amazon-ssm-agent
- Fix mangled ExlusiveArch field
- Update to version 3.1.1260.0
  + Added missing check for invalid S3 path parameter
  + Added support for domain join using a non-local username
  + Fixed broken links in README.md
  + Fixed ECS Exec issue where agent was using environment variables for credentials
  + Updated Ec2Detector test to query smbios directly for system information
- from version 3.1.1208.0
  + Updated ec2detector module to use Get-CmiInstance instead of wmic.exe
  + Fixed file creation mode of ssm-agent-users sudoer file (bsc#1196556, CVE-2022-29527)
- from version 3.1.1188.0
  + Added new ec2detector module to determine if agent is on EC2
  + Added support for port forwarding to remote host
  + Added quotes around inventory parameter ValueName on Windows
  + Fix for domain join DNS IP assignments in shared directories
  + Replaced namedpipe updater test with ec2detector test
- from version 3.1.1141.0
  + Add application inventory by file for Bottlerocket
  + Fix infinite retry logic to send failed replies in MGSInteractor
  + Remove usage of io/fs package
- from version 3.1.1080.0
  + (windows only) Remove symlink scan during update
- from version 3.1.1045.0
  + Fixed sourceHash validation for aws:application document plugin
  + Added document parameter validation for values passed to target document of aws:runDocument plugin
  + (windows only) Fix process leak when legacy cloudwatch plugin is enabled
  + (windows only) Fail installation if C:ProgramDataAmazonSSM has symlinks
- from version 3.1.1004.0
  + Added platform detection for Bottlerocket OS
  + Consolidated regional endpoint generation to common endpoint module
- from version 3.1.941.0
  + Added support for Rocky linux
  + Fixed sharefile/shareprofile not being propagated to updateutil
  + Fixed incorrect darwin platform detection post BigSur
  + Fixed log flush issue in updater
  + Updated .NET dependencies for domainjoin and cloudwatch (windows only)
  + Updated go version to 1.17.6
- from version 3.1.821.0
  + Implement new core module named MessageService to start processing commands from both MGS and MDS
  * Merge functionalities from RunCommandService core module and Session core module.
  * Receive run command documents through MGS if connected and fallback to MDS otherwise.
    This functionality requires appropriate permissions for both endpoints and will be rolled
    out gradually to end users.
  * Provide filesystem based idempotency check to avoid duplicate run command document execution.
  * Increase default run command pool buffer size from 1 to 5 to load additional documents
    before-hand for processing.
  + Fix nil pointer deference panic produced in named pipe test case during agent update
  + Remove StopType concept in ssm-agent-worker and add different waits for reboot and shutdown stop
- from version 3.1.804.0
  + Add support for upstart when running get-diagnostic command using ssm-cli
  + Fix systemctl service name to support older versions of systemctl
  + Include changes to facilitate testing
  + Update DNS server selection logic for seamless domain join on linux and darwin
  + Update go version to go1.17.5
  + Update golang sys package dependency
- from version 3.1.715.0
  + Derive default directories from appconfig on Darwin
  + Set x-bit on newly-created directories
- from version 3.1.634.0
  + Fix for ssm-setup-cli to be able to select service manager without the agent being installed
- from version 3.1.630.0
  + Added greengrass component recipe for the new SystemsManagerAgent component
  + Added support for registering agent on a greengrass device
  + Added support for downloading more than 1000 objects in downloadContent
  + Fixed retry logic for onprem and s3 upload
  + Fixed unit tests when running on Mac
  + Update AWS SDK to v1.41.4
  + Update logic to retrieve platform details for Rocky Linux
- from version 3.1.501.0
  + Add diagnostics command to ssm-cli
  + Fix caching for onprem credentials
  + Additional configuration options for Seamless Domain Join
  + Gracefully exit session if group of runas user is modified
  + Skip retries for cert validation errors in S3 HEAD requests
  + Fix DNS failures on CentOS 8.2
  + Update several dependencies
- from version 3.1.459.0
  + Fixed a bug with powershell command for Inventory
- from version 3.1.426.0
  + Fixed cpu spike issue manifesting on snap
  + Fixed issue with version comparison in EC2Config update plugin
  + Fixed panic when command output was being truncated
  + Updated build to use go1.16.8
  + Removed Profile from inventory powershell commands on Windows
- from version 3.1.338.0
  + Fix to eliminate WaitGroup reuse panic triggered during agent reboot
  + Fix to include applications without UninstallString in Inventory for Windows
  + Fixed a bug where multi-plugin documents with large outputs would timeout RunCommand
  + Fixed a bug where RunCommand could delay executions for up to 15 minutes
- from version 3.1.282.0
  + Add serial port logging of AwsNitroEnclaves package version on windows during startup
  + Allow usage of existing loggroup/logstream when the user does not have create permission
  + Change service interrogate request log to debug
  + Cleanup old surveyor channel files on startup
  + Fix filehandle leak in windows leading to agent going offline
  + Fix to schedule correct next run time during orchestration directories cleanup
  + Fix to sequentially update correct runcount value in the document bookkeeping file
  + Fix a bug with version parsing EC2Config updater
  + Updated rpm packaging for fips compliance
- from version 3.1.192.0
  + Added darwin arm64 to makefile
  + Added logic to limit orchestration directory cleanup
  + Added packaging for public SSM Agent container image
  + Fixed cloudwatch endpoint for telemetry metrics requests
  + Fixed handling of Windows filepaths and mutex locks
  + Fixed agent worker handling of OS signals and termination channel requests
  + Updated datachannel retry strategy to not retry for a specific error scenario
  + Updated default gomaxproc value for Windows
  + Update build to use go1.16.6
- from version 3.1.127.0
  + Added a workaround for windows random halts
  + Fixed race condition during reboot document execution
- from version 3.1.90.0
  + Updated to version 3.1
  + Updated build to build statically linked binaries for linux 64bit
  * Minimum supported linux kernel version for linux 64bit is 3.2+
  + Fixed permissions for docker config file
  + Fixed issue with ubuntu prerm and postinst scripts
  + Fixed issue where processor stop was being called twice
- from version 3.0.1390.0
  + Added config option to delete orchestration folder
  + Added snapcraft packaging config
  + Added workaround for aws:runDocument status bug
  + Added improved handling of file closure
  + Added support for go mod and updated build to use go 1.16.4
  + Fixed bug parsing vpce s3 urls
  + Refactored use of agent identity in agent cli
  + Updated check if agent is running as windows service
  + Updated handling of session cancellation to still send output to client side
  + Updated interactive session exit code logic to match non-interactive mode
  + Updated vendor dependencies
- Update directory path for GOPATH
- Update to version 3.0.1295.0
  + Added configurable custom identity and identity consumption order
  + Added cross-account domain join
  + Added cleanup for older versions of updater artifacts
  + Added a workaround for MacOS kernel bug that sometimes kept RunCommand from launching
  + Added a workaround for log file contention on Windows
  + Added synchronization to RunCommand service stop
  + Changed hibernation log level
  + MacOS executables are now signed
  + Removed delay in non-interactive session type
apparmor
- Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on
  /proc/{pid}/fd for samba-bgqd (bnc#1196850).
- Add update-usr-sbin-smbd.diff to add new rule to allow reading of
  openssl.cnf (bnc#1195463).
bind
- Security Fixes:
  * Previously, there was no limit to the number of database lookups
  performed while processing large delegations, which could be abused
  to severely impact the performance of named running as a recursive
  resolver. This has been fixed.
  [bsc#1203614, CVE-2022-2795, bind-CVE-2022-2795.patch]
  * A memory leak was fixed that could be externally triggered in the
  DNSSEC verification code for the ECDSA algorithm.
  [bsc#1203619, CVE-2022-38177, bind-CVE-2022-38177.patch]
  * Memory leaks were fixed that could be externally triggered in the
  DNSSEC verification code for the EdDSA algorithm.
  [bsc#1203620, CVE-2022-38178, bind-CVE-2022-38178.patch]
ca-certificates-mozilla
- Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
  Added:
  - Certainly Root E1
  - Certainly Root R1
  - DigiCert SMIME ECC P384 Root G5
  - DigiCert SMIME RSA4096 Root G5
  - DigiCert TLS ECC P384 Root G5
  - DigiCert TLS RSA4096 Root G5
  - E-Tugra Global Root CA ECC v3
  - E-Tugra Global Root CA RSA v3
  Removed:
  - Hellenic Academic and Research Institutions RootCA 2011
- Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
  Added:
  - Autoridad de Certificacion Firmaprofesional CIF A62634068
  - D-TRUST BR Root CA 1 2020
  - D-TRUST EV Root CA 1 2020
  - GlobalSign ECC Root CA R4
  - GTS Root R1
  - GTS Root R2
  - GTS Root R3
  - GTS Root R4
  - HiPKI Root CA - G1
  - ISRG Root X2
  - Telia Root CA v2
  - vTrus ECC Root CA
  - vTrus Root CA
  Removed:
  - Cybertrust Global Root
  - DST Root CA X3
  - DigiNotar PKIoverheid CA Organisatie - G2
  - GlobalSign ECC Root CA R4
  - GlobalSign Root CA R2
  - GTS Root R1
  - GTS Root R2
  - GTS Root R3
  - GTS Root R4
- updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added CAs:
  + HARICA Client ECC Root CA 2021
  + HARICA Client RSA Root CA 2021
  + HARICA TLS ECC Root CA 2021
  + HARICA TLS RSA Root CA 2021
  + TunTrust Root CA
- Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
- Added new root CAs:
  - NAVER Global Root Certification Authority
- Removed old root CA:
  - GeoTrust Global CA
  - GeoTrust Primary Certification Authority
  - GeoTrust Primary Certification Authority - G3
  - GeoTrust Universal CA
  - GeoTrust Universal CA 2
  - thawte Primary Root CA
  - thawte Primary Root CA - G2
  - thawte Primary Root CA - G3
  - VeriSign Class 3 Public Primary Certification Authority - G4
  - VeriSign Class 3 Public Primary Certification Authority - G5
cifs-utils
- CVE-2022-29869: mount.cifs: fix verbose messages on option parsing
  (bsc#1198976, CVE-2022-29869)
  * add cifs-utils-CVE-2022-29869.patch
cloud-regionsrv-client
- Follow up fix to 10.0.4 (bsc#1202706)
  - While the source code was updated to support SLE Micro the spec file
    was not updated for the new locations of the cache and the certs.
    Update the spec file to be consistent with the code implementation.
- Update to version 10.0.5 (bsc#1201612)
  - Handle exception when trying to deregister a system form the server
- Update to version 10.0.4 (bsc#1199668)
  - Store the update server certs in the /etc path instead of /usr to
    accomodate read only setup of SLE-Micro
crash
- Fix lookup of symbol "/linux_banner"/, as in newer kernels the symbol is
  placed in the .init section ('D') as opposed to the read-only section ('R').
  Also make this specific to kernels >= 2.6.11. This fix is a combination of
  upstream commit fce91bec and a chunk from upstream commit 9fab193e.
  (bsc#1195911)
  Added:
    crash-Fix-the-failure-of-reporting-vmcore-and-vmlinux-do-n.patch
  - ------------------------------------------------------------------
cronie
- Allow to define the logger info and warning priority, fixes
  jsc#SLE-24577
  * run-crons
  * sysconfig.cron
curl
- Security Fix: [bsc#1204383, CVE-2022-32221]
  * POST following PUT confusion
  * Add curl-CVE-2022-32221.patch
- Security fix: [bsc#1202593, CVE-2022-35252]
  * Control codes in cookie denial of service
  * Add curl-CVE-2022-35252.patch
expat
- Security fix:
  * (CVE-2022-40674, bsc#1203438) use-after-free in the doContent
    function in xmlparse.c
  - Added patch expat-CVE-2022-40674.patch
gpg2
- Security fix [CVE-2022-34903, bsc#1201225]
  - Vulnerable to status injection
  - Added patch gnupg-CVE-2022-34903.patch
grub2
- fs/xfs: add bigtime incompat feature support (bsc#1203387)
  * grub2-fs-xfs-Add-bigtime-incompat-feature-support.patch
icu
- Backport icu-CVE-2020-21913.patch: backport commit 727505bdd
  from upstream, use LocalMemory for cmd to prevent use after free
  (bsc#1193951 CVE-2020-21913).
json-c
- Added CVE-2020-12762.patch (bsc#1171479, CVE-2020-12762)
- Added gcc7-fix.patch
- Update to upstream release 0.12.1
- Removed upstream fixed json-c-0.12-unused_variable_size.patch
- Added fix-set-but-not-used.patch
- json-c 0.12
  Fixes for security issues contained in this release have been
  previously patched into this package, but listed for completeness:
  * Address security issues:
  * CVE-2013-6371: hash collision denial of service
  * CVE-2013-6370: buffer overflow if size_t is larger than int
- Further changes:
  * Avoid potential overflow in json_object_get_double
  * Eliminate the mc_abort() function and MC_ABORT macro.
  * Make the json_tokener_errors array local.  It has been deprecated for
    a while, and json_tokener_error_desc() should be used instead.
  * change the floating point output format to %.17g so values with
    more than 6 digits show up in the output.
  * Remove the old libjson.so name compatibility support.  The library is
    only created as libjson-c.so now and headers are only installed
    into the ${prefix}/json-c directory.
  * When supported by the linker, add the -Bsymbolic-functions flag.
  * Make strict mode more strict:
  * number must not start with 0
  * no single-quote strings
  * no comments
  * trailing char not allowed
  * only allow lowercase literals
  * Added a json_object_new_double_s() convenience function to allow
    an exact string representation of a double to be specified when
    creating the object and use it in json_tokener_parse_ex() so
    a re-serialized object more exactly matches the input.
  * Add support NaN and Infinity
- packaging changes:
  * json-c-hash-dos-and-overflow-random-seed-4e.patch is upstream
  * Move from json-c-lfs.patch which removed warning errors and
    autoconf call to json-c-0.12-unused_variable_size.patch from
    upstream which fixes the warning
  * except for SLE 11 where autoreconf call is required
  * add licence file to main package
kernel-default
- Revert "/sysfb: Enable boot time VESA graphic mode selection (bsc#1129770)"/
  This reverts commit 8d1c33d1ed3d4b198344cf4cf8763447532f6b90
  since it breaks the build
- commit 253e49e
- Add CVE reference on lightnvm removal patch
  modified:
  - patches.drivers/lightnvm-remove-lightnvm-implemenation.patch
- commit 0412b0e
- fbdev: fb_pm2fb: Avoid potential divide by zero error (bsc#1154048)
- commit 0429966
- video: fbdev: s3fb: Check the size of screen before memset_io() (bsc#1154048)
- commit 1828312
- video: fbdev: arkfb: Check the size of screen before memset_io() (bsc#1154048)
- commit 960c031
- video: fbdev: vt8623fb: Check the size of screen before memset_io() (bsc#1154048)
- commit 8e21ba7
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (bsc#1154048)
- commit 24dad4e
- video: fbdev: sis: fix typos in SiS_GetModeID() (bsc#1154048)
- commit 3b41e99
- video: fbdev: amba-clcd: Fix refcount leak bugs (bsc#1154048)
  Backporting notes:
  * context changes
- commit f023a62
- Revert "/drivers/video/backlight/platform_lcd.c: add support for (bsc#1154048)
- commit 6c2117a
- sysfb: Enable boot time VESA graphic mode selection (bsc#1129770)
  Backporting notes:
  * context changes
  * config update
- commit 8d1c33d
- Revert "/video: imsttfb: fix potential NULL pointer dereferences"/ (bsc#1129770)
- commit 015493e
- Revert "/video: hgafb: fix potential NULL pointer dereference"/ (bsc#1129770)
  Backporting notes:
  * test return value of ioremap() and return an error
- commit dfae32b
- char: pcmcia: synclink_cs: Fix use-after-free in mgslpc_ops
  (CVE-2022-41848 bsc#1203987).
- commit 4b5f9dc
- Input: melfas_mip4 - fix return value check in mip4_probe()
  (git-fixes).
- commit 327938f
- xhci: bail out early if driver can't accress host in resume
  (git-fixes).
- commit 7b6647e
- blacklist.conf: no gadget mode in SLE12
- commit 4ef9a32
- blacklist.conf: breaks kABI for an issue relevant only in a minor HC
- commit 0686374
- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
- commit 6704bc6
- net: mana: Add rmb after checking owner bits (git-fixes).
- commit 0c59466
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- commit 80ea4bf
- scsi: qla2xxx: Remove unused declarations for qla2xxx
  (bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image
  Status (bsc#1203935).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Fix response queue handler reading stale packets
  (bsc#1203935).
- scsi: qla2xxx: Revert "/scsi: qla2xxx: Fix response queue
  handler reading stale packets"/ (bsc#1203935).
- scsi: qla2xxx: Log message "/skipping scsi_scan_host()"/ as
  informational (bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from
  qlt_stop_phase1() (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- commit 6a1070c
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
  (bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port
  ISP27XX (bsc#1203935).
- commit c812e29
- blacklist.conf: Add 1bf4580e00a2 fork,memcg: alloc_thread_stack_node needs to set tsk->stack
- commit 2a37e27
- Input: stop telling users to snail-mail Vojtech (git-fixes).
- commit d956a8c
- Input: iforce - constify usb_device_id and fix space before
  '[' error (git-fixes).
- commit bfb50de
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
  (git-fixes).
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: lpfc: Add missing destroy_workqueue() in error path
  (git-fixes).
- commit b282bf7
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- commit f6eaf2e
- USB: serial: option: add Quectel RM500K module support.
- commit 981a205
- USB: serial: option: add Quectel EM05-G modem (git-fixes).
- commit 3376669
- USB: serial: option: add Telit LE910Cx 0x1250 composition
  (git-fixes).
- commit f8d705a
- blacklist.conf: irrelevant in our configurations
- commit c5487ee
- USB: serial: option: add support for Cinterion MV31 with new
  baseline (git-fixes).
- commit ce91afd
- usb: typec: tcpci: Don't skip cleanup in .remove() on error
  (git-fixes).
- commit 2a4a3b7
- usb-storage: Add ignore-residue quirk for NXP PN7462AU
  (git-fixes).
- commit 4e282b8
- usb: typec: altmodes/displayport: correct pin assignment for
  UFP receptacles (git-fixes).
- commit 85d64e6
- usb: dwc2: fix wrong order of phy_power_on and phy_init
  (git-fixes).
- commit 63072dd
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
  (git-fixes).
- commit 93c7c8f
- blacklist.conf: irrelevant in our configurations
- commit 1ea4ae1
- USB: core: Prevent nested device-reset calls (git-fixes).
- commit fc09d0c
- blacklist.conf: blacklist commit 02c0cab8e734
- commit 07b2c53
- usb.h: struct usb_device: hide new member (git-fixes).
- commit 21400d8
- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (CVE-2022-3303
  bsc#1203769).
- Refresh patches.kabi/ALSA-pcm-oss-rw_ref-kabi-fix.patch.
- commit accf4df
- md: call __md_stop_writes in md_stop (git-fixes).
- Revert "/md-raid: destroy the bitmap after destroying the thread"/
  (git-fixes).
- SUNRPC: Reinitialise the backchannel request buffers before
  reuse (git-fixes).
- NFSv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- md-raid10: fix KASAN warning (git-fixes).
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
- NFSD: Fix zero-length NFSv3 WRITEs (git-fixes).
- commit ab754e2
- blacklist.conf: 441947019138 Documentation: Add documentation for Processor MMIO Stale Data
- commit a86f7ba
- media: dvb-core: Fix UAF due to refcount races at releasing
  (CVE-2022-41218 bsc#1202960).
- commit 231362a
- blacklist.conf: add several SCSI commits to black list
- commit 82ee683
- blacklist.conf: e9b6013a7ce3 x86/speculation: Update link to AMD speculation whitepaper
- commit b210a45
- media: em28xx: initialize refcount before kref_get
  (CVE-2022-3239 bsc#1203552).
- commit 477c587
- powerpc: Use device_type helpers to access the node type
  (bsc#1203424 ltc#199544).
- Refresh patches.suse/powerpc-numa-remove-unreachable-topology-update-code.patch.
- commit b1e0425
- powerpc/memhotplug: Make lmb size 64bit (bsc#1203424
  ltc#199544).
- powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).
- commit 5d51965
- dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503,
  bsc#1202677).
- Refresh for the above patch added in,
  blacklist.conf: remove the above patch from blaclist.conf
  patches.suse/0034-dm-verity-add-check_at_most_once-option-to-only-vali.patch.
- commit 1b3d265
- dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503,
  bsc#1202677).
- commit b644c0f
- Update references:
  - patches.kabi/kabi-return-type-change-of-secure_ipv-46-_port_ephem.patch
  - patches.suse/secure_seq-use-the-64-bits-of-the-siphash-for-port-o.patch
  - patches.suse/tcp-add-small-random-increments-to-the-source-port.patch
  - patches.suse/tcp-drop-the-hash_32-part-from-the-index-calculation.patch
  - patches.suse/tcp-dynamically-allocate-the-perturb-table-used-by-s.patch
  - patches.suse/tcp-increase-source-port-perturb-table-to-2-16.patch
  - patches.suse/tcp-resalt-the-secret-every-10-seconds.patch
  - patches.suse/tcp-use-different-parts-of-the-port_offset-for-index.patch
  (add CVE-2022-32296 bsc#1200288)
- commit 97c264a
- x86/bugs: Reenable retbleed=off
  While for older kernels the return thunks are statically built in and
  cannot be dynamically patched out, retbleed=off should still be possible
  to do so that the mitigation can still be disabled on Intel who don't
  use the return thunks but IBRS.
- Refresh
  patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- commit e330fc7
- dm thin metadata: Fix use-after-free in dm_bm_set_read_only
  (bsc#1203462).
- commit b3b2090
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- commit 39653db
- Update
  patches.suse/ch-fixup-refcounting-imbalance-for-SCSI-devices.patch
  (bsc#1124235), adding back Refernces lost in previous update.
- commit 47c6490
- scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
  (git-fixes).
- Refresh patches.suse/scsi-libfc-handling-of-extra-kref.
- commit 27f7754
- mmc: block: fix read single on recovery logic (CVE-2022-20008
  bsc#1199564).
- commit 1fdd74c
- git_sort: Cleanup series_insert test setup and add test for patch with
  missing headers
- commit 05c630d
- scsi: ch: Make it possible to open a ch device multiple times
  again (git-fixes).
- Refresh
  patches.suse/ch-add-missing-mutex_lock-mutex_unlock-in-ch_release.patch.
- Replace/Refresh
  patches.suse/ch-fixup-refcounting-imbalance-for-SCSI-devices.patch
  ("/scsi: ch: fixup refcounting imbalance for SCSI devices"/)
  with actual upstream version of this commit, which makes it apply
  correctly (it was just a "/submitted"/ version)
- commit cb2ed7c
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline
  when ftrace is dead (git-fixes).
- commit 6d3bb9f
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes)
- commit 85ce439
- blacklist.conf: ("/arm64: fix clang warning about TRAMP_VALIAS"/)
- commit a67ea91
- Refresh
  patches.suse/netfilter-nf_conntrack_irc-Fix-forged-IP-logic.patch.
- commit ed06fa8
- scsi: lpfc: Check the return value of alloc_workqueue()
  (git-fixes).
- scsi: sg: Allow waiting for commands to complete on removed
  device (git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: sd: Fix Opal support (git-fixes).
- scsi: mpt3sas: Fix ioctl timeout (git-fixes).
- scsi: mpt3sas: Fix sync irqs (git-fixes).
- scsi: mpt3sas: Don't call disable_irq from IRQ poll handler
  (git-fixes).
- scsi: sd: enable compat ioctls for sed-opal (git-fixes).
- scsi: sd_zbc: Fix compilation warning (git-fixes).
- Revert "/scsi: sd: Keep disk read-only when re-reading partition"/
  (git-fixes).
- scsi: core: Avoid that a kernel warning appears during system
  resume (git-fixes).
- scsi: core: Avoid that system resume triggers a kernel warning
  (git-fixes).
- commit 2cdb167
- cifs: clean up an inconsistent indenting (bsc#1190317).
- commit 84e7187
- git_sort: Check if Patch-mainline tag exists
  If Patch-mainline and Git-commit tags are missing in the patch, sort script
  will fail with:
    IndexError: list index out of range
  This change ensures that Patch-mainline tag is present and if not, raise
  an error to warn the user.
- commit 10d17a7
- Update
  patches.suse/mm-rmap.c-don-t-reuse-anon_vma-if-we-just-want-a-copy.patch
  (git-fixes, bsc#1203098).
- commit 3881fc3
- mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
  (CVE-2022-39188, bsc#1203107).
- commit 7df6276
- netfilter: nf_conntrack_irc: Tighten matching on DCC message
  (CVE-2022-2663 bsc#1202097).
- netfilter: nf_conntrack_irc: Fix forged IP logic (CVE-2022-2663
  bsc#1202097).
- commit 7253cd6
- fuse: limit nsec (bsc#1203126).
- commit 4695dc9
- blacklist.conf: add 2fdbb8dd0155 to blacklist
- commit 374db7c
- objtool: Track original function across branches (bsc#1202396).
- Refresh
  patches.suse/objtool-clean-instruction-state-before-each-function-validation.patch.
- Refresh
  patches.suse/objtool-make-bp-scratch-register-warning-more-robust.patch.
- commit d5d2614
- objtool: Don't use ignore flag for fake jumps (bsc#1202396).
- Refresh patches.suse/objtool-add-is_static_jump-helper.patch.
- commit 3c1c10e
- objtool: Add --backtrace support (bsc#1202396).
- Refresh
  patches.suse/objtool-clean-instruction-state-before-each-function-validation.patch.
- commit 59346c1
- objtool: Set insn->func for alternatives (bsc#1202396).
- Refresh patches.suse/objtool-add-is_static_jump-helper.patch.
- Refresh
  patches.suse/objtool-add-relocation-check-for-alternative-sections.patch.
- commit 55a9c4c
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
  (git-fixes, bsc#1203098).
  kABI: Fix kABI after "/mm/rmap: Fix anon_vma->degree ambiguity
  leading to double-reuse"/ (git-fixes, bsc#1203098).
- commit 9b79372
- mm/rmap.c: don't reuse anon_vma if we just want a copy
  (git-fixes, bsc#1203098).
- commit d3fffdb
- cifs: fix the cifs_reconnect path for DFS (bsc#1190317).
- commit 8addcab
- MyBS: Fix upload to OBS.
  When a cookie is received and SSH authentication is not used osc_wrapper
  crashes with message:
  Can't use an undefined value as a symbol reference at MyBS.pm line 290.
  Fix this by not trying to save cookies for plain authentication.
- commit fc4c81a
- blacklist.conf: add c5deb27895e0, as no fix is needed (problem can't occur)
- commit d29d53a
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- commit 7fc364d
- Update
  patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch.
- Update
  patches.suse/x86-speculation-change-fill_return_buffer-to-work-with-objtool.patch.
  Add missing objtool annotations from upstream commits to fix bsc#1202396.
- commit 8f6e21f
- KVM: x86: Set error code to segment selector on LLDT/LTR
  non-canonical #GP (git-fixes).
- commit 3b2de9e
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault
  checks (git-fixes).
- commit beb4e5a
- objtool: Allow no-op CFI ops in alternatives (bsc#1202396).
- commit df2ab3a
- objtool: Add support for intra-function calls (bsc#1202396).
- commit 72c2448
- objtool: Remove INSN_STACK (bsc#1202396).
- commit df6f4c2
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- commit 696a729
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- commit 9614631
- objtool: Fix ORC vs alternatives (bsc#1202396).
- commit 7725f8e
- objtool: Uniquely identify alternative instruction groups
  (bsc#1202396).
- commit cad8676
- objtool: Remove check preventing branches within alternative
  (bsc#1202396).
- commit f556567
- objtool: Fix !CFI insn_state propagation (bsc#1202396).
- commit 7537bdc
- blacklist.conf: add dbac14a5a05f, as it would break kabi
- commit b0b1864
- objtool: Rename struct cfi_state (bsc#1202396).
- commit f1ccddb
- objtool: Support multiple stack_op per instruction
  (bsc#1202396).
- commit bd1355d
- objtool: Support conditional retpolines (bsc#1202396).
- commit 7d5809e
- objtool: Convert insn type to enum (bsc#1202396).
- commit 1160056
- objtool: Rename elf_open() to prevent conflict with libelf
  from elftoolchain (bsc#1202396).
- commit c167b3d
- objtool: Use Elf_Scn typedef instead of assuming struct name
  (bsc#1202396).
- commit fc37030
- squashfs: fix xattr id and id lookup sanity checks
  (bsc#1203013).
- commit e118d89
- squashfs: fix inode lookup sanity checks (bsc#1203013).
- commit 6748621
- rpm/kernel-source.spec.in: simplify finding of broken symlinks
  "/find -xtype l"/ will report them, so use that to make the search a bit
  faster (without using shell).
- commit 13bbc51
- cifs: move from strlcpy with unused retval to strscpy
  (bsc#1190317).
- commit bb4c21d
- cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl()
  (bsc#1190317).
- commit f2b9741
- cifs: remove unused server parameter from calc_smb_size()
  (bsc#1190317).
- commit c52dabc
- cifs: Do not use tcon->cfid directly, use the cfid we get from
  open_cached_dir (bsc#1190317).
- commit ed7d7cd
- cifs: fix lock length calculation (bsc#1190317).
- commit 704a256
- cifs: alloc_mid function should be marked as static
  (bsc#1190317).
- commit 1cd087c
- cifs: remove "/cifs_"/ prefix from init/destroy mids functions
  (bsc#1190317).
- commit 7d1a646
- cifs: remove useless DeleteMidQEntry() (bsc#1190317).
- commit 39cdb6e
- cifs: remove remaining build warnings (bsc#1190317).
- commit bb9d34f
- smb2: small refactor in smb2_check_message() (bsc#1190317).
- commit 36dc5c1
- cifs: remove minor build warning (bsc#1190317).
- commit 99f07da
- cifs: remove some camelCase and also some static build warnings
  (bsc#1190317).
- commit 12a6e0e
- cifs: remove unnecessary (void*) conversions (bsc#1190317).
- commit 042656d
- cifs: remove redundant initialization to variable
  mnt_sign_enabled (bsc#1190317).
- commit 5f2fe58
- smb3: check xattr value length earlier (bsc#1190317).
- commit 420acb4
- linux.keyring: Downgrade to older format.
  Compatibility with SLE12 SP5.
- commit cd7de7f
- mkspec: eliminate @NOSOURCE@ macro
  This should be alsways used with @SOURCES@, just include the content
  there.
- commit 403d89f
- kernel-source: include the kernel signature file
  We assume that the upstream tarball is used for released kernels.
  Then we can also include the signature file and keyring in the
  kernel-source src.rpm.
  Because of mkspec code limitation exclude the signature and keyring from
  binary packages always - mkspec does not parse spec conditionals.
- commit e76c4ca
- kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages
- commit 4b42fb2
- dtb: Do not include sources in src.rpm - refer to kernel-source
  Same as other kernel binary packages there is no need to carry duplicate
  sources in dtb packages.
- commit 1bd288c
- smb3: add trace point for SMB2_set_eof (bsc#1190317).
- commit cc50c41
- cifs: return errors during session setup during reconnects
  (bsc#1190317).
- commit f26e757
- cifs: fix uninitialized pointer in error case in
  dfs_cache_get_tgt_share (bsc#1190317).
- commit 2cd67ba
- cifs: skip trailing separators of prefix paths (bsc#1190317).
- commit 6ad2a16
- cifs: version operations for smb20 unneeded when legacy support
  disabled (bsc#1190317).
- commit c14744a
- cifs: when extending a file with falloc we should make files
  not-sparse (bsc#1190317).
- commit 722a067
- smb3: check for null tcon (bsc#1190317).
- commit 19827ce
- cifs: return the more nuanced writeback error on close()
  (bsc#1190317).
- commit 21102b1
- cifs: remove repeated debug message on cifs_put_smb_ses()
  (bsc#1190317).
- commit 55e93f1
- smb3: don't set rc when used and unneeded in query_info_compound
  (bsc#1190317).
- commit b7a8710
- cifs: smbd: fix typo in comment (bsc#1190317).
- commit 0fd8d36
- cifs: set the CREATE_NOT_FILE when opening the directory in
  use_cached_dir() (bsc#1190317).
- commit 18a7023
- cifs: check for smb1 in open_cached_dir() (bsc#1190317).
- commit cebd44b
- cifs: move definition of cifs_fattr earlier in cifsglob.h
  (bsc#1190317).
- commit de5bdb2
- objtool: Fix sibling call detection (bsc#1202396).
- commit 7a3804d
- objtool: Rewrite alt->skip_orig (bsc#1202396).
- commit 34b4ec9
- af_key: Do not call xfrm_probe_algs in parallel (bsc#1202898
  CVE-2022-3028).
- commit e68eb5b
- Update patch reference for net rds fix (CVE-2022-21385 bsc#1202897)
- commit c9ac9a2
- tar-up.sh: Include kernel signature in OBS upload.
  It is not clear that OBS can handle uncompressed tar signatures but it
  can still be verified manually.
- commit cb24650
- Update patch reference for net rds fix (CVE-2022-21385 bsc#1202897)
- commit d995183
- scripts: Verify tarball signature before use.
  While there are Linux tarballs provided in standard location on many
  machines it is not clear where these mirrors are mounted from, how
  secure was the mirroring proccess, and the storage itself.
  For local testing it is faster to use git but for OBS builds we want
  the upstream tarballs to get bit-identical tarball files, and then we
  also want the verification to ensure integrity of the mirror.
  xz compressions is not completely deterministic, and while the tarball
  content should be the same the bit representation varies. When
  uploadiong to OBS it is desirable to use bit-identical files to prevent
  OBS storing multiple big files with the same content inside but not
  apparently identical.
- commit a075c40
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- commit cbbd572
- powerpc/perf: Add privileged access check for thread_imc
  (FATE#322448, bsc#1054914, git-fixes).
- powerpc/perf: Fix loop exit condition in nest_imc_event_init
  (FATE#322448, bsc#1054914, git-fixes).
- powerpc/perf: Return accordingly on invalid chip-id in
  (FATE#322448, bsc#1054914, git-fixes).
- powerpc: Use sizeof(*foo) rather than sizeof(struct foo)
  (FATE#322448, bsc#1054914, git-fixes).
  - Refresh patches.suse/powerpc-powernv-Return-for-invalid-IMC-domain.patch
- commit 0095cdd
- cifs: fix signed integer overflow when fl_end is OFFSET_MAX
  (bsc#1190317).
- commit ef2c03a
- SMB3: EBADF/EIO errors in rename/open caused by race condition
  in smb2_compound_op (bsc#1190317).
- commit 1850f8f
- cifs: use correct lock type in cifs_reconnect() (bsc#1190317).
- commit a9f06fa
- cifs: fix NULL ptr dereference in refresh_mounts()
  (bsc#1190317).
- commit 67eb87c
- cifs: Use kzalloc instead of kmalloc/memset (bsc#1190317).
- commit 60e64c6
- cifs: verify that tcon is valid before dereference in
  cifs_kill_sb (bsc#1190317).
- commit 2548aaa
- cifs: potential buffer overflow in handling symlinks
  (bsc#1190317).
- commit 4a3401c
- cifs: Split the smb3_add_credits tracepoint (bsc#1190317).
- commit a7766a9
- cifs: release cached dentries only if mount is complete
  (bsc#1190317).
- commit 0e4cc46
- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1190317).
- commit 396d99d
- cifs: remove check of list iterator against head past the loop
  body (bsc#1190317).
- commit 53771a6
- cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
  (bsc#1190317).
- commit 4dc7010
- cifs: prevent bad output lengths in smb2_ioctl_query_info()
  (bsc#1190317).
- commit d9eafa4
- ceph: don't truncate file in atomic_open (bsc#1202830).
- commit 5d95105
- cifs: change smb2_query_info_compound to use a cached fid,
  if available (bsc#1190317).
- commit 8153d9b
- cifs: convert the path to utf16 in smb2_query_info_compound
  (bsc#1190317).
- commit feab50e
- cifs: we do not need a spinlock around the tree access during
  umount (bsc#1190317).
- commit 3cf620b
- cifs: fix handlecache and multiuser (bsc#1190317).
- commit 61380d0
- Backport causes crashes on all arches so revert the patch until
  I find the root cause
- commit 83c44b2
- cifs: modefromsids must add an ACE for authenticated users
  (bsc#1190317).
- commit 33643f3
- cifs: fix double free race when mount fails in cifs_get_root()
  (bsc#1190317).
- commit 96ae468
- cifs: do not use uninitialized data in the owner/group sid
  (bsc#1190317).
- commit dd406c0
- cifs: fix set of group SID via NTSD xattrs (bsc#1190317).
- commit 063a3b9
- cifs: mark sessions for reconnection in helper function
  (bsc#1190317).
- commit 145a355
- Fix a warning about a malformed kernel doc comment in cifs
  (bsc#1190317).
- commit 5777710
- check sk_peer_cred pointer before put_cred() call
- commit 78087f4
- cifs: alloc_path_with_tree_prefix: do not append sep. if the
  path is empty (bsc#1190317).
- commit 11e7725
- tpm: fix reference counting for struct tpm_chip (CVE-2022-2977
  bsc#1202672).
- commit 743f12e
- net: handle kABI change in struct sock (bsc#1194535
  CVE-2021-4203).
- commit c37013b
- Drop the unused function after porting on 4.12
- commit a8cf8a3
- spmi: trace: fix stack-out-of-bound access in SPMI tracing
  functions (git-fixes).
- commit 977d6ab
- blacklist.conf: update blacklist
- commit 185c40c
- mvpp2: fix panic on module removal (git-fixes).
- commit 7f3079c
- mvpp2: refactor the HW checksum setup (git-fixes).
- commit 8ea5b04
- net/mlx5: Imply MLXFW in mlx5_core (git-fixes).
- commit 10e6082
- net/mlx5e: Use the inner headers to determine tc/pedit offload
  limitation on decap flows (git-fixes).
- commit 9697304
- blacklist.conf: update blacklist
- commit 46ff3d0
- fuse: handle kABI change in struct sock (bsc#1194535
  CVE-2021-4203).
- commit cb0be42
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
  (bsc#1194535 CVE-2021-4203).
- commit cfbed38
- SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
- commit 851ec16
- tracing/uprobes: Check the return value of kstrdup() for
  tu->filename (git-fixes).
- commit 8dca833
- tracepoint: Add tracepoint_probe_register_may_exist() for BPF
  tracing (git-fixes).
- commit 7aa1321
- xprtrdma: Fix trace point use-after-free race (git-fixes).
- commit a8b511a
- tracing: Fix race in perf_trace_buf initialization (git-fixes).
- commit 2512414
- tracing/perf: Use strndup_user() instead of buggy open-coded
  version (git-fixes).
- commit f7c4f1b
- cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1190317).
- commit 2dd27f0
- cifs: move superblock magic defitions to magic.h (bsc#1190317).
- commit ec6873e
- cifs: Fix smb311_update_preauth_hash() kernel-doc comment
  (bsc#1190317).
- commit c2c268e
- cifs: sanitize multiple delimiters in prepath (bsc#1190317).
- commit f5d8a69
- cifs: fix ntlmssp auth when there is no key exchange
  (bsc#1190317).
- commit 0965ebd
- USB: serial: io_ti: add Agilent E5805A support (git-fixes).
- commit ea690c7
- USB: new quirk for Dell Gen 2 devices (git-fixes).
- commit 73ad842
- usb: misc: fix improper handling of refcount in uss720_probe()
  (git-fixes).
- commit 7d782ba
- Revert "/USB: xhci: fix U1/U2 handling for hardware with
  XHCI_INTEL_HOST quirk set"/ (git-fixes).
- commit 7bb63b3
- blacklist.conf: cleanup designed to break kABI
- commit d77a5a8
- blacklist.conf: cleanup on a minor driver that would require a kABI fixup
- commit 4b84bde
- blacklist.conf: optimization on a minor driver that would require a kABI fixup
- commit ab46ac0
- blacklist.conf: driver only introduced in v4.14
- commit c8efaee
- blacklist.conf: for an architecture unsupported on SLE12
- commit e27f3be
- blacklist.conf: irrelevant in our config
- commit cca8fdf
- blacklist.conf: subsystem the patch is for is introduced only in v4.13
- commit 94d5cd2
- squashfs: add more sanity checks in id lookup (git-fixes).
- commit 0993c72
- squashfs: add more sanity checks in inode lookup (git-fixes).
- commit 5e5b6f8
- squashfs: add more sanity checks in xattr id lookup (git-fixes).
- commit acc3d9a
- phy: tegra: fix device-tree node lookups (git-fixes).
- commit 8650336
- squashfs: fix divide error in calculate_skip() (git-fixes).
- commit f2d03b6
- blacklist.conf: very likely to cause regressions
- commit 857d8cc
- powerpc/xive: Fix refcount leak in xive_get_max_prio
  (fate#322438 git-fixess).
- commit 6f2e0e1
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- commit ccc3683
- powerpc: define get_cycles macro for arch-override
  (bsc#1065729).
- commit db10d90
- blacklist.conf: Add 235cee162459 KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ handling
- commit c398028
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- net_sched: cls_route: remove from list when handle is 0
  (CVE-2022-2588 bsc#1202096).
- commit 05c19f7
- KVM: PPC: Book3S HV: Context tracking exit guest context before
  enabling irqs (bsc#1065729).
- commit d7f9277
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- commit 2e356ce
- blacklist.conf: later reverted upstream
- commit a099951
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- commit 202a421
- Revert "/r8152: adjust the settings about MAC clock speed down
  for RTL8153"/ (git-fixes).
- commit 893a9a7
- MyBS: Avoid lock recursion in certificate check
  SUSE::MyBS::new tries to fix up API connection error by setting the SUSE
  CA certificate as the SSL trust root.
  Check that the error is caused by bad certificate, and don't handle
  other errors so that users can see authentication errors correctly.
  Also unlock the cookie storage in case the problem is resolved with
  using the built-in certificate.
- commit 21d6a61
- net: usb: lan78xx: Connect PHY before registering MAC
  (git-fixes).
- commit d406530
- blacklist.conf: misattributed
- commit 113cb73
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
  ZDI-CAN-17325).
- commit 30cd9be
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- commit ea9c6cd
- MyBS: Save hoarded cookies to disk
  The performance of the OBS SSH authentication system is very bad, and
  can be overwhelmed by about 1 authentication/s.
  With osc saving cookies to disk this is not seen as problem.
  Saving cookies to disk in MyBS should work around the authentication
  system performance problem until it's resolved.
  The design ensures that processes competing for authentication use the
  same cookie once one become available rether than authenticating
  independently, overwhelming the authentication service.
  - Reading cookie file is lockless, file update atomic with mv
  - Requesting auth & writing out obtained cookie is locked
  - To be able to break stale lock the lockfile is empty, cookie is saved
  to a separate tmeporary file
  Cookie file contains the whole Set-Cookie header content. It would be
  possible to add support for multiple cookies but OBS only ever sets one
  cookie so multiple cookies are not supported.
- commit 37ed7ba
- ext4: make sure ext4_append() always allocates new block
  (bsc#1198577 CVE-2022-1184).
- commit bc8c541
- ext4: check if directory block is within i_size (bsc#1198577
  CVE-2022-1184).
- commit b9efa04
- ext4: Fix check for block being out of directory size
  (bsc#1198577 CVE-2022-1184).
- commit be40637
- btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1202528).
- commit e115339
- btrfs: reduce the preemptive flushing threshold to 90% (bsc#1202528).
- commit f4a62aa
- 9p: migrate from sync_inode to filemap_fdatawrite_wbc (bsc#1202528).
- commit bfdf1f9
- btrfs: use the filemap_fdatawrite_wbc helper for delalloc shrinking (bsc#1202528).
- commit a4caa5b
- fs: add a filemap_fdatawrite_wbc helper (bsc#1202528).
- commit eedfc1d
- btrfs: wait on async extents when flushing delalloc (bsc#1202528).
- commit 0d074a5
- btrfs: use delalloc_bytes to determine flush amount for shrink_delalloc (bsc#1202528).
- commit 83cf4e8
- btrfs: enable a tracepoint when we fail tickets (bsc#1202528).
- commit b1b7482
- Fix releasing of old bundles in xfrm_bundle_lookup()
  (bsc#1201264 bsc#1190397 bsc#1199617).
- commit bc50d6c
- btrfs: include delalloc related info in dump space info tracepoint (bsc#1202528).
- commit 41ed5ae
- btrfs: wake up async_delalloc_pages waiters after submit (bsc#1202528).
- commit 7ff1a2f
- cxgb4vf: update kernel-doc line comments (git-fixes).
- commit 86bb074
- cxgb4: update kernel-doc line comments (git-fixes).
- commit 54c720b
- cxgb4: fix endian conversions for L4 ports in filters
  (git-fixes).
- commit aa42e53
- cxgb4: parse TC-U32 key values and masks natively (git-fixes).
- commit dc23e3b
- cxgb4: move handling L2T ARP failures to caller (git-fixes).
- commit b83d2bf
- blacklist.conf: update blacklist
- commit 8032df7
- blacklist.conf: update blacklist
- commit aea5602
- btrfs: rip out btrfs_space_info::total_bytes_pinned  (bsc#1202528).
- Delete
  patches.suse/btrfs-dump_space_info-when-encountering-total_bytes_pinned-0-at-umount.patch.
- commit 354153b
- qed: fix kABI in qed_rdma_create_qp_in_params (git-fixes).
- commit 68811a9
- btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#1202528).
- commit d9b864b
- qed: Add EDPM mode type for user-fw compatibility (git-fixes).
- commit a73dbd4
- btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1202528).
- commit 60db43c
- btrfs: rip out may_commit_transaction (bsc#1202528).
- Refresh
  patches.suse/btrfs-handle-preemptive-delalloc-flushing-slightly-differently.patch.
- commit c5ab5f9
- btrfs: use percpu_read_positive instead of sum_positive for need_preempt (bsc#1202528).
- Refresh
  patches.suse/btrfs-only-ignore-delalloc-if-delalloc-is-much-smaller-than-ordered.patch.
- commit 59f31f6
- btrfs: handle preemptive delalloc flushing slightly differently (bsc#1202528).
- commit f7a119e
- btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1202528).
- commit 9a30ad9
- btrfs: don't include the global rsv size in the preemptive used amount (bsc#1202528).
- commit a265556
- btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1202528).
- commit b31d6c3
- btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1202528).
- commit fbc80a6
- btrfs: only clamp the first time we have to start flushing (bsc#1202528).
- commit db608fb
- btrfs: check worker before need_preemptive_reclaim (bsc#1202528).
- commit 8aab0b2
- btrfs: Convert fs_info->free_chunk_space to atomic64_t  (bsc#1202528).
- Refresh
  patches.suse/0006-btrfs-move-and-export-can_overcommit.patch.
- Refresh
  patches.suse/0020-btrfs-do-not-account-global-reserve-in-can_overcommit.patch.
- Refresh
  patches.suse/Btrfs-fix-race-between-adding-and-putting-tree-mod-s.patch.
- Refresh
  patches.suse/btrfs-ensure-replaced-device-doesn-t-have-pending-chunk-allocation.patch.
- Refresh
  patches.suse/btrfs-fix-btrfs_calc_reclaim_metadata_size-calculation.patch.
- commit f88ccad
- net/mlx5: Clear LAG notifier pointer after unregister
  (git-fixes).
- commit d878d7c
- net: dsa: mt7530: Change the LINK bit to reflect the link status
  (git-fixes).
- commit ece75a8
- net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC
  pressure (git-fixes).
- commit 8794a66
- net: ll_temac: Fix iommu/swiotlb leak (git-fixes).
- commit 9d72e43
- net: ll_temac: Enable DMA when ready, not before (git-fixes).
- commit 3faa94c
- btrfs: add a trace class for dumping the current ENOSPC state (bsc#1202528).
- commit 9bb464a
- btrfs: adjust the flush trace point to include the source (bsc#1202528).
- commit dfed983
- btrfs: implement space clamping for preemptive flushing (bsc#1202528).
- commit fa5b783
- btrfs: simplify the logic in need_preemptive_flushing (bsc#1202528).
- commit ed57e7f
- btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1202528).
- commit 99a8046
- btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1202528).
- commit efb656d
- btrfs: rename need_do_async_reclaim (bsc#1202528).
- commit f95c0ae
- btrfs: improve preemptive background space flushing (bsc#1202528).
- commit 951dafe
- btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1202528).
- commit f16f950
- btrfs: add a trace point for reserve tickets (bsc#1202528).
- commit ac2920d
- btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#1202528).
- commit 5a1a4e8
- ata: libata: add qc->flags in ata_qc_complete_template
  tracepoint (git-fixes).
- commit 8897145
- blacklist.conf: not-relevant cleanups for drivers/char/random
- commit 4551df9
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference
  stale pointer (git-fixes).
- commit 8449873
- MyBS: Only send authorization when out of cookies
- commit 0e13567
- MyBS: Hoard cookies
- commit f84b974
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors
  (git-fixes).
- crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
  (git-fixes).
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future
  (git-fixes).
- drivers/perf: arm_spe: Fix consistency of SYS_PMSCR_EL1.CX
  (git-fixes).
- commit ce1e4d8
- MyBS: Add OBS SSH key support
- commit 2992b24
- kabi/severities: add mlx5 internal symbols
- commit 8c6dd4b
- net: ll_temac: Add more error handling of dma_map_single()
  calls (git-fixes).
- commit af7573f
- net: ll_temac: Fix support for little-endian platforms
  (git-fixes).
- Refresh
  patches.suse/net-ll_temac-Fix-race-condition-causing-TX-hang.patch.
- commit 12402e7
- net: ll_temac: Fix typo bug for 32-bit (git-fixes).
- commit 5bf9adc
- net: ll_temac: Fix support for 64-bit platforms (git-fixes).
- commit 5222049
- net: xilinx: replace dev_kfree_skb_irq by dev_consume_skb_irq
  for drop profiles (git-fixes).
- commit e2d5d61
- net: emaclite: Simplify if-else statements (git-fixes).
- commit 43fe9bd
- net/mlx5: Fix auto group size calculation (git-fixes).
- commit f65c99f
- net: stmmac: gmac4: bitrev32 returns u32 (git-fixes).
- commit 717b8ab
- rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385)
  We do the move only on 15.5+.
- commit 9c7ade3
- rpm/kernel-binary.spec.in: simplify find for usrmerged
  The type test and print line are the same for both cases. The usrmerged
  case only ignores more, so refactor it to make it more obvious.
- commit 583c9be
- xfrm: xfrm_policy: fix a possible double xfrm_pols_put()
  in xfrm_bundle_lookup() (bsc#1201948 CVE-2022-36879).
- commit 6a240fe
- net/packet: fix slab-out-of-bounds access in packet_recvmsg()
  (CVE-2022-20368 bsc#1202346).
- commit bcc8988
- media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers
  across ioctls (bsc#1202347 CVE-2022-20369).
- commit 0cf8c8f
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes).
- commit 832ae90
- scsi: smartpqi: set force_blk_mq=1.(bsc#1179310)
- commit 10f3936
- Update metadata references
- commit 7183678
- md/bitmap: don't set sb values if can't pass sanity check
  (bsc#1197158).
- commit 34e4bcc
- x86/speculation: Add LFENCE to RSB fill sequence (bsc#1201726
  CVE-2022-26373).
- commit a207cec
- x86/speculation: Add RSB VM Exit protections (bsc#1201726
  CVE-2022-26373).
- commit 30ef9f9
- Move kABI patches to kABI section.
- commit a80bab0
- powerpc: powernv: kABI: add back powernv_get_random_long
  (bsc#1065729).
- commit 3080872
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_
  (bsc#1065729).
- powerpc/powernv: delay rng platform device creation until
  later in boot (bsc#1065729).
- commit 869d405
- md-raid: destroy the bitmap after destroying the thread
  (git-fixes).
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- pNFS: Don't keep retrying if the server replied
  NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).
- commit 3bc259d
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9
  (bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- commit 42e06ba
- KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP
  (bsc#1120716).
- commit ce36184
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- Refresh patches.suse/powerpc-64s-rename-pnv-pseries_setup_rfi_flush-to-_s.patch
- powerpc/powernv: Staticify functions without prototypes
  (bsc#1065729).
- powerpc/powernv: Use darn instruction for get_random_seed()
  on Power9 (bsc#1065729).
- commit 4e67aee
- xfs: fix NULL pointer dereference in xfs_getbmap() (git-fixes).
- commit 9ad699f
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442)
- commit a44d410
- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1201726
  CVE-2022-26373).
- commit 8e898cd
- x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
  (bsc#1201726 CVE-2022-26373).
- commit 9388584
- net/sched: cls_u32: fix netns refcount changes in u32_change()
  (CVE-2022-29581 bsc#1199665).
- commit 944805b
- openvswitch: fix OOB access in reserve_sfa_size() (CVE-2022-2639
  bsc#1202154).
- commit 0d36370
- ipv4: avoid using shared IP generator for connected sockets
  (CVE-2020-36516 bsc#1196616).
- ipv4: tcp: send zero IPID in SYNACK messages (CVE-2020-36516
  bsc#1196616).
- commit df5e606
- blacklist.conf: Relatively high risk of unexpected performance change
- commit 58f819d
- blacklist.conf: Many dependencies with relatively high risk of unexpected performance change
- commit 56dc959
- Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- commit 9816878
- xfs: always free inline data before resetting inode fork during
  ifree (bsc#1202017).
- commit 89a46fc
- blacklist.conf: remove 98c4f78dcdd8 from blacklist
  This is a required fix, as 43518812d2 was backported.
- commit 62ac6c4
- blacklist.conf: Add fadump commits introducing boot_mem_top
  bec53196adf4 powerpc/fadump: add support to preserve crash data on FADUMP disabled kernel
  7dee93a9a880 powerpc/fadump: support holes in kernel boot memory area
  The current fadump code in 4.12 kernel does not support bootmem holes.
  If these commits are backported the current backports need review for
  use of boot_memory_size instead of boot_mem_top
- commit 66afc75
- powerpc/fadump: fix PT_LOAD segment for boot memory area
  (bsc#1103269 ltc#169948 git-fixes).
- powerpc/fadump: make crash memory ranges array allocation
  generic (bsc#1103269 ltc#169948 git-fixes).
- Refresh patches.suse/powerpc-fadump-fix-race-between-pstore-write-and-fad.patch
- commit 2607c5c
- blacklist.conf: Append 'drm/amdgpu/acp: Make PM domain really work'
- commit 5d0cbbf
- blacklist.conf: Append 'drm: mxsfb: Clear FIFO_CLEAR bit'
- commit a9d2273
- blacklist.conf: Append 'drm: mxsfb: Increase number of outstanding requests on V4 and newer HW'
- commit eb95663
- blacklist.conf: Append 'drm: mxsfb: Enable recovery on underflow'
- commit 5c872c1
- blacklist.conf: Append 'drm/i915/display: Fix the 12 BPC bits for PIPE_MISC reg'
- commit 9af6ddf
- blacklist.conf: Append 'drm/radeon: Fix off-by-one power_state index heap overwrite'
- commit 0f57ec5
- blacklist.conf: Append 'drm/radeon: Avoid power table parsing memory leaks'
- commit 2212d5c
- blacklist.conf: Append 'amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create'
- commit 6d1e3d5
- blacklist.conf: Append 'drm/radeon: Fix a missing check bug in radeon_dp_mst_detect()'
- commit 5ae4891
- blacklist.conf: Append 'Fix misc new gcc warnings'
- commit ba680f8
- blacklist.conf: Append 'drm/vc4: crtc: Reduce PV fifo threshold on hvs4'
- commit 6465ff9
- blacklist.conf: Append 'drm/amdgpu: check alignment on CPU page for bo map'
- commit 11881ba
- blacklist.conf: Append 'drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings()'
- commit 06bd647
- blacklist.conf: Append 'drm/i915: Fix the GT fence revocation runtime PM logic'
- commit 278dbb6
- blacklist.conf: Append 'drm/i915/dsi: Use unconditional msleep for the panel_on_delay when there is no reset-deassert MIPI-sequence'
- commit 46e7a2f
- blacklist.conf: Append 'drm/i915/dp: Track pm_qos per connector'
- commit 1a3ef34
- blacklist.conf: Append 'drm/i915: Avoid mixing integer types during batch copies'
- commit e361acc
- blacklist.conf: Append 'drm/i915/gem: Avoid implicit vmap for highmem on x86-32'
- commit f730816
- blacklist.conf: Append 'drm/dp_mst: Kill the second sideband tx slot, save the world'
- commit ee6a373
- blacklist.conf: Append 'drm: mst: Fix query_payload ack reply struct'
- commit 9b06dd2
- blacklist.conf: Append 'drm/i915/gen8+: Add RC6 CTX corruption WA'
- commit 7617aa6
- blacklist.conf: Append 'make 'user_access_begin()' do 'access_ok()''
- commit 36185b4
- lkdtm: Disable return thunks in rodata.c (bsc#1114648).
- commit 1db863b
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1114648).
- commit c693b03
- blacklist.conf: Add ppc numa commits
  e75130f20b1f powerpc/numa: Offline memoryless cpuless node 0
  10f78fd0dabb powerpc/numa: Fix a regression on memoryless node 0
- commit f94fd1c
- KVM: emulate: do not adjust size of fastop and setcc subroutines
  (bsc#1201930).
- commit 7c39b90
- kvm/emulate: Fix SETcc emulation function offsets with SLS
  (bsc#1201930).
- commit 0c004d2
- netfilter: nf_queue: do not allow packet truncation below
  transport header offset (bsc#1201940 CVE-2022-36946).
- commit 06aa700
- latent_entropy: avoid build error when plugin cflags are not
  set (git-fixes).
- Refresh patches.suse/fdt-add-support-for-rng-seed.patch.
- commit 66e3bae
- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code'
  explicit (git-fixes).
- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
  (git-fixes).
- linux/random.h: Use false with bool (git-fixes).
- linux/random.h: Remove arch_has_random, arch_has_random_seed
  (git-fixes).
- random: always fill buffer in get_random_bytes_wait (git-fixes).
- commit 4bf323f
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201651).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology
  (bsc#1201651).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201651).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201651).
- scsi: qla2xxx: Fix response queue handler reading stale packets
  (bsc#1201651).
- scsi: qla2xxx: Zero undefined mailbox IN registers
  (bsc#1201651).
- scsi: qla2xxx: Fix incorrect display of max frame size
  (bsc#1201958).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()
  (bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201958).
- scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error
  injection (bsc#1201958).
- scsi: qla2xxx: Fix losing FCP-2 targets on long port disable
  with I/Os (bsc#1201958).
  Refresh:
  - patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch
- scsi: qla2xxx: Add debug prints in the device remove path
  (bsc#1201958).
- scsi: qla2xxx: Fix losing target when it reappears during delete
  (bsc#1201958).
- scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation
  tests (bsc#1201958).
- scsi: qla2xxx: Fix crash due to stale SRB access around I/O
  timeouts (bsc#1201958).
- scsi: qla2xxx: Turn off multi-queue for 8G adapters
  (bsc#1201958).
- scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201958).
- scsi: qla2xxx: Add a new v2 dport diagnostic feature
  (bsc#1201958).
- scsi: qla2xxx: Fix excessive I/O error messages by default
  (bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201958).
- scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201958).
- scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time
  (bsc#1201958).
- scsi: qla2xxx: edif: Fix no logout on delete for N2N
  (bsc#1201958).
- scsi: qla2xxx: edif: Fix session thrash (bsc#1201958).
- scsi: qla2xxx: edif: Tear down session if keys have been removed
  (bsc#1201958).
- scsi: qla2xxx: edif: Fix no login after app start (bsc#1201958).
- scsi: qla2xxx: edif: Reduce disruption due to multiple app start
  (bsc#1201958).
- scsi: qla2xxx: edif: Send LOGO for unexpected IKE message
  (bsc#1201958).
- scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription
  (bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201958).
- scsi: qla2xxx: edif: Fix n2n login retry for secure device
  (bsc#1201958).
- scsi: qla2xxx: edif: Fix n2n discovery issue with secure target
  (bsc#1201958).
- scsi: qla2xxx: edif: Remove old doorbell interface
  (bsc#1201958).
- scsi: qla2xxx: edif: Add retry for ELS passthrough
  (bsc#1201958).
- scsi: qla2xxx: edif: Synchronize NPIV deletion with
  authentication application (bsc#1201958).
- scsi: qla2xxx: edif: Fix potential stuck session in sa update
  (bsc#1201958).
- scsi: qla2xxx: edif: Add bsg interface to read doorbell events
  (bsc#1201958).
- scsi: qla2xxx: edif: Wait for app to ack on sess down
  (bsc#1201958).
- scsi: qla2xxx: edif: bsg refactor (bsc#1201958).
- scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing
  (bsc#1201958).
- scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter
  (bsc#1201958).
- scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters
  (bsc#1201958).
- commit a8936d6
- Drop qla2xxx patch which prevented nvme port discovery
  (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958)
  Upstream fixed the problem by reverting the offending commit.
  Delete:
  - patches.suse/scsi-qla2xxx-Fix-disk-failure-to-rediscover.patch.
- commit 452db23
- scsi: lpfc: Address NULL pointer dereference after
  starget_to_rport() (git-fixes).
- commit 996de99
- net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes).
- commit 5f1b81f
- ehea: fix error return code in ehea_restart_qps() (git-fixes).
- commit 8656e81
- net: xilinx_emaclite: Do not print real IOMEM pointer
  (git-fixes).
- commit 1032862
- mvpp2: suppress warning (git-fixes).
- commit 163d5b9
- net: ethernet: fix potential use-after-free in ec_bhf_remove
  (git-fixes).
- commit 08e620e
- net: hamradio: fix memory leak in mkiss_close (git-fixes).
- commit d5b5550
- net: fec_ptp: add clock rate zero check (git-fixes).
- commit 4e39a7a
- netxen_nic: Fix an error handling path in 'netxen_nic_probe()'
  (git-fixes).
- commit 5a1c833
- qlcnic: Fix an error handling path in 'qlcnic_probe()'
  (git-fixes).
- commit 70491b7
- net: stmmac: dwmac1000: Fix extended MAC address registers
  definition (git-fixes).
- commit 0a365bd
- net: mdio: octeon: Fix some double free issues (git-fixes).
- commit 770566f
- net: mdio: thunder: Fix a double free issue in the .remove
  function (git-fixes).
- commit 77a03ff
- net: fec: fix the potential memory leak in fec_enet_init()
  (git-fixes).
- commit 3c37ef9
- net: fec: check DMA addressing limitations (git-fixes).
- commit 994eea1
- net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port
  (git-fixes).
- commit c9228da
- net: stmmac: fix incorrect DMA channel intr enable setting of
  EQoS v4.10 (git-fixes).
- commit 2b936dd
- Refresh
  patches.suse/x86-prepare-asm-files-for-straight-line-speculation.patch.
- commit c149c1b
- Remove our homegrown IBRS implementation
  ... now that there's an upstream version.
- x86/entry: Add kernel IBRS implementation (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- Refresh
  patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch.
- Refresh
  patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch.
- Refresh
  patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Delete
  patches.suse/x86-enter-Create-macros-to-restrict-unrestrict-Indir.patch.
- Delete
  patches.suse/x86-enter-Use-IBRS-on-syscall-and-interrupts.patch.
- Delete
  patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- Delete
  patches.suse/x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
- Delete
  patches.suse/x86-speculation-Add-inlines-to-control-Indirect-Bran.patch.
- commit 7278759
- media: saa7146: mxb: Fix a NULL pointer dereference in
  mxb_attach() (git-fixes).
- commit d6ee03c
- media: dib8000: Fix a memleak in dib8000_init() (git-fixes).
- commit 2128de3
- media: uvcvideo: fix division by zero at stream start
  (git-fixes).
- commit 24c7763
- blacklist.conf: cleanup breaking kABI by renames
- commit 112598f
- blacklist.conf: cleanup breaking kABI by renames
- commit 25ac149
- Bluetooth: hci_qca: Use del_timer_sync() before freeing
  (git-fixes).
- commit 945069e
- blacklist.conf: misattributed patch
- commit 379c546
- bnxt_en: Re-write PCI BARs after PCI fatal error (git-fixes).
- commit 3e6c035
- net: korina: fix kfree of rx/tx descriptor array (git-fixes).
- commit acd09d7
- net: macb: mark device wake capable when "/magic-packet"/
  property present (git-fixes).
- commit 674240e
- net/sonic: Fix a resource leak in an error handling path in
  'jazz_sonic_probe()' (git-fixes).
- commit 0674aaf
- vrf: Fix IPv6 with qdisc and xfrm (git-fixes).
- commit 0a2458c
- net: stmmac: dwmac1000: Disable ACS if enhanced descs are not
  used (git-fixes).
- commit 2e76107
- net: stmmac: Fix misuses of GENMASK macro (git-fixes).
- commit fc6700d
- kABI workaround for including mm.h in fs/sysfs/file.c
  (bsc#1200598 CVE-2022-20166).
- commit fe1fe6b
- blacklist.conf: update blacklist
- commit ae741a4
- mm: and drivers core: Convert hugetlb_report_node_meminfo to
  sysfs_emit (bsc#1200598 CVE-2022-20166).
- commit 3d23964
- drivers core: Miscellaneous changes for sysfs_emit (bsc#1200598
  CVE-2022-20166).
- commit c8e2e5b
- drivers core: Remove strcat uses around sysfs_emit and neaten
  (bsc#1200598 CVE-2022-20166).
- commit 5cd9512
- drivers core: Use sysfs_emit and sysfs_emit_at for show(device
  * ...) functions (bsc#1200598 CVE-2022-20166).
- commit 7554520
- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
  (bsc#1200598 CVE-2022-20166).
- commit c5a70d7
- cxgb3/l2t: Fix undefined behaviour (git-fixes).
- commit 8076d39
- kabi/severities: add cxgb3 network driver
- commit 3a6a137
- x86/entry: Remove skip_r11rcx (bsc#1201644).
- Refresh
  patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- commit 5efdb64
- Sort in RETbleed backport into the sorted section
  Now that it is upstream...
- Refresh
  patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch.
- Refresh
  patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch.
- Refresh
  patches.suse/sched-topology-Improve-load-balancing-on-AMD-EPYC.patch.
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh patches.suse/x86-Undo-return-thunk-damage.patch.
- Refresh patches.suse/x86-Use-return-thunk-in-asm-code.patch.
- Refresh
  patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
- Refresh
  patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch.
- Refresh
  patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-no.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- Refresh
  patches.suse/x86-bugs-Group-MDS-TAA-Processor-MMIO-Stale-Data-mitigations.patch.
- Refresh
  patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch.
- Refresh
  patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch.
- Refresh
  patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch.
- Refresh
  patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch.
- Refresh
  patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch.
- Refresh
  patches.suse/x86-common-Stamp-out-the-stepping-madness.patch.
- Refresh
  patches.suse/x86-cpu-add-a-steppings-field-to-struct-x86_cpu_id.patch.
- Refresh
  patches.suse/x86-cpu-add-table-argument-to-cpu_matches.patch.
- Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch.
- Refresh patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch.
- Refresh
  patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch.
- Refresh
  patches.suse/x86-enter-Use-IBRS-on-syscall-and-interrupts.patch.
- Refresh
  patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- Refresh
  patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch.
- Refresh
  patches.suse/x86-microcode-amd-increase-microcode-patch_max_size.patch.
- Refresh patches.suse/x86-retpoline-Use-mfunction-return.patch.
- Refresh
  patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch.
- Refresh
  patches.suse/x86-speculation-Add-a-common-function-for-MD_CLEAR-mitigation-update.patch.
- Refresh
  patches.suse/x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
- Refresh
  patches.suse/x86-speculation-Add-inlines-to-control-Indirect-Bran.patch.
- Refresh
  patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Refresh
  patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch.
- Refresh
  patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch.
- Refresh
  patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch.
- Refresh
  patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch.
- Refresh
  patches.suse/x86-speculation-add-special-register-buffer-data-sampling-srbds-mitigation.patch.
- Refresh
  patches.suse/x86-speculation-add-srbds-vulnerability-and-mitigation-documentation.patch.
- Refresh
  patches.suse/x86-speculation-include-unprivileged-ebpf-status-in-spectre-v2-mitigation-reporting.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Add-mitigation-for-Processor-MMIO-Stale-Data.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Add-sysfs-reporting-for-Processor-MMIO-Stale-Data.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Enable-CPU-Fill-buffer-clearing-on-idle.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Enumerate-Processor-MMIO-Stale-Data-bug.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Reuse-SRBDS-mitigation-for-SBDS.patch.
- Refresh
  patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch.
- Refresh
  patches.suse/x86-speculation-srbds-Update-SRBDS-mitigation-selection.patch.
- Refresh
  patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch.
- commit d06c642
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- cgroup: Use separate src/dst nodes when preloading css_sets
  for migration (bsc#1201610).
- commit 674875f
- random: fix crash on multiple early calls to (git-fixes)
- commit cf465a0
- vt: vt_ioctl: fix race in VT_RESIZEX (bsc#1200910
  CVE-2020-36558).
- commit 3c76a1f
- vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
  (bsc#1201429 CVE-2020-36557).
- commit f15e18d
- Refresh
  patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-no.patch.
- commit 7e31757
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- commit e2263d4
- vt: drop old FONT ioctls (bsc#1201636 CVE-2021-33656).
- commit 704434f
- Refresh patches.suse/fbcon-Prevent-that-screen-size-is-smaller-than-font-.patch
  Fix the build error due to missing is_console_locked()
- commit 39e2064
- Delete patches.suse/IBRS-forbid-shooting-in-foot.patch.
  Backported upstream commit
  7c693f54c873 ("/x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS"/)
  already takes care of that.
- commit e4bbbc2
- fbmem: Check virtual screen sizes in fb_set_var()
  (CVE-2021-33655 bsc#1201635).
- fbcon: Prevent that screen size is smaller than font size
  (CVE-2021-33655 bsc#1201635).
- fbcon: Disallow setting font bigger than screen size
  (CVE-2021-33655 bsc#1201635).
- commit c1a0922
- Delete patches.suse/x86-idle-Control-Indirect-Branch-Speculation-in-idle.patch.
  Superceded by the upstream version
  patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch
- commit 5309cbd
- blacklist.conf: add a few patches
- commit cf91d33
- serial: mvebu-uart: correctly report configured baudrate value
  (git-fixes).
- tty: serial: fsl_lpuart: fix potential bug when using both
  of_alias_get_id and ida_simple_get (git-fixes).
- PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes).
- irqchip/exiu: Fix acknowledgment of edge triggered interrupts
  (git-fixes).
- fsl_lpuart: Don't enable interrupts too early (git-fixes).
- arch_topology: Do not set llc_sibling if llc_id is invalid
  (git-fixes).
- net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove
  (git-fixes).
- commit 4567918
- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
- commit c9dc552
- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
- commit 08341d7
- blacklist.conf: cosmetic fix
- commit 5ba3d81
- net: usb: ax88179_178a: Fix packet receiving (git-fixes).
- commit 346b0d8
- blacklist.conf: adds an uevent user space is not ready for
- commit 6ac2a70
- usbnet: fix memory leak in error case (git-fixes).
- commit f3b6abf
- usbnet: fix memory allocation in helpers.
- commit 9363858
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty
  rx queue (bsc#1201381).
- commit 334fe0b
- Refresh
  patches.suse/crypto-qat-remove-dma_free_coherent-for-DH.patch.
  revert the effect of mainline 453431a54934d917153 on patch.
- Refresh
  patches.suse/crypto-qat-remove-dma_free_coherent-for-RSA.patch.
  revert the effect of mainline 453431a54934d917153 on patch.
- commit 6824fa5
- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
- crypto: qat - fix memory leak in RSA (git-fixes).
- crypto: qat - set to zero DH parameters before free (git-fixes).
- crypto: qat - disable registration of algorithms (git-fixes).
- commit 1dda89e
- rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer
  Dwarves 1.22 or newer is required to build kernels with BTF information
  embedded in modules.
- commit ee19e9d
- pty: do tty_flip_buffer_push without port->lock in pty_write
  (bsc#1198829 CVE-2022-1462).
- commit c0b9f34
- tty: use new tty_insert_flip_string_and_push_buffer() in
  pty_write() (bsc#1198829 CVE-2022-1462).
- tty: extract tty_flip_buffer_commit() from
  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
- commit 1b70eb4
- dm mirror log: round up region bitmap size to BITS_PER_LONG
  (git-fixes).
- dm crypt: make printing of the key constant-time (git-fixes).
- dm integrity: fix error code in dm_integrity_ctr() (git-fixes).
- dm stats: add cond_resched when looping over entries
  (git-fixes).
- hex2bin: fix access beyond string end (git-fixes).
- hex2bin: make the function hex_to_bin constant-time (git-fixes).
- dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
  (git-fixes).
- dm btree remove: fix use after free in rebalance_children()
  (git-fixes).
- blk-cgroup: synchronize blkg creation against policy
  deactivation (git-fixes).
- dm: fix mempool NULL pointer race when completing IO
  (git-fixes).
- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
  (git-fixes).
- blk-zoned: allow zone management send operations without
  CAP_SYS_ADMIN (git-fixes).
- lib/hexdump.c: return -EINVAL in case of error in hex2bin()
  (git-fixes).
- commit 4cd1fd7
- blacklist.conf: Update for git-fixes
- commit e740cc0
- net: ll_temac: Fix TX BD buffer overwrite (git-fixes).
- commit 1ff015f
- net: ll_temac: Fix race condition causing TX hang (git-fixes).
- commit 0c73d92
- net: ll_temac: Fix bug causing buffer descriptor overrun
  (git-fixes).
- commit 2fe2e0f
- net: stmmac: fix missing IFF_MULTICAST check in
  dwmac4_set_filter (git-fixes).
- commit 075d2fd
- bnxt_en: Remove the setting of dev_port (git-fixes).
- commit 1fccfbd
- blacklist.conf: update
- commit d2fcee3
- Refresh
  patches.suse/v5-0001-crypto-DRBG-add-FIPS-140-2-CTRNG-for-noise-source.patch.
  A modified version of the patch did make it mainline. Detected by git-fixes.
- commit 9eec360
- don't call utsname() after ->nsproxy is NULL (bsc#1201196).
- commit 2a23102
- scripts/sequence-patch.sh: create sub-function apply_one_patch()
  Carve out the main functionality of applying a single patch from
  apply_patches() into a sub-function.
- commit f24575e
- scripts/sequence-patch.sh: let "/--fast"/, "/--rapid"/ and "/"/ behave consistently
  Today scripts/sequence-patch.sh will stop before applying a patch when
  being called with "/--fast"/ or "/--rapid"/ and a patch name, while it will
  apply the named patch when being called without "/--fast"/ or "/--rapid"/.
  Change that by letting apply_patches() use the PATCHES_BEFORE[] and
  PATCHES_AFTER[] arrays as apply_rapid_patches() and
  apply_fast_patches() are doing already.
  In order to keep the capability to single step through the remaining
  patches add a function for that purpose.
- commit 134d511
- Refresh
  patches.suse/msft-hv-2588-PCI-hv-Do-not-set-PCI_COMMAND_MEMORY-to-reduce-VM-bo.patch.
  Fix a build warning.
- commit 539b424
- scripts/tar-up.sh: Detect untracked changes to rpm directory.
- commit bd49209
- rpm/check-for-config-changes: ignore GCC12/CC_NO_ARRAY_BOUNDS
  Upstream commit f0be87c42cbd (gcc-12: disable '-Warray-bounds'
  universally for now) added two new compiler-dependent configs:
  * CC_NO_ARRAY_BOUNDS
  * GCC12_NO_ARRAY_BOUNDS
  Ignore them -- they are unset by dummy tools (they depend on gcc version
  == 12), but set as needed during real compilation.
- commit a14607c
- blacklist.conf: Add 6a2d90ba027a ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
- commit 22a9ddc
- kernel-binary.spec: check s390x vmlinux location
  As a side effect of mainline commit edd4a8667355 ("/s390/boot: get rid of
  startup archive"/), vmlinux on s390x moved from "/compressed"/ subdirectory
  directly into arch/s390/boot. As the specfile is shared among branches,
  check both locations and let objcopy use one that exists.
- commit cd15543
- Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442)
- commit 93b1375
- scripts/check-embargoed-bugz: Skip check for the direct to push to *_EMBARGO branch, too
- commit 2553069
- kernel-binary.spec: Support radio selection for debuginfo.
  To disable debuginfo on 5.18 kernel a radio selection needs to be
  switched to a different selection. This requires disabling the currently
  active option and selecting NONE as debuginfo type.
- commit 43b5dd3
- scripts/git_sort/git_sort.py: add driver for-next repo
- commit bd4759e
- Add dtb-starfive
- commit 85335b1
- blacklist.conf: Add e7f7c99ba911 signal: In get_signal test for signal_group_exit every time through the loop
- commit a90bbcf
- rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775)
- commit 5d4e32c
- pahole 1.22 required for full BTF features.
  also recommend pahole for kernel-source to make the kernel buildable
  with standard config
- commit 364f54b
- use jobs not processors in the constraints
  jobs is the number of vcpus available to the build, while processors
  is the total processor count of the machine the VM is running on.
- commit a6e141d
- scripts/run_oldconfig.sh: use pahole from dummy-tools if available (bsc#1198388)
  Similar to other dummy-tools, use also pahole from dummy-tools, if it is
  available. This makes the configs consistent on all distros, not
  dependining on developers' version.
- commit a9e6b6c
- git_sort: Fix error message for patches missing Git-commit.
  To reject unsortable patches from out-of-tree section patches without a
  Git-commit that don't have Patch-mainline Submitted or Not yet are
  rejected with an error message saying that this tag is not supported.
  However, this is the case also for patches that have Patch-mainline
  Queued or version which are missing Git-commit.
  Add a separate error message for this case.
  Fixes: eaff9bcc7268 ("/git_sort/lib: Only allow patches intended for mainline."/)
- commit 24354fd
- scripts/python: Align with kbuild.
  The port to python3 happened independently in kernel-source and kbuild
  creating some source differences.
  These differences cause problems with applying patches across different
  repositories. Align the sources by removing trivial differences.
- commit 9796048
- scripts/gitlog2changes: Fix parsing of GPG-signed commit
- commit a384f30
- rpm/constraints.in: skip SLOW_DISK workers for kernel-source
- commit e84694f
- rpm/*.spec.in: remove backtick usage
- commit 87ca1fb
- scripts: SC2006: Use $(...) notation instead of legacy backticked `...`.
- commit 2ea024c
- scripts/run_oldconfig.sh: Ignore PAHOLE_VERSION.
- commit c585f2b
- git_sort.py: Add bpf-next tree.
- commit a4d4ce2
- rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775)
- commit d9a821b
- powerpc: Set crashkernel offset to mid of RMA region
  (bsc#1190812).
- powerpc/64: Move paca allocation later in boot (bsc#1190812).
- commit b6d78fb
- rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926,
  bsc#1198484)
  Let's iron out the reduced initrd optimisation in Tumbleweed.
  Build full blown dracut initrd with systemd for SLE15 SP4.
- commit ea76821
- git_sort: Fix error when sorted section is empty.
- commit 06a0c32
- MyBS.pm: support the password-store keyring
  osc can use password-store via the Python keyring and password-store backend.
  We can detect this configuration from its specific credentials_mgr_class
  setting, and instead call the 'pass' command directly, similarly to the
  secret-tool.
- commit 38694df
- README: Remove remaining traces of Novell
- commit fbc8e4e
- git_sort: tests: Fix warning about default branch
  Since the version in SLE 15 git init prints this warning which is logged
  in the test result:
  hint: Using 'master' as the name for the initial branch. This default branch name
  hint: is subject to change. To configure the initial branch name to use in all
  hint: of your new repositories, which will suppress this warning, call:
  hint:
  hint:   git config --global init.defaultBranch <name>
  hint:
  hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
  hint: 'development'. The just-created branch can be renamed via this command:
  hint:
  hint:   git branch -m <name>
  The -b argument to git init to suppress this warning is not available on
  git versions that do not print the warning.
  pygit2.init_repository does not print this warning so use it instead.
- commit 873477c
- git_sort: tests: Fix quilt mode test on TW
  The quilt mode test requires getopt which is no longer installed by
  default.
- commit 2e0e020
- scripts/check-embargoed-bugz: git pre-push script for checking embargoed bugs
- commit f5044f8
- scripts/stableids: allow machine to be localhost
  And do not attempt to ssh anywhere in that case.
- commit 2e223ff
- scripts/stableids: number more than 999 patches properly
  I.e. pad enough number of zeros for patches count >= 1000.
- commit ecfeb07
- scripts/git_sort/git_sort.py: Remove a dev branch of the -rcu tree
- commit ce56f17
- scripts/git-pre-commit: Detect empty patches.
- commit 616effa
- git_sort/lib: use correct class name for MutableSet
  [BUG]
  With latest python3.10, all git_sort scripts fails to start:
  $ ./scripts/git_sort/series_insert.py
  Traceback (most recent call last):
  File "/~/btrfs/suse/kernel-source/./scripts/git_sort/series_insert.py"/, line 34, in <module>
  import lib
  File "/~/btrfs/suse/kernel-source/scripts/git_sort/lib.py"/, line 569, in <module>
  class OrderedSet(collections.MutableSet):
  AttributeError: module 'collections' has no attribute 'MutableSet'
  [CAUSE]
  From python3.3 and later, MutableSet needs to be referred using
  "/collections.abc.MutableSet"/, instead of just "/collections.MutableSet"/.
  After python3.9, the old compatible behavior seems to be removed, thus
  causing above crash.
  [FIX]
  Try to import MutableSet from collections.abc first, if not found, then
  try again from collections.
  For v3.10 the first try should success, while on v3.4 I don't have any
  system to test though. Hopes this would work.
- commit 5fedfe0
- git_sort: Use -next rather than -testing in gregkh/usb
- commit 7232b7b
- git_sort: Add driver-core repository.
- commit d7ae15d
- scripts/git_sort/git_sort.py: add Greg KH's USB repo
- commit bd0fd0c
- scripts/osc_wrapper: fix issue where osc build cannot find git HEAD if
  checked out branch is a worktree
- commit 14421cd
- test_series_sort.py: Also test submitted patch.
- commit 6a7dd95
- scripts/git_sort/tests: Update to current codestreams.
- commit 94b31df
- git_sort/lib: Only allow patches intended for mainline.
- commit eaff9bc
- check-patchhdr: Do not require Patch-mainline on kABI patches.
  These patches are not meant to be submitted, anyway.
- commit b5822d2
- header.py: Reject Patch-mainline: No
  This tag is deprecated. Never or Not yet should be used instead.
- commit 50efd72
- scripts/git_sort/git_sort.py: add a dev branch of the -rcu tree
- commit 60ddeaf
- scripts/git_sort/git_sort.py: add gpio maintainers git tree
- commit 189ee55
- MyBS.pm: Do not use pool as suffix for QA repository.
- commit 1c60609
- MyBS.pm: Use pool repository when present.
  The standard repository in SLE15 SP3 in OBS does not contain packages.
- commit a1fda61
- scripts/git_sort/git_sort.py: Update drm-next repo
- commit c36d95b
- scripts/bugzilla: report only active versions
  Report only product versions that are marked as active. This makes
  bugzilla-create work properly for products with inactive versions.
- commit ef0f3ae
- scripts/run_oldconfig.sh: pretend RUSTC doesn't exist
  HAS_RUST and RUSTC_VERSION is set (or unset) depending if rustc exists
  on a machine where run_oldconfig.sh is run. We don't want the config to
  oscillate, so disable rust completely for the time being.
  Don't use /bin/false, use nonsense like /nothing/nowhere instead. It
  makes scripts/rust-version.sh NOT to scream about missing output.
  If we ever want to support rust, we have to:
  * introduce dummy-tools into rust world (there is no CROSS_COMPILE
  before RUST currently)
  * change ignored configs in rpm/check-for-config-changes
- commit 8149db0
- test-all.sh: Pass argument list to Python and make script executable
  Improve the helper shell script:
- Pass command line options to python3 to allow things like "/-v"/.
- Set the executable bit, so it can be invoked directly.
- commit 7cc2bcf
- scripts/git_sort/git_sort.py: Add repo for Chuck Lever
  Check Lever (aka "/cel"/) is co-maintainer for nfsd.
- commit 7d3e0dc
- scripts/git_sort/git_sort.py: Update nvme repositories
- commit 3bdd6db
- header.py: Fix unmatched prentheses.
  Fixes: 65d0b2d07e8c ("/README, patch-tag-template, header.py: Abolish Novell and FATE (bsc#1189904)."/)
- commit ffde1c0
- README, patch-tag-template, header.py: Abolish Novell and FATE
  (bsc#1189904).
- commit 65d0b2d
- scripts/sequence-patch.sh: Add --signing-key option
  The --signing-key option allows the user to specify a certificate and key
  to be used for module signing.  Checks ensure that it can also be used
  for signing the kernel for UEFI Secure Boot.
- commit d2affe4
- scripts: support gz and zst compression methods
  Extend 95df98b61fde ("/scripts/supported-conf-fixup: recognize compressed modules"/)
  for gzip and zstd compression.
- commit deab245
- run_oldconfig.sh: Also make scripts executable.
  When new scripts ar added by a patch they are not executable after
  sequence-patch.
- commit 17cad6a
- commit b70c29e
- Add dtb-microchip
- commit c797107
- MyBS: Fix the kernel-obs-build existence check.
- commit 9cd6187
- MyBS: Only wipe kernel-obs-build when it exists.
  It does not exist for livepatches.
- commit ca3fae0
- MyBS: Wipe kernel-obs-build after uploading a kernel.
  kernel-obs-build is a subpackage of kernel-default built by repacking
  kernel-default and is used for building other packages.
  In development repositories it is possible that a broken kernel that
  does not boot is uploaded, and when kernel-obs-build is built with the
  broken content no packages can be built anymore in the QA repository
  that uses the kernel-obs-build.
  Wipe the kernel-obs-build binaries on upload so that stale broken
  binaries don't remain. The package need to be rebuilt with the new
  kernel binaries anyway so this does not cause useless rebuilds (unless
  you reup-load same git revsion).
  Alternative would be to create much more complex repository setup with
  aggeregates which does not sound like it would save anything.
- commit c5a3108
  This was accidentally merged into packaging rather than scripts as
  kernel-source commit 65979e3c8b2d ("/scripts/git_sort/git_sort.py: add bpf
  git repo"/).
- scripts/git_sort/git_sort.py: add bpf git repo
- commit 3b45eef
- commit abd8982
- scripts/git_sort/git_sort.py: Update nvme repositories
- commit 6b8a8e7
- scripts/run_oldconfig.sh: Make dumy-tools executable (bcs#1181862).
- commit d3f1aea
- run_oldconfig.sh: Only use dummy tools if they exist (bcs#1181862).
- commit 2b68831
- scripts/run_oldconfig.sh: make use of scripts/dummy-tools (bcs#1181862).
  scripts/dummy-tools is a cross-toolchain from the kernel which
  advertises support for _everything_ (on the toolchain side). Using
  these, we obtain super-configs which are then reduced during build time
  when real toolchain (like gcc, ld, ...) is used.
  This allows us to drop the need for cross-compilers, specific versions
  of gcc etc. This is always pain as run_oldconfig.sh ran on different
  machines produces different configs.
- commit f1e7bc3
- rpm/kernel-source.spec.in: temporary workaround for a build failure
  Upstream c6x architecture removal left a dangling link behind which
  triggers openSUSE post-build check in kernel-source, failing
  kernel-source build.
  A fix deleting the danglink link has been submitted but it did not make
  it into 5.12-rc1. Unfortunately we cannot add it as a patch as patch
  utility does not handle symlink removal. Add a temporary band-aid which
  deletes all dangling symlinks after unpacking the kernel source tarball.
  [jslaby] It's not that temporary as we are dragging this for quite some
  time in master. The reason is that this can happen any time again, so
  let's have this in packaging instead.
- commit 52a1ad7
- scripts/wd-functions.sh: add tar.gz base kernel tarball
  Linux -rc snapshots are released as tar.gz files, add support for them.
- commit d4457f3
- git-sort: Update nvme repo branch.
- commit f005189
- scripts/python/check-patchhdr: explicitly prefer python3
  Debian and OpenSUSE Tumblweed no longer have the /usr/bin/python
  symlink, at least this is explained and spelled out on the Debian
  Python Policy [0]. This guideline specifically requests that scripts
  do not use `/usr/bin/env`, do not use `/usr/bin/python` and instead
  use the exact version desired.
  So do just that. Without this, you cannot use kernel-source and commit
  changes without a warning of the python interpreter missing.
  With regards to support to Python 2, some SLE release will simply have
  a python2 script, and some releases for Python3. Release branches where
  we have python 3 can opt-in to embrace this patch.
  [0] https://www.debian.org/doc/packaging-manuals/python-policy/ch-python.html#s-interpreter
- commit a81b795
- scripts/tar-up.sh: remove -u from helptext
  Fixes commit 3efbe774d5cfa0ced909811a7fc3fe16bffaf580
- commit 606be75
- commit 3233d64
- scripts/renamepatches: Add explanation.
- commit c7715af
- scripts/renamepatches: Tool for unifying patch filenames across
  branches.
  It often happens that different developers add patches under different
  names to different branches. When the branches are merged the patches
  are added twice instead of causing a conflict.
  Renaming patches in advance in one of the branches makes merging much
  more straightforwared.
- commit 0951065
- scripts/stableids: s/bnc/bsc/ and cleanup old versions
  The current reference to be used is bsc, not bnc anymore. So update the
  script.
  And remove all discontinued stable versions.
- commit 193862b
- scripts/git_sort/git_sort.py: Add clock maintainer tree
- commit 5435172
- scripts/git_sort/git_sort.py: update SCSI and NVMe repositories
- commit 509f06e
- commit 793c656
- scripts: Support gnome_keyring for OBS connections
  .oscrc may specify keyring= or gnome_keyring= directive to instruct us
  obtaining the password from the local keyring. When only the latter is
  specified we would fail to fetch the password. Fix this by handling
  gnome_keyring= as keyring= too.
- commit c496909
- scripts/git-fixes: Import script from kbuild.
- commit 3e66f73
- scripts/git_sort/git_sort.py: add gitloite to k_org_prefixes
  If you define in your gitconfig to use gitolite for accessing kernel.org
  the scripts won't recongnise your remotes in $LINUX_GIT
  Add gitloite support to k_org_prefixes
- commit 27af818
- scripts/run_oldconfig.sh: support setting config options with value
  Existing -nco-* options for run_oldconfig.sh only allow adding/replacing
  options with y or m values or disabling them but cannot be used to set
  options which take e.g. a number or string as value.
  Add new parameter -nco which allows setting a config option to an arbitrary
  value, e.g.
    ./run_oldconfig -nco LOG_BUF_SHIFT=18
    ./run_oldconfig -nco DEFAULT_TCP_CONG="/cubic"/
- commit 9c449cf
- MyBS.pm: use secret-tool instead of custom script
  secret-tool is available from the package of the same name under
  Leap and Tumbleweed.
- commit d2378aa
- scripts/lib/SUSE/MyBS.pm: Fix uninitialized value.
- commit 47ccb93
- scripts/lib/SUSE/MyBS.pm: Support new style obfuscated password.
- commit 5f57bd3
- scripts: Simplistic keyring implementation for bs-upload-kernel
  This adds a very simply PoC implementation for querying the keyring
  for the OBS password. It's obviously not really secure, but still
  better than storing the password in plain text or with trivial
  encryption. I couldn't find a plain perl implementation of the
  secretstorage protocol.
- commit 4bafc0a
- scripts/run_oldconfig.sh: Ignore CONFIG_CC_VERSION_TEXT
- commit e81b5cd
- git_sort: drop nvme repositories from the list
  The nvme-5.8 branch has been rebased four times in three weeks so that
  trying to manage nvme patches with git_sort means more harm than good.
- commit b382424
- scripts/lib/SUSE/MyBS.pm: update for OBS
  Similar to 3ae8f5694d41...
- commit 54326bb
- scripts/lib/SUSE/MyBS.pm: Adjust basic auth realm for IBS.
- commit 3ae8f56
- scripts/run_oldconfig.sh: Ignore LD_VERSION in config.
- commit e3040fe
- scripts/git_sort/git_sort.py: Update nvme repositories
- commit e1a964f
- git_sort: update URL of net and net-next reporitories
  With the introduction of Jakub Kicinski as co-maintainer, the official
  URL of net and net-next trees was changed from davem/* to netdev/*.
  The original URLs are preserved as aliases but let's switch to the
  official ones.
  Keeping the old URLs with lower priority so that git_sort can update
  Git-repo tags and subsection headers without complaints about unrecognized
  repository.
- commit 4457462
-  scripts/git_sort/git_sort.py: add masahiroy/linux-kbuild.git repository
- commit 1ed2975
- scripts/git_sort/git_sort.py: Add ulfh/mmc
- commit 7febf5c
- scripts/supported-conf-fixup: support guards containing a dash
  The script expects guards to contain only letters and digits (apart from
  the leading '-' or '+'). As we are using "/+foo-kmp"/ style guards to mark
  modules to put into an internal KMP, we need the script to expect '-'
  characters as well.
- commit ce984f3
- scripts/git_sort/git_sort.py: add efi/next repository
- commit 5c191a3
- scripts/git_sort/git_sort.py: add linux-pinctrl repository
- commit 73604d8
- scripts/git_sort/git_sort.py: Add EDAC for-next queue
- commit e718107
- scripts/git_sort/git_sort.py: add thermal/linux.git to the repo list
- commit 84aca34
- scripts/git_sort/git_sort.py: add linux-ipmi repository
- commit 78b705e
- Remove git_sort tests for openSUSE-42.3 (EOL).
- commit d090435
- scripts/check-patch-blacklist: Exit gracefully if blacklist.conf is not present
- commit fe1be04
- scripts/osc_wrapper: make it work with osc >= 0.165
  osc >= 0.165 by default tries to run services. This needs an .osc dir
  and _project, _package, and _files in it. So disable running services as
  we do not need them.
- commit 58db0dd
- scripts/stableids: handle new DRM commits tagging
- commit 4fec579
- scripts/log2: Add --amend option
  This works similarly like git-commit --amend option, used for folding the
  changes onto the commit HEAD.  Unlike git-commit, this re-invokes
  scripts/log and the changelog entry is completely refreshed, hence the
  previous manual change in the log may be lost and need to be re-entered.
- commit 38eaa49
- Copy git-sort merge tool installation instructions to README.md
- commit 5596d4b
- scripts/git_sort/git_sort.py: Remove s390/linux.git for-linus
  This branch no longer exists.
- commit c4479c2
- scripts/sequence-patch.sh: Add --dry-run option
  It is often sufficient to check whether the patch series applies
  without writing out the patched files.
- commit b999a1f
- scripts/git_sort/git_sort.py: Add device tree repository
- commit 3069f2e
- scripts/git_sort/git_sort.py: add dma-mapping repository
- commit bf870d0
- scripts: stableids, handle new pattern
  They started using capital C in commit.
- commit dd41f26
- scripts/git_sort/git_sort.py: add arm64 repository
  Delete no longer existing repository linux-mmots
- commit 2e5580a
- scripts/install-git-hooks: Fix spelling of git option --remove-section
- commit 19cc664
- git_sort.py: add soundwire repo.
- commit 99afd50
- git-pre-commit: Warn on blacklisted commits.
- commit 0dea234
- scripts/git_sort/git_sort.py: Add perf repository.
- commit 727e371
- Revert "/scripts/git_sort/git_sort.py: Remove s390/linux for-linus remote"/
  This reverts commit 061a324a9d93e90ad21e077b956ed3184203e3cc.
- commit 3373b12
- scripts/git_sort/git_sort.py: Remove s390/linux for-linus remote
  It doesn't exist (anymore).
- commit 061a324
- cripts/git_sort/git_sort.py add jejb/scsi repository.
- commit d1fd61a
- scripts/stableids: add dump_only option
  This is useful for generating only SHAs. These are used for putting
  stable patches into sorted section.
- commit 7669764
- scripts/stableids: add bnc for 5.3 kernel
  There is a map of bncs for various kernels. SLE15-SP2 is based on 5.3,
  so add the reference.
- commit 7650550
- commit 74150a8
- scripts/git_sort/git_sort.py:
- commit a6474a1
- git-sort: merge_tool: Catch parsing errors of patches from remote branch
  Avoids unsightly python backtraces for problems such as a Git-commit id
  which is not in LINUX_GIT.
- commit 1eef4e7
- scripts/sort_supported.rb: Script for sorting supported.conf
  This script uses a heuristic that works on 99% entries.
  There are two lines in current supported.conf that need adjustment in
  comment to pass.
- commit 398394f
- scripts/supported-conf-fixup: recognize compressed modules
  At the moment, just allow *.ko.xz in addition to *.ko. It would be nice to
  make it respect COMPRESS_MODULES from rpm/config.sh but that would require
  someone who does actually speak Perl.
- commit 95df98b
- git-sort: merge_tool: Preserve the order of patches when calculating "/added"/
  When merging, the relative order of the patches added to the out-of-tree
  section between the merge base and remote must be preserved. Previously it
  was not, on the erroneous expectation that all added patches are
  commit-sorted. Therefore, added patches (remote - base) in the oot
  subsection were appended in shuffled order to the oot subsection of the
  result.
- commit aa6b527
- scripts/run_oldconfig.sh: support rt partial debug config.
- commit e1353be
- scripts/git_sort/README.md: Update quilt-ks repository URL
- commit 03c796b
- commit 03c6291
- commit 6c1fcb9
- scripts/run_oldconfig.sh: Fix native config check in kbuild.
- commit 93c6080
- commit cbd56d5
- commit 629ccf3
- scripts/tar-up.sh: do not make assumptions about the remote name (bsc#1141488)
  The script assumed a remote named 'origin' exists. While this is true
  for cloning a repo with default options, the name of the remote can be
  easily changed. Also there can be more than one remotes.
  Extend the script to exclude a branch named 'scripts' in all configured
  remotes.
- commit b98fb06
- commit df44667
- scripts/git_sort/git_sort.py:
- commit f216f54
- scripts/guards: Add missing link.
- commit 9d16ecd
- commit c2096bb
- commit 3f9c688
- git_sort: add crypto maintainer tree.
- commit f74c585
- git-sort: tests: Use --no-gpg-checks in SLE12-SP2 Dockerfile
  The updated SLE12-SP2 docker image uses a repo that needs --no-gpg-checks
  for non-interactive usage.
- commit ce25676
- git-sort: qcp: Create subdir of quilt's .pc if needed
  qcp.py creates a ~refresh file under a subdirectory of quilt's "/.pc"/
  directory. If there haven't been other patches applied yet which are in the
  same subdirectory (ex: "/patches.fixes"/), that directory does not exist.
  This situation can also occur in other scenarios when using `rapidquilt`.
  change qcp to create the directory if needed, instead of failing.
- commit 4f437ad
- commit 3d5eb00
- git-sort: README: Add information about how to report problems
- commit 332fdaa
- scripts/bugzilla-create: Set 'Proactive-Upstream-Fix' keyword
- commit 3ef3587
- git-sort: Always explicitely handle a pygit2 import error
  As pointed out by Michal Suchanek, the limitation in commit 6d67b1042a73
  ("/series_sort: Catch pygit2 import failure."/) is wrong; given that there is
  no explicit installation step of the git-sort scripts and that they are
  "/just there"/ in the kernel-source repository, every user-callable script
  needs to check that the user followed installation requirements.
- commit 50602bd
- git-sort: Move mainline remote check to series_sort
  git_sort can be used on any git repository. series_sort OTOH needs the
  reference repository to be a clone of the mainline Linux kernel repository.
  Move the warning accordingly.
  Using the same rationale as in commit 6d67b1042a73 ("/series_sort: Catch
  pygit2 import failure."/), the check is only in series_sort.py even though
  other scripts like series_insert.py have the same requirement.
  Fixes: 027d52475873 ("/scripts: git_sort: Warn about missing upstream repo"/)
- commit 6daf637
- git-sort: Move mainline remote check to series_sort
  git_sort can be used on any git repository. series_sort() OTOH expects the
  reference repository to be a clone of the mainline Linux kernel repository.
  Move the warning accordingly and make it an error since further operations
  would fail.
  Fixes: 027d52475873 ("/scripts: git_sort: Warn about missing upstream repo"/)
- commit 9b0e07a
- scripts: git_sort: Warn about missing upstream repo
  I've witnessed several people having misconfigured their remotes and
  then calling sortig scripts on series.conf results in cryptic error
  messages like:
  > Traceback (most recent call last):
  >   File "/scripts/git_sort/series_sort.py"/, line 121, in <module>
  >     sorted_entries = lib.series_sort(index, input_entries)
  >   File "//home/mkoutny/suse/kernel-source-12-sp3/scripts/git_sort/lib.py"/, line 425, in series_sort
  >     for e in sorted(result[head].items(), key=operator.itemgetter(0))])
  > KeyError: None HEAD
  Add warning when the upstream torvalds/linux remote is not found to give
  users a clue about the situation.
- commit 027d524
- scripts/sequence-patch.sh: fix --fuzz option
  The --fuzz getopt long param was not accepting values.
- commit 0307fc9
- README: Adjust links to internal wiki.
- commit 2ee9bf3
- commit 52b5cf3
- commit 86af8b9
- scripts/git_sort/git_sort.py: Add s390/linux.git fixes.
- commit e19d62a
- scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes
- commit 4223e69
- scripts/bugzilla: use /usr/bin/python3 directly
  /usr/bin/env python3 allows the first interpreter in $PATH to be use, which
  can product unreliable results.
- commit 8296635
- scripts/python/suse_git/header.py: add jsc#w+-d+ for Jira references
  With the upcoming switch to Jira for feature tracking, we need to teach
  the checker about the new tag.  Enforcement is still disabled.
- commit b7bee5d
- scritps/log2: add patch changes to index before running checks.
- commit 90691bf
- git-sort: series_sort: Make "/series.conf"/ the implicit argument
  Similar to series_insert, "/series.conf"/ becomes the default file where to
  read/write the patch series. In contrast to series_sort, if the input is
  not a tty and no argument is specified, the old mode is preserved, which is
  to behave as an stdin/stdout filter. This way, the original usecase of
  piping all or a subset of series.conf lines through series_sort (for
  example, in the method described in the script header) remains unchanged.
- commit a010ff5
- git-sort: quilt-mode: Fix git_sort.py path
  Commit e5655f63f99c ("/git-sort: Remove tools not related to series_sort"/)
  removed the "/git-sort"/ symlink but did not update quilt-mode.sh to use the
  direct path to git_sort.py.
- commit 949d090
- scripts/git_sort/git_sort.py: add kvalo/wireless-drivers-next/master
- commit 46e9bdf
- git-sort: Handle new pygit2.discover_repository behavior
  A consequence of pygit2 commit c32ee0c25384 ("/Now discover_repository
  returns None if repo not found"/).
- commit 9ae2824
- tar-up.sh: do not copy files ending with ~
- commit 70993c1
- check-patchhdr: Remove "/slightly strange pattern"/
  Make fuller use of the unittest API:
  * use assertRaises when testing exceptions
  * use assertEqual when testing for equality
  * reorder arguments to (expected value, actual value) when testing for
  equality, for more intuitive output in case of failure
  * use unittest.skip instead of commenting out tests
- commit ba48e04
- git-sort: Add license text
- commit c7a1094
- git-sort: Remove tools not related to series_sort
  Some scripts were copied over from the ksapply repository but are not
  needed for git-sort, series_sort or quilt-mode. In preparation for moving
  the series_sort code to its own repository, remove these scripts. They can
  still be found in the ksapply repository:
  https://gitlab.suse.de/benjamin_poirier/ksapply
- commit e5655f6
- scripts/sequence-patch.sh: Add --rapid option
  It uses rapidquilt to apply patches.
- commit 7178c2c
- commit 8ce95c7
- scripts: Run pre-commit checks only once when splitting changes into multiple commits
  Instead of repeating the series_sort check for each patch, we can do the
  check once at the beginning, which saves time. Same goes for the other
  checks part of the pre-commit hook.
- commit 0f98ccc
- run_oldconfig - crosscompile
- commit 98367ef
- scripts/log2: add --no-edit argument.
- commit 990531c
- scripts/lib/SUSE/MyBS.pm: new osc stores oscrc in .config
  So enumerate both possibilities before giving up.
- commit cd4eb98
- scripts: use syncconfig instead of silentoldconfig where available
  Since mainline commit 0085b4191f3e ("/kconfig: remove silentoldconfig
  target"/), "/make silentoldconfig"/ can be no longer used. Use "/make
  syncconfig"/ instead if available.
- commit 0d0454a
- git_sort.py: Add drm-misc-next to list of repos/branches
  DRM fixes occationally go from drm-misc-next directly into linux-next
  without the intermediate step of drm-next. Support for drm-misc-next is
  required by several recent commits.
- commit 379ad30
- git_sort.py: Remove trailing whitespace
- commit c5e56ea
- scripts/series2git: Strip [PATCH] prefix in the subject line
  This makes the commit a bit more similar to the original change.
- commit 3d0cc05
- Distribute git configuration in a versioned file
  The kernel-source repository uses a script to set certain git config values
  which are meant to be distributed to all users. This mechanism makes it
  cumbersome to update these configuration values and eventually track their
  history.
  For security reasons, git does not have a way to implicitly include
  configuration values in a repository's content. However, we can explicitly
  include extra configuration values from a versioned file using the
  "/include.path"/ configuration directive. Reuse the old mechanism to add this
  directive (which should hopefully not need changes in the future) and
  include the actual configuration values of interest to all users in a
  separate file.
- extra-gitconfig:
- scripts/install-git-hooks:
- commit c8faf99
- Configure attributes using .gitattributes file
  As stated in gitattributes(5):
  Attributes which should be version-controlled and distributed to
  other repositories (i.e., attributes of interest to all users)
  should go into .gitattributes files.
  Therefore, move the currently-used attributes to a .gitattributes file.
  This is to support future changes to attributes.
  The attributes in $GIT_DIR/info/attributes have precedence over
  .gitattributes. Therefore, users who have run scripts/install-git-hooks
  from a version predating this patch may have attributes in
  $GIT_DIR/info/attributes that override the ones in .gitattributes.
  Unfortunately, we are stuck with this blemish from the past and must
  forever clean up the mess.
- .gitattributes:
- .gitignore:
- scripts/install-git-hooks:
- commit 668a353
- commit 097d8f0
- Update documentation wrt. Patch-mainline
  Common practice is to set Patch-mainline to a Linux release tag. More
  than 95% of all patches follow this convention. The remaining 5% have
  been fixed accordingly in SLE15.
  The documentation is inconsistent wrt. to the content of Patch-mainline.
  In some places it refers to a release tag, in others it refers to a version
  number. With this cleanup, documentation in scripts/ refers to release tags.
  This change is a follow-up for commit 1d81d2699cd3.
- README: Update documentation wrt. Patch-mainline
  Common practice is to set Patch-mainline to a Linux release tag. More
  than 95% of all patches follow this convention. The remaining 5% have
  been fixed accordingly in SLE15.
  The README file is inconsistent wrt. to the content of Patch-mainline.
  In some places it refers to a release tag, in others it refers to a version
  number. With this cleanup, it refers to release tags everywhere.
  This change is a follow-up for commit 1d81d2699cd3.
- commit 57b996f
- tar-up.sh: allow packaging multiple architectures.
  tar-up.sh has -a option to generate package for a particular
  architecture. Extend the -a option processing to accept comma separated
  list of architectures. Also fix a bug with ppc64 selecting both ppc64
  and ppc64le.
- commit 1d17b6d
- scripts/git_sort/README.md: Add update_clone.py documentation
- commit 2286fa5
- scripts/tar-up.sh: Don't package gitlog-excludes file
  Also fix the evaluation of gitlog-excludes file, too
- commit 18a9758
- scripts: sequence-patch.sh: Use '_' to replace '#' charactor (bsc#1107937)
  The pound char ('#') could cause kernel "/make prepare"/ failure if
  toolchain contains latest automake (1.15).
  "/make prepare"/ wil fail like:
  $ LANG=C make modules_prepare
  [snip]
  CALL    scripts/checksyscalls.sh
  DESCEND  objtool
  HOSTCC   /home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/fixdep.o
  HOSTLD   /home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/fixdep-in.o
  LINK     /home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/fixdep
  /home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/.fixdep-in.o.cmd:1: *** missing separator.  Stop.
  make[4]: *** [Makefile:42: /home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/fixdep-in.o] Error 2
  make[3]: *** [/home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/build/Makefile.include:4: fixdep] Error 2
  make[2]: *** [Makefile:52: /home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/libsubcmd.a] Error 2
  make[1]: *** [Makefile:61: objtool] Error 2
  make: *** [Makefile:1689: tools/objtool] Error 2
  The cause is latest make will consider pound char as a separator.
  Kernel has some fixes for it:
  9feeb638cde0 ("/tools build: fix # escaping in .cmd files for future Make"/)
  9564a8cf422d ("/Kbuild: fix # escaping in .cmd files for future Make"/)
  But backporting those 2 fixes can't solve the problem if the kernel
  path contains '#'.
  Considering how common we name the branch using bsc#123456, it would
  definitely cause problem if using some rolling release distributions.
  Fix the $TAG variable by replacing the '#' to '_', so we won't need to
  bother the problem.
- commit 4be920f
- commit b5a813e
- scripts/sequence-patch.sh: use kernel-azure instead of kernel-default
- commit c2c287e
- scripts/git_sort/qcp.py: Print info message on stdout
- commit 38de9a0
- git-sort: Run tests under SLE15
- commit a31a983
- git-sort: Run tests under openSUSE Leap 15.0
- commit 825f5ea
- git-sort: Update sle12-sp3 docker image name
  name changed, most likely as a result of the recent changes to
  registry.suse.de
- commit 678ee7d
- git-sort: Update openSUSE docker image names
  The "/opensuse"/ project "/has been deprecated in favor of the opensuse/leap
  and opensuse/tumbleweed images provided and maintained by the openSUSE
  Project release team"/. [https://store.docker.com/images/opensuse]
- commit 7a9578c
- commit 8effdc9
- scripts/cvs-wd-timestamp: use UTC timezone
  Do not respect users' time zone and use the predictable one. So that
  when people upload a kernel (e.g. tar-up and osc_wrapper upload), the
  time stamp makes no difference.
- commit 386cbe7
- scripts/git_sort/git_sort.py:
- commit 3ac5af6
- commit 17f9140
- commit 36a3f5c
- scripts: run_oldconfig.sh: pass $CC via $MAKE_ARGS
  For some reason, "/make oldconfig"/ ignores CC environment variable so that
  "/CC=gcc-8 make oldconfig"/ still uses default gcc. To actually use compiler
  passed to run_oldconfig.sh by buildtest-kernel script, we need to pass CC
  value as an argument to make, i.e. "/make CC=gcc-8 oldconfig"/.
  If run_oldconfig.sh is run with CC set, add its value to MAKE_ARGS.
- commit 5672543
- scripts/git_sort/README.md: Add quilt-ks OBS repo key fingerprint
- commit 1b3ea9a
- scripts/git_sort/git_sort.py: add modules-next tree
- commit 9804f92
- commit 1cbf60e
- scripts/git_sort/patch.py: Fix patch writeback
  The file must be truncated otherwise we have stray content from the former
  patch leftover at the end of the file when the new patch is shorter.
- commit a597010
- scripts/git_sort/series_conf.py: Fix Patch parameter
  Fixes: e68bd465cdc4 ("/git-sort: Rewrite Patch class to read bytes instead of str"/)
- commit 7674464
- scripts: Make sure hooks directory exists
  When using git worktrees they have a separate git directory which does not
  contain the 'hooks' directory by default. Let's create it when installing
  hooks.
- commit 2905fbd
- scripts/git_sort/patch.py: Fix detection of patch header end
  Consider linux commit 1e047eaab3bb ("/block/loop: fix deadlock after
  loop_set_status"/), some lines from the log start with "/---"/ but do not mark
  the end of the patch header. Fix the pattern matching to match what is done
  in quilt.
  Also add a test which triggers the issue.
- commit b710f8d
- scripts: ignore CONFIG_GCC_VERSION when checking for oldconfig changes
  Since 4.18-rc1, "/make oldconfig"/ writes gcc version and capabilities into
  generated .config. Thus whenever we build the package or run checks with
  different gcc version than used to update config/*/*, check for "/outdated
  configs"/ fails.
  As a quick band-aid, omit the lines with CONFIG_GCC_VERSION from both
  configs before comparing them. This way, the check won't fail unless run
  with newer gcc which would add new capabilities. More robust solution will
  require a wider discussion.
- scripts/git_sort/git_sort.py: Remove dead code
- commit 45100db
- scripts/git_sort/lib.py: Add some docstrings
- commit 271ab0a
- scripts: Support a bare LINUX_GIT
  This was already tried in commit 130e61c098de ("/scripts/linux_git.sh:
  support more dirs and bare repos"/) but it missed modifying all related
  usages which hardcode "//.git"/.
- commit a6d98d2
- scripts/git_sort/git_sort.py: Support bare repository
  get_heads() assumes that the repository has the default configuration of
  fetch refspecs following `git clone`. This does not work if the user
  modified the refspecs or used `git clone --bare`. Change get_heads()
  to perform the transformation of the remote branch name into the local ref
  according to refspec configuration.
- commit 56e8686
- scripts/tests/test_linux_git.py: Clarify tests
  Each actual test case is moved to its own unittest case. This produces
  clearer output.
- commit 9ce16e2
- Delete series.conf.
  Commit 8c4b29dee8b2 ("/scripts/git-pre-commit: only sort series when
  required"/) added an empty series.conf to the scripts branch.
- commit b6e9b17
- check-patchhdr: Use print_function instead of sys.stderr.write.
  Commit 5ba62488b03 switched to using sys.stderr.write(), but the right
  way to do prints with python 2/3 compatibilty is to import
  print_function and use print().
- commit 653e07e
- git-sort: Rewrite Patch class to read bytes instead of str
  Some patches contain characters from multiple encodings, for example a
  backport of commit 395072592e8e ("/drm/i915: broken copyright encoding in
  intel_bios.c"/). Reading those files in text mode triggers a
  UnicodeDecodeError. Therefore, read patch files as bytes and convert the
  header only to str. At the same time, the constructor is simplified to
  accept only a stream.
- commit 0c3fcd6
- check-patchhdr fix error printing on python2.
- commit 5ba6248
- scripts: scripts/log should work with python2.
- commit 3a12a82
- git-sort: Handle empty Git-commit tags
  Although rejected by the current check-patchhdr, some old patches still
  have such invalid tags.
- commit 3b4c077
- scripts/git_sort/update_clone.py: Support modifying remotes in an existing repository
- commit ced4b81
- scripts/git_sort/git_sort.py: Use Repository.remotes instead of parsing config
- commit 93be9e4
- scripts/bugzilla-create: fix usage header
  The usage header specified BUGIDs for the arguments when it expects
  patch files.
- commit 791c922
- scripts/bugzilla-create: skip 'unspecified' version
  Some products provide an 'unspecified' version name in the list of versions
  but it can't be used to file a report.  Let's skip it.
- commit d7a9adc
- scripts/log2: splice_series: Use cat to echo all remaining lines
  The "/after patch"/ state echoes all remaining lines from the old series
  without any possible state change. Instead of reading line by line, use the
  more efficient `cat`.
- commit f6fb30c
- scripts/log2: Fix splice_series when adding two consecutive sections
  Currently, if adding two new sections back to back, when doing
  splice_series for the patches in the first section, they will be followed
  by all of the added whitespace lines, including the ones that followed the
  second section. That's unsightly. Stop echoing added whitespace lines once
  a new non-empty line is encountered.
- commit dae2e83
- scripts/git_sort/git_sort.py: Support libgit/pygit2 0.27
  With the update to libgit 0.27, pygit2 returns Repository Config elements
  ConfigEntry instances instead of plain str as before. Introduce an
  adaptation layer to support both old and new interfaces.
- commit f170315
- scripts/log2: Fix argument passing to splice_series
  Multiple users reported seeing the following error
  Error: new series does not contain all lines from old series.
  after commit 4a3b64a07ab6 ("/scripts/log2: Improve automatic series.conf
  modifications"/).
  Reproduction seems to depend on the bash version; it occurs on SLE12-SP3
  with 4.3.42 but not on tumbleweed with 4.4.19. The problem is caused by the
  fact that `read -r -u 4 new` in splice_series reads the entire content of
  $new_series as one line. $new_series is passed as a here string on file
  descriptor 4, `4<<<$new_series`.
  According to bash(1) for version 4.3.42, "/Pathname expansion and word
  splitting are not performed."/ for here strings. However, it appears like
  word splitting might be for certain invocations (not all, for reasons I
  don't understand). Work around the problem by replacing the here string
  with a simpler construct.
  Referenches: bsc#1094120
- commit 5845ab1
- git-sort: merge_tool: Fix handling of moved patches in remote branch
  Patches that have changed subsystem section between the base and remote
  refs must be processed in upstreaming mode because their new git-repo tag
  after the merge will not match their old section in series.conf from the
  local ref.
  References: bsc#1093777
- commit b806cf0
- scripts/git_sort/tests/test_series_insert.py: Make it executable, like other tests
- commit ecd3542
- scripts/git_sort/series_conf.py: Document pygit2 dependency avoidance
- commit ac02a72
- scripts/git_sort/sequence-insert.py: Udate doc to reflect path change
  The scripts have been merged in kernel-source and are no longer part of a
  separate "/ksapply"/ repository.
- commit 597c570
- scripts/git_sort/clone_all.py: Combine --no-tags option
- commit 5c06131
- scripts/sequence-patch.sh: update supported.conf parsing (fate#319339)
  +*-kmp is a valid guard that should results in a module being flagged
  as supported.  This clones the logic from the spec file to reflect that.
- commit d897f77
- scripts/python/check-patchhdr: Port to python3
- commit 4e62ede
- scripts/git_sort/README.md: Update according to the new --upstream option
- commit 18d4825
- scripts/osc_wrapper: fix argument swap
- commit 511c395
- commit 94752b1
- scripts/tests/lib.py:
- scripts/tests/test_log2.py:
- scripts/log2:
  Add splice_series() tests. Coverage is measured using kcov:
  https://github.com/SimonKagstrom/kcov
- commit 82873ff
- scripts/log2: Improve automatic series.conf modifications
  When multiple patches are added at once and individual commits are created
  automatically, the modifications to series.conf are split into individual
  changes that add one new patch line each. Currently, all new comments and
  empty lines are added along with the first patch. Change scripts/log2 so
  that the comments preceding a patch and the whitespace lines following it
  are added together with the patch.
- commit 4a3b64a
- scripts/git_sort/series_conf.py: Update pipe workaround for python3
  The workaround needs to be updated after the migration from python 2 to 3.
  Use the solution described here:
  https://stackoverflow.com/questions/26692284/brokenpipeerror-in-python
  https://bugs.python.org/issue11380
- commit c45b3a2
- bs-upload-kernel: build klp_symbols when supported.
  cherry-picked from kbuild
- commit aa873d6
- scripts/git_sort/clone_all.py: Add a script to setup a repository with all remotes from git_sort
- commit 55a1366
- scripts/git_sort/git_sort.py: Fix Head uniqueness check
- commit 7c5bc66
- scripts/git_sort/git_sort.py: Fix remote list
- commit 64ee72a
- git-sort: Add option to control movement of patches between subsystem sections
  Currently, a valid ordering in series.conf may become outdated after a
  subsystem repository is merged into an upstream repository. At that point,
  a series.conf which passed the validation check in the past would no longer
  be accepted because, for example, patches in the "/net"/ section should move
  to the "/mainline"/ section. This means that users often have to first
  refresh the ordering in series.conf to reflect upstream changes before
  adding new patches. In order to reduce the burden on users, make it the
  default that patches will remain in their current subsystem section unless
  it is explicitely requested to move them to upstream sections. This should
  effectively accept an outdated but once-valid ordering.
- commit cb21f89
- git-sort: Ignore empty input lines
- commit 51f0b86
- git-sort: Encapsulate indexed commit information in a sortable object
  This eases the comparison and sorting of commits from different heads.
- commit 3959932
- sequence-patch: just exist if there is no config.sh
- commit 7ae9881
- git-sort: Fix compatibility with old `comm`
  Certain distro releases have an older `comm` which doesn't support the
  "/--total"/ option. Use a trivial workaround. Also add tests for
  pre-commit.sh, including one which triggers this problem.
- commit 52e4510
- git-sort: Fix interpreter
- commit c6628e6
- git-sort: Extend series_sort tests
  ... and fix related issues.
- commit 535548a
- git_sort.py: remove duplicate remote.
- commit e5476dc
- scripts: add bugzilla-create and bugzilla-resolve scripts
  bugzilla-create will accept a list of one or more patches, and
  for each one:
- create bugzilla reports with the patch subject as the summary
- update the patch References tag to contain the new report ID
- attach the patch to the report
- assign the bug to the reporter
  bugzilla-resolve will accept a list of one or more bug IDs and resolve
  them as FIXED with an automated message indicating they have been
  committed to the kernel git repo.
  Use of either requires that the user set up a ~/.bugzillarc as documented
  in the scripts/bugzilla-create help or attempts to create bug reports
  will fail with authorization required errors.
- commit 3dff52c
- commit de89c2b
- scripts/git_sort/git_sort.py: Handle unsupported cache db format
  The upcoming python3 port will introduce two changes to the database format
  used for the cache: the default database format of python's "/shelve"/ module
  changed from bdb to gnu dbm and the default protocol version of the
  "/pickle"/ module changed from 0 to 3.
  python2 only supports the gnu dbm format if the gdbm module is available.
  python2 does not handle pickle protocol version 3. In case a user runs the
  python3 version of git-sort and then runs the python2 version again, the
  cache file will be unreadable. Handle that situation explicitly by
  rebuilding the cache.
  If this commit is not available, the alternative workaround is to delete
  the cache file manually (typically under ~/.cache/git-sort).
- commit 15bd1c2
- commit 17db4b8
- scripts/git_sort/git_sort.py:
- commit bfef53d
- git-sort: pre-commit: Don't specify series.conf path relative to scripts
  commit hooks run from the root of the working tree in a non-bare repository
  (according to githooks(5)). Therefore, the path to series.conf can be
  specified relative to that root. This change also allows to run the scripts
  from an alternate location during development.
- commit b87f537
- git-sort: pre-commit: Run if sorted patch files have changed
  Previously we would run the checker script only if the sorted section of
  series.conf had changed. However, a commit could render the sort invalid by
  making changes to the tags of a patch that is in the sorted section but no
  changes to series.conf. Therefore, check the sorted series and the patches
  that it contains if either have changed.
- commit 9ea0831
- git-sort: series_conf: Add a mode to print names only
  Print patch file names from the sorted section without comments or empty
  lines.
- commit 58b9d36
- git-sort: Extend series_insert.py test to trigger an error
  adds a test which triggers the problem fixed in commit 4c26c132dc7b
  ("/scripts/git_sort/series_insert.py: Fix exception names"/)
- commit 21902a2
- git-sort: Add a test of series_insert.py
- commit 25ab285
- git-sort: Factor out test code to write patches
- commit 39e1be1
- scripts: Allow excluding commits in changelog
  For ignoring superfluous commits appearing the changelog, add a
  capability to scripts to ignore the given commit list.
  User can put the commit IDs in rpm/gitlog-excludes file so taht
  tar-up.sh will ignore them.
- commit 2d24811
- scripts/git_sort/series_insert.py: Fix exception names
  After factoring out exception classes, series_insert.py was not
  updated.
  Fixes: 9ad1206cfd3a45dc0f7825d0f93053a9fd9fb07e
- commit 4c26c13
- scripts/git_sort/pre-commit.sh:
- scripts/git-pre-commit:
  Refine the sorted section check
  Because series_sort.py has some dependencies (namely pygit2), avoid running
  it unless there was a change in the sorted section.
- commit 27a0058
- git-sort: Factor out series.conf splitting
- commit 9e149fc
- git-sort: Factor out exception classes
- commit 9ad1206
- scripts/git_sort/merge_tool.py: Update tags
  merge_tool can create an invalid series.conf (example in merge commit
  3e43fe0554). It may move patches to upstream repositories sections in
  series.conf but it does not update the Git-repo tags in those patches
  accordingly. Fix that problem. Also explicitely `git add` those modified
  patches to make sure that they end up in the merge commit.
- commit 7b8db07
- git-sort: Add Dockerfiles to run tests under different OS releases
- commit eef6cac
- commit f41d7e5
- commit e4a7aa9
- git-sort: Catch some simple error cases
  .. and print formatted error messages instead of python backtraces.
- commit 4f82790
- git-sort: Use a consistent variable name for subprocess results
- commit a240443
- git-sort: Add merge_tool test
- commit a426acf
- git-sort: Port to python3
  Most of the changes are related to subprocess calling, encoding and str vs.
  bytes.
- commit 600ead2
- git-sort: Replace __cmp__ operators
  In Python 3 the support for __cmp__() has been removed.
- commit 404509f
- Revert "/scripts/osc_wrapper: fix quoting of osc define"/
  This reverts commit ac17e1f7e8d084b86ee7094833db7f9fce9bc503.
  Apparently the quoting level is different depending on how you build :/
- commit e08c406
- git-sort: Fix tag parsing for describe()
  Fix the following traceback:
  File "/./scripts/git_sort/series_sort.py"/, line 123, in <module>
    lib.update_tags(index, to_update)
  File "//home/nborisov/projects/kernel/suse/kernel-source/scripts/git_sort/lib.py"/, line 454, in update_tags
    patch.change(tag_name, index.describe(entry.cindex))
  File "//home/nborisov/projects/kernel/suse/kernel-source/scripts/git_sort/git_sort.py"/, line 516, in describe
    if self.version_match.match(tag)]
  AttributeError: '_pygit2.Commit' object has no attribute 'get_object'
  It happens when there are lightweight tags formatted like release tags (ex:
  v2.6.13.4).
- commit cf4f000
- git_sort: Add an alias of linux.git
- commit 5aa06b0
- commit e89e2b8
- scripts/git_sort/merge_tool.py: Catch `merge` execution failure.
  Print a verbose error message.
- commit b9651cd
- git_sort: add remotes from SLE15
- commit f433a01
- scripts/git_sort/merge_tool.py: Update instructions.
  Since the git-sort scripts have been merged in the kernel-source
  repository, the path can be stated in an unambiguous way.
- commit 6e10fbf
- commit dd15feb
- Relax checks on xen patches.
- commit b3a11cb
- commit 1134911
- git-sort: lib: Fix handling of workdir with no patches applied.
- commit b1c58cb
- git-sort: lib_tag.sh: Limit the attribution tags that are recognized.
  limits the attribution tags that are recognized to the ones accepted by
  check-patchhdr.
- commit bc6beb7
- git-sort: qdupcheck: Fix handling of workdir with no patches applied.
- commit 4aa2f24
- git-sort: tag: Trivial, use specialized function.
- commit 6573793
- git-sort: qgoto: Fix handling of workdir with no patches applied.
- commit 375c498
- git-sort: Fix splitting of series.conf
  If "/before"/ and "/after"/ have the same content (for example, empty), the
  assertion would inappropriately trigger.
  Also flush remaining comments and whitespace buffers.
  Add a related test.
- commit 3e2b4fa
- git-sort: series_sort: Fix error message when the sorted subsection is absent.
  ... and add a test that triggers it.
- commit 9602358
- scripts/osc_wrapper: fix quoting of osc define
- commit ac17e1f
- git-sort: Fix SortIndex interface to repository heads.
  A few library functions assume that they can access the repo_heads from
  index.repo_heads. Restore that attribute and add a basic test of
  series_sort which catches this problem.
  Fixes: 2c7d8e4f5b45 ("/git-sort: Encapsulate cache management in an object."/)
- commit 6a71e74
- git-sort: Fix cache rebuild condition.
  Currently, when "/-d"/ gives the expected information that the cache will not
  be rebuilt, `git sort` still rebuilds the cache. Fix this problem and add a
  test to catch it.
  Fixes: 2c7d8e4f5b45 ("/git-sort: Encapsulate cache management in an object."/)
- commit 7b8b987
- git-sort: Check cache integrity
  References: bsc#1078216
- commit bcc8a71
- git-sort: Add cache tests
- commit f888ef7
- git-sort: Encapsulate cache management in an object.
  moves cache management code out of the SortIndex and avoids instantiating a
  SortIndex when running in the dump mode.
- commit 2c7d8e4
- git-sort: Factor out functions to read local repository.
  moves repository reading functions out of the SortIndex. Those functions
  are not closely tied to the index and moving them out will ease
  refactoring.
- commit 587a8d2
- git-sort: Extend unit test with (fake) Linux repository.
  Add a basic test of the sorting functionality.
- commit 5dd770a
- git-sort: Control quilt configuration.
  Some scripts parse the output of quilt. However that output can change
  depending on certain quilt options. This, in turn, breaks some expectations
  of the scripts. Fix this by specifying which configuration quilt should use
  when its output will be parsed.
  For example, qgoto assumed that the output of `quilt top` begins with
  "/patches/"/ but that depends on the QUILT_PATCHES_PREFIX configuration
  variable.
- commit 79b5128
- scripts/install-git-hooks: Use /bin/bash when creating new pre-commit hook
  Commit c8a5532f3db3 ("/scripts/*: Set /bin/bash explicitly"/) already
  explicitly set all shebangs to point to /bin/bash since the majority
  of the scripts are using bashisms. However, it missed the shebang that
  is created by install_snippet() function in install-git-hooks. This
  commit makes the printed shebang also point to /bin/bash.
  This fixes a failure due to scripts/git-pre-commit having a /bin/bash
  shebang, but being sourced from .git/hooks/pre-commit, which in turn
  uses /bin/sh, essentially ignoring the shebang of the git-pre-commit
  script.
  This will apply to newly installed hooks.
- commit 7c8b438
- scripts/git_sort: fix Patch-mainline generated for untagged mainline commits
  For patches with commit id in mainline but not tagged yet, git_sort.py
  generates Patch-mainline referring to next expected tag. If latest mainline
  tag is an RC, e.g. 4.15-rc7, it generates text like
  Patch-mainline: v4.16 or v4.15-rc8 (next release)
  but it should be
  Patch-mainline: v4.15 or v4.15-rc8 (next release)
  Fixes: 7dce3df8966c ("/Make series_sort and commit check work together."/)
- commit 4f08653
- commit e85eac6
- commit b2e262e
- commit afc2448
- commit 2364997
- commit 2f6a084
- commit 6d67b10
- scripts/git_sort/lib.py: Suppress quilt output in check_series().
  In particular, this fixes garbage output when running qgoto.py before the
  series file has been swapped.
- commit 5574911
- commit 70729dd
- git_sort: Check for a tag's presence when changing it.
  Its absence would indicate an improperly tagged patch.
- commit 0acd905
- scripts/git_sort/qcp.py: Fix function call with wrong arguments.
  One of the calls to Patch.get() was not properly changed when updating from
  tag_get().
  Also throw in a comment fix for the related function.
  Fixes: c089092e7d98 ("/git-sort: Encapsulate patch tag operations in an object."/)
- commit 442047d
- scripts/git_sort/git_sort.py: add more networking remotes
  pablo/nf.git			netfilter fixes for net
  pablo/nf-next.git		netfilter patches for net-next
  horms/ipvs.git			IPVS fixes for net
  homes/ipvs-next			IPVS patches for net-next
  klassert/ipsec.git		IPsec fixes for net
  klassert/ipsec-next.git		IPSEC patches for net-next
- commit daa89da
- scripts/git_sort/clean_header.sh: Explicitely handle an error.
  The code to determine the remote url for a commit may fail without any
  output. Add a message for this common error scenario.
- commit 2d3beda
- scripts/git_sort/series_insert.py: Catch an exception for nicer output.
- commit 0d59b48
- scripts/git-pre-commit: only sort series when required
  The series file only needs sorting when a patch or the series.conf
  file have changed.  We can skip sorting if there is nothing to do.
- commit 8c4b29d
- scripts/git-pre-commit: make series sorting configurable by branch
  Since we don't want to sort the series on every branch, we should
  make that configurable.  Adding "/SERIES_SORT=yes"/ to rpm/config.sh
  will enable it.
- commit 9e192a4
- scripts/log2: actually invoke scripts/check-patch-dirs
  The previous commit added scripts/check-patch-dirs but didn't actually
  invoke it as indicated in the log message.
- commit 23674da
- scripts/check-patch-dirs: enforce adding patches only into proper dirs
  The master and stable branches now only allow patches in patches.suse,
  patches.kernel.org, patches.rpmify, and patches.kabi.
  scripts/check-patch-dirs will check the branch and ensure that patches
  being added or modified are only allowed in the directories listed
  above.  It will be invoked automatically via scripts/log2.
- commit 77b939d
- Make series_sort and commit check work together.
- commit 7dce3df
- scripts/git_sort/git_sort.py: Add some remote heads.
  According to current patches in SLE15.
- commit 131a901
- scripts/git_sort/git_sort.py: Remove linux-next from remotes.
  As pointed out by Vlastimil, linux-next is not even good for patches from
  akpm:
  Using linux-next commit id's for akpm's mmotm tree is almost
  certainly wrong, because they unique to next-$DATE snapshot, and on
  the next day the commit id will be different. It will also never be
  merged into mainline with the same id.
- commit 4809ebe
- scripts/git_sort/git_sort.py: Add some remote heads.
  According to patches currently found in SLE15.
- commit a3e6d3f
- scripts/git_sort/git_sort.py: Move linux-next at the end of the remote list.
- commit 3a30505
- scripts/git_sort/git_sort.py: add s390 maintainer tree
- commit 58f8a70
- scripts/git_sort/lib.py: Only set cindex when it matches with dest_head.
  Consider a patch which is in the section for a remote head that is not
  available locally and the commit from that patch is found in another remote
  head which is available locally and is sorted as downstream from the
  current one.
  In that case (commit found, repo not indexed, patch moved downstream, good
  tag), self.cindex is set to a value relative to a different head ("/head"/)
  than self.dest_head ("/current_head"/). This leads to an exception in
  series_sort().
- commit 28ae23c
- scripts/git-pre-commit: Check the content of the series.conf sorted section.
- commit 869e9a9
- scripts/git_sort/git_sort.py: Clear environment before running git.
  Otherwise we run into trouble when running git_sort as part of a git commit
  hook.
- commit a0f314d
- README: Add information about sorted patches section of series.conf
- commit 636f808
- scripts/git_sort/series_sort.py: Pass --check if there is no sorted section.
- commit 270922f
- scripts/git_sort/README.md: Add information about series_insert.py
- commit ad9a342
- scripts/git_sort/lib.py: Rewrite Git-repo tag when patch moves upstream.
  The first change is cosmetic since in that branch head == current_head.
  The second change fixes a (copy/paste) bug.
  These two branches now contain the same code. Leave them separate
  nevertheless for clarity (with the comments).
- commit fe1fe99
- git-sort: Add a script to insert new entries in series.conf.
  Specifically, to add new patches to the sorted section of series.conf.
- commit 089b4ef
- scripts/git_sort/lib.py: Rewrite Git-repo only if it differs.
  An entry may move upstream but already have the target Git-repo tag. This
  will happen if a series.conf line is moved to the "/out-of-tree"/ section to
  be resorted. Currently, if the Git-repo is not in the canonical (git://)
  form, the tag value will be needlessly rewritten.
- commit 0ac6457
- Revert "/scripts/linux_git.sh: support more dirs and bare repos"/
  This reverts commit 130e61c098de9f6c49d36a9210ecc5d5b7758c47.
  This breaks user branch builds.
- commit d76dbca
- commit 9f5c189
- scripts/linux_git.sh: support more dirs and bare repos
  linux-2.6 was used only for historical reasons. New clones put
  theirselves to "/linux"/. Or even to "/linux.git"/ when only a bare
  repository is created. So walk over all these and pick the right one.
- commit 130e61c
- scripts: Factor out function to determine mainline Linux git repository path.
- commit 842e04c
- git-sort: Factor out function to determine scripts path
- commit 02a6641
- scripts/series2git: skip expanded stable patches.
- commit 79c578b
- scripts/git_sort/lib.py: Automatically try to replace series.
  The modified quilt (described in scripts/git_sort/README.md) replaces the
  stock "/series"/ file with a symlink to series.conf when any command is run
  from a kernel-source expanded tree.
  If we detect that this replacement has not been done, instead of directly
  erroring out, first try to run a simple quilt command so that the
  replacement takes place.
- commit 1a7c329
- scripts/git_sort/git_sort.py: Fix != comparison of RepoURL objects.
  __cmp__() needs to be implemented.
- commit 7b51a6e
- git-sort: Update Git-repo tags.
  Patch tags are updated when a patch is moved to a new section or a tag is
  outdated. Note that this only happens when the respective commit is found
  locally.
- commit 79c65c9
- scripts/git_sort/lib.py: Remove section headers from series header.
  Currently, if there is no mainline section, the first thing that will be
  found inside the sorted patches section is a section header like
  "/# out-of-tree patches"/. It will be considered to be a comment that's part
  of the series header ("/# sorted patches"/). Change series_header() to filter
  out such section headers.
- commit 455039b
- scripts/git_sort/lib.py: provide LINUX_GIT fallback.
  This is same as previous scripts do (see scripts/wd-functions.sh)
- commit edc5eca
- scripts/git_sort/git_sort.py: Introduce describe() function.
  It is similar to `git describe --contains` while restricting the result to
  the mainline linux tags corresponding to releases and release candidates
  (rc).
- commit 0abe03a
- scripts/git_sort/git_sort.py: Fix an erroneous reference to a global variable.
- commit 2811919
- git-sort: Set cwd when calling git.
  avoids repetitive code
- commit 3611e1d
- git-sort: Encapsulate patch tag operations in an object.
  This allows a single read of the patch file, multiple operations (read and
  write) followed by a single write.
- commit c089092
- commit e814cbe
- scripts/git_sort/git_sort.py: Recognize repository urls that don't end with .git
  It is possible to clone from a URL while omitting the suffix "/.git"/.
- commit 439e8ef
- scripts/git_sort/lib.py: Group related code together.
  There should be no difference in "/object"/ code.
- commit a1e71a3
- scripts/git_sort/lib.py: Remove unused function.
- commit 8a0c736
- scripts/git_sort/git_sort.py: Update remote list according to currently in-use remotes
- commit 5d61b5f
- git-sort: Get commit information from git-sort index
  Currently, we assume that a commit can be sorted if it is found in the git
  repository. However, this assumption is wrong because some commits are not
  indexed (not reachable from one of the (url, branch) pairs in "/remotes"/).
  These commits end up in the "/unknown/local patches"/ section. Moreover, we
  determine the Head for a commit by matching the content of the Git-repo tag
  to a reverse map of the urls in "/remotes"/. This artificially limits us to a
  single branch per url in the Git-sort index.
  This patch changes from_patch() to use the git-sort index to determine if a
  commit can be sorted. If the commit is found, the Head for a patch is
  determined using the git-sort index information. If the commit is not found
  (because its respective subsystem repository is not available locally), we
  rely on the section comment in series.conf. The Git-repo tag is ignored.
- commit 1a4488a
- scripts/git_sort/lib.py: Extract some constants
- commit 21e1549
- scripts/git_sort/git_sort.py: Make Head objects comparable.
  If "/remotes"/ is properly sorted, this allows to determine is one Head is
  the upstream of another.
- commit 8d50e81
- scripts/git_sort/git_sort.py: Parse abbreviated url without extension.
  This is the format output by RepoURL.str()
- commit 16928c0
- git-sort: Encode local/virtual head urls using None.
- commit 2056d71
- scripts/git_sort/git_sort.py: Add a function to lookup a commit.
- commit 544f5d0
- git-sort: Store history as a dict of indexes.
  .. instead of a list of commits. This new structure is faster to look up if
  a commit was reached from a head.
- commit e8d72dd
- scripts/git_sort/git_sort.py: Avoid a dual personality history
  Since commit 897bbc34bdb7 ("/git-sort: Encapsulate repo url and branch name
  into objects"/) history will either be a plain dict or an OrderedDict
  depending on whether it comes from the cache or get_history(). Always use
  an OrderedDict.
- commit e8e47be
- scripts/git_sort/series_sort.py: Introduce --check option.
  This mode does not modify the series file but reports via exit status 2 if
  the series is not sorted. It should be helpful in implementing a commit
  hook.
- commit 9dd4e1b
- scripts/git_sort/git_sort.py: Disambiguate remote revision.
  avoids ambiguity in case there is a local branch or tag with a name that
  conflicts with the remote.
- commit e57d843
- scripts/git_sort/git_sort.py: Recognize http protocol for kernel.org
  As reported by Oliver Neukum, git repositories hosted on kernel.org are
  also available (via redirect) from http.
- commit 720a01f
- commit 22da616
- commit 2a6898e
- scripts/git_sort/lib.py: Give some advice in error message.
- commit 32b858b
- git-sort: Encapsulate repo url and branch name into objects
  This fixes the fact that alias urls for the same repository (ex: via git://
  or https:// protocol) were no longer recognized as such.
- commit 897bbc3
- git-sort: Introduce cache version
  to support updating from older format.
- commit 4f1bbbb
- git-sort: Encapsulate sorting logic into an object
  This allows initializing the cache once and then making repeated calls that
  consult it.
- commit 76bf0ca
- scripts/git_sort/lib.py: Fix format string
  Fixes: ksapply.git 1714bbedc549 ("/Preserve order and name of unavailable subsystem sections"/)
  - --
  lib.py | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
  diff --git a/lib.py b/lib.py
  index c5e7d8f..e8bb65d 100644
  - -- a/lib.py
  +++ b/lib.py
  @@ -340,7 +340,7 @@ def get_url_map():
    for canon_url, branch_name in git_sort.remotes:
    if canon_url in result:
    raise KSException("/URL mapping is ambiguous, "/%s"/ may map to "/
-                              "/multiple head names"/)
  +                              "/multiple head names"/ % (canon_url,))
    result[canon_url] = git_sort.head_name(canon_url, branch_name)
    return result
  - -
  2.14.2
- commit fc35d7f
- scripts/git_sort/lib.py: Remove printing of leftover subsystem entries
  There should be no more of those after ksapply.git c4dea303ad73 ("/Error out
  when trying to series_sort a patch from a repo that is not indexed"/)
- commit 29ae46a
- scripts/git_sort/git_sort.py: Catch some exceptions.
  ... to make the output less scary for users.
  As in lib.py, GSException is for internal errors (in the git_sort code) and
  GSError is for external errors.
- commit e8de5e6
- scripts/git_sort/git_sort.py: Give some advice in error message.
- commit 5aee432
- No more icecream.
- commit 04a66b3
- scripts/git_sort/lib.py:
  Update marker for the end of the sorted section. "/Wireless Networking"/ will
  not always follow the sorted section.
- commit d0e0545
- git-sort: Add more remote heads
  Contributed by Jiri Kosina <jkosina@suse.cz>
- commit 785f657
- scripts/series_sort.py:
- scripts/git_sort/README.md:
- scripts/git_sort/lib.py:
- scripts/git_sort/quilt-mode.sh:
  Make required adjustments for flattened directory structure.
- commit 62c6754
- scripts/git_sort/README.md:
- scripts/git_sort/armor_origin.sh:
- scripts/git_sort/backport-mode.sh:
- scripts/git_sort/check_missing_fixes.sh:
- scripts/git_sort/clean_conflicts.awk:
- scripts/git_sort/clean_header.sh:
- scripts/git_sort/git-f1:
- scripts/git_sort/git-overview:
- scripts/git_sort/git-sort:
- scripts/git_sort/git_sort.py:
- scripts/git_sort/ksapply.sh:
- scripts/git_sort/lib.py:
- scripts/git_sort/lib.sh:
- scripts/git_sort/lib_from.sh:
- scripts/git_sort/lib_tag.py:
- scripts/git_sort/lib_tag.sh:
- scripts/git_sort/merge_tool.py:
- scripts/git_sort/patch_body.awk:
- scripts/git_sort/patch_header.awk:
- scripts/git_sort/qcp.py:
- scripts/git_sort/qdupcheck.py:
- scripts/git_sort/qgoto.py:
- scripts/git_sort/quilt-mode.sh:
- scripts/git_sort/refs_in_series.sh:
- scripts/git_sort/rename_patch.sh:
- scripts/git_sort/sequence-insert.py:
- scripts/git_sort/series_sort.py:
- scripts/git_sort/update-configs.sh:
- scripts/git_sort/vi-conflicts.sh:
  Import from
  https://gitlab.suse.de/benjamin_poirier/ksapply 5b025d0
  https://github.com/benthaman/git-helpers 6479796
- commit 0aaea3b
- scripts/stableids: add 4.12 as SLE15 kernel
- commit 58b8d0c
- scripts/stable*: generate one file per commit
- commit 1dc9b0e
- scripts/stableids: drop support for 2.6.x.y
- commit e23e1fc
- SUSE::MyBS: Do not create repositories with no architectures to build
- commit 31029c0
- scripts/stableids: pass --no-renames to diff
- commit 55832be
- scripts/osc_wrapper: Accept --ibs | --obs as the first parameter
  It is a parameter of the subcommands, but people tend to confuse it.
- commit 30f26fb
- scripts/stop-sync: Use the kerncvs.suse.de hostname
- commit e52fa92
- README: add comment regarding bisectability of patch series
- commit c8c4199
- scripts/osc_wrapper: Replace '/' with ':' in cve/* branch names
- commit 117c8c7
- bs-upload-kernel: Workaround for vim syntax highlighting
- commit dcede42
- SUSE::MyBS: Sync with kbuild.git
  Cherry-pick part of 948fd5e15d06 ("/bs-check-kernel-results: Use
  make-stderr.log if available"/).
- commit 7a4e6fb
keyutils
- Apply default TTL to DNS records from getaddrinfo() (upstream):
  * dns-Apply-a-default-TTL-to-records-obtained-from-get.patch
less
- Fix Startup terminal initialization, bsc#1200738
  * bsc1200738.patch
libcroco
- Add libcroco-CVE-2020-12825.patch: limit recursion in block and
  any productions (boo#1171685 CVE-2020-12825).
libgcrypt
- FIPS: Auto-initialize drbg if needed. [bsc#1200095]
  * Add a _gcry_drbg_init() to _gcry_drbg_randomize() and to
    _gcry_drbg_add_bytes() to fix a crash in FIPS mode.
  * Add libgcrypt-FIPS-Autoinitialize-drbg-if-needed.patch
libksba
- Security fix: [bsc#1204357, CVE-2022-3515]
  * Detect a possible overflow directly in the TLV parser.
  * Add libksba-CVE-2022-3515.patch
libnl-1_1
- Fix elevation of privilege vulnerability (bsc#1020123, CVE-2017-0386).
  Add: libnl-1_1-fix-elevation-of-privilege-vulnerability.patch
libnl3
- Fix elevation of privilege vulnerability (bsc#1020123, CVE-2017-0386).
  Add: libnl3-fix-elevation-of-privilege-vulnerability.patch
libtasn1
- Add libtasn1-CVE-2021-46848.patch: Fixed off-by-one array size check
  that affects asn1_encode_simple_der (CVE-2021-46848, bsc#1204690).
libtirpc
- fix CVE-2021-46828: libtirpc: DoS vulnerability with lots of
  connections (bsc#1201680)
  - backport 0001-Fix-DoS-vulnerability-in-libtirpc.patch
- exclude ipv6 addresses in client protocol 2 code (bsc#1200800)
  - update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
libxml2
- Security fixes:
  * [CVE-2022-40303, bsc#1204366] Fix integer overflows with
    XML_PARSE_HUGE
    + Added patch libxml2-CVE-2022-40303.patch
  * [CVE-2022-40304, bsc#1204367] Fix dict corruption caused by
    entity reference cycles
    + Added patch libxml2-CVE-2022-40304.patch
- Security fix: [bsc#1201978, CVE-2016-3709]
  * Cross-site scripting vulnerability after commit 960f0e2
  * Add libxml2-CVE-2016-3709.patch
logrotate
- Security fix: (bsc#1192449) related to (bsc#1191281, CVE-2021-3864)
  * enforce stricter parsing to avoid CVE-2021-3864
  * Added patch logrotate-enforce-stricter-parsing-and-extra-tests.patch
- Fix "/logrotate emits unintended warning: keyword size not properly
  separated, found 0x3d"/ (bsc#1200278, bsc#1200802):
  * Added patch logrotate-dont_warn_on_size=_syntax.patch
mozilla-nspr
- update to version 4.34
  * add an API that returns a preferred loopback IP on hosts that
    have two IP stacks available.
- update to 4.33:
  * fixes to build system and export of private symbols
mozilla-nss
- update to NSS 3.79.1 (bsc#1202645)
  * bmo#1366464 - compare signature and signatureAlgorithm fields in legacy certificate verifier.
  * bmo#1771498 - Uninitialized value in cert_ComputeCertType.
  * bmo#1759794 - protect SFTKSlot needLogin with slotLock.
  * bmo#1760998 - avoid data race on primary password change.
  * bmo#1330271 - check for null template in sec_asn1{d,e}_push_state.
- Update nss-fips-approved-crypto-non-ec.patch to unapprove the
  rest of the DSA ciphers, keeping signature verification only
  (bsc#1201298).
- Update nss-fips-constructor-self-tests.patch to fix compiler
  warning.
- Update nss-fips-constructor-self-tests.patch to add on-demand
  integrity tests through sftk_FIPSRepeatIntegrityCheck()
  (bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to mark algorithms
  as approved/non-approved according to security policy
  (bsc#1191546, bsc#1201298).
- Update nss-fips-approved-crypto-non-ec.patch to remove hard
  disabling of unapproved algorithms. This requirement is now
  fulfilled by the service level indicator (bsc#1200325).
- Remove nss-fips-tls-allow-md5-prf.patch, since we no longer need
  the workaround in FIPS mode (bsc#1200325).
- Remove nss-fips-tests-skip.patch. This is no longer needed since
  we removed the code to short-circuit broken hashes and moved to
  using the SLI.
- Remove upstreamed patches:
  * nss-fips-version-indicators.patch
  * nss-fips-tests-pin-paypalee-cert.patch
- update to NSS 3.79
  - bmo#205717 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
  - bmo#1766907 - Update mercurial in clang-format docker image.
  - bmo#1454072 - Use of uninitialized pointer in lg_init after alloc fail.
  - bmo#1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
  - bmo#1753315 - Add SECMOD_LockedModuleHasRemovableSlots.
  - bmo#1387919 - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
  - bmo#1765753 - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts.
  - bmo#1765753 - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version.
  - bmo#1764788 - Correct invalid record inner and outer content type alerts.
  - bmo#1757075 - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding.
  - bmo#1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle.
  - bmo#1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
  - bmo#1769302 - NSS 3.79 should depend on NSPR 4.34
- update to NSS 3.78.1
  * bmo#1767590 - Initialize pointers passed to
    NSS_CMSDigestContext_FinishMultiple
- update to NSS 3.78
    bmo#1755264 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests.
    bmo#1294978 - Reworked overlong record size checks and added TLS1.3 specific boundaries.
    bmo#1763120 - Add ECH Grease Support to tstclnt
    bmo#1765003 - Add a strict variant of moz::pkix::CheckCertHostname.
    bmo#1166338 - Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
    bmo#1760813 - Make SEC_PKCS12EnableCipher succeed
    bmo#1762489 - Update zlib in NSS to 1.2.12.
- update to NSS 3.77
  * Bug 1762244 - resolve mpitests build failure on Windows.
  * bmo#1761779 - Fix link to TLS page on wireshark wiki
  * bmo#1754890 - Add two D-TRUST 2020 root certificates.
  * bmo#1751298 - Add Telia Root CA v2 root certificate.
  * bmo#1751305 - Remove expired explicitly distrusted certificates
    from certdata.txt.
  * bmo#1005084 - support specific RSA-PSS parameters in mozilla::pkix
  * bmo#1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
  * bmo#1756271 - Remove token member from NSSSlot struct.
  * bmo#1602379 - Provide secure variants of mpp_pprime and mpp_make_prime.
  * bmo#1757279 - Support UTF-8 library path in the module spec string.
  * bmo#1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
  * bmo#1760827 - Add a CI Target for gcc-11.
  * bmo#1760828 - Change to makefiles for gcc-4.8.
  * bmo#1741688 - Update googletest to 1.11.0
  * bmo#1759525 - Add SetTls13GreaseEchSize to experimental API.
  * bmo#1755264 - TLS 1.3 Illegal legacy_version handling/alerts.
  * bmo#1755904 - Fix calculation of ECH HRR Transcript.
  * bmo#1758741 - Allow ld path to be set as environment variable.
  * bmo#1760653 - Ensure we don't read uninitialized memory in ssl gtests.
  * bmo#1758478 - Fix DataBuffer Move Assignment.
  * bmo#1552254 - internal_error alert on Certificate Request with
    sha1+ecdsa in TLS 1.3
  * bmo#1755092 - rework signature verification in mozilla::pkix
- Require nss-util in nss.pc and subsequently remove -lnssutil3
- update to NSS 3.76.1
  NSS 3.76.1
  * bmo#1756271 - Remove token member from NSSSlot struct.
  NSS 3.76
  * bmo#1755555 - Hold tokensLock through nssToken_GetSlot calls in
    nssTrustDomain_GetActiveSlots.
  * bmo#1370866 - Check return value of PK11Slot_GetNSSToken.
  * bmo#1747957 - Use Wycheproof JSON for RSASSA-PSS
  * bmo#1679803 - Add SHA256 fingerprint comments to old
    certdata.txt entries.
  * bmo#1753505 - Avoid truncating files in nss-release-helper.py.
  * bmo#1751157 - Throw illegal_parameter alert for illegal extensions
    in handshake message.
- Add nss-util pkgconfig and config files (copied from RH/Fedora)
- update to NSS 3.75
  * bmo#1749030 - This patch adds gcc-9 and gcc-10 to the CI.
  * bmo#1749794 - Make DottedOIDToCode.py compatible with python3.
  * bmo#1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.
  * bmo#1748386 - Remove redundant key type check.
  * bmo#1749869 - Update ABI expectations to match ECH changes.
  * bmo#1748386 - Enable CKM_CHACHA20.
  * bmo#1747327 - check return on NSS_NoDB_Init and NSS_Shutdown.
  * bmo#1747310 - real move assignment operator.
  * bmo#1748245 - Run ECDSA test vectors from bltest as part of the CI tests.
  * bmo#1743302 - Add ECDSA test vectors to the bltest command line tool.
  * bmo#1747772 - Allow to build using clang's integrated assembler.
  * bmo#1321398 - Allow to override python for the build.
  * bmo#1747317 - test HKDF output rather than input.
  * bmo#1747316 - Use ASSERT macros to end failed tests early.
  * bmo#1747310 - move assignment operator for DataBuffer.
  * bmo#1712879 - Add test cases for ECH compression and unexpected
    extensions in SH.
  * bmo#1725938 - Update tests for ECH-13.
  * bmo#1725938 - Tidy up error handling.
  * bmo#1728281 - Add tests for ECH HRR Changes.
  * bmo#1728281 - Server only sends GREASE HRR extension if enabled
    by preference.
  * bmo#1725938 - Update generation of the Associated Data for ECH-13.
  * bmo#1712879 - When ECH is accepted, reject extensions which were
    only advertised in the Outer Client Hello.
  * bmo#1712879 - Allow for compressed, non-contiguous, extensions.
  * bmo#1712879 - Scramble the PSK extension in CHOuter.
  * bmo#1712647 - Split custom extension handling for ECH.
  * bmo#1728281 - Add ECH-13 HRR Handling.
  * bmo#1677181 - Client side ECH padding.
  * bmo#1725938 - Stricter ClientHelloInner Decompression.
  * bmo#1725938 - Remove ECH_inner extension, use new enum format.
  * bmo#1725938 - Update the version number for ECH-13 and adjust
    the ECHConfig size.
- update to NSS 3.74
  * bmo#966856 - mozilla::pkix: support SHA-2 hashes in CertIDs in
    OCSP responses
  * bmo#1553612 - Ensure clients offer consistent ciphersuites after HRR
  * bmo#1721426 - NSS does not properly restrict server keys based on policy
  * bmo#1733003 - Set nssckbi version number to 2.54
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R4 root certificate
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R3 root certificate
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R2 root certificate
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R1 root certificate
  * bmo#1735407 - Replace GlobalSign ECC Root CA R4
  * bmo#1733560 - Remove Expired Root Certificates - DST Root CA X3
  * bmo#1740807 - Remove Expiring Cybertrust Global Root and GlobalSign root
    certificates
  * bmo#1741930 - Add renewed Autoridad de Certificacion Firmaprofesional
    CIF A62634068 root certificate
  * bmo#1740095 - Add iTrusChina ECC root certificate
  * bmo#1740095 - Add iTrusChina RSA root certificate
  * bmo#1738805 - Add ISRG Root X2 root certificate
  * bmo#1733012 - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
  * bmo#1738028 - Avoid a clang 13 unused variable warning in opt build
  * bmo#1735028 - Check for missing signedData field
  * bmo#1737470 - Ensure DER encoded signatures are within size limits
- enable key logging option (boo#1195040)
- update to NSS 3.73.1:
  * Add SHA-2 support to mozilla::pkix's OSCP implementation
- update to NSS 3.73
  * bmo#1735028 - check for missing signedData field.
  * bmo#1737470 - Ensure DER encoded signatures are within size limits.
  * bmo#1729550 - NSS needs FiPS 140-3 version indicators.
  * bmo#1692132 - pkix_CacheCert_Lookup doesn't return cached certs
  * bmo#1738600 - sunset Coverity from NSS
  MFSA 2021-51 (bsc#1193170)
  * CVE-2021-43527 (bmo#1737470)
    Memory corruption via DER-encoded DSA and RSA-PSS signatures
- update to NSS 3.72
  * Remove newline at the end of coreconf.dep
  * bmo#1731911 - Fix nsinstall parallel failure.
  * bmo#1729930 - Increase KDF cache size to mitigate perf
    regression in about:logins
- update to NSS 3.71
  * bmo#1717716 - Set nssckbi version number to 2.52.
  * bmo#1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
  * bmo#1373716 - Import of PKCS#12 files with Camellia encryption is not supported
  * bmo#1717707 - Add HARICA Client ECC Root CA 2021.
  * bmo#1717707 - Add HARICA Client RSA Root CA 2021.
  * bmo#1717707 - Add HARICA TLS ECC Root CA 2021.
  * bmo#1717707 - Add HARICA TLS RSA Root CA 2021.
  * bmo#1728394 - Add TunTrust Root CA certificate to NSS.
- update to NSS 3.70
  * bmo#1726022 - Update test case to verify fix.
  * bmo#1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
  * bmo#1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
  * bmo#1681975 - Avoid using a lookup table in nssb64d.
  * bmo#1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
  * bmo#1714579 - Change default value of enableHelloDowngradeCheck to true.
  * bmo#1726022 - Cache additional PBE entries.
  * bmo#1709750 - Read HPKE vectors from official JSON.
- Update to NSS 3.69.1
  * bmo#1722613 (Backout) - Disable DTLS 1.0 and 1.1 by default
  * bmo#1720226 (Backout) - integrity checks in key4.db not happening
    on private components with AES_CBC
  NSS 3.69
  * bmo#1722613 - Disable DTLS 1.0 and 1.1 by default (backed out again)
  * bmo#1720226 - integrity checks in key4.db not happening on private
    components with AES_CBC (backed out again)
  * bmo#1720235 - SSL handling of signature algorithms ignores
    environmental invalid algorithms.
  * bmo#1721476 - sqlite 3.34 changed it's open semantics, causing
    nss failures.
    (removed obsolete nss-btrfs-sqlite.patch)
  * bmo#1720230 - Gtest update changed the gtest reports, losing gtest
    details in all.sh reports.
  * bmo#1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode
  * bmo#1720232 - SQLite calls could timeout in starvation situations.
  * bmo#1720225 - Coverity/cpp scanner errors found in nss 3.67
  * bmo#1709817 - Import the NSS documentation from MDN in nss/doc.
  * bmo#1720227 - NSS using a tempdir to measure sql performance not active
- add nss-fips-stricter-dh.patch
- updated existing patches with latest SLE
- Update nss-fips-constructor-self-tests.patch to scan
  LD_LIBRARY_PATH for external libraries to be checksummed.
- Run test suite at build time, and make it pass (bsc#1198486).
  Based on work by Marcus Meissner.
- Add nss-fips-tests-skip.patch to skip algorithms that are hard
  disabled in FIPS mode.
- Add nss-fips-tests-pin-paypalee-cert.patch to prevent expired
  PayPalEE cert from failing the tests.
- Add nss-fips-tests-enable-fips.patch, which enables FIPS during
  test certificate creation and disables the library checksum
  validation during same.
- Update nss-fips-constructor-self-tests.patch to allow
  checksumming to be disabled, but only if we entered FIPS mode
  due to NSS_FIPS being set, not if it came from /proc.
- Add nss-fips-pbkdf-kat-compliance.patch (bsc#1192079). This
  makes the PBKDF known answer test compliant with NIST SP800-132.
- Update FIPS validation string to version-release format.
- Update nss-fips-approved-crypto-non-ec.patch to remove XCBC MAC
  from list of FIPS approved algorithms.
- Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID
  for build.
- Update nss-fips-approved-crypto-non-ec.patch to claim 3DES
  unapproved in FIPS mode (bsc#1192080).
- Update nss-fips-constructor-self-tests.patch to allow testing
  of unapproved algorithms (bsc#1192228).
- Add nss-fips-version-indicators.patch (bmo#1729550, bsc#1192086).
  This adds FIPS version indicators.
- Add nss-fips-180-3-csp-clearing.patch (bmo#1697303, bsc#1192087).
  Most of the relevant changes are already upstream since NSS 3.60.
ncurses
- Add patch ncurses-bnc1198627.patch
  * Fix bsc#1198627: CVE-2022-29458: ncurses: segfaulting OOB read
openldap2
- bsc#1198341 - Prevent memory reuse which may lead to instability
  * 0226-Change-malloc-to-use-calloc-to-prevent-memory-reuse-.patch
p11-kit
- Conflict with ca-certificates < 1_201403302107-15.6.2 to make sure
  update-ca-certifictes calls trust export with --format=pem-directory-hash
  (bsc#1201985)
- CVE-2020-29362: Fixed a 4 byte overread (bsc#1180065)
  Added p11-kit-CVE-2020-29362.patch:
permissions
  * fix regression introduced by backport of security fix (bsc#1203911)
- Update to version 20170707:
  * chkstat: also consider group controlled paths (bsc#1203018, CVE-2022-31252)
  * add capability for prometheus-blackbox_exporter (bsc#1191194)
  * make btmp root:utmp (bsc#1050467)
  * pcp: remove no longer needed / conflicting entries
- Update to version 20170707:
python
- Add patch CVE-2021-28861-double-slash-path.patch:
  * BaseHTTPServer: Fix an open redirection vulnerability in the HTTP server
    when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
python-M2Crypto
- Add CVE-2020-25657-Bleichenbacher-attack.patch (CVE-2020-25657,
  bsc#1178829), which mitigates the Bleichenbacher timing attacks
  in the RSA decryption API.
- Add python-M2Crypto.keyring to verify GPG signature of tarball.
python-PyJWT
- Add CVE-2022-29217-non-blocked-pubkeys.patch fixing
  CVE-2022-29217 (bsc#1199756), which disallows use of blocked
  pubkeys (heavily modified from upstream).
python-base
- Add patch CVE-2021-28861-double-slash-path.patch:
  * BaseHTTPServer: Fix an open redirection vulnerability in the HTTP server
    when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
python3
- Add patch CVE-2021-28861-double-slash-path.patch:
  * http.server: Fix an open redirection vulnerability in the HTTP server
    when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
python3-base
- Add patch CVE-2021-28861-double-slash-path.patch:
  * http.server: Fix an open redirection vulnerability in the HTTP server
    when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
python3-lxml
- Add patch CVE-2020-27783.patch to fix CVE-2020-27783 mXSS due to the use of
  improper parser
  Fix bsc#1179534
python36
- Add patch CVE-2021-28861-double-slash-path.patch:
  * http.server: Fix an open redirection vulnerability in the HTTP server
    when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
release-notes-sles
- 12.5.20220718 (tracked in bsc#933411)
- Added note about Samba 4.15 (jsc#SLE-23330)
  (bsc#1196097)
- Added note about DFS share failover (jsc#SLE-20041)
- Added note about Xenstore stubdom (bsc#1185196)
- Added note about CONFIG_NUMA_EMU (jsc#SLE-11600)
- Removed LibreOffice and MariaDB from requiring specific contracts
rsync
- Add support for --trust-sender parameter (patch by Jie Gong in
  bsc#1202970). (related to CVE-2022-29154, bsc#1201840)
  * Added patch rsync-CVE-2022-29154-trust-sender-1.patch
  * Added patch rsync-CVE-2022-29154-trust-sender-2.patch
- Apply "/rsync-CVE-2022-29154.patch"/ to fix a security vulnerability
  in the do_server_recv() function. [bsc#1201840, CVE-2022-29154]
rsyslog
- add Requires for latest lbfastjsion version (bsc#1202243)
- fix segfault in qDeqLinkedList during shutdown (bsc#1199283)
  * add 0001-queue-Add-NULL-check-in-qDeqLinkedList.patch
samba
- CVE-2022-1615: Do not ignore errors in random number generation;
  (bso#15103); (bsc#1202976);
- Fix Use after free when iterating
  smbd_server_connection->connections after tree disconnect
  failure; (bso#15128); (bsc#1200102).
- CVE-2022-32746: samba: Use-after-free occurring in database
  audit logging; (bso#15009); (bso#15096); (bsc#1201490).
- CVE-2022-32745: samba: ldb: AD users can crash the server
  process with an LDAP add or modify request; (bso#15008);
  (bso#15096); (bsc#1201492).
- CVE-2022-2031: samba, ldb: AD users can bypass certain
  restrictions associated with changing passwords; (bso#15047);
  (bsc#1201495);
- CVE-2022-32742:SMB1 code does not correct verify SMB1write,
  SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
  (bsc#1201496).
- CVE-2022-32744: samba, ldb: AD users can forge password change
  requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- Update to 4.15.8
  * Use pathref fd instead of io fd in vfs_default_durable_cookie;
    (bso#15042).
  * Setting fruit:resource = stream in vfs_fruit causes a panic;
    (bso#15099).
  * Add support for bind 9.18; (bso#14986).
  * logging dsdb audit to specific files does not work;
    (bso#15076).
  * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
    file had been deleted; (bso#15069)
  * netgroups support removed; (bso#15087); (bsc#1199247).
  * net ads info shows LDAP Server: 0.0.0.0 depending on contacted
    server; (bso#14674); (bsc#1199734).
  * waf produces incorrect names for python extensions with Python
    3.11; (bso#15071).
  * smbclient commands del & deltree fail with
    NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
    (bsc#1200556).
  * vfs_gpfs recalls=no option prevents listing files; (bso#15055).
  * waf produces incorrect names for python extensions with Python
    3.11; (bso#15071).
  * Compile error in source3/utils/regedit_hexedit.c; (bso#15091).
  * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link;
    (bso#15108).
  * smbd doesn't handle UPNs for looking up names; (bso#15054).
  * Out-by-4 error in smbd read reply max_send clamp; (bso#14443).
- Move pdb backends from package samba-libs to package
  samba-client-libs and remove samba-libs requirement from
  samba-winbind; (bsc#1200964); (bsc#1198255);
sqlite3
- update to 3.39.3:
  * Use a statement journal on DML statement affecting two or more
    database rows if the statement makes use of a SQL functions
    that might abort.
  * Use a mutex to protect the PRAGMA temp_store_directory and
    PRAGMA data_store_directory statements, even though they are
    decremented and documented as not being threadsafe.
- update to 3.39.2:
  * Fix a performance regression in the query planner associated
    with rearranging the order of FROM clause terms in the
    presences of a LEFT JOIN.
  * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
    1345947, forum post 3607259d3c, and other minor problems
    discovered by internal testing. [boo#1201783]
- update to 3.39.1:
  * Fix an incorrect result from a query that uses a view that
    contains a compound SELECT in which only one arm contains a
    RIGHT JOIN and where the view is not the first FROM clause term
    of the query that contains the view
  * Fix a long-standing problem with ALTER TABLE RENAME that can
    only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set
    to a very small value.
  * Fix a long-standing problem in FTS3 that can only arise when
    compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time
    option.
  * Fix the initial-prefix optimization for the REGEXP extension so
    that it works correctly even if the prefix contains characters
    that require a 3-byte UTF8 encoding.
  * Enhance the sqlite_stmt virtual table so that it buffers all of
    its output.
- update to 3.39.0:
  * Add (long overdue) support for RIGHT and FULL OUTER JOIN
  * Add new binary comparison operators IS NOT DISTINCT FROM and
    IS DISTINCT FROM that are equivalent to IS and IS NOT,
    respective, for compatibility with PostgreSQL and SQL standards
  * Add a new return code (value "/3"/) from the sqlite3_vtab_distinct()
    interface that indicates a query that has both DISTINCT and
    ORDER BY clauses
  * Added the sqlite3_db_name() interface
  * The unix os interface resolves all symbolic links in database
    filenames to create a canonical name for the database before
    the file is opened
  * Defer materializing views until the materialization is actually
    needed, thus avoiding unnecessary work if the materialization
    turns out to never be used
  * The HAVING clause of a SELECT statement is now allowed on any
    aggregate query, even queries that do not have a GROUP BY
    clause
  * Many microoptimizations collectively reduce CPU cycles by about
    2.3%.
- drop sqlite-src-3380100-atof1.patch, included upstream
- add sqlite-src-3390000-func7-pg-181.patch to skip float precision
  related test failures on 32 bit
- update to 3.38.5:
  * Fix a blunder in the CLI of the 3.38.4 release
- includes changes from 3.38.4:
  * fix a byte-code problem in the Bloom filter pull-down
    optimization added by release 3.38.0 in which an error in the
    byte code causes the byte code engine to enter an infinite loop
    when the pull-down optimization encounters a NULL key
- update to 3.38.3:
  * Fix a case of the query planner be overly aggressive with
    optimizing automatic-index and Bloom-filter construction,
    using inappropriate ON clause terms to restrict the size of the
    automatic-index or Bloom filter, and resulting in missing rows
    in the output.
  * Other minor patches. See the timeline for details.
- update to 3.38.2:
  * Fix a problem with the Bloom filter optimization that might
    cause an incorrect answer when doing a LEFT JOIN with a WHERE
    clause constraint that says that one of the columns on the
    right table of the LEFT JOIN is NULL.
  * Other minor patches.
- Remove obsolete configure flags
- Package the Tcl bindings here again so that we only ship one copy
  of SQLite (bsc#1195773).
- update to 3.38.1:
  * Fix problems with the new Bloom filter optimization that might
    cause some obscure queries to get an incorrect answer.
  * Fix the localtime modifier of the date and time functions so
    that it preserves fractional seconds.
  * Fix the sqlite_offset SQL function so that it works correctly
    even in corner cases such as when the argument is a virtual
    column or the column of a view.
  * Fix row value IN operator constraints on virtual tables so that
    they work correctly even if the virtual table implementation
    relies on bytecode to filter rows that do not satisfy the
    constraint.
  * Other minor fixes to assert() statements, test cases, and
    documentation. See the source code timeline for details.
- add upstream patch to run atof1 tests only on x86_64
  sqlite-src-3380100-atof1.patch
- update to 3.38.0
  * Add the -> and ->> operators for easier processing of JSON
  * The JSON functions are now built-ins
  * Enhancements to date and time functions
  * Rename the printf() SQL function to format() for better
    compatibility, with alias for backwards compatibility.
  * Add the sqlite3_error_offset() interface for helping localize
    an SQL error to a specific character in the input SQL text
  * Enhance the interface to virtual tables
  * CLI columnar output modes are enhanced to correctly handle tabs
    and newlines embedded in text, and add options like "/--wrap N"/,
    "/--wordwrap on"/, and "/--quote"/ to the columnar output modes.
  * Query planner enhancements using a Bloom filter to speed up
    large analytic queries, and a balanced merge tree to evaluate
    UNION or UNION ALL compound SELECT statements that have an
    ORDER BY clause.
  * The ALTER TABLE statement is changed to silently ignores
    entries in the sqlite_schema table that do not parse when
    PRAGMA writable_schema=ON
- update to 3.37.2:
  * Fix a bug introduced in version 3.35.0 (2021-03-12) that can
    cause database corruption if a SAVEPOINT is rolled back while
    in PRAGMA temp_store=MEMORY mode, and other changes are made,
    and then the outer transaction commits
  * Fix a long-standing problem with ON DELETE CASCADE and ON
    UPDATE CASCADE in which a cache of the bytecode used to
    implement the cascading change was not being reset following a
    local DDL change
- update to 3.37.1:
  * Fix a bug introduced by the UPSERT enhancements of version
    3.35.0 that can cause incorrect byte-code to be generated for
    some obscure but valid SQL, possibly resulting in a NULL-
    pointer dereference.
  * Fix an OOB read that can occur in FTS5 when reading corrupt
    database files.
  * Improved robustness of the --safe option in the CLI.
  * Other minor fixes to assert() statements and test cases.
- SQLite3 3.37.0:
  * STRICT tables provide a prescriptive style of data type
    management, for developers who prefer that kind of thing.
  * When adding columns that contain a CHECK constraint or a
    generated column containing a NOT NULL constraint, the
    ALTER TABLE ADD COLUMN now checks new constraints against
    preexisting rows in the database and will only proceed if no
    constraints are violated.
  * Added the PRAGMA table_list statement.
  * Add the .connection command, allowing the CLI to keep multiple
    database connections open at the same time.
  * Add the --safe command-line option that disables dot-commands
    and SQL statements that might cause side-effects that extend
    beyond the single database file named on the command-line.
  * CLI: Performance improvements when reading SQL statements that
    span many lines.
  * Added the sqlite3_autovacuum_pages() interface.
  * The sqlite3_deserialize() does not and has never worked
    for the TEMP database. That limitation is now noted in the
    documentation.
  * The query planner now omits ORDER BY clauses on subqueries and
    views if removing those clauses does not change the semantics
    of the query.
  * The generate_series table-valued function extension is modified
    so that the first parameter ("/START"/) is now required. This is
    done as a way to demonstrate how to write table-valued
    functions with required parameters. The legacy behavior is
    available using the -DZERO_ARGUMENT_GENERATE_SERIES
    compile-time option.
  * Added new sqlite3_changes64() and sqlite3_total_changes64()
    interfaces.
  * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
  * Use less memory to hold the database schema.
  * bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert
    extension when a column has no collating sequence.
sudo
- Modified sudo-sudoers.patch
  * bsc#1177578
  * Removed redundant and confusing 'secure_path' settings in
    sudo-sudoers file.
- Added sudo-1-8-27-bsc1201462-ignore-no-sudohost.patch
  * Ignore entries when converting LDAP to sudoers. Prevents empty
    host list being treated as "/ALL"/ wildcard.
  * bsc#1201462
  * Sourced from https://www.sudo.ws/repos/sudo/rev/484d0d3b892e
systemd-presets-branding-SLE
- Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312)
tcl
- Fix a race condition in test socket-13.1
  (tcl-test-socket-13.1.patch).
- Remove the SQLite extension and package it as a subpackage of
  sqlite3 to have only a single copy and keep it more up to date
  (bsc#1195773).
- Clean up the lib dependencies in tclConfig.sh and tcl.pc.
telnet
- Fix CVE-2022-39028, NULL pointer dereference in telnetd
  (CVE-2022-39028, bsc#1203759)
  CVE-2022-39028.patch
timezone
- Update to reflect new Chile DST change, bsc#1202310
  * bsc1202310.patch
unzip
- Fix CVE-2022-0530, SIGSEGV during the conversion of an utf-8 string
  to a local string (CVE-2022-0530, bsc#1196177)
  * CVE-2022-0530.patch
- Fix CVE-2022-0529, Heap out-of-bound writes and reads during
  conversion of wide string to local string (CVE-2022-0529, bsc#1196180)
  * CVE-2022-0529.patch
update-alternatives

      
util-linux
- su: Change owner and mode for pty (bsc#1200842,
  util-linux-login-move-generic-setting-to-ttyutils.patch,
  util-linux-su-change-owner-and-mode-for-pty.patch).
- mesg: use only stat() to get the current terminal status
  (bsc#1200842, util-linux-mesg-use-only-stat.patch).
- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
  util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
- libmount: When moving a mount point, update all sub mount entries
  in utab (bsc#1198731,
  util-linux-libmount-moving-mount-point-sub-mounts.patch,
  util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
util-linux-systemd
- su: Change owner and mode for pty (bsc#1200842,
  util-linux-login-move-generic-setting-to-ttyutils.patch,
  util-linux-su-change-owner-and-mode-for-pty.patch).
- mesg: use only stat() to get the current terminal status
  (bsc#1200842, util-linux-mesg-use-only-stat.patch).
- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
  util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
- libmount: When moving a mount point, update all sub mount entries
  in utab (bsc#1198731,
  util-linux-libmount-moving-mount-point-sub-mounts.patch,
  util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
which
- https urls, added signature (but did not find the public key)
- Use %license instead of %doc [bsc#1082318]
- Move installinfo scriptlet to preun so it won't fail
- Cleanup spec file with spec-cleaner
- Correct usage of info scriplets
- GNU which 2.21:
  * Upgraded code from bash to version 4.3 (now uses eaccess).
  * Fixed a bug related to getgroups / sysconfig that caused Which
    not to see more than 64 groups for a single user
  * Build system maintenance.
- Update project and source URL to GNU project
xen
- bsc#1200762 - VUL-0: CVE-2022-26365,CVE-2022-33740,
  CVE-2022-33741,CVE-2022-33742: xen: Linux disk/nic frontends data
  leaks (XSA-403)
  xsa403.patch
- Adjustment to patch xsa402-4.patch (bsc#1199966)
- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may
  take excessively long (XSA-410)
  xsa410-01.patch
  xsa410-02.patch
  xsa410-03.patch
  xsa410-04.patch
  xsa410-05.patch
  xsa410-06.patch
  xsa410-07.patch
  xsa410-08.patch
  xsa410-09.patch
  xsa410-10.patch
- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in
  transitive grant copy handling (XSA-411)
  xsa411.patch
- bsc#1185104 - VUL-0: CVE-2021-28689: xen: x86: Speculative
  vulnerabilities with bare (non-shim) 32-bit PV guests (XSA-370)
  xsa370.patch
- bsc#1200549 VUL-0: CVE-2022-21123,CVE-2022-21125,CVE-2022-21166:
  xen: x86: MMIO Stale Data vulnerabilities (XSA-404)
  xsa404-1.patch
  xsa404-2.patch
  xsa404-3.patch
- bsc#1201469 - VUL-0: CVE-2022-23816,CVE-2022-23825,CVE-2022-29900:
  xen: retbleed - arbitrary speculative code execution with return
  instructions (XSA-407)
  xsa407-0a.patch
  xsa407-0b.patch
  xsa407-0c.patch
  xsa407-0d.patch
  xsa407-0e.patch
  xsa407-0f.patch
  xsa407-0g.patch
  xsa407-0h.patch
  xsa407-0i.patch
  xsa407-1.patch
  xsa407-2.patch
  xsa407-3.patch
  xsa407-4.patch
  xsa407-5.patch
  xsa407-6.patch
  xsa407-7.patch
  xsa407-8.patch
- bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush
  for x86 PV guests in shadow mode (XSA-408)
  xsa408.patch
xfsprogs
- mkfs: validate extent size hint parameters (bsc#1138247)
  - add xfsprogs-xfs-move-inode-extent-size-hint-validation-to-libxfs.patch
  - add xfsprogs-xfs_repair-use-libxfs-extsize-cowextsize-validation-.patch
  - add xfsprogs-mkfs-validate-extent-size-hint-parameters.patch
- xfs_repair: Fix root inode's parent when it's bogus for sf directory
  (bsc#1138227)
  - add xfsprogs-xfs_repair-Fix-root-inode-s-parent-when-it-s-bogus-f.patch
yast2-storage
- Partitioner: PVs are not wrongly removed when resizing a VG
  (bsc#1197208).
- 3.2.23
zlib
- Fix heap-based buffer over-read or buffer overflow in inflate via
  large gzip header extra field (bsc#1202175, CVE-2022-37434,
  CVE-2022-37434-extra-header-1.patch,
  CVE-2022-37434-extra-header-2.patch).