apache2
  fix CVE-2022-37436 [bsc#1207251], mod_proxy backend HTTP response splitting
  + apache2-CVE-2022-37436.patch
  fix CVE-2022-36760 [bsc#1207250], mod_proxy_ajp Possible request smuggling
  + apache2-CVE-2022-36760.patch
  fix CVE-2006-20001 [bsc#1207247], mod_dav out of bounds read, or write of zero byte
  + apache2-CVE-2006-20001.patch
- security update
- added patches:
apache2-mod_wsgi-python3
- Add CVE-2022-2255.patch (bsc#1201634)
apr-util
- security fix CVE-2022-25147, bsc#1207866: buffer overflow
  possible with specially crafted input
  + added patch apr-util-CVE-2022-25147.patch
autoyast2
- Process the <ask-list/> section in an installed system once the
  <general/> section is imported in the (bsc#1201953).
- 4.3.104
- Revert the modification done in version 4.3.97 running the
  initscripts before systed-user-sessions service again once
  systemd fixed logind (bsc#1195059, bsc#1200780)
- 4.3.103
avahi
- Add avahi-bsc1163683.patch: do not cache responses generated
  locally (bsc#1163683).
bcel
- Security fix: [bsc#1205125, CVE-2022-42920]
  * Apache Commons BCEL prior to 6.6.0 allows producing
    arbitrary bytecode via out-of-bounds writing
  * Add bcel-CVE-2022-42920.patch
bind
- Security Fix:
  * An UPDATE message flood could cause named to exhaust all
    available memory. This flaw was addressed by adding a new
    update-quota option that controls the maximum number of
    outstanding DNS UPDATE messages that named can hold in a queue
    at any given time (default: 100).
  [bsc#1207471, CVE-2022-3094, bind-CVE-2022-3094.patch]
- Add systemd drop-in directory for named service
  [bsc#1201689, bind.spec]
binutils
- Add binutils-maxpagesize.diff for a problem on old code
  streams, where we would generate too large binaries.
- s390-pic-dso.diff: use %pB instead of %B
- SLE toolchain update of binutils.  Update to 2.39 from 2.37,
  which means obsoleting and hence removing these patches:
  binutils-add-efi-aarch64-1.diff, binutils-add-efi-aarch64-2.diff,
  binutils-add-efi-aarch64-3.diff, binutils-fix-keepdebug.diff,
  binutils-add-z16-name.diff.
  Implements [jsc#SLE-25046, jsc#PED-2029, jsc#PED-2035, jsc#PED-2033,
  jsc#PED-2030, jsc#PED-2038, jsc#PED-2032, jsc#PED-2034, jsc#PED-2031,
  jsc#SLE-25047]
- This fixes these CVEs relative to 2.37:
  [bsc#1188374, bsc#1185597] aka (GCC) PR99935 aka CVE-2021-3648
  [bsc#1193929] aka PR28694 aka CVE-2021-45078
  [bsc#1194783] aka (GCC) PR98886 aka CVE-2021-46195
  [bsc#1197592] aka (GCC) PR105039 aka CVE-2022-27943
  [bsc#1202966] aka PR29289 aka CVE-2022-38126
  [bsc#1202967] aka PR29290 aka CVE-2022-38127
  [bsc#1202969] aka CVE-2021-3826
- Add binutils-pr29482.diff for PR29482, aka CVE-2022-38533
  [bsc#1202816]
- Rebase binutils-2.39-branch.diff.gz that contains fix for PR29451.
- Add binutils-2.39-branch.diff.gz.
- Explicitly enable --enable-warn-execstack=yes and	--enable-warn-rwx-segments=yes.
- Add gprofng subpackage.
- Update to binutils 2.39:
  * The ELF linker will now generate a warning message if the stack is made
    executable.  Similarly it will warn if the output binary contains a
    segment with all three of the read, write and execute permission
    bits set.  These warnings are intended to help developers identify
    programs which might be vulnerable to attack via these executable
    memory regions.
    The warnings are enabled by default but can be disabled via a command
    line option.  It is also possible to build a linker with the warnings
    disabled, should that be necessary.
  * The ELF linker now supports a --package-metadata option that allows
    embedding a JSON payload in accordance to the Package Metadata
    specification.
  * In linker scripts it is now possible to use TYPE=<type> in an output
    section description to set the section type value.
  * The objdump program now supports coloured/colored syntax
    highlighting of its disassembler output for some architectures.
    (Currently: AVR, RiscV, s390, x86, x86_64).
  * The nm program now supports a --no-weak/-W option to make it ignore
    weak symbols.
  * The readelf and objdump programs now support a -wE option to prevent
    them from attempting to access debuginfod servers when following
    links.
  * The objcopy program's --weaken, --weaken-symbol, and
  - -weaken-symbols options now works with unique symbols as well.
- Rebase binutils-compat-old-behaviour.diff, binutils-revert-hlasm-insns.diff,
  binutils-revert-plt32-in-branches.diff and remove binutils-2.38-branch.diff.gz.
- For now use --disable-gprofng.
- Includes fixes for these CVEs:
  bnc#1142579 aka CVE-2019-1010204 aka PR23765
(Fake entry from SLE for tracking purposes:)
- Use https for variosu links.
- Update binutils-2.38-branch.diff.gz (to 93054037f1e304e)
  in order to include PR29087.
- Enable multitarget build on riscv64
- On SLE15 and later, use make -Oline to synchronize configure output by
  lines
(Fake entry from SLE for tracking purposes:)
- Renumber Sources.
- Fix ExcludeArch for ppc.
- Make multibuild utilize only the main binutils.spec file.
- Remove not needed README.First-for.SUSE.packagers, pre_checkin.sh.
- Start using _multibuild for cross binutils.
  (forward port from SLE)
- Update binutils-2.38-branch.diff.gz (to c210342d7f5) to include
  recognition of 'z16' name for 'arch14' on s390.  [bsc#1198237]
(Fake entry from SLE for tracking purposes:)
- Add usage of a SUSE_ZNOW environment variable which allows switching
  on "/-z now"/ by default using "/export SUSE_ZNOW=1"/, similar to
  the SUSE_ASNEEDED variable.  Adds binutils-znow.patch.
- Update binutils-skip-rpaths.patch: add back fix for boo#1191473,
  which got lost in the update to 2.38.
- Update binutils-2.38-branch.diff.gz in order to include PR28879.
- From Stefan Brüns <stefan.bruens@rwth-aachen.de>:
  * Install symlinks for all target specific tools on
    arm-eabi-none [bsc#1185712]
- Do not re-generate ld/ldlex.c, ld/ldgram.c, ld/ldgram.h and verify
  that corresponding flex/bison files are not modified by a patch.
- Use verbose mode for make for cross compilers.
- Make it build on SLE-11 again.
- Use verbose mode for make.
- Update to binutils 2.38:
  * elfedit: Add --output-abiversion option to update ABIVERSION.
  * Add support for the LoongArch instruction set.
  * Tools which display symbols or strings (readelf, strings, nm, objdump)
    have a new command line option which controls how unicode characters are
    handled.  By default they are treated as normal for the tool.  Using
  - -unicode=locale will display them according to the current locale.
    Using --unicode=hex will display them as hex byte values, whilst
  - -unicode=escape will display them as escape sequences.  In addition
    using --unicode=highlight will display them as unicode escape sequences
    highlighted in red (if supported by the output device).
  * readelf -r dumps RELR relative relocations now.
  * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been
    added to objcopy in order to enable UEFI development using binutils.
  * ar: Add --thin for creating thin archives. -T is a deprecated alias without
    diagnostics. In many ar implementations -T has a different meaning, as
    specified by X/Open System Interface.
  * Add support for AArch64 system registers that were missing in previous
    releases.
  * Add support for the LoongArch instruction set.
  * Add a command-line option, -muse-unaligned-vector-move, for x86 target
    to encode aligned vector move as unaligned vector move.
  * Add support for Cortex-R52+ for Arm.
  * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64.
  * Add support for Cortex-A710 for Arm.
  * Add support for Scalable Matrix Extension (SME) for AArch64.
  * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the
    assembler what to when it encoutners multibyte characters in the input.  The
    default is to allow them.  Setting the option to "/warn"/ will generate a
    warning message whenever any multibyte character is encountered.  Using the
    option to "/warn-sym-only"/ will make the assembler generate a warning whenever a
    symbol is defined containing multibyte characters.  (References to undefined
    symbols will not generate warnings).
  * Outputs of .ds.x directive and .tfloat directive with hex input from
    x86 assembler have been reduced from 12 bytes to 10 bytes to match the
    output of .tfloat directive.
  * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and
    'armv9.3-a' for -march in AArch64 GAS.
  * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a',
    'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS.
  * Add support for Intel AVX512_FP16 instructions.
  * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF
    linker to pack relative relocations in the DT_RELR section.
  * Add support for the LoongArch architecture.
  * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF
    linker to control canonical function pointers and copy relocation.
  * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE
    bytes.
- Add binutils-2.38-branch.diff.gz.
- Removed deletion of man pages as they should be properly packages
  in tarball.
- Rebased patches: aarch64-common-pagesize.patch, add-ulp-section.diff,
  binutils-bfd_h.patch, binutils-revert-nm-symversion.diff,
  binutils-revert-plt32-in-branches.diff, binutils-skip-rpaths.patch
  and binutils-compat-old-behaviour.diff.
- Enable PRU architecture for AM335x CPU (Beagle Bone Black board)
- use fdupes on datadir
- remove RPM_BUILD_ROOT usage and other cleanups
- Rebase binutils-2.37-branch.diff: fixes PR28494.
c-ares
- Update to version 1.19.0
  Security:
  * Low. Stack overflow in ares_set_sortlist() which is used
    during c-ares initialization and typically provided by an
    administrator and not an end user.
    (bsc#1208067, CVE-2022-4904)
  Changes:
  * Add ARES_OPT_HOSTS_FILE similar to ARES_OPT_RESOLVCONF for
    specifying a custom hosts file location.
  Bug fixes:
  * Fix memory leak in reading /etc/hosts when using localhost
    fallback.
  * Fix chain building c-ares when libresolv is already included by
    another project.
  * File lookup should not immediately abort as there may be other
    tries due to search criteria.
  * Asterisks should be allowed in host validation as CNAMEs may
    reference wildcard domains.
  * AutoTools build system referenced bad STDC_HEADERS macro.
  * Even if one address class returns a failure for
    ares_getaddrinfo() we should still return the results we have.
  * Fix ares_getaddrinfo() numerical address resolution with
    AF_UNSPEC
  * Fix tools and help information.
  * Various documentation fixes and cleanups.
  * Add include guards to ares_data.h
  * c-ares could try to exceed maximum number of iovec entries
    supported by system.
  * The RFC6761 6.3 states localhost subdomains must be offline too
- update to 1.18.1. Changes since 1.17.2:
  * Allow '/' as a valid character for a returned name for
    CNAME in-addr.arpa delegation
  * no longer forwards requests for localhost resolution per RFC6761
  * During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so
    that the search process will continue to the next domain
    in the search.
  * Provide ares_nameser.h as a public interface as needed by NodeJS
  * Add support for URI(Uniform Resource Identifier) records via
    ares_parse_uri_reply()
- disable unit tests for SLE12 since GCC compiler too old to build
  unit tests
- 5c995d5.patch: upstreamed
- disable-live-tests.patch: refreshed
- new upstream website
- drop multibuild - tests do not require static library anymore
- spec file cleanup
- drop sources that were re-added to upstream distibution
  (c-ares-config.cmake.in ares_dns.h libcares.pc.cmake)
- update to 1.17.2:
  Security:
  * When building c-ares with CMake, the RANDOM_FILE would not be set
    and therefore downgrade to the less secure random number generator
    it would cause a crash
  * Expand number of escaped characters in DNS replies as per
    RFC1035 5.1 to prevent spoofing follow-up
    (bsc#1188881, CVE-2021-3672)
  * Perform validation on hostnames to prevent possible XSS
    due to applications not performing valiation themselves
  Changes:
  * ares_malloc(0) is now defined behavior (returns NULL) rather than system-specific to catch edge cases
  Bug fixes:
  * Building tests should not force building of static libraries except on Windows
  * Relative headers must use double quotes to prevent pulling in a system library
  for details see,
  https://c-ares.haxx.se/changelog.html#1_17_2
- update to 1.17.1:
    Travis: add iOS target built with CMake (#378)
    Issue #377 suggested that CMake builds for iOS with c-ares were broken. This PR adds an automatic Travis build for iOS CMake.
  - fix build
    External projects were using non-public header ares_dns.h, make public again (#376)
    It appears some outside projects were relying on macros in ares_dns.h, even
    though it doesn't appear that header was ever meant to be public.  That said,
    we don't want to break external integrators so we should distribute this header
    again.
  - note that so versioning has moved to configure.ac
  - note about 1.17.1
  - fix sed gone wrong
    autotools cleanup (#372)
  * buildconf: remove custom logic with autoreconf
- remove missing_header.patch (upstream)
ca-certificates-mozilla
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
  Removed CAs:
  - Global Chambersign Root
  - EC-ACC
  - Network Solutions Certificate Authority
  - Staat der Nederlanden EV Root CA
  - SwissSign Platinum CA - G2
  Added CAs:
  - DIGITALSIGN GLOBAL ROOT ECDSA CA
  - DIGITALSIGN GLOBAL ROOT RSA CA
  - Security Communication ECC RootCA1
  - Security Communication RootCA3
  Changed trust:
  - TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle "/valid before nov 30 2022"/
  and it is not clear how many certs were issued for SSL middleware by TrustCor:
  - TrustCor RootCert CA-1
  - TrustCor RootCert CA-2
  - TrustCor ECA-1
  Patch: remove-trustcor.patch
catatonit
- Update to catatont v0.1.7
- This release adds the ability for catatonit to be used as the only
  process in a pause container, by passing the -P flag (in this mode no
  subprocess is spawned and thus no signal forwarding is done).
- Add 99bb9048f.patch: configure.ac: call AM_INIT_AUTOMAKE only
  once. Fix build with autocnf 2.71 / automake 1.16.5.
- Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to
  socket activation or features somewhat adjacent to socket activation (such as
  passing file descriptors).
- Update catatonit-rpmlintrc in order to cover that static binaries are now an
  error not a warning.
cloud-netconfig
- Update to version 1.7:
  + Overhaul policy routing setup (issue #19)
  + Support alias IPv4 ranges (issue #14)
  + Add support for NetworkManager (bsc#1204549)
  + Remove dependency on netconfig
  + Install into libexec directory
  + Clear stale ifcfg files for accelerated NICs (bsc#1199853)
  + More debug messages
  + Documentation update
- /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in
  Tumbleweed, update path (poo#116221)
cloud-regionsrv-client
- Update to version 10.0.8 (bsc#1206428)
  - Fix regression introduced by 10.0.7. When the hosts file was modified
    such that there is no empty line at the end of the file the content
    after removing the registration data does not match the content prior
    to registration. The update fixes the issue triggered by an index
    logic error.
- Guard dmidecode dependency (bsc#1206082)
- Update to version 10.0.7 (bsc#1191880, bsc#1195925, bsc#1195924)
  - Implement functionality to detect if an update server has a new cert.
    Import the new cert when it is detected.
  - Forward port fix-for-sles12-disable-ipv6.patch
- From 10.0.6 (bsc#1205089)
  - Credentials are equal when username and password are the same ignore
    other entries in the credentials file
  - Handle multiple zypper names in process table, zypper and Zypp-main
    to properly detect the running process
- Add patch to block IPv6 on SLE12 (bsc#1203382)
cobbler
- Fix improper authorization (bsc#1197027, CVE-2022-0860)
- Added:
  * fix-for-cve-2022-0860.diff
- Prevent error when starting up logrotate.service (bsc#1188191)
- Added:
  * patch_logrotate_service_condrestart.patch
containerd
- Update to containerd v1.6.12 to fix CVE-2022-23471 bsc#1206235. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.11>
- Update to containerd v1.6.11. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.11>
- Update to containerd v1.6.9 for Docker v20.10.21-ce. Also includes a fix for
  CVE-2022-27191. boo#1206065 bsc#1197284 Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.9>
- add devel subpackage, which is needed by open-vm-tools
curl
- Security Fix: [bsc#1206309, CVE-2022-43552]
  * HTTP Proxy deny use-after-free
  * Add curl-CVE-2022-43552.patch
dhcp
- bsc#1203988, CVE-2022-2928, dhcp-CVE-2022-2928.patch:
  An option refcount overflow exists in dhcpd
- bsc#1203989, CVE-2022-2929, dhcp-CVE-2022-2929.patch:
  DHCP memory leak
docker
- Backport <https://github.com/containerd/fifo/pull/32> to fix a crash-on-start
  issue with dockerd. bsc#1200022
  + 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
dracut
- Update to version 049.1+suse.247.gfb7df05c:
  * fix(systemd): add missing modprobe@.service (bsc#1203749)
  * fix(i18n): do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267)
  * fix(drm): consider also drm_dev_register when looking for gpu driver (bsc#1195618)
  * fix(integrity): do not display any error if there is no IMA certificate (bsc#1187654)
drools
- Deserialization of Untrusted Data: unsafe data deserialization
  in DroolsStreamUtils.java (bsc#1204879, CVE-2022-1415)
- Added:
  * drools-CVE-2022-1415.patch
expat
  * (CVE-2022-43680, bsc#1204708) use-after free caused by overeager
    destruction of a shared DTD in XML_ExternalEntityParserCreate in
    out-of-memory situations
  - Added patch expat-CVE-2022-43680.patch
- Security fix:
gnutls
- Security Fix: [bsc#1208143, CVE-2023-0361]
  * Bleichenbacher oracle in TLS RSA key exchange
  * Add gnutls-CVE-2023-0361.patch
- Validate input when calling fmemopen() [bsc#1204511]
  * Add gnutls-check-system_priority_buf-input.patch
graphite2
- fixed license string [bsc#1207676]:
  LGPL-2.1-or-later OR MPL-2.0 OR GPL-2.0-or-later
grub2
- Security fixes and hardenings
  * 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
  * 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
- Fix CVE-2022-2601 (bsc#1205178)
  * 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch
  * 0004-font-Remove-grub_font_dup_glyph.patch
  * 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch
  * 0006-font-Fix-integer-overflow-in-BMP-index.patch
  * 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch
  * 0008-fbutil-Fix-integer-overflow.patch
- Fix CVE-2022-3775 (bsc#1205182)
  * 0009-font-Fix-an-integer-underflow-in-blit_comb.patch
  * 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
  * 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
  * 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
- Bump upstream SBAT generation to 3
hwdata
- update to 0.365:
  + Updated pci, usb and vendor ids.
- update to 0.364:
  + Updated pci, usb and vendor ids.
- update to 0.363:
  + Updated pci, usb and vendor ids.
- update to 0.362:
  + Updated pci, usb and vendor ids.
- update to 0.361:
  + Updated pci, usb and vendor ids.
iputils
- Add fix for ICMP datagram socket ping6-Fix-device-binding.patch
  (bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927).
irqbalance
- Last changes log was wrong, this part has been added to SP4
  changes but were missing in SP2/SP3 and are added now (bsc#1208717):
  Fix segfault from previous update (bsc#1206668)
  A Fix-uninitialized-variable.patch
- Fix segfault from previous update (bsc#1206668)
- Fix version - Maintainer forgot to increase version to 1.4.0
  A fix_version_1_4_0
- Add mainline fixes (bnc#1204961):
  The first 2 patches are cleanup patches which should not have any
  functional change, but make life easier to backport the real fix.
  All patches are mainline:
  A    Update-classify.c.patch
  A    irqbalance-properly-check-if-irq-is-banned.patch
  A    remove-unused-path-in-check_for_irq_ban.patch
jackson-databind
- Update to 2.13.4.2
  * 2.13.4.2 (13-Oct-2022)
    + #3627: Gradle module metadata for '2.13.4.1' references
    non-existent jackson-bom '2.13.4.1' (instead of
    '2.13.4.20221012')
  * 2.13.4.1 (12-Oct-2022)
    + #3590: Add check in primitive value deserializers to avoid
    deep wrapper array nesting wrt 'UNWRAP_SINGLE_VALUE_ARRAYS'
    [bsc#1204370, CVE-2022-42003]
  * 2.13.4 (03-Sep-2022)
    + #3275: JDK 16 Illegal reflective access for
    'Throwable.setCause()' with
    'PropertyNamingStrategy.UPPER_CAMEL_CASE'
    + #3565: 'Arrays.asList()' value deserialization has changed
    from mutable to immutable in 2.13
    + #3582: Add check in 'BeanDeserializer._deserializeFromArray()'
    to prevent use of deeply nested arrays [bsc#1204369,
    CVE-2022-42004]
- Update to 2.13.3
  * 2.13.3 (14-May-2022)
    + #3412: Version 2.13.2 uses 'Method.getParameterCount()' which
    is not supported on Android before API 26
    + #3419: Improve performance of 'UnresolvedForwardReference' for
    forward reference resolution
    + #3446: 'java.lang.StringBuffer' cannot be deserialized
    + #3450: DeserializationProblemHandler is not working with
    wrapper type when returning null
  * 2.13.2.2 (28-Mar-2022)
    + No changes since 2.13.2.1 but fixed Gradle Module Metadata
    ("/module.json"/)
  * 2.13.2.1 (24-Mar-2022)
    + #2816: Optimize UntypedObjectDeserializer wrt recursion
    + #3412: Version 2.13.2 uses 'Method.getParameterCount()' which
    is not supported on Android before API 26
  * 2.13.2 (06-Mar-2022)
    + #3293: Use Method.getParameterCount() where possible
    + #3344: 'Set.of()' (Java 9) cannot be deserialized with
    polymorphic handling
    + #3368: 'SnakeCaseStrategy' causes unexpected
    'MismatchedInputException' during deserialization
    + #3369: Deserialization ignores other Object fields when Object
    or Array value used for enum
    + #3380: 'module-info.java' is in 'META-INF/versions/11' instead
    of 'META-INF/versions/9'
  * 2.13.1 (19-Dec-2021)
    + #3006: Argument type mismatch for 'enum' with '@JsonCreator'
    that takes String, gets JSON Number
    + #3299: Do not automatically trim trailing whitespace from
    'java.util.regex.Pattern' values
    + #3305: ObjectMapper serializes 'CharSequence' subtypes as POJO
    instead of as String (JDK 15+)
    + #3308: 'ObjectMapper.valueToTree()' fails when
    'DeserializationFeature.FAIL_ON_TRAILING_TOKENS' is enabled
    + #3328: Possible DoS if using JDK serialization to serialize
    JsonNode
java-11-openjdk
- Remove the accessibility sub-package, since it was never really
  working and creates another problems (bsc#1206549). It can
  eventually be built as standalone if needed
- Removed patches:
  * jaw-jdk10.patch
  * jaw-misc.patch
  * jaw-nogtk.patch
    + not needed after the removal of the accessibility sub-package
- Upgrade to upstream tag jdk-11.0.18+10 (January 2023 CPU)
  * CVEs
    + CVE-2023-21835, bsc#1207246
    + CVE-2023-21843, bsc#1207248
  * Security fixes
    + JDK-8286070: Improve UTF8 representation
    + JDK-8286496: Improve Thread labels
    + JDK-8287411: Enhance DTLS performance
    + JDK-8288516: Enhance font creation
    + JDK-8289350: Better media supports
    + JDK-8293554: Enhanced DH Key Exchanges
    + JDK-8293598: Enhance InetAddress address handling
    + JDK-8293717: Objective view of ObjectView
    + JDK-8293734: Improve BMP image handling
    + JDK-8293742: Better Banking of Sounds
    + JDK-8295687: Better BMP bounds
  * Other changes
    + JDK-4819544: SwingSet2 JTable Demo throws NullPointerException
    + JDK-6782021: It is not possible to read local computer
    certificates with the SunMSCAPI provider
    + JDK-6829250: Reg test:
    java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails
    in Windows
    + JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails
    + JDK-8022403: sun/java2d/DirectX/OnScreenRenderingResizeTest/
    /OnScreenRenderingResizeTest.java fails
    + JDK-8028998: [TEST_BUG] [macosx] java/awt/dnd/
    /DropTargetEnterExitTest/MissedDragExitTest.java failed
    + JDK-8029633: Raw inner class constructor ref should not
    perform diamond inference
    + JDK-8030121: java/awt/dnd/MissingDragExitEventTest/
    /MissingDragExitEventTest.java fails
    + JDK-8079267: [TEST_BUG] Test java/awt/Frame/MiscUndecorated/
    /RepaintTest.java fails
    + JDK-8129827: [TEST_BUG] Test java/awt/Robot/RobotWheelTest/
    /RobotWheelTest.java fails
    + JDK-8159599: [TEST_BUG] java/awt/Modal/
    /ModalInternalFrameTest/ModalInternalFrameTest.java
    + JDK-8169187: [macosx] Aqua: java/awt/image/multiresolution/
    /MultiresolutionIconTest.java
    + JDK-8172269: When checking the default behaviour for a scroll
    tab layout and checking the 'opaque' checkbox, the area behind
    tabs is not red.
    + JDK-8178698: javax/sound/midi/Sequencer/MetaCallback.java
    failed with timeout
    + JDK-8193942: Regression automated test '/open/test/jdk/javax/
    /swing/JFrame/8175301/ScaledFrameBackgroundTest.java' fails
    + JDK-8194126: Regression automated Test '/open/test/jdk/javax/
    /swing/JColorChooser/Test7194184.java' fails
    + JDK-8198343: Test java/awt/print/PrinterJob/
    /TestPgfmtSetMPA.java may fail w/o printer
    + JDK-8199290: [TESTBUG]
    sun.hotspot.WhiteBox$WhiteBoxPermission is not copied
    + JDK-8202836: [macosx] test
    java/awt/Graphics/TextAAHintsTest.java fails
    + JDK-8206125: [windows] cannot pass relative path to
  - -with-boot-jdk
    + JDK-8210047: some pages contain content outside of landmark
    region
    + JDK-8211002: test/jdk/java/lang/Math/PowTests.java skips
    testing for non-corner-case values
    + JDK-8212096: javax/net/ssl/ServerName/
    /SSLEngineExplorerMatchedSNI.java failed intermittently due
    to SSLException: Tag mismatch
    + JDK-8213239: Configure cannot handle command overrides with
    arguments
    + JDK-8215571: jdb does not include jdk.* in the default class
    filter
    + JDK-8217032: Check pandoc capabilities in configure
    + JDK-8222091: Javadoc does not handle package annotations
    correctly on package-info.java
    + JDK-8222251: preflow visitor is not visiting lambda
    expressions
    + JDK-8226236: win32: gc/metaspace/
    /TestCapacityUntilGCWrapAround.java fails
    + JDK-8227179: Test for new gc+metaspace=info output format
    + JDK-8227651: Tests fail with SSLProtocolException: Input
    record too big
    + JDK-8228672: [TESTBUG] gc/metaspace/TestSizeTransitions.java
    fails on 32-bit platforms
    + JDK-8233557: [TESTBUG] DoubleClickTitleBarTest.java fails on
    macOs
    + JDK-8233558: [TESTBUG] WindowOwnedByEmbeddedFrameTest.java
    fails on macos
    + JDK-8233565: [TESTBUG] NullModalityDialogTest.java fails on
    MacOS
    + JDK-8233648: [TESTBUG] DefaultMenuBarTest.java failing on
    macos
    + JDK-8239708: Split basics.m4 into basic.m4 and util.m4
    + JDK-8240281: Remove failing assertion code when selecting
    first memory state in SuperWord::co_locate_pack
    + JDK-8242468: VS2019 build missing vcruntime140_1.dll
    + JDK-8243565: some gc tests use 'test.java.opts' and not
    'test.vm.opts'
    + JDK-8243568: serviceability/logging/TestLogRotation.java uses
    'test.java.opts' and not 'test.vm.opts'
    + JDK-8244010: Simplify usages of
    ProcessTools.createJavaProcessBuilder in our tests
    + JDK-8244557: test/jdk/javax/swing/JTabbedPane/
    /TestBackgroundScrollPolicy.java failed
    + JDK-8247676: vcruntime140_1.dll is not needed on 32-bit
    Windows
    + JDK-8249694: java/lang/StringBuffer/HugeCapacity.java and
    j/l/StringBuilder/HugeCapacity.java tests shouldn't be
    @ignore-d
    + JDK-8253877: gc/g1/TestGCLogMessages.java fails - missing
    "/Evacuation failure"/ message
    + JDK-8254874: ZGC: JNIHandleBlock verification failure in
    stack watermark processing
    + JDK-8254976: Re-enable swing jtreg tests which were broken
    due to samevm mode
    + JDK-8255439: System Tray icons get corrupted when Windows
    scaling changes
    + JDK-8256109: Create implementation for NSAccessibilityButton
    protocol
    + JDK-8257679: Improved unix compatibility layer in Windows
    build (winenv)
    + JDK-8257722: Improve "/keytool -printcert -jarfile"/ output
    + JDK-8258005: JDK build fails with incorrect fixpath script
    + JDK-8259485: Document need for short paths when building on
    Windows
    + JDK-8260272: bash configure --prefix does not work after
    JDK-8257679
    + JDK-8261336: IGV: enhance default filters
    + JDK-8261445: Use memory_order_relaxed for os::random().
    + JDK-8261758: [TESTBUG] gc/g1/TestGCLogMessages.java fails if
    ergonomics detect too small InitialHeapSize
    + JDK-8263326: Remove ReceiverTypeData check from
    serviceability/sa/TestPrintMdo.java
    + JDK-8263871: On sem_destroy() failing we should assert
    + JDK-8264593: debug.cpp utilities should be available in
    product builds.
    + JDK-8264666: Change implementation of safeAdd/safeMult in the
    LCMSImageLayout class
    + JDK-8266082: AssertionError in Annotate.fromAnnotations with
  - Xdoclint
    + JDK-8266967: debug.cpp utility find() should print Java
    Object fields.
    + JDK-8268361: Fix the infinite loop in next_line
    + JDK-8268860: Windows-Aarch64 build is failing in GitHub
    actions
    + JDK-8268893: jcmd to trim the glibc heap
    + JDK-8269029: compiler/codegen/TestCharVect2.java fails for
    client VMs
    + JDK-8269873: serviceability/sa/Clhsdb tests are using a C2
    specific VMStruct field
    + JDK-8272123: Problem list 4 jtreg tests which regularly fail
    on macos-aarch64
    + JDK-8273236: keytool does not accurately warn about
    algorithms that are disabled but have additional constraints
    + JDK-8273553: sun.security.ssl.SSLEngineImpl.closeInbound also
    has similar error of JDK-8253368
    + JDK-8273578: javax/swing/JMenu/4515762/bug4515762.java fails
    on macOS 12
    + JDK-8273685: Remove jtreg tag manual=yesno for
    java/awt/Graphics/LCDTextAndGraphicsState.java & show test
    instruction
    + JDK-8274029: Remove jtreg tag manual=yesno for  java/awt/
    /print/Dialog/DialogOrient.java
    + JDK-8274032: Remove jtreg tag manual=yesno for java/awt/print/
    /PrinterJob/ImagePrinting/ImageTypes.java & show test UI
    + JDK-8274296: Update or Problem List tests which may fail with
    uiScale=2 on macOS
    + JDK-8274456: Remove jtreg tag manual=yesno
    java/awt/print/PrinterJob/PageDialogTest.java
    + JDK-8274563: jfr/event/oldobject/TestClassLoaderLeak.java
    fails when GC cycles are not happening
    + JDK-8274597: Some of the dnd tests time out and fail
    intermittently
    + JDK-8275170: Some jtreg sound tests should be marked with
    sound keyword
    + JDK-8275535: Retrying a failed authentication on multiple
    LDAP servers can lead to users blocked
    + JDK-8276841: Add support for Visual Studio 2022
    + JDK-8277159: Fix java/nio/file/FileStore/Basic.java test by
    ignoring /run/user/* mount points
    + JDK-8277497: Last column cell in the JTable row is read as
    empty cell
    + JDK-8277881: Missing SessionID in TLS1.3 resumption in
    compatibility mode
    + JDK-8277970: Test jdk/sun/security/ssl/SSLSessionImpl/
    /NoInvalidateSocketException.java fails with "/tag mismatch"/
    + JDK-8279066: entries.remove(entry) is useless in
    PKCS12KeyStore
    + JDK-8279695: [TESTBUG] modify compiler/loopopts/
    /TestSkeletonPredicateNegation.java to run on C1 also
    + JDK-8280158: New test from JDK-8274736 failed with/without
    patch in JDK11u
    + JDK-8280550: SplittableRandom#nextDouble(double,double) can
    return result >= bound
    + JDK-8280863: Update build README to reflect that MSYS2 is
    supported
    + JDK-8280890: Cannot use '-Djava.system.class.loader' with
    class loader in signed JAR
    + JDK-8280948: Write a regression test for JDK-4659800
    + JDK-8280950: RandomGenerator:NextDouble() default behavior
    non conformant after JDK-8280550 fix
    + JDK-8281183: RandomGenerator:NextDouble() default behavior
    partially fixed by JDK-8280950
    + JDK-8281296: Create a regression test for JDK-4515999
    + JDK-8281297: TestStressG1Humongous fails with
    guarantee(is_range_uncommitted)
    + JDK-8282046: Create a regression test for JDK-8000326
    + JDK-8282276: Problem list failing two Robot Screen Capture
    tests
    + JDK-8282306: os::is_first_C_frame(frame*) crashes on invalid
    link access
    + JDK-8282345: handle latest VS2022 in abstract_vm_version
    + JDK-8282402: Create a regression test for JDK-4666101
    + JDK-8282640: Create a test for JDK-4740761
    + JDK-8282642: vmTestbase/gc/gctests/LoadUnloadGC2/
    /LoadUnloadGC2.java fails intermittently with exit code 1
    + JDK-8282730: LdapLoginModule throw NPE from logout method
    after login failure
    + JDK-8282777: Create a Regression test for JDK-4515031
    + JDK-8282778: Create a regression test for JDK-4699544
    + JDK-8282857: Create a regression test for JDK-4702690
    + JDK-8282936: Write a regression test for JDK-4615365
    + JDK-8282937: Write a regression test for JDK-4820080
    + JDK-8283199: Linux os::cpu_microcode_revision() stalls cold
    startup
    + JDK-8283422: Create a new test for JDK-8254790
    + JDK-8284294: Create an automated regression test for RFE
    4138746
    + JDK-8284358: Unreachable loop is not removed from C2 IR,
    leading to a broken graph
    + JDK-8284521: Write an automated regression test for RFE
    4371575
    + JDK-8284690: [macos] VoiceOver : Getting
    java.lang.IllegalArgumentException: Invalid location on
    Editable JComboBox
    + JDK-8284732: FFI_GO_CLOSURES macro not defined but required
    for zero build on Mac OS X
    + JDK-8284752: Zero does not build on Mac OS X due to missing
    os::current_thread_enable_wx implementation
    + JDK-8284771: java/util/zip/CloseInflaterDeflaterTest.java
    failed with "/AssertionError: Expected IOException to be
    thrown, but nothing was thrown"/
    + JDK-8284884: Replace polling with waiting in
    javax/swing/text/html/parser/Parser/8078268/bug8078268.java
    + JDK-8284977: MetricsTesterCgroupV2.getLongValueEntryFromFile
    fails when named value doesn't exist
    + JDK-8285305: Create an automated test for JDK-4495286
    + JDK-8285373: Create an automated test for JDK-4702233
    + JDK-8285604: closed sun/java2d/GdiRendering/
    /ClipShapeRendering.java failed with "/Incorrect color ffeeeeee
    instead of ff0000ff in pixel (100, 100)"/
    + JDK-8285617: Fix java/awt/print/PrinterJob/ImagePrinting/
    /PrintARGBImage.java manual test
    + JDK-8285698: Create a test to check the focus stealing of
    JPopupMenu from JComboBox
    + JDK-8285794: AsyncGetCallTrace might acquire a lock via
    JavaThread::thread_from_jni_environment
    + JDK-8285836: sun/net/www/http/KeepAliveCache/
    /KeepAliveProperty.java failed with "/RuntimeException: Failed
    in server"/
    + JDK-8285921: serviceability/dcmd/jvmti/AttachFailed/
    /AttachReturnError.java fails on Alpine
    + JDK-8286624: Regression Test CoordinateTruncationBug.java
    fails on OL8.3
    + JDK-8286663: Resolve IDE warnings in WTrayIconPeer and
    SystemTray
    + JDK-8286772: java/awt/dnd/DropTargetInInternalFrameTest/
    /DropTargetInInternalFrameTest.html times out and fails in
    Windows
    + JDK-8286872: Refactor add/modify notification icon (TrayIcon)
    + JDK-8287076: Document.normalizeDocument() produces different
    results
    + JDK-8287091: aarch64 : guarantee(val < (1ULL << nbits))
    failed: Field too big for insn
    + JDK-8287425: Remove unnecessary register push for
    MacroAssembler::check_klass_subtype_slow_path
    + JDK-8287609: macOS: SIGSEGV at [CoreFoundation]
    CFArrayGetCount / sun.font.CFont.getTableBytesNative
    + JDK-8287724: Fix various issues with msys2
    + JDK-8287826: javax/accessibility/4702233/
    /AccessiblePropertiesTest.java fails to compile
    + JDK-8287895: Some langtools tests fail on msys2
    + JDK-8287896: PropertiesTest.sh fail on msys2
    + JDK-8287902: UnreadableRB case in MissingResourceCauseTest is
    not working reliably on Windows
    + JDK-8287917: System.loadLibrary does not work on Big Sur if
    JDK is built with macOS SDK 10.15 and earlier
    + JDK-8288132: Update test artifacts in QuoVadis CA interop
    tests
    + JDK-8288302: Shenandoah: SIGSEGV in vm maybe related to jit
    compiling xerces
    + JDK-8288377: [REDO] DST not applying properly with zone id
    offset set with TZ env variable
    + JDK-8288445: AArch64: C2 compilation fails with
    guarantee(!true || (true && (shift != 0))) failed: impossible
    encoding
    + JDK-8288599: com/sun/management/OperatingSystemMXBean/
    /TestTotalSwap.java: Expected total swap size ... but
    getTotalSwapSpaceSize returned ...
    + JDK-8288985: P11TlsKeyMaterialGenerator should work with
    ChaCha20-Poly1305
    + JDK-8289043: C2: Vector constant materialization attempt
    + JDK-8289146: containers/docker/TestMemoryWithCgroupV1.java
    fails on linux ppc64le machine with missing Memory and Swap
    Limit output
    + JDK-8290207: Missing notice in dom.md
    + JDK-8290209: jcup.md missing additional text
    + JDK-8290451: Incorrect result when switching to C2 OSR
    compilation from C1
    + JDK-8290529: C2: assert(BoolTest(btest).is_canonical())
    failure
    + JDK-8290705: StringConcat::validate_mem_flow asserts with
    "/unexpected user: StoreI"/
    + JDK-8290711: assert(false) failed: infinite loop in
    PhaseIterGVN::optimize
    + JDK-8290781: Segfault at
    PhaseIdealLoop::clone_loop_handle_data_uses
    + JDK-8291459: JVM crash with GenerateOopMap::error_work(char
    const*, __va_list_tag*)
    + JDK-8291461: assert(false) failed: bad AD file
    + JDK-8292083: Detected container memory limit may exceed
    physical machine memory
    + JDK-8292158: AES-CTR cipher state corruption with AVX-512
    + JDK-8292541: [Metrics] Reported memory limit may exceed
    physical machine memory
    + JDK-8292682: Code change of JDK-8282730 not updated to
    reflect CSR update
    + JDK-8292778: EncodingSupport_md.c convertUtf8ToPlatformString
    wrong placing of free
    + JDK-8292866:
    Java_sun_awt_shell_Win32ShellFolder2_getLinkLocation check
    MultiByteToWideChar return value for failures
    + JDK-8292887: Bump update version for OpenJDK: jdk-11.0.18
    + JDK-8292899: CustomTzIDCheckDST.java testcase failed on AIX
    platform
    + JDK-8293044: C1: Missing access check on non-accessible class
    + JDK-8293472: Incorrect container resource limit detection if
    manual cgroup fs mounts present
    + JDK-8293540: [Metrics] Incorrectly detected resource limits
    with additional cgroup fs mounts
    + JDK-8293578: Duplicate ldc generated by javac
    + JDK-8293672: Update freetype md file
    + JDK-8293816: CI: ciBytecodeStream::get_klass() is not
    consistent
    + JDK-8293826: Closed test fails after JDK-8276108 on aarch64
    + JDK-8293828: JFR: jfr/event/oldobject/TestClassLoaderLeak.java
    still fails when GC cycles are not happening
    + JDK-8293834: Update CLDR data following tzdata 2022c update
    + JDK-8293998: [PPC64] JfrGetCallTrace: assert(_pc != nullptr)
    failed: must have PC
    + JDK-8294138: [11u] Revert change from JDK-8210962 in basic.m4
    + JDK-8294307: ISO 4217 Amendment 173 Update
    + JDK-8294357: (tz) Update Timezone Data to 2022d
    + JDK-8294578: [PPC64] C2: Missing is_oop information when
    using disjoint compressed oops mode
    + JDK-8294740: Add cgroups keyword to TestDockerBasic.java
    + JDK-8295173: (tz) Update Timezone Data to 2022e
    + JDK-8295288: Some vm_flags tests associate with a wrong BugID
    + JDK-8295322: Tests for JDK-8271459 were not backported to 11u
    + JDK-8295429: Update harfbuzz md file
    + JDK-8295469: S390X: Optimized builds are broken
    + JDK-8295554: Move the "/sizecalc.h"/ to the correct location
    + JDK-8295641: Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev
    + JDK-8295714: GHA ::set-output is deprecated and will be
    removed
    + JDK-8295723: security/infra/wycheproof/RunWycheproof.java
    fails with Assertion Error
    + JDK-8295872: [PPC64] JfrGetCallTrace: Need pc == nullptr
    check before frame constructor
    + JDK-8295952: Problemlist existing compiler/rtm tests also on
    x86
    + JDK-8296108: (tz) Update Timezone Data to 2022f
    + JDK-8296239: ISO 4217 Amendment 174 Update
    + JDK-8296480: java/security/cert/pkix/policyChanges/
    /TestPolicy.java is failing
    + JDK-8296485: BuildEEBasicConstraints.java test fails with
    SunCertPathBuilderException
    + JDK-8296496: Overzealous check in sizecalc.h prevents large
    memory allocation
    + JDK-8296632: Write a test to verify the content change of
    TextArea sends TextEvent
    + JDK-8296652: Restore windows aarch64 fixpath patch that was
    removed in 8239708
    + JDK-8296715: CLDR v42 update for tzdata 2022f
    + JDK-8296957: One more cast in SAFE_SIZE_NEW_ARRAY2
    + JDK-8297147: UnexpectedSourceImageSize test times out on slow
    machines when fastdebug is used
    + JDK-8297153: sun/java2d/DirectX/OnScreenRenderingResizeTest/
    /OnScreenRenderingResizeTest.java fails again
    + JDK-8297241: Update sun/java2d/DirectX/
    /OnScreenRenderingResizeTest/OnScreenRenderingResizeTest.java
    + JDK-8297481: Create a regression test for JDK-4424517
    + JDK-8297656: AArch64: Enable AES/GCM Intrinsics
    + JDK-8297804: (tz) Update Timezone Data to 2022g
    + JDK-8298737: 8296772 backport to jdk11u caused build error on
    sparc
    + JDK-8299393: [11u] Remove designator
    DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.18
    + JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java
    fails for hr_HR
    + JDK-8299483: ProblemList java/text/Format/NumberFormat/
    /CurrencyFormat.java
    + JDK-8299616: [11u] Bootcycle build fails after JDK-8257679
    backport
- Fix jconsole.desktop icon
- Update to upstream tag jdk-11.0.17+8 (October 2022 CPU)
  * Security fixes:
    + JDK-8289366, bsc#1204480, CVE-2022-39399: Improve HTTP/2
    client usage
    + JDK-8288508: Enhance ECDSA usage
    + JDK-8286918, bsc#1204472, CVE-2022-21628: Better HttpServer
    service
    + JDK-8287446, bsc#1204475, CVE-2022-21624: Enhance icon
    presentations
    + JDK-8286910: Improve JNDI lookups
    + JDK-8286511: Improve macro allocation
    + JDK-8286526, bsc#1204473, CVE-2022-21619: Improve NTLM support
    + JDK-8286533, bsc#1204471, CVE-2022-21626: Key X509 usages
    + JDK-8286077, bsc#1204468, CVE-2022-21618: Wider MultiByte
    conversions
    + JDK-8286519: Better memory handling
    + JDK-8285662: Better permission resolution
    + JDK-8282252: Improve BigInteger/Decimal validation
    + JDK-8289853: Update HarfBuzz to 4.4.1
    + JDK-8290334: Update FreeType to 2.12.1
    + JDK-8293429: [11u] minor update in attribute style
  * Other fixes:
    + JDK-6606767: resexhausted00[34] fail
    assert(!thread->owns_locks(), "/must release all locks when
    leaving VM"/)
    + JDK-6854300: [TEST_BUG] java/awt/event/MouseEvent/
    /SpuriousExitEnter/SpuriousExitEnter_3.java fails in jdk6u14
    & jdk7
    + JDK-7131823: bug in GIFImageReader
    + JDK-8017175: [TESTBUG] javax/swing/JPopupMenu/4634626/
    /bug4634626.java sometimes failed on mac
    + JDK-8028265: Add legacy tz tests to OpenJDK
    + JDK-8069343: Improve gc/g1/TestHumongousCodeCacheRoots.java
    to use jtreg @requires
    + JDK-8139348: Deprecate 3DES and RC4 in Kerberos
    + JDK-8159694: HiDPI, Unity,
    java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java
    + JDK-8164804: sun/security/ssl/SSLSocketImpl/CloseSocket.java
    makes not reliable time assumption
    + JDK-8169468: NoResizeEventOnDMChangeTest.java fails because
    FS Window didn't receive all resizes!
    + JDK-8172065: javax/swing/JTree/4908142/bug4908142.java The
    selected index should be "/aad"/
    + JDK-8183372: Refactor java/lang/Class shell tests to java
    + JDK-8186143: keytool -ext option doesn't accept wildcards for
    DNS subject alternative names
    + JDK-8193462: Fix Filer handling of package-info initial
    elements
    + JDK-8203277: preflow visitor used during lambda attribution
    shouldn't visit class definitions inside the lambda body
    + JDK-8208471: nsk/jdb/unwatch/unwatch002/unwatch002.java fails
    with "/Prompt is not received during 300200 milliseconds"/
    + JDK-8209052: Low contrast in docs/api/constant-values.html
    + JDK-8209736: runtime/RedefineTests/ModifyAnonymous.java fails
    with NullPointerException when running in CDS mode
    + JDK-8210107: vmTestbase/nsk/stress/network tests fail with
    Cannot assign requested address (Bind failed)
    + JDK-8210722: JAXP Tests: CatalogSupport2 and CatalogSupport3
    generate incorrect messages upon failure
    + JDK-8210960: Allow --with-boot-jdk-jvmargs to work during
    configure
    + JDK-8212904: JTextArea line wrapping incorrect when using UI
    scale
    + JDK-8213695: gc/TestAllocateHeapAtMultiple.java is slow in
    some configs
    + JDK-8214078: (fs) SecureDirectoryStream not supported on arm32
    + JDK-8214427: probable bug in logic of
    ConcurrentHashMap.addCount()
    + JDK-8215291: Broken links when generating from project
    without modules
    + JDK-8217170: gc/arguments/TestUseCompressedOopsErgo.java
    timed out
    + JDK-8217332: JTREG: Clean up, use generics instead of raw
    types
    + JDK-8218128: vmTestbase/nsk/jvmti/ResourceExhausted/
    /resexhausted003 and 004 use wrong path to test classes
    + JDK-8218413: make reconfigure ignores configure-time AUTOCONF
    environment variable
    + JDK-8219074: [TESTBUG] runtime/containers/docker/
    /TestCPUAwareness.java typo of printing parameters (period
    should be shares)
    + JDK-8219149: ProcessTools.ProcessBuilder should print timing
    info for subprocesses
    + JDK-8220744: [TESTBUG] Move RedefineTests from runtime to
    serviceability
    + JDK-8221871: javadoc should not set role=region on <section>
    elements
    + JDK-8221907: make reconfigure breaks when configured with
    relative paths
    + JDK-8223543: [TESTBUG] Regression test java/awt/Graphics2D/
    /DrawString/LCDTextSrcEa.java has issues
    + JDK-8223575: add subspace transitions to gc+metaspace=info
    log lines
    + JDK-8225122: Test AncestorResized.java fails when Windows
    desktop is scaled.
    + JDK-8226976: SessionTimeOutTests uses == operator for String
    value check
    + JDK-8230708: Hotspot fails to build on linux-sparc with gcc-9
    + JDK-8233712: Limit default tests jobs based on ulimit -u
    setting
    + JDK-8235870: C2 crashes in
    IdealLoopTree::est_loop_flow_merge_sz()
    + JDK-8236490: Compiler bug relating to @NonNull annotation
    + JDK-8236823: Ensure that API documentation uses minified
    libraries
    + JDK-8238203: Return value of GetUserDefaultUILanguage()
    should be handled as LANGID
    + JDK-8238268: Many SA tests are not running on OSX because
    they do not attempt to use sudo when available
    + JDK-8238196: tests that use SA Attach should not be allowed
    to run against signed binaries on Mac OS X 10.14.5 and later
    + JDK-8238586: [TESTBUG] vmTestbase/jit/tiered/Test.java failed
    when TieredCompilation is disabled
    + JDK-8239265: JFR: Test cleanup of jdk.jfr.api.consumer package
    + JDK-8239379: ProblemList
    serviceability/sa/sadebugd/DebugdConnectTest.java on OSX
    + JDK-8271512: ProblemList serviceability/sa/sadebugd/
    /DebugdConnectTest.java due to 8270326
    + JDK-8239423: jdk/jfr/jvm/TestJFRIntrinsic.java failed with
  - XX:-TieredCompilation
    + JDK-8239902: [macos] Remove direct usage of JSlider,
    JProgressBar classes in CAccessible class
    + JDK-8240903: Add test to check that jmod hashes are
    reproducible
    + JDK-8242188: error in jtreg test jdk/jfr/api/consumer/
    /TestRecordedFrame.java on linux-aarch64
    + JDK-8247546: Pattern matching does not skip correctly over
    supplementary characters
    + JDK-8247907: XMLDsig logging does not work
    + JDK-8247964: All log0() in
    com/sun/org/slf4j/internal/Logger.java should be private
    + JDK-8249623: test @ignore-d due to 7013634 should be returned
    back to execution
    + JDK-8251152: ARM32: jtreg c2 Test8202414 test crash
    + JDK-8251551: Use .md filename extension for README
    + JDK-8252145: Unify Info.plist files with correct version
    strings
    + JDK-8253829: Wrong length compared in SSPI bridge
    + JDK-8253916: ResourceExhausted/resexhausted001 crashes on
    Linux-x64
    + JDK-8254178: Remove .hgignore
    + JDK-8254318: Remove .hgtags
    + JDK-8255724: [XRender] the BlitRotateClippedArea test fails
    on Linux in the XR pipeline
    + JDK-8255729: com.sun.tools.javac.processing.JavacFiler
    .FilerOutputStream  is inefficient
    + JDK-8257623: vmTestbase/nsk/jvmti/ResourceExhausted/
    /resexhausted001/TestDescription.java shouldn't use timeout
    + JDK-8258946: Fix optimization-unstable code involving signed
    integer overflow
    + JDK-8261160: Add a deserialization JFR event
    + JDK-8262085: Hovering Metal HTML Tooltips in different
    windows cause IllegalArgExc on Linux
    + JDK-8264400: (fs) WindowsFileStore equality depends on how
    the FileStore was constructed
    + JDK-8264792: The NumberFormat for locale sq_XK formats price
    incorrectly.
    + JDK-8265100: (fs) WindowsFileStore.hashCode() should read
    cached hash code once
    + JDK-8265531: doc/building.md should mention homebrew install
    freetype
    + JDK-8266250: WebSocketTest and WebSocketProxyTest call
    assertEquals(List<byte[]>, List<byte[]>)
    + JDK-8266254: Update to use jtreg 6 8265020: tests must be
    updated for new TestNG module name
    + JDK-8266460: java.io tests fail on null stream with upgraded
    jtreg/TestNG
    + JDK-8266461: tools/jmod/hashes/HashesTest.java fails: static
    @Test methods 8267180: Typo in copyright header  for
    HashesTest
    + JDK-8266490: Extend the OSContainer API to support the pids
    controller of cgroups
    + JDK-8266675: Optimize IntHashTable for encapsulation and ease
    of use
    + JDK-8266774: System property values for stdout/err on Windows
    UTF-8
    + JDK-8266881: Enable debug log for
    SSLEngineExplorerMatchedSNI.java
    + JDK-8267271: Fix gc/arguments/TestNewRatioFlag.java
    expectedNewSize calculation
    + JDK-8267880: Upgrade the default PKCS12 MAC algorithm
    + JDK-8268185: Update GitHub Actions for jtreg 6
    + JDK-8269039: Disable SHA-1 Signed JARs
    + JDK-8269517: compiler/loopopts/
    /TestPartialPeelingSinkNodes.java crashes with
  - XX:+VerifyGraphEdges
    + JDK-8270090: C2: LCM may prioritize CheckCastPP nodes over
    projections
    + JDK-8270312: Error: Not a test or directory containing tests:
    java/awt/print/PrinterJob/XparColor.java
    + JDK-8271010: vmTestbase/gc/lock/malloc/malloclock04/
    /TestDescription.java crashes intermittently
    + JDK-8271078: jdk/incubator/vector/Float128VectorTests.java
    failed a subtest
    + JDK-8272352: Java launcher can not parse Chinese character
    when system locale is set to UTF-8
    + JDK-8272398: Update DockerTestUtils.buildJdkDockerImage()
    + JDK-8273526: Extend the OSContainer API  pids controller with
    pids.current
    + JDK-8274506: TestPids.java and TestPidsLimit.java fail with
    podman run as root
    + JDK-8274517: java/util/DoubleStreamSums/CompensatedSums.java
    fails with expected [true] but found [false]
    + JDK-8274687: JDWP deadlocks if some Java thread reaches wait
    in blockOnDebuggerSuspend
    + JDK-8275008: gtest build failure due to stringop-overflow
    warning with gcc11
    + JDK-8275689: [TESTBUG] Use color tolerance only for XRender
    in BlitRotateClippedArea test
    + JDK-8275887: jarsigner prints invalid digest/signature
    algorithm warnings if keysize is weak/disabled
    + JDK-8277893: Arraycopy stress tests
    + JDK-8278067: Make HttpURLConnection default keep alive
    timeout configurable
    + JDK-8278344: sun/security/pkcs12/
    /KeytoolOpensslInteropTest.java test fails because of
    different openssl output
    + JDK-8278519: serviceability/jvmti/FieldAccessWatch/
    /FieldAccessWatch.java failed "/assert(handle != __null)
    failed: JNI handle should not be null"/
    + JDK-8279032: compiler/loopopts/
    /TestSkeletonPredicateNegation.java times out with
  - XX:TieredStopAtLevel < 4
    + JDK-8279385: [test]  Adjust sun/security/pkcs12/
    /KeytoolOpensslInteropTest.java after 8278344
    + JDK-8279622: C2: miscompilation of map pattern as a vector
    reduction
    + JDK-8280913: Create a regression test for
    JRootPane.setDefaultButton() method
    + JDK-8281181: Do not use CPU Shares to compute active
    processor count
    + JDK-8281535: Create a regression test for JDK-4670051
    + JDK-8281569: Create tests for Frame.setMinimumSize() method
    + JDK-8281628: KeyAgreement : generateSecret intermittently not
    resetting
    + JDK-8281738: Create a regression test for checking the
    'Space' key activation of focused Button
    + JDK-8281745: Create a regression test for JDK-4514331
    + JDK-8281988: Create a regression test for JDK-4618767
    + JDK-8282214: Upgrade JQuery to version 3.6.0
    + JDK-8282234: Create a regression test for JDK-4532513
    + JDK-8282280: Update Xerces to Version 2.12.2
    + JDK-8282343: Create a regression test for JDK-4518432
    + JDK-8282538: PKCS11 tests fail on CentOS Stream 9
    + JDK-8282548: Create a regression test for JDK-4330998
    + JDK-8282555: Missing memory edge when spilling MoveF2I,
    MoveD2L etc
    + JDK-8282789: Create a regression test for the JTree usecase
    of JDK-4618767
    + JDK-8282860: Write a regression test for JDK-4164779
    + JDK-8282933: Create a test for JDK-4529616
    + JDK-8282947: JFR: Dump on shutdown live-locks in some
    conditions
    + JDK-8283015: Create a test for JDK-4715496
    + JDK-8283017: GHA: Workflows break with update release versions
    + JDK-8283087: Create a test or JDK-4715503
    + JDK-8283245: Create a test for JDK-4670319
    + JDK-8283277: ISO 4217 Amendment 171 Update
    + JDK-8283441: C2: segmentation fault in
    ciMethodBlocks::make_block_at(int)
    + JDK-8283493: Create an automated regression test for RFE
    4231298
    + JDK-8283507: Create a regression test for RFE 4287690
    + JDK-8283621: Write a regression test for CCC4400728
    + JDK-8283623: Create an automated regression test for
    JDK-4525475
    + JDK-8283624: Create an automated regression test for
    RFE-4390885
    + JDK-8283803: Remove jtreg tag manual=yesno for
    java/awt/print/PrinterJob/PrintGlyphVectorTest.java and fix
    test
    + JDK-8284898: Enhance PassFailJFrame
    + JDK-8283849: AsyncGetCallTrace may crash JVM on guarantee
    + JDK-8283903: GetContainerCpuLoad does not return the correct
    result in share mode
    + JDK-8284077: Create an automated test for JDK-4170173
    + JDK-8284367: JQuery UI upgrade from 1.12.1 to 1.13.1
    + JDK-8284535: Fix PrintLatinCJKTest.java test that is failing
    with Parse Exception
    + JDK-8283712: Create a manual test framework class
    + JDK-8284680: sun.font.FontConfigManager.getFontConfig() leaks
    charset
    + JDK-8284694: Avoid evaluating SSLAlgorithmConstraints twice
    + JDK-8284754: print more interesting env variables in hs_err
    and VM.info
    + JDK-8284758: [linux] improve print_container_info
    + JDK-8284882: SIGSEGV in Node::verify_edges due to compilation
    bailout
    + JDK-8284944: assert(cnt++ < 40) failed: infinite cycle in
    loop optimization
    + JDK-8284950: CgroupV1 detection code should consider
    memory.swappiness
    + JDK-8284956: Potential leak awtImageData/color_data when
    initializes X11GraphicsEnvironment
    + JDK-8285081: Improve XPath operators count accuracy
    + JDK-8285097: Duplicate XML keys in XPATHErrorResources.java
    and XSLTErrorResources.java
    + JDK-8285380: Fix typos in security
    + JDK-8285398: Cache the results of constraint checks
    + JDK-8285693: Create an automated test for JDK-4702199
    + JDK-8285696: AlgorithmConstraints:permits not throwing
    IllegalArgumentException when 'alg'  is null
    + JDK-8285728: Alpine Linux build fails with busybox tar
    + JDK-8285820: C2: LCM prioritizes locally dependent CreateEx
    nodes over projections after 8270090
    + JDK-8286114: [test] show real exception in bomb call in
    sun/rmi/runtime/Log/checkLogging/CheckLogging.java
    + JDK-8286177: C2: "/failed: non-reduction loop contains
    reduction nodes"/ assert failure
    + JDK-8286211: Update PCSC-Lite for Suse Linux to 1.9.5
    + JDK-8286314: Trampoline not created for far runtime targets
    outside small CodeCache
    + JDK-8286582: Build fails on macos aarch64 when using
  - -with-zlib=bundled
    + JDK-8287017: Bump update version for OpenJDK: jdk-11.0.17
    + JDK-8287073: NPE from CgroupV2Subsystem.getInstance()
    + JDK-8287107: CgroupSubsystemFactory.setCgroupV2Path asserts
    with freezer controller
    + JDK-8287202: GHA: Add macOS aarch64 to the list of default
    platforms for workflow_dispatch event
    + JDK-8287223: C1: Inlining attempt through MH::invokeBasic()
    with null receiver
    + JDK-8287336: GHA: Workflows break on patch versions
    + JDK-8287366: Improve test failure reporting in GHA
    + JDK-8287432: C2: assert(tn->in(0) != __null) failed: must
    have live top node
    + JDK-8287463: JFR: Disable TestDevNull.java on Windows
    + JDK-8287663: Add a regression test for JDK-8287073
    + JDK-8287672: jtreg test com/sun/jndi/ldap/
    /LdapPoolTimeoutTest.java fails intermittently in nightly run
    + JDK-8287741: Fix of JDK-8287107 (unused cgv1 freezer
    controller) was incomplete
    + JDK-8288360: CI: ciInstanceKlass::implementor() is not
    consistent for well-known classes
    + JDK-8288467: remove memory_operand assert for spilled
    instructions
    + JDK-8288754: GCC 12 fails to build zReferenceProcessor.cpp
    + JDK-8288763: Pack200 extraction failure with invalid size
    + JDK-8288781: C1: LIR_OpVisitState::maxNumberOfOperands too
    small
    + JDK-8288865: [aarch64] LDR instructions must use legitimized
    addresses
    + JDK-8288928: Incorrect GPL header in pnglibconf.h (backport
    of JDK-8185041)
    + JDK-8289471: Issue in Initialization of keys in ErrorMsg.java
    and XPATHErrorResources.java
    + JDK-8289477: Memory corruption with CPU_ALLOC, CPU_FREE on
    muslc
    + JDK-8289486: Improve XSLT XPath operators count efficiency
    + JDK-8289549: ISO 4217 Amendment 172 Update
    + JDK-8289569: [test] java/lang/ProcessBuilder/Basic.java fails
    on Alpine/musl
    + JDK-8289799: Build warning in methodData.cpp memset
    zero-length parameter
    + JDK-8289856: [PPC64] SIGSEGV in C2Compiler::init_c2_runtime()
    after JDK-8289060
    + JDK-8290000: Bump macOS GitHub actions to macOS 11
    + JDK-8290004: [PPC64] JfrGetCallTrace: assert(_pc != nullptr)
    failed: must have PC
    + JDK-8290198: Shenandoah: a few Shenandoah tests failure after
    JDK-8214799 11u backport
    + JDK-8290246: test fails "/assert(init != __null) failed:
    initialization not found"/
    + JDK-8290813: jdk/nashorn/api/scripting/test/
    /ScriptObjectMirrorTest.java fails: assertEquals is ambiguous
    + JDK-8290886: [11u]: Backport of JDK-8266250 introduced test
    failures
    + JDK-8291570: [TESTBUG] Part of JDK-8250984 absent from 11u
    + JDK-8291713: assert(!phase->exceeding_node_budget()) failed:
    sanity after JDK-8223389
    + JDK-8291794: [11u] Corrections after backport of JDK-8212028
    + JDK-8292255: Bump update version for OpenJDK: jdk-11.0.16.1
    + JDK-8292260: [BACKOUT] JDK-8279219: [REDO] C2 crash when
    allocating array of size too large (bsc#1204523)
    + JDK-8292579: (tz) Update Timezone Data to 2022c
    + JDK-8292852: [11u] TestMemoryWithCgroupV1 fails after
    JDK-8292768
    + JDK-8295057: [11u] Remove designator
    DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.17
- Modified patch:
  * fips.patch
    + sync with newest RedHat version
- Package the JAVA_HOME/release files in *-headless package
  * fixes boo#1203476
kernel-default
- watchdog: diag288_wdt: do not use stack buffers for hardware
  data (bsc#1207497).
- commit f31eb64
- watchdog: diag288_wdt: fix __diag288() inline assembly
  (bsc#1207497).
- commit 2f246cf
- RDMA/core: Fix ib block iterator counter overflow (bsc#1207878).
- commit 64f6682
- libbpf: Fix null-pointer dereference in find_prog_by_sec_insn()
  (bsc#1204502 CVE-2022-3606).
- commit eef9e8d
- config.conf: Drop armv7l, Leap 15.3 is EOL.
- Delete config/armv7hl/default.
- Delete config/armv7hl/lpae.
- commit 022c807
- mm: /proc/pid/smaps_rollup: fix no vma's null-deref
  (bsc#1207769).
- commit be9727c
- scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes).
- scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
- scsi: fcoe: Fix transport not deattached when fcoe_if_init()
  fails (git-fixes).
- scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
- scsi: scsi_debug: Fix possible name leak in
  sdebug_add_host_helper() (git-fixes).
- scsi: fcoe: Fix possible name leak when device_register()
  fails (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
  (git-fixes).
- scsi: hpsa: Fix error handling in hpsa_add_sas_host()
  (git-fixes).
- scsi: mpt3sas: Fix possible resource leaks in
  mpt3sas_transport_port_add() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_init_one()
  (git-fixes).
- scsi: scsi_debug: Fix a warning in resp_write_scat()
  (git-fixes).
- scsi: core: Fix a race between scsi_done() and scsi_timeout()
  (git-fixes).
- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
  (git-fixes).
- scsi: core: Restrict legal sdev_state transitions via sysfs
  (git-fixes).
- scsi: 3w-9xxx: Avoid disabling device if failing to enable it
  (git-fixes).
- scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes).
- scsi: megaraid_sas: Fix double kfree() (git-fixes).
- scsi: Revert "/scsi: qla2xxx: Fix disk failure to rediscover"/
  (git-fixes).
- commit 25cb1e4
- dm thin: Use last transaction's pmd->root when commit failed
  (git-fixes).
- dm thin: resume even if in FAIL mode (git-fixes).
- dm cache: set needs_check flag after aborting metadata
  (git-fixes).
- dm cache: Fix ABBA deadlock between shrink_slab and
  dm_cache_metadata_abort (git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and
  dm_pool_abort_metadata (git-fixes).
- dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm clone: Fix UAF in clone_dtr() (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option
  enabled (git-fixes).
- dm integrity: flush the journal on suspend (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module
  loading (git-fixes).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- bcache: fix set_at_max_writeback_rate() for multiple attached
  devices (git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
  (git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- md: Notify sysfs sync_completed in md_reap_sync_thread()
  (git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal
  (git-fixes).
- nbd: call genl_unregister_family() first in nbd_cleanup()
  (git-fixes).
- md: protect md_unregister_thread from reentrancy (git-fixes).
- nbd: Fix hung on disconnect request if socket is closed before
  (git-fixes).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap()
  (git-fixes).
- dm btree: add a defensive bounds check to insert_at()
  (git-fixes).
- commit 223b9c6
- nbd: Fix incorrect error handle when first_minor is illegal
  in nbd_dev_add (git-fixes).
- Refresh for the above change,
  patches.suse/0019-nbd-fix-possible-overflow-on-first_minor-in-nbd_dev_.patch.
- commit 9c00c1c
- nbd: fix max value for 'first_minor' (git-fixes).
- Refresh for the above change,
  patches.suse/0012-nbd-fix-possible-overflow-for-first_minor-in-nbd_dev.patch.
- commit dd126a5
- dm space maps: don't reset space map allocation cursor when
  committing (git-fixes).
- dm verity: fix require_signatures module_param permissions
  (git-fixes).
- dm integrity: fix flush with external metadata device
  (git-fixes).
- dm integrity: select CRYPTO_SKCIPHER (git-fixes).
- dm verity: skip verity work if I/O error when system is shutting
  down (git-fixes).
- dm table: Remove BUG_ON(in_interrupt()) (git-fixes).
- nbd: make the config put is called before the notifying the
  waiter (git-fixes).
- nbd: restore default timeout when setting it to zero
  (git-fixes).
- loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes).
- blktrace: ensure our debugfs dir exists (git-fixes).
- commit 50ca764
- rbd: work around -Wuninitialized warning (git-fixes).
- Refresh for the above change,
  patches.suse/rbd-export-some-functions-used-by-lio-rbd-backend.patch.
- commit e923159
- blacklist.conf: add git-fixes commits which won't be backported
- commit 4601d33
- blacklist.conf: removing SCSI git-fix mistakenly added
  This fix was labelled as already present in our
  code base, but it was not.
- commit bcd8cfe
- scsi: pmcraid: Fix missing resource cleanup in error case
  (git-fixes).
- scsi: ipr: Fix missing/incorrect resource cleanup in error case
  (git-fixes).
- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
- scsi: myrb: Fix up null pointer access on myrb_cleanup()
  (git-fixes).
- scsi: megaraid: Fix error check return value of
  register_chrdev() (git-fixes).
- scsi: qedi: Fix failed disconnect handling (git-fixes).
- scsi: megaraid_sas: Target with invalid LUN ID is deleted
  during scan (git-fixes).
- scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
- scsi: libfc: Fix use after free in fc_exch_abts_resp()
  (git-fixes).
- scsi: aha152x: Fix aha152x_setup() __setup handler return value
  (git-fixes).
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
- scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: myrs: Fix crash in error case (git-fixes).
- scsi: qedf: Fix refcount issue when LOGO is received during TMF
  (git-fixes).
- scsi: sr: Don't use GFP_DMA (git-fixes).
- scsi: vmw_pvscsi: Set residual data length conditionally
  (git-fixes).
- scsi: libiscsi: Fix UAF in
  iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).
- scsi: core: sysfs: Fix setting device state to SDEV_RUNNING
  (git-fixes).
- scsi: core: sysfs: Fix hang when device state is set via sysfs
  (git-fixes).
- scsi: iscsi: Unblock session then wake up error handler
  (git-fixes).
- scsi: advansys: Fix kernel pointer leak (git-fixes).
- scsi: core: Fix shost->cmd_per_lun calculation in
  scsi_add_host_with_dma() (git-fixes).
- scsi: virtio_scsi: Fix spelling mistake "/Unsupport"/ ->
  "/Unsupported"/ (git-fixes).
- scsi: ses: Fix unsigned comparison with less than zero
  (git-fixes).
- scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes).
- scsi: ses: Retry failed Send/Receive Diagnostic commands
  (git-fixes).
- scsi: sd: Free scsi_disk device via put_device() (git-fixes).
- scsi: core: Fix hang of freezing queue between blocking and
  running device (git-fixes).
- scsi: core: Fix capacity set to zero after offlinining device
  (git-fixes).
- scsi: sr: Return correct event when media event code is 3
  (git-fixes).
- scsi: core: Avoid printing an error if target_alloc() returns
  - ENXIO (git-fixes).
- scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
  (git-fixes).
- scsi: megaraid_mm: Fix end of loop tests for
  list_for_each_entry() (git-fixes).
- scsi: qedf: Add check to synchronize abort and flush
  (git-fixes).
- scsi: libsas: Add LUN number check in .slave_alloc callback
  (git-fixes).
- scsi: aic7xxx: Fix unintentional sign extension issue on left
  shift of u8 (git-fixes).
- scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg()
  (git-fixes).
- scsi: scsi_dh_alua: Check for negative result value (git-fixes).
- scsi: qedi: Fix null ref during abort handling (git-fixes).
- scsi: iscsi: Fix shost->max_id use (git-fixes).
- scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes).
- scsi: megaraid_sas: Handle missing interrupts while re-enabling
  IRQs (git-fixes).
- scsi: megaraid_sas: Early detection of VD deletion through
  RaidMap update (git-fixes).
- scsi: megaraid_sas: Fix resource leak in case of probe failure
  (git-fixes).
- scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes).
- scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw()
  (git-fixes).
- scsi: sr: Return appropriate error code when disk is ejected
  (git-fixes).
- scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated
  irq (git-fixes).
- scsi: vmw_pvscsi: Set correct residual data length (git-fixes).
- scsi: bnx2fc: Return failure if io_req is already in ABTS
  processing (git-fixes).
- scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
  (git-fixes).
- scsi: libfc: Fix a format specifier (git-fixes).
- scsi: mpt3sas: Block PCI config access from userspace during
  reset (git-fixes).
- scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
  (git-fixes).
- scsi: st: Fix a use after free in st_open() (git-fixes).
- scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
  (git-fixes).
- scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes).
- scsi: ufs: Fix tm request when non-fatal error happens
  (git-fixes).
- scsi: sd: Suppress spurious errors when WRITE SAME is being
  disabled (git-fixes).
- scsi: scsi_transport_spi: Set RQF_PM for domain validation
  commands (git-fixes).
- scsi: ufs-pci: Ensure UFS device is in PowerDown mode for
  suspend-to-disk ->poweroff() (git-fixes).
- scsi: ufs: Fix wrong print message in dev_err() (git-fixes).
- scsi: mpt3sas: Increase IOCInit request timeout to 30s
  (git-fixes).
- commit cf6a959
- scsi: ufs: Make sure clk scaling happens only when HBA is
  runtime ACTIVE (git-fixes).
- scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by
  ufshcd_hold() (git-fixes).
- scsi: mpt3sas: Fix timeouts observed while reenabling IRQ
  (git-fixes).
- scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes).
- scsi: core: Don't start concurrent async scan on same host
  (git-fixes).
- scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes).
- scsi: qedf: Return SUCCESS if stale rport is encountered
  (git-fixes).
- scsi: qedi: Protect active command list to avoid list corruption
  (git-fixes).
- scsi: qedi: Fix list_del corruption while removing active I/O
  (git-fixes).
- scsi: ufs: ufs-qcom: Fix race conditions caused by
  ufs_qcom_testbus_config() (git-fixes).
- commit 0335e79
- sctp: fail if no bound addresses can be used for a given scope
  (bsc#1206677).
- commit dcee4fd
- scsi: ufs: Clean up completed request without interrupt
  notification (git-fixes).
- Refresh
  patches.suse/scsi-ufs-Properly-release-resources-if-a-task-is-aborted-successfully.
- commit 0e26434
- KVM: VMX: fix crash cleanup when KVM wasn't used (bsc#1207508).
- Refresh
  patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch.
- commit 8d5e108
- scsi: ufs: Improve interrupt handling for shared interrupts
  (git-fixes).
- scsi: ufs: Fix interrupt error message for shared interrupts
  (git-fixes).
- scsi: ufs: Fix possible infinite loop in ufshcd_hold
  (git-fixes).
- scsi: iscsi: Do not put host in iscsi_set_flashnode_param()
  (git-fixes).
- scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices
  (git-fixes).
- scsi: scsi_transport_spi: Fix function pointer check
  (git-fixes).
- scsi: sr: Fix sr_probe() missing deallocate of device minor
  (git-fixes).
- scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
  (git-fixes).
- scsi: hisi_sas: Do not reset phy timer to wait for stray phy up
  (git-fixes).
- scsi: cxlflash: Fix error return code in cxlflash_probe()
  (git-fixes).
- scsi: core: free sgtables in case command setup fails
  (git-fixes).
- scsi: pm: Balance pm_only counter of request queue during
  system resume (git-fixes).
- scsi: iscsi: Report unbind session event when the target has
  been removed (git-fixes).
- scsi: iscsi: Don't destroy session if there are outstanding
  connections (git-fixes).
- scsi: ufs: Fix a race condition in the tracing code (git-fixes).
- scsi: ufs: Make ufshcd_add_command_trace() easier to read
  (git-fixes).
- scsi: aic7xxx: Adjust indentation in ahc_find_syncrate
  (git-fixes).
- scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func
  (git-fixes).
- scsi: iscsi: Don't send data to unbound connection (git-fixes).
- scsi: NCR5380: Add disconnect_mask module parameter (git-fixes).
- scsi: scsi_debug: num_tgts must be >= 0 (git-fixes).
- scsi: ufs: Fix error handing during hibern8 enter (git-fixes).
- scsi: ufs: Fix irq return code (git-fixes).
- scsi: ufs: Fix up auto hibern8 enablement (git-fixes).
- scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of
  SG_NONE (git-fixes).
- scsi: ufs: fix potential bug which ends in system hang
  (git-fixes).
- scsi: hisi_sas: Check sas_port before using it (git-fixes).
- scsi: fnic: fix use after free (git-fixes).
- scsi: ufs: delete redundant function ufshcd_def_desc_sizes()
  (git-fixes).
- scsi: hisi_sas: Delete the debugfs folder of hisi_sas when
  the probe fails (git-fixes).
- commit e77b62a
- scsi: hisi_sas: Replace in_softirq() check in
  hisi_sas_task_exec() (git-fixes).
- Refresh patches.suse/scsi-hisi_sas-Remove-preemptible.
- commit ce7bed3
- blacklist.conf: add git-fixes to be skipped
- commit cb4a471
- netfilter: nft_payload: incorrect arithmetics when fetching
  VLAN header bits (CVE-2023-0179 bsc#1207034).
- commit 9fe77eb
- HID: check empty report_list in hid_validate_values()
  (git-fixes, bsc#1206784).
- commit 028641d
- HID: check empty report_list in bigben_probe() (git-fixes,
  bsc#1206784).
- commit c479b33
- HID: betop: check shape of output reports (git-fixes,
  bsc#1207186).
- commit f6860d6
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent
  UAF (CVE-2023-0266 bsc#1207134).
- commit 9014493
- sctp: sysctl: make extra pointers netns aware (bsc#1204760).
- commit 580597a
- net: sched: disallow noqueue for qdisc classes (bsc#1207237
  CVE-2022-47929).
- commit e015217
- blacklist.conf: 461ab10ef7e6 ("/ceph: switch to vfs_inode_has_locks() to fix file lock bug"/)
- commit b165b65
- ceph: avoid putting the realm twice when decoding snaps fails
  (bsc#1207198).
- ceph: do not update snapshot context when there is no new
  snapshot (bsc#1207218).
- commit 2f13b5a
- rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
- commit 6020754
- Update
  patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch
  (bsc#1207036 CVE-2023-23454).
- commit 88c4e72
- Update
  patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch
  (bsc#1207125 CVE-2023-23455).
- commit e595908
- SLE15-SP3 went to LTSS, hand over to L3
- commit c5e6bf0
- mm/memcg: optimize memory.numa_stat like memory.stat
  (bsc#1206663).
- commit d7619da
- drbd: destroy workqueue when drbd device was freed (git-fixes).
- drbd: use after free in drbd_create_device() (git-fixes).
- drbd: remove usage of list iterator variable after loop
  (git-fixes).
- commit ebdddc5
- powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
- powerpc/rtas: avoid device tree lookups in rtas_os_term()
  (bsc#1065729).
- commit da7ea39
- net: sched: atm: dont intepret cls results when asked to drop
  (bsc#1207036).
- commit 49dc51c
- net: sched: cbq: dont intepret cls results when asked to drop
  (bsc#1207036).
- commit 0726009
- ibmveth: Always stop tx queues during close (bsc#1065729).
- commit 8b8572d
- Refresh
  patches.suse/btrfs-avoid-unnecessary-lock-and-leaf-splits-when-up.patch.
  For bsc#1206904, see:
  https://bugzilla.suse.com/show_bug.cgi?id=1206904#c6
- commit dfcd116
- README.BRANCH: Added myself as co-maintainer
  And drop Oscars name.
- commit 0607a55
- ipv4: Handle attempt to delete multipath route when fib_info
  contains an nh reference (bsc#1204171 CVE-2022-3435).
- commit d2a1bb2
- net: ipv4: fix route with nexthop object delete warning
  (bsc#1204171 CVE-2022-3435).
- commit 51fb670
- module: avoid *goto*s in module_sig_check() (git-fixes).
- commit 95dc2c1
- module: merge repetitive strings in module_sig_check()
  (git-fixes).
- commit e890371
- module: set MODULE_STATE_GOING state when a module fails to load
  (git-fixes).
- commit bbf8a43
- modules: lockdep: Suppress suspicious RCU usage warning
  (git-fixes).
- commit a75abac
- module: Remove accidental change of module_enable_x()
  (git-fixes).
- commit c1799c7
- tracing: Verify if trace array exists before destroying it
  (git-fixes).
- commit 484ce03
- powerpc/powernv: add missing of_node_put (bsc#1065729).
- powerpc/boot: Fixup device-tree on little endian (bsc#1065729).
- powerpc/pseries: Stop calling printk in rtas_stop_self()
  (bsc#1065729).
- powerpc: Force inlining of cpu_has_feature() to avoid build
  failure (bsc#1065729).
- powerpc: improve handling of unrecoverable system reset
  (bsc#1065729).
- powerpc: sysdev: add missing iounmap() on error in
  mpic_msgr_probe() (bsc#1065729).
- powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729).
- powerpc/crashkernel: Take "/mem="/ option into account
  (bsc#1065729).
- powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729).
- powerpc/eeh: Only dump stack once if an MMIO loop is detected
  (bsc#1065729).
- powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV
  (bsc#1065729).
- powerpc/powernv/iov: Ensure the pdn for VFs always contains
  a valid PE number (bsc#1065729).
- commit f1282a1
- blacklist.conf: Add reverted commit
- commit 1048706
- powerpc: Ensure that swiotlb buffer is allocated from low memory
  (bsc#1156395).
- commit 6657d5f
- powerpc/powernv: Avoid re-registration of imc debugfs directory
  (bsc#1156395).
- powerpc/book3s/mm: Update Oops message to print the correct
  translation in use (bsc#1156395).
- commit 1967b85
- powerpc/pseries/cmm: Implement release() function for sysfs
  device (bsc#1065729).
- commit eef87f7
- rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs
  This makes in-tree KMPs more consistent with externally built KMPs and
  silences several rpmlint warnings.
- commit 02b7735
- mm: fix race between MADV_FREE reclaim and blkdev direct IO read
  (bsc#1204989,bsc#1205601).
- commit b1fad8e
- rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_*
  Dummy gcc pretends to support -mrecord-mcount option but actual gcc on
  ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS
  enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in
  check failure.
  As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT
  in the exception list, replace them with a general pattern. And add OBJTOOL
  as well.
- commit 887416f
- powerpc/xive/spapr: correct bitmap allocation size (fate#322438
  git-fixes).
- powerpc/xive: Add a check for memory allocation failure
  (fate#322438 git-fixes).
- commit 2423c59
- arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes)
- commit 5dff1e5
- arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes)
- commit 822d824
- blacklist.conf: ("/arm64: lse: Fix LSE atomics with LLVM"/)
- commit 22e012e
- arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes)
- commit 82f0058
- arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes)
- commit 2d24fe0
- arm64: dts: allwinner: H5: Add PMU node (git-fixes)
- commit 5f7b503
- arm64: dts: allwinner: H6: Add PMU mode (git-fixes)
- commit 3c56f93
- arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes)
- commit 10890a5
- blacklist.conf: ("/arm64: fix alternatives with LLVM's integrated assembler"/)
- commit a642f3b
- blacklist.conf: ("/arm64: lse: fix LSE atomics with LLVM's integrated assembler"/)
- commit 76593cf
- blacklist.conf: ("/arm64: dts: allwinner: a64: olinuxino: Fix eMMC supply regulator"/)
- commit 1caef50
- Refresh
  patches.suse/NFS-Handle-missing-attributes-in-OPEN-reply.patch.
  Update commit log to prevent patch and quilt from thinking it should apply the
  example hunks and fail.
- commit 78fab3f
- NFS: Handle missing attributes in OPEN reply (bsc#1203740).
- commit 75c0f21
- NFSv4.x: Fail client initialisation if state manager thread
  can't run (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname()
  (git-fixes).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()
  (git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper()
  and delegreturn (git-fixes).
- NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4.2: Fix a memory stomp in decode_attr_security_label
  (git-fixes).
- NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
  (git-fixes).
- SUNRPC: Don't leak netobj memory when gss_read_proxy_verf()
  fails (git-fixes).
- nfsd: don't call nfsd_file_put from client states seqfile
  display (git-fixes).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- NFSv4.2: Fixup CLONE dest file size for zero-length count
  (git-fixes).
- NFSv4: Retry LOCK on OLD_STATEID during delegation return
  (git-fixes).
- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
  (git-fixes).
- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- NFSv4/pNFS: Always return layout stats on layout return for
  flexfiles (git-fixes).
- NFSD: Return nfserr_serverfault if splice_ok but buf->pages
  have data (git-fixes).
- NFSD: Fix handling of oversized NFSv4 COMPOUND requests
  (git-fixes).
- NFSv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- xprtrdma: treat all calls not a bcall when bc_serv is NULL
  (git-fixes).
- NFSv4: Don't hold the layoutget locks across multiple RPC calls
  (git-fixes).
- SUNRPC: Fix socket waits for write buffer space (git-fixes).
- NFSv4: Protect the state recovery thread against direct reclaim
  (git-fixes).
- NFSv4 expose nfs_parse_server_name function (git-fixes).
- NFSv4 remove zero number of fs_locations entries error check
  (git-fixes).
- NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup()
  (git-fixes).
- NFSv4 only print the label when its queried (git-fixes).
- NFSD: Keep existing listeners on portlist error (git-fixes).
- lockd: lockd server-side shouldn't set fl_ops (git-fixes).
- rpc: fix gss_svc_init cleanup on failure (git-fixes).
- NFS: nfs_find_open_context() may only select open files
  (git-fixes).
- NFSD: fix error handling in NFSv4.0 callbacks (git-fixes).
- rpc: fix NULL dereference on kmalloc failure (git-fixes).
- fs: nfsd: fix kconfig dependency warning for NFSD_V4
  (git-fixes).
- nfs: we don't support removing system.nfs4_acl (git-fixes).
- nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes).
- SUNRPC: Handle 0 length opaque XDR object data properly
  (git-fixes).
- SUNRPC: Move simple_get_bytes and simple_get_netobj into
  private header (git-fixes).
- pNFS/NFSv4: Try to return invalid layout in
  pnfs_layout_process() (git-fixes).
- NFSv4: Fix a pNFS layout related use-after-free race when
  freeing the inode (git-fixes).
- NFS4: Fix oops when copy_file_range is attempted with NFS4.0
  source (git-fixes).
- SUNRPC: Mitigate cond_resched() in xprt_transmit() (git-fixes).
- SUNRPC: stop printk reading past end of string (git-fixes).
- NFS: Zero-stateid SETATTR should first return delegation
  (git-fixes).
- NFSv4.1 handle ERR_DELAY error reclaiming locking state on
  delegation recall (git-fixes).
- svcrdma: Fix another Receive buffer leak (git-fixes).
- NFS: nfs_xdr_status should record the procedure name
  (git-fixes).
- net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes).
- nfsd: safer handling of corrupted c_type (git-fixes).
- nfsd: Fix svc_xprt refcnt leak when setup callback client failed
  (git-fixes).
- sunrpc: check that domain table is empty at module unload
  (git-fixes).
- svcrdma: Fix backchannel return code (git-fixes).
- SUNRPC: Don't start a timer on an already queued rpc task
  (git-fixes).
- NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
  (git-fixes).
- NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context
  fails (git-fixes).
- NFSv4.2: error out when relink swapfile (git-fixes).
- NFSv4: Fix races between open and dentry revalidation
  (git-fixes).
- sunrpc: Fix potential leaks in sunrpc_cache_unhash()
  (git-fixes).
- nfsd: Clone should commit src file metadata too (git-fixes).
- NFS: Fix memory leaks (git-fixes).
- commit 5b3ba89
- memcg, kmem: further deprecate kmem.limit_in_bytes
  (bsc#1206896).
- commit c8d19aa
- blacklist.conf: blacklist 6fcbcec9cfc7
- commit de669f1
- arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes)
- commit b310aa7
- blacklist.conf: ("/arm64: dts: ls1028a: fix typo in TMU calibration data"/)
- commit 716a28c
- blacklist.conf: ("/arm64: Validate tagged addresses in access_ok() called from kernel"/)
- commit 9dd7e12
- blacklist.conf: ("/arm64: insn: consistently handle exit text"/)
- commit f816334
- blacklist.conf: blacklist 5c099c4fd
- commit 5b0fa49
- blacklist.conf: blacklist c3497fd009ef
- commit 359f3b8
- blacklist.conf: blacklist c915fb80eaa
- commit 02b35f9
- ext4: avoid BUG_ON when creating xattrs (bsc#1205496).
- commit b1bfe2a
- ext4: fix uninititialized value in 'ext4_evict_inode'
  (bsc#1206893).
- commit ff976a4
- ext4: fix corruption when online resizing a 1K bigalloc fs
  (bsc#1206891).
- commit 140cef5
- ext4: fix undefined behavior in bit shift for
  ext4_check_flag_values (bsc#1206890).
- commit 0696f69
- ext4: silence the warning when evicting inode with
  dioread_nolock (bsc#1206889).
- commit 8d66379
- ext4: fix use-after-free in ext4_ext_shift_extents
  (bsc#1206888).
- commit 027bd53
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- commit 5134642
- ext4: fix BUG_ON() when directory entry has invalid rec_len
  (bsc#1206886).
- commit 7d14bba
- Update tags in
  patches.suse/ext4-Fix-check-for-block-being-out-of-directory-size.patch.
- commit b651ac6
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- commit f8a1109
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- commit 100f2b7
- ext4: avoid crash when inline data creation follows DIO write
  (bsc#1206883).
- commit 05e8ed4
- ext4: continue to expand file system when the target size
  doesn't reach (bsc#1206882).
- commit 1b01bae
- ext4: fix bug in extents parsing when eh_entries == 0 and
  eh_depth > 0 (bsc#1206881).
- commit f1f3d4f
- blacklist.conf: blacklist 613c5a85898d
- commit 48dfb5e
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- commit f96243f
- blacklist.conf: blacklist b24e77ef1c6d
- commit 7ecc9d3
- ext4: correct the misjudgment in ext4_iget_extra_inode
  (bsc#1206878).
- commit b931654
- ext4: correct max_inline_xattr_value_size computing
  (bsc#1206878).
- commit fde0a78
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- commit a4c76a4
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
  (bsc#1206878).
- commit ecac58a
- ext4: fix extent status tree race in writeback error recovery
  path (bsc#1206877).
- commit 35c3734
- ext4: update s_overhead_clusters in the superblock during an
  on-line resize (bsc#1206876).
- commit 4ca9666
- ext4: correct the error path of ext4_write_inline_data_end()
  (bsc#1206875).
- commit 9ad9468
- blacklist.conf: blacklist 5dccdc5a1916
- commit 8417a93
- blacklist.conf: blacklist efc61345274d
- commit 8078536
- blacklist.conf: blacklist 5a3b590d4b2d
- commit 5590cb0
- ext4: Detect already used quota file early (bsc#1206873).
- commit 0136eeb
- blacklist.conf: Blacklist 0f5bde1db174
- commit 66ece1b
- blacklist.conf: blacklist f25391ebb475
- commit b3ab927
- ext4: avoid race conditions when remounting with options that
  change dax (bsc#1206860).
  Refresh patches.suse/ext4-dont-warn-when-enabling-DAX.patch
- commit 89b7d84
- blacklist.conf: Add ppc ddw fix only applicable to 5.15
- commit ce185e4
- ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859).
- commit c933ca2
- blacklist.conf: blacklist a17a9d935dc4
- commit 267ec30
- ext4: use matching invalidatepage in ext4_writepage
  (bsc#1206858).
- commit 9adbb3f
- ext4: mark block bitmap corrupted when found instead of BUGON
  (bsc#1206857).
- commit 0b7c7d5
- ext4: fix a data race at inode->i_disksize (bsc#1206855).
- commit 6032d35
- ext4: choose hardlimit when softlimit is larger than hardlimit
  in ext4_statfs_project() (bsc#1206854).
- commit 1fdf2d9
- blacklist.conf: blacklist 4068664e3cd2
- commit 3a30037
- blacklist.conf: Add active memory.high throttling fixups
- d397a45fc741 mm, memcg: fix corruption on 64-bit divisor in memory.high throttling
- e26733e0d0ec mm, memcg: throttle allocators based on ancestral memory.high
- 9b8b17541f13 mm, memcg: do not high throttle allocators based on wraparound
- commit 0508c0b
- sched/psi: Fix sampling error and rare div0 crashes with
  cgroups and high uptime (bsc#1206841).
- commit d518fcd
- scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445).
- scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445).
- scsi: lpfc: Fix crash involving race between FLOGI timeout
  and devloss handler (jsc#PED-1445).
- scsi: lpfc: Fix MI capability display in cmf_info sysfs
  attribute (jsc#PED-1445).
- scsi: lpfc: Correct bandwidth logging during receipt of
  congestion sync WCQE (jsc#PED-1445).
- scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445).
- scsi: lpfc: Use memset_startat() helper (jsc#PED-1445).
- scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445).
- string.h: Introduce memset_startat() for wiping trailing
  members and padding (jsc#PED-1445).
- commit 76decfc
- scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
- scsi: qla2xxx: Initialize vha->unknown_atio_[list, work]
  for NPIV hosts (jsc#PED-568).
- scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization
  (jsc#PED-568).
- scsi: qla2xxx: Remove unused variable 'found_devs'
  (jsc#PED-568).
- scsi: qla2xxx: Fix set-but-not-used variable warnings
  (jsc#PED-568).
- commit b04c714
- blacklist.conf: pSeries and powernv get dt from firmware
- commit 47ec098
- powerpc/pseries/eeh: use correct API for error log size
  (bsc#1065729).
- powerpc/perf: callchain validate kernel stack pointer bounds
  (bsc#1065729).
- powerpc/xive: add missing iounmap() in error path in
  xive_spapr_populate_irq_data() (fate#322438 git-fixes).
- powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
- powerpc/64: Init jump labels before parse_early_param()
  (bsc#1065729).
- commit 3405c6d
- powerpc/pseries: unregister VPA when hot unplugging a CPU
  (bsc#1205695 ltc#200603).
- commit 3d8dab2
- Fix kABI breakage in usb.h: struct usb_device:
  hide new member (bsc#1206664 CVE-2022-4662).
- commit a53ec27
- USB: core: Prevent nested device-reset calls (bsc#1206664
  CVE-2022-4662).
- commit 2d03a85
- drm: mali-dp: potential dereference of null pointer
  (CVE-2022-3115 bsc#1206393).
- commit 9246c67
- wifi: wilc1000: validate pairwise and authentication suite
  offsets (CVE-2022-47520 bsc#1206515).
- commit 10a48d9
- kabi/severities: ignore kABI change for meson driver fix (CVE-2022-3112 bsc#1206399)
- commit cecc04a
- media: meson: vdec: potential dereference of null pointer
  (CVE-2022-3112 bsc#1206399).
- commit 32c7d25
- Bluetooth: L2CAP: Fix use-after-free caused by
  l2cap_reassemble_sdu (CVE-2022-3564 bsc#1206073).
- commit 5495793
- Update patch reference for BT fix (CVE-2022-3564 bsc#1206073)
- commit a5136f0
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
  (bsc#1206649).
- commit 81eb278
- udf_get_extendedattr() had no boundary checks (bsc#1206648).
- commit 2ff0ceb
- udf: Fix iocharset=utf8 mount option (bsc#1206647).
- commit 6d30f6e
- udf: Fix NULL pointer dereference in udf_symlink function
  (bsc#1206646).
- commit aa42b50
- udf: fix silent AED tagLocation corruption (bsc#1206645).
- commit a3bf788
- udf: fix the problem that the disc content is not displayed
  (bsc#1206644).
- commit baed6fa
- udf: Limit sparing table size (bsc#1206643).
- commit 10a39e1
- udf: Avoid accessing uninitialized data on failed inode read
  (bsc#1206642).
- commit 8c98e30
- udf: Fix free space reporting for metadata and virtual
  partitions (bsc#1206641).
- commit 0743d18
- quota: Check next/prev free block number after reading from
  quota file (bsc#1206640).
- commit f8fb63e
- blacklist.conf: Blacklist dd5532a4994b
- commit 836bdfa
- blacklist.conf: Blacklist dfc2d2594e4a
- commit dd5297d
- blacklist.conf: Blacklist f4c2d372b89a
- commit fc7d11b
- ext4: iomap that extends beyond EOF should be marked dirty
  (bsc#1206637).
- commit e1b2dad
- blacklist.conf: Blacklist 02f03c4206c1
- commit bb8f69f
- isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636).
- commit 9374be1
- mm/filemap.c: clear page error before actual read (bsc#1206635).
- commit 5e80ff2
- lib/notifier-error-inject: fix error when writing -errno to
  debugfs file (bsc#1206634).
- commit dea9978
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
  (bsc#1206634).
- commit 2504e98
- blacklist.conf: Blacklist 9066e151c379
- commit 966d217
- sbitmap: fix lockup while swapping (bsc#1206602).
- commit 008171d
- struct usbnet: move new members to end (git-fixes).
- commit f647bb2
- net: usb: cdc_ncm: don't spew notifications (git-fixes).
- Refresh
  patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch.
- commit 6bb9cb6
- blacklist.conf: ("/arm64: dts: armada-3720-turris-mox: add firmware node"/)
- commit 77ea716
- arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes)
- commit 954a96f
- blacklist.conf: ("/crypto: arm64/aes-neonbs - add return value of skcipher_walk_done()"/)
- commit 8dcdb26
- arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes)
- commit c3c7089
- arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes).
- commit ae4388c
- net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
- commit 47e48bc
- rtc: pcf85063: Fix reading alarm (git-fixes).
- commit 3b1fc33
- efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes).
- commit 1dc7c8f
- Update metadata references
- commit 71ea896
- Update
  patches.suse/RDMA-uverbs-Check-for-null-return-of-kmalloc_array.patch
  (CVE-2022-3105 bsc#1206398 git-fixes).
- commit 66cd628
- Update
  patches.suse/drm-amdkfd-Check-for-null-pointer-after-calling-kmem.patch
  (CVE-2022-3108 bsc#1206389 git-fixes).
- commit 7c181a5
- RDMA/uverbs: Check for null return of kmalloc_array
  (CVE-2022-3105 bsc#1206398 git-fixes).
- commit 73b6bff
- Update
  patches.suse/sfc_ef100-potential-dereference-of-null-pointer.patch
  (jsc#SLE-16683 CVE-2022-3106 bsc#1206397).
- commit 3e8cb15
- Update
  patches.suse/msft-hv-2553-hv_netvsc-Add-check-for-kvmalloc_array.patch
  (CVE-2022-3107 bsc#1206395 git-fixes).
- commit d5698e3
- Update
  patches.suse/power-supply-wm8350-power-Add-missing-free-in-free_c.patch
  (CVE-2022-3111 bsc#1206394 git-fixes).
- commit 2ff0fd7
- blacklist.conf: cosmetic, does not fix a bug
- commit c7bc28a
- dt-bindings: clocks: imx8mp: Add ID for usb suspend clock
  (git-fixes).
- commit 4972874
- tracing: Free buffers when a used dynamic event is removed
  (git-fixes).
- commit 3703499
- tracing/dynevent: Delete all matched events (git-fixes).
- commit dcf29de
- tracing: Add tracing_reset_all_online_cpus_unlocked() function
  (git-fixes).
- commit 6ce4166
- blacklist.conf: Risky, requires reworking of mempolicies
- commit e11ba4b
- blacklist.conf: Risky semantic change for hugetlbfs runtime allocation
- commit 8dbcec6
- mm, page_alloc: avoid expensive reclaim when compaction may
  not succeed (bsc#1204250).
- commit f800975
- afs: Fix some tracing details (git-fixes).
- commit 161393a
- blacklist.conf: cosmetic fix
- commit 39c4f5a
- usb: host: xhci-hub: fix extra endianness conversion
  (git-fixes).
- commit 3574ccc
- memcg: Fix possible use-after-free in
  memcg_write_event_control() (bsc#1206344).
- commit d0798c9
- s390/boot: add secure boot trailer (bsc#1205256 LTC#1205256).
- commit 2e9f75b
- net: mana: Fix race on per-CQ variable napi work_done
  (git-fixes).
- commit 935369b
- Update patches.suse/drm-amd-display-memory-leak.patch
  (CVE-2019-19083 bsc#1157049 bnc#1151927 5.3.8).
  Update the metadata of this patch and in particular its commit ID.
  This fix was committed twice upstream, and we used one commit ID in
  all branches except SLE15-SP3 where we use the other one. Align this
  branch with what was done in all other branches. Benefits:
  * No need to blacklist the other commit ID as it was never mentioned
  in stable trees.
  * Minimize the differences between branches to lower the risk of merge
  conflicts.
  I verified that the resulting source tree is exactly the same before
  and after this change.
- commit 27c76af
- Rename 0001-drm-amd-display-memory-leak.patch
  Use the same name as in all other branches for consistency.
- commit 9d96a87
- ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
- commit 6426714
- proc: proc_skip_spaces() shouldn't think it is working on C
  strings (CVE-2022-4378 bsc#1206207).
- proc: avoid integer type confusion in get_proc_long
  (CVE-2022-4378 bsc#1206207).
- commit 1e50bbf
- ext4: Fixup pages without buffers (bsc#1205495).
- commit ad24b58
- kbuild: Unify options for BTF generation for vmlinux and modules
  (bsc#1204693).
- Refresh
  patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch.
- commit 5bc49fe
- fuse: lock inode unconditionally in fuse_fallocate()
  (bsc#1206179).
- fuse: fix use after free in fuse_read_interrupt() (bsc#1206178).
- cuse: prevent clone (bsc#1206177).
- fuse: fix the ->direct_IO() treatment of iov_iter (bsc#1206176).
- fuse: update attr_version counter on fuse_notify_inval_inode()
  (bsc#1206175).
- fuse: don't check refcount after stealing page (bsc#1206174).
- commit 8cb708c
- Refresh
  patches.kabi/kABI-remove-new-member-of-usbip_device.patch.
- commit bf09767
- Refresh
  patches.suse/x86-speculation-Disable-RRSBA-behavior.patch.
  Fix up after merge from cve/5.3. The patch can be closer to upstream in
  15sp3 as we have more than in the cve branch.
- commit 344ce75
- x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon
  resume from S3 (bsc#1206037).
- commit df768bd
- xen/netback: don't call kfree_skb() with interrupts disabled
  (bsc#1206114, XSA-424, CVE-2022-42328, CVE-2022-42329).
- commit 18b6c2b
- xen/netback: Ensure protocol headers don't fall in the
  non-linear area (bsc#1206113, XSA-423, CVE-2022-3643).
- commit ef1bd8e
- blacklist.conf: 2e5383d7904e cgroup1: don't call release_agent when it
  is "/"/
- commit dce5fa8
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit ff0c181
- docs/kernel-parameters: Update descriptions for "/mitigations="/
  param with retbleed (bsc#1199657 CVE-2022-29900 CVE-2022-29901
  bsc#1203271 bsc#1206032).
- commit 012ee9f
- Update
  patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901 bsc#1203271
  bsc#1206032).
- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
  Fix mitigations=off to imply retbleed=off (bsc#1206032).
- commit f959a8e
- Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573)
- commit 2043e6b
- ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989).
- ceph: lockdep annotations for try_nonblocking_invalidate
  (bsc#1205988).
- ceph: request Fw caps before updating the mtime in
  ceph_write_iter (bsc#1205987).
- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
  (bsc#1205986).
- ceph: fix fscache invalidation (bsc#1205985).
- ceph: do not access the kiocb after aio requests (bsc#1205984).
- commit 3a3eff6
- kabi: sk_buff.scm_io_uring (bsc#1204228 CVE-2022-2602).
- commit 1cb9473
- io_uring/af_unix: defer registered files gc to io_uring release
  (bsc#1204228 CVE-2022-2602).
- commit fee5862
- hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
  (git-fixes).
- hwmon: (coretemp) Check for null before removing sysfs attrs
  (git-fixes).
- hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc()
  fails (git-fixes).
- hwmon: (i5500_temp) fix missing pci_disable_device()
  (git-fixes).
- commit fdf27d9
- cifs: skip extra NULL byte in filenames (bsc#1204791).
- commit 482b418
- block: Do not reread partition table on exclusively open device
  (bsc#1190969).
- commit 1d888c0
- atm: idt77252: fix use-after-free bugs caused by tst_timer
  (CVE-2022-3635 bsc#1204631).
- commit 81a86f3
- Update patch reference for ATM fix (CVE-2022-3635 bsc#1204631)
- commit f11d21c
- Move upstreamed i915 patch into sorted section
- commit 4f7c541
- net: ethernet: renesas: ravb: Fix promiscuous mode after system
  resumed (git-fixes).
- wifi: mac8021: fix possible oob access in
  ieee80211_get_rate_duration (git-fixes).
- wifi: cfg80211: fix buffer overflow in elem comparison
  (git-fixes).
- net: ethernet: nixge: fix NULL dereference (git-fixes).
- net: phy: fix null-ptr-deref while probe() failed (git-fixes).
- can: cc770: cc770_isa_probe(): add missing free_cc770dev()
  (git-fixes).
- can: sja1000_isa: sja1000_isa_probe(): add missing
  free_sja1000dev() (git-fixes).
- commit c233552
- Add support for enabling livepatching related packages on -RT (jsc#PED-1706)
- commit 9d41244
- xen/privcmd: fix error exit of privcmd_ioctl_dm_op()
  (git-fixes).
- commit a2d69de
- xen/privcmd: Corrected error handling path (git-fixes).
- commit 9273ea4
- blacklist.conf: add 5c13a4a0291b3019
- commit f414b37
- xen/gntdev: Prevent leaking grants (git-fixes).
- commit d068003
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
  (git-fixes).
- commit 310f73b
- xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
- commit e66563b
- xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
  (git-fixes).
- commit 2026fbd
- blacklist.conf: add e8240addd0a39
- commit c8fea7d
- blacklist.conf: add 0f4558ae91870
- commit 1f46313
- xen: Fix XenStore initialisation for XS_LOCAL (git-fixes).
- commit b1da831
- xen/pcpu: fix possible memory leak in register_pcpu()
  (git-fixes).
- commit 7bcfa5e
- xen/balloon: fix cancelled balloon action (git-fixes).
- commit df9a18a
- Refresh patches.suse/ibmvnic-Properly-dispose-of-all-skbs-during-a-failov.patch.
  Fix metadata
- commit b7e4dba
- xen/balloon: fix balloon kthread freezing (git-fixes).
- commit 5c64258
- ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533
  git-fixes).
- commit 390f969
- Xen/gntdev: don't ignore kernel unmapping error (git-fixes).
- commit d1d28ba
- xen-netback: correct success/error reporting for the
  SKB-with-fraglist case (git-fixes).
- commit 26320ba
- xen/balloon: use a kernel thread instead a workqueue
  (git-fixes).
- commit cb178a9
- arm/xen: Don't probe xenbus as part of an early initcall
  (git-fixes).
- commit 6b23717
- x86/xen: Add xen_no_vector_callback option to test PCI INTX
  delivery (git-fixes).
- commit c3e71c4
- xen/xenbus: Fix granting of vmalloc'd memory (git-fixes).
- Refresh
  patches.suse/xen-xenbus-don-t-let-xenbus_grant_ring-remove-grants.patch.
- commit b773587
- xen: Fix event channel callback via INTX/GSI (git-fixes).
- commit f009c3f
- x86/xen: don't unbind uninitialized lock_kicker_irq (git-fixes).
- commit dc41a1f
- usb: dwc3: gadget: Clear ep descriptor last (git-fixes).
- commit 9eafa9a
- swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses
  (git-fixes).
- commit a448c92
- xen/xenbus: ensure xenbus_map_ring_valloc() returns proper
  grant status (git-fixes).
- commit eda3b54
- xenbus: req->err should be updated before req->state
  (git-fixes).
- commit b68f2a5
- xenbus: req->body should be updated before req->state
  (git-fixes).
- commit 43d862b
- x86/xen: Distribute switch variables for initialization
  (git-fixes).
- commit 0f71692
- xen/balloon: fix ballooned page accounting without hotplug
  enabled (git-fixes).
- commit e768449
- xen-blkback: prevent premature module unload (git-fixes).
- commit 55eaccd
- USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
- commit 5b34629
- USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
- commit 48c193f
- USB: serial: option: remove old LARA-R6 PID.
- commit 50cfc4c
- USB: serial: option: add Fibocom FM160 0x0111 composition
  (git-fixes).
- commit 3cf3877
- usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
- commit 6ac2249
- usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
- commit 774f54f
- drm/i915: fix TLB invalidation for Gen12 video and compute
  engines (CVE-2022-4139 bsc#1205700).
- commit 58aaa10
- Refresh patches.suse/misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch (CVE-2022-3424 bsc#1204166)
  Taken from v10 patch in char-misc subsystem tree
- commit 09cd28d
- blacklist.conf: duplicate
- commit 468555e
- blacklist.conf: cosmetic fix
- commit a8e199d
- net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes).
- commit bc1c359
- rndis_host: increase sleep time in the query-response loop
  (git-fixes).
- commit 1a77104
- net: usb: qmi_wwan: restore mtu min/max values after raw_ip
  switch (git-fixes).
- commit 43cdbc4
- HID: roccat: Fix use-after-free in roccat_read() (bsc#1203960
  CVE-2022-41850).
- commit 3bef7b9
- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
- v3 of "/PCI: hv: Only reuse existing IRTE allocation for Multi-MSI"/
- scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes).
- commit e4d40ab
- Bluetooth: L2CAP: Fix u8 overflow (CVE-2022-45934 bsc#1205796).
- commit 9a43bb4
- usb: dwc3: exynos: Fix remove() function (git-fixes).
- spi: spi-imx: Fix spi_bus_clk if requested clock is higher
  than input clock (git-fixes).
- USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
- USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
- USB: serial: option: remove old LARA-R6 PID (git-fixes).
- USB: serial: option: add Fibocom FM160 0x0111 composition
  (git-fixes).
- USB: serial: option: add Sierra Wireless EM9191 (git-fixes).
- usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
- usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
- slimbus: stream: correct presence rate frequencies (git-fixes).
- siox: fix possible memory leak in siox_device_add() (git-fixes).
- commit acc3c71
- iio: core: Fix entry not deleted when
  iio_register_sw_trigger_type() fails (git-fixes).
- iio: light: rpr0521: add missing Kconfig dependencies
  (git-fixes).
- iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
  (git-fixes).
- iio: health: afe4403: Fix oob read in afe4403_read_raw
  (git-fixes).
- iio: light: apds9960: fix wrong register for gesture gain
  (git-fixes).
- regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes).
- regulator: core: fix UAF in destroy_regulator() (git-fixes).
- regulator: core: fix kobject release warning and memory leak
  in regulator_register() (git-fixes).
- nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes).
- nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
  (git-fixes).
- NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes).
- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
  (git-fixes).
- nfc: nfcmrvl: Fix potential memory leak in
  nfcmrvl_i2c_nci_send() (git-fixes).
- nfc/nci: fix race with opening and closing (git-fixes).
- Input: i8042 - fix leaking of platform device on module removal
  (git-fixes).
- Input: iforce - invert valid length check when fetching device
  IDs (git-fixes).
- serial: 8250_lpss: Configure DMA also w/o DMA filter
  (git-fixes).
- serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
  (git-fixes).
- serial: imx: Add missing .thaw_noirq hook (git-fixes).
- serial: 8250: omap: Flush PM QOS work on remove (git-fixes).
- serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in
  omap8250_remove() (git-fixes).
- serial: 8250_omap: remove wait loop from Errata i202 workaround
  (git-fixes).
- parport_pc: Avoid FIFO port location truncation (git-fixes).
- misc/vmw_vmci: fix an infoleak in
  vmci_host_do_receive_datagram() (git-fixes).
- iio: adc: at91_adc: fix possible memory leak in
  at91_adc_allocate_trigger() (git-fixes).
- iio: pressure: ms5611: changed hardcoded SPI speed to value
  limited (git-fixes).
- iio: trigger: sysfs: fix possible memory leak in
  iio_sysfs_trig_init() (git-fixes).
- mmc: sdhci-pci: Fix possible memory leak caused by missing
  pci_dev_put() (git-fixes).
- mmc: sdhci-pci-o2micro: fix card detect fail issue caused by
  CD# debounce timeout (git-fixes).
- mmc: core: properly select voltage range without power cycle
  (git-fixes).
- mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
- mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
  (git-fixes).
- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
  (git-fixes).
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes).
- commit d87f9df
- ASoC: max98373: Add checks for devm_kcalloc (git-fixes).
- dma-buf: fix racing conflict of dma_heap_add() (git-fixes).
- bus: sunxi-rsb: Support atomic transfers (git-fixes).
- drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()
  (git-fixes).
- drm/drv: Fix potential memory leak in drm_dev_init()
  (git-fixes).
- drm/panel: simple: set bpc field for logic technologies displays
  (git-fixes).
- ALSA: usb-audio: Drop snd_BUG_ON() from
  snd_usbmidi_output_open() (git-fixes).
- ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
  (git-fixes).
- ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes).
- ALSA: hda: fix potential memleak in 'add_widget_node'
  (git-fixes).
- ALSA: usb-audio: Add DSD support for Accuphase DAC-60
  (git-fixes).
- ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes).
- i2c: i801: add lis3lv02d's I2C address for Vostro 5568
  (git-fixes).
- drm/imx: imx-tve: Fix return type of
  imx_tve_connector_mode_valid (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes).
- ASoC: codecs: jz4725b: Fix spelling mistake "/Sourc"/ -> "/Source"/,
  "/Routee"/ -> "/Route"/ (git-fixes).
- ASoC: codecs: jz4725b: fix capture selector naming (git-fixes).
- ASoC: codecs: jz4725b: use right control for Capture Volume
  (git-fixes).
- ASoC: codecs: jz4725b: fix reported volume for Master ctl
  (git-fixes).
- ASoC: codecs: jz4725b: add missed Line In power control bit
  (git-fixes).
- ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK
  (git-fixes).
- ASoC: wm8997: Revert "/ASoC: wm8997: Fix PM disable depth
  imbalance in wm8997_probe"/ (git-fixes).
- ASoC: wm5110: Revert "/ASoC: wm5110: Fix PM disable depth
  imbalance in wm5110_probe"/ (git-fixes).
- ASoC: wm5102: Revert "/ASoC: wm5102: Fix PM disable depth
  imbalance in wm5102_probe"/ (git-fixes).
- commit 27fe82f
- x86/kexec: Fix double-free of elf header buffer (bsc#1205567).
- commit 25c2f2d
- Refresh
  patches.suse/nfsd4-fix-NULL-dereference-in-nfsd-clients-display-c.patch.
- Delete patches.suse/nfsd-show_open-NULL-deref.patch.
  These patches are for the same git commit, so merging.
  "/return SEQ_SKIP"/ is changed to "/return 0"/ to match
  upstream.  Difference is only important if some content
  has already been generated.  In that case SEQ_SKIP discards it
  and 0 leaves it.  Here we haven't generated any content.
  bsc#1205753
- commit 4d06f59
- l2tp: Serialize access to sk_user_data with sk_callback_lock
  (bsc#1205711 CVE-2022-4129).
- commit add2103
- net: fix a concurrency bug in l2tp_tunnel_register()
  (bsc#1205711 CVE-2022-4129).
- commit ced1fd6
- Drop incorrectly doubly applied patches for brcmfmac and vc4 (bsc#1205753)
- commit 5941245
- arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes)
- commit 7b66fa8
- blacklist.conf: kvm_arch_no_poll() is called only once already
- commit 3bc62c2
- KVM: s390: pv: don't allow userspace to set the clock under PV
  (git-fixes).
- KVM: s390: Fix handle_sske page fault handling (git-fixes).
- KVM: s390: Add a routine for setting userspace CPU state
  (git-fixes).
- KVM: s390: Simplify SIGP Set Arch handling (git-fixes).
- KVM: s390: get rid of register asm usage (git-fixes).
- KVM: s390: reduce number of IO pins to 1 (git-fixes).
- commit 76c25b0
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory
  (CVE-2022-42895 bsc#1205705).
- Bluetooth: L2CAP: Fix accepting connection request for invalid
  SPSM (CVE-2022-42896 bsc#1205709).
- commit fc4b67c
- Update patch reference for Bluetooth fix (CVE-2022-42895 bsc#1205705)
- commit 0d77342
- blacklist.conf: Unnecessary build config fix.
- commit 68959f0
- scsi: zfcp: Fix double free of FSF request when qdio send fails
  (git-fixes).
- s390: fix nospec table alignments (git-fixes).
- s390: Remove arch_has_random, arch_has_random_seed (git-fixes).
- commit 55df511
- iwlwifi: dbg: disable ini debug in 9000 family and below
  (git-fixes).
- commit 152ef40
- blacklist.conf: kABI
- commit 509fe6c
- blacklist.conf: kABI
- commit 8bad736
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (bsc#1205671
  CVE-2022-41858).
- commit dd6f85a
- md/raid5: Ensure stripe_fill happens on non-read IO with journal
  (git-fixes).
- commit cac2314
- md: Replace snprintf with scnprintf (git-fixes).
- Replaced the in-house patch by the above upstream patch,
  patches.suse/md-raid0-fix-buffer-overflow-at-debug-print.patch.
- commit 8c3cff2
- dm raid: fix address sanitizer warning in raid_resume
  (git-fixes).
- dm raid: fix address sanitizer warning in raid_status
  (git-fixes).
- dm: return early from dm_pr_call() if DM device is suspended
  (git-fixes).
- dm thin: fix use-after-free crash in
  dm_sm_register_threshold_callback (git-fixes).
- dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
- dm raid: fix accesses beyond end of raid member array
  (git-fixes).
- dm mirror log: clear log bits up to BITS_PER_LONG boundary
  (git-fixes).
- dm era: commit metadata in postsuspend after worker stops
  (git-fixes).
- dm mpath: only use ktime_get_ns() in historical selector
  (git-fixes).
- dm integrity: set journal entry unused when shrinking device
  (git-fixes).
- dm verity fec: fix misaligned RS roots IO (git-fixes).
- dm writecache: fix writing beyond end of underlying device
  when shrinking (git-fixes).
- dm writecache: return the exact table values that were set
  (git-fixes).
- commit e0e374e
- dm: fix request-based DM to not bounce through indirect
  dm_submit_bio (git-fixes).
- Refresh for the above change,
  patches.suse/blk-mq-clear-stale-request-in-tags-rq-before-freeing.patch.
- commit 259862c
- dm: remove special-casing of bio-based immutable singleton
  target on NVMe (git-fixes).
- commit 31a00a1
- blacklist.conf: add non-backport git-fixes commit
- commit 42c7406
- nfsd: set the server_scope during service startup (bsc#1203746).
- commit 3d5973a
- NFSD: Cap rsize_bop result based on send buffer size
  (bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv3 READ
  (bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv2 READ
  (bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv3 READDIR
  (bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv2 READDIR
  (bsc#1205128 CVE-2022-43945).
- commit e93318a
- blacklist.conf: Add 74e4b956eb1c cgroup: Honor caller's cgroup NS when resolving path
- commit 99fc524
- add another bug reference to some hyperv changes (bsc#1205617).
- commit b575115
- blacklist.conf: cleanup
- commit b0b46b5
- media: vim2m: initialize the media device earlier (git-fixes).
- commit c5af813
- media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes).
- commit 2431c97
- rtc: mt6397: fix alarm register overwrite (git-fixes).
- commit 95d4e3d
- staging: greybus: light: fix a couple double frees (git-fixes).
- commit 58bdfb3
- blacklist.conf: duplicate
- commit 3dd1632
- tracing: Fix wild-memory-access in register_synth_event()
  (git-fixes).
- commit 7dac608
- ftrace: Fix null pointer dereference in ftrace_add_mod()
  (git-fixes).
- commit 4244693
- ring_buffer: Do not deactivate non-existant pages (git-fixes).
- commit 464f48f
- ftrace: Optimize the allocation for mcount entries (git-fixes).
- commit c7550d0
- ftrace: Fix the possible incorrect kernel message (git-fixes).
- commit 47e4dec
- ring-buffer: Include dropped pages in counting dirty patches
  (git-fixes).
- commit 284d26b
- tracing/ring-buffer: Have polling block on watermark
  (git-fixes).
- commit d2a2e4f
- ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
- commit b801309
- powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395).
- commit 3c8b93e
- powerpc/boot: Explicitly disable usage of SPE instructions
  (bsc#1156395).
- commit 0bc0054
- blacklist.conf: Add fixes for unsupported platforms
- commit 27bff58
- Update patch reference for rtl8712 driver fix (CVE-2022-4095 bsc#1205514)
- commit 8075958
- staging: rtl8712: fix use after free bugs (CVE-2022-4095
  bsc#1205514).
- commit d8c38e0
- ipv6: Fix data races around sk->sk_prot (bsc#1204414
  CVE-2022-3567).
- commit 12fec90
- ipv6: annotate some data-races around sk->sk_prot (bsc#1204414
  CVE-2022-3567).
- commit 3b01230
- KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT
  for L1 (git-fixes).
- commit d56f1ae
- KVM: nVMX: Validate the EPTP when emulating
  INVEPT(EXTENT_CONTEXT) (git-fixes).
- commit 26dc9e3
- kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes).
- commit 2f5ac01
- blacklist.conf: add 514ccc194971d0 ("/x86/kvm: fix a missing-prototypes
  "/vmread_error"/"/)
- commit c73c5e6
- KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec
  support (git-fixes).
- commit 038458a
- KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls
  only when apicv is globally disabled (git-fixes).
- commit c95874c
- mISDN: fix misuse of put_device() in mISDN_register_device()
  (git-fixes).
- commit fea2547
- x86/speculation: Disable RRSBA behavior (bsc#1201455
  CVE-2022-28693).
- commit 1c08940
- net: thunderbolt: Fix error handling in tbnet_init()
  (git-fixes).
- net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes).
- mISDN: fix possible memory leak in mISDN_dsp_element_register()
  (git-fixes).
- commit d89f3be
- Move upstreamed fbdev fix into sorted section
- commit c2656f7
- pinctrl: devicetree: fix null pointer dereferencing in
  pinctrl_dt_to_map (git-fixes).
- ata: libata-transport: fix error handling in ata_tdev_add()
  (git-fixes).
- ata: libata-transport: fix error handling in ata_tlink_add()
  (git-fixes).
- ata: libata-transport: fix error handling in ata_tport_add()
  (git-fixes).
- ata: libata-transport: fix double ata_host_put() in
  ata_tport_add() (git-fixes).
- dmaengine: at_hdmac: Check return code of
  dma_async_device_register (git-fixes).
- dmaengine: at_hdmac: Fix impossible condition (git-fixes).
- dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
  (git-fixes).
- dmaengine: at_hdmac: Fix completion of unissued descriptor in
  case of errors (git-fixes).
- dmaengine: at_hdmac: Don't start transactions at tx_submit level
  (git-fixes).
- dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes).
- dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
  (git-fixes).
- dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes).
- spi: stm32: Print summary 'callbacks suppressed' message
  (git-fixes).
- drm/i915/dmabuf: fix sg_table handling in map_dma_buf
  (git-fixes).
- drm/vc4: Fix missing platform_unregister_drivers() call in
  vc4_drm_register() (git-fixes).
- hamradio: fix issue of dev reference count leakage in
  bpq_device_event() (git-fixes).
- wifi: cfg80211: fix memory leak in query_regdb_file()
  (git-fixes).
- wifi: cfg80211: silence a sparse RCU warning (git-fixes).
- phy: stm32: fix an error code in probe (git-fixes).
- capabilities: fix undefined behavior in bit shift for
  CAP_TO_MASK (git-fixes).
- firmware: arm_scmi: Suppress the driver's bind attributes
  (git-fixes).
- drm/i915/sdvo: Setup DDC fully before output init (git-fixes).
- drm/i915/sdvo: Filter out invalid outputs more sensibly
  (git-fixes).
- drm/rockchip: dsi: Force synchronous probe (git-fixes).
- ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes).
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory
  (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by
  l2cap_reassemble_sdu (git-fixes).
- isdn: mISDN: netjet: fix wrong check of device registration
  (git-fixes).
- mISDN: fix possible memory leak in mISDN_register_device()
  (git-fixes).
- nfc: nfcmrvl: Fix potential memory leak in
  nfcmrvl_i2c_nci_send() (git-fixes).
- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
  (git-fixes).
- fbdev: smscufx: Fix several use-after-free bugs (git-fixes).
- xhci: Remove device endpoints from bandwidth list when freeing
  the device (git-fixes).
- media: venus: dec: Handle the case where find_format fails
  (git-fixes).
- media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation
  (git-fixes).
- media: meson: vdec: fix possible refcount leak in vdec_probe()
  (git-fixes).
- media: dvb-frontends/drxk: initialize err to 0 (git-fixes).
- HID: saitek: add madcatz variant of MMO7 mouse device ID
  (git-fixes).
- USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
  (git-fixes).
- commit 87c5230
- usbip: usbip_event: use global lock (git-fixes).
- commit dfdff40
- usbip: synchronize event handler with sysfs code paths
  (git-fixes).
- commit 02e148d
- usbip: vudc_sysfs: use global lock (git-fixes).
- commit 0d41db9
- usbip: vudc synchronize sysfs code paths (git-fixes).
- commit 436bc70
- usbip: stub_dev: remake locking for kABI (git-fixes).
- commit 9d2c460
- kABI: remove new member of usbip_device (git-fixes).
- usbip: stub-dev synchronize sysfs code paths (git-fixes).
- usbip: add sysfs_lock to synchronize sysfs code paths
  (git-fixes).
- commit a40ec71
- blacklist.conf: kABI
- commit 304049d
- blacklist.conf: kABI
- commit 18d7f9f
- usb: dwc3: fix PHY disable sequence (git-fixes).
- commit b0b38c0
- blacklist.conf: too intrusive
- commit c4ba71f
- x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
- commit 84f9a38
- blacklist.conf: inapplicable
- commit f1ebd1d
- vmlinux.lds.h: Fix placement of '.data..decrypted' section
  (git-fixes).
- commit 8070192
- x86/microcode/AMD: Apply the patch early on every logical thread
  (bsc#1205264).
- commit 761173c
- kabi: fix transport_add_device change (git-fixes).
- commit 9ff4597
- s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
  (bsc#1205428 LTC#200501).
- s390/uaccess: add missing EX_TABLE entries to __clear_user(),
  copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc()
  and __strnlen_user() (bsc#1205428 LTC#200501).
- commit 402d4fe
- scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
  (git-fixes).
- scsi: drivers: base: Propagate errors through the transport
  component (git-fixes).
- scsi: drivers: base: Support atomic version of
  attribute_container_device_trigger (git-fixes).
- commit 7f6d450
- blacklist.conf: skip git-fix that is too invasive
- commit e017099
- blk-mq: Properly init requests from blk_mq_alloc_request_hctx()
  (git-fixes).
- rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
- blk-wbt: call rq_qos_add() after wb_normal is initialized
  (git-fixes).
- loop: Check for overflow while configuring loop (git-fixes).
- blktrace: Trace remapped requests correctly (git-fixes).
- blk-mq: don't create hctx debugfs dir until q->debugfs_dir is
  created (git-fixes).
- block: fix infinite loop for invalid zone append (git-fixes).
- nbd: fix possible overflow on 'first_minor' in nbd_dev_add()
  (git-fixes).
- virtio_blk: fix the discard_granularity and discard_alignment
  queue limits (git-fixes).
- virtio_blk: eliminate anonymous module_init & module_exit
  (git-fixes).
- block: limit request dispatch loop duration (git-fixes).
- virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg
  is zero (git-fixes).
- block-map: add __GFP_ZERO flag for alloc_page in function
  bio_copy_kern (git-fixes).
- block: use "/unsigned long"/ for blk_validate_block_size()
  (git-fixes).
- nbd: fix possible overflow for 'first_minor' in nbd_dev_add()
  (git-fixes).
- block: ataflop: more blk-mq refactoring fixes (git-fixes).
- nbd: Fix use-after-free in pid_show (git-fixes).
- block: ataflop: fix breakage introduced at blk-mq refactoring
  (git-fixes).
- virtio-blk: Use blk_validate_block_size() to validate block size
  (git-fixes).
- block: Add a helper to validate the block size (git-fixes).
- scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND
  (git-fixes).
- block: nbd: add sanity check for first_minor (git-fixes).
- blk-crypto: fix check for too-large dun_bytes (git-fixes).
- nbd: handle device refs for DESTROY_ON_DISCONNECT properly
  (git-fixes).
- null_blk: Fail zone append to conventional zones (git-fixes).
- null_blk: synchronization fix for zoned device (git-fixes).
- commit 3b9349e
- Update references of
  patches.suse/s390-pci-add-missing-EX_TABLE-entries-to-__pcistg_mio_inuser-__pcilg_mio_inuser
  (bsc#1205428 LTC#200501).
- commit b4aa54c
- arm64: dts: juno: Add thermal critical trip points (git-fixes)
- commit 2be09ac
- blacklist.conf: ("/arm64: topology: move store_cpu_topology() to shared code"/)
- commit 68eedfd
- blacklist.conf: ("/arm64: topology: fix possible overflow in amu_fie_setup()"/)
- commit 4b45d2c
- arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes)
  Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default.
  Update patches.suse/KVM_arm64_Add-templates-for-BHB-mitigation-sequences.patch
  And refresh kABI patch.
- commit 543771f
- Drop NVMeoF support for TP 8013 & 8014 (bsc#1192761 bsc#1204827)
  The kernel side for the TP 8013 and 8014 support was added before we
  finished implementing the feature support in nvme-cli in 2.x.
  As it turns out the rather old base version of nvme-cli would require
  to completely re-implement the support for these feature for the 1.x
  branch.
  As SP3 is nearing it's end of the active update cycle, we decided
  against to update the nvme-cli package hence these patches for the
  kernel are not needed. In fact they introduce, regression due to the
  nvme-cli package not able to do handle the new API correctly. So let's
  remove these patches as there is no user for it.
- Refresh patches.suse/nvme-add-iopolicy-module-parameter.patch.
- Delete patches.kabi/kabi-fix-nvme-subsystype-change.patch.
- Delete patches.suse/nvme-Add-connect-option-discovery.patch.
- Delete
  patches.suse/nvme-add-CNTRLTYPE-definitions-for-identify-controll.patch.
- Delete
  patches.suse/nvme-add-new-discovery-log-page-entry-definitions.patch.
- Delete patches.suse/nvme-display-correct-subsystem-NQN.patch.
- Delete
  patches.suse/nvme-expose-subsystem-type-in-sysfs-attribute-subsys.patch.
- Delete patches.suse/nvmet-add-nvmet_is_disc_subsys-helper.patch.
- Delete patches.suse/nvmet-add-nvmet_req_subsys-helper.patch.
- Delete
  patches.suse/nvmet-don-t-check-iosqes-iocqes-for-discovery-contro.patch.
- Delete patches.suse/nvmet-make-discovery-NQN-configurable.patch.
- Delete
  patches.suse/nvmet-register-discovery-subsystem-as-current.patch.
- Delete
  patches.suse/nvmet-set-CNTRLTYPE-in-the-identify-controller-data.patch.
- Delete patches.suse/nvmet-switch-check-for-subsystem-type.patch.
- commit 65fe080
- panic, kexec: make __crash_kexec() NMI safe (git-fixes).
- kexec: turn all kexec_mutex acquisitions into trylocks
  (git-fixes).
- commit 3521cb1
- v3 of "/PCI: hv: Only reuse existing IRTE allocation for Multi-MSI"/ (bsc#1200845)
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845).
- hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850).
- scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
- scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
- PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017).
- PCI: hv: Add validation for untrusted Hyper-V values (git-fixes).
- PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017).
- Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017).
- Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017).
- Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017).
- PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017).
- Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017).
- Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
- hv_netvsc: Fix potential dereference of NULL pointer (git-fixes).
- hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes).
- net: hyperv: remove use of bpf_op_t (git-fixes).
- Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes).
- Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes).
- Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
- net: netvsc: remove break after return (git-fixes).
- x86/hyperv: Output host build info as normal Windows version number (git-fixes).
- hv_netvsc: Add check for kvmalloc_array (git-fixes).
- Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes).
- PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446).
- hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes).
- PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
- hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
- scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017).
- PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446).
- PCI: hv: Support for create interrupt v3 (bsc#1204446).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes).
- hv: hyperv.h: Remove unused inline functions (git-fixes).
- scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes).
- Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes).
- PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446).
- PCI: hv: Fix a race condition when removing the device (bsc#1204446).
- scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes).
- scsi: storvsc: Update error logging (git-fixes).
- scsi: storvsc: Miscellaneous code cleanups (git-fixes).
- PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446).
- drivers: hv: Fix missing error code in vmbus_connect() (git-fixes).
- hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes).
- scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017).
- PCI: hv: Drop msi_controller structure (bsc#1204446).
- hv_netvsc: Add error handling while switching data path (bsc#1204850).
- hv_netvsc: Add a comment clarifying batching logic (git-fixes).
- scsi: storvsc: Parameterize number hardware queues (git-fixes).
- Drivers: hv: vmbus: remove unused function (git-fixes).
- Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes).
- drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes).
- Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017).
- PCI: hv: Fix typo (bsc#1204446).
- scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).
- scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017).
- Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes).
- hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes).
- hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
- hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
- hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes).
- x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes).
- use __netdev_notify_peers in hyperv (git-fixes).
- drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes).
- drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes).
- hv_netvsc: Validate number of allocated sub-channels (git-fixes).
- drivers: hv: vmbus: Fix call msleep using < 20ms (git-fixes).
- drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes).
- drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes).
- drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes).
- hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017).
- Revert "/scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback()"/ (bsc#1204017).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- commit 5f3eadd
- fuse: add file_modified() to fallocate (bsc#1205330).
- fuse: fix readdir cache race (bsc#1205329).
- commit 199a84c
- netfilter: nfnetlink_osf: fix possible bogus match in
  nf_osf_find() (bsc#1204614).
- commit e9ccbaa
- usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being
  a V0.96 controller (git-fixes).
- commit 9593f85
- blacklist.conf: add some git-fixes commits which won't be backported
- commit 19d26a3
- media: mceusb: Use new usb_control_msg_*() routines
  (CVE-2022-3903 bsc#1205220).
- media: mceusb: fix control-message timeouts (CVE-2022-3903
  bsc#1205220).
- USB: core: return -EREMOTEIO on short usb_control_msg_recv()
  (CVE-2022-3903 bsc#1205220).
- USB: correct API of usb_control_msg_send/recv (CVE-2022-3903
  bsc#1205220).
- USB: core: message.c: use usb_control_msg_send() in a few places
  (CVE-2022-3903 bsc#1205220).
- USB: add usb_control_msg_send() and usb_control_msg_recv()
  (CVE-2022-3903 bsc#1205220).
- USB: move snd_usb_pipe_sanity_check into the USB core
  (CVE-2022-3903 bsc#1205220).
- commit 575009a
- drm/i915/gvt: fix double free bug in split_2MB_gtt_entry (bsc#1204780, CVE-2022-3707)
- commit 1da3c8a
- Refresh sorted patches.
- commit 759ab14
- scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
  (bsc#1156395).
- commit 6ad0462
- r8152: add PID for the Lenovo OneLink+ Dock (git-fixes).
- commit 3de57a1
- Refresh patches.suse/scsi-ibmvfc-Do-not-wait-for-initial-device-scan.patch.
  Refresh to upstream version of patch.
- commit 381d74e
- r8152: use new helper tcp_v6_gso_csum_prep (git-fixes).
- commit b1a7e6a
- scsi: ibmvfc: Avoid path failures during live migration
  (bsc#1065729 bsc#1204810 ltc#200162).
- commit 617a752
- rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE
  This new form was added in commit b8c86872d1dc (riscv: fix detection of
  toolchain Zicbom support).
- commit e9f2ba6
- ring-buffer: Check for NULL cpu_buffer in
  ring_buffer_wake_waiters() (git-fixes).
- commit f0e9f4a
- r8152: Add MAC passthrough support to new device (git-fixes).
- commit 2c0b0e4
- Add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149)
- commit 888e01e
- s390/ptrace: return -ENOSYS when invalid syscall is supplied
  (git-fixes).
- Refresh
  patches.suse/s390-ptrace-pass-invalid-syscall-numbers-to-tracing.
- commit 49c6928
- s390/pci: add missing EX_TABLE entries to
  __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes).
- s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing
  pavgroup (git-fixes).
- s390/boot: fix absolute zero lowcore corruption on boot
  (git-fixes).
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB
  hugepages (bsc#1203144 LTC#199881).
- s390: fix double free of GS and RI CBs on fork() failure
  (git-fixes).
- scsi: zfcp: Fix missing auto port scan and thus missing target
  ports (git-fixes).
- s390/zcore: fix race when reading from hardware system area
  (git-fixes).
- vfio/ccw: Do not change FSM state in subchannel event
  (git-fixes).
- KVM: s390: pv: leak the topmost page table when destroy fails
  (git-fixes).
- s390/mm: use non-quiescing sske for KVM switch to keyed guest
  (git-fixes).
- KVM: s390: pv: avoid stalls when making pages secure
  (git-fixes).
- s390/disassembler: increase ebpf disasm buffer size (git-fixes).
- s390/zcrypt: fix zcard and zqueue hot-unplug memleak
  (git-fixes).
- s390/cpcmd: fix inline assembly register clobbering (git-fixes).
- s390/vtime: fix inline assembly clobber list (git-fixes).
- s390: mark __cpacf_query() as __always_inline (git-fixes).
- commit 2fade04
- xfs: trylock underlying buffer on dquot flush (git-fixes).
- commit 114228e
- xfs: tail updates only need to occur when LSN changes
  (git-fixes).
- commit 9d404a5
- xfs: factor common AIL item deletion code (git-fixes).
- commit b1771cc
- xfs: Throttle commits on delayed background CIL push
  (git-fixes).
- commit e58ad94
- xfs: Lower CIL flush limit for large logs (git-fixes).
- commit 66c16cf
- xfs: Use scnprintf() for avoiding potential buffer overflow
  (git-fixes).
- commit 1495b79
- xfs: check owner of dir3 blocks (git-fixes).
- commit cb50471
- xfs: xfs_buf_corruption_error should take __this_address
  (git-fixes).
- commit 840c497
- xfs: rework collapse range into an atomic operation (git-fixes).
- commit cfa7b45
- xfs: rework insert range into an atomic operation (git-fixes).
- commit a96f43c
- xfs: open code insert range extent split helper (git-fixes).
- commit f1b0ddb
- blacklist.conf: ignore unapplicable rdma patches
- commit 38abdf0
- Refresh patches.suse/ppc64-kdump-Limit-kdump-base-to-512MB.patch
  to upstream version.
- commit bb3e9b2
- NFSv3: use nfs_add_or_obtain() to create and reference inodes
  (bsc#1204215).
- Refresh
  patches.suse/nfs-fix-acl-memory-leak-of-posix_acl_create.patch.
- commit d9aeac3
- NFS: Refactor nfs_instantiate() for dentry referencing callers
  (bsc#1204215).
- Refresh
  patches.suse/NFS-Don-t-revalidate-the-directory-permissions-on-a-.patch.
- commit 50b85ce
- Update patch references to
  patches.suse/0001-floppy-disable-FDRAWCMD-by-default.patch
  (bsc#1200692 CVE-2022-33981).
- commit 2a514c4
- wifi: brcmfmac: Fix potential buffer overflow in
  brcmf_fweh_event_worker() (CVE-2022-3628 bsc#1204868).
- commit c0bd14a
- selftests/livepatch: better synchronize test_klp_callbacks_busy
  (bsc#1071995).
- commit 5cc1f06
- blacklist.conf: livepatch: 32-bit only
- commit ed4af6c
- livepatch: Add a missing newline character in
  klp_module_coming() (bsc#1071995).
- commit cbc1bb8
- livepatch: fix race between fork and KLP transition
  (bsc#1071995).
- commit ed70923
- workqueue: don't skip lockdep work dependency in
  cancel_work_sync() (bsc#1204967).
- commit d7d8431
- scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
- commit e027fbe
- scsi: qla2xxx: Use transport-defined speed mask for
  supported_speeds (bsc#1204963).
- scsi: qla2xxx: Fix serialization of DCBX TLV data request
  (bsc#1204963).
- commit 2f0e70b
- usb: dwc3: qcom: fix runtime PM wakeup.
- commit 770ebb2
- usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup
  (git-fixes).
- commit 1b57243
- printk: wake waiters for safe and NMI contexts (bsc#1204934).
- commit 16527ab
- blacklist.conf: cleanup
- commit a1ca722
- printk: use atomic updates for klogd work (bsc#1204934).
- commit 60be5fc
- printk: add missing memory barrier to wake_up_klogd()
  (bsc#1204934).
- commit 270aa51
- blacklist.conf: this patch implements a feature implied, but not
  implemented
- commit d863db7
- usb: dwc3: gadget: Fix null pointer exception (git-fixes).
- commit b825ac2
- RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes)
- commit 2d07106
- RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes)
- commit 0dbe04a
- blacklist.conf: workqueue: put back cancel_work(); would be needed
  only when backporting recent amdgpu stuff
- commit 9a9dea9
- RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes)
- commit 8229886
- scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957).
- scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for
  transceiver info (bsc#1204957).
- scsi: lpfc: Log when congestion management limits are in effect
  (bsc#1204957).
- scsi: lpfc: Fix hard lockup when reading the rx_monitor from
  debugfs (bsc#1204957).
- scsi: lpfc: Set sli4_param's cmf option to zero when CMF is
  turned off (bsc#1204957).
- scsi: lpfc: Fix spelling mistake "/unsolicted"/ -> "/unsolicited"/
  (bsc#1204957).
- scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957).
- commit 641ed8b
- RDMA/rxe: Fix memory leak in error path code (git-fixes)
- commit 9c6ee14
- RDMA/core/sa_query: Remove unused argument (git-fixes)
- commit 23d84da
- RDMA/hns: Fix spelling mistakes of original (git-fixes)
- commit 1db7560
- blacklist.conf: Ignore build fixes for crypto selftest config
  Build fixes for crypto selftest with CRYPTO_MANAGER_DISABLE_TESTS!=y
  and CRYPTO=m
- commit 423d58a
- RDMA/mlx5: Use different doorbell memory for different processes (git-fixes)
  Refresh:
  - patches.suse/RDMA-mlx5-Remove-unused-parameter-udata.patch
- commit fd05a52
- Update patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch
  (bsc#1204693).
- commit 26595bd
- RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes)
- commit 293bf91
- IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes)
- commit f7baf6a
- RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes)
- commit d355c79
- RDMA/rxe: Fix the error caused by qp->sk (git-fixes)
- commit 6d0ef48
- RDMA/rxe: Fix "/kernel NULL pointer dereference"/ error (git-fixes)
- commit 9205fa0
- RDMA/siw: Pass a pointer to virt_to_page() (git-fixes)
- commit 7daf160
- RDMA/cma: Fix arguments order in net device validation (git-fixes)
- commit 7890ffd
- RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- commit cc2cd02
- RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes)
- commit 4332868
- RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes)
- commit 19e84c3
- RDMA/rxe: Fix rnr retry behavior (git-fixes)
- commit db88b1b
- RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes)
- commit c8db39b
- RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes)
- commit e28b8f5
- RDMA: remove useless condition in siw_create_cq() (git-fixes)
- commit 4c36066
- RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes)
- commit 3ec31d2
- RDMA/qedr: Fix reporting QP timeout attribute (git-fixes)
- commit 26de3e3
- RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes)
- commit 9d4253b
- RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes)
- commit 92bff10
- RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes)
- commit e806a5b
- RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes)
- commit 709fd3a
- IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes)
- commit 121ed63
- RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes)
- commit 1408298
- IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes)
- commit 8a4119a
- RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes)
- commit f1870dd
- RDMA/mlx4: Return missed an error if device doesn't support steering (git-fixes)
- commit 53e12a2
- RDMA/bnxt_re: Fix query SRQ failure (git-fixes)
- commit 3389a3f
- RDMA/rxe: Fix wrong port_cap_flags (git-fixes)
- commit a3b0ded
- RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes)
- commit 12260f5
- IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes)
- commit 7c89c4a
- IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes)
- commit 1259749
- RDMA/mlx5: Set user priority for DCT (git-fixes)
- commit b499161
- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes)
- commit 74e3ed2
- RDMA/efa: Remove double QP type assignment (git-fixes)
- commit 858283b
- RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes)
- commit 47de10e
- IB/hfi1: Adjust pkey entry in index 0 (git-fixes)
- commit 385ff05
- RDMA/efa: Free IRQ vectors on error flow (git-fixes)
- commit 2498525
- IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes)
- commit 96f828c
- RDMA/bnxt_re: Add missing spin lock initialization (git-fixes)
- commit 49315d8
- RDMA/rxe: Don't overwrite errno from ib_umem_get() (git-fixes)
- commit dc6482e
- RDMA/rxe: Fix redundant skb_put_zero (git-fixes)
- commit 4b744b6
- RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes)
- commit b0c4366
- RDMA/rxe: Remove unused pkt->offset (git-fixes)
- commit 2e0cf31
- RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes)
- commit 8d71bad
- RDMA/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes)
- commit 2b87978
- RDMA/rxe: Fix redundant call to ip_send_check (git-fixes)
- commit 6f47c39
- RDMA/rxe: Fix failure during driver load (git-fixes)
- commit bb23773
- RDMA/core: Sanitize WQ state received from the userspace (git-fixes)
- commit 1ebcca8
- IB/core: Only update PKEY and GID caches on respective events (git-fixes)
- commit 242d271
- IB/srpt: Remove redundant assignment to ret (git-fixes)
- commit 1421a09
- RDMA: Verify port when creating flow rule (git-fixes)
- commit 75b7985
- IB/mlx4: Use port iterator and validation APIs (git-fixes)
- commit c3aa778
- RDMA/mlx5: Block FDB rules when not in switchdev mode (git-fixes)
- commit 097d131
- RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes)
- commit 8811d6a
- RDMa/mthca: Work around -Wenum-conversion warning (git-fixes)
- commit e6dae53
- RDMA/cxgb4: Remove MW support (git-fixes)
- commit d49ea58
- RDMA/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes)
- commit fdca7b3
- RDMA/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes)
- commit 289115b
- RDMA/i40iw: Use ib_umem_num_dma_pages() (git-fixes)
- commit ad98a0c
- RDMA/efa: Use ib_umem_num_dma_pages() (git-fixes)
- commit cda973b
- RDMA/qib: Remove superfluous fallthrough statements (git-fixes)
- commit 0c97417
- IB/mlx4: Add support for REJ due to timeout (git-fixes)
- commit dd6c131
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit a77f876
- kbuild: remove the target in signal traps when interrupted
  (git-fixes).
- kbuild: sink stdout from cmd for silent build (git-fixes).
- commit d17022d
- blacklist.conf: Unnecessary S390 ARCHITECTURE fixes.
- commit 8f1bd85
- kbuild: Add skip_encoding_btf_enum64 option to pahole
  (git-fixes).
- kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21
  (jsc#SLE-24559).
- commit 7b939ad
- fbdev: cyber2000fb: fix missing pci_disable_device()
  (git-fixes).
- fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes).
- iio: adc: mcp3911: use correct id bits (git-fixes).
- iio: light: tsl2583: Fix module unloading (git-fixes).
- usb: dwc3: gadget: Don't set IMI for no_interrupt (git-fixes).
- usb: dwc3: gadget: Stop processing more requests on IMI
  (git-fixes).
- usb: bdc: change state when port disconnected (git-fixes).
- hwmon/coretemp: Handle large core ID value (git-fixes).
- ACPI: extlog: Handle multiple records (git-fixes).
- commit 77773fb
- ftrace: Fix char print issue in print_ip_ins() (git-fixes).
- commit d4a892d
- tracing: Do not free snapshot if tracer is on cmdline
  (git-fixes).
- commit 44c0d5c
- tracing: Simplify conditional compilation code in
  tracing_set_tracer() (git-fixes).
- commit 030e84d
- ring-buffer: Fix race between reset page and reading page
  (git-fixes).
- commit 500d3d5
- tracing: Wake up waiters when tracing is disabled (git-fixes).
- commit 3f63b61
- tracing: Add ioctl() to force ring buffer waiters to wake up
  (git-fixes).
- commit 1ac3e72
- tracing: Wake up ring buffer waiters on closing of the file
  (git-fixes).
- kABI: Fix after adding trace_iterator.wait_index (git-fixes).
- commit ee58509
- ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
- commit daffb44
- ring-buffer: Check pending waiters when doing wake ups as well
  (git-fixes).
- commit 8618e02
- ring-buffer: Have the shortest_full queue be the shortest not
  longest (git-fixes).
- commit ebf21e7
- ring-buffer: Allow splice to read previous partially read pages
  (git-fixes).
- commit 81e9520
- ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes).
- commit e2b6a1c
- tracing: Disable interrupt or preemption before acquiring
  arch_spinlock_t (git-fixes).
- commit 75ec285
- device property: Fix documentation for *_match_string() APIs
  (git-fixes).
- PM: domains: Fix handling of unavailable/disabled idle states
  (git-fixes).
- PM: hibernate: Allow hybrid sleep to work with s2idle
  (git-fixes).
- mmc: core: Fix kernel panic when remove non-standard SDIO card
  (git-fixes).
- mtd: rawnand: marvell: Use correct logic for nand-keep-config
  (git-fixes).
- ALSA: aoa: Fix I2S device accounting (git-fixes).
- ALSA: Use del_timer_sync() before freeing timer (git-fixes).
- ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
  (git-fixes).
- ALSA: rme9652: use explicitly signed char (git-fixes).
- ALSA: au88x0: use explicitly signed char (git-fixes).
- ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
  (git-fixes).
- drm/msm/hdmi: fix memory corruption with too many bridges
  (git-fixes).
- drm/msm/dsi: fix memory corruption with too many bridges
  (git-fixes).
- drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
  (git-fixes).
- can: kvaser_usb: Fix possible completions during init_completion
  (git-fixes).
- openvswitch: switch from WARN to pr_warn (git-fixes).
- can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing
  put_clock() in error path (git-fixes).
- mac802154: Fix LQI recording (git-fixes).
- media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check
  'interlaced' (git-fixes).
- media: v4l2-dv-timings: add sanity checks for blanking values
  (git-fixes).
- commit c820733
- Fix build warning
  Refreshed:
  patches.suse/mm-hugetlb-fix-races-when-looking-up-a-CONT-PTE-PMD-.patch
- commit ca5cb24
- Add CVE reference to
  patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
  (bsc#1196018 CVE-2022-28748 CVE-2022-2964).
- commit 94992c9
- block: assign bi_bdev for cloned bios in blk_rq_prep_clone
  (bsc#1204328).
- commit b9f2ea4
- thermal: intel_powerclamp: Use first online CPU as control_cpu
  (git-fixes).
- HID: magicmouse: Do not set BTN_MOUSE on double report
  (git-fixes).
- ALSA: oss: Fix potential deadlock at unregistration (git-fixes).
- ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
  (git-fixes).
- ALSA: hda/realtek: Add Intel Reference SSID to support headset
  keys (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes).
- clk: bcm2835: Make peripheral PLLC critical (git-fixes).
- clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate
  (git-fixes).
- clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes).
- staging: rtl8723bs: fix a potential memory leak in
  rtw_init_cmd_priv() (git-fixes).
- staging: vt6655: fix potential memory leak (git-fixes).
- iio: pressure: dps310: Reset chip after timeout (git-fixes).
- iio: pressure: dps310: Refactor startup procedure (git-fixes).
- usb: add quirks for Lenovo OneLink+ Dock (git-fixes).
- usb: idmouse: fix an uninit-value in idmouse_open (git-fixes).
- usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes).
- usb: host: xhci: Fix potential memory leak in
  xhci_alloc_stream_info() (git-fixes).
- power: supply: adp5061: fix out-of-bounds read in
  adp5061_get_chg_type() (git-fixes).
- HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes).
- HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes).
- HID: roccat: Fix use-after-free in roccat_read() (git-fixes).
- media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
  (git-fixes).
- ata: libahci_platform: Sanity check the DT child nodes number
  (git-fixes).
- ALSA: usb-audio: Fix potential memory leaks (git-fixes).
- ALSA: usb-audio: Fix NULL dererence at error path (git-fixes).
- drm/amdgpu: fix initial connector audio value (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Anbernic Win600
  (git-fixes).
- drm: Prevent drm_copy_field() to attempt copying a NULL pointer
  (git-fixes).
- drm: Use size_t type for len variable in drm_copy_field()
  (git-fixes).
- drm/nouveau/nouveau_bo: fix potential memory leak in
  nouveau_bo_alloc() (git-fixes).
- platform/x86: msi-laptop: Change DMI match / alias strings to
  fix module autoloading (git-fixes).
- mmc: sdhci-msm: add compatible string check for sdm670
  (git-fixes).
- Bluetooth: L2CAP: Fix user-after-free (git-fixes).
- Bluetooth: hci_sysfs: Fix attempting to call device_add multiple
  times (git-fixes).
- Bluetooth: L2CAP: initialize delayed works at
  l2cap_chan_create() (git-fixes).
- wifi: rt2x00: correctly set BBP register 86 for MT7620
  (git-fixes).
- wifi: rt2x00: set SoC wmac clock register (git-fixes).
- wifi: rt2x00: set VGC gain for both chains of MT7620
  (git-fixes).
- wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
  (git-fixes).
- wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620
  (git-fixes).
- wifi: brcmfmac: fix use-after-free bug in
  brcmf_netdev_start_xmit() (git-fixes).
- can: bcm: check the result of can_send() in bcm_can_tx()
  (git-fixes).
- wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
  (git-fixes).
- wifi: brcmfmac: fix invalid address access when enabling SCAN
  log level (git-fixes).
- openvswitch: Fix overreporting of drops in dropwatch
  (git-fixes).
- openvswitch: Fix double reporting of drops in dropwatch
  (git-fixes).
- thermal: intel_powerclamp: Use get_cpu() instead of
  smp_processor_id() to avoid crash (git-fixes).
- ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
  (git-fixes).
- HID: hidraw: fix memory leak in hidraw_release() (git-fixes).
- commit 89baab9
- kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753).
- commit 0463863
- mm/hugetlb: fix races when looking up a CONT-PTE/PMD size
  hugetlb page (bsc#1204575).
- commit 06c4f04
- xfs: reserve data and rt quota at the same time (bsc#1203496).
- commit fb82e46
- scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
  (git-fixes).
- scsi: mpt3sas: Fix return value check of dma_get_required_mask()
  (git-fixes).
- scsi: qla2xxx: Fix disk failure to rediscover (git-fixes).
- commit 0ca6891
- mm: memcontrol: fix occasional OOMs due to proportional
  memory.low reclaim (bsc#1204754).
- mm, memcg: avoid stale protection values when cgroup is above
  protection (bsc#1204754).
- commit 0e7d107
- cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
  (bsc#1204753).
- commit b8640ed
- blacklist.conf: Add cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id
- commit d9d65d4
- powerpc/fadump: align destination address to pagesize
  (bsc#1204728 ltc#200074).
- commit 618ab17
- fs: move S_ISGID stripping into the vfs_*() helpers (bsc#1198702
  CVE-2021-4037).
- commit 2f39bf9
- fs: Add missing umask strip in vfs_tmpfile (bsc#1198702
  CVE-2021-4037).
- commit ab394e7
- fs: add mode_strip_sgid() helper (bsc#1198702 CVE-2021-4037).
- commit 536e02f
- usb: mon: make mmapped memory read only (bsc#1204653
  CVE-2022-43750).
- commit 1f646df
- blacklist.conf: add commit from git-fixes
- commit c46aa6a
- devlink: Fix use-after-free after a failed reload (bsc#1204637
  CVE-2022-3625).
- commit 3567978
- nvmem: core: Check input parameter for NULL in
  nvmem_unregister() (bsc#1204241).
- commit 1b1642f
- kABI: arm64/crypto/sha512 Preserve function signature (git-fixes).
- commit 9ea634f
- arm64: assembler: add cond_yield macro (git-fixes)
- commit f628c0a
- net: mvpp2: fix mvpp2 debugfs leak (bsc#1204417 CVE-2022-3535).
- bnx2x: fix potential memory leak in bnx2x_tpa_stop()
  (bsc#1204402 CVE-2022-3542).
- nfp: fix use-after-free in area_cache_get() (bsc#1204415
  CVE-2022-3545).
- commit 9a28d9e
- nilfs2: fix leak of nilfs_root in case of writer thread creation
  failure (CVE-2022-3646 bsc#1204646).
- nilfs2: fix use-after-free bug of struct nilfs_root
  (CVE-2022-3649 bsc#1204647).
- vsock: Fix memory leak in vsock_connect() (CVE-2022-3629
  bsc#1204635).
- commit 772e9a5
- Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
  (CVE-2022-3640 bsc#1204619).
- commit b1ed4c2
- crypto: arm64/sha512-ce - simplify NEON yield (git-fixes)
- commit d60e491
- crypto: arm64/sha3-ce - simplify NEON yield (git-fixes)
- commit 477d56a
- KVM: s390: pv: don't present the ecall interrupt twice
  (git-fixes).
- KVM: s390x: fix SCK locking (git-fixes).
- KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes).
- KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu
  (git-fixes).
- KVM: s390: clear kicked_mask before sleeping again (git-fixes).
- KVM: s390: VSIE: fix MVPG handling for prefixing and MSO
  (git-fixes).
- KVM: s390: split kvm_s390_real_to_abs (git-fixes).
- commit 1c45296
- crypto: arm64/sha2-ce - simplify NEON yield (git-fixes)
- commit ec837bd
- crypto: arm64/sha1-ce - simplify NEON yield (git-fixes)
- commit bf7093a
- crypto: arm64/sha - fix function types (git-fixes)
- commit 887f265
- Update metadata references
- commit 980fadf
- blacklist.conf: ("/arm64: Introduce a way to disable the 32bit vdso"/)
- commit 0591754
- KVM: x86: do not report a vCPU as preempted outside instruction
  boundaries (bsc#1203066 CVE-2022-39189).
- commit 89982eb
- nilfs2: fix NULL pointer dereference at
  nilfs_bmap_lookup_at_level() (CVE-2022-3621 bsc#1204574).
- commit df5c951
- r8152: Rate limit overflow messages (CVE-2022-3594 bsc#1204479).
- commit 488dede
- HID: bigben: fix slab-out-of-bounds Write in bigben_probe
  (CVE-2022-3577 bsc#1204470).
- commit e57339b
- kcm: avoid potential race in kcm_tx_work (bsc#1204355
  CVE-2022-3521).
- commit d2eeccc
- tcp/udp: Fix memory leak in ipv6_renew_options() (bsc#1204354
  CVE-2022-3524).
- commit ec8a71d
- commit 6d888aa
- sch_sfb: Also store skb len before calling child enqueue
  (CVE-2022-3586 bsc#1204439).
- sch_sfb: Don't assume the skb is still around after enqueueing
  to child (CVE-2022-3586 bsc#1204439).
- commit bbd433f
- mISDN: fix use-after-free bugs in l1oip timer handlers
  (CVE-2022-3565 bsc#1204431).
- commit 1917bcf
- net: ieee802154: return -EINVAL for unknown addr type
  (git-fixes).
- commit 2d80805
- ACPI: HMAT: Release platform device in case of
  platform_device_add_data() fails (git-fixes).
- rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register()
  (git-fixes).
- ALSA: hda/realtek: Correct pin configs for ASUS G533Z
  (git-fixes).
- ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
  (git-fixes).
- Input: xpad - add supported devices as contributed on github
  (git-fixes).
- USB: serial: qcserial: add new usb-id for Dell branded EM7455
  (git-fixes).
- USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes).
- ALSA: hda: Fix position reporting on Poulsbo (git-fixes).
- mmc: core: Terminate infinite loop in SD-UHS voltage switch
  (git-fixes).
- firmware: arm_scmi: Add SCMI PM driver remove routine
  (git-fixes).
- net/ieee802154: fix uninit value bug in dgram_sendmsg
  (git-fixes).
- dmaengine: xilinx_dma: Report error in case of
  dma_set_mask_and_coherent API failure (git-fixes).
- dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores
  property (git-fixes).
- rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
  (git-fixes).
- mmc: core: Replace with already defined values for readability
  (git-fixes).
- commit ba86540
- struct pci_config_window kABI workaround (bsc#1204382).
- commit b2287af
- PCI: Dynamically map ECAM regions (bsc#1204382).
- commit dc89dd6
- powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h
  (bsc#1065729).
- Refresh patches.suse/powerpc-mm-radix-Create-separate-mappings-for-hot-pl.patch
- Refresh patches.suse/powerpc-mm-radix-Remove-split_kernel_mapping.patch
- commit 852bb71
- rpm/check-for-config-changes: loosen pattern for AS_HAS_*
  This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128.
- commit bdc0bf7
- Revert "/usb: storage: Add quirk for Samsung Fit flash"/
  (git-fixes).
- commit c4ea05c
- USB: serial: qcserial: add new usb-id for Dell branded EM7455
  (git-fixes).
- commit 72baa22
- powerpc/mm/64s: Drop pgd_huge() (bsc#1065729).
- powerpc/powernv: add missing of_node_put() in
  opal_export_attrs() (bsc#1065729).
- powerpc/pci_dn: Add missing of_node_put() (bsc#1065729).
- commit 11a4b1b
- powerpc/kprobes: Fix null pointer reference in
  arch_prepare_kprobe() (jsc#SLE-13847 git-fixes).
- powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246
  git-fixes).
- commit 98b4617
- xfs: remove obsolete AGF counter debugging (git-fixes).
- commit 6b3cbd8
- xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes).
- commit c80d128
- xfs: rename `new' to `delta' in xfs_growfs_data_private()
  (git-fixes).
- commit 7994309
- xfs: streamline xfs_attr3_leaf_inactive (git-fixes).
- commit d0ec732
- xfs: fix memory corruption during remote attr value buffer
  invalidation (git-fixes).
- commit 63ac0a8
- xfs: refactor remote attr value buffer invalidation (git-fixes).
- commit cdcab38
- xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes).
- commit 260cd8e
- xfs: move incore structures out of xfs_da_format.h (git-fixes).
- commit f916b39
- xfs: add missing assert in xfs_fsmap_owner_from_rmap
  (git-fixes).
- commit 7d88bfe
- xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes).
- commit dc70b98
- mmc: sdhci-sprd: Fix minimum clock limit (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at
  iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes).
- wifi: mac80211: do not drop packets smaller than the LLC-SNAP
  header on fast-rx (git-fixes).
- can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes).
- can: kvaser_usb_leaf: Fix TX queue out of sync after restart
  (git-fixes).
- can: kvaser_usb: Fix use of uninitialized completion
  (git-fixes).
- mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq
  (git-fixes).
- watchdog: armada_37xx_wdt: Fix .set_timeout callback
  (git-fixes).
- watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure
  (git-fixes).
- drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types
  (git-fixes).
- irqchip/ls-extirq: Fix invalid wait context by avoiding to
  use regmap (git-fixes).
- commit 90b2426
- wifi: cfg80211: update hidden BSSes to avoid WARN_ON
  (git-fixes).
- wifi: mac80211_hwsim: avoid mac80211 warning on bad rate
  (git-fixes).
- commit d78eec4
- Move upstreamed WiFi fixes into sorted section
- commit 2dec8da
- Move upstreamed WiFi fixes into sorted section
- commit 05342a3
- kABI: fix kABI after "/KVM: Add infrastructure and macro to mark
  VM as bugged"/ (bsc#1200788 CVE-2022-2153).
- commit 1ddb693
- KVM: Add infrastructure and macro to mark VM as bugged
  (bsc#1200788 CVE-2022-2153).
- commit 07862de
- locking/csd_lock: Change csdlock_debug from early_param to
  __setup (git-fixes).
- Refresh
  patches.suse/0002-kernel-smp-make-csdlock-timeout-depend-on-boot-param.patch.
- commit 4abed38
- s390/hypfs: avoid error message under KVM (bsc#1032323).
- commit 2cf708c
- KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't
  activated (bsc#1200788 CVE-2022-2153).
- commit 8712ddf
- KVM: x86: hyper-v: disallow configuring SynIC timers with no
  SynIC (bsc#1200788 CVE-2022-2153).
- commit 75749d4
- KVM: nVMX: Unconditionally purge queued/injected events on
  nested "/exit"/ (git-fixes).
- commit 04b8316
- KVM: x86: Avoid theoretical NULL pointer dereference in
  kvm_irq_delivery_to_apic_fast() (bsc#1200788 CVE-2022-2153).
- commit f23b172
- KVM: x86/emulator: Fix handing of POP SS to correctly set
  interruptibility (git-fixes).
- commit 3671e7c
- KVM: x86: Check lapic_in_kernel() before attempting to set a
  SynIC irq (bsc#1200788 CVE-2022-2153).
- commit e02caef
- io_uring: disable polling signalfd pollfree files (CVE-2022-3176
  bsc#1203391).
- fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-2978
  bsc#1202700).
- commit 8c7541d
- sbitmap: Avoid leaving waitqueue in invalid state in
  __sbq_wake_up() (git-fixes).
- commit 89e6f60
- staging: vt6655: fix some erroneous memory clean-up loops
  (git-fixes).
- Revert "/usb: storage: Add quirk for Samsung Fit flash"/
  (git-fixes).
- usb: mon: make mmapped memory read only (git-fixes).
- usb: gadget: function: fix dangling pnp_string in f_printer.c
  (git-fixes).
- xhci: Don't show warning for reinit on known broken suspend
  (git-fixes).
- USB: serial: console: move mutex_unlock() before
  usb_serial_put() (git-fixes).
- vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes).
- wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes).
- wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM
  (git-fixes).
- wifi: rtl8xxxu: Remove copy-paste leftover in
  gen2_update_rate_mask (git-fixes).
- wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
  (git-fixes).
- wifi: rtl8xxxu: Fix skb misuse in TX queue selection
  (git-fixes).
- wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
  (git-fixes).
- wifi: ath10k: add peer map clean up for peer delete in
  ath10k_sta_state() (git-fixes).
- wifi: mac80211: allow bw change during channel switch in mesh
  (git-fixes).
- commit d4e6eb9
- soc: sunxi_sram: Make use of the helper function
  devm_platform_ioremap_resource() (git-fixes).
- Refresh
  patches.suse/soc-sunxi-sram-Prevent-the-driver-from-being-unbound.patch.
- commit 1478c4f
- PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
  (git-fixes).
- PCI: Fix used_buses calculation in pci_scan_child_bus_extend()
  (git-fixes).
- pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback
  (git-fixes).
- pinctrl: armada-37xx: Checks for errors in gpio_request_enable
  callback (git-fixes).
- pinctrl: armada-37xx: Fix definitions for MPP pins 20-22
  (git-fixes).
- pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes).
- tty: serial: fsl_lpuart: disable dma rx/tx use flags in
  lpuart_dma_shutdown (git-fixes).
- drivers: serial: jsm: fix some leaks in probe (git-fixes).
- tty: xilinx_uartps: Fix the ignore_status (git-fixes).
- phy: qualcomm: call clk_disable_unprepare in the error handling
  (git-fixes).
- sbitmap: fix possible io hung due to lost wakeup (git-fixes).
- soc: qcom: smem_state: Add refcounting for the 'state->of_node'
  (git-fixes).
- soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
  (git-fixes).
- platform/x86: msi-laptop: Fix resource cleanup (git-fixes).
- platform/x86: msi-laptop: Fix old-ec check for backlight
  registering (git-fixes).
- spi: s3c64xx: Fix large transfers with DMA (git-fixes).
- spi/omap100k:Fix PM disable depth imbalance in
  omap1_spi100k_probe (git-fixes).
- spi: qup: add missing clk_disable_unprepare on error in
  spi_qup_pm_resume_runtime() (git-fixes).
- spi: qup: add missing clk_disable_unprepare on error in
  spi_qup_resume() (git-fixes).
- spi: mt7621: Fix an error message in mt7621_spi_probe()
  (git-fixes).
- regulator: qcom_rpm: Fix circular deferral regression
  (git-fixes).
- uas: ignore UAS for Thinkplus chips (git-fixes).
- usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes).
- uas: add no-uas quirk for Hiksemi usb_disk (git-fixes).
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
  (git-fixes).
- commit d4e37ac
- Input: i8042 - fix refount leak on sparc (git-fixes).
- Input: xpad - fix wireless 360 controller breaking after suspend
  (git-fixes).
- lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall
  (git-fixes).
- mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
  (git-fixes).
- iio: adc: ad7923: fix channel readings for some variants
  (git-fixes).
- iio: dac: ad5593r: Fix i2c read protocol requirements
  (git-fixes).
- iio: ABI: Fix wrong format of differential capacitance channel
  ABI (git-fixes).
- iio: inkern: only release the device node when done with it
  (git-fixes).
- iio: adc: at91-sama5d2_adc: lock around oversampling and sample
  freq (git-fixes).
- iio: adc: at91-sama5d2_adc: check return status for pressure
  and touch (git-fixes).
- iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
  (git-fixes).
- misc: ocxl: fix possible refcount leak in afu_ioctl()
  (git-fixes).
- mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes).
- mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct()
  (git-fixes).
- mtd: devices: docg3: check the return value of devm_ioremap()
  in the probe (git-fixes).
- mfd: sm501: Add check for platform_driver_register()
  (git-fixes).
- mfd: lp8788: Fix an error handling path in lp8788_irq_init()
  and lp8788_irq_init() (git-fixes).
- mfd: lp8788: Fix an error handling path in lp8788_probe()
  (git-fixes).
- mfd: fsl-imx25: Fix an error handling path in
  mx25_tsadc_setup_irq() (git-fixes).
- mfd: intel_soc_pmic: Fix an error handling path in
  intel_soc_pmic_i2c_probe() (git-fixes).
- HID: multitouch: Add memory barriers (git-fixes).
- media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
  (git-fixes).
- media: cedrus: Set the platform driver data earlier (git-fixes).
- memory: of: Fix refcount leak bug in of_get_ddr_timings()
  (git-fixes).
- memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe()
  (git-fixes).
- mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
  (git-fixes).
- mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
  (git-fixes).
- mISDN: fix use-after-free bugs in l1oip timer handlers
  (git-fixes).
- commit ea51746
- gpio: rockchip: request GPIO mux to pinctrl when setting
  direction (git-fixes).
- crypto: cavium - prevent integer overflow loading firmware
  (git-fixes).
- crypto: ccp - Release dma channels before dmaengine unrgister
  (git-fixes).
- crypto: akcipher - default implementation for setting a private
  key (git-fixes).
- crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr
  (git-fixes).
- efi: libstub: drop pointless get_memory_map() call (git-fixes).
- clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
  (git-fixes).
- firmware: google: Test spinlock on panic path to avoid lockups
  (git-fixes).
- fpga: prevent integer overflow in dfl_feature_ioctl_set_irq()
  (git-fixes).
- dyndbg: let query-modname override actual module name
  (git-fixes).
- dyndbg: fix module.dyndbg handling (git-fixes).
- dmaengine: ioat: stop mod_timer from resurrecting deleted
  timer in __cleanup() (git-fixes).
- hid: hid-logitech-hidpp: avoid unnecessary assignments in
  hidpp_connect_event (git-fixes).
- drm/udl: Restore display mode on resume (git-fixes).
- drm/omap: dss: Fix refcount leak bugs (git-fixes).
- drm/msm/dpu: Fix comment typo (git-fixes).
- drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes).
- drm/scheduler: quieten kernel-doc warnings (git-fixes).
- drm/bridge: megachips: Fix a null pointer dereference bug
  (git-fixes).
- drm: fix drm_mipi_dbi build errors (git-fixes).
- drm/msm: Make .remove and .shutdown HW shutdown consistent
  (git-fixes).
- drm:pl111: Add of_node_put() when breaking out of
  for_each_available_child_of_node() (git-fixes).
- drm/bridge: parade-ps8640: Fix regulator supply order
  (git-fixes).
- drm/mipi-dsi: Detach devices when removing the host (git-fixes).
- drm/bridge: Avoid uninitialized variable warning (git-fixes).
- drm/nouveau: fix a use-after-free in
  nouveau_gem_prime_import_sg_table() (git-fixes).
- drm: bridge: adv7511: fix CEC power down control register offset
  (git-fixes).
- efi: Correct Macmini DMI match in uefi cert quirk (git-fixes).
- docs: update mediator information in CoC docs (git-fixes).
- commit 6db482b
- ACPI: APEI: do not add task_work to kernel thread to avoid
  memory leak (git-fixes).
- clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying
  num_parents (git-fixes).
- clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent
  (git-fixes).
- clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
  (git-fixes).
- clk: tegra20: Fix refcount leak in tegra20_clock_init
  (git-fixes).
- clk: tegra: Fix refcount leak in tegra114_clock_init
  (git-fixes).
- clk: tegra: Fix refcount leak in tegra210_clock_init
  (git-fixes).
- clk: berlin: Add of_node_put() for of_get_parent() (git-fixes).
- clk: qoriq: Hold reference returned by of_get_parent()
  (git-fixes).
- clk: oxnas: Hold reference returned by of_get_parent()
  (git-fixes).
- ata: fix ata_id_has_dipm() (git-fixes).
- ata: fix ata_id_has_ncq_autosense() (git-fixes).
- ata: fix ata_id_has_devslp() (git-fixes).
- ata: fix ata_id_sense_reporting_enabled() and
  ata_id_has_sense_reporting() (git-fixes).
- ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe
  (git-fixes).
- ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
  (git-fixes).
- ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
  (git-fixes).
- ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
  (git-fixes).
- ASoC: eureka-tlv320: Hold reference returned from of_find_xxx
  API (git-fixes).
- ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes).
- ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes).
- ALSA: hda/hdmi: Don't skip notification handling during PM
  operation (git-fixes).
- ALSA: dmaengine: increment buffer pointer atomically
  (git-fixes).
- ALSA: asihpi - Remove useless code in hpi_meter_get_peak()
  (git-fixes).
- ASoC: wcd934x: fix order of Slimbus unprepare/disable
  (git-fixes).
- ASoC: wcd9335: fix order of Slimbus unprepare/disable
  (git-fixes).
- Bluetooth: hci_core: Fix not handling link timeouts propertly
  (git-fixes).
- commit 058f8fc
- Update
  patches.suse/mm-rmap-Fix-anon_vma-degree-ambiguity-leading-to-double-reuse.patch
  (CVE-2022-42703, bsc#1204168, git-fixes, bsc#1203098).
- commit 15fe693
- misc: sgi-gru: fix use-after-free error in
  gru_set_context_option, gru_fault and gru_handle_user_call_os
  (CVE-2022-3424 bsc#1204166).
- commit 721c580
- blacklist.conf: Append 'drm/vc4: hdmi: Prevent access to crtc->state outside of KMS'
- commit 39988a9
- blacklist.conf: Append 'drm/vc4: hdmi: Use a mutex to prevent concurrent framework access'
- commit c6967e3
- blacklist.conf: Append 'drm/vc4: hdmi: Add a spinlock to protect register access'
- commit 7d9f3f3
- exfat: Return ENAMETOOLONG consistently for oversized paths
  (bsc#1204053 bsc#1201725).
- commit 955135a
- selftests/powerpc: Skip energy_scale_info test on older firmware
  (git-fixes).
- commit 2a9f2c0
- blacklist.conf: prerequisite too risky
- commit 67fdf07
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 3394628
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
  (git-fixes).
- commit 71e1adc
- blacklist.conf: ignore unwanted nfs patches
- commit 5bb5269
- blacklist.conf: ignore unwanted md patches
- commit ff9f04a
- xfs: enable big timestamps (bsc#1203387).
- commit e8c654f
- xfs: widen ondisk quota expiration timestamps to handle y2038+
  (bsc#1203387).
- commit f11211b
- quota: widen timestamps for the fs_disk_quota structure
  (bsc#1203387).
- commit 1a9210f
- xfs: widen ondisk inode timestamps to deal with y2038+
  (bsc#1203387).
- commit ef6704e
- ACPI: processor idle: Practically limit "/Dummy wait"/ workaround
  to old Intel systems (bnc#1203802).
- commit 5c74e0f
- xfs: redefine xfs_ictimestamp_t (bsc#1203387).
  Refresh
  patches.suse/xfs-repair-malformed-inode-items-during-log-recovery.patch.
- commit 79f8f1e
- xfs: redefine xfs_timestamp_t (bsc#1203387).
- commit f6d0842
- xfs: use a struct timespec64 for the in-core crtime
  (bsc#1203387).
- commit d683559
- xfs: quota: move to time64_t interfaces (bsc#1203387).
- commit e4afdb9
- xfs: explicitly define inode timestamp range (bsc#1203387).
- commit d8ae99a
- media: aspeed-video: ignore interrupts that aren't enabled
  (git-fixes).
- commit 36a70fa
- media: coda: Add more H264 levels for CODA960 (git-fixes).
- commit 6094fd3
- media: coda: Fix reported H264 profile (git-fixes).
- commit af3ba3e
- xfs: enable new inode btree counters feature (bsc#1203387).
- commit 06361ad
- xfs: use the finobt block counts to speed up mount times
  (bsc#1203387).
- commit debb8f9
- xfs: store inode btree block counts in AGI header (bsc#1203387).
- commit f9fb0f8
- blacklist.conf: Append 'sysfb: Enable boot time VESA graphic mode selection'
- commit 49f0f34
- Revert "/constraints: increase disk space for all architectures"/
  (bsc#1203693).
  This reverts commit 43a9011f904bc7328d38dc340f5e71aecb6b19ca.
- commit 3d33373
- drm/amdgpu: don't register a dirty callback for non-atomic
  (git-fixes).
- commit 0b4b37a
- wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes).
- commit 0b58855
- usb: typec: ucsi: Remove incorrect warning (git-fixes).
- USB: serial: option: add Quectel RM520N (git-fixes).
- USB: serial: option: add Quectel BG95 0x0203 composition
  (git-fixes).
- Revert "/usb: add quirks for Lenovo OneLink+ Dock"/ (git-fixes).
- usb: add quirks for Lenovo OneLink+ Dock (git-fixes).
- video: fbdev: pxa3xx-gcu: Fix integer overflow in
  pxa3xx_gcu_write (git-fixes).
- usb: dwc3: gadget: Prevent repeat pullup() (git-fixes).
- usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
  (git-fixes).
- usb: xhci-mtk: fix issue of out-of-bounds array access
  (git-fixes).
- commit 2e55e74
- soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes).
- soc: sunxi: sram: Prevent the driver from being unbound
  (git-fixes).
- soc: sunxi: sram: Actually claim SRAM regions (git-fixes).
- usb: xhci-mtk: add some schedule error number (git-fixes).
- usb: xhci-mtk: add a function to (un)load bandwidth info
  (git-fixes).
- usb: xhci-mtk: use @sch_tt to check whether need do TT schedule
  (git-fixes).
- usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes).
- usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes).
- tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before
  sending data (git-fixes).
- commit e040102
- blacklist.conf: df5b035b5683 x86/cacheinfo: Add a cpu_llc_shared_mask() UP variant
- commit 51fbc8c
- media: dvb_vb2: fix possible out of bound access (git-fixes).
- clk: iproc: Do not rely on node name for correct PLL setup
  (git-fixes).
- clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI
  clocks (git-fixes).
- Revert "/drm: bridge: analogix/dp: add panel prepare/unprepare
  in suspend/resume time"/ (git-fixes).
- libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205
  (git-fixes).
- mmc: moxart: fix 4-bit bus width and remove 8-bit bus width
  (git-fixes).
- reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes).
- ASoC: tas2770: Reinit regcache on reset (git-fixes).
- serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx
  accounting (git-fixes).
- serial: tegra: Use uart_xmit_advance(), fixes icount.tx
  accounting (git-fixes).
- serial: Create uart_xmit_advance() (git-fixes).
- can: gs_usb: gs_can_open(): fix race dev->can.state condition
  (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes).
- ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack
  (git-fixes).
- ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530
  laptop (git-fixes).
- ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes).
- ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes).
- drm/rockchip: Fix return type of cdn_dp_connector_mode_valid
  (git-fixes).
- drm/amd/display: Limit user regamma to a valid value
  (git-fixes).
- drm/amdgpu: use dirty framebuffer helper (git-fixes).
- ASoC: nau8824: Fix semaphore unbalance at error paths
  (git-fixes).
- ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes).
- ALSA: hda/sigmatel: Fix unused variable warning for beep power
  change (git-fixes).
- ALSA: hda/sigmatel: Keep power up while beep is enabled
  (git-fixes).
- regulator: pfuze100: Fix the global-out-of-bounds access in
  pfuze100_regulator_probe() (git-fixes).
- net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
- commit e7744dc
- blacklist.conf: 00da0cb385d0 Documentation/ABI: Mention retbleed vulnerability info file for sysfs
- commit 24c89c9
- USB: serial: option: add Quectel RM520N (git-fixes).
- commit e500762
- USB: serial: option: add Quectel BG95 0x0203 composition
  (git-fixes).
- commit 75be355
- Revert "/drivers/video/backlight/platform_lcd.c: add support for (bsc#1152489)
- commit b42e64a
- parisc/sticon: fix reverse colors (bsc#1152489)
  Backporting notes:
  * context changes
- commit 206cd49
- parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489)
- commit f67e434
- kabi/severities: add mlx5 internal symbols
- commit 4fb94df
- net/mlx5: Dynamically resize flow counters query buffer
  (bsc#119175).
- net/mlx5: Fix flow counters SF bulk query len (bsc#119175).
- net/mlx5: Reduce flow counters bulk query buffer size for SFs
  (bsc#119175).
- net/mlx5: Allocate individual capability (bsc#119175).
- net/mlx5: Reorganize current and maximal capabilities to be
  per-type (bsc#119175).
- net/mlx5: Use order-0 allocations for EQs (bsc#119175).
- commit cb2b71a
- constraints: increase disk space for all architectures
  References: bsc#1203693
  aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is
  very close to the limit.
- commit 43a9011
- padata: make padata_free_shell() to respect pd's ->refcnt
  (bsc#1202638).
- commit 2827da5
- padata: introduce internal padata_get/put_pd() helpers
  (bsc#1202638).
- commit 8fd1f6c
- SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297).
- commit 72392d0
- selftest/powerpc: Add PAPR sysfs attributes sniff test
  (bsc#1200465 ltc#197256 jsc#PED-1931).
- powerpc/pseries: Interface to represent PAPR firmware attributes
  (bsc#1200465 ltc#197256 jsc#PED-1931).
- commit 9795281
krb5
- Fix integer overflows in PAC parsing; (CVE-2022-42898);
  (bso#15203), (bsc#1205126).
- Added patches:
  * 0010-Fix-integer-overflows-in-PAC-parsing.patch
libX11
- U_Don-t-try-to-destroy-NULL-condition-variables.patch
  * fixes regression introduced with security update for
    CVE-2022-3555 (bsc#1204425, bsc#1208881)
- U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
  * security update for CVE-2022-3554 (bsc#1204422)
- U_Fix-two-memory-leaks-in-_XFreeX11XCBStructure.patch
  * security update for CVE-2022-3555 (bsc#1204425)
libarchive
- Fix CVE-2022-36227, Handle a calloc returning NULL
  (CVE-2022-36227, bsc#1205629)
  * CVE-2022-36227.patch
- Fix CVE-2021-31566, modifies file flags of symlink target
  (CVE-2021-31566, bsc#1192426.patch)
  CVE-2021-31566.patch
- Fix bsc#1192427, processing fixup entries may follow symbolic links
  bsc1192427.patch
libdb-4_8
- Security fix: [bsc#1174414, CVE-2019-2708]
  * libdb: Data store execution leads to partial DoS
  * Backport the upsteam commits:
  - Fixed several possible crashes when running db_verify
    on a corrupted database. [#27864]
  - Fixed several possible hangs when running db_verify
    on a corrupted database. [#27864]
  - Added a warning message when attempting to verify a queue
    database which has many extent files. Verification will take
    a long time if there are many extent files. [#27864]
  * Add libdb-4_8-CVE-2019-2708.patch
libksba
- Security fix: [bsc#1206579, CVE-2022-47629]
  * Integer overflow in the CRL signature parser.
  * Add libksba-CVE-2022-47629.patch
libsodium
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
-  Revert previous change about cpuid as previous change rejected
  in https://build.opensuse.org/request/show/724809
-  Disable LTO as bypass boo#1148184
-  Add libsodium_configure_cpuid_chg.patch and call autoconf
  to regenerate configure script with proper CPUID checking.
  Required at least for PowerPC and ARM now that LTO enabled.
- Update to 1.0.18
  - Enterprise versions of Visual Studio are now supported.
  - Visual Studio 2019 is now supported.
  - 32-bit binaries for Visual Studio 2010 are now provided.
  - A test designed to trigger an OOM condition didn't work on
    Linux systems with memory overcommit turned on. It has been
    removed in order to fix Ansible builds.
  - Emscripten: print and printErr functions are overridden to send
    errors to the console, if there is one.
  - Emscripten: UTF8ToString() is now exported since
    Pointer_stringify() has been deprecated.
  - Libsodium version detection has been fixed in the CMake recipe.
  - Generic hashing got a 10% speedup on AVX2.
  - New target: WebAssembly/WASI
    (compile with dist-builds/wasm32-wasi.sh).
  - New functions to map a hash to an edwards25519 point
    or get a random point:
    core_ed25519_from_hash() and core_ed25519_random().
  - crypto_core_ed25519_scalar_mul() has been implemented for
    scalar*scalar (mod L) multiplication.
  - Support for the Ristretto group has been implemented for
    interoperability with wasm-crypto.
  - Improvements have been made to the test suite.
  - Portability improvements have been made.
  - getentropy() is now used on systems providing this system call.
  - randombytes_salsa20 has been renamed to randombytes_internal.
  - Support for NativeClient has been removed.
  - Most ((nonnull)) attributes have been relaxed to allow 0-length
    inputs to be NULL.
  - The -ftree-vectorize and -ftree-slp-vectorize compiler switches
    are now used, if available, for optimized builds.
- Update to 1.0.17
  - Bug fix: sodium_pad() didn't properly support block sizes
    >= 256 bytes.
  - JS/WebAssembly: some old iOS versions can't instantiate the
    WebAssembly module; fall back to Javascript on these.
  - JS/WebAssembly: compatibility with newer Emscripten versions.
  - Bug fix: crypto_pwhash_scryptsalsa208sha256_str_verify() and
    crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()didn't
    returnEINVAL` on input strings with a short length, unlike
    their high-level counterpart.
  - Added a workaround for Visual Studio 2010 bug causing CPU
    features not to be detected.
  - Portability improvements.
  - Test vectors from Project Wycheproof have been added.
  - New low-level APIs for arithmetic mod the order of the prime
    order group:
  - crypto_core_ed25519_scalar_random(),
    crypto_core_ed25519_scalar_reduce(),
  - crypto_core_ed25519_scalar_invert(),
    crypto_core_ed25519_scalar_negate(),
  - crypto_core_ed25519_scalar_complement(),
    crypto_core_ed25519_scalar_add() and
    crypto_core_ed25519_scalar_sub().
  - New low-level APIs for scalar multiplication without clamping:
    crypto_scalarmult_ed25519_base_noclamp() and
    crypto_scalarmult_ed25519_noclamp().
    These new APIs are especially useful for blinding.
  - sodium_sub() has been implemented.
  - Support for WatchOS has been added.
  - getrandom(2) is now used on FreeBSD 12+.
  - The nonnull attribute has been added to all relevant
    prototypes.
  - More reliable AVX512 detection.
  - Javascript/Webassembly builds now use dynamic memory growth.
libtirpc
- consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding
  to a random port (bsc#1199467)
  - add binddynport-honor-ip_local_reserved_ports.patch
libxml2
- Add W3C conformance tests to the testsuite (bsc#1204585):
  * Added file xmlts20080827.tar.gz
libxslt
- Security Fix: [bsc#1208574, CVE-2021-30560]
  * Use after free in Blink XSLT
  * Add libxslt-CVE-2021-30560.patch
- Fix broken license symlink for libxslt-tools [bsc#1203669]
lvm2
- killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216)
  - bug-1203216_lvmlockd-purge-the-lock-resources-left-in-previous-l.patch
- dracut-initqueue timeouts with 5.3.18-150300.59.63 kernel on ppc64le (bsc#1199074)
  - in lvm2.spec, change device_mapper_version from 1.02.163 to %{lvm2_version}_1.02.163
- lvm2.spec %post deletes libdevmapper and triggers kernel panic (bsc#1198523)
  - change %post behaviour, only do deleting job for non-link folder
mgr-osad
- version 4.2.9-1
  * Updated logrotate configuration (bsc#1206470)
mozilla-nss
- update to NSS 3.79.4 (bsc#1208138)
  * Bug 1804640 - improve handling of unknown PKCS#12 safe bag types.
    (CVE-2023-0767)
- Add upstream patch nss-fix-bmo1774654.patch to fix CVE-2022-3479
  (bsc#1204272)
- update to NSS 3.79.3 (bsc#1207038)
  * Bug 1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
    CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates
    (CVE-2022-23491)
- Update nss-fips-approved-crypto-non-ec.patch to disapprove the
  creation of DSA keys, i.e. mark them as not-fips (bsc#1201298)
- Update nss-fips-approved-crypto-non-ec.patch to allow the use SHA
  keygen mechs (bsc#1191546).
- Update nss-fips-constructor-self-tests.patch to ensure abort() is
  called when the repeat integrity check fails (bsc#1198980).
net-snmp
- Hardening systemd services setting "/ProtectHome=true"/ caused home directory
  size and allocation to be listed incorrectly (bsc#1206044).
  add:
  * net-snmp-5.9.3-harden_snmpd.service.patch
  * net-snmp-5.9.3-harden_snmptrapd.service.patch
  delete:
  * net-snmp-5.9.1-harden_snmpd.service.patch
  * net-snmp-5.9.1-harden_snmptrapd.service.patch
- Fixed NULL pointer exception issue when handling ipDefaultTTL or
  pv6IpForwarding (bsc#1205148, CVE-2022-44793, bsc#1205150, CVE-2022-44792).
  add:
  * net-snmp-5.9.3-disallow_SET_requests_with_NULL_varbind.patch
- Enable AES-192 and AES-256 privacy protocol (bsc#1206828).
- update to 5.9.3 (bsc#1201103, jsc#SLE-11203):
  - security:
  - These two CVEs can be exploited by a user with read-only credentials:
  - CVE-2022-24805 A buffer overflow in the handling of the INDEX of
    NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
  - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable
    can cause a NULL pointer dereference.
  - These CVEs can be exploited by a user with read-write credentials:
  - CVE-2022-24806 Improper Input Validation when SETing malformed
    OIDs in master agent and subagent simultaneously
  - CVE-2022-24807 A malformed OID in a SET request to
    SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
    out-of-bounds memory access.
  - CVE-2022-24808 A malformed OID in a SET request to
    NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
  - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
    can cause a NULL pointer dereference.
  - Fixed library versioning bug found in 5.9.2.
  - Library version change to libsnmp40.
- Moved logrotate files from user specific directory /etc/logrotate.d
  to vendor specific directory /usr/etc/logrotate.d.
- Fixed python2 backward compability.
  add:
  * net-snmp-5.9.3-fixed-python2-bindings.patch
- Migration to /usr/etc: Saving user changed configuration files
  in /etc and restoring them while an RPM update.
- Change to use systemd service files directly from net-snmp package.
  add:
  * net-snmp-5.9.1-suse-systemd-service-files.patch
  * net-snmp-5.9.1-harden_snmpd.service.patch
  * net-snmp-5.9.1-harden_snmptrapd.service.patch
  remove:
  * snmpd.service
  * snmptrapd.service
  * harden_snmpd.service.patch
  * harden_snmptrapd.service.patch
- Refactor and remove obsolete patches to work with version number 5.9.3:
  add:
  * net-snmp-5.9.3-pie.patch
  * net-snmp-5.9.3-fix-create-v3-user-outfile.patch
  * net-snmp-5.9.1-add-lustre-fs-support.patch
  * net-snmp-5.9.1-fix-Makefile.PL.patch
  * net-snmp-5.9.1-modern-rpm-api.patch
  * net-snmp-5.9.1-net-snmp-config-headercheck.patch
  * net-snmp-5.9.1-perl-tk-warning.patch
  * net-snmp-5.9.1-snmpstatus-suppress-output.patch
  * net-snmp-5.9.1-socket-path.patch
  * net-snmp-5.9.1-subagent-set-response.patch
  * net-snmp-5.9.1-testing-empty-arptable.patch
  * net-snmp-5.9.1-velocity-mib.patch
  remove:
  * net-snmp-5.9.1-pie.patch
  * net-snmp-5.9.1-fix-create-v3-user-outfile.patch
  * net-snmp-5.7.3-add-lustre-fs-support.patch
  * net-snmp-5.7.3-Fix-Makefile.PL.patch
  * net-snmp-5.7.3-modern-rpm-api.patch
  * net-snmp-5.7.3-net-snmp-config-headercheck.patch
  * net-snmp-5.7.3-perl-tk-warning.patch
  * net-snmp-5.7.3-snmpstatus-suppress-output.patch
  * net-snmp-5.7.3-socket-path.patch
  * net-snmp-5.7.3-subagent-set-response.patch
  * net-snmp-5.7.3-testing-empty-arptable.patch
  * net-snmp-5.7.3-velocity-mib.patch
  * net-snmp-5.7.3-fix-create-v3-user-outfile.patch
  * net-snmp-5.7.3-pie.patch
  * net-snmp-4.7.2-systemd.patch
  * net-snmp-5.7.3-build-with-openssl-1.1.patch
  * net-snmp-5.7.3-fix-agentx-freezing-on-timeout.patch
  * net-snmp-5.7.3-fix-missing-mib-hrStorage-indexes.patch
  * net-snmp-5.7.3-fix-snmpd-crashing-when-an-agentx-disconnects.patch
  * net-snmp-5.7.3-fix-snmp_pdu_parse-incomplete.patch
  * net-snmp-5.7.3-fix-subagent-data-corruption.patch
  * net-snmp-5.7.3-helpers-table-skip-if-next-handler-called.patch
  * net-snmp-5.7.3-host-mib-skip-autofs-entries.patch
  * net-snmp-5.7.3-make-extended-mib-read-only.patch
  * net-snmp-5.7.3-netgroups.patch
  * net-snmp-5.7.3-Remove-U64-typedef.patch
  * net-snmp-5.7.3-snmptrapd-add-forwarder-info.patch
  * net-snmp-5.7.3-swintst_rpm-Protect-against-unspecified-Group-name.patch
  * net-snmp-5.7.3-ucd-snmp-mib-add-64-bit-mem-obj.patch
  * net-snmp-python3.patch
nfs-utils
- add 0025-nfsdcltrack-getopt_long-fails-on-a-non-x86_64-archs.patch
  Fix nfsdcltrack bug that affected non-x86 archs.
  (bsc#1202627)
- 0024-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch
  Ensure sysctl setting work (bsc#1199856)
nfsidmap
- 0001-Removed-some-unused-and-set-but-not-used-warnings.patch
  0002-Handle-NULL-names-better.patch
  0003-Strip-newlines-out-of-IDMAP_LOG-messages.patch
  0004-onf_parse_line-Ignore-whitespace-at-the-beginning-of.patch
  0005-nss.c-wrong-check-of-return-value.patch
  0006-Fixed-a-memory-leak-nss_name_to_gid.patch
  Various bugfixes and improvemes from upstream
  In particular, 0001 fixes a crash that can happen when
  a 'static' mapping is configured.
  (bnc#1200901)
openssh
- Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish: Make ssh
  connections update their dbus environment (bsc#1179465).
- Add openssh-do-not-send-empty-message.patch: Prevent empty
  messages from being sent. This avoids a superfluous new line
  (bsc#1192439).
openssl-1_1
- Security Fix: [bsc#1207533, CVE-2023-0286]
  * Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp
    for x400Address
  * Add openssl-CVE-2023-0286.patch
- Security Fix: [bsc#1207536, CVE-2023-0215]
  * Use-after-free following BIO_new_NDEF()
  * Add patches:
  - openssl-CVE-2023-0215-1of4.patch
  - openssl-CVE-2023-0215-2of4.patch
  - openssl-CVE-2023-0215-3of4.patch
  - openssl-CVE-2023-0215-4of4.patch
- Security Fix: [bsc#1207538, CVE-2022-4450]
  * Double free after calling PEM_read_bio_ex()
  * Add patches:
  - openssl-CVE-2022-4450-1of2.patch
  - openssl-CVE-2022-4450-2of2.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
  * Timing Oracle in RSA Decryption
  * Add patches:
  - openssl-CVE-2022-4304-1of2.patch
  - openssl-CVE-2022-4304-2of2.patch
- FIPS: list only FIPS approved public key algorithms
  [bsc#1121365, bsc#1198472]
  * Add openssl-1_1-fips-list-only-approved-pubkey-algorithms.patch
- Added openssl-1_1-paramgen-default_to_rfc7919.patch
  * bsc#1180995
  * Default to RFC7919 groups when generating ECDH parameters
    using 'genpkey' or 'dhparam' in FIPS mode.
- Fix memory leaks introduced by openssl-1.1.1-fips.patch [bsc#1203046]
  * Add patch openssl-1.1.1-fips-fix-memory-leaks.patch
pam
- Update pam_motd to the most current version. This fixes various issues
  and adds support for mot.d directories [jsc#PED-1712].
  * Added: pam-ped1712-pam_motd-directory-feature.patch
permissions
  * Backport postfix to SLE-15-SP2 (bsc#1206738)
- Update to version 20181225:
postgresql
- revert to old user creation method, as sysusers on sp3 and older
  does not support shell specification. bsc#1206796
- avoid bashisms in /bin/sh based startup script
- Bump to postgresql 15
- Change to systemd-sysusers
postgresql-jdbc
- fix createTempFile vulnerability - CVE-2022-41946 (bsc#1206921)
  * Added: fix-createTempFile-vulnerability-CVE-2022-41946.patch
postgresql13
- Update to 13.10:
  * CVE-2022-41862, bsc#1208102: memory leak in libpq
  * https://www.postgresql.org/about/news/2592/
  * https://www.postgresql.org/docs/13/release-13-10.html
- Bump latest_supported_llvm_ver to 15.
- bsc#1205300: Update to 13.9:
  * https://www.postgresql.org/about/news/2543/
  * https://www.postgresql.org/docs/13/release-13-9.html
- Sync spec file with postgresql15.
- Create mechanism to specify the latest supported LLVM version.
  Automatically pin to that version if the distribution has a newer
  unsupported default version.
- Sync spec file with postgresql15.
- Disable LLVM JIT on riscv64
procps
- Extend patch procps-3.3.17-library-bsc1181475.patch (bsc#1206412)
- Make sure that correct library version is installed (bsc#1206412)
protobuf
- Fix a potential DoS issue in protobuf-cpp and protobuf-python,
  CVE-2022-1941, bsc#1203681
  * Add protobuf-CVE-2022-1941.patch
- Fix a potential DoS issue when parsing with binary data in
  protobuf-java, CVE-2022-3171, bsc#1204256
  * Add protobuf-CVE-2022-3171.patch
- Refresh protobuf-CVE-2021-22570.patch
- Backport changes from 3.16.x tree for apply recent CVE patches
  * Add protobuf-51026d922970e06475f005b39287963594134b96.patch
  * Add protobuf-6ee16a9c60e734104aeb738503fe3f411c97bd88.patch
  * Add protobuf-73e0d748b9acdc40b693f2879ce82ecb1a849b81.patch
  * Add protobuf-7bff8393cab939bfbb9b5c69b3fe76b4d83c41ee.patch
  * Add protobuf-4f02f056b5cea99052bfdfb6698afe47a3cf2964.patch
  * Add protobuf-763c3588740b97e8e80b1b1a1a2dc4f417647133.patch
  * Add protobuf-6c92f9dff1807c142edf6780d775b58a3b078591.patch
  * Add protobuf-4e93585e8bb234efeacb7737b8d080968c5ab91e.patch
  * Add protobuf-58d4420e2dd8a3cd354fff9db0052881c25369ce.patch
- Reorganize patch set ordering
- Fix potential Denial of Service in protobuf-java in the parsing procedure
  for binary data, CVE-2021-22569, bsc#1194530
  * Add protobuf-improve-performance-of-parsing-unknown-fields-in-Java.patch
publicsuffix
- Update to version 20220903:
  * util: gTLD data autopull updates for 2022-09-03T15:15:24 UTC (#1606)
  * Update public_suffix_list.dat (#1594)
  * Add streamlitapp.com (#1591)
  * Update public_suffix_list.dat (#1573)
  * Add Framer Sites domains to PSL (#1570)
  * new TLD .ישראל and SLDs for Israel by ISOC-IL (#1595)
- Update to version 20220805:
  * Updates to NIXI `.in` subspace in ICANN section of PSL (#1588)
  * util: gTLD data autopull updates for 2022-07-28T15:14:54 UTC (#1592)
  * util: gTLD data autopull updates for 2022-07-03T15:13:52 UTC (#1587)
  * Add messerli.app (#1535)
  * Add iservschule.de, schulplattform.de, update IServ GmbH contact information (#1580)
  * Add `lolipopmc.jp` (#1555)
  * Add ibxos.it and iliadboxos.it domains (#1549)
  * Simplify the instance and endpoint domains using wildcard syntax (#1584)
  * util: gTLD data autopull updates for 2022-06-14T15:15:19 UTC (#1581)
  * doc (.in): update ref uri to registry policies (#1577)
  * util: gTLD data autopull updates for 2022-06-02T15:16:31 UTC (#1579)
- Update to version 20220518:
  * util: gTLD data autopull updates for 2022-05-18T15:16:02 UTC (#1567)
  * fixed wordwrap; added # of users q
  * Add builder.code.com, stg-builder.code.com, and dev-builder.code.com (#1566)
  * UPDATE HOSTBIP RECORDS (`name.pm` `sch.tf` `biz.wf` `sch.wf` `org.yt`) (#1473)
  * Fix comments delete space and deprecation of io/ioutil (#1557)
- Update to version 20220510:
  * Cleaned up the wording and formatting
  * Clarified 3rd party workaround stuff; fixed #1559
  * Add gov.nl (#1558)
  * util: gTLD data autopull updates for 2022-04-30T15:14:45 UTC (#1564)
- Update to version 20220415:
  * util: gTLD data autopull updates for 2022-04-14T15:15:34 UTC (#1554)
  * Add `1.azurestaticapps.net` DNS suffix (#1514)
  * add support for scaleway subdomains (#1507)
py27-compat-salt
- Ignore extend declarations from excluded SLS files (bsc#1203886)
- Added:
  * ignore-extend-declarations-from-excluded-sls-files.patch
- Enhance capture of error messages for Zypper calls in zypperpkg module
- Added:
  * include-stdout-in-error-message-for-zypperpkg-565.patch
python
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
  bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters
- Disable NIS for new products, it's deprecated and gets removed
- Add skip_unverified_test.patch because apparently switching off
  SSL verification doesn't work on older SLE.
- Restore python-2.7.9-sles-disable-verification-by-default.patch
  for SLE-12.
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
  CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.
- Add bpo34990-2038-problem-compileall.patch making compileall.py
  compliant with year 2038 (bsc#1202666, gh#python/cpython#79171),
  backport of fix to Python 2.7.
- Filter out executable-stack error that is triggered for i586
  target.
python-PyNaCl
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- six is needed by testsuite
- Update to 1.4.0
  * Update ``libsodium`` to 1.0.18.
  * **BACKWARDS INCOMPATIBLE:** We no longer distribute 32-bit ``manylinux1``
    wheels. Continuing to produce them was a maintenance burden.
  * Added support for Python 3.8, and removed support for Python 3.4.
  * Add low level bindings for extracting the seed and the public key
    from crypto_sign_ed25519 secret key
  * Add low level bindings for deterministic random generation.
  * Add ``wheel`` and ``setuptools`` setup_requirements in ``setup.py`` (#485)
  * Fix checks on very slow builders (#481, #495)
  * Add low-level bindings to ed25519 arithmetic functions
  * Update low-level blake2b state implementation
  * Fix wrong short-input behavior of SealedBox.decrypt() (#517)
  * Raise CryptPrefixError exception instead of InvalidkeyError when trying
    to check a password against a verifier stored in a unknown format (#519)
  * Add support for minimal builds of libsodium. Trying to call functions
    not available in a minimal build will raise an UnavailableError
    exception. To compile a minimal build of the bundled libsodium, set
    the SODIUM_INSTALL_MINIMAL environment variable to any non-empty
    string (e.g. ``SODIUM_INSTALL_MINIMAL=1``) for setup.
- removed obsolete back-port patch:
  * fix_tests.patch
  * hypothesis-no-unilmited.patch
  * python-PyNaCl-hypothesis-remove-average_size.patch
- Fix tests with latest hypothesis:
  * hypothesis-no-unilmited.patch
- Add missing runtime dependency on cffi
- add fix_tests.patch for new pytest
- run the testsuite
- added patches
  https://github.com/pyca/pynacl/commit/a8c08b18f3a2e8f2140c531afaf42715fcab68e7
  + python-PyNaCl-hypothesis-remove-average_size.patch
- Update to 1.3.0
  * Added support for Python 3.7.
  * Run and test all code examples in PyNaCl docs through sphinx's doctest
    builder.
  * Add low-level bindings for chacha20-poly1305 AEAD constructions.
  * Add low-level bindings for the chacha20-poly1305 secretstream
    constructions.
  * Add low-level bindings for ed25519ph pre-hashed signing construction.
  * Add low-level bindings for constant-time increment and addition on
    fixed-precision big integers represented as little-endian byte sequences.
  * Add low-level bindings for the ISO/IEC 7816-4 compatible padding API.
  * Add low-level bindings for libsodium's crypto_kx... key exchange
    construction.
  * Set hypothesis deadline to None in tests/test_pwhash.py to avoid incorrect
    test failures on slower processor architectures.
python-base
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
  bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters
- Disable NIS for new products, it's deprecated and gets removed
- Add skip_unverified_test.patch because apparently switching off
  SSL verification doesn't work on older SLE.
- Restore python-2.7.9-sles-disable-verification-by-default.patch
  for SLE-12.
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
  CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.
- Add bpo34990-2038-problem-compileall.patch making compileall.py
  compliant with year 2038 (bsc#1202666, gh#python/cpython#79171),
  backport of fix to Python 2.7.
- Filter out executable-stack error that is triggered for i586
  target.
python-certifi
- remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle
  certs (bsc#1206212 CVE-2022-23491)
  - TrustCor RootCert CA-1
  - TrustCor RootCert CA-2
  - TrustCor ECA-1
- Add removeTrustCor.patch
python-cryptography
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)
- Refresh patches for new version
  + 5507-mitigate-Bleichenbacher-attacks.patch
- update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331):
  * SECURITY ISSUE: Fixed a bug where certain sequences of update()
    calls when symmetrically encrypting very large payloads (>2GB) could
    result in an integer overflow, leading to buffer overflows.
    CVE-2020-36242
  - drops CVE-2020-36242-buffer-overflow.patch on older dists
- update to 3.3.1:
  * Re-added a legacy symbol causing problems for older ``pyOpenSSL`` use
- Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
- update to 3.3.0
  - BACKWARDS INCOMPATIBLE: Support for Python 3.5 has been removed
    due to low usage and maintenance burden.
  - BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit
    to 1024-bit (8 byte to 128 byte) initialization vectors. This
    change is to conform with an upcoming OpenSSL release that will
    no longer support sizes outside this window.
  - BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we
    now raise ValueError rather than UnsupportedAlgorithm when an
    unsupported cipher is used. This change is to conform with an
    upcoming OpenSSL release that will no longer distinguish
    between error types.
  - BACKWARDS INCOMPATIBLE: We no longer allow loading of finite
    field Diffie-Hellman parameters of less than 512 bits in
    length. This change is to conform with an upcoming OpenSSL
    release that no longer supports smaller sizes. These keys were
    already wildly insecure and should not have been used in any
    application outside of testing.
  - Updated Windows, macOS, and manylinux wheels to be compiled
    with OpenSSL 1.1.1i.
  - Python 2 support is deprecated in cryptography. This is the
    last release that will support Python 2.
  - Added the recover_data_from_signature() function to
    RSAPublicKey for recovering the signed data from an RSA
    signature.
- Remove unnecessary dependency virtualenv.
- update to 3.2.1:
  Disable blinding on RSA public keys to address an error with
  some versions of OpenSSL.
- update to 3.2 (bsc#1178168, CVE-2020-25659):
  * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time,
    to protect against Bleichenbacher vulnerabilities. Due to limitations imposed
    by our API, we cannot completely mitigate this vulnerability.
  * Support for OpenSSL 1.0.2 has been removed.
  * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.
- drops 5507-mitigate-Bleichenbacher-attacks.patch on older dists
- update to 3.1.1:
  * wheels compiled with OpenSSL 1.1.1h.
- update to 3.1:
  * **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based
    :term:`U-label` parsing in various X.509 classes. This support was originally
    deprecated in version 2.1 and moved to an extra in 2.5.
  * Deprecated OpenSSL 1.0.2 support. OpenSSL 1.0.2 is no longer supported by
    the OpenSSL project. The next version of ``cryptography`` will drop support
    for it.
  * Deprecated support for Python 3.5. This version sees very little use and will
    be removed in the next release.
  * ``backend`` arguments to functions are no longer required and the
    default backend will automatically be selected if no ``backend`` is provided.
  * Added initial support for parsing certificates from PKCS7 files with
    :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`
    and
    :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`
    .
  * Calling ``update`` or ``update_into`` on
    :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data``
    longer than 2 :sup:`31` bytes no longer raises an ``OverflowError``. This
    also resolves the same issue in :doc:`/fernet`.
- update to 3.0
- refreshed disable-uneven-sizes-tests.patch and  skip_openssl_memleak_test.patch
  * Removed support for passing an Extension instance
    to from_issuer_subject_key_identifier(), as per our deprecation policy.
  * Support for LibreSSL 2.7.x, 2.8.x, and 2.9.0 has been removed
  * Dropped support for macOS 10.9, macOS users must upgrade to 10.10 or newer.
  * RSA generate_private_key() no longer accepts public_exponent values except
    65537 and 3 (the latter for legacy purposes).
  * X.509 certificate parsing now enforces that the version field contains
    a valid value, rather than deferring this check until version is accessed.
  * Deprecated support for Python 2
  * Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa
    private keys: load_ssh_private_key() for loading and OpenSSH for writing.
  * Added support for OpenSSH certificates to load_ssh_public_key().
  * Added encrypt_at_time() and decrypt_at_time() to Fernet.
  * Added support for the SubjectInformationAccess X.509 extension.
  * Added support for parsing SignedCertificateTimestamps in OCSP responses.
  * Added support for parsing attributes in certificate signing requests via get_attribute_for_oid().
  * Added support for encoding attributes in certificate signing requests via add_attribute().
  * On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL’s built-in CSPRNG
    instead of its own OS random engine because these versions of OpenSSL properly reseed on fork.
  * Added initial support for creating PKCS12 files with serialize_key_and_certificates().
- update to 2.9.2
  * 2.9.2 - 2020-04-22
  - Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15.
  * 2.9.1 - 2020-04-21
  - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g.
  * 2.9 - 2020-04-02
  - BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to
    low usage and maintenance burden.
  - BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.
    Users on older version of OpenSSL will need to upgrade.
  - BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
  - Removed support for calling public_bytes() with no arguments, as per
    our deprecation policy. You must now pass encoding and format.
  - BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()
    returns the RDNs as required by RFC 4514.
  - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f.
  - Added support for parsing single_extensions in an OCSP response.
  - NameAttribute values can now be empty strings.
- Add openSSL_111d.patch to make this version of the package
  compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792.
- bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in
  finalize_with_tag API
  * add disallow_implicit_tag_truncation.patch from
    https://github.com/pyca/cryptography/commit/688e0f673bfb.patch
python-future
- Add CVE-2022-40899.patch to fix REDoS in http.cookiejar
  gh#PythonCharmers/python-future#610
  bsc#1206673
python-msgpack
- Loose the filelist for the package info to avoid FTBFS on
  SLE-15-SP5 (bsc#1203743).
python-paramiko
- Add rsa-key-loading-fix.patch (bsc#1205132) fixing loading RSA
  key.
python-py
- Remove all traces of py._path.svn{url,wc}. (bsc#1204364, CVE-2022-42969)
- Add patch remove-svn-remants.patch to help with that goal.
- Refresh pr_222.patch as needed for above.
python-rsa
- Add cve_2020-25658.patch (CVE-2020-25658 bsc#1178676)
  + Reduce timing sensitivity on devryption for false ciphers
python-setuptools
- Add CVE-2022-40897-ReDos.patch to fix Regular Expression Denial of Service
  (ReDoS) in package_index.py.
  bsc#1206667
python3
- Add bpo27321-email-no-replace-header.patch to stop
  email.generator.py from replacing a non-existent header
  (bsc#1208443, gh#python/cpython#71508).
- Add bsc1188607-pythreadstate_clear-decref.patch to fix crash in
  the garbage collection (bsc#1188607).
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
  CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.
- Add CVE-2022-37454-sha3-buffer-overflow.patch to fix
  bsc#1204577 (CVE-2022-37454, gh#python/cpython#98517) buffer
  overflow in hashlib.sha3_* implementations (originally from the
  XKCP library).
- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
  CVE-2020-10735 (bsc#1203125) to limit amount of digits
  converting text to int and vice vera (potential for DoS).
  Originally by Victor Stinner of Red Hat.
- Remove merged patch CVE-2020-8492-urllib-ReDoS.patch,
  CRLF_injection_via_host_part.patch, and
  CVE-2019-18348-CRLF_injection_via_host_part.patch.
python3-ec2imgutils
- Update to version 10.0.1
  + Follow up fix to (bsc#1199722) allow the user a choice of 2.0 and v2.0 as
    tpm versions on the command line
- Update to version 10.0.0 (bsc#1199722)
  + Add --tpm-support as command line option and tpm_support to the API
    to register images that support NitroTPM
  + API change for ec2deprecateimg. It is now possible to deprecate
    an image without providing a successor image.
- Add rpm-macros to build requirements in spec.
python3-ec2metadata
- Update to version 4.0.0 (bsc#1204066)
  + Disambiguate cli options for duplicate endpoints. This is an
    incompatible change for some API versions of IMDS. When a duplicate
    endpoint is detected the cli option for both endpoints is expanded to a
    unique name.
release-notes-sles
- 15.3.20220930 (tracked in bsc#933411)
- Added note about SUSEConnect tracking (jsc#SLE-23312)
- Added note about BCI minimal container (jsc#SLE-22133)
- Added note about BCI containers (jsc#SLE-22144)
- Added note about XFS V4 filesystem (bsc#1200646)
- 15.3.20220906 (tracked in bsc#933411)
- Updated Java lifecycle (jsc#PED-1590)
- 15.3.20220831 (tracked in bsc#933411)
- Added note about schedutil (bsc#1176440)
- Added note about insserv-compat migration failure (bsc#1194837)
- Added note about Samba 4.15 (jsc#SLE-23330)
rhnlib
- version 4.2.7-1
  * Don't get stuck at the end of SSL transfers (bsc#1204032)
rpm
- update pythondeps-python310.diff: replace with minimal fix to
  support python 3.xx (bsc#1207294)
- add pythondeps-python310.diff
  and add match-python-version-if-minor.diff:
  * fix missing python(abi) for 3.XX versions (bsc#1207294)
- Strip critical bit in signature subpackage parsing
  * modified patch: pgpharden.diff
- Add workaround to make newer dnf versions no longer deadlock
  after it imported a pubkey [bnc#1202750]
  * new patch: keyimportdeadlock.diff
rsyslog
-  fix parsing of legacy config syntax (bsc#1205275)
  * add:
    0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch
    0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch
rubygem-nokogiri
- add 003-CVE-2022-24836.patch (CVE-2022-24836, bsc#1198408)
    fixes possibility to DoS because of inefficient RE in HTML encoding
- add 004_CVE-2022-29181.patch (CVE-2022-29181, bsc#1199782)
    fixes Improper Handling of Unexpected Data Types
runc
- Update to runc v1.1.4. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.4.
  bsc#1202021
  * Fix mounting via wrong proc fd. When the user and mount namespaces are
    used, and the bind mount is followed by the cgroup mount in the spec,
    the cgroup was mounted using the bind mount's mount fd.
  * Switch kill() in libcontainer/nsenter to sane_kill().
  * Fix "/permission denied"/ error from runc run on noexec fs.
  * Fix failed exec after systemctl daemon-reload. Due to a regression
    in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and
    was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded.
    (boo#1202821)
salt
- Control the collection of lvm grains via config (bsc#1204939)
- Added:
  * control-the-collection-of-lvm-grains-via-config.patch
- Pass the context to pillar ext modules
- Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685)
- Detect module run syntax version
- Implement automated patches alignment for the Salt Bundle
- Ignore extend declarations from excluded SLS files (bsc#1203886)
- Clarify pkg.installed pkg_verify documentation
- Enhance capture of error messages for Zypper calls in zypperpkg module
- Make pass renderer configurable and fix detected issues
- Workaround fopen line buffering for binary mode (bsc#1203834)
- Added:
  * clarify-pkg.installed-pkg_verify-documentation.patch
  * make-pass-renderer-configurable-other-fixes-532.patch
  * fopen-workaround-bad-buffering-for-binary-mode-563.patch
  * align-amazon-ec2-nitro-grains-with-upstream-pr-bsc-1.patch
  * detect-module.run-syntax.patch
  * ignore-extend-declarations-from-excluded-sls-files.patch
  * include-stdout-in-error-message-for-zypperpkg-559.patch
  * pass-the-context-to-pillar-ext-modules.patch
salt-netapi-client
- Version 0.21.0
  * See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.21.0
- Add transactional_update module
- Improve logging when creating salt exception
samba
- CVE-2022-38023 Additional patches for the PDC role's netlogon
  server; (bso#15240); (bsc#1206504);
- CVE-2021-20251: samba: Bad password count not incremented
  atomically; (bso#14611); (bsc#1206546).
- Update to 4.15.13
  * CVE-2022-37966 rc4-hmac Kerberos session keys issued to
    modern servers; (bso#15237); (bsc#1205385);
  * CVE-2022-37967 Kerberos constrained delegation ticket forgery
    possible against Samba AD DC; (bso#15231); (bsc#1205386);
  * CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
    and should be avoided; (bso#15240); (bsc#1206504);
  * filter-subunit is inefficient with large numbers of
    knownfails; (bso#15258);
  * The KDC logic arround msDs-supportedEncryptionTypes differs
    from Windows; (bso#13135);
  * Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue;
    (bso#15197);
- Remove the systemd drop-in file for named service to allow
  read/write access to the DLZ directory as bind is not using
  systemd filesystem namespaces but bind-chrootenv; (bsc#1205946);
- Install a systemd drop-in file for named service to allow
  read/write access to the DLZ directory; (bsc#1201689);
- Update to 4.15.12
  * CVE-2022-42898: samba: heimdal: Samba buffer overflow
    vulnerabilities on 32-bit systems; (bso#15203); (bsc#1205126).
- Update to 4.15.11
  * Allow rebuild of Centos 8 images after move to vault for
    Samba 4.15; (bso#15193).
  * CVE-2022-3437: samba: Buffer overflow in Heimdal unwrap_des3();
    (bso#15134); (bsc#1204254)
- Update to 4.15.10
  * Possible use after free of connection_struct when iterating
    smbd_server_connection->connections; (bso#15128);
    (bsc#1200102).
  * smbXsrv_connection_shutdown_send result leaked; (bso#15174).
  * Spotlight RPC service returns wrong response when Spotlight
    is disabled on a share; (bso#15086).
  * acl_xattr VFS module may unintentionally use filesystem
    permissions instead of ACL from xattr; (bso#15126).
  * Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1;
    (bso#15153).
  * assert failed: !is_named_stream(smb_fname)"/) at
    ../../lib/util/fault.c:197; (bso#15161).
  * Missing READ_LEASE break could cause data corruption;
    (bso#15148).
  * rpcclient can crash using setuserinfo(2); (bso#15124).
  * Samba fails to build with glibc 2.36 caused by including
    <sys/mount.h> in libreplace; (bso#15132).
  * SMB1 negotiation can fail to handle connection errors;
    (bso#15152).
  * samba-tool domain join segfault when joining a samba ad
    domain; (bso#15078).
- Update to 4.15.9
  * CVE-2022-32742:SMB1 code does not correct verify SMB1write,
    SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
    (bsc#1201496).
  * CVE-2022-32746: samba: Use-after-free occurring in database
    audit logging; (bso#15009); (bso#15096); (bsc#1201490).
  * CVE-2022-2031: samba, ldb: AD users can bypass certain
    restrictions associated with changing passwords; (bso#15047);
    (bsc#1201495);
  * CVE-2022-32745: samba: ldb: AD users can crash the server
    process with an LDAP add or modify request; (bso#15008);
    (bso#15096); (bsc#1201492).
  * CVE-2022-2031: samba, ldb: AD users can bypass certain
    restrictions associated with changing passwords; (bso#15047);
    (bsc#1201495);
  * CVE-2022-32744: samba, ldb: AD users can forge password change
    requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- CVE-2022-1615: Do not ignore errors in random number generation;
  (bso#15103); (bsc#1202976);
- CVE-2022-32743: Implement validated dnsHostName write rights;
  (bso#14833); (bsc#1202803);
- Fix Use after free when iterating
  smbd_server_connection->connections after tree disconnect
  failure; (bso#15128); (bsc#1200102).
smdba
- Version 1.7.11
  * fix config update from wal_keep_segments to wal_keep_size for
    newer postgresql versions (bsc#1204519)
spacecmd
- version 4.2.21-1
  * Prevent string api parameters to be parsed as dates if not in
    ISO-8601 format (bsc#1205759)
  * Add python-dateutil dependency, required to process date values in
    spacecmd api calls
  * Correctly understand 'ssm' keyword on scap scheduling
  * Fix dict_keys not supporting indexing in systems_setconfigchannelorger
spacewalk-admin
- version 4.2.13-1
  * Generate uyuni_roster.conf with salt-secrets-config (bsc#1200096)
spacewalk-backend
- version 4.2.26-1
  * Fix reposync error about missing "/content-type"/ key when syncing certain channels
  * Compute headers as list of two-tuples to be used by url grabber (bsc#1205523)
  * Updated logrotate configuration (bsc#1206470)
  * Add 'octet-stream' to accepted content-types for reposync mirrorlists
  * Exclude invalid mirror urls for reposync (bsc#1203826)
  * do not fetch mirrorlist when a file url is given
  * Keep older module metadata files in database (bsc#1201893)
  * Removed the activation keys report from the debug information
spacewalk-certs-tools
- version 4.2.19-1
  * some i18n functions moved to new module which needs to be loaded
    (bsc#1201142)
  * Generated bootstrap scripts installs all needed Salt 3004 dependencies
    for Ubuntu 18.04 (bsc#1204517)
spacewalk-client-tools
- version 4.2.22-1
  * Update translation strings
spacewalk-java
- version 4.2.47-1
  * Use uyuni roster salt module instead of flat roster files (bsc#1200096)
- version 4.2.46-1
  * Fix registration with proxy and tunnel SSH (bsc#1200096)
- version 4.2.45-1
  * Add 'none' matcher to CLM AppStream filters (bsc#1206817)
  * Improve logs when sls action chain file is missing
  * Do not forward ssh command if proxy and tunnel are present (bsc#1200096)
  * Fix not being able to delete CLM environment if there are custom child
    channels that where not built by the environment (bsc#1206932)
  * Include missing 'gpg' states to avoid issues on SSH minions.
  * Optimize the number of salt calls on minion startup (bsc#1203532)
  * Fix CVE Audit ignoring errata in parent channels if patch in successor
    product exists (bsc#1206168)
  * Fix CVE Audit incorrectly displaying predecessor product (bsc#1205663)
  * Fix modular channel check during system update via XMLRPC (bsc#1206613)
  * Trigger a package profile update when a new live-patch is installed (bsc#1206249)
  * prevent ISE on activation key page when selected base channel value is null
  * Only remove product catalog if PAYG ssh credentials are defined (bsc#1205943)
  * Updated logrotate configuration (bsc#1206470)
  * Limit changelog data in generated metadata to 20 entries
  * Fix CLM to not remove necessary packages when filtering erratas (bsc#1195979)
  * check for NULL in DEB package install size value
  * Allowed cancelling pending actions with a failed prerequisite (bsc#1204712)
  * disable cloned vendor channel auto selection by default (bsc#1204186)
  * adapt permissions of temporary ssh key directory
  * format results for package, errata and image build actions in
    system history similar to state apply results
  * Fix ClassCastException
  * Run only minion actions that are in the pending status (bsc#1205012)
  * Manager reboot in transactional update action chain (bsc#1201476
  * Optimize performance of config channels operations for UI and API (bsc#1204029)
  * Don't add the same channel twice in the System config addChannel API (bsc#1204029)
  * fix xmlrpc call randomly failing with translation error (bsc#1203633)
  * Optimize action chain processing on job return event (bsc#1203532)
  * Re-calculate salt event queue numbers on restart
  * Fix out of memory error when building a CLM project (bsc#1202217)
  * Process salt events in FIFO order (bsc#1203532)
  * Remove 'SSM' column text where not applicable (bsc#1203588)
  * Fix rendering of ssm/MigrateSystems page (bsc#1204651)
  * Pass mgr_sudo_user pillar on salt ssh client cleanup (bsc#1202093)
  * Deny packages from older module metadata when building CLM projects (bsc#1201893)
  * Refresh pillar data for the assigned systems when a CLM channel is built (bsc#1200169)
  * delay hardware refresh action to avoid missing channels (bsc#1204208)
- version 4.2.44-1
  * Changed proxy settings retrieval to not include password (bsc#1205339)
spacewalk-search
- version 4.2.9-1
  * Updated logrotate configuration (bsc#1206470)
spacewalk-web
- version 4.2.32-1
  * Add 'none' matcher to CLM AppStream filters (bsc#1206817)
  * fix frontend logging in react pages
  * Add bugzilla references to past security fixes
  * shell-quote fix CVE-2021-42740 (bsc#1203287)
  * moment fix CVE-2022-31129 (bsc#1203288)
- version 4.2.31-1
  * Prevent proxy data from being logged (bsc#1205339)
sqlite3
- bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch:
  relying on --safe for execution of an untrusted CLI script
sudo
- Added sudo-CVE-2023-22809.patch
  * CVE-2023-22809
  * bsc#1207082
  * Prevent '--' in the EDITOR environment variable which can allow
    users to edit sensitive files as root.
- Added sudo-utf8-ldap-schema.patch
  * Change sudo-ldap schema from ASCII to UTF8.
  * Fixes bsc#1197998
  * Credit to William Brown <william.brown@suse.com>
  * https://github.com/sudo-project/sudo/pull/163
- Added sudo-observe-SIGCHLD.patch
  * Make sure SIGCHLD is not ignored when sudo is executed; fixes
    race condition.
  * bsc#1203201
  * Sourced from https://github.com/sudo-project/sudo/commit/727056e
- Added sudo-CVE-2022-43995.patch
  * CVE-2022-43995
  * bsc#1204986
  * Fixed a potential heap-based buffer over-read when entering a password
    of seven characters or fewer and using the crypt() password backend.
- Fixed an issue where some redundant entries in a sudo configuration
  file caused freed memory to be accessed in the error message thus
  wrong information was output in the error message.
  * [bsc#1190818]
  * Added [sudo-1.9.5p2-no_free_alias_name.patch]
    Sourced from the following git commit hashes:
    | 9ed14870c Add garbage collection to the sudoers parser to clean
    up on error. This makes it possible to avoid memory leaks when
    there is a parse error.
    | bdb02b1ef Got back to calling alias_free() on alias_add() failure.
    We now need to remove the name and members from the leak list
  * before* calling alias_add() since alias_add() will consume them
    for both success and failure.
    | b4cabdb39 Don't free the alias name in alias_add() if the alias
    already exists. We need to be able to display it using
    alias_error(). Only free what we actually allocated in alias_add()
    on error and let the caller handle cleanup.  Note that we cannot
    completely fill in the alias until it is inserted.  Otherwise,
    we will have modified the file and members parameters even if
    there was an error. As a result, we have to remove those from the
    leak list after alias_add(), not before.
supportutils
- Added lifecycle information (issue#140)
- Changes to version 3.1.21
  + Added type output with df command in fs-diskio.txt (issue#141)
  + Gather all files in /etc/security/limits.d/ (issue#142)
  + Fixed KVM virtualization detection on bare metal (bsc#1184689)
  + Added logging using journalctl (bsc#1200330)
  + Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818)
  + Added system logging configuration and checking in messages_config.txt (issue#103)
  + If rsyslog not installed collect more from journalctl (issue#120)
  + Added systemd-status.txt for the status of all service units (issue#125)
  + autofs includes files in (+dir:<path>) (issue#111)
  + Get current sar data before collecting files (bsc#1192648)
  + Collects everything in /etc/multipath/ (bsc#1192252)
  + Collects power management information in hardware.txt (bsc#1197428)
  + Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337)
  + Fixed conf_files and conf_text_files so y2log is gathered (issue#134, bsc#1202269)
  + Update to nvme_info and block_info #133 (bsc#1202417)
  + Added IO scheduler (issue#136)
  + Added includedir directories from /etc/sudoers (bsc#1188086)
- Added a listing to /dev/mapper/. #129
supportutils-plugin-susemanager
- version 4.2.5-1
  * Added dependency for XML Simple
  * update susemanager plugin to export the number of pending salt events
suse-build-key
- Establish multiple new 4096 RSA keys that we will switch
  to mid of 2023. (jsc#PED-2777)
  - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SLE (RPM+repos).
  - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserver key for SLE (RPM+repos).
  - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF RPMs.
  - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem:
    new RSA 4096 key for the SUSE registry registry.suse.com, installed as
    suse-container-key-2023.pem and suse-container-key-2023.asc
  - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem:
    New PTF container signing key for registry.suse.com/ptf/ space.
- added /usr/share/pki/containers directory for container pem keys
  (cosign/sigstore style), put our PEM key there too (bsc#1204706)
susemanager
- version 4.2.40-1
  * Add mgr-salt-ssh wrapper to use with uyuni roster Salt module (bsc#1200096)
- version 4.2.39-1
  * fix bootstrap repo path for SLES for SAP 12 (bsc#1207141)
  * make venv-salt-minion optional for SUSE Manager Proxy 4.2
    bootstrap repository (bsc#1206933)
  * show RHEL target for bootstrap repo creation only if it is
    really connected to the CDN (bsc#1206861)
  * add python3-extras to bootstrap repo as dependency of
    python3-libxml2, optional SLES 15 does not have it and it
    is only required on SP4 or greater (bsc#1204437)
susemanager-build-keys
- Version 15.3.6
  * Add rpmlintrc configuration, so "/W: backup-file-in-package"/ for
    the keyring is ignored. We do not ship backup files, but we own them
    because they are created each time gpg is called, and we want them
    removed if the package is removed
- Added:
  - uyuni-build-keys.rpmlintrc
susemanager-doc-indexes
- Include RHEL7 in Salt 3000 to Salt Bundle migration section of the
  Client Configuration Guide
- Update Salt Bundle guide as Salt Bundle is now the default
  registration method
- Re-added statement about Cobbler support in Reference Guide and Client
  Configuration Guide (bsc#1206963)
- Added information about java.salt_event_thread_pool_size in Large
  Deployments Guide
- Added information about GPG key usage in the Debian section of the
  Client Configuration Guide
- Updated default number of changelog entries in Administration Guide
- Include migration guide from Salt 3000 to Bundle for SUSE Linux
  Enterprise 12 and CentOS7 in Troubleshooting Clients
- Removed mentions to ABRT in Reference Guide
- Extended note about using Salt SSH with Salt Bundle in 4.2
- Fixed Liberty Linux client tools label in Client Configuration
  Guide
susemanager-docs_en
- Include RHEL7 in Salt 3000 to Salt Bundle migration section of the
  Client Configuration Guide
- Update Salt Bundle guide as Salt Bundle is now the default
  registration method
- Re-added statement about Cobbler support in Reference Guide and Client
  Configuration Guide (bsc#1206963)
- Added information about java.salt_event_thread_pool_size in Large
  Deployments Guide
- Added information about GPG key usage in the Debian section of the
  Client Configuration Guide
- Updated default number of changelog entries in Administration Guide
- Include migration guide from Salt 3000 to Bundle for SUSE Linux
  Enterprise 12 and CentOS7 in Troubleshooting Clients.
- Removed mentions to ABRT in Reference Guide
- Extended note about using Salt SSH with Salt Bundle in 4.2
- Fixed Liberty Linux client tools label in Client Configuration
  Guide
susemanager-schema
- version 4.2.27-1
  * Add created and modified fields to suseMinionInfo to make
    uyuni roster module cache validation more accurate (bsc#1200096)
- version 4.2.26-1
  * Add 'none' matcher to CLM AppStream filters (bsc#1206817)
  * Increase cron_expr varchar length to 120 in suseRecurringAction
    table (bsc#1205040)
  * Keep older module metadata files in database (bsc#1201893)
  * Fix setting of last modified date in channel clone procedure
susemanager-sls
- version 4.2.31-1
  * Flush uyuni roster cache if the config has changed
  * Implement uyuni roster module for Salt (bsc#1200096)
- version 4.2.30-1
  * Fix dnf plugin path calculation when using Salt Bundle (bsc#1208335)
- version 4.2.29-1
  * Improve _mgractionchains.conf logs
  * Prevent possible errors from "/mgractionschains"/ module when there is no action chain to resume.
  * Fix mgrnet custom module to be compatible with old Python 2.6 (bsc#1206979) (bsc#1206981)
  * Fix custom "/mgrcompat.module_run"/ state module to work with Salt 3005.1
  * filter out libvirt engine events (bsc#1206146)
  * Optimize the number of salt calls on minion startup (bsc#1203532)
  * Updated logrotate configuration (bsc#1206470)
  * Make libvirt-events.conf path depend on what minion is used (bsc#1205920)
  * Fix kiwi inspect regexp to allow image names with "/-"/ (bsc#1204541)
  * Avoid installing recommended packages from assigned products (bsc#1204330)
  * Manager reboot in transactional update action chain (bsc#1201476)
  * Use the actual sudo user home directory for salt ssh
    clients on bootstrap and clean up (bsc#1202093)
  * Perform refresh with packages.pkgupdate state (bsc#1203884)
susemanager-sync-data
- version 4.2.14-1
  * add SLES15 SP3 LTSS
systemd
- Fix systemd-coredump to not allow user to access coredumps with changed
  uid/gid/capabilities (bsc#1205000 CVE-2022-4415)
  Add 5000-coredump-Fix-format-string-type-mismatch.patch
  Add 5001-coredump-drop-an-unused-variable.patch
  Add 5002-coredump-adjust-whitespace.patch
  Add 5003-coredump-do-not-allow-user-to-access-coredumps-with-.patch
- Import commit b83846dc8a5db633cc6cf05a33ddc054f725214e
  4d53a5440f udev/net_id: show the correct identifier in the debug output of dev_pci_onboard()
  f70647a7b7 udev/net_id: add debug logging for construction of device names
  48f40fbc8e pid1: set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857)
  7e4434d883 docs: $SYSTEMD_NSS_BYPASS_BUS is not honoured anymore, don't document it
  2bdfc2d8cf pid1: lookup owning PID of BusName= name of services asynchronously
  dba888a4d3 pid1: watch bus name always when we have it
  f524807b89 udev: add one more assertion
  8558101c73 udev: drop assertion which is always false
  566a66dc5c udev: support by-path devlink for multipath nvme block devices (bsc#1200723)
  b4c4edaada tests: minor simplification in test-execute
  76d510c625 tests: make test-execute pass on openSUSE
- Drop the following patches which are part of 'SUSE/v246' now:
    6000-udev-net_id-add-debug-logging-for-construction-of-de.patch
    6001-udev-net_id-show-the-correct-identifier-in-the-debug.patch
- 80-hotplug-cpu-mem.rules: restrict cpu rule to x86_64 (bsc#1204423)
  Also update the rule files to make use of the "/CONST{arch}"/ syntax (available
  since v244).
- Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2
  42a26330fc time-util: fix buffer-over-run (bsc#1204968 CVE-2022-3821)
  8a70235d8a core: Add trigger limit for path units
  93e544f3a0 core/mount: also add default before dependency for automount mount units
  5916a7748c logind: fix crash in logind on user-specified message string
- Add 1010-man-describe-the-net-naming-schemes-specific-to-SLE.patch (bsc#1204179)
tar
- Fix CVE-2022-48303, tar has a one-byte out-of-bounds read that
  results in use of uninitialized memory for a conditional jump
  (CVE-2022-48303, bsc#1207753)
  * fix-CVE-2022-48303.patch
- Fix hang when unpacking test tarball, bsc#1202436
  * remove bsc1202436.patch
  * bsc1202436-1.patch
  * bsc1202436-1.patch
- Fix hang when unpacking test tarball, bsc#1202436
  * bsc1202436.patch
- Fix unexpected inconsistency when making directory, bsc#1203600
  * tar-avoid-overflow-in-symlinks-tests.patch
  * tar-fix-extract-unlink.patch
- Update race condition fix, bsc#1200657
  * tar-fix-race-condition.patch
- Refresh bsc1200657.patch
tcl
- [bsc#1206623], tcl-string-compare.patch:
  Fix [string compare -length] on big endian and improve
  [string equal] on little endian.
- Fix a race condition in test socket-13.1
  (tcl-test-socket-13.1.patch).
- Remove the SQLite extension and package it as a subpackage of
  sqlite3 to have only a single copy and keep it more up to date
  (bsc#1195773).
- Clean up the lib dependencies in tclConfig.sh and tcl.pc.
timezone
- timezone update 2022g (bsc#1177460):
  * In the Mexican state of Chihuahua, the border strip near the US
    will change to agree with nearby US locations on 2022-11-30.
    The strip's western part, represented by Ciudad Juárez, switches
    from -06 all year to -07/-06 with US DST rules, like El Paso, TX.
    The eastern part, represented by Ojinaga, will observe US DST next
    year, like Presidio, TX.
    A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
  * Much of Greenland, represented by America/Nuuk, stops observing
    winter time after March 2023, so its daylight saving time becomes
    standard time.
  * Changes for pre-1996 northern Canada
  * Update to past DST transition in Colombia (1993), Singapore
    (1981)
  * timegm is now supported by default
- timezone update 2022f (bsc#1177460):
  * Mexico will no longer observe DST except near the US border
  * Chihuahua moves to year-round -06 on 2022-10-30
  * Fiji no longer observes DST
  * Move links to 'backward'
  * In vanguard form, GMT is now a Zone and Etc/GMT a link
  * zic now supports links to links, and vanguard form uses this
  * Simplify four Ontario zones
  * Fix a Y2438 bug when reading TZif data
  * Enable 64-bit time_t on 32-bit glibc platforms
  * Omit large-file support when no longer needed
  * In C code, use some C23 features if available
  * Remove no-longer-needed workaround for Qt bug 53071
- Refreshed patches:
  * fat.patch
  * tzdata-china.diff
- timezone update 2022e (bsc#1177460):
  * Jordan and Syria switch from +02/+03 with DST to year-round +03
- timezone update 2022d:
  * Palestine transitions are now Saturdays at 02:00
  * Simplify three Ukraine zones into one
- timezone update 2022c:
  * Work around awk bug
  * Improve tzselect on intercontinental Zones
- timezone update 2022b:
  * Chile's DST is delayed by a week in September 2022 boo#1202324
  * Iran no longer observes DST after 2022
  * Rename Europe/Kiev to Europe/Kyiv
  * New zic -R option
  * Vanguard form now uses %z
  * Finish moving duplicate-since-1970 zones to 'backzone'
- Refresh tzdata-china.diff
- Remove upstreamed bsc1202310.patch
util-linux
- Fix tests not passing when '@' character is in build path:
  Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
- Add util-linux-fix-tests-when-at-symbol-in-path.patch
- libuuid continuous clock handling for time based UUIDs:
  Prevent use of the new libuuid ABI by uuidd %post before update
  of libuuid1 (bsc#1205646).
- util-linux-uuidd-prevent-root-owning.patch: Use chown --quiet
  to prevent error message if /var/lib/libuuid/clock.txt does not
  exist.
- Fix file conflict during upgrade (boo#1204211).
- libuuid improvements (bsc#1201959, PED-1150):
  * libuuid: Fix range when parsing UUIDs
    (util-linux-libuuid-uuid_parse-overrun.patch).
  * Improve cache handling for short running applications-increment
    the cache size over runtime
    (util-linux-libuuid-improve-cache-handling.patch).
  * Implement continuous clock handling for time based UUIDs
    (util-linux-libuuid-continuous-clock-handling.patch).
  * Check clock value from clock file to provide seamless libuuid
    update (util-linux-libuuid-check-clock-value.patch).
util-linux-systemd
- libuuid continuous clock handling for time based UUIDs:
  Prevent use of the new libuuid ABI by uuidd %post before update
  of libuuid1 (bsc#1205646).
- util-linux-uuidd-prevent-root-owning.patch: Use chown --quiet
  to prevent error message if /var/lib/libuuid/clock.txt does not
  exist.
- Fix file conflict during upgrade (boo#1204211).
- libuuid improvements (bsc#1201959, PED-1150):
  * libuuid: Fix range when parsing UUIDs
    (util-linux-libuuid-uuid_parse-overrun.patch).
  * Improve cache handling for short running applications-increment
    the cache size over runtime
    (util-linux-libuuid-improve-cache-handling.patch).
  * Implement continuous clock handling for time based UUIDs
    (util-linux-libuuid-continuous-clock-handling.patch).
  * Check clock value from clock file to provide seamless libuuid
    update (util-linux-libuuid-check-clock-value.patch).
uyuni-common-libs
- version 4.2.9-1
  * Fix crash due missing "/context_manager"/ when running
    salt-secrets-config service (bsc#1200096)
- version 4.2.8-1
  * some i18n functions moved to new module which needs to be loaded
    (bsc#1201142)
vim
- Updated to version 9.0 with patch level 1234, fixes the following security problems
  * Fixing bsc#1207396 VUL-0: CVE-2023-0433: vim: Heap-based Buffer Overflow in vim prior to 9.0.1225
  * Fixing bsc#1207162 VUL-1: CVE-2023-0288: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
  * Fixing bsc#1206868 VUL-1: CVE-2023-0054: vim: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
  * Fixing bsc#1206867 VUL-1: CVE-2023-0051: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
  * Fixing bsc#1206866 VUL-1: CVE-2023-0049: vim: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
- refreshed vim-7.4-highlight_fstab.patch
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1040...v9.0.1234
- Updated to version 9.0 with patch level 1040, fixes the following security problems
  * Fixing bsc#1206028 VUL-0: CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742
  * Fixing bsc#1206071 VUL-0: CVE-2022-3520: vim: Heap-based Buffer Overflow
  * Fixing bsc#1206072 VUL-0: CVE-2022-3591: vim: Use After Free
  * Fixing bsc#1206075 VUL-0: CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882.
  * Fixing bsc#1206077 VUL-0: CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
  * Fixing bsc#1205797 VUL-0: CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11
  * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.814...v9.0.1040
- Updated to version 9.0 with patch level 0814, fixes the following problems
  * Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
  * Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483.
  * Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490.
  * Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598.
  * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
  * Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer()
  * Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c
  * Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c
  * Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c
  * Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag()
  * Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
  * Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c
  * Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free
  * Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse()
  * Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321
- ignore-flaky-test-failure.patch: Ignore failure of flaky tests
- disable-unreliable-tests-arch.patch: Removed
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.0313...v9.0.0814
virtual-host-gatherer
- version 1.0.24-1
  * Report total memory of a libvirt hypervisor
  * Improve interoperability with other Python projects
wget
- Update 0001-possibly-truncate-pathname-components.patch
  * Truncate file name even if no directory structure
  * [bsc#1204720]
wicked
- version 0.6.70
- build: Link as Position Independent Executable (bsc#1184124)
- dhcp4: Fix issues in reuse of last lease (bsc#1187655)
- dhcp6: Add option to refresh lease (jsc#SLE-9492,jsc#SLE-24307)
- dhcp6: Remove address before release (USGv6 DHCPv6_1_2_07b)
- dhcp6: Ignore lease release status (USGv6 DHCPv6_1_2_07e,1_3_03)
- dhcp6: Consider ppp interfaces supported (gh#openSUSE/wicked#924)
- team: Fix to configure port priority in teamd (bsc#1200505)
- firewall-ext: No config change on ifdown (bsc#1201053,bsc#118950)
- wireless: Fix SEGV on supplicant restart (gh#openSUSE/wicked#931)
- wireless: Add support for WPA3 and PMF (bsc#1198894)
- wireless: Remove libiw dependencies (gh#openSUSE/wicked#910)
- client: Fix SEGV on empty xpath results (gh#openSUSE/wicked#919)
- client: Add release options to ifdown/ifreload (jsc#SLE-10249)
- dbus: Clear string array before append (gh#openSUSE/wicked#913)
- socket: Fix SEGV on heavy socket restart errors (bsc#1192508)
- systemd: Remove systemd-udev-settle dependency (bsc#1186787)
- version 0.6.69
- redfish: decode smbios and setup host interface
  Add initial support to decode the SMBIOS Management Controller Host
  Interface (Type 42) structure and expose it as wicked `firmware:redfish`
  configuration to setup a Host Network Interface (to the BMC) using the
  `Redfish over IP` protocol allowing access to the Redfish Service (via
  redfish-localhost in /etc/hosts) used to manage the computer system.
  Tech Preview (jsc#SLE-17762).
- buffer: fix size_t length downcast to uint, add guards to init functions
- wireless: fix to not expect colons in 64byte long wpa-psk hex hash string
- xml-schema: reference counting fix to not crash at exit on schema errors
- compat-suse: match sysctl.d /etc vs. /run read order with systemd-sysctl,
  remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5.
- compat-suse: fix reading of sysctl addr_gen_mode to wrong variable
- auto6: fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429)
- removed obsolete patch included in the master sources (bsc#1194392)
  [- 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch]
- dbus: cleanup the dbus-service.h file and unused property macros
  e.g. tso has been split into several features and the
- cleanup: add missing/explicit designated field initializers
- dhcp: support to define and request custom options (bsc#988954),
- utils: fixed last byte formatting in ni_format_hex
- ifconfig: re-add broadcast calculation (bcs#971629).
- version 0.6.27
woodstox
- fix stackoverflow in XML serialization CVE-2022-40152 (bsc#1203521)
  * Added: limit-recursion-for-DTD-parsing-CVE-2022-40152.patch
xen
- Upstream bug fixes (bsc#1027519)
  63624fa6-xenstored-call-remove_domid_from_perm-for-special.patch
  637b5f4f-efifb-ignore-invalid.patch
  63a03e28-x86-high-freq-TSC-overflow.patch
- Re-order some patches back into their proper upstream sequence.
- bsc#1205209 - VUL-0: CVE-2022-23824: xen: x86: Multiple
  speculative security issues (XSA-422)
  636a9130-x86-spec-ctrl-Enumeration-for-IBPB_RET.patch
  636a9130-x86-spec-ctrl-Mitigate-IBPB-not-flushing-the-RSB-RAS.patch
- bsc#1193923 - VUL-1: xen: Frontends vulnerable to backends
  (XSA-376)
  61dd5f64-limit-support-statement-for-Linux-and-Windows-frontends.patch
- bsc#1204482 - VUL-0: CVE-2022-42311, CVE-2022-42312,
  CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316,
  CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let
  xenstored run out of memory (XSA-326)
  xsa326-10.patch (correction)
- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may
  take excessively long (XSA-410)
  63455f82-Arm-P2M-prevent-adding-mapping-when-dying.patch
  63455fa8-Arm-P2M-preempt-when-freeing-intermediate.patch
  63455fc3-x86-p2m_teardown-allow-skip-root-pt-removal.patch
  63455fe4-x86-HAP-monitor-table-error-handling.patch
  63456000-x86-tolerate-sh_set_toplevel_shadow-failure.patch
  6345601d-x86-tolerate-shadow_prealloc-failure.patch
  6345603a-x86-P2M-refuse-new-alloc-for-dying.patch
  63456057-x86-P2M-truly-free-paging-pool-for-dying.patch
  63456075-x86-P2M-free-paging-pool-preemptively.patch
  63456090-x86-p2m_teardown-preemption.patch
- bcs#1203804 - VUL-0: CVE-2022-33747: xen: unbounded memory consumption
  for 2nd-level page tables on ARM systems (XSA-409)
  63456175-libxl-per-arch-extra-default-paging-memory.patch
  63456177-Arm-construct-P2M-pool-for-guests.patch
  6345617a-Arm-XEN_DOMCTL_shadow_op.patch
  6345617c-Arm-take-P2M-pages-P2M-pool.patch
- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in
  transitive grant copy handling (XSA-411)
  634561aa-gnttab-locking-on-transitive-copy-error-path.patch
- Upstream bug fixes (bsc#1027519)
  6306185f-x86-XSTATE-CPUID-subleaf-1-EBX.patch
  6346e404-VMX-correct-error-handling-in-vmx_create_vmcs.patch
  6351095c-Arm-rework-p2m_init.patch
  6351096a-Arm-P2M-populate-pages-for-GICv2-mapping.patch
  635274c0-EFI-dont-convert-runtime-mem-to-RAM.patch
  635665fb-sched-fix-restore_vcpu_affinity.patch
  63569723-x86-shadow-replace-bogus-assertions.patch
- Drop patches replaced by upstream versions:
  xsa410-01.patch
  xsa410-02.patch
  xsa410-03.patch
  xsa410-04.patch
  xsa410-05.patch
  xsa410-06.patch
  xsa410-07.patch
  xsa410-08.patch
  xsa410-09.patch
  xsa410-10.patch
  xsa411.patch
- bsc#1204482 - VUL-0: CVE-2022-42311, CVE-2022-42312,
  CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316,
  CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let
  xenstored run out of memory (XSA-326)
  xsa326-01.patch
  xsa326-02.patch
  xsa326-03.patch
  xsa326-04.patch
  xsa326-05.patch
  xsa326-06.patch
  xsa326-07.patch
  xsa326-08.patch
  xsa326-09.patch
  xsa326-10.patch
  xsa326-11.patch
  xsa326-12.patch
  xsa326-13.patch
  xsa326-14.patch
  xsa326-15.patch
  xsa326-16.patch
- bsc#1204485 - VUL-0: CVE-2022-42309: xen: Xenstore: Guests can
  crash xenstored (XSA-414)
  xsa414.patch
- bsc#1204487 - VUL-0: CVE-2022-42310: xen: Xenstore: Guests can
  create orphaned Xenstore nodes (XSA-415)
  xsa415.patch
- bsc#1204488 - VUL-0: CVE-2022-42319: xen: Xenstore: Guests can
  cause Xenstore to not free temporary memory (XSA-416)
  xsa416.patch
- bsc#1204489 - VUL-0: CVE-2022-42320: xen: Xenstore: Guests can
  get access to Xenstore nodes of deleted domains (XSA-417)
  xsa417.patch
- bsc#1204490 - VUL-0: CVE-2022-42321: xen: Xenstore: Guests can
  crash xenstored via exhausting the stack (XSA-418)
  xsa418-01.patch
  xsa418-02.patch
  xsa418-03.patch
  xsa418-04.patch
  xsa418-05.patch
  xsa418-06.patch
- bsc#1204494 - VUL-0: CVE-2022-42322,CVE-2022-42323: xen:
  Xenstore: cooperating guests can create arbitrary numbers of
  nodes (XSA-419)
  xsa419-01.patch
  xsa419-02.patch
  xsa419-03.patch
- bsc#1204496 - VUL-0: CVE-2022-42325,CVE-2022-42326: xen:
  Xenstore: Guests can create arbitray number of nodes via
  transactions (XSA-421)
  xsa421-01.patch
  xsa421-02.patch
yast2-bootloader
- prevent leak of grub2 password to logs(bsc#1201962)
- 4.3.32
yast2-installation
- AutoYaST SecondStage: Revert changes introduced in 4.3.46 running
  the initscript service before systemd-user-sessions again once
  systemd patched logind (bsc#1195059, bsc#1200780)
- 4.3.55
- Do not restart services when updating the package (bsc#1199480,
  bsc#1200274)
- 4.3.54
- AutoYaST Second Stage: Added a missing dependency to the service
  to prevent getty-autogeneration listen on 5901 port (bsc#1199746)
- 4.3.53
yast2-network
- Fixed issue when writing the NetworkManager config without a
  gateway (bsc#1203866)
- 4.3.86
- Added a class to generate the configuration needed for a FCoE
  device being aware of it during the installation (bsc#1199554)
- 4.3.85
- AY: Added missing route extrapara element to the networking
  section (bsc#1201129)
- 4.3.84
- Allow more than 6 domains in resolver search list (bsc#1200155).
- 4.3.83
yast2-registration
- Import the SSL certificate from the <reg_server_cert> AutoYaST
  data also in the self-update step (bsc#1199091, bsc#1198642)
- 4.3.26
yast2-schema
- Add 'extrapara' to routes in the networking section (bsc#1201129)
- 4.3.31
- Support for flatten and nested "/category_filter"/ element in the
  "/online_update_configuration"/ section (bsc#1198848).
- 4.3.30
zlib
- Follow up fix for bsc#1203652 due to libxml2 breakage
  * bsc1203652-2.patch
- Fix bsc#1203652, inflate() does not update strm.adler if DFLTCC is used
  * bsc1203652.patch