bind
- Update to release 9.16.38
  Bug Fixes:
  * A constant stream of zone additions and deletions via rndc
    reconfig could cause increased memory consumption due to
    delayed cleaning of view memory. This has been fixed.
  * The speed of the message digest algorithms (MD5, SHA-1, SHA-2),
    and of NSEC3 hashing, has been improved.
  * Building BIND 9 failed when the --enable-dnsrps switch for
    ./configure was used. This has been fixed.
  [jsc#SLE-24600]
- Updated keyring and signature
- Update to release 9.16.37
  Security Fixes:
  * An UPDATE message flood could cause named to exhaust all
    available memory. This flaw was addressed by adding a new
    update-quota option that controls the maximum number of
    outstanding DNS UPDATE messages that named can hold in a queue
    at any given time (default: 100). (CVE-2022-3094)
  * named could crash with an assertion failure when an RRSIG query
    was received and stale-answer-client-timeout was set to a
    non-zero value. This has been fixed. (CVE-2022-3736)
  * named running as a resolver with the
    stale-answer-client-timeout option set to any value greater
    than 0 could crash with an assertion failure, when the
    recursive-clients soft quota was reached. This has been fixed.
    (CVE-2022-3924)
  New Features:
  * The new update-quota option can be used to control the number
    of simultaneous DNS UPDATE messages that can be processed to
    update an authoritative zone on a primary server, or forwarded
    to the primary server by a secondary server. The default is
    100. A new statistics counter has also been added to record
    events when this quota is exceeded, and the version numbers for
    the XML and JSON statistics schemas have been updated.
  Feature Changes:
  * The Differentiated Services Code Point (DSCP) feature in BIND
    has been deprecated. Configuring DSCP values in named.conf now
    causes a warning to be logged. Note that this feature has only
    been partly operational since the new Network Manager was
    introduced in BIND 9.16.0.
  * The catalog zone implementation has been optimized to work with
    hundreds of thousands of member zones.
  Bug Fixes:
  * In certain query resolution scenarios (e.g. when following
    CNAME records), named configured to answer from stale cache
    could return a SERVFAIL response despite a usable, non-stale
    answer being present in the cache. This has been fixed.
  [bsc#1207471, bsc#1207473, bsc#1207475, jsc#SLE-24600]
- Update to release 9.16.36
  Feature Changes:
  * The auto-dnssec option has been deprecated and will be removed
    in a future BIND 9.19.x release. Please migrate to
    dnssec-policy.
  Bug Fixes:
  * When a catalog zone was removed from the configuration, in some
    cases a dangling pointer could cause the named process to
    crash.
  * When a zone was deleted from a server, a key management object
    related to that zone was inadvertently kept in memory and only
    released upon shutdown. This could lead to constantly
    increasing memory use on servers with a high rate of changes
    affecting the set of zones being served.
  * In certain cases, named waited for the resolution of
    outstanding recursive queries to finish before shutting down.
  * The zone <name>/<class>: final reference detached log message
    was moved from the INFO log level to the DEBUG(1) log level to
    prevent the named-checkzone tool from superfluously logging
    this message in non-debug mode.
  [jsc#SLE-24600]
- Update to release 9.16.35
  Bug Fixes:
  * A crash was fixed that happened when a dnssec-policy zone that
    used NSEC3 was reconfigured to enable inline-signing.
  * In certain resolution scenarios, quotas could be erroneously
    reached for servers, including any configured forwarders,
    resulting in SERVFAIL answers being sent to clients.
  * rpz-ip rules in response-policy zones could be ineffective in
    some cases if a query had the CD (Checking Disabled) bit set to
    1.
  * Previously, if Internet connectivity issues were experienced
    during the initial startup of named, a BIND resolver with
    dnssec-validation set to auto could enter into a state where it
    would not recover without stopping named, manually deleting the
    managed-keys.bind and managed-keys.bind.jnl files, and starting
    named again.
  * The statistics counter representing the current number of
    clients awaiting recursive resolution results (RecursClients)
    could overflow in certain resolution scenarios.
  * Previously, BIND failed to start on Solaris-based systems with
    hundreds of CPUs.
  * When a DNS resource record’s TTL value was equal to the
    resolver’s configured prefetch “eligibility” value, the record
    was erroneously not treated as eligible for prefetching.
  [jsc#SLE-24600]
- Update to release 9.16.34
  New Features:
  * Support for parsing and validating the dohpath service
    parameter in SVCB records was added.
  * named now logs the supported cryptographic algorithms during
    startup and in the output of named -V.
  Bug Fixes:
  * Changing just the TSIG key names for primaries in catalog
    zones’ member zones was not effective. This has been fixed.
  Known Issues:
  * Upgrading from BIND 9.16.32 or any older version may require a
    manual configuration change. The following configurations are
    affected:
  - type primary zones configured with dnssec-policy but without
    either allow-update or update-policy,
  - type secondary zones configured with dnssec-policy.
    In these cases please add inline-signing yes; to the individual
    zone configuration(s). Without applying this change, named will
    fail to start. For more details, see
    https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signing
  [jsc#SLE-24600]
c-ares
- Update to version 1.19.0
  Security:
  * Low. Stack overflow in ares_set_sortlist() which is used
    during c-ares initialization and typically provided by an
    administrator and not an end user.
    (bsc#1208067, CVE-2022-4904)
  Changes:
  * Add ARES_OPT_HOSTS_FILE similar to ARES_OPT_RESOLVCONF for
    specifying a custom hosts file location.
  Bug fixes:
  * Fix memory leak in reading /etc/hosts when using localhost
    fallback.
  * Fix chain building c-ares when libresolv is already included by
    another project.
  * File lookup should not immediately abort as there may be other
    tries due to search criteria.
  * Asterisks should be allowed in host validation as CNAMEs may
    reference wildcard domains.
  * AutoTools build system referenced bad STDC_HEADERS macro.
  * Even if one address class returns a failure for
    ares_getaddrinfo() we should still return the results we have.
  * Fix ares_getaddrinfo() numerical address resolution with
    AF_UNSPEC
  * Fix tools and help information.
  * Various documentation fixes and cleanups.
  * Add include guards to ares_data.h
  * c-ares could try to exceed maximum number of iovec entries
    supported by system.
  * The RFC6761 6.3 states localhost subdomains must be offline too
- update to 1.18.1. Changes since 1.17.2:
  * Allow '/' as a valid character for a returned name for
    CNAME in-addr.arpa delegation
  * no longer forwards requests for localhost resolution per RFC6761
  * During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so
    that the search process will continue to the next domain
    in the search.
  * Provide ares_nameser.h as a public interface as needed by NodeJS
  * Add support for URI(Uniform Resource Identifier) records via
    ares_parse_uri_reply()
- disable unit tests for SLE12 since GCC compiler too old to build
  unit tests
- 5c995d5.patch: upstreamed
- disable-live-tests.patch: refreshed
- new upstream website
- drop multibuild - tests do not require static library anymore
- spec file cleanup
- drop sources that were re-added to upstream distibution
  (c-ares-config.cmake.in ares_dns.h libcares.pc.cmake)
- update to 1.17.2:
  Security:
  * When building c-ares with CMake, the RANDOM_FILE would not be set
    and therefore downgrade to the less secure random number generator
    it would cause a crash
  * Expand number of escaped characters in DNS replies as per
    RFC1035 5.1 to prevent spoofing follow-up
    (bsc#1188881, CVE-2021-3672)
  * Perform validation on hostnames to prevent possible XSS
    due to applications not performing valiation themselves
  Changes:
  * ares_malloc(0) is now defined behavior (returns NULL) rather than system-specific to catch edge cases
  Bug fixes:
  * Building tests should not force building of static libraries except on Windows
  * Relative headers must use double quotes to prevent pulling in a system library
  for details see,
  https://c-ares.haxx.se/changelog.html#1_17_2
- update to 1.17.1:
    Travis: add iOS target built with CMake (#378)
    Issue #377 suggested that CMake builds for iOS with c-ares were broken. This PR adds an automatic Travis build for iOS CMake.
  - fix build
    External projects were using non-public header ares_dns.h, make public again (#376)
    It appears some outside projects were relying on macros in ares_dns.h, even
    though it doesn't appear that header was ever meant to be public.  That said,
    we don't want to break external integrators so we should distribute this header
    again.
  - note that so versioning has moved to configure.ac
  - note about 1.17.1
  - fix sed gone wrong
    autotools cleanup (#372)
  * buildconf: remove custom logic with autoreconf
- remove missing_header.patch (upstream)
cloud-netconfig
- Update to version 1.7:
  + Overhaul policy routing setup (issue #19)
  + Support alias IPv4 ranges (issue #14)
  + Add support for NetworkManager (bsc#1204549)
  + Remove dependency on netconfig
  + Install into libexec directory
  + Clear stale ifcfg files for accelerated NICs (bsc#1199853)
  + More debug messages
  + Documentation update
- /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in
  Tumbleweed, update path (poo#116221)
cloud-regionsrv-client
- Update to version 10.1.0 (bsc#1207133, bsc#1208097, bsc#1208099 )
  - Removes a warning about system_token entry present in the credentials
  file.
  - Adds logrotate configuration for log rotation.
containerd
- Re-build containerd to use updated golang-packaging. jsc#1342
- Update to containerd v1.6.16 for Docker v23.0.0-ce. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.16>
- Update to containerd v1.6.12 to fix CVE-2022-23471 bsc#1206235. Upstream
  release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.12>
cups
- 0001-cups-dests.c-cupsGetNamedDest-set-IPP_STATUS_ERROR_N.patch
  improves logging on 'IPP_STATUS_ERROR_NOT_FOUND' error
  that fixes bsc#1191467, bsc#1198932:
  "/lpr reports 'No such file or directory' for missing catalogue files"/
  "//usr/bin/lpr: No such file or directory"/
- after-network_target-sssd_service.patch
  is derived from https://github.com/apple/cups/issues/5550 with its
  https://github.com/apple/cups/commit/aaebca5660fdd7f7b6f30461f0788d91ef6e2fee
  and SUSE PTF:24471 cups.SUSE_SLE-15_Update cups-2.2.7-wait-for-network.patch
  to add "/After=network.target sssd.service"/ to the systemd unit
  source files cupsd.service.in and cups.cups-lpdAT.service.in
  to fix bsc#1201234, bsc#1200321:
  "/Missing network dependency in systemd unit for cups-2.2.7"/
  "/CUPS may not always start if sssd is in use"/
- cups-branch-2.2-commit-876fdc1c90a885a58644c8757bc1283c9fd5bcb7.diff
  is https://github.com/OpenPrinting/cups/commit/876fdc1c90a885a58644c8757bc1283c9fd5bcb7
  which belongs to https://github.com/OpenPrinting/cups/issues/308
  that fixes bsc#1191525, bsc#1203446:
  "/Print jobs on cups.sock return with EAGAIN (Resource temporarily unavailable)"/
  "//usr/bin/lpr: Error - The printer or class does not exist."/
curl
- Security fixes:
  * [bsc#1209209, CVE-2023-27533] TELNET option IAC injection
    Add curl-CVE-2023-27533-no-sscanf.patch curl-CVE-2023-27533.patch
  * [bsc#1209210, CVE-2023-27534] SFTP path ~ resolving discrepancy
    Add curl-CVE-2023-27534.patch
  * [bsc#1209211, CVE-2023-27535] FTP too eager connection reuse
    Add curl-CVE-2023-27535.patch
  * [bsc#1209212, CVE-2023-27536] GSS delegation too eager connection re-use
    Add curl-CVE-2023-27536.patch
  * [bsc#1209214, CVE-2023-27538] SSH connection too eager reuse still
    Add curl-CVE-2023-27538.patch
- Security Fix: [bsc#1207992, CVE-2023-23916]
  * HTTP multi-header compression denial of service
  * Add curl-CVE-2023-23916.patch
- Security Fixes:
  * HSTS ignored on multiple requests [bsc#1207990, CVE-2023-23914]
  * HSTS amnesia with --parallel [bsc#1207991, CVE-2023-23915]
  * Add curl-CVE-2023-23914-23915.patch
docker
- update to 20.10.23-ce.
  * see upstream changelog at https://docs.docker.com/engine/release-notes/#201023
- drop kubic flavor as kubic is EOL. this removes:
  kubelet.env docker-kubic-service.conf 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
- Update to Docker 20.10.21-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/#201021>. bsc#1206065
  bsc#1205375 CVE-2022-36109
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
  * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
  * 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- The PRIVATE-REGISTRY patch will now output a warning if it is being used (in
  preparation for removing the feature). This feature was never meant to be
  used by users directly (and is only available in the -kubic/CaaSP version of
  the package anyway) and thus should not affect any users.
- Fix wrong After: in docker.service, fixes bsc#1188447
- Add apparmor-parser as a Recommends to make sure that most users will end up
  with it installed even if they are primarily running SELinux.
- Fix syntax of boolean dependency
- Allow to install container-selinux instead of apparmor-parser.
- Change to using systemd-sysusers
dracut
- Update to version 055+suse.331.g05b9ccb7:
  * feat(kernel-modules): exclude USB drivers in strict hostonly mode (bsc#1186056)
  * fix(multipath): warn if included with no multipath devices and no user conf (bsc#1069169)
  * fix(dracut.sh): improve detection of installed kernel versions (bsc#1205175)
  * fix(nfs): chown using rpc default group (bsc#1204929)
firewalld
- Fix firewall-offline-cmd fails with ERROR: Calling pre func
  Added following patch (bsc#1206928)
  [+ 0003-firewall-offline-cmd-fail-fix.patch]
glibc
- amd-cacheinfo.patch: x86: Cache computation for AMD architecture
  (bsc#1207957)
- gmon-hash-table-size.patch: gmon: Fix allocated buffer overflow
  (CVE-2023-0687, bsc#1207975, BZ #29444)
- strncmp-avx2-boundary.patch: Fix avx2 strncmp offset compare condition
  check (bsc#1208358, BZ #25933)
- dlopen-filter-object.patch: elf: Allow dlopen of filter object to work
  (bsc#1207571, BZ #16272)
- powerpc-tst-ucontext.patch: powerpc: Fix unrecognized instruction errors
  with recent GCC
gnutls
- FIPS: PBKDF2 additional requirements [bsc#1209001]
  * Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N)
  * Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1)
  * Set the minimum iterations count to 1000 (SP 800-132 sec 5.2)
  * Set the minimum passlen of 20 characters (SP SP800-132 sec 5)
  * Add regression tests for the new PBKDF2 requirements.
  * Add gnutls-FIPS-pbkdf2-additional-requirements.patch
- libgnutls: Increase the limit of TLS PSK usernames from 128 to
  65535 characters. [bsc#1208237, jsc#PED-1562]
  * Upstream: https://gitlab.com/gnutls/gnutls/commit/f032324a
  * Add gnutls-increase-TLS-PSK-username-limit.patch
- FIPS: Fix pct_test() return code in case of error [bsc#1207183]
  * Rebase with the upstream version: gnutls-FIPS-PCT-DH.patch
- FIPS: Make the jitterentropy calls thread-safe [bsc#1208146]
  * Add gnutls-FIPS-jitterentropy-threadsafe.patch
- FIPS: GnuTLS DH/ECDH PCT public key regeneration [bsc#1207183]
  * Rebase patches with the version submitted upstream.
  * Avoid copying the key material: gnutls-FIPS-PCT-DH.patch
  * Improve logic around memory release: gnutls-FIPS-PCT-ECDH.patch
- Security Fix: [bsc#1208143, CVE-2023-0361]
  * Bleichenbacher oracle in TLS RSA key exchange
  * Add gnutls-CVE-2023-0361.patch
- FIPS: Change all the 140-2 references to FIPS 140-3 in order to
  account for the new FIPS certification [bsc#1207346]
  * Add gnutls-FIPS-140-3-references.patch
- FIPS: GnuTLS DH/ECDH PCT public key regeneration [bsc#1207183]
  * Add gnutls-FIPS-PCT-DH.patch gnutls-FIPS-PCT-ECDH.patch
graphite2
- fixed license string [bsc#1207676]:
  LGPL-2.1-or-later OR MPL-2.0 OR GPL-2.0-or-later
grub2
- Make grub.cfg invariant to efi and legacy platforms (bsc#1205200)
- Removed patch linuxefi
  * grub2-secureboot-provide-linuxefi-config.patch
  * grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch
  * grub2-secureboot-use-linuxefi-on-uefi.patch
- Rediff
  * grub2-btrfs-05-grub2-mkconfig.patch
  * grub2-efi-xen-cmdline.patch
  * grub2-s390x-05-grub2-mkconfig.patch
  * grub2-suse-remove-linux-root-param.patch
- Move unsupported zfs modules into 'extras' packages
  (bsc#1205554) (PED-2947)
haveged
- Synchronize haveged instances during switching root (bsc#1203079)
  * Add haveged-switch-root.patch
hwinfo
- merge gh#openSUSE/hwinfo#127
- create xen usb controller device if necessary (bsc#1204294)
- 21.84
irqbalance
- Add mainline fixes (bnc#1204962, bsc#1206661):
  A    irqbalance-properly-check-if-irq-is-banned.patch
  A    get-irq-module-relationship-from-sys-bus-pci-driver.patch
  A    irqbalance-ui-skip-in-parse_setup-to-avoid-coredump.patch
  A    Fix-uninitialized-variable.patch
jitterentropy
- jitterentropy-with-debug.patch: build with debuginfo (bsc#1207789)
kdump
- run kdump.service only after kdump-early.service (bsc#1196335)
- don't skip infiniband interfaces (bsc#1186745)
  (not a complete fix, requires a patch in dracut as well)
kernel-default
- Drop build fix patch causing a regression on aarch64 (bsc#1209798)
  Delete patches.suse/Makefile-link-with-z-noexecstack-no-warn-rwx-segment.patch
- commit cc75cf8
- x86/perf/zhaoxin: Add stepping check for ZXC (git fixes).
- perf/x86/intel: Add Emerald Rapids (git fixes).
- perf/x86/intel/uncore: Add Emerald Rapids (git fixes).
- perf/x86/msr: Add Emerald Rapids (git fixes).
- perf/x86/rapl: Treat Tigerlake like Icelake (git fixes).
- perf/core: Call LSM hook after copying perf_event_attr
  (git fixes).
- perf/x86/amd: fix potential integer overflow on shift of a int
  (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in
  __uncore_imc_init_box() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in
  snr_uncore_mmio_map() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in
  hswep_has_limit_sbox() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in
  sad_cfg_iio_topology() (git fixes).
- perf: Fix possible memleak in pmu_dev_alloc() (git fixes).
- bpf, perf: Use subprog name when reporting subprog ksymbol
  (git fixes).
- perf/x86/intel/pt: Fix sampling using single range output
  (git fixes).
- perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes
  (git fixes).
- perf/x86/intel: Fix pebs event constraints for SPR (git fixes).
- perf/x86/intel: Fix pebs event constraints for ICL (git fixes).
- perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain
  (git fixes).
- x86/cpu: Add several Intel server CPU model numbers (git fixes).
- perf/x86/rapl: Add support for Intel AlderLake-N (git fixes).
- perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of
  clear_cpu_cap() (git fixes).
- perf/x86/uncore: Add new Raptor Lake S support (git fixes).
- x86/cpu: Add CPU model numbers for Meteor Lake (git fixes).
- x86/cpu: Add new Raptor Lake CPU model number (git fixes).
- perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC
  PMU (git fixes).
- perf/x86/intel: Fix pebs event constraints for ADL (git fixes).
- perf/x86/intel/ds: Fix precise store latency handling (git
  fixes).
- perf/x86/lbr: Enable the branch type for the Arch LBR by default
  (git fixes).
- perf/x86/intel: Fix PEBS data source encoding for ADL (git
  fixes).
- perf/x86/intel: Fix PEBS memory access info encoding for ADL
  (git fixes).
- perf/core: Fix data race between perf_event_set_output()
  and perf_mmap_close() (git fixes).
- perf/x86/intel: Fix event constraints for ICL (git fixes).
- perf/x86/uncore: Add new Alder Lake and Raptor Lake support
  (git fixes).
- perf/x86/uncore: Clean up uncore_pci_ids (git fixes).
- perf/amd/ibs: Use interrupt regs ip for stack unwinding
  (git fixes).
- x86/cpu: Add new Alderlake and Raptorlake CPU model numbers
  (git fixes).
- perf/x86/intel: Don't extend the pseudo-encoding to GP counters
  (git fixes).
- perf/core: Inherit event_caps (git fixes).
- perf/x86/uncore: Add Raptor Lake uncore support (git fixes).
- perf/x86/intel/pt: Relax address filter validation (git fixes).
- x86/perf: Default set FREEZE_ON_SMI for all (git fixes).
- perf: Always wake the parent event (git fixes).
- x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes).
- perf/x86/rapl: fix AMD event handling (git fixes).
- x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define
  (git fixes).
- x86/cpu: Add Raptor Lake to Intel family (git fixes).
- commit 74e398e
- Refresh patches.suse/NFSv3-handle-out-of-order-write-replies.patch.
  Careless typo - might cause bsc#1209457
- commit 1d76618
- ceph: update the time stamps and try to drop the suid/sgid
  (bsc#1209504).
- commit e7df378
- supported.conf: Remove duplicate entry.
- commit 2c93f73
- IB/hfi1: Update RMT size calculation (git-fixes)
- commit 46a7a1c
- IB/hfi1: Assign npages earlier (git-fixes)
- commit b6b4a13
- serial: qcom-geni: fix console shutdown hang (git-fixes).
- serial: 8250_fsl: fix handle_irq locking (git-fixes).
- serial: 8250_em: Fix UART port type (git-fixes).
- interconnect: exynos: fix node leak in probe PM QoS error path
  (git-fixes).
- interconnect: fix mem leak when freeing nodes (git-fixes).
- interconnect: qcom: osm-l3: fix icc_onecell_data allocation
  (git-fixes).
- firmware: xilinx: don't make a sleepable memory allocation
  from an atomic context (git-fixes).
- fbdev: omapfb: cleanup inconsistent indentation (git-fixes).
- hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: tmp512: drop of_match_ptr for ID table (git-fixes).
- hwmon: (ucd90320) Add minimum delay between bus accesses
  (git-fixes).
- hwmon: (ina3221) return prober error code (git-fixes).
- hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove
  due to race condition (git-fixes).
- hwmon: (adt7475) Fix masking of hysteresis registers
  (git-fixes).
- hwmon: (adt7475) Display smoothing attributes in correct order
  (git-fixes).
- media: m5mols: fix off-by-one loop termination error
  (git-fixes).
- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
  condition (git-fixes).
- nfc: pn533: initialize struct pn533_out_arg properly
  (git-fixes).
- mmc: sdhci_am654: lower power-on failed message severity
  (git-fixes).
- ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU()
  (git-fixes).
- drm/bridge: Fix returned array size name for
  atomic_get_input_bus_fmts kdoc (git-fixes).
- drm/sun4i: fix missing component unbind on bind errors
  (git-fixes).
- drm/meson: fix 1px pink line on GXM when scaling video overlay
  (git-fixes).
- drm/panfrost: Don't sync rpm suspension after mmu flushing
  (git-fixes).
- drm/shmem-helper: Remove another errant put in error path
  (git-fixes).
- clk: HI655X: select REGMAP instead of depending on it
  (git-fixes).
- docs: Correct missing "/d_"/ prefix for dentry_operations member
  d_weak_revalidate (git-fixes).
- drm/amdgpu: fix error checking in amdgpu_read_mm_registers
  for soc15 (git-fixes).
- drm/connector: print max_requested_bpc in state debugfs
  (git-fixes).
- drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes).
- nfc: change order inside nfc_se_io error path (git-fixes).
- regulator: core: Use ktime_get_boottime() to determine how
  long a regulator was off (git-fixes).
- media: rc: gpio-ir-recv: add remove function (git-fixes).
- media: ov5640: Fix analogue gain control (git-fixes).
- PCI: Add SolidRun vendor ID (git-fixes).
- drm/nouveau/kms/nv50-: remove unused functions (git-fixes).
- regulator: core: Fix off-on-delay-us for always-on/boot-on
  regulators (git-fixes).
- regulator: Flag uncontrollable regulators as always_on
  (git-fixes).
- commit fc61e5c
- Delete patches.suse/drm-i915-Don-t-use-BAR-mappings-for-ring-buffers-wit.patch
  Resulted in an Oops / hang at boot (bsc#1209436)
- commit 0da96b0
- hwmon: (k10temp): Add support for new family 17h and 19h models
  (bsc#1208848).
- x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848).
- commit c3dd9ac
- Update references in
  patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch
  (git-fixes bsc#1209291 CVE-2023-28328).
- commit dc99e31
- rpm/group-source-files.pl: Fix output difference when / is in location
  While previous attempt to fix group-source-files.pl in 6d651362c38
  "/rpm/group-source-files.pl: Deal with {pre,post}fixed / in location"/
  breaks the infinite loop, it does not properly address the issue. Having
  prefixed and/or postfixed forward slash still result in different
  output.
  This commit changes the script to use the Perl core module File::Spec
  for proper path manipulation to give consistent output.
- commit 4161bf9
- perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery
  table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824,
  bsc#1206493, bsc#1206492).
- perf/x86/uncore: Ignore broken units in discovery table
  (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Fix potential NULL pointer in
  uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824,
  bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Make set_mapping() procedure void
  (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Update sysfs-devices-mapping file
  (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for
  Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for
  Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824,
  bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for
  Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs
  (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on
  ICX-D (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824,
  bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824,
  bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Generalize IIO topology support
  (bsc#1206824, bsc#1206493, bsc#1206492).
- commit 23fd14b
- Require suse-kernel-rpm-scriptlets at all times.
  The kernel packages call scriptlets for each stage, add the dependency
  to make it clear to libzypp that the scriptlets are required.
  There is no special dependency for posttrans, these scriptlets run when
  transactions are resolved. The plain dependency has to be used to
  support posttrans.
- commit 56c4dbe
- Replace mkinitrd dependency with dracut (bsc#1202353).
  Also update mkinitrd refrences in documentation and comments.
- commit e356c9b
- mm: memcg: fix NULL pointer in
  mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262).
- commit ca9be2b
- watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths
  (bsc#1197617).
- commit 34bfa16
- blacklist.conf: Add cgroup locking optimizations
  be288169712f cgroup: reduce dependency on cgroup_mutex
  671c11f0619e cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree
- commit a274f6f
- fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258).
- commit 49f82de
- blacklist.conf: Add 9360d035a579 panic: Separate sysctl logic from CONFIG_SMP
- commit 70188a8
- blacklist.conf: Add 9df918698408 kernel/panic: move panic sysctls to its own file
- commit 7099ede
- prlimit: do_prlimit needs to have a speculation check
  (bsc#1209256).
- commit 90a3f2f
- blacklist.conf: this is very hard to explain. This patch stops a staging
  driver from doing something extremely stupid, but it is visible and not
  technically a fix
- commit 55006f0
- blacklist.conf: Add c16bdeb5a39f rlimit: Fix RLIMIT_NPROC enforcement failure caused by capability calls in set_user
  And also reasoning dependency/guard 2863643fb8b9 ("/set_user: add capability check when rlimit(RLIMIT_NPROC) exceeds"/)
- commit 2a2c4f0
- blacklist.conf: this is very hard to explain. This patch stops a staging
  driver from doing something extremely stupid, but it is visible and not
  technically a fix
- commit a35c342
- s390/kexec: fix ipl report address for kdump (bsc#1207529).
- commit b51985a
- rpm/kernel-obs-build.spec.in: Remove SLE11 cruft
- commit 871eeb4
- rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159).
- commit d31c746
- rds: rds_rm_zerocopy_callback() correct order for
  list_add_tail() (CVE-2023-1078 bsc#1208601).
- rds: rds_rm_zerocopy_callback() use list_first_entry()
  (CVE-2023-1078 bsc#1208601).
- commit b467b16
- net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075
  bsc#1208598).
- commit 04f7ce9
- blacklist.conf: feature, not fix
- commit 3b9cbfd
- blacklist.conf: duplicate
- commit 082c8b7
- Update patches.suse/hid-bigben_probe-validate-report-count.patch
  (bsc#1208605).
  Added bugzilla reference to fix already applied
- commit 784a3b2
- scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file
  (git-fixes).
- commit 1bde01c
- signal: Implement force_fatal_sig (git-fixes).
- blacklist.conf: remove it
- commit fc01034
- bpf, x64: Factor out emission of REX byte in more cases
  (git-fixes).
- blacklist.conf: remove it
- commit 3ad465f
- bpf: Fix extable address check (git-fixes).
- bpf: Fix extable fixup offset (git-fixes).
- x86/64/mm: Map all kernel memory into trampoline_pgd
  (git-fixes).
- x86/sgx: Fix free page accounting (git-fixes).
- signal/x86: In emulate_vsyscall force a signal instead of
  calling do_exit (git-fixes).
- signal/seccomp: Refactor seccomp signal and coredump generation
  (git-fixes).
- commit 128d44a
- wifi: cfg80211: Partial revert "/wifi: cfg80211: Fix use after
  free for wext"/ (git-fixes).
- tpm/eventlog: Don't abort tpm_read_log on faulty ACPI address
  (git-fixes).
- commit c121561
- NFS: nfsiod should not block forever in mempool_alloc()
  (git-fixes).
- commit 3938521
- KABI FIX FOR NFSv4: Fix free of uninitialized nfs4_label on
  referral lookup (git-fixes).
- commit 3fe030b
- ASoC: zl38060 add gpiolib dependency (git-fixes).
- pwm: stm32-lp: fix the check on arr and cmp registers update
  (git-fixes).
- phy: rockchip-typec: Fix unsigned comparison with less than zero
  (git-fixes).
- PCI: Add ACS quirk for Wangxun NICs (git-fixes).
- PCI: Take other bus devices into account when distributing
  resources (git-fixes).
- PCI: Align extra resources for hotplug bridges properly
  (git-fixes).
- iio: accel: mma9551_core: Prevent uninitialized variable in
  mma9551_read_config_word() (git-fixes).
- iio: accel: mma9551_core: Prevent uninitialized variable in
  mma9551_read_status_word() (git-fixes).
- tools/iio/iio_utils:fix memory leak (git-fixes).
- mei: bus-fixup:upon error print return values of send and
  receive (git-fixes).
- staging: emxx_udc: Add checks for dma_alloc_coherent()
  (git-fixes).
- serial: sc16is7xx: setup GPIO controller later in probe
  (git-fixes).
- tty: serial: fsl_lpuart: disable the CTS when send break signal
  (git-fixes).
- tty: fix out-of-bounds access in tty_driver_lookup_tty()
  (git-fixes).
- usb: uvc: Enumerate valid values for color matching (git-fixes).
- USB: ene_usb6250: Allocate enough memory for full object
  (git-fixes).
- usb: host: xhci: mvebu: Iterate over array indexes instead of
  using pointer math (git-fixes).
- media: uvcvideo: Silence memcpy() run-time false positive
  warnings (git-fixes).
- media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910
  (git-fixes).
- media: uvcvideo: Handle errors from calls to usb_string
  (git-fixes).
- media: uvcvideo: Handle cameras with invalid descriptors
  (git-fixes).
- mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt
  leak (git-fixes).
- firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3
  (git-fixes).
- ASoC: zl38060: Remove spurious gpiolib select (git-fixes).
- Bluetooth: hci_sock: purge socket queues in the destruct()
  callback (git-fixes).
- commit 1135294
- kABI workaround for hid quirks (git-fixes).
- commit 2ce6cac
- HID: retain initial quirks set up when creating HID devices
  (git-fixes).
- commit 0d98469
- PCI: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes).
- kABI: PCI: dwc: Add dw_pcie_ops.host_deinit() callback (kabi).
- commit ccb0b3a
- thermal/drivers/tsens: Add compat string for the qcom,msm8960
  (git-fixes).
- Refresh
  patches.suse/thermal-drivers-tsens-Sort-out-msm8976-vs-msm8956-da.patch.
- commit 0c14aac
- drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes).
- drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes).
- drm/msm/a5xx: fix context faults during ring switch (git-fixes).
- drm/msm/a5xx: fix the emptyness check in the preempt code
  (git-fixes).
- drm/msm/a5xx: fix highest bank bit for a530 (git-fixes).
- drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL
  register (git-fixes).
- drm/msm: Fix potential invalid ptr free (git-fixes).
- vfio/type1: restore locked_vm (git-fixes).
- vfio/type1: track locked_vm per dma (git-fixes).
- vfio/type1: prevent underflow of locked_vm via exec()
  (git-fixes).
- tty: serial: imx: disable Ageing Timer interrupt request irq
  (git-fixes).
- usb: gadget: configfs: Restrict symlink creation is UDC already
  binded (git-fixes).
- usb: typec: intel_pmc_mux: Don't leak the ACPI device reference
  count (git-fixes).
- wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream()
  fails (git-fixes).
- wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()
  (git-fixes).
- wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup
  (git-fixes).
- wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes).
- wifi: mt7601u: fix an integer underflow (git-fixes).
- wifi: brcmfmac: ensure CLM version is null-terminated to
  prevent stack-out-of-bounds (git-fixes).
- wifi: brcmfmac: Fix potential stack-out-of-bounds in
  brcmf_c_preinit_dcmds() (git-fixes).
- wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
  (git-fixes).
- thermal: intel: intel_pch: Add support for Wellsburg PCH
  (git-fixes).
- thermal: intel: Fix unsigned comparison with less than zero
  (git-fixes).
- wifi: ath9k: use proper statements in conditionals (git-fixes).
- tty: serial: imx: Handle RS485 DE signal active high
  (git-fixes).
- usb: typec: intel_pmc_mux: Use the helper
  acpi_dev_get_memory_resources() (git-fixes).
- usb: gadget: configfs: remove using list iterator after loop
  body as a ptr (git-fixes).
- usb: gadget: configfs: use to_usb_function_instance() in cfg
  (un)link func (git-fixes).
- usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link()
  (git-fixes).
- commit 31f8312
- nfc: fdp: add null check of devm_kmalloc_array in
  fdp_nci_i2c_read_device_properties (git-fixes).
- drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes).
- drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv
  (git-fixes).
- media: i2c: imx219: Fix binning for RAW8 capture (git-fixes).
- media: i2c: imx219: Split common registers from mode tables
  (git-fixes).
- PCI: Avoid FLR for AMD FCH AHCI adapters (git-fixes).
- firmware: coreboot: framebuffer: Ignore reserved pixel color
  bits (git-fixes).
- media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible()
  (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad
  Duet 3 10IGL5 (git-fixes).
- drm/msm/dsi: Add missing check for alloc_ordered_workqueue
  (git-fixes).
- drm: amd: display: Fix memory leakage (git-fixes).
- drm/radeon: free iio for atombios when driver shutdown
  (git-fixes).
- drm/amd/display: Fix potential null-deref in dm_resume
  (git-fixes).
- drm/edid: fix AVI infoframe aspect ratio handling (git-fixes).
- drm/tiny: ili9486: Do not assume 8-bit only SPI controllers
  (git-fixes).
- drm/omap: dsi: Fix excessive stack usage (git-fixes).
- drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes).
- hwmon: (coretemp) Simplify platform device handling (git-fixes).
- HID: multitouch: Add quirks for flipped axes (git-fixes).
- HID: logitech-hidpp: Don't restart communication if not
  necessary (git-fixes).
- HID: Add Mapping for System Microphone Mute (git-fixes).
- pinctrl: at91: use devm_kasprintf() to avoid potential leaks
  (git-fixes).
- spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes).
- regulator: s5m8767: Bounds check id indexing into arrays
  (git-fixes).
- regulator: max77802: Bounds check regulator id against opmode
  (git-fixes).
- KEYS: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes).
- drm/vc4: dpi: Add option for inverting pixel clock and output
  enable (git-fixes).
- mt76: mt7915: fix polling firmware-own status (git-fixes).
- media: uvcvideo: Fix memory leak of object map on error exit
  path (git-fixes).
- pinctrl: mediatek: fix coding style (git-fixes).
- media: uvcvideo: Check controls flags before accessing them
  (git-fixes).
- media: uvcvideo: Use control names from framework (git-fixes).
- media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS
  (git-fixes).
- media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes).
- media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes).
- media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL
  (git-fixes).
- commit af57661
- Documentation/hw-vuln: Document the interaction between IBRS
  and STIBP (git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC
  (git-fixes).
- dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes).
- docs/scripts/gdb: add necessary make scripts_gdb step
  (git-fixes).
- ASoC: codecs: lpass: fix incorrect mclk rate (git-fixes).
- ASoC: kirkwood: Iterate over array indexes instead of using
  pointer math (git-fixes).
- ASoC: soc-compress: Reposition and add pcm_mutex (git-fixes).
- Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE
  (git-fixes).
- ACPI: Don't build ACPICA with '-Os' (git-fixes).
- ACPI: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes).
- clocksource: Suspend the watchdog temporarily when high read
  latency detected (git-fixes).
- arm64: dts: qcom: pmk8350: Use the correct PON compatible
  (git-fixes).
- arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name
  (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node
  name (git-fixes).
- arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node
  names (git-fixes).
- arm64: dts: amlogic: meson-gx-libretech-pc: fix update button
  name (git-fixes).
- arm64: dts: amlogic: meson-gxl: add missing unit address to
  eth-phy-mux node name (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing unit address to
  rng node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid
  clock-names property (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing SCPI sensors
  compatible (git-fixes).
- arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name
  (git-fixes).
- arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name
  (git-fixes).
- ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video
  phy (git-fixes).
- arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock
  names (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: pmk8350: Specify PBS register for PON
  (git-fixes).
- arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes).
- ACPI: resource: Add helper function
  acpi_dev_get_memory_resources() (git-fixes).
- ath9k: htc: clean up statistics macros (git-fixes).
- ath9k: hif_usb: simplify if-if to if-else (git-fixes).
- ASoC: codecs: tx-macro: move to individual clks from bulk
  (git-fixes).
- ASoC: codecs: rx-macro: move to individual clks from bulk
  (git-fixes).
- ASoC: codecs: tx-macro: move clk provider to managed variants
  (git-fixes).
- ASoC: codecs: rx-macro: move clk provider to managed variants
  (git-fixes).
- arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes).
- ASoC: codecs: Change bulk clock voting to optional voting in
  digital codecs (git-fixes).
- ASoC: fsl_sai: Update to modern clocking terminology
  (git-fixes).
- commit 8491e1c
- tap: tap_open(): correctly initialize socket uid (CVE-2023-1076
  bsc#1208599).
- tun: tun_chr_open(): correctly initialize socket uid
  (CVE-2023-1076 bsc#1208599).
- net: add sock_init_data_uid() (CVE-2023-1076 bsc#1208599).
- netfilter: nf_tables: fix null deref due to zeroed list head
  (CVE-2023-1095 bsc#1208777).
- commit 1969911
- arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes)
- commit 17b413e
- crypto: arm64 - Fix unused variable compilation warnings of (git-fixes)
- commit bedb569
- arm64: make is_ttbrX_addr() noinstr-safe (git-fixes)
- commit 04f9814
- arm64: mm: kfence: only handle translation faults (git-fixes)
- commit 53720ca
- arm64: atomics: remove LL/SC trampolines (git-fixes)
- commit abb3814
- arm64: dts: juno: Add missing MHU secure-irq (git-fixes)
- commit 8ba9b76
- arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes)
- commit 830c0c2
- arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes)
- commit bf5800f
- arm64: Treat ESR_ELx as a 64-bit register (git-fixes)
- commit 2dadb72
- blacklist.conf: add some X86 git-fixes
- commit 05ac891
- blacklist.conf: ("/arm64: dts: ten64: remove redundant interrupt declaration for"/)
- commit b0f32f5
- Update patch reference for HID fixes (CVE-2023-25012 bsc#1207560)
- commit ac09f05
- qede: avoid uninitialized entries in coal_entry array
  (bsc#1205846).
- qede: fix interrupt coalescing configuration (bsc#1205846).
- commit bcd42d6
- PCI/PTM: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes).
- commit da09379
- PCI: qcom: Fix host-init error handling (git-fixes).
- PCI: Unify delay handling for reset and resume (git-fixes).
- PCI/PM: Always disable PTM for all devices during suspend
  (git-fixes).
- PCI: mediatek-gen3: Fix refcount leak in
  mtk_pcie_init_irq_domains() (git-fixes).
- PCI/PM: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte
  X299 (git-fixes).
- PCI: qcom: Fix pipe clock imbalance (git-fixes).
- PCI: mediatek-gen3: Assert resets to ensure expected init state
  (git-fixes).
- PCI: Avoid pci_dev_lock() AB/BA deadlock with
  sriov_numvfs_store() (git-fixes).
- PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes).
- PCI: xgene: Revert "/PCI: xgene: Use inbound resources for setup"/
  (git-fixes).
- PCI: aardvark: Check return value of generic_handle_domain_irq()
  when processing INTx IRQ (git-fixes).
- PCI: Reduce warnings on possible RW1C corruption (git-fixes).
- kABI: PCI: Reduce warnings on possible RW1C corruption (kabi).
- Refresh patches.suse/0001-kABI-more-hooks-for-PCI-changes.patch.
- PCI: aardvark: Fix link training (git-fixes).
- Refresh
  patches.suse/PCI-aardvark-Fix-checking-for-link-up-via-LTSSM-stat.patch.
- commit 3cab0bb
- blacklist.conf: add some PCI git-fixes
- commit 259b001
- platform: x86: MLX_PLATFORM: select REGMAP instead of depending
  on it (git-fixes).
- commit b403668
- NFSv4.2: Fix a memory stomp in decode_attr_security_label
  (git-fixes).
- NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
  (git-fixes).
- SUNRPC: Don't leak netobj memory when gss_read_proxy_verf()
  fails (git-fixes).
- NFSD: pass range end to vfs_fsync_range() instead of count
  (git-fixes).
- nfsd: don't call nfsd_file_put from client states seqfile
  display (git-fixes).
- NFSD: Finish converting the NFSv3 GETACL result encoder
  (git-fixes).
- NFSD: Finish converting the NFSv2 GETACL result encoder
  (git-fixes).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- NFSv4.2: Fixup CLONE dest file size for zero-length count
  (git-fixes).
- NFSv4: Retry LOCK on OLD_STATEID during delegation return
  (git-fixes).
- SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed
  (git-fixes).
- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
  (git-fixes).
- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- NFSv4: Fix a potential state reclaim deadlock (git-fixes).
- NFSv4/pNFS: Always return layout stats on layout return for
  flexfiles (git-fixes).
- NFSD: fix use-after-free on source server when doing
  inter-server copy (git-fixes).
- NFSD: Return nfserr_serverfault if splice_ok but buf->pages
  have data (git-fixes).
- NFSD: Fix handling of oversized NFSv4 COMPOUND requests
  (git-fixes).
- nfsd: Fix a memory leak in an error handling path (git-fixes).
- NFSv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
  (git-fixes).
- NFSv4: Fix free of uninitialized nfs4_label on referral lookup
  (git-fixes).
- NFSv4: Don't hold the layoutget locks across multiple RPC calls
  (git-fixes).
- SUNRPC: Return true/false (not 1/0) from bool functions
  (git-fixes).
- NFS: Avoid writeback threads getting stuck in mempool_alloc()
  (git-fixes).
- NFS: nfsiod should not block forever in mempool_alloc()
  (git-fixes).
- commit 4c29b9b
- blacklist.conf: fixes for bugs we don't have
- commit afbbfc5
- malidp: Fix NULL vs IS_ERR() checking (bsc#1208843
  CVE-2023-23004).
- commit 87efba8
- Delete
  patches.suse/livepatch-define-a-macro-for-new-api-identification.patch.
  This definition was used by kgraft codestreams (SLE12-SP3), but the
  livepatch support for such codestreams has ended.
- commit f5aeaad
- Do not sign the vanilla kernel (bsc#1209008).
- commit cee4d89
- blacklist.conf: false positive
- commit 086f5da
- nvme-auth: fix an error code in
  nvme_auth_process_dhchap_challenge() (bsc#1202633).
- nvme-auth: don't use NVMe status codes (bsc#1202633).
- nvme-auth: mark nvme_auth_wq static (bsc#1202633).
- nvme-auth: use workqueue dedicated to authentication
  (bsc#1202633).
- nvme-auth: fix smatch warning complaints (bsc#1202633).
- nvme-auth: have dhchap_auth_work wait for queues auth to
  complete (bsc#1202633).
- nvme-auth: remove redundant auth_work flush (bsc#1202633).
- nvme-auth: convert dhchap_auth_list to an array (bsc#1202633).
- nvme-auth: check chap ctrl_key once constructed (bsc#1202633).
- nvme-auth: no need to reset chap contexts on re-authentication
  (bsc#1202633).
- nvme-auth: remove redundant deallocations (bsc#1202633).
- nvme-auth: clear sensitive info right after authentication
  completes (bsc#1202633).
- nvme-auth: guarantee dhchap buffers under memory pressure
  (bsc#1202633).
- nvme-auth: don't keep long lived 4k dhchap buffer (bsc#1202633).
- nvme-auth: remove redundant if statement (bsc#1202633).
- nvme-auth: don't override ctrl keys before validation
  (bsc#1202633).
- nvme-auth: don't ignore key generation failures when
  initializing ctrl keys (bsc#1202633).
- nvme-auth: remove redundant buffer deallocations (bsc#1202633).
- nvme-auth: don't re-authenticate if the controller is not LIVE
  (bsc#1202633).
- nvme-auth: remove symbol export from nvme_auth_reset
  (bsc#1202633).
- nvme-auth: rename authentication work elements (bsc#1202633).
- nvme-auth: rename __nvme_auth_[reset|free] to
  nvme_auth[reset|free]_dhchap (bsc#1202633).
- commit 67a47c5
- blacklist.conf: kABI, cosmetic
- commit f03aa8f
- Add cherry-picked id for nouveau patch
- commit d18ab1d
- VFS: filename_create(): fix incorrect intent (bsc#1197534).
- commit a961e32
- KABI FIX FOR: NFSv4.1 query for fs_location attr on a new file
  system (Never, kabi).
- commit f615f65
- update internal module version number for cifs.ko (bsc#1193629).
- commit c325c43
- drm/virtio: Fix NULL vs IS_ERR checking in
  virtio_gpu_object_shmem_init (bsc#1208776 CVE-2023-22998).
- commit cd9c832
- rpm/group-source-files.pl: Deal with {pre,post}fixed / in location
  When the source file location provided with -L is either prefixed or
  postfixed with forward slash, the script get stuck in a infinite loop
  inside calc_dirs() where $path is an empty string.
  user@localhost:/tmp> perl "/$HOME/group-source-files.pl"/ -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/
  ...
  path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig
  path = /usr/src/linux-5.14.21-150500.41/Documentation
  path = /usr/src/linux-5.14.21-150500.41
  path = /usr/src
  path = /usr
  path =
  path =
  path =
  ... # Stuck in an infinite loop
  This workarounds the issue by breaking out the loop once path is an
  empty string. For a proper fix we'd want something that
  filesystem-aware, but this workaround should be enough for the rare
  occation that this script is ran manually.
  Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html
- commit 6d65136
- media: imx: imx7-media-csi: fix missing clk_disable_unprepare()
  in imx7_csi_init() (git-fixes).
- commit e70e8d4
- media: platform: ti: Add missing check for devm_regulator_get
  (git-fixes).
- commit 08661ee
- phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node
  function (CVE-2023-23000 bsc#1208816).
- commit 4632142
- Update patch reference for media fix (CVE-2023-1118 bsc#1208837)
- commit 778b9f2
- media: ti: cal: fix possible memory leak in cal_ctx_create()
  (git-fixes).
- commit 2ff7792
- struct uvc_device move flush_status  new member to end
  (git-fixes).
- commit 8ba3f50
- media: uvcvideo: Fix race condition with usb_kill_urb
  (git-fixes).
- commit 9dd8ca0
- media: coda: Add check for kmalloc (git-fixes).
- commit 8c98f78
- media: coda: Add check for dcoda_iram_alloc (git-fixes).
- commit 705609f
- scsi: qla2xxx: Add option to disable FC2 Target support
  (bsc#1198438 bsc#1206103).
- Delete
  patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch.
- commit 9b1b9b9
- blacklist.conf: cosmetic, not a bug fix
- commit a1eb9b6
- net/ulp: use consistent error code when blocking ULP
  (CVE-2023-0461 bsc#1208787).
- net/ulp: prevent ULP without clone op from entering the LISTEN
  status (CVE-2023-0461 bsc#1208787).
- commit bad820e
- KABI FIX FOR: NFSD: Have legacy NFSD WRITE decoders use
  xdr_stream_subsegment() (git-fixes).
- commit bd901a6
- KABI FIX FOR: NFS: Further optimisations for 'ls -l'
  (git-fixes).
- commit 894aa13
- SUNRPC: Fix socket waits for write buffer space (git-fixes).
- NFSv4: Protect the state recovery thread against direct reclaim
  (git-fixes).
- NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify()
  (git-fixes).
- NFSD: Fix nfsd_breaker_owns_lease() return values (git-fixes).
- NFSD: COMMIT operations must not return NFS?ERR_INVAL
  (git-fixes).
- sunrpc: Fix potential race conditions in
  rpc_sysfs_xprt_state_change() (git-fixes).
- net/sunrpc: fix reference count leaks in
  rpc_sysfs_xprt_state_change (git-fixes).
- SUNRPC allow for unspecified transport time in rpc_clnt_add_xprt
  (git-fixes).
- NFSv4 handle port presence in fs_location server string
  (git-fixes).
- NFSv4 expose nfs_parse_server_name function (git-fixes).
- NFSv4.1 query for fs_location attr on a new file system
  (git-fixes).
- NFSv4 store server support for fs_location attribute
  (git-fixes).
- NFSv4 remove zero number of fs_locations entries error check
  (git-fixes).
- NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup()
  (git-fixes).
- NFSv4 only print the label when its queried (git-fixes).
- NFSD: De-duplicate net_generic(nf->nf_net, nfsd_net_id)
  (git-fixes).
- NFSD: Have legacy NFSD WRITE decoders use
  xdr_stream_subsegment() (git-fixes).
- NFS: Create a new nfs_alloc_fattr_with_label() function
  (git-fixes).
- NFS: Always initialise fattr->label in nfs_fattr_alloc()
  (git-fixes).
- NFS: Don't allocate nfs_fattr on the stack in __nfs42_ssc_open()
  (git-fixes).
- NFS: Further optimisations for 'ls -l' (git-fixes).
- commit fc8bee1
- blacklist.conf: NFS updates
- commit 424a052
- selftests/powerpc: Account for offline cpus in perf-hwbreak test
  (bsc#1206232).
- selftests/powerpc: Bump up rlimit for perf-hwbreak test
  (bsc#1206232).
- selftests/powerpc: Move perror closer to its use (bsc#1206232).
- commit cc3db6d
- cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629).
- commit 6b88ff8
- cifs: improve checking of DFS links over
  STATUS_OBJECT_NAME_INVALID (git-fixes).
- commit 2d97db4
- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too
  (bsc#1193629).
- commit aef7d88
- cifs: match even the scope id for ipv6 addresses (bsc#1193629).
- commit a3d06fc
- cifs: update ip_addr for ses only for primary chan setup
  (bsc#1193629).
- commit 9b0633d
- cifs: use tcon allocation functions even for dummy tcon
  (git-fixes).
- commit 4cb2b33
- cifs: use the least loaded channel for sending requests
  (bsc#1193629).
- commit cfdb032
- smb3: Replace smb2pdu 1-element arrays with flex-arrays
  (bsc#1193629).
- commit 8183847
- selftests/ftrace: Convert tracer tests to use 'requires'
  to specify program dependency (bsc#1204993 ltc#200103).
- selftests/ftrace: Add check for ping command for trigger tests
  (bsc#1204993 ltc#200103).
- commit 11e08ba
- cifs: get rid of dns resolve worker (bsc#1193629).
- commit 2cb37b3
- cifs: Fix warning and UAF when destroy the MR list (git-fixes).
- commit 5fa5f21
- cifs: Fix lost destroy smbd connection when MR allocate failed
  (git-fixes).
- commit f517a17
- cifs: return a single-use cfid if we did not get a lease
  (bsc#1193629).
- commit 90e06b0
- cifs: Check the lease context if we actually got a lease
  (bsc#1193629).
- commit 8e90bef
- cifs: Replace remaining 1-element arrays (bsc#1193629).
- commit a459269
- cifs: Convert struct fealist away from 1-element array
  (bsc#1193629).
- commit da04015
- cifs: fix mount on old smb servers (boo#1206935).
- commit 1f96ba2
- cifs: Fix uninitialized memory reads for oparms.mode
  (bsc#1193629).
- commit 54e33cf
- cifs: remove unneeded 2bytes of padding from smb2 tree connect
  (bsc#1193629).
- commit be0bd63
- cifs: Fix uninitialized memory read in smb3_qfs_tcon()
  (bsc#1193629).
- commit 0882d15
- cifs: don't try to use rdma offload on encrypted connections
  (bsc#1193629).
- commit e4e0061
- cifs: split out smb3_use_rdma_offload() helper (bsc#1193629).
- commit 04a4e24
- cifs: introduce cifs_io_parms in smb2_async_writev()
  (bsc#1193629).
- commit 3e469a4
- cifs: get rid of unneeded conditional in cifs_get_num_sgs()
  (bsc#1193629).
- commit 406d57e
- cifs: prevent data race in smb2_reconnect() (bsc#1193629).
- commit 57b5cfd
- cifs: Get rid of unneeded conditional in the smb2_get_aead_req()
  (bsc#1193629).
- commit 1affc8c
- cifs: print last update time for interface list (bsc#1193629).
- commit 77e9288
- cifs: Replace zero-length arrays with flexible-array members
  (bsc#1193629).
- commit ccb5ba6
- cifs: Use kstrtobool() instead of strtobool() (bsc#1193629).
- commit 782ea60
- cifs: Fix use-after-free in rdata->read_into_pages()
  (git-fixes).
- commit 107b2e5
- cifs: Fix oops due to uncleared server->smbd_conn in reconnect
  (git-fixes).
- commit fe84ac1
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).
  When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1
  which sets the variable for a simple command.
  However, the script is no longer a simple command. Export the variable
  instead.
- commit 152a069
- Refresh
  patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch.
- Refresh
  patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch.
  Fix bug introduced by broken backport (bsc#1208628).
- commit d902e3e
- Move upstreamed i915 and media fixes into sorted section
- commit f79acc7
- ocfs2: Fix data corruption after failed write (bsc#1208542).
- commit 92f0180
- nvme-fabrics: show well known discovery name (bsc#1200054).
- commit 0dc6ff3
- hv_netvsc: Check status in SEND_RNDIS_PKT completion message
  (git-fixes).
- commit cf78232
- ASoC: mchp-spdifrx: Fix uninitialized use of mr in
  mchp_spdifrx_hw_params() (git-fixes).
- commit ef46bcf
- ALSA: ice1712: Delete unreachable code in aureon_add_controls()
  (git-fixes).
- ALSA: ice1712: Do not left ice->gpio_mutex locked in
  aureon_add_controls() (git-fixes).
- ASoC: adau7118: don't disable regulators on device unbind
  (git-fixes).
- watchdog: sbsa_wdog: Make sure the timeout programming is
  within the limits (git-fixes).
- watchdog: pcwd_usb: Fix attempting to access uninitialized
  memory (git-fixes).
- watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes).
- watchdog: at91sam9_wdt: use devm_request_irq to avoid missing
  free_irq() in error path (git-fixes).
- vc_screen: don't clobber return value in vcs_read (git-fixes).
- vc_screen: modify vcs_size() handling in vcs_read() (git-fixes).
- wifi: ath11k: allow system suspend to survive ath11k
  (git-fixes).
- vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes).
- VMCI: check context->notify_page after call to
  get_user_pages_fast() to avoid GPF (git-fixes).
- tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx
  dma case (git-fixes).
- tty: serial: qcom-geni-serial: stop operations in progress at
  shutdown (git-fixes).
- tty: serial: fsl_lpuart: clear LPUART Status Register in
  lpuart32_shutdown() (git-fixes).
- USB: serial: option: add support for VW/Skoda "/Carstick LTE"/
  (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-M
  (git-fixes).
- usb: max-3421: Fix setting of I/O pins (git-fixes).
- usb: musb: mediatek: don't unregister something that wasn't
  registered (git-fixes).
- USB: core: Don't hold device lock while reading the
  "/descriptors"/ sysfs file (git-fixes).
- usb: early: xhci-dbc: Fix a potential out-of-bound memory access
  (git-fixes).
- usb: gadget: fusb300_udc: free irq on the error path in
  fusb300_probe() (git-fixes).
- wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
  (git-fixes).
- wifi: cfg80211: Fix use after free for wext (git-fixes).
- wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup
  (git-fixes).
- wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there
  is no callback function (git-fixes).
- wifi: mwifiex: fix loop iterator in
  mwifiex_update_ampdu_txwinsize() (git-fixes).
- wifi: mwifiex: Add missing compatible string for SD8787
  (git-fixes).
- wifi: iwl4965: Add missing check for
  create_singlethread_workqueue() (git-fixes).
- wifi: iwl3945: Add missing check for
  create_singlethread_workqueue (git-fixes).
- wifi: cfg80211: Fix extended KCK key length check in
  nl80211_set_rekey_data() (git-fixes).
- wifi: orinoco: check return value of hermes_write_wordrec()
  (git-fixes).
- wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU
  (git-fixes).
- wifi: rtw89: Add missing check for alloc_workqueue (git-fixes).
- wifi: wl3501_cs: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: libertas: cmdresp: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: libertas: main: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: libertas: if_usb: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: libertas_tf: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
  (git-fixes).
- wifi: brcmfmac: fix potential memory leak in
  brcmf_netdev_start_xmit() (git-fixes).
- wifi: wilc1000: fix potential memory leak in wilc_mac_xmit()
  (git-fixes).
- wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes).
- wifi: ipw2x00: don't call dev_kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: Fix global-out-of-bounds bug in
  _rtl8812ae_phy_set_txpower_limit() (git-fixes).
- wifi: rtl8xxxu: don't call dev_kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: libertas: fix memory leak in lbs_init_adapter()
  (git-fixes).
- wifi: iwlegacy: common: don't call dev_kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8723be: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8188ee: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8821ae: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes).
- commit 795b424
- thermal: intel: BXT_PMIC: select REGMAP instead of depending
  on it (git-fixes).
- thermal: intel: quark_dts: fix error pointer dereference
  (git-fixes).
- rtc: allow rtc_read_alarm without read_alarm callback
  (git-fixes).
- rtc: pm8xxx: fix set-alarm race (git-fixes).
- rtc: sun6i: Always export the internal oscillator (git-fixes).
- spi: tegra210-quad: Fix validate combined sequence (git-fixes).
- nfc: fix memory leak of se_io context in nfc_genl_se_io
  (git-fixes).
- remoteproc: qcom_q6v5_mss: Use a carveout to authenticate
  modem headers (git-fixes).
- remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes).
- mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW
  (git-fixes).
- mtd: rawnand: sunxi: Fix the size of the last OOB region
  (git-fixes).
- mtd: rawnand: sunxi: Clean up chips after failed init
  (git-fixes).
- mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type
  (git-fixes).
- mtd: spi-nor: spansion: Consider reserved bits in CFR5 register
  (git-fixes).
- mtd: spi-nor: core: fix implicit declaration warning
  (git-fixes).
- mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes).
- mtd: dataflash: remove duplicate SPI ID table (git-fixes).
- soundwire: cadence: Don't overflow the command FIFOs
  (git-fixes).
- phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes).
- PCI: switchtec: Return -EFAULT for copy_to_user() errors
  (git-fixes).
- PCI: Fix dropping valid root bus resources with .end = zero
  (git-fixes).
- PCI/PM: Observe reset delay irrespective of bridge_d3
  (git-fixes).
- PCI/IOV: Enlarge virtfn sysfs name buffer (git-fixes).
- PCI: hotplug: Allow marking devices as disconnected during
  bind/unbind (git-fixes).
- serial: fsl_lpuart: fix RS485 RTS polariy inverse issue
  (git-fixes).
- serial: tegra: Add missing clk_disable_unprepare() in
  tegra_uart_hw_init() (git-fixes).
- tty: serial: fsl_lpuart: disable Rx/Tx DMA in
  lpuart32_shutdown() (git-fixes).
- printf: fix errname.c list (git-fixes).
- pinctrl: mediatek: Initialize variable *buf to zero (git-fixes).
- pinctrl: rockchip: Fix refcount leak in
  rockchip_pinctrl_parse_groups (git-fixes).
- pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain
  (git-fixes).
- pinctrl: qcom: pinctrl-msm8976: Correct function names for
  wcss pins (git-fixes).
- spi: synquacer: Fix timeout handling in
  synquacer_spi_transfer_one() (git-fixes).
- spi: bcm63xx-hsspi: Endianness fix for ARM based SoC
  (git-fixes).
- sefltests: netdevsim: wait for devlink instance after netns
  removal (git-fixes).
- thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes).
- thermal: intel: powerclamp: Fix cur_state for multi package
  system (git-fixes).
- thermal/drivers/tsens: limit num_sensors to 9 for msm8939
  (git-fixes).
- thermal/drivers/tsens: fix slope values for msm8939 (git-fixes).
- thermal/drivers/tsens: Sort out msm8976 vs msm8956 data
  (git-fixes).
- thermal/drivers/tsens: Drop msm8976-specific defines
  (git-fixes).
- net/rose: Fix to not accept on connected socket (git-fixes).
- platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match
  (git-fixes).
- platform/x86: amd-pmc: Correct usage of SMU version (git-fixes).
- selftest/lkdtm: Skip stack-entropy test if lkdtm is not
  available (git-fixes).
- platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is
  disabled (git-fixes).
- platform/x86: amd-pmc: Export Idlemask values based on the APU
  (git-fixes).
- commit 14a6c6a
- media: saa7134: Use video_unregister_device for radio_dev
  (git-fixes).
- media: usb: siano: Fix use after free bugs caused by
  do_submit_urb (git-fixes).
- media: i2c: ov7670: 0 instead of -EINVAL was returned
  (git-fixes).
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
  (git-fixes).
- media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes).
- media: v4l2-jpeg: correct the skip count in
  jpeg_parse_app14_data (git-fixes).
- media: ipu3-cio2: Fix PM runtime usage_count in driver unbind
  (git-fixes).
- media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes).
- media: ov5675: Fix memleak in ov5675_init_controls()
  (git-fixes).
- media: ov2740: Fix memleak in ov2740_init_controls()
  (git-fixes).
- media: max9286: Fix memleak in max9286_v4l2_register()
  (git-fixes).
- Input: iqs626a - drop unused device node references (git-fixes).
- Input: ads7846 - don't check penirq immediately for 7845
  (git-fixes).
- Input: ads7846 - always set last command to PWRDOWN (git-fixes).
- Input: ads7846 - don't report pressure for ads7845 (git-fixes).
- Input: iqs269a - configure device with a single block write
  (git-fixes).
- Input: iqs269a - increase interrupt handler return delay
  (git-fixes).
- Input: iqs269a - drop unused device node references (git-fixes).
- i2c: designware: fix i2c_dw_clk_rate() return size to be u32
  (git-fixes).
- iio: light: tsl2563: Do not hardcode interrupt trigger type
  (git-fixes).
- misc/mei/hdcp: Use correct macros to initialize uuid_le
  (git-fixes).
- misc: enclosure: Fix doc for enclosure_find() (git-fixes).
- lib/zlib: remove redundation assignement of avail_in
  dfltcc_gdht() (git-fixes).
- leds: led-core: Fix refcount leak in of_led_get() (git-fixes).
- mfd: pcf50633-adc: Fix potential memleak in
  pcf50633_adc_async_read() (git-fixes).
- mfd: cs5535: Don't build on UML (git-fixes).
- gpu: host1x: Don't skip assigning syncpoints to channels
  (git-fixes).
- gpu: ipu-v3: common: Add of_node_put() for reference returned
  by of_graph_get_port_by_id() (git-fixes).
- hwmon: (mlxreg-fan) Return zero speed for broken fan
  (git-fixes).
- hwmon: (ltc2945) Handle error case in ltc2945_value_store
  (git-fixes).
- hwmon: (ftsteutates) Fix scaling of measurements (git-fixes).
- Revert "/HID: logitech-hidpp: add a module parameter to keep
  firmware gestures"/ (git-fixes).
- hid: bigben_probe(): validate report count (git-fixes).
- HID: bigben: use spinlock to safely schedule workers
  (git-fixes).
- HID: bigben_worker() remove unneeded check on report_field
  (git-fixes).
- HID: bigben: use spinlock to protect concurrent accesses
  (git-fixes).
- HID: asus: use spinlock to safely schedule workers (git-fixes).
- HID: asus: use spinlock to protect concurrent accesses
  (git-fixes).
- gpio: tegra186: remove unneeded loop in
  tegra186_gpio_init_route_mapping() (git-fixes).
- lib/mpi: Fix buffer overrun when SG is too long (git-fixes).
- leds: led-class: Add missing put_device() to led_put()
  (git-fixes).
- mmc: jz4740: Work around bug on JZ4760(B) (git-fixes).
- mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes).
- mmc: sdio: fix possible resource leaks in some error paths
  (git-fixes).
- HID: core: Fix deadloop in hid_apply_multiplier (git-fixes).
- HID: elecom: add support for TrackBall 056E:011C (git-fixes).
- staging: mt7621-dts: change palmbus address to lower case
  (git-fixes).
- commit ed4a4d9
- drm/i915: Don't use BAR mappings for ring buffers with LLC
  (git-fixes).
- dt-bindings: hwlock: sun6i: Add missing #hwlock-cells
  (git-fixes).
- dt-bindings: input: iqs626a: Redefine trackpad property types
  (git-fixes).
- dt-bindings: power: supply: pm8941-coincell: Don't require
  charging properties (git-fixes).
- firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF
  Kconfig entries (git-fixes).
- firmware: dmi-sysfs: Fix null-ptr-deref in
  dmi_sysfs_register_handle (git-fixes).
- firmware: stratix10-svc: add missing gen_pool_destroy() in
  stratix10_svc_drv_probe() (git-fixes).
- eeprom: idt_89hpesx: Fix error handling in idt_init()
  (git-fixes).
- dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A
  usb3-phy0 optional (git-fixes).
- drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes).
- drm/amd/display: reduce else-if to else in
  dcn10_blank_pixel_data() (git-fixes).
- drm/msm/dpu: set pdpu->is_rt_pipe early in
  dpu_plane_sspp_atomic_update() (git-fixes).
- drm/msm/mdp5: Add check for kzalloc (git-fixes).
- drm/msm/dpu: Add check for pstates (git-fixes).
- drm/msm/dpu: Add check for cstate (git-fixes).
- drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc
  (git-fixes).
- drm/msm: use strscpy instead of strncpy (git-fixes).
- drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
  (git-fixes).
- dt-bindings: msm: dsi-controller-main: Add vdd* descriptions
  back in (git-fixes).
- drm/msm/dpu: Disallow unallocated resources to be returned
  (git-fixes).
- drm/msm/gem: Add check for kmalloc (git-fixes).
- drm/msm: clean event_thread->worker in case of an error
  (git-fixes).
- drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup()
  (git-fixes).
- drm/mediatek: Clean dangling pointer on bind error path
  (git-fixes).
- drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc
  (git-fixes).
- drm/mediatek: Drop unbalanced obj unref (git-fixes).
- drm/mediatek: Use NULL instead of 0 for NULL pointer
  (git-fixes).
- drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending
  cmd (git-fixes).
- drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
  (git-fixes).
- drm/bridge: lt9611: pass a pointer to the of node (git-fixes).
- drm/bridge: lt9611: fix clock calculation (git-fixes).
- drm/bridge: lt9611: fix programming of video modes (git-fixes).
- drm/bridge: lt9611: fix polarity programming (git-fixes).
- drm/bridge: lt9611: fix HPD reenablement (git-fixes).
- drm/bridge: lt9611: fix sleep mode setup (git-fixes).
- drm/vc4: hdmi: Correct interlaced timings again (git-fixes).
- drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes).
- drm/vc4: hvs: Set AXI panic modes (git-fixes).
- drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes).
- drm: tidss: Fix pixel format definition (git-fixes).
- drm/bridge: lt8912b: Add hot plug detection (git-fixes).
- drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes).
- drm/vkms: Fix memory leak in vkms_init() (git-fixes).
- drm/bridge: megachips: Fix error handling in
  i2c_register_driver() (git-fixes).
- drm/vc4: vec: Use pm_runtime_resume_and_get() in
  vc4_vec_encoder_enable() (git-fixes).
- gpio: vf610: connect GPIO label to dev name (git-fixes).
- dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us
  dependency (git-fixes).
- dt-bindings: arm: fsl: Fix bindings for APF28Dev board
  (git-fixes).
- commit 3467b1b
- auxdisplay: hd44780: Fix potential memory leak in
  hd44780_remove() (git-fixes).
- Documentation: simplify and clarify DCO contribution example
  language (git-fixes).
- clk: qcom: gcc-qcs404: fix names of the DSI clocks used as
  parents (git-fixes).
- clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents
  (git-fixes).
- clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled()
  (git-fixes).
- clk: imx: avoid memory leak (git-fixes).
- clk: renesas: cpg-mssr: Remove superfluous check in resume code
  (git-fixes).
- clk: renesas: cpg-mssr: Fix use after free if
  cpg_mssr_common_init() failed (git-fixes).
- clk: ralink: fix 'mt7621_gate_is_enabled()' function
  (git-fixes).
- dmaengine: ptdma: check for null desc before calling
  pt_cmd_callback (git-fixes).
- dmaengine: dw-axi-dmac: Do not dereference NULL structure
  (git-fixes).
- dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0
  (git-fixes).
- dmaengine: dw-edma: Fix readq_ch() return value truncation
  (git-fixes).
- dmaengine: dw-edma: Drop chancnt initialization (git-fixes).
- dmaengine: dw-edma: Fix invalid interleaved xfers semantics
  (git-fixes).
- dmaengine: dw-edma: Don't permit non-inc interleaved xfers
  (git-fixes).
- dmaengine: dw-edma: Fix missing src/dst address of interleaved
  xfers (git-fixes).
- driver core: fw_devlink: Add DL_FLAG_CYCLE support to device
  links (git-fixes).
- drivers: base: transport_class: fix resource leak when
  transport_add_device() fails (git-fixes).
- drivers: base: transport_class: fix possible memory leak
  (git-fixes).
- driver core: fix resource leak in device_add() (git-fixes).
- driver core: fix potential null-ptr-deref in device_add()
  (git-fixes).
- comedi: use menuconfig for main Comedi menu (git-fixes).
- Revert "/char: pcmcia: cm4000_cs: Replace mdelay with
  usleep_range in set_protocol"/ (git-fixes).
- backlight: backlight: Fix doc for backlight_device_get_by_name
  (git-fixes).
- docs: gdbmacros: print newest record (git-fixes).
- drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC
  (git-fixes).
- drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats
  (git-fixes).
- drm: Fix potential null-ptr-deref due to drmm_mode_config_init()
  (git-fixes).
- audit: update the mailing list in MAINTAINERS (git-fixes).
- docs: ftrace: fix a issue with duplicated subtitle number
  (git-fixes).
- ASoC: soc-dapm.h: fixup warning struct snd_pcm_substream not
  declared (git-fixes).
- ASoC: tlv320adcx140: fix 'ti,gpio-config' DT property init
  (git-fixes).
- ASoC: dt-bindings: meson: fix gx-card codec node regex
  (git-fixes).
- ASoC: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes).
- ASoC: rsnd: fixup #endif position (git-fixes).
- Bluetooth: hci_qca: get wakeup status from serdev device handle
  (git-fixes).
- Bluetooth: L2CAP: Fix potential user-after-free (git-fixes).
- crypto: crypto4xx - Call dma_unmap_page when done (git-fixes).
- crypto: rsa-pkcs1pad - Use akcipher_request_complete
  (git-fixes).
- crypto: qat - fix out-of-bounds read (git-fixes).
- Revert "/crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with
  GFP_KERNEL in pkcs1pad_encrypt_sign_complete"/ (git-fixes).
- crypto: xts - Handle EBUSY correctly (git-fixes).
- crypto: seqiv - Handle EBUSY correctly (git-fixes).
- crypto: essiv - Handle EBUSY correctly (git-fixes).
- crypto: ccp - Failure on re-initialization due to duplicate
  sysfs filename (git-fixes).
- crypto: ccp - Avoid page allocation failure warning for
  SEV_GET_ID2 (git-fixes).
- crypto: x86/ghash - fix unaligned access in ghash_setkey()
  (git-fixes).
- drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list
  (git-fixes).
- drm/amd/display: Properly handle additional cases where DCN
  is not supported (git-fixes).
- drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS ==
  COMPLETED (git-fixes).
- clk: mxl: syscon_node_to_regmap() returns error pointers
  (git-fixes).
- clk: mxl: Fix a clk entry by adding relevant flags (git-fixes).
- clk: mxl: Add option to override gate clks (git-fixes).
- clk: mxl: Remove redundant spinlocks (git-fixes).
- clk: mxl: Switch from direct readl/writel based IO to regmap
  based IO (git-fixes).
- drm/i915/gen11: Moving WAs to icl_gt_workarounds_init()
  (git-fixes).
- commit d5e5686
- ARM: dts: exynos: correct TMU phandle in Odroid XU3 family
  (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Odroid XU (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Exynos4 (git-fixes).
- ARM: dts: spear320-hmi: correct STMPE GPIO compatible
  (git-fixes).
- applicom: Fix PCI device refcount leak in applicom_init()
  (git-fixes).
- arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes).
- ASoC: mchp-spdifrx: disable all interrupts in
  mchp_spdifrx_dai_remove() (git-fixes).
- ASoC: mchp-spdifrx: fix controls which rely on rsr register
  (git-fixes).
- ASoC: soc-compress.c: fixup private_data on
  snd_soc_new_compress() (git-fixes).
- ALSA: hda/ca0132: minor fix for allocation size (git-fixes).
- ACPI: battery: Fix missing NUL-termination with large strings
  (git-fixes).
- ACPICA: nsrepair: handle cases without a return value correctly
  (git-fixes).
- ACPICA: Drop port I/O validation for some regions (git-fixes).
- ARM: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for
  IOMMU node (git-fixes).
- arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes).
- arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node
  (git-fixes).
- arm64: dts: mt8192: Fix CPU map for single-cluster SoC
  (git-fixes).
- arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock
  description (git-fixes).
- arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN
  (git-fixes).
- arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan
  thermal trip (git-fixes).
- arm64: dts: meson: remove CPU opps below 1GHz for G12A boards
  (git-fixes).
- arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit
  address (git-fixes).
- arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name
  (git-fixes).
- arm64: dts: meson-gx: Fix Ethernet MAC address unit name
  (git-fixes).
- arm64: dts: imx8m: Align SoC unique ID node unit address
  (git-fixes).
- ARM: dts: imx7s: correct iomuxc gpr mux controller cells
  (git-fixes).
- ARM: dts: exynos: correct HDMI phy compatible in Exynos4
  (git-fixes).
- ARM: dts: exynos: correct wr-active property in Exynos3250
  Rinato (git-fixes).
- ARM: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference
  (git-fixes).
- arm64: dts: renesas: beacon-renesom: Fix gpio expander reference
  (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes).
- arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes).
- arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output
  names (git-fixes).
- arm64: dts: qcom: sc7280: correct SPMI bus address cells
  (git-fixes).
- arm64: dts: qcom: sc7180: correct SPMI bus address cells
  (git-fixes).
- arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt
  pin name (git-fixes).
- arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k
  instead of 4k (git-fixes).
- arm64: dts: qcom: qcs404: use symbol names for PCIe resets
  (git-fixes).
- ARM: bcm2835_defconfig: Enable the framebuffer (git-fixes).
- ARM: zynq: Fix refcount leak in zynq_early_slcr_init
  (git-fixes).
- ARM: imx: Call ida_simple_remove() for ida_simple_get
  (git-fixes).
- ARM: s3c: fix s3c64xx_set_timer_source prototype (git-fixes).
- ARM: OMAP1: call platform_device_put() in error case in
  omap1_dm_timer_init() (git-fixes).
- ARM: OMAP2+: Fix memory leak in realtime_counter_init()
  (git-fixes).
- ALSA: hda/realtek - fixed wrong gpio assigned (git-fixes).
- ALSA: hda/conexant: add a new hda codec SN6180 (git-fixes).
- ACPI: NFIT: fix a potential deadlock during NFIT teardown
  (git-fixes).
- ARM: dts: rockchip: add power-domains property to dp node on
  rk3288 (git-fixes).
- arm64: dts: rockchip: drop unused LED mode property from
  rk3328-roc-cc (git-fixes).
- ASoC: rt715-sdca: fix clock stop prepare timeout issue
  (git-fixes).
- ASoC: cs42l56: fix DT probe (git-fixes).
- ASoC: Intel: sof_cs42l42: always set dpcm_capture for amplifiers
  (git-fixes).
- ASoC: Intel: sof_rt5682: always set dpcm_capture for amplifiers
  (git-fixes).
- ALSA: hda: Do not unset preset when cleaning up codec
  (git-fixes).
- ACPI / x86: Add support for LPS0 callback handler (git-fixes).
- commit b514cae
- Refresh
  patches.suse/ipmi-ssif-Add-a-timer-between-request-retries.patch.
- Refresh patches.suse/ipmi-ssif-Remove-rtc_us_timer.patch.
- Refresh patches.suse/ipmi-ssif-resend_msg-cannot-fail.patch.
- Refresh
  patches.suse/ipmi_ssif-Rename-idle-state-and-check.patch.
- commit 39421c5
- KABI fix for:  NFSv3: handle out-of-order write replies
  (bsc#1205544).
- commit 931f6bd
- NFSv3: handle out-of-order write replies (bsc#1205544).
- commit 96398e7
- locking/rwsem: Disable preemption in all down_write*() and
  up_write() code paths (bsc#1207270).
- commit 87b3e0b
- locking/rwsem: Disable preemption in all down_read*() and
  up_read() code paths (bsc#1207270).
- commit c4762ff
- locking/rwsem: Prevent non-first waiter from spinning in
  down_write() slowpath (bsc#1207270).
- commit 61aa9bc
- locking/rwsem: Disable preemption while trying for rwsem lock
  (bsc#1207270).
- commit 164c146
- locking/rwsem: Allow slowpath writer to ignore handoff bit if
  not set by first waiter (bsc#1207270).
- commit 05a6130
- locking/rwsem: Always try to wake waiters in out_nolock path
  (bsc#1207270).
- commit 2d3049a
- locking/rwsem: Conditionally wake waiters in reader/writer
  slowpaths (bsc#1207270).
- commit 6c03884
- locking/rwsem: No need to check for handoff bit if wait queue
  empty (bsc#1207270).
- commit 7ef94ea
- locking: Add missing __sched attributes (bsc#1207270).
- commit 241a50d
- locking/rwsem: Make handoff bit handling more consistent
  (bsc#1207270).
- commit 68640da
- wifi: ath9k: Fix potential stack-out-of-bounds write in
  ath9k_wmi_rsp_callback() (git-fixes).
- commit 4c1ac5d
- blacklist.conf: Add oops_limit accretion disk
- commit b22c6d0
- powerpc/eeh: Set channel state after notifying the drivers
  (bsc#1208784 ltc#201612).
- commit c4cafd6
- platform/x86: ISST: PUNIT device mapping with Sub-NUMA
  clustering (bsc#1208420).
- commit 30beac0
- IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes)
- commit adff7f2
- IB/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes)
- commit 3bdf9ca
- RDMA/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes)
- commit 878e0eb
- iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes)
- commit d90e67e
- RDMA/irdma: Cap MSIX used to online CPUs + 1 (git-fixes)
- commit 05d982b
- RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes)
- commit 7eb2c03
- RDMA/siw: Fix user page pinning accounting (git-fixes)
- commit d72f1f4
- fuse: add inode/permission checks to fileattr_get/fileattr_set
  (bsc#1208759).
- commit 91990ec
- usb: gadget: u_serial: Add null pointer check in gserial_resume
  (git-fixes).
- commit 4549b2e
- Update
  patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch
  (bsc#1208741 CVE-2023-22995).
  Added CVE reference for fix already present
- commit 3d3f080
- net: mpls: fix stale pointer if allocation fails during device
  rename (bsc#1208700 CVE-2023-26545).
- commit 7ee1e3a
- RDMA/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes)
- commit 364a0c0
- RDMA/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes)
- commit 4c3dcae
- iommu/hyper-v: Allow hyperv irq remapping without x2apic
  (git-fixes).
- commit 944a8e8
- Avoid deadlock for recursive I/O on dm-thin when used as swap
  (bsc#1177529).
- commit 9236175
- x86/mm: Randomize per-cpu entry area (bsc#1207845
  CVE-2023-0597).
- commit 3959431
- [xen] fix "/direction"/ argument of iov_iter_kvec() (git-fixes).
- commit defee4c
- xen/privcmd: Fix a possible warning in
  privcmd_ioctl_mmap_resource() (git-fixes).
- commit fca2519
- x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes).
- commit d392a17
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
  (git-fixes).
- commit cd8f1e2
- blacklist.conf: add "/xen/netback: don't call kfree_skb() under
  spin_lock_irqsave()"/
- commit 49e8a38
- xen-netfront: Fix NULL sring after live migration (git-fixes).
- commit 81410eb
- xen/netback: fix build warning (git-fixes).
- Refresh
  patches.suse/xen-netback-Ensure-protocol-headers-don-t-fall-in-th.patch.
- commit 18cf292
- xen/platform-pci: add missing free_irq() in error path
  (git-fixes).
- commit 1274346
- xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too
  (git-fixes).
- commit e6b17f1
- xen/netback: do some code cleanup (git-fixes).
- Refresh
  patches.suse/xen-netback-don-t-call-kfree_skb-with-interrupts-dis.patch.
- commit ea1b704
- xen/netfront: destroy queues before real_num_tx_queues is zeroed
  (git-fixes).
- commit 264c043
- block: bio-integrity: Copy flags when bio_integrity_payload
  is cloned (bsc#1208541).
- commit 9308710
- scsi: lpfc: Copyright updates for 14.2.0.10 patches
  (bsc#1208607).
- scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607).
- scsi: lpfc: Introduce new attention types for
  lpfc_sli4_async_fc_evt() handler (bsc#1208607).
- scsi: lpfc: Reinitialize internal VMID data structures after
  FLOGI completion (bsc#1208607).
- scsi: lpfc: Fix use-after-free KFENCE violation during sysfs
  firmware write (bsc#1208607).
- scsi: lpfc: Exit PRLI completion handling early if ndlp not
  in PRLI_ISSUE state (bsc#1208607).
- scsi: lpfc: Remove duplicate ndlp kref decrement in
  lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534).
- scsi: lpfc: Remove redundant clean up code in disable_vport()
  (bsc#1208607).
- scsi: lpfc: Set max DMA segment size to HBA supported SGE length
  (bsc#1208607).
- scsi: lpfc: Resolve miscellaneous variable set but not used
  compiler warnings (bsc#1208607).
- scsi: lpfc: Replace outdated strncpy() with strscpy()
  (bsc#1208607).
- scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show()
  (bsc#1208607).
- commit eecdcbc
- scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
- scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
- scsi: qla2xxx: Use a variable for repeated mem_size computation
  (bsc#1208570).
- scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf()
  static (bsc#1208570).
- scsi: qla2xxx: Fix printk() format string (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570).
- scsi: qla2xxx: Select qpair depending on which CPU post_cmd()
  gets called (bsc#1208570).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
- scsi: qla2xxx: edif: Reduce memory usage during low I/O
  (bsc#1208570).
- scsi: qla2xxx: edif: Fix stall session after app start
  (bsc#1208570).
- scsi: qla2xxx: edif: Fix performance dip due to lock contention
  (bsc#1208570).
- scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570).
- scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
- scsi: qla2xxx: Remove increment of interface err cnt
  (bsc#1208570).
- scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
- scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
- scsi: qla2xxx: Fix stalled login (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription for management
  commands (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
  (bsc#1208570).
- scsi: qla2xxx: Fix link failure in NPIV environment
  (bsc#1208570).
- scsi: qla2xxx: Check if port is online before sending ELS
  (bsc#1208570).
- commit e9e64c0
- hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC
  (git-fixes).
- x86/hyperv: Introduce
  HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants
  (git-fixes).
- PCI: hv: update comment in x86 specific hv_arch_irq_unmask
  (git-fixes).
- hv: fix comment typo in vmbus_channel/low_latency (git-fixes).
- commit e18f1a9
- drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes).
- commit 43b143c
- drm/hyperv : Removing the restruction of VRAM allocation with
  PCI bar size (git-fixes).
- commit 6cc703f
- powercap: fix possible name leak in powercap_register_zone()
  (git-fixes).
- commit d3806fa
- usb: dwc3: qcom: suppress unused-variable warning (git-fixes).
- commit f901e29
- blacklist.conf: false positive
- commit b59e5d1
- usb: musb: Add and use inline function musb_otg_state_string
  (git-fixes).
- commit cd1604d
- usb: musb: Add and use inline functions musb_{get,set}_state
  (git-fixes).
- commit 4523590
- usb: musb: remove schedule work called after flush (git-fixes).
- commit f3d8faf
- usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init
  (git-fixes).
- commit b3d3528
- usb: dwc3: qcom: clean up icc init (git-fixes).
- commit 88d9416
- usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes).
- commit b64ea4c
- usb: dwc3: qcom: clean up suspend callbacks (git-fixes).
- commit 2e3d004
- usb: dwc3: qcom: fix wakeup implementation (git-fixes).
- Refresh
  patches.suse/usb-dwc3-core-leave-default-DMA-if-the-controller-do.patch.
- commit 9b6a3e2
- Revert "/usb: dwc3: qcom: Keep power domain on to retain
  controller status"/ (git-fixes).
- commit 2174f55
- usb: dwc3: core: Host wake up support from system suspend
  (git-fixes).
- Refresh
  patches.suse/usb-dwc3-core-leave-default-DMA-if-the-controller-do.patch.
- commit f82f88f
- usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes).
- commit dc0c872
- usb: dwc3: qcom: fix gadget-only builds (git-fixes).
- commit d9b764b
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
- commit 4cd8f2e
- usb: dwc3: qcom: Keep power domain on to retain controller
  status (git-fixes).
- commit f6409bd
- usb: dwc3: qcom: Configure wakeup interrupts during suspend
  (git-fixes).
- Refresh patches.suse/usb-dwc3-qcom-fix-runtime-PM-wakeup.patch.
- Refresh
  patches.suse/usb-dwc3-qcom-fix-use-after-free-on-runtime-PM-wakeu.patch.
- commit a8bd7ad
- blacklist.conf: kABI
- commit b99a3c8
- s390/dasd: Fix potential memleak in dasd_eckd_init()
  (git-fixes).
- commit 4a4e22d
- blacklist.conf: ("/ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer"/)
- commit 5089b86
- ARM: renumber bits related to _TIF_WORK_MASK (git-fixes)
- commit c91243e
- blacklist.conf: ("/ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation"/)
- commit 400cab3
- blacklist.conf: ("/ARM: at91: pm: avoid soft resetting AC DLL"/)
- commit 6bcebc9
- blacklist.conf: ("/ARM: dts: at91: sama7g5: fix signal name of pin PB2"/)
- commit 919e157
- ARM: dts: am5748: keep usb4_tm disabled (git-fixes)
- commit b8d72b7
- blacklist.conf: ("/ARM: dts: at91: sama7g5ek: specify proper regulator output ranges"/)
- commit 3ab614b
- blacklist.conf: ("/ARM: at91: pm: fix DDR recalibration when resuming from backup and"/)
- commit 0f7a39d
- blacklist.conf: ("/ARM: at91: pm: fix self-refresh for sama7g5"/)
- commit be8848f
- Update
  patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch
  (CVE-2023-23559 bsc#1207051).
  Added CVE reference to patch already merged through git-fixes
- commit a3e1190
- ARM: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes)
- commit 91b832e
- ARM: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes)
- commit 1de40c0
- blacklist.conf: ("/ARM: dts: qcom-msm8974: fix irq type on blsp2_uart1"/)
- commit fa5a88a
- blacklist.conf: ("/ARM: dts: ux500: Fix Gavini accelerometer mounting matrix"/)
- commit 2b7186a
- blacklist.conf: ("/ARM: dts: ux500: Fix Codina accelerometer mounting matrix"/)
- commit aaa59d4
- xen/arm: Fix race in RB-tree based P2M accounting (git-fixes)
- commit 6cae44e
- ARM: dts: stm32: add missing usbh clock and fix clk order on (git-fixes)
- commit 34357fd
- blacklist.conf: ("/ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt"/)
- commit c94ffa5
- virt: sevguest: Rename the sevguest dir and files to sev-guest
  (bsc#1208449).
- Refresh
  patches.suse/x86-sev-Get-the-AP-jump-table-address-from-secrets-page.
- commit efc1984
- virt: sevguest: Change driver name to reflect generic SEV
  support (bsc#1208449).
- Refresh
  patches.suse/x86-sev-Get-the-AP-jump-table-address-from-secrets-page.
- commit 9995360
- virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449).
- virt/sev-guest: Remove unnecessary free in init_crypto()
  (bsc#1208449).
- virt/sev-guest: Prevent IV reuse in the SNP guest driver
  (bsc#1208449).
- virt: sev-guest: Pass the appropriate argument type to iounmap()
  (bsc#1208449).
- commit 61ff2a0
- blacklist.conf: ("/ARM: versatile: Add missing of_node_put in dcscb_init"/)
- commit 346b599
- ARM: omap: remove debug-leds driver (git-fixes)
- commit 8b7f9eb
- blacklist.conf: ("/ARM: dts: at91: sama7g5: remove interrupt-parent from gic node"/)
- commit 7886324
- irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes)
- commit 7eff197
- blacklist.conf: ("/ARM: dts: at91: sama7g5ek: enable pull-up on flexcom3 console lines"/)
- commit 5fe218b
- blacklist.conf: ("/arm/xen: Fix some refcount leaks"/)
- commit e7dd5e5
- blacklist.conf: ("/ARM: dts: at91: sama7g5: Remove unused properties in i2c nodes"/)
- commit 8a32969
- blacklist.conf: ("/ARM: dts: at91: fix low limit for CPU regulator"/)
- commit 51d5738
- ARM: remove some dead code (git-fixes)
- commit f7ced4a
- blacklist.conf: ("/ARM: 9179/1: uaccess: avoid alignment faults in"/)
- commit ac48f9d
- blacklist.conf: ("/ARM: dts: gpio-ranges property is now required"/)
- commit 8e50da0
- blacklist.conf: ("/Revert "/ARM: 9070/1: Make UNWINDER_ARM depend on ld.bfd or ld.lld"/)
- commit 6e45b56
- blacklist.conf: ("/Documentation, arch: Remove leftovers from CIFS_WEAK_PW_HASH"/)
- commit db21aa5
- blacklist.conf: ("/ARM: dts: at91: update alternate function of signal PD20"/)
- commit 638e70e
- ARM: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes)
- commit b3c9eb5
- ARM: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes)
- commit 255b829
- kmap_local: don't assume kmap PTEs are linear arrays in memory (git-fixes)
  Update config/armv7hl/default too.
- commit 4f3ffba
- ARM: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes)
- commit 9fe9f3d
- blacklist.conf: ("/ARM: 9131/1: mm: Fix PXN process with LPAE feature"/)
- commit 401f82c
- drm/vmwgfx: Avoid NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331 CVE-2022-38096)
- commit 1c4885c
- blacklist: add commit 752f59637128 ("/docs: filesystems: update netfs-api.rst reference"/)
- commit b636a21
- fscache_cookie_enabled: check cookie is valid before accessing
  it (bsc#1208429).
- commit eb9d928
- ceph: flush cap releases when the session is flushed
  (bsc#1208428).
- commit 6cc818b
- block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes).
- blk-cgroup: fix missing pd_online_fn() while activating policy
  (git-fixes).
- block: don't allow splitting of a REQ_NOWAIT bio (git-fixes).
- block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes).
- blk-mq: fix possible memleak when register 'hctx' failed
  (git-fixes).
- block: mq-deadline: Do not break sequential write streams to
  zoned HDDs (git-fixes).
- block: clear ->slave_dir when dropping the main slave_dir
  reference (git-fixes).
- md/raid1: stop mdx_raid1 thread when raid1 array run failed
  (git-fixes).
- md: fix a crash in mempool_free (git-fixes).
- md/bitmap: Fix bitmap chunk size overflow issues (git-fixes).
- drivers/md/md-bitmap: check the return value of
  md_bitmap_get_counter() (git-fixes).
- block/bfq-iosched.c: use "/false"/ rather than "/BLK_RW_ASYNC"/
  (git-fixes).
- block: fix and cleanup bio_check_ro (git-fixes).
- commit 1404ba9
- blacklist.conf: add git-fixes commit which won't be backported
- commit 9c78c8a
- net: mana: Assign interrupts to CPUs based on NUMA nodes
  (bsc#1208153).
- Refresh
  patches.suse/net-mana-Fix-IRQ-name-add-PCI-and-queue-number.patch.
- commit e0863ac
- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- commit b973d25
- drm/amd/display: Fail atomic_check early on normalize_zpos error
  (git-fixes).
- net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
  (git-fixes).
- net: openvswitch: fix possible memory leak in
  ovs_meter_cmd_set() (git-fixes).
- commit 305b479
- Set references for "/drm/vmwgfx: Validate the box size for the snooped cursor"/ (bsc#1203332 CVE-2022-36280)
- commit 9d6fa3b
- exit: Use READ_ONCE() for all oops/warn limit reads
  (bsc#1207328).
- exit: Allow oops_limit to be disabled (bsc#1207328).
- commit 75afc24
- panic: Introduce warn_limit (bsc#1207328).
- panic: Consolidate open-coded panic_on_warn checks
  (bsc#1207328).
- kasan: no need to unset panic_on_warn in end_report()
  (bsc#1207328).
- ubsan: no need to unset panic_on_warn in ubsan_epilogue()
  (bsc#1207328).
- panic: unset panic_on_warn inside panic() (bsc#1207328).
- commit 2d71785
- Update
  patches.suse/0001-exit-Put-an-upper-limit-on-how-often-we-can-oops.patch
  (bsc#1207328, bsc#1208290).
- commit d66a2b6
- usb: core: add quirk for Alcor Link AK9563 smartcard reader
  (git-fixes).
- drm/i915: Fix VBT DSI DVO port handling (git-fixes).
- commit d08ee1f
- exit: Move force_uaccess back into do_exit (bsc#1207328).
- blacklist.conf: blacklist fixups for unsupported arches
- exit: Guarantee make_task_dead leaks the tsk when calling
  do_task_exit (bsc#1207328).
- objtool: Add a missing comma to avoid string concatenation
  (bsc#1207328).
- commit a5e521f
- exit: Put an upper limit on how often we can oops (bsc#1207328).
- sysctl: add a new register_sysctl_init() interface
  (bsc#1207328).
- exit: Stop poorly open coding do_task_dead in make_task_dead
  (bsc#1207328).
- exit: Move oops specific logic from do_exit into make_task_dead
  (bsc#1207328).
- exit: Add and use make_task_dead (bsc#1207328).
- commit b158add
- blacklist.conf: Add 4a7ba45b1a43 memcg: fix possible use-after-free in memcg_write_event_control()
- commit 6452dee
- net: mana: Fix IRQ name - add PCI and queue number
  (bsc#1207875).
- commit da88ecc
- x86/boot: Avoid using Intel mnemonics in AT&T syntax asm
  (git-fixes).
- x86/asm: Fix an assembler warning with current binutils
  (git-fixes).
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK
  (git-fixes).
- x86/kprobes: Fix kprobes instruction boudary check with
  CONFIG_RETHUNK (git-fixes).
- x86/kvm: Remove unused virt to phys translation in
  kvm_guest_cpu_init() (git-fixes).
- x86/microcode/intel: Do not retry microcode reloading on the
  APs (git-fixes).
- x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes).
- signal/vm86_32: Properly send SIGSEGV when the vm86 state
  cannot be saved (git-fixes).
- x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (git-fixes).
- commit e419e31
- blacklist.conf: add some x86 entries
- commit a9b7553
- x86/bugs: Flush IBP in ib_prctl_set() (bsc#1207773
  CVE-2023-0045).
- commit e08d6f4
- Fix page corruption caused by racy check in __free_pages
  (bsc#1208149).
- commit 28d64fc
- ipmi:ssif: Add a timer between request retries (bsc#1206459).
- ipmi:ssif: Remove rtc_us_timer (bsc#1206459).
- ipmi_ssif: Rename idle state and check (bsc#1206459).
- ipmi:ssif: resend_msg() cannot fail (bsc#1206459).
- commit a36b0e7
- Delete
  patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch.
- commit 2fa3c94
- RDMA/usnic: use iommu_map_atomic() under spin_lock() (git-fixes)
- commit af04c13
- RDMA/irdma: Fix potential NULL-ptr-dereference (git-fixes)
- commit c54f45a
- IB/IPoIB: Fix legacy IPoIB due to wrong number of queues (git-fixes)
- commit 16b662e
- IB/hfi1: Restore allocated resources on failed copyout (git-fixes)
- commit ccc63fc
- [infiniband] READ is "/data destination"/, not source... (git-fixes)
- commit e72e699
- bpf: Fix a possible task gone issue with
  bpf_send_signal[_thread]() helpers (git-fixes).
- commit 6dd7272
- bpf: Skip task with pid=1 in send_signal_common() (git-fixes).
- commit e9da05e
- tracing: Fix poll() and select() do not work on per_cpu
  trace_pipe and trace_pipe_raw (git-fixes).
- commit 6d2cfdd
- trace_events_hist: add check for return value of
  'create_hist_field' (git-fixes).
- commit 6dd7173
- tracing: Make sure trace_printk() can output as soon as it
  can be used (git-fixes).
- commit cac7b63
- xfs: estimate post-merge refcounts correctly (bsc#1208183).
- commit 5ea2f7f
- xfs: hoist refcount record merge predicates (bsc#1208183).
- commit 295092d
- usb: typec: altmodes/displayport: Fix probe pin assign check
  (git-fixes).
- commit 26849f9
- nvdimm: disable namespace on error (bsc#1166486).
- commit 195740e
- spi: dw: Fix wrong FIFO level setting for long xfers
  (git-fixes).
- commit 81770af
- ALSA: hda/realtek: Add Positivo N14KP6-TG (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP
  platform (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UM3402 using CS35L41
  (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs on HP Elitebook,
  645 G9 (git-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy
  Book2 Pro 360 (git-fixes).
- commit 58ec4c2
- clk: ingenic: jz4760: Update M/N/OD calculation algorithm
  (git-fixes).
- pinctrl: intel: Restore the pins that used to be in Direct
  IRQ mode (git-fixes).
- pinctrl: single: fix potential NULL dereference (git-fixes).
- pinctrl: aspeed: Fix confusing types in return value
  (git-fixes).
- pinctrl: mediatek: Fix the drive register definition of some
  Pins (git-fixes).
- arm64: dts: meson-gx: Make mmc host controller interrupts
  level-sensitive (git-fixes).
- arm64: dts: meson-g12-common: Make mmc host controller
  interrupts level-sensitive (git-fixes).
- arm64: dts: meson-axg: Make mmc host controller interrupts
  level-sensitive (git-fixes).
- ASoC: topology: Return -ENOMEM on memory allocation failure
  (git-fixes).
- ALSA: emux: Avoid potential array out-of-bound in
  snd_emux_xg_control() (git-fixes).
- ALSA: pci: lx6464es: fix a debug loop (git-fixes).
- commit 1f306c4
- drm/i915: Initialize the obj flags for shmem objects
  (git-fixes).
- drm/virtio: exbuf->fence_fd unmodified on interrupted wait
  (git-fixes).
- drm/amdgpu/fence: Fix oops due to non-matching drm_sched
  init/fini (git-fixes).
- selftests: forwarding: lib: quote the sysctl values (git-fixes).
- can: j1939: do not wait 250 ms if the same addr was already
  claimed (git-fixes).
- net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes).
- net: phy: meson-gxl: use MMD access dummy stubs for GXL,
  internal PHY (git-fixes).
- efi: Accept version 2 of memory attributes table (git-fixes).
- selftests: net: udpgso_bench_tx: Cater for pending datagrams
  zerocopy benchmarking (git-fixes).
- selftests: net: udpgso_bench: Fix racing bug between the rx/tx
  programs (git-fixes).
- selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args
  are provided (git-fixes).
- selftests: net: udpgso_bench_rx: Fix 'used uninitialized'
  compiler warning (git-fixes).
- ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device
  after use (git-fixes).
- i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes).
- i2c: mxs: suppress probe-deferral error message (git-fixes).
- i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU
  (git-fixes).
- drm/amd/display: Fix timing not changning when freesync video
  is enabled (git-fixes).
- platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF
  (git-fixes).
- platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type
  0x0010 table (git-fixes).
- net/x25: Fix to not accept on connected socket (git-fixes).
- fbdev: smscufx: fix error handling code in ufx_usb_probe
  (git-fixes).
- ASoC: Intel: bytcht_es8316: move comment to the right place
  (git-fixes).
- ASoC: Intel: boards: fix spelling in comments (git-fixes).
- commit 3e5740a
- watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210)
  Also enable module in aarch64 default configuration.
- commit 75d6ed8
- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653).
- commit fa7eb4a
- jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590).
- commit 6fe03db
- blacklist.conf: Add inapplicable ppc fixes
- commit 27b4e1f
- blacklist.conf: Add more unsupported ppc architecture paths
- commit 7ff8dae
- ACPI: x86: s2idle: Stop using AMD specific codepath for
  Rembrandt+ (bsc#1206224).
- ACPI: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865
  (bsc#1206224).
- ACPI: x86: s2idle: Add another ID to s2idle_dmi_table
  (bsc#1206224).
- ACPI: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224).
- ACPI: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG
  Flow X13 (bsc#1206224).
- ACPI: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7
  (bsc#1206224).
- ACPI: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14
  (bsc#1206224).
- ACPI: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE
  (bsc#1206224).
- ACPI: x86: s2idle: Add module parameter to prefer Microsoft GUID
  (bsc#1206224).
- ACPI: x86: s2idle: If a new AMD _HID is missing assume Rembrandt
  (bsc#1206224).
- ACPI: x86: s2idle: Move _HID handling for AMD systems into
  structures (bsc#1206224).
- ACPI: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is
  unset (bsc#1206224).
- ACPI: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008
  (bsc#1206224).
- commit 35655fa
- of/address: Return an error when no valid dma-ranges are found
  (git-fixes).
- usb: gadget: f_hid: fix refcount leak on error path (git-fixes).
- commit 787429a
- cifs: do not include page data when checking signature
  (git-fixes).
- commit 371ed21
- net: sched: fix race condition in qdisc_graft() (CVE-2023-0590
  bsc#1207795).
- net_sched: add __rcu annotation to netdev->qdisc (CVE-2023-0590
  bsc#1207795).
- commit 37e8915
- usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes).
- commit b8e6a95
- Remove duplicate Git-commit tag in patch file
- commit e53c839
- nvmet-auth: add missing goto in nvmet_setup_auth() (bsc#1207050
  CVE-2023-0122).
- commit bf95e5e
- net: sched: atm: dont intepret cls results when asked to drop
  (bsc#1207125 CVE-2023-23455).
- commit 7c3cc04
- blacklist.conf: kABI
- commit 2978c58
- net: sched: cbq: dont intepret cls results when asked to drop
  (bsc#1207036 CVE-2023-23454).
- commit 6b9dae7
- scsi: storvsc: Correct reporting of Hyper-V I/O size limits
  (git-fixes).
- commit 7c7cc75
- drm/hyperv: Add error message for fb size greater than allocated
  (git-fixes).
- commit cafd34d
- RDMA/core: Fix ib block iterator counter overflow (bsc#1207878).
- commit 6de96d2
- Delete for regression addressed (bsc#1207933) patches.suse/0029-zram-do-not-lookup-algorithm-in-backends-table.patch.
- commit bebd4c7
- net/mlx5: Dynamically resize flow counters query buffer
  (bsc#1195175).
- commit 6a283ad
- IB/hfi1: Remove user expected buffer invalidate race (git-fixes)
- commit 02f72aa
- IB/hfi1: Immediately remove invalid memory from hardware (git-fixes)
- commit 9a77ebc
- IB/hfi1: Fix expected receive setup error exit issues (git-fixes)
- commit b274778
- IB/hfi1: Reserve user expected TIDs (git-fixes)
- commit fe650ef
- IB/hfi1: Reject a zero-length user expected buffer (git-fixes)
- commit 09b161d
- RDMA/core: Fix ib block iterator counter overflow (git-fixes)
- commit dd46f2f
- RDMA/rxe: Prevent faulty rkey generation (git-fixes)
- commit d9dabe6
- RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes)
- commit 3feb1bc
- Update kabi files from 5.14.21-150400.24.41.1 (January 2023 update).
- commit 2e08d61
- net/tg3: resolve deadlock in tg3_reset_task() during EEH
  (bsc#1207842).
- commit a65c09c
- blacklist.conf: kABI
- commit f264e1b
- blacklist.conf: kABI
- commit a5843b9
- blacklist.conf: kABI
- commit 61ccddd
- RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes)
- commit 06d39b7
- RDMA/srp: Move large values to a new enum for gcc13 (git-fixes)
- commit 1322a9f
- arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI
  (git-fixes).
- ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes).
- ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes).
- dmaengine: imx-sdma: Fix a possible memory leak in
  sdma_transfer_init (git-fixes).
- HID: playstation: sanity check DualSense calibration data
  (git-fixes).
- extcon: usbc-tusb320: fix kernel-doc warning (git-fixes).
- selftests: Provide local define of __cpuid_count() (git-fixes).
- selftests/vm: remove ARRAY_SIZE define from individual tests
  (git-fixes).
- tools: fix ARRAY_SIZE defines in tools and selftests hdrs
  (git-fixes).
- commit fe9cb53
- x86/hyperv: Remove unregister syscore call from Hyper-V cleanup
  (git-fixes).
- commit 905c5a6
- hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap()
  (git-fixes).
- commit aae275a
- x86/hyperv: Restore VP assist page after cpu offlining/onlining
  (git-fixes).
- commit bd7d55d
- Update patch tags
  - patches.suse/watchdog-diag288_wdt-do-not-use-stack-buffers-for-ha.patch
- patches.suse/watchdog-diag288_wdt-fix-__diag288-inline-assembly.patch
- commit 9dc3955
- powerpc/kexec_file: Count hot-pluggable memory in FDT estimate
  (bsc#1194869).
- powerpc/64s/radix: Fix RWX mapping with relocated kernel
  (bsc#1194869).
- powerpc/64s/radix: Fix crash with unaligned relocated kernel
  (bsc#1194869).
- powerpc/kexec_file: Fix division by zero in extra size
  estimation (bsc#1194869).
- powerpc: move __end_rodata to cover arch read-only sections
  (bsc#1194869).
- powerpc/vmlinux.lds: Add an explicit symbol for the SRWX
  boundary (bsc#1194869).
- powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page
  aligned (bsc#1194869).
- commit 9e11a71
- powerpc/64s: Fix local irq disable when PMIs are disabled
  (bsc#1195655 ltc#1195655 git-fixes).
- commit 42a147d
- usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints
  (git-fixes).
- usb: gadget: f_fs: Fix unbalanced spinlock in
  __ffs_ep0_queue_wait (git-fixes).
- usb: dwc3: qcom: enable vbus override when in OTG dr-mode
  (git-fixes).
- vc_screen: move load of struct vc_data pointer in vcs_read()
  to avoid UAF (git-fixes).
- serial: 8250_dma: Fix DMA Rx rearm race (git-fixes).
- iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes).
- iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN
  (git-fixes).
- iio: imu: fxos8700: fix failed initialization ODR mode
  assignment (git-fixes).
- iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes).
- iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes).
- iio: hid: fix the retval in accel_3d_capture_sample (git-fixes).
- iio:adc:twl6030: Enable measurement of VAC (git-fixes).
- iio: imu: fxos8700: fix ACCEL measurement range selection
  (git-fixes).
- iio: imu: fxos8700: fix IMU data bits returned to user space
  (git-fixes).
- iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels
  readback (git-fixes).
- iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback
  (git-fixes).
- iio: imu: fxos8700: fix map label of channel type to MAGN sensor
  (git-fixes).
- iio:adc:twl6030: Enable measurements of VUSB, VBAT and others
  (git-fixes).
- iio: adc: berlin2-adc: Add missing of_node_put() in error path
  (git-fixes).
- iio: adc: stm32-dfsdm: fill module aliases (git-fixes).
- fpga: stratix10-soc: Fix return value check in
  s10_ops_write_init() (git-fixes).
- fbcon: Check font dimension limits (git-fixes).
- commit 0505fbb
- Move upstreamed net patch into sorted section
- commit 6bb42b5
- efi: fix potential NULL deref in efi_mem_reserve_persistent
  (git-fixes).
- drm/i915/adlp: Fix typo for reference clock (git-fixes).
- drm/i915: Fix potential bit_17 double-free (git-fixes).
- drm/vc4: hdmi: make CEC adapter name unique (git-fixes).
- commit 0b0e115
- watchdog: diag288_wdt: do not use stack buffers for hardware
  data (bsc#1207497).
- commit 70827db
- watchdog: diag288_wdt: fix __diag288() inline assembly
  (bsc#1207497).
- commit a36f04c
- btrfs: fix race between quota rescan and disable leading to
  NULL pointer deref (bsc#1207158).
- btrfs: fix race between quota enable and quota rescan ioctl
  (bsc#1207158).
- commit df99a9d
- btrfs: qgroup: remove outdated TODO comments (bsc#1207158).
- commit 0780574
- btrfs: qgroup: remove duplicated check in adding qgroup
  relations (bsc#1207158).
- commit 672de9e
- btrfs: move QUOTA_ENABLED check to rescan_should_stop from
  btrfs_qgroup_rescan_worker (bsc#1207158).
- commit 8a7e537
- ata: libata: Fix sata_down_spd_limit() when no link speed is
  reported (git-fixes).
- can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate
  (git-fixes).
- net: phy: meson-gxl: Add generic dummy stubs for MMD register
  access (git-fixes).
- netrom: Fix use-after-free caused by accept on already connected
  socket (git-fixes).
- net: phy: dp83822: Fix null pointer access on DP83825/DP83826
  devices (git-fixes).
- arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX
  (git-fixes).
- bus: sunxi-rsb: Fix error handling in sunxi_rsb_init()
  (git-fixes).
- netrom: Fix use-after-free of a listening socket (git-fixes).
- commit 27bf187
- ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs, speaker don't work
  for a HP platform (git-fixes).
- commit 1379d54
- ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device
  after use (git-fixes).
- ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device
  after use (git-fixes).
- ALSA: hda/via: Avoid potential array out-of-bound in
  add_secret_dac_path() (git-fixes).
- firewire: fix memory leak for payload of request subaction to
  IEC 61883-1 FCP region (git-fixes).
- drm/i915/selftest: fix intel_selftest_modify_policy argument
  types (git-fixes).
- arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes).
- drm/amd/display: fix issues with driver unload (git-fixes).
- ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets
  (git-fixes).
- ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with
  AC'97 CODEC (git-fixes).
- ASoC: fsl_micfil: Correct the number of steps on SX controls
  (git-fixes).
- cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes).
- cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist
  (git-fixes).
- platform/x86: asus-nb-wmi: Add alternate mapping for
  KEY_SCREENLOCK (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the CSL Panther
  Tab HD (git-fixes).
- drm: Add orientation quirk for Lenovo ideapad D330-10IGL
  (git-fixes).
- r8152: add vendor/device ID pair for Microsoft Devkit
  (git-fixes).
- net: usb: cdc_ether: add support for Thales Cinterion PLS62-W
  modem (git-fixes).
- spi: spidev: remove debug messages that access spidev->spi
  without locking (git-fixes).
- drm/amdgpu: complete gfxoff allow signal during suspend without
  delay (git-fixes).
- i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes).
- i2c: mv64xxx: Remove shutdown method from driver (git-fixes).
- thermal/core: Remove duplicate information when an error occurs
  (git-fixes).
- arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes).
- commit f0fb46a
- drm/amd/display: Take emulated dc_sink into account for HDCP
  (bsc#1207734).
- commit bbfc833
- scsi: Revert "/scsi: core: map PQ=1, PDT=other values to
  SCSI_SCAN_TARGET_PRESENT"/ (git-fixes).
- commit 03470cd
- scsi: hpsa: Fix allocation size for scsi_host_alloc()
  (git-fixes).
- scsi: ufs: core: Enable link lost interrupt (git-fixes).
- scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes).
- scsi: ufs: Stop using the clock scaling lock in the error
  handler (git-fixes).
- commit 280e1ff
- blacklist.conf: add drivers/video/fbdev/hyperv_fb.c
  This branch defaults to DRM.
- commit 35643e4
- ipmi:ssif: Add 60ms time internal between write retries
  (bsc#1206459).
- ipmi:ssif: Increase the message retry time (bsc#1206459).
- commit 05eee5d
- Update tags
  patches.suse/ext4-Fix-check-for-block-being-out-of-directory-size.patch.
- commit 7dd4cb0
- ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771).
- commit 117a059
- ocfs2: ocfs2_mount_volume does cleanup job before return error
  (bsc#1207770).
- commit dfd7632
- mm: /proc/pid/smaps_rollup: fix no vma's null-deref
  (bsc#1207769).
- commit 20e2b2f
- ocfs2: quota_local: fix possible uninitialized-variable access
  in ocfs2_local_read_info() (bsc#1207768).
- commit 4b2997d
- btrfs: fix trace event name typo for FLUSH_DELAYED_REFS
  (git-fixes).
- commit db40f07
- tracing/hist: Fix issue of losting command info in error_log
  (git-fixes).
- commit 3ae8811
- tracing: Fix race where histograms can be called before the
  event (git-fixes).
- commit 3fe5f69
- tracing: Use alignof__(struct {type b;}) instead of offsetof()
  (git-fixes).
- commit 2e96b05
- blacklist.conf: add not-relevant ftrace fixes
- commit 2ba4363
- blacklist.conf: add commits for tracking skb drop reasons
- commit f7cc13a
- blacklist.conf: add a move of trace_pid_list logic
- commit 8c14765
- tracing: Fix mismatched comment in __string_len (git-fixes).
- commit ed647e2
- module: Don't wait for GOING modules (bsc#1196058, bsc#1186449,
  bsc#1204356, bsc#1204662).
- commit 35ea4d8
- Revert "/Input: synaptics - switch touchpad on HP Laptop
  15-da3001TU to RMI mode"/ (git-fixes).
- commit c8ef0bf
- block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes).
- commit ff23887
- Delete
  patches.suse/0004-block-check-minor-range-in-device_add_disk.patch.
- commit 89a42b5
- blacklist.conf: add git-fix commit which won't be backported
- commit 1012afa
- loop: Fix the max_loop commandline argument treatment when it
  is set to 0 (git-fixes).
- block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes).
- dm thin: Use last transaction's pmd->root when commit failed
  (git-fixes).
- dm thin: resume even if in FAIL mode (git-fixes).
- dm cache: set needs_check flag after aborting metadata
  (git-fixes).
- dm cache: Fix ABBA deadlock between shrink_slab and
  dm_cache_metadata_abort (git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and
  dm_pool_abort_metadata (git-fixes).
- dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm clone: Fix UAF in clone_dtr() (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option
  enabled (git-fixes).
- block: mq-deadline: Fix dd_finish_request() for zoned devices
  (git-fixes).
- elevator: update the document of elevator_switch (git-fixes).
- bfq: fix waker_bfqq inconsistency crash (git-fixes).
- dm integrity: clear the journal on suspend (git-fixes).
- dm integrity: flush the journal on suspend (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module
  loading (git-fixes).
- block, bfq: fix null pointer dereference in bfq_bio_bfqg()
  (git-fixes).
- blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init()
  (git-fixes).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- bcache: fix set_at_max_writeback_rate() for multiple attached
  devices (git-fixes).
- blk-throttle: prevent overflow while calculating wait time
  (git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
  (git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- zram: do not lookup algorithm in backends table (git-fixes).
- block: ensure iov_iter advances for added pages (git-fixes).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- md: Notify sysfs sync_completed in md_reap_sync_thread()
  (git-fixes).
- dm raid: fix address sanitizer warning in raid_resume
  (git-fixes).
- dm raid: fix address sanitizer warning in raid_status
  (git-fixes).
- dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
- block/bio: remove duplicate append pages code (git-fixes).
- block: fix infinite loop for invalid zone append (git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal
  (git-fixes).
- nbd: call genl_unregister_family() first in nbd_cleanup()
  (git-fixes).
- md: protect md_unregister_thread from reentrancy (git-fixes).
- nbd: Fix hung on disconnect request if socket is closed before
  (git-fixes).
- block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes).
- dm: requeue IO if mapping table not yet available (git-fixes).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- Revert "/Revert "/block, bfq: honor already-setup queue merges"/"/
  (git-fixes).
- bfq: fix use-after-free in bfq_dispatch_request (git-fixes).
- block, bfq: don't move oom_bfqq (git-fixes).
- block/bfq_wf2q: correct weight to ioprio (git-fixes).
- dm: fix alloc_dax error handling in alloc_dev (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap()
  (git-fixes).
- dm btree: add a defensive bounds check to insert_at()
  (git-fixes).
- block: check minor range in device_add_disk() (git-fixes).
- virtio-blk: modify the value type of num in virtio_queue_rq()
  (git-fixes).
- swim3: add missing major.h include (git-fixes).
- commit 4a07308
- block: use bdev_get_queue() in bio.c (git-fixes).
- Refresh for the above change,
  patches.suse/block-fix-rq-qos-breakage-from-skipping-rq_qos_done_.patch.
- commit c3aca76
- blacklist.conf: add git-fixes commits which won't be backported
- commit 6443e7d
- Update patches.suse/xfs-get-root-inode-correctly-at-bulkstat.patch
  (git-fixes bsc#1207501 ltc#201370).
- commit e6e8484
- Update patches.suse/btrfs-fix-processing-of-delayed-tree-block-refs-duri.patch
  (bsc#1206057 bsc#1207506 ltc#201368).
- commit 15be8ec
- Update patches.suse/btrfs-fix-processing-of-delayed-data-refs-during-bac.patch
  (bsc#1206056 bsc#1207507 ltc#201367).
- commit 1354bb5
- ext4: fix deadlock due to mbcache entry corruption
  (bsc#1207653).
- commit ea7e0f8
- ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652).
- commit 5549473
- ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651).
- commit c18a79b
- ocfs2: clear dinode links count in case of error (bsc#1207650).
- commit a2d0061
- ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649).
- commit 29f0a1d
- ext4,f2fs: fix readahead of verity data (bsc#1207648).
- commit ed4271e
- mbcache: Avoid nesting of cache->c_list_lock under bit locks
  (bsc#1207647).
- commit 947b83a
- jbd2: add miss release buffer head in fc_do_one_pass()
  (bsc#1207646).
- commit c61f342
- jbd2: fix potential use-after-free in jbd2_fc_wait_bufs
  (bsc#1207645).
- commit d4e2227
- jbd2: fix potential buffer head reference count leak
  (bsc#1207644).
- commit 45a2852
- jbd2: wake up journal waiters in FIFO order, not LIFO
  (bsc#1207643).
- commit 8fd722e
- vfs: Check the truncate maximum size in inode_newsize_ok()
  (bsc#1207642).
- commit 4685fa4
- jbd2: fix a potential race while discarding reserved buffers
  after an abort (bsc#1207641).
- commit b0b81dd
- ocfs2: fix crash when mount with quota enabled (bsc#1207640).
- commit 5afbf05
- quota: Check next/prev free block number after reading from
  quota file (bsc#1206640).
- commit 1e65abd
- quota: Prevent memory allocation recursion while holding dq_lock
  (bsc#1207639).
- commit a7495d2
- blacklist.conf: Blacklist dd5532a4994b
- commit 4bd9a40
- writeback: avoid use-after-free after removing device
  (bsc#1207638).
- commit 1776642
- ext4: fix reserved cluster accounting in __es_remove_extent()
  (bsc#1207637).
- commit 17f75d7
- ext4: fix inode leak in ext4_xattr_inode_create() on an error
  path (bsc#1207636).
- commit 86dbaea
- ext4: allocate extended attribute value in vmalloc area
  (bsc#1207635).
- commit 3278f6d
- ext4: avoid unaccounted block allocation when expanding inode
  (bsc#1207634).
- commit 587e0b3
- ext4: initialize quota before expanding inode in setproject
  ioctl (bsc#1207633).
- commit 09b6e51
- ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
  (bsc#1206894).
- commit e824a9a
- fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632).
- commit 59e5f40
- ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc
  + inline (bsc#1207631).
- commit fcf7010
- ext4: fix uninititialized value in 'ext4_evict_inode'
  (bsc#1206893).
- commit a4ce862
- ext4: fix error code return to user-space in ext4_get_branch()
  (bsc#1207630).
- commit 3052920
- blacklist.conf: Blacklist 89481b5fa8c0
- commit aafc810
- ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629).
- commit 9d7a800
- ext4: fix off-by-one errors in fast-commit block filling
  (bsc#1207628).
- commit b215d68
- ext4: fix unaligned memory access in ext4_fc_reserve_space()
  (bsc#1207627).
- commit 5e2318b
- ext4: add missing validation of fast-commit record lengths
  (bsc#1207626).
- commit 9374e7a
- ext4: fix leaking uninitialized memory in fast-commit journal
  (bsc#1207625).
- commit bea0a27
- ext4: don't set up encryption key during jbd2 transaction
  (bsc#1207624).
- commit 94c26c2
- ext4: disable fast-commit of encrypted dir operations
  (bsc#1207623).
- commit 8b84b5f
- ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622).
- commit 868c482
- ext4: don't allow journal inode to have encrypt flag
  (bsc#1207621).
- commit fa42934
- ext4: fix undefined behavior in bit shift for
  ext4_check_flag_values (bsc#1206890).
- commit fe391f3
- ext4: fix bug_on in __es_tree_search caused by bad boot loader
  inode (bsc#1207620).
- commit b0bf8bc
- ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode
  (bsc#1207619).
- commit 0e8c6a3
- ext4: add helper to check quota inums (bsc#1207618).
- commit 710d5f0
- blacklist.conf: Blacklist 78742d4d056d
- commit 510a3a2
- ext4: add inode table check in __ext4_get_inode_loc to aovid
  possible infinite loop (bsc#1207617).
- commit 4fac5ac
- blacklist.conf: Blacklist 318cdc822c63
- commit efccaca
- ext4: silence the warning when evicting inode with
  dioread_nolock (bsc#1206889).
- commit a2ec490
- ext4: fix use-after-free in ext4_ext_shift_extents
  (bsc#1206888).
- commit 786ae72
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- commit 0e67070
- ext4: fix BUG_ON() when directory entry has invalid rec_len
  (bsc#1206886).
- commit b11568d
- ext4: fix potential out of bound read in ext4_fc_replay_scan()
  (bsc#1207616).
- commit 191b92e
- ext4: factor out ext4_fc_get_tl() (bsc#1207615).
- commit 4278623
- ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614).
- commit 54601c7
- ext4: update 'state->fc_regions_size' after successful memory
  allocation (bsc#1207613).
- commit dca6962
- ext4: fix potential memory leak in ext4_fc_record_regions()
  (bsc#1207612).
- commit 65b0d99
- ext4: fix potential memory leak in
  ext4_fc_record_modified_inode() (bsc#1207611).
- commit 313959b
- ext4: goto right label 'failed_mount3a' (bsc#1207610).
- commit 73881e2
- ext4: fix miss release buffer head in ext4_fc_write_inode
  (bsc#1207609).
- commit 60277f8
- ext4: fix dir corruption when ext4_dx_add_entry() fails
  (bsc#1207608).
- commit d8d3c16
- ext4: place buffer head allocation before handle start
  (bsc#1207607).
- commit 767ca31
- ext4: ext4_read_bh_lock() should submit IO if the buffer isn't
  uptodate (bsc#1207606).
- commit 7864371
- ext4: don't increase iversion counter for ea_inodes
  (bsc#1207605).
- commit 15b3923
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- commit 0a2f6bf
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- commit a8218a0
- ext4: don't run ext4lazyinit for read-only filesystems
  (bsc#1207603).
- commit d920748
- ext4: avoid crash when inline data creation follows DIO write
  (bsc#1206883).
- commit efade7c
- ext4: continue to expand file system when the target size
  doesn't reach (bsc#1206882).
- commit caafbe8
- ext4: limit the number of retries after discarding
  preallocations blocks (bsc#1207602).
- commit 550c1e6
- ext4: fix bug in extents parsing when eh_entries == 0 and
  eh_depth > 0 (bsc#1206881).
- commit 846b339
- blacklist.conf: Blacklist mballoc opimization fixes
- commit 2ee70c1
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- commit cee3b5d
- blacklist.conf: Blacklist b24e77ef1c6d
- commit 5f27096
- blacklist.conf: Blacklist 51ae846cff56
- commit 8cb8660
- ext4: correct the misjudgment in ext4_iget_extra_inode
  (bsc#1206878).
- commit 7565182
- ext4: correct max_inline_xattr_value_size computing
  (bsc#1206878).
- commit 5344160
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- commit 51cff2a
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
  (bsc#1206878).
- commit 0336ab6
- ext4: fix extent status tree race in writeback error recovery
  path (bsc#1206877).
- commit b84af9c
- blacklist.conf: Blacklist 4978c659e7b5
- commit a7e7239
- ext4: update s_overhead_clusters in the superblock during an
  on-line resize (bsc#1206876).
- commit e6b6979
- blacklist.conf: Blacklist fs/ext2
- commit 1e7297b
- blacklist.conf: Blacklist 4efd9f0d120c
- commit 3b5e25a
- ext4: fix bug_on in start_this_handle during umount filesystem
  (bsc#1207594).
- commit 90713b0
- blacklist.conf: Blacklist c864ccd182d6
- commit bc0a035
- blacklist.conf: Blacklist cc5095747edf
- commit 60d47ef
- ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit
  (bsc#1207593).
- commit 2407741
- ext4: correct cluster len and clusters changed accounting in
  ext4_mb_mark_bb (bsc#1207592).
- commit b2577a3
- ext4: fast commit may miss file actions (bsc#1207591).
- commit ea4e204
- ext4: fast commit may not fallback for ineligible commit
  (bsc#1207590).
- commit 5e4d8de
- ext4: simplify updating of fast commit stats (bsc#1207589).
- commit 85414f9
- ext4: drop ineligible txn start stop APIs (bsc#1207588).
- commit 62a4d65
- vfs: make sync_filesystem return errors from ->sync_fs
  (git-fixes).
- commit eff9790
- fs: remove __sync_filesystem (git-fixes).
- commit 88736d7
- sctp: fail if no bound addresses can be used for a given scope
  (bsc#1206677).
- commit e201f3b
- Update patches.suse/btrfs-send-fix-sending-link-commands-for-existing-fi.patch
  (bsc#1206036 bsc#1207500 ltc#201363).
- commit 5345944
- efi: rt-wrapper: Add missing include (git-fixes).
- commit 3d91aef
- mei: me: add meteor lake point M DID (git-fixes).
- USB: serial: option: add Quectel EM05CN modem (git-fixes).
- USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes).
- USB: serial: cp210x: add SCALANCE LPE-9000 device id
  (git-fixes).
- USB: serial: option: add Quectel EC200U modem (git-fixes).
- USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes).
- USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes).
- USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes).
- usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes).
- usb: gadget: f_ncm: fix potential NULL ptr deref in
  ncm_bitrate() (git-fixes).
- usb: acpi: add helper to check port lpm capability using acpi
  _DSM (git-fixes).
- xhci: Fix null pointer dereference when host dies (git-fixes).
- xhci-pci: set the dma max_seg_size (git-fixes).
- drm/amd/display: Fix set scaling doesn's work (git-fixes).
- drm/i915/display: Check source height is > 0 (git-fixes).
- wifi: mac80211: sdata can be NULL during AMPDU start
  (git-fixes).
- nilfs2: fix general protection fault in nilfs_btree_insert()
  (git-fixes).
- r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down()
  (git-fixes).
- fbdev: omapfb: avoid stack overflow warning (git-fixes).
- virtio_pci: modify ENOENT to EINVAL (git-fixes).
- arm64: efi: Execute runtime services from a dedicated stack
  (git-fixes).
- drm/amdgpu: disable runtime pm on several sienna cichlid
  cards(v2) (git-fixes).
- drm/amdgpu: drop experimental flag on aldebaran (git-fixes).
- staging: mt7621-dts: change some node hex addresses to lower
  case (git-fixes).
- commit bd99d4d
- tracing: Fix infinite loop in tracing_read_pipe on overflowed
  print_trace_line (git-fixes).
- commit 2c44713
- tracing: Fix issue of missing one synthetic field (git-fixes).
- commit 3def245
- tracing: Fix possible memory leak in __create_synth_event()
  error path (git-fixes).
- commit 6ed0eab
- tracing/hist: Fix out-of-bound write on
  'action_data.var_ref_idx' (git-fixes).
- commit 750c560
- tracing/hist: Fix wrong return value in parse_action_params()
  (git-fixes).
- commit ebbb4bd
- tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE
  (git-fixes).
- commit e866c70
- tracing/probes: Handle system names with hyphens (git-fixes).
- commit 2323e61
- ftrace/x86: Add back ftrace_expected for ftrace bug reports
  (git-fixes).
- commit a14379e
- ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU
  (git-fixes).
- commit 8869d2a
- tracing: Add DYNAMIC flag for dynamic events (git-fixes).
- kABI: Preserve TRACE_EVENT_FL values (git-fixes).
- commit f696f09
- IB/mad: Don't call to function that might sleep while in atomic
  context (git-fixes).
- commit 1b3cb60
- cifs: remove unused function (bsc#1193629).
- commit dddb552
- cifs: fix return of uninitialized rc in
  dfs_cache_update_tgthint() (bsc#1193629).
- commit 107299a
- cifs: handle cache lookup errors different than -ENOENT
  (bsc#1193629).
- commit 263d1e1
- cifs: remove duplicate code in __refresh_tcon() (bsc#1193629).
- commit ede0049
- cifs: don't take exclusive lock for updating target hints
  (bsc#1193629).
- commit 441f914
- cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629).
- commit 6dbdc1d
- cifs: fix potential deadlock in cache_refresh_path()
  (git-fixes).
- commit 4646a4f
- jbd2: use the correct print format (git-fixes).
- commit 34db311
- tracing: Fix warning on variable 'struct trace_array'
  (git-fixes).
- commit 771db36
- scsi: tracing: Fix compile error in trace_array calls when
  TRACING is disabled (git-fixes).
- commit ac58cae
- tracing: Avoid adding tracer option before update_tracer_options
  (git-fixes).
- commit ce3e735
- tracing: Fix sleeping function called from invalid context on
  RT kernel (git-fixes).
- commit 52007fe
- tracing: Make tp_printk work on syscall tracepoints (git-fixes).
- commit b728605
- tracing: Have syscall trace events use
  trace_event_buffer_lock_reserve() (git-fixes).
- blacklist.conf: Remove the commit from the list
- commit 54d48a6
- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
  (git-fixes).
- commit 954cfad
- blacklist.conf: prerequisites break kABI
- commit ea0d023
- tracing: Have type enum modifications copy the strings
  (git-fixes).
- commit fdf4a79
- mt76: fix use-after-free by removing a non-RCU wcid pointer
  (git-fixes).
- commit 5bb0d81
- tracing: Have TRACE_DEFINE_ENUM affect trace event types as well
  (git-fixes).
- commit 9aa6f06
- tracing/osnoise: Make osnoise_main to sleep for microseconds
  (git-fixes).
- commit 31030cc
- tracing: Ensure trace buffer is at least 4096 bytes large
  (git-fixes).
- commit d84d209
- tracing: Fix tp_printk option related with
  tp_printk_stop_on_boot (git-fixes).
- commit 2d97144
- ath11k: Fix unexpected return buffer manager error for QCA6390
  (git-fixes).
- commit fb54c7f
- ath11k_hw_params unremane cal_size (bsc#1199701 CVE-2020-24588).
- commit 042d893
- ath11k_hw_params reinsert deleted members (bsc#1199701
  CVE-2020-24588).
- commit 36b3581
- netfilter: nft_payload: incorrect arithmetics when fetching
  VLAN header bits (CVE-2023-0179 bsc#1207034).
- commit 3ea68f0
- tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro
  (git-fixes).
- commit 1b48195
- tracing: Avoid -Warray-bounds warning for __rel_loc macro
  (git-fixes).
- commit 42e71d6
- SUNRPC: Don't dereference xprt->snd_task if it's a cookie
  (git-fixes).
- commit b6b2aeb
- tracing: Add '__rel_loc' using trace event macros (git-fixes).
- commit 6bca62f
- tracing: Add trace_event helper macros __string_len() and
  __assign_str_len() (git-fixes).
- commit c14bed0
- tracing: Fix a kmemleak false positive in tracing_map
  (git-fixes).
- commit de3f801
- tracing: Don't use out-of-sync va_list in event printing
  (git-fixes).
- commit cf27dc0
- SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes).
- commit 1620581
- SUNRPC: Update trace flags (git-fixes).
- commit 491eea9
- blacklist.conf: add a not-relevant ftrace fix
- commit a05a606
- scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM
  (bsc#1206006).
- commit f397f8a
- blacklist.conf: Add upstream config paths.
- commit 4a7f4f2
- sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes)
- commit cd7192b
- sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes)
- commit 3e6177d
- sched/core: Introduce sched_asym_cpucap_active() (git-fixes)
- commit 97e4a68
- sched, cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes)
- commit 18a9947
- wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes)
- commit ad3a9e3
- sched/core: Avoid obvious double update_rq_clock warning (git-fixes)
- commit 97af059
- sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes)
- commit b78774a
- sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes)
- commit 8c13d3e
- sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes)
- commit acf4640
- ath11k_hwparams: hide new member spectral (bsc#1199701
  CVE-2020-24588).
- commit 665734d
- Refresh
  patches.suse/USB-gadgetfs-Fix-race-between-mounting-and-unmountin.patch.
  Now in mainline. Add to sorted section.
- commit 6995158
- kABI workaround for struct acpi_ec (bsc#1207149).
- commit 67b47b6
- ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149).
- ACPI: EC: Fix EC address space handler unregistration
  (bsc#1207149).
- ACPICA: Allow address_space_handler Install and _REG execution
  as 2 separate steps (bsc#1207149).
- ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149).
- commit 6a8ca13
- Update patches.suse/crypto-dh-implement-FIPS-PCT.patch
  (jsc#SLE-21132,bsc#1191256,bsc#1207184).
- commit 0f2985d
- Update patches.suse/crypto-ecdh-implement-FIPS-PCT.patch
  (jsc#SLE-21132,bsc#1191256,bsc#1207184).
- commit 65a34a6
- VMCI: Use threaded irqs instead of tasklets (git-fixes).
- gsmi: fix null-deref in gsmi_get_variable (git-fixes).
- misc: fastrpc: Fix use-after-free race condition for maps
  (git-fixes).
- misc: fastrpc: Don't remove map on creater_process and
  device_release (git-fixes).
- w1: fix WARNING after calling w1_process() (git-fixes).
- w1: fix deadloop in __w1_remove_master_device() (git-fixes).
- driver core: Fix test_async_probe_init saves device in wrong
  array (git-fixes).
- staging: vchiq_arm: fix enum vchiq_status return types
  (git-fixes).
- serial: atmel: fix incorrect baudrate setup (git-fixes).
- tty: fix possible null-ptr-defer in spk_ttyio_release
  (git-fixes).
- serial: pch_uart: Pass correct sg to dma_unmap_sg() (git-fixes).
- tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX
  FIFO buffer (git-fixes).
- USB: misc: iowarrior: fix up header size for
  USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes).
- usb: host: ehci-fsl: Fix module alias (git-fixes).
- usb: typec: tcpm: Fix altmode re-registration causes sysfs
  create fail (git-fixes).
- usb: gadget: g_webcam: Send color matching descriptor per frame
  (git-fixes).
- usb: typec: altmodes/displayport: Fix pin assignment calculation
  (git-fixes).
- usb: typec: altmodes/displayport: Add pin assignment helper
  (git-fixes).
- usb: gadget: f_fs: Ensure ep0req is dequeued before free_request
  (git-fixes).
- usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait
  (git-fixes).
- usb: xhci: Check endpoint is valid before dereferencing it
  (git-fixes).
- usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210
  (git-fixes).
- usb: cdns3: remove fetched trb from cache before dequeuing
  (git-fixes).
- thunderbolt: Use correct function to calculate maximum USB3
  link rate (git-fixes).
- thunderbolt: Do not call PM runtime functions in
  tb_retimer_scan() (git-fixes).
- thunderbolt: Do not report errors if on-board retimers are found
  (git-fixes).
- pinctrl: rockchip: fix mux route data for rk3568 (git-fixes).
- mmc: sunxi-mmc: Fix clock refcount imbalance during unbind
  (git-fixes).
- mmc: sdhci-esdhc-imx: correct the tuning start tap and step
  setting (git-fixes).
- PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe()
  (git-fixes).
- soc: imx8m: Fix incorrect check for of_clk_get_by_name()
  (git-fixes).
- firmware: arm_scmi: Harden shared memory access in
  fetch_notification (git-fixes).
- firmware: arm_scmi: Harden shared memory access in
  fetch_response (git-fixes).
- memory: mvebu-devbus: Fix missing clk_disable_unprepare in
  mvebu_devbus_probe() (git-fixes).
- memory: atmel-sdramc: Fix missing clk_disable_unprepare in
  atmel_ramc_probe() (git-fixes).
- memory: tegra: Remove clients SID override programming
  (git-fixes).
- drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix
  (git-fixes).
- drm/amd/display: Calculate output_color_space after pixel
  encoding adjustment (git-fixes).
- drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes).
- drm/i915: re-disable RC6p on Sandy Bridge (git-fixes).
- dmaengine: xilinx_dma: call of_node_put() when breaking out
  of for_each_child_of_node() (git-fixes).
- dmaengine: Fix double increment of client_count in
  dma_chan_get() (git-fixes).
- dmaengine: tegra210-adma: fix global intr clear (git-fixes).
- phy: phy-can-transceiver: Skip warning if no "/max-bitrate"/
  (git-fixes).
- phy: Revert "/phy: qualcomm: usb28nm: Add MDM9607 init sequence"/
  (git-fixes).
- phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare()
  in rockchip_usb2phy_power_on() (git-fixes).
- phy: ti: fix Kconfig warning and operator precedence
  (git-fixes).
- Revert "/wifi: mac80211: fix memory leak in ieee80211_if_add()"/
  (git-fixes).
- wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid
  (git-fixes).
- wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices
  (git-fixes).
- virtio-net: correctly enable callback during start_xmit
  (git-fixes).
- net: mdio: validate parameter addr in mdiobus_get_phy()
  (git-fixes).
- net: usb: sr9700: Handle negative len (git-fixes).
- net: wan: Add checks for NULL for utdm in undo_uhdlc_init and
  unmap_si_regs (git-fixes).
- net: nfc: Fix use-after-free in local_cleanup() (git-fixes).
- l2tp: Don't sleep and disable BH under writer-side
  sk_callback_lock (git-fixes).
- commit b75f08a
- comedi: adv_pci1760: Fix PWM instruction handling (git-fixes).
- ACPI: PRM: Check whether EFI runtime is available (git-fixes).
- ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60
  (git-fixes).
- Revert "/ARM: dts: armada-39x: Fix compatible string for gpios"/
  (git-fixes).
- Revert "/ARM: dts: armada-38x: Fix compatible string for gpios"/
  (git-fixes).
- arm64: dts: qcom: msm8992: Don't use sfpb mutex (git-fixes).
- arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC
  polarity (git-fixes).
- ARM: imx: add missing of_node_put() (git-fixes).
- arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes).
- ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts'
  (git-fixes).
- ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes).
- ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes).
- Revert "/arm64: dts: meson-sm1-odroid-hc4: disable unused USB
  PHY0"/ (git-fixes).
- dmaengine: lgm: Move DT parsing after initialization
  (git-fixes).
- dmaengine: ti: k3-udma: Do conditional decrement of
  UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes).
- dmaengine: idxd: Do not call DMX TX callbacks during workqueue
  disable (git-fixes).
- dmaengine: idxd: Let probe fail when workqueue cannot be enabled
  (git-fixes).
- Bluetooth: Fix possible deadlock in rfcomm_sk_state_change
  (git-fixes).
- Bluetooth: hci_qca: Fix driver shutdown on closed serdev
  (git-fixes).
- commit 5b33587
- Update
  patches.suse/HID-check-empty-report_list-in-hid_validate_values.patch
  (git-fixes, bsc#1206784).
- commit b88f181
- Update
  patches.suse/HID-check-empty-report_list-in-bigben_probe.patch
  (git-fixes, bsc#1206784).
- commit dc5fa1c
- Update
  patches.suse/HID-betop-check-shape-of-output-reports.patch
  (git-fixes, bsc#1207186).
- commit fb93871
- USB: gadgetfs: Fix race between mounting and unmounting
  (CVE-2022-4382 bsc#1206258).
- commit 458382c
- git_sort: add usb-linus branch for gregkh/usb
- commit 67c0004
- scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes).
- scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
- scsi: fcoe: Fix transport not deattached when fcoe_if_init()
  fails (git-fixes).
- scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
- scsi: scsi_debug: Fix possible name leak in
  sdebug_add_host_helper() (git-fixes).
- scsi: fcoe: Fix possible name leak when device_register()
  fails (git-fixes).
- scsi: scsi_debug: Fix a warning in resp_report_zones()
  (git-fixes).
- scsi: scsi_debug: Fix a warning in resp_verify() (git-fixes).
- scsi: efct: Fix possible memleak in efct_device_init()
  (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
  (git-fixes).
- scsi: hpsa: Fix error handling in hpsa_add_sas_host()
  (git-fixes).
- scsi: mpt3sas: Fix possible resource leaks in
  mpt3sas_transport_port_add() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_init_one()
  (git-fixes).
- scsi: scsi_debug: Fix a warning in resp_write_scat()
  (git-fixes).
- scsi: elx: libefc: Fix second parameter type in state callbacks
  (git-fixes).
- scsi: core: Fix a race between scsi_done() and scsi_timeout()
  (git-fixes).
- commit fd6cfde
- Update patch reference for sound fix (CVE-2023-0266 bsc#1207134)
- commit a076073
- btrfs: join running log transaction when logging new name
  (bsc#1207263).
- commit 862de17
- btrfs: fix assertion failure when logging directory key range
  item (bsc#1207263).
- commit fdf19d2
- btrfs: prepare extents to be logged before locking a log tree
  path (bsc#1207263).
- commit 2e8db4d
- btrfs: remove useless path release in the fast fsync path
  (bsc#1207263).
- commit 6542fdf
- btrfs: use single variable to track return value at
  btrfs_log_inode() (bsc#1207263).
- commit 801e9e3
- btrfs: avoid inode logging during rename and link when possible
  (bsc#1207263).
- commit 8842469
- bnxt_en: add dynamic debug support for HWRM messages
  (git-fixes).
- Refresh
  patches.suse/bnxt_en-Increase-firmware-message-response-DMA-wait-.patch.
- commit 8e93e3e
- i40e: Disallow ip4 and ip6 l4_4_bytes (git-fixes).
- i40e: Fix not setting default xps_cpus after reset (git-fixes).
- octeontx2-pf: Fix potential memory leak in otx2_init_tc()
  (jsc#SLE-24682).
- igb: Allocate MSI-X vector when testing (git-fixes).
- net: tun: Fix use-after-free in tun_detach() (git-fixes).
- i40e: Fix error handling in i40e_init_module() (git-fixes).
- ixgbevf: Fix resource leak in ixgbevf_init_module() (git-fixes).
- qlcnic: fix sleep-in-atomic-context bugs caused by msleep
  (git-fixes).
- octeontx2-af: Fix reference count issue in rvu_sdp_init()
  (jsc#SLE-24682).
- octeontx2-pf: Add check for devm_kcalloc (git-fixes).
- bnx2x: fix pci device refcount leak in
  bnx2x_vf_is_pcie_pending() (git-fixes).
- sfc: fix potential memleak in __ef100_hard_start_xmit()
  (git-fixes).
- octeontx2-af: debugsfs: fix pci device refcount leak
  (git-fixes).
- net/mlx4: Check retval of mlx4_bitmap_init (git-fixes).
- net: liquidio: simplify if expression (git-fixes).
- net: ena: Fix error handling in ena_init() (git-fixes).
- bnxt_en: Remove debugfs when pci_register_driver failed
  (git-fixes).
- net: macvlan: Use built-in RCU list checking (git-fixes).
- net: liquidio: release resources when liquidio driver open
  failed (git-fixes).
- net: macvlan: fix memory leaks of macvlan_common_newlink
  (git-fixes).
- cxgb4vf: shut down the adapter when t4vf_update_port_info()
  failed in cxgb4vf_open() (git-fixes).
- net: cxgb3_main: disable napi when bind qsets failed in
  cxgb_up() (git-fixes).
- net: tun: call napi_schedule_prep() to ensure we own a napi
  (git-fixes).
- drivers: net: xgene: disable napi when register irq failed in
  xgene_enet_open() (git-fixes).
- ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg
  to network (git-fixes).
- tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent
  (git-fixes).
- bnxt_en: fix potentially incorrect return value for
  ndo_rx_flow_steer (git-fixes).
- bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes).
- bnxt_en: fix the handling of PCIE-AER (git-fixes).
- bnxt_en: refactor bnxt_cancel_reservations() (git-fixes).
- net: tun: Fix memory leaks of napi_get_frags (git-fixes).
- commit 098df56
- btrfs: stop doing unnecessary log updates during a rename
  (bsc#1207263).
- commit af7d282
- btrfs: remove unnecessary NULL check for the new inode during
  rename exchange (bsc#1207263).
- commit bf101e4
- btrfs: avoid logging all directory changes during renames
  (bsc#1207263).
- commit 4234518
- HID: betop: check shape of output reports (git-fixes).
- HID: revert CHERRY_MOUSE_000C quirk (git-fixes).
- HID: check empty report_list in bigben_probe() (git-fixes).
- HID: check empty report_list in hid_validate_values()
  (git-fixes).
- HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes).
- tomoyo: fix broken dependency on *.conf.default (git-fixes).
- efi: tpm: Avoid READ_ONCE() for accessing the event log
  (git-fixes).
- docs: Fix the docs build with Sphinx 6.0 (git-fixes).
- drm/i915/gt: Reset twice (git-fixes).
- regulator: da9211: Use irq handler when ready (git-fixes).
- pinctrl: amd: Add dynamic debugging for active GPIOs
  (git-fixes).
- arm64: atomics: format whitespace consistently (git-fixes).
- commit a241497
- PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP
  (bsc#1207269).
- commit d337d79
- btrfs: pass the dentry to btrfs_log_new_name() instead of the
  inode (bsc#1207263).
- commit db8e195
- btrfs: add helper to delete a dir entry from a log tree
  (bsc#1207263).
- commit f7a9c31
- btrfs: stop trying to log subdirectories created in past
  transactions (bsc#1207263).
- commit 7c6f2ce
- btrfs: stop copying old dir items when logging a directory
  (bsc#1207263).
- commit f0f8008
- btrfs: put initial index value of a directory in a constant
  (bsc#1207263).
- commit 72e8d53
- KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init()
  (bsc#1206616).
- Refresh
  patches.suse/KVM-x86-Report-error-when-setting-CPUID-if-Hyper-V-a.patch.
- commit 957a2a9
- btrfs: don't log unnecessary boundary keys when logging
  directory (bsc#1207263).
- commit 4b59646
- btrfs: remove write and wait of struct walk_control
  (bsc#1207263).
- commit f7b4e9a
- ath11k: change return buffer manager for QCA6390 (bsc#1199701
  CVE-2020-24588).
- Refresh
  patches.kabi/hide-appended-member-supports_dynamic_smps_6ghz.patch.
- Refresh
  patches.suse/ath11k-set-correct-NL80211_FEATURE_DYNAMIC_SMPS-for-.patch.
- commit 9f7ada4
- ath11k: Change number of TCL rings to one for QCA6390
  (bsc#1199701 CVE-2020-24588).
- Refresh
  patches.kabi/hide-appended-member-supports_dynamic_smps_6ghz.patch.
- Refresh
  patches.suse/ath11k-set-correct-NL80211_FEATURE_DYNAMIC_SMPS-for-.patch.
- commit d6ca39b
- net: sched: disallow noqueue for qdisc classes (bsc#1207237
  CVE-2022-47929).
- commit f7f84ac
- Refresh
  patches.suse/scsi-mpt3sas-Remove-usage-of-dma_get_required_mask-A.patch.
- commit cdcfa1d
- ath11k: use hw_params to access board_size and cal_offset
  (bsc#1199701 CVE-2020-24588).
- commit e135fc0
- ath11k: Add spectral scan support for QCN9074 (bsc#1199701
  CVE-2020-24588).
- commit 026f93a
- ath11k: Introduce spectral hw configurable param (bsc#1199701
  CVE-2020-24588).
- commit 576bcf6
- ath11k: Refactor spectral FFT bin size (bsc#1199701
  CVE-2020-24588).
- commit ab5a009
- blacklist.conf: kABI
- commit 2049d90
- blacklist.conf: fix affects only unsupported hardware and is complex
- commit f76a544
- mt76: mt7921: avoid unnecessary spin_lock/spin_unlock in
  mt7921_mcu_tx_done_event (git-fixes).
- commit 089efbe
- blacklist.conf: false positive
- commit 62d28a7
- Documentation: Remove bogus claim about del_timer_sync()
  (git-fixes).
- commit 1100a76
- cifs: Fix uninitialized memory read for smb311 posix symlink
  create (git-fixes).
- commit 6c87295
- cifs: fix potential memory leaks in session setup (bsc#1193629).
- commit a50abb3
- cifs: do not query ifaces on smb1 mounts (git-fixes).
- commit 525e434
- cifs: fix double free on failed kerberos auth (git-fixes).
- commit c048c3a
- cifs: remove redundant assignment to the variable match
  (bsc#1193629).
- commit 5b8956d
- cifs: fix file info setting in cifs_open_file() (git-fixes).
- commit e6259cb
- cifs: fix file info setting in cifs_query_path_info()
  (git-fixes).
- commit 1b4d4fe
- cifs: fix interface count calculation during refresh
  (git-fixes).
- commit 46ee30a
- cifs: refcount only the selected iface during interface update
  (git-fixes).
- commit bd6c57b
- cifs: protect access of TCP_Server_Info::{dstaddr,hostname}
  (bsc#1193629).
- commit bc728e2
- cifs: fix race in assemble_neg_contexts() (bsc#1193629).
- commit b120307
- cifs: ignore ipc reconnect failures during dfs failover
  (bsc#1193629).
- commit 2b37719
- wifi: mt76: mt7921: add mt7921_mutex_acquire at
  mt7921_sta_set_decap_offload (git-fixes).
- commit 1185bd8
- wifi: mt76: sdio: poll sta stat when device transmits data
  (git-fixes).
- commit a94c4e2
- wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work
  (git-fixes).
- commit 5e2a5dd
- wifi: mt76: mt7921e: fix race issue between reset and
  suspend/resume (git-fixes).
- commit 14a8748
- tick/sched: Fix non-kernel-doc comment (git-fixes).
- commit f87a2cc
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation.
- commit 6458db5
- blacklist.conf: 461ab10ef7e6 ("/ceph: switch to vfs_inode_has_locks() to fix file lock bug"/)
- commit fd3cf81
- rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
- commit 6020754
- USB: gadget: Fix use-after-free during usb config switch
  (git-fixes).
- commit 0889148
- usb: gadget: udc: core: remove usage of list iterator past
  the loop body (git-fixes).
- commit 0bb0a32
- usb: gadget: udc: core: Revise comments for USB ep
  enable/disable (git-fixes).
- commit f9853da
- usb: gadget: udc: core: Print error code in
  usb_gadget_probe_driver() (git-fixes).
- commit 31875c7
- usb: gadget: udc: core: Use pr_fmt() to prefix messages
  (git-fixes).
- commit 89beb81
- usb: fotg210-udc: Fix ages old endianness issues (git-fixes).
- commit 324082f
- blacklist.conf: false positive
- commit eb58aba
- blacklist.conf: false positive
- commit 23de7da
- blacklist.conf: false positive
- commit 19ef3e5
- blacklist.conf: cleanup that changes kABI
- commit eea8908
- blacklist.conf: false positive
- commit 52ff06b
- s390/qeth: fix various format strings (git-fixes).
- commit 2ee54d9
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent
  UAF (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360
  13-aw0xxx (git-fixes).
- ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list
  (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP
  platform (git-fixes).
- ALSA: hda - Enable headset mic on another Dell laptop with
  ALC3254 (git-fixes).
- ALSA: hda/realtek - Turn on power early (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
  (git-fixes).
- commit ffbf830
- efi: fix userspace infinite retry read efivars after EFI
  runtime services page fault (git-fixes).
- ASoC: qcom: lpass-cpu: Fix fallback SD line index handling
  (git-fixes).
- ASoC: wm8904: fix wrong outputs volume after power reactivation
  (git-fixes).
- ALSA: control-led: use strscpy in set_led_id() (git-fixes).
- ALSA: hda: cs35l41: Check runtime suspend capability at
  runtime_idle (git-fixes).
- ALSA: hda: cs35l41: Don't return -EINVAL from system
  suspend/resume (git-fixes).
- ALSA: usb-audio: Relax hw constraints for implicit fb sync
  (git-fixes).
- ALSA: usb-audio: Make sure to stop endpoints before closing EPs
  (git-fixes).
- platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER
  if present (git-fixes).
- platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting
  (git-fixes).
- platform/surface: aggregator: Add missing call to
  ssam_request_sync_free() (git-fixes).
- platform/surface: aggregator: Ignore command messages not
  intended for us (git-fixes).
- platform/x86: sony-laptop: Don't turn off 0x153 keyboard
  backlight during probe (git-fixes).
- drm/msm/adreno: Make adreno quirks not overwrite each other
  (git-fixes).
- drm/msm: another fix for the headless Adreno GPU (git-fixes).
- dt-bindings: msm: dsi-controller-main: Fix description of core
  clock (git-fixes).
- dt-bindings: msm: dsi-controller-main: Fix operating-points-v2
  constraint (git-fixes).
- dt-bindings: msm: dsi-phy-28nm: Add missing qcom,
  dsi-phy-regulator-ldo-mode (git-fixes).
- drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is
  not for aux transfer (git-fixes).
- dt-bindings: msm/dsi: Don't require vdds-supply on 10nm PHY
  (git-fixes).
- dt-bindings: msm/dsi: Don't require vcca-supply on 14nm PHY
  (git-fixes).
- drm/virtio: Fix GEM handle creation UAF (git-fixes).
- commit 127798d
- powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
- powerpc/rtas: avoid device tree lookups in rtas_os_term()
  (bsc#1065729).
- commit 49b518d
- nfc: pn533: Wait for out_urb's completion in
  pn533_usb_send_frame() (git-fixes).
- ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude
  laptops (git-fixes).
- ALSA: line6: fix stack overflow in line6_midi_transmit
  (git-fixes).
- ALSA: line6: correct midi status byte when receiving data from
  podxt (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071
  tablet (git-fixes).
- drm/amdgpu: handle polaris10/11 overlap asics (v2) (git-fixes).
- drm/amdgpu: make display pinning more flexible (v2) (git-fixes).
- HID: plantronics: Additional PIDs for double volume key presses
  quirk (git-fixes).
- HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint
  (git-fixes).
- remoteproc: core: Do pm_relax when in RPROC_OFFLINE state
  (git-fixes).
- soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15
  (git-fixes).
- PCI: Fix pci_device_is_present() for VFs by checking PF
  (git-fixes).
- wifi: wilc1000: sdio: fix module autoloading (git-fixes).
- ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
  (git-fixes).
- ima: Fix a potential NULL pointer access in
  ima_restore_measurement_list (git-fixes).
- ipmi: fix long wait in unload when IPMI disconnect (git-fixes).
- drm/connector: send hotplug uevent on connector cleanup
  (git-fixes).
- ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (git-fixes).
- selftests: Use optional USERCFLAGS and USERLDFLAGS (git-fixes).
- ACPI: resource: Skip IRQ override on Asus Vivobook
  K3402ZA/K3502ZA (git-fixes).
- selftests: set the BUILD variable to absolute path (git-fixes).
- drm/i915/migrate: fix length calculation (git-fixes).
- drm/i915/migrate: fix offset calculation (git-fixes).
- drm/i915/migrate: don't check the scratch page (git-fixes).
- commit 1d4442d
- media: stv0288: use explicitly signed char (git-fixes).
- commit 72af28b
- mm: compaction: kABI: avoid pglist_data kABI breakage
  (bsc#1207010).
- commit 488d3ad
- arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault
  path (performance bsc#1203219).
- commit 82bc0ed
- mm: compaction: support triggering of proactive compaction by
  user (bsc#1207010).
- commit a9c5d6a
- octeontx2-pf: Fix lmtst ID used in aura free (jsc#SLE-24682).
- octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B
  header extraction support (jsc#SLE-24682).
- octeontx2-pf: Fix pfc_alloc_status array overflow
  (jsc#SLE-24682).
- octeontx2-pf: Fix SQE threshold checking (jsc#SLE-24682).
- octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT]
  (jsc#SLE-24682).
- octeontx2-pf: Fix unused variable build error (jsc#SLE-24682).
- octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly
  (jsc#SLE-24682).
- octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon
  (jsc#SLE-24682).
- octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon
  (jsc#SLE-24682).
- octeontx2-af: return correct ptp timestamp for CN10K silicon
  (jsc#SLE-24682).
- octeontx2-pf: Add egress PFC support (jsc#SLE-24682).
- octeontx2-pf: Reduce minimum mtu size to 60 (jsc#SLE-24682).
- octeontx2-af: Set NIX link credits based on max LMAC
  (jsc#SLE-24682).
- octeontx2-af: Limit link bringup time at firmware
  (jsc#SLE-24682).
- octeontx2-af: Skip CGX/RPM probe incase of zero lmac count
  (jsc#SLE-24682).
- octeontx2: Modify mbox request and response structures
  (jsc#SLE-24682).
- octeontx2-af: Don't reset previous pfc config (jsc#SLE-24682).
- octeontx2-af: fix operand size in bitwise operation
  (jsc#SLE-24682).
- commit a2de709
- cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP
  mode (bsc#1201068).
- commit 15e54a9
- cpufreq: ACPI: Only set boost MSRs on supported CPUs
  (bsc#1205485).
- commit 2fc91f1
- cpufreq: ACPI: Remove unused variables 'acpi_cpufreq_online'
  and 'ret' (bsc#1205485).
- commit bac712b
- drbd: destroy workqueue when drbd device was freed (git-fixes).
- drbd: remove call to memset before free
  device/resource/connection (git-fixes).
- drbd: use after free in drbd_create_device() (git-fixes).
- drbd: set QUEUE_FLAG_STABLE_WRITES (git-fixes).
- drbd: remove usage of list iterator variable after loop
  (git-fixes).
- commit 26591d7
- Update
  patches.suse/dmaengine-idxd-Fix-crc_val-field-for-completion-reco.patch
  (bsc#1206554).
  Added bugzilla number
- commit 1fe5012
- blacklist.conf: add two drbd git-fixes to ignore
- commit d03d927
- ibmveth: Always stop tx queues during close (bsc#1065729).
- commit 11e0f4a
- cpufreq: ACPI: Defer setting boost MSRs (bsc#1205485).
- commit 32f938b
- Refresh
  patches.suse/octeontx2-Move-devlink-registration-to-be-last-devli.patch.
  Added missing hunk in backport.
- commit 9b34e71
- xfs: get root inode correctly at bulkstat (git-fixes).
- commit ecbb587
- xfs: get rid of assert from xfs_btree_islastblock (git-fixes).
- commit f759e44
- xfs: fix incorrect i_nlink caused by inode racing (git-fixes).
- commit c814812
- xfs: fix incorrect error-out in xfs_remove (git-fixes).
- commit 0241b15
- xfs: initialize the check_owner object fully (git-fixes).
- commit 42eb8fb
- xfs: Fix unreferenced object reported by kmemleak in
  xfs_sysfs_init() (git-fixes).
- commit 48cbefa
- xfs: fix memory leak in xfs_errortag_init (git-fixes).
- commit 881b44a
- xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP*
  (git-fixes).
- commit 0bf8d62
- xfs: return errors in xfs_fs_sync_fs (git-fixes).
- commit 0f9b0ad
- xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes).
- commit 9430296
- powerpc: Take in account addition CPU node when building kexec
  FDT (bsc#1207016 ltc#201108).
- powerpc: export the CPU node count (bsc#1207016 ltc#201108).
- commit 4ca3eba
- xfs: fix maxlevels comparisons in the btree staging code
  (git-fixes).
- commit d0f5fd6
- blacklist.conf: misattributed
- commit ee5f25a
- blacklist.conf: too risky
- commit 51ffe7a
- blacklist.conf: misattributed, we do not have this bug
- commit bc3473d
- cifs: Fix kmap_local_page() unmapping (git-fixes).
- commit ff2c079
- Revert "/usb: ulpi: defer ulpi_register on ulpi_read_id timeout"/
  (git-fixes).
- drm/i915/gvt: fix vgpu debugfs clean in remove (git-fixes).
- drm/i915/gvt: fix gvt debugfs destroy (git-fixes).
- drm/i915: unpin on error in intel_vgpu_shadow_mm_pin()
  (git-fixes).
- drm/imx: ipuv3-plane: Fix overlay plane width (git-fixes).
- drm/meson: Reduce the FIFO lines held when AFBC is not used
  (git-fixes).
- drm/panfrost: Fix GEM handle creation ref-counting (git-fixes).
- thermal: int340x: Add missing attribute for data rate base
  (git-fixes).
- caif: fix memory leak in cfctrl_linkup_request() (git-fixes).
- usb: rndis_host: Secure rndis_query check against int overflow
  (git-fixes).
- dt-bindings: net: sun8i-emac: Add phy-supply property
  (git-fixes).
- net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
  (git-fixes).
- nfc: Fix potential resource leaks (git-fixes).
- vmxnet3: correctly report csum_level for encapsulated packet
  (git-fixes).
- gpio: sifive: Fix refcount leak in sifive_gpio_probe
  (git-fixes).
- fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB
  (git-fixes).
- commit ac1915a
- powerpc/powernv: add missing of_node_put (bsc#1065729).
- commit 678d5a8
- rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs
  This makes in-tree KMPs more consistent with externally built KMPs and
  silences several rpmlint warnings.
- commit 02b7735
- rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_*
  Dummy gcc pretends to support -mrecord-mcount option but actual gcc on
  ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS
  enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in
  check failure.
  As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT
  in the exception list, replace them with a general pattern. And add OBJTOOL
  as well.
- commit 887416f
- mm: fix race between MADV_FREE reclaim and blkdev direct IO read
  (bsc#1204989,bsc#1205601).
- commit 83e47e1
- KVM: x86: fix uninitialized variable use on
  KVM_REQ_TRIPLE_FAULT (bsc#1204652 CVE-2022-3344).
- blacklist.conf: blacklist commit id
  df0bb47baa95aad133820b149851d5b94cbc6790 which duplicates
  commit id e542baf30b48605d4336bf54b98e76b8fb98af30.
- commit c2fe422
- powerpc/xive/spapr: correct bitmap allocation size (fate#322438
  git-fixes).
- commit e6f2b08
- Refresh
  patches.suse/NFS-Handle-missing-attributes-in-OPEN-reply.patch.
  Update commit log to prevent patch and quilt from thinking it should apply the
  example hunks and fail.
- commit a6bcec2
- patches.suse/btrfs-fix-resolving-backrefs-for-inline-extent-follo.patch:
  (bsc#1206456).
- commit 31db88a
- NFS: Handle missing attributes in OPEN reply (bsc#1203740).
- commit 4f80fa3
- scsi: mpt3sas: Remove usage of dma_get_required_mask() API
  (bsc#1206912,bsc#1206098).
- scsi: mpt3sas: re-do lost mpt3sas DMA mask fix
  (bsc#1206912,bsc#1206098).
- scsi: mpt3sas: Don't change DMA mask while reallocating pools
  (bsc#1206912,bsc#1206098).
- commit 496371c
- KVM: x86: remove exit_int_info warning in svm_handle_exit
  (bsc#1204652 CVE-2022-3344).
- KVM: x86: allow L1 to not intercept triple fault (bsc#1204652
  CVE-2022-3344).
- KVM: x86: forcibly leave nested mode on vCPU reset (bsc#1204652
  CVE-2022-3344).
- KVM: x86: add kvm_leave_nested (bsc#1204652 CVE-2022-3344).
- KVM: x86: nSVM: harden svm_free_nested against freeing  vmcb02
  while still in use (bsc#1204652 CVE-2022-3344).
- KVM: x86: nSVM: leave nested mode on vCPU free (bsc#1204652
  CVE-2022-3344).
- commit a745b62
- net: allow retransmitting a TCP packet if original is still
  in queue (bsc#1188605 bsc#1187428 bsc#1206619).
- commit 894711e
- memcg, kmem: further deprecate kmem.limit_in_bytes
  (bsc#1206896).
- Refresh
  patches.suse/memcg-deprecate-memory.force_empty-knob.patch.
- commit 855cb6d
- mm/mempolicy: fix memory leak in set_mempolicy_home_node system
  call (bsc#1206468).
- commit 2ac9622
- vdpa_sim: fix vringh initialization in vdpasim_queue_ready()
  (git-fixes).
- vhost: fix range used in translate_desc() (git-fixes).
- vringh: fix range used in iotlb_translate() (git-fixes).
- vhost/vsock: Fix error handling in vhost_vsock_init()
  (git-fixes).
- vdpa_sim: fix possible memory leak in vdpasim_net_init()
  and vdpasim_blk_init() (git-fixes).
- commit 4896995
- Move upstreamed kexec patch into sorted section
- commit 8762bd7
- blacklist.conf: Add ppc ddw fix only applicable to 5.15
- commit b91171d
- blacklist.conf: Add 710ffe671e01 sched/psi: Stop relying on timer_pending() for poll_work rescheduling
- commit 8adb37f
- sched/uclamp: Make task_fits_capacity() use util_fits_cpu() (git-fixes)
- commit a265076
- sched/uclamp: Fix relationship between uclamp and migration (git-fixes)
- commit d4e9f78
- sched/core: Fix comparison in sched_group_cookie_match() (git-fixes)
- commit f64ffc5
- sched/core: Fix the bug that task won't enqueue into core (git-fixes)
- commit f50eaf7
- sched/topology: Remove redundant variable and fix incorrect (git-fixes)
- commit 653c1b4
- blacklist.conf: removes a feature
- commit 4da5756
- blacklist.conf: misattributed
- commit 3e3a9a5
- blacklist.conf: pSeries and powernv get dt from firmware
- commit c257ae8
- powerpc/pseries/eeh: use correct API for error log size
  (bsc#1065729).
- powerpc/perf: callchain validate kernel stack pointer bounds
  (bsc#1065729).
- powerpc/xive: add missing iounmap() in error path in
  xive_spapr_populate_irq_data() (fate#322438 git-fixes).
- powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
- powerpc/64: Init jump labels before parse_early_param()
  (bsc#1065729).
- commit 773dc74
- scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445).
- scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445).
- scsi: lpfc: Fix crash involving race between FLOGI timeout
  and devloss handler (jsc#PED-1445).
- scsi: lpfc: Fix MI capability display in cmf_info sysfs
  attribute (jsc#PED-1445).
- scsi: lpfc: Correct bandwidth logging during receipt of
  congestion sync WCQE (jsc#PED-1445).
- scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445).
- scsi: lpfc: Use memset_startat() helper (jsc#PED-1445).
- scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445).
- string.h: Introduce memset_startat() for wiping trailing
  members and padding (jsc#PED-1445).
- commit 7d406bf
- scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
- scsi: qla2xxx: Initialize vha->unknown_atio_[list, work]
  for NPIV hosts (jsc#PED-568).
- scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization
  (jsc#PED-568).
- scsi: qla2xxx: Remove unused variable 'found_devs'
  (jsc#PED-568).
- scsi: qla2xxx: Fix set-but-not-used variable warnings
  (jsc#PED-568).
- commit ae77c26
- xfrm: Fix oops in __xfrm_state_delete() (bsc#1206794).
- commit b8910c1
- sctp: sysctl: make extra pointers netns aware (bsc#1204760).
- commit 7c1cca0
- Refresh
  patches.suse/drm-amdgpu-sdma_v4_0-turn-off-SDMA-ring-buffer-in-th.patch
  Alt-commit
- commit 41b83ab
- Refresh
  patches.suse/drm-i915-reg-Fix-spelling-mistake-Unsupport-Unsuppor.patch
  Alt-commit
- commit d746af5
- Refresh
  patches.suse/drm-amdgpu-fix-sdma-doorbell-init-ordering-on-APUs.patch
  Alt-commit
- commit 0f2757b
- Refresh
  patches.suse/drm-amdkfd-Fix-memory-leak-in-kfd_mem_dmamap_userptr.patch
  Alt-commit
- commit a635317
- Refresh
  patches.suse/drm-i915-ttm-never-purge-busy-objects.patch
  Alt-commit
- commit be2dd4d
- Refresh
  patches.suse/drm-msm-Make-.remove-and-.shutdown-HW-shutdown-consi.patch
  Alt-commit
- commit a0ff67b
- Refresh
  patches.suse/drm-msm-dsi-fix-the-inconsistent-indenting.patch
  Alt-commit
- commit c6fc5ca
- Refresh
  patches.suse/drm-i915-fix-a-possible-refcount-leak-in-intel_dp_ad.patch
  Alt-commit
- commit d4ca67b
- Refresh
  patches.suse/drm-amdgpu-move-iommu_resume-before-ip-init-resume.patch
  Alt-commit
- commit d5590c6
- EDAC/mc_sysfs: Increase legacy channel support to 12
  (bsc#1205263).
- commit 4cb5420
- blacklist.conf: add scsi-mpt3sas-Fix-return-value-check-of-dma_get_required_mask.patch (bsc#1206098)
- Delete
  patches.suse/scsi-mpt3sas-Fix-return-value-check-of-dma_get_required_mask.patch.
  This patch breaks Xen.
- commit cc3a20c
- powerpc/pseries: unregister VPA when hot unplugging a CPU
  (bsc#1205695 ltc#200603).
- commit bcbd230
- RDMA/siw: Fix pointer cast warning (git-fixes)
- commit 366e50d
- IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (git-fixes)
- commit 0dbba4f
- RDMA/hns: Fix XRC caps on HIP08 (git-fixes)
- commit 59e36ed
- RDMA/hns: Fix error code of CMD (git-fixes)
- commit 5f70364
- RDMA/hns: Fix page size cap from firmware (git-fixes)
- commit 6cde7a4
- RDMA/hns: Fix PBL page MTR find (git-fixes)
- commit 8abc588
- RDMA/hns: Fix AH attr queried by query_qp (git-fixes)
- commit adf2f5b
- RDMA/srp: Fix error return code in srp_parse_options() (git-fixes)
- commit 6f932f1
- RDMA/hfi1: Fix error return code in parse_platform_config() (git-fixes)
- commit e3f1da5
- RDMA: Disable IB HW for UML (git-fixes)
- commit 79de999
- RDMA/nldev: Fix failure to send large messages (git-fixes)
- commit 8afb6ef
- RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (git-fixes)
- commit 7f11c74
- RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (git-fixes)
- commit 9304b2c
- RDMA/hns: fix memory leak in hns_roce_alloc_mr() (git-fixes)
- commit 8bd6757
- RDMA/irdma: Initialize net_type before checking it (git-fixes)
- commit c1ce45c
- RDMA/hfi: Decrease PCI device reference count in error path (git-fixes)
- commit 4b06dc0
- RDMA/hns: Fix ext_sge num error when post send (git-fixes)
- commit 6e743d4
- RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (git-fixes)
- commit 0f16ea1
- RDMA/siw: Set defined status for work completion with undefined status (git-fixes)
- commit a9ebe54
- RDMA/nldev: Return "/-EAGAIN"/ if the cm_id isn't from expected port (git-fixes)
- commit 26efba0
- RDMA/core: Make sure "/ib_port"/ is valid when access sysfs node (git-fixes)
- commit 00cffbb
- RDMA/restrack: Release MR restrack when delete (git-fixes)
- commit 20085bc
- RDMA/siw: Fix immediate work request flush to completion queue (git-fixes)
- commit 4193611
- RDMA/irdma: Report the correct link speed (git-fixes)
- commit 83b7019
- RDMA/core: Fix order of nldev_exit call (git-fixes)
- commit 76dc905
- RDMA/efa: Add EFA 0xefa2 PCI ID (git-fixes)
- commit 7e28dca
- RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (git-fixes)
- commit 9035bce
- ALSA: seq: fix undefined behavior in bit shift for
  SNDRV_SEQ_FILTER_USE_EVENT (git-fixes).
- ALSA: pcm: fix undefined behavior in bit shift for
  SNDRV_PCM_RATE_KNOT (git-fixes).
- commit 1504232
- rtc: cmos: Fix wake alarm breakage (git-fixes).
- commit de5fcc7
- rtc: cmos: Fix event handler registration ordering issue
  (git-fixes).
- Revert "/platform/chrome: cros_ec_typec: Cleanup switch handle
  return paths"/ (git-fixes).
- commit ec01d22
- HID: wacom: Ensure bootloader PID is usable in hidraw mode
  (git-fixes).
- HID: mcp2221: don't connect hidraw (git-fixes).
- remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare()
  in q6v5_wcss_qcs404_power_on() (git-fixes).
- remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in
  adsp_alloc_memory_region() (git-fixes).
- remoteproc: qcom_q6v5_pas: detach power domains on remove
  (git-fixes).
- remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or
  remove (git-fixes).
- remoteproc: qcom: q6v5: Fix potential null-ptr-deref in
  q6v5_wcss_init_mmio() (git-fixes).
- remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev()
  (git-fixes).
- mfd: pm8008: Fix return value check in pm8008_probe()
  (git-fixes).
- rtc: mxc_v2: Add missing clk_disable_unprepare() (git-fixes).
- rtc: pic32: Move devm_rtc_allocate_device earlier in
  pic32_rtc_probe() (git-fixes).
- rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
  (git-fixes).
- rtc: snvs: Allow a time difference on clock register read
  (git-fixes).
- misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
  (git-fixes).
- misc: ocxl: fix possible name leak in ocxl_file_register_afu()
  (git-fixes).
- vfio: platform: Do not pass return buffer to ACPI _RST method
  (git-fixes).
- gpiolib: cdev: fix NULL-pointer dereferences (git-fixes).
- drm/sti: Fix return type of
  sti_{dvo,hda,hdmi}_connector_mode_valid() (git-fixes).
- drm/fsl-dcu: Fix return type of
  fsl_dcu_drm_connector_mode_valid() (git-fixes).
- wifi: mt76: do not run mt76u_status_worker if the device is
  not running (git-fixes).
- wifi: brcmfmac: Fix potential shift-out-of-bounds in
  brcmf_fw_alloc_request() (git-fixes).
- wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
  (git-fixes).
- wifi: ath9k: verify the expected usb_endpoints are present
  (git-fixes).
- hamradio: baycom_epp: Fix return type of baycom_send_packet()
  (git-fixes).
- mmc: renesas_sdhi: better reset from HS400 mode (git-fixes).
- mmc: f-sdh30: Add quirks for broken timeout clock capability
  (git-fixes).
- ipmi: fix memleak when unload ipmi driver (git-fixes).
- HID: hid-sensor-custom: set fixed size for custom attributes
  (git-fixes).
- hwmon: (jc42) Fix missing unlock on error in jc42_write()
  (git-fixes).
- hwmon: (jc42) Restore the min/max/critical temperatures on
  resume (git-fixes).
- hwmon: (jc42) Convert register access and caching to
  regmap/regcache (git-fixes).
- regulator: core: fix use_count leakage when handling boot-on
  (git-fixes).
- media: si470x: Fix use-after-free in si470x_int_in_callback()
  (git-fixes).
- media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
  (git-fixes).
- media: dvb-frontends: fix leak of memory fw (git-fixes).
- nilfs2: fix shift-out-of-bounds due to too large exponent of
  block size (git-fixes).
- nilfs2: fix shift-out-of-bounds/overflow in
  nilfs_sb2_bad_offset() (git-fixes).
- soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in
  knav_queue_probe (git-fixes).
- rtc: cmos: fix build on non-ACPI platforms (git-fixes).
- extcon: usbc-tusb320: Factor out extcon into dedicated functions
  (git-fixes).
- tty: serial: altera_uart_{r,t}x_chars() need only uart_port
  (git-fixes).
- tty: serial: clean up stop-tx part in altera_uart_tx_chars()
  (git-fixes).
- rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (git-fixes).
- mfd: pm8008: Remove driver data structure pm8008_data
  (git-fixes).
- platform/chrome: cros_ec_typec: Cleanup switch handle return
  paths (git-fixes).
- gpiolib: Get rid of redundant 'else' (git-fixes).
- soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead
  of pm_runtime_get_sync (git-fixes).
- usb: typec: Factor out non-PD fwnode properties (git-fixes).
- gpiolib: make struct comments into real kernel docs (git-fixes).
- mt76: stop the radar detector after leaving dfs channel
  (git-fixes).
- extcon: usbc-tusb320: Add support for TUSB320L (git-fixes).
- extcon: usbc-tusb320: Add support for mode setting and reset
  (git-fixes).
- commit cfb92f2
- clk: st: Fix memory leak in st_of_quadfs_setup() (git-fixes).
- drm/amd/display: Use the largest vready_offset in pipe group
  (git-fixes).
- drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid()
  (git-fixes).
- drm/amd/display: fix array index out of bound error in bios
  parser (git-fixes).
- drm/etnaviv: add missing quirks for GC300 (git-fixes).
- drm/fourcc: Fix vsub/hsub for Q410 and Q401 (git-fixes).
- drm/sti: Use drm_mode_copy() (git-fixes).
- drm/rockchip: Use drm_mode_copy() (git-fixes).
- drm/msm: Use drm_mode_copy() (git-fixes).
- drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table()
  callback (git-fixes).
- drm/amdgpu: Fix type of second parameter in trans_msg() callback
  (git-fixes).
- drm/amd/display: prevent memory leak (git-fixes).
- clocksource/drivers/timer-ti-dm: Fix missing
  clk_disable_unprepare in dmtimer_systimer_init_clock()
  (git-fixes).
- clocksource/drivers/sh_cmt: Access registers according to spec
  (git-fixes).
- crypto: hisilicon/qm - fix missing destroy qp_idr (git-fixes).
- drm/fourcc: Add packed 10bit YUV 4:2:0 format (git-fixes).
- drm/amd/display: Manually adjust strobe for DCN303 (git-fixes).
- commit f4d3289
- ata: ahci: Fix PCS quirk application for suspend (git-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB
  (git-fixes).
- ALSA: usb-audio: add the quirk for KT0206 device (git-fixes).
- ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list
  (git-fixes).
- apparmor: Fix memleak in alloc_ns() (git-fixes).
- apparmor: Use pointer to struct aa_label for lbs_cred
  (git-fixes).
- apparmor: Fix abi check to include v8 abi (git-fixes).
- apparmor: fix lockdep warning when removing a namespace
  (git-fixes).
- apparmor: fix a memleak in multi_transaction_new() (git-fixes).
- brcmfmac: return error when getting invalid max_flowrings from
  dongle (git-fixes).
- ASoC: codecs: rt298: Add quirk for KBL-R RVP platform
  (git-fixes).
- acct: fix potential integer overflow in encode_comp_t()
  (git-fixes).
- ACPICA: Fix error code path in acpi_ds_call_control_method()
  (git-fixes).
- binfmt_misc: fix shift-out-of-bounds in check_special_flags
  (git-fixes).
- can: kvaser_usb: do not increase tx statistics when sending
  error message frames (git-fixes).
- commit 86527dd
- mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code
  (git-fixes).
- commit 0741514
- Revert an ASoC patch that cuased a regression (bsc#1206703)
  Delete:
  patches.suse/ASoC-soc-pcm-Don-t-zero-TDM-masks-in-__soc_pcm_open.patch
- commit f822682
- Refresh patches.suse/drm-i915-ttm-never-purge-busy-objects.patch
  Fix the compilation warning/error for SLE15-SP4 code;
  should be reverted for SLE15-SP5
- commit 01b9ce4
- cifs: update internal module number (bsc#1193629).
- commit 2c23471
- cifs: don't leak -ENOMEM in smb2_open_file() (bsc#1193629).
- cifs: use origin fullpath for automounts (bsc#1193629).
- commit d701916
- cifs: set correct status of tcon ipc when reconnecting
  (bsc#1193629).
- commit 57f84f1
- cifs: optimize reconnect of nested links (bsc#1193629).
- cifs: fix source pathname comparison of dfs supers
  (bsc#1193629).
- commit 2490abe
- cifs: fix confusing debug message (bsc#1193629).
- cifs: don't block in dfs_cache_noreq_update_tgthint()
  (bsc#1193629).
- commit 2d792b4
- cifs: refresh root referrals (bsc#1193629).
- cifs: fix refresh of cached referrals (bsc#1193629).
- commit 5f89779
- cifs: don't refresh cached referrals from unactive mounts
  (bsc#1193629).
- cifs: share dfs connections and supers (bsc#1193629).
- commit d487cdb
- cifs: split out ses and tcon retrieval from mount_get_conns()
  (bsc#1193629).
- cifs: set resolved ip in sockaddr (bsc#1193629).
- commit 6b4ca3c
- cifs: remove unused smb3_fs_context::mount_options
  (bsc#1193629).
- commit 45748b3
- cifs: get rid of mount options string parsing (bsc#1193629).
- cifs: use fs_context for automounts (bsc#1193629).
- commit 3459851
- cifs: reduce roundtrips on create/qinfo requests (bsc#1193629).
- commit 5298349
- cifs: set correct ipc status after initial tree connect
  (bsc#1193629).
- cifs: set correct tcon status after initial tree connect
  (bsc#1193629).
- commit c4c2e58
- cifs: Remove duplicated include in cifsglob.h (bsc#1193629).
- commit e5a8551
- cifs: fix oops during encryption (bsc#1199294).
- commit ddcc642
- cifs: print warning when conflicting soft vs. hard mount
  options specified (bsc#1193629).
- commit d3798b8
- cifs: fix missing display of three mount options (bsc#1193629).
- commit de33d28
- cifs: fix various whitespace errors in headers (bsc#1193629).
- commit 8d59280
- cifs: minor cleanup of some headers (bsc#1193629).
- commit 86a2d1f
- cifs: skip alloc when request has no pages (bsc#1193629).
- commit 992bc71
- cifs: Parse owner/group for stat in smb311 posix extensions
  (bsc#1193629).
- commit fa4a327
- cifs: Add "/extbuf"/ and "/extbuflen"/ args to smb2_compound_op()
  (bsc#1193629).
- commit 9c7ee24
- pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES
  (git-fixes).
- crypto: ccree - Make cc_debugfs_global_fini() available for
  module init function (git-fixes).
- ASoC: ops: Correct bounds check for second channel on SX
  controls (git-fixes).
- clk: Fix pointer casting to prevent oops in devm_clk_release()
  (git-fixes).
- commit b22634c
- usb: gadget: uvc: Rename bmInterfaceFlags -> bmInterlaceFlags
  (git-fixes).
- usb: dwc3: core: defer probe on ulpi_read_id timeout
  (git-fixes).
- usb: ulpi: defer ulpi_register on ulpi_read_id timeout
  (git-fixes).
- usb: gadget: uvc: Prevent buffer overflow in setup handler
  (git-fixes).
- usb: storage: Add check for kcalloc (git-fixes).
- USB: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes).
- USB: serial: option: add Quectel EM05-G modem (git-fixes).
- USB: serial: f81534: fix division by zero on line-speed change
  (git-fixes).
- USB: serial: f81232: fix division by zero on line-speed change
  (git-fixes).
- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (git-fixes).
- usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode
  (git-fixes).
- usb: cdnsp: fix lack of ZLP for ep0 (git-fixes).
- usb: xhci-mtk: fix leakage of shared hcd when fail to set
  wakeup irq (git-fixes).
- usb: dwc3: pci: Update PCIe device ID for USB3 controller on
  CPU sub-system for Raptor Lake (git-fixes).
- wifi: brcmfmac: Fix error return code in
  brcmf_sdio_download_firmware() (git-fixes).
- wifi: rtl8xxxu: Fix the channel width reporting (git-fixes).
- wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
  (git-fixes).
- wifi: iwlwifi: mvm: fix double free on tx path (git-fixes).
- wifi: mt76: fix coverity overrun-call in mt76_get_txpower()
  (git-fixes).
- wifi: cfg80211: Fix not unregister reg_pdev when
  load_builtin_regdb_keys() fails (git-fixes).
- wifi: mac80211: fix memory leak in ieee80211_if_add()
  (git-fixes).
- wifi: ath10k: Fix return value in ath10k_pci_init() (git-fixes).
- wifi: rtw89: fix physts IE page check (git-fixes).
- wifi: rtw89: Fix some error handling path in
  rtw89_core_sta_assoc() (git-fixes).
- wifi: rtw89: use u32_encode_bits() to fill MAC quota value
  (git-fixes).
- wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control
  port (git-fixes).
- wifi: ath9k: hif_usb: Fix use-after-free in
  ath9k_hif_usb_reg_in_cb() (git-fixes).
- wifi: ath9k: hif_usb: fix memory leak of urbs in
  ath9k_hif_usb_dealloc_tx_urbs() (git-fixes).
- wifi: rtl8xxxu: gen2: Turn on the rate control (git-fixes).
- commit 4d78293
- uio: uio_dmem_genirq: Fix deadlock between irq config and
  handling (git-fixes).
- uio: uio_dmem_genirq: Fix missing unlock in irq configuration
  (git-fixes).
- usb: roles: fix of node refcount leak in
  usb_role_switch_is_parent() (git-fixes).
- usb: typec: tipd: Fix spurious fwnode_handle_put in error path
  (git-fixes).
- usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register
  fails (git-fixes).
- usb: typec: tcpci: fix of node refcount leak in
  tcpci_register_port() (git-fixes).
- usb: typec: Check for ops->exit instead of ops->enter in
  altmode_exit (git-fixes).
- tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
  (git-fixes).
- usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer
  (git-fixes).
- commit 00e7f07
- test_firmware: fix memory leak in test_firmware_init()
  (git-fixes).
- thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2
  (git-fixes).
- thermal/drivers/imx8mm_thermal: Validate temperature range
  (git-fixes).
- spi: spi-gpio: Don't set MOSI as an input if not 3WIRE mode
  (git-fixes).
- spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE (git-fixes).
- thermal: core: fix some possible name leaks in error paths
  (git-fixes).
- tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init()
  (git-fixes).
- tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
  (git-fixes).
- tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
  (git-fixes).
- tpm: acpi: Call acpi_put_table() to fix memory leak (git-fixes).
- commit 3ea2187
- soc: mediatek: pm-domains: Fix the power glitch issue
  (git-fixes).
- serial: sunsab: Fix error handling in sunsab_init() (git-fixes).
- serial: pch: Fix PCI device refcount leak in pch_request_dma()
  (git-fixes).
- serial: stm32: move dma_request_chan() before
  clk_prepare_enable() (git-fixes).
- spi: Update reference to struct spi_controller (git-fixes).
- soc: qcom: Select REMAP_MMIO for LLCC driver (git-fixes).
- soc: ti: smartreflex: Fix PM disable depth imbalance in
  omap_sr_probe (git-fixes).
- drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as
  static (git-fixes).
- soc: qcom: llcc: make irq truly optional (git-fixes).
- commit 41d3c92
- regulator: core: fix deadlock on regulator enable (git-fixes).
- pstore: Properly assign mem_type property (git-fixes).
- pstore: Switch pmsg_lock to an rt_mutex to avoid priority
  inversion (git-fixes).
- pwm: mediatek: always use bus clock for PWM on MT7622
  (git-fixes).
- pwm: lpc18xx-sct: Fix a comment to match code (git-fixes).
- pwm: sifive: Call pwm_sifive_update_clock() while mutex is held
  (git-fixes).
- pwm: tegra: Improve required rate calculation (git-fixes).
- selftests: devlink: fix the fd redirect in dummy_reporter_test
  (git-fixes).
- r6040: Fix kmemleak in probe and remove (git-fixes).
- selftests/powerpc: Fix resource leaks (git-fixes).
- serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle
  (git-fixes).
- serial: amba-pl011: avoid SBSA UART accessing DMACR register
  (git-fixes).
- serial: 8250_bcm7271: Fix error handling in brcmuart_init()
  (git-fixes).
- serial: tegra: Read DMA status before terminating (git-fixes).
- staging: rtl8192e: Fix potential use-after-free in
  rtllib_rx_Monitor() (git-fixes).
- staging: rtl8192u: Fix use after free in ieee80211_rx()
  (git-fixes).
- regulator: qcom-labibb: Fix missing of_node_put() in
  qcom_labibb_regulator_probe() (git-fixes).
- regulator: core: fix resource leak in regulator_register()
  (git-fixes).
- regulator: core: fix module refcount leak in set_supply()
  (git-fixes).
- regulator: bd718x7: Drop unnecessary info print (git-fixes).
- regulator: core: use kfree_const() to free space conditionally
  (git-fixes).
- regulator: qcom-rpmh: Fix PMR735a S3 regulator spec (git-fixes).
- regulator: core: fix unbalanced of node refcount in
  regulator_dev_lookup() (git-fixes).
- selftests/efivarfs: Add checking of the test return value
  (git-fixes).
- selftests/ftrace: event_triggers: wait longer for
  test_event_enable (git-fixes).
- pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
  (git-fixes).
- pstore/ram: Fix error return code in ramoops_probe()
  (git-fixes).
- pstore/zone: Use GFP_ATOMIC to allocate zone buffer (git-fixes).
- regulator: twl6030: fix get status of twl6032 regulators
  (git-fixes).
- regulator: slg51000: Wait after asserting CS pin (git-fixes).
- commit b3e3245
- nfc: pn533: Clear nfc_target before being used (git-fixes).
- phy: usb: s2 WoL wakeup_count not incremented for USB->Eth
  devices (git-fixes).
- power: supply: fix null pointer dereferencing in
  power_supply_get_battery_info (git-fixes).
- power: supply: ab8500: Fix error handling in
  ab8500_charger_init() (git-fixes).
- power: supply: z2_battery: Fix possible memleak in
  z2_batt_probe() (git-fixes).
- power: supply: fix residue sysfs file in error handle route
  of __power_supply_register() (git-fixes).
- PCI: pci-epf-test: Register notifier if only core_init_notifier
  is enabled (git-fixes).
- PCI: vmd: Disable MSI remapping after suspend (git-fixes).
- PCI: dwc: Fix n_fts[] array overrun (git-fixes).
- PCI/sysfs: Fix double free in error path (git-fixes).
- PCI: Check for alloc failure in pci_request_irq() (git-fixes).
- pinctrl: pinconf-generic: add missing of_node_put() (git-fixes).
- pinctrl: k210: call of_node_put() (git-fixes).
- mtd: spi-nor: Fix the number of bytes for the dummy cycles
  (git-fixes).
- mtd: spi-nor: hide jedec_id sysfs attribute if not present
  (git-fixes).
- mtd: spi-nor: Check for zero erase size in
  spi_nor_find_best_erase_type() (git-fixes).
- mtd: maps: pxa2xx-flash: fix memory leak in probe (git-fixes).
- mtd: lpddr2_nvm: Fix possible null-ptr-deref (git-fixes).
- proc: fixup uptime selftest (git-fixes).
- PNP: fix name memory leak in pnp_alloc_dev() (git-fixes).
- PM: hibernate: Fix mistake in kerneldoc comment (git-fixes).
- PM: runtime: Do not call __rpm_callback() from rpm_idle()
  (git-fixes).
- platform/chrome: cros_usbpd_notify: Fix error handling in
  cros_usbpd_notify_init() (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix event typo (git-fixes).
- platform/x86: intel_scu_ipc: fix possible name leak in
  __intel_scu_ipc_register() (git-fixes).
- platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
  (git-fixes).
- platform/x86: huawei-wmi: fix return value calculation
  (git-fixes).
- pinctrl: meditatek: Startup with the IRQs disabled (git-fixes).
- commit 9546018
- mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than
  400K (git-fixes).
- mmc: vub300: fix warning - do not call blocking ops when
  !TASK_RUNNING (git-fixes).
- mmc: core: Normalize the error handling branch in
  sd_read_ext_regs() (git-fixes).
- mmc: renesas_sdhi: alway populate SCC pointer (git-fixes).
- mmc: mmci: fix return value check of mmc_add_host() (git-fixes).
- mmc: wbsd: fix return value check of mmc_add_host() (git-fixes).
- mmc: via-sdmmc: fix return value check of mmc_add_host()
  (git-fixes).
- mmc: meson-gx: fix return value check of mmc_add_host()
  (git-fixes).
- mmc: omap_hsmmc: fix return value check of mmc_add_host()
  (git-fixes).
- mmc: atmel-mci: fix return value check of mmc_add_host()
  (git-fixes).
- mmc: wmt-sdmmc: fix return value check of mmc_add_host()
  (git-fixes).
- mmc: vub300: fix return value check of mmc_add_host()
  (git-fixes).
- mmc: toshsd: fix return value check of mmc_add_host()
  (git-fixes).
- mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
  (git-fixes).
- mmc: rtsx_pci: fix return value check of mmc_add_host()
  (git-fixes).
- mmc: pxamci: fix return value check of mmc_add_host()
  (git-fixes).
- mmc: mxcmmc: fix return value check of mmc_add_host()
  (git-fixes).
- mmc: moxart: fix return value check of mmc_add_host()
  (git-fixes).
- mtd: Fix device name leak when register device failed in
  add_mtd_device() (git-fixes).
- commit 5e3071e
- mailbox: zynq-ipi: fix error handling while device_register()
  fails (git-fixes).
- mailbox: arm_mhuv2: Fix return value check in mhuv2_probe()
  (git-fixes).
- mailbox: mpfs: read the system controller's status (git-fixes).
- mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe()
  (git-fixes).
- mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (git-fixes).
- mfd: mt6360: Add bounds checking in Regmap read/write call-backs
  (git-fixes).
- mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- HSI: omap_ssi_core: Fix error handling in ssi_init()
  (git-fixes).
- HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
  (git-fixes).
- iio: fix memory leak in iio_device_register_eventset()
  (git-fixes).
- iio: adc128s052: add proper .data members in adc128_of_match
  table (git-fixes).
- iio: temperature: ltc2983: make bulk write buffer DMA-safe
  (git-fixes).
- iio: adc: ad_sigma_delta: do not use internal iio_dev lock
  (git-fixes).
- i2c: ismt: Fix an out-of-bounds bug in ismt_access()
  (git-fixes).
- i2c: mux: reg: check return value after calling
  platform_get_resource() (git-fixes).
- i2c: pxa-pci: fix missing pci_disable_device() on error in
  ce4100_i2c_probe (git-fixes).
- hwrng: amd - Fix PCI device refcount leak (git-fixes).
- integrity: Fix memory leakage in keyring allocation error path
  (git-fixes).
- mmc: alcor: fix return value check of mmc_add_host()
  (git-fixes).
- ipmi: fix use after free in _ipmi_destroy_user() (git-fixes).
- ipmi: kcs: Poll OBF briefly to reduce OBE latency (git-fixes).
- Input: wistron_btns - disable on UML (git-fixes).
- Input: elants_i2c - properly handle the reset GPIO when power
  is off (git-fixes).
- Input: joystick - fix Kconfig warning for JOYSTICK_ADC
  (git-fixes).
- media: saa7164: fix missing pci_disable_device() (git-fixes).
- media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
  (git-fixes).
- media: dvb-core: Fix ignored return value in
  dvb_register_frontend() (git-fixes).
- media: dvb-core: Fix double free in dvb_register_device()
  (git-fixes).
- media: imon: fix a race condition in send_packet() (git-fixes).
- media: solo6x10: fix possible memory leak in solo_sysfs_init()
  (git-fixes).
- media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init()
  (git-fixes).
- media: vimc: Fix wrong function called when vimc_init() fails
  (git-fixes).
- media: adv748x: afe: Select input port when initializing AFE
  (git-fixes).
- media: v4l2-ctrls: Fix off-by-one error in integer menu control
  check (git-fixes).
- media: vivid: fix compose size exceed boundary (git-fixes).
- staging: media: tegra-video: fix device_node use after free
  (git-fixes).
- staging: media: tegra-video: fix chan->mipi value on error
  (git-fixes).
- media: i2c: ad5820: Fix error path (git-fixes).
- ipu3-imgu: Fix NULL pointer dereference in
  imgu_subdev_set_selection() (git-fixes).
- media: camss: Clean up received buffers on failed start of
  streaming (git-fixes).
- media: videobuf-dma-contig: use dma_mmap_coherent (git-fixes).
- lib/fonts: fix undefined behavior in bit shift for
  get_default_font (git-fixes).
- lib/debugobjects: fix stat count and optimize
  debug_objects_mem_init (git-fixes).
- media: v4l2-dv-timings.c: fix too strict blanking sanity checks
  (git-fixes).
- mmc: mtk-sd: Fix missing clk_disable_unprepare in
  msdc_of_clock_parse() (git-fixes).
- commit 492bdad
- driver core: Fix bus_type.match() error handling in
  __driver_attach() (git-fixes).
- Refresh
  patches.suse/drivers-base-implement-dev_enable_async_probe.patch.
- commit 72f2b42
- drm/i915/display: Don't disable DDI/Transcoder when setting
  phy test pattern (git-fixes).
- drm/i915: Fix documentation for
  intel_uncore_forcewake_put__locked (git-fixes).
- dmaengine: idxd: Fix crc_val field for completion record
  (git-fixes).
- Documentation: devres: add missing
  devm_acpi_dma_controller_free() helper (git-fixes).
- HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
  (git-fixes).
- device property: Fix documentation for fwnode_get_next_parent()
  (git-fixes).
- Documentation: devres: add missing MEM helper (git-fixes).
- firmware: raspberrypi: fix possible memory leak in
  rpi_firmware_probe() (git-fixes).
- drivers: dio: fix possible memory leak in dio_init()
  (git-fixes).
- Documentation: devres: add missing PHY helpers (git-fixes).
- dt-bindings: gpio: gpio-davinci: Increase maxItems in
  gpio-line-names (git-fixes).
- fbdev: fbcon: release buffer when fbcon_do_set_font() failed
  (git-fixes).
- fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
  (git-fixes).
- fbdev: uvesafb: don't build on UML (git-fixes).
- fbdev: geode: don't build on UML (git-fixes).
- fbdev: vermilion: decrease reference count in error path
  (git-fixes).
- fbdev: via: Fix error in via_core_init() (git-fixes).
- fbdev: pm2fb: fix missing pci_disable_device() (git-fixes).
- fbdev: ssd1307fb: Drop optional dependency (git-fixes).
- crypto: img-hash - Fix variable dereferenced before check
  'hdev->req' (git-fixes).
- crypto: omap-sham - Use pm_runtime_resume_and_get() in
  omap_sham_probe() (git-fixes).
- crypto: tcrypt - Fix multibuffer skcipher speed test mem leak
  (git-fixes).
- crypto: cryptd - Use request context instead of stack for
  sub-request (git-fixes).
- crypto: ccree - Remove debugfs when platform_driver_register
  failed (git-fixes).
- crypto: rockchip - rework by using crypto_engine (git-fixes).
- crypto: rockchip - remove non-aligned handling (git-fixes).
- crypto: rockchip - better handle cipher key (git-fixes).
- crypto: rockchip - add fallback for ahash (git-fixes).
- crypto: rockchip - add fallback for cipher (git-fixes).
- crypto: rockchip - do not store mode globally (git-fixes).
- crypto: rockchip - do not do custom power management
  (git-fixes).
- crypto: n2 - add missing hash statesize (git-fixes).
- crypto: nitrox - avoid double free on error path in
  nitrox_sriov_init() (git-fixes).
- crypto: sun8i-ss - use dma_addr instead u32 (git-fixes).
- hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
  (git-fixes).
- Documentation: bonding: update miimon default to 100
  (git-fixes).
- Revert "/dt-bindings: marvell,prestera: Add description for
  device-tree bindings"/ (git-fixes).
- dt-bindings: clock: qcom,aoncc-sm8250: fix compatible
  (git-fixes).
- drm/amdkfd: Fix memory leakage (git-fixes).
- drm/amdgpu: Fix PCI device refcount leak in
  amdgpu_atrm_get_bios() (git-fixes).
- drm/radeon: Fix PCI device refcount leak in
  radeon_atrm_get_bios() (git-fixes).
- drm/amd/pm/smu11: BACO is supported when it's in BACO state
  (git-fixes).
- drm/i915/dsi: fix VBT send packet port selection for dual link
  DSI (git-fixes).
- drm/amdgpu: fix pci device refcount leak (git-fixes).
- drm/tegra: Add missing clk_disable_unprepare() in
  tegra_dc_probe() (git-fixes).
- drm/mediatek: Modify dpi power on/off sequence (git-fixes).
- drm/i915: remove circ_buf.h includes (git-fixes).
- drm/i915/ttm: never purge busy objects (git-fixes).
- drm/radeon: Add the missed acpi_put_table() to fix memory leak
  (git-fixes).
- drm/etnaviv: don't truncate physical page address (git-fixes).
- dt-bindings: display: sun6i-dsi: Fix clock conditional
  (git-fixes).
- drm/ingenic: Fix missing platform_driver_unregister() call in
  ingenic_drm_init() (git-fixes).
- Revert "/drm/amd/display: Limit max DSC target bpp for specific
  monitors"/ (git-fixes).
- drm/amdgpu/powerplay/psm: Fix memory leak in power state init
  (git-fixes).
- drm/panel/panel-sitronix-st7701: Remove panel on DSI attach
  failure (git-fixes).
- drm/vmwgfx: Validate the box size for the snooped cursor
  (git-fixes).
- drm/rockchip: lvds: fix PM usage counter unbalance in poweron
  (git-fixes).
- drm/vmwgfx: Fix a sparse warning in kernel docs (git-fixes).
- drm/bridge: adv7533: remove dynamic lane switching from adv7533
  bridge (git-fixes).
- drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink
  (git-fixes).
- floppy: Fix memory leak in do_floppy_init() (git-fixes).
- Documentation/features-refresh.sh: Only sed the beginning
  "/arch"/ of ARCH_DIR (git-fixes).
- docs/zh_CN: Fix '.. only::' directive's expression (git-fixes).
- Documentation: devres: add missing PWM helper (git-fixes).
- drm/vmwgfx: Don't use screen objects when SEV is active
  (git-fixes).
- drm/shmem-helper: Avoid vm_open error paths (git-fixes).
- drm/shmem-helper: Remove errant put in error path (git-fixes).
- drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420
  (git-fixes).
- drm/bridge: ti-sn65dsi86: Fix output polarity setting bug
  (git-fixes).
- drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle
  suspend (git-fixes).
- HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk (git-fixes).
- HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire
  Switch V 10 (git-fixes).
- gpiolib: fix memory leak in gpiochip_setup_dev() (git-fixes).
- fbcon: Use kzalloc() in fbcon_prepare_logo() (git-fixes).
- gpiolib: check the 'ngpios' property in core gpiolib code
  (git-fixes).
- gpiolib: improve coding style for local variables (git-fixes).
- drm/bridge: anx7625: Fix edid_read break case in
  sp_tx_edid_read() (git-fixes).
- commit 1ce780f
- Refresh patches.suse/dt-bindings-clocks-imx8mp-Add-ID-for-usb-suspend-clo.patch
  Correct the doubly defined IMX8MP_CLK_END
- commit 880f395
- ASoC: rt5670: Remove unbalanced pm_runtime_put() (git-fixes).
- ASoC: rockchip: spdif: Add missing clk_disable_unprepare()
  in rk_spdif_runtime_resume() (git-fixes).
- ASoC: wm8994: Fix potential deadlock (git-fixes).
- ASoC: mediatek: mt8183: fix refcount leak in
  mt8183_mt6358_ts3a227_max98357_dev_probe() (git-fixes).
- ASoC: rockchip: pdm: Add missing clk_disable_unprepare()
  in rockchip_pdm_runtime_resume() (git-fixes).
- ASoC: audio-graph-card: fix refcount leak of cpu_ep in
  __graph_for_each_link() (git-fixes).
- ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in
  mt8173_rt5650_rt5514_dev_probe() (git-fixes).
- class: fix possible memory leak in __class_register()
  (git-fixes).
- chardev: fix error handling in cdev_device_add() (git-fixes).
- Bluetooth: RFCOMM: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_core: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_bcsp: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_h5: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_ll: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_qca: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- Bluetooth: btusb: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- Bluetooth: btintel: Fix missing free skb in
  btintel_setup_combined() (git-fixes).
- Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS
  (git-fixes).
- can: tcan4x5x: Remove invalid write in clear_interrupts
  (git-fixes).
- can: kvaser_usb_leaf: Fix bogus restart events (git-fixes).
- can: kvaser_usb_leaf: Fix wrong CAN state after stopping
  (git-fixes).
- can: kvaser_usb_leaf: Set Warning state even without bus errors
  (git-fixes).
- clk: qcom: clk-krait: fix wrong div2 functions (git-fixes).
- clk: qcom: lpass-sc7180: Fix pm_runtime usage (git-fixes).
- clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs
  (git-fixes).
- clk: imx: replace osc_hdmi with dummy (git-fixes).
- clk: imx: imx8mp: add shared clk gate for usb suspend clk
  (git-fixes).
- clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
  (git-fixes).
- clk: sunxi-ng: v3s: Correct the header guard of ccu-sun8i-v3s.h
  (git-fixes).
- clk: renesas: r9a06g032: Repair grave increment error
  (git-fixes).
- clk: nomadik: correct struct name kernel-doc warning
  (git-fixes).
- clk: socfpga: Fix memory leak in socfpga_gate_init()
  (git-fixes).
- clk: samsung: Fix memory leak in _samsung_clk_register_pll()
  (git-fixes).
- ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
  (git-fixes).
- ASoC: mediatek: mt8173: Enable IRQ when pdata is ready
  (git-fixes).
- ASoC: mediatek: mtk-btcvsd: Add checks for write and read of
  mtk_btcvsd_snd (git-fixes).
- ASoC: dt-bindings: wcd9335: fix reset line polarity in example
  (git-fixes).
- binfmt: Fix error return code in load_elf_fdpic_binary()
  (git-fixes).
- binfmt_elf: fix documented return value for load_elf_phdrs()
  (git-fixes).
- Bluetooth: btusb: Add debug message for CSR controllers
  (git-fixes).
- can: mcba_usb: Fix termination command argument (git-fixes).
- can: sja1000: fix size of OCR_MODE_MASK define (git-fixes).
- clk: Provide new devm_clk helpers for prepared and enabled
  clocks (git-fixes).
- clk: generalize devm_clk_get() a bit (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
  (git-fixes).
- commit 4b9e60b
- arm64: dts: mt8183: Fix Mali GPU clock (git-fixes).
- amdgpu/pm: prevent array underflow in
  vega20_odn_edit_dpm_table() (git-fixes).
- ASoC: qcom: Add checks for devm_kcalloc (git-fixes).
- ASoC: pxa: fix null-pointer dereference in filter() (git-fixes).
- ASoC: jz4740-i2s: Handle independent FIFO flush bits
  (git-fixes).
- ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
  (git-fixes).
- ALSA: pcm: Set missing stop_operating flag at undoing trigger
  start (git-fixes).
- ALSA: asihpi: fix missing pci_disable_device() (git-fixes).
- ACPICA: Fix use-after-free in
  acpi_ut_copy_ipackage_to_ipackage() (git-fixes).
- ARM: dts: qcom: apq8064: fix coresight compatible (git-fixes).
- arm64: dts: qcom: sm8250: fix USB-DP PHY registers (git-fixes).
- ARM: dts: armada-39x: Fix compatible string for gpios
  (git-fixes).
- ARM: dts: armada-38x: Fix compatible string for gpios
  (git-fixes).
- ARM: dts: turris-omnia: Add switch port 6 node (git-fixes).
- ARM: dts: turris-omnia: Add ethernet aliases (git-fixes).
- ARM: dts: armada-39x: Fix assigned-addresses for every PCIe
  Root Port (git-fixes).
- ARM: dts: armada-38x: Fix assigned-addresses for every PCIe
  Root Port (git-fixes).
- ARM: dts: armada-375: Fix assigned-addresses for every PCIe
  Root Port (git-fixes).
- ARM: dts: armada-xp: Fix assigned-addresses for every PCIe
  Root Port (git-fixes).
- ARM: dts: armada-370: Fix assigned-addresses for every PCIe
  Root Port (git-fixes).
- ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
  (git-fixes).
- arm64: dts: armada-3720-turris-mox: Add missing interrupt for
  RTC (git-fixes).
- arm64: dts: qcom: sm8250: drop bogus DP PHY clock (git-fixes).
- arm64: dts: qcom: sm8250: correct LPASS pin pull down
  (git-fixes).
- arm64: dts: qcom: msm8916: Drop MSS fallback compatible
  (git-fixes).
- arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias
  (git-fixes).
- arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive
  strength (git-fixes).
- arm64: dts: qcom: sdm630: fix UART1 pin bias (git-fixes).
- arm64: dts: qcom: msm8996: fix GPU OPP table (git-fixes).
- arm64: dts: qcom: msm8996: fix supported-hw in cpufreq OPP
  tables (git-fixes).
- arm64: dts: qcom: msm8996: Add MSM8996 Pro support (git-fixes).
- arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins
  drive strength (git-fixes).
- arm64: dts: qcom: sm8250-sony-xperia-edo: fix touchscreen
  bias-disable (git-fixes).
- arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins (git-fixes).
- ARM: dts: nuvoton: Remove bogus unit addresses from
  fixed-partition nodes (git-fixes).
- arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node
  (git-fixes).
- arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node
  (git-fixes).
- arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name
  (git-fixes).
- arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings
  (git-fixes).
- arm64: dts: mt2712-evb: Fix usb vbus regulators unit names
  (git-fixes).
- arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names
  (git-fixes).
- arm64: dts: mt2712e: Fix unit address for pinctrl node
  (git-fixes).
- arm64: dts: mt2712e: Fix unit_address_vs_reg warning for
  oscillators (git-fixes).
- arm64: dts: mt6779: Fix devicetree build warnings (git-fixes).
- arm64: dts: mt7622: drop r_smpl property from mmc node
  (git-fixes).
- arm64: dts: mt8183: drop drv-type from mmc-node (git-fixes).
- ARM: dts: stm32: Fix AV96 WLAN regulator gpio property
  (git-fixes).
- ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96
  (git-fixes).
- arm: dts: spear600: Fix clcd interrupt (git-fixes).
- ARM: mmp: fix timer_read delay (git-fixes).
- ARM: ux500: do not directly dereference __iomem (git-fixes).
- Revert "/ARM: dts: imx7: Fix NAND controller size-cells"/
  (git-fixes).
- ASoC: cs42l51: Correct PGA Volume minimum value (git-fixes).
- ASoC: ops: Check bounds for second channel in
  snd_soc_put_volsw_sx() (git-fixes).
- ASoC: fsl_micfil: explicitly clear CHnF flags (git-fixes).
- ASoC: fsl_micfil: explicitly clear software reset bit
  (git-fixes).
- ASoC: soc-pcm: Add NULL check in BE reparenting (git-fixes).
- ASoC: rt711-sdca: fix the latency time of clock stop prepare
  state machine transitions (git-fixes).
- ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1
  register (git-fixes).
- ALSA: seq: Fix function prototype mismatch in
  snd_seq_expand_var_event (git-fixes).
- ARM: dts: rockchip: disable arm_global_timer on rk3066 and
  rk3188 (git-fixes).
- ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name
  (git-fixes).
- arm64: dts: rockchip: fix ir-receiver node names (git-fixes).
- ARM: dts: rockchip: fix ir-receiver node names (git-fixes).
- arm: dts: rockchip: remove clock-frequency from rtc (git-fixes).
- arm: dts: rockchip: fix node name for hym8563 rtc (git-fixes).
- arm64: dts: rockchip: keep I2S1 disabled for GPIO function on
  ROCK Pi 4 series (git-fixes).
- ARM: 9251/1: perf: Fix stacktraces for tracepoint events in
  THUMB2 kernels (git-fixes).
- commit 0882612
- Move upstreamed patches into sorted section
- commit 407fb87
- Update
  patches.kabi/usb.h-struct-usb_device-hide-new-member.patch
  (git-fixes bsc#1206664 CVE-2022-4662).
- Update
  patches.suse/USB-core-Prevent-nested-device-reset-calls.patch
  (git-fixes bsc#1206664 CVE-2022-4662).
- commit 3b17120
- Update patch reference for mali drm fix (CVE-2022-3115 bsc#1206393)
- commit 92552e2
- Update patch reference for wilc1000 fix (CVE-2022-47520 bsc#1206515)
- commit 9822092
- kabi/severities: ignore kABI change for meson driver fix (CVE-2022-3112 bsc#1206399)
- commit d487c3e
- media: meson: vdec: potential dereference of null pointer
  (CVE-2022-3112 bsc#1206399).
- commit 9d391c5
- usb: dwc3: qcom: fix runtime PM wakeup (git-fixes).
- commit e80a310
- Update patch reference for BT fix (CVE-2022-3564 bsc#1206073)
- commit 6efc048
- usb: dwc3: fix PHY disable sequence (git-fixes).
- commit 7228f51
- blacklist.conf: cleanup that depends on the new feature of support for scatter/gather in uvc gadgets
- commit 0558392
- blacklist.conf: cleanup that depends on the new feature of support for
  scatter/gather in uvc gadgets
- commit 788ee91
- blacklist.conf: cleanup breaking kABI
- commit e89eed6
- blacklist.conf: cleanup designed to break kABI
- commit 8110223
- net: usb: smsc95xx: fix external PHY reset (git-fixes).
- commit d0d567a
- scsi: iscsi: kabi: add iscsi_conn_queue_work back (git-fixes).
- commit ed33fcf
- sbitmap: fix lockup while swapping (bsc#1206602).
- commit dc64fbc
- vsock: Enable y2038 safe timeval for timeout (bsc#1206101).
- vsock: Refactor vsock_*_getsockopt to resemble sock_getsockopt
  (bsc#1206101).
- commit e791efd
- net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
- commit 4371191
- blacklist.conf: misattributed
- commit e5b755e
- rtc: pcf85063: Fix reading alarm (git-fixes).
- commit 424b0c4
- rtc: pcf85063: fix pcf85063_clkout_control (gut-fixes).
- commit 6c3ba9b
- rtc: ds1347: fix value written to century register (git-fixes).
- commit c64b579
- net/mlx5: Fix mlx5_get_next_dev() peer device matching
  (bsc#1206536).
- net/mlx5: Lag, filter non compatible devices (bsc#1206536).
- commit 7f6b5b4
- blacklist.conf: duplicate
- commit 302a460
- blacklist.conf: misattributed in upstream, fixes a feature we lack
- commit fca7a76
- tracing/doc: Fix typos on the timerlat tracer documentation
  (git-fixes).
- commit f1f58a1
- MAINTAINERS: update arm,vic.yaml reference (git-fixes).
- commit 60bf131
- MAINTAINERS: fix update references to stm32 audio bindings
  (git-fixes).
- commit 5fab9fb
- blacklist.conf: breaks kABI, not important in our configurations
- commit 93e7ee0
- MAINTAINERS: update gpio-zynq.yaml reference (git-fixes).
- commit ced834d
- MAINTAINERS: update arm,pl353-smc.yaml reference (git-fixes).
- commit 62c9d5b
- efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes).
- commit 3bcf3ad
- NFSD: fix use-after-free in __nfs42_ssc_open() (bsc#1206209
  CVE-2022-4379).
- commit 42200b2
- Update
  patches.suse/drm-amdkfd-Check-for-null-pointer-after-calling-kmem.patch
  (CVE-2022-3108 bsc#1206389 git-fixes).
- commit cc09cbc
- lkdtm/bugs: Check for the NULL pointer after calling kmalloc
  (CVE-2022-3104 bsc#1206396).
- commit 5144632
- Update
  patches.suse/media-mtk-vcodec-potential-dereference-of-null-point.patch
  (CVE-2022-3113 bsc#1206390 git-fixes).
- commit 3cbcfe5
- Update
  patches.suse/msft-hv-2553-hv_netvsc-Add-check-for-kvmalloc_array.patch
  (CVE-2022-3107 bsc#1206395 git-fixes).
- commit 74c81de
- Update
  patches.suse/power-supply-wm8350-power-Add-missing-free-in-free_c.patch
  (CVE-2022-3111 bsc#1206394 git-fixes).
- commit 3e68171
- Update
  patches.suse/RDMA-uverbs-Check-for-null-return-of-kmalloc_array.patch
  (jsc#SLE-19249 bsc#1206398 CVE-2022-3105).
- commit 1d5d55f
- Update
  patches.suse/sfc_ef100-potential-dereference-of-null-pointer.patch
  (git-fixes bsc#1206397 CVE-2022-3106).
  Added CVE reference
- commit 7a802f9
- Update
  patches.suse/msft-hv-2684-net-mana-Fix-race-on-per-CQ-variable-napi-work_done.patch
  (git-fixes bsc#1206188).
  Added bugzilla reference
- commit 495320f
- padata: Fix list iterator in padata_do_serial() (git-fixes).
- commit 7ce0fe3
- HID: usbhid: Add ALWAYS_POLL quirk for some mice (git-fixes).
- commit 43731f8
- restore m_can_lec_type (git-fixes).
- commit 785d940
- can: m_can: is_lec_err(): clean up LEC error handling
  (git-fixes).
- commit c7997f5
- can: m_can: fix typo prescalar -> prescaler (git-fixes).
- commit b0ef074
- can: do not increase rx_bytes statistics for RTR frames
  (git-fixes).
- commit 5858150
- can: do not increase rx statistics when generating a CAN rx
  error message frame (git-fixes).
- Refresh
  patches.suse/can-kvaser_usb_hydra-do-not-report-txerr-and-rxerr-d.patch.
- Refresh
  patches.suse/can-kvaser_usb_leaf-do-not-report-txerr-and-rxerr-du.patch.
- Refresh
  patches.suse/can-pch_can-do-not-report-txerr-and-rxerr-during-bus.patch.
- commit db678c8
- Update patches.suse/clk-imx-Add-check-for-kcalloc.patch
  (CVE-2022-3114 bsc#1206391 git-fixes).
- commit 064b31b
- kABI: reintroduce a non-inline usleep_range (git-fixes).
- commit 21c3a5e
- units: add the HZ macros (git-fixes).
- commit 3f20d38
- units: Add SI metric prefix definitions (git-fixes).
- commit de9d9f3
- can: kvaser_usb: make use of units.h in assignment of frequency
  (git-fixes).
- commit 595fe30
- dt-bindings: clocks: imx8mp: Add ID for usb suspend clock
  (git-fixes).
- commit c4d1409
- module: change to print useful messages from
  elf_validity_check() (git-fixes).
- commit cc1513a
- module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes).
- commit f0db1f3
- blacklist.conf: module loader cleanup, not a bug fix
- commit 143fbeb
- tracing: Free buffers when a used dynamic event is removed
  (git-fixes).
- commit f5bb197
- tracing: Add tracing_reset_all_online_cpus_unlocked() function
  (git-fixes).
- commit 1bf2379
- tracing/osnoise: Fix duration type (git-fixes).
- commit e223ebb
- timers: implement usleep_idle_range() (git-fixes).
- commit 8d5d397
- ext4: avoid BUG_ON when creating xattrs (bsc#1205496).
- commit 99b40af
- rtmutex: Add acquire semantics for rtmutex lock acquisition
  slow path (bnc#1203829).
- commit f0851ea
- memcg: Fix possible use-after-free in
  memcg_write_event_control() (bsc#1206344).
- commit bb70275
- net: mana: Fix race on per-CQ variable napi work_done
  (git-fixes).
- commit 82dd88a
- s390/boot: add secure boot trailer (bsc#1205257 LTC#200451).
- commit 9fd2fd0
- blacklist.conf: Append 'drm/vc4: hvs: Reset muxes at probe time'
- commit 7d65cb6
- random: convert to using fops->write_iter() (bsc#1204911).
- commit a7bff26
- random: zero buffer after reading entropy from userspace
  (bsc#1204911).
- commit 3217a87
- random: allow partial reads if later user copies fail
  (bsc#1204911).
- commit 9005c8f
- random: check for signals every PAGE_SIZE chunk of /dev/random
  (bsc#1204911).
- commit 19aa9ae
- random: convert to using fops->read_iter() (bsc#1204911).
- commit 10d2455
- random: remove outdated INT_MAX >> 6 check in urandom_read()
  (bsc#1204911).
- commit 485f330
- Drop FIPS mode DRBG->getrandom(2) wire-up (bsc#1191259)
- Delete
  patches.suse/0001-char-random-wire-up-userspace-interface-to-SP800-90B.patch.
- Delete
  patches.suse/0002-char-random-reinstantiate-DRBGs-once-optimized-sha51.patch.
- commit 84d63aa
- SCSI: iscsi: kabi: fix libiscsi new field (git-fixes).
- scsi: iscsi: Fix possible memory leak when device_register()
  failed (git-fixes).
- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
  (git-fixes).
- scsi: scsi_debug: Make the READ CAPACITY response compliant
  with ZBC (git-fixes).
- scsi: core: Restrict legal sdev_state transitions via sysfs
  (git-fixes).
- scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling
  getpeername() (git-fixes).
- scsi: 3w-9xxx: Avoid disabling device if failing to enable it
  (git-fixes).
- scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes).
- scsi: megaraid_sas: Fix double kfree() (git-fixes).
- scsi: iscsi: Run recv path from workqueue (git-fixes).
- scsi: iscsi: Add recv workqueue helpers (git-fixes).
- scsi: iscsi: Rename iscsi_conn_queue_work() (git-fixes).
- scsi: hisi_sas: Limit max hw sectors for v3 HW (git-fixes).
- scsi: pmcraid: Fix missing resource cleanup in error case
  (git-fixes).
- scsi: ipr: Fix missing/incorrect resource cleanup in error case
  (git-fixes).
- scsi: mpt3sas: Fix out-of-bounds compiler warning (git-fixes).
- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
- scsi: myrb: Fix up null pointer access on myrb_cleanup()
  (git-fixes).
- scsi: ufs: Use pm_runtime_resume_and_get() instead of
  pm_runtime_get_sync() (git-fixes).
- scsi: megaraid: Fix error check return value of
  register_chrdev() (git-fixes).
- scsi: iscsi: Fix harmless double shift bug (git-fixes).
- scsi: scsi_dh_alua: Properly handle the ALUA transitioning state
  (git-fixes).
- commit 49caf69
- fuse: lock inode unconditionally in fuse_fallocate()
  (bsc#1206273).
- commit f576f6c
- blacklist.conf: added 80019f113832 ("/fuse: always initialize sb->s_fs_info"/)
- commit dda205a
- fbdev: smscufx: Fix several use-after-free bugs (git-fixes).
- commit a097aee
- Refresh
  patches.suse/fbdev-smscufx-Fix-use-after-free-in-ufx_ops_open.patch.
  Update metadata (Git-commit and Patch-mainline).
- commit 8f64db0
- scsi: iscsi: Merge suspend fields (git-fixes).
- Refresh
  patches.suse/scsi-iscsi-Fix-NOP-handling-during-conn-recovery.patch.
- commit 0f7d01e
- scsi: megaraid_sas: Target with invalid LUN ID is deleted
  during scan (git-fixes).
- scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
- scsi: mpt3sas: Fail reset operation if config request timed out
  (git-fixes).
- scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map()
  (git-fixes).
- scsi: libfc: Fix use after free in fc_exch_abts_resp()
  (git-fixes).
- scsi: hisi_sas: Free irq vectors in order for v3 HW (git-fixes).
- scsi: aha152x: Fix aha152x_setup() __setup handler return value
  (git-fixes).
- scsi: pm8001: Fix memory leak in
  pm8001_chip_fw_flash_update_req() (git-fixes).
- scsi: pm8001: Fix tag leaks on error (git-fixes).
- scsi: pm8001: Fix task leak in pm8001_send_abort_all()
  (git-fixes).
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
- scsi: pm8001: Fix pm80xx_pci_mem_copy() interface (git-fixes).
- scsi: mpi3mr: Fix memory leaks (git-fixes).
- scsi: mpi3mr: Fix reporting of actual data transfer size
  (git-fixes).
- scsi: smartpqi: Fix kdump issue when controller is locked up
  (git-fixes).
- scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task
  (git-fixes).
- scsi: pm8001: Fix use-after-free for aborted TMF sas_task
  (git-fixes).
- scsi: core: Reallocate device's budget map on queue depth change
  (git-fixes).
- scsi: pm80xx: Fix double completion for SATA devices
  (git-fixes).
- scsi: myrs: Fix crash in error case (git-fixes).
- scsi: ufs: Treat link loss as fatal error (git-fixes).
- scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode()
  (git-fixes).
- scsi: pm8001: Fix bogus FW crash for maxcpus=1 (git-fixes).
- scsi: qedf: Change context reset messages to ratelimited
  (git-fixes).
- scsi: qedf: Fix refcount issue when LOGO is received during TMF
  (git-fixes).
- scsi: qedf: Add stag_work to all the vports (git-fixes).
- scsi: ufs: ufshcd-pltfrm: Check the return value of
  devm_kstrdup() (git-fixes).
- scsi: mpi3mr: Fixes around reply request queues (git-fixes).
- scsi: sr: Don't use GFP_DMA (git-fixes).
- scsi: ufs: Fix a kernel crash during shutdown (git-fixes).
- commit b966a92
- ext4: Fixup pages without buffers (bsc#1205495).
- commit 31c03d6
- scsi: libiscsi: Fix UAF in
  iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).
- Refresh
  patches.suse/scsi-libiscsi-Teardown-iscsi_cls_conn-gracefully.patch.
- commit c3c0393
- scsi: iscsi: Unblock session then wake up error handler
  (git-fixes).
- scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()
  (git-fixes).
- scsi: scsi_debug: Fix out-of-bound read in resp_readcap16()
  (git-fixes).
- scsi: advansys: Fix kernel pointer leak (git-fixes).
- commit 82fa2c6
- scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match
  the definition (git-fixes).
- Refresh
  patches.suse/scsi-ufs-core-Stop-clearing-UNIT-ATTENTIONS.
- commit 0c849f9
- scsi: core: Fix scsi_mode_sense() buffer length handling
  (git-fixes).
- scsi: pm80xx: Fix memory leak during rmmod (git-fixes).
- scsi: hisi_sas: Use managed PCI functions (git-fixes).
- scsi: ncr53c8xx: Remove unused retrieve_from_waiting_list()
  function (git-fixes).
- commit 5431fc1
- blacklist.conf: add git-fixes to be blacklisted
- commit cbba3af
- mm/memory.c: fix race when faulting a device private page
  (CVE-2022-3523, bsc#1204363).
  nouveau: fix migrate_to_ram() for faulting page (CVE-2022-3523,
  bsc#1204363).
  mm/memory: return vm_fault_t result from migrate_to_ram()
  callback (CVE-2022-3523, bsc#1204363).
  kabi: workaround for migrate_vma.fault_page (CVE-2022-3523,
  bsc#1204363).
- commit 14f6a2f
- block: Do not reread partition table on exclusively open device
  (bsc#1190969).
- commit e522e07
- config: arm64: Fix Freescale LPUART dependency (boo#1204063)
  Commit 8d7f37c61a07 inserted CONFIG_SERIAL_FSL_LPUART_CONSOLE=y
  but forgot to change CONFIG_SERIAL_FSL_LPUART=m to =y as dependency,
  as the upstream Kconfig appears to be missing it for this driver.
- commit c1cdcc5
- netfilter: nfnetlink_osf: fix possible bogus match in
  nf_osf_find() (bsc#1204614).
- commit aa8c5d3
- kabi/severities: add mlx5 internal symbols
- commit cbdf7d1
- x86: link vdso and boot with -z noexecstack
  - -no-warn-rwx-segments (bsc#1203200).
- Makefile: link with -z noexecstack --no-warn-rwx-segments
  (bsc#1203200).
- commit dc30142
kexec-tools
- kexec-tools-ppc64-remove-rma_top-limit.patch: remove ram_top
  restriction (bsc#1203410)
ldb
- Remove no longer needed ldb-memory-bug-15096-4.15-ldbonly.patch
- Add cve-2023-0614.patch: Address CVE-2023-0614
- CVE-2023-0614: samba: Access controlled AD LDAP attributes can be
  discovered; (bsc#1209485); (bso#15270);
- Update to version 2.4.4
  + CVE-2022-32746 ldb: db: Use-after-free occurring in
    database audit logging module; (bso#15009); (bsc#1201490).
  + CVE-2022-32746: samba: ldb: Use-after-free occurring in
    database audit logging module; (bso#15009); (bsc#1201490).
less
- Apply "/cve-2022-46663.patch"/ to fix a vulnerability in less that
  could be exploited for denial-of-service attacks or even remote
  code execution by printing specially crafted escape sequences to
  the terminal. [CVE-2022-46663, bsc#1207815]
libX11
- U_Don-t-try-to-destroy-NULL-condition-variables.patch
  * fixes regression introduced with security update for
    CVE-2022-3555 (bsc#1204425, bsc#1208881)
libgcrypt
- FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925]
  * Add libgcrypt-FIPS-ECC-PCT-Add-transition-to-error.patch
- FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924]
  * Add libgcrypt-FIPS-ECC-disallow-skip-test.patch
- FIPS: PBKDF2: Add additional checks for the minimum key length,
  salt length, iteration count and passphrase length to the kdf
  fips indicator in _gcry_fips_indicator_kdf() [bsc#1208926]
  * Add libgcrypt-FIPS-pkdf2-Additional-checks.patch
libsolv
- fix "/keep installed"/ jobs not disabling "/best update"/ rules
- do not autouninstall suse ptf packages
- ensure duplinvolvedmap_all is reset when a solver is reused
- special case file dependencies in the testcase writer
- support stringification of multiple solvables
- new weakdep introspection interface similar to ruleinfos
- support decision reason queries
- support merging of related decissions
- support stringification of ruleinfo, decisioninfo and decision reasons
- support better info about alternatives
- new '-P' and '-W' options for testsolv
- bump version to 0.7.23
libxslt
- Security Fix: [bsc#1208574, CVE-2021-30560]
  * Use after free in Blink XSLT
  * Add libxslt-CVE-2021-30560.patch
libzypp
- ProgressData: enforce reporting the INIT||END state
  (bsc#1206949)
- ps: fix service detection on newer Tumbleweed systems
  (bsc#1205636)
- version 17.31.8 (22)
- Hint to "/zypper removeptf"/ to remove PTFs.
- Removing a PTF without enabled repos should always fail
  (bsc#1203248)
  Without enabled repos, the dependent PTF-packages would be
  removed (not replaced!) as well. To remove a PTF "/zypper install
  - - -PTF"/ or a dedicated "/zypper removeptf PTF"/ should be used.
  This will update the installed PTF packages to theit latest
  version.
- version 17.31.7 (22)
- Avoid calling getsockopt when we know the info already.
  This patch hopefully fixes logging on WSL, getsockopt seems to
  not be fully supported but the code required it when accepting
  new socket connections. (for bsc#1178233)
- Enhance yaml-cpp detection (fixes #428)
- No need to redirect 'history.logfile=/dev/null' into the target.
- MultiCurl: Make sure to reset the progress function when
  falling back.
- version 17.31.6 (22)
- Create '.no_auto_prune' in the package cache dir to prevent auto
  cleanup of orphaned repositories (bsc#1204956)
- properly reset range requests (bsc#1204548)
- version 17.31.5 (22)
- Do not clean up MediaSetAccess before using the geoip file
  (fixes #424)
- version 17.31.4 (22)
- Improve download of optional files (fixes #416)
- Do not use geoip rewrites if the repo has explicit country
  settings.
- Implement geoIP feature for zypp.
  This patch adds a feature to rewrite request URLs to the repo
  servers by querying a geoIP file from download.opensuse.org. This
  file can return a redirection target depending on the clients IP
  adress, this way we can directly contact a local mirror of d.o.o
  instead. The redir target stays valid for 24hrs.
  This feature can be disabled in zypp.conf by setting
  'download.use_geoip_mirror = false'.
- Use a dynamic fallback for BLKSIZE in downloads.
  When not receiving a blocklist via metalink file from the server
  MediaMultiCurl used to fallback to a fixed, relatively small
  BLKSIZE. This patch changes the fallback into a dynamic value
  based on the filesize using a similar metric as the MirrorCache
  implementation on the server side.
- Skip media.1/media download for http repo status calc.
  This patch allows zypp to skip a extra media.1/media download to
  calculate if a repository needs to be refreshed. This
  optimisation only takes place if the repo does specify only
  downloading base urls.
- version 17.31.3 (22)
mozilla-nss
- update to NSS 3.79.4 (bsc#1208138)
  * Bug 1804640 - improve handling of unknown PKCS#12 safe bag types.
    (CVE-2023-0767)
- Add upstream patch nss-fix-bmo1774654.patch to fix CVE-2022-3479
  (bsc#1204272)
- update to NSS 3.79.3 (bsc#1207038)
  * Bug 1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
    CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates
    (CVE-2022-23491)
nfs-utils
- Rename all drop-in options.conf files as 10-options.conf
  This makes it easier for other packages to over-ride
  with a drop-in with a later sequence number.
  resource-agents does this.
  (bsc#1207843)
- 0026-modprobe-avoid-error-messages-if-sbin-sysctl-fail.patch
  Avoid modprobe errors when sysctl is not installed.
  (bsc#1200710 bsc#1207022 bsc#1206781)
- 0027-nfsd-allow-server-scope-to-be-set-with-config-or-com.patch
  Add "/-S scope"/ option to rpc.nfsd to simplify fail-over cluster
  config.
  (bsc#1203746)
openssl-1_1
- Security Fix: [CVE-2023-0464, bsc#1209624]
  * Excessive Resource Usage Verifying X.509 Policy Constraints
  * Add openssl-CVE-2023-0464.patch
FIPS: Service-level indicator [bsc#1208998]
  * Add additional check required by FIPS 140-3. Minimum values for
    PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for
    iteration count and 20 characters for password.
  * Add openssl-1_1-ossl-sli-008-pbkdf2-salt_pass_iteration.patch
- FIPS: Serialize jitterentropy calls [bsc#1207994]
  * Add openssl-1_1-serialize-jitterentropy-calls.patch
- Security Fix: [bsc#1207533, CVE-2023-0286]
  * Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp
    for x400Address
  * Add openssl-CVE-2023-0286.patch
- Security Fix: [bsc#1207536, CVE-2023-0215]
  * Use-after-free following BIO_new_NDEF()
  * Add patches:
  - openssl-CVE-2023-0215-1of4.patch
  - openssl-CVE-2023-0215-2of4.patch
  - openssl-CVE-2023-0215-3of4.patch
  - openssl-CVE-2023-0215-4of4.patch
- Security Fix: [bsc#1207538, CVE-2022-4450]
  * Double free after calling PEM_read_bio_ex()
  * Add patches:
  - openssl-CVE-2022-4450-1of2.patch
  - openssl-CVE-2022-4450-2of2.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
  * Timing Oracle in RSA Decryption
  * Add patches:
  - openssl-CVE-2022-4304-1of2.patch
  - openssl-CVE-2022-4304-2of2.patch
- FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182]
  * Add openssl-fips-DH-Pair-wise-Consistency.patch
patterns-base
- removed openssl1_0_0, it is not certifed in SLES 15 (bsc#1209108)
- change FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537)
procps
- Extend patch procps-3.3.17-library-bsc1181475.patch (bsc#1206412)
- Make sure that correct library version is installed (bsc#1206412)
python-PyJWT
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Drop CVE-2022-29217-non-blocked-pubkeys.patch since the issue
  was fixed upstream in version 2.4.0
- Update to 2.4.0 (CVE-2022-29217 boo#1199756)
  - Security
  - [CVE-2022-29217] Prevent key confusion through
    non-blocklisted public key formats. GHSA-ffqj-6fqr-9h24
  - Other changes:
  - Explicit check the key for ECAlgorithm by @estin in
    https://github.com/jpadilla/pyjwt/pull/713
  - Raise DeprecationWarning for jwt.decode(verify=...) by @akx
    in https://github.com/jpadilla/pyjwt/pull/742
  - Don't use implicit optionals by @rekyungmin in
    https://github.com/jpadilla/pyjwt/pull/705
  - documentation fix: show correct scope for decode_complete()
    by @sseering in https://github.com/jpadilla/pyjwt/pull/661
  - fix: Update copyright information by @kkirsche in
    https://github.com/jpadilla/pyjwt/pull/729
  - Don't mutate options dictionary in .decode_complete() by @akx
    in https://github.com/jpadilla/pyjwt/pull/743
  - Add support for Python 3.10 by @hugovk in
    https://github.com/jpadilla/pyjwt/pull/699
  - api_jwk: Add PyJWKSet.__getitem__ by @woodruffw in
    https://github.com/jpadilla/pyjwt/pull/725
  - Update usage.rst by @guneybilen in
    https://github.com/jpadilla/pyjwt/pull/727
  - Docs: mention performance reasons for reusing RSAPrivateKey
    when encoding by @dmahr1 in
    https://github.com/jpadilla/pyjwt/pull/734
  - Fixed typo in usage.rst by @israelabraham in
    https://github.com/jpadilla/pyjwt/pull/738
  - Add detached payload support for JWS encoding and decoding by
    @fviard in https://github.com/jpadilla/pyjwt/pull/723
  - Replace various string interpolations with f-strings by @akx
    in https://github.com/jpadilla/pyjwt/pull/744
- Update to 2.3.0
  * Revert "/Remove arbitrary kwargs."/ (#701)
  * Add exception chaining (#702)
- from version 2.2.0
  * Remove arbitrary kwargs. (#657)
  * Use timezone package as Python 3.5+ is required. (#694)
  * Assume JWK without the "/use"/ claim is valid for signing
    as per RFC7517 (#668)
  * Prefer `headers["/alg"/]` to `algorithm` in `jwt.encode()`. (#673)
  * Fix aud validation to support {'aud': null} case. (#670)
  * Make `typ` optional in JWT to be compliant with RFC7519. (#644)
  * Remove upper bound on cryptography version. (#693)
  * Add support for Ed448/EdDSA. (#675)
- update to 2.1.0:
  - Allow claims validation without making JWT signature validation mandatory. `
  - Remove padding from JWK test data. `
  - Make `kty` mandatory in JWK to be compliant with RFC7517. `
  - Allow JWK without `alg` to be compliant with RFC7517. `
  - Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. `
  - Add caching by default to PyJWKClient `
  - Add missing exceptions.InvalidKeyError to jwt module __init__ imports `
  - Add support for ES256K algorithm `
  - Add `from_jwk()` to Ed25519Algorithm `
  - Add `to_jwk()` to Ed25519Algorithm `
  - Export `PyJWK` and `PyJWKSet`
- Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
- update to 2.0.1:
  * Drop support for Python 2 and Python 3.0-3.5
  * Require cryptography >= 3
  * Drop support for PyCrypto and ECDSA
  * Drop CLI
  * Improve typings
  * Dropped deprecated errors
  * Dropped deprecated ``verify_expiration`` param in ``jwt.decode(...)``
  * Dropped deprecated ``verify`` param in ``jwt.decode(...)``
  * Require explicit ``algorithms`` in ``jwt.decode(...)`` by default
  * Dropped deprecated ``require_*`` options in ``jwt.decode(...)``
  * Introduce better experience for JWKs
  * further details see included CHANGELOG.rst
- drop 0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch (obsolete)
python-certifi
- remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle
  certs (bsc#1206212 CVE-2022-23491)
  - TrustCor RootCert CA-1
  - TrustCor RootCert CA-2
  - TrustCor ECA-1
- Add removeTrustCor.patch
python-cryptography
- Add patch CVE-2023-23931-dont-allow-update-into.patch (bsc#1208036, CVE-2023-23931)
  * Don't allow update_into to mutate immutable objects
python-py
- Remove all traces of py._path.svn{url,wc}. (bsc#1204364, CVE-2022-42969)
- Add patch remove-svn-remants.patch to help with that goal.
- Refresh pr_222.patch as needed for above.
python-setuptools
- Add CVE-2022-40897-ReDos.patch to fix Regular Expression Denial of Service
  (ReDoS) in package_index.py.
  bsc#1206667
python3
- Add bpo-44434-libgcc_s-for-pthread_cancel.patch
  which eliminates unnecessary and dangerous calls to
  PyThread_exit_thread() (bsc#1203355).
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
  bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters
- Add bpo27321-email-no-replace-header.patch to stop
  email.generator.py from replacing a non-existent header
  (bsc#1208443, gh#python/cpython#71508).
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
  CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.
release-notes-sles
- 15.4.20221130 (tracked in bsc#933411)
- Added note about Minimal-VM with cloud-init (jsc#SLE-7254)
- Added link to PHP7 deprecation note (bsc#1205484)
- Added note about SUSEConnect license handling (jsc#CSD-100)
- Added note about debuginfod packages (jsc#SLE-17951)
- Added note about p11-kit-server (jsc#SLE-18495)
- Added note about Windows Terminal shortcuts in WSL (jsc#SLE-20406)
- Added note about fail2ban (jsc#SLE-11611)
- Added note about cryptsetup 2.4.3 (jsc#SLE-20275)
- Added note about SLE 11 migration being unsupported (jsc#SLE-20518)
- Added note about DFS share failover (jsc#SLE-20043)
- Added note about prometheus 2.32.1 (jsc#SLE-23458)
salt
- Fix problem with detecting PTF packages (bsc#1208691)
- Added:
  * skip-package-names-without-colon-bsc-1208691-578.patch
- Fixes pkg.version_cmp on openEuler systems and a few other OS flavors
- Make pkg.remove function from zypperpkg module to handle also PTF packages
- Added:
  * 3004-implement-zypper-removeptf-574.patch
  * fixes-pkg.version_cmp-on-openeuler-systems-and-a-few.patch
- Control the collection of lvm grains via config (bsc#1204939)
- Added:
  * control-the-collection-of-lvm-grains-via-config.patch
samba
- CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords
  in cleartext; (bso#15315); (bsc#1209481).
- CVE-2023-0225: Samba AD DC "/dnsHostname"/ attribute can be
  deleted by unprivileged authenticated users; (bso#15276);
  (bsc#1209483).
- CVE-2023-0614: samba: Access controlled AD LDAP attributes can
  be discovered; (bso#15270); (bsc#1209485).
- Prevent use after free of messaging_ctdb_fde_ev structs;
  (bso#15293); (bsc#1207416).
- CVE-2022-38023 Additional patches for the PDC role's netlogon
  server; (bso#15240); (bsc#1206504);
- CVE-2021-20251: samba: Bad password count not incremented
  atomically; (bso#14611); (bsc#1206546).
- Update to 4.15.13
  * CVE-2022-37966 rc4-hmac Kerberos session keys issued to
    modern servers; (bso#15237); (bsc#1205385);
  * CVE-2022-37967 Kerberos constrained delegation ticket forgery
    possible against Samba AD DC; (bso#15231); (bsc#1205386);
  * CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
    and should be avoided; (bso#15240); (bsc#1206504);
  * filter-subunit is inefficient with large numbers of
    knownfails; (bso#15258);
  * The KDC logic arround msDs-supportedEncryptionTypes differs
    from Windows; (bso#13135);
  * Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue;
    (bso#15197);
- Adjust the systemd drop-in file for named service; (bsc#1201689);
  * Paths are additive so do not repeat paths from named.service
  * Prefix the samba DLZ directory with "/-"/ to ignore this path
    if it does not exists
- Install a systemd drop-in file for named service to allow
  read/write access to the DLZ directory; (bsc#1201689);
- Update to 4.15.12
  * CVE-2022-42898: samba: heimdal: Samba buffer overflow
    vulnerabilities on 32-bit systems; (bso#15203); (bsc#1205126).
- Update to 4.15.11
  * Allow rebuild of Centos 8 images after move to vault for
    Samba 4.15; (bso#15193).
  * CVE-2022-3437: samba: Buffer overflow in Heimdal unwrap_des3();
    (bso#15134); (bsc#1204254)
- Update to 4.15.10
  * Possible use after free of connection_struct when iterating
    smbd_server_connection->connections; (bso#15128);
    (bsc#1200102).
  * smbXsrv_connection_shutdown_send result leaked; (bso#15174).
  * Spotlight RPC service returns wrong response when Spotlight
    is disabled on a share; (bso#15086).
  * acl_xattr VFS module may unintentionally use filesystem
    permissions instead of ACL from xattr; (bso#15126).
  * Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1;
    (bso#15153).
  * assert failed: !is_named_stream(smb_fname)"/) at
    ../../lib/util/fault.c:197; (bso#15161).
  * Missing READ_LEASE break could cause data corruption;
    (bso#15148).
  * rpcclient can crash using setuserinfo(2); (bso#15124).
  * Samba fails to build with glibc 2.36 caused by including
    <sys/mount.h> in libreplace; (bso#15132).
  * SMB1 negotiation can fail to handle connection errors;
    (bso#15152).
  * samba-tool domain join segfault when joining a samba ad
    domain; (bso#15078).
- Update to 4.15.9
  * CVE-2022-32742:SMB1 code does not correct verify SMB1write,
    SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
    (bsc#1201496).
  * CVE-2022-32746: samba: Use-after-free occurring in database
    audit logging; (bso#15009); (bso#15096); (bsc#1201490).
  * CVE-2022-2031: samba, ldb: AD users can bypass certain
    restrictions associated with changing passwords; (bso#15047);
    (bsc#1201495);
  * CVE-2022-32745: samba: ldb: AD users can crash the server
    process with an LDAP add or modify request; (bso#15008);
    (bso#15096); (bsc#1201492).
  * CVE-2022-2031: samba, ldb: AD users can bypass certain
    restrictions associated with changing passwords; (bso#15047);
    (bsc#1201495);
  * CVE-2022-32744: samba, ldb: AD users can forge password change
    requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
scap-security-guide
- updated to 0.1.66 (jsc#ECO-3319)
   - Ubuntu 22.04 CIS
   - OL7 stig v2r9 update
   - Bump OL8 STIG version to V1R4
   - Update RHEL7 STIG to V3R10
   - Update RHEL8 STIG to V1R9
   - Introduce CIS RHEL9 profiles
- also various SUSE profile fixes were done
- updated to 0.1.65 (jsc#ECO-3319)
  - Introduce cui profile for OL9
  - Remove Support for OVAL 5.10
  - Rename account_passwords_pam_faillock_audit
  - CI ansible hardening and rename of existing Bash hardening
  - Update contributors list for v0.1.65 release
  - various SUSE profile specific fixes
- require sudo, as remediations touch sudo config or use sudo.
shim
- Updated shim signature after shim 15.7 be signed back:
  signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458)
- Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to
  disable the NX compatibility flag when using post-process-pe because
  grub2 is not ready. (bsc#1205588)
  - Kernel can boot with the NX compatibility flag since 82e0d6d76a2a7
    be merged to v5.19. On the other hand, upstream is working on
    improve compressed kernel stage for NX:
    [PATCH v3 00/24] x86_64: Improvements at compressed kernel stage
    https://www.spinics.net/lists/kernel/msg4599636.html
- Add shim-Enable-the-NX-compatibility-flag-by-default.patch to
  enable the NX compatibility flag by default. (jsc#PED-127)
- Drop upstreamed patch:
  - shim-Enable-TDX-measurement-to-RTMR-register.patch
  - Enable TDX measurement to RTMR register (jsc#PED-1273)
  - 4fd484e4c2	15.7
- Update to 15.7 (bsc#1198458)(jsc#PED-127)
  - Patches (git log --oneline --reverse 15.6..15.7)
  0eb07e1 Make SBAT variable payload introspectable
  092c2b2 Reference MokListRT instead of MokList
  8b59b69 Add a link to the test plan in the readme.
  4fd484e Enable TDX measurement to RTMR register
  14d6339 Discard load-options that start with a NUL
  5c537b3 shim: Flush the memory region from i-cache before execution
  2d4ebb5 load_cert_file: Fix stack issue
  ea4911c load_cert_file: Use EFI RT memory function
  0cf43ac Add -malign-double to IA32 compiler flags
  17f0233 pe: Fix image section entry-point validation
  5169769 make-archive: Build reproducible tarball
  aa1b289 mok: remove MokListTrusted from PCR 7
  53509ea CryptoPkg/BaseCryptLib: fix NULL dereference
  616c566 More coverity modeling
  ea0d0a5 Update shim's .sbat to sbat,3
  dd8be98 Bump grub's sbat requirement to grub,3
  1149161 (HEAD -> main, tag: 15.7, origin/main, origin/HEAD) Update version to 15.7
  - 15.7 release note https://github.com/rhboot/shim/releases
  Make SBAT variable payload introspectable by @chrisccoulson in #483
  Reference MokListRT instead of MokList by @esnowberg in #488
  Add a link to the test plan in the readme. by @vathpela in #494
  [V3] Enable TDX measurement to RTMR register by @kenplusplus in #485
  Discard load-options that start with a NUL by @frozencemetery in #505
  load_cert_file bugs by @esnowberg in #523
  Add -malign-double to IA32 compiler flags by @nicholasbishop in #516
  pe: Fix image section entry-point validation by @iokomin in #518
  make-archive: Build reproducible tarball by @julian-klode in #527
  mok: remove MokListTrusted from PCR 7 by @baloo in #519
  - Drop upstreamed patch:
  - shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch
  - Cryptlib/CryptAuthenticode: fix NULL pointer dereference in  AuthenticodeVerify()
  - 53509eaf22	15.7
  - shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch
  - For backporting the following patches between 15.6 with aa1b289a1a (jsc#PED-127)
  - The following patches are merged to 15.7
  aa1b289a1a mok: remove MokListTrusted from PCR 7
  0cf43ac6d7 Add -malign-double to IA32 compiler flags
  ea4911c2f3 load_cert_file: Use EFI RT memory function
  2d4ebb5a79 load_cert_file: Fix stack issue
  5c537b3d0c shim: Flush the memory region from i-cache before execution
  14d6339829 Discard load-options that start with a NUL
  092c2b2bbe Reference MokListRT instead of MokList
  0eb07e11b2 Make SBAT variable payload introspectable
- Update shim.changes, added missed shim 15.6-rc1 and 15.6 changelog to
  the item in Update to 15.6. (bsc#1198458)
- Add shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch for backporting the following
  patches between 15.6 with aa1b289a1a (jsc#PED-127):
    aa1b289a1a16774afc3143b8948d97261f0872d0 mok: remove MokListTrusted from PCR 7
    0cf43ac6d78c6f47f8b91210639ac1aa63665f0b Add -malign-double to IA32 compiler flags
    ea4911c2f3ce8f8f703a1476febac86bb16b00fd load_cert_file: Use EFI RT memory function
    2d4ebb5a798aafd3b06d2c3cb9c9840c1caa41ef load_cert_file: Fix stack issue
    5c537b3d0cf8c393dad2e61d49aade68f3af1401 shim: Flush the memory region from i-cache before execution
    14d63398298c8de23036a4cf61594108b7345863 Discard load-options that start with a NUL
    092c2b2bbed950727e41cf450b61c794881c33e7 Reference MokListRT instead of MokList
    0eb07e11b20680200d3ce9c5bc59299121a75388 Make SBAT variable payload introspectable
- Add shim-Enable-TDX-measurement-to-RTMR-register.patch to support
  enhance shim measurement to TD RTMR. (jsc#PED-1273)
- For pushing openSUSE:Factory/shim to SLE15-SP5, sync the shim.spec
  and shim.changes: (jsc#PED-127)
  - Add some change log from SLE shim.changes to Factory shim.changes
    Those messages are added "/(sync shim.changes from SLE)"/ tag.
  - Add the following changes to shim.spec
  - only apply Patch100, the shim-bsc1198101-opensuse-cert-prompt.patch
    on openSUSE.
  - Enable the AArch64 signature check for SLE:
  [#] AArch64 signature
  signature=%{SOURCE13}
- shim-install: ensure grub.cfg created is not overwritten after
  installing grub related files
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable.
  (bsc#1201066)
- Add logic to shim.spec for detecting --set-sbat-policy option before
  using mokutil to set sbat policy. (bsc#1202120)
- Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)
- Revoked the change in shim.spec for "/use common SBAT values (boo#1193282)"/
  - we need to build openSUSE Tumbleweed's shim on Leap 15.4 because Factory
    is unstable for building out a stable shim binary for signing. (bsc#1198458)
  - But the rpm-config-suse package in Leap 15.4 is direct copied from SLE 15.4
    because closing-the-leap-gap. So sbat_distro_* variables are SLE version,
    not for openSUSE. (bsc#1198458)
- Update to 15.6 (bsc#1198458)
  - shim-15.6.tar.bz2 is downloaded from bsc#1198458#c76
    which is from upstream grub2.cve_2021_3695.ms keybase channel.
  - For building 15.6~rc1 aarch64 image (d6eb9c6 Modernize aarch64), objcopy needs to
    support efi-app-aarch64 target. So we need the following patches in bintuils:
  - binutils-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch
    b69c9d41e8 AArch64: Add support for AArch64 EFI (efi-*-aarch64).
  - binutils-Re-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch
    32384aa396 Re: AArch64: Add support for AArch64 EFI (efi-*-aarch64)
  - binutils-Re-Add-support-for-AArch64-EFI-efi-aarch64.patch
    d91c67e873 Re: Add support for AArch64 EFI (efi-*-aarch64)
  - Patches (git log --oneline --reverse 15.5~..77144e5a4)
    448f096 MokManager: removed Locate graphic output protocol fail error message (bsc#1193315, bsc#1198458)
    a2da05f shim: implement SBAT verification for the shim_lock protocol
    bda03b8 post-process-pe: Fix a missing return code check
    af18810 CI: don't cancel testing when one fails
    ba580f9 CI: remove EOL Fedoras from github actions
    bfeb4b3 Remove aarch64 build tests before f35
    38cc646 CI: Add f36 and centos9 CI build tests.
    b5185cb post-process-pe: Fix format string warnings on 32-bit platforms
    31094e5 tests: also look for system headers in multi-arch directories
    4df989a mock-variables.c: fix gcc warning
    6aac595 test-str.c: fix gcc warnings with FORTIFY_SOURCE enabled
    2670c6a Allow MokListTrusted to be enabled by default
    5c44aaf Add code of conduct
    d6eb9c6 Modernize aarch64
    9af50c1 Use ASCII as fallback if Unicode Box Drawing characters fail
    de87985 make: don't treat cert.S specially
    803dc5c shim: use SHIM_DEVEL_VERBOSE when built in devel mode
    6402f1f SBAT matching: Break out of the inner sbat loop if we find the entry.
    bb4b60e Add verify_image
    acfd48f Abstract out image reading
    35d7378 Load additional certs from a signed binary
    8ce2832 post-process-pe: there is no 's' argument.
    465663e Add some missing PE image flag definitions
    226fee2 PE Loader: support and require NX
    df96f48 Add MokPolicy variable and MOK_POLICY_REQUIRE_NX
    b104fc4 post-process-pe: set EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT
    f81a7cc SBAT revocation management
    abe41ab make: unbreak scan-build again for gnu-efi
    610a1ac sbat.h: minor reformatting for legibility
    f28833f peimage.h: make our signature macros force the type
    5d789ca Always initialize data/datasize before calling read_image()
    a50d364 sbat policy: make our policy change actions symbolic
    5868789 load_certs: trust dir->Read() slightly less.
    a78673b mok.c: fix a trivial dead assignment
    759f061 Fix preserve_sbat_uefi_variable() logic
    aa61fdf Give the Coverity scanner some more GCC blinders...
    0214cd9 load_cert_file(): don't defererence NULL
    1eca363 mok import: handle OOM case
    75449bc sbat: Make nth_sbat_field() honor the size limit
    c0bcd04 shim-15.6~rc1
    77144e5 SBAT Policy latest should be a one-shot
  - 15.5 release note https://github.com/rhboot/shim/releases
  Broken ia32 relocs and an unimportant submodule change. by @vathpela in #357
  mok: allocate MOK config table as BootServicesData by @lcp in #361
  Don't call QueryVariableInfo() on EFI 1.10 machines by @vathpela in #364
  Relax the check for import_mok_state() by @lcp in #372
  SBAT.md: trivial changes by @hallyn in #389
  shim: another attempt to fix load options handling by @chrisccoulson in #379
  Add tests for our load options parsing. by @vathpela in #390
  arm/aa64: fix the size of .rela* sections by @lcp in #383
  mok: fix potential buffer overrun in import_mok_state by @jyong2 in #365
  mok: relax the maximum variable size check by @lcp in #369
  Don't unhook ExitBootServices when EBS protection is disabled by @sforshee in #378
  fallback: find_boot_option() needs to return the index for the boot entry in optnum by @jsetje in #396
  httpboot: Ignore case when checking HTTP headers by @frozencemetery in #403
  Fallback allocation errors by @vathpela in #402
  shim: avoid BOOTx64.EFI in message on other architectures by @xypron in #406
  str: remove duplicate parameter check by @xypron in #408
  fallback: add compile option FALLBACK_NONINTERACTIVE by @xnox in #359
  Test mok mirror by @vathpela in #394
  Modify sbat.md to help with readability. by @eshiman in #398
  csv: detect end of csv file correctly by @xypron in #404
  Specify that the .sbat section is ASCII not UTF-8 by @daxtens in #413
  tests: add "/include-fixed"/ GCC directory to include directories by @diabonas in #415
  pe: simplify generate_hash() by @xypron in #411
  Don't make shim abort when TPM log event fails (RHBZ #2002265) by @rmetrich in #414
  Fallback to default loader if parsed one does not exist by @julian-klode in #393
  fallback: Fix for BootOrder crash when index returned by find_boot_option() is not in current BootOrder list by @rmetrich in #422
  Better console checks by @vathpela in #416
  docs: update SBAT UEFI variable name by @nicholasbishop in #421
  Don't parse load options if invoked from removable media path by @julian-klode in #399
  fallback: fix fallback not passing arguments of the first boot option by @martinezjavier in #433
  shim: Don't stop forever at "/Secure Boot not enabled"/ notification by @rmetrich in #438
  Shim 15.5 coverity by @vathpela in #439
  Allocate mokvar table in runtime memory. by @vathpela in #447
  Remove post-process-pe on 'make clean' by @vathpela in #448
  pe: missing perror argument by @xypron in #443
  - 15.6-rc1 release note https://github.com/rhboot/shim/releases
  MokManager: removed Locate graphic output protocol fail error message by @joeyli in #441
  shim: implement SBAT verification for the shim_lock protocol by @chrisccoulson in #456
  post-process-pe: Fix a missing return code check by @vathpela in #462
  Update github actions matrix to be more useful by @frozencemetery in #469
  Add f36 and centos9 CI builds by @vathpela in #470
  post-process-pe: Fix format string warnings on 32-bit platforms by @steve-mcintyre in #464
  tests: also look for system headers in multi-arch directories by @steve-mcintyre in #466
  tests: fix gcc warnings by @akodanev in #463
  Allow MokListTrusted to be enabled by default by @esnowberg in #455
  Add code of conduct by @frozencemetery in #427
  Re-add ARM AArch64 support by @vathpela in #468
  Use ASCII as fallback if Unicode Box Drawing characters fail by @vathpela in #428
  make: don't treat cert.S specially by @vathpela in #475
  shim: use SHIM_DEVEL_VERBOSE when built in devel mode by @vathpela in #474
  Break out of the inner sbat loop if we find the entry. by @vathpela in #476
  Support loading additional certificates by @esnowberg in #446
  Add support for NX (W^X) mitigations. by @vathpela in #459
  Misc fixups from scan-build. by @vathpela in #477
  Fix preserve_sbat_uefi_variable() logic by @jsetje in #478
  - 15.6 release note https://github.com/rhboot/shim/releases
  MokManager: removed Locate graphic output protocol fail error message by @joeyli in #441
  shim: implement SBAT verification for the shim_lock protocol by @chrisccoulson in #456
  post-process-pe: Fix a missing return code check by @vathpela in #462
  Update github actions matrix to be more useful by @frozencemetery in #469
  Add f36 and centos9 CI builds by @vathpela in #470
  post-process-pe: Fix format string warnings on 32-bit platforms by @steve-mcintyre in #464
  tests: also look for system headers in multi-arch directories by @steve-mcintyre in #466
  tests: fix gcc warnings by @akodanev in #463
  Allow MokListTrusted to be enabled by default by @esnowberg in #455
  Add code of conduct by @frozencemetery in #427
  Re-add ARM AArch64 support by @vathpela in #468
  Use ASCII as fallback if Unicode Box Drawing characters fail by @vathpela in #428
  make: don't treat cert.S specially by @vathpela in #475
  shim: use SHIM_DEVEL_VERBOSE when built in devel mode by @vathpela in #474
  Break out of the inner sbat loop if we find the entry. by @vathpela in #476
  Support loading additional certificates by @esnowberg in #446
  Add support for NX (W^X) mitigations. by @vathpela in #459
  Misc fixups from scan-build. by @vathpela in #477
  Fix preserve_sbat_uefi_variable() logic by @jsetje in #478
  SBAT Policy latest should be a one-shot by @jsetje in #481
  pe: Fix a buffer overflow when SizeOfRawData > VirtualSize by @chriscoulson
  pe: Perform image verification earlier when loading grub by @chriscoulson
  Update advertised sbat generation number for shim by @jsetje
  Update SBAT generation requirements for 05/24/22 by @jsetje
  Also avoid CVE-2022-28737 in verify_image() by @vathpela
  - Drop upstreamed patch:
  - shim-bsc1184454-allocate-mok-config-table-BS.patch
  - Allocate MOK config table as BootServicesData to avoid the error message
  from linux kernel
  - 4068fd42c8		15.5-rc1~70
  - shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
  - Handle ignore_db and user_insecure_mode correctly
  - 822d07ad4f07		15.5-rc1~73
  - shim-bsc1185621-relax-max-var-sz-check.patch
  - Relax the maximum variable size check for u-boot
  - 3f327f546c219634b2	15.5-rc1~49
  - shim-bsc1185261-relax-import_mok_state-check.patch
  - Relax the check for import_mok_state() when Secure Boot is off
  - 9f973e4e95b113	15.5-rc1~67
  - shim-bsc1185232-relax-loadoptions-length-check.patch
  - Relax the check for the LoadOptions length
  - ada7ff69bd8a95	15.5-rc1~52
  - shim-fix-aa64-relsz.patch
  - Fix the size of rela* sections for AArch64
  - 34e3ef205c5d65	15.5-rc1~51
  - shim-bsc1187260-fix-efi-1.10-machines.patch
  - Don't call QueryVariableInfo() on EFI 1.10 machines
  - 493bd940e5		15.5-rc1~69
  - shim-bsc1185232-fix-config-table-copying.patch
  - Avoid buffer overflow when copying the MOK config table
  - 7501b6bb44		15.5-rc1~50
  - shim-bsc1187696-avoid-deleting-rt-variables.patch
  - Avoid deleting the mirrored RT variables
  - b1fead0f7c9		15.5-rc1~37
  - Add "/rm -f *.o"/ after building MokManager/fallback in shim.spec
    to make sure all object files gets rebuilt
  - reference: https://github.com/rhboot/shim/pull/461
- The following fix-CVE-2022-28737-v6 patches against bsc#1198458 are included
  in shim-15.6.tar.bz2
  - shim-bsc1198458-pe-Fix-a-buffer-overflow-when-SizeOfRawData-VirtualS.patch
    pe: Fix a buffer overflow when SizeOfRawData VirtualSize
  - shim-bsc1198458-pe-Perform-image-verification-earlier-when-loading-g.patch
    pe: Perform image verification earlier when loading grub
  - shim-bsc1198458-Update-advertised-sbat-generation-number-for-shim.patch
    Update advertised sbat generation number for shim
  - shim-bsc1198458-Update-SBAT-generation-requirements-for-05-24-22.patch
    Update SBAT generation requirements for 05/24/22
  - shim-bsc1198458-Also-avoid-CVE-2022-28737-in-verify_image.patch
    Also avoid CVE-2022-28737 in verify_image()
  - 0006-shim-15.6-rc2.patch
  - 0007-sbat-add-the-parsed-SBAT-variable-entries-to-the-deb.patch
    sbat: add the parsed SBAT variable entries to the debug log
  - 0008-bump-version-to-shim-15.6.patch
- Add mokutil command to post script for setting sbat policy to latest mode
  when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created.
  (bsc#1198458)
- Add shim-bsc1198101-opensuse-cert-prompt.patch back to openSUSE shim to
  show the prompt to ask whether the user trusts openSUSE certificate or not
  (bsc#1198101)
- Updated vendor dbx binary and script (bsc#1198458)
  - Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding
    SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
  - Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding
    openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
  - Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt
    and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment.
  - Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin
    file which includes all .der for testing environment.
- use common SBAT values (boo#1193282)
- Update the SLE signatures (sync shim.changes from SLE)
(sync shim.changes from SLE)
- Add shim-bsc1185232-fix-config-table-copying.patch to avoid
  buffer overflow when copying data to the MOK config table
  (bsc#1185232)
- Add shim-disable-export-vendor-dbx.patch to disable exporting
  vendor-dbx to MokListXRT since writing a large RT variable
  could crash some machines (bsc#1185261)
- Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the
  potential crash when calling QueryVariableInfo in EFI 1.10
  machines (bsc#1187260)
- Add shim-fix-aa64-relsz.patch to fix the size of rela sections
  for AArch64
  Fix: https://github.com/rhboot/shim/issues/371
- Add shim-bsc1185232-relax-loadoptions-length-check.patch to
  ignore the odd LoadOptions length (bsc#1185232)
- shim-install: reset def_shim_efi to "/shim.efi"/ if the given
  file doesn't exist
- Add shim-bsc1185261-relax-import_mok_state-check.patch to relax
  the check for import_mok_state() when Secure Boot is off.
  (bsc#1185261)
  (sync shim.changes from SLE)
- Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the
  maximum variable size check for u-boot (bsc#1185621)
- Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
  to handle ignore_db and user_insecure_mode correctly
  (bsc#1185441, bsc#1187071)
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
  vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
  the size of MokListXRT (bsc#1185261)
  + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
- Enable the AArch64 signature check for SLE (sync shim.changes from SLE)
- Update the SLE signatures (sync shim.changes from SLE)
sudo
- Fix CVE-2023-28486, sudo does not escape control characters in
  log messages, (CVE-2023-28486, bsc#1209362)
  * sudo-CVE-2023-28486.patch
- Fix CVE-2023-28487, sudo does not escape control characters in
  sudoreplay output (CVE-2023-28487, bsc#1209361)
- sudo-dont-enable-read-after-pty_finish.patch
  * bsc#1203201
  * Do not re-enable the reader when flushing the buffers as part
    of pty_finish().
  * While sudo-observe-SIGCHLD patch applied earlier prevents a
    race condition from happening, this fixes a related buffer hang.
- Added sudo-no-double-free.patch
  * bsc#1208595, CVE-2023-27320
  * Fix a situation where per-command chroot sudoers rules can cause
    a double-free.
- Added sudo-no-passwd-for-nonexisting-cmd.patch
  * bsc#1206772
  * If NOPASSWD is specified, don't ask for password if command is
    not found.
- Added sudo-fix_NULL_deref_RunAs.patch
  * bsc#1206483
  * Fix a situation where "/sudo -U otheruser -l"/ would dereference
    a NULL pointer.
- Added sudo-CVE-2023-22809.patch
  * CVE-2023-22809
  * bsc#1207082
  * Prevent '--' in the EDITOR environment variable which can allow
    users to edit sensitive files as root.
suse-build-key
- Establish multiple new 4096 RSA keys that we will switch
  to mid of 2023. (jsc#PED-2777)
  - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SLE (RPM+repos).
  - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserver key for SLE (RPM+repos).
  - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF RPMs.
  - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem:
    new RSA 4096 key for the SUSE registry registry.suse.com, installed as
    suse-container-key-2023.pem and suse-container-key-2023.asc
  - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem:
    New PTF container signing key for registry.suse.com/ptf/ space.
suse-module-tools
- Update to version 15.4.16:
  * modprobe.conf: s390x: remove softdep on fbcon (boo#1207853)
systemd
- Import commit dad0071f15341be2b24c2c9d073e62617e0b46733 (merge of v249.16)
- Fix return non-zero value when disabling SysVinit service (bsc#1208432)
- Drop build requirement on libpci, it's not more needed since udev hwdb was
  introduced 11 years ago.
- Move systemd-boot and all components managing (secure) UEFI boot into udev
  sub-package: they may deserve a dedicated sub-package in the future but for
  now move them to udev so they aren't installed in systemd based containers.
- Drop a workaround related to systemd-timesyncd that addressed a Factory issue.
- Conditionalize the use of /lib/modprobe.d only on systems with split usr
  support enabled (i.e. SLE).
- Import commit 119740915155d473de087bd633ba62c1c3e47d36 (merge of v249.15)
  For a complete list of changes, visit:
  https://github.com/openSUSE/systemd/compare/1bfa716e7fb6d7169cece864e75dfe9e52914c99...119740915155d473de087bd633ba62c1c3e47d36
- Make use of the %systemd_* rpm macros consistently. Using the upstream
  variants will ease the backports of Factory changes to SLE since Factory
  systemd uses the upstream variants exclusively.
- machines.target belongs to systemd-container, do its init/cleanup steps from
  the scriptlets of this sub-package.
- Make sure we apply the presets on units shipped by systemd package
- systemd-testsuite: move the integration tests in a dedicated sub directory.
- Move systemd-cryptenroll into udev package.
- Make sure that /lib/udev exists and is a symlink to /usr/lib/udev when the
  testsuite is run.
- Import commit 1bfa716e7fb6d7169cece864e75dfe9e52914c99 (merge of v249.14)
  For a complete list of changes, visit:
  https://github.com/openSUSE/systemd/compare/540e0bd5374f9f42f1e645eb15971431ebb4b8c8...1bfa716e7fb6d7169cece864e75dfe9e52914c99
- Rebase 1001-udev-use-lock-when-selecting-the-highest-priority-de.patch
- Don't overwrite /etc/pam.d/systemd-user on update (bsc#1207264)
  Regression introduced when systemd was forked for 15.4.
- Ship systemd-pstore with udev (jsc#PED-2663)
- Import commit 540e0bd5374f9f42f1e645eb15971431ebb4b8c8
  29fb8a2dd0 core/unit: try to submit stop_when_unneeded queue on removing dependencies
  bd63eab381 core/device: start units specified in SYSTEMD_WANTS if it is not running
  e0898fa873 coredump: do not allow user to access coredumps with changed uid/gid/capabilities (bsc#1205000 CVE-2022-4415)
  119424f96e coredump: adjust whitespace
  3833d5a408 coredump: drop an unused variable
  36728edcfd coredump: Fix format string type mismatch
  34f6867a8a analyze: use DumpUnitsMatchingPatternsByFileDescriptor
  e67a7087ec manager: add DumpUnitsMatchingPatternsByFileDescriptor()
  feb8f2a983 manager: rename dbus method
  98fed27339 analyze: extend the dump command to accept patterns
  a06d9470af man: document the Dump() calls of the PID 1 D-Bus interface, and what they are
  79eb37a5e0 cryptsetup: retry TPM2 unseal operation if it fails with TPM2_RC_PCR_CHANGED (bsc#1204944)
- Drop 5000-coredump-Fix-format-string-type-mismatch.patch
    5001-coredump-drop-an-unused-variable.patch
    5002-coredump-adjust-whitespace.patch
    5003-coredump-do-not-allow-user-to-access-coredumps-with-.patch
  They have been merged into SUSE/v249 branch.
systemd-presets-common-SUSE
- Enable systemd-pstore.service by default (jsc#PED-2663)
tar
- Fix CVE-2022-48303, tar has a one-byte out-of-bounds read that
  results in use of uninitialized memory for a conditional jump
  (CVE-2022-48303, bsc#1207753)
  * fix-CVE-2022-48303.patch
- Fix hang when unpacking test tarball, bsc#1202436
  * remove bsc1202436.patch
  * bsc1202436-1.patch
  * bsc1202436-1.patch
- Fix hang when unpacking test tarball, bsc#1202436
  * bsc1202436.patch
tcl
- [bsc#1206623], tcl-string-compare.patch:
  Fix [string compare -length] on big endian and improve
  [string equal] on little endian.
tiff
  * CVE-2022-48281 [bsc#1207413]
    + tiff-CVE-2022-48281.patch
- security update:
timezone
- timezone update 2023c:
  * Revert changes made in 2023b
- timezone update 2023b:
  * Lebanon delays the start of DST this year.
- timezone update 2023a:
  * Egypt now uses DST again, from April through October.
  * This year Morocco springs forward April 23, not April 30.
  * Palestine delays the start of DST this year.
  * Much of Greenland still uses DST from 2024 on.
  * America/Yellowknife now links to America/Edmonton.
  * tzselect can now use current time to help infer timezone.
  * The code now defaults to C99 or later.
- Refresh tzdata-china.diff
util-linux
- Fix tests not passing when '@' character is in build path:
  Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
- Add util-linux-fix-tests-when-at-symbol-in-path.patch
- libuuid continuous clock handling for time based UUIDs:
  Prevent use of the new libuuid ABI by uuidd %post before update
  of libuuid1 (bsc#1205646).
- util-linux-uuidd-prevent-root-owning.patch: Use chown --quiet
  to prevent error message if /var/lib/libuuid/clock.txt does not
  exist.
util-linux-systemd
- libuuid continuous clock handling for time based UUIDs:
  Prevent use of the new libuuid ABI by uuidd %post before update
  of libuuid1 (bsc#1205646).
- util-linux-uuidd-prevent-root-owning.patch: Use chown --quiet
  to prevent error message if /var/lib/libuuid/clock.txt does not
  exist.
vim
- Updated to version 9.0 with patch level 1386, fixes the following security problems
  * Fixing bsc#1207780 - (CVE-2023-0512) VUL-0: CVE-2023-0512: vim: Divide By Zero in GitHub repository vim/vim prior to 9.0.1247
  * Fixing bsc#1208957 - (CVE-2023-1175) VUL-0: CVE-2023-1175: vim: Incorrect Calculation of Buffer Size
  * Fixing bsc#1208959 - (CVE-2023-1170) VUL-0: CVE-2023-1170: vim: Heap-based Buffer Overflow in vim prior to 9.0.1376
  * Fixing bsc#1208828 - (CVE-2023-1127) VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386
- Updated to version 9.0 with patch level 1234, fixes the following security problems
  * Fixing bsc#1207396 VUL-0: CVE-2023-0433: vim: Heap-based Buffer Overflow in vim prior to 9.0.1225
  * Fixing bsc#1207162 VUL-1: CVE-2023-0288: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
  * Fixing bsc#1206868 VUL-1: CVE-2023-0054: vim: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
  * Fixing bsc#1206867 VUL-1: CVE-2023-0051: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
  * Fixing bsc#1206866 VUL-1: CVE-2023-0049: vim: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
- refreshed vim-7.4-highlight_fstab.patch
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1040...v9.0.1234
xen
- bsc#1209017 - VUL-0: CVE-2022-42332: xen: x86 shadow plus
  log-dirty mode use-after-free (XSA-427)
  xsa427.patch
- bsc#1209018 - VUL-0: CVE-2022-42333,CVE-2022-42334: xen: x86/HVM
  pinned cache attributes mis-handling (XSA-428)
  xsa428-1.patch
  xsa428-2.patch
- bsc#1209019 - VUL-0: CVE-2022-42331: xen: x86: speculative
  vulnerability in 32bit SYSCALL path (XSA-429)
  xsa429.patch
- bsc#1208286 - VUL-0: CVE-2022-27672: xen: Cross-Thread Return
  Address Predictions (XSA-426)
  63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch
- bsc#1205792 - Partner-L3: launch-xenstore error messages show in
  SLES15 SP4 xen kernel.
  63e4da00-dont-log-errors-when-trying-to-load-PVH-xenstore-stubdom.patch
- Upstream bug fixes (bsc#1027519)
  63c05478-VMX-calculate-model-specific-LBRs-once.patch
  63c05478-VMX-support-CPUs-without-model-specific-LBR.patch
- Upstream bug fixes (bsc#1027519)
  63a03e28-x86-high-freq-TSC-overflow.patch
- Update to Xen 4.16.3 bug fix release (bsc#1027519)
  xen-4.16.3-testing-src.tar.bz2
  * No upstream changelog found in sources or webpage
- Drop patches contained in new tarball
  62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch
  6306185f-x86-XSTATE-CPUID-subleaf-1-EBX.patch
  631b5ba6-gnttab-acquire-resource-vaddrs.patch
  63455f82-Arm-P2M-prevent-adding-mapping-when-dying.patch
  63455fa8-Arm-P2M-preempt-when-freeing-intermediate.patch
  63455fc3-x86-p2m_teardown-allow-skip-root-pt-removal.patch
  63455fe4-x86-HAP-monitor-table-error-handling.patch
  63456000-x86-tolerate-sh_set_toplevel_shadow-failure.patch
  6345601d-x86-tolerate-shadow_prealloc-failure.patch
  6345603a-x86-P2M-refuse-new-alloc-for-dying.patch
  63456057-x86-P2M-truly-free-paging-pool-for-dying.patch
  63456075-x86-P2M-free-paging-pool-preemptively.patch
  63456090-x86-p2m_teardown-preemption.patch
  63456175-libxl-per-arch-extra-default-paging-memory.patch
  63456177-Arm-construct-P2M-pool-for-guests.patch
  6345617a-Arm-XEN_DOMCTL_shadow_op.patch
  6345617c-Arm-take-P2M-pages-P2M-pool.patch
  634561aa-gnttab-locking-on-transitive-copy-error-path.patch
  634561f1-x86emul-respect-NSCB.patch
  6346e404-VMX-correct-error-handling-in-vmx_create_vmcs.patch
  6351095c-Arm-rework-p2m_init.patch
  6351096a-Arm-P2M-populate-pages-for-GICv2-mapping.patch
  635274c0-EFI-dont-convert-runtime-mem-to-RAM.patch
  635665fb-sched-fix-restore_vcpu_affinity.patch
  63569723-x86-shadow-replace-bogus-assertions.patch
  636a9130-x86-spec-ctrl-Enumeration-for-IBPB_RET.patch
  636a9130-x86-spec-ctrl-Mitigate-IBPB-not-flushing-the-RSB-RAS.patch
  xsa326-01.patch
  xsa326-02.patch
  xsa326-03.patch
  xsa326-04.patch
  xsa326-05.patch
  xsa326-06.patch
  xsa326-07.patch
  xsa326-08.patch
  xsa326-09.patch
  xsa326-10.patch
  xsa326-11.patch
  xsa326-12.patch
  xsa326-13.patch
  xsa326-14.patch
  xsa326-15.patch
  xsa326-16.patch
  xsa412.patch
  xsa414.patch
  xsa415.patch
  xsa416.patch
  xsa417.patch
  xsa418-01.patch
  xsa418-02.patch
  xsa418-03.patch
  xsa418-04.patch
  xsa418-05.patch
  xsa418-06.patch
  xsa418-07.patch
  xsa419-01.patch
  xsa419-02.patch
  xsa419-03.patch
  xsa421-01.patch
  xsa421-02.patch
- bsc#1205209 - VUL-0: CVE-2022-23824: xen: x86: Multiple
  speculative security issues (XSA-422)
  636a9130-x86-spec-ctrl-Enumeration-for-IBPB_RET.patch
  636a9130-x86-spec-ctrl-Mitigate-IBPB-not-flushing-the-RSB-RAS.patch
yast2-add-on
- Fixed failure with the "/media_url"/ element in AutoYaST profile
  containing CDATA block with spaces (bsc#1205928)
- 4.4.8
yast2-bootloader
- make secure boot for ppc64 consistent with how secure boot works
  on other architectures (bsc#1206295)
- 4.4.19
yast2-network
- Fixed a random build failure (introduced by the previous fix for
  bsc#1207221) (bsc#1208796).
- 4.4.56
- Fix the return of packages needed by the selected backend when
  running an autoinstallation (bsc#1207221)
- 4.4.55
- Do not crash when the NETMASK or PREFIXLEN are invalid
  (bsc#1206551).
- 4.4.54
yast2-storage-ng
- Extended regexp to identify Dell BOSS storage devices (bsc#1200975)
- 4.4.42
zlib
- Follow up fix for bsc#1203652 due to libxml2 breakage
  * bsc1203652-2.patch
zstd
- Fix CVE-2022-4899, bsc#1209533
  * Fix buffer underflow when dir1 == "/"/
  * Disallow empty string as an argument for --output-dir-flat="/"/
  and --output-dir-mirror="/"/.
- Added patches:
  * Disallow-empty-output-directory.patch
  * Fix-buffer-underflow-for-null-dir1.patch
zypper
- BuildRequires:  libzypp-devel >= 17.31.7.
- Provide "/removeptf"/ command (bsc#1203249)
  A remove command which prefers replacing dependant packages to
  removing them as well.
  A PTF is typically removed as soon as the fix it provides is
  applied to the latest official update of the dependant packages.
  But you don't want the dependant packages to be removed together
  with the PTF, which is what the remove command would do. The
  removeptf command however will aim to replace the dependant
  packages by their official update versions.
- patterns: Avoid dispylaing superfluous @System entries
  (bsc#1205570)
- version 1.14.59
- Update man page and explain '.no_auto_prune' (bsc#1204956)
- Allow to (re)add a service with the same URL (bsc#1203715)
- Explain outdatedness of repos (fixes #463)
- BuildRequires:  libzypp-devel >= 17.31.5
- version 1.14.58