000release-packages:SLE-Micro-release
n/a
blog
- Add patch blog.dif
  * Fix big endian cast problems to be able to read commands
    and ansers (blogctl) as well as passphrases (blogd)
btrfsprogs
- keep fd open during until all devices are open (bsc#1207225)
  * btrfs-progs-mkfs-keep-file-descriptors-open-during-whole-time.patch
  * btrfs-progs-mkfs-run-device-preparation-in-parallel.patch
ca-certificates-mozilla
- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
  Added:
  - Atos TrustedRoot Root CA ECC G2 2020
  - Atos TrustedRoot Root CA ECC TLS 2021
  - Atos TrustedRoot Root CA RSA G2 2020
  - Atos TrustedRoot Root CA RSA TLS 2021
  - BJCA Global Root CA1
  - BJCA Global Root CA2
  - LAWtrust Root CA2 (4096)
  - Sectigo Public Email Protection Root E46
  - Sectigo Public Email Protection Root R46
  - Sectigo Public Server Authentication Root E46
  - Sectigo Public Server Authentication Root R46
  - SSL.com Client ECC Root CA 2022
  - SSL.com Client RSA Root CA 2022
  - SSL.com TLS ECC Root CA 2022
  - SSL.com TLS RSA Root CA 2022
  Removed CAs:
  - Chambers of Commerce Root
  - E-Tugra Certification Authority
  - E-Tugra Global Root CA ECC v3
  - E-Tugra Global Root CA RSA v3
  - Hongkong Post Root CA 1
cloud-netconfig
- Update to version 1.8:
  + Fix Azure metadata check (bsc#1214715)
  + Fix cleanup on ifdown
crypto-policies
- Update the update-crypto-policies(8) man pages and README.SUSE
  to mention the supported back-end policies. [bsc#1209998]
curl
- Security fix: [bsc#1215026, CVE-2023-38039]
  * http: return error when receiving too large header
  * Add curl-CVE-2023-38039.patch

- Security fix: [bsc#1213237, CVE-2023-32001]
  * fopen race condition: libcurl can be told to save cookie,
    HSTS and/or alt-svc data to files. When doing this, it
    called 'stat()' followed by 'fopen()' in a way that made
    it vulnerable to a TOCTOU race condition problem.
  * Add curl-CVE-2023-32001.patch
dbus-1
- Sometimes unprivileged users were able to crash dbus-daemon
  (CVE-2023-34969, bsc#1212126)
  * fix-upstream-CVE-2023-34969.patch
docker
- update to Docker 24.0.5-ce. See upstream changelong online at
  <https://docs.docker.com/engine/release-notes/24.0/#2405>. bsc#1213229

- Update to Docker 24.0.4-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500

- Update to Docker 24.0.3-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120
- Rebase patches:
  * cli-0001-docs-include-required-tools-in-source-tree.patch

- Recommend docker-rootless-extras instead of Require(ing) it, given
  it's an additional functionality and not inherently required for
  docker to function.

- Add docker-rootless-extras subpackage
  (https://docs.docker.com/engine/security/rootless)

- Update to Docker 24.0.2-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368
  * Includes the upstreamed fix for the mount table pollution issue.
    bsc#1210797
- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
  being provided by this package.
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * cli-0001-docs-include-required-tools-in-source-tree.patch
transactional-update
- Version 4.1.3
  - Suppress SELinux relabelling output in quiet mode
  - Documentation readability improvements

- Version 4.1.2
  - Don't try to mount user mounts if they don't exist [boo#1207366]

- Version 4.1.1
  - Mount user specific binddirs last: Prevously the internal mounts would
    potentially overwrite user bind mounts [boo#1205011]
  - selinux: Relabel shadowed /var files during update to make sure they
    don't interfere with the update [boo#1205937]
  - Clean up /var/lib/overlay more aggressively [boo#1206947]
  - tukit: Merge /etc overlay into parent if --discard is used together
    with --continue - previously the files were incorrectly always merged
    with the currently running system
  - status: do not execute the status command if experimental
  - Don't delete created mount point dirs any more
  - Small code optimizations

- Version 4.1.0
  - t-u: Add a "setup-kdump" command; implements [jsc#PED-1441]
  - Export TRANSACTIONAL_UPDATE_ROOT (the path to the snapshot) in
    the update environment; implements [jsc#PED-1078]
  - Add support for "notify" reboot method for desktop use
    [gh#openSUSE/transactional-update#93]
  - Fix kdump initrd recreation detection; the check was performed in the
    active snapshot instead of the target snapshot
  - Document register command [bsc#1202900]
  - Avoid unnecessary snapshots for register command [bsc#1202901]
  - Various optimizations for register command
  - Remove bogus error message when triggering reboot
  - Rework /etc overlay documentation in "The Transactional Update Guide"
  - Fix incorrect manpage formatting
  - Remove leftover "salt" reboot method in configuration example file
  - Replace deprecated std::mem_fn with lambdas

- Migration of logrotate configuration to /usr/etc: Saving user
  changed configuration files in /etc and restoring them while
  an RPM update.
dracut
- Update to version 055+suse.347.gdcb9bdbf:
  * fix(dracut-install): protect against broken links pointing to themselves
  * fix(dracut.sh): exit if resolving executable dependencies fails (bsc#1214081)

- Update to version 055+suse.344.g3d5cd8fb:
  * fix(dracut-install): continue parsing if ldd prints "cannot execute binary file" (bsc#1212662)
gawk
- format-tree-positional-arg.patch: Validate index into argument list
  (CVE-2023-4156, bsc#1214025)
glibc
- gb18030-2022.patch: add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)

- nscd-netlink-cache-invalidation.patch: nscd: Fix netlink cache
  invalidation if epoll is used (bsc#1212910, BZ #29415)

- nss-files-hosts-v4mapped.patch: Restore lookup of IPv4 mapped addresses
  in files database (bsc#1212819, BZ #25457)

- remove-excessive-p-align-check.patch: elf: Remove excessive p_align
  check on PT_LOAD segments (bsc#1211829, BZ #28688)
- segment-align.patch: elf: Properly align PT_LOAD segments (bsc#1211829,
  BZ #28676)
- ld-so-always-use-map-copy.patch: ld.so: Always use MAP_COPY to map the
  first segment (BZ #30452)

- resolv-conf-lock.patch: resolv_conf: release lock on allocation failure
  (bsc#1211828, BZ #30527)

- ulp-prologue-into-asm-functions.patch: Add support for livepatches
  in ASM written functions (bsc#1211726)

- getlogin-no-loginuid.patch: getlogin_r: fix missing fallback if loginuid
  is unset (bsc#1209229, BZ #30235)

- Exclude static archives from preparation for live patching (bnc#1208721)
hwinfo
- avoid linking problems with libsamba (bsc#1212756)
- 21.85
kernel-default
- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
- commit 47ff352

- cpufreq: Fix the race condition while updating the
  transition_task of policy (git-fixes).
- rpmsg: glink: Add check for kstrdup (git-fixes).
- leds: turris-omnia: Drop unnecessary mutex locking (git-fixes).
- leds: trigger: tty: Do not use LED_ON/OFF constants, use
  led_blink_set_oneshot instead (git-fixes).
- leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always
  false (git-fixes).
- leds: multicolor: Use rounded division when calculating color
  components (git-fixes).
- leds: pwm: Fix error code in led_pwm_create_fwnode()
  (git-fixes).
- docs: printk-formats: Fix hex printing of signed values
  (git-fixes).
- commit 1c98d58

- sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes).
- sched/fair: Fix inaccurate tally of ttwu_move_affine (git
  fixes).
- commit 4be7d48

- USB: core: Fix oversight in SuperSpeed initialization
  (bsc#1213123 CVE-2023-37453).
- commit 6b6c148

- blacklist.conf: Not a fix, relatively high risk of performance regression
- commit fd04425

- USB: core: Fix race by not overwriting udev->descriptor in
  hub_port_init() (bsc#1213123 CVE-2023-37453).
- commit a1f446d

- USB: core: Unite old scheme and new scheme descriptor reads
  (bsc#1213123 CVE-2023-37453).
- commit 9f60ef1

- Refresh
  patches.suse/0002-nvme-tcp-fix-potential-unbalanced-freeze-unfreeze.patch.
- Refresh
  patches.suse/0003-nvme-rdma-fix-potential-unbalanced-freeze-unfreeze.patch.
- commit 452e63f

- scsi: RDMA/srp: Fix residual handling (git-fixes)
- commit 429e77b

- RDMA/efa: Fix wrong resources deallocation order (git-fixes)
- commit c7f667b

- RDMA/siw: Correct wrong debug message (git-fixes)
- commit 3732fc1

- RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes)
- commit 9281d22

- Revert "IB/isert: Fix incorrect release of isert connection" (git-fixes)
- commit 1b277c9

- RDMA/irdma: Prevent zero-length STAG registration (git-fixes)
- commit e55bab1

- IB/uverbs: Fix an potential error pointer dereference (git-fixes)
- commit 0e5f5fb

- RDMA/hns: Fix CQ and QP cache affinity (git-fixes)
- commit fee7fe7

- RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes)
- commit 988bb43

- RDMA/hns: Fix port active speed (git-fixes)
- commit f1ca0f2

- RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes)
- commit dd0f3ab

- RDMA/irdma: Replace one-element array with flexible-array member (git-fixes)
- commit e8addea

- RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes)
- commit c2623e0

- RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes)
- commit c6f50a4

- IB/hfi1: Fix possible panic during hotplug remove (git-fixes)
- commit 632a598

- RDMA/umem: Set iova in ODP flow (git-fixes)
- commit ec8b3f4

- RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes)
- commit 1ff5e5f

- dmaengine: ste_dma40: Add missing IRQ check in d40_probe
  (git-fixes).
- dmaengine: idxd: Modify the dependence of attribute
  pasid_enabled (git-fixes).
- phy/rockchip: inno-hdmi: do not power on rk3328 post pll on
  reg write (git-fixes).
- phy/rockchip: inno-hdmi: round fractal pixclock in rk3328
  recalc_rate (git-fixes).
- phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328
  (git-fixes).
- mtd: rawnand: fsmc: handle clk prepare error in
  fsmc_nand_resume() (git-fixes).
- mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes).
- mtd: rawnand: brcmnand: Fix potential out-of-bounds access in
  oob write (git-fixes).
- mtd: rawnand: brcmnand: Fix crash during the panic_write
  (git-fixes).
- mtd: rawnand: brcmnand: Fix potential false time out warning
  (git-fixes).
- mtd: spi-nor: Check bus width while setting QE bit (git-fixes).
- HID: wacom: remove the battery when the EKR is off (git-fixes).
- HID: logitech-dj: Fix error handling in
  logi_dj_recv_switch_to_dj_mode() (git-fixes).
- HID: multitouch: Correct devm device reference for hidinput
  input_dev name (git-fixes).
- media: i2c: rdacm21: Fix uninitialized value (git-fixes).
- media: i2c: ccs: Check rules is non-NULL (git-fixes).
- media: ov2680: Fix regulators being left enabled on
  ov2680_power_on() errors (git-fixes).
- media: ov2680: Fix ov2680_set_fmt() which ==
  V4L2_SUBDEV_FORMAT_TRY not working (git-fixes).
- media: ov2680: Add ov2680_fill_format() helper function
  (git-fixes).
- media: ov2680: Don't take the lock for try_fmt calls
  (git-fixes).
- media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes).
- media: ov2680: Fix vflip / hflip set functions (git-fixes).
- media: ov2680: Fix ov2680_bayer_order() (git-fixes).
- media: ov5640: Enable MIPI interface in ov5640_set_power_mipi()
  (git-fixes).
- media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking
  interrupts (git-fixes).
- media: venus: hfi_venus: Only consider sys_idle_indicator on V1
  (git-fixes).
- media: go7007: Remove redundant if statement (git-fixes).
- media: rkvdec: increase max supported height for H.264
  (git-fixes).
- media: cx24120: Add retval check for cx24120_message_send()
  (git-fixes).
- media: dvb-usb: m920x: Fix a potential memory leak in
  m920x_i2c_xfer() (git-fixes).
- media: dib7000p: Fix potential division by zero (git-fixes).
- drivers: usb: smsusb: fix error handling code in
  smsusb_init_device (git-fixes).
- media: v4l2-core: Fix a potential resource leak in
  v4l2_fwnode_parse_link() (git-fixes).
- media: i2c: tvp5150: check return value of devm_kasprintf()
  (git-fixes).
- media: ad5820: Drop unsupported ad5823 from i2c_ and
  of_device_id tables (git-fixes).
- fbdev: Update fbdev source file paths (git-fixes).
- amba: bus: fix refcount leak (git-fixes).
- dma-buf/sync_file: Fix docs syntax (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
  (git-fixes).
- driver core: test_async: fix an error code (git-fixes).
- Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes).
- Documentation: devices.txt: Remove ttySIOC* (git-fixes).
- Documentation: devices.txt: Remove ttyIOC* (git-fixes).
- serial: sc16is7xx: fix bug when first setting GPIO direction
  (git-fixes).
- serial: sc16is7xx: fix broken port 0 uart init (git-fixes).
- serial: tegra: handle clk prepare error in tegra_uart_hw_init()
  (git-fixes).
- serial: sprd: Fix DMA buffer leak issue (git-fixes).
- serial: sprd: Assign sprd_port after initialized to avoid
  wrong access (git-fixes).
- usb: typec: tcpm: set initial svdm version based on pd revision
  (git-fixes).
- usb: dwc3: meson-g12a: do post init to fix broken usb after
  resumption (git-fixes).
- USB: gadget: f_mass_storage: Fix unused variable warning
  (git-fixes).
- usb: phy: mxs: fix getting wrong state with
  mxs_phy_is_otg_host() (git-fixes).
- usb: chipidea: imx: improve logic if samsung,picophy-* parameter
  is 0 (git-fixes).
- platform/x86: dell-sysman: Fix reference leak (git-fixes).
- commit 729e789

- target: compare and write backend driver sense handling
  (bsc#1177719 bsc#1213026).
- Refresh patches.suse/target-rbd-support-COMPARE_AND_WRITE.patch.
- commit a2ae103

- bus: ti-sysc: Fix cast to enum warning (git-fixes).
- commit 586e58b

- Add cherry-picked if to fbdev patch
- commit 32815f6

- ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360
  15-eu0xxx (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable
  mute LED (git-fixes).
- commit 2c05a9a

- ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes).
- commit 3ba2db1

- PCI: microchip: Remove cast between incompatible function type
  (git-fixes).
- PCI: meson: Remove cast between incompatible function type
  (git-fixes).
- PCI: microchip: Correct the DED and SEC interrupt bit offsets
  (git-fixes).
- PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes).
- wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes).
- wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes).
- PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes).
- pinctrl: cherryview: fix address_space_handler() argument
  (git-fixes).
- pinctrl: mcp23s08: check return value of devm_kasprintf()
  (git-fixes).
- ipmi_si: fix a memleak in try_smi_init() (git-fixes).
- ipmi:ssif: Fix a memory leak when scanning for an adapter
  (git-fixes).
- ipmi:ssif: Add check for kstrdup (git-fixes).
- firmware: meson_sm: fix to avoid potential NULL pointer
  dereference (git-fixes).
- firmware: cs_dsp: Fix new control name check (git-fixes).
- fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
  (git-fixes).
- PCI: acpiphp: Use pci_assign_unassigned_bridge_resources()
  only for non-root bus (git-fixes).
- PCI: acpiphp: Reassign resources on bridge if necessary
  (git-fixes).
- commit 10e5d93

- drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes).
- drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes).
- dt-bindings: clocks: imx8mp: make sai4 a dummy clock
  (git-fixes).
- dt-bindings: clock: xlnx,versal-clk: drop select:false
  (git-fixes).
- dt-bindings: crypto: ti,sa2ul: make power-domains conditional
  (git-fixes).
- drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes).
- drm/msm/mdp5: Don't leak some plane state (git-fixes).
- drm/msm: Update dev core dump to not print backwards
  (git-fixes).
- drm/etnaviv: fix dumping of active MMU context (git-fixes).
- drm/amd/pm: fix variable dereferenced issue in
  amdgpu_device_attr_create() (git-fixes).
- drm/mediatek: Fix potential memory leak if vmap() fail
  (git-fixes).
- drm/mediatek: Fix dereference before null check (git-fixes).
- drm/panel: simple: Add missing connector type and pixel format
  for AUO T215HVN01 (git-fixes).
- drm/bridge: fix -Wunused-const-variable= warning (git-fixes).
- drm/armada: Fix off-by-one error in
  armada_overlay_get_property() (git-fixes).
- drm/atomic-helper: Update reference to
  drm_crtc_force_disable_all() (git-fixes).
- drm/tegra: dpaux: Fix incorrect return value of platform_get_irq
  (git-fixes).
- fbdev: fix potential OOB read in fast_imageblit() (git-fixes).
- fbdev: Fix sys_imageblit() for arbitrary image widths
  (git-fixes).
- fbdev: Improve performance of sys_imageblit() (git-fixes).
- commit a3652b5

- docs: kernel-parameters: Refer to the correct bitmap function
  (git-fixes).
- clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src
  (git-fixes).
- clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock
  (git-fixes).
- clk: qcom: camcc-sc7180: fix async resume during probe
  (git-fixes).
- clk: imx: pll14xx: dynamically configure PLL for
  393216000/361267200Hz (git-fixes).
- clk: imx: composite-8m: fix clock pauses when set_rate would
  be a no-op (git-fixes).
- clk: imx8mp: fix sai4 clock (git-fixes).
- clk: sunxi-ng: Modify mismatched function name (git-fixes).
- drivers: clk: keystone: Fix parameter judgment in
  _of_pll_clk_init() (git-fixes).
- bus: ti-sysc: Fix build warning for 64-bit build (git-fixes).
- ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl
  (git-fixes).
- ASoC: tegra: Fix SFC conversion for few rates (git-fixes).
- ALSA: ac97: Fix possible error value of *rac97 (git-fixes).
- ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes).
- drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask
  (git-fixes).
- drm/amdgpu: avoid integer overflow warning in
  amdgpu_device_resize_fb_bar() (git-fixes).
- drm/bridge: anx7625: Drop device lock before
  drm_helper_hpd_irq_event() (git-fixes).
- drm: adv7511: Fix low refresh rate register for ADV7533/5
  (git-fixes).
- drm/ast: Fix DRAM init on AST2200 (git-fixes).
- backlight/lv5207lp: Compare against struct fb_info.device
  (git-fixes).
- backlight/gpio_backlight: Compare against struct fb_info.device
  (git-fixes).
- backlight/bd6107: Compare against struct fb_info.device
  (git-fixes).
- drm/bridge: tc358764: Fix debug print parameter order
  (git-fixes).
- audit: fix possible soft lockup in __audit_inode_child()
  (git-fixes).
- ALSA: ymfpci: Fix the missing snd_card_free() call at probe
  error (git-fixes).
- drm/amd/display: check TG is non-null before checking if enabled
  (git-fixes).
- drm/amd/display: do not wait for mpc idle if tg is disabled
  (git-fixes).
- commit 08c4f7b

- Kbuild: add -Wno-shift-negative-value where -Wextra is used
  (bsc#1214756).
- commit 8140064

- rpm/mkspec-dtb: support for nested subdirs
  Commit 724ba6751532 ("ARM: dts: Move .dts files to vendor
  sub-directories") moved the dts to nested subdirs, add a support for
  that. That is, generate a %dir entry in %files for them.
- commit 6484eda

- wifi: mwifiex: Fix missed return in oob checks failed path
  (git-fixes).
- commit 9baf357

- nilfs2: fix WARNING in mark_buffer_dirty due to discarded
  buffer reuse (git-fixes).
- lib/test_meminit: allocate pages up to order MAX_ORDER
  (git-fixes).
- HWPOISON: offline support: fix spelling in Documentation/ABI/
  (git-fixes).
- wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes).
- wifi: ath9k: protect WMI command response buffer replacement
  with a lock (git-fixes).
- wifi: ath9k: fix races between ath9k_wmi_cmd and
  ath9k_wmi_ctrl_rx (git-fixes).
- wifi: mwifiex: avoid possible NULL skb pointer dereference
  (git-fixes).
- wifi: radiotap: fix kernel-doc notation warnings (git-fixes).
- wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color
  attribute (git-fixes).
- wifi: mwifiex: fix memory leak in mwifiex_histogram_read()
  (git-fixes).
- Bluetooth: btusb: Do not call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- Bluetooth: Fix potential use-after-free when clear keys
  (git-fixes).
- Bluetooth: Remove unused declaration amp_read_loc_info()
  (git-fixes).
- Bluetooth: nokia: fix value check in
  nokia_bluetooth_serdev_probe() (git-fixes).
- wifi: mwifiex: fix error recovery in PCIE buffer descriptor
  management (git-fixes).
- wifi: mt76: mt7915: fix power-limits while chan_switch
  (git-fixes).
- wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH
  (git-fixes).
- wifi: mt76: mt7921: do not support one stream on secondary
  antenna only (git-fixes).
- wifi: mwifiex: Fix OOB and integer underflow when rx packets
  (git-fixes).
- wifi: rtw89: debug: Fix error handling in
  rtw89_debug_priv_btc_manual_set() (git-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow
  errors also in case of OOM (git-fixes).
- hwrng: iproc-rng200 - Implement suspend and resume calls
  (git-fixes).
- crypto: caam - fix unchecked return value error (git-fixes).
- crypto: stm32 - Properly handle pm_runtime_get failing
  (git-fixes).
- hwrng: pic32 - use devm_clk_get_enabled (git-fixes).
- hwrng: nomadik - keep clock enabled while hwrng is registered
  (git-fixes).
- hwmon: (tmp513) Fix the channel number in tmp51x_is_visible()
  (git-fixes).
- spi: tegra20-sflash: fix to check return value of
  platform_get_irq() in tegra_sflash_probe() (git-fixes).
- regmap: rbtree: Use alloc_flags for memory allocations
  (git-fixes).
- commit 243ba95

- docs/process/howto: Replace C89 with C11 (bsc#1214756).
- commit 8393e27

- Kbuild: move to -std=gnu11 (bsc#1214756).
- commit ef844c1

- blacklist.conf: kABI
- commit 382e160

- netfilter: nf_tables: deactivate catchall elements in next
  generation (bsc#1214729 CVE-2023-4569).
- commit 6289fe5

- netfs: fix parameter of cleanup() (bsc#1214743).
- netfs: Fix lockdep warning from taking sb_writers whilst
  holding  mmap_lock (bsc#1214742).
- commit bb32ecc

- selftests/futex: Order calls to futex_lock_pi (git-fixes).
- selftests/resctrl: Close perf value read fd on errors
  (git-fixes).
- selftests/resctrl: Unmount resctrl FS if child fails to run
  benchmark (git-fixes).
- selftests/resctrl: Don't leak buffer in fill_cache()
  (git-fixes).
- PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes).
- ACPI: x86: s2idle: Fix a logic error parsing AMD constraints
  table (git-fixes).
- selftests/harness: Actually report SKIP for signal tests
  (git-fixes).
- pstore/ram: Check start of empty przs during init (git-fixes).
- commit ad35b22

- Move upstreamed powerpc patches into sorted section
- commit 3a27181

- Move upstreamed HID patch into sorted section
- commit 85ada69

- e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738).
- commit 411ade7

- intel/e1000:fix repeated words in comments (jsc#PED-5738).
- commit 36d3f87

- intel: remove unused macros (jsc#PED-5738).
- commit 8c0592a

- e1000: Fix typos in comments (jsc#PED-5738).
- commit b74464e

- e1000: switch to napi_build_skb() (jsc#PED-5738).
- commit 8f3d353

- e1000: switch to napi_consume_skb() (jsc#PED-5738).
- commit b269f24

- tracing: Fix memleak due to race between current_tracer and
  trace (git-fixes).
- commit cd1e0a8

- tracing: Fix cpu buffers unavailable due to 'record_disabled'
  missed (git-fixes).
- commit 8e87d30

- ring-buffer: Do not swap cpu_buffer during resize process
  (git-fixes).
- commit e5ec19f

- xfs: fix sb write verify for lazysbcount (bsc#1214661).
- commit 29e65a8

- cpufreq: intel_pstate: Adjust balance_performance EPP for
  Sapphire Rapids (bsc#1214659).
- commit c3cfee9

- cpufreq: intel_pstate: Enable HWP IO boost for all servers
  (bsc#1208949 jsc#PED-6003 jsc#PED-6004).
- commit bd6042f

- cpufreq: intel_pstate: Fix scaling for hybrid-capable systems
  with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927
  jsc#PED-4929).
- commit 0340dfe

- cpufreq: intel_pstate: hybrid: Use known scaling factor for
  P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- commit 91615ae

- cpufreq: intel_pstate: Read all MSRs on the target CPU
  (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- commit 639f9f6

- cpufreq: intel_pstate: hybrid: Rework HWP calibration
  (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- Update
  patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq-initi.patch
  (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- commit 689587b

- Use the cherry-picked id for an AMDGPU patch and resort
- commit 07365e7

- tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes).
- Refresh
  patches.suse/tty-serial-fsl_lpuart-add-earlycon-for-imx8ulp-platf.patch.
- commit f34a3a2

- selftests: forwarding: tc_actions: Use ncat instead of nc
  (git-fixes).
- watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller
  Hub) (git-fixes).
- thunderbolt: Read retimer NVM authentication status prior
  tb_retimer_set_inbound_sbtx() (git-fixes).
- usb: chipidea: imx: add missing USB PHY DPDM wakeup setting
  (git-fixes).
- usb: chipidea: imx: don't request QoS for imx8ulp (git-fixes).
- usb: gadget: u_serial: Avoid spinlock recursion in
  __gs_console_push (git-fixes).
- pcmcia: rsrc_nonstatic: Fix memory leak in
  nonstatic_release_resource_db() (git-fixes).
- PCI: tegra194: Fix possible array out of bounds access
  (git-fixes).
- tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A
  (git-fixes).
- tty: serial: fsl_lpuart: make rx_watermark configurable for
  different platforms (git-fixes).
- selftests: forwarding: tc_actions: cleanup temporary files
  when test is aborted (git-fixes).
- usb: dwc3: Fix typos in gadget.c (git-fixes).
- commit 5394953

- drm/amd: flush any delayed gfxoff on suspend entry (git-fixes).
- commit d60a005

- i2c: designware: Handle invalid SMBus block data response
  length value (git-fixes).
- drm/qxl: fix UAF on handle creation (git-fixes).
- drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes).
- Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally
  (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free (git-fixes).
- media: v4l2-mem2mem: add lock to protect parameter num_rdy
  (git-fixes).
- ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB
  related warnings (git-fixes).
- drm/amdgpu: install stub fence into potential unused fence
  pointers (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion
  (git-fixes).
- HID: add quirk for 03f0:464a HP Elite Presenter Mouse
  (git-fixes).
- HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech
  G915 TKL Keyboard (git-fixes).
- PCI: s390: Fix use-after-free of PCI resources with per-function
  hotplug (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays
  (git-fixes).
- drm/amd/display: save restore hdcp state when display is
  unplugged from mst hub (git-fixes).
- iio: adc: stx104: Implement and utilize register structures
  (git-fixes).
- iio: adc: stx104: Utilize iomap interface (git-fixes).
- ARM: dts: imx6sll: fixup of operating points (git-fixes).
- commit e2faa35

- clk: Fix slab-out-of-bounds error in devm_clk_release()
  (git-fixes).
- clk: Fix undefined reference to `clk_rate_exclusive_{get,put}'
  (git-fixes).
- pinctrl: renesas: rza2: Add lock around
  pinctrl_generic{{add,remove}_group,{add,remove}_function}
  (git-fixes).
- drm/vmwgfx: Fix shader stage validation (git-fixes).
- dma-buf/sw_sync: Avoid recursive lock during fence signal
  (git-fixes).
- commit 7c5f1b7

- batman-adv: Hold rtnl lock during MTU update via netlink
  (git-fixes).
- commit 8468886

- batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes).
- batman-adv: Fix TT global entry leak when client roamed back
  (git-fixes).
- batman-adv: Do not get eth header before
  batadv_check_management_packet (git-fixes).
- batman-adv: Don't increase MTU when set by user (git-fixes).
- batman-adv: Trigger events for auto adjusted MTU (git-fixes).
- commit d59057e

- smb: client: fix null auth (git-fixes).
- commit f89a725

- powerpc/rtas: block error injection when locked down
  (bsc#1023051).
  Refresh patches.kabi/lockdown-kABI-workaround-for-lockdown_reason-changes.patch
- powerpc/rtas: enture rtas_call is called with MMU enabled
  (bsc#1023051).
- commit e7f7145

- Input: cyttsp4_core - change del_timer_sync() to
  timer_shutdown_sync() (bsc#1213971 CVE-2023-4134).
- commit 2dfd188

- Refresh patches.suse/powerpc-rtas-Keep-MSR-RI-set-when-calling-RTAS.patch.
- commit 0cbb740

- Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428)
  It caused mysterious problem wrt NVMe.
  Better to drop and blacklist for now.
- commit 2257ff2

- powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503).
- commit af67897

- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (bsc#1213927, CVE-2023-20588).
- commit eb5704d

- x86/CPU/AMD: Do not leak quotient data after a division by 0 (bsc#1213927, CVE-2023-20588).
- commit 8b5290e

- scsi: storvsc: Fix handling of virtual Fibre Channel timeouts
  (git-fixes).
- scsi: storvsc: Limit max_sectors for virtual Fibre Channel
  devices (git-fixes).
- scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
- scsi: storvsc: Always set no_report_opcodes (git-fixes).
- commit aace9fd

- old-flavors: Drop 2.6 kernels.
  2.6 based kernels are EOL, upgrading from them is no longer suported.
- commit 7bb5087

- kunit: make kunit_test_timeout compatible with comment
  (git-fixes).
- commit e060c5b

- blacklist.conf: kABI
- commit 2db68b2

- blacklist.conf: kABI
- commit b9b490f

- blacklist.conf: specific to Clang
- commit 0d88df7

- blacklist.conf: not used in our build process
- commit 5705a43

- blacklist.conf: designed to break kABI but relevant only on big endian
- commit 3477f1d

- lib/test_meminit: destroy cache in kmem_cache_alloc_bulk()
  test (git-fixes).
- commit 0595e9f

- blacklist.conf: cleanup
- commit 8d51620

- blacklist.conf: We do not use that tool
- commit f8ec126

- docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx
  (git-fixes).
- commit d96f965

- kabi: Allow extra bugsints (bsc#1213927).
- commit fc75ce0

- Refresh patches.suse/x86-srso-add-ibpb.patch.
  CPU_IBPB_ENTRY is always on so adjust code accordingly.
- commit 0ed13bd

- Update
  patches.suse/net-vmxnet3-fix-possible-NULL-pointer-dereference-in.patch
  (bsc#1200431 bsc#1214451 CVE-2023-4459).
  Added CVE reference.
- commit 13a12f4

- net: nfc: Fix use-after-free caused by nfc_llcp_find_local
  (bsc#1213601 CVE-2023-3863).
- nfc: llcp: simplify llcp_sock_connect() error paths (bsc#1213601
  CVE-2023-3863).
- nfc: llcp: nullify llcp_sock->dev on connect() error paths
  (bsc#1213601 CVE-2023-3863).
- commit 0932a11

- kabi/severities: Ignore newly added SRSO mitigation functions
- commit 4452f05

- tty: fix hang on tty device with no_room set (git-fixes).
- n_tty: Rename tail to old_tail in n_tty_read() (git-fixes).
- commit 22b52a9

- tty: n_gsm: fix the UAF caused by race condition in
  gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: Clear the error flags by writing 1
  for lpuart32 platforms (git-fixes).
- commit 2bc2940

- x86/static_call: Fix __static_call_fixup() (git-fixes).
- commit 57d4f01

- x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
- commit c2d3421

- x86/srso: Explain the untraining sequences a bit more (git-fixes).
- commit f62146e

- x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
- commit 7f39f56

- x86/cpu: Cleanup the untrain mess (git-fixes).
- commit 13632c3

- objtool/x86: Fixup frame-pointer vs rethunk (git-fixes).
- commit 522332f

- objtool: Union instruction::{call_dest,jump_table} (git-fixes).
- commit d5ea86a

- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- commit 847a96f

- xfrm: add NULL check in xfrm_update_ae_params (bsc#1213666
  CVE-2023-3772).
- commit 9e44d01

- x86/cpu: Rename original retbleed methods (git-fixes).
- commit 81c5e75

- x86/cpu: Clean up SRSO return thunk mess (git-fixes).
- commit fa0b815

- objtool/x86: Fix SRSO mess (git-fixes).
- commit 8bf5635

- x86/alternative: Make custom return thunk unconditional (git-fixes).
- commit a446ea5

- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
- commit 06974c4

- x86/cpu: Fix __x86_return_thunk symbol type (git-fixes).
- commit 086adb4

- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with  retpolines and IBT (git-fixes).
- commit 9392b3c

- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes).
- commit 99556d6

- x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
- commit af52734

- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (git-fixes).
- commit 43e1da9

- x86/srso: Fix build breakage with the LLVM linker (git-fixes).
- commit 7af6810

- powerpc/rtas_flash: allow user copy to flash block cache objects
  (bsc#1194869).
- commit 0fccbf5

- i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue
  (git-fixes).
- i2c: hisi: Only handle the interrupt of the driver's transfer
  (git-fixes).
- i2c: designware: Correct length byte validation logic
  (git-fixes).
- fbdev: mmp: fix value check in mmphw_probe() (git-fixes).
- commit 5738f62

- supported.conf: fix typos for -!optional markers
- commit a15b83f

- ALSA: hda/realtek - Remodified 3k pull low procedure
  (git-fixes).
- ASoC: meson: axg-tdm-formatter: fix channel slot allocation
  (git-fixes).
- ASoC: lower "no backend DAIs enabled for ... Port" log severity
  (git-fixes).
- ASoC: rt5665: add missed regulator_bulk_disable (git-fixes).
- ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes).
- ALSA: hda/realtek: Switch Dell Oasis models to use SPI
  (git-fixes).
- ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes).
- ALSA: usb-audio: Add support for Mythware XA001AU capture and
  playback interfaces (git-fixes).
- mmc: wbsd: fix double mmc_free_host() in wbsd_init()
  (git-fixes).
- mmc: block: Fix in_flight[issue_type] value error (git-fixes).
- arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict
  (git-fixes).
- bus: ti-sysc: Flush posted write on enable before reset
  (git-fixes).
- arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4
  (git-fixes).
- soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes).
- net: phy: broadcom: stub c45 read/write for 54810 (git-fixes).
- selftests: mirror_gre_changes: Tighten up the TTL test match
  (git-fixes).
- net: phy: fix IRQ-based wake-on-lan over hibernate / power off
  (git-fixes).
- drm/panel: simple: Fix AUO G121EAN01 panel timings according
  to the docs (git-fixes).
- commit a48515a

- Update config files. Drop the dpt_i2o kernel module.
  For: jsc#PED-4579, CVE-2023-2007
- commit f332a85

- mkspec: Allow unsupported KMPs (bsc#1214386)
- commit 55d8b82

- libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393).
- ceph: defer stopping mdsc delayed_work (bsc#1214392).
- commit 722c601

- check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380).
  gcc7 on SLE 15 does not support this while later gcc does.
- commit 5b41c27

- s390/purgatory: disable branch profiling (git-fixes
  bsc#1214372).
- commit 28f91ce

- scsi: zfcp: Defer fc_rport blocking until after ADISC response
  (git-fixes bsc#1214371).
- commit 5ac3747

- KVM: s390: fix sthyi error handling (git-fixes bsc#1214370).
- commit 3711e45

- powerpc/kexec: Fix build failure from uninitialised variable
  (bsc#1212091 ltc#199106).
- powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106).
- Refresh patches.suse/powerpc-Take-in-account-addition-CPU-node-when-build.patch
- Refresh patches.suse/powerpc-kexec_file-fix-implicit-decl-error.patch
- commit c8f4ed0

- Update
  patches.suse/net-vmxnet3-fix-possible-use-after-free-bugs-in-vmxn.patch
  (bsc#1200431 bsc#1214350 CVE-2023-4387).
  Added CVE reference.
- commit 8897012

- module: avoid allocation if module is already present and ready
  (bsc#1213921).
- commit a42ca12

- module: move check_modinfo() early to early_mod_check()
  (bsc#1213921).
- commit b97680b

- module: move early sanity checks into a helper (bsc#1213921).
- commit d4f0452

- Update config files.
  run_oldconfig.sh
- CONFIG_NVME_VERBOSE_ERRORS=y          gone with a82baa8083b
- CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13   gone with 7e152d55123
- commit 7a11d4b

- module: extract patient module check into helper (bsc#1213921).
- commit de545b1

- Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759)
- commit 63c2b4e

- net: mana: Fix MANA VF unload when hardware is unresponsive
  (git-fixes).
- iavf: fix potential races for FDIR filters (git-fixes).
- ice: Fix RDMA VSI removal during queue rebuild (git-fixes).
- qed: Fix scheduling in a tasklet while getting stats
  (git-fixes).
- i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
  (git-fixes).
- ice: Fix memory management in ice_ethtool_fdir.c (git-fixes).
- net: hns3: fix wrong bw weight of disabled tc issue (git-fixes).
- ice: Fix max_rate check while configuring TX rate limits
  (git-fixes).
- commit 66cd4bc

- powerpc/iommu: Fix iommu_table_in_use for a small default DMA
  window case (bsc#1212091 ltc#199106).
- powerpc/kernel/iommu: Add new iommu_table_in_use() helper
  (bsc#1212091 ltc#199106).
- powerpc/iommu: don't set failed sg dma_address to
  DMA_MAPPING_ERROR (bsc#1212091 ltc#199106).
- powerpc/iommu: return error code from .map_sg() ops (bsc#1212091
  ltc#199106).
- commit 63fd00c

- misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes).
- drm/nouveau/gr: enable memory loads on helper invocation on
  all channels (git-fixes).
- commit 8a7a168

- kernel-binary: Common dependencies cleanup
  Common dependencies are copied to a subpackage, there is no need for
  copying defines or build dependencies there.
- commit 254b03c

- kernel-binary: Drop code for kerntypes support
  Kerntypes was a SUSE-specific feature dropped before SLE 12.
- commit 2c37773

- net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs
  (git-fixes).
- commit 9c04620

- powerpc/iommu: TCEs are incorrectly manipulated with DLPAR
  add/remove of memory (bsc#1212091 ltc#199106).
- powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV
  device (bsc#1212091 ltc#199106).
- pseries/iommu/ddw: Fix kdump to work in absence of
  ibm,dma-window (bsc#1214297 ltc#197503).
- powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters
  (bsc#1212091 ltc#199106).
- powerpc: fix typos in comments (bsc#1212091 ltc#199106).
- powerpc/pseries: Add __init attribute to eligible functions
  (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: Do not try direct mapping with persistent
  memory and one window (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091
  ltc#199106).
- powerpc/pseries/iommu: Add of_node_put() before break
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is
  present (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Check if the default window in use
  before removing it (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091
  ltc#199106).
- powerpc/pseries/iommu: Rename "direct window" to "dma window"
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Make use of DDW for indirect mapping
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Find existing DDW with given property
  name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Update remove_dma_window() to accept
  property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Reorganize iommu_table_setparms*()
  with new helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_property_create() and refactor
  enable_ddw() (bsc#1212091 ltc#199106).
  Refresh patches.suse/powerps-pseries-dma-Add-support-for-2M-IOMMU-page-si.patch
- powerpc/pseries/iommu: Allow DDW windows starting at 0x00
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_list_new_entry() helper
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Replace hard-coded page shift
  (bsc#1212091 ltc#199106).
  Refresh patches.suse/powerpc-iommu-Limit-number-of-TCEs-to-512-for-H_STUF.patch
- commit 4f11eef

- powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059
  git-fixes).
- commit f722e3b

- bnx2x: fix page fault following EEH recovery (bsc#1214299).
- commit f8a9432

- target_core_rbd: fix leak and reduce kmalloc calls
  (bsc#1212873).
- target_core_rbd: fix rbd_img_request.snap_id assignment
  (bsc#1212857).
- target_core_rbd: remove snapshot existence validation code
  (bsc#1212857).
- file: reinstate f_pos locking optimization for regular files
  (bsc#1213759).
- commit 0469dd9

- net: ieee802154: at86rf230: Stop leaking skb's (git-fixes).
- commit 3d175df

- mlxsw: pci: Add shutdown method in PCI driver (git-fixes).
- commit d9c79ec

- blacklist.conf: add drivers/net/ethernet/renesas/ drivers
- commit 0c8d3f5

- sfc: fix crash when reading stats while NIC is resetting
  (git-fixes).
- commit 61c7a4c

- ice: Fix crash by keep old cfg when update TCs more than queues
  (git-fixes).
- commit 4e80ce2

- powerpc/pseries: Honour current SMT state when DLPAR onlining
  CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462
  ltc#200161 ltc#200588).
  Update config files.
- powerpc/pseries: Initialise CPU hotplug callbacks earlier
  (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Allow enabling partial SMT states via sysfs
  (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Remove topology_smt_supported() (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Store the current/max number of threads (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- commit 8bd8972

- sched/psi: use kernfs polling functions for PSI trigger polling
  (bsc#1209799).
- commit 4477665

- md/raid0: Fix performance regression for large sequential writes
  (bsc#1213916).
- md/raid0: Factor out helper for mapping and submitting a bio
  (bsc#1213916).
- commit d85264e

- ceph: don't check for quotas on MDS stray dirs (bsc#1214238).
- commit dcb3418

- iommu/dma: Fix incorrect error return on iommu deferred attach
  (git-fixes).
- Refresh patches.suse/iommu-dma-Fix-arch_sync_dma-for-map.patch.
- Refresh
  patches.suse/iommu-dma-check-config_swiotlb-more-broadly.
- commit c7a880f

- iommu/dma: return error code from iommu_dma_map_sg()
  (git-fixes).
- Refresh patches.suse/iommu-dma-Fix-arch_sync_dma-for-map.patch.
- Refresh
  patches.suse/iommu-dma-check-config_swiotlb-more-broadly.
- commit 5d989c6

- iommu/amd: Fix pci device refcount leak in ppr_notifier()
  (git-fixes).
- iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and
  ivrs_acpihid options (git-fixes).
- iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes).
- iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
  (git-fixes).
- iommu/rockchip: fix permission bits in page table entries v2
  (git-fixes).
- iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes).
- iommu/sun50i: Implement .iotlb_sync_map (git-fixes).
- iommu/sun50i: Fix flush size (git-fixes).
- iommu/sun50i: Fix R/W permission check (git-fixes).
- iommu/sun50i: Consider all fault sources for reset (git-fixes).
- iommu/sun50i: Fix reset release (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in
  dmar_dev_scope_init() (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in has_external_pci()
  (git-fixes).
- iommu/vt-d: Set SRE bit only when hardware has SRS cap
  (git-fixes).
- iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging
  entries (git-fixes).
- iommu/vt-d: Clean up si_domain in the init_dmars() error path
  (git-fixes).
- iommu/iova: Fix module config properly (git-fixes).
- iommu/omap: Fix buffer overflow in debugfs (git-fixes).
- iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT
  device to identity (git-fixes).
- iommu/vt-d: Check correct capability for sagaw determination
  (git-fixes).
- iommu/vt-d: Correctly calculate sagaw value of IOMMU
  (git-fixes).
- iommu/vt-d: Fix kdump kernels boot failure with scalable mode
  (git-fixes).
- iommu/amd: use full 64-bit value in build_completion_wait()
  (git-fixes).
- iommu/amd: Fix compile warning in init code (git-fixes).
- iommu/amd: Add PCI segment support for ivrs_ commands
  (git-fixes).
- iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up
  to 35bit (git-fixes).
- iommu/dma: Fix iova map result check bug (git-fixes).
- iommu/arm-smmu-v3: check return value after calling
  platform_get_resource() (git-fixes).
- iommu/arm-smmu: fix possible null-ptr-deref in
  arm_smmu_device_probe() (git-fixes).
- iommu/vt-d: Add RPLS to quirk list to skip TE disabling
  (git-fixes).
- iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes).
- iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes).
- commit b73aa3b

- nvme-rdma: fix potential unbalanced freeze & unfreeze
  (bsc#1208902).
- nvme-tcp: fix potential unbalanced freeze & unfreeze
  (bsc#1208902).
- commit 2d8bf94

- x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes).
- commit 64aa9ec

- x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes).
- commit b1259cb

- x86/speculation: Add cpu_show_gds() prototype (git-fixes).
- commit edd5557

- fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes).
- commit ae6500e

- iio: cros_ec: Fix the allocation size for cros_ec_command
  (git-fixes).
- iio: adc: ina2xx: avoid NULL pointer dereference on OF device
  match (git-fixes).
- usb: dwc3: Properly handle processing of pending events
  (git-fixes).
- usb-storage: alauda: Fix uninit-value in alauda_check_media()
  (git-fixes).
- usb: common: usb-conn-gpio: Prevent bailing out if initial
  role is none (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd when configuring
  pin assignment (git-fixes).
- usb: typec: tcpm: Fix response to vsafe0V event (git-fixes).
- commit d86b205

- netfilter: KABI workaround for CVE-2023-3610 bsc#1213580
  (git-fixes).
- commit ecae123

- netfilter: nf_tables: fix chain binding transaction logic
  (bsc#1213580 CVE-2023-3610).
- commit 12da4f7

- hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for
  pfe1100 (git-fixes).
- nilfs2: fix use-after-free of nilfs_root in dirtying inodes
  via iput (git-fixes).
- drm/amd/display: check attr flag before set cursor degamma on
  DCN3+ (git-fixes).
- drm/shmem-helper: Reset vma->vm_ops before calling
  dma_buf_mmap() (git-fixes).
- drm/rockchip: Don't spam logs in atomic check (git-fixes).
- drm/nouveau/disp: Revert a NULL check inside
  nouveau_connector_get_modes (git-fixes).
- arm64: dts: imx8mn-var-som: add missing pull-up for onboard
  PHY reset pinmux (git-fixes).
- soundwire: fix enumeration completion (git-fixes).
- net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
  (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
  (git-fixes).
- selftests/rseq: check if libc rseq support is registered
  (git-fixes).
- soundwire: bus: pm_runtime_request_resume on peripheral
  attachment (git-fixes).
- commit 1f8ce0d

- net/sched: cls_route: No longer copy tcf_result on update  to
  avoid use-after-free (bsc#1214149 CVE-2023-4128).
- net/sched: cls_fw: No longer copy tcf_result on update to
  avoid use-after-free (bsc#1214149 CVE-2023-4128).
- net/sched: cls_u32: No longer copy tcf_result on update  to
  avoid use-after-free (bsc#1214149 CVE-2023-4128).
- commit 9904c3b

- ceph: never send metrics if disable_send_metrics is set
  (bsc#1214180).
- commit 32f3ae7

- wifi: cfg80211: fix sband iftype data lookup for AP_VLAN
  (git-fixes).
- selftests: forwarding: tc_flower: Relax success criterion
  (git-fixes).
- selftests: forwarding: ethtool_extended_state: Skip when using
  veth pairs (git-fixes).
- selftests: forwarding: ethtool: Skip when using veth pairs
  (git-fixes).
- selftests: forwarding: Add a helper to skip test when using
  veth pairs (git-fixes).
- selftests: forwarding: Switch off timeout (git-fixes).
- selftests: forwarding: Skip test when no interfaces are
  specified (git-fixes).
- net: phy: at803x: remove set/get wol callbacks for AR8032
  (git-fixes).
- dmaengine: pl330: Return DMA_PAUSED when transaction is paused
  (git-fixes).
- dmaengine: mcf-edma: Fix a potential un-allocated memory access
  (git-fixes).
- commit b70a6bf

- blacklist.conf: Blacklist useless doc fix
- commit 685dbed

- exfat: check if filename entries exceeds max filename length
  (bsc#1214120 CVE-2023-4273).
- commit b7e68de

- x86/srso: Fix return thunks in generated code (git-fixes).
- commit b4d125e

- Refresh patches.suse/kvm-add-gds_no-support-to-kvm.patch.
- Refresh
  patches.suse/x86-speculation-add-force-option-to-gds-mitigation.patch.
- Refresh
  patches.suse/x86-speculation-add-gather-data-sampling-mitigation.patch.
- Refresh
  patches.suse/x86-speculation-add-kconfig-option-for-gds.patch.
- Refresh
  patches.suse/x86-srso-add-a-speculative-ras-overflow-mitigation.patch.
- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
  Sort latest set of security vulnerabilities according to upstream order.
- commit 4a12398

- tracing/histograms: Return an error if we fail to add histogram
  to hist_vars list (git-fixes).
- commit d08da8a

- Drop cfg80211 lock fix patches that caused a regression (bsc#1213757)
  Deleted:
  patches.suse/wifi-cfg80211-fix-locking-in-regulatory-disconnect.patch
  patches.suse/wifi-cfg80211-fix-locking-in-sched-scan-stop-work.patch
- commit f824698

- netfilter: nf_tables: disallow rule addition to bound chain
  via NFTA_RULE_CHAIN_ID (CVE-2023-4147 bsc#1213968).
- commit c0bb265

- cxgb4: fix use after free bugs caused by circular dependency
  problem (bsc#1213970 CVE-2023-4133).
- timers: Provide timer_shutdown[_sync]() (bsc#1213970).
- timers: Add shutdown mechanism to the internal functions
  (bsc#1213970).
- timers: Split [try_to_]del_timer[_sync]() to prepare for
  shutdown mode (bsc#1213970).
- timers: Silently ignore timers with a NULL function
  (bsc#1213970).
- timers: Rename del_timer() to timer_delete() (bsc#1213970).
- timers: Rename del_timer_sync() to timer_delete_sync()
  (bsc#1213970).
- timers: Use del_timer_sync() even on UP (bsc#1213970).
- timers: Update kernel-doc for various functions (bsc#1213970).
- timers: Replace BUG_ON()s (bsc#1213970).
- clocksource/drivers/sp804: Do not use timer namespace for
  timer_shutdown() function (bsc#1213970).
- clocksource/drivers/arm_arch_timer: Do not use timer namespace
  for timer_shutdown() function (bsc#1213970).
- ARM: spear: Do not use timer namespace for timer_shutdown()
  function (bsc#1213970).
- commit 0322b50

- xen/netback: Fix buffer overrun triggered by unusual packet
  (CVE-2023-34319, XSA-432, bsc#1213546).
- commit 6591b03

- x86/srso: Tie SBPB bit setting to microcode patch detection (bsc#1213287, CVE-2023-20569).
- commit 90a74a8

- ubifs: Fix memleak when insert_old_idx() failed (git-fixes).
- commit 2837d15

- jffs2: correct logic when creating a hole in jffs2_write_begin
  (git-fixes).
- commit f413344

- mmc: moxart: read scr register without changing byte order
  (git-fixes).
- commit 12e8704

- cifs: update internal module version number for cifs.ko
  (bsc#1193629).
- commit ade2a6e

- smb: client: fix dfs link mount against w2k8 (bsc#1212142).
- commit 2f90082

- cifs: add missing return value check for cifs_sb_tlink
  (bsc#1193629).
- commit a08c7b4

- smb3: do not set NTLMSSP_VERSION flag for negotiate not auth
  request (bsc#1193629).
- commit 1b17674

- cifs: allow dumping keys for directories too (bsc#1193629).
- commit e7fda39

- cifs: fix mid leak during reconnection after timeout threshold
  (git-fixes).
- commit 30d4c82

- cifs: is_network_name_deleted should return a bool
  (bsc#1193629).
- commit 85c6bb9

- smb: client: Fix -Wstringop-overflow issues (bsc#1193629).
- commit 37f3408

- cifs: if deferred close is disabled then close files immediately
  (git-fixes).
- commit 1cd51c4

- SMB3: Do not send lease break acknowledgment if all file
  handles have been closed (git-fixes).
- commit 68ee604

- net: tun_chr_open(): set sk_uid from current_fsuid()
  (CVE-2023-4194 bsc#1214019).
- commit b6c8070

- net: tap_open(): set sk_uid from current_fsuid() (CVE-2023-4194
  bsc#1214019).
- commit d59e993

- tracing/probes: Fix to avoid double count of the string length
  on the array (git-fixes).
- commit 24b5022

- blacklist.conf: add tracing patches implementing new functionality
- commit 1e7f3cf

- tracing/probes: Fix to record 0-length data_loc in
  fetch_store_string*() if fails (git-fixes).
- commit c96ae0e

- Revert "tracing: Add "(fault)" name injection to kernel probes"
  (git-fixes).
- commit 658fc31

- bpf: Disable preemption in bpf_event_output (git-fixes).
- commit 21194b8

- tracing: Fix warning in trace_buffered_event_disable()
  (git-fixes).
- commit 9a84de4

- ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes).
- commit 9c2f42a

- tracing/probes: Fix to update dynamic data counter if fetcharg
  uses it (git-fixes).
- commit a5e8186

- tracing/probes: Fix not to count error code to total length
  (git-fixes).
- commit 1fa72f4

- tracing: Fix memory leak of iter->temp when reading trace_pipe
  (git-fixes).
- commit 6f343ba

- tracing/histograms: Add histograms to hist_vars if they have
  referenced variables (git-fixes).
- commit 17940e8

- ftrace: Fix possible warning on checking all pages used in
  ftrace_process_locs() (git-fixes).
- commit 825cbd9

- ring-buffer: Fix deadloop issue on reading trace_pipe
  (git-fixes).
- commit fc2b8fe

- tracing: Fix null pointer dereference in tracing_err_log_open()
  (git-fixes).
- commit 498fa96

- README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer.
- commit 3b7c83a

- nfsd: Remove incorrect check in nfsd4_validate_stateid
  (git-fixes).
- commit 2cc1911

- blacklist.conf: add a cleanup
- commit 976e622

- mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op()
  (git-fixes).
- mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts
  (git-fixes).
- mtd: rawnand: rockchip: fix oobfree offset and description
  (git-fixes).
- mtd: rawnand: omap_elm: Fix incorrect type in assignment
  (git-fixes).
- mtd: spinand: toshiba: Fix ecc_get_status (git-fixes).
- drm/ttm: check null pointer before accessing when swapping
  (git-fixes).
- commit 6d64757

- exfat: release s_lock before calling dir_emit() (bsc#1214000).
- exfat: fix unexpected EOF while reading dir (bsc#1214000).
- exfat_iterate(): don't open-code file_inode(file) (bsc#1214000).
- commit 00dff49

- blacklist.conf: Add 3b8abb323953 mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required()
- commit 3ae175c

- blacklist.conf: Add 9ec272c586b0 watchdog/hardlockup: keep kernel.nmi_watchdog sysctl as 0444 if probe fails
- commit ff37424

- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
  Handle the newly added SBPB feature correctly when run in hypervisor
  context and interept an MSR write.
- commit ef9889a

- Update config files.
  We want SRSO mitigation on by default
- commit acc813b

- netfs: Fix missing xas_retry() calls in xarray iteration
  (bsc#1213946).
- commit f25fdaf

- wifi: cfg80211: Fix return value in scan logic (git-fixes).
- wifi: mt76: mt7615: do not advertise 5 GHz on first phy of
  MT7615D (DBDC) (git-fixes).
- USB: zaurus: Add ID for A-300/B-500/C-700 (git-fixes).
- firmware: arm_scmi: Drop OF node reference in the transport
  channel setup (git-fixes).
- USB: gadget: Fix the memory leak in raw_gadget driver
  (git-fixes).
- USB: quirks: add quirk for Focusrite Scarlett (git-fixes).
- usb: ohci-at91: Fix the unhandle interrupt when resume
  (git-fixes).
- USB: serial: simple: sort driver entries (git-fixes).
- USB: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes).
- USB: serial: option: add Quectel EC200A module support
  (git-fixes).
- USB: serial: option: support Quectel EM060K_128 (git-fixes).
- phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes).
- phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during
  runtime suspend (git-fixes).
- gpio: mvebu: fix irq domain leak (git-fixes).
- gpio: mvebu: Make use of devm_pwmchip_add (git-fixes).
- gpio: tps68470: Make tps68470_gpio_output() always set the
  initial value (git-fixes).
- drm/ttm: never consider pinned BOs for eviction&swap
  (git-fixes).
- i2c: nomadik: Remove a useless call in the remove function
  (git-fixes).
- pwm: meson: fix handling of period/duty if greater than UINT_MAX
  (git-fixes).
- i2c: nomadik: Use devm_clk_get_enabled() (git-fixes).
- i2c: nomadik: Remove unnecessary goto label (git-fixes).
- i2c: Improve size determinations (git-fixes).
- i2c: Delete error messages for failed memory allocations
  (git-fixes).
- PCI: rockchip: Remove writes to unused registers (git-fixes).
- PCI/ASPM: Avoid link retraining race (git-fixes).
- PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes).
- PCI/ASPM: Return 0 or -ETIMEDOUT from  pcie_retrain_link()
  (git-fixes).
- phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc
  (git-fixes).
- ACPI: processor: perflib: Avoid updating frequency QoS
  unnecessarily (git-fixes).
- ACPI: processor: perflib: Use the "no limit" frequency QoS
  (git-fixes).
- pwm: Add a stub for devm_pwmchip_add() (git-fixes).
- phy: qcom-snps: Use dev_err_probe() to simplify code
  (git-fixes).
- pwm: meson: Simplify duplicated per-channel tracking
  (git-fixes).
- commit f6445d7

- Input: exc3000 - properly stop timer on shutdown (git-fixes).
- commit 0eb1518

- Input: iqs269a - do not poll during ATI (git-fixes).
- commit 5bdf465

- Input: iqs269a - do not poll during suspend or resume
  (git-fixes).
- commit 467fdbf

- Input: i8042 - add Clevo PCX0DX to i8042 quirk table
  (git-fixes).
- commit 0922201

- relayfs: fix out-of-bounds access in relay_file_read
  (bsc#1212502 CVE-2023-3268).
- commit 9c2a6e6

- can: af_can: fix NULL pointer dereference in can_rcv_filter
  (bsc#1210627 CVE-2023-2166).
- commit e89fee8

- s390: introduce nospec_uses_trampoline() (git-fixes
  bsc#1213870).
- commit c2ccf75

- s390/ipl: add missing intersection check to ipl_report handling
  (git-fixes bsc#1213871).
- commit 8806556

- Move upstreamed sound patch into sorted sectoin
- commit 8a29738

- blacklist.conf: has non-trivial dependencies
- commit 0c7dbe0

- s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870).
- commit 66f8c8e

- KVM: s390: pv: fix index value of replaced ASCE (git-fixes
  bsc#1213867).
- commit e789a10

- s390/decompressor: specify __decompress() buf len to avoid
  overflow (git-fixes bsc#1213863).
- commit 59015c6

- libceph: harden msgr2.1 frame segment length checks
  (bsc#1213857).
- ceph: don't let check_caps skip sending responses for revoke
  msgs (bsc#1213856).
- commit 9052bbe

- KVM: arm64: Warn if accessing timer pending state outside of vcpu (bsc#1213620)
- commit 222f2a2

- Update config files: set CONFIG_GDS_FORCE_MITIGATION=n
- commit f04be94

- bpf: add missing header file include (bsc#1211738
  CVE-2023-0459).
- commit 1ccaaad

- Drop the recent USB gadget fix patches
  The recent USB gadget fix patches look dubious and likely leading to
  locking problem.  Drop them for now until we get the proper backports
  Deleted:
  patches.suse/usb-gadget-core-remove-unbalanced-mutex_unlock-in-us.patch
  patches.suse/usb-gadget-udc-core-Offload-usb_udc_vbus_handler-pro.patch
  patches.suse/usb-gadget-udc-core-Prevent-soft_connect_store-race.patch
- commit d9bbe1b

- block: Fix a source code comment in
  include/uapi/linux/blkzoned.h (git-fixes).
- commit 8349665

- blacklist.conf: cleanup
- commit fb32f77

- blacklist.conf: cleanup
- commit 4a72f90

- scftorture: Count reschedule IPIs (git-fixes).
- commit e88bc8d

- netfilter: nft_set_pipapo: fix improper element removal
  (bsc#1213812 CVE-2023-4004).
- commit 4902a99

- Update
  patches.suse/RDMA-mthca-Fix-crash-when-polling-CQ-for-shared-QPs.patch
  (git-fixes bsc#1212604).
  Added bug reference.
- commit 391a3ba

- igc: Fix Kernel Panic during ndo_tx_timeout callback
  (git-fixes).
- iavf: use internal state to free traffic IRQs (git-fixes).
- iavf: Fix out-of-bounds when setting channels on remove
  (git-fixes).
- iavf: Fix use-after-free in free_netdev (git-fixes).
- igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes).
- net: ena: fix shift-out-of-bounds in exponential backoff
  (git-fixes).
- igc: Fix inserting of empty frame for launchtime (git-fixes).
- igc: Fix launchtime before start of cycle (git-fixes).
- octeontx2-pf: Add additional check for MCAM rules (git-fixes).
- gve: unify driver name usage (git-fixes).
- octeontx2-af: Move validation of ptp pointer before its usage
  (git-fixes).
- igc: Handle PPS start time programming for past time values
  (git-fixes).
- igc: set TP bit in 'supported' and 'advertising' fields of
  ethtool_link_ksettings (git-fixes).
- igc: Remove delay during TX ring configuration (git-fixes).
- gve: Set default duplex configuration to full (git-fixes).
- octeontx-af: fix hardware timestamp configuration (git-fixes).
- igc: Work around HW bug causing missing timestamps (git-fixes).
- igc: Check if hardware TX timestamping is enabled earlier
  (git-fixes).
- igc: Fix race condition in PTP tx code (git-fixes).
- igc: Enable and fix RX hash usage by netstack (git-fixes).
- commit a695c8c

- s390/dasd: fix hanging device after quiesce/resume (git-fixes
  bsc#1213810).
- commit dfb76f0

- Drop AMDGPU patches for fixing regression (bsc#1213304,bsc#1213777)
  Deleted:
  patches.suse/drm-amd-display-Add-wrapper-to-call-planes-and-strea.patch
  patches.suse/drm-amd-display-Use-dc_update_planes_and_stream.patch
  Refreshed:
  patches.suse/drm-amd-display-fix-the-system-hang-while-disable-PS.patch
- commit b04dd6d

- usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy
  (git-fixes).
- Revert "usb: gadget: tegra-xudc: Fix error check in
  tegra_xudc_powerdomain_init()" (git-fixes).
- Revert "usb: xhci: tegra: Fix error check" (git-fixes).
- usb: gadget: core: remove unbalanced mutex_unlock in
  usb_gadget_activate (git-fixes).
- Revert "usb: dwc3: core: Enable AutoRetry feature in the
  controller" (git-fixes).
- Revert "xhci: add quirk for host controllers that don't update
  endpoint DCS" (git-fixes).
- usb: xhci-mtk: set the dma max_seg_size (git-fixes).
- usb: dwc3: don't reset device side if dwc3 was configured as
  host-only (git-fixes).
- serial: sifive: Fix sifive_serial_console_setup() section
  (git-fixes).
- Documentation: devices.txt: reconcile serial/ucc_uart minor
  numers (git-fixes).
- tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes).
- staging: ks7010: potential buffer overflow in
  ks_wlan_set_encode_ext() (git-fixes).
- staging: r8712: Fix memory leak in _r8712_init_xmit_priv()
  (git-fixes).
- Revert "debugfs, coccinelle: check for obsolete
  DEFINE_SIMPLE_ATTRIBUTE() usage" (git-fixes).
- commit 68f52c9

- ipv6: rpl: Fix Route of Death (CVE-2023-2156 bsc#1211131).
- commit c2f8329

- RDMA/irdma: Report correct WC error (git-fixes)
- commit bbd2277

- RDMA/irdma: Fix op_type reporting in CQEs (git-fixes)
- commit 9cf2e90

- RDMA/bnxt_re: Fix hang during driver unload (git-fixes)
- commit 88338bc

- RDMA/bnxt_re: Prevent handling any completions after qp destroy (git-fixes)
- commit cea614e

- RDMA/mthca: Fix crash when polling CQ for shared QPs (git-fixes)
- commit 9675e7a

- RDMA/core: Update CMA destination address on rdma_resolve_addr (git-fixes)
- commit 2321b3b

- RDMA/irdma: Fix data race on CQP request done (git-fixes)
- commit ea2e3ca

- RDMA/irdma: Fix data race on CQP completion stats (git-fixes)
- commit 0780ef4

- RDMA/irdma: Add missing read barriers (git-fixes)
- commit 495eb3b

- RDMA/mlx4: Make check for invalid flags stricter (git-fixes)
- commit 67b00ed

- ALSA: usb-audio: Update for native DSD support quirks
  (git-fixes).
- commit 43f1612

- ASoC: atmel: Fix the 8K sample parameter in I2SC master
  (git-fixes).
- ASoC: rt711-sdca: fix for JD event handling in ClockStop Mode0
  (git-fixes).
- ASoC: rt711: fix for JD event handling in ClockStop Mode0
  (git-fixes).
- ASoc: codecs: ES8316: Fix DMIC config (git-fixes).
- ASoC: rt5682-sdw: fix for JD event handling in ClockStop Mode0
  (git-fixes).
- ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
  (git-fixes).
- ASoC: da7219: Check for failure reading AAD IRQ events
  (git-fixes).
- ASoC: da7219: Flush pending AAD IRQ when suspending (git-fixes).
- ALSA: hda/realtek: Support ASUS G713PV laptop (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP 250 G8 (git-fixes).
- commit e160036

- ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
- serial: qcom-geni: drop bogus runtime pm state update
  (git-fixes).
- hwmon: (k10temp) Enable AMD3255 Proc to show negative
  temperature (git-fixes).
- hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1
  disabled (git-fixes).
- tpm_tis: Explicitly check for error code (git-fixes).
- ASoC: fsl_spdif: Silence output on stop (git-fixes).
- drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in
  a5xx_submit_in_rb() (git-fixes).
- drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes).
- drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
- commit 2f04296

- file: always lock position for FMODE_ATOMIC_POS (bsc#1213759).
- commit 5a72d04

- x86/srso: Add IBPB on VMEXIT (bsc#1213287, CVE-2023-20569).
- commit 179babc

- x86/srso: Add IBPB (bsc#1213287, CVE-2023-20569).
- commit 2cb8ed9

- x86/srso: Add SRSO_NO support (bsc#1213287, CVE-2023-20569).
- commit 17c6a41

- KVM: downgrade two BUG_ONs to WARN_ON_ONCE (git-fixes)
- commit ad8acc9

- x86/cpu, kvm: Add support for CPUID_80000021_EAX (bsc#1213287, CVE-2023-20569).
- Refresh patches.suse/x86-cpufeatures-add-kabi-padding.patch.
- commit fe91ad7

- x86/srso: Add IBPB_BRTYPE support (bsc#1213287, CVE-2023-20569).
- commit f111fdf

- KVM: arm64: Don't read a HW interrupt pending state in user context (git-fixes)
- commit ffcb733

- KVM: Don't null dereference ops->destroy (git-fixes)
- commit 3407958

- KVM: Initialize debugfs_dentry when a VM is created to avoid NULL (git-fixes)
- commit f80bc2c

- x86: Sanitize linker script (bsc#1213287, CVE-2023-20569).
- commit 16a308d

- nvme-pci: fix DMA direction of unmapping integrity data
  (git-fixes).
- nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
- commit 3d56665

- x86/retbleed: Add __x86_return_thunk alignment checks (bsc#1213287, CVE-2023-20569).
- commit 7bc51ed

- scsi: lpfc: Copyright updates for 14.2.0.14 patches
  (bsc#1213756).
- scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756).
- scsi: lpfc: Clean up SLI-4 sysfs resource reporting
  (bsc#1213756).
- scsi: lpfc: Refactor cpu affinity assignment paths
  (bsc#1213756).
- scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout
  error is detected (bsc#1213756).
- scsi: lpfc: Make fabric zone discovery more robust when handling
  unsolicited LOGO (bsc#1213756).
- scsi: lpfc: Set Establish Image Pair service parameter only
  for Target Functions (bsc#1213756).
- scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk
  and lpfc_drop_node (bsc#1213756).
- scsi: lpfc: Qualify ndlp discovery state when processing RSCN
  (bsc#1213756).
- scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl
  for loop topology (bsc#1213756).
- scsi: lpfc: Simplify fcp_abort transport callback log message
  (bsc#1213756).
- scsi: lpfc: Pull out fw diagnostic dump log message from
  driver's trace buffer (bsc#1213756).
- scsi: lpfc: Fix a possible data race in
  lpfc_unregister_fcf_rescan() (bsc#1213756).
- scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756).
- scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756).
- scsi: lpfc: Use struct_size() helper (bsc#1213756).
- scsi: lpfc: Fix incorrect big endian type assignments in FDMI
  and VMID paths (bsc#1213756).
- scsi: lpfc: Replace all non-returning strlcpy() with strscpy()
  (bsc#1213756).
- scsi: lpfc: Replace one-element array with flexible-array member
  (bsc#1213756).
- scsi: lpfc: Fix incorrect big endian type assignment in bsg
  loopback path (bsc#1213756).
- commit 3d33912

- blacklist.conf: add commit 122deabfe142 ("ubifs: dirty_cow_znode: Fix
  memleak in error handling path")
  This is reverted in commit 7d01cb27f6ae ("Revert "ubifs:
  dirty_cow_znode: Fix memleak in error handling path"")
- commit b666937

- ubifs: Fix memory leak in do_rename (git-fixes).
- commit 9147a2c

- x86/srso: Add a Speculative RAS Overflow mitigation (bsc#1213287, CVE-2023-20569).
- commit 3021432

- afs: Fix server->active leak in afs_put_server (git-fixes).
- commit 214e9da

- afs: Fix dynamic root getattr (git-fixes).
- commit edbfecf

- jffs2: GC deadlock reading a page that is used in
  jffs2_write_begin() (git-fixes).
- commit d4f2e0b

- jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
  (git-fixes).
- commit 5f487ee

- jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
- commit 359ea76

- jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
- commit 47521cf

- jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
- commit 3127ba1

- jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
  (git-fixes).
- commit 629e159

- ubifs: Free memory for tmpfile name (git-fixes).
- commit b8a1ad9

- ubifs: ubifs_writepage: Mark page dirty after writing inode
  failed (git-fixes).
- commit 840e02c

- ubifs: Re-statistic cleaned znode count if commit failed
  (git-fixes).
- commit 8fb0e1e

- ubifs: Fix memory leak in alloc_wbufs() (git-fixes).
- commit 8e663ab

- ubifs: Reserve one leb for each journal head while doing budget
  (git-fixes).
- commit cbe6386

- ubifs: do_rename: Fix wrong space budget when target inode's
  nlink > 1 (git-fixes).
- commit b6963c0

- ubifs: Fix wrong dirty space budget for dirty inode (git-fixes).
- commit b3864d7

- ubifs: Rectify space budget for ubifs_xrename() (git-fixes).
- commit 567a5c8

- ubifs: Rectify space budget for ubifs_symlink() if symlink is
  encrypted (git-fixes).
- commit 3474d4d

- scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747).
- scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747).
- scsi: qla2xxx: Fix TMF leak through (bsc#1213747).
- scsi: qla2xxx: Turn off noisy message log (bsc#1213747).
- scsi: qla2xxx: Fix session hang in gnl (bsc#1213747).
- scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747).
- scsi: qla2xxx: Fix command flush during TMF (bsc#1213747).
- scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747).
- scsi: qla2xxx: Adjust IOCB resource on qpair create
  (bsc#1213747).
- scsi: qla2xxx: Fix deletion race condition (bsc#1213747).
- scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747).
- scsi: qla2xxx: Fix error code in qla2x00_start_sp()
  (bsc#1213747).
- scsi: qla2xxx: Silence a static checker warning (bsc#1213747).
- scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
  (bsc#1213747).
- scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747).
- scsi: qla2xxx: Correct the index of array (bsc#1213747).
- scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747).
- scsi: qla2xxx: Fix buffer overrun (bsc#1213747).
- scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
  (bsc#1213747).
- scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747).
- scsi: qla2xxx: Fix potential NULL pointer dereference
  (bsc#1213747).
- scsi: qla2xxx: Array index may go out of bound (bsc#1213747).
- scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747).
- scsi: qla2xxx: Replace one-element array with
  DECLARE_FLEX_ARRAY() helper (bsc#1213747).
- scsi: qla2xxx: Fix end of loop test (bsc#1213747).
- scsi: qla2xxx: Fix NULL pointer dereference in target mode
  (bsc#1213747).
- commit e04dc4d

- ubifs: Fix build errors as symbol undefined (git-fixes).
- commit 003e06c

- series: udpate metadata
  Refresh
- patches.suse/ibmvnic-Do-not-reset-dql-stats-on-NON_FATAL-err.patch
- commit 3672423

- ubifs: Fix AA deadlock when setting xattr for encrypted file
  (git-fixes).
- commit 905856b

- ubifs: rename_whiteout: correct old_dir size computing
  (git-fixes).
- commit 746fc1a

- ubifs: Fix to add refcount once page is set private (git-fixes).
- commit eb16186

- ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
  (git-fixes).
- commit ec064eb

- ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes).
- commit 44d5601

- ubifs: Rectify space amount budget for mkdir/tmpfile operations
  (git-fixes).
- commit 5c3e281

- x86/returnthunk: Allow different return thunks (bsc#1213287, CVE-2023-20569).
- commit 9047ebd

- ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback
  work (git-fixes).
- commit f4b451d

- ubifs: Rename whiteout atomically (git-fixes).
- commit eb7797d

- ubifs: Add missing iput if do_tmpfile() failed in rename
  whiteout (git-fixes).
- commit 6d376e9

- ubifs: Fix deadlock in concurrent rename whiteout and inode
  writeback (git-fixes).
- commit fcb2f4b

- ubifs: rename_whiteout: Fix double free for whiteout_ui->data
  (git-fixes).
- commit 289d359

- ubifs: Error path in ubifs_remount_rw() seems to wrongly free
  write buffers (git-fixes).
- commit 90b0b69

- fs: dlm: return positive pid value for F_GETLK (git-fixes).
- commit 6a5ab84

- fs: dlm: move sending fin message into state change handling
  (git-fixes).
- commit dab00d6

- fs: dlm: don't set stop rx flag after node reset (git-fixes).
- commit 4b30eff

- fs: dlm: start midcomms before scand (git-fixes).
- commit a80feb6

- fs: dlm: add midcomms init/start functions (git-fixes).
- commit 1f391d7

- fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
- commit d7af52c

- fs: dlm: retry accept() until -EAGAIN or error returns
  (git-fixes).
- commit 8d74a84

- fs: dlm: handle -EBUSY first in lock arg validation (git-fixes).
- commit 8503974

- fs: dlm: fix race between test_bit() and queue_work()
  (git-fixes).
- commit a237b08

- fs: dlm: fix race in lowcomms (git-fixes).
- commit 92fc0f8

- dlm: fix missing lkb refcount handling (git-fixes).
- commit 263b40e

- dlm: fix plock invalid read (git-fixes).
- commit 7bcd1e8

- fs: dlm: filter user dlm messages for kernel locks (git-fixes).
- commit 38ca134

- afs: Fix vlserver probe RTT handling (git-fixes).
- commit fc1925d

- afs: Fix setting of mtime when creating a file/dir/symlink
  (git-fixes).
- commit 6bbf246

- afs: Fix updating of i_size with dv jump from server
  (git-fixes).
- commit 6731933

- afs: Fix lost servers_outstanding count (git-fixes).
- commit 29cfb62

- afs: Fix fileserver probe RTT handling (git-fixes).
- commit b1a6d0f

- afs: Use the operation issue time instead of the reply time
  for callbacks (git-fixes).
- commit dce7453

- afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked
  (git-fixes).
- commit 856031a

- afs: Fix access after dec in put functions (git-fixes).
- commit 7e9acb5

- afs: Use refcount_t rather than atomic_t (git-fixes).
- commit ee87d6d

- afs: Fix infinite loop found by xfstest generic/676 (git-fixes).
- commit e319694

- afs: Adjust ACK interpretation to try and cope with NAT
  (git-fixes).
- commit 0170794

- rxrpc, afs: Fix selection of abort codes (git-fixes).
- commit 6b22544

- afs: Fix afs_getattr() to refetch file status if callback
  break occurred (git-fixes).
- commit 610ac25

- coda: Avoid partial allocation of sig_inputArgs (git-fixes).
- commit a4211ac

- fs: hfsplus: remove WARN_ON() from
  hfsplus_cat_{read,write}_inode() (git-fixes).
- commit e720f69

- FS: JFS: Check for read-only mounted filesystem in txBegin
  (git-fixes).
- commit 74fc884

- FS: JFS: Fix null-ptr-deref Read in txBegin (git-fixes).
- commit ded2fdb

- fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev
  (git-fixes).
- commit d3b12be

- jfs: jfs_dmap: Validate db_l2nbperpage while mounting
  (git-fixes).
- commit cb7cfeb

- net: mana: Use the correct WQE count for ringing RQ doorbell
  (bsc#1212901).
- net: mana: Batch ringing RX queue doorbell on receiving packets
  (bsc#1212901).
- commit de409ae

- kernel-binary.spec.in: Remove superfluous %% in Supplements
  Fixes: 02b7735e0caf ("rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs")
- commit 264db74

- pinctrl: amd: Don't show `Invalid config param` errors
  (git-fixes).
- commit 924f82b

- can: gs_usb: gs_can_close(): add missing set of CAN state to
  CAN_STATE_STOPPED (git-fixes).
- net: phy: marvell10g: fix 88x3310 power up (git-fixes).
- soundwire: qcom: update status correctly with mask (git-fixes).
- phy: hisilicon: Fix an out of bounds check in
  hisi_inno_phy_probe() (git-fixes).
- regmap: Account for register length in SMBus I/O limits
  (git-fixes).
- regmap: Drop initial version of maximum transfer length fixes
  (git-fixes).
- ASoC: fsl_sai: Disable bit clock with transmitter (git-fixes).
- drm/amd/display: Keep PHY active for DP displays on DCN31
  (git-fixes).
- drm/amd/display: Disable MPC split by default on special asic
  (git-fixes).
- drm/client: Fix memory leak in drm_client_modeset_probe
  (git-fixes).
- pinctrl: amd: Use amd_pinconf_set() for all config options
  (git-fixes).
- drm/radeon: Fix integer overflow in radeon_cs_parser_init
  (git-fixes).
- ALSA: emu10k1: roll up loops in DSP setup code for Audigy
  (git-fixes).
- commit a35f25e

- io_uring: ensure IOPOLL locks around deferred work (bsc#1213272
  CVE-2023-21400).
- commit 744cfeb

- KVM: VMX: Inject #GP, not #UD, if SGX2 ENCLS leafs are
  unsupported (git-fixes).
- commit 34f9d1f

- KVM: VMX: Inject #GP on ENCLS if vCPU has paging disabled
  (CR0.PG==0) (git-fixes).
- commit 6d14c23

- KVM: VMX: restore vmx_vmexit alignment (git-fixes).
- commit fe48bf1

- KVM: x86: Account fastpath-only VM-Exits in vCPU stats
  (git-fixes).
- commit c6619e5

- Delete patches.suse/memcg-drop-kmem-limit_in_bytes.patch.
  Drop the patch in order to fix bsc#1213705.
- commit 28a2488

- vhost: support PACKED when setting-getting vring_base
  (git-fixes).
- commit 0bfd988

- vhost_net: revert upend_idx only on retriable error (git-fixes).
- commit 8b2dc73

- s390/vmem: fix empty page tables cleanup under KASAN (git-fixes
  bsc#1213715).
- commit 6879f59

- s390/qeth: Fix vipa deletion (git-fixes bsc#1213713).
- commit 48f331c

- virtio_net: Fix error unwinding of XDP initialization
  (git-fixes).
- commit a90e297

- virtio-net: Maintain reverse cleanup order (git-fixes).
- commit ee47906

- x86/PVH: obtain VGA console info in Dom0 (git-fixes).
- commit a5c9518

- xen/pvcalls-back: fix double frees with
  pvcalls_new_active_socket() (git-fixes).
- commit ae3a872

- xen/blkfront: Only check REQ_FUA for writes (git-fixes).
- commit 05a3279

- platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind
  U100 (git-fixes).
- media: staging: atomisp: select V4L2_FWNODE (git-fixes).
- commit 29a4c8a

- net/sched: cls_fw: Fix improper refcount update leads to
  use-after-free (CVE-2023-3776 bsc#1213588).
- commit 057a69b

- block, bfq: Fix division by zero error on zero wsum
  (bsc#1213653).
- commit da28d59

- Update
  patches.suse/vc_screen-don-t-clobber-return-value-in-vcs_read.patch
  (git-fixes bsc#1213167 CVE-2023-3567).
- Update
  patches.suse/vc_screen-modify-vcs_size-handling-in-vcs_read.patch
  (git-fixes bsc#1213167 CVE-2023-3567).
- Update
  patches.suse/vc_screen-move-load-of-struct-vc_data-pointer-in-vcs.patch
  (git-fixes bsc#1213167 CVE-2023-3567).
  Add references.
- commit 86b316a

- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in
  HCIUARTGETPROTO (bsc#1210780 CVE-2023-31083).
- commit ad56bc8

- ALSA: usb-audio: Add quirk for Microsoft Modern Wireless Headset
  (bsc#1207129).
- commit 6298aeb

- Revert "NFSv4: Retry LOCK on OLD_STATEID during delegation
  return" (git-fixes).
- NFSv4.1: freeze the session table upon receiving
  NFS4ERR_BADSESSION (git-fixes).
- svcrdma: Prevent page release when nothing was received
  (git-fixes).
- NFSD: add encoding of op_recall flag for write delegation
  (git-fixes).
- SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (git-fixes).
- nfsd: fix double fget() bug in __write_ports_addfd()
  (git-fixes).
- NFSD: Remove open coding of string copy (git-fixes).
- SUNRPC: Fix trace_svc_register() call site (git-fixes).
- SUNRPC: always free ctxt when freeing deferred request
  (git-fixes).
- SUNRPC: double free xprt_ctxt while still in use (git-fixes).
- SUNRPC: remove the maximum number of retries in call_bind_status
  (git-fixes).
- NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease
  (git-fixes).
- SUNRPC: Remove dead code in svc_tcp_release_rqst() (git-fixes).
- NFSD: Fix sparse warning (git-fixes).
- commit 8c604d4

- net/sched: cls_u32: Fix reference counter leak leading to
  overflow (CVE-2023-3609 bsc#1213586).
- commit e129a1f

- net/sched: sch_qfq: account for stab overhead in qfq_enqueue
  (CVE-2023-3611 bsc#1213585).
- net/sched: sch_qfq: reintroduce lmax bound check for MTU
  (bsc#1213585).
- net/sched: sch_qfq: refactor parsing of netlink parameters
  (bsc#1213585).
- commit 67a1d0b

- IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes)
- commit cb2f513

- pinctrl: amd: Detect internal GPIO0 debounce handling
  (git-fixes).
- commit 2209e7e

- drm/msm/disp/dpu: get timing engine status from intf status
  register (git-fixes).
- Refresh
  patches.suse/drm-msm-dpu-Remove-duplicate-register-defines-from-I.patch.
- commit 01f0700

- usb: dwc2: platform: Improve error reporting for problems
  during .remove() (git-fixes).
- Refresh
  patches.suse/usb-dwc2-Fix-some-error-handling-paths.patch.
- commit c99cdac

- drm/atomic: Fix potential use-after-free in nonblocking commits
  (git-fixes).
- pinctrl: amd: Only use special debounce behavior for GPIO 0
  (git-fixes).
- drm/amdgpu: avoid restore process run into dead loop
  (git-fixes).
- i2c: xiic: Don't try to handle more interrupt events after error
  (git-fixes).
- drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes).
- drm/amdgpu: fix clearing mappings for BOs that are always
  valid in VM (git-fixes).
- USB: serial: option: add LARA-R6 01B PIDs (git-fixes).
- xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes).
- xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes).
- xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes).
- tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
  (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
  (git-fixes).
- PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
  (git-fixes).
- pinctrl: amd: Fix mistake in handling clearing pins at startup
  (git-fixes).
- drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK
  (git-fixes).
- drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes).
- drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes).
- drm/atomic: Allow vblank-enabled + self-refresh "disable"
  (git-fixes).
- drm/bridge: tc358768: Add atomic_get_input_bus_fmts()
  implementation (git-fixes).
- hwmon: (pmbus/adm1275) Fix problems with temperature monitoring
  on ADM1272 (git-fixes).
- selftests: rtnetlink: remove netdevsim device after ipsec
  offload test (git-fixes).
- leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev
  rename (git-fixes).
- mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes).
- mmc: sdhci: fix DMA configure compatibility issue when 64bit
  DMA mode is used (git-fixes).
- kselftest: vDSO: Fix accumulation of uninitialized ret when
  CLOCK_REALTIME is undefined (git-fixes).
- ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error
  (git-fixes).
- crypto: qat - Use helper to set reqsize (git-fixes).
- crypto: kpp - Add helper to set reqsize (git-fixes).
- wifi: ray_cs: Drop useless status variable in parse_addr()
  (git-fixes).
- wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes).
- hwmon: (adm1275) Allow setting sample averaging (git-fixes).
- i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in
  xiic_process() (git-fixes).
- wl3501_cs: use eth_hw_addr_set() (git-fixes).
- commit 87a543d

- xfs: wait iclog complete before tearing down AIL (bsc#1211811).
- commit a2d37c4

- xfs: run callbacks before waking waiters in
  xlog_state_shutdown_callbacks (bsc#1211811).
- commit 602a6b0

- ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component
  remove (git-fixes).
- ASoC: codecs: wcd934x: fix resource leaks on component remove
  (git-fixes).
- ASoC: codecs: wcd938x: fix missing clsh ctrl error handling
  (git-fixes).
- ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR
  (git-fixes).
- ASoC: codecs: wcd938x: fix soundwire initialisation race
  (git-fixes).
- ASoC: codecs: wcd938x: fix codec initialisation race
  (git-fixes).
- ASoC: tegra: Fix ADX byte map (git-fixes).
- ASoC: tegra: Fix AMX byte map (git-fixes).
- commit 2c27c0a

- ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops
  (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx
  (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes).
- commit 61a595d

- ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp
  (git-fixes).
- ALSA: hda/realtek - remove 3k pull low procedure (git-fixes).
- fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
  (git-fixes).
- fbdev: imxfb: warn about invalid left/right margin (git-fixes).
- commit 61676e6

- xfs: drop async cache flushes from CIL commits (bsc#1211811).
- commit b52f8c8

- xfs: async CIL flushes need pending pushes to be made stable
  (bsc#1211811).
- commit a7a8e83

- xfs: move the CIL workqueue to the CIL (bsc#1211811).
- commit bdc017f

- xfs: CIL work is serialised, not pipelined (bsc#1211811).
- commit 41681a2

- xfs: AIL needs asynchronous CIL forcing (bsc#1211811).
- commit df27a10

- xfs: order CIL checkpoint start records (bsc#1211811).
- commit 1723063

- xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state()
  (bsc#1211811).
- commit 7d0f707

- xfs: don't run shutdown callbacks on active iclogs
  (bsc#1211811).
- Refresh patches.suse/xfs-pass-a-CIL-context-to-xlog_write.patch.
- commit bbe5b6f

- xfs: separate out log shutdown callback processing
  (bsc#1211811).
- commit 8739ead

- xfs: rework xlog_state_do_callback() (bsc#1211811).
- commit e073f75

- xfs: factor out log write ordering from xlog_cil_push_work()
  (bsc#1211811).
- commit 9190d3a

- xfs: pass a CIL context to xlog_write() (bsc#1211811).
- Delete
  patches.suse/xfs-drop-async-cache-flushes-from-CIL-commits.patch.
- commit 32853a9

- xfs: XLOG_STATE_IOERROR must die (bsc#1211811).
- commit 90fa477

- xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
- commit b415a31

- Update
  patches.suse/net-tun-fix-bugs-for-oversize-packet-when-napi-frags.patch
  (git-fixes CVE-2023-3812 bsc#1213543).
  Added CVE reference.
- commit 98bd6ff

- drm/client: Fix memory leak in drm_client_target_cloned
  (git-fixes).
- net: phy: prevent stale pointer dereference in phy_init()
  (git-fixes).
- can: bcm: Fix UAF in bcm_proc_show() (git-fixes).
- selftests: tc: add ConnTrack procfs kconfig (git-fixes).
- selftests: tc: add 'ct' action kconfig dep (git-fixes).
- selftests: tc: set timeout to 15 minutes (git-fixes).
- rsi: remove kernel-doc comment marker (git-fixes).
- pie: fix kernel-doc notation warning (git-fixes).
- devlink: fix kernel-doc notation warnings (git-fixes).
- codel: fix kernel-doc notation warnings (git-fixes).
- commit a53eee1

- netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
  (CVE-2023-35001 bsc#1213059).
- netfilter: nf_tables: do not ignore genmask when looking up
  chain by id (CVE-2023-31248 bsc#1213061).
- commit 2165cfd

- uaccess: Add speculation barrier to copy_from_user()
  (bsc#1211738 CVE-2023-0459).
- commit 444186d

- fuse: ioctl: translate ENOSYS in outarg (bsc#1213524).
- fuse: revalidate: don't invalidate if interrupted (bsc#1213523).
- commit 6e0bfdd

- netfilter: nf_tables: incorrect error path handling with
  NFT_MSG_NEWRULE (CVE-2023-3390 CVE-2023-3117 bsc#1212846
  bsc#1213245).
- commit fc1ae7b

- KVM: Add GDS_NO support to KVM (bsc#1206418, CVE-2022-40982).
- commit aa4b0be

- x86/speculation: Add Kconfig option for GDS (bsc#1206418, CVE-2022-40982).
- commit 9f327b6

- x86/speculation: Add force option to GDS mitigation (bsc#1206418, CVE-2022-40982).
- commit a0b814b

- x86/speculation: Add Gather Data Sampling mitigation (bsc#1206418, CVE-2022-40982).
- commit bc512dd

- xfs: don't deplete the reserve pool when trying to shrink the fs
  (git-fixes).
- commit 5a2f80d

- xfs: don't reverse order of items in bulk AIL insertion
  (git-fixes).
- commit d6e35fc

- xfs: fix logdev fsmap query result filtering (git-fixes).
- commit c455cfa

- xfs: clean up the rtbitmap fsmap backend (git-fixes).
- commit 48d04d0

- xfs: fix getfsmap reporting past the last rt extent (git-fixes).
- commit c0bf1f4

- xfs: fix integer overflows in the fsmap rtbitmap and logdev
  backends (git-fixes).
- commit 2722715

- xfs: fix interval filtering in multi-step fsmap queries
  (git-fixes).
- commit bdbe0c0

- xfs: fix uninitialized variable access (git-fixes).
- commit 00489cf

- xfs: pass explicit mount pointer to rtalloc query functions
  (git-fixes).
- commit 8dd0d7d

- xfs: make the record pointer passed to query_range functions
  const (git-fixes).
- commit f3907e2

- xfs: make fsmap backend function key parameters const
  (git-fixes).
- commit f2d77e2

- xfs: fix off-by-one error when the last rt extent is in use
  (git-fixes).
- commit 6038622

- ocfs2: Switch to security_inode_init_security() (git-fixes).
- commit a16070d

- ocfs2: check new file size on fallocate call (git-fixes).
- commit 3af0daa

- ocfs2: fix use-after-free when unmounting read-only filesystem
  (git-fixes).
- commit 32172b2

- smb: client: fix missed ses refcounting (git-fixes).
- commit 1464145

- powerpc/security: Fix Speculation_Store_Bypass reporting on
  Power10 (bsc#1188885 ltc#193722 git-fixes).
- commit 298c13e

- Refresh
  patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s-asso.patch.
- commit d8bebeb

- security: keys: Modify mismatched function name (git-fixes).
- tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
  (git-fixes).
- commit 9b8aa64

- x86/cpu/amd: Add a Zenbleed fix (bsc#1213286, CVE-2023-20593).
- commit e269335

- x86/cpu/amd: Move the errata checking functionality up (bsc#1213286, CVE-2023-20593).
- commit 74df26d

- usb: gadget: udc: core: Prevent soft_connect_store() race
  (git-fixes).
- commit b1dbc3a

- usb: gadget: udc: core: Offload usb_udc_vbus_handler processing
  (git-fixes).
- commit bc06187

- rpm: Update dependency to match current kmod.
- commit d687dc3

- usb: dwc2: Fix some error handling paths (git-fixes).
- commit b3ae2f4

- blacklist.conf: optimization
- commit 9e3e296

- blacklist.conf: Blacklist redundant patch
- commit 48411ae

- arm64: vdso: Pass (void *) to virt_to_page() (git-fixes)
- commit 80dd531

- arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes)
- commit beb79bd

- Revert "arm64: dts: zynqmp: Add address-cells property to interrupt (git-fixes)
- commit d0d71ee

- arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-fixes)
- commit ada238c

- arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
- commit c9bacb3

- spi: bcm63xx: fix max prepend length (git-fixes).
- commit 656db51

- drm/i915: Fix one wrong caching mode enum usage (git-fixes).
- drm/panel: simple: Add Powertip PH800480T013 drm_display_mode
  flags (git-fixes).
- drm/ttm: Don't leak a resource on swapout move error
  (git-fixes).
- drm/panel: simple: Add connector_type for innolux_at043tn24
  (git-fixes).
- wifi: rtw89: debug: fix error code in
  rtw89_debug_priv_send_h2c_set() (git-fixes).
- wifi: airo: avoid uninitialized warning in airo_get_rate()
  (git-fixes).
- commit d32565b

- net: mana: Add support for vlan tagging (bsc#1212301).
- commit b4b8120

- s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU
  ld < 2.36 (git-fixes bsc#1213264).
- commit 02c9941

- s390/debug: add _ASM_S390_ prefix to header guard (git-fixes
  bsc#1213263).
- commit ddf8224

- blacklist.conf: clang warning
- commit e4ffa77

- s390/ap: fix status returned by ap_aqic() (git-fixes
  bsc#1213259).
- commit 5299a79

- s390/ap: fix status returned by ap_qact() (git-fixes
  bsc#1213258).
- commit 43d22ed

- s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
  (git-fixes bsc#1213252).
- commit c694863

- s390: discard .interp section (git-fixes bsc#1213247).
- commit 227bb94

- smb: client: remove redundant pointer 'server' (bsc#1193629).
- commit 20babff

- cifs: fix session state transition to avoid use-after-free issue
  (bsc#1193629).
- commit a0e7e51

- cifs: new dynamic tracepoint to track ses not found errors
  (bsc#1193629).
- commit 79e9e86

- cifs: log session id when a matching ses is not found
  (bsc#1193629).
- commit 920ccfd

- smb: client: improve DFS mount check (bsc#1193629).
- commit 8dd4bf1

- smb: client: fix shared DFS root mounts with different prefixes
  (bsc#1193629).
- commit 4ae5a6b

- smb: client: fix parsing of source mount option (bsc#1193629).
- commit 2375f35

- smb: client: fix broken file attrs with nodfs mounts
  (bsc#1193629).
- commit cf3707b

- cifs: print client_guid in DebugData (bsc#1193629).
- commit edd7762

- cifs: fix session state check in smb2_find_smb_ses
  (bsc#1193629).
- commit 8dbfb28

- cifs: fix session state check in reconnect to avoid
  use-after-free issue (bsc#1193629).
- commit 6191deb

- cifs: do all necessary checks for credits within or before
  locking (bsc#1193629).
- commit 5bb05f4

- cifs: prevent use-after-free by freeing the cfile later
  (bsc#1193629).
- commit b7bc433

- smb: client: fix warning in generic_ip_connect() (bsc#1193629).
- commit f671e4f

- smb: client: fix warning in CIFSFindNext() (bsc#1193629).
- commit d1f13ae

- smb: client: fix warning in CIFSFindFirst() (bsc#1193629).
- commit 01673ee

- smb3: do not reserve too many oplock credits (bsc#1193629).
- commit 73fb9a2

- cifs: print more detail when invalidate_inode_mapping fails
  (bsc#1193629).
- commit a875165

- smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
- commit 28577bd

- smb: client: fix warning in cifs_match_super() (bsc#1193629).
- commit c6a889a

- cifs: print nosharesock value while dumping mount options
  (bsc#1193629).
- commit 4243019

- Refresh
  patches.suse/x86-xen-fix-secondary-processor-fpu-initialization.patch.
- commit 011270e

- x86: Fix .brk attribute in linker script (git-fixes).
- commit cacd6a8

- blacklist.conf: Blacklist 23ee27dce30e and dc94bb8f271c
- commit aa7880b

- Update patches.suse/fs-hfsplus-fix-UAF-issue-in-hfsplus_put_super.patch (CVE-2023-2985, bsc#1211867).
- commit b8edf00

- kabi/severities: Add VAS symbols changed due to recent fix
  VAS accelerators are directly tied to the architecture, there is no
  reason to have out-of-tree production drivers
- commit a0d0af6

- memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
- commit d8a2ca6

- blacklist.conf: Unapplicable ppc fixes
- commit 1d050a8

- powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo
  (bsc#1194869).
- powerpc: update ppc_save_regs to save current r1 in pt_regs
  (bsc#1194869).
- powerpc/powernv/sriov: perform null check on iov before
  dereferencing iov (bsc#1194869).
- powerpc/64s: Fix VAS mm use after free (bsc#1194869).
- powerpc/interrupt: Don't read MSR from
  interrupt_exit_kernel_prepare() (bsc#1194869).
- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869).
- powerpc/prom_init: Fix kernel config grep (bsc#1194869).
- powerpc/xics: fix refcount leak in icp_opal_init()
  (bsc#1194869).
- powerpc/ftrace: Remove ftrace init tramp once kernel init is
  complete (bsc#1194869).
- powerpc/64: Only WARN if __pa()/__va() called with bad addresses
  (bsc#1194869).
- powerpc/powernv/vas: Assign real address to rx_fifo in
  vas_rx_win_attr (bsc#1194869).
- powerpc: define get_cycles macro for arch-override
  (bsc#1194869).
- powerpc/secvar: fix refcount leak in format_show()
  (bsc#1194869).
- powerpc/mm: Switch obsolete dssall to .long (bsc#1194869).
- powerpc: clean vdso32 and vdso64 directories (bsc#1194869).
- signal: Replace force_sigsegv(SIGSEGV) with
  force_fatal_sig(SIGSEGV) (bsc#1194869).
- signal/powerpc: On swapcontext failure force SIGSEGV
  (bsc#1194869).
- commit 42f7ecb

- rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME
  They depend on CONFIG_TOOLCHAIN_HAS_*.
- commit 1007103

- powerpc/mm/dax: Fix the condition when checking if altmap
  vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes).
- commit 19eb287

- blacklist.conf: No 32bit signals on ppc64
- commit f2f83b0

- blacklist.conf: d9e5c3e9e751 powerpc: Export mmu_feature_keys[] as
  non-GPL
- commit 5cb5bd5

- blacklist.conf: b74196af372f powerpc/fadump: Fix fadump to work with a
  different endian capture kernel
  This changes the shared data from LE to BE for our kernel.
- commit 9bc7a26

- NTB: ntb_tool: Add check for devm_kcalloc (git-fixes).
- NTB: ntb_transport: fix possible memory leak while
  device_register() fails (git-fixes).
- ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
  (git-fixes).
- NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
  (git-fixes).
- ntb: idt: Fix error handling in idt_pci_driver_init()
  (git-fixes).
- commit e2532ad

- ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes).
- ALSA: hda/realtek: Amend G634 quirk to enable rear speakers
  (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes).
- ALSA: pcm: Fix potential data race at PCM memory allocation
  helpers (git-fixes).
- ALSA: hda: fix a possible null-pointer dereference due to data
  race in snd_hdac_regmap_sync() (git-fixes).
- ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760
  (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes).
- ALSA: fireface: make read-only const array for model names
  static (git-fixes).
- ALSA: oxfw: make read-only const array models static
  (git-fixes).
- commit 588fb29

- Fix documentation of panic_on_warn (git-fixes).
- commit d3bc78b

- ALSA: hda/realtek: Whitespace fix (git-fixes).
- apparmor: fix missing error check for rhashtable_insert_fast
  (git-fixes).
- Revert "drm/amd/display: edp do not add non-edid timings"
  (git-fixes).
- drm/i915/psr: Use hw.adjusted mode when calculating io/fast
  wake times (git-fixes).
- commit 5cd5af9

- ubi: Fix failure attaching when vid_hdr offset equals to
  (sub)page size (bsc#1210584).
- ubi: ensure that VID header offset + VID header size <= alloc,
  size (bsc#1210584).
- commit d00dadd

- hvcs: Synchronize hotplug remove with port free (bsc#1213134
  ltc#202861).
- hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861).
- hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861).
- hvcs: Use driver groups to manage driver attributes (bsc#1213134
  ltc#202861).
- hvcs: Use dev_groups to manage hvcs device attributes
  (bsc#1213134 ltc#202861).
- hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861).
- commit bcb2fb0

- fixup ext4-avoid-deadlock-in-fs-reclaim-with-page-writebac.patch
- commit da8cf7d

- Update patches.suse/KVM-x86-fix-sending-PV-IPI.patch (git-fixes,
  bsc#1210853).
- commit c3e9aec

- blacklist.conf: Blacklist b87c7cdf2bed
- commit 6e43578

- add mainline tags to five pci_hyperv patches
- commit 6e402f4

- spi: bcm-qspi: return error if neither hif_mspi nor mspi is
  available (git-fixes).
- dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in
  "compatible" conditional schema (git-fixes).
- phy: tegra: xusb: check return value of devm_kzalloc()
  (git-fixes).
- phy: tegra: xusb: Clear the driver reference in usb-phy dev
  (git-fixes).
- phy: Revert "phy: Remove SOC_EXYNOS4212 dep. from
  PHY_EXYNOS4X12_USB" (git-fixes).
- selftests: mptcp: depend on SYN_COOKIES (git-fixes).
- selftests: mptcp: sockopt: return error if wrong mark
  (git-fixes).
- Documentation: ABI: sysfs-class-net-qmi: pass_through contact
  update (git-fixes).
- docs: networking: Update codeaurora references for rmnet
  (git-fixes).
- Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes).
- pwm: ab8500: Fix error code in probe() (git-fixes).
- pwm: sysfs: Do not apply state to already disabled PWMs
  (git-fixes).
- pwm: imx-tpm: force 'real_period' to be zero in suspend
  (git-fixes).
- soundwire: qcom: fix storing port config out-of-bounds
  (git-fixes).
- media: cec: i2c: ch7322: also select REGMAP (git-fixes).
- media: atomisp: gmin_platform: fix out_len in
  gmin_get_config_dsm_var() (git-fixes).
- media: venus: helpers: Fix ALIGN() of non power of two
  (git-fixes).
- media: i2c: Correct format propagation for st-mipid02
  (git-fixes).
- media: usb: siano: Fix warning due to null work_func_t function
  pointer (git-fixes).
- media: videodev2.h: Fix struct v4l2_input tuner index comment
  (git-fixes).
- media: usb: Check az6007_read() return value (git-fixes).
- drm/amdgpu: Validate VM ioctl flags (git-fixes).
- Documentation: bonding: fix the doc of peer_notif_delay
  (git-fixes).
- Documentation: timers: hrtimers: Make hybrid union historical
  (git-fixes).
- drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes).
- commit 50938e1

- udf: Detect system inodes linked into directory hierarchy
  (bsc#1213114).
- commit 94969d9

- udf: Preserve link count of system files (bsc#1213113).
- commit 796148e

- udf: Do not update file length for failed writes to inline files
  (bsc#1213041).
- commit 7c424ea

- udf: Do not bother merging very long extents (bsc#1213040).
- commit 2bbc059

- udf: Truncate added extents on failed expansion (bsc#1213039).
- commit 570559c

- udf: Define EFSCORRUPTED error code (bsc#1213038).
- commit a788ad0

- udf: Fix extending file within last block (bsc#1213037).
- commit 03c1b38

- udf: Discard preallocation before extending file with a hole
  (bsc#1213036).
- commit 1574fab

- udf: Do not bother looking for prealloc extents if i_lenExtents
  matches i_size (bsc#1213035).
- commit 55f8d82

- udf: Fix preallocation discarding at indirect extent boundary
  (bsc#1213034).
- commit dd71a49

- udf: Avoid double brelse() in udf_rename() (bsc#1213032).
- commit b7363e8

- udf: Fix error handling in udf_new_inode() (bsc#1213112).
- commit 36daa9d

- writeback: fix call of incorrect macro (bsc#1213024).
- commit 3d9859a

- blacklist.conf: Blacklist e730558adffb
- commit dfc29a7

- inotify: Avoid reporting event with invalid wd (bsc#1213025).
- commit 663980c

- ext4: fix bug_on in __es_tree_search caused by bad quota inode
  (bsc#1213111).
- commit d2402bb

- ext4: fix to check return value of freeze_bdev() in
  ext4_shutdown() (bsc#1213021).
- commit 8a5e5cc

- ext4: turn quotas off if mount failed after enabling quotas
  (bsc#1213110).
- commit 54ce041

- ext4: Fix reusing stale buffer heads from last failed mounting
  (bsc#1213020).
- commit b4e9a35

- ext4: only update i_reserved_data_blocks on successful block
  allocation (bsc#1213019).
- commit 05b1124

- blacklist.conf: Blacklist dea9d8f7643f
- commit 5f3f2c9

- blacklist.conf: Blacklist eb1f822c76be and 1b2924393309
- commit dfea016

- ext4: add lockdep annotations for i_data_sem for ea_inode's
  (bsc#1213109).
- commit bd7e51d

- ext4: disallow ea_inodes with extended attributes (bsc#1213108).
- commit 8d79354

- ext4: set lockdep subclass for the ea_inode in
  ext4_xattr_inode_cache_find() (bsc#1213107).
- commit 086e29e

- ext4: add EA_INODE checking to ext4_iget() (bsc#1213106).
- commit 6f2cbde

- ext4: bail out of ext4_xattr_ibody_get() fails for any reason
  (bsc#1213018).
- commit 688805b

- blacklist.conf: Blacklist 2220eaf90992
- commit 646c4d8

- ext4: fix deadlock when converting an inline directory in
  nojournal mode (bsc#1213105).
- commit cce4da1

- ext4: improve error recovery code paths in __ext4_remount()
  (bsc#1213017).
- commit 29aa4fc

- ext4: improve error handling from ext4_dirhash() (bsc#1213104).
- commit eb9fd41

- ext4: check iomap type only if ext4_iomap_begin() does not fail
  (bsc#1213103).
- commit 0e400a2

- blacklist.conf: Blacklist 4f04351888a8
- commit 3ec5acd

- ext4: fix data races when using cached status extents
  (bsc#1213102).
- commit 5ba34cb

- ext4: avoid deadlock in fs reclaim with page writeback
  (bsc#1213016).
- commit 1d798af

- blacklist.conf: Blacklist 463808f237cf
- commit 8ab6243

- blacklist.conf: Blacklist 5354b2af3406
- commit af1acbd

- ext4: fix lockdep warning when enabling MMP (bsc#1213100).
- commit 12832e4

- ext4: fix WARNING in mb_find_extent (bsc#1213099).
- commit cf6660d

- ext4: fix use-after-free read in ext4_find_extent for bigalloc +
  inline (bsc#1213098).
- commit 4e5840b

- ext4: fix i_disksize exceeding i_size problem in paritally
  written case (bsc#1213015).
- commit 4f1e279

- jdb2: Don't refuse invalidation of already invalidated buffers
  (bsc#1213014).
- commit 02a11f8

- blacklist.conf: Blacklist 93cdf49f6eca
- commit 3fbd00a

- blacklist.conf: Blacklist 01e4ca294517
- commit d9ac63d

- ext4: zero i_disksize when initializing the bootloader inode
  (bsc#1213013).
- commit 659d07a

- ext4: fix WARNING in ext4_update_inline_data (bsc#1213012).
- commit e942503

- ext4: move where set the MAY_INLINE_DATA flag is set
  (bsc#1213011).
- commit 414128b

- ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096).
- commit c860105

- jbd2: fix data missing when reusing bh which is ready to be
  checkpointed (bsc#1213095).
- commit fba1499

- ext4: update s_journal_inum if it changes after journal replay
  (bsc#1213094).
- commit 555a671

- ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
- commit e1a7504

- ext4: refuse to create ea block when umounted (bsc#1213093).
- commit 0a1540e

- blacklist.conf: Blacklist 1e9d62d25281
- commit ec4ee27

- ext4: use ext4_fc_tl_mem in fast-commit replay path
  (bsc#1213092).
- commit 52602e2

- ext4: block range must be validated before use in
  ext4_mb_clear_bb() (bsc#1213090).
- commit 1a54a0f

- ext4: add strict range checks while freeing blocks
  (bsc#1213089).
- commit 48fbaec

- ext4: add ext4_sb_block_valid() refactored out of
  ext4_inode_block_valid() (bsc#1213088).
- commit 29b9d07

- ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb()
  (bsc#1213087).
- commit 8815a41

- blacklist.conf: Blacklist 3bbef91bdd21
- commit aca1605

- RDMA/rxe: Fix access checks in rxe_check_bind_mw (git-fixes)
- commit 2665c42

- nvme-multipath: support io stats on the mpath device
  (bsc#1210565).
- nvme: introduce nvme_start_request (bsc#1210565).
- commit 3351644

- opp: Fix use-after-free in lazy_opp_tables after probe deferral
  (git-fixes).
- clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks
  (git-fixes).
- clk: qcom: camcc-sc7180: Add parent dependency to all camera
  GDSCs (git-fixes).
- commit aa116bc

- net/sched: tcindex: Do not use perfect hashing (bsc#1210335
  CVE-2023-1829).
- commit 28b65ec

- blacklist.conf: Add 3d2af77e31ad blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats()
- commit 84acea1

- blacklist.conf: Add 6f363f5aa845 cgroup: Do not corrupt task iteration when rebinding subsystem
- commit 71728c0

- sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes)
- commit 073b9b6

- sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes)
- commit f0ad26b

- extcon: usbc-tusb320: Unregister typec port on driver removal
  (git-fixes).
- commit b2eac46

- usb: dwc3: gadget: Propagate core init errors to UDC during
  pullup (git-fixes).
- usb: dwc3-meson-g12a: Fix an error handling path in
  dwc3_meson_g12a_probe() (git-fixes).
- usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe()
  (git-fixes).
- usb: dwc3: qcom: Release the correct resources in
  dwc3_qcom_remove() (git-fixes).
- usb: xhci: Remove unused udev from xhci_log_ctx trace event
  (git-fixes).
- usb: hide unused usbfs_notify_suspend/resume functions
  (git-fixes).
- usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
  (git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_suspend
  (git-fixes).
- usb: dwc3: qcom: Fix potential memory leak (git-fixes).
- serial: atmel: don't enable IRQs prematurely (git-fixes).
- tty: serial: imx: fix rs485 rx after tx (git-fixes).
- serial: 8250_omap: Use force_suspend and resume for system
  suspend (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in
  s3c24xx_serial_getclk() when iterating clk (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in
  s3c24xx_serial_getclk() in case of error (git-fixes).
- serial: 8250: lock port for UART_IER access in omap8250_irq()
  (git-fixes).
- serial: 8250: lock port for stop_rx() in omap8250_irq()
  (git-fixes).
- serial: 8250: omap: Fix freeing of resources on failed register
  (git-fixes).
- extcon: Fix kernel doc of property capability fields to avoid
  warnings (git-fixes).
- extcon: Fix kernel doc of property fields to avoid warnings
  (git-fixes).
- misc: fastrpc: Create fastrpc scalar with correct buffer count
  (git-fixes).
- firmware: stratix10-svc: Fix a potential resource leak in
  svc_create_memory_pool() (git-fixes).
- test_firmware: return ENOMEM instead of ENOSPC on failed memory
  allocation (git-fixes).
- meson saradc: fix clock divider mask length (git-fixes).
- iio: accel: fxls8962af: errata bug only applicable for
  FXLS8962AF (git-fixes).
- iio: accel: fxls8962af: fixup buffer scan element type
  (git-fixes).
- iio: adc: ad7192: Fix internal/external clock selection
  (git-fixes).
- iio: adc: ad7192: Fix null ad7192_state pointer access
  (git-fixes).
- w1: fix loop in w1_fini() (git-fixes).
- w1: w1_therm: fix locking behavior in convert_t (git-fixes).
- mfd: stmpe: Only disable the regulators if they are enabled
  (git-fixes).
- mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes).
- mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes).
- mfd: intel-lpss: Add missing check for platform_get_resource
  (git-fixes).
- mfd: pm8008: Fix module autoloading (git-fixes).
- mfd: rt5033: Drop rt5033-battery sub-device (git-fixes).
- mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
  (git-fixes).
- rtc: st-lpc: Release some resources in st_rtc_probe() in case
  of error (git-fixes).
- extcon: usbc-tusb320: Update state on probe even if no IRQ
  pending (git-fixes).
- extcon: usbc-tusb320: Call the Type-C IRQ handler only if a
  port is registered (git-fixes).
- extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes).
- commit 5d09f51

- cifs: add a warning when the in-flight count goes negative
  (bsc#1193629).
- commit b5356cb

- cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
- commit 4a371a3

- cifs: fix max_credits implementation (bsc#1193629).
- commit 54568db

- cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
- commit f115649

- cifs: print all credit counters in DebugData (bsc#1193629).
- commit cfab0d3

- cifs: fix status checks in cifs_tree_connect (bsc#1193629).
- commit db74448

- smb: remove obsolete comment (bsc#1193629).
- commit dbdd811

- cifs: address unused variable warning (bsc#1193629).
- commit 2c0db9f

- smb: delete an unnecessary statement (bsc#1193629).
- commit 8263cc2

- smb3: missing null check in SMB2_change_notify (bsc#1193629).
- commit f544a57

- ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603
  ltc#202604).
- commit 9cf4e75

- Move upstreamed x86, scsi and arm patches into sorted section
- commit 68279fe

- x86/xen: fix secondary processor fpu initialization
  (bsc#1212869).
- commit 8ea47f4

- RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes)
- commit 4610493

- RDMA/bnxt_re: wraparound mbox producer index (git-fixes)
- commit 3193b97

- RDMA/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes)
- commit 4a80233

- RDMA/hns: Fix hns_roce_table_get return value (git-fixes)
- commit c5a9ac4

- IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes)
- commit 030725c

- RDMA/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes)
- commit 9e18a28

- RDMA/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes)
- commit 5d11670

- RDMA/bnxt_re: Remove unnecessary checks (git-fixes)
- commit 465a1cc

- RDMA/bnxt_re: Return directly without goto jumps (git-fixes)
- commit a16408a

- RDMA/bnxt_re: Fix to remove an unnecessary log (git-fixes)
- commit 5b86f20

- RDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes)
- commit 5fd5166

- RDMA/bnxt_re: Use unique names while registering interrupts (git-fixes)
- commit 4d45831

- RDMA/bnxt_re: Fix to remove unnecessary return labels (git-fixes)
- commit 0f82e06

- RDMA/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes)
- commit fa23528

- hwrng: st - keep clock enabled while hwrng is registered
  (git-fixes).
- hwrng: imx-rngc - fix the timeout for init and self check
  (git-fixes).
- crypto: marvell/cesa - Fix type mismatch warning (git-fixes).
- crypto: nx - fix build warnings when DEBUG_FS is not enabled
  (git-fixes).
- commit f87750a

- Remove more packaging cruft for SLE < 12 SP3
- commit a16781c

- PCI: endpoint: Add missing documentation about the MSI/MSI-X
  range (git-fixes).
- misc: pci_endpoint_test: Re-init completion for every test
  (git-fixes).
- misc: pci_endpoint_test: Free IRQs before removing the device
  (git-fixes).
- PCI: vmd: Reset VMD config register between soft reboots
  (git-fixes).
- PCI: rockchip: Set address alignment for endpoint mode
  (git-fixes).
- PCI: rockchip: Use u32 variable to access 32-bit registers
  (git-fixes).
- PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe
  endpoint core (git-fixes).
- PCI: rockchip: Add poll and timeout to wait for PHY PLLs to
  be locked (git-fixes).
- PCI: rockchip: Assert PCI Configuration Enable bit after probe
  (git-fixes).
- PCI: rockchip: Write PCI Device ID to correct register
  (git-fixes).
- PCI: qcom: Disable write access to read only registers for IP
  v2.3.3 (git-fixes).
- PCI: ftpci100: Release the clock resources (git-fixes).
- PCI: cadence: Fix Gen2 Link Retraining process (git-fixes).
- PCI: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes).
- PCI: Release resource invalidated by coalescing (git-fixes).
- PCI: pciehp: Cancel bringup sequence if card is not present
  (git-fixes).
- PCI/ASPM: Disable ASPM on MFD function removal to avoid
  use-after-free (git-fixes).
- pinctrl: cherryview: Return correct value if pin in push-pull
  mode (git-fixes).
- pinctrl: at91-pio4: check return value of devm_kasprintf()
  (git-fixes).
- pinctrl: microchip-sgpio: check return value of devm_kasprintf()
  (git-fixes).
- platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform
  profiles (git-fixes).
- platform/x86: think-lmi: Correct NVME password handling
  (git-fixes).
- platform/x86: think-lmi: Correct System password interface
  (git-fixes).
- platform/x86: think-lmi: mutex protection around multiple WMI
  calls (git-fixes).
- commit 22e7ca3

- Get module prefix from kmod (bsc#1212835).
- commit f6691b0

- smb: move client and server files to common directory fs/smb
  (bsc#1193629).
- Update config and supported.conf files due to renaming.
- commit ae50c24

- blacklist.conf: gcc 12 issue
- commit 81cb1b7

- s390/gmap: voluntarily schedule during key setting (git-fixes
  bsc#1212892).
- commit 4ccd632

- ALSA: hda/realtek: Add quirks for ROG ALLY CS35l41 audio
  (git-fixes).
- commit 913f7b5

- rpm/check-for-config-changes: ignore also PAHOLE_HAS_*
  We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE.
- commit 86b52c1

- bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable
  (git-fixes).
- soc/fsl/qe: fix usb.c build errors (git-fixes).
- memory: brcmstb_dpfe: fix testing array offset after use
  (git-fixes).
- drivers: meson: secure-pwrc: always enable DMA domain
  (git-fixes).
- bus: ti-sysc: Fix dispc quirk masking bool variables
  (git-fixes).
- soc: samsung: exynos-pmu: Re-introduce Exynos4212 support
  (git-fixes).
- drm/msm/dpu: correct MERGE_3D length (git-fixes).
- drm/msm/dp: Free resources after unregistering them (git-fixes).
- drm/msm/dpu: do not enable color-management if DSPPs are not
  available (git-fixes).
- drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes).
- drm/msm/dsi: don't allow enabling 14nm VCO with unprogrammed
  rate (git-fixes).
- drm/i915/gvt: remove unused variable gma_bottom in command
  parser (git-fixes).
- amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes).
- drm/radeon: fix possible division-by-zero errors (git-fixes).
- drm/amd/display: Fix artifacting on eDP panels when engaging
  freesync video mode (git-fixes).
- drm/amd/display: drop redundant memset() in
  get_available_dsc_slices() (git-fixes).
- drm/amdkfd: Fix potential deallocation of previously deallocated
  memory (git-fixes).
- drm/amd/display: Explicitly specify update type per plane info
  change (git-fixes).
- radeon: avoid double free in ci_dpm_init() (git-fixes).
- drm/amd/display: Add logging for display MALL refresh setting
  (git-fixes).
- drm/panel: simple: fix active size for Ampire
  AM-480272H3TMQW-T01H (git-fixes).
- drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes).
- drm: sun4i_tcon: use devm_clk_get_enabled in
  `sun4i_tcon_init_clocks` (git-fixes).
- drm/vram-helper: fix function names in vram helper doc
  (git-fixes).
- drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes).
- drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes).
- drm/bridge: tc358768: fix PLL target frequency (git-fixes).
- drm/bridge: tc358768: fix PLL parameters computation
  (git-fixes).
- drm/bridge: tc358768: always enable HS video mode (git-fixes).
- drm/rockchip: vop: Leave vblank enabled in self-refresh
  (git-fixes).
- ASoC: imx-audmix: check return value of devm_kasprintf()
  (git-fixes).
- ASoC: mediatek: mt8173: Fix irq error path (git-fixes).
- ASoC: es8316: Do not set rate constraints for unsupported MCLKs
  (git-fixes).
- ASoC: es8316: Increment max value for ALC Capture Target Volume
  control (git-fixes).
- ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
  (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic
  boost on EliteBook (git-fixes).
- Input: adxl34x - do not hardcode interrupt trigger type
  (git-fixes).
- Input: drv260x - remove unused .reg_defaults (git-fixes).
- Input: drv260x - sleep between polling GO bit (git-fixes).
- Input: drv260x - fix typo in register value define (git-fixes).
- HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651
  (git-fixes).
- fbdev: omapfb: lcd_mipid: Fix an error handling path in
  mipid_spi_probe() (git-fixes).
- clk: ti: clkctrl: check return value of kasprintf() (git-fixes).
- clk: keystone: sci-clk: check return value of kasprintf()
  (git-fixes).
- clk: si5341: free unused memory on probe failure (git-fixes).
- clk: si5341: check return value of {devm_}kasprintf()
  (git-fixes).
- clk: si5341: return error if one synth clock registration fails
  (git-fixes).
- clk: cdce925: check return value of kasprintf() (git-fixes).
- clk: vc5: check memory returned by kasprintf() (git-fixes).
- clk: Fix memory leak in devm_clk_notifier_register()
  (git-fixes).
- clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes).
- clk: imx: clk-imx8mp: improve error handling in
  imx8mp_clocks_probe() (git-fixes).
- clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe
  (git-fixes).
- clk: imx: scu: use _safe list iterator to avoid a use after free
  (git-fixes).
- clk: samsung: Add Exynos4212 compatible to CLKOUT driver
  (git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes).
- commit 7ae139a

- io_uring: hold uring mutex around poll removal (bsc#1212838
  CVE-2023-3389).
- commit e7c3e0b

- ocfs2: fix non-auto defrag path not working issue (git-fixes).
- commit 9e8659c

- ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes).
- commit 3c403c0

- ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown
  (git-fixes).
- commit b453224

- usrmerge: Adjust module path in the kernel sources (bsc#1212835).
  With the module path adjustment applied as source patch only
  ALP/Tumbleweed kernel built on SLE/Leap needs the path changed back to
  non-usrmerged.
- commit dd9a820

- ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842
  CVE-2023-3090).
- commit 7062cce

- signal/s390: Use force_sigsegv in default_trap_handler
  (git-fixes bsc#1212861).
- commit 65a5c57

- blacklist.conf: cleanup commit
- commit 2bf2715

- tracing/timer: Add missing hrtimer modes to
  decode_hrtimer_mode() (git-fixes).
- commit ed0442b

- writeback: fix dereferencing NULL mapping->host on
  writeback_page_template (git-fixes).
- commit 9837e76

- x86/kprobes: Fix arch_check_optimized_kprobe check within
  optimized_kprobe range (git-fixes).
- commit 085878a

- blacklist.conf: gcc warnings for the newer version of the compiler
- commit 1dd8f7f

- btrfs: unset reloc control if transaction commit fails in
  prepare_to_relocate() (bsc#1212051 CVE-2023-3111).
- commit 8d54367

- net/mlx5: add IFC bits for bypassing port select flow table (git-fixes)
- commit cbfecbe

- nvme-core: fix dev_pm_qos memleak (git-fixes).
- nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes).
- nvme-core: fix memory leak in dhchap_secret_store (git-fixes).
- nvme: double KA polling frequency to avoid KATO with TBKAS on
  (git-fixes).
- nvme-pci: add quirk for missing secondary temperature thresholds
  (git-fixes).
- commit 52de066

- RDMA/rxe: Fix rxe_cq_post (git-fixes)
- commit 00af074

- IB/isert: Fix incorrect release of isert connection (git-fixes)
- commit e38bdbc

- IB/isert: Fix possible list corruption in CMA handler (git-fixes)
- commit 6bacb44

- IB/isert: Fix dead lock in ib_isert (git-fixes)
- commit ffd174a

- RDMA/mlx5: Fix affinity assignment (git-fixes)
- commit 29d122c

- RDMA/mlx5: Don't set tx affinity when lag is in hash mode (git-fixes)
- commit 2b5aac8

- IB/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes)
- commit 8f45747

- RDMA/uverbs: Restrict usage of privileged QKEYs (git-fixes)
- commit fe78e01

- RDMA/cma: Always set static rate to 0 for RoCE (git-fixes)
- commit 361e585

- RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes)
- commit e6d3548

- RDMA/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes)
- commit 1b7d9cb

- RDMA/rxe: Fix ref count error in check_rkey() (git-fixes)
- commit 7284531

- RDMA/rxe: Fix packet length checks (git-fixes)
- commit ca5d9e2

- RDMA/rtrs: Fix rxe_dealloc_pd warning (git-fixes)
- commit bdd8fdf

- wifi: ath9k: convert msecs to jiffies where needed (git-fixes).
- wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
  (git-fixes).
- wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
  (git-fixes).
- wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection
  (git-fixes).
- wifi: cfg80211: rewrite merging of inherited elements
  (git-fixes).
- wifi: iwlwifi: pcie: fix NULL pointer dereference in
  iwl_pcie_irq_rx_msix_handler() (git-fixes).
- wifi: iwlwifi: pull from TXQs with softirqs disabled
  (git-fixes).
- wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes).
- wifi: rsi: Do not configure WoWlan in shutdown hook if not
  enabled (git-fixes).
- wifi: atmel: Fix an error handling path in atmel_probe()
  (git-fixes).
- wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
  (git-fixes).
- wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
  (git-fixes).
- wifi: ath9k: avoid referencing uninit memory in
  ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: fix AR9003 mac hardware hang check register offset
  calculation (git-fixes).
- wifi: mwifiex: Fix the size of a memory allocation in
  mwifiex_ret_802_11_scan() (git-fixes).
- wifi: wilc1000: fix for absent RSN capabilities WFA testcase
  (git-fixes).
- mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes).
- mtd: rawnand: meson: fix unaligned DMA buffers handling
  (git-fixes).
- Revert "mtd: rawnand: arasan: Prevent an unsupported
  configuration" (git-fixes).
- spi: dw: Round of n_bytes to power of 2 (git-fixes).
- spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG
  (git-fixes).
- regulator: helper: Document ramp_delay parameter of
  regulator_set_ramp_delay_regmap() (git-fixes).
- regulator: core: Streamline debugfs operations (git-fixes).
- regulator: core: Fix more error checking for
  debugfs_create_dir() (git-fixes).
- pstore/ram: Add check for kstrdup (git-fixes).
- integrity: Fix possible multiple allocation in
  integrity_inode_get() (git-fixes).
- Revert "net: phy: dp83867: perform soft reset and retain
  established link" (git-fixes).
- mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916
  (git-fixes).
- nilfs2: fix buffer corruption due to concurrent device reads
  (git-fixes).
- soundwire: dmi-quirks: add new mapping for HP Spectre x360
  (git-fixes).
- Input: soc_button_array - add invalid acpi_index DMI quirk
  handling (git-fixes).
- spi: lpspi: disable lpspi module irq in DMA mode (git-fixes).
- media: cec: core: don't set last_initiator if tx in progress
  (git-fixes).
- usb: gadget: udc: fix NULL dereference in remove() (git-fixes).
- nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes).
- HID: wacom: Add error check to wacom_parse_and_register()
  (git-fixes).
- commit b21df60

- RDMA/rtrs: Fix the last iu->buf leak in err path (git-fixes)
- commit d45f7dc

- RDMA/rxe: Removed unused name from rxe_task struct (git-fixes)
- commit e3cca5c

- RDMA/rxe: Remove the unused variable obj (git-fixes)
- commit 0081865

- can: isotp: isotp_sendmsg(): fix return error fix on TX path
  (git-fixes).
- can: kvaser_pciefd: Remove handler for unused
  KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes).
- can: kvaser_pciefd: Remove useless write to interrupt register
  (git-fixes).
- can: length: fix description of the RRS field (git-fixes).
- can: length: fix bitstuffing count (git-fixes).
- can: length: make header self contained (git-fixes).
- elf: correct note name comment (git-fixes).
- drm/amd/display: fix the system hang while disable PSR
  (git-fixes).
- ARM: dts: Fix erroneous ADS touchscreen polarities (git-fixes).
- ASoC: nau8824: Add quirk to active-high jack-detect (git-fixes).
- ASoC: simple-card: Add missing of_node_put() in case of error
  (git-fixes).
- drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
  (git-fixes).
- drm/exynos: vidi: fix a wrong error return (git-fixes).
- drm/radeon: fix race condition UAF in
  radeon_gem_set_domain_ioctl (git-fixes).
- arm64: Add missing Set/Way CMO encodings (git-fixes).
- drm/amd/display: Add wrapper to call planes and stream update
  (git-fixes).
- drm/amd/display: Use dc_update_planes_and_stream (git-fixes).
- drm/amd/display: Add minimal pipe split transition state
  (git-fixes).
- commit f746d09

- blacklist.conf: add git-fixes for nvme
- commit e4a757c

- x86/build: Avoid relocation information in final vmlinux
  (bsc#1187829).
- commit b248c02

- gfs2: Don't deref jdesc in evict (bsc#1212265 CVE-2023-3212).
- commit 2228e4a

- ice: Fix XDP memory leak when NIC is brought up and down
  (git-fixes).
- ice: block LAN in case of VF to VF offload (git-fixes).
- ice: Reset FDIR counter in FDIR init stage (git-fixes).
- ice: fix wrong fallback logic for FDIR (git-fixes).
- ice: fix invalid check for empty list in
  ice_sched_assoc_vsi_to_agg() (git-fixes).
- ice: add profile conflict check for AVF FDIR (git-fixes).
- ice: Fix DSCP PFC TLV creation (git-fixes).
- ice: copy last block omitted in ice_get_module_eeprom()
  (git-fixes).
- ice: switch: fix potential memleak in ice_add_adv_recipe()
  (git-fixes).
- ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes).
- ice: Prevent set_channel from changing queues while RDMA active
  (git-fixes).
- ice: config netdev tc before setting queues number (git-fixes).
- ice: Fix ice_xdp_xmit() when XDP TX queue number is not
  sufficient (git-fixes).
- ice: Don't double unplug aux on peer initiated reset
  (git-fixes).
- ice: use bitmap_free instead of devm_kfree (git-fixes).
- ice: xsk: use Rx ring's XDP ring when picking NAPI context
  (git-fixes).
- ice: Ignore EEXIST when setting promisc mode (git-fixes).
- ice: handle E822 generic device ID in PLDM header (git-fixes).
- ice: ethtool: Prohibit improper channel config for DCB
  (git-fixes).
- ice: ethtool: advertise 1000M speeds properly (git-fixes).
- ice: Fix memory corruption in VF driver (git-fixes).
- ice, xsk: Diversify return values from xsk_wakeup call paths
  (git-fixes).
- commit 6a47979

- thermal/drivers/sun8i: Fix some error handling paths in
  sun8i_ths_probe() (git-fixes).
- PM: domains: fix integer overflow issues in genpd_parse_state()
  (git-fixes).
- clocksource/drivers/cadence-ttc: Fix memory leak in
  ttc_timer_probe (git-fixes).
- irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
  (git-fixes).
- irqchip/clps711x: Remove unused clps711x_intc_init() function
  (git-fixes).
- irqchip/ftintc010: Mark all function static (git-fixes).
- commit bc06af3

- kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
- commit 95a40a6

- scsi: core: Improve warning message in scsi_device_block()
  (bsc#1209284).
- scsi: core: Don't wait for quiesce in scsi_device_block()
  (bsc#1209284).
- scsi: core: Don't wait for quiesce in scsi_stop_queue()
  (bsc#1209284).
- scsi: core: Merge scsi_internal_device_block() and
  device_block() (bsc#1209284).
- scsi: sg: Increase number of devices (bsc#1210048).
- scsi: bsg: Increase number of devices (bsc#1210048).
- commit 8f3e780

- Update references in the patch
  patches.suse/HID-intel_ish-hid-Add-check-for-ishtp_dma_tx_map.patch
  (git-fixes bsc#1212606 CVE-2023-3358).
- commit f3ebbc7

- x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes).
- commit 26e74c2

- x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes).
- commit e8ab3ef

- x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes).
- commit d73721e

- x86/sgx: Fix race between reclaimer and page fault handler (git-fixes).
- commit 958e41f

- powerpc/set_memory: Avoid spinlock recursion in
  change_page_attr() (bsc#1194869).
- commit c747d4c

- i2c: imx-lpi2c: fix type char overflow issue when calculating
  the clock cycle (git-fixes).
- i2c: qup: Add missing unwind goto in qup_i2c_probe()
  (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes).
- ALSA: hda/realtek: Add "Intel Reference board" and "NUC 13"
  SSID in the ALC256 (git-fixes).
- ALSA: hda/realtek: Add quirks for ASUS GU604V and GU603V
  (git-fixes).
- commit 607c980

- powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled
  (bsc#1194869).
- powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall
  (bsc#1194869 bsc#1212701).
- commit 98497f8

- ieee802154: hwsim: Fix possible memory leaks (git-fixes).
- mmc: usdhi60rol0: fix deferred probing (git-fixes).
- mmc: sunxi: fix deferred probing (git-fixes).
- mmc: sh_mmcif: fix deferred probing (git-fixes).
- mmc: sdhci-spear: fix deferred probing (git-fixes).
- mmc: sdhci-acpi: fix deferred probing (git-fixes).
- mmc: owl: fix deferred probing (git-fixes).
- mmc: omap_hsmmc: fix deferred probing (git-fixes).
- mmc: omap: fix deferred probing (git-fixes).
- mmc: mvsdio: fix deferred probing (git-fixes).
- mmc: mtk-sd: fix deferred probing (git-fixes).
- mmc: bcm2835: fix deferred probing (git-fixes).
- mmc: meson-gx: remove redundant mmc_request_done() call from
  irq context (git-fixes).
- mmc: mmci: stm32: fix max busy timeout calculation (git-fixes).
- commit a8d1547

- HID: amd_sfh: Add missing check for dma_alloc_coherent
  (bsc#1212605 CVE-2023-3357).
- commit 1aef403

- net/mlx5: fix missing mutex_unlock in
  mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253).
- commit f9de2c8

- Refresh
  patches.suse/mm-vmalloc-do-not-output-a-spurious-warning-when-huge-vmalloc-fails.patch.
  Update mainline status and sort the patch.
- commit 9716927

- s390/pkey: zeroize key blobs (git-fixes bsc#1212619).
- commit 859dd00

- x86/mm: fix poking_init() for Xen PV guests (git-fixes).
- commit 3f14de3

- regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes).
- regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes).
- USB: serial: option: add Quectel EM061KGL series (git-fixes).
- drm/amd/display: edp do not add non-edid timings (git-fixes).
- selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET
  (git-fixes).
- net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes).
- spi: fsl-dspi: avoid SCK glitches with continuous transfers
  (git-fixes).
- nilfs2: fix incomplete buffer cleanup in
  nilfs_btnode_abort_change_key() (git-fixes).
- test_firmware: prevent race conditions by a correct
  implementation of locking (git-fixes).
- ARM: dts: vexpress: add missing cache properties (git-fixes).
- drm:amd:amdgpu: Fix missing buffer object unlock in failure path
  (git-fixes).
- power: supply: Fix logic checking if system is running from
  battery (git-fixes).
- power: supply: Ratelimit no data debug output (git-fixes).
- power: supply: bq27xxx: Use mod_delayed_work() instead of
  cancel() + schedule() (git-fixes).
- power: supply: sc27xx: Fix external_power_changed race
  (git-fixes).
- power: supply: ab8500: Fix external_power_changed race
  (git-fixes).
- ASoC: dwc: move DMA init to snd_soc_dai_driver probe()
  (git-fixes).
- ASoC: soc-pcm: test if a BE can be prepared (git-fixes).
- platform/x86: asus-wmi: Ignore WMI events with codes 0x7B,
  0xC0 (git-fixes).
- regulator: Fix error checking for debugfs_create_dir
  (git-fixes).
- spi: tegra210-quad: Fix iterator outside loop (git-fixes).
- test_firmware: Use kstrtobool() instead of strtobool()
  (git-fixes).
- commit 571f9b4

- blacklist.conf: added drbd git-fix
  drbd in kernel no supported/used
- commit d232113

- s390/dasd: Use correct lock while counting channel queue length
  (git-fixes bsc#1212592).
- commit 3416e6e

- blacklist.conf: ("arm64: dts: colibri-imx8x: delete adc1 and dsp")
- commit eb24176

- arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes)
- commit 9aba35e

- arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes)
- commit ae23b2f

- arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes)
- commit 5cee83a

- arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes)
- commit bfb5d9b

- cgroup: Use cgroup_attach_{lock,unlock}() from
  cgroup_attach_task_all() (bsc#1212563).
- commit f39cb40

- spi: tegra210-quad: Fix combined sequence (bsc#1212584)
- commit 148b744

- spi: tegra210-quad: Multi-cs support (bsc#1212584)
- commit 1e10d7b

- x86/mm: Use mm_alloc() in poking_init() (bsc#1212448).
- commit ae2a42d

- bpf: Fix UAF in task local storage (bsc#1212564).
- commit 26b737d

- cgroup: fix missing cpus_read_{lock,unlock}() in
  cgroup_transfer_tasks() (bsc#1212563).
- commit 2b82ccd

- mm/vmalloc: do not output a spurious warning when huge vmalloc()
  fails (bsc#1211410).
- commit ae4e43c

- cgroup: always put cset in cgroup_css_set_put_fork
  (bsc#1212561).
- commit ae170c0

- mm: vmalloc: avoid warn_alloc noise caused by fatal signal
  (bsc#1211410).
- commit 0352c7c

- Update References tag
  patches.suse/usb-gadget-udc-renesas_usb3-Fix-use-after-free-bug-i.patch
  (git-fixes bsc#1212513 CVE-2023-35828).
- commit 058d07e

- ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep()
  (git-fixes).
- commit 7ecdfc8

- x86/mm: Initialize text poking earlier (bsc#1212448).
- Refresh patches.suse/init-provide-arch_cpu_finalize_init.patch.
- Refresh patches.suse/init-remove-check_bugs-leftovers.patch.
- commit fe545d9

- mm: Move mm_cachep initialization to mm_init() (bsc#1212448).
- commit b8943a6

- Refresh patches.suse/init-invoke-arch_cpu_finalize_init-earlier.patch.
  Move arch_cpu_finalize_init() to the correct place.
- commit 87f94ba

- binfmt_elf: Take the mmap lock when walking the VMA list
  (bsc#1209039 CVE-2023-1249).
- commit bc9a5c4

- ceph: fix use-after-free bug for inodes when flushing capsnaps
  (bsc#1212540).
- commit c22ab50

- Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758)
- commit 985593a

- x86/microcode: Print previous version of microcode after reload
  (git-fixes).
- blacklist.conf: remove it
- Refresh
  patches.suse/x86-microcode-add-a-parameter-to-microcode_check-to-store-cpu-capabilities.patch.
- Refresh
  patches.suse/x86-microcode-adjust-late-loading-result-reporting-message.patch.
  Take the blacklisted commit instead of merging it into the second patch.
  Refresh the third one to the upstream version.
- commit b0493cf

- x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter
  (git-fixes).
- blacklist.conf: remove it
- Refresh
  patches.suse/x86-microcode-amd-fix-mixed-steppings-support.patch.
  Take the blacklisted commit instead of merging it into the latter patch.
  This solves a bug in the latter patch backport as the patch now applies
  cleanly and no manual changes are needed.
- commit 7d65f32

- Update References tag
  patches.suse/media-rkvdec-fix-use-after-free-bug-in-rkvdec_remove.patch
  (git-fixes bsc#1212495 CVE-2023-35829).
- commit 85c0f24

- Move upstreamed thunderbolt patch into sorted section
- commit 375578f

- Update
  patches.suse/net-sched-flower-fix-possible-OOB-write-in-fl_set_ge.patch
  (CVE-2023-35788 bsc#1212504).
  Added CVE reference.
- commit 48e3971

- supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931)
- commit 9d2272d

- Update References tag
  patches.suse/media-saa7134-fix-use-after-free-bug-in-saa7134_fini.patch
  (git-fixes bsc#1212494 CVE-2023-35823).
- commit 6056471

- igb: fix nvm.ops.read() error handling (git-fixes).
- igc: Fix possible system crash when loading module (git-fixes).
- igc: Clean the TX buffer and TX descriptor ring (git-fixes).
- iavf: remove mask from iavf_irq_enable_queues() (git-fixes).
- bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks
  (git-fixes).
- bnxt_en: Skip firmware fatal error recovery if chip is not
  accessible (git-fixes).
- bnxt_en: Query default VLAN before VNIC setup on a VF
  (git-fixes).
- bnxt_en: Don't issue AP reset during ethtool's reset operation
  (git-fixes).
- net: sched: fix possible refcount leak in tc_chain_tmplt_add()
  (git-fixes).
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
  (git-fixes).
- tools: bpftool: Remove invalid \' json escape (git-fixes).
- net/net_failover: fix txq exceeding warning (git-fixes).
- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit
  platforms (git-fixes).
- tls: Skip tls_append_frag on zero copy size (git-fixes).
- net/sched: fix initialization order when updating chain 0 head
  (git-fixes).
- commit 357e3aa

- staging: octeon: delete my name from TODO contact (git-fixes).
- usb: typec: ucsi: Fix command cancellation (git-fixes).
- USB: dwc3: fix use-after-free on core driver unbind (git-fixes).
- USB: dwc3: qcom: fix NULL-deref on suspend (git-fixes).
- usb: dwc3: gadget: Reset num TRBs before giving back the request
  (git-fixes).
- thunderbolt: dma_test: Use correct value for absent rings when
  creating paths (git-fixes).
- serial: lantiq: add missing interrupt ack (git-fixes).
- commit 07ac6ad

- ALSA: usb-audio: Add quirk flag for HEM devices to enable
  native DSD playback (git-fixes).
- ALSA: usb-audio: Fix broken resume due to UAC3 power state
  (git-fixes).
- ALSA: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes).
- commit f8fff8d

- drm/nouveau: add nv_encoder pointer check for NULL (git-fixes).
- drm/nouveau/dp: check for NULL nv_connector->native_mode
  (git-fixes).
- drm/nouveau: don't detect DSM for non-NVIDIA device (git-fixes).
- nouveau: fix client work fence deletion race (git-fixes).
- commit a872fd6

- Drop a buggy dvb-core fix patch (bsc#1205758)
  Also the kabi workaround is dropped, too
- commit 655bd4b

- x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448).
- commit 072fd20

- x86/fpu: Mark init functions __init (bsc#1212448).
- commit e8f4a8e

- x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448).
- commit 73b8e7c

- x86/init: Initialize signal frame size late (bsc#1212448).
- commit 95c2ee8

- init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448).
- commit a0f0e12

- init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448).
- commit 0ae852a

- init: Remove check_bugs() leftovers (bsc#1212448).
- commit 4db22bb

- ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- commit fb20d0a

- x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- commit 1d74981

- init: Provide arch_cpu_finalize_init() (bsc#1212448).
- commit 54c49f5

- bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes)
- commit 07346cf

- bpf, arm64: Feed byte-offset into bpf line info (git-fixes)
- commit 98e0ea3

- bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes)
- commit a8ca534

- blacklist.conf: ("mm: defer kmemleak object creation of module_alloc()")
- commit 98eb467

- bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes)
- commit cab9765

- blacklist.conf: ("arm64/bpf: Remove 128MB limit for BPF JIT programs")
- commit a3de279

- kernel-docs: Add buildrequires on python3-base when using python3
  The python3 binary is provided by python3-base.
- commit c5df526

- blacklist.conf: kABI breakage, removed exported symbol
- commit 470424a

- qed/qede: Fix scheduling while atomic (git-fixes).
- igb: fix bit_shift to be in [1..8] range (git-fixes).
- net: hns3: fix reset delay time to avoid configuration timeout
  (git-fixes).
- net: hns3: fix sending pfc frames after reset issue (git-fixes).
- net: hns3: fix output information incomplete for dumping tx
  queue info with debugfs (git-fixes).
- mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes).
- octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync
  packet (git-fixes).
- octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt
  (git-fixes).
- octeontx2-pf: Avoid use of GFP_KERNEL in atomic context
  (git-fixes).
- octeontx2-pf: Fix resource leakage in VF driver unbind
  (git-fixes).
- net: ena: Update NUMA TPH hint register upon NUMA node update
  (git-fixes).
- net: ena: Set default value for RX interrupt moderation
  (git-fixes).
- net: ena: Fix rx_copybreak value update (git-fixes).
- net: ena: Use bitmask to indicate packet redirection
  (git-fixes).
- net: ena: Account for the number of processed bytes in XDP
  (git-fixes).
- net: ena: Don't register memory info on XDP exchange
  (git-fixes).
- net: ena: Fix toeplitz initial hash value (git-fixes).
- net: hns3: add interrupts re-initialization while doing VF FLR
  (git-fixes).
- net: hns3: fix tm port shapping of fibre port is incorrect
  after driver initialization (git-fixes).
- nfp: only report pause frame configuration for physical device
  (git-fixes).
- commit 099bed1

- drm/i915/selftests: Add some missing error propagation
  (git-fixes).
- drm/i915: Use 18 fast wake AUX sync len (git-fixes).
- drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes).
- drm/amd/pm: Fix power context allocation in SMU13 (git-fixes).
- Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
  (git-fixes).
- Input: psmouse - fix OOB access in Elantech protocol
  (git-fixes).
- drm/i915: Explain the magic numbers for AUX SYNC/precharge
  length (git-fixes).
- drm/i915/selftests: Stop using kthread_stop() (git-fixes).
- drm/i915/selftests: Increase timeout for live_parallel_switch
  (git-fixes).
- commit 120ec14

- scsi: stex: Fix gcc 13 warnings (git-fixes).
- scsi: core: Decrease scsi_device's iorequest_cnt if dispatch
  failed (git-fixes).
- commit 2be82b5

- blacklist.conf: ("KVM: arm64: nvhe: Fix build with profile optimization")
- commit f894646

- KVM: arm64: Don't hypercall before EL2 init (git-fixes)
- commit d26dd54

- KVM: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes)
- commit 6837f01

- KVM: arm64: Save PSTATE early on exit (git-fixes)
- commit d156653

- KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes)
- commit 7097157

- ARM: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes)
- commit d5dcfa2

- blacklist.conf: build dependency fix
- commit b9cb9eb

- blacklist.conf: specific to Clang
- commit dbb2d18

- blacklist.conf: kABI
- commit c8b8dbc

- blacklist.conf: irrelevant in our kernel configs
- commit 147680e

- blacklist.conf: for compiler we don't use
- commit 5a08370

- tracing: Have event format check not flag %p* on
  __get_dynamic_array() (git-fixes, bsc#1212350).
- blacklist.conf: Remove the commit
- commit e1130da

- tracing: Update print fmt check to handle new __get_sockaddr()
  macro (git-fixes, bsc#1212350).
- commit 0b13d9e

- blacklist.conf: Drop already backported entry
- commit 21b7697

- dt-bindings: i3c: silvaco,i3c-master: fix missing schema
  restriction (git-fixes).
- nilfs2: fix possible out-of-bounds segment allocation in resize
  ioctl (git-fixes).
- commit 9dcda7c

- vhost_vdpa: support PACKED when setting-getting vring_base
  (jsc#SLE-19253).
- net/mlx5: Read embedded cpu after init bit cleared
  (jsc#SLE-19253).
- net/mlx5e: Fix error handling in mlx5e_refresh_tirs
  (jsc#SLE-19253).
- net/mlx5e: Don't attach netdev profile while handling internal
  error (jsc#SLE-19253).
- net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253).
- net/mlx5: SF, Drain health before removing device
  (jsc#SLE-19253).
- net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device
  (jsc#SLE-19253).
- net/mlx5e: Fix SQ wake logic in ptp napi_poll context
  (jsc#SLE-19253).
- net/mlx5: Fix error message when failing to allocate device
  memory (jsc#SLE-19253).
- net/mlx5: DR, Check force-loopback RC QP capability
  independently from RoCE (jsc#SLE-19253).
- net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE)
  CPUs (jsc#SLE-19253).
- net/mlx5e: do as little as possible in napi poll when budget
  is 0 (jsc#SLE-19253).
- net/mlx5: E-switch, Don't destroy indirect table in split rule
  (jsc#SLE-19253).
- net/mlx5: E-switch, Create per vport table based on devlink
  encap mode (jsc#SLE-19253).
- net/mlx5: E-Switch, Fix an Oops in error handling code
  (jsc#SLE-19253).
- net/mlx5: Read the TC mapping of all priorities on ETS query
  (jsc#SLE-19253).
- net/mlx5: Fix steering rules cleanup (jsc#SLE-19253).
- net/mlx5e: Block entering switchdev mode with ns inconsistency
  (jsc#SLE-19253).
- net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253).
- net/mlx5: E-switch, Fix missing set of split_count when forward
  to ovs internal port (jsc#SLE-19253).
- net/mlx5: Geneve, Fix handling of Geneve object id as error code
  (jsc#SLE-19253).
- net/mlx5e: Verify flow_source cap before using it
  (jsc#SLE-19253).
- vdpa/mlx5: Don't clear mr struct on destroy MR (jsc#SLE-19253).
- vdpa/mlx5: Directly assign memory key (jsc#SLE-19253).
- net/mlx5: Enhance debug print in page allocation failure
  (jsc#SLE-19253).
- net/mlx5: Serialize module cleanup with reload and remove
  (jsc#SLE-19253).
- net/mlx5: fw_tracer, Zero consumer index when reloading the
  tracer (jsc#SLE-19253).
- net/mlx5: fw_tracer, Clear load bit when freeing string DBs
  buffers (jsc#SLE-19253).
- net/mlx5e: IPoIB, Show unknown speed instead of error
  (jsc#SLE-19253).
- net/mlx5: Bridge, fix ageing of peer FDB entries
  (jsc#SLE-19253).
- net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change
  (jsc#SLE-19253).
- net: mlx5: eliminate anonymous module_init & module_exit
  (jsc#SLE-19253).
- net/mlx5e: QoS, Fix wrongfully setting parent_element_id on
  MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5: E-switch, Fix setting of reserved fields on
  MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5e: Avoid false lock dependency warning on tc_ht even
  more (jsc#SLE-19253).
- net/mlx5e: Don't support encap rules with gbp option
  (jsc#SLE-19253).
- net/mlx5: Fix ptp max frequency adjustment range
  (jsc#SLE-19253).
- net/mlx5: check attr pointer validity before dereferencing it
  (jsc#SLE-19253).
- net/mlx5e: Fix hw mtu initializing at XDP SQ allocation
  (jsc#SLE-19253).
- net/mlx5e: Always clear dest encap in neigh-update-del
  (jsc#SLE-19253).
- net/mlx5e: IPoIB, Don't allow CQE compression to be turned on
  by default (jsc#SLE-19253).
- net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253).
- net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253).
- net/mlx5: Add forgotten cleanup calls into mlx5_init_once()
  error path (jsc#SLE-19253).
- net/mlx5: E-Switch, properly handle ingress tagged packets on
  VST (jsc#SLE-19253).
- net/mlx5e: Fix use-after-free when reverting termination table
  (jsc#SLE-19253).
- net/mlx5: Fix uninitialized variable bug in outlen_write()
  (jsc#SLE-19253).
- net/mlx5: Fix handling of entry refcount when command is not
  issued to FW (jsc#SLE-19253).
- net/mlx5: SF: Fix probing active SFs during driver probe phase
  (jsc#SLE-19253).
- net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253).
- net/mlx5e: E-Switch, Fix comparing termination table instance
  (jsc#SLE-19253).
- net/mlx5: Allow async trigger completion execution on single
  CPU systems (jsc#SLE-19253).
- net/mlx5: Bridge, verify LAG state when adding bond to bridge
  (jsc#SLE-19253).
- net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253).
- net/mlx5: Fix possible use-after-free in async command interface
  (jsc#SLE-19253).
- net/mlx5e: Extend SKB room check to include PTP-SQ
  (jsc#SLE-19253).
- net/mlx5: Wait for firmware to enable CRS before
  pci_restore_state (jsc#SLE-19253).
- net/mlx5e: Do not increment ESN when updating IPsec ESN state
  (jsc#SLE-19253).
- RDMA/mlx5: Rely on RoCE fw cap instead of devlink when setting
  profile (jsc#SLE-19253).
- net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off
  (jsc#SLE-19253).
- net/mlx5e: Fix wrong application of the LRO state
  (jsc#SLE-19253).
- net/mlx5: Avoid false positive lockdep warning by adding
  lock_class_key (jsc#SLE-19253).
- mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253).
- net/mlx5e: Modify slow path rules to go to slow fdb
  (jsc#SLE-19253).
- net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS
  (jsc#SLE-19253).
- net/mlx5e: Fix capability check for updating vnic env counters
  (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in RX
  (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in TX
  (jsc#SLE-19253).
- net/mlx5: fs, fail conflicting actions (jsc#SLE-19253).
- net/mlx5: Rearm the FW tracer after each tracer event
  (jsc#SLE-19253).
- vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit
  (jsc#SLE-19253).
- net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253).
- net/mlx5: Don't use already freed action pointer
  (jsc#SLE-19253).
- net/mlx5: Allow future addition of IPsec object modifiers
  (jsc#SLE-19253).
- net/mlx5: Don't advertise IPsec netdev support for non-IPsec
  device (jsc#SLE-19253).
- net/mlx5: Initialize flow steering during driver probe
  (jsc#SLE-19253).
- net/mlx5: DR, Fix missing flow_source when creating
  multi-destination FW table (jsc#SLE-19253).
- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata
  (jsc#SLE-19253).
- net/mlx5e: Fix MPLSoUDP encap to use MPLS action information
  (jsc#SLE-19253).
- vdpa/mlx5: Fix wrong configuration of virtio_version_1_0
  (jsc#SLE-19253).
- ifcvf/vDPA: fix misuse virtio-net device config size for blk
  dev (jsc#SLE-19253).
- commit 5fae4a0

- blacklist.conf: add git-fix that breaks kabi
- commit 2df77d4

- blacklist.conf: cleanup, dead reference won't break anything
- commit ea07443

- blacklist.conf: cleanup, dead reference won't break anything
- commit ba4ce58

- Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998
  git-fixes).
- commit 7e152d5

- blacklist.conf: Add more powerpc unsupported platform paths
- commit c3b3c8e

- powerpc/purgatory: remove PGO flags (bsc#1194869).
- commit 9bba037

- blacklist.conf: cleanup, not a fix
- commit ae23f77

- blacklist.conf: cleanup, not a fix
- commit 0b74b98

- blacklist.conf: build only
- commit 2de0332

- usb: cdns3: fix NCM gadget RX speed 20x slow than expection
  at iMX8QM (git-fixes).
- commit c52eada

- blacklist.conf: feature, not a fix
- commit 44f5d9b

- blacklist.conf: optimization, not a fix
- commit 02f5051

- bpf: Add extra path pointer check to d_path helper (git-fixes).
- commit ddb86f8

- tracing/probe: trace_probe_primary_from_call(): checked
  list_first_entry (git-fixes).
- commit 150f29b

- tracing/histograms: Allow variables to have some modifiers
  (git-fixes).
- commit 70e4f92

- rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check
  (git-fixes).
- commit 192a450

- x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
  (git-fixes).
- commit c98a23e

- kprobes: Fix to handle forcibly unoptimized kprobes on
  freeing_list (git-fixes).
- commit 86488b1

- kprobes: Fix check for probe enabled in kill_kprobe()
  (git-fixes).
- commit 296ebb2

- kprobes: Skip clearing aggrprobe's post_handler in
  kprobe-on-ftrace case (git-fixes).
- commit 998483a

- kprobe: reverse kp->flags when arm_kprobe failed (git-fixes).
- commit 5a80a04

- kprobes: Prohibit probes in gate area (git-fixes).
- commit b68c831

- kprobes: don't call disarm_kprobe() for disabled kprobes
  (git-fixes).
- commit 8dd6622

- kprobes: Forbid probing on trampoline and BPF code areas
  (git-fixes).
- commit 3b3e3e9

- SUNRPC: Clean up svc_deferred_class trace events (git-fixes).
- commit a8e7886

- tracing: Introduce helpers to safely handle dynamic-sized
  sockaddrs (git-fixes).
- commit eabd7b4

- eeprom: at24: also select REGMAP (git-fixes).
- i2c: sprd: Delete i2c adapter in .remove's error path
  (git-fixes).
- i2c: mv64xxx: Fix reading invalid status value in atomic mode
  (git-fixes).
- arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes).
- arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts
  (git-fixes).
- arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP
  signals (git-fixes).
- firmware: arm_ffa: Set handle field to zero in memory descriptor
  (git-fixes).
- arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified
  sc7180-lite boards (git-fixes).
- commit 031042b

- hfs/hfsplus: avoid WARN_ON() for sanity check, use proper
  error handling (git-fixes).
- commit 5599965

- revert "squashfs: harden sanity check in
  squashfs_read_xattr_id_table" (git-fixes).
- commit fd69a9c

- ALSA: hda/realtek: Add quirk for Clevo NS50AU (git-fixes).
- ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using
  CS35L41 (git-fixes).
- ALSA: hda/realtek: Add Lenovo P3 Tower platform (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01
  (git-fixes).
- commit 74a4806

- ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor
  IDs (git-fixes).
- Refresh
  patches.suse/ALSA-hda-Add-NVIDIA-codec-IDs-a3-through-a7-to-patch.patch.
- commit 588740e

- pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes).
- ALSA: hda/realtek: Enable 4 amplifiers instead of 2 on a HP
  platform (git-fixes).
- ASoC: codecs: wsa881x: do not set can_multi_write flag
  (git-fixes).
- test_firmware: fix the memory leak of the allocated firmware
  buffer (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for renoir
  (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for vangogh
  (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp
  (git-fixes).
- fbcon: Fix null-ptr-deref in soft_cursor (git-fixes).
- mailbox: mailbox-test: fix a locking issue in
  mbox_test_message_write() (git-fixes).
- HID: google: add jewel USB id (git-fixes).
- regmap: Account for register length when chunking (git-fixes).
- dmaengine: pl330: rename _start to prevent build error
  (git-fixes).
- dmaengine: at_xdmac: fix potential Oops in
  at_xdmac_prep_interleaved() (git-fixes).
- drm/amdgpu: skip disabling fence driver src_irqs when device
  is unplugged (git-fixes).
- drm/msm: Be more shouty if per-process pgtables aren't working
  (git-fixes).
- ALSA: oss: avoid missing-prototype warnings (git-fixes).
- ASoC: ssm2602: Add workaround for playback distortions
  (git-fixes).
- ASoC: dwc: limit the number of overrun messages (git-fixes).
- wifi: b43: fix incorrect __packed annotation (git-fixes).
- wifi: mac80211: simplify chanctx allocation (git-fixes).
- wifi: rtl8xxxu: fix authentication timeout due to incorrect
  RCR value (git-fixes).
- media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr
  from ID table (git-fixes).
- media: dvb_ca_en50221: fix a size write bug (git-fixes).
- media: netup_unidvb: fix irq init by register it at the end
  of probe (git-fixes).
- media: dvb-usb: dw2102: fix uninit-value in
  su3000_read_mac_address (git-fixes).
- media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer()
  (git-fixes).
- media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in
  rtl28xxu_i2c_xfer (git-fixes).
- media: dvb-usb-v2: ce6230: fix null-ptr-deref in
  ce6230_i2c_master_xfer() (git-fixes).
- media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer()
  (git-fixes).
- media: dvb-usb: az6027: fix three null-ptr-deref in
  az6027_i2c_xfer() (git-fixes).
- media: dvb_demux: fix a bug for the continuity counter
  (git-fixes).
- fbdev: stifb: Fix info entry in sti_struct on error path
  (git-fixes).
- fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes).
- fbdev: imsttfb: Fix use after free bug in imsttfb_probe
  (git-fixes bsc#1211387).
- drm/ast: Fix ARM compatibility (git-fixes).
- platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield
  (git-fixes).
- mailbox: mailbox-test: Fix potential double-free in
  mbox_test_message_write() (git-fixes).
- drm/amdgpu: Use the default reset when loading or reloading
  the driver (git-fixes).
- drm/amdgpu: release gpu full access after
  "amdgpu_device_ip_late_init" (git-fixes).
- watchdog: menz069_wdt: fix watchdog initialisation (git-fixes).
- tpm, tpm_tis: Request threaded interrupt handler (git-fixes).
- dmaengine: at_xdmac: Move the free desc to the tail of the
  desc list (git-fixes).
- ath6kl: Use struct_group() to avoid size-mismatched casting
  (git-fixes).
- commit 0cb0fbe

- Update patch reference for fbcon fix (CVE-2023-3161 bsc#1212154)
- commit dd50606

- Move setting %%build_html to config.sh
- commit dd39da3

- Update patches.suse/arm64-efi-Execute-runtime-services-from-a-dedicated-.patch (git-fixes bsc#1212155 CVE-2023-21102)
- commit 15cbf6b

- Update patches.suse/efi-rt-wrapper-Add-missing-include.patch (git-fixes bsc#1212155 CVE-2023-21102)
- commit d2f0708

- Update patch reference for memstick fix (CVE-2023-3141 bsc#1212129 bsc#1211449)
- commit 089d7db

- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- commit 7ebcbd5

- Refresh
  patches.suse/0042-block-mq-deadline-Fix-dd_finish_request-for-zoned-devices.patch.
  Remove also per_prio from dd_finish_request(). There are no more users
  in 5.4. Silences the compiler warning:
  block/mq-deadline.c:830:22: error: unused variable ‘per_prio’
- commit ed6b28b

- drm/msm: Set max segment size earlier (git-fixes).
- drm/i915/gt: Use the correct error value when kernel_context()
  fails (git-fixes).
- batman-adv: Broken sync while rescheduling delayed work
  (git-fixes).
- Bluetooth: L2CAP: Add missing checks for invalid DCID
  (git-fixes).
- Bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes).
- Bluetooth: hci_qca: fix debugfs registration (git-fixes).
- wifi: cfg80211: fix locking in regulatory disconnect
  (git-fixes).
- wifi: cfg80211: fix locking in sched scan stop work (git-fixes).
- wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll
  (git-fixes).
- can: j1939: avoid possible use-after-free when
  j1939_can_rx_register fails (git-fixes).
- can: j1939: change j1939_netdev_lock type to mutex (git-fixes).
- can: j1939: j1939_sk_send_loop_abort(): improved error queue
  handling in J1939 Socket (git-fixes).
- Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
  (git-fixes).
- Input: fix open count when closing inhibited device (git-fixes).
- commit 0d88720

- Move setting %%split_optional to config.sh
- commit 77f3750

- Move setting %%supported_modules_check to config.sh
- commit 5ada69b

- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- commit 799f050

- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- commit 334fb4d

- powerpc/64s: Make POWER10 and later use pause_short in cpu_relax
  loops (bsc#1209367 ltc#195662).
- powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367
  ltc#195662).
- powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367
  ltc#195662).
- commit 6862b4a

- arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes)
- commit 5ad6888

- arm64: Always load shadow stack pointer directly from the task struct (git-fixes)
- commit da8b9db

- Also include kernel-docs build requirements for ALP
- commit 114d088

- Move the kernel-binary conflicts out of the spec file.
  Thie list of conflicting packages varies per release.
  To reduce merge conflicts move the list out of the spec file.
- commit 4d81125

- Avoid unsuported tar parameter on SLE12
- commit f11765a

- Move obsolete KMP list into a separate file.
  The list of obsoleted KMPs varies per release, move it out of the spec
  file.
- commit 016bc55

- ext4: unconditionally enable the i_version counter
  (bsc#1211299).
- commit 9850f2e

- Trim obsolete KMP list.
  SLE11 is out of support, we do not need to handle upgrading from SLE11
  SP1.
- commit 08819bb

- powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729).
- commit 4df8ec9

- Generalize kernel-doc build requirements.
- commit 23b058f

- spi: qup: Request DMA before enabling clocks (git-fixes).
- platform/surface: aggregator: Allow completion work-items to
  be executed in parallel (git-fixes).
- commit 9916d6b

- sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077)
- commit f5b50ae

- RDMA/rxe: Fix the error "trying to register non-static key in rxe_cleanup_task" (git-fixes)
- commit a9533db

- RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- commit 01fdb10

- RDMA/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes)
- commit edb8dfd

- blacklist: add RTRS rename patches
  First patch makes codes less confusing but is only used by
  the 2 following ones which break kABI
- commit 9fca67c

- IB/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes)
- commit 8cb567c

- Refresh patches.suse/add-suse-supported-flag.patch.
  Fix table alignment.
- commit ed5f850

- blacklist.conf: add ntfs3
  ntfs3 was introduced in v5.15-rc1, and as such we don't carry it on
  SLE15-SP4.
- commit 9ff2c7c

- kernel-binary: Add back kernel-default-base guarded by option
  Add configsh option for splitting off kernel-default-base, and for
  not signing the kernel on non-efi
- commit 28c22af

- blacklist.conf: Append 'fbdev: Disable sysfb device registration when removing conflicting FBs'
- commit 3f0f464

- blacklist.conf: Append 'fbdev: da8xx-fb: add missing regulator_disable() in fb_probe'
- commit e00fe84

- blacklist.conf: Append 'parisc: fbdev/stifb: Align graphics memory size to 4MB'
- commit 418d50c

- blacklist.conf: Append 'Revert "fbcon: don't lose the console font across generic->chip driver switch"'
- commit addaa82

- blacklist.conf: Append 'Revert "fbdev: Make fb_release() return -ENODEV if fbdev was unregistered"'
- commit 66c01be

- fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489)
- commit eb830fc

- fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472)
  Backporting changes:
  * replace refcount_read() with atomic_read()
- commit 23a912f

- sfc: disable RXFCS and RXALL features by default (git-fixes).
- commit 3f25e44
krb5
- Ensure array count consistency in kadm5 RPC; (bsc#1214054);
  (CVE-2023-36054);
- Added patches:
  * 0011-Ensure-array-count-consistency-in-kadm5-RPC.patch
libapparmor
- update zgrep profile to allow egrep helper use (bsc#1214458)
  - zgrep-profile-sync-with-master.diff

- Add pam_apparmor README, referenced from online cha-apparmor-pam.html
  documentation (bsc#1213472)
audit
- Enable livepatching on main library on x86_64.
util-linux
- Add util-linux-libblkid-reopen-floppy-without-O_NONBLOCK.patch
  Fixes blkid for floppy drives (bsc#1194900).
- util-linux-fix-tests-when-at-symbol-in-path.patch:
  Add patch to util-linux-systemd and python3-libmount, as it was
  previously only included in util-linux.
libcap
- Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create()
  (bsc#1211418 / CVE-2023-2602) CVE-2023-2602.patch
- Fixed integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup()
  (bsc#1211419 / CVE-2023-2603) CVE-2023-2603.patch
cryptsetup
- luksFormat: Handle system with low memory and no swap space [bsc#1211079]
  * Check for physical memory available also in PBKDF benchmark.
  * Try to avoid OOM killer on low-memory systems without swap.
  * Use only half of detected free memory on systems without swap.
  * Add patches:
  - cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
  - cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
  - cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
lvm2
- blkdeactivate calls wrong mountpoint cmd (bsc#1214071)
  + bug-1214071-blkdeactivate_calls_wrong_mountpoint.patch
libfido2
- Use openssl 1.1 still on SLES 15 SP4 to avoid pulling unnecessary
  openssl-3 dependency.  jsc#PED-4521

- Version 1.13.0 (2023-02-20)
  * Support for linking against OpenSSL on Windows; gh#668.
  * New API calls:
    + fido_assert_empty_allow_list;
    + fido_cred_empty_exclude_list.
  * fido2-token: fix issue when listing large blobs.
  * Improved support for different fuzzing engines.

- Version 1.12.0 (2022-09-22)
  * Support for COSE_ES384.
  * Support for hidraw(4) on FreeBSD; gh#597.
  * Improved support for FIDO 2.1 authenticators.
  * New API calls:
    + es384_pk_free;
    + es384_pk_from_EC_KEY;
    + es384_pk_from_EVP_PKEY;
    + es384_pk_from_ptr;
    + es384_pk_new;
    + es384_pk_to_EVP_PKEY;
    + fido_cbor_info_certs_len;
    + fido_cbor_info_certs_name_ptr;
    + fido_cbor_info_certs_value_ptr;
    + fido_cbor_info_maxrpid_minpinlen;
    + fido_cbor_info_minpinlen;
    + fido_cbor_info_new_pin_required;
    + fido_cbor_info_rk_remaining;
    + fido_cbor_info_uv_attempts;
    + fido_cbor_info_uv_modality.
  * Documentation and reliability fixes.
- Version 1.11.0 (2022-05-03)
  * Experimental PCSC support; enable with -DUSE_PCSC.
  * Improved OpenSSL 3.0 compatibility.
  * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs.
  * winhello: advertise "uv" instead of "clientPin".
  * winhello: support hmac-secret in fido_dev_get_assert().
  * New API calls:
    + fido_cbor_info_maxlargeblob.
  * Documentation and reliability fixes.
  * Separate build and regress targets.

- Version 1.10.0 (2022-01-17)
  * hid_osx: handle devices with paths > 511 bytes; gh#462.
  * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480.
  * winhello: fallback to GetTopWindow() if GetForegroundWindow() fails.
  * winhello: fallback to hid_win.c if webauthn.dll isn’t available.
  * New API calls:
  - fido_dev_info_set;
  - fido_dev_io_handle;
  - fido_dev_new_with_info;
  - fido_dev_open_with_info.
  * Cygwin and NetBSD build fixes.
  * Documentation and reliability fixes.
  * Support for TPM 2.0 attestation of COSE_ES256 credentials.

- Use BuildRequires: openssl-devel instead of forcing 1.1 since 3.x
  is now supported.

- Version 1.9.0 (2021-10-27)
  * Enabled NFC support on Linux.
  * Added OpenSSL 3.0 compatibility.
  * Removed OpenSSL 1.0 compatibility.
  * Support for FIDO 2.1 "minPinLength" extension.
  * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation.
  * Support for TPM 2.0 attestation.
  * Support for device timeouts; see fido_dev_set_timeout().
  * New API calls:
  - es256_pk_from_EVP_PKEY;
  - fido_cred_attstmt_len;
  - fido_cred_attstmt_ptr;
  - fido_cred_pin_minlen;
  - fido_cred_set_attstmt;
  - fido_cred_set_pin_minlen;
  - fido_dev_set_pin_minlen_rpid;
  - fido_dev_set_timeout;
  - rs256_pk_from_EVP_PKEY.
  * Reliability and portability fixes.
  * Better handling of HID devices without identification strings; gh#381.
  * Fixed detection of Windows’s native webauthn API; gh#382.

- Removed fix-cmake-linking.patch because no longer needed

- Update to version 1.8.0:
  * Dropped 'Requires.private' entry from pkg-config file.
  * Better support for FIDO 2.1 authenticators.
  * Support for Windows's native webauthn API.
  * Support for attestation format 'none'.
  * New API calls:
  - fido_assert_set_clientdata;
  - fido_cbor_info_algorithm_cose;
  - fido_cbor_info_algorithm_count;
  - fido_cbor_info_algorithm_type;
  - fido_cbor_info_transports_len;
  - fido_cbor_info_transports_ptr;
  - fido_cred_set_clientdata;
  - fido_cred_set_id;
  - fido_credman_set_dev_rk;
  - fido_dev_is_winhello.
  * fido2-token: new -Sc option to update a resident credential.
  * Documentation and reliability fixes.
  * HID access serialisation on Linux.
- disable fix-cmake-linking.patch, not needed currently

- Update to version 1.7.0:
  * hid_win: detect devices with vendor or product IDs > 0x7fff
  * Support for FIDO 2.1 authenticator configuration.
  * Support for FIDO 2.1 UV token permissions.
  * Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions.
  * New API calls
  * New fido_init flag to disable fido_dev_open’s U2F fallback
  * Experimental NFC support on Linux.
- Enabled hidapi again, issues related to hidapi are fixed upstream
  * Added fix-cmake-linking.patch to fix linking

- Update to version 1.6.0:
  * Fix OpenSSL 1.0 and Cygwin builds.
  * hid_linux: fix build on 32-bit systems.
  * hid_osx: allow reads from spawned threads.
  * Documentation and reliability fixes.
  * New API calls:
    + fido_cred_authdata_raw_len;
    + fido_cred_authdata_raw_ptr;
    + fido_cred_sigcount;
    + fido_dev_get_uv_retry_count;
    + fido_dev_supports_credman.
  * Hardened Windows build.
  * Native FreeBSD and NetBSD support.
  * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect.
- Drop 7a17a4e9127fb6df6278f19396760e7d60a5862c.patch
- Do not build examples as their build fails
mozilla-nss
- update to NSS 3.90
  * bmo#1623338 - ride along: remove a duplicated doc page
  * bmo#1623338 - remove a reference to IRC
  * bmo#1831983 - clang-format lib/freebl/stubs.c
  * bmo#1831983 - Add a constant time select function
  * bmo#1774657 - Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access.
  * bmo#1830973 - output early build errors by default
  * bmo#1804505 - Update the technical constraints for KamuSM
  * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates
  * bmo#1790763 - Enable default UBSan Checks
  * bmo#1786018 - Add explicit handling of zero length records
  * bmo#1829391 - Tidy up DTLS ACK Error Handling Path
  * bmo#1786018 - Refactor zero length record tests
  * bmo#1829112 - Fix compiler warning via correct assert
  * bmo#1755267 - run linux tests on nss-t/t-linux-xlarge-gcp
  * bmo#1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator
  * bmo#1784163 - Fix reading raw negative numbers
  * bmo#1748237 - Repairing unreachable code in clang built with gyp
  * bmo#1783647 - Integrate Vale Curve25519
  * bmo#1799468 - Removing unused flags for Hacl*
  * bmo#1748237 - Adding a better error message
  * bmo#1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6
  * bmo#1782980 - Fall back to the softokn when writing certificate trust
  * bmo#1806010 - FIPS-104-3 requires we restart post programmatically
  * bmo#1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13
  * bmo#1818766 - Update ACVP dockerfile for compatibility with debian package changes
  * bmo#1815796 - Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files
  * bmo#1819958 - Removed deprecated sprintf function and replaced with snprintf
  * bmo#1822076 - fix rst warnings in nss doc
  * bmo#1821997 - Fix incorrect pygment style
  * bmo#1821292 - Change GYP directive to apply across platforms
  * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag
- Add nss-fix-bmo1836925.patch to fix build-errors
- Merge the libfreebl3-hmac and libsoftokn3-hmac packages
  into the respective libraries. (bsc#1185116)
- update to NSS 3.89.1
  * bmo#1804505 - Update the technical constraints for KamuSM.
  * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates.
- update to NSS 3.89
  * bmo#1820834 - revert freebl/softoken RSA_MIN_MODULUS_BITS increase
  * bmo#1820175 - PR_STATIC_ASSERT is cursed
  * bmo#1767883 - Need to add policy control to keys lengths for signatures
  * bmo#1820175 - Fix unreachable code warning in fuzz builds
  * bmo#1820175 - Fix various compiler warnings in NSS
  * bmo#1820175 - Enable various compiler warnings for clang builds
  * bmo#1815136 - set PORT error after sftk_HMACCmp failure
  * bmo#1767883 - Need to add policy control to keys lengths for signatures
  * bmo#1804662 - remove data length assertion in sec_PKCS7Decrypt
  * bmo#1804660 - Make high tag number assertion failure an error
  * bmo#1817513 - CKM_SHA384_KEY_DERIVATION correction maximum key
    length from 284 to 384
  * bmo#1815167 - Tolerate certificate_authorities xtn in ClientHello
  * bmo#1789436 - Fix build failure on Windows
  * bmo#1811337 - migrate Win 2012 tasks to Azure
  * bmo#1810702 - fix title length in doc
  * bmo#1570615 - Add interop tests for HRR and PSK to GREASE suite
  * bmo#1570615 - Add presence/absence tests for TLS GREASE
  * bmo#1804688 - Correct addition of GREASE value to ALPN xtn
  * bmo#1789436 - CH extension permutation
  * bmo#1570615 - TLS GREASE (RFC8701)
  * bmo#1804640 - improve handling of unknown PKCS#12 safe bag types
  * bmo#1815870 - use a different treeherder symbol for each docker
    image build task
  * bmo#1815868 - pin an older version of the ubuntu:18.04 and
    20.04 docker images
  * bmo#1810702 - remove nested table in rst doc
  * bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag
  * bmo#1812671 - build failure while implicitly casting SECStatus
    to PRUInt32
- update to NSS 3.88.1
  * bmo#1804640 - improve handling of unknown PKCS#12 safe bag types
- update to NSS 3.88
  * bmo#1815870 - use a different treeherder symbol for each docker
    image build task
  * bmo#1815868 - pin an older version of the ubuntu:18.04 and
    20.04 docker images
  * bmo#1810702 - remove nested table in rst doc
  * bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag.
  * bmo#1812671 - build failure while implicitly casting SECStatus
    to PRUInt32
  * bmo#1212915 - Add check for ClientHello SID max length
  * bmo#1771100 - Added EarlyData ALPN test support to BoGo shim
  * bmo#1790357 - ECH client - Discard resumption TLS < 1.3
    Session(IDs|Tickets) if ECH configs are setup
  * bmo#1714245 - On HRR skip PSK incompatible with negotiated
    ciphersuites hash algorithm
  * bmo#1789410 - ECH client: Send ech_required alert on server
    negotiating TLS 1.2. Fixed misleading Gtest,
    enabled corresponding BoGo test
  * bmo#1771100 - Added Bogo ECH rejection test support
  * bmo#1771100 - Added ECH 0Rtt support to BoGo shim
  * bmo#1747957 - RSA OAEP Wycheproof JSON
  * bmo#1747957 - RSA decrypt Wycheproof JSON
  * bmo#1747957 - ECDSA Wycheproof JSON
  * bmo#1747957 - ECDH Wycheproof JSON
  * bmo#1747957 - PKCS#1v1.5 wycheproof json
  * bmo#1747957 - Use X25519 wycheproof json
  * bmo#1766767 - Move scripts to python3
  * bmo#1809627 - Properly link FuzzingEngine for oss-fuzz.
  * bmo#1805907 - Extending RSA-PSS bltest test coverage
    (Adding SHA-256 and SHA-384)
  * bmo#1804091 - NSS needs to move off of DSA for integrity checks
  * bmo#1805815 - Add initial testing with ACVP vector sets using
    acvp-rust
  * bmo#1806369 - Don't clone libFuzzer, rely on clang instead
- update to NSS 3.87
  * bmo#1803226 - NULL password encoding incorrect
  * bmo#1804071 - Fix rng stub signature for fuzzing builds
  * bmo#1803595 - Updating the compiler parsing for build
  * bmo#1749030 - Modification of supported compilers
  * bmo#1774654 - tstclnt crashes when accessing gnutls server
    without a user cert in the database.
  * bmo#1751707 - Add configuration option to enable source-based
    coverage sanitizer
  * bmo#1751705 - Update ECCKiila generated files.
  * bmo#1730353 - Add support for the LoongArch 64-bit architecture
  * bmo#1798823 - add checks for zero-length RSA modulus to avoid
    memory errors and failed assertions later
  * bmo#1798823 - Additional zero-length RSA modulus checks
- Remove nss-fix-bmo1774654.patch which is now upstream
- update to NSS 3.86
  * bmo#1803190 - conscious language removal in NSS
  * bmo#1794506 - Set nssckbi version number to 2.60
  * bmo#1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
    CKA_NSS_EMAIL_DISTRUST_AFTER for 3
    TrustCor Root Certificates
  * bmo#1799038 - Remove Staat der Nederlanden EV Root CA from NSS
  * bmo#1797559 - Remove EC-ACC root cert from NSS
  * bmo#1794507 - Remove SwissSign Platinum CA - G2 from NSS
  * bmo#1794495 - Remove Network Solutions Certificate Authority
  * bmo#1802331 - compress docker image artifact with zstd
  * bmo#1799315 - Migrate nss from AWS to GCP
  * bmo#1800989 - Enable static builds in the CI
  * bmo#1765759 - Removing SAW docker from the NSS build system
  * bmo#1783231 - Initialising variables in the rsa blinding code
  * bmo#320582 - Implementation of the double-signing of the message
    for ECDSA
  * bmo#1783231 - Adding exponent blinding for RSA.
- update to NSS 3.85
  * bmo#1792821 - Modification of the primes.c and dhe-params.c in
    order to have better looking tables
  * bmo#1796815 - Update zlib in NSS to 1.2.13
  * bmo#1796504 - Skip building modutil and shlibsign when building
    in Firefox
  * bmo#1796504 - Use __STDC_VERSION__ rather than __STDC__ as a guard
  * bmo#1796407 - Fix -Wunused-but-set-variable warning from clang 15
  * bmo#1796308 - Fix -Wtautological-constant-out-of-range-compare
    and -Wtype-limits warnings
  * bmo#1796281 - Followup: add missing stdint.h include
  * bmo#1796281 - Fix -Wint-to-void-pointer-cast warnings
  * bmo#1796280 - Fix -Wunused-{function,variable,but-set-variable}
    warnings on Windows
  * bmo#1796079 - Fix -Wstring-conversion warnings
  * bmo#1796075 - Fix -Wempty-body warnings
  * bmo#1795242 - Fix unused-but-set-parameter warning
  * bmo#1795241 - Fix unreachable-code warnings
  * bmo#1795222 - Mark _nss_version_c unused on clang-cl
  * bmo#1795668 - Remove redundant variable definitions in lowhashtest
  * Add note about python executable to build instructions.
- update to NSS 3.84
  * bmo#1791699 - Bump minimum NSPR version to 4.35
  * bmo#1792103 - Add a flag to disable building libnssckbi.
- update to NSS 3.83
  * bmo#1788875 - Remove set-but-unused variables from
    SEC_PKCS12DecoderValidateBags
  * bmo#1563221 - remove older oses that are unused part3/ BeOS
  * bmo#1563221 - remove older unix support in NSS part 3 Irix
  * bmo#1563221 - remove support for older unix in NSS part 2 DGUX
  * bmo#1563221 - remove support for older unix in NSS part 1 OSF
  * bmo#1778413 - Set nssckbi version number to 2.58
  * bmp#1785297 - Add two SECOM root certificates to NSS
  * bmo#1787075 - Add two DigitalSign root certificates to NSS
  * bmo#1778412 - Remove Camerfirma Global Chambersign Root from NSS
  * bmo#1771100 - Added bug reference and description to disabled
    UnsolicitedServerNameAck bogo ECH test
  * bmo#1779361 - Removed skipping of ECH on equality of private and
    public server name
  * bmo#1779357 - Added comment and bug reference to
    ECHRandomHRRExtension bogo test
  * bmo#1779370 - Added Bogo shim client HRR test support. Fixed
    overwriting of CHInner.random on HRR
  * bmo#1779234 - Added check for server only sending ECH extension
    with retry configs in EncryptedExtensions and if not
    accepting ECH. Changed config setting behavior to
    skip configs with unsupported mandatory extensions
    instead of failing
  * bmo# 1771100 - Added ECH client support to BoGo shim. Changed
    CHInner creation to skip TLS 1.2 only extensions to
    comply with BoGo
  * bmo#1771100 - Added ECH server support to BoGo shim. Fixed NSS ECH
    server accept_confirmation bugs
  * bmo#1771100 - Update BoGo tests to recent BoringSSL version
  * bmo#1785846 - Bump minimum NSPR version to 4.34.1
- update to NSS 3.82
  * bmo#1330271 - check for null template in sec_asn1{d,e}_push_state
  * bmo#1735925 - QuickDER: Forbid NULL tags with non-zero length
  * bmo#1784724 - Initialize local variables in
    TlsConnectTestBase::ConnectAndCheckCipherSuite
  * bmo#1784191 - Cast the result of GetProcAddress
  * bmo#1681099 - pk11wrap: Tighten certificate lookup based on
    PKCS #11 URI.
- update to NSS 3.81
  * bmo#1762831 - Enable aarch64 hardware crypto support on OpenBSD
  * bmo#1775359 - make NSS_SecureMemcmp 0/1 valued
  * bmo#1779285 - Add no_application_protocol alert handler and
    test client error code is set
  * bmo#1777672 - Gracefully handle null nickname in
    CERT_GetCertNicknameWithValidity
  * required for Firefox 104
- raised NSPR requirement to 4.34.1
- changing some Requires from (pre) to generic as (pre) is not
  sufficient (boo#1202118)
- update to NSS 3.80
  * bmo#1774720 - Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h.
  * bmo#1617956 - Add support for asynchronous client auth hooks.
  * bmo#1497537 - nss-policy-check: make unknown keyword check optional.
  * bmo#1765383 - GatherBuffer: Reduced plaintext buffer allocations
    by allocating it on initialization. Replaced
    redundant code with assert. Debug builds: Added
    buffer freeing/allocation for each record.
  * bmo#1773022 - Mark 3.79 as an ESR release.
  * bmo#1764206 - Bump nssckbi version number for June.
  * bmo#1759815 - Remove Hellenic Academic 2011 Root.
  * bmo#1770267 - Add E-Tugra Roots.
  * bmo#1768970 - Add Certainly Roots.
  * bmo#1764392 - Add DigitCert Roots.
  * bmo#1759794 - Protect SFTKSlot needLogin with slotLock.
  * bmo#1366464 - Compare signature and signatureAlgorithm fields in
    legacy certificate verifier.
  * bmo#1771497 - Uninitialized value in cert_VerifyCertChainOld.
  * bmo#1771495 - Unchecked return code in sec_DecodeSigAlg.
  * bmo#1771498 - Uninitialized value in cert_ComputeCertType.
  * bmo#1760998 - Avoid data race on primary password change.
  * bmo#1769063 - Replace ppc64 dcbzl intrinisic.
  * bmo#1771036 - Allow LDFLAGS override in makefile builds.
freetype2
- Added patch:
  * CVE-2023-2004.patch
    + fixes bsc#1210419, CVE-2023-2004: Integer overflow
gcc12
- Add gcc12-aarch64-bsc1214052.patch to fix -fstack-protector issues
  with variable length stack allocations on aarch64.
  Fixes CVE-2023-4039.  [bsc#1214052]
openldap2
- bsc#1212260 - crash in libldap when non-ldap data responds
  * 0245-ITS-9803-Drop-connection-when-receiving-non-LDAP-dat.patch
openssl-1_1
- Security fix: (bsc#1213853, CVE-2023-3817)
  * Fix excessive time spent checking DH q parameter value
    (bsc#1213853, CVE-2023-3817). The function DH_check() performs
    various checks on DH parameters. After fixing CVE-2023-3446 it
    was discovered that a large q parameter value can also trigger
    an overly long computation during some of these checks. A
    correct q value, if present, cannot be larger than the modulus
    p parameter, thus it is unnecessary to perform these checks if
    q is larger than p. If DH_check() is called with such q parameter
    value, DH_CHECK_INVALID_Q_VALUE return flag is set and the
    computationally intensive checks are skipped.
  * Add openssl-1_1-CVE-2023-3817.patch

- Dont pass zero length input to EVP_Cipher because assembler
  optimized AES cannot handle zero size. [bsc#1213517]
  * Add openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch

- Security fix: [bsc#1213487, CVE-2023-3446]
  * Fix DH_check() excessive time with over sized modulus.
  * The function DH_check() performs various checks on DH parameters.
    One of those checks confirms that the modulus ("p" parameter) is
    not too large. Trying to use a very large modulus is slow and
    OpenSSL will not normally use a modulus which is over 10,000 bits
    in length.
    However the DH_check() function checks numerous aspects of the
    key or parameters that have been supplied. Some of those checks
    use the supplied modulus value even if it has already been found
    to be too large.
    A new limit has been added to DH_check of 32,768 bits. Supplying
    a key/parameters with a modulus over this size will simply cause
    DH_check() to fail.
  * Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch

- Check OCSP RESPONSE in s_client and terminate connection if a
  revoked certificate is found. Add OCSP_RESPONSE_check_status()
  function to do that check. [bsc#1212623]
  * Add openssl-s_client-check-ocsp-status.patch
parted
- fix null pointer dereference (bsc#1193412)
  - add: parted-fix-check-diskp-in-do_name.patch
- update mkpart options in manpage (bsc#1182142)
  - add: parted-mkpart-manpage.patch
procps
- Add patch CVE-2023-4016.patch
  * CVE-2023-4016: ps buffer overflow (bsc#1214290)
python3
- Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing
  gh#python/cpython#108310, backport from upstream patch
  gh#python/cpython#108315
  (bsc#1214692, CVE-2023-40217)
systemd
- Import commit b473c02cc08e093e370034425671cbc001c6748e
  02caac7973 units/initrd-parse-etc.service: Conflict with emergency.target
  70b3bff9f8 sd-device-monitor: dynamically allocate receive buffer (bsc#1213873)
  e2e1fbba2b sd-device: change type of properties nulstr from uint8_t* to char*
  c9d3dd5954 udev: set description for device monitor
  3f07f44fde test: use sd_device_monitor_set_description()
  b304a1e1a2 sd-device-monitor: logs description for device monitor
  929d4066c5 sd-device-monitor: introduce sd_device_monitor_{set,get}_description()
  340e523048 sd-device-monitor: fix inversed condition
  02659c7b67 tree-wide: port various places over to new stat_inode_same() helper
  b35a4b042a stat-util: add helper stat_inode_same() for comparing stat's st_dev/st_ino in one
  d25219cbe3 libsystemd: ignore both EINTR and EAGAIN
  648a151313 errno-util: introduce ERRNO_IS_TRANSIENT()

- Import commit 155fe1917157bdeecf7e28ef0ea9f62084f27f14
  3b8c671f90 detach-md: similar to the DM case, also don't try to detach MD device backing /usr/ (bsc#1211576)
  6da5d2d1fc shutdown: don't attempt to detach DM volume backing /usr/ (bsc#1211576)
  37178881c1 udev: decrease devlink priority for iso disks (bsc#1213185)
  02ede28319 shutdown: get only active md arrays. (bsc#1212434 bsc#1213575 bsc#1211576)
  412b8dbb32 umount: /usr/ should never be unmounted regardless of HAVE_SPLIT_USR or not (bsc#1211576)
  16f897570a units: remove the restart limit on the modprobe@.service
  e4e85b08bd tests: add test case for long unit names
  3f84b06f9d core: shorten long unit names that are based on paths and append path hash at the end (bsc#1208194)

- Add 5001-sleep-don-t-init-sys-power-resume-if-resume-option-i.patch (bsc#1186606)

- Make sure to pre-install the groups systemd and udev rely on. This is needed
  when the tmpfiles are run at package installation time (i.e. when
  file-triggers are disabled).

- Move more packaging fixups in the fixlet script.

- Move the persistent net rule fix in udev fixlet script.

- Rather than having one script per fix, use a single script (or "fixlet") per
  (sub) package that contains all the fixups relative to a (sub) package. This
  has the advantage to limit the number of scripts but more importantly it will
  ease the sharing of the spec file between TW and SLE. We should also be able
  to compare the fixlets of two distros even if the spec files have diverged.
  Note that all the fixups are run just once now.

- kbd-model-map.legacy:: add 'ara' which should replace 'arabic' in the long
  term (bsc#1210702)

- kbd-model-map.legacy: drop some entries no longer needed by YaST
  Related to bsc#1194609.

- Include pam_keyinit.so in our systemd-user PAM service (bsc#1209741)
  That way "systemd --user" instances get their own session keyring instead of
  the user default session keyring. For some reasons cifscreds refuses to work
  with the latter. That's what is expected for every PAM session anyway.
libxml2
- Security update:
  * [CVE-2023-39615, bsc#1214768] Crafted xml can cause global
    buffer overflow
  - Added file libxml2-CVE-2023-39615.patch
libyajl
- add libyajl-CVE-2023-33460.patch (CVE-2023-33460, bsc#1212928)
libzypp
- Fixup changes for 17.31.16. Remove faulty reference to a bug
  actually fixed in 2019.
- version 17.31.20 (22)

- Fix zypp-tui/output/Out.h to build with clang.
- Fix zypp/Arch.h for clang (fixes #478)
  Clang seems to have issues with picking the overload in
  std::men_fn if there is a static overload of a member function.
  We need to explicitely specify the correct type of the function
  pointer. To make sure this would not break compiling a
  application with clang that builds against libzypp this patch
  works around the problem.
- version 17.31.19 (22)

- SINGLE_RPMTRANS: Respect ZYPP_READONLY_HACK when checking the
  zypp-rpm lock (fixes openSUSE/openSUSE-repos#29)
- version 17.31.18 (22)

- Fix wrong filesize exceeded dl abort in zyppng::Downloader
  (bsc#1213673)
  In some cases when downloading very small files we can run into
  issues when the URL is protected by credentials.
- version 17.31.17 (22)

- Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231)
- Don't cleanup orphaned dirs if read-only mode was promised
  (bsc#1210740)
- version 17.31.16 (22)

- Fix build against protobuf >= 22 (fixes #465, closes #466)
  Port away from protobuf_generate_cpp. Upstream protobuf does not
  export protobuf_generate_cpp by default anymore.
  Use protobuf_generate instead, which is also available on older
  versions.
- Remove SUSE < SLE11 constructs (fixes #464).
- version 17.31.15 (22)

- build: honor libproxy.pc's includedir (bsc#1212222)
- Curl: trim all custom headers (bsc#1212187)
  HTTP/2 RFC 9113 forbids fields ending with a space. So we make
  sure all custom headers are trimmed. This also includes headers
  returned by URL-Resolver plugins.
- version 17.31.14 (22)
shadow
- bsc#1213189: Change lock mechanism to file locking to prevent
  lock files after power interruptions
- Add shadow-4.8.1-lock-mechanism.patch

- bsc#1206627: Add --prefix support to passwd, chpasswd and chage
  Needed for YaST
- Add shadow-4.8.1-add-prefix-passwd-chpasswd-chage.patch
mozilla-nspr
- update to version 4.35
  * fixes for building with clang
  * use the number of online processors for the
    PR_GetNumberOfProcessors() API on some platforms
  * fix build on mips+musl libc
  * Add support for the LoongArch 64-bit architecture
openssh
- Add openssh-CVE-2023-38408-PKCS11-execution.patch, Abort if
  requested to load a PKCS#11 provider that isnt a PKCS#11
  provider (bsc#1213504,CVE-2023-38408)

- openssh-7.7p1-fips_checks.patch: close the right filedescriptor
  to avoid fd leads, and also close fdh in read_hmac (bsc#1209536)
perl-Bootloader
- merge gh#openSUSE/perl-bootloader#157
- bootloader_entry script can have an optional 'force-default'
  argument (bsc#1215064)
- skip warning about unsupported options when in compat mode
- 0.945

- merge gh#openSUSE/perl-bootloader#152
- use signed grub EFI binary when updating grub in default EFI
  location (bsc#1210799)
- check whether grub2-install supports --suse-force-signed option
- 0.944

- merge gh#openSUSE/perl-bootloader#147
- UEFI: update also default location, if it is controlled by SUSE
  (bsc#1210799, bsc#1201399)
- 0.943

- merge gh#openSUSE/perl-bootloader#142
- use fw_platform_size to distinguish between 32 bit and 64 bit
  UEFI platforms (bsc#1208003)
- 0.942

- merge gh#openSUSE/perl-bootloader#141
- systemd-boot: easier initial setup
- 0.941

- merge gh#openSUSE/perl-bootloader#140
- add basic support for systemd-boot
- 0.940
perl
- enable TLS cert verification in CPAN [bnc#1210999] [CVE-2023-31484]
  new patch: perl-cpan_verify_cert.diff
python3-ec2metadata
- Update to version 5.0.0 (bsc#1214215)
  + Remove the --use-token command line option. Aws is deprecating access
    to instance metadata without authentication token. Ability to access
    metadat without token has been removed
  + Support access to the metadata server over IPv6. If the customer
    enables the IPv6 endpoint for an instance it will be preferred over the
    IPv4 endpoint
python-pyasn1
- To avoid users of this package having to recompile bytecode
  files, change the mtime of any __init__.py. (bsc#1207805)
python-requests
- Add CVE-2023-32681.patch to fix unintended leak of
  Proxy-Authorization header (CVE-2023-32681, bsc#1211674)
  Upstream commit: gh#psf/requests@74ea7cf7a6a2
salt
- Fix inconsistency in reported version by egg-info metadata (bsc#1215489)
- Added:
  * write-salt-version-before-building-when-using-with-s.patch

- Revert usage of long running REQ channel to prevent possible
  missing responses on requests and dublicated responses
  (bsc#1213960, bsc#1213630, bsc#1213257)
- Fix gitfs cachedir basename to avoid hash collisions
  (bsc#1193948, bsc#1214797, CVE-2023-20898)
- Added:
  * fixed-gitfs-cachedir_basename-to-avoid-hash-collisio.patch
  * revert-usage-of-long-running-req-channel-bsc-1213960.patch

- Make sure configured user is properly set by Salt (bsc#1210994)
- Do not fail on bad message pack message (bsc#1213441, CVE-2023-20897)
- Fix broken tests to make them running in the testsuite
- Prevent possible exceptions on salt.utils.user.get_group_dict (bsc#1212794)
- Create minion_id with reproducible mtime
- Fix detection of Salt codename by "salt_version" execution module
- Fix regression: multiple values for keyword argument 'saltenv' (bsc#1212844)
- Fix the regression of user.present state when group is unset (bsc#1212855)
- Fix zypper repositories always being reconfigured
- Fix utf8 handling in 'pass' renderer and make it more robust
- Added:
  * fix-tests-to-make-them-running-with-salt-testsuite.patch
  * zypper-pkgrepo-alreadyconfigured-585.patch
  * fix-regression-multiple-values-for-keyword-argument-.patch
  * mark-salt-3006-as-released-586.patch
  * fix-utf8-handling-in-pass-renderer-and-make-it-more-.patch
  * do-not-fail-on-bad-message-pack-message-bsc-1213441-.patch
  * prevent-possible-exceptions-on-salt.utils.user.get_g.patch
  * make-sure-configured-user-is-properly-set-by-salt-bs.patch
  * fix-the-regression-of-user.present-state-when-group-.patch

- Prevent _pygit2.GitError: error loading known_hosts when $HOME is not set (bsc#1210994)
- Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591)
- tornado: Fix an open redirect in StaticFileHandler (CVE-2023-28370, bsc#1211741)
- Added:
  * 3006.0-prevent-_pygit2.giterror-error-loading-known_.patch
  * tornado-fix-an-open-redirect-in-staticfilehandler-cv.patch
  * fix-some-issues-detected-in-salt-support-cli-module-.patch
selinux-policy
- Use /var/adm/update-scripts in macros.selinux-policy. The rpm state
  directory doesn't exist on SUSE systems (bsc#1213593)
supportutils-plugin-suse-public-cloud
- Update to version 1.0.8 (bsc#1213951)
  + Capture CSP billing adapter config and log (issue#13)
  + Accept upper case Amazon string in DMI table (issue#12)
supportutils
- Changes in version 3.1.26
  + powerpc plugin to collect the slots and active memory (bsc#1210950)
  + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
  + supportconfig: collect BPF information (pr#154)
  + Added additional iscsi information (pr#155)

- Added run time detection (bsc#1213127)

- ha_info sle15 uses /var/log/pacemaker/ (pq#153)

- Changes for supportutils version 3.1.25
  + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
  + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
  + powerpc: collect invscout logs (pr#150)
  + powerpc: collect RMC status logs (pr#151)
  + Added missing nvme nbft commands (bsc#1211599)
  + Fixed invalid nvme commands (bsc#1211598)
  + Added missing podman information (PED-1703, bsc#1181477)
  + Removed dependency on sysfstools
  + Check for systool use (bsc#1210015)
  + Added selinux checking (bsc#1209979)
  + Updated SLES_VER matrix

- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)

- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
  that `numactl --hardware` data is provided in supportconfigs

- Changes to supportconfig.rc version 3.1.11-35
  + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)

- Changes to supportconfig version 3.1.11-46.4
  + Added plymouth_info

- Changes to getappcore version 1.53.02
  + The location of chkbin was updated earlier. This documents that
    change (bsc#1205533, bsc#1204942)
suse-build-key
- add and run a import-suse-build-key scripts, this will be ran
  after installation with libzypp based installers. (jsc#PED-2777)
sysuser-tools
- Remove all systemd requires, not supported on SLE15 [bsc#1214140]

- Version 3.2
- update sysusers_requires to request sysuser-shadow 3.2
- Use TAB consistently for indention in sysusers2shadow.sh
- This pkg needs to follow behavior which is described in sysusers.d(5).
  Always create a system group of the same name as the system user,
  even if the user already exists. (bsc#1205161, bsc#1207778, bsc#1213240)

- Add "quilt setup" friendly hint to %sysusers_requires usage
  It is not required to have sysuser-tools installed when working
  with a pkg source which uses sysuser-tools at build time.

- Use append so if a pre file already exists it isn't overridden

- invoke bash for bash scripts (bsc#1195391)
util-linux-systemd
- Add util-linux-libblkid-reopen-floppy-without-O_NONBLOCK.patch
  Fixes blkid for floppy drives (bsc#1194900).
- util-linux-fix-tests-when-at-symbol-in-path.patch:
  Add patch to util-linux-systemd and python3-libmount, as it was
  previously only included in util-linux.
xen
- bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional
  execution leak via division by zero (XSA-439)
  xsa439-00.patch
  xsa439-01.patch
  xsa439-02.patch
  xsa439-03.patch
  xsa439-04.patch
  xsa439-05.patch
  xsa439-06.patch
  xsa439-07.patch
  xsa439-08.patch
  xsa439-09.patch

- bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow
  reference dropped too early for 64-bit PV guests (XSA-438)
  xsa438.patch

- Handle potential unaligned access to bitmap in
  libxc-sr-restore-hvm-legacy-superpage.patch
  If setting BITS_PER_LONG at once, the initial bit must be aligned

- Update to Xen 4.16.5 bug fix release (bsc#1027519)
  xen-4.16.5-testing-src.tar.bz2
  * No upstream changelog found in sources or webpage
- bsc#1214082 - VUL-0: CVE-2023-20569: xen: x86/AMD: Speculative
  Return Stack Overflow (XSA-434)
- bsc#1214083 - VUL-0: CVE-2022-40982: xen: x86/Intel: Gather Data
  Sampling (XSA-435)
- Dropped patches contained in new tarball
  645dec48-AMD-IOMMU-assert-boolean-enum.patch
  646b782b-PCI-pci_get_pdev-respect-segment.patch
  647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
  648863fc-AMD-IOMMU-Invalidate-All-check.patch
  64bea1b2-x86-AMD-Zenbleed.patch

- Handle potential off-by-one errors in libxc-sr-xg_sr_bitmap.patch
  A bit is an index in bitmap, while bits is the allocated size
  of the bitmap.

- Add more debug to libxc-sr-track-migration-time.patch
  This is supposed to help with doing the math in case xl restore
  fails with ERANGE as reported in bug#1209311

- bsc#1213616 - VUL-0: CVE-2023-20593: xen: x86/AMD: Zenbleed
  (XSA-433)
  64bea1b2-x86-AMD-Zenbleed.patch

- Upstream bug fixes (bsc#1027519)
  645dec48-AMD-IOMMU-assert-boolean-enum.patch
  646b782b-PCI-pci_get_pdev-respect-segment.patch
  647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
  648863fc-AMD-IOMMU-Invalidate-All-check.patch
zypper
- Changed location of bash-complication (bsc#1213854).
  This changes the location of zypper.sh bash completion script
  from /usr/share/bash-completion/completions/.
- version 1.14.63

- man: revised explanation of --force-resolution (bsc#1213557)
  Point out that the option not only allows to remove packages but
  may also violate any other active policy if there is no other way
  to resolve the job.
- Print summary hint if policies were violated due to
  - -force-resolution (bsc#1213557)
- BuildRequires:  libzypp-devel >= 17.31.16 (for zypp-tui)
- version 1.14.62

- targetos: Add an error note if XPath:/product/register/target
  is not defined in /etc/products.d/baseproduct (bsc#1211261)
- targetos: Update help and man page (bsc#1211261)
- version 1.14.61