apparmor
- Add pam_apparmor README, referenced from online cha-apparmor-pam.html
  documentation (bsc#1213472)
audit-secondary
- Update audit-secondary.spec: create symbolic link from
  /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519).

- Fix rules not loaded when restarting auditd.service(bsc#1204844)
bind
- Update to release 9.16.43
  Bug Fixes:
  * Processing already-queued queries received over TCP could cause
    an assertion failure, when the server was reconfigured at the
    same time or the cache was being flushed. This has been fixed.

- Add dnstap support
  [jsc#PED-4852]

- Log named-checkconf output [bsc#1213049]
blog
- Add patch blog.dif
  * Fix big endian cast problems to be able to read commands
    and ansers (blogctl) as well as passphrases (blogd)
ca-certificates-mozilla
- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
  Added:
  - Atos TrustedRoot Root CA ECC G2 2020
  - Atos TrustedRoot Root CA ECC TLS 2021
  - Atos TrustedRoot Root CA RSA G2 2020
  - Atos TrustedRoot Root CA RSA TLS 2021
  - BJCA Global Root CA1
  - BJCA Global Root CA2
  - LAWtrust Root CA2 (4096)
  - Sectigo Public Email Protection Root E46
  - Sectigo Public Email Protection Root R46
  - Sectigo Public Server Authentication Root E46
  - Sectigo Public Server Authentication Root R46
  - SSL.com Client ECC Root CA 2022
  - SSL.com Client RSA Root CA 2022
  - SSL.com TLS ECC Root CA 2022
  - SSL.com TLS RSA Root CA 2022
  Removed CAs:
  - Chambers of Commerce Root
  - E-Tugra Certification Authority
  - E-Tugra Global Root CA ECC v3
  - E-Tugra Global Root CA RSA v3
  - Hongkong Post Root CA 1
cloud-init
- Update cloud-init-write-routes.patch (bsc#1212879)
  + Add necessary import statement
- Enable flake8 linting, fix up patches
  + cloud-init-cve-2023-1786-redact-instance-data-json-main.patch
  + cloud-init-power-rhel-only.patch
  + cloud-init-write-routes.patch
  + datasourceLocalDisk.patch

- Add cloud-init-power-rhel-only.patch (bsc#1210273)
  + Config module cc_refresh_rmc_and_interface is implemented such that
    it will only work on RH distros. Set the module availability accordingly.
gawk
- format-tree-positional-arg.patch: Validate index into argument list
  (CVE-2023-4156, bsc#1214025)
kernel-default
- x86/srso: Tie SBPB bit setting to microcode patch detection (bsc#1213287, CVE-2023-20569).
- commit 90a74a8

- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
  Handle the newly added SBPB feature correctly when run in hypervisor
  context and interept an MSR write.
- commit ef9889a

- Update config files.
  We want SRSO mitigation on by default
- commit acc813b

- Input: iqs269a - do not poll during ATI (git-fixes).
- commit 5bdf465

- Input: iqs269a - do not poll during suspend or resume
  (git-fixes).
- commit 467fdbf

- Input: i8042 - add Clevo PCX0DX to i8042 quirk table
  (git-fixes).
- commit 0922201

- relayfs: fix out-of-bounds access in relay_file_read
  (bsc#1212502 CVE-2023-3268).
- commit 9c2a6e6

- can: af_can: fix NULL pointer dereference in can_rcv_filter
  (bsc#1210627 CVE-2023-2166).
- commit e89fee8

- s390: introduce nospec_uses_trampoline() (git-fixes
  bsc#1213870).
- commit c2ccf75

- s390/ipl: add missing intersection check to ipl_report handling
  (git-fixes bsc#1213871).
- commit 8806556

- Move upstreamed sound patch into sorted sectoin
- commit 8a29738

- blacklist.conf: has non-trivial dependencies
- commit 0c7dbe0

- s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870).
- commit 66f8c8e

- KVM: s390: pv: fix index value of replaced ASCE (git-fixes
  bsc#1213867).
- commit e789a10

- s390/decompressor: specify __decompress() buf len to avoid
  overflow (git-fixes bsc#1213863).
- commit 59015c6

- libceph: harden msgr2.1 frame segment length checks
  (bsc#1213857).
- ceph: don't let check_caps skip sending responses for revoke
  msgs (bsc#1213856).
- commit 9052bbe

- KVM: arm64: Warn if accessing timer pending state outside of vcpu (bsc#1213620)
- commit 222f2a2

- Update config files: set CONFIG_GDS_FORCE_MITIGATION=n
- commit f04be94

- bpf: add missing header file include (bsc#1211738
  CVE-2023-0459).
- commit 1ccaaad

- Drop the recent USB gadget fix patches
  The recent USB gadget fix patches look dubious and likely leading to
  locking problem.  Drop them for now until we get the proper backports
  Deleted:
  patches.suse/usb-gadget-core-remove-unbalanced-mutex_unlock-in-us.patch
  patches.suse/usb-gadget-udc-core-Offload-usb_udc_vbus_handler-pro.patch
  patches.suse/usb-gadget-udc-core-Prevent-soft_connect_store-race.patch
- commit d9bbe1b

- block: Fix a source code comment in
  include/uapi/linux/blkzoned.h (git-fixes).
- commit 8349665

- blacklist.conf: cleanup
- commit fb32f77

- blacklist.conf: cleanup
- commit 4a72f90

- scftorture: Count reschedule IPIs (git-fixes).
- commit e88bc8d

- netfilter: nft_set_pipapo: fix improper element removal
  (bsc#1213812 CVE-2023-4004).
- commit 4902a99

- Update
  patches.suse/RDMA-mthca-Fix-crash-when-polling-CQ-for-shared-QPs.patch
  (git-fixes bsc#1212604).
  Added bug reference.
- commit 391a3ba

- igc: Fix Kernel Panic during ndo_tx_timeout callback
  (git-fixes).
- iavf: use internal state to free traffic IRQs (git-fixes).
- iavf: Fix out-of-bounds when setting channels on remove
  (git-fixes).
- iavf: Fix use-after-free in free_netdev (git-fixes).
- igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes).
- net: ena: fix shift-out-of-bounds in exponential backoff
  (git-fixes).
- igc: Fix inserting of empty frame for launchtime (git-fixes).
- igc: Fix launchtime before start of cycle (git-fixes).
- octeontx2-pf: Add additional check for MCAM rules (git-fixes).
- gve: unify driver name usage (git-fixes).
- octeontx2-af: Move validation of ptp pointer before its usage
  (git-fixes).
- igc: Handle PPS start time programming for past time values
  (git-fixes).
- igc: set TP bit in 'supported' and 'advertising' fields of
  ethtool_link_ksettings (git-fixes).
- igc: Remove delay during TX ring configuration (git-fixes).
- gve: Set default duplex configuration to full (git-fixes).
- octeontx-af: fix hardware timestamp configuration (git-fixes).
- igc: Work around HW bug causing missing timestamps (git-fixes).
- igc: Check if hardware TX timestamping is enabled earlier
  (git-fixes).
- igc: Fix race condition in PTP tx code (git-fixes).
- igc: Enable and fix RX hash usage by netstack (git-fixes).
- commit a695c8c

- s390/dasd: fix hanging device after quiesce/resume (git-fixes
  bsc#1213810).
- commit dfb76f0

- Drop AMDGPU patches for fixing regression (bsc#1213304,bsc#1213777)
  Deleted:
  patches.suse/drm-amd-display-Add-wrapper-to-call-planes-and-strea.patch
  patches.suse/drm-amd-display-Use-dc_update_planes_and_stream.patch
  Refreshed:
  patches.suse/drm-amd-display-fix-the-system-hang-while-disable-PS.patch
- commit b04dd6d

- usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy
  (git-fixes).
- Revert "usb: gadget: tegra-xudc: Fix error check in
  tegra_xudc_powerdomain_init()" (git-fixes).
- Revert "usb: xhci: tegra: Fix error check" (git-fixes).
- usb: gadget: core: remove unbalanced mutex_unlock in
  usb_gadget_activate (git-fixes).
- Revert "usb: dwc3: core: Enable AutoRetry feature in the
  controller" (git-fixes).
- Revert "xhci: add quirk for host controllers that don't update
  endpoint DCS" (git-fixes).
- usb: xhci-mtk: set the dma max_seg_size (git-fixes).
- usb: dwc3: don't reset device side if dwc3 was configured as
  host-only (git-fixes).
- serial: sifive: Fix sifive_serial_console_setup() section
  (git-fixes).
- Documentation: devices.txt: reconcile serial/ucc_uart minor
  numers (git-fixes).
- tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes).
- staging: ks7010: potential buffer overflow in
  ks_wlan_set_encode_ext() (git-fixes).
- staging: r8712: Fix memory leak in _r8712_init_xmit_priv()
  (git-fixes).
- Revert "debugfs, coccinelle: check for obsolete
  DEFINE_SIMPLE_ATTRIBUTE() usage" (git-fixes).
- commit 68f52c9

- ipv6: rpl: Fix Route of Death (CVE-2023-2156 bsc#1211131).
- commit c2f8329

- RDMA/irdma: Report correct WC error (git-fixes)
- commit bbd2277

- RDMA/irdma: Fix op_type reporting in CQEs (git-fixes)
- commit 9cf2e90

- RDMA/bnxt_re: Fix hang during driver unload (git-fixes)
- commit 88338bc

- RDMA/bnxt_re: Prevent handling any completions after qp destroy (git-fixes)
- commit cea614e

- RDMA/mthca: Fix crash when polling CQ for shared QPs (git-fixes)
- commit 9675e7a

- RDMA/core: Update CMA destination address on rdma_resolve_addr (git-fixes)
- commit 2321b3b

- RDMA/irdma: Fix data race on CQP request done (git-fixes)
- commit ea2e3ca

- RDMA/irdma: Fix data race on CQP completion stats (git-fixes)
- commit 0780ef4

- RDMA/irdma: Add missing read barriers (git-fixes)
- commit 495eb3b

- RDMA/mlx4: Make check for invalid flags stricter (git-fixes)
- commit 67b00ed

- ALSA: usb-audio: Update for native DSD support quirks
  (git-fixes).
- commit 43f1612

- ASoC: atmel: Fix the 8K sample parameter in I2SC master
  (git-fixes).
- ASoC: rt711-sdca: fix for JD event handling in ClockStop Mode0
  (git-fixes).
- ASoC: rt711: fix for JD event handling in ClockStop Mode0
  (git-fixes).
- ASoc: codecs: ES8316: Fix DMIC config (git-fixes).
- ASoC: rt5682-sdw: fix for JD event handling in ClockStop Mode0
  (git-fixes).
- ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
  (git-fixes).
- ASoC: da7219: Check for failure reading AAD IRQ events
  (git-fixes).
- ASoC: da7219: Flush pending AAD IRQ when suspending (git-fixes).
- ALSA: hda/realtek: Support ASUS G713PV laptop (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP 250 G8 (git-fixes).
- commit e160036

- ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
- serial: qcom-geni: drop bogus runtime pm state update
  (git-fixes).
- hwmon: (k10temp) Enable AMD3255 Proc to show negative
  temperature (git-fixes).
- hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1
  disabled (git-fixes).
- tpm_tis: Explicitly check for error code (git-fixes).
- ASoC: fsl_spdif: Silence output on stop (git-fixes).
- drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in
  a5xx_submit_in_rb() (git-fixes).
- drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes).
- drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
- commit 2f04296

- file: always lock position for FMODE_ATOMIC_POS (bsc#1213759).
- commit 5a72d04

- x86/srso: Add IBPB on VMEXIT (bsc#1213287, CVE-2023-20569).
- commit 179babc

- x86/srso: Add IBPB (bsc#1213287, CVE-2023-20569).
- commit 2cb8ed9

- x86/srso: Add SRSO_NO support (bsc#1213287, CVE-2023-20569).
- commit 17c6a41

- KVM: downgrade two BUG_ONs to WARN_ON_ONCE (git-fixes)
- commit ad8acc9

- x86/cpu, kvm: Add support for CPUID_80000021_EAX (bsc#1213287, CVE-2023-20569).
- Refresh patches.suse/x86-cpufeatures-add-kabi-padding.patch.
- commit fe91ad7

- x86/srso: Add IBPB_BRTYPE support (bsc#1213287, CVE-2023-20569).
- commit f111fdf

- KVM: arm64: Don't read a HW interrupt pending state in user context (git-fixes)
- commit ffcb733

- KVM: Don't null dereference ops->destroy (git-fixes)
- commit 3407958

- KVM: Initialize debugfs_dentry when a VM is created to avoid NULL (git-fixes)
- commit f80bc2c

- x86: Sanitize linker script (bsc#1213287, CVE-2023-20569).
- commit 16a308d

- nvme-pci: fix DMA direction of unmapping integrity data
  (git-fixes).
- nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
- commit 3d56665

- x86/retbleed: Add __x86_return_thunk alignment checks (bsc#1213287, CVE-2023-20569).
- commit 7bc51ed

- scsi: lpfc: Copyright updates for 14.2.0.14 patches
  (bsc#1213756).
- scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756).
- scsi: lpfc: Clean up SLI-4 sysfs resource reporting
  (bsc#1213756).
- scsi: lpfc: Refactor cpu affinity assignment paths
  (bsc#1213756).
- scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout
  error is detected (bsc#1213756).
- scsi: lpfc: Make fabric zone discovery more robust when handling
  unsolicited LOGO (bsc#1213756).
- scsi: lpfc: Set Establish Image Pair service parameter only
  for Target Functions (bsc#1213756).
- scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk
  and lpfc_drop_node (bsc#1213756).
- scsi: lpfc: Qualify ndlp discovery state when processing RSCN
  (bsc#1213756).
- scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl
  for loop topology (bsc#1213756).
- scsi: lpfc: Simplify fcp_abort transport callback log message
  (bsc#1213756).
- scsi: lpfc: Pull out fw diagnostic dump log message from
  driver's trace buffer (bsc#1213756).
- scsi: lpfc: Fix a possible data race in
  lpfc_unregister_fcf_rescan() (bsc#1213756).
- scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756).
- scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756).
- scsi: lpfc: Use struct_size() helper (bsc#1213756).
- scsi: lpfc: Fix incorrect big endian type assignments in FDMI
  and VMID paths (bsc#1213756).
- scsi: lpfc: Replace all non-returning strlcpy() with strscpy()
  (bsc#1213756).
- scsi: lpfc: Replace one-element array with flexible-array member
  (bsc#1213756).
- scsi: lpfc: Fix incorrect big endian type assignment in bsg
  loopback path (bsc#1213756).
- commit 3d33912

- blacklist.conf: add commit 122deabfe142 ("ubifs: dirty_cow_znode: Fix
  memleak in error handling path")
  This is reverted in commit 7d01cb27f6ae ("Revert "ubifs:
  dirty_cow_znode: Fix memleak in error handling path"")
- commit b666937

- ubifs: Fix memory leak in do_rename (git-fixes).
- commit 9147a2c

- x86/srso: Add a Speculative RAS Overflow mitigation (bsc#1213287, CVE-2023-20569).
- commit 3021432

- afs: Fix server->active leak in afs_put_server (git-fixes).
- commit 214e9da

- afs: Fix dynamic root getattr (git-fixes).
- commit edbfecf

- jffs2: GC deadlock reading a page that is used in
  jffs2_write_begin() (git-fixes).
- commit d4f2e0b

- jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
  (git-fixes).
- commit 5f487ee

- jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
- commit 359ea76

- jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
- commit 47521cf

- jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
- commit 3127ba1

- jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
  (git-fixes).
- commit 629e159

- ubifs: Free memory for tmpfile name (git-fixes).
- commit b8a1ad9

- ubifs: ubifs_writepage: Mark page dirty after writing inode
  failed (git-fixes).
- commit 840e02c

- ubifs: Re-statistic cleaned znode count if commit failed
  (git-fixes).
- commit 8fb0e1e

- ubifs: Fix memory leak in alloc_wbufs() (git-fixes).
- commit 8e663ab

- ubifs: Reserve one leb for each journal head while doing budget
  (git-fixes).
- commit cbe6386

- ubifs: do_rename: Fix wrong space budget when target inode's
  nlink > 1 (git-fixes).
- commit b6963c0

- ubifs: Fix wrong dirty space budget for dirty inode (git-fixes).
- commit b3864d7

- ubifs: Rectify space budget for ubifs_xrename() (git-fixes).
- commit 567a5c8

- ubifs: Rectify space budget for ubifs_symlink() if symlink is
  encrypted (git-fixes).
- commit 3474d4d

- scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747).
- scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747).
- scsi: qla2xxx: Fix TMF leak through (bsc#1213747).
- scsi: qla2xxx: Turn off noisy message log (bsc#1213747).
- scsi: qla2xxx: Fix session hang in gnl (bsc#1213747).
- scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747).
- scsi: qla2xxx: Fix command flush during TMF (bsc#1213747).
- scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747).
- scsi: qla2xxx: Adjust IOCB resource on qpair create
  (bsc#1213747).
- scsi: qla2xxx: Fix deletion race condition (bsc#1213747).
- scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747).
- scsi: qla2xxx: Fix error code in qla2x00_start_sp()
  (bsc#1213747).
- scsi: qla2xxx: Silence a static checker warning (bsc#1213747).
- scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
  (bsc#1213747).
- scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747).
- scsi: qla2xxx: Correct the index of array (bsc#1213747).
- scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747).
- scsi: qla2xxx: Fix buffer overrun (bsc#1213747).
- scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
  (bsc#1213747).
- scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747).
- scsi: qla2xxx: Fix potential NULL pointer dereference
  (bsc#1213747).
- scsi: qla2xxx: Array index may go out of bound (bsc#1213747).
- scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747).
- scsi: qla2xxx: Replace one-element array with
  DECLARE_FLEX_ARRAY() helper (bsc#1213747).
- scsi: qla2xxx: Fix end of loop test (bsc#1213747).
- scsi: qla2xxx: Fix NULL pointer dereference in target mode
  (bsc#1213747).
- commit e04dc4d

- ubifs: Fix build errors as symbol undefined (git-fixes).
- commit 003e06c

- series: udpate metadata
  Refresh
- patches.suse/ibmvnic-Do-not-reset-dql-stats-on-NON_FATAL-err.patch
- commit 3672423

- ubifs: Fix AA deadlock when setting xattr for encrypted file
  (git-fixes).
- commit 905856b

- ubifs: rename_whiteout: correct old_dir size computing
  (git-fixes).
- commit 746fc1a

- ubifs: Fix to add refcount once page is set private (git-fixes).
- commit eb16186

- ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
  (git-fixes).
- commit ec064eb

- ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes).
- commit 44d5601

- ubifs: Rectify space amount budget for mkdir/tmpfile operations
  (git-fixes).
- commit 5c3e281

- x86/returnthunk: Allow different return thunks (bsc#1213287, CVE-2023-20569).
- commit 9047ebd

- ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback
  work (git-fixes).
- commit f4b451d

- ubifs: Rename whiteout atomically (git-fixes).
- commit eb7797d

- ubifs: Add missing iput if do_tmpfile() failed in rename
  whiteout (git-fixes).
- commit 6d376e9

- ubifs: Fix deadlock in concurrent rename whiteout and inode
  writeback (git-fixes).
- commit fcb2f4b

- ubifs: rename_whiteout: Fix double free for whiteout_ui->data
  (git-fixes).
- commit 289d359

- ubifs: Error path in ubifs_remount_rw() seems to wrongly free
  write buffers (git-fixes).
- commit 90b0b69

- fs: dlm: return positive pid value for F_GETLK (git-fixes).
- commit 6a5ab84

- fs: dlm: move sending fin message into state change handling
  (git-fixes).
- commit dab00d6

- fs: dlm: don't set stop rx flag after node reset (git-fixes).
- commit 4b30eff

- fs: dlm: start midcomms before scand (git-fixes).
- commit a80feb6

- fs: dlm: add midcomms init/start functions (git-fixes).
- commit 1f391d7

- fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
- commit d7af52c

- fs: dlm: retry accept() until -EAGAIN or error returns
  (git-fixes).
- commit 8d74a84

- fs: dlm: handle -EBUSY first in lock arg validation (git-fixes).
- commit 8503974

- fs: dlm: fix race between test_bit() and queue_work()
  (git-fixes).
- commit a237b08

- fs: dlm: fix race in lowcomms (git-fixes).
- commit 92fc0f8

- dlm: fix missing lkb refcount handling (git-fixes).
- commit 263b40e

- dlm: fix plock invalid read (git-fixes).
- commit 7bcd1e8

- fs: dlm: filter user dlm messages for kernel locks (git-fixes).
- commit 38ca134

- afs: Fix vlserver probe RTT handling (git-fixes).
- commit fc1925d

- afs: Fix setting of mtime when creating a file/dir/symlink
  (git-fixes).
- commit 6bbf246

- afs: Fix updating of i_size with dv jump from server
  (git-fixes).
- commit 6731933

- afs: Fix lost servers_outstanding count (git-fixes).
- commit 29cfb62

- afs: Fix fileserver probe RTT handling (git-fixes).
- commit b1a6d0f

- afs: Use the operation issue time instead of the reply time
  for callbacks (git-fixes).
- commit dce7453

- afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked
  (git-fixes).
- commit 856031a

- afs: Fix access after dec in put functions (git-fixes).
- commit 7e9acb5

- afs: Use refcount_t rather than atomic_t (git-fixes).
- commit ee87d6d

- afs: Fix infinite loop found by xfstest generic/676 (git-fixes).
- commit e319694

- afs: Adjust ACK interpretation to try and cope with NAT
  (git-fixes).
- commit 0170794

- rxrpc, afs: Fix selection of abort codes (git-fixes).
- commit 6b22544

- afs: Fix afs_getattr() to refetch file status if callback
  break occurred (git-fixes).
- commit 610ac25

- coda: Avoid partial allocation of sig_inputArgs (git-fixes).
- commit a4211ac

- fs: hfsplus: remove WARN_ON() from
  hfsplus_cat_{read,write}_inode() (git-fixes).
- commit e720f69

- FS: JFS: Check for read-only mounted filesystem in txBegin
  (git-fixes).
- commit 74fc884

- FS: JFS: Fix null-ptr-deref Read in txBegin (git-fixes).
- commit ded2fdb

- fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev
  (git-fixes).
- commit d3b12be

- jfs: jfs_dmap: Validate db_l2nbperpage while mounting
  (git-fixes).
- commit cb7cfeb

- net: mana: Use the correct WQE count for ringing RQ doorbell
  (bsc#1212901).
- net: mana: Batch ringing RX queue doorbell on receiving packets
  (bsc#1212901).
- commit de409ae

- kernel-binary.spec.in: Remove superfluous %% in Supplements
  Fixes: 02b7735e0caf ("rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs")
- commit 264db74

- pinctrl: amd: Don't show `Invalid config param` errors
  (git-fixes).
- commit 924f82b

- can: gs_usb: gs_can_close(): add missing set of CAN state to
  CAN_STATE_STOPPED (git-fixes).
- net: phy: marvell10g: fix 88x3310 power up (git-fixes).
- soundwire: qcom: update status correctly with mask (git-fixes).
- phy: hisilicon: Fix an out of bounds check in
  hisi_inno_phy_probe() (git-fixes).
- regmap: Account for register length in SMBus I/O limits
  (git-fixes).
- regmap: Drop initial version of maximum transfer length fixes
  (git-fixes).
- ASoC: fsl_sai: Disable bit clock with transmitter (git-fixes).
- drm/amd/display: Keep PHY active for DP displays on DCN31
  (git-fixes).
- drm/amd/display: Disable MPC split by default on special asic
  (git-fixes).
- drm/client: Fix memory leak in drm_client_modeset_probe
  (git-fixes).
- pinctrl: amd: Use amd_pinconf_set() for all config options
  (git-fixes).
- drm/radeon: Fix integer overflow in radeon_cs_parser_init
  (git-fixes).
- ALSA: emu10k1: roll up loops in DSP setup code for Audigy
  (git-fixes).
- commit a35f25e

- io_uring: ensure IOPOLL locks around deferred work (bsc#1213272
  CVE-2023-21400).
- commit 744cfeb

- KVM: VMX: Inject #GP, not #UD, if SGX2 ENCLS leafs are
  unsupported (git-fixes).
- commit 34f9d1f

- KVM: VMX: Inject #GP on ENCLS if vCPU has paging disabled
  (CR0.PG==0) (git-fixes).
- commit 6d14c23

- KVM: VMX: restore vmx_vmexit alignment (git-fixes).
- commit fe48bf1

- KVM: x86: Account fastpath-only VM-Exits in vCPU stats
  (git-fixes).
- commit c6619e5
krb5
- Ensure array count consistency in kadm5 RPC; (bsc#1214054);
  (CVE-2023-36054);
- Added patches:
  * 0011-Ensure-array-count-consistency-in-kadm5-RPC.patch
libapparmor
- Add pam_apparmor README, referenced from online cha-apparmor-pam.html
  documentation (bsc#1213472)
util-linux
- Add util-linux-libblkid-reopen-floppy-without-O_NONBLOCK.patch
  Fixes blkid for floppy drives (bsc#1194900).
- util-linux-fix-tests-when-at-symbol-in-path.patch:
  Add patch to util-linux-systemd and python3-libmount, as it was
  previously only included in util-linux.
cryptsetup
- luksFormat: Handle system with low memory and no swap space [bsc#1211079]
  * Check for physical memory available also in PBKDF benchmark.
  * Try to avoid OOM killer on low-memory systems without swap.
  * Use only half of detected free memory on systems without swap.
  * Add patches:
  - cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
  - cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
  - cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
lvm2
- blkdeactivate calls wrong mountpoint cmd (bsc#1214071)
  + bug-1214071-blkdeactivate_calls_wrong_mountpoint.patch
freetype2
- Added patch:
  * CVE-2023-2004.patch
    + fixes bsc#1210419, CVE-2023-2004: Integer overflow
liblognorm
- Upgrade to liblognorm v2.0.6 (jsc#PED-4883)
  * 2018-11-02: nitfixes: issues deteced by CodeFactor.com
  * 2018-11-01: more cleanup of shell scripting
  * 2018-10-31: cleanup shell scripting
  * 2018-10-26: implement Checkpoint LEA transfer format
  * 2018-10-31: fix mising shebangs in test scripts
  * 2018-10-30: fix some bash style nits
  * 2018-07-15: fix very theoretic misadressing (gcc-8 warning)
  * 2018-06-26: string parser: add "lazy" matching mode
  * 2018-05-30: Update lognormalizer.c
  * 2018-05-30: Update lognormalizer.c to support case fallthrough
  * 2018-05-30: Update README
  * 2018-05-10: Fix for #229 (cisco-interface-spec at end of line)
  * 2018-03-21: Suppress invalid param error for name to fix #270
- Upgrade to liblognorm v2.0.5
  * 2018-04-25: fix potential NULL pointer addressing
  * 2018-04-07: Add test for nested user types
  * 2018-04-07: Fix use after free with nested user types (#235)
  * 2018-04-25: build system: fix gcc warning
  * 2018-04-25: make "make check" "succeed" on solaris 10
  * 2018-04-16: fix build warnings with some newer compilers
  * 2018-04-16: remove dead code
  * 2018-04-16: fix potential memory leaks during config processing
  * 2018-04-16: fix memory leak during config processing
  * 2018-04-16: csv encoder: fix format error when processing arrays
  * 2018-03-29: Explicitly list supported whitespace characters
  * 2018-03-28: "fix" return type of unused dummy function
  - replaces liblognorm-2.0.4-no-return-in-nonvoid-function.patch
  * 2018-03-21: Suppress invalid param error for name to fix #270
  * 2018-03-19: fix header guard
  * 2018-03-06: Correct CLI options in the docs
  * 2018-01-13: AIX port : added compatibility and modified lognormalizer for AIX.
  * 2017-11-29: codestyle: correct line length to 120
  * 2017-11-29: codestyle: set max line length to 120
  * 2017-11-25: fix some very bad line length violations
  * 2017-11-25: travis: temporarily permit longer line length
  * 2017-10-19: make build with gcc7
  * 2017-10-05: es_str2cstr leak in string-to v1 parse
openssl-1_1
- Security fix: (bsc#1213853, CVE-2023-3817)
  * Fix excessive time spent checking DH q parameter value
    (bsc#1213853, CVE-2023-3817). The function DH_check() performs
    various checks on DH parameters. After fixing CVE-2023-3446 it
    was discovered that a large q parameter value can also trigger
    an overly long computation during some of these checks. A
    correct q value, if present, cannot be larger than the modulus
    p parameter, thus it is unnecessary to perform these checks if
    q is larger than p. If DH_check() is called with such q parameter
    value, DH_CHECK_INVALID_Q_VALUE return flag is set and the
    computationally intensive checks are skipped.
  * Add openssl-1_1-CVE-2023-3817.patch

- Dont pass zero length input to EVP_Cipher because assembler
  optimized AES cannot handle zero size. [bsc#1213517]
  * Add openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch
parted
- fix null pointer dereference (bsc#1193412)
  - add: parted-fix-check-diskp-in-do_name.patch
- update mkpart options in manpage (bsc#1182142)
  - add: parted-mkpart-manpage.patch
pcre2
- Security fix: [bsc#1213514, CVE-2022-41409]
  * Integer overflow vulnerability in pcre2test before 10.41
    allows attackers to cause a denial of service or other
    unspecified impacts via negative input.
  * Add pcre2-CVE-2022-41409.patch
procps
- Add patch CVE-2023-4016.patch
  * CVE-2023-4016: ps buffer overflow (bsc#1214290)
systemd
- Import commit b473c02cc08e093e370034425671cbc001c6748e
  02caac7973 units/initrd-parse-etc.service: Conflict with emergency.target
  70b3bff9f8 sd-device-monitor: dynamically allocate receive buffer (bsc#1213873)
  e2e1fbba2b sd-device: change type of properties nulstr from uint8_t* to char*
  c9d3dd5954 udev: set description for device monitor
  3f07f44fde test: use sd_device_monitor_set_description()
  b304a1e1a2 sd-device-monitor: logs description for device monitor
  929d4066c5 sd-device-monitor: introduce sd_device_monitor_{set,get}_description()
  340e523048 sd-device-monitor: fix inversed condition
  02659c7b67 tree-wide: port various places over to new stat_inode_same() helper
  b35a4b042a stat-util: add helper stat_inode_same() for comparing stat's st_dev/st_ino in one
  d25219cbe3 libsystemd: ignore both EINTR and EAGAIN
  648a151313 errno-util: introduce ERRNO_IS_TRANSIENT()

- Import commit 155fe1917157bdeecf7e28ef0ea9f62084f27f14
  3b8c671f90 detach-md: similar to the DM case, also don't try to detach MD device backing /usr/ (bsc#1211576)
  6da5d2d1fc shutdown: don't attempt to detach DM volume backing /usr/ (bsc#1211576)
  37178881c1 udev: decrease devlink priority for iso disks (bsc#1213185)
  02ede28319 shutdown: get only active md arrays. (bsc#1212434 bsc#1213575 bsc#1211576)
  412b8dbb32 umount: /usr/ should never be unmounted regardless of HAVE_SPLIT_USR or not (bsc#1211576)
  16f897570a units: remove the restart limit on the modprobe@.service
  e4e85b08bd tests: add test case for long unit names
  3f84b06f9d core: shorten long unit names that are based on paths and append path hash at the end (bsc#1208194)

- Add 5001-sleep-don-t-init-sys-power-resume-if-resume-option-i.patch (bsc#1186606)

- Make sure to pre-install the groups systemd and udev rely on. This is needed
  when the tmpfiles are run at package installation time (i.e. when
  file-triggers are disabled).

- Move more packaging fixups in the fixlet script.

- Move the persistent net rule fix in udev fixlet script.

- Rather than having one script per fix, use a single script (or "fixlet") per
  (sub) package that contains all the fixups relative to a (sub) package. This
  has the advantage to limit the number of scripts but more importantly it will
  ease the sharing of the spec file between TW and SLE. We should also be able
  to compare the fixlets of two distros even if the spec files have diverged.
  Note that all the fixups are run just once now.

- kbd-model-map.legacy:: add 'ara' which should replace 'arabic' in the long
  term (bsc#1210702)

- kbd-model-map.legacy: drop some entries no longer needed by YaST
  Related to bsc#1194609.

- Include pam_keyinit.so in our systemd-user PAM service (bsc#1209741)
  That way "systemd --user" instances get their own session keyring instead of
  the user default session keyring. For some reasons cifscreds refuses to work
  with the latter. That's what is expected for every PAM session anyway.
libyajl
- add libyajl-CVE-2023-33460.patch (CVE-2023-33460, bsc#1212928)
libzypp
- Fixup changes for 17.31.16. Remove faulty reference to a bug
  actually fixed in 2019.
- version 17.31.20 (22)

- Fix zypp-tui/output/Out.h to build with clang.
- Fix zypp/Arch.h for clang (fixes #478)
  Clang seems to have issues with picking the overload in
  std::men_fn if there is a static overload of a member function.
  We need to explicitely specify the correct type of the function
  pointer. To make sure this would not break compiling a
  application with clang that builds against libzypp this patch
  works around the problem.
- version 17.31.19 (22)

- SINGLE_RPMTRANS: Respect ZYPP_READONLY_HACK when checking the
  zypp-rpm lock (fixes openSUSE/openSUSE-repos#29)
- version 17.31.18 (22)

- Fix wrong filesize exceeded dl abort in zyppng::Downloader
  (bsc#1213673)
  In some cases when downloading very small files we can run into
  issues when the URL is protected by credentials.
- version 17.31.17 (22)

- Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231)
- Don't cleanup orphaned dirs if read-only mode was promised
  (bsc#1210740)
- version 17.31.16 (22)

- Fix build against protobuf >= 22 (fixes #465, closes #466)
  Port away from protobuf_generate_cpp. Upstream protobuf does not
  export protobuf_generate_cpp by default anymore.
  Use protobuf_generate instead, which is also available on older
  versions.
- Remove SUSE < SLE11 constructs (fixes #464).
- version 17.31.15 (22)
shadow
- bsc#1213189: Change lock mechanism to file locking to prevent
  lock files after power interruptions
- Add shadow-4.8.1-lock-mechanism.patch

- bsc#1206627: Add --prefix support to passwd, chpasswd and chage
  Needed for YaST
- Add shadow-4.8.1-add-prefix-passwd-chpasswd-chage.patch
python-configobj
- Add CVE-2023-26112.patch (bsc#1210070)
python-pyasn1
- To avoid users of this package having to recompile bytecode
  files, change the mtime of any __init__.py. (bsc#1207805)
rsyslog
-patches replaced by upgrade (see details in upgrade logs below)
  0001-fixing-the-deleteStateOnFileDelete-option.patch
  0001-imfile-Remove-inotify-watch-descriptor-on-inode-chan.patch
  0001-queue-Add-NULL-check-in-qDeqLinkedList.patch
  0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch
  0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch
  CVE-2022-24903.patch
- Upgrade to rsyslog 8.2306.0 (jsc#PED-4883)
  * 2023-06-09: mmnormalize bugfix: if msg cannot be parsed, parser chain is stopped
  * 2023-06-08: Add new global config option "libcapng.default"
  * 2023-06-08: imjournal: Add FileCreateMode module parameter
  * 2023-04-17: core bugfix: potential segfault on busy systems
  * 2023-05-11: GNUTls Driver: Fix memory leaks in gtlsInitCred
  * 2023-05-24: CI: update base ubuntu image for github actions
  * 2023-05-16: OMHIREDIS::ADDED:: New support for 'stream' mode
  * 2023-05-17: OMHIREDIS::ADDED:: new tests for existing functionalities
  * 2023-04-25: OMHIREDIS::FIXED:: Correctly suspend module in case of failure
  * 2023-05-17: OMHIREDIS::FIXED:: Synchronously try to authenticate
  * 2023-04-25: IMHIREDIS::ADDED:: New support for 'stream' mode
  * 2023-04-25: REDIS::ADDED:: Implement tests for imhiredis module
  * 2023-04-12: IMHIREDIS::CLEAN:: various improvements and fixes
    [#]## CHANGED
  - [IMHIREDIS] factorize code for different modes
  - [IMHIREDIS] Clean and improve logging lines
  - [IMHIREDIS] Poll extinction state less frequently for main thread (less aggresive)
  - [IMHIREDIS] Set 'key' action parameter to REQUIRED
  - [IMHIREDIS] Use known message length instead of calculating it when
    enqueuing message
    [#]## ADDED
  - [IMHIREDIS] Missing redis replies' types in enumeration
    [#]## FIXED
  - [IMHIREDIS] Correctly initialize instance object, especially for redisNodesList
  - [IMHIREDIS] Correctly print input mode's value in logs when set incorrectly
  * 2023-05-17: tests: mmexternal-SegFault-empty-jroot-vg.sh: fix typo
  * 2023-03-21: modify testbench test to detect wrong imptcp truncation
  * 2023-03-21: imptcp bugfix: spam log on oversize message
  * 2023-03-23: core/bugfix: using $uuid msg prop can deadlock rsyslog on shutdown
  * 2023-03-13: Remove halted LGTM badges on README
  * 2023-02-16: Do not preserve capabilities when changing credentials
  * 2023-01-23: CI/QA: do compile test both with NDEBUG set/unset
  * 2023-01-23: Fixed wrong type conversion in cstrLen() for debug mode as well
  * 2023-01-18: core/template: implement negative position.to
  * 2023-01-18: CI: fix github CodeQL settings
  * 2023-01-17: Remove CAP_DAC_OVERRIDE if privileges dropped
  * 2023-01-17: Adjust the capability set
  * 2023-01-13: substring function: enhancement and hardening
  * 2023-01-11: omfile: add action parameters "rotation.*"
  * 2023-01-11: CI: use newer version of zookeeper
  * 2023-01-09: ffaup fix : memory corruption with concurrent workers
  * 2023-01-02: openssl: fix undefined reference to CRYPTO_set_id_callback
  * 2022-12-30: testbench: add test for invalid json template generation
  * 2022-12-30: core bugfix: template system may generate invalid json
  * 2022-12-28: Fixed wrong type conversion in cstrLen()
  * 2022-12-08: Add CodeQL workflow for GitHub code scanning
- Upgrade to rsyslog 8.2212.0
  * 2022-12-05: testbench: make python http server based tests more reliable
  * 2022-12-05: omprog bugfix: invalid status handling at called program startup
  * 2022-11-29: testbench bugfix: wrong message injection object of instance 1
  * 2022-11-21: rsyslog.conf man page bugfix: description of selectors
  * 2022-11-18: imtcp bugfix: legacy config directives did no longer work
  - replaces 0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch
  * 2022-11-16: ksi bugfix: sending of too many signing requests fixed.
  * 2022-11-14: bugfix: prevent potential segfault when switchung to queue emergency mode
  * 2022-11-02: imjournal: add second fallback to _COMM
  * 2022-10-25: core bugfix: local hostname invalid if no global() config object given
  * 2022-10-25: testbench bugfix: fixed timing issue that sometimes lead to test failure
- Upgrade to rsyslog 8.2208.0
  * 2022-08-09: ksi bugfix: request cache size and send timeout issue fixed.
  * 2022-08-09: imjournal bugfix: segmentation fault in close journal
  * 2022-08-09: net subsystem: support sha256 for StreamDriverAuthMode="x509/fingerprint"
  * 2022-08-05: imfile bugfix: message loss/duplication when monitored file is rotated
  * 2022-08-05: ksi bugfix: optimize processing of signer queue to fix delays.
  * 2022-08-04: ksi bugfix: possible crash fixed when several log files are opened.
  * 2022-08-04: openssl: add support to split tls commands by semicolon
  * 2022-08-04: openssl subsystem bugfix: build issue on Solaris
  * 2022-08-04: openssl: add more details to error messages
  * 2022-08-04: omclickhouse: capture additional exceptions
  * 2022-08-04: mmanon bugfix: Simplified and fixed IPv4 digit detection.
  * 2022-07-21: imptcp: slight tuning
  * 2022-07-20: template procesing/json: performance optimization
  * 2022-07-19: core bugfix: memory leak when free action worker data table
  * 2022-07-13: omfile: support for zstd compression
  * 2022-07-07: stream cleanup: move error message to debug log, only
  * 2022-07-04: mmdblookup bugfix: Don't crash Rsyslog on mmdb file errors
  * 2022-06-28: build error fix: libbson requires out-of-date language constructs
  * 2022-06-27: OpenSSL: fix depreacted API issues for OpenSSL 3.x
- Upgrade to rsyslog 8.2206.0
  * 2022-05-25: omelastisearch: allow omitting _type field
  * 2022-05-18: tcpsrv/imtcp: slight performance improvements
  * 2022-05-12: imptcp bugfix: worker thread starvation on extreme traffic
  * 2022-05-11: omelasticsearch: several support option for ElasticSearch 8
  - config params searchIndex and documentType can be empty
  - support for Data Stream API
  - new config param esVersion.major
  * 2022-05-09: tcp receiver bugfix: delay/potential hang on some error conditions
  * 2022-05-05: net bugfix: potential buffer overrun
  - replaces CVE-2022-24903.patch
    Advisory:
    https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8#advisory-comment-72243
  * 2022-05-05: imptcp: set OS worker thread name
  * 2022-04-26: mmanon bugfix: shortened IPv6 form not always anonymized
  * 2022-04-22: mmdblookup fix: wrong copy of buffer
  * 2022-04-22: mmdblookup: several enhancements
  - support arrays in MMDB entry
  - support escaped quotes '"' in MMDB entry
  - support '<' characters in MMDB entry, when in a field
  - support '}' characters in MMDB entry, when in a field
- Upgrade to rsyslog 8.2204.0
  * 2022-04-18: gnutls bugfix: possibility of infinite loop
  * 2022-04-17: core/bugfix: errorfile could grow over max configures size
  * 2022-04-17: omkafka bugfix: potential misadressing
  * 2022-04-06: added new "FullJSONFmt" standard template (with addtl fields)
  * 2022-04-04: imfile: potential processing delay
  * 2022-04-04: bugfix: cosmetic data races
  * 2022-04-01: add property options to support ISO week/year number
  * 2022-04-01: core bugfix: "action suspended" message was emitted even when turned off
  * 2022-03-31: testbench: add more tests for rscript comparison operations
  * 2022-03-31: core bugfix: make internal logs emitted during HUP procesing appear quicker
  * 2022-03-20: refactor: Move the parser directive to the main config
  * 2022-03-16: refactor: ake the main message queue part of the config
  * regression bugfix: rsyslog may segfault during startup
  * regression fix: script string comparison did not work correctly
- Upgrade to rsyslog 8.2202.0
  * 2022-02-11: Make action counter part of the config
  * 2022-02-09: imfile: Remove inotify watch descriptor on inode change detected
  - replaces 0001-imfile-Remove-inotify-watch-descriptor-on-inode-chan.patch
  * 2022-02-03: omelasticsearch: Fix indexSuccess impstats counter in bulkmode
  * 2022-01-28: rscript: literal numbers were not compared correctly
  * 2022-01-17: ompgsql: PGsslInUse not supported on old distros
  * 2021-12-31: ompgsql: allow connection params via connection string
  * 2022-01-17: CI: remove fedora 33 based testing
  * 2022-01-14: Terminate all tcpsrv threads properly
  * 2022-01-04: Move timezone specific variables to rsconf
  * 2022-01-13: Fixes #4395 by correctly checking for EPIPE.
  * 2022-01-12: Move rsyslog global parameters to rsconf_t struct
  * 2022-01-12: cleanup: remove unused variable
  * 2022-01-07: CI: cleanup journal test environment
  * 2022-01-06: CI: remove unnecessary dependency
  * 2022-01-05: Update omlibdbi.c
  * 2022-01-05: omhttp: Fix memory leak in lokirest batchmode
  * 2021-12-15: Clarify meaning of loadConf and RunConf
- Upgrade to rsyslog 8.2112.0
  * 2021-12-14: refactor:Deallocate outchannel resources in rsconf destructor
  * 2021-12-14: refactor: use runConf instead of loadConf in ratelimiting during runtime
  * 2021-11-22: new contribtion: URL parser module function using libfa
  * 2021-11-18: mmanon: relax IPv6 detection - improve anonymization
  * 2021-11-10: ruleset bugfix: ruleset queue was incorrectly named
  * 2021-11-10: omsnmp: update module to current IP best practices
  * 2021-10-27: ommysql: fix threading bug
  * 2021-10-25: testbench: false positive when impstats was not built
  * 2021-10-25: imtcp: add support for permittedPeers setting at input() level
  * 2021-10-25: testbench: add test for legacy permittedPeer statement
  - replaces 0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch
- Upgrade to rsyslog 8.2110.0:
  * 2021-10-13: PrivDropToUser: fix abortOnIDResolutionFail handling #2
  * 2021-10-12: PrivDropToUser: fix abortOnIDResolutionFail handling
  * 2021-09-17: rscript fix: ruleset called async when ruleset had queue.type="direct"
  * 2021-10-07: tcpsrv: fix compilation without exceptions
  * 2021-09-29: build issue: handle undefined MAXPATHLEN, PATH_MAX
  * 2021-10-06: Fix typo in error message.
  * 2021-09-21: mmkubernetes bugfix: no connection retry to kubernetes APP
  * 2021-09-13: use correct api for es 6 and later
  * 2021-09-20: openssl: Correct gnutlsPriorityString (custom ciphers) behaviour
  * 2021-09-20: ksi bugfix: locking bug fixed in rsksiCtxOpenFile
  * 2021-09-13: Fix ElasticSearch Test broken by ES incompatibility
  * 2020-11-21: imhttp updates - query parameter ingestion & basic auth support
  * 2021-09-08: openssl: extended output information on connection failure
  * 2021-09-02: queue: Add NULL check in qDeqLinkedList
  - replaces 0001-queue-Add-NULL-check-in-qDeqLinkedList.patch
  * 2021-09-06: core bugfix: use of property $wday terminates string
  * 2021-09-02: gnutls: Propagate PrioritizeSAN when accepting a new connection
  * 2021-08-24: ratelimit: fix rate limiting for already parsed messages
  * 2021-08-23: config: implement script-equavalent for $PrivDrop* statements
- Upgrade to rsyslog 8.2108.0:
  * 2021-08-16: openssl tls: Improved error message output on tls failures.
  * 2021-07-01: imfile add `ignoreolderthanoption`
  * 2021-08-10: imklog: fix invalid memory adressing, could cause abort
  * 2021-08-09: omelasticsearch: fix incorrect mutex error handling regression
  * 2021-08-09: imfile bugfix: hash char invalidly added in readmode != 0
  * 2021-08-08: imudp: add socket type (IPv4 vs. 6) to input name
  * 2021-07-13: fixing the deleteStateOnFileDelete option
  - replaces 0001-fixing-the-deleteStateOnFileDelete-option.patch
  * 2021-07-07: CI: add test for imtcp not correctly starting up and a Solaris fix
  * 2021-08-05: omfwd: add capability for action-specific TLS certificate settings
  * 2021-07-01: imtcp: permit to use different certificate files per input/action
  * 2021-08-04: debug support: add indication of "being HUPed" to debug log
  * 2021-08-04: imptcp bugfix: keep alive interval was incorrectly set
  * 2021-07-22: Close file descriptor when freshStartTail is turned on
  * 2021-07-22: [omelasticsearch] Improve errorFile mutex handling
  * 2021-07-08: openssl network driver bugfix: small memory leak
  * 2021-07-07: tcpsrv bugfix: abort if no listener could be started
  * 2021-07-01: tcp subsystem: fix cosmetic memory leak on shutdown
  * 2021-07-01: fix typo in error message
  * 2021-06-30: OMMONGODB :: Fixes
  * 2021-06-29: mmkubernetes fix for apiserver error handling
  * 2021-06-21: omkafka updates
  * 2021-06-22: percentile module to track percentile metrics via impstats
  * 2021-06-17: CI: disable Travis CI for the time being
  * 2021-04-15: omhttp: Fix dynrestpath param in batch mode
  * 2021-06-14: add predefined template RSYSLOG_SyslogRFC5424Format
  * 2021-06-10: bugfix: _sender_stats reports integer counter as string

- fix removal of imfile state files (bsc#1213212)
  * add 0001-fixing-the-deleteStateOnFileDelete-option.patch
000release-packages:sle-module-basesystem-release
n/a
000release-packages:sle-module-containers-release
n/a
000release-packages:sle-module-public-cloud-release
n/a
000release-packages:sle-module-server-applications-release
n/a
supportutils-plugin-suse-public-cloud
- Update to version 1.0.8 (bsc#1213951)
  + Capture CSP billing adapter config and log (issue#13)
  + Accept upper case Amazon string in DMI table (issue#12)
util-linux-systemd
- Add util-linux-libblkid-reopen-floppy-without-O_NONBLOCK.patch
  Fixes blkid for floppy drives (bsc#1194900).
- util-linux-fix-tests-when-at-symbol-in-path.patch:
  Add patch to util-linux-systemd and python3-libmount, as it was
  previously only included in util-linux.
xen
- Update to Xen 4.16.5 bug fix release (bsc#1027519)
  xen-4.16.5-testing-src.tar.bz2
  * No upstream changelog found in sources or webpage
- bsc#1214082 - VUL-0: CVE-2023-20569: xen: x86/AMD: Speculative
  Return Stack Overflow (XSA-434)
- bsc#1214083 - VUL-0: CVE-2022-40982: xen: x86/Intel: Gather Data
  Sampling (XSA-435)
- Dropped patches contained in new tarball
  645dec48-AMD-IOMMU-assert-boolean-enum.patch
  646b782b-PCI-pci_get_pdev-respect-segment.patch
  647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
  648863fc-AMD-IOMMU-Invalidate-All-check.patch
  64bea1b2-x86-AMD-Zenbleed.patch

- Handle potential off-by-one errors in libxc-sr-xg_sr_bitmap.patch
  A bit is an index in bitmap, while bits is the allocated size
  of the bitmap.

- Add more debug to libxc-sr-track-migration-time.patch
  This is supposed to help with doing the math in case xl restore
  fails with ERANGE as reported in bug#1209311

- bsc#1213616 - VUL-0: CVE-2023-20593: xen: x86/AMD: Zenbleed
  (XSA-433)
  64bea1b2-x86-AMD-Zenbleed.patch

- Upstream bug fixes (bsc#1027519)
  645dec48-AMD-IOMMU-assert-boolean-enum.patch
  646b782b-PCI-pci_get_pdev-respect-segment.patch
  647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
  648863fc-AMD-IOMMU-Invalidate-All-check.patch
zypper
- Changed location of bash-complication (bsc#1213854).
  This changes the location of zypper.sh bash completion script
  from /usr/share/bash-completion/completions/.
- version 1.14.63

- man: revised explanation of --force-resolution (bsc#1213557)
  Point out that the option not only allows to remove packages but
  may also violate any other active policy if there is no other way
  to resolve the job.
- Print summary hint if policies were violated due to
  - -force-resolution (bsc#1213557)
- BuildRequires:  libzypp-devel >= 17.31.16 (for zypp-tui)
- version 1.14.62