR version check for entry
  and uaccess flushes (bsc#1188885 ltc#193722 git-fixes).
- commit 4e35232
- powerpc/fadump: fix PT_LOAD segment for boot memory area
  (bsc#1103269 ltc#169948 git-fixes).
- commit 726e54b
- Update patch metadata references
- commit c29f6ae
- KVM: VMX: Fix stale docs for
  kvm-intel.emulate_invalid_guest_state (git-fixes).
- commit 56b5e51
- Kconfig.debug: drop selecting non-existing
  HARDLOCKUP_DETECTOR_ARCH (git-fixes).
- commit 9876873
- arm64: paravirt: Use RCU read locks to guard stolen_time
  (git-fixes).
- commit 06cf912
- smp: Fix offline cpu check in flush_smp_call_function_queue()
  (git-fixes).
- commit 798956d
- mm, page_alloc: fix build_zonerefs_node() (git-fixes).
- commit 25a1706
- Input: stmfts - do not leave device disabled in
  stmfts_input_open (git-fixes).
- commit 7f01cd9
- dmaengine: stm32-mdma: remove GISR1 register (git-fixes).
- dmaengine: idxd: Fix the error handling path in
  idxd_cdev_register() (git-fixes).
- Input: sparcspkr - fix refcount leak in bbc_beep_probe
  (git-fixes).
- misc: ocxl: fix possible double free in ocxl_file_register_afu
  (git-fixes).
- pinctrl: mvebu: Fix irq_of_parse_and_map() return value
  (git-fixes).
- pinctrl/rockchip: support deferring other gpio params
  (git-fixes).
- commit 9a75e78
- btrfs: extent-tree: kill the BUG_ON() in
  insert_inline_extent_backref() (CVE-2019-19377 bsc#1158266).
- commit 31a8792
- btrfs: extent-tree: kill BUG_ON() in  __btrfs_free_extent()
  (CVE-2019-19377 bsc#1158266).
- commit 75b17c1
- crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes).
- crypto: caam - fix i.MX6SX entropy delay value (git-fixes).
- crypto: x86 - eliminate anonymous module_init & module_exit
  (git-fixes).
- mfd: ipaq-micro: Fix error check return value of
  platform_get_irq() (git-fixes).
- clk: imx8mp: fix usb_root_clk parent (git-fixes).
- clk: renesas: r9a06g032: Fix the RTC hclock description
  (git-fixes).
- PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes).
- PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes).
- PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes).
- PCI: imx6: Fix PERST# start-up sequence (git-fixes).
- PCI: dwc: Fix setting error return on MSI DMA mapping failure
  (git-fixes).
- PCI: cadence: Fix find_first_zero_bit() limit (git-fixes).
- PCI/PM: Power up all devices during runtime resume (git-fixes).
- PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes).
- tty: fix deadlock caused by calling printk() under
  tty_port->lock (git-fixes).
- commit ec70afa
- NFC: hci: fix sleep in atomic context bugs in
  nfc_hci_hcp_message_tx (git-fixes).
- commit 61459e4
- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
  (git-fixes).
- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
  (git-fixes).
- nl80211: show SSID for P2P_GO interfaces (git-fixes).
- NFC: NULL out the dev->rfkill to prevent UAF (git-fixes).
- media: ov7670: remove ov7670_power_off from ov7670_remove
  (git-fixes).
- media: pvrusb2: fix array-index-out-of-bounds in
  pvr2_i2c_core_init (git-fixes).
- thermal/drivers/broadcom: Fix potential NULL dereference in
  sr_thermal_probe (git-fixes).
- thermal/drivers/bcm2711: Don't clamp temperature at zero
  (git-fixes).
- spi: spi-fsl-qspi: check return value after calling
  platform_get_resource_byname() (git-fixes).
- spi: img-spfi: Fix pm_runtime_get_sync() error checking
  (git-fixes).
- spi: spi-ti-qspi: Fix return value handling of
  wait_for_completion_timeout (git-fixes).
- spi: spi-cadence: Fix kernel-doc format for resume/suspend
  (git-fixes).
- regulator: pfuze100: Fix refcount leak in
  pfuze_parse_regulators_dt (git-fixes).
- regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET
  (git-fixes).
- mtd: spi-nor: core: Check written SR value in
  spi_nor_write_16bit_sr_and_check() (git-fixes).
- tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes).
- platform/chrome: cros_ec_debugfs: detach log reader wq from devm
  (git-fixes).
- rtc: mc146818-lib: Fix the AltCentury for AMD platforms
  (git-fixes).
- rtc: fix use-after-free on device removal (git-fixes).
- mmc: block: Use generic_cmd6_time when modifying
  INAND_CMD38_ARG_EXT_CSD (git-fixes).
- mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
  (git-fixes).
- commit 45f0e7e
- gma500: fix an incorrect NULL check on list iterator
  (git-fixes).
- media: uvcvideo: Fix missing check to determine if element is
  found in list (git-fixes).
- media: media-entity.h: Fix documentation for
  media_create_intf_link (git-fixes).
- HID: elan: Fix potential double free in elan_input_configured
  (git-fixes).
- HID: hid-led: fix maximum brightness for Dream Cheeky
  (git-fixes).
- Fix double fget() in vhost_net_set_backend() (git-fixes).
- mac80211: fix rx reordering with non explicit / psmp ack policy
  (git-fixes).
- Input: stmfts - fix reference leak in stmfts_input_open
  (git-fixes).
- Input: add bounds checking to input_set_capability()
  (git-fixes).
- commit 6469b91
- firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS
  response (git-fixes).
- firmware: arm_scmi: Fix list protocols enumeration in the base
  protocol (git-fixes).
- drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes).
- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
  (git-fixes).
- drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes).
- drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
  (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_mixer_release when
  deadlock is detected (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_pipe_release when
  deadlock is detected (git-fixes).
- drm/msm/hdmi: fix error check return value of
  irq_of_parse_and_map() (git-fixes).
- commit 0cce114
- drm/msm/hdmi: check return value after calling
  platform_get_resource_byname() (git-fixes).
- drm/msm/dsi: fix error checks and return values for DSI xmit
  functions (git-fixes).
- drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use
  after memory free during pm runtime resume (git-fixes).
- drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes).
- drm/mediatek: Fix mtk_cec_mask() (git-fixes).
- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
  (git-fixes).
- drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01
  (git-fixes).
- drm/bridge: Fix error handling in analogix_dp_probe (git-fixes).
- drm: mali-dp: potential dereference of null pointer (git-fixes).
- commit def8c76
- drivers/base/memory: fix an unlikely reference counting issue
  in __add_memory_block() (git-fixes).
- drivers/base/node.c: fix compaction sysfs file leak (git-fixes).
- ALSA: usb-audio: Configure sync endpoints before data
  (git-fixes).
- ASoC: max98090: Move check for invalid values before casting
  in max98090_put_enab_tlv() (git-fixes).
- ASoC: wm2000: fix missing clk_disable_unprepare() on error in
  wm2000_anc_transition() (git-fixes).
- ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_*
  (git-fixes).
- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes).
- ASoC: atmel-classd: Remove endianness flag on class d component
  (git-fixes).
- ASoC: atmel-pdmic: Remove endianness flag on pdmic component
  (git-fixes).
- ASoC: rk3328: fix disabling mclk on pclk probe failure
  (git-fixes).
- ASoC: mediatek: Fix missing of_node_put in
  mt2701_wm8960_machine_probe (git-fixes).
- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
  (git-fixes).
- ALSA: usb-audio: Add missing ep_idx in fixed EP quirks
  (git-fixes).
- ALSA: pcm: Check for null pointer of pointer substream before
  dereferencing it (git-fixes).
- drm/komeda: Fix an undefined behavior bug in komeda_plane_add()
  (git-fixes).
- drm/vc4: txp: Force alpha to be 0xff if it's disabled
  (git-fixes).
- drm/vc4: txp: Don't set TXP_VSTART_AT_EOF (git-fixes).
- drm/vc4: hvs: Reset muxes at probe time (git-fixes).
- drm: sti: don't use kernel-doc markers (git-fixes).
- drm/nouveau/clk: Fix an incorrect NULL check on list iterator
  (git-fixes).
- drm/bridge: adv7511: clean up CEC adapter when probe fails
  (git-fixes).
- drm/edid: fix invalid EDID extension block filtering
  (git-fixes).
- drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on
  list iterator (git-fixes).
- drm/blend: fix typo in the comment (git-fixes).
- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
  (git-fixes).
- Bluetooth: hci_qca: Use del_timer_sync() before freeing
  (git-fixes).
- Bluetooth: fix dangling sco_conn and use-after-free in
  sco_sock_timeout (git-fixes).
- carl9170: tx: fix an incorrect use of list iterator (git-fixes).
- ath9k_htc: fix potential out of bounds access with invalid
  rxstatus->rs_keyix (git-fixes).
- ath9k: fix ar9003_get_eepmisc (git-fixes).
- docs: submitting-patches: Fix crossref to 'The canonical patch
  format' (git-fixes).
- ACPI: property: Release subnode properties with data nodes
  (git-fixes).
- ALSA: wavefront: Proper check of get_user() error (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Lenovo P360
  (git-fixes).
- crypto: x86/chacha20 - Avoid spurious jumps to other functions
  (git-fixes).
- crypto: stm32 - fix reference leak in stm32_crc_remove
  (git-fixes).
- Bluetooth: call hci_le_conn_failed with hdev lock in
  hci_le_conn_failed (git-fixes).
- commit 72b8536
- Update patch reference for libata fix (bsc#1118212).
- commit 9e93177
- KVM: x86/speculation: Disable Fill buffer clear within guests (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 3afdfd4
- lockdown: also lock down previous kgdb use (bsc#1199426
  CVE-2022-21499).
- commit 090b59e
- kernel-binary.spec: Support radio selection for debuginfo.
  To disable debuginfo on 5.18 kernel a radio selection needs to be
  switched to a different selection. This requires disabling the currently
  active option and selecting NONE as debuginfo type.
- commit 43b5dd3
- perf: Fix sys_perf_event_open() race against self
  (CVE-2022-1729, bsc#1199507).
- commit feaf8f1
- x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 7356a15
- Update bug reference to bsc#1196840
  bsc#1195826 is for SLE15-SP4
- commit c323b60
- ext4: avoid cycles in directory h-tree (bsc#1198577
  CVE-2022-1184).
- commit b98a7a0
- ext4: verify dir block before splitting it (bsc#1198577
  CVE-2022-1184).
- commit 1b10a51
- x86/speculation/srbds: Update SRBDS mitigation selection (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit f7e3619
- series.conf: sort the patches
- commit 77394cc
- x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 449a24c
- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
  (bsc#1065729).
- commit 55daac9
- scsi: fnic: Replace DMA mask of 64 bits with 47 bits
  (bsc#1199631).
- commit 9223fba
- ionic: fix missing pci_release_regions() on error in
  ionic_probe() (bsc#1167773).
- net/mlx5e: Fix the calling of update_buffer_lossy() API
  (jsc#SLE-15172).
- bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075).
- bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS
  flag (jsc#SLE-8371 bsc#1153274).
- hinic: fix bug of wq out of bound access (bsc#1176447).
- net: hns3: clear inited state and stop client after failed to
  register netdev (bsc#1154353).
- netfilter: nft_set_rbtree: overlap detection with element
  re-addition after deletion (bsc#1176447).
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove()
  (jsc#SLE-15176, jsc#SLE-16387).
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap
  (jsc#SLE-12878).
- ice: synchronize_rcu() when terminating rings (jsc#SLE-7926).
- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg
  (jsc#SLE-7926).
- ice: Clear default forwarding VSI during VSI release
  (jsc#SLE-12878).
- net: hns3: fix bug when PF set the duplicate MAC address for
  VFs (jsc#SLE-14777).
- ionic: remove the dbid_inuse bitmap (bsc#1167773).
- ionic: disable napi when ionic_lif_init() fails (bsc#1167773).
- ionic: Cleanups in the Tx hotpath code (bsc#1167773).
- ionic: Don't send reset commands if FW isn't running
  (bsc#1167773).
- ionic: start watchdog after all is setup (bsc#1167773).
- ionic: fix type complaint in ionic_dev_cmd_clean()
  (jsc#SLE-16649).
- net/mlx5: Fix a race on command flush flow (jsc#SLE-15172).
- i40e: stop disabling VFs due to PF error responses (git-fixes).
- ionic: monitor fw status generation (bsc#1167773).
- ionic: avoid races in ionic_heartbeat_check (bsc#1167773).
- commit 16310e3
- x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit c2d3c0f
- docs: powerpc: Fix misspellings and grammar errors (bsc#1055117
  ltc#159753).
- commit a757a54
- x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 93d2214
- powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117
  ltc#159753).
- commit 76e65ef
- x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit f354e6f
- blacklist.conf: add Renesas SuperH Ethernet
- commit d918a41
- x86/speculation: Add a common function for MD_CLEAR mitigation update (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit e71b0a6
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in
  cpuset_init_smp() (bsc#1199839).
- commit 1cc3b7f
- Update patch reference for crypto fix (bsc#1197601)
- commit afd04b9
- Update patch references for ax25 fixes (CVE-2022-1204 bsc#1198025)
- commit 18cea2f
- KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
- commit b16b2e0
- blacklist.conf: riscv architecture not supported.
- commit c0e1845
- i2c: mt7621: fix missing clk_disable_unprepare() on error in
  mtk_i2c_probe() (git-fixes).
- commit ee5045f
- x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 81d7b12
- Input: ili210x - fix reset timing (git-fixes).
- commit 6a3dd7d
- clk: at91: generated: consider range when calculating best rate
  (git-fixes).
- clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes).
- gpio: mvebu/pwm: Refuse requests with inverted polarity
  (git-fixes).
- gpio: gpio-vf610: do not touch other bits when set the target
  bit (git-fixes).
- commit cb7aee7
- ping: fix the sk_bound_dev_if match in ping_lookup
  (bsc#1195826).
- commit fc7752f
- NFC: nci: fix sleep in atomic context bugs caused by
  nci_skb_alloc (git-fixes).
- ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes).
- ALSA: hda - fix unused Realtek function when PM is not enabled
  (git-fixes).
- tty/serial: digicolor: fix possible null-ptr-deref in
  digicolor_uart_probe() (git-fixes).
- USB: serial: qcserial: add support for Sierra Wireless EM7590
  (git-fixes).
- USB: serial: option: add Fibocom MA510 modem (git-fixes).
- USB: serial: option: add Fibocom L610 modem (git-fixes).
- USB: serial: pl2303: add device id for HP LM930 Display
  (git-fixes).
- drm/nouveau/tegra: Stop using iommu_present() (git-fixes).
- ASoC: ops: Validate input values in snd_soc_put_volsw_range()
  (git-fixes).
- ASoC: max98090: Generate notifications on changes for custom
  control (git-fixes).
- ASoC: max98090: Reject invalid values in custom control put()
  (git-fixes).
- hwmon: (f71882fg) Fix negative temperature (git-fixes).
- commit f35fecc
- kABI: Fix kABI after CVE-2022-0171 backport (CVE-2022-0171
  bsc#1199509).
- commit da4b250
- KVM: SEV: add cache flush to solve SEV cache incoherency issues
  (CVE-2022-0171 bsc#1199509).
- commit b851a8d
- ping: remove pr_err from ping_lookup (bsc#1195826).
- commit d9c0959
- patches.suse/ping-fix-the-dif-and-sdif-check-in-ping_lookup.patch:
  (bsc#1195826).
- commit 964b9e7
- floppy: use a statically allocated error counter (bsc#1199063
  CVE-2022-1652).
- commit 3cde83e
- media: vim2m: Register video device after setting up internals
  (git-fixes).
- commit c68692a
- netfilter: nf_conntrack_tcp: re-init for syn packets only
  (bsc#1199035).
- commit adf0a01
- netfilter: nf_conntrack_tcp: preserve liberal flag in tcp
  options (bsc#1199035).
- commit 306abaf
- netfilter: conntrack: re-init state for retransmitted syn-ack
  (bsc#1199035).
- commit 9167545
- netfilter: conntrack: move synack init code to helper
  (bsc#1199035).
- commit 0f49ef3
- netfilter: conntrack: connection timeout after re-register
  (bsc#1199035).
- commit f95a3ee
- copy_process(): Move fd_install() out of sighand->siglock
  critical section (bsc#1199626).
- commit 7c0210b
- blacklist.conf: Add 7d613f9f72ec signal: Remove the bogus sigkill_pending in ptrace_stop
- commit e163427
- blacklist.conf: Add e7f7c99ba911 signal: In get_signal test for signal_group_exit every time through the loop
- commit b279627
- Update patch reference for NFC fix (CVE-2022-1734 bsc#1199605).
- commit d3208d6
- nfc: nfcmrvl: main: reorder destructive operations in
  nfcmrvl_nci_unregister_dev to avoid bugs (CVE-2022-1734
  bsc#1199605 git-fixes).
- commit 4841312
- blacklist.conf: kABI
- commit 3cbffe4
- blacklist.conf: fixes only a warning, generated code not changed
- commit e762772
- blacklist.conf: depends on support for the AST2600, which we don't have
- commit 10f8b9b
- media: platform: add missing put_device() call in
  mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes).
- commit 686e148
- slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes).
- serial: 8250_mtk: Fix register address for XON/XOFF character
  (git-fixes).
- serial: 8250_mtk: Fix UART_EFR register address (git-fixes).
- usb: typec: tcpci: Don't skip cleanup in .remove() on error
  (git-fixes).
- drm/nouveau: Fix a potential theorical leak in
  nouveau_get_backlight_name() (git-fixes).
- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes).
- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes).
- hwmon: (tmp401) Add OF device ID table (git-fixes).
- Bluetooth: Fix the creation of hdev->name (git-fixes).
- drm/amd/display/dc/gpio/gpio_service: Pass around correct
  dce_{version, environment} types (git-fixes).
- commit ffb14db
- SUNRPC: Ensure that the gssproxy client can start in a connected
  state (git-fixes).
- commit d77dab5
- Revert "/SUNRPC: Ensure gss-proxy connects on setup"/ (git-fixes).
- commit 7ee04aa
- NFS: limit use of ACCESS cache for negative responses
  (bsc#1196570).
- Refresh
  patches.kabi/NFS-pass-cred-explicitly-for-access-tests.patch.
- commit 0b13da9
- Update
  patches.suse/sctp-delay-auto_asconf-init-until-binding-the-first-.patch
  headers (CVE-2021-23133 bsc#1184675).
  Remove unwanted patch headers which have hidden intended CVE and bugzilla
  references (shown above) when the patch was added. The primary purpose of
  this commit is to get the CVE/bugzilla references to git and rpm changelog.
- commit 33c2a2f
- ata: pata_hpt37x: fix PCI clock detection (git-fixes).
- commit 8a557d3
- sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl
  (git-fixes).
- commit 287c3d2
- sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
  (git-fixes).
- commit 8690a8c
- ARM: dts: at91: fix pinctrl phandles (git-fixes)
- commit f0cde52
- ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes)
- commit 61bf915
- mmc: block: fix read single on recovery logic (CVE-2022-20008
  bsc#1199564).
- commit b8775dd
- usb: cdc-wdm: fix reading stuck on device close (git-fixes).
- commit 8f25bcd
- scsi: sr: Do not leak information in ioctl (git-fixes).
- scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes).
- scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63
  (git-fixes).
- scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
  (git-fixes).
- scsi: virtio-scsi: Eliminate anonymous module_init & module_exit
  (git-fixes).
- drbd: fix an invalid memory access caused by incorrect use of
  list iterator (git-fixes).
- drbd: Fix five use after free bugs in get_initial_state
  (git-fixes).
- scsi: hisi_sas: Change permission of parameter prot_mask
  (git-fixes).
- scsi: pm8001: Fix abort all task initialization (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command completion handling
  (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command task initialization
  (git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
  (git-fixes).
- scsi: pm8001: Fix le32 values handling in
  pm80xx_chip_ssp_io_req() (git-fixes).
- scsi: pm8001: Fix payload initialization in
  pm80xx_encrypt_update() (git-fixes).
- scsi: pm8001: Fix le32 values handling in
  pm80xx_set_sas_protocol_timer_config() (git-fixes).
- scsi: pm8001: Fix payload initialization in
  pm80xx_set_thermal_config() (git-fixes).
- scsi: pm8001: Fix command initialization in
  pm8001_chip_ssp_tm_req() (git-fixes).
- scsi: pm8001: Fix command initialization in
  pm80XX_send_read_log() (git-fixes).
- scsi: fnic: Fix a tracing statement (git-fixes).
- commit 4f3c957
- Added two git-fixes to be blacklisted
- commit 35e3e29
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on
  PTRACE_SEIZE (CVE-2022-30594 bsc#1199505 bsc#1198413).
- commit fd4d93d
- Add patch reference to seccomp fix (CVE-2022-30594 bsc#1199505 bsc#1198413)
  Also shorten the patch file name to standard size
- commit 483f56d
- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU
  protection (git-fixes).
- mac80211: Reset MBSSID parameters upon connection (git-fixes).
- iwlwifi: iwl-dbg: Use del_timer_sync() before freeing
  (git-fixes).
- batman-adv: Don't skb_split skbuffs with frag_list (git-fixes).
- dim: initialize all struct fields (git-fixes).
- ASoC: meson: Fix event generation for G12A tohdmi mux
  (git-fixes).
- ASoC: da7219: Fix change notifications for tone generator
  frequency (git-fixes).
- ASoC: wm8958: Fix change notifications for DSP controls
  (git-fixes).
- firewire: core: extend card->lock in fw_core_handle_bus_reset
  (git-fixes).
- firewire: remove check of list iterator against head past the
  loop body (git-fixes).
- firewire: fix potential uaf in outbound_phy_packet_callback()
  (git-fixes).
- PCI: aardvark: Clear all MSIs at setup (git-fixes).
- commit 7fe0786
- smsc911x: allow using IRQ0 (git-fixes).
- serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
  (git-fixes).
- USB: serial: whiteheat: fix heap overflow in
  WHITEHEAT_GET_DTR_RTS (git-fixes).
- USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
  (git-fixes).
- USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
  (git-fixes).
- USB: serial: option: add Telit 0x1057, 0x1058, 0x1075
  compositions (git-fixes).
- usb: gadget: configfs: clear deactivation flag in
  configfs_composite_unbind() (git-fixes).
- usb: misc: fix improper handling of refcount in uss720_probe()
  (git-fixes).
- xhci: increase usb U3 -> U0 link resume timeout from 100ms to
  500ms (git-fixes).
- xhci: stop polling roothubs after shutdown (git-fixes).
- thermal: int340x: Fix attr.show callback prototype (git-fixes).
- commit 432e747
- NFC: netlink: fix sleep in atomic bug when firmware download
  timeout (git-fixes).
- nfc: nfcmrvl: main: reorder destructive operations in
  nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes).
- iio: dac: ad5446: Fix read_raw not returning set value
  (git-fixes).
- iio: magnetometer: ak8975: Fix the error handling in
  ak8975_power_on() (git-fixes).
- phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
  (git-fixes).
- phy: mapphone-mdm6600: Fix PM error handling in
  phy_mdm6600_probe (git-fixes).
- phy: ti: omap-usb2: Fix error handling in
  omap_usb2_enable_clocks (git-fixes).
- phy: samsung: exynos5250-sata: fix missing device put in probe
  error paths (git-fixes).
- phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
  (git-fixes).
- serial: 8250: Also set sticky MCR bits in console restoration
  (git-fixes).
- serial: imx: fix overrun interrupts in DMA mode (git-fixes).
- mtd: rawnand: Fix return value check of
  wait_for_completion_timeout (git-fixes).
- mtd: rawnand: fix ecc parameters for mt7622 (git-fixes).
- pinctrl: pistachio: fix use of irq_of_parse_and_map()
  (git-fixes).
- pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes).
- reset: tegra-bpmp: Restore Handle errors in BPMP response
  (git-fixes).
- mt76: Fix undefined behavior due to shift overflowing the
  constant (git-fixes).
- platform/x86: samsung-laptop: Fix an unsigned comparison which
  can never be negative (git-fixes).
- PCI: Do not enable AtomicOps on VFs (git-fixes).
- PCI: iproc: Set affinity mask on MSI interrupts (git-fixes).
- commit 6ee3f02
- ASoC: dmaengine: Restore NULL prepare_slave_config() callback
  (git-fixes).
- ALSA: fireworks: fix wrong return count shorter than expected
  by 4 bytes (git-fixes).
- gpio: pca953x: fix irq_stat not updated when irq is disabled
  (irq_mask not set) (git-fixes).
- gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
  (git-fixes).
- can: grcan: use ofdev->dev when allocating DMA memory
  (git-fixes).
- can: grcan: grcan_close(): fix deadlock (git-fixes).
- iio: dac: ad5592r: Fix the missing return value (git-fixes).
- bus: sunxi-rsb: Fix the return value of
  sunxi_rsb_device_create() (git-fixes).
- clk: sunxi: sun9i-mmc: check return value after calling
  platform_get_resource() (git-fixes).
- drm/amdkfd: Fix GWS queue count (git-fixes).
- drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses
  (git-fixes).
- hex2bin: fix access beyond string end (git-fixes).
- ata: pata_marvell: Check the 'bmdma_addr' beforing reading
  (git-fixes).
- ALSA: usb-audio: Clear MIDI port active flag after draining
  (git-fixes).
- drm/msm/mdp5: check the return of kzalloc() (git-fixes).
- brcmfmac: sdio: Fix undefined behavior due to shift overflowing
  the constant (git-fixes).
- ALSA: usb-audio: Fix undefined behavior due to shift overflowing
  the constant (git-fixes).
- commit 12e07e6
- EDAC/synopsys: Read the error count from the correct register
  (bsc#1178134).
- commit 247c29e
- powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395).
- commit 72503c7
- blacklist.conf: Add 35d2f249ef0 powerpc/64s: Fix copy-paste data exposure into newly created tasks
- commit f5594b7
- NFSv4: nfs_atomic_open() can race when looking up a non-regular
  file (bsc#1195612 CVE-2022-24448).
- commit db3a8ef
- kABI: ivtv: restore caps member (git-fixes).
- commit 2c3f6cc
- ivtv: fix incorrect device_caps for ivtvfb (git-fixes).
- commit 2ffad22
- media: saa7134: fix incorrect use to determine if list is empty
  (git-fixes).
- commit faf8c31
- blacklist.conf: changes API visible to user space
- commit e83f4b0
- blacklist.conf: cleanup designed to break kABI
- commit a17a5f2
- media: davinci: vpif: fix use-after-free on driver unbind
  (git-fixes).
- commit 0d124d5
- media: davinci: vpif: fix unbalanced runtime PM enable
  (git-fixes).
- commit 62da1d6
- media: davinci: Make use of the helper function
  devm_platform_ioremap_resource() (git-fixes).
- commit 8aa4890
- media: videobuf2: Fix the size printk format (git-fixes).
- commit 0442925
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
- commit 039ffb2
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 46bcd39
- usb: mtu3: fix USB 3.0 dual-role-switch from device to host
  (git-fixes).
- commit e008ec3
- usb: typec: ucsi: Fix role swapping (git-fixes).
- commit 0f6815d
- usb: typec: ucsi: Fix reuse of completion structure (git-fixes).
- commit 384b054
- USB: quirks: add STRING quirk for VCOM device (git-fixes).
- commit 9995a55
- USB: quirks: add a Realtek card reader (git-fixes).
- commit 1c7cb74
- timekeeping: Really make sure wall_to_monotonic isn't (git-fixes)
- commit e27a1b4
- sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes)
- commit d7997c9
- genirq/affinity: Consider that CPUs on nodes can be (git-fixes)
- commit abdcbca
- genirq/timings: Fix error return code in (git-fixes)
- commit 12c2013
- genirq/msi: Ensure deactivation on teardown (git-fixes)
- commit f56bf3a
- genirq/timings: Prevent potential array overflow in (git-fixes)
- commit 218e50c
- genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes)
- commit 8a841da
- lib/raid6/test: fix multiple definition linking error
  (git-fixes).
- commit 22722bc
- genirq/affinity: Handle affinity setting on inactive (git-fixes)
- commit bc0a024
- drm/i915: Update TGL and RKL DMC firmware versions
  (bsc#1198924).
- commit cce0630
- genirq: Fix reference leaks on irq affinity notifiers (git-fixes)
- commit 7b2fde0
- genirq/proc: Reject invalid affinity masks (again) (git-fixes)
- commit 420a601
- series.conf: cleanup
  - Move submitted patch to "/sorted"/ section
    patches.suse/SUNRPC-change-locking-for-xs_swap_enable-disable.patch
- commit d411c20
- timers: Fix warning condition in __run_timers() (git-fixes)
- commit 91079b8
- Revert "/SUNRPC: attempt AF_LOCAL connect on setup"/ (git-fixes).
- SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
- NFSv4: Don't invalidate inode attributes on delegation return
  (git-fixes).
- commit c794712
- cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
  (CVE-2022-0168 bsc#1197472).
- commit 5256a40
- cifs: prevent bad output lengths in smb2_ioctl_query_info()
  (CVE-2022-0168 bsc#1197472).
- commit 3989909
- nvdimm/region: always show the 'align' attribute (bsc#1199114).
- commit 6437352
- net: hns3: add a check for index in hclge_get_rss_key()
  (git-fixes).
- commit 43b8d6e
- net: hdlc_ppp: Fix issues when mod_timer is called while timer
  is running (git-fixes).
- commit e3f1aee
- net: bcmgenet: Fix a resource leak in an error handling path
  in the probe functin (git-fixes).
- commit 93f6ac8
- lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes).
- commit 47f1751
- lan743x: remove redundant assignment to variable
  rx_process_result (git-fixes).
- commit 529465d
- series.conf: sort out patches
- commit a6ad4ca
- rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775)
- commit 5d4e32c
- sched/topology: Skip updating masks for non-online nodes
  (bsc#1197446 ltc#183000).
- commit 1e43cf6
- Update patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch
  (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes bsc#1197446 ltc#183000).
- commit 89f63a7
- iwlwifi: mvm: fix the return type for DSM functions 1 and 2
  (git-fixes).
- commit 7bb7073
- objtool: Fix type of reloc::addend (git-fixes).
- commit 9c82829
- ixgbevf: add disable link state (bsc#1196426 CVE-2021-33061).
- ixgbe: add improvement for MDD response functionality
  (bsc#1196426 CVE-2021-33061).
- ixgbe: add the ability for the PF to disable VF link state
  (bsc#1196426 CVE-2021-33061).
- commit c5d1777
- mt76: mt7663s: fix rx buffer refcounting (git-fixes).
- commit 098565a
- usb: dwc3: gadget: Return proper request status (git-fixes).
- commit 73a340f
- usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
- commit 454e4d6
- usb: dwc3: core: Fix tx/rx threshold settings (git-fixes).
- commit c81dcdc
- Revert lpfc driver update to 14.2.0.1 (bsc#1198989)
- commit eb15c95
- blacklist.conf: ("/arm64: patch_text: Fixup last cpu should be master"/)
- commit ec52e4c
- blacklist.conf: ("/arm64: prevent instrumentation of bp hardening callbacks"/)
- commit 4711dc6
- blacklist.conf: ("/arm64: dts: ls1046a: Update i2c node dma properties"/)
- commit 35426a5
- blacklist.conf: ("/arm64: dts: ls1043a: Update i2c dma properties"/)
- commit 080fa21
- arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes)
- commit ff56d7c
- arm64: dts: broadcom: Fix sata nodename (git-fixes)
- commit ae709d6
- arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes)
- commit 7fe2a15
- arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes)
- commit 86007a2
- net: mana: Remove unnecessary check of cqe_type in
  mana_process_rx_cqe() (bsc#1195651).
- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
- net: mana: Reuse XDP dropped page (bsc#1195651).
- net: mana: Add counter for XDP_TX (bsc#1195651).
- net: mana: Add counter for packet dropped by XDP (bsc#1195651).
- net: mana: Use struct_size() helper in
  mana_gd_create_dma_region() (bsc#1195651).
- commit c23f4de
- arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes)
- commit 1b82f10
- drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes)
- commit dd7ee34
- arm64: Always force a branch protection mode when the compiler has one (git-fixes).
  Refresh patches.suse/arm64-enable-tlbi-range-instructions.patch.
- commit fa4122b
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit a40b3c9
- blacklist.conf: Append 'drm/tegra: Add back arm_iommu_detach_device()'
- commit f7fdb0f
- blacklist.conf: Append 'drm/i915: Fix syncmap memory leak'
- commit 5ad47f2
- drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472)
- commit f640496
- USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489)
- commit 30a990e
- drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472)
- commit 40b57d4
- drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489)
- commit e9f409a
- drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489)
- commit 20ca121
- drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472)
- commit dd83cfa
- backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489)
- commit 9612dd6
- drm/vmwgfx: Remove unused compile options (bsc#1152472)
- commit fdc716b
- mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes).
- commit 83451f5
- adm8211: fix error return code in adm8211_probe() (git-fixes).
- blacklist.conf:
- commit 88c7ed6
- bnx2x: fix napi API usage sequence (bsc#1198217).
- commit 62d4fc3
- blacklist.conf: Append 'Revert "/drm/i915/tgl/dsi: Gate the ddi clocks after pll mapping"/'
- commit f314ea7
- Revert "/drm/i915/tgl/dsi: Gate the ddi clocks after pll mapping"/ (bsc#1152489)
- commit 3316fe5
- drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472)
- commit 1614767
- drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489)
- commit c29d398
- blacklist.conf: Append 'drm/i915: Drop all references to DRM IRQ midlayer'
- commit 0f90ce0
- drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489)
- commit 7533a77
- powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513
  git-fixes).
- commit 2fb7add
- powerpc/perf: Fix power9 event alternatives (bsc#1137728,
  LTC#178106, git-fixes).
- Revert "/ibmvnic: Add ethtool private flag for driver-defined
  queue limits"/ (bsc#1121726 ltc#174633 git-fixes).
- commit fb3d244
- usb: gadget: uvc: Fix crash when encoding data for usb request
  (git-fixes).
- commit 41fb68a
- USB: Fix xhci event ring dequeue pointer ERDP update issue
  (git-fixes).
- commit a4a5749
- net/x25: Fix null-ptr-deref caused by x25_disconnect
  (CVE-2022-1516 bsc#1199012).
- commit bd2f1ec
- blacklist.conf: Append 'vt: Fix character height handling with VT_RESIZEX'
- commit c8d9e53
- video: fbdev: udlfb: properly check endpoint type (bsc#1152489)
- commit 6f1b5e7
- vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489)
- commit 9480dc7
- drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534)
  Refresh patches.suse/drm-vc4-crtc-Make-sure-the-HDMI-controller-is-powere.patch.
- commit f23bc57
- Refresh patches.suse/nvme-pci-disable-the-write-zeros-command-for-Intel-6.patch.
  Workaround rapidquilt patch parsing bug.
- commit 87d73da
- bfq: Make sure bfqg for which we are queueing requests is online
  (bsc#1197926).
- bfq: Get rid of __bio_blkcg() usage (bsc#1197926).
- bfq: Track whether bfq_group is still online (bsc#1197926).
- bfq: Remove pointless bfq_init_rq() calls (bsc#1197926).
  Refresh patches.kabi/block-fixup-kabi-blk_mq_sched_try_insert_merge.patch
- bfq: Drop pointless unlock-lock pair (bsc#1197926).
- bfq: Update cgroup information before merging bio (bsc#1197926).
- bfq: Split shared queues on move between cgroups (bsc#1197926).
- bfq: Avoid merging queues with different parents (bsc#1197926).
- commit ad5069e
- Update config files (bsc#1199024).
  arm LIBNVDIMM y->m
  ppc64le ND_BLK ->m
- commit bfd0e0e
- SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
- commit f31a75c
- ovl: fix missing negative dentry check in ovl_rename()
  (CVE-2021-20321 bsc#1191647).
- commit 14422d8
- Update of patches.suse/xen-x86-obtain-full-video-frame-buffer-address-for-D.patch
- commit e4f67dd
- Update of patches.suse/xen-x86-obtain-upper-32-bits-of-video-frame-buffer-a.patch
- commit 62cffc1
- SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
- commit 5792732
- scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
  (bsc#1028340 bsc#1198825).
- commit daeb829
- block: Drop leftover references to RQF_SORTED (bsc#1182073).
- commit 8b93fb0
- Report kabi after Revert "/NFSv4: Handle the special Linux file
  open access mode"/ (git-fixes).
- commit eaf3351
- SUNRPC: Handle low memory situations in call_status()
  (git-fixes).
- SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes).
- SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
  (git-fixes).
- NFSv4: fix open failure with O_ACCMODE flag (git-fixes).
- Revert "/NFSv4: Handle the special Linux file open access mode"/
  (git-fixes).
- commit bc9b111
- Refresh
  patches.suse/SUNRPC-avoid-race-between-mod_timer-and-del_timer_sy.patch.
  update info now this has landed in mainline
- commit 62eff20
- Input: omap4-keypad - fix pm_runtime_get_sync() error checking
  (git-fixes).
- commit ae48f44
- pahole 1.22 required for full BTF features.
  also recommend pahole for kernel-source to make the kernel buildable
  with standard config
- commit 364f54b
- net: asix: add proper error handling of usb read errors
  (git-fixes).
- commit ff1011e
- blacklist.conf: breaks ABI
- commit 8ec9040
- Update
  patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
  (bsc#1196018 CVE-2022-28748).
  added CVE number
- commit dfbe27e
- random: check for signal_pending() outside of need_resched()
  check (git-fixes).
- hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER
  (git-fixes).
- ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
  (git-fixes).
- ipmi: bail out if init_srcu_struct fails (git-fixes).
- ipmi: Move remove_work to dedicated workqueue (git-fixes).
- ath5k: fix building with LEDS=m (git-fixes).
- commit 628fd01
- blacklist.conf: add one ARCH_NOMADIK entry
- commit e6296cd
- drm/vc4: Use pm_runtime_resume_and_get to fix
  pm_runtime_get_sync() usage (git-fixes).
- drm/panel/raspberrypi-touchscreen: Initialise the bridge in
  prepare (git-fixes).
- drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not
  initialised (git-fixes).
- ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec
  is in use (git-fixes).
- ASoC: msm8916-wcd-digital: Check failure for
  devm_snd_soc_register_component (git-fixes).
- ASoC: soc-dapm: fix two incorrect uses of list iterator
  (git-fixes).
- ASoC: atmel: Remove system clock tree configuration for
  at91sam9g20ek (git-fixes).
- ALSA: hda/hdmi: fix warning about PCM count when used with SOF
  (git-fixes).
- commit 964158d
- drm/mediatek: Add AAL output size configuration (git-fixes).
- commit 655aeed
- drm/i915: Call i915_globals_exit() if pci_register_device()
  fails (git-fixes).
- commit 1f2658b
- blacklist.conf: 0abb33bfca0f drm/i915/gtt: drop the page table optimisation
- commit e68827f
- blacklist.conf: 11e3c676683c drm/imx: ipuv3-plane: Remove two unnecessary export symbols
- commit 6474a0a
- blacklist.conf: b2423184ac33 drm/i915: Enable -Wuninitialized
- commit d70d26a
- blacklist.conf: 34b07d47dd00 drm/i915: Enable -Wuninitialized
- commit fb880ad
- drm/mediatek: Fix aal size config (git-fixes).
- commit 0c5a7bd
- Refresh
  patches.suse/drm-i915-gem-Flush-coherency-domains-on-first-set-do.patch.
  Alt-commit
- commit 4d3e42c
- drm/i915/gem: Flush coherency domains on first set-domain-ioctl
  (git-fixes).
- commit 174f497
- use jobs not processors in the constraints
  jobs is the number of vcpus available to the build, while processors
  is the total processor count of the machine the VM is running on.
- commit a6e141d
- Refresh
  patches.suse/0007-drm-vc4-hdmi-Make-sure-the-controller-is-powered-in-.patch.
  Alt-commit
- commit 02dff0c
- Refresh
  patches.suse/0004-drm-amdgpu-Don-t-query-CE-and-UE-errors.patch.
  Alt-commit
- commit 875e622
- Refresh
  patches.suse/drm-radeon-Avoid-power-table-parsing-memory-leaks.patch.
  Alt-commit
- commit 5dbb1a1
- Refresh
  patches.suse/drm-radeon-Fix-off-by-one-power_state-index-heap-ove.patch.
  Alt-commit
- commit 0db3384
- Refresh
  patches.suse/0003-amdgpu-fix-GEM-obj-leak-in-amdgpu_display_user_frame.patch.
  Alt-commit
- commit f3ae579
- Refresh
  patches.suse/drm-i915-gt-Prevent-use-of-engine-wa_ctx-after-error.patch.
  Alt-commit
- commit bdf1613
- Update patch reference for drm fix (CVE-2022-1419 bsc#1198742)
- commit 5c0501b
- dmaengine: idxd: add RO check for wq max_transfer_size write
  (git-fixes).
- dmaengine: idxd: add RO check for wq max_batch_size write
  (git-fixes).
- dmaengine: mediatek:Fix PM usage reference leak of
  mtk_uart_apdma_alloc_chan_resources (git-fixes).
- dmaengine: imx-sdma: Fix error checking in sdma_event_remap
  (git-fixes).
- dma: at_xdmac: fix a missing check on list iterator (git-fixes).
- e1000e: Fix possible overflow in LTR decoding (git-fixes).
- commit c3cb470
- RDMA/hfi1: Fix use-after-free bug for mm struct (bsc#1179878
  CVE-2020-27835).
- RDMA/mlx5: Add a missing update of cache->last_add
  (jsc#SLE-15175).
- RDMA/mlx5: Don't remove cache MRs when a delay is needed
  (jsc#SLE-15175).
- IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208).
- RDMA/mlx5: Fix the flow of a miss in the allocation of a cache
  ODP MR (jsc#SLE-15175).
- RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449).
- bareudp: use ipv6_mod_enabled to check if IPv6 enabled
  (jsc#SLE-15172).
- commit 8664ee1
- drm/amd/display: don't ignore alpha property on pre-multiplied
  mode (git-fixes).
- ALSA: pcm: Test for "/silence"/ field in struct "/pcm_format_data"/
  (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes).
- regulator: wm8994: Add an off-on delay for WM8994 variant
  (git-fixes).
- drm/amd/display: Fix allocate_mst_payload assert on resume
  (git-fixes).
- gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes).
- drm/amdkfd: Check for potential null return of kmalloc_array()
  (git-fixes).
- drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes).
- drm/amd/display: Update VTEM Infopacket definition (git-fixes).
- drm/amd/display: fix audio format not updated after edid updated
  (git-fixes).
- drm/amd: Add USBC connector ID (git-fixes).
- net: usb: aqc111: Fix out-of-bounds accesses in RX fixup
  (git-fixes).
- ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
  (git-fixes).
- commit d7352af
- KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660).
- commit 0581a66
- Update patch reference for NFC fix (CVE-2021-38208 bsc#1187055)
- commit 37ea6b2
- Update patches.suse/powerpc-pseries-Fix-use-after-free-in-remove_phb_dyn.patch
  (bsc#1065729 bsc#1198660 ltc#197803).
- commit d408779
- ath9k: Fix usage of driver-private space in tx_info (git-fixes).
- ALSA: usb-audio: Limit max buffer and period sizes per time
  (git-fixes).
- ALSA: usb-audio: Increase max buffer size (git-fixes).
- commit fa0433d
- Delete patches.suse/PM-wakeup-simplify-the-output-logic-of-pm_show_wakel.patch
  The patch is superfluous (config not enabled) and would break the build.
- commit 6270819
- spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem
  and controller (git-fixes).
- nfc: nci: add flush_workqueue to prevent uaf (git-fixes).
- staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree
  (git-fixes).
- virtio_console: eliminate anonymous module_init & module_exit
  (git-fixes).
- w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes).
- USB: usb-storage: Fix use of bitfields for hardware data in
  ene_ub6250.c (git-fixes).
- usb: dwc3: omap: fix "/unbalanced disables for smps10_out1"/
  on omap5evm (git-fixes).
- USB: serial: pl2303: add IBM device IDs (git-fixes).
- USB: serial: simple: add Nokia phone driver (git-fixes).
- xhci: fix runtime PM imbalance in USB2 resume (git-fixes).
- xhci: fix uninitialized string returned by
  xhci_decode_ctrl_ctx() (git-fixes).
- mtd: rawnand: atmel: fix refcount issue in
  atmel_nand_controller_init (git-fixes).
- mtd: rawnand: gpmi: fix controller timings setting (git-fixes).
- mtd: onenand: Check for error irq (git-fixes).
- spi: mxic: Fix the transmit path (git-fixes).
- power: supply: wm8350-power: Add missing free in
  free_charger_irq (git-fixes).
- power: supply: wm8350-power: Handle error for
  wm8350_register_irq (git-fixes).
- power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled()
  wrong false return (git-fixes).
- power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes).
- power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
  (git-fixes).
- power: supply: axp20x_battery: properly report current when
  discharging (git-fixes).
- power: reset: gemini-poweroff: Fix IRQ check in
  gemini_poweroff_probe (git-fixes).
- PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails
  (git-fixes).
- PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated
  bridge (git-fixes).
- PCI: aardvark: Fix support for MSI interrupts (git-fixes).
- PCI: pciehp: Add Qualcomm quirk for Command Completed erratum
  (git-fixes).
- PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes).
- mt76: mt7615: check sta_rates pointer in
  mt7615_sta_rate_tbl_update (git-fixes).
- mt76: mt7603: check sta_rates pointer in
  mt7603_sta_rate_tbl_update (git-fixes).
- ray_cs: Check ioremap return value (git-fixes).
- video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes).
- video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes).
- video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
  (git-fixes).
- video: fbdev: cirrusfb: check pixclock to avoid divide by zero
  (git-fixes).
- video: fbdev: w100fb: Reset global state (git-fixes).
- video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
  (git-fixes).
- spi: Fix erroneous sgs value with min_t() (git-fixes).
- spi: tegra20: Use of_device_get_match_data() (git-fixes).
- PM: core: keep irq flags in device_pm_check_callbacks()
  (git-fixes).
- spi: Fix invalid sgs value (git-fixes).
- virtio_console: break out of buf poll on remove (git-fixes).
- commit a1662ac
- i2c: dev: Force case user pointers in compat_i2cdev_ioctl()
  (git-fixes).
- gpiolib: acpi: use correct format characters (git-fixes).
- memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
  (git-fixes).
- firmware: arm_scmi: Fix sorting of retrieved clock rates
  (git-fixes).
- drm/msm/dsi: Use connector directly in
  msm_dsi_manager_connector_init() (git-fixes).
- lz4: fix LZ4_decompress_safe_partial read out of bound
  (git-fixes).
- mmc: mmci: stm32: correctly check all elements of sg list
  (git-fixes).
- drm/edid: check basic audio support on CEA extension block
  (git-fixes).
- mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
  (git-fixes).
- mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes).
- HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
  (git-fixes).
- HID: intel-ish-hid: Use dma_alloc_coherent for firmware update
  (git-fixes).
- drm/bridge: cdns-dsi: Make sure to to create proper aliases
  for dt (git-fixes).
- drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
  (git-fixes).
- drm/amd/display: Remove vupdate_int_entry definition
  (git-fixes).
- drm/amdkfd: make CRAT table missing message informational only
  (git-fixes).
- drm/amdgpu: Fix recursive locking warning (git-fixes).
- drm/amd/display: Fix a NULL pointer dereference in
  amdgpu_dm_connector_add_common_modes() (git-fixes).
- drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj
  (git-fixes).
- drm: Add orientation quirk for GPD Win Max (git-fixes).
- drm/edid: Don't clear formats if using deep color (git-fixes).
- drm/bridge: Add missing pm_runtime_disable() in
  __dw_mipi_dsi_probe (git-fixes).
- iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes).
- iwlwifi: Fix -EIO error code that is never returned (git-fixes).
- media: cx88-mpeg: clear interrupt status register before
  streaming video (git-fixes).
- media: hdpvr: initialize dev->worker at hdpvr_register_videodev
  (git-fixes).
- mmc: host: Return an error when ->enable_sdio_irq() ops is
  missing (git-fixes).
- KEYS: fix length validation in keyctl_pkey_params_get_2()
  (git-fixes).
- mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes).
- commit f6dc585
- cfg80211: hold bss_lock while updating nontrans_list
  (git-fixes).
- ath9k: Properly clear TX status area before reporting to
  mac80211 (git-fixes).
- ALSA: usb-audio: Cap upper limits of buffer/period bytes for
  implicit fb (git-fixes).
- dmaengine: Revert "/dmaengine: shdma: Fix runtime PM imbalance
  on error"/ (git-fixes).
- clk: Enforce that disjoints limits are invalid (git-fixes).
- clk: si5341: fix reported clk_rate when output divider is 2
  (git-fixes).
- dma-debug: fix return value of __setup handlers (git-fixes).
- Documentation: update stable tree link (git-fixes).
- Documentation: add link to stable release candidate tree
  (git-fixes).
- drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev
  (git-fixes).
- Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt
  (git-fixes).
- Bluetooth: Fix use after free in hci_send_acl (git-fixes).
- carl9170: fix missing bit-wise or operator for tx_params
  (git-fixes).
- brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes).
- brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with
  memcpy_toio (git-fixes).
- brcmfmac: firmware: Allocate space for default boardrev in nvram
  (git-fixes).
- brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup
  error path (git-fixes).
- ath9k_htc: fix uninit value bugs (git-fixes).
- ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
- ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
  (git-fixes).
- Bluetooth: hci_serdev: call init_rwsem() before p->open()
  (git-fixes).
- ALSA: hda/realtek: Add alc256-samsung-headphone fixup
  (git-fixes).
- ASoC: soc-compress: Change the check for codec_dai (git-fixes).
- ASoC: soc-compress: prevent the potentially use of null pointer
  (git-fixes).
- ASoC: soc-core: skip zero num_dai component in searching dai
  name (git-fixes).
- ACPI: processor idle: Check for architectural support for LPI
  (git-fixes).
- ACPI/APEI: Limit printable size of BERT table data (git-fixes).
- ACPICA: Avoid walking the ACPI Namespace if it is not there
  (git-fixes).
- commit d3a3908
- fibmap: Reject negative block numbers (bsc#1198448).
- commit a2724a8
- fibmap: Use bmap instead of ->bmap method in ioctl_fibmap
  (bsc#1198448).
- commit d8c35f2
- af_key: add __GFP_ZERO flag for compose_sadb_supported in
  function pfkey_register (CVE-2022-1353 bsc#1198516).
- commit 981f1ec
- Update
  patches.suse/RDMA-rtrs-clt-Fix-possible-double-free-in-error-case.patch
  (jsc#SLE-15176 bsc#1198515 CVE-2022-29156).
  Added CVE reference.
- commit 377f598
- SUNRPC: Ensure we flush any closed sockets before
  xs_xprt_free() (bsc#1198330 CVE-2022-28893).
- commit f607730
- Update patch reference for dma-buf fix (CVE-2021-0707 bsc#1198437)
- commit 05bffce
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on
  PTRACE_SEIZE (bsc#1198413).
- commit daaf8a2
- blacklist.conf: Add 460a79e18842 mm/memcontrol: return 1 from cgroup.memory __setup() handler
- commit 91b4481
- Update patches.suse/cgroup-verify-that-source-is-a-string.patch
  (bsc#1190131 bsc#1193842 CVE-2021-4154).
- commit 0f6b5cd
- Update patch references of drm fixes (CVE-2022-1280 bsc#1197914)
- commit 5e3bc51
- bpf: Resolve to prog->aux->dst_prog->type only for
  BPF_PROG_TYPE_EXT (git-fixes bsc#1177028).
- commit 3b5cd8a
- blacklist.conf: kABI
- commit 2d0be1f
- Update patch reference for DRM fix (CVE-2021-20292 bsc#1183723)
- commit f6cdff5
- spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op()
  (git-fixes).
- mmc: renesas_sdhi: don't overwrite TAP settings when HS400
  tuning is complete (git-fixes).
- Revert "/mmc: sdhci-xenon: fix annoying 1.8V regulator warning"/
  (git-fixes).
- drm/imx: Fix memory leak in imx_pd_connector_get_modes
  (git-fixes).
- drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire()
  (git-fixes).
- commit 5e07dff
- scsi: mpt3sas: Fix use after free in
  _scsih_expander_node_remove() (git-fixes).
- commit 139e22c
- scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA
  commands (git-fixes).
- scsi: mpt3sas: Page fault in reply q processing (git-fixes).
- commit 1ac8b89
- Update
  patches.suse/RDMA-cma-Do-not-change-route.addr.src_addr.ss_family.patch
  (bsc#1181147 bsc#1192845 CVE-2021-43975).
  Added CVE reference
- commit 3261376
- fuse: handle kABI change in struct fuse_req (bsc#1197343
  CVE-2022-1011).
- fuse: fix pipe buffer lifetime for direct_io (bsc#1197343
  CVE-2022-1011).
- commit 5920a58
- x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO
  (git-fixes).
- commit caea381
- Update patch reference for NFS/RDMA fix (CVE-2022-0812 bsc#1196639)
- commit 7e276c6
- livepatch: Don't block removal of patches that are safe to
  unload (bsc#1071995).
- commit 21cea26
- ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes).
- ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes).
- ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
  (git-fixes).
- ALSA: cs4236: fix an incorrect NULL check on list iterator
  (git-fixes).
- rtc: check if __rtc_read_time was successful (git-fixes).
- rtc: wm8350: Handle error for wm8350_register_irq (git-fixes).
- USB: storage: ums-realtek: fix error code in rts51x_read_mem()
  (git-fixes).
- commit 1e2cb1a
- Move upstreamed ALSA, BT and input patches into sorted section
- commit d4e3d80
- x86/speculation: Restore speculation related MSRs during S3
  resume (bsc#1198400).
- commit aece496
- arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes)
- commit 087a75e
- arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes)
- commit cb1ef60
- arm64: dts: lx2160a: fix scl-gpios property name (git-fixes)
- commit e6f7c40
- arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes)
- commit 5770b13
- blacklist.conf: ("/arm64: dts: rockchip: fix audio-supply for Rock Pi 4"/)
- commit 65a864d
- arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes)
- commit 66efebd
- arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes)
- commit 1a4266e
- x86/pm: Save the MSR validity status at context setup
  (bsc#1198400).
- commit 2364cfa
- arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes)
- commit 45ad518
- arm64/sve: Use correct size when reinitialising SVE state (git-fixes)
- commit 470d68d
- arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes)
- commit 9b2d9f5
- arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes)
- commit 146ef42
- arm64: head: avoid over-mapping in map_memory (git-fixes)
- commit 027cf90
- arm64: dts: ls1028a: fix node name for the sysclk (git-fixes)
- commit 6684287
- arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes)
- commit 4fac006
- blacklist.conf: ("/arm64/mm: Fix ttbr0 values stored in struct thread_info for"/)
- commit db10f73
- arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes)
- commit c603535
- arm64: dts: ls1028a: fix memory node (git-fixes)
- commit 578cf73
- blacklist.conf: ("/arm64: Change .weak to SYM_FUNC_START_WEAK_PI for"/)
- commit 61796af
- direct-io: defer alignment check until after the EOF check
  (bsc#1197656).
- commit 709fa3b
- direct-io: don't force writeback for reads beyond EOF
  (bsc#1197656).
- commit 8628885
- direct-io: clean up error paths of do_blockdev_direct_IO
  (bsc#1197656).
- commit 16ec2fe
- xen: fix is_xen_pmu() (git-fixes).
- commit b66d3d5
- xen/blkfront: fix comment for need_copy (git-fixes).
- commit 0c15cd4
- blacklist.conf: add 1dbd11ca75 ("/xen: remove gnttab_query_foreign_access()"/)
- commit f877952
- powerpc/perf: Expose Performance Monitor Counter SPR's as part
  of extended regs (bsc#1198077 ltc#197299).
- powerpc/perf: Include PMCs as part of per-cpu cpuhw_events
  struct (bsc#1198077 ltc#197299).
- commit 141f049
- Update
  patches.suse/llc-fix-netdevice-reference-leaks-in-llc_ui_bind.patch
  references (add CVE-2022-28356 bsc#1197391).
- commit bf5ad66
- cifs: fix bad fids sent over wire (bsc#1197157).
- commit 604b674
- cifs: do not skip link targets when an I/O fails (bsc#1194625).
- commit e700718
- s390/tape: fix timer initialization in tape_std_assign()
  (bsc#1197677 LTC#197378).
- commit cc6ef16
- drm: drm_file struct kABI compatibility workaround
  (bsc#1197914).
- commit dd24982
- drm: use the lookup lock in drm_is_current_master (bsc#1197914).
- drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
- drm: serialize drm_file.master with a new spinlock
  (bsc#1197914).
- drm: add a locked version of drm_is_current_master
  (bsc#1197914).
- commit 82a498a
- net: mcs7830: handle usb read errors properly (git-fixes).
- commit b5b4cb6
- rpm/constraints.in: skip SLOW_DISK workers for kernel-source
- commit e84694f
- macros.kernel-source: Fix conditional expansion.
  Fixes: bb95fef3cf19 ("/rpm: Use bash for %() expansion (jsc#SLE-18234)."/)
- commit 7e857f7
- rpm: Use bash for %() expansion (jsc#SLE-18234).
  Since 15.4 alternatives for /bin/sh are provided by packages
  <something>-sh. While the interpreter for the build script can be
  selected the interpreter for %() cannot.
  The kernel spec files use bashisms in %().
  While this could technically be fixed there is more serious underlying
  problem: neither bash nor any of the alternatives are 100% POSIX
  compliant nor bug-free.
  It is not my intent to maintain bug compatibility with any number of
  shells for shell scripts embedded in the kernel spec file. The spec file
  syntax is not documented so embedding the shell script in it causes some
  unspecified transformation to be applied to it. That means that
  ultimately any changes must be tested by building the kernel, n times if
  n shells are supported.
  To reduce maintenance effort require that bash is used for kernel build
  always.
- commit bb95fef
- rpm: Run external scriptlets on uninstall only when available
  (bsc#1196514 bsc#1196114 bsc#1196942).
  When dependency cycles are encountered package dependencies may not be
  fulfilled during zypper transaction at the time scriptlets are run.
  This is a problem for kernel scriptlets provided by suse-module-tools
  when migrating to a SLE release that provides these scriptlets only as
  part of LTSS. The suse-module-tools that provides kernel scriptlets may
  be removed early causing migration to fail.
- commit ab8dd2d
- rpm/*.spec.in: remove backtick usage
- commit 87ca1fb
- rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775)
- commit d9a821b
- rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926,
  bsc#1198484)
  Let's iron out the reduced initrd optimisation in Tumbleweed.
  Build full blown dracut initrd with systemd for SLE15 SP4.
- commit ea76821
- xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556).
- commit b8c892e
- xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556).
- commit c13ff0b
ldb
- Update to version 2.4.2
  + Fix for CVE-2021-3670, ensure that the LDB request has not
    timed out during filter processing as the LDAP server
    MaxQueryDuration is otherwise not honoured (bsc#1198397).
libarchive
- Fix CVE-2022-26280 out-of-bounds read via the component zipx_lzma_alone_init
  (CVE-2022-26280, bsc#1197634)
  * fix-CVE-2022-26280.patch
libcbor
- do not build manual page for 15sp4, it does not succeed
  [bsc#1197743]
- added sources
  + libcbor.1
libpsl
- fix [bsc#1197771] - FTBFS: libpsl won't compile on SP4
- added patches
  https://github.com/rockdaboot/libpsl/commit/f364cea73e351ce62e0b337fd1fbc21e70b52d56
  + libpsl-fix-test-data.patch
libtirpc
- check for nullpointer in check_address (bsc#1198176)
  update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
- add option to enforce connection via protocol version 2 first
  (bsc#1196647)
  add 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
libxml2
- Security fix: [bsc#1199132, CVE-2022-29824]
  * Integer overflow leading to out-of-bounds write in buf.c
    (xmlBuf*) and tree.c (xmlBuffer*)
  * Add libxml2-CVE-2022-29824.patch
- Security fix: [bsc#1196490, CVE-2022-23308]
  * Use-after-free of ID and IDREF attributes.
  * Add libxml2-CVE-2022-23308.patch
  * Add libxml2-CVE-2021-3541.patch
mgr-osad
- version 4.2.8-1
  * Fix the condition for preventing building python 2 subpackage
    for SLE15
mgr-push
- version 4.2.5-1
  * Fix the condition for preventing building python 2 subpackage
    for SLE15
nftables
- add 0001-cache-check-for-NULL-chain-in-cache_init.patch: this fixes rare
  crashes that could occur e.g. in firewalld (bsc#1197606).
open-iscsi
- Set initiatorname in %post (at end of install), for cases
  where root is read-only at startup time (bsc#1198457)
- Update to latest upstream, including:
  * Added 'distclean' to Makefile targets
  * Ensure Makefile '.PHONY' targets set up correctly
  * fix an iscsid logout bug generating a false error
    and cleanup logout error messages
- Updated to latest upstream version, tagged 2.1.7. Changes
  included:
  * updated/fixed test script
  * updated build system
  * several bug fixes, including one for bsc#1199264
- Updated to latest upstream, including bug fixes and cleanups.
  Changes included:
  * add handling name/value pairs for firmware login (bsc#1196113),
    including man page update for same
  * Fix bug where some package parts were installed using
    DESTDIR twice
  * general build cleanup (in prep for removing DB files from
    /etc/iscsi some day soon)
  Also, now delivering a "/package config"/ file for libopeniscsiusr.
openldap2
- bsc#1199240 - CVE-2022-29155 - Resolve sql injection in back-sql
  * 0242-ITS-9815-slapd-sql-escape-filter-values.patch
- bsc#1191157 - Correct version specification in ppolicy to allow
  submission to SP3 for TLS1.3
- bsc#1191157 - allow specification of max/min TLS version with TLS1.3
  * 0239-ITS-9422-Update-for-TLS-v1.3.patch
  * 0240-ITS-9518-add-LDAP_OPT_X_TLS_PROTOCOL_MAX-option.patch
  * 0241-TLS-set-protocol-version.patch
- bsc#1197004 - libldap was able to be out of step with openldap in
  some cases which could cause incorrect installations and symbol
  resolution failures. openldap2 and libldap now are locked to their
  related release versions.
- jsc#PM-3288 - restore CLDAP functionality in CLI tools
openssl-1_1
- Encrypt the sixteen bytes that were unencrypted in some circumstances
  on 32-bit x86 platforms.
  * [bsc#1201099, CVE-2022-2097]
  * added openssl-CVE-2022-2097.patch
- Added	openssl-1_1-Fix-file-operations-in-c_rehash.patch
  * bsc#1200550
  * CVE-2022-2068
  * Fixed more shell code injection issues in c_rehash
- Added openssl-update_expired_certificates.patch
  * Openssl failed tests because of expired certificates.
  * bsc#1185637
  * Sourced from https://github.com/openssl/openssl/pull/18446/commits
- Security fix: [bsc#1199166, CVE-2022-1292]
  * Added: openssl-CVE-2022-1292.patch
  * properly sanitise shell metacharacters in c_rehash script.
p11-kit
- CVE-2020-29362: Fixed a 4 byte overread (bsc#1180065)
  Added p11-kit-CVE-2020-29362.patch:
pam
- Do not include obsolete libselinux header files flask.h and
  av_permissions.h.
  [bsc#1197794, pam-bsc1197794-do-not-include-obsolete-header-files.patch]
patch
- fix-swapping-fake-lines-in-pch_swap.patch: Fix swapping fake
  lines in pch_swap. This bug was causing a double free leading to
  a crash (boo#1080985 CVE-2018-6952).
- abort-when-cleaning-up-fails.patch: Abort when cleaning up fails.
  This bug could cause an infinite loop when a patch wouldn't
  apply, leading to a segmentation fault (boo#1111572).
- dont-follow-symlinks-unless-asked.patch: Don't follow symlinks
  unless --follow-symlinks is given. This increases the security
  against malicious patches (boo#1142041 CVE-2019-13636).
- pass-the-correct-stat-to-backup-files.patch: Pass the correct
  stat to backup files. This bug would occasionally cause backup
  files to be missing when all hunks failed to apply (boo#1198106).
patterns-suse-manager
- golang-github-wrouesnel-postgres_exporter was renamed to
  prometheus-postgres_exporter
pcre
- Added pcre-8.45-bsc1199232-unicode-property-matching.patch
  * bsc#1199232
  * CVE-2022-1586
  * Fixes unicode property matching issue
pcre2
- Added pcre2-10.31-bsc1199232-unicode-property-matching.patch
  * bsc#1199232 / CVE-2022-1586
  * Fixes unicode property matching issue
perl
- Stabilize Socket::VERSION comparisons [bnc#1193489]
  new patch: perl-Stabilize-Socket-VERSION-comparisons.patch
perl-XML-LibXML
- (bsc#1197798) FTBFS: compile against latest version available of
  libxml in SP4 so perl-XML-LibXSLT compiles cleanly.
postgresql
- Fix the pg_server_requires macro on older rpm versions (SLE-12).
- Avoid a dependency on awk in postgresql-script.
- Move the dependency of llvmjit-devel on clang and llvm to the
  implementation packages where we can depend on the correct
  versions.
- fix postgresql_has_llvm usage
- First round of changes to make it easier to build extensions for
  - add postgresql-llvmjit-devel subpackage:
    This package will pull in clang and llvm if the distro has a
    recent enough version, otherwise it will just pull
    postgresql-server-devel.
  - add postgresql macros to the postgresql-server-devel package
    those cover all the variables from pg_config and some macros
    to remove repitition from the spec files
- Bump version to 14.
- Bump default to 14 on Factory and future SPs.
postgresql13
- Upgrade to 13.7:
  * bsc#1199475, CVE-2022-1552: Confine additional operations
    within "/security restricted operation"/ sandboxes.
  * https://www.postgresql.org/docs/13/release-13-7.html
  * https://www.postgresql.org/docs/13/release-13-5.html
postgresql14
- Upgrade to 14.3:
  * bsc#1199475, CVE-2022-1552: Confine additional operations
    within "/security restricted operation"/ sandboxes.
  * https://www.postgresql.org/docs/14/release-14-3.html
- bsc#1195680: Upgrade to 14.2:
  * https://www.postgresql.org/docs/14/release-14-2.html
  * Reindexing might be needed after applying this upgrade, so
    please read the release notes carefully.
- boo#1190740: Add constraints file with 12GB of memory for s390x
  as a workaround
- Add a llvmjit-devel subpackage to pull in the right versions
  of clang and llvm for building extensions.
- Fix some mistakes in the interdependencies between the
  implementation packages and their noarch counterpart.
- Update the BuildIgnore section.
psmisc
  * Add a fallback if the system call name_to_handle_at() is
    not supported by the used file system.
- Add patch psmisc-22.21-semaphores.patch
  * Replace the synchronizing over pipes of the sub process for the
    stat(2) system call with mutex and conditions from pthreads(7)
    (bsc#1194172)
- Add patch psmisc-22.21-statx.patch
  * Use statx(2) or SYS_statx system call to replace the stat(2)
    system call and avoid the sub process at all (bsc#1194172)
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
publicsuffix
- Update to version 20220405 (bsc#1198068):
  * Update .AE policy link
  * Add new `direct.quickconnect.cn` domain to Synology dynamic dns service. (#1547)
  * util: gTLD data autopull updates for 2022-03-27T15:13:37 UTC (#1546)
  * Add user.localcert.dev (#1459)
  * Add Airkit domains (#1501)
  * Add domains for encore.dev (#1531)
  * util: gTLD data autopull updates for 2022-03-24T15:14:59 UTC (#1544)
  * util: gTLD data autopull updates for 2022-03-22T15:14:59 UTC (#1542)
  * Add: campaign.gov.uk (#1536)
  * fix: Fixed spelling errors in PSL (#1530)
- Update to version 20220304:
  * Add deta.app and deta.dev (#1511)
  * Add typedream.app (#1509)
  * Add `musician.io` - updates Staclar entry from #1331 (#1532)
  * Remove couk.me and ukco.me from private section (#1519)
  * add `*.build.run`, `*.database.run` and `*.migration.run` to PSL (#1498)
  * Add ktistory.com (#1493)
  * Remove WapBlog Suffix (#1510)
  * Add `aivencloud.com` (#1508)
  * Add site.transip.me (#1524)
  * Add 105 `lolipop` and `heteml` domains to private section for GMO (#1522)
  * Add `tech.orange` (#1526)
  * Add rocky.page (#1491)
  * Add messwithdns.com (#1490)
  * Revise policy links for `.ac` `.io` `.sh` (#1528)
  * Add kapsi.fi to PSL (#1476)
  * Add translated.page (#1478)
  * Add discordsays.com and discordsez.com (#1474)
  * Add `onporter.run` (#1483)
  * util: gTLD data autopull updates for 2022-02-18T15:13:38 UTC (#1525)
  * Update `.cy` per request from nic.cy in Issue 1516 (#1517)
  * add `*.beget.app` (#1470)
  * Add `vultrobjects.com` and future regional subdomains (#1472)
- Update to version 20220202:
  * util: gTLD data autopull updates for 2022-02-02T15:12:37 UTC (#1513)
  * Add: GDS Managed Domains (#1512)
  * Add CDDO's `api.gov.uk` domain (#1505)
  * Remove: `gov.ky` (#1503)
  * Add `site.tb-hosting.com` for team.blue (#1481)
  * Add codeberg.page to PSL (#1482)
- Update to version 20211230:
  * util: gTLD data autopull updates for 2021-12-30T15:13:57 UTC (#1494)
  * util: gTLD data autopull updates for 2021-12-22T15:14:13 UTC (#1492)
- Update to version 20211213:
  * Adding ravendb.cloud domain to allow separation between users (#1468)
- Update to version 20211207:
  * Add encoway domain: eu.encoway.cloud (#1430)
  * feat: Add pro.typeform.com to PSL (#1457)
  * added cloud.nospamproxy.com (#1455)
  * Replace edugit.org with edugit.io and add s3.teckids.org for Teckids (#1463)
  * Remove nodum domains (#1444)
  * Please add koobin.events to the PSL (#1462)
  * Add 9 BASE, Inc. domains to private section (#1420)
  * Adding Hoplix domains (#1405)
  * util: gTLD data autopull updates for 2021-12-04T15:13:28 UTC (#1484)
  * Revert "/Add amsw.nl private domain to PSL (#929)"/ (#1475)
  * REMOVAL of virtueeldomein.nl (#1480)
- Update to version 20211113:
  * util: gTLD data autopull updates for 2021-11-13T15:12:42 UTC (#1469)
- Update to version 20211109:
  * Added FlashDrive.io domain names (#1401)
  * Remove: gb.com (#1467)
  * util: gTLD data autopull updates for 2021-10-28T15:13:34 UTC (#1464)
  * Remove elluciancrm domains (#1443)
- Update to version 20211016:
  * Fix sorting of One.com domains
  * Add siiites.com (#1416)
  * Add ts.net and beta.tailscale.net domains. (#1453)
  * Revise Sorting for Cape Verde (.cv)
  * Update public_suffix_list.dat (#1456)
  * updated email address (#1450)
  * util: gTLD data autopull updates for 2021-10-08T15:12:46 UTC (#1451)
  * add ip.linodeusercontent.com (#1448)
  * Adding upli.io (#1446)
  * added tickets.io (#1429)
  * util: gTLD data autopull updates for 2021-10-07T15:11:34 UTC (#1449)
  * util: gTLD data autopull updates for 2021-10-06T15:12:57 UTC (#1447)
- Update to version 20211006:
  * Update Pull Request Template to add clarity
  * util: gTLD data autopull updates for 2021-10-01T15:13:10 UTC (#1445)
- Update to version 20210928:
  * Remove Clic2000 entries (#1434)
  * ondigitalocean.app: update comment for DigitalOcean App Platform (#1431)
  * add prequalifyme.today to private section (#1311)
  * util: gTLD data autopull updates for 2021-09-28T15:12:52 UTC (#1438)
  * Add *.usercontent.goog (#1417)
  * Add digitaloceanspaces.com & regional subdomains (#1421)
  * Update public_suffix_list.dat (#1426)
- Update to version 20210909:
  * Adding new .ar SLDs and official nic.ar URL correction (#1414)
- Update to version 20210908:
  * Add instances.spawn.cc (#1411)
  * Remove: nctu.me (#1407)
  * Roll back diher.solutions PR #1393 (#1406)
  * Update public_suffix_list.dat (#1390)
  * Add barsy.ro to Lukanet Ltd private domains (#1402)
  * Add affinitylottery.org.uk raffleentry.org.uk and weeklylottery.org.uk to public suffix list (#1398)
  * Tabitorder.co.il (#1385)
  * add diher.solutions and rss.my.id to the list (#1393)
  * Include *.cloudera.site to the PSL (#1400)
  * Adds pages.it.hs-heilbronn.de (#1388)
  * these domains are being deprecated, we wish to clean up after ourselves (#1399)
- Update to version 20210823:
  * Adding Ellucian subdomains (#1387)
  * add ecommerce-shop.pl (#1373)
  * add homesklep.pl domain (#1372)
  * Updating .ve (Venezuela) entries and contact (#1397)
  * Add clerk.app and clerkstage.app (#1389)
  * util: gTLD data autopull updates for 2021-08-19T15:13:51 UTC (#1396)
  * Add Smoove private domain (#1351)
  * Update CONTRIBUTING.md sort sort sort guidelines
  * util: gTLD data autopull updates for 2021-08-05T15:14:19 UTC (#1391)
  * DEL whole nymnom section due to mass atrophy (#1392)
py26-compat-msgpack-python
- Adapted to build on OBS for Enterprise Linux.
python
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
  CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
  command injection in the mailcap module.
python-PyJWT
- Add CVE-2022-29217-non-blocked-pubkeys.patch fixing
  CVE-2022-29217 (bsc#1199756), which disallows use of blocked
  pubkeys (heavily modified from upstream).
python-base
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
  CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
  command injection in the mailcap module.
python-dnspython

      
python-hwdata
- Require python macros for building
python-paramiko
- Add CVE-2022-24302-race-condition.patch:
  * Fix a race condition between creation and chmod when writing private
    keys. (bsc#1197279)
python-rtslib-fb
- Update parameters description in rbd-support.patch
- Add rbd-support-disable_emulate_legacy_capacity.patch (bsc#1199090)
python3
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
  CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
  command injection in the mailcap module.
- Rename support-expat-245.patch to
  support-expat-CVE-2022-25236-patched.patch to unify the patch
  with other packages.
- Add bpo-46623-skip-zlib-s390x.patch skipping two failing tests
  on s390x.
release-notes-sles
- 15.3.20220407 (tracked in bsc#933411)
- Added note about Btrfs RAID 1 not being fully supported (bsc#1198083)
rhnlib
- version 4.2.6-1
  * Fix the condition for preventing building python 2 subpackage
    for SLE15
rsyslog
- Remove inotify watch descriptor in imfile on inode change detected
  (bsc#1198939)
  * add 0001-imfile-Remove-inotify-watch-descriptor-on-inode-chan.patch
- (CVE-2022-24903) fix potential heap buffer overflow in modules for TCP
  syslog reception (bsc#1199061)
  * add CVE-2022-24903.patch
ruby2
- Update suse.patch:
  - backport fix for CVE-2022-28739: ruby: Buffer overrun in
    String-to-Float conversion (boo#1198441)
  - back port date 2.0.3 CVE-2021-41817 (boo#1193035)
  - merge the previous bug fixes into suse.patch
  - CVE-2021-32066.patch
  - CVE-2021-31810.patch
  - CVE-2021-31799.patch
- Add Requires to make and gcc to ruby-devel to make the default
  extconf.rb work
runc
- Update to runc v1.1.3. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.3.
  (Includes a fix for bsc#1200088.)
  * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on
    s390 and s390x. This solves the issue where syscalls the host kernel did not
    support would return `-EPERM` despite the existence of the `-ENOSYS` stub
    code (this was due to how s390x does syscall multiplexing).
  * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as
    intended; this fix does not affect runc binary itself but is important for
    libcontainer users such as Kubernetes.
  * Inability to compile with recent clang due to an issue with duplicate
    constants in libseccomp-golang.
  * When using systemd cgroup driver, skip adding device paths that don't exist,
    to stop systemd from emitting warnings about those paths.
  * Socket activation was failing when more than 3 sockets were used.
  * Various CI fixes.
  * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container.
  * runc static binaries are now linked against libseccomp v2.5.4.
- Remove upstreamed patches:
  - bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch
- Backport <https://github.com/opencontainers/runc/pull/3474> to fix issues
  with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by
  that platform's syscall multiplexing semantics. bsc#1192051 bsc#1199565
  + bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch
- Add ExcludeArch for s390 (not s390x) since we've never supported it.
- Update to runc v1.1.2. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.2.
  CVE-2022-29162 bsc#1199460
  * A bug was found in runc where runc exec --cap executed processes with
    non-empty inheritable Linux process capabilities, creating an atypical Linux
    environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and
    CVE-2022-29162. bsc#1199460
  * `runc spec` no longer sets any inheritable capabilities in the created
    example OCI spec (`config.json`) file.
- Update to runc v1.1.1. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.1.
  * runc run/start can now run a container with read-only /dev in OCI spec,
    rather than error out. (#3355)
  * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403)
    libcontainer systemd v2 manager no longer errors out if one of the files
    listed in /sys/kernel/cgroup/delegate do not exist in container's
    cgroup. (#3387, #3404)
  * Loosen OCI spec validation to avoid bogus "/Intel RDT is not supported"/
    error. (#3406)
  * libcontainer/cgroups no longer panics in cgroup v1 managers if stat
    of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435)
- Update to runc v1.1.0. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.0.
  - libcontainer will now refuse to build without the nsenter package being
    correctly compiled (specifically this requires CGO to be enabled). This
    should avoid folks accidentally creating broken runc binaries (and
    incorrectly importing our internal libraries into their projects). (#3331)
- Update to runc v1.1.0~rc1. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1.
  + Add support for RDMA cgroup added in Linux 4.11.
  * runc exec now produces exit code of 255 when the exec failed.
    This may help in distinguishing between runc exec failures
    (such as invalid options, non-running container or non-existent
    binary etc.) and failures of the command being executed.
  + runc run: new --keep option to skip removal exited containers artefacts.
    This might be useful to check the state (e.g. of cgroup controllers) after
    the container hasexited.
  + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD
    (the latter is just an alias for SCMP_ACT_KILL).
  + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows
    users to create sophisticated seccomp filters where syscalls can be
    efficiently emulated by privileged processes on the host.
  + checkpoint/restore: add an option (--lsm-mount-context) to set
    a different LSM mount context on restore.
  + intelrdt: support ClosID parameter.
  + runc exec --cgroup: an option to specify a (non-top) in-container cgroup
    to use for the process being executed.
  + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1
    machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc
    run/exec now adds the container to the appropriate cgroup under it).
  + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s
    behaviour.
  + mounts: add support for bind-mounts which are inaccessible after switching
    the user namespace. Note that this does not permit the container any
    additional access to the host filesystem, it simply allows containers to
    have bind-mounts configured for paths the user can access but have
    restrictive access control settings for other users.
  + Add support for recursive mount attributes using mount_setattr(2). These
    have the same names as the proposed mount(8) options -- just prepend r
    to the option name (such as rro).
  + Add runc features subcommand to allow runc users to detect what features
    runc has been built with. This includes critical information such as
    supported mount flags, hook names, and so on. Note that the output of this
    command is subject to change and will not be considered stable until runc
    1.2 at the earliest. The runtime-spec specification for this feature is
    being developed in opencontainers/runtime-spec#1130.
  * system: improve performance of /proc/$pid/stat parsing.
  * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change
    the ownership of certain cgroup control files (as per
    /sys/kernel/cgroup/delegate) to allow for proper deferral to the container
    process.
  * runc checkpoint/restore: fixed for containers with an external bind mount
    which destination is a symlink.
  * cgroup: improve openat2 handling for cgroup directory handle hardening.
    runc delete -f now succeeds (rather than timing out) on a paused
    container.
  * runc run/start/exec now refuses a frozen cgroup (paused container in case of
    exec). Users can disable this using --ignore-paused.
- Update version data embedded in binary to correctly include the git commit of
  the release.
- Drop runc-rpmlintrc because we don't have runc-test anymore.
  bsc#1193436
salt
- Fix for CVE-2022-22967 (bsc#1200566)
- Added:
  * fix-for-cve-2022-22967-bsc-1200566.patch
- Make sure SaltCacheLoader use correct fileclient (bsc#1199149)
- Added:
  * make-sure-saltcacheloader-use-correct-fileclient-519.patch
- Update to version 3004 (jsc#SLE-24223) (jsc#SLE-23672)
  * See release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html
- Expose missing "/ansible"/ module functions in Salt 3004 (bsc#1195625)
- Fixes for Python 3.10
- Fix issues found around pre_flight_script_args
- Fix salt-call event.send with pillar or grains
- Fix exception in batch_async caused by a bad function call
- Fix print regression for yumnotify plugin
- Fix issues with salt-ssh's extra-filerefs
- Fix crash when calling manage.not_alive runners
- Added:
  * add-missing-ansible-module-functions-to-whitelist-in.patch
  * drop-serial-from-event.unpack-in-cli.batch_async.patch
  * fix-crash-when-calling-manage.not_alive-runners.patch
  * fix-issues-with-salt-ssh-s-extra-filerefs.patch
  * fix-salt-call-event.send-call-with-grains-and-pillar.patch
  * fix-the-regression-for-yumnotify-plugin-456.patch
  * fixes-for-python-3.10-502.patch
  * prevent-shell-injection-via-pre_flight_script_args-4.patch
- Modified:
  * add-custom-suse-capabilities-as-grains.patch
  * add-environment-variable-to-know-if-yum-is-invoked-f.patch
  * add-migrated-state-and-gpg-key-management-functions-.patch
  * add-rpm_vercmp-python-library-for-version-comparison.patch
  * adds-explicit-type-cast-for-port.patch
  * async-batch-implementation.patch
  * debian-info_installed-compatibility-50453.patch
  * dnfnotify-pkgset-plugin-implementation-3002.2-450.patch
  * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch
  * do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch
  * early-feature-support-config.patch
  * enable-passing-a-unix_socket-for-mysql-returners-bsc.patch
  * enhance-openscap-module-add-xccdf_eval-call-386.patch
  * fix-bsc-1065792.patch
  * fix-exception-in-yumpkg.remove-for-not-installed-pac.patch
  * fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch
  * fix-multiple-security-issues-bsc-1197417.patch
  * fix-regression-with-depending-client.ssh-on-psutil-b.patch
  * fix-wrong-test_mod_del_repo_multiline_values-test-af.patch
  * fixes-56144-to-enable-hotadd-profile-support.patch
  * implementation-of-held-unheld-functions-for-state-pk.patch
  * implementation-of-suse_ip-execution-module-bsc-10999.patch
  * improvements-on-ansiblegate-module-354.patch
  * include-aliases-in-the-fqdns-grains.patch
  * info_installed-works-without-status-attr-now.patch
  * make-aptpkg.list_repos-compatible-on-enabled-disable.patch
  * prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch
  * prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch
  * refactor-and-improvements-for-transactional-updates-.patch
  * restore-default-behaviour-of-pkg-list-return.patch
  * return-the-expected-powerpc-os-arch-bsc-1117995.patch
  * revert-fixing-a-use-case-when-multiple-inotify-beaco.patch
  * run-salt-master-as-dedicated-salt-user.patch
  * state.apply-don-t-check-for-cached-pillar-errors.patch
  * switch-firewalld-state-to-use-change_interface.patch
  * temporary-fix-extend-the-whitelist-of-allowed-comman.patch
  * update-target-fix-for-salt-ssh-to-process-targets-li.patch
  * use-adler32-algorithm-to-compute-string-checksums.patch
  * wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch
  * x509-fixes-111.patch
  * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch
- Removed:
  * 3002-set-distro-requirement-to-oldest-supported-vers.patch
  * 3002.2-do-not-consider-skipped-targets-as-failed-for.patch
  * 3002.2-xen-spicevmc-dns-srv-records-backports-314.patch
  * accumulated-changes-from-yomi-167.patch
  * accumulated-changes-required-for-yomi-165.patch
  * add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch
  * add-all-ssh-kwargs-to-sanitize_kwargs-method-3002.2-.patch
  * add-all_versions-parameter-to-include-all-installed-.patch
  * add-almalinux-and-alibaba-cloud-linux-to-the-os-fami.patch
  * add-astra-linux-common-edition-to-the-os-family-list.patch
  * add-batch_presence_ping_timeout-and-batch_presence_p.patch
  * add-cpe_name-for-osversion-grain-parsing-u-49946.patch
  * add-docker-logout-237.patch
  * add-hold-unhold-functions.patch
  * add-missing-aarch64-to-rpm-package-architectures-405.patch
  * add-multi-file-support-and-globbing-to-the-filetree-.patch
  * add-new-custom-suse-capability-for-saltutil-state-mo.patch
  * add-patch-support-for-allow-vendor-change-option-wit.patch
  * add-pkg.services_need_restart-302.patch
  * add-saltssh-multi-version-support-across-python-inte.patch
  * add-supportconfig-module-for-remote-calls-and-saltss.patch
  * add-virt.all_capabilities.patch
  * adding-preliminary-support-for-rocky.-59682-391.patch
  * allow-extra_filerefs-as-sanitized-kwargs-for-ssh-cli.patch
  * allow-passing-kwargs-to-pkg.list_downloaded-bsc-1140.patch
  * ansiblegate-take-care-of-failed-skipped-and-unreacha.patch
  * apply-patch-from-upstream-to-support-python-3.8.patch
  * async-batch-implementation-fix-320.patch
  * avoid-traceback-when-http.query-request-cannot-be-pe.patch
  * backport-a-few-virt-prs-272.patch
  * backport-of-upstream-pr59492-to-3002.2-404.patch
  * backport-thread.is_alive-fix-390.patch
  * backport-virt-patches-from-3001-256.patch
  * batch-async-catch-exceptions-and-safety-unregister-a.patch
  * batch_async-avoid-using-fnmatch-to-match-event-217.patch
  * better-handling-of-bad-public-keys-from-minions-bsc-.patch
  * calculate-fqdns-in-parallel-to-avoid-blockings-bsc-1.patch
  * changed-imports-to-vendored-tornado.patch
  * clear-network-interface-cache-when-grains-are-reques.patch
  * do-noop-for-services-states-when-running-systemd-in-.patch
  * do-not-break-repo-files-with-multiple-line-values-on.patch
  * do-not-crash-when-there-are-ipv6-established-connect.patch
  * do-not-make-ansiblegate-to-crash-on-python3-minions.patch
  * do-not-monkey-patch-yaml-bsc-1177474.patch
  * do-not-raise-streamclosederror-traceback-but-only-lo.patch
  * don-t-call-zypper-with-more-than-one-no-refresh.patch
  * drop-wrong-mock-from-chroot-unit-test.patch
  * drop-wrong-virt-capabilities-code-after-rebasing-pat.patch
  * ensure-virt.update-stop_on_reboot-is-updated-with-it.patch
  * exclude-the-full-path-of-a-download-url-to-prevent-i.patch
  * fall-back-to-pymysql.patch
  * figure-out-python-interpreter-to-use-inside-containe.patch
  * fix-__mount_device-wrapper-254.patch
  * fix-a-test-and-some-variable-names-229.patch
  * fix-a-wrong-rebase-in-test_core.py-180.patch
  * fix-aptpkg-systemd-call-bsc-1143301.patch
  * fix-aptpkg.normalize_name-when-package-arch-is-all.patch
  * fix-async-batch-multiple-done-events.patch
  * fix-async-batch-race-conditions.patch
  * fix-batch_async-obsolete-test.patch
  * fix-cve-2020-25592-and-add-tests-bsc-1178319.patch
  * fix-error-handling-in-openscap-module-bsc-1188647-40.patch
  * fix-failing-unit-tests-for-batch-async.patch
  * fix-failing-unit-tests-for-systemd.patch
  * fix-for-log-checking-in-x509-test.patch
  * fix-for-some-cves-bsc1181550.patch
  * fix-for-temp-folder-definition-in-loader-unit-test.patch
  * fix-git_pillar-merging-across-multiple-__env__-repos.patch
  * fix-grains.test_core-unit-test-277.patch
  * fix-ipv6-scope-bsc-1108557.patch
  * fix-issue-parsing-errors-in-ansiblegate-state-module.patch
  * fix-memory-leak-produced-by-batch-async-find_jobs-me.patch
  * fix-novendorchange-option-284.patch
  * fix-onlyif-unless-when-multiple-conditions-bsc-11808.patch
  * fix-regression-on-cmd.run-when-passing-tuples-as-cmd.patch
  * fix-save-for-iptables-state-module-bsc-1185131-372.patch
  * fix-the-removed-six.itermitems-and-six.-_type-262.patch
  * fix-unit-test-for-grains-core.patch
  * fix-unit-tests-for-batch-async-after-refactor.patch
  * fix-virt.update-with-cpu-defined-263.patch
  * fix-zypper-pkg.list_pkgs-expectation-and-dpkg-mockin.patch
  * fix-zypper.list_pkgs-to-be-aligned-with-pkg-state.patch
  * fixed-bug-lvm-has-no-parttion-type.-the-scipt-later-.patch
  * fixes-cve-2018-15750-cve-2018-15751.patch
  * fixing-streamclosed-issue.patch
  * get-os_arch-also-without-rpm-package-installed.patch
  * grains-master-can-read-grains.patch
  * grains.extra-support-old-non-intel-kernels-bsc-11806.patch
  * handle-master-tops-data-when-states-are-applied-by-t.patch
  * handle-volumes-on-stopped-pools-in-virt.vm_info-373.patch
  * implement-network.fqdns-module-function-bsc-1134860-.patch
  * improve-batch_async-to-release-consumed-memory-bsc-1.patch
  * integration-of-msi-authentication-with-azurearm-clou.patch
  * invalidate-file-list-cache-when-cache-file-modified-.patch
  * loop-fix-variable-names-for-until_no_eval.patch
  * loosen-azure-sdk-dependencies-in-azurearm-cloud-driv.patch
  * make-profiles-a-package.patch
  * move-server_id-deprecation-warning-to-reduce-log-spa.patch
  * move-vendor-change-logic-to-zypper-class-355.patch
  * open-suse-3002.2-bigvm-310.patch
  * open-suse-3002.2-virt-network-311.patch
  * open-suse-3002.2-xen-grub-316.patch
  * opensuse-3000-libvirt-engine-fixes-251.patch
  * opensuse-3000-virt-defined-states-222.patch
  * opensuse-3000.2-virt-backports-236-257.patch
  * opensuse-3000.3-spacewalk-runner-parse-command-250.patch
  * option-to-en-disable-force-refresh-in-zypper-215.patch
  * parsing-epoch-out-of-version-provided-during-pkg-rem.patch
  * path-replace-functools.wraps-with-six.wraps-bsc-1177.patch
  * pkgrepo-support-python-2.7-function-call-295.patch
  * prevent-ansiblegate-unit-tests-to-fail-on-ubuntu.patch
  * prevent-command-injection-in-the-snapper-module-bsc-.patch
  * prevent-import-errors-when-running-test_btrfs-unit-t.patch
  * prevent-logging-deadlock-on-salt-api-subprocesses-bs.patch
  * prevent-race-condition-on-sigterm-for-the-minion-bsc.patch
  * prevent-systemd-run-description-issue-when-running-a.patch
  * prevent-test_mod_del_repo_multiline_values-to-fail.patch
  * provide-the-missing-features-required-for-yomi-yet-o.patch
  * python3.8-compatibility-pr-s-235.patch
  * re-adding-function-to-test-for-root.patch
  * regression-fix-of-salt-ssh-on-processing-targets-353.patch
  * reintroducing-reverted-changes.patch
  * remove-arch-from-name-when-pkg.list_pkgs-is-called-w.patch
  * remove-deprecated-usage-of-no_mock-and-no_mock_reaso.patch
  * remove-deprecated-warning-that-breaks-miniion-execut.patch
  * remove-duplicated-method-definitions-in-salt.netapi-.patch
  * remove-msgpack-1.0.0-requirement-in-the-installed-me.patch
  * remove-unnecessary-yield-causing-badyielderror-bsc-1.patch
  * remove-vendored-backports-abc-from-requirements.patch
  * remove-wrong-_parse_cpe_name-from-grains.core-452.patch
  * revert-add-patch-support-for-allow-vendor-change-opt.patch
  * sanitize-grains-loaded-from-roster_grains.json.patch
  * strip-trailing-from-repo.uri-when-comparing-repos-in.patch
  * support-config-non-root-permission-issues-fixes-u-50.patch
  * support-for-btrfs-and-xfs-in-parted-and-mkfs.patch
  * support-transactional-systems-microos-271.patch
  * templates-move-the-globals-up-to-the-environment-jin.patch
  * transactional_update-detect-recursion-in-the-executo.patch
  * transactional_update-unify-with-chroot.call.patch
  * use-current-ioloop-for-the-localclient-instance-of-b.patch
  * use-threadpool-from-multiprocessing.pool-to-avoid-le.patch
  * vendor-stateresult.patch
  * virt-adding-kernel-boot-parameters-to-libvirt-xml-55.patch
  * virt-pass-emulator-when-getting-domain-capabilities-.patch
  * virt-uefi-fix-backport-312.patch
  * virt-use-dev-kvm-to-detect-kvm-383.patch
  * virt._get_domain-don-t-raise-an-exception-if-there-i.patch
  * virt.network_update-handle-missing-ipv4-netmask-attr.patch
  * xen-disk-fixes-264.patch
  * xfs-do-not-fails-if-type-is-not-present.patch
  * zypperpkg-filter-patterns-that-start-with-dot-244.patch
- Renamed and modified:
  * 3002.2-do-not-consider-skipped-targets-as-failed-for.patch -> 3003.3-do-not-consider-skipped-targets-as-failed-for.patch
  * 3002.2-postgresql-json-support-in-pillar-424.patch -> 3003.3-postgresql-json-support-in-pillar-423.patch
  * add-salt-ssh-support-with-venv-salt-minion-3002.2-47.patch -> add-salt-ssh-support-with-venv-salt-minion-3004-493.patch
  * allow-vendor-change-option-with-zypper-313.patch -> allow-vendor-change-option-with-zypper.patch
  * fix-inspector-module-export-function-bsc-1097531-480.patch -> fix-inspector-module-export-function-bsc-1097531-481.patch
  * fix-salt-ssh-opts-poisoning-bsc-1197637-3002.2-500.patch -> fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch
  * fix-state.orchestrate_single-to-not-pass-pillar-none.patch -> state.orchestrate_single-does-not-pass-pillar-none-4.patch
  * fix-traceback.-_exc-calls-429.patch -> fix-traceback.print_exc-calls-for-test_pip_state-432.patch
  * mock-ip_addrs-in-utils-minions.py-unit-test-444.patch -> mock-ip_addrs-in-utils-minions.py-unit-test-443.patch
  * support-transactional-systems-microos-271.patch -> support-transactional-systems-microos.patch
- Fix regression preventing bootstrapping new clients caused by
  redundant dependency on psutil (bsc#1197533)
- Prevent data pollution between actions proceesed at the same time (bsc#1197637)
- Added:
  * fix-regression-with-depending-client.ssh-on-psutil-b.patch
  * prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch
- Fix salt-ssh opts poisoning (bsc#1197637)
- Clear network interfaces cache on grains request (bsc#1196050)
- Add salt-ssh with Salt Bundle support (venv-salt-minion)
- (bsc#1182851, bsc#1196432)
- Remove duplicated method definitions in salt.netapi
- Restrict "/state.orchestrate_single"/ to pass a pillar value if it exists (bsc#1194632)
- Added:
  * add-salt-ssh-support-with-venv-salt-minion-3002.2-47.patch
  * remove-duplicated-method-definitions-in-salt.netapi-.patch
  * fix-multiple-security-issues-bsc-1197417.patch
  * fix-salt-ssh-opts-poisoning-bsc-1197637-3002.2-500.patch
  * fix-state.orchestrate_single-to-not-pass-pillar-none.patch
  * clear-network-interface-cache-when-grains-are-reques.patch
- Renamed:
  * patch_for_cve_bsc1197417.patch -> fix-multiple-security-issues-bsc-1197417.patch
- Fix multiple security issues (bsc#1197417)
  * Sign authentication replies to prevent MiTM (CVE-2022-22935)
  * Sign pillar data to prevent MiTM attacks. (CVE-2022-22934)
  * Prevent job and fileserver replays (CVE-2022-22936)
  * Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941)
salt-netapi-client
- Improve the hotfix for bsc#1192550 (bsc#1197449):
  * 0001-enable-arrays-in-StateApplyResult-name-bsc-1192550.patch
samba
- Revert NIS support removal; (bsc#1199247);
- Use requires_eq macro to require the libldb2 version available at
  samba-dsdb-modules build time; (bsc#1199362);
- Add missing samba-client requirement to samba-winbind package;
  (bsc#1198255);
- Update to 4.15.7
  * Share and server swapped in smbget password prompt; (bso#14831);
  * Durable handles won't reconnect if the leased file is written
    to; (bso#15022);
  * rmdir silently fails if directory contains unreadable files and
    hide unreadable is yes; (bso#15023);
  * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information
    on renamed file handle; (bso#15038);
  * vfs_shadow_copy2 breaks "/smbd async dosmode"/ sync fallback;
    (bso#14957);
  * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes;
    (bso#15035);
  * PAM Kerberos authentication incorrectly fails with a clock skew
    error; (bso#15046);
  * username map - samba erroneously applies unix group memberships
    to user account entries; (bso#15041);
  * NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES
    in SMBC_server_internal; (bso#14983);
  * Simple bind doesn't work against an RODC (with non-preloaded users);
    (bso#13879);
  * Crash of winbind on RODC; (bso#14641);
  * uncached logon on RODC always fails once; (bso#14865);
  * KVNO off by 100000; (bso#14951);
  * LDAP simple binds should honour "/old password allowed period"/;
    (bso#15001);
  * wbinfo -a doesn't work reliable with upn names; (bso#15003);
  * Simple bind doesn't work against an RODC (with non-preloaded
    users); (bso#13879);
  * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027);
  * Regression: create krb5 conf = yes doesn't work with a single KDC;
    (bso#15016);
- Add provides to samba-client-libs package to fix upgrades from
  previous versions; (bsc#1197995);
- Add missing samba-libs requirement to samba-winbind package;
  (bsc#1198255);
- Update to 4.15.6
  * Renaming file on DFS root fails with
    NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169);
  * Samba does not response STATUS_INVALID_PARAMETER when opening 2
    objects with same lease key; (bso#14737);
  * NT error code is not set when overwriting a file during rename
    in libsmbclient; (bso#14938);
  * Fix ldap simple bind with TLS auditing; (bso#14996);
  * net ads info shows LDAP Server: 0.0.0.0 depending on contacted
    server; (bso#14674);
  * Problem when winbind renews Kerberos; (bso#14979);
    (bsc#1196224);
  * pam_winbind will not allow gdm login if password about to
    expire; (bso#8691);
  * virusfilter_vfs_openat: Not scanned: Directory or special file;
    (bso#14971);
  * DFS fix for AIX broken; (bso#13631);
  * Solaris and AIX acl modules: wrong function arguments;
    (bso#14974);
  * Function aixacl_sys_acl_get_file not declared / coredump;
    (bso#7239);
  * Regression: Samba 4.15.2 on macOS segfaults intermittently
    during strcpy in tdbsam_getsampwnam; (bso#14900);
  * Fix a use-after-free in SMB1 server; (bso#14989);
  * smb2_signing_decrypt_pdu() may not decrypt with
    gnutls_aead_cipher_decrypt() from gnutls before 3.5.2;
    (bso#14968);
  * Changing the machine password against an RODC likely destroys
    the domain join; (bso#14984);
  * authsam_make_user_info_dc() steals memory from its struct
    ldb_message *msg argument; (bso#14993);
  * Use Heimdal 8.0 (pre) rather than an earlier snapshot;
    (bso#14995);
  * Samba autorid fails to map AD users if id rangesize fits in the
    id range only once; (bso#14967);
- Fix mismatched version of libldb2; (bsc#1196788).
- Drop obsolete SuSEfirewall2 service files.
- Drop obsolete Samba fsrvp v0->v1 state upgrade functionality;
  (bsc#1080338).
- Fix ntlm authentications with "/winbind use default domain = yes"/;
  (bso#13126); (bsc#1173429); (bsc#1196308).
- Fix samba-ad-dc status warning notification message by disabling
  systemd notifications in bgqd; (bsc#1195896); (bso#14947).
- libldb version mismatch in Samba dsdb component; (bsc#1118508);
- Update to 4.15.5
  * CVE-2021-44141: UNIX extensions in SMB1 disclose whether the
    outside target of a symlink exists; (bso#14911);
    (bsc#1193690).
  * CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit
    module; (bso#14914); (bsc#1194859).
  * CVE-2022-0336:  Re-adding an SPN skips subsequent SPN
    conflict checks; bso#14950); (bsc#1195048).
smdba
- Don't package egg-info file for Enterprise Linux.
- Version 1.7.10
  * adapt pgtune using new defaults for new postgres versions
  * support special configuration for SSD storage
  * make argument "/--backup-dir"/ symlink aware
- Version 1.7.9
- allow different standard configuration file location for other OSes
spacecmd
- version 4.2.17-1
  * parse boolean paramaters correctly (bsc#1197689)
- version 4.2.16-1
  * implement system.bootstrap (bsc#1194909)
  * Fix interactive mode for "/system_applyerrata"/ and "/errata_apply"/ (bsc#1194363)
spacewalk-admin
- version 4.2.10-1
  * wait after copying the CA to give systemd time to finish automation
spacewalk-backend
- version 4.2.22-1
  * Do not raise error on file:// based DEB repo when looking
    for alternative Release files (bsc#1199142)
- version 4.2.21-1
  * Improve parsing deb packages dependencies (bsc#1194594)
- version 4.2.20-1
  * Fix reposync update notice formatting and date parsing (bsc#1194447)
  * implement more decompression algorithms for reposync (bsc#1196704)
  * enable check for client certificates in reposync
  * remove auto inherit of host entitlements for virtual guests
spacewalk-branding
- version 4.2.13-1
  * Fix modal footer misalignment
spacewalk-certs-tools
- version 4.2.16-1
  * Add Salt Bundle support to bootstrap script generator
- version 4.2.15-1
  * Add dynamic version for bootstrap script header (bsc#1186336)
spacewalk-client-tools
- version 4.2.18-1
  * Fix the condition for preventing building python 2 subpackage
    for SLE15
- version 4.2.17-1
  * Update translation strings
spacewalk-config
- version 4.2.6-1
  * Upgrade build tooling, and corresponding cache configuration
spacewalk-java
- version 4.2.38-1
  * Remove unused gson-extras.jar during build
- version 4.2.37-1
  * Fix send login(s) and send password actions to avoid user enumeration (bsc#1199629)
- version 4.2.36-1
  * Add rate-limiting to frontend logging (bsc#1199512) (CVE-2022-21952)
- version 4.2.35-1
  * faster display installable packages list (bsc#1187333)
  * Pass ssh_salt_pre_flight_script and ssh_use_salt_thin parameters
    to the generated roster files to enable optional Salt Bundle
    support with Salt SSH
  * Fix reboot time on salt-ssh client(bsc#1197591)
  * detect free products in Alpha and Beta stage and prevent checks
    on openSUSE products (bsc#1197488)
  * Allow monitoring entitlement for debian 11 and 10
  * Hide private methods in XMLRPC handlers
  * Warning log when hardware refresh result is not serializable
  * Optimize adding new products function (bsc#1193707)
- version 4.2.34-1
  * Added new XML-RPC mathod: configchannel.syncSaltFilesOnDisk
  * update last checkin only if job is successful (bsc#1197007)
  * Fix NPE when accessing cancelled action via system history (bsc#1195762)
  * CVE Audit: Show patch as available in the currently installed product even if successor
    patch affects additional packages (bsc#1196455)
  * send notifications for new or changed ubuntu errata (bsc#1196977)
  * change directory owner and permissions only when needed
  * Fixed broken help link for system overview
  * Provide link to Sync page when unsynced patches message show up
    (bsc#1196094)
  * fix class cast exception during action chains (bsc#1195772)
  * Finding empty profiles by mac address must be case insensitive (bsc#1196407)
  * prepare to use new postgresql-jdbc driver with stringprep and saslprep
    support (bsc#1196693)
  * allow SCC to display the last check-in time for registered systems
  * generate the system ssh key when bootstrapping a salt-ssh client
    (bsc#1194909)
  * Provide link for CVEs
  * Fix lock/unlock scheduling on page Software -> Packages -> Lock (bsc#1195271)
  * When adding a product, check if the new vendor channels conflicts
    with any of the existing custom channel (bsc#1193448)
  * Fix disappearing metadata key files after channel change (bsc#1192822)
  * Suggest Product Migration when patch for CVE is in a successor Product (bsc#1191360)
  * Add store info to Equals and hash methods to fix CVE audit process (bsc#1195282)
  * Fix virtualization list rendering for foreign systems (bsc#1195712)
  * FIX errors when an image profile / store is deleted
    during build / inspect action (bsc#1191597, bsc#1192150)
  * Remove verbose token log (bsc#1195666)
  * fix ClassCastException during action processing (bsc#1195043)
spacewalk-utils
- version 4.2.16-1
  * Add Debian 11 repositories
spacewalk-web
- version 4.2.27-1
  * increase web page default timeout (bsc#1187333)
  * Add ssh_salt_pre_flight_script and ssh_use_salt_thin parameters
    to default rhn_web.conf
  * Upgrade minimist to fix CVE-2021-44906
  * susemanager-nodejs-sdk-devel is now provided by spacewalk-web
  * Resolve race conditions in CLM (bsc#1195710)
- version 4.2.26-1
  * Provide link to Sync page when unsynced patches message show up
    (bsc#1196094)
  * Provide a search box on section name for Formulas content
  * Add expand/collapse all button for formula sections
  * Improved large data support in channel selection
  * Provide link for CVEs
  * Improved error handling in the product setup page
  * Suggest Product Migration when patch for CVE is in a successor Product (bsc#1191360)
  * susemanager-web-libs is now packaged as a part of spacewalk-html
subscription-matcher
- Version 0.29
  * Migration to log4j 2
- Version 0.28
  * Support both antlr3-java and antlr3-runtime as dependencies
  * Make it obvious that log4j12 is used
supportutils-plugin-susemanager
- version 4.2.4-1
  * Get version of bootstrap scripts for supportconfig (bsc#1186336)
suse-build-key
- still ship the old ptf key (was not added to documentation by mistake).
  (bsc#1198504)
suseRegisterInfo
- version 4.2.6-1
  * Fix the condition for preventing building python 2 subpackage
    for SLE15
susemanager
- version 4.2.32-1
  * Add python3-contextvars and python3-immutables to missing bootstrap repos (bsc#1200606)
- version 4.2.31-1
  * Add python3-gnupg to bootstrap repo definition for Ubuntu 20.04 (bsc#1200212)
- version 4.2.30-1
  * Fix a syntax problem at the bootstrap repository definitions
- version 4.2.29-1
  * Add Salt Bundle support to mgr-create-bootstrap-repo
  * Enable bootstrapping for Debian 11
  * fix SLE15 bootstrap repo definition (bsc#1197438)
  * Add SLES15SP4 and SUMA Proxy 4.3 to bootstrap
    repo definitions (bsc#1196702)
  * Add missing dependencies for Salt 3004 into bootstrap repository
    for SLE15 family (bsc#1198221)
- version 4.2.28-1
  * set default for registration batch size
susemanager-doc-indexes
- Updated Salt version for Server and Proxy to 3004
- Added details to Client Configuration Guide on using Salt Bundle
  as optional
- Updated saltversion attribute from 3002 to 3004
- In the Administration Guide, documented that monitoring tools are
  available in SUSE Linux Enterprise 12 and 15 and openSUSE Leap 15,
  but Grafana is not available on Proxy (bsc#1191143)
- Documented Autoyast installation features in Autoyast section of
  the Client Configuration Guide
- In Client Configuration Guide document Debian 11 as a supported OS
  as a client
- In Client Configuration Guide, clarified client upgrade issues
- In Client Configuration Guide, added information about registration
  of version 12 of SUSE Linux Enterprise clients
- In Client Configuration Guide, mark the applying patches features as
  supported on Ubuntu
- SLE Micro in Client Configuration Guide: Update version number from
  5.0 to 5.1, and warn about Salt installation.
- Renamed golang-github-wrouesnel-postgres_exporter to
  prometheus-postgres_exporter in the Administration Guide
- Clarified in Client Configuration Guide and Retail Guide that
  mandatory channels are automatically checked. Also recommended
  channels as long as they are not deactivated (bsc#1173527)
- In Custom Channels chapter of the Administration Guide, provide
  information about creating metadata (bsc#1195294)
- In the Client Configuration Guide, mark Yomi as unsupported on
  SUSE Linux Enterprise Server 11 and 12
- Documented GPG encrypted Salt Pillars in the Salt book
- In Client Configuration Guide, fixed channel configuration and
  registration of Expanded Support clients
- Clarified channel label name in Registering Clients with RHUI
  section of the Client Configuration Guide (bsc#1196067)
- In Throubleshooting Synchronization chapter in the Administration
  Guide added instructions for GPG removal
- In Client Configuration Guide, integrated SUSE Linux Enterprise
  Micro Client documentation next to SUSE Linux Enterprise Client
  documentation and other related documentation improvements (bsc#1195145)
- Added a warning about the origin of the salt-minion package in the
  Register on the Command Line (Salt) section of the Client
  Configuration Guide
- Add troubleshooting section about avoiding package conflicts
  with custom channels
susemanager-docs_en
- Updated Salt version for Server and Proxy to 3004
- Added details to Client Configuration Guide on using Salt Bundle
  as optional
- In the Administration Guide, documented that monitoring tools are
  available in SUSE Linux Enterprise 12 and 15 and openSUSE Leap 15,
  but Grafana is not available on Proxy (bsc#1191143)
- Documented Autoyast installation features in Autoyast section of
  the Client Configuration Guide
- In Client Configuration Guide document Debian 11 as a supported OS
  as a client
- In Client Configuration Guide, clarified client upgrade issues
- In Client Configuration Guide, added information about registration
  of version 12 of SUSE Linux Enterprise clients
- In Client Configuration Guide, mark the applying patches features as
  supported on Ubuntu
- SLE Micro in Client Configuration Guide: Update version number from
  5.0 to 5.1, and warn about Salt installation.
- Renamed golang-github-wrouesnel-postgres_exporter to
  prometheus-postgres_exporter in the Administration Guide
- Clarified in Client Configuration Guide and Retail Guide that
  mandatory channels are automatically checked. Also recommended
  channels as long as they are not deactivated (bsc#1173527)
- In Custom Channels chapter of the Administration Guide, provide
  information about creating metadata (bsc#1195294)
- In the Client Configuration Guide, mark Yomi as unsupported on
  SUSE Linux Enterprise Server 11 and 12
- Documented GPG encrypted Salt Pillars in the Salt book
- In Client Configuration Guide, fixed channel configuration and
  registration of Expanded Support clients
- Clarified channel label name in Registering Clients with RHUI
  section of the Client Configuration Guide (bsc#1196067)
- In Throubleshooting Synchronization chapter in the Administration
  Guide added instructions for GPG removal
- In Client Configuration Guide, integrated SUSE Linux Enterprise
  Micro Client documentation next to SUSE Linux Enterprise Client
  documentation and other related documentation improvements (bsc#1195145)
- Added a warning about the origin of the salt-minion package in the
  Register on the Command Line (Salt) section of the Client
  Configuration Guide
- Add troubleshooting section about avoiding package conflicts
  with custom channels
susemanager-schema
- version 4.2.22-1
  * Add schema directory for susemanager-schema-4.2.21
- version 4.2.21-1
  * fix check on allowVendorChange
  * fix advisory status migration (bsc#1195765)
  * FIX error when an image profile / store is deleted
    during build / inspect action (bsc#1191597, bsc#1192150)
susemanager-sls
- version 4.2.23-1
  * Fix bootstrap repository URL resolution for Yum based clients
    with preflight script for Salt SSH
- version 4.2.22-1
  * Add Salt Bundle support on bootstrapping
  * Add Salt SSH with Salt Bundle support
  * Add util.mgr_switch_to_venv_minion state to switch salt minions
    to use the Salt Bundle
  * Fix bootstrap repository path resolution for Oracle Linux
  * Handle salt bundle in set_proxy.sls
- version 4.2.21-1
  * Improve `pkgset` beacon with using `salt.cache`
    to notify about the changes made while the minion was stopped
  * Align the code of pkgset beacon to prevent warnings (bsc#1194464)
  * fixing how the return code is returned in mgrutil runner (bsc#1194909)
  * Fix errors on calling sed -E ... by force_restart_minion
    with action chains
  * Avoid using lscpu -J option in grains (bsc#1195920)
  * Postgres exporter package was renamed
  * fix deprecation warnings
susemanager-sync-data
- version 4.2.12-1
  * change release status of EL 7 and 8 aarch64 to released
  * change release status of Rocky Linux 8 x86_64 to released
  * add Debian 11 amd64
systemd
- Import commit 12b0904b9117aeaef138784e5b118b82cd87d7cb
  b579fe1e09 tmpfiles: constify item_compatible() parameters
  01f4af3573 test: add test checking tmpfiles conf file precedence
  e8f4d24e97 test tmpfiles: add a test for 'w+'
  9c559f3854 tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
  7fab6b6a6e journald: make use of CLAMP() in cache_space_refresh()
  1c8b02567c journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
  0007446abc journal-file: port journal_file_open() to openat_report_new()
  a07ad29813 fs-util: make sure openat_report_new() initializes return param also on shortcut
  6bb087a1fc fs-util: fix typos in comments
  42532a8bfb fs-util: add openat_report_new() wrapper around openat()
systemd-presets-branding-SLE
- Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312)
systemd-presets-common-SUSE
- enable vgauthd service for VMWare by default (bsc#1195251)
tar
- tests-skip-time01-on-32bit-time_t.patch: Add patch to skip test
  'tests/time01.at' on platforms with 32-bit time_t for now.
- tar.spec: Reference it.
  (%check): Output the testsuite.log in case the testsuite failed.
- The following issues have already been fixed in this package but
  weren't previously mentioned in the changes file:
  * bsc#1181131, CVE-2021-20193
  * bsc#1120610
- GNU tar 1.34:
  * Fix extraction over pipe
  * Fix memory leak in read_header
  * Fix extraction when . and .. are unreadable
  * Gracefully handle duplicate symlinks when extracting
  * Re-initialize supplementary groups when switching to user
    privileges
- GNU tar 1.33:
  * POSIX extended format headers do not include PID by default
  * --delay-directory-restore works for archives with reversed
    member ordering
  * Fix extraction of a symbolic link hardlinked to another
    symbolic link
  * Wildcards in exclude-vcs-ignore mode don't match slash
  * Fix the --no-overwrite-dir option
  * Fix handling of chained renames in incremental backups
  * Link counting works for file names supplied with -T
  * Accept only position-sensitive (file-selection) options in file
    list files
- remove deprecated texinfo packaging macros
- prepare usrmerge (boo#1029961)
- Drop Requires(pre) info in the preamble: the main package does
  not contain any info files, and has not even a pre script. The
  - doc subpackage already has the correct deps.
- No longer recommend -lang: supplements are in use.
- update to version 1.32
  * Fix the use of --checkpoint without explicit --checkpoint-action
  * Fix extraction with the -U option
  * Fix iconv usage on BSD-based systems
  * Fix possible NULL dereference (savannah bug #55369)
    [bsc#1130496] [CVE-2019-9923]
  * Improve the testsuite
- remove tar-1.31-tests_dirrem.patch and
  tar-1.31-racy_compress_tests.patch that are no longer needed
  (applied usptream)
- Remove libattr-devel from buildrequires, tar no longer uses
  it but finds xattr functions in libc.
- update to version 1.31
  * Fix heap-buffer-overrun with --one-top-level, bug introduced
    with the addition of that option in 1.28
  * Support for zstd compression
  * New option '--zstd' instructs tar to use zstd as compression
    program. When listing, extractng and comparing, zstd compressed
    archives are recognized automatically. When '-a' option is in
    effect, zstd compression is selected if the destination archive
    name ends in '.zst' or '.tzst'.
  * The -K option interacts properly with member names given in the
    command line. Names of members to extract can be specified along
    with the "/-K NAME"/ option. In this case, tar will extract NAME
    and those of named members that appear in the archive after it,
    which is consistent with the semantics of the option. Previous
    versions of tar extracted NAME, those of named members that
    appeared before it, and everything after it.
  * Fix CVE-2018-20482 - When creating archives with the --sparse
    option, previous versions of tar would loop endlessly if a
    sparse file had been truncated while being archived.
- remove the following patches (upstreamed)
  * tar-1.30-tests-difflink.patch
  * tar-1.30-tests_dirrem_race.patch
- refresh add_readme-tests.patch
- add tar-1.31-tests_dirrem.patch to fix expected output in dirrem
  tests
- add tar-1.31-racy_compress_tests.patch to fix compression tests
tomcat
- Security hardening. Deprecate getResources() and always return null. (bsc#1198136)
- Added patch: tomcat-9.0-hardening_getResources.patch
vim
- Deleted patches:
  * restrict-shell-commands.patch
  * source-check-sandbox.patch
  * vim-8.0.1568-CVE-2021-3778.patch
  * vim-8.0.1568-CVE-2021-3796.patch
  * vim-8.0.1568-CVE-2021-3872.patch
  * vim-8.0.1568-CVE-2021-3927.patch
  * vim-8.0.1568-CVE-2021-3928.patch
  * vim-8.0.1568-CVE-2021-3984.patch
  * vim-8.0.1568-CVE-2021-4019.patch
  * vim-8.0.1568-CVE-2021-4193.patch
  * vim-8.0.1568-CVE-2021-46059.patch
  * vim-8.0.1568-CVE-2022-0319.patch
  * vim-8.0.1568-CVE-2022-0351.patch
  * vim-8.0.1568-CVE-2022-0361.patch
  * vim-8.0.1568-CVE-2022-0413.patch
  * vim-8.0.1568-globalvimrc.patch
- Added patches:
  * vim-8.1.0297-dump3.patch
  * vim-8.2.2411-globalvimrc.patch
  * disable-unreliable-tests-arch.patch
- Updated patches:
  * disable-unreliable-tests.patch
  * vim-7.3-filetype_changes.patch
  * vim-7.3-filetype_ftl.patch
  * vim-7.3-filetype_spec.patch
  * vim-7.3-gvimrc_fontset.patch
  * vim-7.3-help_tags.patch
  * vim-7.3-mktemp_tutor.patch
  * vim-7.3-name_vimrc.patch
  * vim-7.3-sh_is_bash.patch
  * vim-7.3-use_awk.patch
  * vim-7.4-disable_lang_no.patch
  * vim-7.4-filetype_apparmor.patch
  * vim-7.4-filetype_mine.patch
  * vim-7.4-highlight_fstab.patch
  * vim-8.0-ttytype-test.patch
  * vim-8.0.1568-defaults.patch
  * vim73-no-static-libpython.patch
- Updated to version 8.2 with patch level 5038, fixes the following problems
  * Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow
  * Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow
  * Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to
    Heap-based Buffer Overflow
  * Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to
    Heap-based Buffer Overflow
  * Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use
    After Free
  * Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open()
    in src/ex_docmd.c
  * Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to
    Heap-based Buffer Overflow
  * Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to
    Out-of-bounds Read
  * Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to
    Out-of-bounds Read
  * Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free
  * Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow
    in vim prior to 8.2.
  * Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to
    Heap-based Buffer Overflow
  * Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in
    vim prior to 8.2.
  * Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in
    init_ccline() in ex_getln.c
  * Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in
    Conda vim prior to 8.2.
  * Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow
    in skip_range
  * Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in
    append_command
  * Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in
    function cmdline_erase_chars
  * Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in
    function vim_regexec_string
  * Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in
    find_pattern_in_path
  * Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim
  * Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior
    to 8.2
  * Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior
    to 8.2
  * Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a
    .swp file to the editor's primary group, which allows local users to obtain
    sensitive information
  * Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to
    Out-of-bounds Read
  * Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow
    in vim prior to 8.2
  * Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in
    vim prior to 8.2
  * Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset
  * Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow
  * Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in
    cindent.c
  * Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior
    to 8.2.
  * Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write
  * Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read
virtual-host-gatherer
- version 1.0.23-1
  * reformat the first 3 groups of the UUID for hardware versions >=13
    in VMWare environment.
  * Fix shebangs to use python3
  * Implement libvirt module
xen
- bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen:
  Insufficient care with non-coherent mappings
  fix xsa402-5.patch
- Upstream bug fixes (bsc#1027519)
  625fca42-VT-d-reserved-CAP-ND.patch
  627549d6-IO-shutdown-race.patch
- bsc#1199965 - VUL-0: EMBARGOED: CVE-2022-26362: xen: Race condition
  in typeref acquisition
  xsa401-1.patch
  xsa401-2.patch
- bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen:
  Insufficient care with non-coherent mappings
  xsa402-1.patch
  xsa402-2.patch
  xsa402-3.patch
  xsa402-4.patch
  xsa402-5.patch
- Update to Xen 4.14.5 bug fix release (bsc#1027519)
  xen-4.14.5-testing-src.tar.bz2
- Drop patches contained in new tarball
  60782745-x86-AMD-split-LFENCE-setup.patch
  6081bae4-x86-cpuid-LFENCE-always-serialising.patch
  61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch
  61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch
  61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch
  61f933a4-x86-cpuid-advertise-SSB_NO.patch
  61f933a5-x86-drop-use_spec_ctrl-boolean.patch
  61f933a6-x86-new-has_spec_ctrl-boolean.patch
  61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch
  61f933a8-x86-SPEC_CTRL-record-last-write.patch
  61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch
  61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch
  61f933ab-x86-AMD-SPEC_CTRL-infra.patch
  61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch
  61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch
  6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch
  6202afa4-x86-TSX-move-has_rtm_always_abort.patch
  6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch
  6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch
  6202afa8-x86-Intel-PSFD-for-guests.patch
  62278667-Arm-introduce-new-processors.patch
  62278668-Arm-move-errata-CSV2-check-earlier.patch
  62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch
  6227866a-Arm-Spectre-BHB-handling.patch
  6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch
  6227866c-x86-AMD-cease-using-thunk-lfence.patch
  624ebcef-VT-d-dont-needlessly-look-up-DID.patch
  624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch
  624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch
  xsa397.patch
  xsa399.patch
  xsa400-01.patch
  xsa400-02.patch
  xsa400-03.patch
  xsa400-04.patch
  xsa400-05.patch
  xsa400-06.patch
  xsa400-07.patch
  xsa400-08.patch
  xsa400-09.patch
  xsa400-10.patch
  xsa400-11.patch
- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359,
  CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity
  map (AMD-Vi) handling issues (XSA-400)
  624ebcef-VT-d-dont-needlessly-look-up-DID.patch
  624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch
  624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch
- bsc#1197423 - VUL-0: CVE-2022-26356: xen: Racy interactions
  between dirty vram tracking and paging log dirty hypercalls
  (XSA-397)
  xsa397.patch
- bsc#1197425 - VUL-0: CVE-2022-26357: xen: race in VT-d domain ID
  cleanup (XSA-399)
  xsa399.patch
- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359,
  CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity
  map (AMD-Vi) handling issues (XSA-400)
  xsa400-01.patch
  xsa400-02.patch
  xsa400-03.patch
  xsa400-04.patch
  xsa400-05.patch
  xsa400-06.patch
  xsa400-07.patch
  xsa400-08.patch
  xsa400-09.patch
  xsa400-10.patch
  xsa400-11.patch
yast2-bootloader
- AutoYaST: do not clone device for hibernation and also check
  during autoinstallation if device for hibernation exists and if
  not then use proposed one. (bsc#1187690 and bsc#1197192)
- 4.3.31
yast2-installation
- Revert changes introduced in v4.3.50 as it produces some ordering
  cycle issues (bsc#1198294)
- 4.3.52
- AutoYaST: move custom file creation past user creation so that
  the element files/file/file_owner actually has an effect
  (bsc#1196595)
- 4.3.51
yast2-network
- CFA NM: replace problematic characters when getting the filename
  for the given wireless configuration (bsc#1199451).
- 4.3.82
yast2-samba-client
- Use translation macro for range settings expert details text;
  (bsc#1197936).
- 4.3.5
yast2-schema
- Fix rules validation when using a dialog (bsc#1199165).
- 4.3.29
yast2-storage-ng
- Fix fstab entry filesystem matching allowing the use of quotes
  surrounding the device UUID or label (bsc#1197692)
- 4.3.60
zypp-plugin