bash
- Add patch boo1227807.patch
  * Load completion file eveh if a brace expansion is in the
    command line included (boo#1227807)
curl
- Security fix: [bsc#1232528, CVE-2024-9681]
  * HSTS subdomain overwrites parent cache entry
  * Add curl-CVE-2024-9681.patch

- Make special characters in URL work with aws-sigv4 [bsc#1230516]
  * http_aws_sigv4: canonicalize the query [fc76a24c]
  * test439: verify query canonization for aws-sigv4 [65661016]
  * http_aws_sigv4: skip the op if the query pair is zero bytes [16bdc09e]
  * aws_sigv4: the query canon code miscounted URL encoded input [a1532a33]
  * http_aws_sigv4: canonicalise valueless query params [bbba69da]
  * aws-sigv4: url encode the canonical path [768909d8]
  * Add upstream patches:
  - curl-aws_sigv4-canonicalize-the-query.patch
  - curl-aws_sigv4-verify-query-canonization.patch
  - curl-aws_sigv4-skip-the-op-if-the-query-pair-is-zero-bytes.patch
  - curl-aws_sigv4-the-query-canon-code-miscounted-url-encoded-input.patch
  - curl-aws_sigv4-canonicalise-valueless-query-params.patch
  - curl-aws_sigv4-url-encode-the-canonical-path.patch
lvm2
- LVM2 mirror attached to another node couldn't be converted into linear LV (bsc#1231796)
  + bug-1231796_lvconvert-fix-lvconvert-m-0-for-in-sync-legs.patch
python-kiwi
- Fixed resize of dos table type on s390
  On s390, parted is used to detect the partition table type.
  In contrast to blkid the name for DOS tables is reported
  as 'msdos' and not 'dos' which impacts several conditions
  in the kiwi initrd code which checks for 'dos'. This commit
  fixes the get_partition_table_type() method to return a
  consistent table name for DOS tables. This Fixes bsc#1228729
dracut
- Update to version 055+suse.396.g701c6212:
  * fix(dasd-rules): handle all possible options in `rd.dasd` (bsc#1230110)

- Update to version 055+suse.394.ga838b0c7:
  * fix(zfcp_rules): check for presence of legacy rules (bsc#1230330)
e2fsprogs
- resize2fs-Check-number-of-group-descriptors-only-if-.patch: resize2fs: Check
  number of group descriptors only if meta_bg is disabled (bsc#1230145)
glibc
- tcache-thread-shutdown.patch: malloc: Initiate tcache shutdown even
  without allocations (bsc#1228661, BZ #28028)
grub2
- Fix OOM error in loading loopback file (bsc#1230840)
  * 0001-tpm-Skip-loopback-image-measurement.patch
kernel-default
- usbnet: fix cyclical race on disconnect with work queue
  (git-fixes).
- Refresh
  patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch.
- commit 1cf5de8

- cachefiles: fix dentry leak in cachefiles_open_file()
  (bsc#1231181).
- ceph: remove the incorrect Fw reference check when dirtying
  pages (bsc#1231180).
- commit 47c22dc

- KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
  (CVE-2024-46830 bsc#1231116).
- commit 5d5e02e

- usb: xhci: fix loss of data on Cadence xHC (git-fixes).
- commit 1b1ffa2

- usb: cdnsp: Fix incorrect usb_request status (git-fixes).
- commit 901f16d

- USB: usbtmc: prevent kernel-usb-infoleak (git-fixes).
- commit 0627e93

- xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and
  freeing them (git-fixes).
- commit e8a76c0

- usb: dwc3: st: fix probed platform device ref count on probe
  error path (bsc#1230507 CVE-2024-46674).
- commit ffd5693

- tomoyo: fallback to realpath if symlink's pathname does not
  exist (git-fixes).
- tty: rp2: Fix reset with non forgiving PCIe host bridges
  (git-fixes).
- USB: class: CDC-ACM: fix race between get_serial and set_serial
  (git-fixes).
- usb: dwc2: drd: fix clock gating on USB role switch (git-fixes).
- usb: cdnsp: Fix incorrect usb_request status (git-fixes).
- USB: usbtmc: prevent kernel-usb-infoleak (git-fixes).
- USB: serial: kobil_sct: restore initial terminal settings
  (git-fixes).
- xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and
  freeing them (git-fixes).
- usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes).
- rtc: at91sam9: fix OF node leak in probe() error path
  (git-fixes).
- watchdog: imx_sc_wdt: Don't disable WDT in suspend (git-fixes).
- pinctrl: single: fix missing error code in pcs_probe()
  (git-fixes).
- PCI: xilinx-nwl: Fix register misspelling (git-fixes).
- PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes).
- xz: cleanup CRC32 edits from 2018 (git-fixes).
- pinctrl: single: fix potential NULL dereference in
  pcs_get_function() (git-fixes).
- thunderbolt: Mark XDomain as unplugged when router is removed
  (stable-fixes).
- commit b15f073

- mailbox: bcm2835: Fix timeout during suspend mode (git-fixes).
- mailbox: rockchip: fix a typo in module autoloading (git-fixes).
- firmware_loader: Block path traversal (git-fixes).
- iio: magnetometer: ak8975: Fix reading for ak099xx sensors
  (git-fixes).
- iio: chemical: bme680: Fix read/write ops to device by adding
  mutexes (git-fixes).
- iio: adc: ad7606: fix standby gpio state to match the
  documentation (git-fixes).
- iio: adc: ad7606: fix oversampling gpio array (git-fixes).
- Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq()
  (git-fixes).
- Input: ilitek_ts_i2c - add report id message validation
  (git-fixes).
- Input: ilitek_ts_i2c - avoid wrong input subsystem sync
  (git-fixes).
- media: sun4i_csi: Implement link validate for sun4i_csi subdev
  (git-fixes).
- media: venus: fix use after free bug in venus_remove due to
  race condition (git-fixes).
- media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes).
- Revert "media: tuners: fix error return code of
  hybrid_tuner_request_state()" (stable-fixes).
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds
  write error (git-fixes).
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds
  write error (git-fixes).
- media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags
  (git-fixes).
- apparmor: fix possible NULL pointer dereference (stable-fixes).
- commit 0120ced

- nvme-fabrics: use reserved tag for reg read/write command
  (bsc#1228620 CVE-2024-41082).
- nvme: change __nvme_submit_sync_cmd() calling conventions
  (bsc#1228620 CVE-2024-41082).
  Refresh:
  - patches.suse/nvme-auth-retry-command-if-DNR-bit-is-not-set.patch
- commit 4effcb1

- kthread: Fix task state in kthread worker if being frozen
  (bsc#1231146).
- commit 2398294

- Refresh
  patches.suse/bpf-kprobe-remove-unused-declaring-of-bpf_kprobe_override.patch.
- commit ba454fb

- tracing: Avoid possible softlockup in tracing_iter_reset()
  (git-fixes).
- commit 1959490

- tracing: Fix overflow in get_free_elt() (git-fixes
  CVE-2024-43890 bsc#1229764).
- commit 867d207

- arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120 CVE-2024-46822)
- commit ec589da

- arm64: acpi: Move get_cpu_for_acpi_id() to a header (bsc#1231120 CVE-2024-46822)
- commit fb3eb08

- nf_conntrack_proto_udp: do not accept packets with IPS_NAT_CLASH
  (bsc#1199769).
- commit 8283ab9

- scsi: sd: Fix off-by-one error in
  sd_read_block_characteristics() (bsc#1223848).
- commit 04f7eb0

- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
- commit b81ed11

- af_unix: Fix data races around sk->sk_shutdown (bsc#1226846).
- af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846).
- commit 7b544cf

- blacklist.conf: CVE-2024-46772 bsc#1230772: not applicable
  Functionality not present (pixel rate based CRB allocation,
  9ba90d760e9354c12).
- commit d6db85b

- blacklist.conf: CVE-2024-46778 bsc#1230776: not applicable, code does not exist
- commit 14795f1

- blacklist.conf: CVE-2024-46727 bsc#1230707: not applicable, code does not exist
- commit b7188ff

- arm64: dts: rockchip: Raise Pinebook Pro's panel backlight
  PWM frequency (git-fixes).
- commit 3f7057a

- arm64: dts: rockchip: Correct the Pinebook Pro battery design
  capacity (git-fixes).
- commit 7f351fe

- PCI: Support BAR sizes up to 8TB (bsc#1231017)
- commit 3d80de5

- arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for
  ROCK Pi E (git-fixes).
- commit 293aaa9

- arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes).
- commit 24cf4b5

- blacklist.conf: remove an entry which was merged anyway via another branch
- commit 29f0240

- ipmi:ssif: Improve detecting during probing (bsc#1228771)
  Move patch into the sorted section.
- commit 790aa5a

- Update patches.suse/ALSA-line6-Fix-racy-access-to-midibuf.patch
  (stable-fixes CVE-2024-44954 bsc#1230176).
- Update
  patches.suse/ASoC-dapm-Fix-UAF-for-snd_soc_pcm_runtime-object.patch
  (git-fixes CVE-2024-46798 bsc#1230830).
- Update
  patches.suse/HID-amd_sfh-free-driver_data-after-destroying-hid-de.patch
  (stable-fixes CVE-2024-46746 bsc#1230751).
- Update
  patches.suse/HID-cougar-fix-slab-out-of-bounds-Read-in-cougar_rep.patch
  (stable-fixes CVE-2024-46747 bsc#1230752).
- Update
  patches.suse/Input-uinput-reject-requests-with-unreasonable-numbe.patch
  (stable-fixes CVE-2024-46745 bsc#1230748).
- Update
  patches.suse/Squashfs-sanity-check-symbolic-link-size.patch
  (git-fixes CVE-2024-46744 bsc#1230747).
- Update
  patches.suse/VMCI-Fix-use-after-free-when-removing-resource-in-vm.patch
  (git-fixes CVE-2024-46738 bsc#1230731).
- Update
  patches.suse/bpf-Fix-a-kernel-verifier-crash-in-stacksafe.patch
  (bsc#1225903 CVE-2024-45020 bsc#1230433).
- Update
  patches.suse/can-bcm-Remove-proc-entry-when-dev-is-unregistered.patch
  (git-fixes CVE-2024-46771 bsc#1230766).
- Update
  patches.suse/can-mcp251x-fix-deadlock-if-an-interrupt-occurs-duri.patch
  (git-fixes CVE-2024-46791 bsc#1230821).
- Update
  patches.suse/char-xillybus-Check-USB-endpoints-when-probing-devic.patch
  (git-fixes CVE-2024-45011 bsc#1230440).
- Update
  patches.suse/drm-amd-display-Assign-linear_pitch_alignment-even-f.patch
  (stable-fixes CVE-2024-46732 bsc#1230711).
- Update
  patches.suse/drm-amd-display-Check-denominator-pbn_div-before-use.patch
  (stable-fixes CVE-2024-46773 bsc#1230791).
- Update
  patches.suse/drm-amd-display-Ensure-index-calculation-will-not-ov.patch
  (stable-fixes CVE-2024-46726 bsc#1230706).
- Update
  patches.suse/drm-amd-display-Skip-wbscl_set_scaler_filter-if-filt.patch
  (stable-fixes CVE-2024-46714 bsc#1230699).
- Update
  patches.suse/drm-amd-display-avoid-using-null-object-of-framebuff.patch
  (git-fixes CVE-2024-46694 bsc#1230511).
- Update
  patches.suse/drm-amd-pm-fix-the-Out-of-bounds-read-warning.patch
  (stable-fixes CVE-2024-46731 bsc#1230709).
- Update
  patches.suse/drm-amdgpu-Fix-out-of-bounds-read-of-df_v1_7_channel.patch
  (stable-fixes CVE-2024-46724 bsc#1230725).
- Update
  patches.suse/drm-amdgpu-Fix-out-of-bounds-write-warning.patch
  (stable-fixes CVE-2024-46725 bsc#1230705).
- Update patches.suse/drm-amdgpu-Validate-TA-binary-size.patch
  (stable-fixes CVE-2024-44977 bsc#1230217).
- Update
  patches.suse/drm-amdgpu-fix-dereference-after-null-check.patch
  (stable-fixes CVE-2024-46720 bsc#1230724).
- Update
  patches.suse/drm-amdgpu-fix-mc_data-out-of-bounds-read-warning.patch
  (stable-fixes CVE-2024-46722 bsc#1230712).
- Update
  patches.suse/drm-amdgpu-fix-ucode-out-of-bounds-read-warning.patch
  (stable-fixes CVE-2024-46723 bsc#1230702).
- Update
  patches.suse/drm-mgag200-Bind-I2C-lifetime-to-DRM-device.patch
  (git-fixes CVE-2024-44967 bsc#1230224).
- Update
  patches.suse/drm-msm-dpu-cleanup-FB-if-dpu_format_populate_layout.patch
  (git-fixes CVE-2024-44982 bsc#1230204).
- Update
  patches.suse/fs-netfs-fscache_cookie-add-missing-n_accesses-check.patch
  (bsc#1229453 CVE-2024-45000 bsc#1230170).
- Update
  patches.suse/fscache-delete-fscache_cookie_lru_timer-when-fscache-.patch
  (bsc#1230592 CVE-2024-46786 bsc#1230813).
- Update
  patches.suse/hwmon-adc128d818-Fix-underflows-seen-when-writing-li.patch
  (stable-fixes CVE-2024-46759 bsc#1230814).
- Update
  patches.suse/hwmon-lm95234-Fix-underflows-seen-when-writing-limit.patch
  (stable-fixes CVE-2024-46758 bsc#1230812).
- Update
  patches.suse/hwmon-w83627ehf-Fix-underflows-seen-when-writing-lim.patch
  (stable-fixes CVE-2024-46756 bsc#1230806).
- Update
  patches.suse/mmc-mmc_test-Fix-NULL-dereference-on-allocation-fail.patch
  (git-fixes CVE-2024-45028 bsc#1230450).
- Update
  patches.suse/msft-hv-3046-uio_hv_generic-Fix-kernel-NULL-pointer-dereference-i.patch
  (git-fixes CVE-2024-46739 bsc#1230732).
- Update
  patches.suse/msft-hv-3048-net-mana-Fix-error-handling-in-mana_create_txq-rxq-s.patch
  (git-fixes CVE-2024-46784 bsc#1230771).
- Update
  patches.suse/net-mana-Fix-RX-buf-alloc_size-alignment-and-atomic-.patch
  (bsc#1229086 CVE-2024-45001 bsc#1230244).
- Update
  patches.suse/nfc-pn533-Add-poll-mod-list-filling-check.patch
  (git-fixes CVE-2024-46676 bsc#1230535).
- Update
  patches.suse/nilfs2-fix-missing-cleanup-on-rollforward-recovery-error.patch
  (git-fixes CVE-2024-46781 bsc#1230768).
- Update
  patches.suse/nilfs2-protect-references-to-superblock-parameters-exposed-in-sysfs.patch
  (git-fixes CVE-2024-46780 bsc#1230808).
- Update
  patches.suse/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch
  (git-fixes CVE-2024-46737 bsc#1230730).
- Update
  patches.suse/pci-hotplug-pnv_php-Fix-hotplug-driver-crash-on-Powe.patch
  (stable-fixes CVE-2024-46761 bsc#1230761).
- Update
  patches.suse/s390-dasd-fix-error-recovery-leading-to-data-corruption-on-ESE-devices.patch
  (git-fixes bsc#1229573 CVE-2024-45026 bsc#1230454).
- Update
  patches.suse/s390-sclp-Prevent-release-of-buffer-in-I-O.patch
  (git-fixes bsc#1229572 CVE-2024-44969 bsc#1230200).
- Update
  patches.suse/usb-dwc3-core-Prevent-USB-core-invalid-event-buffer-.patch
  (git-fixes CVE-2024-46675 bsc#1230533).
- Update
  patches.suse/usb-dwc3-st-fix-probed-platform-device-ref-count-on-.patch
  (git-fixes CVE-2024-46674 bsc#1230507).
- Update
  patches.suse/wifi-mwifiex-Do-not-return-unused-priv-in-mwifiex_ge.patch
  (stable-fixes CVE-2024-46755 bsc#1230802).
- Update
  patches.suse/x86-mtrr-Check-if-fixed-MTRRs-exist-before-saving-them.patch
  (git-fixes CVE-2024-44948 bsc#1230174).
- Update
  patches.suse/xhci-Fix-Panther-point-NULL-pointer-deref-at-full-sp.patch
  (git-fixes CVE-2024-45006 bsc#1230247).
- commit 3ab4fc7

- Update
  patches.suse/media-vivid-fix-compose-size-exceed-boundary.patch
  (git-fixes CVE-2022-48945 bsc#1230398).
- Update
  patches.suse/powerpc-rtas-Prevent-Spectre-v1-gadget-construction-.patch
  (bsc#1227487 CVE-2024-46774 bsc#1230767).
- Update patches.suse/sched-Fix-yet-more-sched_fork-races.patch
  (git fixes (sched/core) CVE-2022-48944 bsc#1229947).
- commit be5b46d

- userfaultfd: fix checks for huge PMDs (CVE-2024-46787
  bsc#1230815).
- commit 731ca61

- cachefiles: Fix non-taking of sb_writers around set/removexattr
  (bsc#1231013).
- commit 8d75b42

- PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes).
- commit afe0b92

- PCI: xilinx-nwl: Clean up clock on probe failure/removal
  (git-fixes).
- PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes).
- PCI: dra7xx: Fix error handling when IRQ request fails in probe
  (git-fixes).
- PCI: Wait for Link before restoring Downstream Buses
  (git-fixes).
- PCI: al: Check IORESOURCE_BUS existence during probe
  (git-fixes).
- PCI: dwc: Restore MSI Receiver mask during resume (git-fixes).
- Refresh
  patches.suse/PCI-dwc-Add-dw_pcie_ops.host_deinit-callback.patch.
- commit 1275322

- blacklist.conf: add two PCI git-fixes
- commit 02f416e

- Update
  patches.suse/PCI-Add-missing-bridge-lock-to-pci_bus_lock.patch
  (stable-fixes CVE-2024-46750 bsc#1230783).
- commit c259807

- exfat: fix memory leak in exfat_load_bitmap() (git-fixes).
- commit bfe7fd1

- PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
  (git-fixes).
- commit 644bf81

- net: ip_tunnel: prevent perpetual headroom growth
  (CVE-2024-26804 bsc#1222629).
- net: tunnels: annotate lockless accesses to dev->needed_headroom
  (CVE-2024-26804 bsc#1222629).
- commit 319c5b5

- kabi: add __nf_queue_get_refs() for kabi compliance.
  (bsc#1229633, CVE-2022-48911)
  (cherry picked from commit 09526c9424a7fbc2a4d656f79c4ad7878f435ecb)
- netfilter: nf_queue: fix possible use-after-free (bsc#1229633,
  CVE-2022-48911).
  (cherry picked from commit 758c6b1299c09ef730f452c74ec7f72a9327354f)
- kabi: add __nf_queue_get_refs() for kabi compliance.
- netfilter: nf_queue: fix possible use-after-free (bsc#1229633,
  CVE-2022-48911).
- commit 0bf9c36

- drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703 CVE-2024-46728)
- commit 6a51cab

- RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes)
- commit e49b867

- RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes)
- commit 50d4a10

- RDMA/hns: Optimize hem allocation performance (git-fixes)
- commit 813af9f

- RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes)
- commit 2bb823b

- RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes)
- commit f6fcd8c

- RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes)
- commit 328d52f

- RDMA/hns: Don't modify rq next block addr in HIP09 QPC (git-fixes)
- commit 33ac85f

- IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes)
- commit 01729dd

- RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes)
- commit 68948b5

- RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes)
- commit 65bf6d4

- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes)
- commit dfdb2f8

- RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes)
- commit 97307dd

- blacklist.conf: CVE-2024-44972 bsc#1230212: not applicable
  Subpage code exists but zoned mode is not enabled being hidden behind
  CONFIG_BTRFS_DEBUG.
- commit 702f20e

- btrfs: handle errors from btrfs_dec_ref() properly (CVE-2024-46753 bsc#1230796)
- commit 65fd2b1

- btrfs: prevent copying too big compressed lzo segment (CVE-2022-48923 bsc#1229662)
- commit 9c5b30e

- net: tighten bad gso csum offset check in virtio_net_hdr
  (git-fixes).
- commit 34aa4c1

- udp: fix receiving fraglist GSO packets (git-fixes).
- commit fa1c6cd

- xen/swiotlb: fix allocated size (git-fixes).
- commit 6131ead

- xen/swiotlb: add alignment check for dma buffers (bsc#1229928).
- commit eee6dcc

- xen: tolerate ACPI NVS memory overlapping with Xen allocated
  memory (bsc#1226003).
- commit c0747b9

- xen: allow mapping ACPI data using a different physical address
  (bsc#1226003).
- commit c94b5d0

- xen: add capability to remap non-RAM pages to different PFNs
  (bsc#1226003).
- commit 489b422

- xen: move max_pfn in xen_memory_setup() out of function scope
  (bsc#1226003).
- commit 88edee6

- blacklist.conf: kABI
- commit 0e6101c

- media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes).
- commit 6843c76

- media: qcom: camss: Fix ordering of pm_runtime_enable
  (git-fixes).
- commit 262114a

- Revert "media: tuners: fix error return code of
  hybrid_tuner_request_state()" (git-fixes).
- commit 1d6cee4

- xen: move checks for e820 conflicts further up (bsc#1226003).
- commit 305f805

- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds
  write error (git-fixes).
- commit 8a8aa4d

- net: bridge: xmit: make sure we have at least eth header len
  bytes (CVE-2024-38538 bsc#1226606).
- commit de593a5

- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds
  write error (git-fixes).
- commit 28bc636

- xen: introduce generic helper checking for memory map conflicts
  (bsc#1226003).
- commit b5a62b0

- xen: use correct end address of kernel for conflict checking
  (bsc#1226003).
- commit 864cea2

- x86/xen: Convert comma to semicolon (git-fixes).
- commit aea0e48

- net: drop bad gso csum_start and offset in virtio_net_hdr
  (git-fixes).
- commit 89b9f35

- crypto: virtio - Wait for tasklet to complete on device remove
  (git-fixes).
- commit 3c716ae

- Update references for patches.suse/pci-hotplug-pnv_php-Fix-hotplug-driver-crash-on-Powe.patch (CVE-2024-46761 bsc#1230761)
- commit dcc7841

- x86/tdx: Fix data leak in mmio_read() (CVE-2024-46794 bsc#1230825)
- commit c8c34cc

- Update references for patches.suse/hwmon-adc128d818-Fix-underflows-seen-when-writing-li.patch (CVE-2024-46759 bsc#1230814)
- commit 246b51d

- Update references for patches.suse/HID-cougar-fix-slab-out-of-bounds-Read-in-cougar_rep.patch (CVE-2024-46747 bsc#1230752)
- commit d22b00d

- Update references for patches.suse/Input-uinput-reject-requests-with-unreasonable-numbe.patch (CVE-2024-46745 bsc#1230748)
- commit 584f3d0

- Update references for patches.suse/HID-amd_sfh-free-driver_data-after-destroying-hid-de.patch (CVE-2024-46746 bsc#1230751)
- commit 20864a7

- tcp_bpf: fix return value of tcp_bpf_sendmsg() (CVE-2024-46783 bsc#1230810)
- commit 72de3c2

- Update references for patches.suse/fscache-delete-fscache_cookie_lru_timer-when-fscache-.patch (CVE-2024-46786 bsc#1230592 bsc#1230813)
- commit b23da3a

- Update references for patches.suse/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch (CVE-2024-46737 bsc#1230730)
- commit a2b9776

- scsi: lpfc: Copyright updates for 14.4.0.4 patches
  (bsc#1229429).
- scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429).
- scsi: lpfc: Update PRLO handling in direct attached topology
  (bsc#1229429).
- scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct
  attached topology (bsc#1229429).
- scsi: lpfc: Fix unintentional double clearing of vmid_flag
  (bsc#1229429).
- scsi: lpfc: Validate hdwq pointers before dereferencing in
  reset/errata paths (bsc#1229429).
- scsi: lpfc: Remove redundant vport assignment when building
  an abort request (bsc#1229429).
- scsi: lpfc: Change diagnostic log flag during receipt of
  unknown ELS cmds (bsc#1229429).
- scsi: lpfc: Fix overflow build issue (bsc#1229429).
- commit 6dfc9ed

- blacklist.conf: Add f8321fa75102 ("virtio_net: Fix
  napi_skb_cache_put warning") (CVE-2024-43835 bsc#1229289)
- commit 18f3802

- net/mlx5e: SHAMPO, Fix incorrect page release (CVE-2024-46717 bsc#1230719)
- commit dcc83f4

- btrfs: don't BUG_ON() when 0 reference count at
  btrfs_lookup_extent_info() (bsc#1230786 CVE-2024-46751).
- btrfs: reduce nesting for extent processing at
  btrfs_lookup_extent_info() (bsc#1230794 CVE-2024-46752).
- btrfs: remove superfluous metadata check at
  btrfs_lookup_extent_info() (bsc#1230794 CVE-2024-46752).
- btrfs: replace BUG_ON() with error handling at
  update_ref_for_cow() (bsc#1230794 CVE-2024-46752).
- btrfs: simplify setting the full backref flag at
  update_ref_for_cow() (bsc#1230794 CVE-2024-46752).
- btrfs: remove NULL transaction support for
  btrfs_lookup_extent_info() (bsc#1230794 CVE-2024-46752).
- btrfs: remove level argument from btrfs_set_block_flags
  (bsc#1230794 CVE-2024-46752).
- btrfs: sink parameter is_data to btrfs_set_disk_extent_flags
  (bsc#1230794 CVE-2024-46752).
- commit c2d0eaf

- kABI, crypto: virtio - Handle dataq logic with tasklet
  (git-fixes).
- commit 7b17b1c

- nvmet: Identify-Active Namespace ID List command should reject
  invalid nsid (git-fixes).
- nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes).
- nvmet-tcp: fix kernel crash if commands allocation fails
  (git-fixes).
- nvme: move stopping keep-alive into nvme_uninit_ctrl()
  (git-fixes).
- nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes).
- nvmet-rdma: fix possible bad dereference when freeing rsps
  (git-fixes).
- nvmet-tcp: do not continue for invalid icreq (git-fixes).
- nvmet-trace: avoid dereferencing pointer too early (git-fixes).
- commit 14b1d67

- drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701 CVE-2024-46730)
- commit 45e46f9

- Update
  patches.suse/vfio-pci-fix-potential-memory-leak-in-vfio_intx_enab.patch
  (git-fixes CVE-2024-38632 bsc#1226860).
  Add CVE references.
- commit bd2cc38

- nilfs2: fix potential oob read in nilfs_btree_check_delete()
  (git-fixes).
- commit 157099e

- nilfs2: determine empty node blocks as corrupted (git-fixes).
- commit 657f164

- nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
  (git-fixes).
- commit 24419a8

- media: mtk-vcodec: potential null pointer deference in SCP (CVE-2024-40973 bsc#1227890)
- commit d0ab63e

- btrfs: do not start relocation until in progress drops are done
  (bsc#1229607 CVE-2022-48901).
- Refresh
  patches.suse/btrfs-sysfs-update-fs-features-directory-asynchronou.patch.
- commit a5756e7

- of/irq: Prevent device address out-of-bounds read in interrupt
  map walk (CVE-2024-46743 bsc#1230756).
- commit 2dc0a89

- ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes).
- commit f3e346f

- ocfs2: remove unreasonable unlock in ocfs2_read_blocks
  (git-fixes).
- commit 2d8f102

- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
  (git-fixes).
- commit e09cbac

- ocfs2: fix null-ptr-deref when journal load failed (git-fixes).
- commit 25c83fa

- jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes).
- commit 2205648

- driver: iio: add missing checks on iio_info's callback access
  (CVE-2024-46715 bsc#1230700).
- commit 44ce0f3

- i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq()
  (git-fixes).
- i2c: isch: Add missed 'else' (git-fixes).
- i2c: xiic: Wait for TX empty to avoid missed TX NAKs
  (git-fixes).
- i2c: aspeed: Update the stop sw state when the bus recovery
  occurs (git-fixes).
- drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind()
  (git-fixes).
- drm/msm: fix %s null argument error (git-fixes).
- drm/msm/a5xx: workaround early ring-buffer emptiness check
  (git-fixes).
- drm/msm/a5xx: fix races in preemption evaluation stage
  (git-fixes).
- drm/msm/a5xx: properly clear preemption records on resume
  (git-fixes).
- drm/msm/a5xx: disable preemption in submits by default
  (git-fixes).
- drm/msm: Fix incorrect file name output in adreno_request_fw()
  (git-fixes).
- drm: omapdrm: Add missing check for alloc_ordered_workqueue
  (git-fixes).
- drm/radeon/evergreen_cs: fix int overflow errors in cs track
  offsets (git-fixes).
- drm/amd/amdgpu: Properly tune the size of struct (git-fixes).
- drm/amdgpu: fix a possible null pointer dereference (git-fixes).
- drm/radeon: fix null pointer dereference in
  radeon_add_common_modes (git-fixes).
- drm/bridge: lontium-lt8912b: Validate mode in
  drm_bridge_funcs::mode_valid() (git-fixes).
- drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode
  (git-fixes).
- drm/rockchip: vop: Allow 4096px width scaling (git-fixes).
- drm/stm: ltdc: check memory returned by devm_kzalloc()
  (git-fixes).
- tpm: Clean up TPM space after command failure (git-fixes).
- ipmi: docs: don't advertise deprecated sysfs entries
  (git-fixes).
- commit a7fb7f8

- md/raid5: avoid BUG_ON() while continue reshape after
  reassembling (bsc#1229790, CVE-2024-43914).
- commit 3bf0292

- NFS: Reduce use of uncached readdir (bsc#1226662).
- NFS: Don't re-read the entire page cache to find the next cookie
  (bsc#1226662).
- commit 25632eb

- pinctrl: single: fix potential NULL dereference in pcs_get_function() (CVE-2024-46685 bsc#1230515)
- commit 16fd035

- thunderbolt: Mark XDomain as unplugged when router is removed (CVE-2024-46702 bsc#1230589)
- commit 0a04e5e

- soc: qcom: cmd-db: Map shared memory as WC, not WB (CVE-2024-46689 bsc#1230524)
- commit d574d3c

- smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (CVE-2024-46686 bsc#1230517)
- commit eecf85c

- scsi: aacraid: Fix double-free on probe failure (CVE-2024-46673 bsc#1230506)
- commit 23b1681

- apparmor: fix possible NULL pointer dereference (CVE-2024-46721 bsc#1230710)
- commit 02a056d

- gtp: fix a potential NULL pointer dereference (CVE-2024-46677 bsc#1230549)
- commit e4c4047

- ethtool: check device is present when getting link settings (CVE-2024-46679 bsc#1230556)
- commit 12d1e30

- vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler
  (git-fixes).
- commit a4cc5f2

- net: missing check virtio (git-fixes).
- commit 5c4c37d

- virtio_net: checksum offloading handling fix (git-fixes).
- commit d5e193e

- virtio: delete vq in vp_find_vqs_msix() when request_irq()
  fails (CVE-2024-37353 bsc#1226875).
- commit 7853f36

- vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes).
- commit 1d51d93

- virtio: reenable config if freezing device failed (git-fixes).
- commit 92899fb

- virtio-blk: Ensure no requests in virtqueues before deleting
  vqs (git-fixes).
- commit 5677525

- virtio_net: Fix "'%d' directive writing between 1 and 11 bytes into
  a region of size 10" warnings (git-fixes).
- commit c6eef4e

- virtio/vsock: fix logic which reduces credit update messages
  (git-fixes).
- commit ba4fb58

- KABI: kcm: Serialise kcm_sendmsg() for the same socket
  (CVE-2024-44946 bsc#1230015).
- commit 4220de4

- kcm: Serialise kcm_sendmsg() for the same socket
  (CVE-2024-44946 bsc#1230015).
- commit 195f676

- crypto: virtio - Handle dataq logic with tasklet (git-fixes).
- commit a7e32aa

- vsock/virtio: remove socket from connected/bound list on
  shutdown (git-fixes).
- commit 0f347cf

- virtio_net: use u64_stats_t infra to avoid data-races
  (git-fixes).
- commit 463733f

- vsock/virtio: initialize the_virtio_vsock before using VQs
  (git-fixes).
- commit 1fec77b

- tools/virtio: fix build (git-fixes).
- commit e7f47cc

- xfs: don't include bnobt blocks when reserving free block pool
  (git-fixes).
- commit 3c9db4e

- vsock/virtio: add support for device suspend/resume (git-fixes).
- commit 010c69d

- vsock/virtio: factor our the code to initialize and delete VQs
  (git-fixes).
- commit 21a4d2a

- fbdev: hpfb: Fix an error handling path in hpfb_dio_probe()
  (git-fixes).
- hwmon: (ntc_thermistor) fix module autoloading (git-fixes).
- hwmon: (max16065) Fix overflows seen when writing limits
  (git-fixes).
- mtd: powernv: Add check devm_kasprintf() returned value
  (git-fixes).
- mtd: slram: insert break after errors in parsing the map
  (git-fixes).
- power: supply: hwmon: Fix missing temp1_max_alarm attribute
  (git-fixes).
- power: supply: Drop use_cnt check from
  power_supply_property_is_writeable() (git-fixes).
- power: supply: max17042_battery: Fix SOC threshold calc w/
  no current sense (git-fixes).
- power: supply: axp20x_battery: Remove design from min and max
  voltage (git-fixes).
- drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes).
- drm/msm/adreno: Fix error return if missing firmware-name
  (stable-fixes).
- commit 392a8e2

- Update patches.suse/NFS-never-reuse-a-NFSv4-0-lock-owner.patch
  (bsc#1227726 bsc#1230733).
- commit c293534

- x86/mm/ident_map: Use gbpages only where full GB page should
  be mapped (bsc#1220382).
- x86/kexec: Add EFI config table identity mapping for kexec
  kernel (bsc#1220382).
- commit 0e4e6bb

- Refresh
  patches.suse/Bluetooth-hci_ldisc-check-HCI_UART_PROTO_READY-flag-.patch.
  Update upstream status and move to the sorted section.
- commit 43dbf50

- PCI/ASPM: Remove struct aspm_latency (bsc#1226915)
- commit daa2cc5

- PCI/ASPM: Stop caching device L0s, L1 acceptable exit latencies (bsc#1226915)
- commit 1a96576

- PCI/ASPM: Stop caching link L0s, L1 exit latencies (bsc#1226915)
- commit 99a4208

- PCI/ASPM: Move pci_function_0() upward (bsc#1226915)
- commit 9dc3dba

- cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails
  appropriately (git-fixes).
- ACPI: CPPC: Fix MASK_VAL() usage (git-fixes).
- ACPI: PMIC: Remove unneeded check in
  tps68470_pmic_opregion_probe() (git-fixes).
- ACPI: sysfs: validate return type of _STR method (git-fixes).
- hwrng: mtk - Use devm_pm_runtime_enable (git-fixes).
- crypto: ccp - Properly unregister /dev/sev on sev
  PLATFORM_STATUS failure (git-fixes).
- hwrng: cctrng - Add missing clk_disable_unprepare in
  cctrng_resume (git-fixes).
- hwrng: bcm2835 - Add missing clk_disable_unprepare in
  bcm2835_rng_init (git-fixes).
- crypto: xor - fix template benchmarking (git-fixes).
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry()
  (git-fixes).
- Bluetooth: btusb: Fix not handling ZPL/short-transfer
  (git-fixes).
- Bluetooth: hci_sync: Ignore errors from
  HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes).
- Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED
  (git-fixes).
- wifi: mt76: mt7615: check devm_kasprintf() returned value
  (git-fixes).
- wifi: mt76: mt7915: fix rx filter setting for bfee functionality
  (git-fixes).
- wifi: rtw88: remove CPT execution branch never used (git-fixes).
- wifi: wilc1000: fix potential RCU dereference issue in
  wilc_parse_join_bss_param (git-fixes).
- wifi: mac80211: use two-phase skb reclamation in
  ieee80211_do_stop() (git-fixes).
- wifi: cfg80211: fix two more possible UBSAN-detected off-by-one
  errors (git-fixes).
- wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan()
  (git-fixes).
- wifi: iwlwifi: mvm: increase the time between ranging
  measurements (git-fixes).
- wifi: rtw88: always wait for both firmware loading attempts
  (git-fixes).
- wifi: rtw88: 8822c: Fix reported RX band width (git-fixes).
- can: j1939: use correct function name in comment (git-fixes).
- commit b2930fe

- KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
  (CVE-2024-46707 bsc#1230582).
- commit bb45424

- x86/xen: Convert comma to semicolon (git-fixes).
- commit f308bb3

- Refresh
  patches.suse/virtio-blk-scsi-use-block-layer-helpers-to-calculate.patch.
  The compiler is unhappy with the types. Add a cast to tell what the
  compiler should do.
- commit aba9465

- usb: dwc3: core: update LC timer as per USB Spec V3.2
  (git-fixes).
- commit b3f5137

- blacklist.conf: pure cleanup
- commit 97c4b58

- blacklist.conf: irrelevant in our kernel configs
- commit f68f968

- usb: uas: set host status byte on data completion error
  (git-fixes).
- commit 842e02d

- blacklist.conf: Add 9ad797485692 ("wifi: cfg80211: check A-MSDU
  format more carefully")
- commit 6c8d8b6

- fscache: delete fscache_cookie_lru_timer when fscache exits
  to avoid  UAF (bsc#1230592).
- virtiofs: forbid newlines in tags (bsc#1230591).
- commit 03e6dba

- blacklist.conf: not a fix
- commit 7c06448

- blacklist.conf: spelling fixes in documentation
- commit e014f71

- blacklist.conf: cleanup breaking kABI
- commit b4addb1

- blacklist.conf: just comments
- commit eb0717d

- blacklist.conf: pure cleanup
- commit 7aa8489

- blacklist.conf: pure cleanup
- commit c33966d

- blacklist.conf: irrelevant in our kernel configuration
- commit 66d28be

- blacklist.conf: no RiscV in SP5
- commit 681bba5

- blacklist.conf: build fix
- commit caed058

- blacklist.conf: add 053fc4f755ad fuse: fix UAF in rcu pathwalks
  This commit breaks kABI and the data structure has no free room for the
  extra field, i.e. memcpy would fail to copy the additional member added by
  this patch.
- commit e5e762d

- x86/hyperv: fix kexec crash due to VP assist page corruption
  (git-fixes).
- Drivers: hv: vmbus: Fix the misplaced function description
  (git-fixes).
- commit f7a5c89

- NFSv4: Add missing rescheduling points in
  nfs_client_return_marked_delegations (git-fixes).
- NFSD: Fix frame size warning in svc_export_parse() (git-fixes).
- NFSD: Rewrite synopsis of nfsd_percpu_counters_init()
  (git-fixes).
- commit 6327192

- blacklist.conf: Unwanted nfsd namespace patches
- commit 204b82c

- ASoC: meson: axg-card: fix 'use-after-free' (git-fixes).
- commit 3824ded

- spi: nxp-fspi: fix the KASAN report out-of-bounds bug
  (git-fixes).
- drm/i915/guc: prevent a possible int overflow in wq offsets
  (git-fixes).
- platform/x86: panasonic-laptop: Allocate 1 entry extra in the
  sinf array (git-fixes).
- platform/x86: panasonic-laptop: Fix SINF array out of bounds
  accesses (git-fixes).
- usb: dwc3: core: update LC timer as per USB Spec V3.2
  (stable-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx
  (stable-fixes).
- ALSA: hda/realtek: add patch for internal mic in Lenovo V145
  (stable-fixes).
- ALSA: hda/conexant: Add pincfg quirk to enable top speakers
  on Sirius devices (stable-fixes).
- ata: libata: Fix memory leak for error path in ata_host_alloc()
  (git-fixes).
- Input: uinput - reject requests with unreasonable number of
  slots (stable-fixes).
- ata: pata_macio: Use WARN instead of BUG (stable-fixes).
- HID: amd_sfh: free driver_data after destroying hid device
  (stable-fixes).
- HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
  (stable-fixes).
- i2c: Use IS_REACHABLE() for substituting empty ACPI functions
  (git-fixes).
- i2c: Fix conditional for substituting empty ACPI functions
  (stable-fixes).
- i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA
  setup (stable-fixes).
- devres: Initialize an uninitialized struct member
  (stable-fixes).
- pcmcia: Use resource_size function on resource object
  (stable-fixes).
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
  (stable-fixes).
- PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
  (stable-fixes).
- PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes).
- usb: uas: set host status byte on data completion error
  (stable-fixes).
- usb: typec: ucsi: Fix null pointer dereference in trace
  (stable-fixes).
- usbip: Don't submit special requests twice (stable-fixes).
- ASoC: topology: Properly initialize soc_enum values
  (stable-fixes).
- ALSA: hda: Add input value sanity checks to HDMI channel map
  controls (stable-fixes).
- drm/amdgpu: Set no_hw_access when VF request full GPU fails
  (stable-fixes).
- drm/amdgpu: check for LINEAR_ALIGNED correctly in
  check_tiling_flags_gfx6 (stable-fixes).
- drm/amd/display: Check denominator pbn_div before used
  (stable-fixes).
- drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts
  (stable-fixes).
- drm/amdgpu: Fix smatch static checker warning (stable-fixes).
- drm/amd/display: Check HDCP returned status (stable-fixes).
- media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse
  (stable-fixes).
- media: vivid: don't set HDMI TX controls if there are no HDMI
  outputs (stable-fixes).
- media: vivid: fix wrong sizeimage value for mplane
  (stable-fixes).
- media: uvcvideo: Enforce alignment of frame and interval
  (stable-fixes).
- wifi: mwifiex: Do not return unused priv in
  mwifiex_get_priv_by_id() (stable-fixes).
- wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3
  (stable-fixes).
- hwmon: (w83627ehf) Fix underflows seen when writing limit
  attributes (stable-fixes).
- hwmon: (lm95234) Fix underflows seen when writing limit
  attributes (stable-fixes).
- hwmon: (adc128d818) Fix underflows seen when writing limit
  attributes (stable-fixes).
- ACPI: processor: Fix memory leaks in error paths of
  processor_add() (stable-fixes).
- ACPI: processor: Return an error if acpi_processor_get_info()
  fails in processor_add() (stable-fixes).
- commit c0216a0

- nvme: move stopping keep-alive into nvme_uninit_ctrl() (CVE-2024-45013 bsc#1230442)
- commit 5ac8578

- i2c: tegra: Do not mark ACPI devices as irq safe (CVE-2024-45029 bsc#1230451)
- commit 12f7852

- netfilter: flowtable: initialise extack before use (CVE-2024-45018 bsc#1230431)
- commit 25df9d1

- drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder (bsc#1230444)
- commit 4fb379d

- memcg_write_event_control(): fix a user-triggerable oops
  (CVE-2024-45021 bsc#1230434).
- commit f5c92ca

- usbnet: ipheth: race between ipheth_close and error handling
  (git-fixes).
- commit 7ee6be8

- Refresh
  patches.suse/USB-serial-option-add-MeiG-Smart-SRM825L.patch.
- commit 7c21712

- memcg_write_event_control(): fix a user-triggerable oops
  (CVE-2024-45021 bsc#1230434).
- commit d21e438

- Squashfs: sanity check symbolic link size (git-fixes).
- commit 38be121

- Revert "mm/sparsemem: fix race in accessing memory_section->usage"
  This reverts commit 606bd9b8228bfe004cf6ab930ffb673a535e3c55.
- commit 12b6dd4

- Revert "mm, kmsan: fix infinite recursion due to RCU critical section"
  This reverts commit 1702784a5db6b26695f0bc2c6b0cbe973db5c0f3.
- commit e83daef

- Revert "mm: prevent derefencing NULL ptr in pfn_section_valid()"
  This reverts commit d77caa16c18115f0c470ecf5cdd3cdb6f9865aeb.
- commit b3f74b7

- drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444 CVE-2024-45015)
- commit baea6a3

- media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269 CVE-2023-52916)
- commit 1c1f90d

- media: aspeed: Fix no complete irq for non-64-aligned width (bsc#1230269)
- commit 63b4ff1

- RDMA/efa: Properly handle unexpected AQ completions (git-fixes)
- commit 9995679

- net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (CVE-2024-44971 bsc#1230211)
- commit 6f30d53

- bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989 bsc#1230193)
- commit 656ad24

- Input: MT - limit max slots (CVE-2024-45008 bsc#1230248).
- commit 9c6f084

- net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink
  (CVE-2024-44970 bsc#1230209).
- commit 204a351

- blacklist.conf: Add cf3f9a593dab mm: optimize the redundant loop of mm_update_owner_next()
- commit fe36c25

- bonding: fix null pointer deref in bond_ipsec_offload_ok
  (CVE-2024-44990 bsc#1230194).
- commit caaca9d

- blk-mq: issue warning when offlining hctx with online isolcpus
  (bsc#1229034).
- commit c169848

- Refresh
  patches.suse/net-bridge-switchdev-Skip-MDB-replays-of-deferred-ev.patch.
- commit 0ae4275

- media: Revert "media: dvb-usb: Fix unexpected infinite loop
  in dvb_usb_read_remote_control()" (git-fixes).
- commit 69c4bbe

- lirc: rc_dev_get_from_fd(): fix file leak (git-fixes).
- commit 5094611

- drm/amd/display: fixed integer types and null check locations
  (CVE-2024-26767 bsc#1230339).
- commit 91909ca

- blacklist.conf: irrelevant in our configs
- commit aa4efb5

- blacklist.conf: kABI
- commit ec16bc2

- Fix KABI for
  patches.suse/dm_blk_ioctl-implement-path-failover-for-SG_IO.patch
  (bsc#1230392).
- Update
  patches.suse/dm_blk_ioctl-implement-path-failover-for-SG_IO.patch
  (bsc#1230392).
- commit cbecb11

- net: dsa: mv88e6xxx: Fix out-of-bound access (CVE-2024-44988 bsc#1230192)
- commit e74f32c

- ipv6: prevent UAF in ip6_send_skb() (CVE-2024-44987 bsc#1230185)
- commit fd19d1b

- ipv6: fix possible UAF in ip6_finish_output2() (CVE-2024-44986 bsc#1230230)
- commit 6ffd49a

- gtp: pull network headers in gtp_dev_xmit() (CVE-2024-44999 bsc#1230233)
- commit e1f3131

- ipmi:ssif: Improve detecting during probing (bsc#1228771)
- commit fac58ad

- mm/swap: fix race when skipping swapcache (CVE-2024-26759
  bsc#1230340).
- commit 8d9f1de

- filemap: remove use of wait bookmarks (bsc#1224085).
- commit a120011

- VMCI: Fix use-after-free when removing resource in
  vmci_resource_remove() (git-fixes).
- iio: fix scale application in
  iio_convert_raw_to_processed_unlocked (git-fixes).
- iio: adc: ad7124: fix config comparison (git-fixes).
- iio: adc: ad7124: fix chip ID mismatch (git-fixes).
- iio: buffer-dmaengine: fix releasing dma channel on error
  (git-fixes).
- staging: iio: frequency: ad9834: Validate frequency parameter
  value (git-fixes).
- drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
  (stable-fixes).
- drm/amd/display: Correct the defined value for
  AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes).
- drm/amd/display: added NULL check at start of dc_validate_stream
  (stable-fixes).
- drm/bridge: tc358767: Check if fully initialized before
  signalling HPD event via IRQ (stable-fixes).
- commit fae29ce

- ALSA: hda/conexant: Mute speakers at suspend / shutdown
  (stable-fixes).
- ALSA: hda/generic: Add a helper to mute speakers at
  suspend/shutdown (stable-fixes).
- drm/meson: plane: Add error handling (stable-fixes).
- drm/amdgpu: update type of buf size to u32 for eeprom functions
  (stable-fixes).
- drm/amd/pm: check negtive return for table entries
  (stable-fixes).
- drm/amdgpu: the warning dereferencing obj for nbio_v7_4
  (stable-fixes).
- drm/amd/pm: check specific index for aldebaran (stable-fixes).
- drm/amdgpu: fix the waring dereferencing hive (stable-fixes).
- drm/amdgpu: fix dereference after null check (stable-fixes).
- drm/amdgpu/pm: Check input value for CUSTOM profile mode
  setting on legacy SOCs (stable-fixes).
- drm/amdkfd: Reconcile the definition and use of oem_id in
  struct kfd_topology_device (stable-fixes).
- drm/amdgpu: fix mc_data out-of-bounds read warning
  (stable-fixes).
- drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes).
- drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
  (stable-fixes).
- drm/amdgpu: Fix out-of-bounds write warning (stable-fixes).
- drm/amdgpu/pm: Fix uninitialized variable agc_btc_response
  (stable-fixes).
- drm/amdgpu/pm: Fix uninitialized variable warning for smu10
  (stable-fixes).
- drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt
  (stable-fixes).
- drm/amd/amdgpu: Check tbo resource pointer (stable-fixes).
- drm/amd/display: Skip inactive planes within
  ModeSupportAndSystemConfiguration (stable-fixes).
- drm/amd/display: Ensure index calculation will not overflow
  (stable-fixes).
- drm/amd/display: Spinlock before reading event (stable-fixes).
- drm/amd/display: Fix Coverity INTEGER_OVERFLOW within
  dal_gpio_service_create (stable-fixes).
- drm/amd/display: Check msg_id before processing transcation
  (stable-fixes).
- drm/amd/display: Check num_valid_sets before accessing
  reader_wm_sets[] (stable-fixes).
- drm/amd/display: Add array index check for hdcp ddc access
  (stable-fixes).
- drm/amd/display: Stop amdgpu_dm initialize when stream nums
  greater than 6 (stable-fixes).
- drm/amd/display: Check gpio_id before used as array index
  (stable-fixes).
- drm/amdgpu: avoid reading vf2pf info size from FB
  (stable-fixes).
- drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr
  (stable-fixes).
- drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes).
- drm/amd/pm: Fix negative array index read (stable-fixes).
- drm/amd/pm: fix warning using uninitialized value of
  max_vid_step (stable-fixes).
- drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr
  (stable-fixes).
- drm/amd/pm: fix uninitialized variable warning (stable-fixes).
- drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc
  (stable-fixes).
- drm/amdgpu: fix overflowed array index read warning
  (stable-fixes).
- drm/amd/display: Assign linear_pitch_alignment even for VM
  (stable-fixes).
- drm/amdgpu: Fix uninitialized variable warning in
  amdgpu_afmt_acr (stable-fixes).
- commit 22196ae

- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
  (git-fixes).
- uio_hv_generic: Fix kernel NULL pointer dereference in
  hv_uio_rescind (git-fixes).
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI
  cleanup (git-fixes).
- commit 392d522

- usb: dwc3: st: add missing depopulate in probe error path
  (git-fixes).
- commit 5abd1b6

- usb: dwc3: st: fix probed platform device ref count on probe
  error path (git-fixes).
- commit 7faef21

- usb: dwc3: omap: add missing depopulate in probe error path
  (git-fixes).
- commit 50650b1

- clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL
  is disabled (git-fixes).
- clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate
  API (git-fixes).
- clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes).
- ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode
  (git-fixes).
- ASoc: SOF: topology: Clear SOF link platform name upon unload
  (git-fixes).
- ASoC: tegra: Fix CBB error during probe() (git-fixes).
- ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes).
- mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes).
- mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
  (git-fixes).
- mmc: sdhci-of-aspeed: fix module autoloading (git-fixes).
- drm/i915/fence: Mark debug_fence_free() with __maybe_unused
  (git-fixes).
- drm/i915/fence: Mark debug_fence_init_onstack() with
  __maybe_unused (git-fixes).
- commit 3d813e4

- wifi: nl80211: disallow setting special AP channel widths (CVE-2024-43912 bsc#1229830)
- commit 58d7754

- Restore dropped fields for bluetooth MGMT/SMP structs
  (git-fixes).
- commit 697b5de

- usbnet: modern method to get random MAC (git-fixes).
- Bluetooth: MGMT: Ignore keys being loaded with invalid type
  (git-fixes).
- Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP
  over BREDR/LE" (git-fixes).
- can: mcp251x: fix deadlock if an interrupt occurs during
  mcp251x_open (git-fixes).
- can: bcm: Remove proc entry when dev is unregistered
  (git-fixes).
- platform/x86: dell-smbios: Fix error path in dell_smbios_init()
  (git-fixes).
- commit 2df245a

- ext4: check dot and dotdot of dx_root before making dir indexed
  (bsc#1229363 CVE-2024-42305).
- commit 85db03a

- vfs: Don't evict inode under the inode lru traversing context
  (CVE-2024-45003 bsc#1230245).
- commit 82e6e44

- char: xillybus: Check USB endpoints when probing device
  (git-fixes).
- char: xillybus: Refine workqueue handling (CVE-2024-45007
  bsc#1230175).
- char: xillybus: Don't destroy workqueue from work item running
  on it (CVE-2024-45007 bsc#1230175).
- commit 47704bc

- serial: sc16is7xx: fix invalid FIFO access with special register
  set (CVE-2024-44950 bsc#1230180).
- commit 6ff419f

- ACPI: SBS: manage alarm sysfs attribute through psy core
  (git-fixes).
- ACPI: battery: create alarm sysfs attribute atomically
  (git-fixes).
- commit 272cbf0

- blacklist.conf: More unwanted nfsd stuff
- commit 2324ced

- NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726).
- commit 9dc4a6f

- driver core: Add missing parameter description to
  __fwnode_link_add() (git-fixes).
- commit b36a347

- ext4: sanity check for NULL pointer after ext4_force_shutdown
  (bsc#1229753 CVE-2024-43898).
- commit 5e594a9

- ext4: fix infinite loop when replaying fast_commit (bsc#1229394
  CVE-2024-43828).
- commit c02cd83

- udf: Avoid using corrupted block bitmap buffer (bsc#1229362
  CVE-2024-42306).
- commit 461fe08

- protect the fetch of ->fd[fd] in do_dup2() from mispredictions
  (bsc#1229334 CVE-2024-42265).
- commit 1129dda

- ext4: make sure the first directory block is not a hole
  (bsc#1229364 CVE-2024-42304).
- commit 26f77f8

- driver core: Fix uevent_show() vs driver detach race
  (CVE-2024-44952 bsc#1230178).
- commit 0d8efe8

- atm: idt77252: prevent use after free in dequeue_rx()
  (CVE-2024-44998 bsc#1230171).
- commit ea6216f

- tcp: add sanity checks to rx zerocopy (CVE-2024-26640
  bsc#1221650).
- commit 57d4108

- driver core: fw_devlink: Consolidate device link flag
  computation (git-fixes).
- driver core: fw_devlink: Allow marking a fwnode link as being
  part of a cycle (git-fixes).
- driver core: fw_devlink: Don't purge child fwnode's consumer
  links (git-fixes).
  Refresh
  patches.suse/driver-core-Introduce-device_link_wait_removal.patch.
- driver core: Add wait_for_init_devices_probe helper function
  (git-fixes).
  Refresh
  patches.suse/driver-core-Introduce-device_link_wait_removal.patch.
- driver core: Add debug logs when fwnode links are added/deleted
  (git-fixes).
- driver core: Create __fwnode_link_del() helper function
  (git-fixes).
- driver core: Set deferred probe reason when deferred by driver
  core (git-fixes).
- commit 164932e

- net: bridge: switchdev: Skip MDB replays of deferred events
  on offload (CVE-2024-26837 bsc#1222973).
- commit 3cf54c6

- USB: serial: option: add MeiG Smart SRM825L (git-fixes).
- commit 7b935d7

- cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller
  (git-fixes).
- commit 2395491

- usb: dwc3: core: Prevent USB core invalid event buffer address
  access (git-fixes).
- commit 55d4338

- usb: dwc3: core: Skip setting event buffers for host only
  controllers (git-fixes).
- commit 352e074

- nilfs2: fix state management in error path of log writing
  function (git-fixes).
- commit d45c3fc

- nilfs2: fix missing cleanup on rollforward recovery error
  (git-fixes).
- commit 819efb5

- nilfs2: protect references to superblock parameters exposed
  in sysfs (git-fixes).
- commit 85cfeab

- blacklist.conf: cosmetic fix
- commit 4d6094c

- nilfs2: Constify struct kobj_type (git-fixes).
- commit 157952f

- nilfs2: use default_groups in kobj_type (git-fixes).
- commit 9ed2d62

- nilfs2: replace snprintf in show functions with sysfs_emit
  (git-fixes).
- commit 137f088

- gfs2: setattr_chown: Add missing initialization (git-fixes).
- commit 3d57dce

- IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (git-fixes)
- commit a8ffc3d

- RDMA/rtrs: Fix the problem of variable not initialized fully (git-fixes)
- commit 264a15d

- blacklist.conf: ("KVM: arm64: Use TLBI_TTL_UNKNOWN in __kvm_tlb_flush_vmid_range()") (bsc#1229585)
- commit e43b74a

- arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585)
- commit e2ccb4d

- arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585)
- commit 0534ffe

- arm64: tlb: Fix TLBI RANGE operand (bsc#1229585)
- commit 21c5e59

- arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585)
- commit a1743f6

- arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585)
- commit 823cdf8

- net/sched: act_ct: fix skb leak and crash on ooo frags
  (CVE-2023-52610 bsc#1221610).
- commit 57db46f

- netfilter: ctnetlink: use helper function to calculate expect ID
  (CVE-2024-44944 bsc#1229899).
- commit 744b379

- sctp: Fix null-ptr-deref in reuseport_add_sock()
  (CVE-2024-44935 bsc#1229810).
- commit d4709fe

- blacklist.conf: update blacklist
- commit 401873a

- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- commit 9438e54

- bluetooth/l2cap: sync sock recv cb and release (bsc#1228576
  CVE-2024-41062).
- commit 5b1f743

- Update references
- commit a096907

- fuse: update stats for pages in dropped aux writeback list
  (bsc#1230130).
- fuse: use unsigned type for getxattr/listxattr size truncation
  (bsc#1230129).
- commit 32e32b0

- blacklist.conf: blacklist some non-fixes for nfsd
- commit 7cd894f

- fuse: Initialize beyond-EOF page contents before setting
  uptodate (bsc#1229454 CVE-2024-44947).
- commit ddfd2d7

- Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes).
- commit 6d0732e

- efi/unaccepted: touch soft lockup during memory accept
  (bsc#1225773 CVE-2024-36936).
- commit 29d2eb8

- vdpa: ifcvf: Do proper cleanup if IFCVF init fails (bsc#1225524
  CVE-2022-48706).
- commit 023b108

- usb: vhci-hcd: Do not drop references before new references
  are gained (CVE-2024-43883 bsc#1229707).
- commit 44d7bae

- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- commit 717d839

- swiotlb: fix swiotlb_bounce() to do partial sync's correctly
  (git-fixes).
- commit b02e597

- bluetooth/l2cap: sync sock recv cb and release (bsc#1228576
  CVE-2024-41062).
- commit 07bd1e3

- net: usb: qmi_wwan: fix memory leak for not ip packets
  (CVE-2024-43861 bsc#1229500).
- commit 3e796c3

- ocfs2: use coarse time for new created files (git-fixes).
- commit 82dc1eb

- drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (bsc#1229156 CVE-2024-42259)
- commit acc20fb

- PKCS#7: Check codeSigning EKU of certificates in PKCS#7
  (bsc#1226666).
- commit c1bc9ca

- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).
- commit f65ae14

- xfs: Fix missing interval for missing_owner in xfs fsmap
  (git-fixes).
- commit 3005438

- xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code
  (git-fixes).
- commit b060763

- xfs: Fix the owner setting issue for rmap query in xfs fsmap
  (git-fixes).
- commit 264a4ea

- Update
  patches.suse/0001-net-rds-fix-possible-cp-null-dereference.patch
  (git-fixes CVE-2024-35902 bsc#1224496).
- Update
  patches.suse/ALSA-usb-audio-Fix-possible-NULL-pointer-dereference.patch
  (git-fixes CVE-2023-52904 bsc#1229529).
- Update
  patches.suse/ASoC-Intel-sof-nau8825-fix-module-alias-overflow.patch
  (git-fixes CVE-2022-48889 bsc#1229545).
- Update
  patches.suse/ASoC-amd-Adjust-error-handling-in-case-of-absent-cod.patch
  (git-fixes CVE-2024-43818 bsc#1229296).
- Update
  patches.suse/PCI-DPC-Fix-use-after-free-on-concurrent-DPC-and-hot.patch
  (git-fixes CVE-2024-42302 bsc#1229366).
- Update
  patches.suse/PCI-keystone-Fix-NULL-pointer-dereference-in-case-of.patch
  (git-fixes CVE-2024-43823 bsc#1229303).
- Update
  patches.suse/RDMA-hns-Fix-soft-lockup-under-heavy-CEQE-load.patch
  (git-fixes CVE-2024-43872 bsc#1229489).
- Update
  patches.suse/RDMA-iwcm-Fix-a-use-after-free-related-to-destroying.patch
  (git-fixes CVE-2024-42285 bsc#1229381).
- Update
  patches.suse/Revert-ALSA-firewire-lib-operate-for-period-elapse-e.patch
  (bsc#1208783 CVE-2024-42274 bsc#1229417).
- Update patches.suse/bpf-Add-schedule-points-in-batch-ops.patch
  (jsc#PED-1377 CVE-2022-48939 bsc#1229616).
- Update
  patches.suse/bpf-Fix-crash-due-to-incorrect-copy_map_value.patch
  (jsc#PED-1377 CVE-2022-48940 bsc#1229615).
- Update
  patches.suse/btrfs-prevent-copying-too-big-compressed-lzo-segment.patch
  (git-fixes CVE-2022-48923 bsc#1229662).
- Update
  patches.suse/devres-Fix-memory-leakage-caused-by-driver-API-devm_.patch
  (git-fixes CVE-2024-43871 bsc#1229490).
- Update
  patches.suse/dma-fix-call-order-in-dmam_free_coherent.patch
  (git-fixes CVE-2024-43856 bsc#1229346).
- Update
  patches.suse/drm-amd-display-Add-NULL-check-for-afb-before-derefe.patch
  (stable-fixes CVE-2024-43903 bsc#1229781).
- Update
  patches.suse/drm-amd-display-Skip-Recompute-DSC-Params-if-no-Stre.patch
  (stable-fixes CVE-2024-43895 bsc#1229755).
- Update
  patches.suse/drm-amd-pm-Fix-the-null-pointer-dereference-for-vega.patch
  (stable-fixes CVE-2024-43905 bsc#1229784).
- Update
  patches.suse/drm-amdgpu-Fix-potential-NULL-dereference.patch
  (bsc#1206843 CVE-2023-52908 bsc#1229525).
- Update
  patches.suse/drm-amdgpu-Fix-the-null-pointer-dereference-to-ras_m.patch
  (stable-fixes CVE-2024-43908 bsc#1229788).
- Update
  patches.suse/drm-amdgpu-Fixed-bug-on-error-when-unloading-amdgpu.patch
  (bsc#1206843 CVE-2023-52912 bsc#1229588).
- Update
  patches.suse/drm-amdgpu-pm-Fix-the-null-pointer-dereference-for-s.patch
  (stable-fixes CVE-2024-43909 bsc#1229789).
- Update
  patches.suse/drm-amdgpu-pm-Fix-the-null-pointer-dereference-in-ap.patch
  (stable-fixes CVE-2024-43907 bsc#1229787).
- Update
  patches.suse/drm-client-fix-null-pointer-dereference-in-drm_clien.patch
  (git-fixes CVE-2024-43894 bsc#1229746).
- Update
  patches.suse/drm-gma500-fix-null-pointer-dereference-in-cdv_intel.patch
  (git-fixes CVE-2024-42310 bsc#1229358).
- Update
  patches.suse/drm-gma500-fix-null-pointer-dereference-in-psb_intel.patch
  (git-fixes CVE-2024-42309 bsc#1229359).
- Update patches.suse/drm-i915-Fix-potential-context-UAFs.patch
  (git-fixes CVE-2023-52913 bsc#1229521).
- Update
  patches.suse/drm-i915-gt-Cleanup-partial-engine-discovery-failure.patch
  (git-fixes CVE-2022-48893 bsc#1229576).
- Update
  patches.suse/drm-msm-dpu-Fix-memory-leak-in-msm_mdss_parse_data_b.patch
  (git-fixes CVE-2022-48888 bsc#1229546).
- Update
  patches.suse/drm-nouveau-prime-fix-refcount-underflow.patch
  (git-fixes CVE-2024-43867 bsc#1229493).
- Update patches.suse/drm-qxl-Add-check-for-drm_cvt_mode.patch
  (git-fixes CVE-2024-43829 bsc#1229341).
- Update
  patches.suse/drm-vmwgfx-Fix-a-deadlock-in-dma-buf-fence-polling.patch
  (git-fixes CVE-2024-43863 bsc#1229497).
- Update
  patches.suse/drm-vmwgfx-Remove-rcu-locks-from-user-resources.patch
  (bsc#1203329 CVE-2022-40133 bsc#1203330 CVE-2022-38457
  bsc#1213632 CVE-2022-48887 bsc#1229547).
- Update
  patches.suse/drop_monitor-replace-spin_lock-by-raw_spin_lock.patch
  (References: CVE-2021-47546 bsc#1227937 CVE-2024-40980).
- Update
  patches.suse/exfat-fix-potential-deadlock-on-__exfat_get_dentry_set.patch
  (git-fixes CVE-2024-42315 bsc#1229354).
- Update
  patches.suse/genirq-cpuhotplug-x86-vector-Prevent-vector-leak-dur.patch
  (git-fixes CVE-2024-31076 bsc#1226765).
- Update
  patches.suse/hfs-fix-to-initialize-fields-of-hfs_inode_info-after-hfs_alloc_inode.patch
  (git-fixes CVE-2024-42311 bsc#1229413).
- Update patches.suse/ice-Add-check-for-kzalloc.patch (jsc#PED-376
  CVE-2022-48886 bsc#1229548).
- Update
  patches.suse/ice-Fix-potential-memory-leak-in-ice_gnss_tty_write.patch
  (jsc#PED-376 CVE-2022-48885 bsc#1229564).
- Update
  patches.suse/iommu-iova-Fix-alloc-iova-overflows-issue.patch
  (git-fixes CVE-2023-52910 bsc#1229523).
- Update
  patches.suse/jfs-Fix-array-index-out-of-bounds-in-diFree.patch
  (git-fixes CVE-2024-43858 bsc#1229414).
- Update
  patches.suse/kobject_uevent-Fix-OOB-access-within-zap_modalias_en.patch
  (git-fixes CVE-2024-42292 bsc#1229373).
- Update
  patches.suse/leds-trigger-Unregister-sysfs-attributes-before-call.patch
  (git-fixes CVE-2024-43830 bsc#1229305).
- Update
  patches.suse/lib-objagg-Fix-general-protection-fault.patch
  (git-fixes CVE-2024-43846 bsc#1229360).
- Update
  patches.suse/media-venus-fix-use-after-free-in-vdec_close.patch
  (git-fixes CVE-2024-42313 bsc#1229356).
- Update
  patches.suse/memcg-protect-concurrent-access-to-mem_cgroup_idr.patch
  (git-fixes CVE-2024-43892 bsc#1229761).
- Update
  patches.suse/net-ipv6-ensure-we-call-ipv6_mc_down-at-most-once.patch
  (git-fixes CVE-2022-48910 bsc#1229632).
- Update
  patches.suse/net-ks8851-Fix-deadlock-with-the-SPI-chip-variant.patch
  (git-fixes CVE-2024-41036 bsc#1228496).
- Update
  patches.suse/net-ks8851-Queue-RX-packets-in-IRQ-handler-instead-o.patch
  (CVE-2024-35971 bsc#1224578 CVE-2024-36962 bsc#1225827).
- Update
  patches.suse/net-mlx5-Fix-command-stats-access-after-free.patch
  (jsc#PED-1549 CVE-2022-48884 bsc#1229562).
- Update
  patches.suse/net-mlx5e-Fix-macsec-possible-null-dereference-when-.patch
  (jsc#PED-1549 CVE-2022-48882 bsc#1229558).
- Update
  patches.suse/net-mlx5e-IPoIB-Block-PKEY-interfaces-with-less-rx-q.patch
  (jsc#PED-1549 CVE-2022-48883 bsc#1229560).
- Update
  patches.suse/net-usb-qmi_wwan-fix-memory-leak-for-not-ip-packets.patch
  (git-fixes CVE-2024-43861 bsc#1229500).
- Update
  patches.suse/nfsd-fix-handling-of-cached-open-files-in-nfsd4_open.patch
  (git-fixes CVE-2023-52909 bsc#1229524).
- Update
  patches.suse/nvme-pci-add-missing-condition-check-for-existence-o.patch
  (git-fixes CVE-2024-42276 bsc#1229410).
- Update
  patches.suse/padata-Fix-possible-divide-by-0-panic-in-padata_mt_h.patch
  (git-fixes CVE-2024-43889 bsc#1229743).
- Update
  patches.suse/platform-x86-amd-Fix-refcount-leak-in-amd_pmc_probe.patch
  (bsc#1210644 CVE-2022-48881 bsc#1229559).
- Update
  patches.suse/powerpc-pseries-Whitelist-dtl-slub-object-for-copyin.patch
  (bsc#1194869 CVE-2024-41065 bsc#1228636).
- Update
  patches.suse/s390-dasd-fix-error-checks-in-dasd_copy_pair_store.patch
  (git-fixes bsc#1229190 CVE-2024-42320 bsc#1229349).
- Update
  patches.suse/scsi-lpfc-Revise-lpfc_prep_embed_io-routine-with-pro.patch
  (bsc#1228857 CVE-2024-43816 bsc#1229318).
- Update
  patches.suse/scsi-qla2xxx-Complete-command-early-within-lock.patch
  (bsc#1228850 CVE-2024-42287 bsc#1229392).
- Update
  patches.suse/scsi-qla2xxx-During-vport-delete-send-async-logout-e.patch
  (bsc#1228850 CVE-2024-42289 bsc#1229399).
- Update
  patches.suse/scsi-qla2xxx-Fix-for-possible-memory-corruption.patch
  (bsc#1228850 CVE-2024-42288 bsc#1229398).
- Update
  patches.suse/scsi-qla2xxx-validate-nvme_local_port-correctly.patch
  (bsc#1228850 CVE-2024-42286 bsc#1229395).
- Update
  patches.suse/wifi-cfg80211-handle-2x996-RU-allocation-in-cfg80211.patch
  (git-fixes CVE-2024-43879 bsc#1229482).
- Update
  patches.suse/wifi-rtw89-Fix-array-index-mistake-in-rtw89_sta_info.patch
  (git-fixes CVE-2024-43842 bsc#1229317).
- commit 777a4e3

- Update
  patches.suse/ASoC-ops-Shift-tested-values-in-snd_soc_put_volsw-by.patch
  (git-fixes CVE-2022-48917 bsc#1229637).
- Update
  patches.suse/Bluetooth-hci_qca-Fix-driver-shutdown-on-closed-serd.patch
  (git-fixes CVE-2022-48878 bsc#1229554).
- Update
  patches.suse/CDC-NCM-avoid-overflow-in-sanity-checking.patch
  (git-fixes CVE-2022-48938 bsc#1229664).
- Update
  patches.suse/KVM-x86-mmu-make-apf-token-non-zero-to-fix-bug.patch
  (git-fixes CVE-2022-48943 bsc#1229645).
- Update
  patches.suse/RDMA-cma-Do-not-change-route.addr.src_addr-outside-s.patch
  (git-fixes CVE-2022-48925 bsc#1229630).
- Update patches.suse/RDMA-ib_srp-Fix-a-deadlock.patch (git-fixes
  CVE-2022-48930 bsc#1229624).
- Update
  patches.suse/USB-gadgetfs-Fix-race-between-mounting-and-unmountin.patch
  (CVE-2022-4382 bsc#1206258 CVE-2022-48869 bsc#1229507).
- Update
  patches.suse/auxdisplay-lcd2s-Fix-memory-leak-in-remove.patch
  (git-fixes CVE-2022-48907 bsc#1229608).
- Update
  patches.suse/blktrace-fix-use-after-free-for-struct-blk_trace.patch
  (bsc#1198017 CVE-2022-48913 bsc#1229643).
- Update
  patches.suse/bpf-Fix-crash-due-to-out-of-bounds-access-into-reg2b.patch
  (git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204
  CVE-2022-0500 CVE-2022-23222 CVE-2022-48929 bsc#1229625).
- Update
  patches.suse/btrfs-fix-race-between-quota-rescan-and-disable-lead.patch
  (bsc#1207158 CVE-2023-52896 bsc#1229533).
- Update
  patches.suse/btrfs-fix-relocation-crash-due-to-premature-return-f.patch
  (bsc#1203360 CVE-2022-48903 bsc#1229613).
- Update
  patches.suse/cgroup-cpuset-Prevent-UAF-in-proc_cpuset_show.patch
  (bsc#1228801 CVE-2024-43853 bsc#1229292).
- Update
  patches.suse/cifs-fix-double-free-race-when-mount-fails-in-cifs_get_root-.patch
  (bsc#1193629 CVE-2022-48919 bsc#1229657).
- Update
  patches.suse/configfs-fix-a-race-in-configfs_-un-register_subsyst.patch
  (git-fixes CVE-2022-48931 bsc#1229623).
- Update
  patches.suse/dmaengine-idxd-Let-probe-fail-when-workqueue-cannot-.patch
  (git-fixes CVE-2022-48868 bsc#1229506).
- Update
  patches.suse/drm-msm-another-fix-for-the-headless-Adreno-GPU.patch
  (git-fixes CVE-2023-52911 bsc#1229522).
- Update
  patches.suse/drm-msm-dp-do-not-complete-dp_aux_cmd_fifo_tx-if-irq.patch
  (git-fixes CVE-2022-48898 bsc#1229537).
- Update patches.suse/drm-virtio-Fix-GEM-handle-creation-UAF.patch
  (git-fixes CVE-2022-48899 bsc#1229536).
- Update
  patches.suse/gsmi-fix-null-deref-in-gsmi_get_variable.patch
  (git-fixes CVE-2023-52893 bsc#1229535).
- Update
  patches.suse/hwmon-Handle-failure-to-register-sensor-with-thermal.patch
  (git-fixes CVE-2022-48942 bsc#1229612).
- Update
  patches.suse/ibmvnic-free-reset-work-item-when-flushing.patch
  (bsc#1196516 ltc#196391 CVE-2022-48905 bsc#1229604).
- Update
  patches.suse/ice-fix-concurrent-reset-and-removal-of-VFs.patch
  (git-fixes CVE-2022-48941 bsc#1229614).
- Update
  patches.suse/iio-adc-men_z188_adc-Fix-a-resource-leak-in-an-error.patch
  (git-fixes CVE-2022-48928 bsc#1229626).
- Update
  patches.suse/iio-adc-tsc2046-fix-memory-corruption-by-preventing-.patch
  (git-fixes CVE-2022-48927 bsc#1229628).
- Update
  patches.suse/io_uring-add-a-schedule-point-in-io_add_buffers.patch
  (git-fixes CVE-2022-48937 bsc#1229617).
- Update patches.suse/iommu-amd-Fix-I-O-page-table-memory-leak
  (git-fixes CVE-2022-48904 bsc#1229603).
- Update
  patches.suse/iommu-vt-d-fix-double-list_add-when-enabling-vmd-in-scalable-mode
  (bsc#1196894 CVE-2022-48916 bsc#1229638).
- Update
  patches.suse/iwlwifi-mvm-check-debugfs_dir-ptr-before-use.patch
  (git-fixes CVE-2022-48918 bsc#1229636).
- Update patches.suse/ixgbe-fix-pci-device-refcount-leak.patch
  (jsc#SLE-18384 CVE-2022-48896 bsc#1229540).
- Update
  patches.suse/misc-fastrpc-Don-t-remove-map-on-creater_process-and.patch
  (git-fixes CVE-2022-48873 bsc#1229512).
- Update
  patches.suse/misc-fastrpc-Fix-use-after-free-race-condition-for-m.patch
  (git-fixes CVE-2022-48872 bsc#1229510).
- Update
  patches.suse/net-mlx5-DR-Fix-slab-out-of-bounds-in-mlx5_cmd_dr_cr.patch
  (jsc#SLE-19253 CVE-2022-48932 bsc#1229622).
- Update patches.suse/net-smc-fix-connection-leak (git-fixes
  CVE-2022-48909 bsc#1229611).
- Update
  patches.suse/nfc-pn533-Wait-for-out_urb-s-completion-in-pn533_usb.patch
  (git-fixes CVE-2023-52907 bsc#1229526).
- Update
  patches.suse/nfp-flower-Fix-a-potential-leak-in-nfp_tunnel_add_sh.patch
  (git-fixes CVE-2022-48934 bsc#1229620).
- Update
  patches.suse/nilfs2-fix-general-protection-fault-in-nilfs_btree_i.patch
  (git-fixes CVE-2023-52900 bsc#1229581).
- Update
  patches.suse/octeontx2-pf-Fix-resource-leakage-in-VF-driver-unbin.patch
  (git-fixes CVE-2023-52905 bsc#1229528).
- Update
  patches.suse/platform-surface-aggregator-Add-missing-call-to-ssam.patch
  (git-fixes CVE-2022-48880 bsc#1229557).
- Update
  patches.suse/regulator-da9211-Use-irq-handler-when-ready.patch
  (git-fixes CVE-2022-48891 bsc#1229565).
- Update
  patches.suse/sched-fair-Fix-fault-in-reweight_entity.patch
  (git fixes (sched/core) CVE-2022-48921 bsc#1229635).
- Update
  patches.suse/scsi-storvsc-Fix-swiotlb-bounce-buffer-leak-in-confi.patch
  (bsc#1206006 CVE-2022-48890 bsc#1229544).
- Update
  patches.suse/spi-spi-zynq-qspi-Fix-a-NULL-pointer-dereference-in-.patch
  (git-fixes CVE-2021-4441 bsc#1229598).
- Update
  patches.suse/thermal-core-Fix-TZ_GET_TRIP-NULL-pointer-dereferenc.patch
  (git-fixes CVE-2022-48915 bsc#1229639).
- Update
  patches.suse/thermal-int340x-fix-memory-leak-in-int3400_notify.patch
  (git-fixes CVE-2022-48924 bsc#1229631).
- Update
  patches.suse/tty-fix-possible-null-ptr-defer-in-spk_ttyio_release.patch
  (git-fixes CVE-2022-48870 bsc#1229508).
- Update
  patches.suse/tty-serial-qcom-geni-serial-fix-slab-out-of-bounds-o.patch
  (git-fixes CVE-2022-48871 bsc#1229509).
- Update
  patches.suse/usb-gadget-f_ncm-fix-potential-NULL-ptr-deref-in-ncm.patch
  (git-fixes CVE-2023-52894 bsc#1229566).
- Update
  patches.suse/usb-gadget-rndis-add-spinlock-for-rndis-response-lis.patch
  (git-fixes CVE-2022-48926 bsc#1229629).
- Update
  patches.suse/usb-xhci-Check-endpoint-is-valid-before-dereferencin.patch
  (git-fixes CVE-2023-52901 bsc#1229531).
- Update
  patches.suse/wifi-mac80211-sdata-can-be-NULL-during-AMPDU-start.patch
  (git-fixes CVE-2022-48875 bsc#1229516).
- Update
  patches.suse/xen-netfront-destroy-queues-before-real_num_tx_queue.patch
  (git-fixes CVE-2022-48914 bsc#1229642).
- Update
  patches.suse/xhci-Fix-null-pointer-dereference-when-host-dies.patch
  (git-fixes CVE-2023-52898 bsc#1229568).
- commit 5c5e4d7

- Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (CVE-2024-36270 bsc#1226798)
- commit 7d81a29

- iommu/amd: Convert comma to semicolon (git-fixes).
- commit f13afd4

- blacklist.conf: 0cac183b98d8 drm/amdkfd: range check cp bad op exception interrupts
- commit a1d8500

- mm: prevent derefencing NULL ptr in pfn_section_valid()
  (git-fixes).
- commit d77caa1

- mm, kmsan: fix infinite recursion due to RCU critical section
  (git-fixes).
- commit 1702784

- mm/sparsemem: fix race in accessing memory_section->usage
  (bsc#1221326 CVE-2023-52489).
- commit 606bd9b

- drm/amd/display: avoid using null object of framebuffer
  (git-fixes).
- nfc: pn533: Add poll mod list filling check (git-fixes).
- wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes).
- wifi: mwifiex: duplicate static structs used in driver instances
  (git-fixes).
- Bluetooth: hci_core: Fix not handling hibernation actions
  (git-fixes).
- drm/amdgpu: Validate TA binary size (stable-fixes).
- ALSA: usb-audio: Support Yamaha P-125 quirk entry
  (stable-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET
  (stable-fixes).
- drm/amdgpu: Actually check flags for all context ops
  (stable-fixes).
- drm/amdgpu/jpeg2: properly set atomics vmid field
  (stable-fixes).
- ALSA: usb: Fix UBSAN warning in parse_audio_unit()
  (stable-fixes).
- drm/amdgpu: fix dereference null return value for the function
  amdgpu_vm_pt_parent (stable-fixes).
- drm/lima: set gp bus_stop bit before hard reset (stable-fixes).
- Revert "drm/amd/display: Validate hw_points_num before using it"
  (stable-fixes).
- drm/amd/display: Validate hw_points_num before using it
  (stable-fixes).
- drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all
  possible values can be stored (stable-fixes).
- drm/tegra: Zero-initialize iosys_map (stable-fixes).
- drm/bridge: tc358768: Attempt to fix DSI horizontal timings
  (stable-fixes).
- commit 91b4876

- serial: core: check uartclk for zero to avoid divide by zero
  (bsc#1229759 CVE-2024-43893).
- commit d3f6894

- scsi: lpfc: Fix a possible null pointer dereference (bsc#1229315
  CVE-2024-43821).
- commit e13b213

- syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes).
- commit 427ff01

- tracing: Return from tracing_buffers_read() if the file has
  been closed (bsc#1229136 git-fixes).
- commit 6961c54

- kprobes: Fix to check symbol prefixes correctly (git-fixes).
- commit 9927afc

- bpf: kprobe: remove unused declaring of bpf_kprobe_override
  (git-fixes).
- commit ff5617f

- media: xc2028: avoid use-after-free in load_firmware_cb()
  (CVE-2024-43900 bsc#1229756).
- commit c954239

- jfs: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792
  CVE-2024-44938).
- commit 8003b7e

- jfs: fix null ptr deref in dtInsertEntry (bsc#1229820
  CVE-2024-44939).
- commit 02ccaa1

- ata: libata-core: Fix double free on error
  (CVE-2024-41087,bsc#1228466).
- commit b5892ca

- iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
  (CVE-2024-42277 bsc#1229409).
- commit a4daba4

- drm/amd/display: Add null checker before passing variables (CVE-2024-43902 bsc#1229767).
- commit d450d98

- blacklist.conf: Patch hangs graphics on RPi3 (bsc#1225352)
- commit 54b22e6

- drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing (CVE-2024-43904 bsc#1229768)
- commit c2331c0

- kabi: lib: objagg: Put back removed metod in struct objagg_ops
  (CVE-2024-43880 bsc#1229481).
- ip6_tunnel: Fix broken GRO (bsc#1229444).
- commit 2e1b5f5

- Bluetooth: MGMT: Add error handling to pair_device() (CVE-2024-43884 bsc#1229739)
- commit ca65d0a

- net/sched: initialize noop_qdisc owner (git-fixes).
- commit 32a510a

- drm/amd/display: Fix null pointer deref in dcn20_resource.c (CVE-2024-43899 bsc#1229754).
- commit 13ec104

- btrfs: get rid of warning on transaction commit when using
  flushoncommit (bsc#1229658 CVE-2022-48920).
- commit a558155

- net/sched: act_mpls: Fix warning during failed attribute
  validation (CVE-2023-52906 bsc#1229527).
- commit 5be67dc

- exec: Fix ToCToU between perm check and set-uid/gid usage
  (CVE-2024-43882 bsc#1229503).
- commit 83a7456

- net/mlx5: Always drain health in shutdown callback
  (CVE-2024-43866 bsc#1229495).
- mlxsw: spectrum_acl_erp: Fix object nesting warning
  (CVE-2024-43880 bsc#1229481).
- commit f5f318d

- kABI: vfio: struct virqfd kABI workaround (CVE-2024-26812
  bsc#1222808).
- vfio/pci: fix potential memory leak in vfio_intx_enable()
  (git-fixes).
- commit 5a53e2c

- netfilter: nf_tables: unregister flowtable hooks on netns exit (CVE-2022-48935 bsc#1229619)
- commit 3e33f70

- vfio: Introduce interface to flush virqfd inject workqueue
  (bsc#1222808 CVE-2024-26812).
- commit 31be414

- netfilter: fix use-after-free in __nf_register_net_hook() (CVE-2022-48912 bsc#1229641)
- commit f8f42c3

- vfio/pci: Create persistent INTx handler (bsc#1222808
  CVE-2024-26812).
- commit 9d86cff

- blacklist.conf: Add a50e1fcbc9b85 ("btrfs: do not WARN_ON() if we have PageError set")
- commit bf3feb4

- net/sched: Fix mirred deadlock on device recursion
  (CVE-2024-27010 bsc#1223720).
- commit 4342cf9

- mptcp: Correctly set DATA_FIN timeout when number of retransmits is large (CVE-2022-48906 bsc#1229605)
- commit a7a3da6

- net: qdisc: preserve kabi for struct QDisc (CVE-2024-27010 bsc#1223720).
- commit af12745

- s390/pkey: Wipe copies of protected- and secure-keys
  (CVE-2024-42155 bsc#1228733).
- commit 78df5c8

- Reapply "drm/vc4: hdmi: Enforce the minimum rate at
  This reverts commit 048f829d4b52520058c31bae2ef1ec08563c460a.
- commit 5126762

- s390/pkey: Wipe copies of clear-key structures on failure
  (CVE-2024-42156 bsc#1228722).
- commit b3fe404

- Add exception protection processing for vd in
  axi_chan_handle_err function (CVE-2023-52899 bsc#1229569).
- commit 510675c

- s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
  (CVE-2024-42158 bsc#1228720).
- commit ccfe5a9

- af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
  (bsc#1226846 CVE-2024-38596).
- Update
  patches.suse/af_unix-Fix-data-races-around-sk-sk_shutdown.patch
  (git-fixes bsc#1226846).
- commit 297df1b

- ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work
  (CVE-2024-26631 bsc#1221630).
- commit f41507c

- vhost/vsock: always initialize seqpacket_allow (CVE-2024-43873 bsc#1229488)
- commit d4e35ee

- ipv6: fix possible race in __fib6_drop_pcpu_from() (CVE-2024-40905 bsc#1227761)
- commit 91482e3

- ipv6: sr: fix memleak in seg6_hmac_init_algo (CVE-2024-39489 bsc#1227623)
- commit 9ac27bb

- netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy() (CVE-2021-47106 bsc#1220962)
- commit e6e6065

- drivers: ethernet: cpsw: fix panic when interrupt coaleceing
  is set via ethtool (CVE-2021-47517 bsc#1225428).
- commit f131073

- ethtool: do not perform operations on net devices being
  unregistered (CVE-2021-47517 bsc#1225428).
- ethtool: return error from ethnl_ops_begin if dev is NULL
  (CVE-2021-47517 bsc#1225428).
- ethtool: runtime-resume netdev parent in ethnl_ops_begin
  (CVE-2021-47517 bsc#1225428).
- ethtool: move netif_device_present check from
  ethnl_parse_header_dev_get to ethnl_ops_begin (CVE-2021-47517
  bsc#1225428).
- ethtool: move implementation of ethnl_ops_begin/complete to
  netlink.c (CVE-2021-47517 bsc#1225428).
- commit 2e58867

- tls: fix missing memory barrier in tls_init (CVE-2024-36489 bsc#1226874)
- commit 134cc98

- exfat: fix potential deadlock on __exfat_get_dentry_set
  (git-fixes).
- commit 2294924

- afs: Don't cross .backup mountpoint from backup volume
  (git-fixes).
- commit b94ac2d

- ubifs: add check for crypto_shash_tfm_digest (git-fixes).
- commit c10d9f9

- ubifs: dbg_orphan_check: Fix missed key type checking
  (git-fixes).
- commit aca23b0

- ubifs: Fix adding orphan entry twice for the same inode
  (git-fixes).
- commit e42f9e0

- ubifs: Fix unattached xattr inode if powercut happens after
  deleting (git-fixes).
- commit ed1af4c

- exfat: fix inode->i_blocks for non-512 byte sector size device
  (git-fixes).
- commit a3a46dd

- exfat: redefine DIR_DELETED as the bad cluster number
  (git-fixes).
- commit 52b33f6

- exfat: support dynamic allocate bh for exfat_entry_set_cache
  (git-fixes).
- commit dd685aa

- nilfs2: Remove check for PageError (git-fixes).
- commit cd97d8f

- drop_monitor: replace spin_lock by raw_spin_lock (References:
  CVE-2021-47546 bsc#1227937).
- commit dd4f366

- RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes).
- commit b7df97b

- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails
  (git-fixes).
- drm/msm/dp: reset the link phy params before link training
  (git-fixes).
- drm/msm/dpu: don't play tricks with debug macros (git-fixes).
- mmc: mmc_test: Fix NULL dereference on allocation failure
  (git-fixes).
- mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes).
- commit 0a0202d

- supported.conf: Sort with tool
  No functional change intended
- commit 4d22f17

- filelock: Fix fcntl/close race recovery compat path (bsc#1228427
  CVE-2024-41020).
- commit 31787dd

- supported.conf: Fix comment placement.
  We have a script for automated sorting of this file.
  However, it can only work with comments that are placed together with
  the module name on the same line, not with comments on their own line.
- commit d1c37d4

- iommu/vt-d: Fix NULL domain on device release (bsc#1223742
  CVE-2024-27079).
- commit 6daa607

- netfilter: nf_tables: discard table flag update with pending
  basechain deletion (CVE-2024-35897 bsc#1224510).
- netfilter: nf_tables: reject table flag and netdev basechain
  updates (CVE-2024-35897 bsc#1224510).
- netfilter: nf_tables: disable toggling dormant table state
  more than once (CVE-2024-35897 bsc#1224510).
- commit c138803

- kabi: restore const specifier in flow_offload_route_init()
  (CVE-2024-27403 bsc#1224415).
- netfilter: nft_flow_offload: reset dst in route object after
  setting up flow (CVE-2024-27403 bsc#1224415).
- commit 15b1876

- netfilter: nf_tables: fix memleak in map from abort path
  (CVE-2024-27011 bsc#1223803).
- commit 081f6b0

- bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903).
- commit 4e175b8

- kvm: s390: Reject memory region operations for ucontrol VMs
  (CVE-2024-43819 bsc#1229290 git-fixes).
- commit 4b042b0

- netfilter: nft_limit: reject configurations that cause integer
  overflow (CVE-2024-26668 bsc#1222335).
- commit 7074520

- netfilter: nf_tables: set dormant flag on hook register failure
  (CVE-2024-26835 bsc#1222967).
- commit 5731bf5

- netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for
  inet/ingress basechain (CVE-2024-26808 bsc#1222634).
- commit 3f2b4eb

- kabi: hide include of ppp files from genksyms (CVE-2024-27016
  bsc#1223807).
- commit db3abd4

- net: phy: phy_device: Prevent nullptr exceptions on ISR
  (CVE-2024-35945 bsc#1224639).
- net: phy: allow a phy to opt-out of interrupt handling
  (CVE-2024-35945 bsc#1224639).
- net: phy: Deduplicate interrupt disablement on PHY attach
  (CVE-2024-35945 bsc#1224639).
- commit 2a46e5f

- netfilter: nf_tables: fix memleak when more than 255 elements
  expired (CVE-2023-52581 bsc#1220877).
- commit f901f47

- netfilter: flowtable: validate pppoe header (CVE-2024-27016
  bsc#1223807).
- commit ad249c6

- netfilter: flowtable: Fix QinQ and pppoe support for inet table
  (CVE-2024-27016 bsc#1223807).
- commit 0b940a3

- Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()
  (bsc#1225578 CVE-2024-36013).
- commit 11d3282

- bpf: Fix updating attached freplace prog in prog_array map
  (bsc#1229297 CVE-2024-43837).
- commit 886bbe9

- ice: Add a per-VF limit on number of FDIR filters
  (CVE-2024-42291 bsc#1229374).
- commit 99e9416

- net/mlx5: Fix missing lock on sync reset reload (CVE-2024-42268
  bsc#1229391).
- commit 230ddc2

- xdp: fix invalid wait context of page_pool_destroy() (CVE-2024-43834 bsc#1229314)
- commit 4c196fd

- netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (CVE-2024-36286 bsc#1226801)
- commit 52bf670

- netfilter: tproxy: bail out if IP has been disabled on the device (CVE-2024-36270 1226798)
- commit 3e4f173

- netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851 bsc#1223074)
- commit ff5170b

- s390/pkey: Wipe sensitive data on failure (bsc#1228727
  CVE-2024-42157 git-fixes).
- commit bfb03ba

- s390/dasd: fix error recovery leading to data corruption on
  ESE devices (git-fixes bsc#1229573).
- commit 5bbca6e

- s390/sclp: Prevent release of buffer in I/O (git-fixes
  bsc#1229572).
- commit de7864e

- blacklist.conf: Add e7870cf13d20 ("rxrpc: Fix delayed ACKs to not set the
  reference serial number")
  (CVE-2024-26677 bsc#1222387)
  [#] Conflicts:
  [#]	blacklist.conf
- commit 7adb3c8

- blacklist.conf: printk/panic: not needed; the fixed functionality is not there
- commit 1e311d5

- blacklist.conf: Add 467324bcfe1a ("ax25: Fix netdev refcount issue")
  (CVE-2024-36009 bsc#1224542)
- commit 414c075

- perf: hisi: Fix use-after-free when register pmu fails
  (bsc#1225582 CVE-2023-52859).
- commit 256d260

- selftests/bpf: Test for null-pointer-deref bugfix in
  resolve_prog_type() (bsc#1229297 CVE-2024-43837).
- bpf: Fix null pointer dereference in resolve_prog_type()
  for BPF_PROG_TYPE_EXT (bsc#1229297 CVE-2024-43837).
- commit aa78187

- ceph: periodically flush the cap releases (bsc#1225162).
- ceph: issue a cap release immediately if no cap exists
  (bsc#1225162).
- commit 3fe7ed5

- arm64: cpufeature: Fix the visibility of compat hwcaps (git-fixes)
- commit 03a8502

- arm64: cpufeature: Add missing .field_width for GIC system registers (git-fixes)
- commit af4907d

- nfsd: return error if nfs4_setacl fails (git-fixes).
- NFSD: fix regression with setting ACLs (git-fixes).
- commit 7de02e0

- blacklist.conf: unwanted sunrpc patch
- commit 7593bcd

- SUNRPC: Fix a race to wake a sync task (git-fixes).
- xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes).
- gss_krb5: Fix the error handling path for
  crypto_sync_skcipher_setkey (git-fixes).
- nfs: make the rpc_stat per net namespace (git-fixes).
- nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes).
- sunrpc: add a struct rpc_stats arg to rpc_create_args
  (git-fixes).
- nfsd: use locks_inode_context helper (git-fixes).
- NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND (git-fixes).
- lockd: move from strlcpy with unused retval to strscpy
  (git-fixes).
- NFSD: move from strlcpy with unused retval to strscpy
  (git-fixes).
- NFSD: add posix ACLs to struct nfsd_attrs (git-fixes).
- NFSD: add security label to struct nfsd_attrs (git-fixes).
- NFSD: set attributes when creating symlinks (git-fixes).
- NFSD: introduce struct nfsd_attrs (git-fixes).
- NFSD: Fix strncpy() fortify warning (git-fixes).
- NFSD: Optimize DRC bucket pruning (git-fixes).
- commit 7da24f6

- mISDN: Fix a use after free in hfcmulti_tx() (CVE-2024-42280 bsc#1229388)
- commit 82fce1f

- tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284 bsc#1229382)
- commit 7943dda

- net: nexthop: Initialize all fields in dumped nexthops (CVE-2024-42283 bsc#1229383)
- commit 2f1fd70

- sysctl: always initialize i_uid/i_gid (CVE-2024-42312 bsc#1229357)
- commit 3e19d8c

- block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854 bsc#1229345)
- commit 51cef10

- net: remove two BUG() from skb_checksum_help() (bsc#1229312).
- commit 87f8b26

- ipvs: properly dereference pe in ip_vs_add_service (CVE-2024-42322 bsc#1229347)
- commit fa634c1

- Update DRM patch reference (CVE-2024-42308 bsc#1229411)
- commit c8788c0

- dev/parport: fix the array out-of-bounds risk (CVE-2024-42301
  bsc#1229407).
- commit 0f7f361

- arm64: cpufeature: Always specify and use a field width for capabilities (git-fixes)
  Refresh patches.suse/arm64-cpufeature-Fix-field-sign-for-DIT-hwcap-detection.patch.
  Refresh patches.suse/arm64-cpufeature-Force-HWCAP-to-be-based-on-the-sysreg-visible-to-user-space.patch.
- commit 8d157b0

- xhci: Fix Panther point NULL pointer deref at full-speed
  re-enumeration (git-fixes).
- commit 817012e

- Revert "usb: typec: tcpm: clear pd_event queue in PORT_RESET"
  (git-fixes).
- commit 8e189b9

- landlock: Don't lose track of restrictions on cred_transfer
  (bsc#1229351 CVE-2024-42318).
- commit a85e801

- kABI fix for net/sched: flower: Fix chain template offload
  (CVE-2024-26669 bsc#1222350).
- commit a7d20d9

- apparmor: Fix null pointer deref when receiving skb during sock creation (bsc#1229287, CVE-2023-52889).
- commit 9ffdd2d

- arm64: Fix KASAN random tag seed initialization (git-fixes)
- commit 828e8df

- net: enetc: move enetc_set_psfp() out of the common
  enetc_set_features() (CVE-2022-48645 bsc#1223508).
- commit 995bd04

- tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()
  (CVE-2024-41007 bsc#1227863).
- commit 7e08cca

- net: tcp: fix unexcepted socket die when snd_wnd is 0
  (CVE-2024-41007 bsc#1227863).
- commit 226da79

- net: nsh: Use correct mac_offset to unwind gso skb in
  nsh_gso_segment() (CVE-2024-36933 bsc#1225832).
- commit a887eae

- nilfs2: handle inconsistent state in nilfs_btnode_create_block()
  (bsc#1229370 CVE-2024-42295).
- commit 765d56f

- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- commit ac167d3

- arm64: errata: Expand speculative SSBS workaround (again) (git-fixes)
- commit 245f980

- arm64: cputype: Add Cortex-A725 definitions (git-fixes)
- commit eabaf05

- arm64: cputype: Add Cortex-X1C definitions (git-fixes)
- commit a2d18fc

- arm64: errata: Expand speculative SSBS workaround (git-fixes)
- commit dabff04

- arm64: errata: Unify speculative SSBS errata logic (git-fixes)
  Also update default configuration.
- commit c115971

- arm64: cputype: Add Cortex-X925 definitions (git-fixes)
- commit 9e86d7f

- arm64: cputype: Add Cortex-A720 definitions (git-fixes)
- commit cca3066

- arm64: cputype: Add Cortex-X3 definitions (git-fixes)
- commit b5d9595

- arm64: errata: Add workaround for Arm errata 3194386 and 3312417 (git-fixes)
  Refresh capability reservation patch and enable workarounds.
- commit f1638b8

- arm64: cputype: Add Neoverse-V3 definitions (git-fixes)
- commit 5592cab

- arm64: cputype: Add Cortex-X4 definitions (git-fixes)
- commit e63daa2

- arm64: barrier: Restore spec_bar() macro (git-fixes)
- commit 525b096

- arm64: Add Neoverse-V2 part (git-fixes)
- commit 9d204de

- arm64: cpufeature: Force HWCAP to be based on the sysreg visible to (git-fixes)
- commit ed48e5e

- mailbox: mtk-cmdq: Move devm_mbox_controller_register() after
  devm_pm_runtime_enable() (CVE-2024-42319 bsc#1229350).
- commit 7de6296

- remoteproc: imx_rproc: Skip over memory region when node value
  is NULL (CVE-2024-43860 bsc#1229319).
- commit eb0027b

- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)
- commit bb0530e

- media: mediatek: vcodec: Handle invalid decoder vsi
  (CVE-2024-43831 bsc#1229309).
- commit 5fa7be4

- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- commit 0be5a80

- soc: qcom: pdr: protect locator_addr with the main mutex
  (CVE-2024-43849 bsc#1229307).
- commit 2a0434d

- wifi: virt_wifi: don't use strlen() in const context
  (CVE-2024-43841 bsc#1229304).
- wifi: virt_wifi: avoid reporting connection success with wrong
  SSID (CVE-2024-43841 bsc#1229304).
- commit 4c3129e

- net: mana: Add support for page sizes other than 4KB on ARM64
  (jsc#PED-8491 bsc#1226530).
- commit 681a377

- bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
  (CVE-2024-43839 bsc#1229301).
- can: mcp251xfd: fix infinite loop when xmit fails
  (CVE-2024-41088 bsc#1228469).
- can: mcp251xfd: move TX handling into separate file
  (CVE-2024-41088 bsc#1228469).
- commit 11bb8df

- hfs: fix to initialize fields of hfs_inode_info after
  hfs_alloc_inode() (git-fixes).
- commit 9abb2d6

- blacklist.conf: Add libata entry that caused a regression (bsc#1229054)
- commit 0645b91

- fuse: Initialize beyond-EOF page contents before setting
  uptodate (bsc#1229454).
- fs/netfs/fscache_cookie: add missing "n_accesses" check
  (bsc#1229453).
- commit 803fe7f

- Refresh patches.suse/drm-amd-display-Fix-vs-typos.patch (git-fixes)
  Alt-commit
- commit c32dc85

- drm/amd/display: Fix && vs || typos (git-fixes).
- commit e43afc5

- blacklist.conf: Change entry to alt-commit
- Refresh patches.suse/platform-x86-intel-uncore-freq-Prevent-driver-loading-in-guests.patch.
- commit 90be679

- blacklist.conf: Change entry to alt-commit
- Refresh patches.suse/net-USB-Fix-wrong-direction-WARNING-in-plusb.c.patch.
- commit 7b2122f

- Refresh patches.suse/drm-amd-display-fix-cursor-offset-on-rotation-180.patch (git-fixes)
  Alt-commit
- commit 9bfc3c1

- Refresh patches.suse/drm-i915-vma-Fix-UAF-on-destroy-against-retire-race.patch (git-fixes)
  Alt-commit
- commit 050ccc2

- Refresh patches.suse/drm-amdgpu-validate-the-parameters-of-bo-mapping-ope.patch (git-fixes)
  Alt-commit
- commit b9a2ae1

- Refresh patches.suse/drm-amd-Flush-GFXOFF-requests-in-prepare-stage.patch (git-fixes)
  Alt-commit
- commit 5d001ff

- Refresh patches.suse/drm-amd-display-Preserve-original-aspect-ratio-in-cr.patch (git-fixes)
  Alt-commit
- commit 7a0957e

- Refresh patches.suse/0001-drm-amd-display-Implement-bounds-check-for-stream-en.patch (git-fixes)
  Alt-commit
- commit 83a8df8

- Refresh patches.suse/0001-drm-amd-display-Add-NULL-test-for-timing-generator-i.patch (git-fixes)
  Alt-commit
- commit 96ead93

- Refresh patches.suse/drm-amd-pm-fix-a-memleak-in-aldebaran_tables_init.patch (git-fixes)
  Alt-commit
- commit c97f053

- bpf: Fix a segment issue when downgrading gso_size (bsc#1229386
  CVE-2024-42281).
- commit 6eeb5fc

- cachefiles: propagate errors from vfs_getxattr() to avoid
  infinite  loop (bsc#1229418).
- commit e9340b2

- blacklist.conf: added several CACHEFILES_ONDEMAND-related commits
- commit d10fac3

- net/iucv: fix use after free in iucv_sock_close()
  (CVE-2024-42271 bsc#1229400 bsc#1228974).
- commit 82bb6f3

- Refresh sorted patches.
- Refresh patches.suse/cpu-SMT-Enable-SMT-only-if-a-core-is-online.patch.
- Refresh patches.suse/powerpc-topology-Check-if-a-core-is-online.patch.
- commit f56b67a

- Update patches.suse/cpu-SMT-Enable-SMT-only-if-a-core-is-online.patch
  (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
  bsc#1229327 ltc#206365).
- Update patches.suse/powerpc-topology-Check-if-a-core-is-online.patch
  (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
  bsc#1229327 ltc#206365).
- commit 66923e5

- net/rds: fix possible cp null dereference (git-fixes).
- commit 266afb9

- Refresh
  patches.suse/SUNRPC-avoid-soft-lockup-when-transmitting-UDP-to-re.patch.
  Add git commit and move to sorted section.
- commit 89d3015

- blacklist.conf: add unwanted nfs patch
- commit e4440a4

- RDMA/rxe: Fix incomplete state save in rxe_requester (git-fixes)
- commit 06d3b72

- RDMA/rxe: Fix rxe_modify_srq (git-fixes)
- commit fdf3d9e

- RDMA/rxe: Move work queue code to subroutines (git-fixes)
- commit 582ab23

- Subject: RDMA/rxe: Handle zero length rdma (git-fixes)
- commit d8ea1d2

- Update
  patches.suse/drm-amdkfd-don-t-allow-mapping-the-MMIO-HDP-page-wit.patch
  (CVE-2024-41011 bsc#1228115 bsc#1228114).
- Update
  patches.suse/powerpc-pseries-Fix-scv-instruction-crash-with-kexec.patch
  (bsc#1194869 CVE-2024-42230 bsc#1228489).
- commit f6019c1

- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)
- commit 6cb46c4

- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- commit 6a10c09

- arm64: Fix KASAN random tag seed initialization (git-fixes)
- commit 3d017fc

- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- commit 587e4e9

- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad
  3 15IAU7 (git-fixes).
- ALSA: timer: Relax start tick time check for slave timer
  elements (git-fixes).
- commit 1158708

- net: mana: Fix doorbell out of order violation and avoid
  unnecessary doorbell rings (bsc#1229154).
- net: mana: Fix RX buf alloc_size alignment and atomic op panic
  (bsc#1229086).
- commit 79ff759

- io_uring: fix possible deadlock in
  io_register_iowq_max_workers() (bsc#1228616 CVE-2024-41080).
- commit 3aa0f11

- powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869).
- powerpc/pseries: Whitelist dtl slub object for copying to
  userspace (bsc#1194869).
- powerpc/kexec: make the update_cpus_node() function public
  (bsc#1194869).
- powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#"
  (bsc#1194869).
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for
  CONFIG_PCI=n (bsc#1194869).
- powerpc/io: Avoid clang null pointer arithmetic warnings
  (bsc#1194869).
- powerpc/pseries: Add failure related checks for h_get_mpp and
  h_get_ppp (bsc#1194869).
- powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP
  (bsc#1194869).
- powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869).
- powerpc/radix: Move some functions into #ifdef
  CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869).
- powerpc: Fail build if using recordmcount with binutils v2.37
  (bsc#1194869).
- powerpc: use generic version of arch_is_kernel_initmem_freed()
  (bsc#1194869).
- Refresh patches.suse/powerpc-vmlinux.lds-Add-an-explicit-symbol-for-the-S.patch
- powerpc: Mark .opd section read-only (bsc#1194869).
- commit 2160944

- blacklist.conf: Add a bunch of superfluous ppc changes reported by
  git-fixes.
- commit 1ab92eb

- blacklist.conf: Add ppc more ppc unsupported arch paths and commits.
- commit e1bb6f6

- blacklist.conf: Add 9bce6243848d powerpc/rtas: make all exports GPL
- commit dd9bd74

- blacklist.conf: Add ppc 32bit commit and paths.
- commit 293db9f

- s390/dasd: fix error checks in dasd_copy_pair_store()
  (git-fixes bsc#1229190).
- commit 8da5fb8

- s390/uv: Panic for set and remove shared access UVC errors
  (git-fixes bsc#1229188).
- commit f8287f7

- s390/cpacf: Make use of invalid opcode produce a link error
  (git-fixes bsc#1227079).
- s390/cpacf: Split and rework cpacf query functions (git-fixes
  bsc#1229187).
- s390/cpacf: get rid of register asm (git-fixes bsc#1227079
  bsc#1229187).
- commit ef080ed

- drm: panel-orientation-quirks: Add quirk for OrangePi Neo
  (stable-fixes).
- drm: add missing MODULE_DESCRIPTION() macros (stable-fixes).
- drm: panel-orientation-quirks: Add labels for both Valve Steam
  Deck revisions (stable-fixes).
- commit e806b26

- docs: KVM: Fix register ID of SPSR_FIQ (git-fixes).
- drm/amd/display: Skip Recompute DSC Params if no Stream on Link
  (stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra)
  to quirks (stable-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4
  (stable-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list
  (stable-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- drm/dp_mst: Skip CSN if topology probing is not done yet
  (stable-fixes).
- Revert "drm/amd/display: Add NULL check for 'afb' before
  dereferencing in amdgpu_dm_plane_handle_cursor_update"
  (stable-fixes).
- drm/amd/display: Add NULL check for 'afb' before dereferencing
  in amdgpu_dm_plane_handle_cursor_update (stable-fixes).
- drm/bridge: analogix_dp: properly handle zero sized AUX
  transactions (stable-fixes).
- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr
  (stable-fixes).
- drm/amdgpu: Add lock around VF RLCG interface (stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference in
  apply_state_adjust_rules (stable-fixes).
- drm/amdgpu: Fix the null pointer dereference to ras_manager
  (stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference for smu7
  (stable-fixes).
- drm/amdgpu/pm: Fix the param type of set_power_profile_mode
  (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Aya Neo KUN
  (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Tab
  3 X90F (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Nanote UMPC-01
  (stable-fixes).
- commit f4c5b8f

- net, sunrpc: Remap EPERM in case of connection failure in
  xs_tcp_setup_socket (CVE-2024-42246 bsc#1228989).
- commit e5ad6b1

- btrfs: fix leak of qgroup extent records after transaction abort
  (git-fixes).
- btrfs: make btrfs_destroy_delayed_refs() return void
  (git-fixes).
- btrfs: remove unnecessary prototype declarations at disk-io.c
  (git-fixes).
- commit d462b94

- powerpc/topology: Check if a core is online (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- cpu/SMT: Enable SMT only if a core is online (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- commit d553d97

- platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779).
- commit 1be5f1f

- platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779).
- commit 06e9d31

- platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779).
- commit 5b03027

- platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779).
- commit 1a47b84

- platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779).
- commit 3ebff38

- platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779).
- commit 3876087

- platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779).
- commit 1c4efdd

- platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779).
- commit f11ea1a

- platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779).
- commit ec733e8

- platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779).
- commit dfa3da1

- platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779).
- commit c01d7b5

- platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779).
- commit 7ba0b5e

- platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779).
- commit e8c18c1

- tcp_metrics: validate source addr length
  (CVE-2024-42154 bsc#1228507).
- commit 4c817e3

- memcg: protect concurrent access to mem_cgroup_idr (git-fixes).
- commit 2c5d7b8

- libceph: fix race between delayed_work() and ceph_monc_stop()
  (bsc#1228959 CVE-2024-42232).
- commit 27160c2

- Update
  patches.suse/libceph-fix-race-between-delayed_work-and-ceph_monc_s.patch
  (bsc#1228190 CVE-2024-42232).
- commit bbe2784

- ipv6: sr: fix incorrect unregister order (git-fixes).
- commit 430794a

- ipv6: sr: fix possible use-after-free and null-ptr-deref
  (CVE-2024-26735 bsc#1222372).
- commit 9456b6b

- x86/APM: drop the duplicate APM_MINOR_DEV macro (git-fixes).
- commit 64f81fd

- net/sched: flower: Fix chain template offload (CVE-2024-26669
  bsc#1222350).
- commit 04f92b6

- x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes).
- commit aac2b6a

- x86/pm: Work around false positive kmemleak report in msr_build_context() (git-fixes).
- commit 7560f66

- x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes).
- commit 8b41557

- x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes).
- commit 358a165

- inet_diag: Initialize pad field in struct inet_diag_req_v2
  (CVE-2024-42106 bsc#1228493).
- commit 082b3ea

- selftests/bpf: Cover verifier checks for mutating
  sockmap/sockhash (bsc#1226885 CVE-2024-38662).
- Revert "bpf, sockmap: Prevent lock inversion deadlock in map
  delete elem" (bsc#1226885 CVE-2024-38662).
- bpf: Allow delete from sockmap/sockhash only if update is
  allowed (bsc#1226885 CVE-2024-38662).
- commit ae18577

- genirq: Take the proposed affinity at face value if force==true
  (git-fixes).
- commit 01fe9f9

- rpm/kernel-binary.spec.in: fix klp_symbols macro
  The commit below removed openSUSE filter from %ifs of the klp_symbols
  definition. But it removed -c of grep too and that causes:
  error: syntax error in expression:  01 && (  || 1 )
  error:                                        ^
  error: unmatched (:  01 && (  || 1 )
  error:                     ^
  error: kernel-default.spec:137: bad %if condition:  01 && (  || 1 )
  So reintroduce -c to the PTF's grep.
  Fixes: fd0b293bebaf (kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).)
- commit 4a36fe3

- i2c: smbus: Send alert notifications to all devices if source
  not found (git-fixes).
- i2c: smbus: Improve handling of stuck alerts (git-fixes).
- spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes).
- drm/client: fix null pointer dereference in
  drm_client_modeset_probe (git-fixes).
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT
  (git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask
  (git-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- commit 3bff740

- rpm/kernel-binary.spec.in: Fix build regression
  The previous fix forgot to take over grep -c option that broke the
  conditional expression
- commit d29edf2

- kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).
  After the Jump project the kernel used by SLE and openSUSE Leap are the
  same. As consequence the klp_symbols variable is set, enabling
  kernel-default-livepatch-devel on both SLE and openSUSE.
  The current rules to avoid enabling the package exclude openSUSE
  Tumbleweed alone, which doesn't makes sense for now. Enabling
  kernel-default-livepatch-devel on TW makes it easier to test the
  creation of kernel livepatches of the next SLE versions.
- commit fd0b293

- net: ks8851: Fix potential TX stall after interface reopen
  (git-fixes).
- net: ks8851: Fix deadlock with the SPI chip variant (git-fixes).
- net: ks8851: Fix another TX stall caused by wrong ISR flag
  handling (git-fixes).
- commit 7cb23d2

- net: ks8851: Queue RX packets in IRQ handler instead of
  disabling BHs (CVE-2024-35971 bsc#1224578).
- net: ks8851: Handle softirqs at the end of IRQ thread to fix
  hang (CVE-2024-35971 bsc#1224578).
- net: ks8851: Inline ks8851_rx_skb() (CVE-2024-35971
  bsc#1224578).
- net: ks8851: Fix TX stall caused by TX buffer overrun
  (gix-fixes).
- commit a0911e3

- blk-mq: use hk cpus only when isolcpus=io_queue is enabled
  (bsc#1229034).
- lib/group_cpus.c: honor housekeeping config when grouping CPUs
  (bsc#1229034).
- virtio: blk/scsi: use block layer helpers to calculate num of
  queues (bsc#1229034).
- scsi: use block layer helpers to calculate num of queues
  (bsc#1229034).
- nvme-pci: use block layer helpers to calculate num of queues
  (bsc#1229034).
- blk-mq: add number of queue calc helper (bsc#1229034).
- virtio: blk/scs: replace blk_mq_virtio_map_queues with
  blk_mq_dev_map_queues (bsc#1229034).
- nvme: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues
  (bsc#1229034).
- scsi: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues
  (bsc#1229034).
- blk-mq: introduce blk_mq_dev_map_queues (bsc#1229034).
- virito: add APIs for retrieving vq affinity (bsc#1229034).
- scsi: pm8001: do not overwrite PCI queue mapping (bsc#1229034).
- commit 8efabbc

- ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC
  (git-fixes).
- commit dc74872

- ACPI: bus: Indicate support for the Generic Event Device thru
  _OSC (git-fixes).
- Refresh
  patches.suse/ACPI-Fix-Generic-Initiator-Affinity-_OSC-bit.patch.
- commit 5e88627

- lib/group_cpus.c: avoid acquiring cpu hotplug lock in
  group_cpus_evenly (bsc#1229031).
- lib/group_cpus: Export group_cpus_evenly() (bsc#1229031).
- genirq/affinity: Only build SMP-only helper functions on SMP
  kernels (bsc#1229031).
- blk-mq: Build default queue map via group_cpus_evenly()
  (bsc#1229031).
- genirq/affinity: Move group_cpus_evenly() into lib/
  (bsc#1229031).
- genirq/affinity: Rename irq_build_affinity_masks as
  group_cpus_evenly (bsc#1229031).
- genirq/affinity: Don't pass irq_affinity_desc array to
  irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Pass affinity managed mask array to
  irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Remove the 'firstvec' parameter from
  irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Replace cpumask_weight() with cpumask_empty()
  where appropriate (bsc#1229031).
- commit 614293b

- cpuidle, ACPI: Evaluate LPI arch_flags for broadcast timer
  (git-fixes).
- commit 39678ad

- ACPI: x86: s2idle: Post-increment variables when getting
  constraints (git-fixes).
- Refresh
  patches.suse/ACPI-x86-s2idle-Fix-a-logic-error-parsing-AMD-constr.patch.
- commit f30def6

- Update
  patches.suse/0001-ocfs2-fix-DIO-failure-due-to-insufficient-transactio.patch
  (bsc#1216834 CVE-2024-42077 bsc#1228516).
  Add CVE references.
- commit 8360e90

- Update
  patches.suse/ALSA-emux-improve-patch-ioctl-data-validation.patch
  (stable-fixes CVE-2024-42097 bsc#1228766).
- Update
  patches.suse/ASoC-amd-acp-add-a-null-check-for-chip_pdev-structur.patch
  (git-fixes CVE-2024-42074 bsc#1228481).
- Update
  patches.suse/ASoC-fsl-asoc-card-set-priv-pdev-before-using-it.patch
  (git-fixes CVE-2024-42089 bsc#1228450).
- Update
  patches.suse/Bluetooth-qca-Fix-BT-enable-failure-again-for-QCA639.patch
  (git-fixes CVE-2024-42137 bsc#1228563).
- Update
  patches.suse/RDMA-restrack-Fix-potential-invalid-address-access.patch
  (git-fixes CVE-2024-42080 bsc#1228673).
- Update
  patches.suse/USB-core-Fix-duplicate-endpoint-bug-by-clearing-rese.patch
  (git-fixes CVE-2024-41035 bsc#1228485).
- Update patches.suse/USB-serial-mos7840-fix-crash-on-resume.patch
  (git-fixes CVE-2024-42244 bsc#1228967).
- Update
  patches.suse/ata-libata-core-Fix-null-pointer-dereference-on-erro.patch
  (git-fixes CVE-2024-41098 bsc#1228467).
- Update
  patches.suse/block-add-check-that-partition-length-needs-to-be-aligned-with-block-size.patch
  (bsc#1227867 CVE-2024-41000 CVE-2023-52458 bsc#1220428).
- Update
  patches.suse/bpf-Fail-bpf_timer_cancel-when-callback-is-being-can.patch
  (bsc#1228531 CVE-2024-41045 CVE-2024-42239 bsc#1228979).
- Update
  patches.suse/crypto-aead-cipher-zeroize-key-buffer-after-use.patch
  (stable-fixes CVE-2024-42229 bsc#1228708).
- Update
  patches.suse/crypto-ecdh-explicitly-zeroize-private_key.patch
  (stable-fixes CVE-2024-42098 bsc#1228779).
- Update
  patches.suse/drm-amd-display-Check-index-msg_id-before-read-or-wr.patch
  (stable-fixes CVE-2024-42121 bsc#1228590).
- Update
  patches.suse/drm-amd-display-Check-pipe-offset-before-setting-vbl.patch
  (stable-fixes CVE-2024-42120 bsc#1228588).
- Update
  patches.suse/drm-amd-display-Skip-finding-free-audio-for-unknown-.patch
  (stable-fixes CVE-2024-42119 bsc#1228584).
- Update
  patches.suse/drm-amdgpu-Fix-signedness-bug-in-sdma_v4_0_process_t.patch
  (git-fixes CVE-2024-41022 bsc#1228429).
- Update
  patches.suse/drm-amdgpu-avoid-using-null-object-of-framebuffer.patch
  (stable-fixes CVE-2024-41093 bsc#1228660).
- Update
  patches.suse/drm-i915-gt-Fix-potential-UAF-by-revoke-of-fence-reg.patch
  (git-fixes CVE-2024-41092 bsc#1228483).
- Update
  patches.suse/drm-lima-fix-shared-irq-handling-on-driver-remove.patch
  (stable-fixes CVE-2024-42127 bsc#1228721).
- Update
  patches.suse/drm-nouveau-dispnv04-fix-null-pointer-dereference-in-66edf3f.patch
  (stable-fixes CVE-2024-41095 bsc#1228662).
- Update
  patches.suse/drm-nouveau-dispnv04-fix-null-pointer-dereference-in.patch
  (stable-fixes CVE-2024-41089 bsc#1228658).
- Update
  patches.suse/drm-nouveau-fix-null-pointer-dereference-in-nouveau_.patch
  (git-fixes CVE-2024-42101 bsc#1228495).
- Update
  patches.suse/drm-panel-ilitek-ili9881c-Fix-warning-with-GPIO-cont.patch
  (stable-fixes CVE-2024-42087 bsc#1228677).
- Update
  patches.suse/drm-radeon-check-bo_va-bo-is-non-NULL-before-using-i.patch
  (stable-fixes CVE-2024-41060 bsc#1228567).
- Update
  patches.suse/firmware-cs_dsp-Fix-overflow-checking-of-wmfw-header.patch
  (git-fixes CVE-2024-41039 bsc#1228515).
- Update
  patches.suse/firmware-cs_dsp-Prevent-buffer-overrun-when-processi.patch
  (git-fixes CVE-2024-41038 bsc#1228509).
- Update
  patches.suse/firmware-cs_dsp-Return-error-if-block-header-overflo.patch
  (git-fixes CVE-2024-42238 bsc#1228991).
- Update
  patches.suse/firmware-cs_dsp-Use-strnlen-on-name-fields-in-V1-wmf.patch
  (git-fixes CVE-2024-41056 bsc#1228480).
- Update
  patches.suse/firmware-cs_dsp-Validate-payload-length-before-proce.patch
  (git-fixes CVE-2024-42237 bsc#1228992).
- Update
  patches.suse/gpio-davinci-Validate-the-obtained-number-of-IRQs.patch
  (git-fixes CVE-2024-42092 bsc#1228447).
- Update
  patches.suse/iio-chemical-bme680-Fix-overflows-in-compensate-func.patch
  (git-fixes CVE-2024-42086 bsc#1228452).
- Update
  patches.suse/jffs2-Fix-potential-illegal-address-access-in-jffs2_free_inode.patch
  (git-fixes CVE-2024-42115 bsc#1228656).
- Update
  patches.suse/libceph-fix-race-between-delayed_work-and-ceph_monc_s.patch
  (bsc#1228190 CVE-2024-42232 bsc#1228959).
- Update
  patches.suse/media-dvb-frontends-tda10048-Fix-integer-overflow.patch
  (stable-fixes CVE-2024-42223 bsc#1228726).
- Update
  patches.suse/msft-hv-3022-net-mana-Fix-possible-double-free-in-error-handling-.patch
  (git-fixes CVE-2024-42069 bsc#1228463).
- Update
  patches.suse/net-can-j1939-Initialize-unused-data-in-j1939_send_o.patch
  (git-fixes CVE-2024-42076 bsc#1228484).
- Update
  patches.suse/net-can-j1939-enhanced-error-handling-for-tightly-re.patch
  (git-fixes CVE-2023-52887 bsc#1228426).
- Update
  patches.suse/nfc-nci-Add-the-inconsistency-check-between-the-inpu.patch
  (stable-fixes CVE-2024-42130 bsc#1228687).
- Update
  patches.suse/nilfs2-add-missing-check-for-inode-numbers-on-directory-entries.patch
  (git-fixes CVE-2024-42104 bsc#1228654).
- Update patches.suse/nvme-avoid-double-free-special-payload.patch
  (git-fixes CVE-2024-41073 bsc#1228635).
- Update patches.suse/nvmet-always-initialize-cqe.result.patch
  (git-fixes CVE-2024-41079 bsc#1228615).
- Update
  patches.suse/nvmet-fix-a-possible-leak-when-destroy-a-ctrl-during.patch
  (git-fixes CVE-2024-42152 bsc#1228724).
- Update
  patches.suse/ocfs2-strict-bound-check-before-memcmp-in-ocfs2_xatt.patch
  (bsc#1228410 CVE-2024-41016).
- Update patches.suse/orangefs-fix-out-of-bounds-fsid-access.patch
  (git-fixes CVE-2024-42143 bsc#1228748).
- Update
  patches.suse/pinctrl-fix-deadlock-in-create_pinctrl-when-handling.patch
  (git-fixes CVE-2024-42090 bsc#1228449).
- Update
  patches.suse/powerpc-Avoid-nmi_enter-nmi_exit-in-real-mode-interr.patch
  (bsc#1221645 ltc#205739 bsc#1223191 CVE-2024-42126 bsc#1228718).
- Update
  patches.suse/usb-atm-cxacru-fix-endpoint-checking-in-cxacru_bind.patch
  (git-fixes CVE-2024-41097 bsc#1228513).
- Update
  patches.suse/usb-dwc3-core-remove-lock-of-otg-mode-during-gadget-.patch
  (git-fixes CVE-2024-42085 bsc#1228456).
- Update
  patches.suse/usb-gadget-configfs-Prevent-OOB-read-write-in-usb_st.patch
  (stable-fixes CVE-2024-42236 bsc#1228964).
- Update
  patches.suse/wifi-cfg80211-restrict-NL80211_ATTR_TXQ_QUANTUM-valu.patch
  (git-fixes CVE-2024-42114 bsc#1228564).
- Update
  patches.suse/wifi-mt76-replace-skb_put-with-skb_put_zero.patch
  (stable-fixes CVE-2024-42225 bsc#1228710).
- Update
  patches.suse/x86-bhi-Avoid-warning-in-DB-handler-due-to-BHI-mitigation.patch
  (git-fixes CVE-2024-42240 bsc#1228966).
  Add CVE references.
- commit 05086b1

- ACPI: thermal: Drop nocrt parameter (git-fixes).
- commit 5de370b

- perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for
  HIP08/09 (git-fixes).
- commit 9250a1e

- Bluetooth: l2cap: always unlock channel in
  l2cap_conless_channel() (git-fixes).
- net: usb: qmi_wwan: fix memory leak for not ip packets
  (git-fixes).
- padata: Fix possible divide-by-0 panic in padata_mt_helper()
  (git-fixes).
- commit 29bbfef

- ACPI: bus: Rework system-level device notification handling
  (git-fixes).
- Refresh
  patches.suse/ACPI-bus-Ensure-that-notify-handlers-are-not-running.patch.
- commit 7dcab46

- irqdomain: Fixed unbalanced fwnode get and put (git-fixes).
- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU
  offline (git-fixes).
- genirq/generic_chip: Make irq_remove_generic_chip() irqdomain
  aware (git-fixes).
- genirq/matrix: Exclude managed interrupts in
  irq_matrix_allocated() (git-fixes).
- genirq/ipi: Fix NULL pointer deref in
  irq_data_get_affinity_mask() (git-fixes).
- irqdomain: Fix domain registration race (git-fixes).
- irqdomain: Fix mapping-creation race (git-fixes).
- irqdomain: Refactor __irq_domain_alloc_irqs() (git-fixes).
- irqdomain: Look for existing mapping only once (git-fixes).
- irqdomain: Drop bogus fwspec-mapping error handling (git-fixes).
- irqdomain: Fix disassociation race (git-fixes).
- irqdomain: Fix association race (git-fixes).
- genirq: Add might_sleep() to disable_irq() (git-fixes).
- kernel/irq/irqdomain.c: fix memory leak with using
  debugfs_lookup() (git-fixes).
- genirq/irqdesc: Don't try to remove non-existing sysfs files
  (git-fixes).
- irqdomain: Report irq number for NOMAP domains (git-fixes).
- genirq: Don't return error on missing optional
  irq_request_resources() (git-fixes).
- genirq: Always limit the affinity to online CPUs (git-fixes).
- genirq/msi: Shutdown managed interrupts with unsatifiable
  affinities (git-fixes).
- commit 2fd5320

- blacklist.conf: add IRQ HANDLING one
- commit de8bb5c

- net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx()
  from __netif_rx() (CVE-2024-42110 bsc#1228501).
- commit 096fa1d

- wireguard: allowedips: avoid unaligned 64-bit memory accesses
  (CVE-2024-42247 bsc#1228988).
- commit 9870725

- ax25: Fix refcount imbalance on inbound connections
  (CVE-2024-40910 bsc#1227832).
- commit 12cb329

- tipc: fix kernel panic when enabling bearer (CVE-2022-48865
  bsc#1228065).
- commit 2f9875a

- PM: sleep: Fix possible deadlocks in core system-wide PM code
  (bsc#1221269 CVE-2023-52498).
- async: Introduce async_schedule_dev_nocall() (bsc#1221269).
- async: Split async_schedule_node_domain() (bsc#1221269).
- commit 14accb2

- s390/sclp: Fix sclp_init() cleanup on failure (bsc#1228579
  CVE-2024-41068).
- commit 77769f2

- net: dsa: fix panic when DSA master device unbinds on shutdown
  (CVE-2022-48808 bsc#1227958).
- commit 1e672d7

- serial: 8250_omap: Fix Errata i2310 with RX FIFO level check
  (bsc#1228446 CVE-2024-42095).
- commit 082abd5

- serial: 8250_omap: Implementation of Errata i2310 (bsc#1228446
  CVE-2024-42095).
- commit f99b96f

- tcp: avoid too many retransmit packets (CVE-2024-41007
  bsc#1227863).
- commit ddec32c

- config.sh: generate and install compile_commands.json (bsc#1228971)
  This file contains the command line options used to compile every C file.
  It's useful for the livepatching team.
- kernel-binary: generate and install compile_commands.json (bsc#1228971)
  This file contains the command line options used to compile every C file.
  It's useful for the livepatching team.
- commit 0d8cf49

- power: supply: axp288_charger: Round constant_charge_voltage
  writes down (git-fixes).
- power: supply: axp288_charger: Fix constant_charge_voltage
  writes (git-fixes).
- commit db1c6e2

- bpf: Defer work in bpf_timer_cancel_and_free (bsc#1228531
  CVE-2024-41045).
- bpf: Fail bpf_timer_cancel when callback is being cancelled
  (bsc#1228531 CVE-2024-41045).
- bpf: Check map->usercnt after timer->timer is assigned
  (bsc#1228531 CVE-2024-41045).
- commit 13bca15

- scsi: qedi: Fix crash while reading debugfs attribute
  (bsc#1227929 CVE-2024-40978).
- block/ioctl: prefer different overflow check (bsc#1227867
  CVE-2024-41000).
- block: add check that partition length needs to be aligned
  with block size (bsc#1227867 CVE-2024-41000).
- commit f6a3a4f

- ice: Don't process extts if PTP is disabled (CVE-2024-42107
  bsc#1228494).
- ice: Fix improper extts handling (CVE-2024-42139 bsc#1228503).
- bnx2x: Fix multiple UBSAN array-index-out-of-bounds
  (CVE-2024-42148 bsc#1228487).
- net/mlx5: E-switch, Create ingress ACL when needed
  (CVE-2024-42142 bsc#1228491).
- gve: Account for stopped queues when reading NIC stats
  (CVE-2024-42162 bsc#1228706).
- commit 52582b0

- packaging: Add case-sensitive perl option parsing
  A recent change in Getopt::Long [1]:
  Changes in version 2.55
  - ----------------------
  * Fix long standing bug that duplicate options were not detected
  when the options differ in case while ignore_case is in effect.
  This will now yield a warning and become a fatal error in a future
  release.
  perl defaults to ignore_case by default, switch it off to avoid
  accidental misparsing of options.
  This was suggested after similar change in scripts/.
- commit e978477

- xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482
  CVE-2024-42082).
- commit 3fdab8d

- netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042
  bsc#1228526).
- Refresh
  patches.kabi/netfilter-KABI-workaround-for-CVE-2023-3610-bsc-1213.patch.
- commit 05a5b4a

- drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (CVE-2024-42228 bsc#1228667).
- commit 8a881f9

- btrfs: sysfs: update fs features directory asynchronously
  (bsc#1226168).
- commit a738a53

- tipc: force a dst refcount before doing decryption (CVE-2024-40983 bsc#1227819).
- commit af53498
openssl-1_1
- Security fix: [bsc#1220262, CVE-2023-50782]
  * Implicit rejection in PKCS#1 v1.5
  * Add openssl-CVE-2023-50782.patch
python3
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
  path names provided when creating a virtual environment
  (bsc#1232241, CVE-2024-9287)

- Drop .pyc files from docdir for reproducible builds
  (bsc#1230906).

- Add CVE-2024-6232-ReDOS-backtrack-tarfile.patch prevent
  ReDos via excessive backtracking while parsing header values
  (bsc#1230227, CVE-2024-6232).

- Add CVE-2024-5642-switch-off-NPN.patch switching off the NPN
  support eliminating bsc#1227233 (CVE-2024-5642).

- Add CVE-2024-6923-email-hdr-inject.patch to prevent email
  header injection due to unquoted newlines (bsc#1228780,
  CVE-2024-6923).
- Add CVE-2024-7592-quad-complex-cookies.patch fixing quadratic
  complexity in parsing cookies with backslashes (bsc#1229596,
  CVE-2024-7592)
- %{profileopt} variable is set according to the variable
  %{do_profiling} (bsc#1227999)

- Remove %suse_update_desktop_file macro as it is not useful any
  more.

- Stop using %%defattr, it seems to be breaking proper executable
  attributes on /usr/bin/ scripts (bsc#1227378).
libzypp
- PluginFrame: Send unescaped colons in header values
  (bsc#1231043)
  According to the STOMP protocol it would be correct to escape a
  colon in a header-value, but it breaks plugin receivers which do
  not expect this. The first colon separates header-name from
  header-value, so escaping in the header-value is not needed
  anyway.
  Escaping in the header-value affects especially the urlresolver
  plugins. The input URL is passed in a header, but sent back as
  raw data in the frames body. If the plugin receiver does not
  correctly unescape the URL we may get back a "https\c//" which is
  not usable.
- Do not ignore return value of std::remove_if in MediaSyncFacade
  (fixes #579)
- Fix hang in curl code with no network connection (bsc#1230912)
- version 17.35.12 (35)

- Deprecate librpmDb::db_const_iterator default ctor (bsc#1230267)
  It's preferred to explicitly tell the root directory of the
  system whose database you want to query.
- version 17.35.11 (35)

- API refactoring. Prevent zypper from using now private libzypp
  symbols (bsc#1230267)
- Conflicts: zypper <= 1.14.76
- version 17.35.10 (35)

- single_rpmtrans: fix installation of .src.rpms (bsc#1228647)
- version 17.35.9 (35)
logrotate
- Backport 'ignoreduplicates' configuration flag (jsc#PED-10366)
  * Added patch logrotate-ignore-duplicates.patch
  * Allows log processing with duplicate logfile matches
mdadm
- mdadm: define DEV_MD_DIR (bsc#1226413)
  0062-mdadm-define-DEV_MD_DIR.patch
- mdadm: refactor ident->name handling (bsc#1226413)
  0063-mdadm-refactor-ident-name-handling.patch
- mdadm: Follow POSIX Portable Character Set (bsc#1226413)
  0064-mdadm-Follow-POSIX-Portable-Character-Set.patch
- Detail: remove duplicated code (bsc#1226413)
  0065-Detail-remove-duplicated-code.patch
- mdadm: Fix native --detail --export (bsc#1226413)
  0066-mdadm-Fix-native-detail-export.patch
pam-config
- Change check for existence of modules.
  If we have a biarch architecture, we check that the 64bit
  PAM module is there and report an error if not. For the 32bit
  variant, we only issue a warning.
  [pam-config-change-check-for-existence-of-modules.patch, bsc#1227216]
shim
- Update shim-install to apply the missing fix for openSUSE Leap
  (bsc#1210382) fixed by Gary.
  * 86b73d1 Fix that bootx64.efi is not updated on Leap
- Update shim-install to use the 'removable' way for SL-Micro
  (bsc#1230316) fixed by Gary.
  * 433cc4e Always use the removable way for SL-Micro
xen
- bsc#1232622 - VUL-0: CVE-2024-45818: xen: Deadlock in x86 HVM
  standard VGA handling (XSA-463)
  xsa463-01.patch
  xsa463-02.patch
  xsa463-03.patch
  xsa463-04.patch
  xsa463-05.patch
  xsa463-06.patch
  xsa463-07.patch
  xsa463-08.patch
  xsa463-09.patch
  xsa463-10.patch
- bsc#1232624 - VUL-0: CVE-2024-45819: xen: libxl leaks data to PVH
  guests via ACPI tables (XSA-464)
  xsa464.patch
- Drop the following patches
  66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
  stdvga-cache.patch

- bsc#1232542 - remove usage of net-tools-deprecated from supportconfig plugin

- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
  vlapic_error() (XSA-462)
  66f2af41-x86-vLAPIC-undue-recursion-of-vlapic_error.patch
  Drop xsa462.patch
- Upstream bug fixes (bsc#1027519)
  66cf737b-x86-Dom0-disable-SMAP-for-PV-only.patch
  66d6dca8-libxl-nul-termination-in-xen_console_read_line.patch
  66d8690f-SUPPORT-split-XSM-from-Flask.patch
  66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
  66e44ae2-x86-ucode-AMD-buffer-underrun.patch
  66f2fd92-x86-ucode-Intel-stricter-sanity-check.patch

- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
  vlapic_error() (XSA-462)
  xsa462.patch
zypper
- API refactoring. Prevent zypper from using now private libzypp
  symbols (bsc#1230267)
- BuildRequires:  libzypp-devel >= 17.35.10.
- Fix wrong numbers used in CommitSummary skipped/failed messages.
- version 1.14.77