bind
- Fix off-by-one error when calculating new hashtable size
  When calculating the new hashtable bitsize, there was an off-by-one
  error that would allow the new bitsize to be larger than maximum allowed
  causing assertion failure in the rehash() function.
  [bsc#1188763, 0001-Fix-off-by-one-error-when-calculating-new-hashtable.patch]
- Since BIND 9.9, it has been easier to use tsig-keygen and
  ddns-confgen to generare TSIG keys. In 9.13, TSIG support was
  removed from dnssec-keygen, so now it is just for DNSKEY (and KEY
  for obscure cases). tsig-keygen is now used to generate DDNS keys.
  [bsc#1187921, vendor-files.tar.bz2]
c-ares
- 5c995d5.patch: augment input validation on hostnames to allow _
  as part of DNS response (bsc#1190225)
- Version update to git snapshot 1.17.1+20200724:
  * fixes missing input validation on hostnames returned by DNS
    servers (bsc#1188881, CVE-2021-3672)
  * If ares_getaddrinfo() was terminated by an ares_destroy(),
    it would cause crash
  * Crash in sortaddrinfo() if the list size equals 0 due to
    an unexpected DNS response
  * Expand number of escaped characters in DNS replies as
    per RFC1035 5.1 to prevent spoofing
  * Use unbuffered /dev/urandom for random data to prevent early startup
    performance issues
- missing_header.patch: upstreamed
cloud-init
- Add cloud-init-log-file-mode.patch (bsc#1183939)
  + Change log file creation mode to 640
- Add cloud-init-no-pwd-in-log.patch (bsc#1184758)
  + Do not write the generated password to the log file
- Add cloud-init-purge-cache-py-ver-change.patch
cpio
- Add another patch to fix regression (bsc#1189465)
  * fix-CVE-2021-38185_3.patch
- Fix regression in last update (bsc#1189465)
  * fix-CVE-2021-38185_2.patch
- Fix CVE-2021-38185 Remote code execution caused by an integer overflow in ds_fgetstr
  (CVE-2021-38185, bsc#1189206)
  * fix-CVE-2021-38185.patch
dbus-1
- Add missing patch for CVE-2020-12049
  * fix-upstream-CVE-2020-12049_2.patch
- Fix CVE-2020-12049 truncated messages lead to resource exhaustion
  (CVE-2020-12049, bsc#1172505)
  * fix-upstream-CVE-2020-12049.patch
- Rebased fix-CVE-2019-12749.patch
dracut
- Update to version 049.1+suse.203.g8ee14a90:
  * fix(suse-initrd): use $kernel rather than $(uname -r)
  * fix(suse-initrd): exclude modules that are built-in (bsc#1185646)
  * fix(suse-initrd): inform on usage of obsolete -f parameter (bsc#1187470)
  * docs: fix reference to insmodpost module (bsc#1187774)
- Update to version 049.1+suse.196.g8706843b:
  * fix(suse-initrd): restore INITRD_MODULES in mkinitrd script
  * fix(suse-initrd): call dracut_instmods with hostonly=
- Update to version 049.1+suse.192.g00425ead:
  * fix(suse-initrd): remove references to INITRD_MODULES (bsc#1187115)
  * fix(suse-initrd) fix list of modprobe.d directories
  * fix(install): handle $LIB in ldd output parsing (bsc#1185615)
kernel-default
- workqueue: fix UAF in pwq_unbound_release_workfn()
  (bsc#1188973).
- commit b02980f
- can: esd_usb2: fix memory leak (git-fixes).
- can: ems_usb: fix memory leak (git-fixes).
- can: usb_8dev: fix memory leak (git-fixes).
- can: mcba_usb_start(): add missing urb->transfer_dma
  initialization (git-fixes).
- can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes).
- nfc: nfcsim: fix use after free during module unload
  (git-fixes).
- can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
  (git-fixes).
- Revert "/ACPI: resources: Add checks for ACPI IRQ override"/
  (git-fixes).
- firmware: arm_scmi: Fix range check for the maximum number of
  pending messages (git-fixes).
- firmware: arm_scmi: Fix possible scmi_linux_errmap buffer
  overflow (git-fixes).
- commit 7ff2c84
- fix patch metadata
- fix Patch-mainline:
  patches.suse/xfrm-xfrm_state_mtu-should-return-at-least-1280-for-.patch
- commit e52bdda
- ixgbe: Fix packet corruption due to missing DMA sync
  (git-fixes).
- bnxt_en: Check abort error state in bnxt_half_open_nic()
  (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in
  bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe()
  (jsc#SLE-8371 bsc#1153274).
- bnxt_en: don't disable an already disabled PCI device
  (git-fixes).
- cxgb4: fix IRQ free race during driver unload (git-fixes).
- igb: Fix position of assignment to *ring (git-fixes).
- igb: Check if num of q_vectors is smaller than max before
  array access (git-fixes).
- iavf: Fix an error handling path in 'iavf_probe()' (git-fixes).
- e1000e: Fix an error handling path in 'e1000_probe()'
  (git-fixes).
- igb: Fix an error handling path in 'igb_probe()' (git-fixes).
- igc: Fix an error handling path in 'igc_probe()' (git-fixes).
- ixgbe: Fix an error handling path in 'ixgbe_probe()'
  (git-fixes).
- igc: change default return of igc_read_phy_reg() (git-fixes).
- igb: Fix use-after-free error during reset (git-fixes).
- igc: Fix use-after-free error during reset (git-fixes).
- virtio_net: move tx vq operation under tx queue lock
  (git-fixes).
- Revert "/be2net: disable bh with spin_lock in be_process_mcc"/
  (git-fixes).
- e1000e: Check the PCIm state (git-fixes).
- i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes).
- i40e: Fix error handling in i40e_vsi_open (git-fixes).
- vxlan: add missing rcu_read_lock() in neigh_reduce()
  (git-fixes).
- mvpp2: suppress warning (git-fixes).
- net: mvpp2: Put fwnode in error case during ->probe()
  (git-fixes).
- net/mlx5e: Block offload of outer header csum for GRE tunnel
  (git-fixes).
- commit 3de5d62
- powerpc/security: Fix link stack flush instruction (bsc#1188885
  ltc#193722).
- commit 6d617e8
- powerpc/64s: Move branch cache flushing bcctr variant to
  ppc-ops.h (bsc#1188885 ltc#193722).
- commit 837e7fa
- powerpc/security: Allow for processors that flush the link
  stack using the special bcctr (bsc#1188885 ltc#193722).
- powerpc/security: split branch cache flush toggle from code
  patching (bsc#1188885 ltc#193722).
- powerpc/security: make display of branch cache flush more
  consistent (bsc#1188885 ltc#193722).
- powerpc/security: change link stack flush state to the flush
  type enum (bsc#1188885 ltc#193722).
- Delete patches.suse/powerpc-add-link-stack-flush-mitigation-in-debugfs.patch
- replaced with upstream security mitigation cleanup
- powerpc/security: re-name count cache flush to branch cache
  flush (bsc#1188885 ltc#193722).
- commit e35bcce
- powerpc/pesries: Get STF barrier requirement from
  H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
- powerpc/security: Add a security feature for STF barrier
  (bsc#1188885 ltc#193722).
- powerpc/pseries: Get entry and uaccess flush required bits
  from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
- powerpc/pseries: export LPAR security flavor in lparcfg
  (bsc#1188885 ltc#193722).
- powerpc/64s: rename pnv|pseries_setup_rfi_flush to
  _setup_security_mitigations (bsc#1188885 ltc#193722).
- Refresh patches.suse/powerpc-pseries-mobility-notify-network-peers-after-.patch.
- powerpc/pseries: add new branch prediction security bits for
  link stack (bsc#1188885 ltc#193722).
- commit 3f019e2
- Update patch-mainline and git-commit tags
  Refresh:
  - patches.suse/0001-netfilter-conntrack-add-new-sysctl-to-disable-RST-ch.patch
  - patches.suse/0001-netfilter-conntrack-improve-RST-handling-when-tuple-.patch
- commit 758ec5c
- Move upstreamed patches to sorted section
- commit e174d5e
- net: mac802154: Fix general protection fault (CVE-2021-3659
  bsc#1188876).
- commit 61caeac
- USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
  (git-fixes).
- USB: serial: option: add support for u-blox LARA-R6 family
  (git-fixes).
- USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
  (git-fixes).
- usb: hub: Disable USB 3 device initiated lpm if exit latency
  is too high (git-fixes).
- usb: hub: Fix link power management max exit latency (MEL)
  calculations (git-fixes).
- xhci: Fix lost USB 2 remote wake (git-fixes).
- spi: imx: add a check for speed_hz before calculating the clock
  (git-fixes).
- commit cbaa23f
- firmware/efi: Tell memblock about EFI iomem reservations
  (git-fixes).
- ALSA: usb-audio: Add registration quirk for JBL Quantum headsets
  (git-fixes).
- ASoC: rt5631: Fix regcache sync errors on resume (git-fixes).
- ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes).
- ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes).
- drm: Return -ENOTTY for non-drm ioctls (git-fixes).
- regulator: hi6421: Fix getting wrong drvdata (git-fixes).
- regulator: hi6421: Use correct variable type for regmap api
  val argument (git-fixes).
- iio: accel: bma180: Use explicit member assignment (git-fixes).
- commit 4603b01
- xfrm: xfrm_state_mtu should return at least 1280 for ipv6
  (bsc#1185377).
- commit c3c4cb5
- use 3.0 SPDX identifier in rpm License tags
  As requested by Maintenance, change rpm License tags from "/GPL-2.0"/
  (SPDX 2.0) to "/GPL-2.0-only"/ (SPDX 3.0) so that their scripts do not have
  to adjust the tags with each maintenance update submission.
- commit f888e0b
- platform/x86: intel_int0002_vgpio: Only call enable_irq_wake()
  when using s2idle (git-fixes).
- commit 28541e7
- platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios
  (git-fixes).
- commit ffedcc6
- platform/x86: intel_int0002_vgpio: Remove dev_err() usage
  after platform_get_irq() (git-fixes).
- commit 4131c57
- platform/x86: intel_int0002_vgpio: Pass irqchip when adding
  gpiochip (git-fixes).
- commit 88a6182
- KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (bsc#1188838
  CVE-2021-37576).
- commit 0162dcd
- platform/x86: intel_int0002_vgpio: Use device_init_wakeup
  (git-fixes).
- commit 017d588
- platform/chrome: cros_ec_lightbar: Reduce ligthbar get version
  command (git-fixes).
- commit a8f01e1
- Input: ili210x - add missing negation for touch indication on
  ili210x (git-fixes).
- commit 0575cf5
- KVM: nVMX: Preserve exception priority irrespective of exiting
  behavior (bsc#1188777).
- commit 9024fbf
- KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap
  (bsc#1188774).
- commit 7334e84
- KVM: nVMX: Consult only the "/basic"/ exit reason when routing
  nested exit (bsc#1188773).
- commit f7ab15a
- kvm: LAPIC: Restore guard to prevent illegal APIC register
  access (bsc#1188772).
- commit 8a9a1d5
- KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic
  is hw disabled (bsc#1188771).
- commit 7610884
- kvm: i8254: remove redundant assignment to pointer s
  (bsc#1188770).
- commit f768a8a
- ceph: don't WARN if we're still opening a session to an MDS
  (bsc#1188748).
- rbd: don't hold lock_rwsem while running_list is being drained
  (bsc#1188747).
- rbd: always kick acquire on "/acquired"/ and "/released"/
  notifications (bsc#1188746).
- commit 5813020
- mt76: set dma-done flag for flushed descriptors (git-fixes).
- commit aaa3cb6
- mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom
  (git-fixes).
- commit 43e0b14
- mt76: mt7615: increase MCU command timeout (git-fixes).
- commit 1ca559f
- mt76: mt7603: set 0 as min coverage_class value (git-fixes).
- commit 606bd07
- ibmvnic: retry reset if there are no other resets (bsc#1184350
  ltc#191533).
- commit fccec64
- cifs: do not fail __smb_send_rqst if non-fatal signals are
  pending (git-fixes).
- commit 80eef04
- cifs: fix interrupted close commands (git-fixes).
- commit 9eae08a
- cifs: Fix preauth hash corruption (git-fixes).
- commit a2ac7b0
- cifs: Return correct error code from smb2_get_enc_key
  (git-fixes).
- commit ffe15e7
- cifs: fix memory leak in smb2_copychunk_range (git-fixes).
- commit f974156
- uuid: Add inline helpers to import / export UUIDs (FATE#326628,
  bsc#1113295, git-fixes).
- commit 5ef7dcb
- Drop media rtl28xxu fix patch (bsc#1188683)
  The recent backport of
  patches.suse/media-rtl28xxu-fix-zero-length-control-request.patch
  caused a regression on Astrometa DVB-T2.
  Revert and blacklist it for now.
- commit 1ae8d64
- series.conf: cleanup
- update upstream references and move into sorted section:
  - patches.suse/r8152-Fix-a-deadlock-by-doubly-PM-resume.patch
  - patches.suse/r8152-Fix-potential-PM-refcount-imbalance.patch
- commit 425c935
- powerpc/stacktrace: Include linux/delay.h (bsc#1156395).
- commit fb8c7fc
- sfp: Fix error handing in sfp_probe() (git-fixes).
- commit 3f0aed6
- cadence: force nonlinear buffers to be cloned (git-fixes).
- commit 4b76907
- gtp: fix an use-before-init in gtp_newlink() (git-fixes).
- commit 6e609d3
- ravb: Fix bit fields checking in ravb_hwtstamp_get()
  (git-fixes).
- commit ed39fda
- net: hns3: Clear the CMDQ registers before unmapping BAR region
  (git-fixes).
- commit 57704e2
- wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes).
- commit 23af1ba
- net: wilc1000: clean up resource in error path of init mon
  interface (git-fixes).
- commit aa75b92
- Update patches.suse/ibmvnic-account-for-bufs-already-saved-in-indir_buf.patch
  (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 bsc#1188620
  ltc#192221).
- Update patches.suse/ibmvnic-free-tx_pool-if-tso_pool-alloc-fails.patch
  (bsc#1085224 ltc#164363 bsc#1188620 ltc#192221).
- Update patches.suse/ibmvnic-parenthesize-a-check.patch
  (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes
  bsc#1188620 ltc#192221).
- Update patches.suse/ibmvnic-set-ltb-buff-to-NULL-after-freeing.patch
  (bsc#1094840 ltc#167098 bsc#1188620 ltc#192221).
- commit 8147958
- ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075).
- commit 8bf9d02
- blacklist.conf: kABI
- commit 7c940a5
- blacklist.conf: cosmetic cleanup
- commit 29705c7
- blacklist.conf: kABI
- commit 839f900
- rtc: max77686: Do not enforce (incorrect) interrupt trigger type
  (git-fixes).
- rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes).
- thermal/core: Correct function name
  thermal_zone_device_unregister() (git-fixes).
- reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes).
- soc/tegra: fuse: Fix Tegra234-only builds (git-fixes).
- commit c39f899
- USB: serial: cp210x: fix comments for GE CS1000 (git-fixes).
- Revert "/USB: quirks: ignore remote wake-up on Fibocom L850-GL
  LTE modem"/ (git-fixes).
- usb: dwc2: gadget: Fix sending zero length packet in DDMA mode
  (git-fixes).
- usb: renesas_usbhs: Fix superfluous irqs happen after
  usb_pkt_pop() (git-fixes).
- usb: max-3421: Prevent corruption of freed memory (git-fixes).
- commit c637f14
- net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes).
- commit 2c19bb5
- scsi: fc: Add 256GBit speed setting to SCSI FC transport
  (bsc#1188101).
- commit 62c8708
- r8152: Fix a deadlock by doubly PM resume (bsc#1186194).
- r8152: Fix potential PM refcount imbalance (bsc#1186194).
- commit 539ea44
- drm/panel: raspberrypi-touchscreen: Prevent double-free
  (git-fixes).
- media: ngene: Fix out-of-bounds bug in
  ngene_command_config_free_buf() (git-fixes).
- liquidio: Fix unintentional sign extension issue on left shift
  of u16 (git-fixes).
- spi: cadence: Correct initialisation of runtime PM again
  (git-fixes).
- spi: mediatek: fix fifo rx mode (git-fixes).
- commit 44fe76d
- bcache: avoid oversized read request in cache missing code path
  (bsc#1184631).
- bcache: remove bcache device self-defined readahead
  (bsc#1184631).
- commit aaf8eb0
- KVM: do not allow mapping valid but non-reference-counted pages
  (bsc#1186482, CVE-2021-22543).
- KVM: Use kvm_pfn_t for local PFN variable in
  hva_to_pfn_remapped() (bsc#1186482, CVE-2021-22543).
- KVM: do not assume PTE is writable after follow_pfn
  (bsc#1186482, CVE-2021-22543).
- commit 3795669
- xen/events: reset active flag for lateeoi events later
  (git-fixes).
- Refresh patches.suse/xen-events-fix-setting-irq-affinity.patch.
- commit e51ccb0
- RDMA/cma: Fix incorrect Packet Lifetime calculation
  (jsc#SLE-8449).
- RDMA/cma: Protect RMW with qp_mutex (git-fixes).
- bpf: Fix integer overflow in argument calculation for
  bpf_map_area_alloc (bsc#1154353).
- ice: Re-organizes reqstd/avail {R, T}XQ check/code for
  efficiency (jsc#SLE-7926).
- commit 94fef56
- series.conf: cleanup
- update upstream reference and move into sorted section:
  - patches.suse/seq_file-Disallow-extremely-large-seq-buffer-allocations.patch
- commit 07df461
- Update
  patches.suse/ARM-ensure-the-signal-page-contains-defined-contents.patch
  (CVE-2021-21781 bsc#1188445).
- commit 47f3aa1
- watchdog: iTCO_wdt: Account for rebooting on second timeout
  (git-fixes).
- watchdog: Fix possible use-after-free by calling
  del_timer_sync() (git-fixes).
- watchdog: sc520_wdt: Fix possible use-after-free in
  wdt_turnoff() (git-fixes).
- watchdog: Fix possible use-after-free in wdt_startup()
  (git-fixes).
- w1: ds2438: fixing bug that would always get page0 (git-fixes).
- commit 0fe04be
- virtio_console: Assure used length from device is limited
  (git-fixes).
- pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes).
- pwm: imx1: Don't disable clocks at device remove time
  (git-fixes).
- pwm: spear: Don't modify HW state in .remove callback
  (git-fixes).
- power: supply: ab8500: add missing MODULE_DEVICE_TABLE
  (git-fixes).
- usb: gadget: hid: fix error return code in hid_bind()
  (git-fixes).
- usb: gadget: f_hid: fix endianness issue with descriptors
  (git-fixes).
- tty: serial: 8250: serial_cs: Fix a memory leak in error
  handling path (git-fixes).
- tty: serial: fsl_lpuart: fix the potential risk of division
  or modulo by zero (git-fixes).
- staging: rtl8723bs: fix macro value for 2.4Ghz only device
  (git-fixes).
- commit 966e79d
- PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes).
- power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
  (git-fixes).
- power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE
  (git-fixes).
- power: supply: max17042: Do not enforce (incorrect) interrupt
  trigger type (git-fixes).
- power: supply: ab8500: Avoid NULL pointers (git-fixes).
- power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE
  (git-fixes).
- power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE
  (git-fixes).
- misc: alcor_pci: fix inverted branch condition (git-fixes).
- net: usb: fix possible use-after-free in smsc75xx_bind
  (git-fixes).
- commit 74628f5
- iio: magn: bmc150: Balance runtime pm + use
  pm_runtime_resume_and_get() (git-fixes).
- iio: gyro: fxa21002c: Balance runtime pm + use
  pm_runtime_resume_and_get() (git-fixes).
- misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge
  (git-fixes).
- misc/libmasm/module: Fix two use after free in ibmasm_init_one
  (git-fixes).
- mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes).
- mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE
  (git-fixes).
- Input: hideep - fix the uninitialized use in hideep_nvm_unlock()
  (git-fixes).
- i2c: core: Disable client irq on reboot/shutdown (git-fixes).
- lib/decompress_unlz4.c: correctly handle zero-padding around
  initrds (git-fixes).
- commit 14f42b7
- backlight: lm3630a: Fix return code of .update_status() callback
  (git-fixes).
- dmaengine: fsl-qdma: check dma_set_mask return value
  (git-fixes).
- gpio: pca953x: Add support for the On Semi pca9655 (git-fixes).
- gpio: zynq: Check return value of pm_runtime_get_sync
  (git-fixes).
- ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below
  20 characters (git-fixes).
- ASoC: soc-core: Fix the error return code in
  snd_soc_of_parse_audio_routing() (git-fixes).
- ASoC: img: Fix PM reference leak in img_i2s_in_probe()
  (git-fixes).
- ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions
  (git-fixes).
- ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes).
- ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return
  values (git-fixes).
- commit 006f207
- ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes).
- ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes).
- ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes).
- ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count
  (git-fixes).
- ALSA: bebob: add support for ToneWeal FW66 (git-fixes).
- ALSA: ppc: fix error return code in snd_pmac_probe()
  (git-fixes).
- ALSA: sb: Fix potential double-free of CSP mixer elements
  (git-fixes).
- ALSA: ac97: fix PM reference leak in ac97_bus_remove()
  (git-fixes).
- ALSA: usx2y: Don't call free_pages_exact() with NULL address
  (git-fixes).
- commit eaa8acd
- config: refresh
- drop GVE on arm64 and s390x (no longer available due to dependency update)
- commit d6ed2bf
- crypto: sun4i-ss - initialize need_fallback (git-fixes).
- crypto: sun4i-ss - IV register does not work on A10 and A13
  (git-fixes).
- crypto: sun4i-ss - checking sg length is not sufficient
  (git-fixes).
- crypto: virtio: Fix dest length calculation in
  __virtio_crypto_skcipher_do_req() (git-fixes).
- crypto: virtio: Fix src/dst scatterlist calculation in
  __virtio_crypto_skcipher_do_req() (git-fixes).
- commit 2b4c8a1
- blacklist.conf: add 4c9c26f1e67648f41f
- commit db6c764
- powerpc/papr_scm: Properly handle UUID types and API
  (FATE#326628, bsc#1113295, git-fixes).
- commit 9bcaa28
- powerpc: Offline CPU in stop_this_cpu() (bsc#1156395).
- commit 01547d1
- powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395).
- commit b063178
- powerpc/stacktrace: Fix spurious "/stale"/ traces in
  raise_backtrace_ipi() (bsc#1156395).
- commit f074894
- gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940).
- Refresh
  patches.suse/gve-Fix-an-error-handling-path-in-gve_probe.patch.
- commit fc90ec1
- gve: DQO: Remove incorrect prefetch (bsc#1176940).
- gve: Simplify code and axe the use of a deprecated API
  (bsc#1176940).
- gve: Propagate error codes to caller (bsc#1176940).
- gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940).
- gve: Fix warnings reported for DQO patchset (bsc#1176940).
- gve: DQO: Add RX path (bsc#1176940).
- gve: DQO: Add TX path (bsc#1176940).
- gve: DQO: Configure interrupts on device up (bsc#1176940).
- gve: DQO: Add ring allocation and initialization (bsc#1176940).
- gve: DQO: Add core netdev features (bsc#1176940).
- gve: Update adminq commands to support DQO queues (bsc#1176940).
- gve: Add DQO fields for core data structures (bsc#1176940).
- gve: Add dqo descriptors (bsc#1176940).
- gve: Add support for DQO RX PTYPE map (bsc#1176940).
- gve: adminq: DQO specific device descriptor logic (bsc#1176940).
- gve: Introduce a new model for device options (bsc#1176940).
- gve: Make gve_rx_slot_page_info.page_offset an absolute offset
  (bsc#1176940).
- gve: gve_rx_copy: Move padding to an argument (bsc#1176940).
- gve: Move some static functions to a common file (bsc#1176940).
- gve: Check TX QPL was actually assigned (bsc#1176940).
- net: gve: remove duplicated allowed (bsc#1176940).
- net: gve: convert strlcpy to strscpy (bsc#1176940).
- gve: Add support for raw addressing in the tx path
  (bsc#1176940).
- gve: Rx Buffer Recycling (bsc#1176940).
- gve: Add support for raw addressing to the rx path
  (bsc#1176940).
- gve: Add support for raw addressing device option (bsc#1176940).
- gve: Replace zero-length array with flexible-array member
  (bsc#1176940).
- gve: Enable Link Speed Reporting in the driver (bsc#1176940).
- gve: Use link status register to report link status
  (bsc#1176940).
- gve: Batch AQ commands for creating and destroying queues
  (bsc#1176940).
- gve: NIC stats for report-stats and for ethtool (bsc#1176940).
- gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags
  (bsc#1176940).
- gve: Use dev_info/err instead of netif_info/err (bsc#1176940).
- gve: Add stats for gve (bsc#1176940).
- gve: Get and set Rx copybreak via ethtool (bsc#1176940).
- commit ffc7e3d
- cpu/hotplug: Cure the cpusets trainwreck (git fixes
  (sched/hotplug)).
- commit ea5f05d
- blacklist.conf: duplication
- commit eff56f7
- kprobes: Fix to check probe enabled before
  disarm_kprobe_ftrace() (git-fixes).
- commit 9aba4a6
- kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE
  (git-fixes).
- commit a579f68
- kABI workaround for pci/quirks.c (git-fixes).
- commit 04fb196
- Add a cherry-picked ID for AMDGPU fix patch
- commit ba73832
- wl1251: Fix possible buffer overflow in wl1251_cmd_scan
  (git-fixes).
- wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
  (git-fixes).
- commit e3971fc
- PCI: iproc: Support multi-MSI only on uniprocessor kernel
  (git-fixes).
- PCI: iproc: Fix multi-MSI base vector number allocation
  (git-fixes).
- PCI: aardvark: Implement workaround for the readback value of
  VEND_ID (git-fixes).
- pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq()
  (git-fixes).
- pinctrl: mcp23s08: fix race condition in irq handler
  (git-fixes).
- pinctrl/amd: Add device HID for new AMD GPIO controller
  (git-fixes).
- wireless: wext-spy: Fix out-of-bounds warning (git-fixes).
- rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes).
- r8169: avoid link-up interrupt issue on RTL8106e if user
  enables ASPM (git-fixes).
- qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute
  (git-fixes).
- commit 0ca454f
- PCI: aardvark: Fix checking for PIO Non-posted Request
  (git-fixes).
- PCI: Leave Apple Thunderbolt controllers on for s2idle or
  standby (git-fixes).
- media, bpf: Do not copy more entries than user space requested
  (git-fixes).
- iwlwifi: pcie: free IML DMA memory allocation (git-fixes).
- iwlwifi: mvm: don't change band on bound PHY contexts
  (git-fixes).
- mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes).
- media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
  (git-fixes).
- mmc: core: Allow UHS-I voltage switch for SDSC cards if
  supported (git-fixes).
- commit f7d13b4
- drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes).
- drm/radeon: Add the missed drm_gem_object_put() in
  radeon_user_framebuffer_create() (git-fixes).
- drm/amd/display: fix incorrrect valid irq check (git-fixes).
- drm/amdkfd: Walk through list with dqm lock hold (git-fixes).
- drm/amd/display: Verify Gamma & Degamma LUT sizes in
  amdgpu_dm_atomic_check (git-fixes).
- drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init()
  (git-fixes).
- drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes).
- drm/amd/display: Update scaling settings on modeset (git-fixes).
- drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer()
  (git-fixes).
- drm/amd/display: fix use_max_lb flag for 420 pixel formats
  (git-fixes).
- commit d72cf42
- drm/amd/amdgpu/sriov disable all ip hw status by default
  (git-fixes).
- drm/sched: Avoid data corruptions (git-fixes).
- drm/virtio: Fix double free on probe failure (git-fixes).
- drm/msm/mdp4: Fix modifier support enabling (git-fixes).
- drm/arm/malidp: Always list modifiers (git-fixes).
- drm/vc4: fix argument ordering in vc4_crtc_get_margins()
  (git-fixes).
- drm/zte: Don't select DRM_KMS_FB_HELPER (git-fixes).
- drm/mxsfb: Don't select DRM_KMS_FB_HELPER (git-fixes).
- drm/tegra: Don't set allow_fb_modifiers explicitly (git-fixes).
- commit b02b3f8
- ASoC: tegra: Set driver_name=tegra for all machine drivers
  (git-fixes).
- clk: tegra: Ensure that PLLU configuration is applied properly
  (git-fixes).
- clk: renesas: r8a77995: Add ZA2 clock (git-fixes).
- Bluetooth: btusb: fix bt fiwmare downloading failure issue
  for qca btsoc (git-fixes).
- Bluetooth: Shutdown controller after workqueues are flushed
  or cancelled (git-fixes).
- Bluetooth: Fix the HCI to MGMT status conversion table
  (git-fixes).
- Bluetooth: btusb: Fixed too many in-token issue for Mediatek
  Chip (git-fixes).
- cw1200: add missing MODULE_DEVICE_TABLE (git-fixes).
- clocksource/arm_arch_timer: Improve Allwinner A64 timer
  workaround (git-fixes).
- commit c7cdd5b
- ARM: ensure the signal page contains defined contents (bsc#1188445).
- commit a1eecda
- kprobes: fix kill kprobe which has been marked as gone
  (git-fixes).
- commit ee1820f
- kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
  (git-fixes).
- commit 865421f
- kprobes: Do not expose probe addresses to non-CAP_SYSLOG
  (git-fixes).
- commit e2cb2ae
- net: atlantic: fix ip dst and ipv6 address filters (git-fixes).
- commit 4278aab
- net/mlx5: Don't fail driver on failure to create debugfs (git-fixes).
- commit c19d4f7
- net: marvell: Fix OF_MDIO config check (git-fixes).
- commit f372318
- net: dp83867: Fix OF_MDIO config check (git-fixes).
- commit c2ac3ff
- net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes).
- commit 0997bfc
- net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes).
- commit 2e479b6
- PCI: quirks: fix false kABI positive (git-fixes).
- commit a2a8059
- tpm: efi: Use local variable for calculating final log size
  (git-fixes).
- commit 69be865
- tracing: Do not reference char * as a string in histograms
  (git-fixes).
- commit 5ff7921
- PCI: iproc: Fix multi-MSI base vector number allocation
  (git-fixes).
- commit 9e70011
- PCI: aardvark: Implement workaround for the readback value of
  VEND_ID (git-fixes).
- commit 4bfb1fd
- PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
  (git-fixes).
- commit dbaa5b3
- PCI: Leave Apple Thunderbolt controllers on for s2idle or
  standby (git-fixes).
- commit 900ca03
- Update patches.suse/Revert-ibmvnic-remove-duplicate-napi_schedule-call-i.patch
  (bsc#1065729 bsc#1188405 ltc#193509 bsc#1187476 ltc#193646).
- commit f55c672
- fix patch metadata
- fix Patch-mainline, drop Git-repo:
  patches.suse/bpftool-Properly-close-va_list-ap-by-va_end-on-error.patch
- commit ec7585c
- Update kabi files.
- update from second July 2021 maintenance update submission (commit 44308a6ad508)
- commit ee121a0
- fbmem: Do not delete the mode that is still in use (git-fixes).
- dma-buf/sync_file: Don't leak fences on merge failure
  (git-fixes).
- fbmem: add margin check to fb_check_caps() (git-fixes).
- commit 1116a4b
- Update patches.suse/Revert-ibmvnic-remove-duplicate-napi_schedule-call-i.patch
  (bsc#1065729 bsc#1188405 ltc#193509).
- Update patches.suse/Revert-ibmvnic-simplify-reset_long_term_buff-functio.patch
  (bsc#1186206 ltc#191041 bsc#1188405 ltc#193509).
- commit 5fcaf8a
- rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap
  (boo#1184804).
- commit 5b51131
- bpftool: Properly close va_list 'ap' by va_end() on error
  (bsc#1155518).
- libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518).
- commit a14bd1d
- blacklist.conf: add "/block: blk-mq.c: fix @at_head kernel-doc warning"/
  Also removed a remnant of a merge conflict.
- commit ebd24f1
- blk-mq: Rerun dispatching in the case of budget contention
  (bsc#1180092).
- blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092).
- blk-mq: In blk_mq_dispatch_rq_list() "/no budget"/ is a reason
  to kick (bsc#1180092).
- commit e31a7fc
- blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no
  budget (bsc#1180092).
- commit ccd1ac3
- blk-mq: insert flush request to the front of dispatch queue
  (bsc#1180092).
- commit acc744b
- blk-mq: insert passthrough request into hctx->dispatch directly
  (bsc#1180092).
- Refresh
  patches.suse/blk-mq-call-commit_rqs-while-list-empty-but-error-ha.patch.
- Refresh
  patches.suse/blk-mq-insert-request-not-through-queue_rq-into-sw-s.patch.
- commit 4ba4b0f
krb5
- Fix KDC null deref on bad encrypted challenge; (CVE-2021-36222);
  (bsc#1188571);
- Added patches:
  * 0011-Fix-KDC-null-deref-on-bad-encrypted-challenge.patch
libesmtp
- Add libesmtp-fix-cve-2019-19977.patch: Fix stack-based buffer
  over-read in ntlm/ntlmstruct.c (bsc#1160462 bsc#1189097).
netcfg
- add submissions port number [bsc#1189683]
- modified patches
  % services-suse.diff
openssl-1_1
- Other OpenSSL functions that print ASN.1 data have been found to assume that
  the ASN1_STRING byte array will be NUL terminated, even though this is not
  guaranteed for strings that have been directly constructed. Where an application
  requests an ASN.1 structure to be printed, and where that ASN.1 structure
  contains ASN1_STRINGs that have been directly constructed by the application
  without NUL terminating the "/data"/ field, then a read buffer overrun can occur.
  * CVE-2021-3712 continued
  * bsc#1189521
  * Add CVE-2021-3712-other-ASN1_STRING-issues.patch
  * Sourced from openssl-CVE-2021-3712.tar.bz2 posted on bsc-1189521
    2021-08-24 00:47 PDT by Marcus Meissner
- A bug in the implementation of the SM2 decryption code means that the
  calculation of the buffer size required to hold the plaintext returned by the
  first call to EVP_PKEY_decrypt() can be smaller than the actual size required by
  the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is
  called by the application a second time with a buffer that is too small.
  * CVE-2021-3711
  * bsc#1189520
  * Add:
    CVE-2021-3711-1-Correctly-calculate-the-length-of-SM2-plaintext-give.patch
    CVE-2021-3711-2-Extend-tests-for-SM2-decryption.patch
    CVE-2021-3711-3-Check-the-plaintext-buffer-is-large-enough-when-decr.patch
- The function X509_aux_print() has a bug which may cause a read buffer overrun
  when printing certificate details. A malicious actor could construct a
  certificate to deliberately hit this bug, which may result in a crash of the
  application (causing a Denial of Service attack).
  * CVE-2021-3712
  * bsc#1189521
  * Add CVE-2021-3712-Fix-read-buffer-overrun-in-X509_aux_print.patch
pcre2
- Added 0001-Fixed-atomic-group-backtracking-bug.patch
  * bsc#1187937
  * PHP 7.6.4 on s390x returns different results for preg_match
    function as compared to older PHP versions and x86
  * Sourced from upstream subversion commit:
    $ svn log -r965 svn://vcs.pcre.org/pcre2/code/trunk
python-pyasn1

      
python-pycparser

      
python-urllib3
- Add %dir declaration for %{_licensedir}
- Add CVE-2021-33503.patch (bsc#1187045, CVE-2021-33503)
  * Improve performance of sub-authority splitting in URL
- Update in SLE-15 (bsc#1182422, jsc#ECO-3352, jsc#PM-2485)
- Enable python2 builds
- Re-add file permissions in %file section
- Undo python2/3 split in %install section
- Skip test for RECENT_DATE. It is a test purely for developers.
  To maintain reproducibility, keep upstreams possibly outdated
  RECENT_DATE in the source code.
- Add CI variable, which makes timeouts in the test suite longer
  (gh#urllib3/urllib3#2109, bsc#1176389) and
  test_timeout_errors_cause_retries should not fail.
- Generate pyc for ssl_match_hostname too
- update to 1.25.10:
  * Added support for ``SSLKEYLOGFILE`` environment variable for
    logging TLS session keys with use with programs like
    Wireshark for decrypting captured web traffic (Pull #1867)
  * Fixed loading of SecureTransport libraries on macOS Big Sur
    due to the new dynamic linker cache (Pull #1905)
  * Collapse chunked request bodies data and framing into one
  call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull #1906)
  * Don't insert ``None`` into ``ConnectionPool`` if the pool
    was empty when requesting a connection (Pull #1866)
  * Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull #1858)
- update to 1.25.9 (bsc#1177120, CVE-2020-26137):
  * Added ``InvalidProxyConfigurationWarning`` which is raised when
    erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently
    support connecting to HTTPS proxies but will soon be able to
    and we would like users to migrate properly without much breakage.
  * Drain connection after ``PoolManager`` redirect (Pull #1817)
  * Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull #1812)
  * Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull #1805)
  * Allow the CA certificate data to be passed as a string (Pull #1804)
  * Raise ``ValueError`` if method contains control characters (Pull #1800)
  * Add ``__repr__`` to ``Timeout`` (Pull #1795)
- Explicitly switch off building python 2 version.
- update to 1.25.8
  * Drop support for EOL Python 3.4
  * Optimize _encode_invalid_chars
  * Preserve chunked parameter on retries
  * Allow unset SERVER_SOFTWARE in App Engine
  * Fix issue where URL fragment was sent within the request target.
  * Fix issue where an empty query section in a URL would fail to parse.
  * Remove TLS 1.3 support in SecureTransport due to Apple removing support.
- Require a new enough release of python-six. 1.25.6 needs at least
  1.12.0 for ensure_text() and friends.
- Updae to 1.25.6:
  * Fix issue where tilde (~) characters were incorrectly percent-encoded in the path. (Pull #1692)
- Restrict the tornado dep from tom to 5 or older release as the
  6.x changed the API
- Update to 1.25.5:
  * Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which caused certificate verification to be enabled when using cert_reqs=CERT_NONE. (Issue #1682)
  * Propagate Retry-After header settings to subsequent retries. (Pull #1607)
  * Fix edge case where Retry-After header was still respected even when explicitly opted out of. (Pull #1607)
  * Remove dependency on rfc3986 for URL parsing.
  * Fix issue where URLs containing invalid characters within Url.auth would raise an exception instead of percent-encoding those characters.
  * Add support for HTTPResponse.auto_close = False which makes HTTP responses work well with BufferedReaders and other io module features. (Pull #1652)
  * Percent-encode invalid characters in URL for HTTPConnectionPool.request() (Pull #1673)
- Drop patch urllib3-ssl-default-context.patch
- Drop patch python-urllib3-recent-date.patch the date is recent
  enough on its own
- Use have/skip_python2/3 macros to allow building only one flavour
- Use old pytest 3.x as newer do not work with this release
  * this will be fixed with next release, just spread among
    numerous fixes in the git for quick backporting
- Fixup pre script: the migration issue happens when changing from
  python-urllib3 to python2-urllib3: the number of installed
  instances of python2-urlliib3 is at this moment 1, unlike in
  regular updates. This is due to a name change, which consists not
  of a pure package update.
- Provides/Obsoletes does not fix the issue: we have a
  directory-to-symlink switch, which cannot be handled by RPM
  internally. Assist using pre script (boo#1138715).
- Fix Upgrade from Leap 42.1/42.2 by adding Obsoletes/Provides:
  python-urllib3, fixes boo#1138746
- Add more test to skip as with new openssl some behaviour changed
  and we can't rely on them anymore
- Unbundle the six, rfc3986, and backports.ssl_match_hostname
- Add missing dependency on python-six (bsc#1150895)
- Update to 1.25.3:
  * Change HTTPSConnection to load system CA certificates when ca_certs, ca_cert_dir, and ssl_context are unspecified. (Pull #1608, Issue #1603)
  * Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605)
- Update to 1.25.2:
  * Change is_ipaddress to not detect IPvFuture addresses. (Pull #1583)
  * Change parse_url to percent-encode invalid characters within the path, query, and target components. (Pull #1586)
  * Add support for Google's Brotli package. (Pull #1572, Pull #1579)
  * Upgrade bundled rfc3986 to v1.3.1 (Pull #1578)
- Require all the deps from the secure list rather than Recommend.
  This makes the check to be run always and ensure the urls are
  "/secure"/.
- Remove ndg-httpsclient as it is not needed since 2015
- Add missing dependency on brotlipy
- Fix the tests to pass again
- update to 1.25 (bsc#1132663, bsc#1129071, CVE-2019-9740, CVE-2019-11236):
  * Require and validate certificates by default when using HTTPS
  * Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant.
  * Added support for ``key_password`` for ``HTTPSConnectionPool`` to use
    encrypted ``key_file`` without creating your own ``SSLContext`` object.
  * Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext``
    implementations. (Pull #1496)
  * Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft.
  * Fixed issue where OpenSSL would block if an encrypted client private key was
    given and no password was given. Instead an ``SSLError`` is raised.
  * Added support for Brotli content encoding. It is enabled automatically if
  ``brotlipy`` package is installed which can be requested with
  ``urllib3[brotli]`` extra.
  * Drop ciphers using DSS key exchange from default TLS cipher suites.
    Improve default ciphers when using SecureTransport.
  * Implemented a more efficient ``HTTPResponse.__iter__()`` method.
- Drop urllib3-test-ssl-drop-sslv3.patch . No longer needed
- Update to 1.24.2 (bsc#1132900, CVE-2019-11324):
  - Implemented a more efficient HTTPResponse.__iter__() method.
    (Issue #1483)
  - Upgraded urllib3.utils.parse_url() to be RFC 3986 compliant.
    (Pull #1487)
  - Remove Authorization header regardless of case when
    redirecting to cross-site. (Issue #1510)
  - Added support for key_password for HTTPSConnectionPool to use
    encrypted key_file without creating your own SSLContext
    object. (Pull #1489)
  - Fixed issue where OpenSSL would block if an encrypted client
    private key was given and no password was given. Instead an
    SSLError is raised. (Pull #1489)
  - Require and validate certificates by default when using HTTPS
    (Pull #1507)
  - Added support for Brotli content encoding. It is enabled
    automatically if brotlipy package is installed which can be
    requested with urllib3[brotli] extra. (Pull #1532)
  - Add TLSv1.3 support to CPython, pyOpenSSL, and
    SecureTransport SSLContext implementations. (Pull #1496)
  - Drop ciphers using DSS key exchange from default TLS cipher
    suites. Improve default ciphers when using SecureTransport.
    (Pull #1496)
  - Add support for IPv6 addresses in subjectAltName section of
    certificates. (Issue #1269)
  - Switched the default multipart header encoder from RFC 2231
    to HTML 5 working draft. (Issue #303, PR #1492)
- Update to 1.24.1:
  * Remove quadratic behavior within GzipDecoder.decompress()
    (Issue #1467)
  * Restored functionality of ciphers parameter for
    create_urllib3_context(). (Issue #1462)
runc
- Add Fix-ptsname-for-big-endian-architectures-again.patch (bsc#1189743)
samba
- Add msDS-AdditionalDnsHostName to the keytab; (bso#14396);
  (bsc#1185420);
- Add net-ads-join dnshostname option; (bso#14396); (bsc#1185420);
- Fix adding msDS-AdditionalDnsHostName to keytab with Windows DC;
  (bso#14406); (bsc#1185420);
supportutils
- Changes to version 3.1.17
  + Adding ethtool options g l m to network.txt (jsc#SLE-18240)
- Changes to version 3.1.16
  + lsof options to improve performance (bsc#1186687)
- Fixes to supportconfig
  + Exclude rhn.conf from etc.txt (bsc#1186347)
- analyzevmcore supports local directories (bsc#1186397)
- getappcore checks for valid compression binary (bsc#1185991)
- getappcore does not trigger errors with help message (bsc#1185993)
suse-module-tools
- Update to version 15.2.12:
  * modprobe.d: Remove dma=none setting for parport_pc
    (bsc#1177695)
sysconfig
- Link as Position Independent Executable (bsc#1184124).
timezone
- Install tzdata.zi (bsc#1188127)
xen
- bsc#1189882 - refresh libxc.sr.superpage.patch
  prevent superpage allocation in the LAPIC and ACPI_INFO range
- bsc#1189373 - VUL-0: CVE-2021-28694,CVE-2021-28695,
  CVE-2021-28696: xen: IOMMU page mapping issues on x86 (XSA-378)
  xsa378-0a.patch
  xsa378-0b.patch
  xsa378-0c.patch
  xsa378-1.patch
  xsa378-2.patch
  xsa378-3.patch
  xsa378-4.patch
  xsa378-5.patch
  xsa378-6.patch
  xsa378-7.patch
  xsa378-8.patch
- bsc#1189376 - VUL-0: CVE-2021-28697: xen: grant table v2 status
  pages may remain accessible after de-allocation. (XSA-379)
  xsa379.patch
- bsc#1189378 - VUL-0: CVE-2021-28698: xen: long running loops in
  grant table handling. (XSA-380)
  xsa380-1.patch
  xsa380-2.patch
- bsc#1189380 - VUL-0: CVE-2021-28699: xen: inadequate grant-v2
  status frames array bounds check. (XSA-382)
  xsa382.patch
- bsc#1189381 - VUL-0: CVE-2021-28700: xen: xen/arm: No memory
  limit for dom0less domUs. (XSA-383)
  xsa383.patch
- bsc#1188050 - L3: Xen guest yval1a80 SLES11SP4 hangs on cluster
  See also bsc#1179246.
  credit2-avoid-picking-a-spurious-idle-unit-when-caps-are-used.patch
- Drop aarch64-maybe-uninitialized.patch as the fix is in tarball.
- bsc#1176189 - xl monitoring process exits during xl save -p|-c
  keep the monitoring process running to cleanup the domU during shutdown
  xl-save-pc.patch
- bsc#1179246 - Dom0 hangs when pinning CPUs for dom0 with HVM guest
  60be0e24-credit2-pick-runnable-unit.patch
  60be0e42-credit2-per-entity-load-tracking-when-continuing.patch
- Upstream bug fixes (bsc#1027519)
  60be3097-x86-CPUID-fix-HLE-and-RTM-handling-again.patch
  60bf9e19-Arm-create-dom0less-domUs-earlier.patch (Replaces xsa372-1.patch)
  60bf9e1a-Arm-boot-modules-scrubbing.patch (Replaces xsa372-2.patch)
  60bf9e1b-VT-d-size-qinval-queue-dynamically.patch (Replaces xsa373-1.patch)
  60bf9e1c-AMD-IOMMU-size-command-buffer-dynamically.patch (Replaces xsa373-2.patch)
  60bf9e1d-VT-d-eliminate-flush-related-timeouts.patch (Replaces xsa373-2.patch)
  60bf9e1e-x86-spec-ctrl-protect-against-SCSB.patch (Replaces xsa375.patch)
  60bf9e1f-x86-spec-ctrl-mitigate-TAA-after-S3.patch (Replaces xsa377.patch)
  60bfa904-AMD-IOMMU-wait-for-command-slot.patch (Replaces xsa373-4.patch)
  60bfa906-AMD-IOMMU-drop-command-completion-timeout.patch (Replaces xsa373-5.patch)
  60c8a7ac-x86-vpt-fully-init-timers-before-enlisting.patch
  60d49689-VT-d-undo-device-mappings-upon-error.patch
  60d496b9-VT-d-adjust-domid-map-updating-on-unmap.patch
  60d496d6-VT-d-clear_fault_bits-should-clear-all.patch
  60d496ee-VT-d-dont-lose-errors-on-multi-IOMMU-flush.patch
  60d5c6df-IOMMU-PCI-dont-let-domain-cleanup-continue.patch
- bsc#1183243 - L3: Core cannot be opened when using xl dump-core
  of VM with PTF
  60ba695e-tools-libs-ctrl-fix-xc_core_arch_map_p2m-to-support.patch
- Update logrotate.conf, move global options into per-file sections
  to prevent globbering of global state (bsc#1187406)
- Fix shell macro expansion in xen.spec, so that ExecStart=
  in xendomains-wait-disks.service is created correctly (bsc#1183877)
- bsc#1186428 - VUL-0: CVE-2021-28693: xen: xen/arm: Boot modules
  are not scrubbed (XSA-372)
  xsa372-1.patch
  xsa372-2.patch
- bsc#1186429 - VUL-0: CVE-2021-28692: xen: inappropriate x86 IOMMU
  timeout detection / handling (XSA-373)
  xsa373-1.patch
  xsa373-2.patch
  xsa373-3.patch
  xsa373-4.patch
  xsa373-5.patch
- bsc#1186433 - VUL-0: CVE-2021-0089: xen: Speculative Code Store
  Bypass (XSA-375)
  xsa375.patch
- bsc#1186434 - VUL-0: CVE-2021-28690: xen: x86: TSX Async Abort
  protections not restored after S3 (XSA-377)
  xsa377.patch
- bsc#1180491 - "/Panic on CPU 0: IO-APIC + timer doesn't work!"/
  6011bbc7-x86-timer-fix-boot-without-PIT.patch
- Upstream bug fixes (bsc#1027519)
  60631c38-VT-d-QI-restore-flush-hooks.patch
  60700077-x86-vpt-avoid-pt_migrate-rwlock.patch
  60787714-x86-HPET-avoid-legacy-replacement-mode.patch
  60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch
  608676f2-VT-d-register-based-invalidation-optional.patch
  60a27288-x86emul-gas-2-36-test-harness-build.patch
  60afe616-x86-CPUID-rework-HLE-and-RTM-handling.patch
- Drop gcc10-fixes.patch
- Add xen.sysconfig-fillup.patch to make sure xencommons is in a
  format as expected by fillup. (bsc#1185682)
  Each comment needs to be followed by an enabled key. Otherwise
  fillup will remove manually enabled key=value pairs, along with
  everything that looks like a stale comment, during next pkg update
- Refresh xenstore-launch.patch to cover also daemon case
- Update to Xen 4.13.3 bug fix release (bsc#1027519)
  xen-4.13.3-testing-src.tar.bz2
- Drop patches contained in new tarball
  5faa974f-evtchn-rework-per-channel-lock.patch
  5faa978b-evtchn-revert-52e1fc47abc3a0123.patch
  5faac497-xen-arm-Always-trap-AMU-system-registers.patch
  5fbcdf2e-evtchn-FIFO-access-last.patch
  5fbcdf99-x86-DMI-fix-SMBIOS-pointer-check.patch
  5fbd042b-memory-off-by-one-in-XSA-346.patch
  5fc4ee23-evtchn-FIFO-queue-locking.patch
  5fd8aebb-x86-replace-reset_stack_and_jump_nolp.patch
  5fd8aee5-x86-fold-guest_idle_loop.patch
  5fd8aef3-x86-avoid-calling-do_resume.patch
  5fd8af4b-evtchn-FIFO-add-2nd-smp_rmb.patch
  5fd8b02d-evtchn-FIFO-reorder-and-synchronize.patch
  5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch
  5ff71655-x86-dpci-EOI-regardless-of-masking.patch
  5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch
  600999ad-x86-dpci-do-not-remove-pirqs-from.patch
  600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch
  6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch
  6013e546-x86-HVM-reorder-domain-init-error-path.patch
  601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch
  602bd768-page_alloc-only-flush-after-scrubbing.patch
  602cfe3d-IOMMU-check-if-initialized-before-teardown.patch
  602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch
  602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch
  6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch
  60410127-gcc11-adjust-rijndaelEncrypt.patch
  60422428-x86-shadow-avoid-fast-fault-path.patch
  xen-4.13.2-testing-src.tar.bz2
  xsa115-1.patch
  xsa115-10.patch
  xsa115-2.patch
  xsa115-3.patch
  xsa115-4.patch
  xsa115-5.patch
  xsa115-6.patch
  xsa115-7.patch
  xsa115-8.patch
  xsa115-9.patch
  xsa322.patch
  xsa324.patch
  xsa325.patch
  xsa351-1.patch
  xsa351-2.patch
  xsa368.patch
- bsc#1137251 - Restore changes for xen-dom0-modules.service which
  were silently removed on 2019-10-17
- bsc#1183072 - VUL-0: CVE-2021-28687: xen: HVM soft-reset crashes
  toolstack (XSA-368). Also resolves,
  bsc#1179148 - kdump of HVM fails, soft-reset not handled by libxl
  bsc#1181989 - openQA job causes libvirtd to dump core when
  running kdump inside domain