amazon-ssm-agent
- Update to version 3.0.1209.0 (bsc#1186239, bsc#1186262)
  + For detailed changes see RELEASENOTES.md
  + Drop fix-version.patch replaced by sed expression in spec file
  + Drop remove-unused-import.patch no longer included from upstream
  + Drop fix-config.patch all SUSE distros use systemd
  + Remove amazon-ssm-agent.service included in upstream source, use it
  + Move all binaries into sbin and fix the hard coded config path via sed
- Update to 2.3.1205.0:
  * Updated the SSM Agent Snap to core18
  * Bug fix for expired in-progress documents being resumed
  * Bug fix for update specific files not being deleted after agent update is finished
  * Bug fix for cached manifest files not being deleted in the configurepackage plugin
- Add patch to remove unused import
  + remove-unused-import.patch
- Refresh patches for new version
  + fix-version.patch
- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
  shortcut through the -mini flavors.
- Update version patch.
- Update to 2.3.415.0 (2019-03-05)
- Update to 2.3.372.0 (2019-03-05)
- Update to 2.3.344.0 (2019-03-05)
- Update to 2.3.274.0 (2019-03-05)
- Update to 2.3.235.0 (2019-03-05)
- Update to 2.3.193.0 (2019-03-05)
- Update to 2.3.169.0 (2019-03-05)
- Update to 2.3.136.0 (2019-03-05)
- Update to 2.3.117.0 (2019-03-05)
- Update to 2.3.101.0 (2019-03-05)
- Update to 2.3.68.0 (2019-03-05)
- Update to 2.3.13.0 (2019-03-05)
- Update to 2.2.916.0 (2019-03-05)
- Update to 2.2.902.0 (2019-03-05)
- Update to 2.2.800.0 (2019-03-05)
  + Streaming AWS Systems Manager Run Command output to CloudWatch
    Logs
- Update to 2.2.619.0 (2019-03-05)
- Update to 2.2.607.0 (2019-03-05)
- Update to 2.2.546.0 (2019-03-05)
  + Bug fix to retry sending document results if they couldn't
    reach the service
- Update to 2.2.493.0 (2019-03-05)
  + Bug fix so that aws:downloadContent does not change permissions
    of directories
  + Bug fix to Cloudwatch plugin where StartType has duplicated
    Enabled value
- Update to 2.2.392.0 (2019-03-05)
  + Added support for agent hibernation so that Agent backs off or
    enters hibernation mode if it does not have access to the
    service
- Update to 2.2.355.0 (2019-03-05)
apparmor
- apparmor-profiles-add-sssd-to-nameservice.patch: Enable access
  to sssd fast cache for nameservice users (bsc#1183599)
- add-ld.so.preload-to-abstraction_base.patch: Add ld.so.preload to
  abstraction/base (bsc#1181728)
audit
- Enable Aarch64 processor support. (bsc#1179515)
audit-secondary
- Enable Aarch64 processor support. (bsc#1179515)
avahi
- Add avahi-CVE-2021-3468.patch: avoid infinite loop by handling
  HUP event in client_work (boo#1184521 CVE-2021-3468).
  https://github.com/lathiat/avahi/pull/330
- Update avahi-daemon-check-dns-suse.patch: needed rebase against
  the updated avahi-daemon-check-dns.sh.
bash
- Add patch bsc1177369.patch to fix bsc#1177369
  * tailf command does destroy terminal/console settings
bind
- Some debugs were still in the patch for bsc#1181495.
  [bsc#1181495, bind-bsc1181495-disable-md5-when-in-fips-mode.patch]
- * A broken inbound incremental zone update (IXFR)
    can cause named to terminate unexpectedly
    [CVE-2021-25214, bind-CVE-2021-25214.patch]
  * An assertion check can fail while answering queries
    for DNAME records that require the DNAME to be processed to resolve
    itself
    [CVE-2021-25215, bind-CVE-2021-25215.patch]
  * A second vulnerability in BIND's GSSAPI security
    policy negotiation can be targeted by a buffer overflow attack
    This does not affect this package as the affected code is
    disabled.
    [CVE-2021-25216]
  [bsc#1185345]
- * A broken inbound incremental zone update (IXFR)
    can cause named to terminate unexpectedly
    [CVE-2021-25214, bind-CVE-2021-25214.patch]
- When FIPS mode is enabled, the named tools will complain that
  MD5 is enabled. This is now checked, MD5 is ignored and a
  warning is shown.
  [bsc#1181495, bind-bsc1181495-disable-md5-when-in-fips-mode.patch]
cifs-utils
- cifs.upcall: fix regression in kerberos mount; (bsc#1184815).
  * add 0015-cifs.upcall-fix-regression-in-kerberos-mount.patch
- CVE-2021-20208: cifs-utils: cifs.upcall kerberos auth leak in
  container; (bsc#1183239); CVE-2021-20208.
crash
- Fix crash utility is taking forever to initialize a vmcore from large config
  system (bsc#1178827 ltc#189279).
  crash-task.c-avoid-unnecessary-cpu-cycles-in-stkptr_to_tas.patch
cups
- When cupsd creates directories with specific owner group
  and permissions (usually owner is 'root' and group matches
  "/configure --with-cups-group=lp"/) specify same owner group and
  permissions in the RPM spec file to ensure those directories
  are installed by RPM with the right settings because if those
  directories were installed by RPM with different settings then
  cupsd would use them as is and not adjust its specific owner
  group and permissions which could lead to privilege escalation
  from 'lp' user to 'root' via symlink attacks e.g. if owner is
  falsely 'lp' instead of 'root' CVE-2021-25317 (bsc#1184161)
curl
- Security fix: [bsc#1186114, CVE-2021-22898]
  * TELNET stack contents disclosure
- Add curl-CVE-2021-22898.patch
- Allow partial chain verification [jsc#SLE-17954]
  * Have intermediate certificates in the trust store be treated
    as trust-anchors, in the same way as self-signed root CA
    certificates are. This allows users to verify servers using
    the intermediate cert only, instead of needing the whole chain.
  * Set FLAG_TRUSTED_FIRST unconditionally.
  * Do not check partial chains with CRL check.
- Add curl-X509_V_FLAG_PARTIAL_CHAIN.patch
- Security fix: [bsc#1183933, CVE-2021-22876]
  * The automatic referer leaks credentials
- Add curl-CVE-2021-22876-URL-API.patch curl-CVE-2021-22876.patch
dhcp
- CVE-2021-25217, bsc#1186382, dhcp-CVE-2021-25217.patch: A buffer
  overrun in lease file parsing code can be used to exploit a
  common vulnerability shared by dhcpd and dhclient.
dracut
- fix(shutdown): add timeout to umount calls (bsc#1178219)
  * add 0624-shutdown-guard-against-read-only-run.patch
  * add 0625-shutdown-sleep-a-little-if-a-process-was-killed.patch
  * add 0626-fix-shutdown-add-timeout-to-umount-calls.patch
- support network setup on infiniband devices (bsc#996146)
  * add 0623-net-lib.sh-support-infiniband-network-mac-addresses.patch
gcc10
- SLE12 only, adjust gcc10-rpmlintrc to ignore bogus
  libgcc_s1-gcc10.s390x: E: invalid-license (Badness: 100000)
  GPL-3.0 WITH GCC-exception-3.1  [bsc#1185337]
- Update to GCC 10.3.0 release (63fa67847628e5f358e7e2e7e), git1587
- Disable nvptx offloading for aarch64 again since it doesn't work
- Update to gcc-10 branch head (892024d4af83b258801ff7484), git1574
  * Includes GCC 10.3 RC1
- Update to gcc-10 branch head (592388d4f6e8a6adb470428fe), git1450
- Update to gcc-10 branch head (85977f624a34eac309f9d77a5), git1331
  * Includes fix for [bsc#1182016]
- The 32bit nvptx libgomp plugin is no longer built, do not attempt
  to package it.
- Remove include-fixed/pthread.h
- Change GCC exception licenses to SPDX format
- Update to gcc-10 branch head (e563687cf9d3d1278f45aaebd), git1030
  * Includes fix for firefox build [gcc#97918]
- Do not specify alternate offload compiler location at
  configure time.
- Update README.First-for.SuSE.packagers
- Install offload compilers for gcc10-testresults build
- Enable fortran for offload compilers.
- Add gcc10-amdgcn-llvm-as.patch to fix build of amdgcn offload
  compiler with llvm11.
- Update to gcc-10 branch head (98ba03ffe0b9f37b4916ce6238), git958.
  * Includes fix for memcpy miscompilation on aarch64.
    [bsc#1178624, bsc#1178577]
- Fix 32bit libgnat.so link.  [bsc#1178675]
- prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it
  stays /%lib. (boo#1029961)
- Update to gcc-10 branch head (a78cd759754c92cecbf235ac9b), git872.
- Build complete set of multilibs for arm-none target [bsc#1106014]
  * Fixes inadvertant mixture of ARM and Thumb instructions in linker output
glib2
- Add glib2-CVE-2021-27218.patch: g_byte_array_new_take takes a
  gsize as length but stores in a guint, this patch will refuse if
  the length is larger than guint. (bsc#1182328,
  glgo#GNOME/glib!1944)
- Add glib2-CVE-2021-27219-add-g_memdup2.patch: g_memdup takes a
  guint as parameter and sometimes leads into an integer overflow,
  so add a g_memdup2 function which uses gsize to replace it.
  (bsc#1182362, glgo#GNOME/glib!1927, glgo#GNOME/glib!1933,
  glgo#GNOME/glib!1943)
glibc
- s390-memmove-ifunc-selector-arch13.patch: S390: Also check vector
  support in memmove ifunc-selector (bsc#1184034, BZ #27511)
- iconv-redundant-shift.patch: iconv: Accept redundant shift sequences in
  IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224)
- iconv-ucs4-loop-bounds.patch: iconv: Fix incorrect UCS4 inner loop
  bounds (CVE-2020-29562, bsc#1179694, BZ #26923)
- printf-long-double-non-normal.patch: x86: Harden printf against
  non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649)
grub2
- Fix executable stack in grub-emu (bsc#1181696)
  * 0001-emu-fix-executable-stack-marking.patch
gzip
- fix DFLTCC segfault [bsc#1177047]
- added patches
  fix https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=be0a534ba2b6e77da289de8da79e70843b1028cc
  + gzip-1.10-fix-DFLTCC-segfault.patch
- gzip.spec: move %patch10 from the ifarch condition (mistake)
- add gzip-1.10-fix_count_of_lines_to_skip.patch to fix count
  of lines to skip [bsc#1180713]
irqbalance
- Increase size of procinterrupts line readings by factor 32 (bsc#1184592)
  A procinterrupts_read_buffer_increase.patch
- Use _fillupdir in spec file to also build against latest distros
  which could be useful for comparing versions in case we get yet
  another bug.
- not balancing interrupts in Xen guests (bsc#1178477, bsc#1183405)
  A procinterrupts-check-xen-dyn-event-more-flexible.patch
kernel-default
- smsc95xx: avoid memory leak in smsc95xx_bind (git-fixes).
- commit 1640fc2
- smsc95xx: check return value of smsc95xx_reset (git-fixes).
- commit 00f3661
- net: cxgb4: fix return error value in t4_prep_fw (git-fixes).
- commit 6c63ec6
- net: bcmgenet: use hardware padding of runt frames (git-fixes).
- commit 20467c9
- blacklist.conf: Add fe6bdfc8e1e1 mm: fix oom_kill event handling
- commit 016ac3f
- blacklist.conf: Add e81bf9793b18 mem_cgroup: make sure moving_account, move_lock_task and stat_cpu in the same cacheline
- commit 0632aad
- Don't drop out of segments RST if tcp_be_liberal is set
  (bsc#1183947).
- Avoid potentially erroneos RST drop (bsc#1183947).
- commit 4727a1c
- Update
  patches.suse/net-fix-race-condition-in-__inet_lookup_established.patch
  (bsc#1151794 bsc#1180624).
- handle also the opposite type of race condition
- commit 7737da1
- powerpc/perf: Fix PMU constraint check for EBB events
  (bsc#1065729).
- powerpc/64s: Fix pte update for kernel memory on radix
  (bsc#1055117 git-fixes).
- powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729).
- powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729).
- powerpc/fadump: Mark fadump_calculate_reserve_size as __init
  (bsc#1065729).
- stop_machine: mark helpers __always_inline (bsc#1087405
  git-fixes).
- commit 25e3769
- ibmvnic: queue reset work in system_long_wq (bsc#1152457
  ltc#174432 git-fixes).
- ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681
  git-fixes).
- ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432
  git-fixes).
- ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432
  git-fixes).
- ibmvnic: clean up the remaining debugfs data structures
  (bsc#1065729).
- ibmvnic: remove duplicate napi_schedule call in open function
  (bsc#1065729).
- ibmvnic: remove duplicate napi_schedule call in do_reset
  function (bsc#1065729).
- ibmvnic: avoid calling napi_disable() twice (bsc#1065729).
- commit 46cbce7
- KVM: Add proper lockdep assertion in I/O bus unregister
  (CVE-2020-36312 bsc#1184509).
- KVM: Stop looking for coalesced MMIO zones if the bus is
  destroyed (CVE-2020-36312 bsc#1184509).
- KVM: Destroy I/O bus devices on unregister failure _after_
  sync'ing SRCU (CVE-2020-36312 bsc#1184509).
- commit bc1f707
- btrfs: fix qgroup data rsv leak caused by falloc failure
  (bsc#1185549).
- commit e1218ad
- btrfs: track qgroup released data in own variable in
  insert_prealloc_file_extent (bsc#1185549).
- commit bf772b7
- Refresh
  patches.suse/ibmvnic-Use-skb_frag_address-instead-of-hand-coding-.patch.
- Refresh
  patches.suse/scsi-ibmvfc-Fix-invalid-state-machine-BUG_ON.patch.
- Refresh
  patches.suse/scsi-lpfc-Change-wording-of-invalid-pci-reset-log-me.patch.
- Refresh
  patches.suse/scsi-lpfc-Correct-function-header-comments-related-t.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-ADISC-handling-that-never-frees-nodes.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-FLOGI-failure-due-to-accessing-a-freed.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-PLOGI-ACC-to-be-transmit-after-REG_LOG.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-crash-caused-by-switch-reboot.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-dropped-FLOGI-during-pt2pt-discovery-r.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-incorrect-dbde-assignment-when-buildin.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-lpfc_els_retry-possible-null-pointer-d.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-nodeinfo-debugfs-output.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-null-pointer-dereference-in-lpfc_prep_.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-pt2pt-connection-does-not-recover-afte.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-pt2pt-state-transition-causing-rmmod-h.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-reftag-generation-sizing-errors.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-stale-node-accesses-on-stale-RRQ-reque.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-status-returned-in-lpfc_els_retry-erro.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-unnecessary-null-check-in-lpfc_release.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-use-after-free-in-lpfc_els_free_iocb.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-vport-indices-in-lpfc_find_vport_by_vp.patch.
- Refresh
  patches.suse/scsi-lpfc-Reduce-LOG_TRACE_EVENT-logging-for-vports.patch.
- Refresh
  patches.suse/scsi-lpfc-Update-copyrights-for-12.8.0.7-and-12.8.0..patch.
- Refresh
  patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.8.patch.
- commit d057148
- scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1185491).
- scsi: qla2xxx: Reuse existing error handling path (bsc#1185491).
- scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491).
- scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491).
- scsi: qla2xxx: Do logout even if fabric scan retries got
  exhausted (bsc#1185491).
- scsi: qla2xxx: Update default AER debug mask (bsc#1185491).
- scsi: qla2xxx: Fix mailbox recovery during PCIe error
  (bsc#1185491).
- scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491).
- scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491).
- scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()
  (bsc#1185491).
- scsi: qla2xxx: Fix use after free in bsg (bsc#1185491).
- scsi: qla2xxx: Consolidate zio threshold setting for both FCP &
  NVMe (bsc#1185491).
- scsi: qla2xxx: Fix stuck session (bsc#1185491).
- scsi: qla2xxx: Add H:C:T info in the log message for fc ports
  (bsc#1185491).
- scsi: qla2xxx: Fix IOPS drop seen in some adapters
  (bsc#1185491).
- scsi: qla2xxx: Check kzalloc() return value (bsc#1185491).
- scsi: qla2xxx: Always check the return value of
  qla24xx_get_isp_stats() (bsc#1185491).
- scsi: qla2xxx: Simplify qla8044_minidump_process_control()
  (bsc#1185491).
- scsi: qla2xxx: Suppress Coverity complaints about dseg_r*
  (bsc#1185491).
- scsi: qla2xxx: Fix endianness annotations (bsc#1185491).
- scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491).
- scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491).
- scsi: qla2xxx: Fix a couple of misdocumented functions
  (bsc#1185491).
- scsi: qla2xxx: Fix incorrectly named function
  qla8044_check_temp() (bsc#1185491).
- scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491).
- scsi: qla2xxx: Fix some incorrect formatting/spelling issues
  (bsc#1185491).
- scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores
  (bsc#1185491).
- scsi: qla2xxx: Fix broken #endif placement (bsc#1185491).
- scsi: qla2xxx: Simplify if statement (bsc#1185491).
- scsi: qla2xxx: Simplify the calculation of variables
  (bsc#1185491).
- scsi: qla2xxx: Fix some memory corruption (bsc#1185491).
- scsi: qla2xxx: Remove redundant NULL check (bsc#1185491).
- scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491).
- scsi: qla2xxx: Assign boolean values to a bool variable
  (bsc#1185491).
- scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result
  value (bsc#1185491).
- scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491).
- scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER
  (bsc#1185491).
- scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491).
- scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe
  (bsc#1185491).
- scsi: qla2xxx: Move some messages from debug to normal log level
  (bsc#1185491).
- scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491).
- scsi: qla2xxx: Implementation to get and manage host, target
  stats and initiator port (bsc#1185491).
- commit 9add63f
- blacklist.conf: kthread: Fixes debugging of the life cycle of work struct.
  Broken for ages. Disabled in our configuration.
- commit 4600ed3
- scsi: lpfc: Fix DMA virtual address ptr assignment in bsg
  (bsc#1185365).
- scsi: lpfc: Fix illegal memory access on Abort IOCBs
  (bsc#1183203).
- scsi: lpfc: Copyright updates for 12.8.0.9 patches
  (bsc#1185472).
- scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472).
- scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c
  (bsc#1185472).
- scsi: lpfc: Standardize discovery object logging format
  (bsc#1185472).
- scsi: lpfc: Fix various trivial errors in comments and log
  messages (bsc#1185472).
- scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic
  (bsc#1185472).
- scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored
  (bsc#1185472).
- scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login
  (bsc#1185472).
- scsi: lpfc: Fix silent memory allocation failure in
  lpfc_sli4_bsg_link_diag_test() (bsc#1185472).
- scsi: lpfc: Fix use-after-free on unused nodes after port swap
  (bsc#1185472).
- scsi: lpfc: Fix error handling for mailboxes completed in
  MBX_POLL mode (bsc#1185472).
- scsi: lpfc: Fix lack of device removal on port swaps with PRLIs
  (bsc#1185472).
- scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock
  dependency (bsc#1185472).
- scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp()
  (bsc#1185472).
- scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering
  a LOGO response (bsc#1185472).
- scsi: lpfc: Fix rmmod crash due to bad ring pointers to
  abort_iotag (bsc#1185472).
- scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472).
- scsi: lpfc: Fix a typo (bsc#1185472).
- scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472).
- scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472).
- scsi: lpfc: Fix incorrectly documented function
  lpfc_debugfs_commonxripools_data() (bsc#1185472).
- scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472).
- scsi: lpfc: Fix a bunch of kernel-doc misdemeanours
  (bsc#1185472).
- scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record()
  (bsc#1185472).
- scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472).
- scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472).
- scsi: lpfc: Fix some error codes in debugfs (bsc#1185472).
- commit 9b1fc9d
- blacklist.conf: 6840a150b9da x86/platform/uv: Set section block size for hubless architectures
- commit 69952b3
- scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089).
- scsi: smartpqi: Correct pqi_sas_smp_handler busy condition
  (bsc#1178089).
- scsi: smartpqi: Correct driver removal with HBA disks
  (bsc#1178089).
- commit b86c984
- x86/microcode: Check for offline CPUs before requesting new
  microcode (bsc#1114648).
- commit 0e9f5a9
- x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access
  (bsc#1114648).
- commit 560878d
- blacklist.conf: cosmetic fix
- commit 6fee0e9
- blacklist.conf: breaks kABI
- commit ee91288
- blacklist.conf: breaks kABI
- commit 505df6e
- USB: CDC-ACM: fix poison/unpoison imbalance (bsc#1184984).
- commit 7e0d30e
- ext4: find old entry again if failed to rename whiteout
  (bsc#1184742).
- commit 78ebad3
- blacklist.conf: Blacklist 163f0ec1df33
- commit 720273a
- struct usbip_device kABI fixup (git-fixes).
- commit 0fd7372
- mm: fix memory_failure() handling of dax-namespace metadata
  (bsc#1185335).
- commit ee11ea2
- isofs: release buffer head before return (bsc#1182613).
- commit 77a0f46
- ext4: fix potential error in ext4_do_update_inode (bsc#1184731).
- commit a3b0213
- Refresh patches.suse/kabi-nvme-fix-fast_io_fail_tmo.patch.
- commit fd1b885
- Refresh patches.kabi/kABI-powerpc-pseries-Add-shutdown-to-vio_driver-and-.patch.
  Remove unused variables.
- commit 5afb3a3
- netfilter: x_tables: Use correct memory barriers (bsc#1184208
  CVE-2021-29650).
- commit 719c6a8
- libnvdimm/label: Return -ENXIO for no slot in __blk_label_update
  (bsc#1185269).
- libnvdimm/namespace: Fix reaping of invalidated
  block-window-namespace labels (bsc#1185269).
- libnvdimm/security: ensure sysfs poll thread woke up and fetch
  updated attr (FATE#325581 git-fixes).
- commit a0e750c
- usbip: synchronize event handler with sysfs code paths
  (git-fixes).
- commit acf38ba
- usbip: stub-dev synchronize sysfs code paths (git-fixes).
- commit 823e744
- usbip: add sysfs_lock to synchronize sysfs code paths
  (git-fixe).
- commit 50a6377
- locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (bsc#1185041).
- commit 10fa764
- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
- commit 52805ed
- video: hyperv_fb: Fix a double free in hvfb_probe (bsc#1175306, git-fixes).
- commit 6525186
- kabi: nvme: fix fast_io_fail_tmo (bsc#1181161).
- commit 946c302
- nvme-fabrics: reject I/O to offline device (bsc#1181161).
- commit f350de4
- nvme-rdma: fix possible hang when failing to set io queues
  (bsc#1181161).
- commit 483532f
- nvme-tcp: fix possible hang when failing to set io queues
  (bsc#1181161).
- commit 9cbcf79
- nvme-tcp: avoid request double completion for concurrent
  nvme_tcp_timeout (bsc#1181161).
- commit 5d7efff
- nvme-rdma: avoid request double completion for concurrent
  nvme_rdma_timeout (bsc#1181161).
- commit 874ba7a
- nvme-tcp: avoid repeated request completion (bsc#1181161).
- commit d03513c
- nvme-rdma: avoid repeated request completion (bsc#1181161).
- commit f966c6f
- nvme-tcp: avoid race between time out and tear down
  (bsc#1181161).
- commit 0d3fdc1
- nvme-rdma: avoid race between time out and tear down
  (bsc#1181161).
- commit 86d008a
- nvme: introduce nvme_sync_io_queues (bsc#1181161).
- commit e825cc9
- nvme-fabrics: allow to queue requests for live queues
  (bsc#1181161).
- commit 34580bf
- nvme-rdma: fix timeout handler (bsc#1181161).
- commit eb26c44
- Rename patches.suse/nvme-tcp-fix-timeout-handler-0475a8dcbce.patch
  to patches.suse/nvme-tcp-fix-timeout-handler-236187c4ed1.patch
  Fix commit hash.
- commit eab5e6c
- nvme-rdma: serialize controller teardown sequences
  (bsc#1181161).
- commit 3224558
- nvme-tcp: fix timeout handler (bsc#1181161).
- commit ad9445b
- nvme-tcp: serialize controller teardown sequences (bsc#1181161).
- commit 6512d6e
- nvme-fabrics: don't check state NVME_CTRL_NEW for request
  acceptance (bsc#1181161).
- commit 75ddcf5
- nvme-rdma: fix controller reset hang during traffic
  (bsc#1181161).
- commit 3af85d2
- nvme-tcp: fix controller reset hang during traffic
  (bsc#1181161).
- commit 05f5595
- nvme: unlink head after removing last namespace (bsc#1181161).
- commit 7c6236e
- nvme: prevent warning triggered by nvme_stop_keep_alive
  (bsc#1181161).
- commit 185de02
- nvme: introduce "/Command Aborted By host"/ status code
  (bsc#1181161).
- commit 60e88a4
- nvme: include admin_q sync with nvme_sync_queues (bsc#1181161).
- commit 7b513f6
- kabi: Fix nvmet error log definitions (bsc#1181161).
- commit a418644
- kabi: Fix breakage in NVMe driver (bsc#1181161).
  Fix to the changes introduced by patch
  patches.suse/nvme-make-fabrics-command-run-on-a-separate-request-.patch
- commit 43484f2
- nvme: make fabrics command run on a separate request queue
  (bsc#1181161).
- Refresh
  patches.suse/nvme-fc-set-max_segments-to-lldd-max-value.patch.
  Context adjustment in refreshed patch.
- commit e6ded5f
- nvme: introduce nvme_is_fabrics to check fabrics cmd
  (bsc#1181161).
- commit d199d08
- nvme-pci: Sync queues on reset (bsc#1181161).
- commit de40441
- nvmet: add error log support for fabrics-cmd (bsc#1181161).
- commit 79b998d
- nvmet: add error-log definitions (bsc#1181161).
- commit f930c73
- nvme: add error log page slot definition (bsc#1181161).
- commit c79088e
- nvme: Restart request timers in resetting state (bsc#1181161).
- commit 15193d1
- x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd
  (bsc#1114648).
- commit 7f932b3
- fs: direct-io: fix missing sdio->boundary (bsc#1184736).
- commit 8d88c09
- reiserfs: update reiserfs_xattrs_initialized() condition
  (bsc#1184737).
- commit 4fcda8e
- ocfs2: fix deadlock between setattr and dio_end_io_write
  (bsc#1185197).
- commit eef2905
- ocfs2: fix a use after free on error (bsc#1184738).
- commit f94368e
- block: recalculate segment count for multi-segment discards
  correctly (bsc#1184724).
- commit 4b986d3
- blk-settings: align max_sectors on "/logical_block_size"/ boundary
  (bsc#1185195).
- commit e5a6cd7
- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
  Previously essiv was part of dm-crypt but now it is separate.
  Include the module in kernel-obs-build when available.
  Fixes: 7cf5b9e26d87 ("/rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup"/)
- commit fe15b78
- kABI: powerpc/pseries: Add shutdown() to vio_driver and vio_bus
  (bsc#1184209 ltc#190917).
- commit 52ce711
- mmc: sdhci-of-esdhc: set the sd clock divisor value above 3 (git-fixes).
- commit b715781
- iopoll: introduce read_poll_timeout macro (git-fixes).
- commit 0ee886a
- scsi: libsas: docs: Remove notify_ha_event() (git-fixes).
- rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (git-fixes).
- gpio: mvebu: update Armada XP per-CPU comment (git-fixes).
- dpaa_eth: copy timestamp fields to new skb in A-050385 workaround (git-fixes).
- mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes).
- netsec: ignore 'phy-mode' device property on ACPI systems (git-fixes).
- drivers/perf: thunderx2_pmu: Fix memory resource error handling (git-fixes).
- spi: spi-fsl-dspi: Fix little endian access to PUSHR CMD and TXDATA (git-fixes).
- mmc: sdhci-of-esdhc: fix up erratum A-008171 workaround (git-fixes).
- commit e233228
- Revert "/rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)"/
  This turned out to be a bad idea: the kernel-$flavor-devel package
  must be usable without kernel-$flavor, e.g. at the build of a KMP.
  And this change brought superfluous installation of kernel-preempt
  when a system had kernel-syms (bsc#1185113).
- commit d771304
- blacklist.conf: cosmetic fix for logging
- commit 94c31b3
- blacklist.conf: not supported
- commit 0916f44
- powerpc/pseries: Add shutdown() to vio_driver and vio_bus
  (bsc#1184209 ltc#190917).
- commit a31d712
- blacklist.conf: kABI
- commit 1e5513c
- blacklist.conf: This patch is not needed and the source suspicious
- commit 8fcbef9
- rpm/check-for-config-changes: add AS_HAS_* to ignores
  arch/arm64/Kconfig defines a lot of these. So far our current compilers
  seem to support them all. But it can quickly change with SLE later.
- commit a4d8194
- blacklist.conf: This is a cleanup, not a bugfix
- commit cad531e
- PCI: mobiveil: ls_pcie_g4: fix SError when accessing config
  space (fate#326572).
- PCI: mobiveil: ls_pcie_g4: add Workaround for A-011451
  (fate#326572).
- PCI: mobiveil: ls_pcie_g4: add Workaround for A-011577
  (fate#326572).
- commit 7bad307
- PCI: mobiveil: Add PCIe Gen4 RC driver for Layerscape SoCs
  (fate#326572).
- PCI: mobiveil: Add Header Type field check (fate#326572).
- PCI: mobiveil: Add 8-bit and 16-bit CSR register accessors
  (fate#326572).
- PCI: mobiveil: Allow mobiveil_host_init() to be used to re-init
  host (fate#326572).
- PCI: mobiveil: Add callback function for link up check
  (fate#326572).
- PCI: mobiveil: Add callback function for interrupt
  initialization (fate#326572).
- PCI: mobiveil: Modularize the Mobiveil PCIe Host Bridge IP
  driver (fate#326572).
- PCI: mobiveil: Collect the interrupt related operations into
  a function (fate#326572).
- PCI: mobiveil: Move the host initialization into a function
  (fate#326572).
- PCI: mobiveil: Introduce a new structure mobiveil_root_port
  (fate#326572).
- PCI: mobiveil: Use pci_parse_request_of_pci_ranges()
  (fate#326572).
- PCI: mobiveil: Fix csr_read()/write() build issue (fate#326572).
- PCI: mobiveil: Fix the CPU base address setup in inbound window
  (fate#326572).
- PCI: mobiveil: Fix INTx interrupt clearing in
  mobiveil_pcie_isr() (fate#326572).
- PCI: mobiveil: Fix infinite-loop in the INTx handling function
  (fate#326572).
- PCI: mobiveil: Move PCIe PIO enablement out of inbound window
  routine (fate#326572).
- PCI: mobiveil: Add upper 32-bit PCI base address setup in
  inbound window (fate#326572).
- PCI: mobiveil: Add upper 32-bit CPU base address setup in
  outbound window (fate#326572).
- PCI: mobiveil: Mask out hardcoded bits in inbound/outbound
  windows setup (fate#326572).
- PCI: mobiveil: Clear the control fields before updating it
  (fate#326572).
- PCI: mobiveil: Add configured inbound windows counter
  (fate#326572).
- PCI: mobiveil: Fix the valid check for inbound and outbound
  windows (fate#326572).
- PCI: mobiveil: Clean-up program_{ib/ob}_windows() (fate#326572).
- PCI: mobiveil: Remove an unnecessary return value check
  (fate#326572).
- PCI: mobiveil: Fix error return values (fate#326572).
- PCI: mobiveil: Refactor the MEM/IO outbound window
  initialization (fate#326572).
- PCI: mobiveil: Make some register updates more readable
  (fate#326572).
- PCI: mobiveil: Reformat the code for readability (fate#326572).
- PCI: mobiveil: Fix devfn check in mobiveil_pcie_valid_device()
  (fate#326572).
- PCI: mobiveil: Initialize Primary/Secondary/Subordinate bus
  numbers (fate#326572).
- PCI: mobiveil: Move IRQ chained handler setup out of DT parse
  (fate#326572).
- PCI: mobiveil: Move the link up waiting out of
  mobiveil_host_init() (fate#326572).
- PCI: mobiveil: Fix the Class Code field (fate#326572).
- PCI: mobiveil: Use the 1st inbound window for MEM inbound
  transactions (fate#326572).
- PCI: mobiveil: Use WIN_NUM_0 explicitly for CFG outbound window
  (fate#326572).
- PCI: mobiveil: Update the resource list traversal function
  (fate#326572).
- PCI: mobiveil: Fix PCI base address in MEM/IO outbound windows
  (fate#326572).
- PCI: mobiveil: Remove the flag MSI_FLAG_MULTI_PCI_MSI
  (fate#326572).
- PCI: mobiveil: Unify register accessors (fate#326572).
- commit 3a1efb0
- arm64: PCI: mobiveil: remove driver
  Prepare to replace it with upstreamed driver
- commit cb561c6
- ibmvnic: Continue with reset if set link down failed
  (bsc#1184350 ltc#191533).
- commit 30c9b12
- bpf: Tighten speculative pointer arithmetic mask (bsc#1184942
  CVE-2021-29155).
- bpf: Move sanitize_val_alu out of op switch (bsc#1184942
  CVE-2021-29155).
- bpf: Refactor and streamline bounds check into helper
  (bsc#1184942 CVE-2021-29155).
- bpf: Improve verifier error messages for users (bsc#1184942
  CVE-2021-29155).
- bpf: Rework ptr_limit into alu_limit and add common error path
  (bsc#1184942 CVE-2021-29155).
- bpf: Ensure off_reg has no mixed signed bounds for all types
  (bsc#1184942 CVE-2021-29155).
- bpf: Move off_reg into sanitize_ptr_alu (bsc#1184942
  CVE-2021-29155).
- commit c3fe286
- x86/reboot: Force all cpus to exit VMX root if VMX is supported
  (bsc#1114648).
- commit d9f8108
- powerpc/mm: Add cond_resched() while removing hpte mappings
  (bsc#1183289 ltc#191637).
- powerepc/book3s64/hash: Align start/end address correctly with
  bolt mapping (bsc#1184957).
- commit 03bcdd6
- Refresh patches.suse/powerpc-pseries-extract-host-bridge-from-pci_bus-pri.patch.
  Update patch metadata.
- commit 5af983a
- blacklist.conf: 725f41339a70 Documentation/ABI: sysfs-platform-ideapad-laptop: update device attribute paths
- commit 5e8b194
- blacklist.conf: Add b6b79dd53082 powerpc/64s: Fix allnoconfig build
  since uaccess flush
- commit e9d5937
- Refresh ppc L1D flush patch metadata.
- commit 9db13af
- Refresh patches.suse/scsi-ibmvfc-Fix-invalid-state-machine-BUG_ON.patch.
  Update patch metadata.
- commit 68dd5c0
- Refresh sorted section.
- commit 6e2223f
- x86/insn: Add some more Intel instructions to the opcode map
  (bsc#1184760).
- commit 01615b3
- x86/insn: Add some Intel instructions to the opcode map
  (bsc#1184760).
- commit e0b3855
- i40e: Fix sparse warning: missing error code 'err'
  (jsc#SLE-4797).
- net/mlx5: Fix PBMC register mapping (bsc#1103990 FATE#326006).
- net/mlx5: Fix placement of log_max_flow_counter (bsc#1046303
  FATE#322944).
- net: hns3: clear VF down state bit before request link status
  (bsc#1104353 FATE#326415).
- i40e: Fix display statistics for veb_tc (bsc#1111981 FATE#326312
  FATE#326313).
- xdp: fix xdp_return_frame() kernel BUG throw for page_pool
  memory model (bsc#1109837).
- ice: Cleanup fltr list in case of allocation issues (bsc#1118661
  FATE#325277).
- ice: Fix for dereference of NULL pointer (bsc#1118661
  FATE#325277).
- cxgb4: avoid collecting SGE_QBASE regs during traffic
  (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583
  bsc#1097584).
- i40e: Fix kernel oops when i40e driver removes VF's (bsc#1101816
  FATE#325147 FATE#325149).
- sch_red: fix off-by-one checks in red_check_params()
  (bsc1056787).
- libbpf: Use SOCK_CLOEXEC when opening the netlink socket
  (bsc#1109837).
- igc: Fix Supported Pause Frame Link Setting (jsc#SLE-4799).
- igc: Fix Pause Frame Advertising (jsc#SLE-4799).
- igc: reinit_locked() should be called with rtnl_lock
  (bsc#1118657 FATE#325278).
- veth: Store queue_mapping independently of XDP prog presence
  (bsc#1109837).
- commit b87565b
- blacklist.conf: no gadgets on SLE12
- commit 705f2a3
- USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem
  (git-fixes).
- commit ca68b3d
- USB: cdc-acm: fix use-after-free after probe failure
  (git-fixes).
- commit c0da8c9
- usb: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing
  (git-fixes).
- commit c7d1f1a
- xhci: Improve detection of device initiated wake signal
  (git-fixes).
- commit d0a77d2
- USB: serial: ch341: add new Product ID (git-fixes).
- commit 7bb3017
- USB: serial: cp210x: add some more GE USB IDs (git-fixes).
- commit 2c2ad26
- USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter
  (git-fixes).
- commit bfdb380
- blacklist.conf: miksattributed patch
- commit 3c48b33
- usbip: fix vudc to check for stream socket (git-fixes).
- commit efb8af5
- rpm/check-for-config-changes: remove stale comment
  It is stale since 8ab393bf905a committed in 2005 :).
- commit c9f9f5a
- blacklist.conf: 66c1b6d74cd7 x86: Move TS_COMPAT back to asm/thread_info.h
- commit eaad302
- x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall()
  (bsc#1114648).
- commit c21571e
- rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650)
- commit f37613f
- Update bsc#1184170 fixes to fix a mistakenly modified BPF instruction
- Refresh
  patches.suse/bpf-Fix-32-bit-src-register-truncation-on-div-mod.patch.
- Refresh
  patches.suse/bpf-Fix-truncation-handling-for-mod32-dst-reg-wrt-ze.patch
- commit e62aa97
- scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647
  ltc#191231).
- commit 1ab0429
- blacklist.conf: not relevant in our kernel configs
- commit ec5d73b
- USB: cdc-acm: downgrade message to debug (git-fixes).
- commit 2bd134c
- USB: cdc-acm: untangle a circular dependency between callback
  and softint (git-fixes).
- commit 0c7da9f
- block: fix use-after-free on cached last_lookup partition
  (bsc#1181062).
- commit cec6159
- cdc-acm: fix BREAK rx code path adding necessary calls
  (git-fixes).
- commit 7475641
- KVM: SVM: avoid infinite loop on NPF from bad address (CVE-2020-36310 bsc#1184512).
- commit a90e23c
- rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)
  The devel package requires the kernel binary package itself for building
  modules externally.
- commit 794be7b
- KVM: fix memory leak in kvm_io_bus_unregister_dev() (CVE-2020-36312 bsc#1184509).
- commit 8663791
- xen/events: fix setting irq affinity (bsc#1184583 XSA-332
  CVE-2020-27673).
- commit de73046
- bpf, x86: Validate computation of branch displacements for
  x86-64 (bsc#1184391 CVE-2021-29154).
- commit 1d1eb4d
- nfc: Avoid endless loops caused by repeated llcp_sock_connect()
  (CVE-2020-25673 bsc#1178181).
- nfc: fix memory leak in llcp_sock_connect() (CVE-2020-25672
  bsc#1178181).
- nfc: fix refcount leak in llcp_sock_connect() (CVE-2020-25671
  bsc#1178181).
- nfc: fix refcount leak in llcp_sock_bind() (CVE-2020-25670
  bsc#1178181).
- commit 71faffc
- KVM: SVM: Periodically schedule when unregistering regions on
  destroy (bsc#1184511 CVE-2020-36311).
- commit e140650
- rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12.
- commit bd64cb2
- post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388).
- commit 18f65df
- Update bsc#1184170 fixes to do 32bit jump correctly
- Refresh
  patches.suse/bpf-Fix-32-bit-src-register-truncation-on-div-mod.patch.
- Refresh
  patches.suse/bpf-Fix-truncation-handling-for-mod32-dst-reg-wrt-ze.patch.
- commit c609295
- vsprintf: Fix off-by-one bug in bstr_printf() processing
  dereferenced pointers (bsc#1184494).
- commit 805c27f
- vsprintf: Do not preprocess non-dereferenced pointers for
  bprintf (%px and %pK) (bsc#1184494).
- commit 0b97bdc
- vsprintf: Do not have bprintf dereference pointers
  (bsc#1184494).
- commit 80afc77
- x86/ioapic: Ignore IRQ2 again (12sp5).
- commit 39145aa
- cifs: do not send close in compound create+close requests
  (bsc#1181507).
- commit 46494be
- blacklist.conf: 3c4fa46b30c5 vmlinux.lds.h: add DWARF v5 sections
- commit cc5662a
- s390/pci: Fix s390_mmio_read/write with MIO (LTC#192079
  bsc#1183755).
- Remove the above commit from blacklist.conf.
- commit 2d2a3e6
- blacklist.conf: 04b38d012556 seccomp: Add missing return in non-void function
- commit 216df69
- x86/mem_encrypt: Correct physical address calculation in
  __set_clr_pte_enc() (12sp5).
- commit 6ee2964
- fuse: fix live lock in fuse_iget() (bsc#1184211 CVE-2021-28950).
- fuse: fix bad inode (bsc#1184211 CVE-2020-36322).
- commit 920863f
- blacklist.conf: Add bbda4b6c7d7c powerpc/sstep: Fix load-store and
  update emulation
- commit dd9a936
- powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).
- commit 2c0bf1e
- media: v4l: ioctl: Fix memory leak in video_usercopy
  (bsc#1184120 CVE-2021-30002).
- commit 08b20fe
- powerpc/64s: Fix instruction encoding for lis in
  ppc_function_entry() (bsc#1065729).
- powerpc/pseries/ras: Remove unused variable 'status'
  (bsc#1065729).
- commit 20b7a66
- locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes).
- commit 45ffcfe
- firewire: nosy: Fix a use-after-free bug in nosy_ioctl()
  (CVE-2021-3483 bsc#1184393).
- commit 9292696
- Update patch reference of tty fix (CVE-2021-20219 bsc#1184397)
- commit b4b1b38
- usbip: fix vhci_hcd to check for stream socket (git-fixes).
- Refresh
  patches.suse/usbip-fix-vhci_hcd-attach_store-races-leading-to-gpf.patch.
- commit 70c3d49
- usbip: fix stub_dev to check for stream socket (git-fixes).
- Refresh
  patches.suse/usbip-fix-stub_dev-usbip_sockfd_store-races-leading-.patch.
- commit abf5924
- blacklist.conf: breaks existing setups by changing driver
- commit 0faa5d2
- USB: replace hardcode maximum usb string length by definition
  (git-fixes).
- commit 6542627
- ibmvnic: Use 'skb_frag_address()' instead of hand coding it
  (bsc#1184114 ltc#192237).
- commit e6e04c1
- powerpc/pseries/mobility: handle premature return from H_JOIN
  (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).
- powerpc/pseries/mobility: use struct for shared state
  (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).
- commit 77026bf
- net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)
- commit 1c59b58
- btrfs: fix race when cloning extent buffer during rewind of
  an old root (bsc#1184193 CVE-2021-28964).
- commit 8039ed4
- bpf: Fix truncation handling for mod32 dst reg wrt zero
  (bsc#1184170 CVE-2021-3444).
- bpf: Fix 32 bit src register truncation on div/mod
  (bsc#1184170).
- commit 0962666
- bpf: fix subprog verifier bypass by div/mod by 0 exception (bsc#1184170).
- Refresh
  patches.suse/bpf-move-tmp-variable-into-ax-register-in-interprete.patch.
- commit 4d5a2c3
- perf/x86/intel: Fix a crash caused by zero PEBS status
  (CVE-2021-28971 bsc#1184196).
- commit 40c1d32
- can: peak_usb: Revert "/can: peak_usb: add forgotten supported
  devices"/ (git-fixes).
- commit ce12f1c
- xen-blkback: don't leak persistent grants from xen_blkbk_map()
  (bsc#1183646, CVE-2021-28688, XSA-371).
- commit 55909b8
- cifs: New optype for session operations (bsc#1181507).
- commit 0589666
- bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes).
- drm/msm: fix shutdown hook in case GPU components failed to bind
  (git-fixes).
- net: cdc-phonet: fix data-interface release on probe failure
  (git-fixes).
- mac80211: fix double free in ibss_leave (git-fixes).
- mac80211: fix rate mask reset (git-fixes).
- can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning
  (git-fixes).
- can: c_can: move runtime PM enable/disable to c_can_platform
  (git-fixes).
- can: c_can_pci: c_can_pci_remove(): fix use-after-free
  (git-fixes).
- can: peak_usb: add forgotten supported devices (git-fixes).
- usb-storage: Add quirk to defeat Kindle's automatic unload
  (git-fixes).
- drm/radeon: fix AGP dependency (git-fixes).
- gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).
- ACPI: scan: Rearrange memory allocation in acpi_device_add()
  (git-fixes).
- commit b5b682d
- blacklist.conf: Add a983b5ebee57 mm: memcontrol: fix excessive complexity in memory.stat reporting
  This comes in with prerequisites too (see bsc#1181515):
  c9019e9bf42e mm: memcontrol: eliminate raw access to stat and event counters
  284542656e22 mm: memcontrol: implement lruvec stat functions on top of each other
- commit 367c366
- smb3: fix crediting for compounding when only one request in
  flight (bsc#1181507).
- commit c7a78f7
- cifs: Tracepoints and logs for tracing credit changes
  (bsc#1181507).
- commit f855df5
- smb3: add dynamic trace point to trace when credits obtained
  (bsc#1181507).
- commit a0f7421
- cifs: return proper error code in statfs(2) (bsc#1181507).
- commit 385c2d2
- cifs: change noisy error message to FYI (bsc#1181507).
- commit a0316cd
- cifs: print MIDs in decimal notation (bsc#1181507).
- commit d0f60f0
- cifs_debug: use %pd instead of messing with ->d_name
  (bsc#1181507).
- commit fafdc18
- blacklist.conf: Add 2 futex cleanups
  4610ba7ad877 exit/exec: Seperate mm_release()
  f24f22435dcc futex: Set task::futex_state to DEAD right after handling futex exit
- commit c93310f
- usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
  (CVE-2021-29265 bsc#1184167).
- commit 6095add
- gianfar: fix jumbo packets+napi+rx overrun crash (CVE-2021-29264
  bsc#1184168).
- commit 9dcbb37
- PCI: rpadlpar: Fix potential drc_name corruption in store
  functions (CVE-2021-28972 bsc#1184198).
- commit 6348e09
- net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()
  (CVE-2021-29647 bsc#1184192).
- commit 3ab36f2
- blacklist.conf: Append 'drm/amdgpu: Prevent shift wrapping in amdgpu_read_mask()'
- commit 18575d7
- bpf: Add sanity check for upper ptr_limit (bsc#1183686
  bsc#1183775).
- bpf: Simplify alu_limit masking for pointer arithmetic
  (bsc#1183686 bsc#1183775).
- bpf: Fix off-by-one for area size in creating mask to left
  (bsc#1183775 CVE-2020-27171).
- bpf: Prohibit alu ops for pointer types not defining ptr_limit
  (bsc#1183686 CVE-2020-27170).
- commit dbf16ca
- drm/compat: Clear bounce structures (bsc#1129770)
  Backporting notes:
  * context changes
- commit 2531261
- drm/mediatek: Fix aal size config (bsc#1129770)
  Backporting notes:
  * access I/O memory with writel()
- commit 47fcf17
- drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if (bsc#1129770)
  Backporting notes:
  * context changes
- commit 0c6609b
- drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#1129770)
  Backporting notes:
  * context changes
- commit a04af7a
- powerpc/rtas: Unexport rtas_online_cpus_mask, rtas_offline_cpus_mask
  (bsc#1181674 ltc#189159).
- kabi/severities: Add rtas_online_cpus_mask, rtas_offline_cpus_mask
- Refresh patches.suse/powerpc-rtas-don-t-online-CPUs-for-partition-suspend.patch.
- Refresh patches.suse/powerpc-rtas-rtas_ibm_suspend_me-rtas_ibm_suspend_me.patch.
- commit 566f7fb
- blacklist.conf: designed to remove a symbol
- commit cbe2c33
- powerpc/pseries: Add empty update_numa_cpu_lookup_table() for NUMA=n
  (bsc#1181674 ltc#189159).
- Refresh patches.suse/powerpc-numa-Fix-build-when-CONFIG_NUMA-n.patch.
- Refresh patches.suse/pseries-hotplug-memory-hot-add-skip-redundant-LMB-lo.patch.
- commit f24ccf8
- mmc: sdhci-of-arasan: Add missed checks for devm_clk_register()
  (git-fixes).
- commit 638c3db
- mmc: core: Use DEFINE_DEBUGFS_ATTRIBUTE instead of
  DEFINE_SIMPLE_ATTRIBUTE.
- commit fc2cd08
- powerpc/numa: Suppress "/VPHN is not supported"/ messages
  (bsc#1181674 ltc#189159).
- commit a3b1fb7
- powerpc/pseries: Generalize hcall_vphn() (bsc#1181674 ltc#189159).
- commit fe02c7f
- blacklist.conf: updated blacklisting for android stuff
- commit 8f6a7aa
- Bluetooth: hci_uart: Fix a race for write_work scheduling
  (git-fixes).
- commit 62e5d20
- Bluetooth: hci_uart: Cancel init work before unregistering
  (git-fixes).
- commit 973ab66
- powerpc: Convert to using %pOFn instead of device_node.name
  (bsc#1181674 ltc#189159).
- powerpc/vio: Use device_type to detect family (bsc#1181674
  ltc#189159).
- Refresh patches.suse/powerpc-Convert-to-using-pOF-instead-of-full_name.patch.
- powerpc: Fix some spelling mistakes (bsc#1181674 ltc#189159).
- commit cbb3ede
- blacklist.conf: Add 5ae5fbd21079 powerpc/perf: Fix handling of privilege
  level checks in perf interrupt context
- commit c266583
- kernel/smp: make csdlock timeout depend on boot parameter
  (bsc#1180846).
  Conflicts:
  series.conf
- commit 3347663
- Fix a wrong refcount_*() usage for atomic type in a CAN fix patch
  Refresh patches.suse/can-skb-can_skb_set_owner-fix-ref-counting-if-socket.patch
- commit d1389d4
- s390/vtime: fix increased steal time accounting (bsc#1183861).
- commit d39388a
- Refresh patches.suse/ibmvnic-Report-actual-backing-device-speed-and-duple.patch.
  Fix constant name typo.
- commit d1dde40
- iio: gyro: mpu3050: Fix error handling in
  mpu3050_trigger_handler (git-fixes).
- iio: hid-sensor-temperature: Fix issues of timestamp channel
  (git-fixes).
- iio: hid-sensor-humidity: Fix alignment issue of timestamp
  channel (git-fixes).
- iio: hid-sensor-prox: Fix scale not correct issue (git-fixes).
- iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID
  channel (git-fixes).
- firmware/efi: Fix a use after bug in efi_mem_reserve_persistent
  (git-fixes).
- staging: comedi: pcl818: Fix endian problem for AI command data
  (git-fixes).
- staging: comedi: pcl711: Fix endian problem for AI command data
  (git-fixes).
- staging: comedi: me4000: Fix endian problem for AI command data
  (git-fixes).
- staging: comedi: dmm32at: Fix endian problem for AI command data
  (git-fixes).
- staging: comedi: das800: Fix endian problem for AI command data
  (git-fixes).
- staging: comedi: das6402: Fix endian problem for AI command data
  (git-fixes).
- staging: comedi: adv_pci1710: Fix endian problem for AI command
  data (git-fixes).
- staging: comedi: addi_apci_1500: Fix endian problem for command
  sample (git-fixes).
- staging: comedi: addi_apci_1032: Fix endian problem for COS
  sample (git-fixes).
- usb: gadget: f_uac2: always increase endpoint max_packet_size
  by one audio slot (git-fixes).
- drm: meson_drv add shutdown function (git-fixes).
- ethernet: alx: fix order of calls on resume (git-fixes).
- can: skb: can_skb_set_owner(): fix ref counting if socket was
  closed before setting skb ownership (git-fixes).
- net: usb: ax88179_178a: fix missing stop entry in driver_info
  (git-fixes).
- commit 1a6cc3d
- blacklist.conf: Add the reverted capabilities entry
- commit 8b8ccc6
- Revert "/PM: runtime: Update device status before letting
  suppliers suspend"/ (git-fixes).
- commit a4aaa8d
- Refresh
  patches.suse/PCI-rpadlpar-Fix-potential-drc_name-corruption-in-st.patch.
- commit 8072e02
- net: core: introduce __netdev_notify_peers (bsc#1184114 ltc#192237 bsc#1183871
  ltc#192139).
- commit 3c95b4d
- ibmvnic: prefer strscpy over strlcpy (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- ibmvnic: remove unused spinlock_t stats_lock definition
  (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- ibmvnic: add comments for spinlock_t definitions (bsc#1184114 ltc#192237 bsc#1183871
  ltc#192139).
- Refresh patches.suse/ibmvnic-serialize-access-to-work-queue-on-remove.patch
- Refresh patches.suse/net-re-solve-some-conflicts-after-net-net-next-merge.patch
- ibmvnic: fix miscellaneous checks (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- ibmvnic: avoid multiple line dereference (bsc#1184114 ltc#192237 bsc#1183871
  ltc#192139).
- ibmvnic: fix braces (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- ibmvnic: fix block comments (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- Refresh patches.suse/ibmvnic-fix-a-race-between-open-and-reset.patch.
- Refresh patches.suse/ibmvnic-serialize-access-to-work-queue-on-remove.patch.
- Refresh patches.suse/net-re-solve-some-conflicts-after-net-net-next-merge.patch.
- ibmvnic: prefer 'unsigned long' over 'unsigned long int'
  (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- ibmvnic: remove unnecessary rmb() inside ibmvnic_poll
  (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- ibmvnic: rework to ensure SCRQ entry reads are properly ordered
  (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours
  (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- ibmvnic: merge do_change_param_reset into do_reset (bsc#1184114 ltc#192237 bsc#1183871
  ltc#192139).
- Refresh patches.suse/ibmvnic-fix-a-race-between-open-and-reset.patch
- use __netdev_notify_peers in ibmvnic (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- commit 3734d3f
- s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).
- commit 8c59846
- powerpc/book3s64/radix: Remove WARN_ON in destroy_context()
  (bsc#1183692 ltc#191963).
- commit 502f840
- Fix a typo in r8188eu fix patch that caused a build error (CVE-2021-28660 bsc#1183593)
- commit b574698
- Update patch reference for x25 fix (CVE-2020-35519 bsc#1183696)
- commit c241986
- staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
  (CVE-2021-28660 bsc#1183593).
- commit 5b4b262
- Input: i8042 - add ASUS Zenbook Flip to noselftest list
  (git-fixes).
- HID: make arrays usage and value to be the same (git-fixes).
- amba: Fix resource leak for drivers without .remove (git-fixes).
- auxdisplay: ht16k33: Fix refresh rate handling (git-fixes).
- mmc: sdhci-esdhc-imx: fix kernel panic when remove module
  (git-fixes).
- ALSA: hda/realtek: modify EAPD in the ALC886 (git-fixes).
- media: uvcvideo: Allow entities with no pads (git-fixes).
- staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table
  (git-fixes).
- Bluetooth: Fix null pointer dereference in
  amp_read_loc_assoc_final_data (git-fixes).
- wlcore: Fix command execute failure 19 for wl12xx (git-fixes).
- Input: i8042 - unbreak Pegatron C15B (git-fixes).
- commit f404253
- net: usb: qmi_wwan: allow qmimux add/del with master up
  (git-fixes).
- i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition (git-fixes).
- pwm: rockchip: rockchip_pwm_probe(): Remove superfluous
  clk_unprepare() (git-fixes).
- PCI: Align checking of syscall user config accessors
  (git-fixes).
- phy: rockchip-emmc: emmc_phy_init() always return 0 (git-fixes).
- random: fix the RNDRESEEDCRNG ioctl (git-fixes).
- dmaengine: hsu: disable spurious interrupt (git-fixes).
- commit 9e9703a
- qxl: Fix uninitialised struct field head.surface_id (git-fixes).
- rsxx: Return -EFAULT if copy_to_user() fails (git-fixes).
- PM: runtime: Update device status before letting suppliers
  suspend (git-fixes).
- commit 168eef3
- mwifiex: pcie: skip cancel_work_sync() on reset failure path
  (git-fixes).
- commit 0d0d4c6
- block: rsxx: fix error return code of rsxx_pci_probe()
  (git-fixes).
- mmc: core: Fix partition switch time for eMMC (git-fixes).
- media: usbtv: Fix deadlock on suspend (git-fixes).
- ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits
  (git-fixes).
- drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register
  (git-fixes).
- misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B
  eeprom (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA
  controller (git-fixes).
- commit 9ed37e5
- staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan()
  (git-fixes).
- staging: ks7010: prevent buffer overflow in ks_wlan_set_scan()
  (git-fixes).
- staging: rtl8712: unterminated string leads to read overflow
  (git-fixes).
- USB: serial: io_edgeport: fix memory leak in edge_startup
  (git-fixes).
- usbip: fix vhci_hcd attach_store() races leading to gpf
  (git-fixes).
- usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
  (git-fixes).
- ALSA: hda: Drop the BATCH workaround for AMD controllers
  (git-fixes).
- usbip: tools: fix build error for multiple definition
  (git-fixes).
- usbip: Fix unsafe unaligned pointer usage (git-fixes).
- commit dcfbe6d
- Update tags
  patches.suse/ext4-check-journal-inode-extents-more-carefully.patch
  (bsc#1173485 bsc#1183509 CVE-2021-3428).
- commit f1fc1ff
- blacklist.conf: e504e74cc3a2 x86/unwind/orc: Disable KASAN checking in the ORC unwinder, part 2
- commit c84c06b
- Input: raydium_ts_i2c - do not send zero length (git-fixes).
- commit aa9058d
- Input: xpad - add support for PowerA Enhanced Wired Controller
  for Xbox Series X|S (git-fixes).
- commit fc4a172
- Input: xpad - sync supported devices with fork on GitHub
  (git-fixes).
- commit 6727923
- sched/fair: Fix wrong cpu selecting from isolated domain (git-fixes)
- commit 8bc9984
- xsk: Remove dangling function declaration from header file
  (bsc#1109837).
- ixgbe: fail to create xfrm offload of IPsec tunnel mode SA
  (bsc#1113994 FATE#326315 FATE#326317).
- net: hns3: fix bug when calculating the TCAM table info
  (bsc#1104353 FATE#326415).
- net: hns3: fix query vlan mask value error for flow director
  (bsc#1104353 FATE#326415).
- RDMA/uverbs: Fix kernel-doc warning of _uverbs_alloc
  (bsc#1103992 FATE#326009).
- ice: Account for port VLAN in VF max packet size calculation
  (bsc#1118661 FATE#325277).
- commit 9ab092a
- rpadlpar: fix potential drc_name corruption in store functions
  (bsc#1183416 ltc#191079).
- commit f097dfb
- blacklist.conf: misattributed patch
- commit b8012a0
- sched/vtime: Fix guest/system mis-accounting on task switch (git-fixes)
- commit 3eff91e
- rcu: Allow only one expedited GP to run concurrently with (git-fixes)
- commit 1c81724
- blk-mq: move _blk_mq_update_nr_hw_queues synchronize_rcu call
  (CVE-2020-0433 bsc#1176720).
- blk-mq: Allow blocking queue tag iter callbacks (CVE-2020-0433
  bsc#1176720 bsc#1167316).
- commit 7fb1c08
- Update
  patches.suse/Xen-gnttab-handle-p2m-update-errors-on-a-per-slot-ba.patch
  (bsc#1183022 XSA-367 CVE-2021-28038): added CVE number
- Update
  patches.suse/xen-netback-respect-gnttab_map_refs-s-return-value.patch
  (bsc#1183022 XSA-367 CVE-2021-28038): added CVE number
- commit cfcdec5
- xen/events: avoid handling the same event on two cpus at the
  same time (bsc#1183638 XSA-332 CVE-2020-27673).
- commit 89c8a49
- xen/events: don't unmask an event channel when an eoi is pending
  (bsc#1183638 XSA-332 CVE-2020-27673).
- commit e4088d0
- xen/events: reset affinity of 2-level event when tearing it down
  (bsc#1183638 XSA-332 CVE-2020-27673).
- commit 6e06fe9
- platform/x86: i2c-multi-instantiate: Don't create platform
  device for INT3515 ACPI nodes (git-fixes).
- commit 782e32b
- rcu: Fix missed wakeup of exp_wq waiters (git-fixes)
- commit 5ea5eaf
- mmc: cqhci: Fix random crash when remove mmc module/card
  (git-fixes).
- commit 0a502d7
- xfs: Fix assert failure in xfs_setattr_size() (git-fixes).
- commit 35f33f2
- jfs: Fix array index bounds check in dbAdjTree  (bsc#1179454 CVE-2020-27815).
- commit 981c2ff
- scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes
  (bsc#1182574).
- scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574).
- scsi: lpfc: Correct function header comments related to ndlp
  reference counting (bsc#1182574).
- scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports
  (bsc#1182574).
- scsi: lpfc: Change wording of invalid pci reset log message
  (bsc#1182574).
- scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574).
- scsi: lpfc: Fix pt2pt state transition causing rmmod hang
  (bsc#1182574).
- scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).
- scsi: lpfc: Fix ADISC handling that never frees nodes
  (bsc#1182574).
- scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN
  (bsc#1182574).
- scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery
  (bsc#1182574).
- scsi: lpfc: Fix status returned in lpfc_els_retry() error exit
  path (bsc#1182574).
- scsi: lpfc: Fix use after free in lpfc_els_free_iocb
  (bsc#1182574).
- scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb()
  (bsc#1182574).
- scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf
  (bsc#1182574).
- scsi: lpfc: Fix pt2pt connection does not recover after LOGO
  (bsc#1182574).
- scsi: lpfc: Fix lpfc_els_retry() possible null pointer
  dereference (bsc#1182574).
- scsi: lpfc: Fix FLOGI failure due to accessing a freed node
  (bsc#1182574).
- scsi: lpfc: Fix stale node accesses on stale RRQ request
  (bsc#1182574).
- scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574).
- scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid()
  (bsc#1182574).
- scsi: lpfc: Fix incorrect dbde assignment when building target
  abts wqe (bsc#1182574).
- scsi: lpfc: Fix 'physical' typos (bsc#1182574).
- scsi: lpfc: Fix ancient double free (bsc#1182574).
- scsi: lpfc: Fix kerneldoc inconsistency in
  lpfc_sli4_dump_page_a0() (bsc#1182574).
- scsi: lpfc: Fix EEH encountering oops with NVMe traffic
  (bsc#1182574).
- commit a7b9a06
- RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709)
- commit 7108ca4
- blacklist.conf: Blacklist 3 fixes
  5bcaf3e1715f KVM: x86/mmu: Account NX huge page disallowed iff huge page was requested
  c1c35cf78bfa KVM: x86: cleanup CR3 reserved bits checks
  07956b6269d3 vfio/type1: Use follow_pte()
- commit 6d5f66d
- iommu/amd: Fix sleeping in atomic in increase_address_space()
  (bsc#1183378).
- KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off
  (bsc#1183382).
- iommu/vt-d: Do not use flush-queue when caching-mode is on
  (bsc#1183381).
- iommu/intel: Fix memleak in intel_irq_remapping_alloc
  (bsc#1183379).
- iommu/vt-d: Avoid panic if iommu init fails in tboot system
  (bsc#1183380).
- commit 4058135
- bpf_lru_list: Read double-checked variable once without lock
  (git-fixes).
- commit 58feadd
- bpf,x64: Pad NOPs to make images converge more easily
  (bsc#1178163).
- commit 6da56b0
- blacklist.conf: Append 'drm/sun4i: tcon: set sync polarity for tcon1 channel'
- commit f1ed2f6
- blacklist.conf: Append 'drm/virtio: use kvmalloc for large allocations'
- commit 209eb54
- drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (bsc#1129770)
- commit f4a4479
- gma500: clean up error handling in init (bsc#1129770)
- commit 3b04901
- drm/gma500: Fix error return code in psb_driver_load() (bsc#1129770)
- commit 46e188f
- ibmvnic: remove excessive irqsave (bsc#1065729).
- commit 41f0fdc
- usb: quirks: add quirk to start video capture on ELMO L-12F
  document camera reliable (git-fixes).
- commit 5cd8800
- USB: serial: option: update interface mapping for ZTE P685M
  (git-fixes).
- commit 676c0d7
- USB: usblp: don't call usb_set_interface if there's a single
  alt (git-commit).
- commit 37882ab
- rpm/check-for-config-changes: comment on the list
  To explain what it actually is.
- commit e94bacf
- rpm/check-for-config-changes: define ignores more strictly
  * search for whole words, so make wildcards explicit
  * use ' for quoting
  * prepend CONFIG_ dynamically, so it need not be in the list
- commit f61e954
- rpm/check-for-config-changes: sort the ignores
  They are growing so to make them searchable by humans.
- commit 67c6b55
- rpm/check-for-config-changes: add -mrecord-mcount ignore
  Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig)
  upstream.
- commit 018b013
- blacklist.conf: Add futex exit livelock fix
  This is a very minor issue and the solution ultimately requires
  modifying task_struct and hence a kabi hazzard.
- commit d7ec789
- blacklist.conf:  Add 7aa54be29765 (locking/qspinlock, x86: Provide liveness guarantee)
- commit 230033e
- lib/crc32test: remove extra local_irq_disable/enable
  (git-fixes).
- tick/sched: Annotate lockless access to last_jiffies_update
  (git-fixes).
- futex: Prevent robust futex exit race (git-fixes).
- selinux: never allow relabeling on context mounts (git-fixes).
- commit e9521df
- USB: serial: option: add Quectel EM160R-GL (git-fixes).
- commit 9e1c755
- drm/atomic: Create __drm_atomic_helper_crtc_reset() for subclassing (bsc#1142635)
  Backporting notes:
  * taken for 427c4a0680a2 ("/drm/vc4: crtc: Rework a bit the CRTC state code"/)
  * renamed drm_atomic_state_helper.{c,h} to drm_atomic_helper.{c,h}
  * context changes
- commit eb66de0
- drm: mxsfb: check framebuffer pitch (bsc#1129770)
  Backporting notes:
  * context changes
- commit 8ef761a
- blacklist.conf: Append 'drm/vc4: gem: Add a managed action to cleanup the job queue'
- commit cbd6147
- blacklist.conf: Append 'drm/vc4: bo: Add a managed action to cleanup the cache'
  Also fixes a few trailing whitespaces.
- commit afbae29
- drm/vc4: hdmi: Avoid sleeping in atomic context (bsc#1129770)
  Backporting notes:
  * context changes
- commit a33cb30
- drm/vc4: crtc: Rework a bit the CRTC state code (bsc#1129770)
  Backporting notes:
  * context changes
- commit e062423
- drm: rcar-du: Put reference to VSP device (bsc#1129770)
  Backporting notes:
  * context changes
- commit b3a7aad
- Correct bugzilla reference (CVE-2021-27365 CVE-2021-27363 CVE-2021-27364 bsc#1182716 bsc#1182717 bsc#1182715)
- commit e2a0905
- scsi: iscsi: Verify lengths on passthrough PDUs (CVE-2021-27365
  bsc#182715).
- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
  (CVE-2021-27365 bsc#182715).
- scsi: iscsi: Restrict sessions and handles to admin capabilities
  (CVE-2021-27363 CVE-2021-27364 bsc#182716 bsc#182717).
- commit ee332c8
- video: fbdev: atmel_lcdfb: fix return error code in (bsc#1129770)
  Backporting notes:
  * context changes
  * fallout from trailing whitespaces
- commit dcc7b1d
- blacklist.conf: blacklist btrfs subpage related fixes
  Btrfs subpage RW support won't arrive until SLE15-SP4.
- commit 413d368
- blacklist.conf: 6af112b11a4b ("/btrfs: Relinquish CPUs in btrfs_compare_trees"/)
- commit 5bb218c
- Refresh patches.suse/btrfs-don-t-flush-from-btrfs_delayed_inode_reserve_metadata.patch.
- Refresh
  patches.suse/btrfs-free-correct-amount-of-space-in-btrfs_delayed_inode_reserve_metadata.patch.
- Refresh
  patches.suse/btrfs-unlock-extents-in-btrfs_zero_range-in-case-of-errors.patch.
- commit b0a3d1b
- bfq: Fix kABI for update internal depth state when queue depth
  changes (bsc#1172455).
- bfq: update internal depth state when queue depth changes
  (bsc#1172455).
- commit b297b71
- s390/dasd: fix hanging offline processing due to canceled worker
  (bsc#1175165).
- commit f244248
- ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844).
- commit ddd95bf
- rpm/check-for-config-changes: declare sed args as an array
  So that we can reuse it in both seds.
  This also introduces IGNORED_CONFIGS_RE array which can be easily
  extended.
- commit a1976d2
- xen-netback: respect gnttab_map_refs()'s return value
  (bsc#1183022 XSA-367).
- commit 6e61f26
- Xen/gnttab: handle p2m update errors on a per-slot basis
  (bsc#1183022 XSA-367).
- commit 1ab6d01
- rpm/check-for-config-changes: ignore more configs
  Specifially, these:
  * CONFIG_CC_HAS_*
  * CONFIG_CC_HAVE_*
  * CONFIG_CC_CAN_*
  * CONFIG_HAVE_[A-Z]*_COMPILER
  * CONFIG_TOOLS_SUPPORT_*
  are compiler specific too. This will allow us to use super configs
  using kernel's dummy-tools.
- commit d12dcbd
- ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions
  (bsc#1184114 ltc#192237 bsc#1183023 ltc#191791).
- ibmvnic: simplify reset_long_term_buff function (bsc#1184114 ltc#192237 bsc#1183023
  ltc#191791).
- commit 02451ce
- printk: fix deadlock when kernel panic (bsc#1183018).
- commit 7eedc22
- net: phy: micrel: set soft_reset callback to genphy_soft_reset
  for KSZ8081 (bsc#1119113 FATE#326472).
- i40e: Fix endianness conversions (bsc#1109837 bsc#1111981
  FATE#326312).
- i40e: Fix add TC filter for IPv6 (bsc#1109837 bsc#1111981
  FATE#326312).
- i40e: Add zero-initialization of AQ command structures
  (bsc#1109837 bsc#1111981 FATE#326312).
- RDMA/rxe: Remove useless code in rxe_recv.c (bsc#1103992
  FATE#326009).
- IB/mlx5: Return appropriate error code instead of ENOMEM
  (bsc#1103991 FATE#326007).
- RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation
  (bsc#1103991 FATE#326007).
- cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size
  same in cxgb4 and ulds (bsc#1104270 FATE#325931).
- net: bridge: use switchdev for port flags set through sysfs too
  (bsc#1112374).
- net: hns3: add a check for index in hclge_get_rss_key()
  (bsc#1126390).
- net: hns3: add a check for queue_id in hclge_reset_vf_queue()
  (bsc#1104353 FATE#326415).
- net/mlx5e: Update max_opened_tc also when channels are closed
  (bsc#1103990 FATE#326006).
- igc: check return value of ret_val in
  igc_config_fc_after_link_up (bsc#1118657 FATE#325278).
- igc: set the default return value to -IGC_ERR_NVM in
  igc_write_nvm_srwr (bsc#1118657 FATE#325278).
- igc: Report speed and duplex as unknown when device is runtime
  suspended (jsc#SLE-4799).
- commit 3630f09
- cifs: fix nodfs mount option (bsc#1179755).
- commit dee56ab
- cifs: introduce helper for finding referral server
  (bsc#1179755).
- commit c62619b
- ibmvnic: Fix possibly uninitialized old_num_tx_queues variable
  warning (bsc#1184114 ltc#192237).
- commit f00c0cb
- blacklist.conf: c7ff651960a6 ("/blktrace: fix blk_rq_issue documentation"/)
  Cosmetic.
- commit 66da7c5
- blacklist.conf: 179d16007236 ("/block: remove superfluous param in blk_fill_rwbs()"/)
  Cleanup only.
- commit bf7db6d
- drm: panel: Fix bpc for OrtusTech COM43H4M85ULC panel (bsc#1129770)
- commit f0f50ff
- kernel/smp: add more data to CSD lock debugging (bsc#1180846).
- commit 930d17b
- kernel/smp: prepare more CSD lock debugging (bsc#1180846).
- commit 3bd1765
- Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG for x86 (bsc#1180846).
- commit d5adfde
- kernel/smp: add boot parameter for controlling CSD lock
  debugging (bsc#1180846).
- commit 5b6e485
- Update config files: disable CONFIG_CSD_LOCK_WAIT_DEBUG (bsc#1180846).
- commit 9235f8e
- kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846).
- commit aeb2f8a
- kABI: Fix kABI after modifying struct __call_single_data
  (bsc#1180846).
- commit c58266b
- smp: Add source and destination CPUs to __call_single_data
  (bsc#1180846).
- commit 2875de9
- powerpc/numa: Fix build when CONFIG_NUMA=n (bsc#1132477
  ltc#175530).
- commit b3c95ee
- pseries/hotplug-memory: hot-add: skip redundant LMB lookup (bsc#1132477 ltc#175530).
- Refresh patches.suse/powerpc-pseries-group-lmb-operation-and-memblock-s.patch.
- commit a52e330
- powerpc/pseries: Don't enforce MSI affinity with kdump
  (bsc#1181655 ltc#190855).
- commit 4bdba9b
- pseries/drmem: don't cache node id in drmem_lmb struct (bsc#1132477 ltc#175530).
- Refresh patches.suse/powerpc-pseries-group-lmb-operation-and-memblock-s.patch.
- Refresh patches.suse/powerpc-pseries-update-device-tree-before-ejecting-h.patch.
- commit 6fa4854
- cifs: check all path components in resolved dfs target
  (bsc#1179755).
- commit f56466a
- powerpc/pseries/ras: Make init_ras_hotplug_IRQ() static
  (FATE#322022, bsc#1065729. git-fixes).
- powerpc/pseries/eeh: Make pseries_pcibios_bus_add_device()
  static (FATE#324970, bsc#1078720, git-fixes).
- commit 7239bdf
- blacklist.conf: Append 'drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()'
- commit 8a6d341
- Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() (git-fixes).
- commit f7cfdef
- drm: panel: Fix bus format for OrtusTech COM43H4M85ULC panel (bsc#1129770)
  Backporting notes:
  * context changes
- commit bf60d81
- drm/mediatek: Add missing put_device() call in mtk_drm_kms_init() (bsc#1152446)
  Backporting notes:
  * context changes
- commit 8c228c8
- drm/omap: fix max fclk divider for omap36xx (bsc#1152446)
- commit 66f5af7
- drm/etnaviv: replace MMU flush marker with flush sequence (bsc#1154048)
  Backporting notes:
  * context changes
- commit 442af11
- video: fbdev: acornfb: remove free_unused_pages() (bsc#1129770)
- commit 751f99c
- fbdev: aty: SPARC64 requires FB_ATY_CT (bsc#1129770)
- commit 1765555
- btrfs: correctly validate compression type (bsc#1182269).
- commit a3a7fc6
- mm, THP, swap: make reuse_swap_page() works for THP swapped out
  (partial) (CVE-2020-29368, bsc#1179660.).
- commit 556db3f
- mm: thp: fix MADV_REMOVE deadlock on shmem THP (CVE-2020-29368,
  bsc#1179660.).
- commit 4eb863b
- mm: thp: make the THP mapcount atomic against
  __split_huge_pmd_locked() (CVE-2020-29368, bsc#1179660.).
- commit 2881aaa
- USB: serial: mos7720: fix error code in mos7720_write()
  (git-fixes).
- USB: serial: mos7840: fix error code in mos7840_write()
  (git-fixes).
- USB: serial: mos7720: improve OOM-handling in read_mos_reg()
  (git-fixes).
- usb: musb: Fix runtime PM race in musb_queue_resume_work
  (git-fixes).
- commit cfd100c
- misc: eeprom_93xx46: Add module alias to avoid breaking support
  for non device tree users (git-fixes).
- Input: joydev - prevent potential read overflow in ioctl
  (git-fixes).
- power: reset: at91-sama5d2_shdwc: fix wkupdbc mask (git-fixes).
- mfd: wm831x-auxadc: Prevent use after free in
  wm831x_auxadc_read_irq() (git-fixes).
- regulator: axp20x: Fix reference cout leak (git-fixes).
- mmc: usdhi6rol0: Fix a resource leak in the error handling
  path of the probe (git-fixes).
- usb: dwc2: Make "/trimming xfer length"/ a debug message
  (git-fixes).
- usb: dwc2: Abort transaction after errors with unknown reason
  (git-fixes).
- usb: dwc2: Do not update data length if it is 0 on inbound
  transfers (git-fixes).
- commit 096faa8
- misc: eeprom_93xx46: Fix module alias to enable module autoprobe
  (git-fixes).
- Input: elo - fix an error code in elo_connect() (git-fixes).
- HID: core: detect and skip invalid inputs to snto32()
  (git-fixes).
- HID: wacom: Ignore attempts to overwrite the touch_max value
  from HID (git-fixes).
- tpm_tis: Fix check_locality for correct locality acquisition
  (git-fixes).
- media: pxa_camera: declare variable when DEBUG is defined
  (git-fixes).
- media: cx25821: Fix a bug when reallocating some dma memory
  (git-fixes).
- media: qm1d1c0042: fix error return code in qm1d1c0042_init()
  (git-fixes).
- staging: rtl8723bs: wifi_regd.c: Fix incorrect number of
  regulatory rules (git-fixes).
- reset: hisilicon: correct vendor prefix (git-fixes).
- commit 8f6059a
- hwrng: timeriomem - Fix cooldown period calculation (git-fixes).
- media: pwc: Use correct device for DMA (git-fixes).
- media: tm6000: Fix memleak in tm6000_start_stream (git-fixes).
- media: media/pci: Fix memleak in empress_init (git-fixes).
- media: vsp1: Fix an error handling path in the probe function
  (git-fixes).
- mac80211: fix potential overflow when multiplying to u32
  integers (git-fixes).
- Bluetooth: Put HCI device if inquiry procedure interrupts
  (git-fixes).
- Bluetooth: drop HCI device reference before return (git-fixes).
- Bluetooth: Fix initializing response id after clearing struct
  (git-fixes).
- commit 4a19bb2
- ASoC: cs42l56: fix up error handling in probe (git-fixes).
- ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode
  (git-fixes).
- ACPI: configfs: add missing check after
  configfs_register_default_group() (git-fixes).
- ACPI: property: Satisfy kernel doc validator (part 1)
  (git-fixes).
- ACPI: property: Fix fwnode string properties matching
  (git-fixes).
- b43: N-PHY: Fix the update of coef for the PHY revision >=
  3case (git-fixes).
- ath9k: fix data bus crash when setting nf_override via debugfs
  (git-fixes).
- Bluetooth: btqcomsmd: Fix a resource leak in error handling
  paths in the probe function (git-fixes).
- commit 47202f9
- net: re-solve some conflicts after net -> net-next merge
  (bsc#1184114 ltc#192237 bsc#1176855 ltc#187293).
- commit 33f0c91
- ibmvnic: fix a race between open and reset (bsc#1176855
  ltc#187293).
- commit 69f970b
- blacklist.conf: 2732be902353 KVM: nSVM: Don't strip host's C-bit from guest's CR3 when reading PDPTRs
- commit 94d535d
- vmxnet3: Remove buf_info from device accessible structures
  (bsc#1181671).
- commit 5b887b7
- Refresh
  patches.suse/powerpc-perf-hv-24x7-Dont-create-sysfs-event-files-f.patch.
- Refresh
  patches.suse/powerpc-pseries-dlpar-handle-ibm-configure-connector.patch.
- Refresh
  patches.suse/scsi-lpfc-Enhancements-to-LOG_TRACE_EVENT-for-better.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-FW-reset-action-if-I-Os-are-outstandin.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-NVMe-recovery-after-mailbox-timeout.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-PLOGI-S_ID-of-0-on-pt2pt-config.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-auto-sli_mode-and-its-effect-on-CONFIG.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-crash-when-a-fabric-node-is-released-p.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-error-log-messages-being-logged-follow.patch.
- Refresh patches.suse/scsi-lpfc-Fix-target-reset-failing.patch.
- Refresh patches.suse/scsi-lpfc-Fix-vport-create-logging.patch.
- Refresh
  patches.suse/scsi-lpfc-Implement-health-checking-when-aborting-I-.patch.
- Refresh
  patches.suse/scsi-lpfc-Prevent-duplicate-requests-to-unregister-w.patch.
- Refresh
  patches.suse/scsi-lpfc-Refresh-ndlp-when-a-new-PRLI-is-received-i.patch.
- Refresh patches.suse/scsi-lpfc-Simplify-bool-comparison.patch.
- Refresh
  patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.7.patch.
- Refresh
  patches.suse/scsi-lpfc-Use-the-nvme-fc-transport-supplied-timeout.patch.
- commit 188caef
- blacklist.conf: Add b4e00444cab4 fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
- commit 9bf5c9d
- btrfs: Unlock extents in btrfs_zero_range in case of errors (bsc#1182047).
- commit 4fe3d61
- btrfs: Simplify code flow in btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- commit 0a111f1
- btrfs: Remove btrfs_inode from btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- commit 6abec54
- blacklist:conf: Add 67197a4f28d2 mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary
- commit 6dd2fbd
- btrfs: Cleanup try_flush_qgroup (bsc#1182047).
- commit a9cc07f
- btrfs: Don't flush from btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- commit 8f524ac
- btrfs: Free correct amount of space in btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- commit 0e15c8a
- macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672).
  Since rpm 4.16 files installed during build phase are lost.
- commit d0b887e
- quota: Fix error codes in v2_read_file_info() (bsc#1182652).
- commit c407a14
- quota: Fix memory leak when handling corrupted quota file
  (bsc#1182650).
- commit cdd5891
- arm64: Update config file.
  Set CONFIG_WATCHDOG_SYSFS to true (bsc#1182560)
- commit 76d688e
- blacklist.conf: printk: not critical; allow to use the full buffer when
  using log dumpers
- commit 03f346d
- scsi: qla2xxx: Fix description for parameter
  ql2xenforce_iocb_limit (bsc#1179142).
- commit 9fdd14c
- fs: fix lazytime expiration handling in
  __writeback_single_inode() (bsc#1182466).
- commit 3cdb4a6
- writeback: Drop I_DIRTY_TIME_EXPIRE (bsc#1182460).
- commit 648fb2d
- fs: move I_DIRTY_INODE to fs.h (bsc#1182612).
  Refresh patches.suse/writeback-Avoid-skipping-inode-writeback.patch
- commit 8f47ef9
- reiserfs: add check for an invalid ih_entry_count (bsc#1182462).
- commit 956913c
- quota: Sanity-check quota file headers on load (bsc#1182461).
- commit 782f03a
- ext4: fix superblock checksum failure when setting password salt
  (bsc#1182465).
- commit ff57aed
- ext4: don't remount read-only with errors=continue on reboot
  (bsc#1182464).
- commit 7fbcd26
- ext4: fix deadlock with fs freezing and EA inodes (bsc#1182463).
- commit de9ba56
- libfs: fix error cast of negative value in simple_attr_write()
  (bsc#1179709).
- commit 71d2e55
- ext4: fix bug for rename with RENAME_WHITEOUT (bsc#1182449).
- commit a4cb81f
- ext4: fix a memory leak of ext4_free_data (bsc#1182447).
- commit c0f0b07
- blacklist.conf: Blacklist 75d18cd1868c
- commit 5b530eb
- block: fix use-after-free in disk_part_iter_next (bsc#1182610).
- commit f36fc46
- scsi: target: Fix truncated PR-in ReadKeys response
  (bsc#1182590).
- Refresh
  patches.suse/target-pr-add-backend-API-for-reservation-handling.patch.
- commit 0e2abd7
- scsi: target: fix unmap_zeroes_data boolean initialisation
  (bsc#1163617).
- commit c405ea7
- cifs: report error instead of invalid when revalidating a
  dentry fails (bsc#1177440).
- commit 3afaf84
- powerpc/book3s64/hash: Add cond_resched to avoid soft lockup
  warning (bsc#1182571 ltc#191345).
- commit fc0b5fc
- libnvdimm/dimm: Avoid race between probe and
  available_slots_show() (bsc#1170442).
- Use the above upstream patch to replace the following in-house patch,
  patches.suse/nvdimm-Avoid-race-between-probe-and-reading-device-a.patch.
- commit 80445ba
- ibmvnic: Set to CLOSED state even on error (bsc#1084610
  ltc#165122 git-fixes).
- commit c55ec38
- ibmvnic: serialize access to work queue on remove (bsc#1065729).
- commit 51d3e8a
- xfs: reduce quota reservation when doing a dax unwritten extent
  conversion (git-fixes bsc#1182561).
- commit ca4e119
- nvme-multipath: Early exit if no path is available (git-fixes).
- commit b1a1bbe
- dm: avoid filesystem lookup in dm_get_dev_t() (bsc#1178049).
- commit 84d4d79
- rpm/kernel-subpackage-build: Workaround broken bot
  (https://github.com/openSUSE/openSUSE-release-tools/issues/2439)
- commit b74d860
- tpm_tis: Clean up locality release (git-fixes).
- commit d8bc4b8
- xen-blkback: fix error handling in xen_blkbk_map() (XSA-365
  CVE-2021-26930 bsc#1181843).
- commit 0ed98dc
- xen-scsiback: don't "/handle"/ error by BUG() (XSA-362
  CVE-2021-26931 bsc#1181753).
- commit b067c04
- xen-netback: don't "/handle"/ error by BUG() (XSA-362
  CVE-2021-26931 bsc#1181753).
- commit 4c9cf8b
- xen-blkback: don't "/handle"/ error by BUG() (XSA-362
  CVE-2021-26931 bsc#1181753).
- commit 603464d
- xen/arm: don't ignore return errors from set_phys_to_machine
  (XSA-361 CVE-2021-26932 bsc#1181747).
- commit 9ff68db
- Xen/gntdev: correct error checking in gntdev_map_grant_pages()
  (XSA-361 CVE-2021-26932 bsc#1181747).
- commit 7fd73db
- Xen/gntdev: correct dev_bus_addr handling in
  gntdev_map_grant_pages() (XSA-361 CVE-2021-26932 bsc#1181747).
- commit 131ffb6
- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()
  (XSA-361 CVE-2021-26932 bsc#1181747).
- commit 4b44d15
- Xen/x86: don't bail early from clear_foreign_p2m_mapping()
  (XSA-361 CVE-2021-26932 bsc#1181747).
- commit 92a5a6c
- xen/netback: fix spurious event detection for common event case
  (bsc#1182175).
- commit 1f35f61
- s390/dasd: fix hanging offline processing due to canceled worker
  (bsc#1175165).
- commit 91d826b
- Refresh
  patches.suse/v2-0004-xen-netback-fix-spurious-event-detection-for-comm.patch.
- commit d1622c9
- x86/efistub: Disable paging at mixed mode entry (bsc#1114648).
- commit 326e0d6
- ibmvnic: skip send_request_unmap for timeout reset (bsc#1184114 ltc#192237 bsc#1182485
  ltc#191591).
- ibmvnic: add memory barrier to protect long term buffer
  (bsc#1184114 ltc#192237 bsc#1182485 ltc#191591).
- ibmvnic: Ensure that CRQ entry read are correctly ordered
  (bsc#1184114 ltc#192237 bsc#1182485 ltc#191591).
- commit 7ca1337
- blacklist.conf: dca5244d2f5b compiler.h: Raise minimum version of GCC to 5.1 for arm64
- commit 4dbb981
- KVM: VMX: hide flexpriority from guest when disabled at the
  module level (bsc#1182448).
- commit f906581
- mm: thp: kABI: move the added flag to the end of enum
  (bsc#1181896 ltc#191273).
- commit f9ba021
- KVM: VMX: check for existence of secondary exec controls before
  accessing (bsc#1182438).
- commit 66a7205
- tracing: Check length before giving out the filter buffer
  (git-fixes).
- commit b6e46ef
- tracing: Do not count ftrace events in top level enable output
  (git-fixes).
- commit f623a9c
- fgraph: Initialize tracing_graph_pause at task creation
  (git-fixes).
- commit 0ed99da
- mm/pmem: avoid inserting hugepage PTE entry with fsdax if
  hugepage support is disabled (bsc#1181896 ltc#191273).
- commit 190e41a
- blacklist.conf: bc310baf2ba3 x86/boot/compressed: Relax sed symbol type regex for LLVM ld.lld
- commit 36e3f38
- x86/entry/64/compat: Fix "/x86/entry/64/compat: Preserve r8-r11
  in int $0x80"/ (bsc#1114648).
- commit a1d1b7b
- x86/entry/64/compat: Preserve r8-r11 in int $0x80 (bsc#1114648).
- commit 42ed212
- USB: serial: option: Adding support for Cinterion MV31
  (git-fixes).
- commit 8d6b9ba
- USB: serial: cp210x: add pid/vid for WSDA-200-USB (git-fixes).
- commit 107c025
- USB: serial: cp210x: add new VID/PID for supporting Teraoka
  AD2000 (git-fixes).
- commit ad7a69c
- blacklist.conf: 6e7b64b9dd6d elfcore: fix building with clang
- commit f199c06
- x86/apic: Add extra serialization for non-serializing MSRs
  (bsc#1114648).
- commit 77f0fa8
- USB: cdc-acm: blacklist another IR Droid device (git-fixes).
- tools lib traceevent: Fix "/robust"/ test of
  do_generate_dynamic_list_file (git-fixes).
- commit 297a9c0
- blacklist.conf: fix is for clang only
- commit 3249803
- iwlwifi: exclude GEO SAR support for 3168 (git-fixes).
- commit dd7e4e1
- KVM: Fix kABI for set_virtual_apic_mode (bsc#1182310).
- commit b5848cd
- patches.suse/kvm-vmx-Basic-APIC-virtualization-controls-have-thre.patch:
  (bsc#1182310).
- commit 1c96332
- patches.suse/kvm-vmx-Introduce-lapic_mode-enumeration.patch:
  (bsc#1182307).
- commit 5d56e56
- net/mlx4_en: Handle TX error CQE (bsc#1181854).
- commit 9f0aa56
- kvm: apic: Flush TLB after APIC mode/address change if VPIDs
  are in use (bsc#1182302).
- commit ee126c4
- kernel-binary.spec: Add back initrd and image symlink ghosts to
  filelist (bsc#1182140).
  Fixes: 76a9256314c3 ("/rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082)."/)
- commit 606c9d1
- btrfs: prop: fix zstd compression parameter validation (bsc#1182269).
- commit 719d4b4
- btrfs: prepare for extensions in compression options (bsc#1182269).
- Refresh patches.suse/btrfs-add-zstd-support.patch.
- commit e4fc3db
- btrfs: prop: fix vanished compression property after failed set (bsc#1182269).
- commit 1012b4e
- rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058)
- commit c29e77d
- xen/netback: avoid race in xenvif_rx_ring_slots_available()
  (bsc#1065600).
- commit 6c994a2
- KVM: x86: emulating RDPID failure shall return #UD rather than
- commit 0415bb8
- btrfs: fix mount failure caused by race with umount (bsc#1182248).
- commit 03864cf
- btrfs: send, recompute reference path after orphanization of a directory (bsc#1182243).
- commit 5998946
- Btrfs: send, fix missing truncate for inode with prealloc extent past eof (bsc#1182173).
- commit 1612c34
- btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1182243 bsc#1182242).
- commit 1cb4c95
- KVM: Fix kABI for tlb_flush (bsc#1182195).
- commit a8a83a8
- powerpc/pseries: extract host bridge from pci_bus prior to
  bus removal (bsc#1182171 ltc#190900).
- commit 8a5c99f
- KVM: X86: introduce invalidate_gpa argument to tlb flush
  (bsc#1182195).
- Refresh patches.suse/29-kvm-svm-add-sev-module_param.patch.
- Refresh
  patches.suse/kvm-nvmx-don-t-flush-tlb-when-vmcs12-uses-vpid.
- commit 2a2649a
- KVM: x86: emulate RDPID (bsc#1182182).
- Refresh
  patches.suse/kvm-nvmx-check-io-instruction-vm-exit-conditions.
- Refresh
  patches.suse/kvm-nvmx-don-t-emulate-instructions-in-guest-mode.
- Refresh
  patches.suse/kvm-vmx-check-descriptor-table-exits-on-instruction-emulation.
- commit f886871
- xen/netback: fix spurious event detection for common event case
  (bsc#1182175).
- commit 2340e6b
- Btrfs: incremental send, fix file corruption when no-holes feature is  enabled (bsc#1182184).
- commit 923bb4b
- Btrfs: send, fix incorrect file layout after hole punching beyond eof (bsc#1182173).
- commit 69bd0e9
- blacklist.conf: eff8728fe698 vmlinux.lds.h: Add PGO and AutoFDO input sections
  By the time this gets interesting for us, we would've gotten it with a kernel
  update.
- commit f920944
- btrfs: send: fix invalid clone operations when cloning from the same  file and root (bsc#1182173)
- commit a9e55bb
- Btrfs: send, fix emission of invalid clone operations within the same  file (bsc#1182173)
- commit dd18034
- Btrfs: send, allow clone operations within the same file (bsc#1182173)
- commit fbca21a
- Btrfs: send, do not issue unnecessary truncate operations (bsc#1182173)
- Refresh
  patches.suse/btrfs-fix-send-failure-when-root-has-deleted-files-s.patch.
- commit ed02cc5
- blacklist.conf: misattributed s390/vfio-ap fix.
- commit d069404
- powerpc/perf/hv-24x7: Dont create sysfs event files for dummy
  events (bsc#1182118 ltc#190624).
- commit 9e191d1
- Btrfs: fix data bytes_may_use underflow with fallocate due to failed  quota reserve (bsc#1182130)
- commit 57d0136
- Btrfs: fix hole extent items with a zero size after range cloning (bsc#1182038).
- commit 3fb5369
- Btrfs: fix cloning range with a hole when using the NO_HOLES feature (bsc#1182038).
- Refresh
  patches.suse/btrfs-use-the-file-extent-tree-infrastructure.patch.
- commit cf61154
- btrfs: fix lost i_size update after cloning inline extent (bsc#1181998).
- commit 68d59ed
- xen/netback: avoid race in xenvif_rx_ring_slots_available()
  (bsc#1065600).
- commit 8f2c4d9
- xen-blkfront: allow discard-* nodes to be optional
  (bsc#1181346).
- commit 32a7674
- btrfs: don't set path->leave_spinning for truncate (bsc#1181998).
- commit 72ff950
- btrfs: delete the ordered isize update code (bsc#1181998).
- commit 70537be
- btrfs: replace all uses of btrfs_ordered_update_i_size (bsc#1181998).
- Refresh
  patches.suse/0004-btrfs-change-timing-for-qgroup-reserved-space-for-or.patch.
- commit 497f773
- btrfs: use the file extent tree infrastructure (bsc#1181998).
- Refresh
  patches.suse/0002-btrfs-inode-move-qgroup-reserved-space-release-to-th.patch.
- commit 664a4c3
- Btrfs: fix ENOSPC errors, leading to transaction aborts, when cloning  extents (bsc#1182038).
- Refresh
  patches.suse/0006-btrfs-rename-the-btrfs_calc_-metadata_size-helpers.patch.
- Refresh
  patches.suse/btrfs-fix-corrupt-log-due-to-concurrent-fsync-of-ino.patch.
- Refresh
  patches.suse/btrfs-reduce-contention-on-log-trees-when-logging-ch.patch.
- commit fabd5d7
- blacklist.conf: 9ad22e165994 x86/debug: Fix DR6 handling
- commit ae1ce9a
- Btrfs: factor out extent dropping code from hole punch handler (bsc#1182038).
- Refresh
  patches.suse/0006-btrfs-rename-the-btrfs_calc_-metadata_size-helpers.patch.
- commit e3f0176
- btrfs: introduce per-inode file extent tree (bsc#1181998).
- Refresh
  patches.suse/btrfs-fix-corrupt-log-due-to-concurrent-fsync-of-ino.patch.
- commit c8d7f4b
- btrfs: Introduce extent_io_tree::owner to distinguish different io_trees (bsc#1181998).
- Refresh
  patches.suse/btrfs-Rename-and-export-clear_btree_io_tree.patch.
- Refresh
  patches.suse/btrfs-fix-corrupt-log-due-to-concurrent-fsync-of-ino.patch.
- commit 8b3be29
- btrfs: use btrfs_ordered_update_i_size in clone_finish_inode_update (bsc#1181998).
- commit 538a00f
- btrfs: correctly calculate item size used when item key collision  happens (bsc#1181996).
- commit 0680de5
- xhci: fix bounce buffer usage for non-sg list case (git-fixes).
- commit 541c69c
- blacklist.conf: build only fix
- commit a076360
- USB: serial: option: add LongSung M5710 module support
  (git-fixes).
- commit d38d72a
- usb: uas: Add PNY USB Portable SSD to unusual_uas (git-fixes).
- commit 23ad4b0
- USB: usblp: fix DMA to stack (git-fixes).
- commit 260a43d
- Fix unsynchronized access to sev members through
  svm_register_enc_region (bsc#1114648).
- commit d3b5f60
- blacklist.conf: alters a kernel parameter's default
- commit f646f22
- Btrfs: fix unexpected failure of nocow buffered writes after snapshotting when low on space (bsc#1181987).
- Refresh
  patches.suse/Btrfs-fix-race-between-send-and-deduplication-that-l.patch.
- Refresh
  patches.suse/btrfs-fix-space_info-bytes_may_use-underflow-after-n.patch.
- Refresh
  patches.suse/btrfs-prevent-ioctls-from-interfering-with-a-swap-file.patch.
- Refresh
  patches.suse/btrfs-qgroup-fix-qgroup-meta-rsv-leak-for-subvolume-.patch.
- commit 3707c2c
- Btrfs: fix unexpected cow in run_delalloc_nocow (bsc#1181987).
- commit 001ef60
- powerpc/pseries/dlpar: handle ibm, configure-connector delay
  status (bsc#1181985 ltc#188074).
- commit 1e16f80
- btrfs: transaction: Avoid deadlock due to bad initialization timing  of fs_info::journal_info (bsc#1181931).
- Refresh patches.suse/btrfs-force-chunk-allocation-if-our-global-rsv-is-larger-than-metadata.patch.
- commit 1752690
- powerpc/perf: Exclude kernel samples while counting events in
  user space (bsc#1065729).
- commit 1242de5
- powerpc: Fix alignment bug within the init sections
  (bsc#1065729).
- commit 6f1cd21
- ibmvnic: device remove has higher precedence over reset
  (bsc#1065729).
- commit e354320
- ibmvnic: fix login buffer memory leak (bsc#1081134 ltc#164631).
- commit ffed87d
- ibmvnic: Clear failover_pending if unable to schedule
  (bsc#1181960 ltc#190997).
- commit 2c25b45
- firmware: imx: select SOC_BUS to fix firmware build (git-fixes).
- commit e73e25a
- x86/resctrl: Fix incorrect local bandwidth when mba_sc is
  enabled (bsc#1114648).
- commit ace04f4
- x86/resctrl: Remove unused struct mbm_state::chunks_bw
  (bsc#1114648).
- commit af0f929
- objtool: Don't fail on missing symbol table (bsc#1169514).
- commit 34ab6ab
- btrfs: Use bd_dev to generate index when dev_state_hashtable add  items (bsc#1181931).
- commit 8b3cb11
- btrfs: Fix race between extent freeing/allocation when using bitmaps (bsc#1181574).
- commit 7dd6e0e
- kernfs: deal with kernfs_fill_super() failures (bsc#1181809).
- commit d6f9eec
- powerpc/mm/pkeys: Make pkey access check work on execute_only_key
  (bsc#1181544 ltc#191080 git-fixes).
- Refresh patches.suse/powerpc-book3s64-pkeys-Fix-pkey_access_permitted-for.patch.
- commit 77be6b3
- kABI: Fix kABI for 12856e7acde4 PCI/IOV: Mark VFs as not
  implementing PCI_COMMAND_MEMORY (bsc#1179612).
- commit 6de45ce
- PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY
  (bsc#1179612).
- commit fd405f3
- vfio/pci: Decouple PCI_COMMAND_MEMORY bit checks from is_virtfn
  (bsc#1179612).
- commit bc6883b
- s390/pci: Mark all VFs as not implementing PCI_COMMAND_MEMORY
  (bsc#1179612).
- commit 7296e53
- s390/pci: adaptation of iommu to multifunction (bsc#1179612).
- commit 6900ca7
- Revert the bad merge commit
  Back to the previous version before the merge:
  patches.suse/ALSA-rawmidi-Fix-racy-buffer-resize-under-concurrent.patch
- commit 9631396
- Fix the inconsistent kfree() call at rawmidi (CVE-2020-27786 bsc#1179601
  Refresh patches.suse/ALSA-rawmidi-Fix-racy-buffer-resize-under-concurrent.patch
- commit a0147ff
- powerpc: kABI: add back suspend_disable_cpu in machdep_calls
  (bsc#1181674 ltc#189159).
- commit a539927
- powerpc/pseries/mobility: refactor node lookup during DT update
  (bsc#1181674 ltc#189159).
- powerpc/rtas: remove unused rtas_suspend_me_data (bsc#1181674
  ltc#189159).
- powerpc/pseries/hibernation: remove prepare_late() callback
  (bsc#1181674 ltc#189159).
- powerpc/pseries/hibernation: perform post-suspend fixups later
  (bsc#1181674 ltc#189159).
- powerpc/rtas: remove unused rtas_suspend_last_cpu() (bsc#1181674
  ltc#189159).
- powerpc/pseries/hibernation: switch to rtas_ibm_suspend_me()
  (bsc#1181674 ltc#189159).
- powerpc/rtas: remove rtas_suspend_cpu() (bsc#1181674
  ltc#189159).
- powerpc/machdep: remove suspend_disable_cpu() (bsc#1181674
  ltc#189159).
- powerpc/pseries/hibernation: remove pseries_suspend_cpu()
  (bsc#1181674 ltc#189159).
- powerpc/pseries/hibernation: pass stream id via function
  arguments (bsc#1181674 ltc#189159).
- Refresh patches.suse/powerpc-pseries-hibernation-remove-redundant-cachein.patch
- powerpc/pseries/hibernation: drop pseries_suspend_begin()
  from suspend ops (bsc#1181674 ltc#189159).
- powerpc/rtas: remove rtas_ibm_suspend_me_unsafe() (bsc#1181674
  ltc#189159).
- powerpc/rtas: dispatch partition migration requests to pseries
  (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: retry partition suspend after error
  (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: signal suspend cancellation to
  platform (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: use stop_machine for join/suspend
  (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: extract VASI session polling logic
  (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: use rtas_activate_firmware() on resume
  (bsc#1181674 ltc#189159).
- Refresh patches.suse/powerpc-pseries-mobility-notify-network-peers-after-.patch
- powerpc/pseries/mobility: error message improvements
  (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: add missing break to default case
  (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: don't error on absence of ibm,
  update-nodes (bsc#1181674 ltc#189159).
- powerpc/hvcall: add token and codes for H_VASI_SIGNAL
  (bsc#1181674 ltc#189159).
- powerpc/rtas: add rtas_activate_firmware() (bsc#1181674
  ltc#189159).
- powerpc/rtas: add rtas_ibm_suspend_me() (bsc#1181674
  ltc#189159).
- powerpc/rtas: rtas_ibm_suspend_me -> rtas_ibm_suspend_me_unsafe
  (bsc#1181674 ltc#189159).
- powerpc/rtas: complete ibm,suspend-me status codes (bsc#1181674
  ltc#189159).
- powerpc/rtas: prevent suspend-related sys_rtas use on LE
  (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: Add pr_debug() for device tree changes
  (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: Set pr_fmt() (bsc#1181674 ltc#189159).
- powerpc/pseries: remove obsolete memory hotplug DT notifier code
  (bsc#1181674 ltc#189159).
- Refresh patches.suse/powerpc-pseries-update-device-tree-before-ejecting-h.patch
- powerpc/pseries: remove dlpar_cpu_readd() (bsc#1181674
  ltc#189159).
- powerpc/pseries: remove memory "/re-add"/ implementation
  (bsc#1181674 ltc#189159).
- powerpc/pseries: remove prrn special case from DT update path
  (bsc#1181674 ltc#189159).
- powerpc/numa: remove arch_update_cpu_topology (bsc#1181674
  ltc#189159).
- Refresh patches.suse/powerpc-numa-Fix-build-when-CONFIG_NUMA-n.patch.
- Refresh patches.suse/powerpc-numa-remove-arch_update_cpu_topology.patch.
- powerpc/numa: remove prrn_is_enabled() (bsc#1181674 ltc#189159).
- Refresh patches.suse/powerpc-numa-Fix-build-when-CONFIG_NUMA-n.patch.
- Refresh patches.suse/pseries-hotplug-memory-hot-add-skip-redundant-LMB-lo.patch.
- powerpc/rtasd: simplify handle_rtas_event(), emit message on
  events (bsc#1181674 ltc#189159).
- powerpc/numa: remove start/stop_topology_update() (bsc#1181674
  ltc#189159).
- Refresh patches.suse/powerpc-numa-Fix-build-when-CONFIG_NUMA-n.patch.
- Refresh patches.suse/pseries-hotplug-memory-hot-add-skip-redundant-LMB-lo.patch.
- powerpc/numa: remove timed_topology_update() (bsc#1181674
  ltc#189159).
- powerpc/numa: stub out numa_update_cpu_topology() (bsc#1181674
  ltc#189159).
- powerpc/numa: remove vphn_enabled and prrn_enabled internal
  flags (bsc#1181674 ltc#189159).
- powerpc/numa: remove unreachable topology workqueue code
  (bsc#1181674 ltc#189159).
- powerpc/numa: remove unreachable topology timer code
  (bsc#1181674 ltc#189159).
- powerpc/numa: make vphn_enabled, prrn_enabled flags const
  (bsc#1181674 ltc#189159).
- powerpc/numa: remove unreachable topology update code
  (bsc#1181674 ltc#189159).
- powerpc/numa: remove ability to enable topology updates
  (bsc#1181674 ltc#189159).
- powerpc/numa: Remove late request for home node associativity
  (bsc#1181674 ltc#189159).
- commit 42c87f1
- blacklist.conf: update blacklist
- commit 8959be4
- net: bcmgenet: fix mask check in bcmgenet_validate_flow() (git-fixes).
- commit 1cd9ea7
- net: bcmgenet: use __be16 for htons(ETH_P_IP) (git-fixes).
- commit 7b36765
- bonding: wait for sysfs kobject destruction before freeing struct slave (git-fixes).
- commit c27452a
- net: bcmgenet: re-remove bcmgenet_hfb_add_filter (git-fixes).
- commit a61743b
- net: bcmgenet: add support for ethtool rxnfc flows (git-fixes).
- commit ec34125
- net: bcmgenet: code movement (git-fixes).
- commit eac343c
- net: lpc-enet: fix error return code in lpc_mii_init() (git-fixes).
- commit 525ec56
- Revert "/net: bcmgenet: remove unused function in bcmgenet.c"/ (git-fixes).
- commit ac8549e
- net: bcmgenet: Fix WoL with password after deep sleep (git-fixes).
- commit 9c5110a
- net: bcmgenet: set Rx mode before starting netif (git-fixes).
- commit 67cc154
- net: bcmgenet: Use correct I/O accessors (git-fixes).
- commit 5436a05
- bonding: Fix reference count leak in bond_sysfs_slave_add (git-fixes).
- commit 3e233c2
- net: sun: fix missing release regions in cas_init_one() (git-fixes).
- commit adbedbb
- net: moxa: Fix a potential double 'free_irq()' (git-fixes).
- commit 7030619
- Fix a bug in rawmidi UAF fix patch (bsc#1179601, CVE-2020-27786)
  Refresh patches.suse/ALSA-rawmidi-Fix-racy-buffer-resize-under-concurrent.patch
- commit ce80dfa
- nbd: freeze the queue while we're adding connections
  (bsc#1181504 CVE-2021-3348).
- nbd: Fix memory leak in nbd_add_socket (bsc#1181504).
- commit 447797a
- ptrace: Set PF_SUPERPRIV when checking capability (bsc#1163930).
- ptrace: reintroduce usage of subjective credentials in
  ptrace_has_cap() (bsc#1163930).
- commit 1b5e91e
- blacklist.conf: Add 08685be7761d powerpc/64s: fix scv entry fallback flush vs interrupt
  No scv support.
- commit f4c561c
- Exclude Symbols.list again.
  Removing the exclude builds vanilla/linux-next builds.
  Fixes: 55877625c800 ("/kernel-binary.spec.in: Package the obj_install_dir as explicit filelist."/)
- commit a1728f2
- bpf: fix x64 JIT code generation for jmp to 1st insn
  (bsc#1178163).
- commit 4eb3096
- ibmvnic: Fix TX completion error handling (bsc#1184114 ltc#192237
  bsc#1179243 ltc#189290).
- ibmvnic: Ensure that SCRQ entry reads are correctly ordered
  (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- commit 6c1157d
- ibmvnic: reduce wait for completion time (bsc#1184114 ltc#192237
  bsc#1179243 ltc#189290).
- ibmvnic: no reset timeout for 5 seconds after reset
  (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: send_login should check for crq errors (bsc#1184114 ltc#192237
  bsc#1179243 ltc#189290).
- ibmvnic: track pending login (bsc#1184114 ltc#192237 bsc#1179243
  ltc#189290).
- ibmvnic: stop free_all_rwi on failed reset (bsc#1184114 ltc#192237
  bsc#1179243 ltc#189290).
- Refresh patches.suse/ibmvnic-restore-adapter-state-on-failed-reset.patch.
- ibmvnic: handle inconsistent login with reset (bsc#1184114 ltc#192237
  bsc#1179243 ltc#189290).
- commit 33dcdc8
- ibmvnic: Do not replenish RX buffers after every polling loop
  (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: Use netdev_alloc_skb instead of alloc_skb to replenish
  RX buffers (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: Correctly re-enable interrupts in NAPI polling routine
  (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: Ensure that device queue memory is cache-line aligned
  (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq
  (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: skip tx timeout reset while in resetting (bsc#1184114 ltc#192237
  bsc#1179243 ltc#189290).
- ibmvnic: create send_control_ip_offload (bsc#1184114 ltc#192237
  bsc#1179243 ltc#189290).
- ibmvnic: create send_query_ip_offload (bsc#1184114 ltc#192237 bsc#1179243
  ltc#189290).
- ibmvnic: rename send_map_query to send_query_map (bsc#1184114 ltc#192237
  bsc#1179243 ltc#189290).
- ibmvnic: rename ibmvnic_send_req_caps to send_request_cap
  (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: rename send_cap_queries to send_query_cap
  (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- Revert "/ibmvnic: remove never executed if statement"/
  (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: Harden device Command Response Queue handshake
  (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: merge ibmvnic_reset_init and ibmvnic_init
  (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- Refresh patches.suse/ibmvnic-restore-adapter-state-on-failed-reset.patch.
- ibmvnic: remove never executed if statement (bsc#1184114 ltc#192237
  bsc#1179243 ltc#189290).
- ibmvnic: improve ibmvnic_init and ibmvnic_reset_init
  (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: compare adapter->init_done_rc with more readable
  ibmvnic_rc_codes (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: Fix use-after-free of VNIC login response buffer
  (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: store RX and TX subCRQ handle array in ibmvnic_adapter
  struct (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- commit c7081c3
- commit 2876f86
- commit 794d98a
- commit 9b895a5
- commit 7164881
libX11
- p_CVE-2021-31535.patch
  * adds missing request length checks in libX11 (CVE-2021-31535,
    bsc#1182506)
libcap
- Add explicit dependency on libcap2 with version to libcap-progs
  (bsc#1184690, bsc#1184434)
- Update to libcap 2.26 for supporting the ambient capabilities
  (jsc#SLE-17092, jsc#ECO-3460)
- Drop obsoleted patch:
  libcap-missing-capabilities.patch
- Use "/or"/ in the license tag to avoid confusion (bsc#1180073)
libnettle
- Security fix: [bsc#1184401, bsc#1183835, CVE-2021-20305]
  * multiply function being called with out-of-range scalars
  * Affects ecc-ecdsa-sign(), ecc_ecdsa_verify() and _eddsa_hash().
- Add libnettle-CVE-2021-20305.patch
libxml2
- Security fix: [bsc#1185698, CVE-2021-3537]
  * NULL pointer dereference in valid.c:xmlValidBuildAContentModel
  * Add libxml2-CVE-2021-3537.patch
- Security fix: [bsc#1185408, CVE-2021-3518]
  * Fix use-after-free in xinclude.c:xmlXIncludeDoProcess()
  * Add libxml2-CVE-2021-3518.patch
- Security fix: [bsc#1185410, CVE-2021-3517]
  * Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal()
  * Add libxml2-CVE-2021-3517.patch
- Security fix: [bsc#1185409, CVE-2021-3516]
  * Fix use-after-free in entities.c:xmlEncodeEntitiesInternal()
  * Add libxml2-CVE-2021-3516.patch
lvm2
- starting with 12SP4 lvconvert no longer takes stripes option (bsc#1183905)
  + bug-1183905_lvconvert-allow-stripes-stripesize-in-mirror-convers.patch
nfs-utils
- Add mountstats_0_3.py and man page.
  mountstats_0_3 is mountstats from more recent a nfs-utils release.
  It add more functionality, but as there are possible incompatible
  changes, the old mountstats is left unchanged, and the new is provided
  with the new name.
  (bsc#1183297)
- 0190-manpage-Add-a-description-of-the-nconnect-mount-opti.patch
  Improve nfs.man (bsc#1181651)
- 0181-mountd-reject-unknown-client-IP-when-use_ipaddr.patch
  0182-mountd-Don-t-proactively-add-export-info-when-fh-inf.patch
  0183-mountd-add-logging-for-authentication-results-for-ac.patch
  0184-mountd-add-cache-use-ipaddr-option-to-force-use_ipad.patch
  0185-mountd-make-default-ttl-settable-by-option.patch
  Improve logging of authentication (bsc#1181540)
nghttp2
- security update
- added patches
  fix CVE-2020-11080 [bsc#1181358], HTTP/2 Large Settings Frame DoS
  + nghttp2-CVE-2020-11080.patch
- Require correct library from devel package - boo#1125689
- Update to version 1.39.2 (bsc#1146184, bsc#1146182):
  * This release fixes CVE-2019-9511 “Data Dribble” and CVE-2019-9513
  “Resource Loop” vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2
  frames cause Denial of Service by consuming CPU time. Check out
  https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
  for details. For nghttpx, additionally limiting inbound traffic by
  - -read-rate and --read-burst options is quite effective against
  this kind of attack.
  * Add nghttp2_option_set_max_outbound_ack API function
  * nghttpx: Fix request stall
- Update to version 1.39.1:
  * This release fixes the bug that log-level is not set with
    cmd-line or configuration file. It also fixes FPE with default
    backend.
- Changes for version 1.39.0:
  * libnghttp2 now ignores content-length in 200 response to
    CONNECT request as per RFC 7230.
  * mruby has been upgraded to 2.0.1.
  * libnghttp2-asio now supports boost-1.70.
  * http-parser has been replaced with llhttp.
  * nghttpx now ignores Content-Length and Transfer-Encoding in 1xx
    or 200 to CONNECT.
- Drop no longer needed boost170.patch
- Update to 1.38.0:
  * This release fixes the bug that authority and path altered by per-pattern mruby script can affect backend selection on retry.
  * It also fixes the bug that HTTP/1.1 chunked request stalls.
  * Now nghttpx does not log authorization request header field value with -LINFO.
  * This release fixes possible backend stall when header and request body are sent in their own packets.
  * The backend option gets weight parameter to influence backend selection.
  * This release fixes compile error with BoringSSL.
- Add patch from upstream to build with new boost bsc#1134616:
  * boost170.patch
- Update to 1.36.0
  * build: disable shared library if ENABLE_SHARED_LIB is off
  * third-party: use http-parser to v2.9.0 (GH-1294)
  * third-party: Update mruby to 2.0.0
  * nghttpx: Pool h1 backend connection per address (GH-1292)
  * nghttpx: Randomize backend address round robin order per thread
    (GH-1291)
  * nghttpx: Fix getting long SNs for openssl < 1.1 (GH-1287)
  * h2load: add an option to write per-request logs (GH-1256)
  * asio: added access to # of the current server port (GH-1257)
- Use multibuild to not pull in python3 in first build, nghttp2
  is low in the system
- Update to version 1.35.1:
  * nghttpx: Fix broken trailing slash handling (GH-1276)
- Changes for version 1.35:
  * build: cmake: Fix libevent version detection (Patch from Jan Kundrát) (GH-1238)
  * lib: Use __has_declspec_attribute for shared builds (Patch from Don) (GH-1222)
  * src: Require C++14 language feature
  * nghttpx: Write mruby send_info early
  * nghttpx: Fix assertion failure on mruby send_info with HTTP/1 frontend
  * h2load: Handle HTTP/1 non-final response (GH-1259)
  * h2load: Clarify that time for connect includes TLS handshake
- Update to version 1.34.0: (bsc#1112438, FATE#326776)
  * lib: Implement RFC 8441 :protocol support
  * nghttpx: Add read/write-timeout parameters to backend option
  * nghttpx: Fix mruby parameter validation in backend option
  * nghttpx: Implement RFC 8441 Bootstrapping WebSocket with HTTP/2
  * nghttpx: Update neverbleed to fix OpenSSL 1.1.1 issues
  * nghttpx: Update mruby 1.4.1
  * nghttpx: Add mruby env.tls_handshake_finished
  * nghttpx: Add --tls13-ciphers and --tls-client-ciphers options
  * nghttpx: Add RFC 8470 Early-Data header field support
  * nghttpx: Add RFC 8446 TLSv1.3 0-RTT early data support
- Update to version 1.33.0:
  * lib: Tweak nghttp2_session_set_stream_user_data
  * lib: Fix handling of SETTINGS_MAX_CONCURRENT_STREAMS.
  * lib: Implement ORIGIN frame
  * asio: support definition of local endpoint for cleartext
    client session
  * integration: Remove remaining SPDY code from the integration tests
  * nghttpx: Fix worker process crash with neverbleed write error
  * nghttpx: Support per-backend mruby script
  * nghttpx: Fix stream reset if data from client is arrived before
    dconn is attached
- Update to version 1.32.0:
  * lib: Ignore all input after calling session_terminate_session
  * lib: Fix treatment of padding
  * lib: Don't allow 101 HTTP status code because HTTP/2 removes
    HTTP Upgrade
  * build: add ENABLE_STATIC_LIB option to build static lib
  * third-party: Upgrade neverbleed to the latest master
  * asio: Support client side SNI
  * src: Compile with libressl 2.7.2
  * src: Allow building without NPN
  * h2load: -r and --duration are mutually exclusive
- Version umpdate to 1.31.1:
  * Fix bsc#1088639 CVE-2018-1000168
  * https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/
- Version update to 1.31.0:
  * lib: Add nghttp2_session_set_user_data() public API function (GH-1137)
  * src: Define nghttp2_inet_pton wrapper to avoid inet_pton macro (GH-1128)
  * nghttpx: Close listening socket on graceful shutdown
  * nghttpx: Add an option to accept expired client certificate (GH-1126)
  * nghttpx: Add mruby tls_client_not_before, and tls_client_not_after (GH-1123)
  * nghttpx: Fix potential memory leak
  * lib: Allow PING frame to be sent after GOAWAY (GH-1103)
  * nghttpx: Fix bug that h1 backend idle timeout expires sooner
  * nghttpx: Stop overwrite of first header on mruby call to env.req.set_header(..) (Patch from Dylan Plecki) (GH-1119)
  * nghttpx: Add upgrade-scheme parameter to backend option (GH-1099)
  * nghttpx: Fix missing ALPN validation (--npn-list) (GH-1094)
  * nghttpx: Remember which resource is pushed for RFC 8297 (GH-1101)
- Drop spdylay dependency as it is deprecated since version 1.28.0
  and removed from cofnigure.ac since 1.29.0
- Use %license (boo#1082318)
- Update to version 1.29.0:
  * lib: Use NGHTTP2_REFUSED_STREAM for streams which are closed by
    GOAWAY
  * build: Remove SPDY
  * build: Fix CMAKE_MODULE_PATH
  * nghttpx: Revert "/nghttpx: Use an existing h2 backend connection
    as much as possible"/
  * nghttpx: Write API request body in temporary file
  * nghttpx: Increase api-max-request-body
  * nghttpx: Faster configuration loading with lots of backends
  * nghttpx: Fix crash with --backend-http-proxy-uri option
- Export PYTHON=/usr/bin/python3 before running configure: allow to
  build without (comnplete) python2 in the buildroot. In any case
  we only ship python3-bindings already.
- Upodate to version 1.28.0:
  * lib: Add nghttp2_error_callback2
  * build: Add deprecation warning when spdylay support is enabled
  * Switch to clang-format-5.0
  * examples: Make client and server work with libevent-2.1.8
  * third-party: Update neverbleed
  * integration: Fix issues reported by the go vet tool.
  * nghttpx: Fix affinity retry
  * nghttpx: Fix stalled backend connection on retry
  * nghttpx: Cookie based session affinity
  * nghttpx: Expose additional TLS related variables to mruby and
    accesslog
- Drop forgotten python2 build dependency
- Update to version 1.27.0:
  * h2load: Print out h2 header fields with --verbose option
  * nghttpx: Send non-final response to HTTP/1.1 or HTTP/2 client
    only
- Changes for version 1.26.0:
  * docs: Fix some typos in the nghttpx how-to
  * h2load: Fix bug that timing script stalls with -m1
  * h2load: Reservoir sampling (GH-984)
  * h2load: Add timing-based load-testing in h2load
- Switch to python3 support
- Don't use jemalloc on ppc or %arm, where it is broken.
- Update to version 1.25.0:
  * lib: add nghttp2_rcbuf_is_static() (Patch from Anna Henningsen) (GH-983)
  * nghttpx: Fix bug that forwarded for is not affected by proxy protocol (GH-979)
  * nghttpx: Update mruby to 1.3.0 (GH-957)
- Drop doc building
- Rename python subpackage to python2
- Update to version 1.24.0:
  * doc: README.rst: fix typo (Patch from Simone Basso) (GH-947)
  * doc: fix up grammar in submit_trailer docs (Patch from Benjamin Peterson) (GH-945)
  * doc: fix cleaning in out-of-tree builds (Patch from Benjamin Peterson) (GH-938)
  * nghttp: Fix bug that upgrade fails if reason-phrase is missing (GH-949)
  * nghttpx: Verify OCSP response using trusted CA certificates (GH-943)
  * nghttpx: Set default minimum TLS version to TLSv1.2 (GH-937)
- Changes for version 1.23.1:
  * nghttpx: Fix crash in OCSP response verification
- Changes for version 1.23.0:
  * lib: nghttp2_session: Allow for compiling library with -DNDEBUG set (Patch from Angus Gratton) (GH-919)
  * lib: Treat incoming invalid regular header field as stream error (GH-900)
  * lib: Call nghttp2_on_invalid_frame_callback if altsvc validation fails (GH-904)
  * doc: spelling mistake in arguments to build nghttp apps (Patch from Soham Sinha) (GH-925)
  * doc: Add notes for installation on linux systems (Patch from Tapanito) (GH-917)
  * doc: Clarify the effect of nghttp2_option_set_no_http_messaging
  * nghttpx: Verify OCSP response (GH-929)
  * nghttpx: Fix certificate selection based on pub key algorithm (GH-924)
  * nghttpx: Fix certificate indexing bug
  * nghttpx: Run OCSP at startup (GH-922)
  * nghttpx: Wildcard path matching (GH-914)
  * nghttpx: Forward multiple via, xff, and xfp header fields (GH-903)
  * nghttp: Add -y, --no-verify-peer option to suppress peer verify warn (GH-906)
- Update to version 1.22.0:
  * lib: Add missing free call on error in inflight_settings_new() (Patch from lstefani) (GH-884)
  * asio: Support specifying stream priority via session::submit() (Patch from Matt Way) (GH-881)
  * nghttpx: Clarify --conf option behaviour
  * nghttpx: Add $tls_sni access log variable (GH-896)
  * nghttpx: Rename ssl_* log variables as tls_* (GH-895)
  * nghttpx: Fix path matching bug (GH-894)
  * nghttpx: SNI based backend server selection (GH-892)
  * nghttpx: Enable signed_certificate_timestamp extension for TLSv1.3 (GH-878)
  * nghttpx: Add options for X-Forwarded-Proto header field (GH-872)
  * nghttpx: Add --single-process option (GH-869)
  * nghttpx: Use 502 as server error code
  * nghttpx: Use SSL_CTX_set_early_data_enabled with boringssl
  * nghttp: Verify server certificate and show warning if it fails (GH-870)
  * integration: Use nip.io instead of xip.io
- Update to version 1.21.1:
  * asio: Fix crash if connect takes longer time than ping interval (GH-866)
  * nghttpx: Fix bug that 204 from h1 backend is always treated as error (GH-871)
- Changes for version 1.21.0:
  * lib: Fix nghttp2_session_want_write (GH-832)
  * doc: Document pkg-config path usage
  * build: Eliminate U macro; Instead use (void)VAR for better compiler compatibility.
  * src: BoringSSL supports SSL_CTX_set_{min,max}_proto_version. (Patch from Piotr Sikora) (GH-853)
  * src: Use Mozilla's "/Modern compatibility"/ ciphers by default
  * src: nghttp2_gzip: fix this statement may fall through [-Werror=implicit-fallthrough=] found by gcc7 (Patch from Alexis La Goutte) (GH-823)
  * nghttpx: Print version number with -v option
  * nghttpx: Enable X25519 with boringssl
  * nghttpx: Retry getaddrinfo without AI_ADDRCONFIG (GH-858)
  * nghttpx: Failing to listen on server socket is fatal error
  * nghttpx: Escape certain characters in access log (GH-856)
  * nghttpx: Ignore further input if connection is going to close
  * nghttpx: Don't call functions which are not async-signal-safe after fork but before execv in multithreaded process.
  * nghttpx: Enable backend pattern matching with http2-proxy (GH-733)
  * asio: client: Send PING after 30 seconds idle (GH-847)
- Update to version 1.20.0:
  * lib: nghttp2_session: fix The 'then' statement is equivalent to the subsequent code fragment found by PVS Studio (V523) (Patch from Alexis La Goutte) (GH-814)
  * lib: Add nghttp2_option_set_no_closed_streams (GH-810)
  * build: Disable spdylay detection by default
  * build: Add --with-systemd option to configure
  * fuzz: Add fuzzer for oss-fuzz (GH-799)
  * src: Enable TLSv1.3 if it is supported by OpenSSL (or BoringSSL) (GH-816)
  * src: h2 requires >= TLSv1.2
  * asio: More graceful stop of nghttp2::asio_http2::server::http2 (Patch from Amir Pakdel) (GH-805)
  * asio: Holding more shared_ptrs instead of raw ptrs to make sure called objects don't get deleted. (Patch from clemahieu)
  * asio: Fix infinite loop in acceptor handler (Patch from clemahieu) (GH-794)
  * asio: close_stream erases from streams_ while it's being iterated over. (Patch from clemahieu) (GH-795)
  * nghttpx: Strip version number from server header field
  * nghttpx: Add --single-worker option
  * nghttpx: Fix bug that send_reply does not participate graceful shutdown
  * nghttpx: Add --frontend-max-requests option
  * nghttpx: Enable stream-write-timeout by default
  * nghttpx: Fix stream write timer handling
  * nghttpx: Add configrevision API endpoint (GH-820)
  * nghttpx: Redirect to HTTPS URI with redirect-if-not-tls parameter (GH-819)
  * nghttpx: Update log time stamp in millisecond interval
  * nghttpx: Better error message when private key and certificate are missing
  * nghttpx: Fix bug that old config is used during reloading configuration
  * nghttpx: Specify TLS protocol by version range (GH-809)
  * nghttpx: Send SIGQUIT to the original master process (GH-807)
  * nghttpx: Restrict HTTP major and minor in 0 or 1
  * nghttpx: Drop privilege of neverbleed daemon first
  * nghttpx: add systemd support (Patch from Tomasz Torcz) (GH-802)
  * nghttpx: Fix crash on SIGHUP with multi thread configuration (GH-801)
  * nghttpx: Send 1xx non-final response using mruby script (GH-800)
  * nghttpx: Select certificate by client's supported signature algorithm (GH-792)
  * nghttpx: Recommend POST for backendconfig API request
  * nghttpx: Don't build PSK features with LibreSSL (Patch from Bernard Spil) (GH-789)
  * nghttp: add support for link rel="/preload"/ for --get-assets (Patch from Benedikt Christoph Wolters) (GH-791)
  * h2load: Fix wrong req_stat updates
  * h2load: Explicitly count the number of requests left and inflight
  * integration: Fix deprecation warnings
  * integration: Redirect nghttpx stdout/stderr to test driver's stdout/stderr
- Changes for version 1.19.0:
  * lib: Fix memory leak of nghttp2_stream object in server side nghttp2_session object
  * Fix issues found by PVS Studio (Patch from Alexis La Goutte) (GH-769)
  * doc: Update README file to write about the issue of Alpine Linux's inability to replace malloc (Patch from makovich) (GH-768)
  * build: Compile with Android NDK r13b using clang
  * src: Fix assertion error with boringssl
  * nghttp: Take into account scheme and port when parsing HTML links
  * nghttp: Fix authority for --get-assets if IP address is used in conjunction with user-defined :authority header (Patch from Benedikt Christoph Wolters) (GH-783)
  * nghttpx: Add --accesslog-write-early option (GH-777)
  * nghttpx: Fix access.log timestamp (GH-778)
  * nghttpx: Show default cipher list in -h
  * nghttpx: Add client-ciphers option
  * nghttpx: Add client-no-http2-cipher-black-list option
  * nghttpx: Fix the bug that no-http2-cipher-black-list does not work on backend HTTP/2 connections.
  * nghttpx: Add --client-psk-secret option to enable PSK in backend (GH-612)
  * nghttpx: Add --psk-secret option to enable PSK in frontend connection (GH-612)
  * nghttpx: Enable SCT with OpenSSL 1.1.0
  * nghttpx: Add proxyproto to frontend option to accept PROXY protocol (GH-765)
  * h2load: Show default cipher list in -h
  * h2load: Show custom server temp key such as X25519
  * h2load: Fix incorrect return value from spdylay_send_callback
- Changes for version 1.18.1:
  * nghttpx: Fix assertion error in libev ev_io_start (GH-759)
  * nghttpx: Handle c-ares success without result
  * nghttpx: Fix bug that DNS timeout was erroneously disabled (GH-763)
  * nghttpx: Fix bug that DNS timeout was ignored (GH-763)
- use individual libboost-*-devel packages instead of boost-devel
- Update to version 1.18.0:
  * lib: Accept and ignore content-length: 0 in 204 response for now
  * build: Use pkg-config to detect libxml2
  * build: Require c-ares to compile applications under src
  * build: Add Windows CI via AppVeyor (Patch from Alexis La Goutte)
  * examples: Delete tiny-nghttpd
  * nghttpx: Retry h1 backend request if first write fails (GH-757)
  * nghttpx: Keep reading after backend write failed (GH-756)
  * nghttpx: Add frontend-keep-alive-timeout option (GH-755)
  * nghttpx: New error log format (GH-749)
  * nghttpx: Fix bug that fetch-ocsp-response does not work with OpenSSL 1.1.0 (GH-742)
  * nghttpx: Backend API call allows non-numeric host with dns parameter (GH-731)
  * nghttpx: Lookup backend host name dynamically (GH-721)
  * nghttpx: Accept and ignore content-length: 0 in 204 response for now (GH-735)
  * nghttpx: Wait for child process to exit
- Update to version 1.17.0:
  * lib: Disallow content-length in 1xx, 204, or 200 to a CONNECT request (GH-722)
  * lib: Avoid memcpy against NULL src
  * build: MSVC version resource support (Patch from Remo E) (GH-718)
  * asio: server: Call on_close callback on connection close (GH-729)
  * nghttpx: Fix frequent crash with --backend-http-proxy-uri
  * nghttpx: Robust backend read timeout
  * nghttpx: Fix bug that mishandles response header from h1 backend
  * nghttpx: Fix bug that zero-length POST is not forwarded (GH-726)
  * nghttpx: Remove optional reason-phrase from SPDY :status
  * nghttpx: Header key and value must be string in mruby script
  * nghttpx: Strip content-length with 204 or 200 to CONNECT in mruby (GH-722)
  * nghttpx: Strict handling for Content-Length or Transfer-Encoding in h1 (GH-722)
  * nghttpx: Fix compilation with BoringSSL (Patch from dalf) (GH-717)
  * nghttpd, nghttpx, asio: Add missing mandatory SP after status code
- Update to version 1.16.1:
  * lib: Prevent undefined behavior in decode_length
  * nghttpx: Fix bug which may crash nghttpx if non-final response
    is forwarded from origin server to HTTP/1.1 client
- Changes for version 1.16.0:
  * lib: Add nghttp2_set_debug_vprintf_callback to take advantage
    of DEBUGF statements in when building DEBUGBUILD.
  * Update .clang-format for clang-format-3.9
  * build: Make it possible to include nghttp2/CMakeLists.txt in
    another project using add_subdirectory.
  * third-party: Update http-parser to
    feae95a3a69f111bc1897b9048d9acbc290992f9
  * asio: Fix crash when end() is called outside nghttp2 callback
  * nghttpx: Add --backend-connect-timeout option
  * nghttpx: Add TLS signed_certificate_timestamp extension support
  * nghttpx: Add --ecdh-curves option to specify list of named
    curves
  * h2load: Add --header-table-size and --encoder-header-table-size
    options
- Update to version 1.15.0:
  * lib: Add nghttp2_option_set_max_deflate_dynamic_table_size()
    API function (GH-684)
  * lib: Allow NGHTTP2_ERR_PAUSE from
    nghttp2_data_source_read_callback (GH-671)
  * lib: Add nghttp2_session_get_hd_deflate_dynamic_table_size()
    and nghttp2_session_get_hd_inflate_dynamic_table_size() API
    functions to get current HPACK dynamic table size (GH-664)
  * lib: Add nghttp2_session_get_local_settings() API function
  * lib: Add nghttp2_session_get_local_window_size() and
    nghttp2_session_get_stream_local_window_size() API functions
  * build: Add -lsocket -lnsl to APPLDFLAGS for solaris build
  * neverbleed: Update neverbleed to support ECDSA certificate
  * doc: Mention --enable-lib-only configure option in README
  * integration: Fix test failure with go1.7.1
  * src: Fix compile error with openssl 1.1.0
  * nghttpx: Improve performance with HTTP/1.1 backend when
    request body is involved
  * nghttpx: Use std::atomic_* overloads for std::shared_ptr if
    available
  * nghttpx: Migrate backend stream to another h2 session on
    graceful shutdown
  * nghttpx: Add option to specify HPACK encoder/decoder dynamic
    table size
  * nghttpx: Log client address
  * nghttpx: Add tls_sni to mruby Nghttpx::Env class
  * nghttpx: Add --frontend-http2-window-size option, and its
    family functions
  * nghttpx: Add experimental TCP optimization for h2 frontend
  * nghttpx: Workaround for std::make_shared bug in Xcode7, 7.1,
    and 7.2 (GH-670)
  * nghttpx: Fix bug that bytes are doubly counted to rate limit
    for TLS connections
  * nghttpx: Add --no-server-rewrite option not to rewrite server
    header field (GH-667)
  * nghttpx: Retry if backend h1 connection cannot be established
    due to timeout
  * nghttpx: Reset stream if invalid header field is received in h2
  * nghttpx: Add --server-name option to change server response
    header field (GH-667)
  * nghttpd: Add --encoder-header-table-size option
  * nghttp: Add --encoder-header-table-size option
  * python: Support ALPN, require Python 3.5
- Update to version 1.14.0:
  * lib: Make emit_header() return void since it always succeed
  * lib: Add nghttp2_hd_deflate_hd_vec() deflate API to support
    multiple buffer input
  * lib: since hd_inflate_commit_indexed() always return 0,
    remove the return value check in nghttp2_hd_inflate_hd_nv()
  * lib: Use memeq() instead of lstreq() in lookup_token()
  * lib: More strict stream state handling
  * lib: Modify genlibtokenlookup.py to remove redundant header
    comparisons and remove inline qualifier of lookup_token()
    in genlibtokenlookup.py
  * lib: Fix wrong tree operation to avoid cycle
  * lib: Make get_max_index() return the max index in frame,
    so we don't need to do extra calculation
  * lib: Add nghttp2_on_invalid_header_callback
  * lib: Log frame's stream ID for header debug logging
  * doc: Remove old doc about differential encoding in HPACK
  * doc: Document about ALPN in nghttpx howto
  * nghttpx: Log error code from getsockopt(SO_ERROR) on first
    write event
  * nghttpx: Don't change pushed stream's priority
  * nghttpx: Log backend connection failure in WARN level
  * nghttpx: Fix bug that api and healthmon parameters do not work
    with http2 proxy
  * nghttpx: Add access log variable for backend host and port
  * nghttpx: Use copy instead of const reference of backend group
  * nghttpx: Reload configuration with SIGHUP
  * nghttp: Adjust weight according to Firefox stable
  * nghttp: Call error callback when invalid header field is
    received and ignored
  * nghttp: Allow multiple -p option
  * deflatehd: Call nghttp2_hd_deflate_change_table_size only
    if table size is changed from default
- Update to version 1.13.0:
  * lib: Cancel non-DATA frame transmission from
    nghttp2_before_frame_send_callback
  * doc: Fix warning with Sphinx 1.4
  * build: Work with Android NDK r12b
  * nghttpx: Use consistent hashing for client IP based session
    affinity
  * nghttpx: Fix FTBFS on armel by explicitly including the header
  * nghttpx: Cast to double to fix build with gcc 4.8 on Solaris 11
  * nghttpx: Fix build error with libressl
  * examples: Fix compile error with OpenSSL v1.1.0-beta2
- Update to version 1.12.0:
  * Add nghttp2_session_set_local_window_size API function
  * Add nghttp2_option_set_max_send_header_block_length API
    function (GH-613)
  * Fix warning: declaration of 'free' shadows a global declaration
    (Patch from Alexis La Goutte)
  * examples: Add ALPN support to tutorial client/server (GH-614)
  * nghttpx: Reduce TTFB with large number of incoming connections
  * nghttpx: Rewrite read timer handling
  * nghttpx: Clean up neverbleed AF_UNIX socket
  * nghttpx: Add --backend-max-backoff option
  * nghttpx: Use 16KiB buffer for reading to match TLS record size
  * nghttpx: Add healthmon parameter to -f option to enable health
    monitor mode
  * nghttpx: Receive reference of std::mt19937, not making a copy
  * nghttpx: Fix bug that backend never return to online (GH-615)
  * nghttpx: Implement client IP based session affinity
  * nghttpx: Add --api-max-request-body option to set maximum API
    request body size
  * nghttpx: Add api parameter to --frontend option to mark API
    endpoint
  * h2load: Add content-length header field for HTTP/2 and SPDY as
    well
  * h2load: Implement HTTP/1 upload (GH-611)
- Update to 1.11.1
  * lib: Add nghttp2_hd_inflate_hd2() and deprecate
    nghttp2_hd_inflate_hd()
  * lib: Avoid 0-length DATA if NGHTTP2_DATA_FLAG_NO_END_STREAM is set
  * lib: Fix bug that PING flags are ignored in nghttp2_submit_ping
  * integration: Workaround runtime error: cgo argument has Go pointer
    to Go pointer
  * nghttp: Eliminate zero length DATA frame at the end if possible
  * nghttpd: Set content-length in status response
  * nghttpx: Add sni keyword to --backend option
  * nghttpx: Allow mixed protocol and TLS settings among backends under
    same pattern
  * nghttpx: Don't add 0-length DATA when response HEADERS bears
    END_STREAM flag
  * nghttpx: Don't add chunked encoded response body for HEAD request
  * nghttpx: Don't use CN if we have dNSName or iPAddress field
  * nghttpx: Just call execv instead of execve to pass environ
  * nghttpx: Make SETTINGS timeout value configurable
  * nghttpx: Save PID file after it is ready to accept connections
  * nghttpx: Treat backend failure if SETTINGS is not received within
    timeout
  * nghttpx: Wait for SETTINGS ACK to make sure that backend h2 server
    is alive
- Update to 1.10.0
  * Pass unknown SETTINGS values to nghttp2_on_frame_recv_callback
  * Add ALTSVC frame support
  * Run error callback when peer does not send initial SETTINGS
    frame
  * Update http-parser
  * Update sphinx_rtd_theme
  * nghttp: add an --expect-continue option
  * nghttpx: Fix downstream connect callback called early
  * nghttpx: Truncate too long -b option signature
  * nghttpx: Fix bug that server push from mruby script did not
    work
  * nghttpx: Try next HTTP/1 backend address when connection
    cannot be made
  * nghttpx: Retry next HTTP/2 backend address when connection
    cannot be made
  * nghttpx: Enable link header field based push for non-final
    response
  * nghttpx: Detect online/offline state of backend servers
  * nghttpx: Better load balancing between backend HTTP/2 servers
  * nghttpx: Fix crash with backend failure
- Update to 1.9.2
  * nghttpx: Fix crash with backend failure
  * nghttpx: Better distribute load to backend h2 servers
  * nghttpx: Fix error messages on deprecated mode
  * nghttpx: Fix bug that logger wrote string which was not
    NULL-terminated
  * nghttpx: Fix bug that proxy with HTTP/1.1 CONNECT did not work
- Update to 1.9.1
  * nghttpx: Fix bug that backend tls keyword did not work with -s
    option
  * nghttpx: Fix handing stream after connection check was failed
- Changes for 1.9.0
  * lib: Add nghttp2_error_callback to tell application human
    readable error message
  * lib: Reference counted HPACK name/value pair, adding
  * nghttp2_on_header_callback2
  * lib: Add nghttp2_option_set_no_auto_ping_ack() option
  * lib: Add nghttp2_http2_strerror() to return HTTP/2 error code
    string
  * build: Makefile.msvc enhancements (Patch from Jan-E)
  * build: Lower libev version requirement (Patch from Peter Wu)
  * build: cmake build support (Patch from Peter Wu)
  * asio: Fix bug that server event loop breaks with exception
  * integration: Disable tests that sometimes break randomly on
    travis
  * integration: do not use recursive target (Patch from Peter Wu)
  * h2load: Fix bug that it did not try to connect to server again
  * h2load: Fix bug that initial max concurrent streams was too
    large
  * nghttpx: Memcached connection encryption with tls keyword
  * nghttpx: Enable/disable TLS per frontend address
  * nghttpx: Configure TLS per backend routing pattern
  * nghttpx: Workaround for Ubuntu 15.04 which does not
    value-initialize on std::make_shared.
  * nghttpx: Add --error-page option to set custom error pages
  * nghttpx: Add wildcard host routing
  * nghttpx: Change read timeout reset timing
  * nghttpx: Don't push if Link header field includes nopush
  * nghttpx: Deprecate backend-http1-connections-per-host in favor
    of backend-connections-per-host
  * nghttpx: Restructure mode settings, removing --http2-bridge,
  - -client, and --client-proxy options
  * nghttpx: Deprecate backend-http1-connections-per-frontend in
    favor of backend-connections-per-frontend
  * nghttpx: Don't share session which is already in draining
    state
  * nghttpx: Effectively disable backend HTTP/2 connection flow
    control
  * nghttpx: Add --frontend-http2-max-concurrent-streams and
  - -backend-http2-max-concurrent-streams, and deprecate
  - -http2-max-concurrent-streams option
  * nghttpx: Deprecate --backend-http2-connections-per-worker
    option
  * nghttpx: Share TLS session cache between HTTP/2 and HTTP/1
    backend
  * nghttpx: Rewrite backend HTTP/2 connection coalesce strategy
- Update to 1.8.0
  * Add Architecture documents (work in progress)
  * List all contributors in AUTHORS
  * doc: fix out-of-tree doc builds (Patch from Peter Wu)
  * Wrap AM_PATH_XML2 by m4_ifdef to handle the case when
    _PATH_XML2 is not found
  * Fix configure script for non-gcc, clang build
  * Document compiling apps and include h2load in configure (Patch
    from David Beitey)
  * Don't check for dlopen/libdl on *BSD (Patch from Bernard Spil)
  * Don't taint CXXFLAGS from AX_CXX_COMPILE_STDCXX_11
  * Fixing Windows Makefile version detection (Patch from Reza
    Tavakoli)
  * lib: Tokenize extra HTTP header fields
  * lib: Fix typo in HAVE_CONFIG_H name (Patch from Peter Wu)
  * lib: Add HTTP/2 extension framework to send and receive
    non-critical frames
  * tests: remove unused macros (Patch from Peter Wu)
  * src: Update default cipher list
  * src: Fix compile error with gcc-6 which enables C++14 by default
  * asio: client: Fix connect timeout does not work, return from cb
    if session stopped, removing client::session::connect_timeout()
    functon
  * nghttpd: Start SETTINGS timer after it is written to output
    buffer
  * nghttpd: Add trailer header field to status responses
  * nghttpd: Add -w and -W options to change window size
  * nghttpx: Worker wide blocker which is used when socket(2) is
    failed
  * nghttpx: ConnectBlocker per backend address
  * nghttpx: Interleave text/html pushed resources with associated
    resource
  * nghttpx: Add headers given in add-response-headers for mruby
    response
  * nghttpx: Deprecate --backend-ipv4 and --backend-ipv6 in favor
    of --backend-address-family
  * nghttpx: Add options to specify address family of memcached
    connections
  * nghttpx: Add encryption support for TLS ticket key retrieval
  * nghttpx: Add TLS support for session cache memcached connection
  * nghttpx: Refactor blacklisted cipher suite check (Patch from
    Jay Satiro)
  * nghttpx: Add TLS support for HTTP/1 backend
  * nghttpx: Add request-header-field-buffer and
    max-request-header-fields options, deprecating
    header-field-buffer and max-header-fields options.
  * nghttpx: Add --no-http2-cipher-black-list to allow black listed
    cipher suite
  * nghttpx: Limit header fields from backend
  * nghttpx: Fix bug that IPv6 address in Forwarded "/for"/ is not
    quoted-string
  * nghttpx: Support multiple frontend addresses
  * integration-tests: support out-of-tree tests (Patch from Peter
    Wu)
  * examples: fix compile warnings (Patch from Peter Wu)
- Drop upstreamed nghttp2-c++14.patch
- Update to 1.7.1
  * Fix CVE-2016-1544 (boo#966514)
- Add nghttp2-c++14.patch to properly guard make_unique templates.
  [bsc#964140]
- Update to 1.7.0
  * Reset (RST_STREAM) stream if flow control window gets overflow
  * Validate :authroity, host, and :scheme value more strictly
  * Check request/response submission error based side of session
  * Strict outgoing idle stream detection
  * Return error from nghttp2_submit_{headers,request} when self
    dependency is made
  * Add -ldl to APPLDFLAGS for static openssl linking
  * asio: Stop acceptor on server::http2::stop
  * asio: Rename http2::get_io_services() as http2::io_services()
  * h2load: Support UNIX domain socket
  * h2load: Improve readability of traffic numbers
  * h2load: Remove "/auto"/ for -m option
  * h2load: Show progress in rate mode
  * h2load: Perform sampling for request and connection timings to
    reduce memory consumption
  * nghttpd: Add --no-content-length option to omit content-length
    in response
  * nghttpx: Interleave pushed streams with the associated stream
    if pushed streams are javascript and CSS resources
  * nghttpx: The initial value of request/response buffer is
    increased to 128K
  * nghttpx: Fix bug that --listener-disable-timeout option is not
    used
  * nghttpx: Don't emit :authority if request does not contain
    authority information
  * nghttpx: Add clarification of quotes in configuration file
  * nghttpx: Don't allow certain characters in host and :scheme
    header field
  * nghttpx: Add RFC 7239 Forwarded header field support
  * nghttpx: Fix crash when running on IPv6 only (Patch from Vernon
    Tang)
  * nghttpx: Take into account of trailers when applying
    max_header_fields
  * nghttpx: Don't apply max_header_fields and header_field_buffer
    limit to response
  * nghttpx: Strict validation for header fields given in
    configuration
  * nghttpx: header value should not be lower-cased (Patch from
    ayanamist)
- fixed typo in libnghttp2_asio1 [bsc#962914]
ntp
- Refactor the key handling in %post so that it does not overwrite
  user settings (bsc#1036505, bsc#1183513).
open-iscsi
- Do not restart iscsid and iscsiuio during package upgrade,
  if those daemons are running. (bsc#1183741).
- Cherry picked 3 factory commits (from upstream) for bsc#1183421:
  * Enable iscsi.service asynchronous logins, cleanup services
  * Implement login "/no_wait"/ for iscsiadm NODE mode
  * Add ability to attempt target logins asynchronously
openldap2-client
- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the
  X.509 DN parsing in decode.c ber_next_element, resulting in denial
  of service.
  * 0218-ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch
- bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN
  parsing in ad_keystring, resulting in denial of service.
  * 0220-ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch
- bsc#1182412 CVE-2020-36228 - integer underflow leading to crash
  in the Certificate List Exact Assertion processing, resulting in
  denial of service.
  * 0221-ITS-9427-fix-issuerAndThisUpdateCheck.patch
- bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the
  cancel_extop Cancel operation, resulting in denial of service.
  * 0222-ITS-9428-fix-cancel-exop.patch
- bsc#1182416 CVE-2020-36225 - double free and slapd crash in the
  saslAuthzTo processing, resulting in denial of service.
  * 0216-ITS-9412-fix-AVA_Sort-on-invalid-RDN.patch
- bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash
  in the saslAuthzTo processing, resulting in denial of service.
  * 0215-ITS-9409-saslauthz-use-slap_sl_free-in-prev-commit.patch
  * 0214-ITS-9409-saslauthz-use-ch_free-on-normalized-DN.patch
- bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd
  crash in the saslAuthzTo processing, resulting in denial of service.
  * 0217-ITS-9413-fix-slap_parse_user.patch
- bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the
  saslAuthzTo validation, resulting in denial of service.
  * 0211-ITS-9406-9407-remove-saslauthz-asserts.patch
  * 0212-ITS-9406-fix-debug-msg.patch
- bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact
  Assertion processing, resulting in denial of service (schema_init.c
  serialNumberAndIssuerCheck).
  * 0210-ITS-9404-fix-serialNumberAndIssuerCheck.patch
  * 0219-ITS-9424-fix-serialNumberAndIssuerSerialCheck.patch
- bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter
  control handling, resulting in denial of service (double free and
  out-of-bounds read).
  * 0213-ITS-9408-fix-vrfilter-double-free.patch
- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur
    in the issuerAndThisUpdateCheck function via a crafted packet,
    resulting in a denial of service (daemon exit) via a short timestamp.
    This is related to schema_init.c and checkTime.
  * patch: 0209-ITS-9454-fix-issuerAndThisUpdateCheck.patch
openslp
- Implement automatic active discovery retries so that DAs do
  not get dropped if they are not reachable for some time
  [bnc#1166637] [bnc#1184008]
  new patch: openslp.unicastactivediscovery.diff
openssl-1_0_0
- Security fixes:
  * Integer overflow in CipherUpdate: Incorrect SSLv2 rollback
    protection [bsc#1182333, CVE-2021-23840]
  * Null pointer deref in X509_issuer_and_serial_hash()
    [bsc#1182331, CVE-2021-23841]
- Add openssl-CVE-2021-23840.patch openssl-CVE-2021-23841.patch
permissions
  * make btmp root:utmp (bsc#1050467, bsc#1182899)
- Update to version 20170707:
polkit
- CVE-2021-3560: fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync()
  (bsc#1186497)
  CVE-2021-3560.patch
psmisc
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
  * Fix bsc#1178407: fuser does not show open kvm storage image files
    such as qcow2 files. Patch from Ali Abdallah <ali.abdallah@suse.com>
python
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
  use of semicolon as a query string separator (bpo#42967,
  bsc#1182379, CVE-2021-23336).
- Update to 2.7.18, final release of Python 2. Ever.:
  - Newline characters have been escaped when performing uu
    encoding to prevent them from overflowing into to content
    section of the encoded file. This prevents malicious or
    accidental modification of data during the decoding process.
  - Fixes a ReDoS vulnerability in http.cookiejar. Patch
    by Ben Caller.
  - Fixed line numbers and column offsets for AST nodes for calls
    without arguments in decorators.
  - Disallow control characters in hostnames in http.client,
    addressing CVE-2019-18348. Such potentially malicious header
    injection URLs now cause a InvalidURL to be raised.
  - Fix urllib.urlretrieve failing on subsequent ftp transfers
    from the same host.
  - Fix problems identified by GCC's -Wstringop-truncation
    warning.
  - AddRefActCtx() was needlessly being checked for failure in
    PC/dl_nt.c.
  - Prevent failure of test_relative_path in test_py_compile on
    macOS Catalina.
  - Fixed possible leak in :c:func:`PyArg_Parse` and similar
    functions for format units "/es#"/ and "/et#"/ when the macro
    :c:macro:`PY_SSIZE_T_CLEAN` is not defined.
- Remove upstreamed patches:
  - CVE-2019-18348-CRLF_injection_via_host_part.patch
python-base
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
  use of semicolon as a query string separator (bpo#42967,
  bsc#1182379, CVE-2021-23336).
- Update to 2.7.18, final release of Python 2. Ever.:
  - Newline characters have been escaped when performing uu
    encoding to prevent them from overflowing into to content
    section of the encoded file. This prevents malicious or
    accidental modification of data during the decoding process.
  - Fixes a ReDoS vulnerability in http.cookiejar. Patch
    by Ben Caller.
  - Fixed line numbers and column offsets for AST nodes for calls
    without arguments in decorators.
  - Disallow control characters in hostnames in http.client,
    addressing CVE-2019-18348. Such potentially malicious header
    injection URLs now cause a InvalidURL to be raised.
  - Fix urllib.urlretrieve failing on subsequent ftp transfers
    from the same host.
  - Fix problems identified by GCC's -Wstringop-truncation
    warning.
  - AddRefActCtx() was needlessly being checked for failure in
    PC/dl_nt.c.
  - Prevent failure of test_relative_path in test_py_compile on
    macOS Catalina.
  - Fixed possible leak in :c:func:`PyArg_Parse` and similar
    functions for format units "/es#"/ and "/et#"/ when the macro
    :c:macro:`PY_SSIZE_T_CLEAN` is not defined.
- Remove upstreamed patches:
  - CVE-2019-18348-CRLF_injection_via_host_part.patch
python-cffi
- Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)
- update to version 1.11.5:
  * Issue #357: fix ffi.emit_python_code() which generated a buggy
    Python file if you are using a struct with an anonymous union
    field or vice-versa.
  * Windows: ffi.dlopen() should now handle unicode filenames.
  * ABI mode: implemented ffi.dlclose() for the in-line case (it used
    to be present only in the out-of-line case).
  * Fixed a corner case for setup.py install --record=xx --root=yy
    with an out-of-line ABI module. Also fixed Issue #345.
  * More hacks on Windows for running CFFI’s own setup.py.
  * Issue #358: in embedding, to protect against (the rare case of)
    Python initialization from several threads in parallel, we have to
    use a spin-lock. On CPython 3 it is worse because it might
    spin-lock for a long time (execution of Py_InitializeEx()). Sadly,
    recent changes to CPython make that solution needed on CPython 2
    too.
  * CPython 3 on Windows: we no longer compile with Py_LIMITED_API by
    default because such modules cannot be used with virtualenv. Issue
    [#350] mentions a workaround if you still want that and are not
    concerned about virtualenv: pass a
    define_macros=[("/Py_LIMITED_API"/, None)] to the
    ffibuilder.set_source() call.
- specfile:
  * delete patch cffi-loader.patch; included upstream
- update to version 1.11.4:
  * Windows: reverted linking with python3.dll, because virtualenv
    does not make this DLL available to virtual environments for
    now. See Issue #355. On Windows only, the C extension modules
    created by cffi follow for now the standard naming scheme
    foo.cp36-win32.pyd, to make it clear that they are regular CPython
    modules depending on python36.dll.
- changes from version 1.11.3:
  * Fix on CPython 3.x: reading the attributes __loader__ or __spec__
    from the cffi-generated lib modules gave a buggy
    SystemError. (These attributes are always None, and provided only
    to help compatibility with tools that expect them in all modules.)
  * More Windows fixes: workaround for MSVC not supporting large
    literal strings in C code (from
    ffi.embedding_init_code(large_string)); and an issue with
    Py_LIMITED_API linking with python35.dll/python36.dll instead of
    python3.dll.
  * Small documentation improvements.
python-cryptography
- Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)
- update to 2.8
  * Added support for Python 3.8.
  * Added class methods Poly1305.generate_tag and Poly1305.verify_tag for Poly1305 sign and verify operations.
  * Deprecated support for OpenSSL 1.0.1. Support will be removed in cryptography 2.9.
  * We now ship manylinux2010 wheels in addition to our manylinux1 wheels.
  * Added support for ed25519 and ed448 keys in the CertificateBuilder, CertificateSigningRequestBuilder, CertificateRevocationListBuilder and OCSPResponseBuilder.
  * cryptography no longer depends on asn1crypto.
  * FreshestCRL is now allowed as a CertificateRevocationList extension.
- Convert to single-spec (fate#324191, bsc#1065275)
- Run fdupes to hardlink duplicate files
  + Add fdupes to BuildRequires
  + Add %fdupes %{buildroot}/%{_prefix} to %install
- update to 2.7
  * BACKWARDS INCOMPATIBLE: Removed the cryptography.hazmat.primitives.mac.MACContext interface.
  The CMAC and HMAC APIs have not changed, but they are no longer registered
  as MACContext instances.
  * Removed support for running our tests with setup.py test.
  * Add support for :class:`~cryptography.hazmat.primitives.poly1305.Poly1305`
  when using OpenSSL 1.1.1 or newer.
  * Support serialization with Encoding.OpenSSH and PublicFormat.OpenSSH
  in :meth:`Ed25519PublicKey.public_bytes <cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey.public_bytes>` .
  * Correctly allow passing a SubjectKeyIdentifier to :meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`
  and deprecate passing an Extension object.
- Simplify the test execution to be more understandable
- update to 2.6.1:
  * BACKWARDS INCOMPATIBLE:
    Removedcryptography.hazmat.primitives.asymmetric.utils.encode_rfc6979_signature
    andcryptography.hazmat.primitives.asymmetric.utils.decode_rfc6979_signature,
    which had been deprecated for nearly 4 years. Use encode_dss_signature()
    and decode_dss_signature()instead.
  * BACKWARDS INCOMPATIBLE: Removed cryptography.x509.Certificate.serial, which
    had been deprecated for nearly 3 years. Use serial_number instead.
  * Updated Windows, macOS, and manylinux1 wheels to be compiled with
    OpenSSL 1.1.1b.
  * Added support for Ed448 signing when using OpenSSL 1.1.1b or newer.
  * Added support for Ed25519 signing when using OpenSSL 1.1.1b or newer.
  * load_ssh_public_key() can now load ed25519 public keys.
  * Add support for easily mapping an object identifier to its elliptic curve
    class viaget_curve_for_oid().
  * Add support for OpenSSL when compiled with the no-engine
    (OPENSSL_NO_ENGINE) flag.
- Dependency on python-idna changed to "/Recommends"/ aligned with
  change in upstream source (see below)
- update to 2.5:
  * BACKWARDS INCOMPATIBLE: U-label strings were deprecated in version 2.1,
    but this version removes the default idna dependency as well. If you still
    need this deprecated path please install cryptography with the idna extra:
    pip install cryptography[idna].
  * BACKWARDS INCOMPATIBLE: The minimum supported PyPy version is now 5.4.
  * Numerous classes and functions have been updated to allow bytes-like
    types for keying material and passwords, including symmetric algorithms,
    AEAD ciphers, KDFs, loading asymmetric keys, and one time password classes.
  * Updated Windows, macOS, and manylinux1 wheels to be compiled with OpenSSL 1.1.1a.
  * Added support for SHA512_224 and SHA512_256 when using OpenSSL 1.1.1.
  * Added support for SHA3_224, SHA3_256, SHA3_384, and SHA3_512 when using OpenSSL 1.1.1.
  * Added support for X448 key exchange when using OpenSSL 1.1.1.
  * Added support for SHAKE128 and SHAKE256 when using OpenSSL 1.1.1.
  * Added initial support for parsing PKCS12 files with load_key_and_certificates().
  * Added support for IssuingDistributionPoint.
  * Added rfc4514_string() method to x509.Name,
    x509.RelativeDistinguishedName, and x509.NameAttribute to format the name
    or component an RFC 4514 Distinguished Name string.
  * Added from_encoded_point(), which immediately checks if the point is on
    the curve and supports compressed points. Deprecated the previous method
    from_encoded_point().
  * Added signature_hash_algorithm to OCSPResponse.
  * Updated X25519 key exchange support to allow additional serialization
    methods. Calling public_bytes() with no arguments has been deprecated.
  * Added support for encoding compressed and uncompressed points via
    public_bytes(). Deprecated the previous method encode_point().
- Update to version 2.4.2:
  * Updated Windows, macOS, and manylinux1 wheels to be compiled
    with OpenSSL 1.1.0j.
- Update to 2.4.1:
  * Dropped support for LibreSSL 2.4.x.
  * Deprecated OpenSSL 1.0.1 support. OpenSSL 1.0.1 is no
    longer supported by the OpenSSL project. At this time there
    is no time table for dropping support, however we strongly
    encourage all users to upgrade or install cryptography from
    a wheel.
  * Added initial :doc:`OCSP </x509/ocsp>` support.
  * Added support for cryptography.x509.PrecertPoison.
- Fix fdupes call
- Update to 2.3.1:
  * updated tests for upstream wycheproof changes
  * many other tiny test tweaks
- update to 2.3:
  * SECURITY ISSUE: finalize_with_tag() allowed tag truncation by default
    which can allow tag forgery in some cases. The method now enforces the
    min_tag_length provided to the GCM constructor.
  * Added support for Python 3.7.
  * Added extract_timestamp() to get the authenticated timestamp of a Fernet token.
  * Support for Python 2.7.x without hmac.compare_digest has been deprecated.
    We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next
    cryptography release.
  * Fixed multiple issues preventing cryptography from compiling
    against LibreSSL 2.7.x.
  * Added get_revoked_certificate_by_serial_number for quick
    serial number searches in CRLs.
  * The RelativeDistinguishedName class now preserves the order of attributes.
    Duplicate attributes now raise an error instead of silently discarding duplicates.
  * aes_key_unwrap() and aes_key_unwrap_with_padding() now raise InvalidUnwrap
    if the wrapped key is an invalid length, instead of ValueError.
- update to 2.2.2
  * fix build on some systems with openssl 1.1.0h
- Cleanup with spec-cleaner
- Use %setup to unpack all archives do not rely on tar calls
- Update to upstream release 2.2.1:
  * Reverted a change to GeneralNames which prohibited having zero elements,
    due to breakages.
  * Fixed a bug in
    :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding`
    that caused it to raise InvalidUnwrap when key length modulo 8 was zero.
  * BACKWARDS INCOMPATIBLE: Support for Python 2.6 has been dropped.
  * Resolved a bug in HKDF that incorrectly constrained output size.
  * Added
    :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP256R1`,
    :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP384R1`, and
    :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP512R1` to
    support inter-operating with systems like German smart meters.
  * Added token rotation support to :doc:`Fernet </fernet>` with
    :meth:`~cryptography.fernet.MultiFernet.rotate`.
  * Fixed a memory leak in
    :func:`~cryptography.hazmat.primitives.asymmetric.ec.derive_private_key`.
  * Added support for AES key wrapping with padding via
    :func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap_with_padding` and
    :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding` .
  * Allow loading DSA keys with 224 bit q.
- fix deps for hypothesis, pytest
- Fix previous change and explicitly require python2 instead of
  python because python itself is also provided by python3.
  This fixes:
  ImportError: No module named _ssl
  when using python-cryptography in a python2 build environment
- Fix the previous change to not pull in py2 on py3 enviroment
- fix requires on python ssl once more after the last change
- build python3 subpackage (FATE#324435, bsc#1073879)
python-six
- Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)
- Fix testsuite on SLE-12
  + Add python to BuildRequires for suse_version < 1500
- Include in SLE-12 (FATE#326838, bsc#1113302)
- build python3 subpackage (FATE#324435, bsc#1073879)
- Submit 1.9.0 to SLE-12 (fate#319030, fate#318838, bsc#940812)
- sanitize release line in specfile
python3
- Add CVE-2020-27619-no-eval-http-content.patch fixing
  CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support
  calls eval() on content retrieved via HTTP.
- Make sure to close the import_failed.map file after the exception
  has been raised in order to avoid ResourceWarnings when the
  failing import is part of a try...except block.
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
  use of semicolon as a query string separator (bpo#42967,
  bsc#1182379, CVE-2021-23336).
python3-base
- Add CVE-2020-27619-no-eval-http-content.patch fixing
  CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support
  calls eval() on content retrieved via HTTP.
- Make sure to close the import_failed.map file after the exception
  has been raised in order to avoid ResourceWarnings when the
  failing import is part of a try...except block.
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
  use of semicolon as a query string separator (bpo#42967,
  bsc#1182379, CVE-2021-23336).
release-notes-sles
- 12.5.20210421 (tracked in bsc#1185079)
- Added note about supportconfig SAP plugin (jsc#SLE-12168)
- Added note about updated Xorg Server (jsc#SLE-11159)
- Updated note about LibreOffice version (jsc#SLE-11176)
- Fixed typo Image/Images (bsc#1180943)
rsyslog
-  fix race in async writer (bsc#1179089)
  * add 0001-omfile-bugfix-race-file-when-async-writing-is-enable.patch
salt
- Add core grains support for AlmaLinux
- Added:
  * add-almalinux-to-the-os-family-list-340.patch
- Allow vendor change option with zypper
- Added:
  * allow-vendor-change-option-with-zypper-313.patch
- virt: virtual network backports to Salt 3000
- Added:
  * opensuse-3000-virtual-network-backports-329.patch
- Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474)
- Added:
  * do-not-monkey-patch-yaml-bsc-1177474.patch
- Only require python-certifi for CentOS7
- Fix race conditions for corner cases when handling SIGTERM by minion (bsc#1172110)
- Added:
  * prevent-race-condition-on-sigterm-for-the-minion-bsc.patch
- Rename patch file
- Renamed:
  * fix_regression_in_cmd_run_after_cve.patch -> fix-regression-on-cmd.run-when-passing-tuples-as-cmd.patch
- Implementation of suse_ip execution module to prevent issues with network.managed (bsc#1099976)
- Fix recursion false detection in payload (bsc#1180101)
- Add sleep on exception handling on minion connection attempt to the master (bsc#1174855)
- Allows for the VMware provider to handle CPU and memory hot-add in newer versions of the software. (bsc#1181347)
- Always require python-certifi (used by salt.ext.tornado)
- Exclude SLE 12 from requiring python-certifi
- Added:
  * fixes-56144-to-enable-hotadd-profile-support.patch
  * fix-recursion-false-detectioni-in-payload-305.patch
  * add-sleep-on-exception-handling-minion-connecting-to.patch
  * implementation-of-suse_ip-execution-module-bsc-10999.patch
- Do not crash when unexpected cmd output at listing patches (bsc#1181290)
- Added:
  * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch
- Fix behavior for "/onlyif/unless"/ when multiple conditions (bsc#1180818)
- Added:
  * fix-onlyif-unless-when-multiple-conditions-bsc-11808.patch
- Master can read grains (bsc#1179696)
samba
-  CVE-2021-20254 Buffer overrun in sids_to_unixids();
  (bso#14571); (bsc#1184677).
- Avoid free'ing our own pointer in memcache when memcache_trim
  attempts to reduce cache size; (bso#14625); (bnc#1179156).
- Adjust smbcacls '--propagate-inheritance' feature to align with
  upstream; (bsc#1178469).
sudo
- Tenable Scan reports sudo is still vulnerable to CVE-2021-3156
  [bsc#1183936]
supportutils
- Additions to version 3.0.9
  + prevent running 'systool -vb memory' by default on systems with 16TB or more #57 (bsc#1127734)
- Additions to version 3.0.9
  + Checks package signatures in rpm.txt (bsc#1021918)
  + Optimizing find (bsc#1184911)
- Using zypper --xmlout (bsc#1181351)
- Error fix for sysfs.txt (bsc#1089870)
- Additions to version 3.0.9
  + Added drbd information and configuration details to drbd.txt (bsc#1063765)
  + Added list-timers and list-jobs to systemd.txt (bsc#1169348)
  + nfs4 in search (bsc#1184828)
- Captures rotated logs with different compression methods (bsc#1179188)
- Minor wording change in text
- Removed deprecated mii-tool (bsc#1043601)
  - Added -u for HTTPS and -a for FTPES uploads to SUSE FTP servers
  (bsc#1051419)
systemd
- Import commit 29b66d7e01845caec85e303e784ba216918715c1
  b06adcab32 systemctl: add --value option
  e1f9d7b8f0 execute: make sure to call into PAM after initializing resource limits (bsc#1184967)
  d2396ab8b7 rlimit-util: introduce setrlimit_closest_all()
  d1e0854de9 system-conf: drop reference to ShutdownWatchdogUsec=
  91110a7331 core: rename ShutdownWatchdogSec to RebootWatchdogSec (bsc#1185331)
  b249d10eb5 Return -EAGAIN instead of -EALREADY from unit_reload (bsc#1185046)
- Import commit 0c74cd4d58ef31f346e1edb1be7692d61961897c
  611376f830 rules: don't ignore Xen virtual interfaces anymore (bsc#1178561)
  65f4fa852e write_net_rules: set execute bits (bsc#1178561)
  f60153e565 udev: rework network device renaming
  df31eb968a Revert "/Revert "/udev: network device renaming - immediately give up if the target name isn't available"/"/
- Import commit d7219f1b222f5ca3ff58701d413bf09fe8ce2e82 (bsc#1183790)
  b66e9a5e5a service: go through stop_post on failure (#4770)
  8d4001767f service: only fail notify services on empty cgroup during start
  322324c5e6 service: fix main processes exit behavior for type notify services
  fdb06bc393 service: introduce protocol error type
  1a94e63978 core: when a service's ExecStartPre= times out, skip ExecStop=
- Import commit fadcac5bb458e57306bd370995938af4c7ea05f8
  832c6d3161 shutdown: bump kmsg log level to LOG_WARNING only
  77fa130932 shutdown: rework bump_sysctl_printk_log_level() to use sysctl_writef()
  17e2859d11 sysctl: add sysctl_writef() helper
  0826c7395e shutdown: use "/int"/ for log level type
  d3345e5d0d killall: bump log message about unkilled processes to LOG_WARNING
  408ad0aeed core/killall: Log the process names not killed after 10s
  235fb3716f shutdown: Bump sysctl kernel.printk log level in order to see info msg
  816497776a core/killall: Propagate errors and return the number of process left
  ea84ca6f13 shutdown: always pass errno to logging functions
  28de6884a5 umount: beef up logging when umount/remount child processes fail
  7954277e26 umount: Try unmounting even if remounting read-only failed
  3e1b1be184 core: Implement sync_with_progress() (bsc#1178219)
  748da3e5c7 core: Implement timeout based umount/remount limit (bsc#1178219)
  705b3d7618 core: remove "/misuse"/ of getpgid() in systemd-shutdown
  573617ed8a core: systemd-shutdown: avoid confusingly redundant messages
  f07ddb30ad core: systemd-shutdown: add missing check for umount_changed
  016365166a umount: always use MNT_FORCE in umount_all() (#7213)
  f831b68e56 pid1: improve logging when failing to remount / ro (#5940)
  4d1bbd1bc1 signal-util: use a slightly less likely to conflict variable name instead of 't'
  447ed76ff9 shutdown: already sync IO before we enter the final killing spree
  0a80b4a9ac shutdown: use (void)
  8428aa0e6d shutdown: use 90s SIGKILL timeout
  5cbaf621ca basic: mark unused variable as such
  a320b497db nss: block various signals while running NSS lookups
  87b294baa5 core: free m->deserialized_subscribed on daemon-reexec
  0ba5127071 PATCH] Always free deserialized_subscribed on reload (bsc#1180020)
    A bunch of commits which should improve the logs emitted by
  systemd-shutdown during the shutdown process when some badly written
  applications cannot be stopped properly and prevents some mount
  points to be unmounted properly. See bsc#1178219 for an example of
  such case.
- Don't use shell redirections when calling a rpm macro (bsc#1183094)
  It's broken since the redirection is expanded where the parameters
  of the macro are, which can be anywhere in the body of macro.
- systemd requires aaa_base >= 13.2
  This dependency is required because 'systemctl
  {is-enabled,enable,disable} <initscript>"/ ends up calling
  systemd-sysv-install which in its turn calls "/chkconfig
  - -no-systemctl"/.
  aaa_base package has a weird versioning but the '--no-systemctl'
  option has been introduced starting from SLE12-SP2-GA, which shipped
  version "/13.2+git20140911.61c1681"/.
  Spotted in bsc#1180083.
tar
- security update
- added patches
  fix CVE-2021-20193 [bsc#1181131], Memory leak in read_header() in list.c
  + tar-CVE-2021-20193.patch
tcsh
- Add patch tcsh-6.18.01-toolong.patch which is an upstream commit
  ported back to 6.18.01 to fix bsc#1179316 about history file growing
xen
- A recent systemd update caused a regression in xenstored.service
  systemd now fails to track units that use systemd-notify
  (bsc#1183790)
- Add xenstore-launch.patch, which adds a delay between the call
  to systemd-notify and the final exit of the wrapper script
  (bsc#1185021, bsc#1185196)
- Take the opportunity to change the built-in default of XENSTORETYPE=
  from daemon to domain. This will run xenstored in a separeate
  stubdom, which will make processing of large and/or concurrent
  batches of xenstore accesses more robust (fate#323663)
  adjust xenstored-run-in-stubdomain.patch
- bsc#1177204 - L3-Question: conring size for XEN HV's with huge
  memory to small. Inital Xen logs cut
  5ffc58c4-ACPI-reduce-verbosity-by-default.patch
- Upstream bug fixes (bsc#1027519)
  601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch
  602bd768-page_alloc-only-flush-after-scrubbing.patch
  602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch
  602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch
  6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch
  60410127-gcc11-adjust-rijndaelEncrypt.patch
  60422428-x86-shadow-avoid-fast-fault-path.patch
  604b9070-VT-d-disable-QI-IR-before-init.patch
- bsc#1177112 - Fix libxc.sr.superpage.patch
  The receiving side did detect holes in a to-be-allocated superpage,
  but allocated a superpage anyway. This resulted to over-allocation.
- bsc#1183072 - VUL-0: CVE-2021-28687: xen: HVM soft-reset crashes
  toolstack (XSA-368). Also resolves,
  bsc#1179148 - kdump of HVM fails, soft-reset not handled by libxl
  bsc#1181989 - openQA job causes libvirtd to dump core when
  running kdump inside domain
  xsa368.patch
- bsc#1182846 - VUL-0: CVE-2021-20257: xen: infinite loop issue in
  the e1000 NIC emulator
  CVE-2021-20257-qemut-infinite-loop-issue-in-the-e1000-NIC-emulator.patch
- bsc#1178591 - fix bad backport
  Update xsa351-1.patch xsa351-2.patch
  Drop xsa351-fix.patch
- Upstream bug fixes (bsc#1027519)
  5fd8aef3-x86-avoid-calling-do_resume.patch (Replaces xsa348.patch)
  5fd8af4b-evtchn-FIFO-add-2nd-smp_rmb.patch (Replaces xsa359.patch)
  5fd8b02d-evtchn-FIFO-reorder-and-synchronize.patch (Replaces xsa358.patch)
  5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch
  5ff71655-x86-dpci-EOI-regardless-of-masking.patch
  5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch
  600999ad-x86-dpci-do-not-remove-pirqs-from.patch (Replaces xsa360.patch)
  600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch
  6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch
- bsc#1178591 - VUL-0: CVE-2020-28368: xen: Intel RAPL sidechannel
  attack aka PLATYPUS attack aka XSA-351
  xsa351-fix.patch
- bsc#1181254 - VUL-0: xen: IRQ vector leak on x86 (XSA-360)
  xsa360.patch
- bsc#1178736 - allow restart of xenwatchdogd, enable tuning of
  keep-alive interval and timeout options via XENWATCHDOGD_ARGS=
  add xenwatchdogd-options.patch
  add xenwatchdogd-restart.patch
- bsc#1177112 - Fix libxc.sr.superpage.patch
  The receiving side may punch holes incorrectly into optimistically
  allocated superpages. Also reduce overhead in bitmap handling.
  add libxc-bitmap-50a5215f30e964a6f16165ab57925ca39f31a849.patch
  add libxc-bitmap-long.patch
  add libxc-bitmap-longs.patch
yast2-pkg-bindings
- Pkg.ProvidePackage() - download the latest package version from
  the repository, this ensures that the installer is updated with
  the latest packages from the installer updates repository
  (bsc#1185240)
- 3.2.9
zlib
- Fix hw compression on z15 bsc#1176201
- Add zlib-s390x-z15-fix-hw-compression.patch