apparmor
- Fix pam_apparmor %post and %postun scripts to handle pam-config errors
  (bsc#1215596)

- update zgrep profile to allow egrep helper use (bsc#1214458)
  - zgrep-profile-sync-with-master.diff

- Add pam_apparmor README, referenced from online cha-apparmor-pam.html
  documentation (bsc#1213472)
audit-secondary
- Update audit-secondary.spec: create symbolic link from
  /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519).

- Fix rules not loaded when restarting auditd.service(bsc#1204844)
autoyast2
- Properly install the selected products, do not lose them after
  resetting the package manager internally (bsc#1202234)
- 4.5.14
bind
- Update to release 9.16.44
  Bug Fixes:
  * Processing already-queued queries received over TCP could cause
    an assertion failure, when the server was reconfigured at the
    same time or the cache was being flushed. This has been fixed.
  Security Fixes:
  * Previously, sending a specially crafted message over the
    control channel could cause the packet-parsing code to run out
    of available stack memory, causing named to terminate
    unexpectedly. This has been fixed. (CVE-2023-3341)
  [bsc#1215472]
- Switch to pkgconfig(libprotobuf-c) since this now contains the
  required protobuf-c binary

- Add dnstap support
  [jsc#PED-4852]

- Log named-checkconf output [bsc#1213049]
binutils
- Update to version 2.41 [PED-5778]:
  * The MIPS port now supports the Sony Interactive Entertainment Allegrex
  processor, used with the PlayStation Portable, which implements the MIPS
  II ISA along with a single-precision FPU and a few implementation-specific
  integer instructions.
  * Objdump's --private option can now be used on PE format files to display the
  fields in the file header and section headers.
  * New versioned release of libsframe: libsframe.so.1.  This release introduces
  versioned symbols with version node name LIBSFRAME_1.0.  This release also
  updates the ABI in an incompatible way: this includes removal of
  sframe_get_funcdesc_with_addr API, change in the behavior of
  sframe_fre_get_ra_offset and sframe_fre_get_fp_offset APIs.
  * SFrame Version 2 is now the default (and only) format version supported by
  gas, ld, readelf and objdump.
  * Add command-line option, --strip-section-headers, to objcopy and strip to
  remove ELF section header from ELF file.
  * The RISC-V port now supports the following new standard extensions:
  - Zicond (conditional zero instructions)
  - Zfa (additional floating-point instructions)
  - Zvbb, Zvbc, Zvkg, Zvkned, Zvknh[ab], Zvksed, Zvksh, Zvkn, Zvknc, Zvkng,
    Zvks, Zvksc, Zvkg, Zvkt (vector crypto instructions)
  * The RISC-V port now supports the following vendor-defined extensions:
  - XVentanaCondOps
  * Add support for Intel FRED, LKGS and AMX-COMPLEX instructions.
  * A new .insn directive is recognized by x86 gas.
  * Add SME2 support to the AArch64 port.
  * The linker now accepts a command line option of --remap-inputs
  <PATTERN>=<FILE> to relace any input file that matches <PATTERN> with
  <FILE>.  In addition the option --remap-inputs-file=<FILE> can be used to
  specify a file containing any number of these remapping directives.
  * The linker command line option --print-map-locals can be used to include
  local symbols in a linker map.  (ELF targets only).
  * For most ELF based targets, if the --enable-linker-version option is used
  then the version of the linker will be inserted as a string into the .comment
  section.
  * The linker script syntax has a new command for output sections: ASCIZ "string"
  This will insert a zero-terminated string at the current location.
  * Add command-line option, -z nosectionheader, to omit ELF section
  header.
- Removed obsolete patches: binutils-2.40-branch.diff.gz,
  riscv-dynamic-tls-reloc-pie.patch, riscv-pr22263-1.patch,
  extensa-gcc-4_3-fix.diff .
- Add binutils-2.41-branch.diff.gz .
- Add binutils-old-makeinfo.diff for SLE-12 and older.
- Rebased aarch64-common-pagesize.patch and binutils-revert-rela.diff .
- Contains fixes for these non-CVEs (not security bugs per upstreams
  SECURITY.md):
  * bsc#1209642 aka CVE-2023-1579 aka PR29988
  * bsc#1210297 aka CVE-2023-1972 aka PR30285
  * bsc#1210733 aka CVE-2023-2222 aka PR29936
  * bsc#1213458 aka CVE-2021-32256 aka PR105039 (gcc)
  * bsc#1214565 aka CVE-2020-19726 aka PR26240
  * bsc#1214567 aka CVE-2022-35206 aka PR29290
  * bsc#1214579 aka CVE-2022-35205 aka PR29289
  * bsc#1214580 aka CVE-2022-44840 aka PR29732
  * bsc#1214604 aka CVE-2022-45703 aka PR29799
  * bsc#1214611 aka CVE-2022-48065 aka PR29925
  * bsc#1214619 aka CVE-2022-48064 aka PR29922
  * bsc#1214620 aka CVE-2022-48063 aka PR29924
  * bsc#1214623 aka CVE-2022-47696 aka PR29677
  * bsc#1214624 aka CVE-2022-47695 aka PR29846
  * bsc#1214625 aka CVE-2022-47673 aka PR29876

- Add binutils-disable-dt-relr.sh for an compatibility problem
  caused by binutils-revert-rela.diff in SLE codestreams.
  Needed for update of glibc as that would otherwise pick up
  the broken relative relocs support.  [bsc#1213282, PED-1435]
- This only existed only for a very short while in SLE-15, as the main
  variant in devel:gcc subsumed this in binutils-revert-rela.diff.
  Hence:
- Remove binutils-disable-dt-relr.sh as subsumed.

- riscv-dynamic-tls-reloc-pie.patch: Backport for PR ld/22263 and PR
  ld/25694
- riscv-pr22263-1.patch: Backport for PR ld/22263

- Rebase branch patch (includes fix for PR30281).

- Document fixed CVEs:
  * bnc#1208037 aka CVE-2023-25588 aka PR29677
  * bnc#1208038 aka CVE-2023-25587 aka PR29846
  * bnc#1208040 aka CVE-2023-25585 aka PR29892
  * bnc#1208409 aka CVE-2023-0687 aka PR29444

- Enable bpf-none cross target and add bpf-none to the multitarget
  set of supported targets.

- Disable packed-relative-relocs for old codestreams.  They generate
  buggy relocations when binutils-revert-rela.diff is active.
  [bsc#1206556]

- Disable ZSTD debug section compress by default.

- Enable zstd compression algorithm (instead of zlib)
  for debug info sections by default.

- Pack libgprofng only for supported platforms.

- Remove upstreamed patch binutils-maxpagesize.diff.

- Rebase binutils-2.40-branch.diff.gz as it includes fix for PR30043.
- Move libgprofng-related libraries to the proper locations (packages).
- Add --without=bootstrap for skipping of bootstrap (faster testing
  of the package).

- Remove broken arm32-avoid-copyreloc.patch to fix [gcc#108515]

- Update to version 2.40:
  * Objdump has a new command line option --show-all-symbols which will make it
  display all symbols that match a given address when disassembling.  (Normally
  only the first symbol that matches an address is shown).
  * Add --enable-colored-disassembly configure time option to enable colored
  disassembly output by default, if the output device is a terminal.  Note,
  this configure option is disabled by default.
  * DCO signed contributions are now accepted.
  * objcopy --decompress-debug-sections now supports zstd compressed debug
  sections.  The new option --compress-debug-sections=zstd compresses debug
  sections with zstd.
  * addr2line and objdump --dwarf now support zstd compressed debug sections.
  * The dlltool program now accepts --deterministic-libraries and
  - -non-deterministic-libraries as command line options to control whether or
  not it generates deterministic output libraries.  If neither of these options
  are used the default is whatever was set when the binutils were configured.
  * readelf and objdump now have a newly added option --sframe which dumps the
  SFrame section.
  * Add support for Intel RAO-INT instructions.
  * Add support for Intel AVX-NE-CONVERT instructions.
  * Add support for Intel MSRLIST instructions.
  * Add support for Intel WRMSRNS instructions.
  * Add support for Intel CMPccXADD instructions.
  * Add support for Intel AVX-VNNI-INT8 instructions.
  * Add support for Intel AVX-IFMA instructions.
  * Add support for Intel PREFETCHI instructions.
  * Add support for Intel AMX-FP16 instructions.
  * gas now supports --compress-debug-sections=zstd to compress
  debug sections with zstd.
  * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd}
  that selects the default compression algorithm
  for --enable-compressed-debug-sections.
  * Add support for various T-Head extensions (XTheadBa, XTheadBb, XTheadBs,
  XTheadCmo, XTheadCondMov, XTheadFMemIdx, XTheadFmv, XTheadInt, XTheadMemIdx,
  XTheadMemPair, XTheadMac, and XTheadSync) from version 2.0 of the T-Head
  ISA manual, which are implemented in the Allwinner D1.
  * Add support for the RISC-V Zawrs extension, version 1.0-rc4.
  * Add support for Cortex-X1C for Arm.
  * New command line option --gsframe to generate SFrame unwind information
  on x86_64 and aarch64 targets.
  * The linker has a new command line option to suppress the generation of any
  warning or error messages.  This can be useful when there is a need to create
  a known non-working binary.  The option is -w or --no-warnings.
  * ld now supports zstd compressed debug sections.  The new option
  - -compress-debug-sections=zstd compresses debug sections with zstd.
  * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd}
  that selects the default compression algorithm
  for --enable-compressed-debug-sections.
  * Remove support for -z bndplt (MPX prefix instructions).
- Rebased patches: add-ulp-section.diff, ld-relro.diff, binutils-revert-plt32-in-branches.diff,
  cross-avr-size.patch.
- Removed patch: binutils-pr29482.diff.
- New patch: extensa-gcc-4_3-fix.diff.
- Includes fixes for these CVEs:
  * bnc#1206080 aka CVE-2022-4285 aka PR29699
- Enable by default: --enable-colored-disassembly.

- fix build on x86_64_vX platforms
blog
- Add patch blog.dif
  * Fix big endian cast problems to be able to read commands
    and ansers (blogctl) as well as passphrases (blogd)
ca-certificates-mozilla
- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
  Added:
  - Atos TrustedRoot Root CA ECC G2 2020
  - Atos TrustedRoot Root CA ECC TLS 2021
  - Atos TrustedRoot Root CA RSA G2 2020
  - Atos TrustedRoot Root CA RSA TLS 2021
  - BJCA Global Root CA1
  - BJCA Global Root CA2
  - LAWtrust Root CA2 (4096)
  - Sectigo Public Email Protection Root E46
  - Sectigo Public Email Protection Root R46
  - Sectigo Public Server Authentication Root E46
  - Sectigo Public Server Authentication Root R46
  - SSL.com Client ECC Root CA 2022
  - SSL.com Client RSA Root CA 2022
  - SSL.com TLS ECC Root CA 2022
  - SSL.com TLS RSA Root CA 2022
  Removed CAs:
  - Chambers of Commerce Root
  - E-Tugra Certification Authority
  - E-Tugra Global Root CA ECC v3
  - E-Tugra Global Root CA RSA v3
  - Hongkong Post Root CA 1
cloud-init
- Update cloud-init-write-routes.patch (bsc#1212879)
  + Add necessary import statement
- Enable flake8 linting, fix up patches
  + cloud-init-cve-2023-1786-redact-instance-data-json-main.patch
  + cloud-init-power-rhel-only.patch
  + cloud-init-write-routes.patch
  + datasourceLocalDisk.patch

- Add cloud-init-power-rhel-only.patch (bsc#1210273)
  + Config module cc_refresh_rmc_and_interface is implemented such that
    it will only work on RH distros. Set the module availability accordingly.
cloud-netconfig
- Update to version 1.8:
  + Fix Azure metadata check (bsc#1214715)
  + Fix cleanup on ifdown
crypto-policies
- Update the update-crypto-policies(8) man pages and README.SUSE
  to mention the supported back-end policies. [bsc#1209998]
curl
- Security fixes:
  * [bsc#1215888, CVE-2023-38545] SOCKS5 heap buffer overflow
  * [bsc#1215889, CVE-2023-38546] Cookie injection with none file
  * Add curl-CVE-2023-38545.patch curl-CVE-2023-38546.patch

- Security fix: [bsc#1215026, CVE-2023-38039]
  * http: return error when receiving too large header
  * Add curl-CVE-2023-38039.patch

- Security fix: [bsc#1213237, CVE-2023-32001]
  * fopen race condition: libcurl can be told to save cookie,
    HSTS and/or alt-svc data to files. When doing this, it
    called 'stat()' followed by 'fopen()' in a way that made
    it vulnerable to a TOCTOU race condition problem.
  * Add curl-CVE-2023-32001.patch
dbus-1
- Sometimes unprivileged users were able to crash dbus-daemon
  (CVE-2023-34969, bsc#1212126)
  * fix-upstream-CVE-2023-34969.patch
lvm2
- blkdeactivate calls wrong mountpoint cmd (bsc#1214071)
  + bug-1214071-blkdeactivate_calls_wrong_mountpoint.patch

- multipath_component_detection = 0 in lvm.conf does not have any effect (bsc#1212613)
  - bug-1212613_apply-multipath_component_detection-0-to-duplicate-P.patch
docker
- update to Docker 24.0.5-ce. See upstream changelong online at
  <https://docs.docker.com/engine/release-notes/24.0/#2405>. bsc#1213229

- Update to Docker 24.0.4-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500

- Update to Docker 24.0.3-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120
- Rebase patches:
  * cli-0001-docs-include-required-tools-in-source-tree.patch

- Recommend docker-rootless-extras instead of Require(ing) it, given
  it's an additional functionality and not inherently required for
  docker to function.

- Add docker-rootless-extras subpackage
  (https://docs.docker.com/engine/security/rootless)

- Update to Docker 24.0.2-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368
  * Includes the upstreamed fix for the mount table pollution issue.
    bsc#1210797
- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
  being provided by this package.
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * cli-0001-docs-include-required-tools-in-source-tree.patch
dracut
- Update to version 055+suse.371.g5237e44a:
  * fix(nvmf): support /etc/nvme/config.json (bsc#1215578)

- Update to version 055+suse.369.gde6c81bf:
  * fix(dracut-install): protect against broken links pointing to themselves
  * fix(dracut.sh): exit if resolving executable dependencies fails (bsc#1214081)
gawk
- format-tree-positional-arg.patch: Validate index into argument list
  (CVE-2023-4156, bsc#1214025)
glibc
- dl-map-segment-align-munmap.patch: elf: Align argument of __munmap to
  page size (bsc#1215891, BZ #28676)

- gai-merge-continue-actions.patch: Simplify allocations and fix merge and
  continue actions (CVE-2023-4813, bsc#1215286, BZ #28931)

- gb18030-2022.patch: add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)

- nscd-netlink-cache-invalidation.patch: nscd: Fix netlink cache
  invalidation if epoll is used (bsc#1212910, BZ #29415)

- nss-files-hosts-v4mapped.patch: Restore lookup of IPv4 mapped addresses
  in files database (bsc#1212819, BZ #25457)

- remove-excessive-p-align-check.patch: elf: Remove excessive p_align
  check on PT_LOAD segments (bsc#1211829, BZ #28688)
- segment-align.patch: elf: Properly align PT_LOAD segments (bsc#1211829,
  BZ #28676)
- ld-so-always-use-map-copy.patch: ld.so: Always use MAP_COPY to map the
  first segment (BZ #30452)

- resolv-conf-lock.patch: resolv_conf: release lock on allocation failure
  (bsc#1211828, BZ #30527)

- ulp-prologue-into-asm-functions.patch: Add support for livepatches
  in ASM written functions (bsc#1211726)

- getlogin-no-loginuid.patch: getlogin_r: fix missing fallback if loginuid
  is unset (bsc#1209229, BZ #30235)

- Exclude static archives from preparation for live patching (bnc#1208721)
grub2
- grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563)
hwinfo
- merge gh#openSUSE/hwinfo#132
- avoid linking problems with libsamba (bsc#1212756)
- 21.85
kernel-default
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes
  bsc#1215941).
- commit a62865f

- net: xfrm: Fix xfrm_address_filter OOB read (CVE-2023-39194
  bsc#1215861).
- commit 55308cb

- netfilter: xt_sctp: validate the flag_info count (CVE-2023-39193
  bsc#1215860).
- commit 5ec24b7

- netfilter: xt_u32: validate user space input (CVE-2023-39192
  bsc#1215858).
- commit 292c059

- ipv4: fix null-deref in ipv4_link_failure (CVE-2023-42754
  bsc#1215467).
- commit ad87dd3

- KVM: s390: pv: fix external interruption loop not always
  detected (git-fixes bsc#1215916).
- commit f1893aa

- btrfs: fix root ref counts in error handling in
  btrfs_get_root_ref (bsc#1214351 CVE-2023-4389).
- commit 3731029

- KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
  (git-fixes bsc#1215915).
- commit fe7fbfc

- KVM: s390/diag: fix racy access of physical cpu number in diag
  9c handler (git-fixes bsc#1215911).
- commit 6454286

- fs/smb/client: Reset password pointer to NULL (bsc#1215899
  CVE-2023-5345).
- commit 679511d

- blacklist.conf: kABi breakage (vmalloc)
- commit 10bad47

- KVM: s390: interrupt: use READ_ONCE() before cmpxchg()
  (git-fixes bsc#1215896).
- commit 8726736

- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes
  bsc#1215895).
- commit 9ff1a1e

- KVM: s390: vsie: Fix the initialization of the epoch extension
  (epdx) field (git-fixes bsc#1215894).
- commit 9c5bbd7

- netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro
  for ip_set_hash_netportnet.c (CVE-2023-42753 bsc#1215150).
- commit 7a6be79

- tcp: Reduce chance of collisions in inet6_hashfn()
  (CVE-2023-1206 bsc#1212703).
- commit e3ebd17

- blacklist.conf: workqueue: compiler warning on 32-bit systems with
  Clang (bsc#1215877)
- commit b7e65aa

- blacklist.conf: workqueue: Code refactoring
- commit e204334

- blacklist.conf: printk: the changes look good but they do not fix
  any serious problem
- commit c560ceb

- printk: ringbuffer: Fix truncating buffer size min_t cast
  (bsc#1215875).
- commit e0d3999

- scsi: storvsc: Handle additional SRB status values (git-fixes).
- commit d1a5f2f

- scsi: qedf: Add synchronization between I/O completions and
  abort (bsc#1210658).
- commit 96a8c32

- gve: fix frag_list chaining (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: use vmalloc_array and vcalloc (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants
  (bsc#1214479).
- gve: Add AF_XDP zero-copy support for GQI-QPL format
  (bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format
  (bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- commit 4dd2d8d

- net: sched: sch_qfq: Fix UAF in qfq_dequeue() (CVE-2023-4921
  bsc#1215275).
- commit 9408063

- Update metadata
- commit 8a83576

- drm/ast: report connection status on Display Port. (bsc#1152472)
  Backporting changes:
  * rename ast_device to ast_private
  * context changes
- commit b93ab93

- drm/ast: Add BMC virtual connector (bsc#1152472)
  Backporting changes:
  * rename ast_device to ast_private
- commit 0eaf20c

- Refresh
  patches.suse/drm-amd-Fix-an-error-handling-mistake-in-psp_sw_init.patch
  (git-fixes)
  Alt-commit
- commit e324027

- Refresh
  patches.suse/drm-amdgpu-vkms-relax-timer-deactivation-by-hrtimer_.patch
  (git-fixes)
  Alt-commit
- commit 2de4df3

- Refresh
  patches.suse/drm-amd-Tighten-permissions-on-VBIOS-flashing-attrib.patch
  (git-fixes)
  Alt-commit
- commit d013066

- Refresh
  patches.suse/drm-amd-pm-Fix-output-of-pp_od_clk_voltage.patch
  (git-fixes)
  Alt-commit
- commit e4f052f

- Refresh
  patches.suse/drm-radeon-reintroduce-radeon_dp_work_func-content.patch
  (git-fixes)
  Alt-commit
- commit 6f484d3

- Refresh
  patches.suse/drm-amdgpu-change-gfx-11.0.4-external_id-range.patch
  (git-fixes)
  Alt-commit
- commit 79082dc

- Refresh
  patches.suse/drm-amd-display-Update-bounding-box-values-for-DCN32.patch
  (git-fixes)
  Alt-commit
- commit ba25d71

- Refresh
  patches.suse/drm-amd-display-Do-not-clear-GPINT-register-when-rel.patch
  (git-fixes)
  Alt-commit
- commit 4b4e240

- Refresh
  patches.suse/drm-amd-display-Reset-OUTBOX0-r-w-pointer-on-DMUB-re.patch
  (git-fixes)
  Alt-commit
- commit 171518a

- fs: no need to check source (bsc#1215752).
- commit 1a42abf

- Refresh
  patches.suse/drm-amd-display-Fixes-for-dcn32_clk_mgr-implementati.patch
  (git-fixes)
  Alt-commit
- commit 9ba10de

- Refresh
  patches.suse/drm-amd-display-Return-error-code-on-DSC-atomic-chec.patch
  (git-fixes)
  Alt-commit
- commit 310423c

- Refresh
  patches.suse/drm-amd-display-Add-missing-WA-and-MCLK-validation.patch
  (git-fixes)
  Alt-commit
- commit b31adf2

- Refresh
  patches.suse/drm-amdgpu-allow-more-APUs-to-do-mode2-reset-when-go.patch
  (git-fixes)
  Alt-commit
- commit 2baa247

- Refresh
  patches.suse/drm-amd-display-Set-dcn32-caps.seamless_odm.patch
  (git-fixes)
  Alt-commit
- commit a0540d6

- Refresh
  patches.suse/drm-amdgpu-fix-return-value-check-in-kfd.patch
  (git-fixes)
  Alt-commit
- commit 97cc526

- Refresh
  patches.suse/1836-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch
  (git-fixes)
  Alt-commit
- commit e35f57f

- Refresh
  patches.suse/drm-msm-dpu-drop-enum-dpu_core_perf_data_bus_id.patch
  (git-fixes)
  Alt-commit
- commit f8178cd

- Refresh
  patches.suse/drm-amd-display-check-attr-flag-before-set-cursor-de.patch
  (git-fixes)
  Alt-commit
- commit f507792

- Refresh
  patches.suse/drm-amdgpu-Fix-vram-recover-doesn-t-work-after-whole.patch
  (git-fixes)
  Alt-commit
- commit 38e2a92

- Refresh
  patches.suse/drm-amdgpu-add-a-missing-lock-for-AMDGPU_SCHED.patch
  (git-fixes)
  Alt-commit
- commit 2ecd3e8

- Refresh
  patches.suse/drm-amd-display-fix-flickering-caused-by-S-G-mode.patch
  (git-fixes)
  Alt-commit
- commit 33e82b2

- Refresh
  patches.suse/drm-nouveau-kms-nv50-fix-nv50_wndw_new_-prototype.patch
  (git-fixes)
  Alt-commit
- commit 4c21b50

- SUNRPC: Mark the cred for revalidation if the server rejects it
  (git-fixes).
- NFS/pNFS: Report EINVAL errors from connect() to the server
  (git-fixes).
- nfsd: fix change_info in NFSv4 RENAME replies (git-fixes).
- pNFS: Fix assignment of xprtdata.cred (git-fixes).
- NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).
- NFS: Guard against READDIR loop when entry names exceed
  MAXNAMELEN (git-fixes).
- nfs/blocklayout: Use the passed in gfp flags (git-fixes).
- NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info
  (git-fixes).
- NFSD: da_addr_body field missing in some GETDEVICEINFO replies
  (git-fixes).
- fs: lockd: avoid possible wrong NULL parameter (git-fixes).
- nfsd: Fix race to FREE_STATEID and cl_revoked (git-fixes).
- xprtrdma: Remap Receive buffers after a reconnect (git-fixes).
- NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).
- NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).
- NFSv4: Fix dropped lock for racing OPEN and delegation return
  (git-fixes).
- commit 087b1c4

- uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).
- commit 68da368

- usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).
- commit bd8b5cf

- usb: ehci: add workaround for chipidea PORTSC.PEC bug
  (git-fixes).
- commit a447793

- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
- commit 613dba7

- blacklist.conf: Add 3af5ae22030c ("ceph: make members in struct ceph_mds_request_args_ext a union")
- commit 27f4fed

- kernel-binary: Move build-time definitions together
  Move source list and build architecture to buildrequires to aid in
  future reorganization of the spec template.
- commit 30e2cef

- net: mana: Add page pool for RX buffers (bsc#1214040).
- bnx2x: new flag for track HW resource allocation (bsc#1202845
  bsc#1215322).
- commit 0f79d4d

- blacklist.conf: Ignore redundant patch
- commit 6d0ecfc

- powerpc/fadump: make is_kdump_kernel() return false when fadump
  is active (bsc#1212639 ltc#202582).
- vmcore: remove dependency with is_kdump_kernel() for exporting
  vmcore (bsc#1212639 ltc#202582).
- commit a5cc68e

- x86/srso: Fix srso_show_state() side effect (git-fixes).
- commit 619e525

- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- commit 5e42be0

- x86/srso: Don't probe microcode in a guest (git-fixes).
- commit 74b567d

- x86/srso: Set CPUID feature bits independently of bug or mitigation  status (git-fixes).
- commit c6caed4

- i915/pmu: Move execlist stats initialization to execlist
  specific setup (git-fixes).
- drm/meson: fix memory leak on ->hpd_notify callback (git-fixes).
- ASoC: SOF: core: Only call sof_ops_free() on remove if the
  probe was successful (git-fixes).
- ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes).
- ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode
  (git-fixes).
- ASoC: rt5640: Fix sleep in atomic context (git-fixes).
- ASoC: rt5640: Revert "Fix sleep in atomic context" (git-fixes).
- ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG
  (git-fixes).
- commit 0a41cf6

- platform/x86: intel_scu_ipc: Fail IPC send if still busy
  (git-fixes).
- platform/x86: intel_scu_ipc: Don't override scu in
  intel_scu_ipc_dev_simple_command() (git-fixes).
- platform/x86: intel_scu_ipc: Check status upon timeout in
  ipc_wait_for_interrupt() (git-fixes).
- platform/x86: intel_scu_ipc: Check status after timeout in
  busy_loop() (git-fixes).
- ASoC: imx-audmix: Fix return error with devm_clk_get()
  (git-fixes).
- ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates
  (git-fixes).
- ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol
  (git-fixes).
- ASoC: meson: spdifin: start hw on dai probe (git-fixes).
- ALSA: hda/realtek: Splitting the UX3402 into two separate models
  (git-fixes).
- commit 5e7ab5c

- Update
  patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch.
  (bsc#1207036 CVE-2023-23454)
  Fold downstream fixup of caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12.
- commit 6635291

- scsi: lpfc: Prevent use-after-free during rmmod with mapped
  NVMe rports (git-fixes).
- scsi: lpfc: Early return after marking final NLP_DROPPED flag
  in dev_loss_tmo (git-fixes).
- scsi: lpfc: Fix the NULL vs IS_ERR() bug for
  debugfs_create_file() (git-fixes).
- commit 39e6404

- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir()
  (git-fixes).
- scsi: qla2xxx: Use raw_smp_processor_id() instead of
  smp_processor_id() (git-fixes).
- commit 2981c3a

- fuse: nlookup missing decrement in fuse_direntplus_link
  (bsc#1215581).
- commit 7cedbed

- Drop amdgpu patch causing spamming (bsc#1215523)
  Deleted:
  patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch.
- commit 2cab595

- selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549).
- commit 34e493d

- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- commit cc9aa11

- USB: core: Change usb_get_device_descriptor() API (bsc#1213123
  CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552).
  Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk)
  Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context)
- commit 6271d90

- virtio-net: set queues after driver_ok (git-fixes).
- commit a8caba5

- vhost: handle error while adding split ranges to iotlb
  (git-fixes).
- commit 059dc93

- vhost: allow batching hint without size (git-fixes).
- commit 8c5d403

- kernel-binary: python3 is needed for build
  At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18
  Other simimlar scripts may exist.
- commit c882efa

- KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
- commit e049205

- KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues
  (git-fixes).
- commit fced801

- blacklist.conf: add b439eb8ab57855, as prereq patch is missing
- commit 7f6a95d

- vhost_vdpa: fix the crash in unmap a large memory (git-fixes).
- commit 5c68686

- iommu/virtio: Detach domain on endpoint release (git-fixes).
- commit b648ef9

- vhost-scsi: unbreak any layout for response (git-fixes).
- commit 374c9ef

- drm/virtio: Use appropriate atomic state in
  virtio_gpu_plane_cleanup_fb() (git-fixes).
- commit 491eae6

- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling
  (git-fixes).
- commit e8e33de

- virtio-net: fix race between set queues and probe (git-fixes).
- commit 1089568

- virtio_net: Fix probe failed when modprobe virtio_net
  (git-fixes).
- commit 5915735

- virtio_net: add checking sq is full inside xdp xmit (git-fixes).
- commit 87c00dd

- virtio_net: separate the logic of checking whether sq is full
  (git-fixes).
- commit 7064a0d

- virtio_net: reorder some funcs (git-fixes).
- commit 4f7fbb1

- nvme-auth: use chap->s2 to indicate bidirectional authentication
  (bsc#1214543).
- commit 41ae88c

- x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453).
- x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453).
- x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453).
- x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453).
- x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453).
- Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453).
- x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453).
- Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453).
- x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453).
- Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453).
- x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453).
- x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453).
- x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453).
- x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453).
- x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453).
- clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453).
- x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453).
- drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
- x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
- x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453).
- x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453)
- x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453).
- x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453).
- x86/coco: Export cc_vendor (bsc#1206453).
- merge HV_ISOLATION_TYPE_TDX into upstream patch file
- commit a53eaa2

- module: Expose module_init_layout_section() (git-fixes)
- commit 54615cb

- arm64: tegra: Update AHUB clock parent and rate (git-fixes)
- commit d3da4d8

- arm64: module: Use module_init_layout_section() to spot init sections (git-fixes)
- commit f80791e

- arm64: sdei: abort running SDEI handlers during crash (git-fixes)
- commit ec53ad3

- virtio: acknowledge all features before access (git-fixes).
- commit 4e146ad

- RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes)
- commit 9b7add1

- hwrng: virtio - Fix race on data_avail and actual data
  (git-fixes).
- commit 6d20bd3

- virtio-rng: make device ready before making request (git-fixes).
- commit c09ce65

- vhost: fix hung thread due to erroneous iotlb entries
  (git-fixes).
- commit cc76cf8

- arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)
- commit 89467e1

- arm64: module-plts: inline linux/moduleloader.h (git-fixes)
- commit afca04d

- hwrng: virtio - always add a pending request (git-fixes).
- commit 912363c

- hwrng: virtio - don't waste entropy (git-fixes).
- commit 4771c4e

- hwrng: virtio - don't wait on cleanup (git-fixes).
- commit e9188eb

- af_unix: Fix null-ptr-deref in unix_stream_sendpage()
  (CVE-2023-4622 bsc#1215117).
- commit a6ce336

- hwrng: virtio - add an internal buffer (git-fixes).
- commit 477109e

- net/sched: sch_hfsc: Ensure inner classes have fsc curve
  (CVE-2023-4623 bsc#1215115).
- commit 72e753f

- virtio_ring: fix avail_wrap_counter in virtqueue_add_packed
  (git-fixes).
- commit 60546dd

- net: do not allow gso_size to be set to GSO_BY_FRAGS
  (git-fixes).
- commit b96a7ad

- virtio-mmio: don't break lifecycle of vm_dev (git-fixes).
- commit 45da2ea

- KVM: SEV: remove ghcb variable declarations (CVE-2023-4155
  bsc#1214022).
- KVM: SEV: only access GHCB fields once (CVE-2023-4155
  bsc#1214022).
- KVM: SEV: snapshot the GHCB before accessing it (CVE-2023-4155
  bsc#1214022).
- commit f5b3d4d

- xen: remove a confusing comment on auto-translated guest I/O
  (git-fixes).
- commit 80c5d27

- spi: tegra210-quad: Enable TPM wait polling (bsc#1213534)
- commit 00c70ee

- spi: Add TPM HW flow flag (bsc#1213534)
- commit 754a368

- x86/PVH: avoid 32-bit build warning when obtaining VGA console
  info (git-fixes).
- commit 8d6614d

- spi: tegra210-quad: set half duplex flag (bsc#1213534)
- commit 6cc1be6

- tpm_tis_spi: Add hardware wait polling (bsc#1213534)
- commit 8e51a51

- iommu/virtio: Return size mapped for a detached domain
  (git-fixes).
- commit ac677be

- virtio-blk: set req->state to MQ_RQ_COMPLETE after polling
  I/O is finished (git-fixes).
- commit 7124cfb

- vhost: allow batching hint without size (git-fixes).
- commit 89e41c0

- Rename colliding patches before merging SLE15-SP4
- commit 6493f7c

- blacklist.conf: Append 'Revert "fbcon: Use kzalloc() in fbcon_prepare_logo()"'
- commit 501bd2e

- blacklist.conf: Append 'video/aperture: Only remove sysfb on the default vga pci device'
- commit bfaaaff

- blacklist.conf: add "x86/xen: Set MTRR state when running as Xen PV initial domain"
- commit 0acd697

- blacklist.conf: Append 'parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory()'
- commit 30a9db6

- blacklist.conf: Append 'parisc/agp: Annotate parisc agp init functions with __init'
- commit 9eb45cc

- ata: libata: disallow dev-initiated LPM transitions to
  unsupported states (git-fixes).
- i2c: aspeed: Reset the i2c controller when timeout occurs
  (git-fixes).
- selftests: tracing: Fix to unmount tracefs for recovering
  environment (git-fixes).
- drm/amd/display: fix the white screen issue when >= 64GB DRAM
  (git-fixes).
- drm: gm12u320: Fix the timeout usage for usb_bulk_msg()
  (git-fixes).
- commit 1f4e814

- btrfs: don't hold CPU for too long when defragging a file
  (bsc#1214988).
- commit 9b89645

- 9p/xen : Fix use after free bug in xen_9pfs_front_remove due
  to race condition (bsc#1215206, CVE-2023-1859).
- commit f333aa7

- netfilter: nftables: exthdr: fix 4-byte stack OOB write
  (CVE-2023-4881 bsc#1215221).
- commit 0de26c1

- sctp: leave the err path free in sctp_stream_init to
  sctp_stream_free (CVE-2023-2177 bsc#1210643).
- commit 337b7d8

- s390/ipl: add loadparm parameter to eckd ipl/reipl data
  (jsc#PED-2023).
- commit 364a30d

- s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023).
- commit cd6d27a

- s390/ipl: use octal values instead of S_* macros (jsc#PED-2023).
- commit db2ef83

- kabi: hide changes in enum ipl_type and struct sclp_info
  (jsc#PED-2023 jsc#PED-2025).
- commit b6fb6b6

- s390/ipl: add eckd dump support (jsc#PED-2025).
- commit 0961d1f

- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events
  (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows
  (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more
  descriptors (git-fixes).
- kselftest/runner.sh: Propagate SIGTERM to runner child
  (git-fixes).
- commit 495d04f

- s390/ipl: add eckd support (jsc#PED-2023).
- commit 21b5156

- Delete patches.suse/genksyms-add-override-flag.diff.
  Unncessary after KBUILD_OVERRIDE removed.
- commit 870adc7

- s390/dasd: fix command reject error on ESE devices (LTC#203630
  bsc#1215123 git-fixes).
- commit 5862ca2

- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- commit 834e1c2

- jbd2: restore t_checkpoint_io_list to maintain kABI
  (bsc#1214946).
- commit 1a1980a

- rpm/kernel-binary.spec.in: Drop use of KBUILD_OVERRIDE=1
  Genksyms has functionality to specify an override for each type in
  a symtypes reference file. This override is then used instead of an
  actual type and allows to preserve modversions (CRCs) of symbols that
  reference the type. It is kind of an alternative to doing kABI fix-ups
  with '#ifndef __GENKSYMS__'. The functionality is hidden behind the
  genksyms --preserve option which primarily tells the tool to strictly
  verify modversions against a given reference file or fail.
  Downstream patch patches.suse/genksyms-add-override-flag.diff which is
  present in various kernel-source branches separates the override logic.
  It allows it to be enabled with a new --override flag and used without
  specifying the --preserve option. Setting KBUILD_OVERRIDE=1 in the spec
  file is then a way how the build is told that --override should be
  passed to all invocations of genksyms. This was needed for SUSE kernels
  because their build doesn't use --preserve but instead resulting CRCs
  are later checked by scripts/kabi.pl.
  However, this override functionality was not utilized much in practice
  and the only use currently to be found is in SLE11-SP1-LTSS. It means
  that no one should miss this option and KBUILD_OVERRIDE=1 together with
  patches.suse/genksyms-add-override-flag.diff can be removed.
  Notes for maintainers merging this commit to their branches:
  * Downstream patch patches.suse/genksyms-add-override-flag.diff can be
  dropped after merging this commit.
  * Branch SLE11-SP1-LTSS uses the mentioned override functionality and
  this commit should not be merged to it, or needs to be reverted
  afterwards.
- commit 4aa02b8

- drm/display: Don't assume dual mode adaptors support i2c
  sub-addressing (bsc#1213808).
- commit 9c64306

- s390/dasd: fix hanging device after request requeue (git-fixes
  LTC#203629 bsc#1215124).
- commit 96b18bb

- blacklist.conf: Add ef73dcaa3121 ("powerpc: xmon: remove unused variables")
- commit 78179fa

- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
  (bsc#1065729).
- powerpc/xics: Remove unnecessary endian conversion
  (bsc#1065729).
- word-at-a-time: use the same return type for has_zero regardless
  of endianness (bsc#1065729).
- commit bde8063

- mlx4: Delete custom device management logic (bsc#1187236).
- mlx4: Connect the infiniband part to the auxiliary bus
  (bsc#1187236).
- mlx4: Connect the ethernet part to the auxiliary bus
  (bsc#1187236).
- mlx4: Register mlx4 devices to an auxiliary virtual bus
  (bsc#1187236).
- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver
  (bsc#1187236).
- mlx4: Move the bond work to the core driver (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.activate callback
  (bsc#1187236).
- mlx4: Replace the mlx4_interface.event callback with a notifier
  (bsc#1187236).
- commit 0aba257

- mlx4: Use 'void *' as the event param of mlx4_dispatch_event()
  (bsc#1187236).
- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.get_dev callback
  (bsc#1187236).
- net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
- kabi/severities: ignore mlx4 internal symbols
- tracing: Fix race issue between cpu buffer write and swap
  (git-fixes).
- tracing: Remove extra space at the end of hwlat_detector/mode
  (git-fixes).
- tracing: Remove unnecessary copying of tr->current_trace
  (git-fixes).
- bpf: Clear the probe_addr for uprobe (git-fixes).
- commit 47e9584

- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes).
- commit 74c2613

- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
- commit a8877f3

- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
- commit 670fb4d

- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
- commit 9871c87

- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes).
- commit 3949a2b

- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
- commit 4534667

- x86/sgx: Reduce delay and interference of enclave release (git-fixes).
- commit ef6d157

- x86/rtc: Remove __init for runtime functions (git-fixes).
- commit 4511d93

- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
- commit cb39678

- x86/mce: Retrieve poison range from hardware (git-fixes).
- commit c9f1ddb

- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
- commit 96d9365

- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
- commit 12a2933

- x86/resctl: fix scheduler confusion with 'current' (git-fixes).
- commit 0d855b9

- x86/purgatory: remove PGO flags (git-fixes).
- commit 9d8ada6

- x86/ioapic: Don't return 0 from arch_dynirq_lower_bound() (git-fixes).
- commit ea0772f

- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
- commit c1031f1

- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes).
- commit bbfad26

- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
- commit bf6d064

- x86/cpu: Add Lunar Lake M (git-fixes).
- commit 7ecc64d

- x86/bugs: Reset speculation control settings on init (git-fixes).
- commit 2a6dd8e

- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
- commit ac06968

- x86/alternative: Fix race in try_get_desc() (git-fixes).
- commit d841323

- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
- commit 11f0960

- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
- commit cae635f

- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
- commit 2a03ef8

- Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset"
  (git-fixes).
- PCI: Free released resource after coalescing (git-fixes).
- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
- ntb: Drop packets when qp link is down (git-fixes).
- ntb: Clean up tx tail index on link down (git-fixes).
- idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
- commit a1c9c68

- x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453).
- arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453).
- x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453).
- commit 665fc14

- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42
  codecs (git-fixes).
- arm64: csum: Fix OoB access in IP checksum code for negative
  lengths (git-fixes).
- commit f43b75b

- patches.suse/ovl-remove-privs-in-ovl_copyfile.patch:(git-fixes).
- commit daa1815

- s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (bsc#1214873
  git-fixes).
- commit b0dc76c

- nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
- nvme-tcp: delay error recovery until the next KATO interval
  (bsc#1201284).
- nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
- nvme-tcp: Do not terminate commands when in RESETTING
  (bsc#1201284).
- commit 96ee377

- s390/zcrypt: don't leak memory if dev_set_name() fails
  (git-fixes bsc#1215148).
- commit 62bce52

- drm/amd/display: enable cursor degamma for DCN3+ DRM legacy
  gamma (git-fixes).
- drm/amd/display: Remove wait while locked (git-fixes).
- drm/amd/display: Add smu write msg id fail retry process
  (git-fixes).
- drm/amd/display: register edp_backlight_control() for DCN301
  (git-fixes).
- drm/i915/gvt: Put the page reference obtained by KVM's
  gfn_to_pfn() (git-fixes).
- drm/i915/gvt: Verify pfn is "valid" before dereferencing
  "struct page" (git-fixes).
- commit 5618424

- drm/amd/display: prevent potential division by zero errors
  (git-fixes).
- drm/i915: mark requests for GuC virtual engines to avoid
  use-after-free (git-fixes).
- net: phy: micrel: Correct bit assignments for phy_device flags
  (git-fixes).
- pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
- i3c: master: svc: fix probe failure when no i3c device exist
  (git-fixes).
- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt()
  (git-fixes).
- commit 3aa0807

- blacklist.conf: kABI
- commit fe6afec

- blacklist.conf: kABI
- commit b1fabe7

- blacklist.conf: kABI
- commit c50e08f

- Input: tca6416-keypad - fix interrupt enable disbalance
  (git-fixes).
- commit de27518

- fs: do not update freeing inode i_io_list (bsc#1214813).
- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE
  (bsc#1214813).
- commit 2c1c38b

- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load
  (git-fixes).
- backlight: gpio_backlight: Drop output GPIO direction check
  for initial power state (git-fixes).
- USB: serial: option: add FOXCONN T99W368/T99W373 product
  (git-fixes).
- USB: serial: option: add Quectel EM05G variant (0x030e)
  (git-fixes).
- tcpm: Avoid soft reset when partner does not support get_status
  (git-fixes).
- usb: typec: tcpci: clear the fault status bit (git-fixes).
- ARM: pxa: remove use of symbol_get() (git-fixes).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove
  due to race condition (git-fixes).
- usb: typec: tcpci: move tcpci.h to include/linux/usb/
  (git-fixes).
- commit 72d5b0f

- blacklist.conf: add git-fix to ignore
  this one removes unused kABI functions, but
  just leave them in
- commit 8007015

- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
- commit 1ed2b1b

- blacklist.conf: 9011e49d54dc ("modules: only allow symbol_get of
  EXPORT_SYMBOL_GPL modules") is not really fixing any existing bug.
- commit 550f5fc

- Move upstreamed pinctrl patch into sorted section
- commit 38f70f2

- Update References tag
  patches.suse/Bluetooth-L2CAP-Fix-use-after-free-in-l2cap_sock_rea.patch
  (git-fixes bsc#1214233 CVE-2023-40283).
- commit 731b49d

- ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
- kconfig: fix possible buffer overflow (git-fixes).
- commit 4a140a1

- Update References
  patches.suse/Bluetooth-L2CAP-Fix-use-after-free-in-l2cap_sock_rea.patch
  (git-fixes bsc#1214233 CVE-2023-40283).
- commit 63a801c

- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- commit ac82be8

- Refresh sorted section
- commit a6fbcee

- netfilter: nf_tables: use correct lock to protect gc_list
  (CVE-2023-4563 bsc#1214727).
- netfilter: nf_tables: GC transaction race with abort path
  (CVE-2023-4563 bsc#1214727).
- netfilter: nf_tables: GC transaction race with netns dismantle
  (CVE-2023-4563 bsc#1214727).
- netfilter: nf_tables: fix GC transaction races with netns and
  netlink event exit path (CVE-2023-4563 bsc#1214727).
- netfilter: nf_tables: fix kdoc warnings after gc rework
  (CVE-2023-4563 bsc#1214727).
- refresh
  - patches.kabi/kabi-hide-changes-in-struct-nft_set.patch
- kabi: hide changes in struct nft_set (CVE-2023-4563
  bsc#1214727).
- netfilter: nf_tables: GC transaction API to avoid race with
  control plane (CVE-2023-4563 bsc#1214727).
- commit cfed41c

- quota: add new helper dquot_active() (bsc#1214998).
- commit 26cc2da

- quota: rename dquot_active() to inode_quota_active()
  (bsc#1214997).
- commit c4d7e83

- quota: factor out dquot_write_dquot() (bsc#1214995).
- commit 40e5ccd

- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
- commit 47ff352

- block/mq-deadline: use correct way to throttling write requests
  (bsc#1214993).
- commit a152c28

- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost
  (bsc#1214992).
- commit 61a6c12

- loop: Fix use-after-free issues (bsc#1214991).
- commit 761b7ce

- loop: loop_set_status_from_info() check before assignment
  (bsc#1214990).
- commit 777c353

- blk-iocost: fix divide by 0 error in calc_lcoefs()
  (bsc#1214986).
- commit bfe49ae

- "drm/vmwgfx: Remove rcu locks from user resources" (bsc#1203329 CVE-2022-40133 bsc#1203330 CVE-2022-38457)
  This patch also fixes two CVEs. Update the References tag accordingly.
- commit 552e790

- s390/ipl: add missing secure/has_secure file to ipl type
  'unknown' (bsc#1214976).
- commit 33974e8

- cpufreq: Fix the race condition while updating the
  transition_task of policy (git-fixes).
- rpmsg: glink: Add check for kstrdup (git-fixes).
- leds: turris-omnia: Drop unnecessary mutex locking (git-fixes).
- leds: trigger: tty: Do not use LED_ON/OFF constants, use
  led_blink_set_oneshot instead (git-fixes).
- leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always
  false (git-fixes).
- leds: multicolor: Use rounded division when calculating color
  components (git-fixes).
- leds: pwm: Fix error code in led_pwm_create_fwnode()
  (git-fixes).
- docs: printk-formats: Fix hex printing of signed values
  (git-fixes).
- commit 1c98d58

- scsi: qedf: Fix firmware halt over suspend and resume
  (git-fixes).
- scsi: qedi: Fix firmware halt over suspend and resume
  (git-fixes).
- scsi: snic: Fix possible memory leak if device_add() fails
  (git-fixes).
- scsi: core: Fix possible memory leak if device_add() fails
  (git-fixes).
- scsi: core: Fix legacy /proc parsing buffer overflow
  (git-fixes).
- scsi: 53c700: Check that command slot is not NULL (git-fixes).
- scsi: fnic: Replace return codes in fnic_clean_pending_aborts()
  (git-fixes).
- scsi: scsi_debug: Remove dead code (git-fixes).
- scsi: 3w-xxxx: Add error handling for initialization failure
  in tw_probe() (git-fixes).
- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
- commit f8c12c2

- cifs: Fix UAF in cifs_demultiplex_thread() (bsc#1208995
  CVE-2023-1192).
- commit 542332a

- blacklist.conf: add git-fix that breaks kabi
- commit 8b9578b

- udf: Fix uninitialized array access for some pathnames
  (bsc#1214967).
- commit 00df6f1

- udf: Fix off-by-one error when discarding preallocation
  (bsc#1214966).
- commit 03b82ad

- udf: Fix file corruption when appending just after end of
  preallocated extent (bsc#1214965).
- commit 4b5134d

- udf: Fix extension of the last extent in the file (bsc#1214964).
- commit ae72675

- quota: fix dqput() to follow the guarantees dquot_srcu should
  provide (bsc#1214963).
- commit e6fd888

- quota: fix warning in dqgrab() (bsc#1214962).
- commit e51a8ce

- quota: Properly disable quotas when add_dquot_ref() fails
  (bsc#1214961).
- commit 4d1d992

- fs: Lock moved directories (bsc#1214959).
- commit cae328c

- fs: Establish locking order for unrelated directories
  (bsc#1214958).
- commit 5f1d5b9

- ext4: Remove ext4 locking of moved directory (bsc#1214957).
- commit 37394c0

- blacklist.conf: Blacklist 69562eb0bd3e
- commit 1f4b3d5

- sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes).
- sched/fair: Fix inaccurate tally of ttwu_move_affine (git
  fixes).
- commit 4be7d48

- jbd2: correct the end of the journal recovery scan range
  (bsc#1214955).
- commit 11f4a50

- ext4: fix memory leaks in
  ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- commit 4b6c845

- jbd2: check 'jh->b_transaction' before removing it from
  checkpoint (bsc#1214953).
- commit 03f7b6f

- jbd2: fix checkpoint cleanup performance regression
  (bsc#1214952).
- commit 5a6fc81

- ext4: avoid potential data overflow in next_linear_group
  (bsc#1214951).
- commit 3e19652

- ext4: correct inline offset when handling xattrs in inode body
  (bsc#1214950).
- commit 86048c8

- jbd2: fix a race when checking checkpoint buffer busy
  (bsc#1214949).
- commit 003f040

- jbd2: Fix wrongly judgement for buffer head removing while
  doing checkpoint (bsc#1214948).
- commit 4a7cf2e

- jbd2: remove journal_clean_one_cp_list() (bsc#1214947).
- commit c697d1d

- jbd2: remove t_checkpoint_io_list (bsc#1214946).
- commit fb2b64f

- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
- commit bc0367a

- ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).
- commit bf72f09

- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
- commit a5e1fe1

- ext4: get block from bh in ext4_free_blocks for fast commit
  replay (bsc#1214942).
- commit f797e3b

- ext4: reflect error codes from ext4_multi_mount_protect()
  to its callers (bsc#1214941).
- commit eadc3e7

- USB: core: Fix oversight in SuperSpeed initialization
  (bsc#1213123 CVE-2023-37453).
- commit 6b6c148

- ext4: set goal start correctly in ext4_mb_normalize_request
  (bsc#1214940).
- commit cc90b6a

- blacklist.conf: Not a fix, relatively high risk of performance regression
- commit fd04425

- USB: core: Fix race by not overwriting udev->descriptor in
  hub_port_init() (bsc#1213123 CVE-2023-37453).
- commit a1f446d

- USB: core: Unite old scheme and new scheme descriptor reads
  (bsc#1213123 CVE-2023-37453).
- commit 9f60ef1

- Refresh
  patches.suse/0002-nvme-tcp-fix-potential-unbalanced-freeze-unfreeze.patch.
- Refresh
  patches.suse/0003-nvme-rdma-fix-potential-unbalanced-freeze-unfreeze.patch.
- commit 452e63f

- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE
  (git-fixes).
- scsi: lpfc: Modify when a node should be put in device recovery
  mode during RSCN (git-fixes).
- scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
- commit 8c191d2

- scsi: qla2xxx: Remove unused variables in
  qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
- Revert "scsi: qla2xxx: Fix buffer overrun" (bsc#1214928).
- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit()
  (bsc#1214928).
- scsi: qla2xxx: Remove unsupported ql2xenabledif option
  (bsc#1214928).
- scsi: qla2xxx: Error code did not return to upper layer
  (bsc#1214928).
- scsi: qla2xxx: Add logs for SFP temperature monitoring
  (bsc#1214928).
- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
- scsi: qla2xxx: Flush mailbox commands on chip reset
  (bsc#1214928).
- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
- commit 1dd6a86

- series: update meta data
  Move qla2xxx, lpcf, powerpc, net anc cpu patches into main section.
- commit b5aafc0

- scsi: RDMA/srp: Fix residual handling (git-fixes)
- commit 429e77b

- RDMA/efa: Fix wrong resources deallocation order (git-fixes)
- commit c7f667b

- RDMA/siw: Correct wrong debug message (git-fixes)
- commit 3732fc1

- RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes)
- commit 9281d22

- Revert "IB/isert: Fix incorrect release of isert connection" (git-fixes)
- commit 1b277c9

- RDMA/irdma: Prevent zero-length STAG registration (git-fixes)
- commit e55bab1

- IB/uverbs: Fix an potential error pointer dereference (git-fixes)
- commit 0e5f5fb

- RDMA/hns: Fix CQ and QP cache affinity (git-fixes)
- commit fee7fe7

- RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes)
- commit 988bb43

- RDMA/hns: Fix port active speed (git-fixes)
- commit f1ca0f2

- RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes)
- commit dd0f3ab

- RDMA/irdma: Replace one-element array with flexible-array member (git-fixes)
- commit e8addea

- RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes)
- commit c2623e0

- RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes)
- commit c6f50a4

- IB/hfi1: Fix possible panic during hotplug remove (git-fixes)
- commit 632a598

- RDMA/umem: Set iova in ODP flow (git-fixes)
- commit ec8b3f4

- RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes)
- commit 1ff5e5f

- bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes).
- fsi: master-ast-cf: Add MODULE_FIRMWARE macro (git-fixes).
- fsi: aspeed: Reset master errors after CFAM reset (git-fixes).
- commit 643257d

- dmaengine: ste_dma40: Add missing IRQ check in d40_probe
  (git-fixes).
- dmaengine: idxd: Modify the dependence of attribute
  pasid_enabled (git-fixes).
- phy/rockchip: inno-hdmi: do not power on rk3328 post pll on
  reg write (git-fixes).
- phy/rockchip: inno-hdmi: round fractal pixclock in rk3328
  recalc_rate (git-fixes).
- phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328
  (git-fixes).
- mtd: rawnand: fsmc: handle clk prepare error in
  fsmc_nand_resume() (git-fixes).
- mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes).
- mtd: rawnand: brcmnand: Fix potential out-of-bounds access in
  oob write (git-fixes).
- mtd: rawnand: brcmnand: Fix crash during the panic_write
  (git-fixes).
- mtd: rawnand: brcmnand: Fix potential false time out warning
  (git-fixes).
- mtd: spi-nor: Check bus width while setting QE bit (git-fixes).
- HID: wacom: remove the battery when the EKR is off (git-fixes).
- HID: logitech-dj: Fix error handling in
  logi_dj_recv_switch_to_dj_mode() (git-fixes).
- HID: multitouch: Correct devm device reference for hidinput
  input_dev name (git-fixes).
- media: i2c: rdacm21: Fix uninitialized value (git-fixes).
- media: i2c: ccs: Check rules is non-NULL (git-fixes).
- media: ov2680: Fix regulators being left enabled on
  ov2680_power_on() errors (git-fixes).
- media: ov2680: Fix ov2680_set_fmt() which ==
  V4L2_SUBDEV_FORMAT_TRY not working (git-fixes).
- media: ov2680: Add ov2680_fill_format() helper function
  (git-fixes).
- media: ov2680: Don't take the lock for try_fmt calls
  (git-fixes).
- media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes).
- media: ov2680: Fix vflip / hflip set functions (git-fixes).
- media: ov2680: Fix ov2680_bayer_order() (git-fixes).
- media: ov5640: Enable MIPI interface in ov5640_set_power_mipi()
  (git-fixes).
- media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking
  interrupts (git-fixes).
- media: venus: hfi_venus: Only consider sys_idle_indicator on V1
  (git-fixes).
- media: go7007: Remove redundant if statement (git-fixes).
- media: rkvdec: increase max supported height for H.264
  (git-fixes).
- media: cx24120: Add retval check for cx24120_message_send()
  (git-fixes).
- media: dvb-usb: m920x: Fix a potential memory leak in
  m920x_i2c_xfer() (git-fixes).
- media: dib7000p: Fix potential division by zero (git-fixes).
- drivers: usb: smsusb: fix error handling code in
  smsusb_init_device (git-fixes).
- media: v4l2-core: Fix a potential resource leak in
  v4l2_fwnode_parse_link() (git-fixes).
- media: i2c: tvp5150: check return value of devm_kasprintf()
  (git-fixes).
- media: ad5820: Drop unsupported ad5823 from i2c_ and
  of_device_id tables (git-fixes).
- fbdev: Update fbdev source file paths (git-fixes).
- amba: bus: fix refcount leak (git-fixes).
- dma-buf/sync_file: Fix docs syntax (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
  (git-fixes).
- driver core: test_async: fix an error code (git-fixes).
- Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes).
- Documentation: devices.txt: Remove ttySIOC* (git-fixes).
- Documentation: devices.txt: Remove ttyIOC* (git-fixes).
- serial: sc16is7xx: fix bug when first setting GPIO direction
  (git-fixes).
- serial: sc16is7xx: fix broken port 0 uart init (git-fixes).
- serial: tegra: handle clk prepare error in tegra_uart_hw_init()
  (git-fixes).
- serial: sprd: Fix DMA buffer leak issue (git-fixes).
- serial: sprd: Assign sprd_port after initialized to avoid
  wrong access (git-fixes).
- usb: typec: tcpm: set initial svdm version based on pd revision
  (git-fixes).
- usb: dwc3: meson-g12a: do post init to fix broken usb after
  resumption (git-fixes).
- USB: gadget: f_mass_storage: Fix unused variable warning
  (git-fixes).
- usb: phy: mxs: fix getting wrong state with
  mxs_phy_is_otg_host() (git-fixes).
- usb: chipidea: imx: improve logic if samsung,picophy-* parameter
  is 0 (git-fixes).
- platform/x86: dell-sysman: Fix reference leak (git-fixes).
- commit 729e789

- target: compare and write backend driver sense handling
  (bsc#1177719 bsc#1213026).
- Refresh patches.suse/target-rbd-support-COMPARE_AND_WRITE.patch.
- commit a2ae103

- clocksource/drivers/hyper-v: Rework clocksource and sched clock setup (bsc#1206453).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (bsc#1206453).
- PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453).
- Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453).
- clocksource: hyper-v: make sure Invariant-TSC is used if it is (bsc#1206453).
- PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453).
- Drivers: hv: Don't remap addresses that are above shared_gpa_boundary (bsc#1206453).
- hv_netvsc: Remove second mapping of send and recv buffers (bsc#1206453).
- Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453).
- Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (bsc#1206453).
- swiotlb: Remove bounce buffer remapping for Hyper-V (bsc#1206453).
- x86/hyperv: Change vTOM handling to use standard coco mechanisms (bsc#1206453).
- x86/mm: Handle decryption/re-encryption of bss_decrypted consistently (bsc#1206453).
- Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453).
- x86/hyperv: Reorder code to facilitate future work (bsc#1206453).
- x86/ioremap: Add hypervisor callback for private MMIO mapping in coco (bsc#1206453).
- x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (bsc#1206453).
- x86/tdx: Expand __tdx_hypercall() to handle more arguments (bsc#1206453).
- x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (bsc#1206453).
- x86/tdx: Add more registers to struct tdx_hypercall_args (bsc#1206453).
- x86/tdx: Fix typo in comment in __tdx_hypercall() (bsc#1206453).
- Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453).
- x86/hyperv: Add an interface to do nested hypercalls (bsc#1206453).
- Drivers: hv: Setup synic registers in case of nested root partition (bsc#1206453).
- x86/hyperv: Add support for detecting nested hypervisor (bsc#1206453).
- clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453).
- clocksource: hyper-v: Use TSC PFN getter to map vvar page (bsc#1206453).
- clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453).
- clocksource: hyper-v: Introduce a pointer to TSC page (bsc#1206453).
- x86/hyperv: Remove BUG_ON() for kmap_local_page() (bsc#1206453).
- x86/hyperv: Replace kmap() with kmap_local_page() (bsc#1206453).
- define more Hyper-V related constants (bsc#1206453).
- commit 7dd2c1c

- libbpf: Fix btf_dump's packed struct determination (bsc#1211220
  jsc#PED-3924).
- libbpf: Fix single-line struct definition output in btf_dump
  (bsc#1211220 jsc#PED-3924).
- commit 7a046db

- blacklist.conf: add git-fix to skip
- commit 47580cb

- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
- commit d711707

- libbpf: Fix BTF-to-C converter's padding logic (bsc#1211220
  jsc#PED-3924).
- selftests/bpf: Test btf dump for struct with padding only fields
  (bsc#1211220 jsc#PED-3924).
- bpftool: Print newline before '}' for struct with padding only
  fields (bsc#1211220 jsc#PED-3924).
- commit 93aeeb8

- drm/msm/dpu: fix the irq index in
  dpu_encoder_phys_wb_wait_for_commit_done (git-fixes).
- drm/mediatek: Remove freeing not dynamic allocated memory
  (git-fixes).
- drm/repaper: Reduce temporary buffer size in repaper_fb_dirty()
  (git-fixes).
- drm/amd/display: Do not set drr on pipe commit (git-fixes).
- drm/bridge: anx7625: Use common macros for HDCP capabilities
  (git-fixes).
- drm/bridge: anx7625: Use common macros for DP power sequencing
  commands (git-fixes).
- drm/mxsfb: Disable overlay plane in
  mxsfb_plane_overlay_atomic_disable() (git-fixes).
- drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers
  (git-fixes).
- commit cc8e0cf

- bus: ti-sysc: Fix cast to enum warning (git-fixes).
- commit 586e58b

- Add cherry-picked if to fbdev patch
- commit 32815f6

- ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360
  15-eu0xxx (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable
  mute LED (git-fixes).
- commit 2c05a9a

- ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes).
- commit 3ba2db1

- PCI: microchip: Remove cast between incompatible function type
  (git-fixes).
- PCI: meson: Remove cast between incompatible function type
  (git-fixes).
- PCI: microchip: Correct the DED and SEC interrupt bit offsets
  (git-fixes).
- PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes).
- wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes).
- wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes).
- PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes).
- pinctrl: cherryview: fix address_space_handler() argument
  (git-fixes).
- pinctrl: mcp23s08: check return value of devm_kasprintf()
  (git-fixes).
- ipmi_si: fix a memleak in try_smi_init() (git-fixes).
- ipmi:ssif: Fix a memory leak when scanning for an adapter
  (git-fixes).
- ipmi:ssif: Add check for kstrdup (git-fixes).
- firmware: meson_sm: fix to avoid potential NULL pointer
  dereference (git-fixes).
- firmware: cs_dsp: Fix new control name check (git-fixes).
- fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
  (git-fixes).
- PCI: acpiphp: Use pci_assign_unassigned_bridge_resources()
  only for non-root bus (git-fixes).
- PCI: acpiphp: Reassign resources on bridge if necessary
  (git-fixes).
- commit 10e5d93

- drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes).
- drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes).
- dt-bindings: clocks: imx8mp: make sai4 a dummy clock
  (git-fixes).
- dt-bindings: clock: xlnx,versal-clk: drop select:false
  (git-fixes).
- dt-bindings: crypto: ti,sa2ul: make power-domains conditional
  (git-fixes).
- drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes).
- drm/msm/mdp5: Don't leak some plane state (git-fixes).
- drm/msm: Update dev core dump to not print backwards
  (git-fixes).
- drm/etnaviv: fix dumping of active MMU context (git-fixes).
- drm/amd/pm: fix variable dereferenced issue in
  amdgpu_device_attr_create() (git-fixes).
- drm/mediatek: Fix potential memory leak if vmap() fail
  (git-fixes).
- drm/mediatek: Fix dereference before null check (git-fixes).
- drm/panel: simple: Add missing connector type and pixel format
  for AUO T215HVN01 (git-fixes).
- drm/bridge: fix -Wunused-const-variable= warning (git-fixes).
- drm/armada: Fix off-by-one error in
  armada_overlay_get_property() (git-fixes).
- drm/atomic-helper: Update reference to
  drm_crtc_force_disable_all() (git-fixes).
- drm/tegra: dpaux: Fix incorrect return value of platform_get_irq
  (git-fixes).
- fbdev: fix potential OOB read in fast_imageblit() (git-fixes).
- fbdev: Fix sys_imageblit() for arbitrary image widths
  (git-fixes).
- fbdev: Improve performance of sys_imageblit() (git-fixes).
- commit a3652b5

- docs: kernel-parameters: Refer to the correct bitmap function
  (git-fixes).
- clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src
  (git-fixes).
- clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock
  (git-fixes).
- clk: qcom: camcc-sc7180: fix async resume during probe
  (git-fixes).
- clk: imx: pll14xx: dynamically configure PLL for
  393216000/361267200Hz (git-fixes).
- clk: imx: composite-8m: fix clock pauses when set_rate would
  be a no-op (git-fixes).
- clk: imx8mp: fix sai4 clock (git-fixes).
- clk: sunxi-ng: Modify mismatched function name (git-fixes).
- drivers: clk: keystone: Fix parameter judgment in
  _of_pll_clk_init() (git-fixes).
- bus: ti-sysc: Fix build warning for 64-bit build (git-fixes).
- ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl
  (git-fixes).
- ASoC: tegra: Fix SFC conversion for few rates (git-fixes).
- ALSA: ac97: Fix possible error value of *rac97 (git-fixes).
- ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes).
- drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask
  (git-fixes).
- drm/amdgpu: avoid integer overflow warning in
  amdgpu_device_resize_fb_bar() (git-fixes).
- drm/bridge: anx7625: Drop device lock before
  drm_helper_hpd_irq_event() (git-fixes).
- drm: adv7511: Fix low refresh rate register for ADV7533/5
  (git-fixes).
- drm/ast: Fix DRAM init on AST2200 (git-fixes).
- backlight/lv5207lp: Compare against struct fb_info.device
  (git-fixes).
- backlight/gpio_backlight: Compare against struct fb_info.device
  (git-fixes).
- backlight/bd6107: Compare against struct fb_info.device
  (git-fixes).
- drm/bridge: tc358764: Fix debug print parameter order
  (git-fixes).
- audit: fix possible soft lockup in __audit_inode_child()
  (git-fixes).
- ALSA: ymfpci: Fix the missing snd_card_free() call at probe
  error (git-fixes).
- drm/amd/display: check TG is non-null before checking if enabled
  (git-fixes).
- drm/amd/display: do not wait for mpc idle if tg is disabled
  (git-fixes).
- commit 08c4f7b

- Kbuild: add -Wno-shift-negative-value where -Wextra is used
  (bsc#1214756).
- commit 8140064

- rpm/mkspec-dtb: support for nested subdirs
  Commit 724ba6751532 ("ARM: dts: Move .dts files to vendor
  sub-directories") moved the dts to nested subdirs, add a support for
  that. That is, generate a %dir entry in %files for them.
- commit 6484eda

- Update patches.kabi/lockdown-kABI-workaround-for-lockdown_reason-changes.patch
  Apply following fixup from Michal Suchánek:
  Don't reorder lockdown reason.
- commit 9382b89

- wifi: mt76: mt7921: fix non-PSC channel scan fail (git-fixes).
- commit 616c360

- wifi: mwifiex: Fix missed return in oob checks failed path
  (git-fixes).
- commit 9baf357

- nilfs2: fix WARNING in mark_buffer_dirty due to discarded
  buffer reuse (git-fixes).
- lib/test_meminit: allocate pages up to order MAX_ORDER
  (git-fixes).
- HWPOISON: offline support: fix spelling in Documentation/ABI/
  (git-fixes).
- wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes).
- wifi: ath9k: protect WMI command response buffer replacement
  with a lock (git-fixes).
- wifi: ath9k: fix races between ath9k_wmi_cmd and
  ath9k_wmi_ctrl_rx (git-fixes).
- wifi: mwifiex: avoid possible NULL skb pointer dereference
  (git-fixes).
- wifi: radiotap: fix kernel-doc notation warnings (git-fixes).
- wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color
  attribute (git-fixes).
- wifi: mwifiex: fix memory leak in mwifiex_histogram_read()
  (git-fixes).
- Bluetooth: btusb: Do not call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- Bluetooth: Fix potential use-after-free when clear keys
  (git-fixes).
- Bluetooth: Remove unused declaration amp_read_loc_info()
  (git-fixes).
- Bluetooth: nokia: fix value check in
  nokia_bluetooth_serdev_probe() (git-fixes).
- wifi: mwifiex: fix error recovery in PCIE buffer descriptor
  management (git-fixes).
- wifi: mt76: mt7915: fix power-limits while chan_switch
  (git-fixes).
- wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH
  (git-fixes).
- wifi: mt76: mt7921: do not support one stream on secondary
  antenna only (git-fixes).
- wifi: mwifiex: Fix OOB and integer underflow when rx packets
  (git-fixes).
- wifi: rtw89: debug: Fix error handling in
  rtw89_debug_priv_btc_manual_set() (git-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow
  errors also in case of OOM (git-fixes).
- hwrng: iproc-rng200 - Implement suspend and resume calls
  (git-fixes).
- crypto: caam - fix unchecked return value error (git-fixes).
- crypto: stm32 - Properly handle pm_runtime_get failing
  (git-fixes).
- hwrng: pic32 - use devm_clk_get_enabled (git-fixes).
- hwrng: nomadik - keep clock enabled while hwrng is registered
  (git-fixes).
- hwmon: (tmp513) Fix the channel number in tmp51x_is_visible()
  (git-fixes).
- spi: tegra20-sflash: fix to check return value of
  platform_get_irq() in tegra_sflash_probe() (git-fixes).
- regmap: rbtree: Use alloc_flags for memory allocations
  (git-fixes).
- commit 243ba95

- blacklist.conf: add git-fix that breaks kabi
- commit 29743c2

- scsi: qedf: Fix firmware halt over suspend and resume
  (git-fixes).
- scsi: qedi: Fix firmware halt over suspend and resume
  (git-fixes).
- scsi: snic: Fix possible memory leak if device_add() fails
  (git-fixes).
- scsi: core: Fix possible memory leak if device_add() fails
  (git-fixes).
- scsi: core: Fix legacy /proc parsing buffer overflow
  (git-fixes).
- scsi: 53c700: Check that command slot is not NULL (git-fixes).
- scsi: fnic: Replace return codes in fnic_clean_pending_aborts()
  (git-fixes).
- scsi: scsi_debug: Remove dead code (git-fixes).
- scsi: 3w-xxxx: Add error handling for initialization failure
  in tw_probe() (git-fixes).
- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
- commit f37057a

- docs/process/howto: Replace C89 with C11 (bsc#1214756).
- commit 8393e27

- Kbuild: move to -std=gnu11 (bsc#1214756).
- commit ef844c1

- blacklist.conf: kABI
- commit 382e160

- netfilter: nf_tables: deactivate catchall elements in next
  generation (bsc#1214729 CVE-2023-4569).
- commit 6289fe5

- netfilter: nf_tables: deactivate catchall elements in next
  generation (bsc#1214729 CVE-2023-4569).
- commit ab071f2

- Update metadata
- commit afac039

- netfs: fix parameter of cleanup() (bsc#1214743).
- netfs: Fix lockdep warning from taking sb_writers whilst
  holding  mmap_lock (bsc#1214742).
- commit bb32ecc

- selftests/futex: Order calls to futex_lock_pi (git-fixes).
- selftests/resctrl: Close perf value read fd on errors
  (git-fixes).
- selftests/resctrl: Unmount resctrl FS if child fails to run
  benchmark (git-fixes).
- selftests/resctrl: Don't leak buffer in fill_cache()
  (git-fixes).
- PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes).
- ACPI: x86: s2idle: Fix a logic error parsing AMD constraints
  table (git-fixes).
- selftests/harness: Actually report SKIP for signal tests
  (git-fixes).
- pstore/ram: Check start of empty przs during init (git-fixes).
- commit ad35b22

- Move upstreamed powerpc patches into sorted section
- commit 3a27181

- Move upstreamed HID patch into sorted section
- commit 85ada69

- e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738).
- commit 411ade7

- intel/e1000:fix repeated words in comments (jsc#PED-5738).
- commit 36d3f87

- intel: remove unused macros (jsc#PED-5738).
- commit 8c0592a

- e1000: Fix typos in comments (jsc#PED-5738).
- commit b74464e

- e1000: switch to napi_build_skb() (jsc#PED-5738).
- commit 8f3d353

- e1000: switch to napi_consume_skb() (jsc#PED-5738).
- commit b269f24

- tracing: Fix memleak due to race between current_tracer and
  trace (git-fixes).
- commit cd1e0a8

- tracing: Fix cpu buffers unavailable due to 'record_disabled'
  missed (git-fixes).
- commit 8e87d30

- ring-buffer: Do not swap cpu_buffer during resize process
  (git-fixes).
- commit e5ec19f

- xfs: fix sb write verify for lazysbcount (bsc#1214661).
- commit 29e65a8

- cpufreq: intel_pstate: Adjust balance_performance EPP for
  Sapphire Rapids (bsc#1214659).
- commit c3cfee9

- cpufreq: intel_pstate: Enable HWP IO boost for all servers
  (bsc#1208949 jsc#PED-6003 jsc#PED-6004).
- commit bd6042f

- cpufreq: intel_pstate: Fix scaling for hybrid-capable systems
  with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927
  jsc#PED-4929).
- commit 0340dfe

- cpufreq: intel_pstate: hybrid: Use known scaling factor for
  P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- commit 91615ae

- cpufreq: intel_pstate: Read all MSRs on the target CPU
  (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- commit 639f9f6

- cpufreq: intel_pstate: hybrid: Rework HWP calibration
  (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- Update
  patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq-initi.patch
  (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- commit 689587b

- Use the cherry-picked id for an AMDGPU patch and resort
- commit 07365e7

- tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes).
- Refresh
  patches.suse/tty-serial-fsl_lpuart-add-earlycon-for-imx8ulp-platf.patch.
- commit f34a3a2

- selftests: forwarding: tc_actions: Use ncat instead of nc
  (git-fixes).
- watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller
  Hub) (git-fixes).
- thunderbolt: Read retimer NVM authentication status prior
  tb_retimer_set_inbound_sbtx() (git-fixes).
- usb: chipidea: imx: add missing USB PHY DPDM wakeup setting
  (git-fixes).
- usb: chipidea: imx: don't request QoS for imx8ulp (git-fixes).
- usb: gadget: u_serial: Avoid spinlock recursion in
  __gs_console_push (git-fixes).
- pcmcia: rsrc_nonstatic: Fix memory leak in
  nonstatic_release_resource_db() (git-fixes).
- PCI: tegra194: Fix possible array out of bounds access
  (git-fixes).
- tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A
  (git-fixes).
- tty: serial: fsl_lpuart: make rx_watermark configurable for
  different platforms (git-fixes).
- selftests: forwarding: tc_actions: cleanup temporary files
  when test is aborted (git-fixes).
- usb: dwc3: Fix typos in gadget.c (git-fixes).
- commit 5394953

- drm/amd: flush any delayed gfxoff on suspend entry (git-fixes).
- commit d60a005

- i2c: designware: Handle invalid SMBus block data response
  length value (git-fixes).
- drm/qxl: fix UAF on handle creation (git-fixes).
- drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes).
- Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally
  (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free (git-fixes).
- media: v4l2-mem2mem: add lock to protect parameter num_rdy
  (git-fixes).
- ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB
  related warnings (git-fixes).
- drm/amdgpu: install stub fence into potential unused fence
  pointers (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion
  (git-fixes).
- HID: add quirk for 03f0:464a HP Elite Presenter Mouse
  (git-fixes).
- HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech
  G915 TKL Keyboard (git-fixes).
- PCI: s390: Fix use-after-free of PCI resources with per-function
  hotplug (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays
  (git-fixes).
- drm/amd/display: save restore hdcp state when display is
  unplugged from mst hub (git-fixes).
- iio: adc: stx104: Implement and utilize register structures
  (git-fixes).
- iio: adc: stx104: Utilize iomap interface (git-fixes).
- ARM: dts: imx6sll: fixup of operating points (git-fixes).
- commit e2faa35

- pinctrl: amd: Mask wake bits on probe again (git-fixes).
- pinctrl: amd: Revert "pinctrl: amd: disable and mask interrupts
  on probe" (git-fixes).
- commit 15b9551

- ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ
  (git-fixes).
- commit 5e59635

- clk: Fix slab-out-of-bounds error in devm_clk_release()
  (git-fixes).
- clk: Fix undefined reference to `clk_rate_exclusive_{get,put}'
  (git-fixes).
- pinctrl: renesas: rza2: Add lock around
  pinctrl_generic{{add,remove}_group,{add,remove}_function}
  (git-fixes).
- drm/vmwgfx: Fix shader stage validation (git-fixes).
- dma-buf/sw_sync: Avoid recursive lock during fence signal
  (git-fixes).
- commit 7c5f1b7

- batman-adv: Hold rtnl lock during MTU update via netlink
  (git-fixes).
- commit 8468886

- batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes).
- batman-adv: Fix TT global entry leak when client roamed back
  (git-fixes).
- batman-adv: Do not get eth header before
  batadv_check_management_packet (git-fixes).
- batman-adv: Don't increase MTU when set by user (git-fixes).
- batman-adv: Trigger events for auto adjusted MTU (git-fixes).
- commit d59057e

- drm/amd/display: disable RCO for DCN314 (git-fixes).
- commit 5dc74f0

- drm/qxl: fix UAF on handle creation (git-fixes).
- drm/amd: flush any delayed gfxoff on suspend entry (git-fixes).
- drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix
  (git-fixes).
- drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7
  (git-fixes).
- drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU
  v13.0.4/11 (git-fixes).
- drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes).
- drm/amd/display: Enable dcn314 DPP RCO (git-fixes).
- drm/amd/display: Skip DPP DTO update if root clock is gated
  (git-fixes).
- drm/amdgpu: keep irq count in amdgpu_irq_disable_all
  (git-fixes).
- drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz
  (git-fixes).
- drm/amdgpu: install stub fence into potential unused fence
  pointers (git-fixes).
- drm/amdgpu: fix memory leak in mes self test (git-fixes).
- drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (git-fixes).
- drm/amdgpu: fix calltrace warning in amddrm_buddy_fini
  (git-fixes).
- drm: rcar-du: remove R-Car H3 ES1.* workarounds (git-fixes).
- drm/stm: ltdc: fix late dereference check (git-fixes).
- drm/amd/display: Implement workaround for writing to
  OTG_PIXEL_RATE_DIV register (git-fixes).
- commit 162942a

- Move sorted nouveau patch into sorted section
- commit 5cfebfc

- smb: client: fix null auth (git-fixes).
- commit f89a725

- Update tags in
  patches.suse/md-raid5-Improve-performance-for-sequential-IO.patch.
- commit 5c3390a

- powerpc/rtas: block error injection when locked down
  (bsc#1023051).
  Refresh patches.kabi/lockdown-kABI-workaround-for-lockdown_reason-changes.patch
- powerpc/rtas: enture rtas_call is called with MMU enabled
  (bsc#1023051).
- commit e7f7145

- Input: cyttsp4_core - change del_timer_sync() to
  timer_shutdown_sync() (bsc#1213971 CVE-2023-4134).
- commit 2dfd188

- Refresh patches.suse/powerpc-rtas-Keep-MSR-RI-set-when-calling-RTAS.patch.
- commit 0cbb740

- Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428)
  It caused mysterious problem wrt NVMe.
  Better to drop and blacklist for now.
- commit 2257ff2

- powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503).
- commit af67897

- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (bsc#1213927, CVE-2023-20588).
- commit eb5704d

- x86/CPU/AMD: Do not leak quotient data after a division by 0 (bsc#1213927, CVE-2023-20588).
- commit 8b5290e

- scsi: storvsc: Fix handling of virtual Fibre Channel timeouts
  (git-fixes).
- scsi: storvsc: Limit max_sectors for virtual Fibre Channel
  devices (git-fixes).
- scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
- scsi: storvsc: Always set no_report_opcodes (git-fixes).
- commit aace9fd

- old-flavors: Drop 2.6 kernels.
  2.6 based kernels are EOL, upgrading from them is no longer suported.
- commit 7bb5087

- kunit: make kunit_test_timeout compatible with comment
  (git-fixes).
- commit e060c5b

- blacklist.conf: kABI
- commit 2db68b2

- blacklist.conf: kABI
- commit b9b490f

- blacklist.conf: specific to Clang
- commit 0d88df7

- blacklist.conf: not used in our build process
- commit 5705a43

- blacklist.conf: designed to break kABI but relevant only on big endian
- commit 3477f1d

- lib/test_meminit: destroy cache in kmem_cache_alloc_bulk()
  test (git-fixes).
- commit 0595e9f

- blacklist.conf: cleanup
- commit 8d51620

- blacklist.conf: We do not use that tool
- commit f8ec126

- docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx
  (git-fixes).
- commit d96f965

- kabi: Allow extra bugsints (bsc#1213927).
- commit fc75ce0

- Refresh patches.suse/x86-srso-add-ibpb.patch.
  CPU_IBPB_ENTRY is always on so adjust code accordingly.
- commit 0ed13bd

- Update
  patches.suse/net-vmxnet3-fix-possible-NULL-pointer-dereference-in.patch
  (bsc#1200431 bsc#1214451 CVE-2023-4459).
  Added CVE reference.
- commit 13a12f4

- net: nfc: Fix use-after-free caused by nfc_llcp_find_local
  (bsc#1213601 CVE-2023-3863).
- nfc: llcp: simplify llcp_sock_connect() error paths (bsc#1213601
  CVE-2023-3863).
- nfc: llcp: nullify llcp_sock->dev on connect() error paths
  (bsc#1213601 CVE-2023-3863).
- commit 0932a11

- kabi/severities: Ignore newly added SRSO mitigation functions
- commit 4452f05

- s390/zcrypt: fix reply buffer calculations for CCA replies
  (bsc#1213949).
- commit 26e242b

- tty: fix hang on tty device with no_room set (git-fixes).
- n_tty: Rename tail to old_tail in n_tty_read() (git-fixes).
- commit 22b52a9

- tty: n_gsm: fix the UAF caused by race condition in
  gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: Clear the error flags by writing 1
  for lpuart32 platforms (git-fixes).
- commit 2bc2940

- x86/static_call: Fix __static_call_fixup() (git-fixes).
- commit 57d4f01

- x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
- commit c2d3421

- x86/srso: Explain the untraining sequences a bit more (git-fixes).
- commit f62146e

- x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
- commit 7f39f56

- x86/cpu: Cleanup the untrain mess (git-fixes).
- commit 13632c3

- objtool/x86: Fixup frame-pointer vs rethunk (git-fixes).
- commit 522332f

- objtool: Union instruction::{call_dest,jump_table} (git-fixes).
- commit d5ea86a

- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- commit 847a96f

- xfrm: add NULL check in xfrm_update_ae_params (bsc#1213666
  CVE-2023-3772).
- commit 9e44d01

- x86/cpu: Rename original retbleed methods (git-fixes).
- commit 81c5e75

- x86/cpu: Clean up SRSO return thunk mess (git-fixes).
- commit fa0b815

- objtool/x86: Fix SRSO mess (git-fixes).
- commit 8bf5635

- x86/alternative: Make custom return thunk unconditional (git-fixes).
- commit a446ea5

- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
- commit 06974c4

- x86/cpu: Fix __x86_return_thunk symbol type (git-fixes).
- commit 086adb4

- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with  retpolines and IBT (git-fixes).
- commit 9392b3c

- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes).
- commit 99556d6

- x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
- commit af52734

- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (git-fixes).
- commit 43e1da9

- x86/srso: Fix build breakage with the LLVM linker (git-fixes).
- commit 7af6810

- powerpc/rtas_flash: allow user copy to flash block cache objects
  (bsc#1194869).
- commit 0fccbf5

- i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue
  (git-fixes).
- i2c: hisi: Only handle the interrupt of the driver's transfer
  (git-fixes).
- i2c: designware: Correct length byte validation logic
  (git-fixes).
- fbdev: mmp: fix value check in mmphw_probe() (git-fixes).
- commit 5738f62

- supported.conf: fix typos for -!optional markers
- commit a15b83f

- drm/i915/sdvo: fix panel_type initialization (git-fixes).
- commit af00eea

- ALSA: hda/realtek - Remodified 3k pull low procedure
  (git-fixes).
- ASoC: meson: axg-tdm-formatter: fix channel slot allocation
  (git-fixes).
- ASoC: lower "no backend DAIs enabled for ... Port" log severity
  (git-fixes).
- ASoC: rt5665: add missed regulator_bulk_disable (git-fixes).
- ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes).
- ALSA: hda/realtek: Switch Dell Oasis models to use SPI
  (git-fixes).
- ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes).
- ALSA: usb-audio: Add support for Mythware XA001AU capture and
  playback interfaces (git-fixes).
- mmc: wbsd: fix double mmc_free_host() in wbsd_init()
  (git-fixes).
- mmc: block: Fix in_flight[issue_type] value error (git-fixes).
- arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict
  (git-fixes).
- bus: ti-sysc: Flush posted write on enable before reset
  (git-fixes).
- arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4
  (git-fixes).
- soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes).
- net: phy: broadcom: stub c45 read/write for 54810 (git-fixes).
- selftests: mirror_gre_changes: Tighten up the TTL test match
  (git-fixes).
- net: phy: fix IRQ-based wake-on-lan over hibernate / power off
  (git-fixes).
- drm/panel: simple: Fix AUO G121EAN01 panel timings according
  to the docs (git-fixes).
- commit a48515a

- Update config files. Drop the dpt_i2o kernel module.
  For: jsc#PED-4579, CVE-2023-2007
- commit f332a85

- mkspec: Allow unsupported KMPs (bsc#1214386)
- commit 55d8b82

- libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393).
- ceph: defer stopping mdsc delayed_work (bsc#1214392).
- commit 722c601

- check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380).
  gcc7 on SLE 15 does not support this while later gcc does.
- commit 5b41c27

- s390/purgatory: disable branch profiling (git-fixes
  bsc#1214372).
- commit 28f91ce

- scsi: zfcp: Defer fc_rport blocking until after ADISC response
  (git-fixes bsc#1214371).
- commit 5ac3747

- KVM: s390: fix sthyi error handling (git-fixes bsc#1214370).
- commit 3711e45

- module: avoid allocation if module is already present and ready
  (bsc#1213921).
- commit d1f96fc

- module: move check_modinfo() early to early_mod_check()
  (bsc#1213921).
- commit f1bebb1

- module: move early sanity checks into a helper (bsc#1213921).
- commit 77019ff

- module: extract patient module check into helper (bsc#1213921).
- commit 8edb1c8

- powerpc/kexec: Fix build failure from uninitialised variable
  (bsc#1212091 ltc#199106).
- powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106).
- Refresh patches.suse/powerpc-Take-in-account-addition-CPU-node-when-build.patch
- Refresh patches.suse/powerpc-kexec_file-fix-implicit-decl-error.patch
- commit c8f4ed0

- Update
  patches.suse/net-vmxnet3-fix-possible-use-after-free-bugs-in-vmxn.patch
  (bsc#1200431 bsc#1214350 CVE-2023-4387).
  Added CVE reference.
- commit 8897012

- module: avoid allocation if module is already present and ready
  (bsc#1213921).
- commit a42ca12

- module: move check_modinfo() early to early_mod_check()
  (bsc#1213921).
- commit b97680b

- module: move early sanity checks into a helper (bsc#1213921).
- commit d4f0452

- Update config files.
  run_oldconfig.sh
- CONFIG_NVME_VERBOSE_ERRORS=y          gone with a82baa8083b
- CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13   gone with 7e152d55123
- commit 7a11d4b

- module: extract patient module check into helper (bsc#1213921).
- commit de545b1

- Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759)
- commit 63c2b4e

- net: mana: Fix MANA VF unload when hardware is unresponsive
  (git-fixes).
- iavf: fix potential races for FDIR filters (git-fixes).
- ice: Fix RDMA VSI removal during queue rebuild (git-fixes).
- qed: Fix scheduling in a tasklet while getting stats
  (git-fixes).
- i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
  (git-fixes).
- ice: Fix memory management in ice_ethtool_fdir.c (git-fixes).
- net: hns3: fix wrong bw weight of disabled tc issue (git-fixes).
- ice: Fix max_rate check while configuring TX rate limits
  (git-fixes).
- commit 66cd4bc

- powerpc/iommu: Fix iommu_table_in_use for a small default DMA
  window case (bsc#1212091 ltc#199106).
- powerpc/kernel/iommu: Add new iommu_table_in_use() helper
  (bsc#1212091 ltc#199106).
- powerpc/iommu: don't set failed sg dma_address to
  DMA_MAPPING_ERROR (bsc#1212091 ltc#199106).
- powerpc/iommu: return error code from .map_sg() ops (bsc#1212091
  ltc#199106).
- commit 63fd00c

- drm/amd/display: trigger timing sync only if TG is running
  (git-fixes).
- commit efc7084

- drm/amd/display: Retain phantom plane/stream if validation fails
  (git-fixes).
- Refresh
  patches.suse/drm-amd-display-filter-out-invalid-bits-in-pipe_fuse.patch.
- commit 7b85ac2

- drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() (git-fixes).
- drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues
  (git-fixes).
- drm/amd/pm: avoid unintentional shutdown due to temperature
  momentary fluctuation (git-fixes).
- drm/amd/pm: expose swctf threshold setting for legacy powerplay
  (git-fixes).
- drm/amd/display: limit DPIA link rate to HBR3 (git-fixes).
- drm/amd/pm/smu7: move variables to where they are used
  (git-fixes).
- drm/amd/pm: fulfill powerplay peak profiling mode shader/memory
  clock settings (git-fixes).
- drm/amd/pm: fulfill swsmu peak profiling mode shader/memory
  clock settings (git-fixes).
- drm/amd/display: trigger timing sync only if TG is running
  (git-fixes).
- drm/amd/display: fix the build when DRM_AMD_DC_DCN is not set
  (git-fixes).
- drm/amd/display: Disable phantom OTG after enable for plane
  disable (git-fixes).
- drm/amd/display: Use update plane and stream routine for DCN32x
  (git-fixes).
- commit d699896

- misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes).
- drm/nouveau/gr: enable memory loads on helper invocation on
  all channels (git-fixes).
- commit 8a7a168

- kernel-binary: Common dependencies cleanup
  Common dependencies are copied to a subpackage, there is no need for
  copying defines or build dependencies there.
- commit 254b03c

- kernel-binary: Drop code for kerntypes support
  Kerntypes was a SUSE-specific feature dropped before SLE 12.
- commit 2c37773

- ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305).
- commit 4628976

- net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs
  (git-fixes).
- commit 9c04620

- powerpc/iommu: TCEs are incorrectly manipulated with DLPAR
  add/remove of memory (bsc#1212091 ltc#199106).
- powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV
  device (bsc#1212091 ltc#199106).
- pseries/iommu/ddw: Fix kdump to work in absence of
  ibm,dma-window (bsc#1214297 ltc#197503).
- powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters
  (bsc#1212091 ltc#199106).
- powerpc: fix typos in comments (bsc#1212091 ltc#199106).
- powerpc/pseries: Add __init attribute to eligible functions
  (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: Do not try direct mapping with persistent
  memory and one window (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091
  ltc#199106).
- powerpc/pseries/iommu: Add of_node_put() before break
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is
  present (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Check if the default window in use
  before removing it (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091
  ltc#199106).
- powerpc/pseries/iommu: Rename "direct window" to "dma window"
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Make use of DDW for indirect mapping
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Find existing DDW with given property
  name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Update remove_dma_window() to accept
  property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Reorganize iommu_table_setparms*()
  with new helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_property_create() and refactor
  enable_ddw() (bsc#1212091 ltc#199106).
  Refresh patches.suse/powerps-pseries-dma-Add-support-for-2M-IOMMU-page-si.patch
- powerpc/pseries/iommu: Allow DDW windows starting at 0x00
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_list_new_entry() helper
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Replace hard-coded page shift
  (bsc#1212091 ltc#199106).
  Refresh patches.suse/powerpc-iommu-Limit-number-of-TCEs-to-512-for-H_STUF.patch
- commit 4f11eef

- powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059
  git-fixes).
- commit f722e3b

- bnx2x: fix page fault following EEH recovery (bsc#1214299).
- commit f8a9432

- target_core_rbd: fix leak and reduce kmalloc calls
  (bsc#1212873).
- target_core_rbd: fix rbd_img_request.snap_id assignment
  (bsc#1212857).
- target_core_rbd: remove snapshot existence validation code
  (bsc#1212857).
- file: reinstate f_pos locking optimization for regular files
  (bsc#1213759).
- commit 0469dd9

- net: ieee802154: at86rf230: Stop leaking skb's (git-fixes).
- commit 3d175df

- mlxsw: pci: Add shutdown method in PCI driver (git-fixes).
- commit d9c79ec

- blacklist.conf: add drivers/net/ethernet/renesas/ drivers
- commit 0c8d3f5

- sfc: fix crash when reading stats while NIC is resetting
  (git-fixes).
- commit 61c7a4c

- ice: Fix crash by keep old cfg when update TCs more than queues
  (git-fixes).
- commit 4e80ce2

- powerpc/pseries: Honour current SMT state when DLPAR onlining
  CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462
  ltc#200161 ltc#200588).
  Update config files.
- powerpc/pseries: Initialise CPU hotplug callbacks earlier
  (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Allow enabling partial SMT states via sysfs
  (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Remove topology_smt_supported() (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Store the current/max number of threads (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- commit 8bd8972

- sched/psi: use kernfs polling functions for PSI trigger polling
  (bsc#1209799).
- commit 4477665

- md/raid0: Fix performance regression for large sequential writes
  (bsc#1213916).
- md/raid0: Factor out helper for mapping and submitting a bio
  (bsc#1213916).
- commit d85264e

- drm/nouveau/disp: fix use-after-free in error handling of
  nouveau_connector_create (bsc#1214073).
- commit 4e5fad7

- ceph: don't check for quotas on MDS stray dirs (bsc#1214238).
- commit dcb3418

- iommu/dma: Fix incorrect error return on iommu deferred attach
  (git-fixes).
- Refresh patches.suse/iommu-dma-Fix-arch_sync_dma-for-map.patch.
- Refresh
  patches.suse/iommu-dma-check-config_swiotlb-more-broadly.
- commit c7a880f

- iommu/dma: return error code from iommu_dma_map_sg()
  (git-fixes).
- Refresh patches.suse/iommu-dma-Fix-arch_sync_dma-for-map.patch.
- Refresh
  patches.suse/iommu-dma-check-config_swiotlb-more-broadly.
- commit 5d989c6

- iommu/amd: Fix pci device refcount leak in ppr_notifier()
  (git-fixes).
- iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and
  ivrs_acpihid options (git-fixes).
- iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes).
- iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
  (git-fixes).
- iommu/rockchip: fix permission bits in page table entries v2
  (git-fixes).
- iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes).
- iommu/sun50i: Implement .iotlb_sync_map (git-fixes).
- iommu/sun50i: Fix flush size (git-fixes).
- iommu/sun50i: Fix R/W permission check (git-fixes).
- iommu/sun50i: Consider all fault sources for reset (git-fixes).
- iommu/sun50i: Fix reset release (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in
  dmar_dev_scope_init() (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in has_external_pci()
  (git-fixes).
- iommu/vt-d: Set SRE bit only when hardware has SRS cap
  (git-fixes).
- iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging
  entries (git-fixes).
- iommu/vt-d: Clean up si_domain in the init_dmars() error path
  (git-fixes).
- iommu/iova: Fix module config properly (git-fixes).
- iommu/omap: Fix buffer overflow in debugfs (git-fixes).
- iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT
  device to identity (git-fixes).
- iommu/vt-d: Check correct capability for sagaw determination
  (git-fixes).
- iommu/vt-d: Correctly calculate sagaw value of IOMMU
  (git-fixes).
- iommu/vt-d: Fix kdump kernels boot failure with scalable mode
  (git-fixes).
- iommu/amd: use full 64-bit value in build_completion_wait()
  (git-fixes).
- iommu/amd: Fix compile warning in init code (git-fixes).
- iommu/amd: Add PCI segment support for ivrs_ commands
  (git-fixes).
- iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up
  to 35bit (git-fixes).
- iommu/dma: Fix iova map result check bug (git-fixes).
- iommu/arm-smmu-v3: check return value after calling
  platform_get_resource() (git-fixes).
- iommu/arm-smmu: fix possible null-ptr-deref in
  arm_smmu_device_probe() (git-fixes).
- iommu/vt-d: Add RPLS to quirk list to skip TE disabling
  (git-fixes).
- iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes).
- iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes).
- commit b73aa3b

- iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN (git-fixes).
- iommu/amd: Do not identity map v2 capable device when snp is
  enabled (git-fixes).
- iommu/s390: Fix duplicate domain attachments (git-fixes).
- iommu/mediatek: Validate number of phandles associated with
  "mediatek,larbs" (git-fixes).
- iommu/mediatek: Add error path for loop of mm_dts_parse
  (git-fixes).
- iommu/mediatek: Use component_match_add (git-fixes).
- iommu/mediatek: Add platform_device_put for recovering the
  device refcnt (git-fixes).
- iommu/mediatek: Check return value after calling
  platform_get_resource() (git-fixes).
- commit 7224acf

- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback
  support (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops
  callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops
  callback (bsc#1212423).
- commit c0cd652

- nvme-rdma: fix potential unbalanced freeze & unfreeze
  (bsc#1208902).
- nvme-tcp: fix potential unbalanced freeze & unfreeze
  (bsc#1208902).
- commit 2d8bf94

- x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes).
- commit 64aa9ec

- x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes).
- commit b1259cb

- blacklist.conf: Blacklist useless doc patch
- commit be8f79d

- x86/speculation: Add cpu_show_gds() prototype (git-fixes).
- commit edd5557

- fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes).
- commit ae6500e

- iio: cros_ec: Fix the allocation size for cros_ec_command
  (git-fixes).
- iio: adc: ina2xx: avoid NULL pointer dereference on OF device
  match (git-fixes).
- usb: dwc3: Properly handle processing of pending events
  (git-fixes).
- usb-storage: alauda: Fix uninit-value in alauda_check_media()
  (git-fixes).
- usb: common: usb-conn-gpio: Prevent bailing out if initial
  role is none (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd when configuring
  pin assignment (git-fixes).
- usb: typec: tcpm: Fix response to vsafe0V event (git-fixes).
- commit d86b205

- netfilter: KABI workaround for CVE-2023-3610 bsc#1213580
  (git-fixes).
- commit b3532ef

- netfilter: nf_tables: fix chain binding transaction logic
  (bsc#1213580 CVE-2023-3610).
- commit e6eb926

- Refresh
  patches.suse/powerpc-pseries-vas-Hold-mmap_mutex-after-mmap-lock-.patch.
- commit 60482d4

- netfilter: KABI workaround for CVE-2023-3610 bsc#1213580
  (git-fixes).
- commit ecae123

- netfilter: nf_tables: fix chain binding transaction logic
  (bsc#1213580 CVE-2023-3610).
- commit 12da4f7

- drm/amd: Disable S/G for APUs when 64GB or more host memory
  (git-fixes).
- drm/amdgpu: add S/G display parameter (git-fixes).
- commit 5f61fab

- drm/amdgpu: Remove unnecessary domain argument (git-fixes).
- commit d154fc5

- drm/amd/display: Ensure that planes are in the same order
  (git-fixes).
- drm/amdgpu: add vram reservation based on
  vram_usagebyfirmware_v2_2 (git-fixes).
- commit f3e97e4

- hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for
  pfe1100 (git-fixes).
- nilfs2: fix use-after-free of nilfs_root in dirtying inodes
  via iput (git-fixes).
- drm/amd/display: check attr flag before set cursor degamma on
  DCN3+ (git-fixes).
- drm/shmem-helper: Reset vma->vm_ops before calling
  dma_buf_mmap() (git-fixes).
- drm/rockchip: Don't spam logs in atomic check (git-fixes).
- drm/nouveau/disp: Revert a NULL check inside
  nouveau_connector_get_modes (git-fixes).
- arm64: dts: imx8mn-var-som: add missing pull-up for onboard
  PHY reset pinmux (git-fixes).
- soundwire: fix enumeration completion (git-fixes).
- net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
  (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
  (git-fixes).
- selftests/rseq: check if libc rseq support is registered
  (git-fixes).
- soundwire: bus: pm_runtime_request_resume on peripheral
  attachment (git-fixes).
- commit 1f8ce0d

- net/sched: cls_route: No longer copy tcf_result on update  to
  avoid use-after-free (bsc#1214149 CVE-2023-4128).
- net/sched: cls_fw: No longer copy tcf_result on update to
  avoid use-after-free (bsc#1214149 CVE-2023-4128).
- net/sched: cls_u32: No longer copy tcf_result on update  to
  avoid use-after-free (bsc#1214149 CVE-2023-4128).
- commit 9904c3b

- ceph: never send metrics if disable_send_metrics is set
  (bsc#1214180).
- commit 32f3ae7

- wifi: cfg80211: fix sband iftype data lookup for AP_VLAN
  (git-fixes).
- selftests: forwarding: tc_flower: Relax success criterion
  (git-fixes).
- selftests: forwarding: ethtool_extended_state: Skip when using
  veth pairs (git-fixes).
- selftests: forwarding: ethtool: Skip when using veth pairs
  (git-fixes).
- selftests: forwarding: Add a helper to skip test when using
  veth pairs (git-fixes).
- selftests: forwarding: Switch off timeout (git-fixes).
- selftests: forwarding: Skip test when no interfaces are
  specified (git-fixes).
- net: phy: at803x: remove set/get wol callbacks for AR8032
  (git-fixes).
- dmaengine: pl330: Return DMA_PAUSED when transaction is paused
  (git-fixes).
- dmaengine: mcf-edma: Fix a potential un-allocated memory access
  (git-fixes).
- commit b70a6bf

- blacklist.conf: Blacklist useless doc fix
- commit 685dbed

- exfat: check if filename entries exceeds max filename length
  (bsc#1214120 CVE-2023-4273).
- commit b7e68de

- x86/srso: Fix return thunks in generated code (git-fixes).
- commit b4d125e

- Refresh patches.suse/kvm-add-gds_no-support-to-kvm.patch.
- Refresh
  patches.suse/x86-speculation-add-force-option-to-gds-mitigation.patch.
- Refresh
  patches.suse/x86-speculation-add-gather-data-sampling-mitigation.patch.
- Refresh
  patches.suse/x86-speculation-add-kconfig-option-for-gds.patch.
- Refresh
  patches.suse/x86-srso-add-a-speculative-ras-overflow-mitigation.patch.
- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
  Sort latest set of security vulnerabilities according to upstream order.
- commit 4a12398

- tracing/histograms: Return an error if we fail to add histogram
  to hist_vars list (git-fixes).
- commit d08da8a

- Drop cfg80211 lock fix patches that caused a regression (bsc#1213757)
  Deleted:
  patches.suse/wifi-cfg80211-fix-locking-in-regulatory-disconnect.patch
  patches.suse/wifi-cfg80211-fix-locking-in-sched-scan-stop-work.patch
- commit f824698

- netfilter: nf_tables: disallow rule addition to bound chain
  via NFTA_RULE_CHAIN_ID (CVE-2023-4147 bsc#1213968).
- commit c0bb265

- cxgb4: fix use after free bugs caused by circular dependency
  problem (bsc#1213970 CVE-2023-4133).
- timers: Provide timer_shutdown[_sync]() (bsc#1213970).
- timers: Add shutdown mechanism to the internal functions
  (bsc#1213970).
- timers: Split [try_to_]del_timer[_sync]() to prepare for
  shutdown mode (bsc#1213970).
- timers: Silently ignore timers with a NULL function
  (bsc#1213970).
- timers: Rename del_timer() to timer_delete() (bsc#1213970).
- timers: Rename del_timer_sync() to timer_delete_sync()
  (bsc#1213970).
- timers: Use del_timer_sync() even on UP (bsc#1213970).
- timers: Update kernel-doc for various functions (bsc#1213970).
- timers: Replace BUG_ON()s (bsc#1213970).
- clocksource/drivers/sp804: Do not use timer namespace for
  timer_shutdown() function (bsc#1213970).
- clocksource/drivers/arm_arch_timer: Do not use timer namespace
  for timer_shutdown() function (bsc#1213970).
- ARM: spear: Do not use timer namespace for timer_shutdown()
  function (bsc#1213970).
- commit 0322b50

- xen/netback: Fix buffer overrun triggered by unusual packet
  (CVE-2023-34319, XSA-432, bsc#1213546).
- commit 6591b03

- x86/srso: Tie SBPB bit setting to microcode patch detection (bsc#1213287, CVE-2023-20569).
- commit 90a74a8

- ubifs: Fix memleak when insert_old_idx() failed (git-fixes).
- commit 2837d15

- jffs2: correct logic when creating a hole in jffs2_write_begin
  (git-fixes).
- commit f413344

- mmc: moxart: read scr register without changing byte order
  (git-fixes).
- commit 12e8704

- cifs: update internal module version number for cifs.ko
  (bsc#1193629).
- commit ade2a6e

- smb: client: fix dfs link mount against w2k8 (bsc#1212142).
- commit 2f90082

- cifs: add missing return value check for cifs_sb_tlink
  (bsc#1193629).
- commit a08c7b4

- smb3: do not set NTLMSSP_VERSION flag for negotiate not auth
  request (bsc#1193629).
- commit 1b17674

- cifs: allow dumping keys for directories too (bsc#1193629).
- commit e7fda39

- cifs: fix mid leak during reconnection after timeout threshold
  (git-fixes).
- commit 30d4c82

- cifs: is_network_name_deleted should return a bool
  (bsc#1193629).
- commit 85c6bb9

- smb: client: Fix -Wstringop-overflow issues (bsc#1193629).
- commit 37f3408

- cifs: if deferred close is disabled then close files immediately
  (git-fixes).
- commit 1cd51c4

- SMB3: Do not send lease break acknowledgment if all file
  handles have been closed (git-fixes).
- commit 68ee604

- fprobe: add unlock to match a succeeded
  ftrace_test_recursion_trylock (git-fixes).
- commit adbdcc7

- fprobe: Release rethook after the ftrace_ops is unregistered
  (git-fixes).
- commit 3548d7c

- net: tun_chr_open(): set sk_uid from current_fsuid()
  (CVE-2023-4194 bsc#1214019).
- commit b6c8070

- net: tap_open(): set sk_uid from current_fsuid() (CVE-2023-4194
  bsc#1214019).
- commit d59e993

- tracing/probes: Fix to avoid double count of the string length
  on the array (git-fixes).
- commit 24b5022

- blacklist.conf: add tracing patches implementing new functionality
- commit 1e7f3cf

- tracing/probes: Fix to record 0-length data_loc in
  fetch_store_string*() if fails (git-fixes).
- commit c96ae0e

- Revert "tracing: Add "(fault)" name injection to kernel probes"
  (git-fixes).
- commit 658fc31

- bpf: Disable preemption in bpf_event_output (git-fixes).
- commit 21194b8

- tracing: Fix warning in trace_buffered_event_disable()
  (git-fixes).
- commit 9a84de4

- ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes).
- commit 9c2f42a

- tracing/probes: Fix to update dynamic data counter if fetcharg
  uses it (git-fixes).
- commit a5e8186

- tracing/probes: Fix not to count error code to total length
  (git-fixes).
- commit 1fa72f4

- tracing: Fix memory leak of iter->temp when reading trace_pipe
  (git-fixes).
- commit 6f343ba

- tracing/histograms: Add histograms to hist_vars if they have
  referenced variables (git-fixes).
- commit 17940e8

- ftrace: Fix possible warning on checking all pages used in
  ftrace_process_locs() (git-fixes).
- commit 825cbd9

- ring-buffer: Fix deadloop issue on reading trace_pipe
  (git-fixes).
- commit fc2b8fe

- tracing: Fix null pointer dereference in tracing_err_log_open()
  (git-fixes).
- commit 498fa96

- README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer.
- commit 3b7c83a

- nfsd: Remove incorrect check in nfsd4_validate_stateid
  (git-fixes).
- commit 2cc1911

- blacklist.conf: add a cleanup
- commit 976e622

- drm/i915: Fix premature release of request's reusable memory
  (git-fixes).
- commit a19a4b2

- mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op()
  (git-fixes).
- mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts
  (git-fixes).
- mtd: rawnand: rockchip: fix oobfree offset and description
  (git-fixes).
- mtd: rawnand: omap_elm: Fix incorrect type in assignment
  (git-fixes).
- mtd: spinand: toshiba: Fix ecc_get_status (git-fixes).
- drm/ttm: check null pointer before accessing when swapping
  (git-fixes).
- commit 6d64757

- exfat: release s_lock before calling dir_emit() (bsc#1214000).
- exfat: fix unexpected EOF while reading dir (bsc#1214000).
- exfat_iterate(): don't open-code file_inode(file) (bsc#1214000).
- commit 00dff49

- blacklist.conf: Add 3b8abb323953 mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required()
- commit 3ae175c

- blacklist.conf: Add 9ec272c586b0 watchdog/hardlockup: keep kernel.nmi_watchdog sysctl as 0444 if probe fails
- commit ff37424

- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
  Handle the newly added SBPB feature correctly when run in hypervisor
  context and interept an MSR write.
- commit ef9889a

- Update config files.
  We want SRSO mitigation on by default
- commit acc813b

- net: stmmac: tegra: Properly allocate clock bulk data (bsc#1213733)
- commit f38b73b

- netfs: Fix missing xas_retry() calls in xarray iteration
  (bsc#1213946 bsc#1214404).
- netfs: Fix missing xas_retry() calls in xarray iteration
  (bsc#1213946).
- commit e7bc55c

- wifi: cfg80211: Fix return value in scan logic (git-fixes).
- wifi: mt76: mt7615: do not advertise 5 GHz on first phy of
  MT7615D (DBDC) (git-fixes).
- USB: zaurus: Add ID for A-300/B-500/C-700 (git-fixes).
- firmware: arm_scmi: Drop OF node reference in the transport
  channel setup (git-fixes).
- USB: gadget: Fix the memory leak in raw_gadget driver
  (git-fixes).
- USB: quirks: add quirk for Focusrite Scarlett (git-fixes).
- usb: ohci-at91: Fix the unhandle interrupt when resume
  (git-fixes).
- USB: serial: simple: sort driver entries (git-fixes).
- USB: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes).
- USB: serial: option: add Quectel EC200A module support
  (git-fixes).
- USB: serial: option: support Quectel EM060K_128 (git-fixes).
- phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes).
- phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during
  runtime suspend (git-fixes).
- gpio: mvebu: fix irq domain leak (git-fixes).
- gpio: mvebu: Make use of devm_pwmchip_add (git-fixes).
- gpio: tps68470: Make tps68470_gpio_output() always set the
  initial value (git-fixes).
- drm/ttm: never consider pinned BOs for eviction&swap
  (git-fixes).
- i2c: nomadik: Remove a useless call in the remove function
  (git-fixes).
- pwm: meson: fix handling of period/duty if greater than UINT_MAX
  (git-fixes).
- i2c: nomadik: Use devm_clk_get_enabled() (git-fixes).
- i2c: nomadik: Remove unnecessary goto label (git-fixes).
- i2c: Improve size determinations (git-fixes).
- i2c: Delete error messages for failed memory allocations
  (git-fixes).
- PCI: rockchip: Remove writes to unused registers (git-fixes).
- PCI/ASPM: Avoid link retraining race (git-fixes).
- PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes).
- PCI/ASPM: Return 0 or -ETIMEDOUT from  pcie_retrain_link()
  (git-fixes).
- phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc
  (git-fixes).
- ACPI: processor: perflib: Avoid updating frequency QoS
  unnecessarily (git-fixes).
- ACPI: processor: perflib: Use the "no limit" frequency QoS
  (git-fixes).
- pwm: Add a stub for devm_pwmchip_add() (git-fixes).
- phy: qcom-snps: Use dev_err_probe() to simplify code
  (git-fixes).
- pwm: meson: Simplify duplicated per-channel tracking
  (git-fixes).
- commit f6445d7

- Input: exc3000 - properly stop timer on shutdown (git-fixes).
- commit 0eb1518

- Input: iqs269a - do not poll during ATI (git-fixes).
- commit 5bdf465

- Input: iqs269a - do not poll during suspend or resume
  (git-fixes).
- commit 467fdbf

- Input: i8042 - add Clevo PCX0DX to i8042 quirk table
  (git-fixes).
- commit 0922201

- relayfs: fix out-of-bounds access in relay_file_read
  (bsc#1212502 CVE-2023-3268).
- commit 9c2a6e6

- can: af_can: fix NULL pointer dereference in can_rcv_filter
  (bsc#1210627 CVE-2023-2166).
- commit e89fee8

- can: af_can: fix NULL pointer dereference in can_rcv_filter
  (bsc#1210627 CVE-2023-2166).
- commit 95374ce

- s390: introduce nospec_uses_trampoline() (git-fixes
  bsc#1213870).
- commit c2ccf75

- s390/dasd: print copy pair message only for the correct error
  (git-fixes bsc#1213872).
- commit a5594a2

- s390/ipl: add missing intersection check to ipl_report handling
  (git-fixes bsc#1213871).
- commit 8806556

- Move upstreamed sound patch into sorted sectoin
- commit 8a29738

- iavf: check for removal state before IAVF_FLAG_PF_COMMS_FAILED
  (git-fixes).
- iavf: fix potential deadlock on allocation failure (git-fixes).
- ice: Fix memory management in ice_ethtool_fdir.c (git-fixes).
- iavf: fix reset task race with iavf_remove() (git-fixes).
- iavf: fix a deadlock caused by rtnl and driver's lock circular
  dependencies (git-fixes).
- Revert "iavf: Do not restart Tx queues after reset task failure"
  (git-fixes).
- Revert "iavf: Detach device during reset task" (git-fixes).
- iavf: Wait for reset in callbacks which trigger it (git-fixes).
- ice: Fix max_rate check while configuring TX rate limits
  (git-fixes).
- net/mlx5e: Check for NOT_READY flag state after locking
  (git-fixes).
- net/mlx5e: fix memory leak in mlx5e_ptp_open (git-fixes).
- net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create
  (git-fixes).
- net/mlx5e: fix double free in mlx5e_destroy_flow_table
  (git-fixes).
- sfc: fix crash when reading stats while NIC is resetting
  (git-fixes).
- ice: handle extts in the miscellaneous interrupt thread
  (git-fixes).
- net/mlx5: DR, Support SW created encap actions for FW table
  (git-fixes).
- net/mlx5e: xsk: Set napi_id to support busy polling on XSK RQ
  (git-fixes).
- net/mlx5e: XDP, Allow growing tail for XDP multi buffer
  (git-fixes).
- sfc: use budget for TX completions (git-fixes).
- sfc: fix XDP queues mode with legacy IRQ (git-fixes).
- iavf: Move netdev_update_features() into watchdog task
  (git-fixes).
- commit 79a5c42

- blacklist.conf: has non-trivial dependencies
- commit 0c7dbe0

- s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870).
- commit 66f8c8e

- KVM: s390: pv: fix index value of replaced ASCE (git-fixes
  bsc#1213867).
- commit e789a10

- s390/decompressor: specify __decompress() buf len to avoid
  overflow (git-fixes bsc#1213863).
- commit 59015c6

- libceph: harden msgr2.1 frame segment length checks
  (bsc#1213857).
- ceph: don't let check_caps skip sending responses for revoke
  msgs (bsc#1213856).
- commit 9052bbe

- KVM: arm64: Warn if accessing timer pending state outside of vcpu (bsc#1213620)
- commit 222f2a2

- Update config files: set CONFIG_GDS_FORCE_MITIGATION=n
- commit f04be94

- bpf: add missing header file include (bsc#1211738
  CVE-2023-0459).
- commit 1ccaaad

- Drop the recent USB gadget fix patches
  The recent USB gadget fix patches look dubious and likely leading to
  locking problem.  Drop them for now until we get the proper backports
  Deleted:
  patches.suse/usb-gadget-core-remove-unbalanced-mutex_unlock-in-us.patch
  patches.suse/usb-gadget-udc-core-Offload-usb_udc_vbus_handler-pro.patch
  patches.suse/usb-gadget-udc-core-Prevent-soft_connect_store-race.patch
- commit d9bbe1b

- block: Fix a source code comment in
  include/uapi/linux/blkzoned.h (git-fixes).
- commit 8349665

- blacklist.conf: cleanup
- commit fb32f77

- blacklist.conf: cleanup
- commit 4a72f90

- scftorture: Count reschedule IPIs (git-fixes).
- commit e88bc8d

- Revert "Drop AMDGPU patches for fixing regression (bsc#1213304,bsc#1213777)"
  SLE15-SP5 branch works as is, hence revive the dropped patches again.
- commit b4b1978

- netfilter: nft_set_pipapo: fix improper element removal
  (bsc#1213812 CVE-2023-4004).
- commit 4902a99

- Update
  patches.suse/RDMA-mthca-Fix-crash-when-polling-CQ-for-shared-QPs.patch
  (git-fixes bsc#1212604).
  Added bug reference.
- commit 391a3ba

- igc: Fix Kernel Panic during ndo_tx_timeout callback
  (git-fixes).
- iavf: use internal state to free traffic IRQs (git-fixes).
- iavf: Fix out-of-bounds when setting channels on remove
  (git-fixes).
- iavf: Fix use-after-free in free_netdev (git-fixes).
- igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes).
- net: ena: fix shift-out-of-bounds in exponential backoff
  (git-fixes).
- igc: Fix inserting of empty frame for launchtime (git-fixes).
- igc: Fix launchtime before start of cycle (git-fixes).
- octeontx2-pf: Add additional check for MCAM rules (git-fixes).
- gve: unify driver name usage (git-fixes).
- octeontx2-af: Move validation of ptp pointer before its usage
  (git-fixes).
- igc: Handle PPS start time programming for past time values
  (git-fixes).
- igc: set TP bit in 'supported' and 'advertising' fields of
  ethtool_link_ksettings (git-fixes).
- igc: Remove delay during TX ring configuration (git-fixes).
- gve: Set default duplex configuration to full (git-fixes).
- octeontx-af: fix hardware timestamp configuration (git-fixes).
- igc: Work around HW bug causing missing timestamps (git-fixes).
- igc: Check if hardware TX timestamping is enabled earlier
  (git-fixes).
- igc: Fix race condition in PTP tx code (git-fixes).
- igc: Enable and fix RX hash usage by netstack (git-fixes).
- commit a695c8c

- s390/dasd: fix hanging device after quiesce/resume (git-fixes
  bsc#1213810).
- commit dfb76f0

- Drop AMDGPU patches for fixing regression (bsc#1213304,bsc#1213777)
  Deleted:
  patches.suse/drm-amd-display-Add-wrapper-to-call-planes-and-strea.patch
  patches.suse/drm-amd-display-Use-dc_update_planes_and_stream.patch
  Refreshed:
  patches.suse/drm-amd-display-fix-the-system-hang-while-disable-PS.patch
- commit b04dd6d

- usb: typec: Use sysfs_emit_at when concatenating the string
  (git-fixes).
- usb: typec: Iterate pds array when showing the pd list
  (git-fixes).
- usb: typec: Set port->pd before adding device for typec_port
  (git-fixes).
- commit 4e8be6b

- m ALSA: usb-audio: Add quirk for Tascam Model 12 (git-fixes).
- Refresh
  patches.suse/ALSA-usb-audio-Update-for-native-DSD-support-quirks.patch.
- commit 99c6344

- usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy
  (git-fixes).
- Revert "usb: gadget: tegra-xudc: Fix error check in
  tegra_xudc_powerdomain_init()" (git-fixes).
- Revert "usb: xhci: tegra: Fix error check" (git-fixes).
- usb: gadget: core: remove unbalanced mutex_unlock in
  usb_gadget_activate (git-fixes).
- Revert "usb: dwc3: core: Enable AutoRetry feature in the
  controller" (git-fixes).
- Revert "xhci: add quirk for host controllers that don't update
  endpoint DCS" (git-fixes).
- usb: xhci-mtk: set the dma max_seg_size (git-fixes).
- usb: dwc3: don't reset device side if dwc3 was configured as
  host-only (git-fixes).
- serial: sifive: Fix sifive_serial_console_setup() section
  (git-fixes).
- Documentation: devices.txt: reconcile serial/ucc_uart minor
  numers (git-fixes).
- tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes).
- staging: ks7010: potential buffer overflow in
  ks_wlan_set_encode_ext() (git-fixes).
- staging: r8712: Fix memory leak in _r8712_init_xmit_priv()
  (git-fixes).
- Revert "debugfs, coccinelle: check for obsolete
  DEFINE_SIMPLE_ATTRIBUTE() usage" (git-fixes).
- commit 68f52c9

- ipv6: rpl: Fix Route of Death (CVE-2023-2156 bsc#1211131).
- commit c2f8329

- RDMA/irdma: Report correct WC error (git-fixes)
- commit bbd2277

- RDMA/irdma: Fix op_type reporting in CQEs (git-fixes)
- commit 9cf2e90

- RDMA/bnxt_re: Fix hang during driver unload (git-fixes)
- commit 88338bc

- RDMA/bnxt_re: Prevent handling any completions after qp destroy (git-fixes)
- commit cea614e

- RDMA/mthca: Fix crash when polling CQ for shared QPs (git-fixes)
- commit 9675e7a

- RDMA/core: Update CMA destination address on rdma_resolve_addr (git-fixes)
- commit 2321b3b

- RDMA/irdma: Fix data race on CQP request done (git-fixes)
- commit ea2e3ca

- RDMA/irdma: Fix data race on CQP completion stats (git-fixes)
- commit 0780ef4

- RDMA/irdma: Add missing read barriers (git-fixes)
- commit 495eb3b

- RDMA/mlx4: Make check for invalid flags stricter (git-fixes)
- commit 67b00ed

- ALSA: usb-audio: Rate limit usb_set_interface error reporting
  (git-fixes).
- ALSA: usb-audio: Add FIXED_RATE quirk for JBL Quantum610
  Wireless (git-fixes).
- ALSA: usb-audio: Fix possible NULL pointer dereference in
  snd_usb_pcm_has_fixed_rate() (git-fixes).
- ALSA: usb-audio: Always initialize fixed_rate in
  snd_usb_find_implicit_fb_sync_format() (git-fixes).
- Revert "ALSA: usb-audio: Drop superfluous interface setup at
  parsing" (git-fixes).
- ALSA: usb-audio: More refactoring of hw constraint rules
  (git-fixes).
- ALSA: usb-audio: Add new quirk FIXED_RATE for JBL Quantum810
  Wireless (git-fixes).
- commit b55a442

- ALSA: usb-audio: Workaround for XRUN at prepare (git-fixes).
- Refresh
  patches.suse/ALSA-usb-audio-Fix-broken-resume-due-to-UAC3-power-s.patch.
- commit 9074d7a

- ALSA: usb-audio: Avoid superfluous endpoint setup (git-fixes).
- ALSA: usb-audio: Correct the return code from
  snd_usb_endpoint_set_params() (git-fixes).
- ALSA: usb-audio: Apply mutex around
  snd_usb_endpoint_set_params() (git-fixes).
- ALSA: usb-audio: Avoid unnecessary interface change at EP close
  (git-fixes).
- ALSA: usb-audio: Properly refcounting clock rate (git-fixes).
- commit 0041e9b

- ALSA: usb-audio: Split endpoint setups for hw_params and prepare
  (take#2) (git-fixes).
- Refresh
  patches.suse/ALSA-usb-audio-Fix-broken-resume-due-to-UAC3-power-s.patch.
- commit 0822cdf

- ALSA: usb-audio: Clear fixed clock rate at closing EP
  (git-fixes).
- commit 5be6bf5

- ALSA: usb-audio: Drop superfluous interface setup at parsing
  (git-fixes).
- ALSA: usb-audio: Use atomic_try_cmpxchg in ep_state_update
  (git-fixes).
- ALSA: usb-audio: Fix wrong kfree issue in
  snd_usb_endpoint_free_all (git-fixes).
- ALSA: usb-audio: Refcount multiple accesses on the single clock
  (git-fixes).
- commit a3859e4

- amd-pstate: Fix amd_pstate mode switch (git-fixes).
- Refresh
  patches.suse/cpufreq-amd-pstate-Add-guided-mode-control-support-v.patch.
- commit f595cdb

- ALSA: usb-audio: Update for native DSD support quirks
  (git-fixes).
- commit 43f1612

- ACPI/IORT: Remove erroneous id_count check in
  iort_node_get_rmr_info() (git-fixes).
- drm/amd/display: Unlock on error path in
  dm_handle_mst_sideband_msg_ready_event() (git-fixes).
- drm/amd: Fix an error handling mistake in psp_sw_init()
  (git-fixes).
- drm/i915: Fix an error handling path in igt_write_huge()
  (git-fixes).
- drm/i915/dpt: Use shmem for dpt objects (git-fixes).
- commit 38b2687

- ASoC: atmel: Fix the 8K sample parameter in I2SC master
  (git-fixes).
- ASoC: rt711-sdca: fix for JD event handling in ClockStop Mode0
  (git-fixes).
- ASoC: rt711: fix for JD event handling in ClockStop Mode0
  (git-fixes).
- ASoc: codecs: ES8316: Fix DMIC config (git-fixes).
- ASoC: rt5682-sdw: fix for JD event handling in ClockStop Mode0
  (git-fixes).
- ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
  (git-fixes).
- ASoC: da7219: Check for failure reading AAD IRQ events
  (git-fixes).
- ASoC: da7219: Flush pending AAD IRQ when suspending (git-fixes).
- ALSA: hda/realtek: Support ASUS G713PV laptop (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP 250 G8 (git-fixes).
- commit e160036

- ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
- serial: qcom-geni: drop bogus runtime pm state update
  (git-fixes).
- hwmon: (k10temp) Enable AMD3255 Proc to show negative
  temperature (git-fixes).
- hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1
  disabled (git-fixes).
- tpm_tis: Explicitly check for error code (git-fixes).
- ASoC: fsl_spdif: Silence output on stop (git-fixes).
- drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in
  a5xx_submit_in_rb() (git-fixes).
- drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes).
- drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
- commit 2f04296

- file: always lock position for FMODE_ATOMIC_POS (bsc#1213759).
- commit 5a72d04

- x86/srso: Add IBPB on VMEXIT (bsc#1213287, CVE-2023-20569).
- commit 179babc

- x86/srso: Add IBPB (bsc#1213287, CVE-2023-20569).
- commit 2cb8ed9

- x86/srso: Add SRSO_NO support (bsc#1213287, CVE-2023-20569).
- commit 17c6a41

- KVM: downgrade two BUG_ONs to WARN_ON_ONCE (git-fixes)
- commit ad8acc9

- x86/cpu, kvm: Add support for CPUID_80000021_EAX (bsc#1213287, CVE-2023-20569).
- Refresh patches.suse/x86-cpufeatures-add-kabi-padding.patch.
- commit fe91ad7

- nvme: don't reject probe due to duplicate IDs for single-ported
  PCIe devices (git-fixes).
- nvme: fix the NVME_ID_NS_NVM_STS_MASK definition (git-fixes).
- commit 72e33c1

- x86/srso: Add IBPB_BRTYPE support (bsc#1213287, CVE-2023-20569).
- commit f111fdf

- KVM: arm64: Don't read a HW interrupt pending state in user context (git-fixes)
- commit ffcb733

- KVM: Don't null dereference ops->destroy (git-fixes)
- commit 3407958

- KVM: Initialize debugfs_dentry when a VM is created to avoid NULL (git-fixes)
- commit f80bc2c

- wifi: ath11k: add support for suspend in power down state
  (bsc#1207948).
- commit 0ef156d

- x86: Sanitize linker script (bsc#1213287, CVE-2023-20569).
- commit 16a308d

- nvme-pci: fix DMA direction of unmapping integrity data
  (git-fixes).
- nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
- commit 3d56665

- x86/retbleed: Add __x86_return_thunk alignment checks (bsc#1213287, CVE-2023-20569).
- commit 7bc51ed

- scsi: lpfc: Copyright updates for 14.2.0.14 patches
  (bsc#1213756).
- scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756).
- scsi: lpfc: Clean up SLI-4 sysfs resource reporting
  (bsc#1213756).
- scsi: lpfc: Refactor cpu affinity assignment paths
  (bsc#1213756).
- scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout
  error is detected (bsc#1213756).
- scsi: lpfc: Make fabric zone discovery more robust when handling
  unsolicited LOGO (bsc#1213756).
- scsi: lpfc: Set Establish Image Pair service parameter only
  for Target Functions (bsc#1213756).
- scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk
  and lpfc_drop_node (bsc#1213756).
- scsi: lpfc: Qualify ndlp discovery state when processing RSCN
  (bsc#1213756).
- scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl
  for loop topology (bsc#1213756).
- scsi: lpfc: Simplify fcp_abort transport callback log message
  (bsc#1213756).
- scsi: lpfc: Pull out fw diagnostic dump log message from
  driver's trace buffer (bsc#1213756).
- scsi: lpfc: Fix a possible data race in
  lpfc_unregister_fcf_rescan() (bsc#1213756).
- scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756).
- scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756).
- scsi: lpfc: Use struct_size() helper (bsc#1213756).
- scsi: lpfc: Fix incorrect big endian type assignments in FDMI
  and VMID paths (bsc#1213756).
- scsi: lpfc: Replace all non-returning strlcpy() with strscpy()
  (bsc#1213756).
- scsi: lpfc: Replace one-element array with flexible-array member
  (bsc#1213756).
- scsi: lpfc: Fix incorrect big endian type assignment in bsg
  loopback path (bsc#1213756).
- commit 3d33912

- blacklist.conf: add commit 122deabfe142 ("ubifs: dirty_cow_znode: Fix
  memleak in error handling path")
  This is reverted in commit 7d01cb27f6ae ("Revert "ubifs:
  dirty_cow_znode: Fix memleak in error handling path"")
- commit b666937

- ubifs: Fix memory leak in do_rename (git-fixes).
- commit 9147a2c

- x86/srso: Add a Speculative RAS Overflow mitigation (bsc#1213287, CVE-2023-20569).
- commit 3021432

- afs: Fix server->active leak in afs_put_server (git-fixes).
- commit 214e9da

- afs: Fix dynamic root getattr (git-fixes).
- commit edbfecf

- jffs2: GC deadlock reading a page that is used in
  jffs2_write_begin() (git-fixes).
- commit d4f2e0b

- jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
  (git-fixes).
- commit 5f487ee

- jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
- commit 359ea76

- jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
- commit 47521cf

- jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
- commit 3127ba1

- jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
  (git-fixes).
- commit 629e159

- ubifs: Free memory for tmpfile name (git-fixes).
- commit b8a1ad9

- wifi: ath11k: remove MHI LOOPBACK channels (bsc#1207948).
- wifi: ath11k: handle thermal device registeration together
  with MAC (bsc#1207948).
- wifi: ath11k: handle irq enable/disable in several code path
  (bsc#1207948).
- bus: mhi: add new interfaces to handle MHI channels directly
  (bsc#1207948).
- bus: mhi: host: add destroy_device argument to mhi_power_down()
  (bsc#1207948).
- commit 9564a14

- ubifs: ubifs_writepage: Mark page dirty after writing inode
  failed (git-fixes).
- commit 840e02c

- ubifs: Re-statistic cleaned znode count if commit failed
  (git-fixes).
- commit 8fb0e1e

- ubifs: Fix memory leak in alloc_wbufs() (git-fixes).
- commit 8e663ab

- ubifs: Reserve one leb for each journal head while doing budget
  (git-fixes).
- commit cbe6386

- ubifs: do_rename: Fix wrong space budget when target inode's
  nlink > 1 (git-fixes).
- commit b6963c0

- ubifs: Fix wrong dirty space budget for dirty inode (git-fixes).
- commit b3864d7

- ubifs: Rectify space budget for ubifs_xrename() (git-fixes).
- commit 567a5c8

- ubifs: Rectify space budget for ubifs_symlink() if symlink is
  encrypted (git-fixes).
- commit 3474d4d

- scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747).
- scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747).
- scsi: qla2xxx: Fix TMF leak through (bsc#1213747).
- scsi: qla2xxx: Turn off noisy message log (bsc#1213747).
- scsi: qla2xxx: Fix session hang in gnl (bsc#1213747).
- scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747).
- scsi: qla2xxx: Fix command flush during TMF (bsc#1213747).
- scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747).
- scsi: qla2xxx: Adjust IOCB resource on qpair create
  (bsc#1213747).
- scsi: qla2xxx: Fix deletion race condition (bsc#1213747).
- scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747).
- scsi: qla2xxx: Fix error code in qla2x00_start_sp()
  (bsc#1213747).
- scsi: qla2xxx: Silence a static checker warning (bsc#1213747).
- scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
  (bsc#1213747).
- scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747).
- scsi: qla2xxx: Correct the index of array (bsc#1213747).
- scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747).
- scsi: qla2xxx: Fix buffer overrun (bsc#1213747).
- scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
  (bsc#1213747).
- scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747).
- scsi: qla2xxx: Fix potential NULL pointer dereference
  (bsc#1213747).
- scsi: qla2xxx: Array index may go out of bound (bsc#1213747).
- scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747).
- scsi: qla2xxx: Replace one-element array with
  DECLARE_FLEX_ARRAY() helper (bsc#1213747).
- scsi: qla2xxx: Fix end of loop test (bsc#1213747).
- scsi: qla2xxx: Fix NULL pointer dereference in target mode
  (bsc#1213747).
- commit e04dc4d

- ubifs: Fix build errors as symbol undefined (git-fixes).
- commit 003e06c

- series: udpate metadata
  Refresh
- patches.suse/ibmvnic-Do-not-reset-dql-stats-on-NON_FATAL-err.patch
- commit 3672423

- ubifs: Fix AA deadlock when setting xattr for encrypted file
  (git-fixes).
- commit 905856b

- ubifs: rename_whiteout: correct old_dir size computing
  (git-fixes).
- commit 746fc1a

- ubifs: Fix to add refcount once page is set private (git-fixes).
- commit eb16186

- ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
  (git-fixes).
- commit ec064eb

- ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes).
- commit 44d5601

- ubifs: Rectify space amount budget for mkdir/tmpfile operations
  (git-fixes).
- commit 5c3e281

- x86/returnthunk: Allow different return thunks (bsc#1213287, CVE-2023-20569).
- commit 9047ebd

- ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback
  work (git-fixes).
- commit f4b451d

- ubifs: Rename whiteout atomically (git-fixes).
- commit eb7797d

- ubifs: Add missing iput if do_tmpfile() failed in rename
  whiteout (git-fixes).
- commit 6d376e9

- ubifs: Fix deadlock in concurrent rename whiteout and inode
  writeback (git-fixes).
- commit fcb2f4b

- ubifs: rename_whiteout: Fix double free for whiteout_ui->data
  (git-fixes).
- commit 289d359

- ubifs: Error path in ubifs_remount_rw() seems to wrongly free
  write buffers (git-fixes).
- commit 90b0b69

- fs: dlm: return positive pid value for F_GETLK (git-fixes).
- commit 6a5ab84

- fs: dlm: move sending fin message into state change handling
  (git-fixes).
- commit dab00d6

- fs: dlm: don't set stop rx flag after node reset (git-fixes).
- commit 4b30eff

- fs: dlm: start midcomms before scand (git-fixes).
- commit a80feb6

- fs: dlm: add midcomms init/start functions (git-fixes).
- commit 1f391d7

- fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
- commit d7af52c

- fs: dlm: retry accept() until -EAGAIN or error returns
  (git-fixes).
- commit 8d74a84

- fs: dlm: handle -EBUSY first in lock arg validation (git-fixes).
- commit 8503974

- fs: dlm: fix race between test_bit() and queue_work()
  (git-fixes).
- commit a237b08

- fs: dlm: fix race in lowcomms (git-fixes).
- commit 92fc0f8

- dlm: fix missing lkb refcount handling (git-fixes).
- commit 263b40e

- dlm: fix plock invalid read (git-fixes).
- commit 7bcd1e8

- fs: dlm: filter user dlm messages for kernel locks (git-fixes).
- commit 38ca134

- afs: Fix vlserver probe RTT handling (git-fixes).
- commit fc1925d

- afs: Fix setting of mtime when creating a file/dir/symlink
  (git-fixes).
- commit 6bbf246

- afs: Fix updating of i_size with dv jump from server
  (git-fixes).
- commit 6731933

- afs: Fix lost servers_outstanding count (git-fixes).
- commit 29cfb62

- afs: Fix fileserver probe RTT handling (git-fixes).
- commit b1a6d0f

- afs: Use the operation issue time instead of the reply time
  for callbacks (git-fixes).
- commit dce7453

- afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked
  (git-fixes).
- commit 856031a

- afs: Fix access after dec in put functions (git-fixes).
- commit 7e9acb5

- afs: Use refcount_t rather than atomic_t (git-fixes).
- commit ee87d6d

- afs: Fix infinite loop found by xfstest generic/676 (git-fixes).
- commit e319694

- afs: Adjust ACK interpretation to try and cope with NAT
  (git-fixes).
- commit 0170794

- rxrpc, afs: Fix selection of abort codes (git-fixes).
- commit 6b22544

- afs: Fix afs_getattr() to refetch file status if callback
  break occurred (git-fixes).
- commit 610ac25

- coda: Avoid partial allocation of sig_inputArgs (git-fixes).
- commit a4211ac

- fs: hfsplus: remove WARN_ON() from
  hfsplus_cat_{read,write}_inode() (git-fixes).
- commit e720f69

- FS: JFS: Check for read-only mounted filesystem in txBegin
  (git-fixes).
- commit 74fc884

- FS: JFS: Fix null-ptr-deref Read in txBegin (git-fixes).
- commit ded2fdb

- fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev
  (git-fixes).
- commit d3b12be

- jfs: jfs_dmap: Validate db_l2nbperpage while mounting
  (git-fixes).
- commit cb7cfeb

- net: mana: Use the correct WQE count for ringing RQ doorbell
  (bsc#1212901).
- net: mana: Batch ringing RX queue doorbell on receiving packets
  (bsc#1212901).
- commit de409ae

- kernel-binary.spec.in: Remove superfluous %% in Supplements
  Fixes: 02b7735e0caf ("rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs")
- commit 264db74

- drm/amd/display: check TG is non-null before checking if enabled
  (git-fixes).
- drm/amd/pm: re-enable the gfx imu when smu resume (git-fixes).
- commit 0e22ad9

- pinctrl: amd: Don't show `Invalid config param` errors
  (git-fixes).
- commit 924f82b

- can: gs_usb: gs_can_close(): add missing set of CAN state to
  CAN_STATE_STOPPED (git-fixes).
- net: phy: marvell10g: fix 88x3310 power up (git-fixes).
- soundwire: qcom: update status correctly with mask (git-fixes).
- phy: hisilicon: Fix an out of bounds check in
  hisi_inno_phy_probe() (git-fixes).
- regmap: Account for register length in SMBus I/O limits
  (git-fixes).
- regmap: Drop initial version of maximum transfer length fixes
  (git-fixes).
- ASoC: fsl_sai: Disable bit clock with transmitter (git-fixes).
- drm/amd/display: Keep PHY active for DP displays on DCN31
  (git-fixes).
- drm/amd/display: Disable MPC split by default on special asic
  (git-fixes).
- drm/client: Fix memory leak in drm_client_modeset_probe
  (git-fixes).
- pinctrl: amd: Use amd_pinconf_set() for all config options
  (git-fixes).
- drm/radeon: Fix integer overflow in radeon_cs_parser_init
  (git-fixes).
- ALSA: emu10k1: roll up loops in DSP setup code for Audigy
  (git-fixes).
- commit a35f25e

- io_uring: ensure IOPOLL locks around deferred work (bsc#1213272
  CVE-2023-21400).
- commit 744cfeb

- KVM: VMX: Inject #GP, not #UD, if SGX2 ENCLS leafs are
  unsupported (git-fixes).
- commit 34f9d1f

- KVM: VMX: Inject #GP on ENCLS if vCPU has paging disabled
  (CR0.PG==0) (git-fixes).
- commit 6d14c23

- Update config files: enable CONFIG_X86_AMD_PSTATE (bsc#1212445)
- commit 09b37e1

- KVM: VMX: restore vmx_vmexit alignment (git-fixes).
- commit fe48bf1

- KVM: x86: Account fastpath-only VM-Exits in vCPU stats
  (git-fixes).
- commit c6619e5

- Delete patches.suse/memcg-drop-kmem-limit_in_bytes.patch.
  Drop the patch in order to fix bsc#1213705.
- commit 52c1db3

- cpufreq: amd-pstate: add amd-pstate driver parameter for mode
  selection (bsc#1212445).
- commit 14292ad

- cpufreq: amd-pstate: Set a fallback policy based on
  preferred_profile (bsc#1212445).
- ACPI: CPPC: Add definition for undefined FADT preferred PM
  profile value (bsc#1212445).
- cpufreq: amd-pstate: Make amd-pstate EPP driver name hyphenated
  (bsc#1212445).
- cpufreq: amd-pstate: Write CPPC enable bit per-socket
  (bsc#1212445).
- cpufreq: amd-pstate: Update policy->cur in
  amd_pstate_adjust_perf() (bsc#1212445).
- cpufreq: amd-pstate: Remove fast_switch_possible flag from
  active driver (bsc#1212445).
- cpufreq: amd-pstate: Add ->fast_switch() callback (bsc#1212445).
- commit 8041c32

- cpufreq: amd-pstate: Make varaiable mode_state_machine static
  (bsc#1212445).
- cpufreq: amd-pstate: Add guided mode control support via sysfs
  (bsc#1212445).
- cpufreq: amd-pstate: Add guided autonomous mode (bsc#1212445).
- Documentation: cpufreq: amd-pstate: Move amd_pstate param to
  alphabetical order (bsc#1212445).
- cpufreq: amd-pstate: remove MODULE_LICENSE in non-modules
  (bsc#1212445).
- cpufreq: amd-pstate: Let user know amd-pstate is disabled
  (bsc#1212445).
- cpufreq: amd-pstate: Fix invalid write to MSR_AMD_CPPC_REQ
  (bsc#1212445).
- cpufreq: amd-pstate: avoid uninitialized variable use
  (bsc#1212445).
- cpufreq: amd-pstate: convert sprintf with sysfs_emit()
  (bsc#1212445).
- cpufreq: amd-pstate: add driver working mode switch support
  (bsc#1212445).
- cpufreq: amd-pstate: implement suspend and resume callbacks
  (bsc#1212445).
- commit cecc1a7

- vhost: support PACKED when setting-getting vring_base
  (git-fixes).
- commit 0bfd988

- cpufreq: amd-pstate: implement amd pstate cpu online and
  offline callback (bsc#1212445).
- Refresh patches.kabi/cpp_epp_perf-kABI-workaround.patch.
- commit 0db85b8

- cpufreq: amd-pstate: implement Pstate EPP support for the AMD
  processors (bsc#1212445).
- Refresh patches.kabi/cpp_epp_perf-kABI-workaround.patch.
- commit 43aa608

- cpufreq: amd-pstate: optimize driver working mode selection
  in amd_pstate_param() (bsc#1212445).
- cpufreq: amd-pstate: fix kernel hang issue while amd-pstate
  unregistering (bsc#1212445).
- cpufreq: amd-pstate: change amd-pstate driver to be built-in
  type (bsc#1212445).
- cpufreq: amd-pstate: cpufreq: amd-pstate: reset MSR_AMD_PERF_CTL
  register at init (bsc#1212445).
- cpufreq: amd-pstate: Fix Kconfig dependencies for AMD P-State
  (bsc#1212445).
- commit 81828e8

- cpufreq: amd-pstate: Expose struct amd_cpudata (bsc#1212445).
- MAINTAINERS: Add AMD P-State driver maintainer entry
  (bsc#1212445).
- commit f8c7ae3

- cpufreq: amd-pstate: Fix initial highest_perf value
  (bsc#1212445).
- cpufreq: amd-pstate: update pstate frequency transition delay
  time (bsc#1212445).
- cpufreq: amd_pstate: map desired perf into pstate scope for
  powersave governor (bsc#1212445).
- cpufreq: amd_pstate: fix wrong lowest perf fetch (bsc#1212445).
- cpufreq: amd-pstate: fix white-space (bsc#1212445).
- cpufreq: amd-pstate: simplify cpudata pointer assignment
  (bsc#1212445).
- ACPI: CPPC: Add ACPI disabled check to acpi_cpc_valid()
  (bsc#1212445).
- cpufreq: amd-pstate: Add resume and suspend callbacks
  (bsc#1212445).
- cpufreq: amd-pstate: Add more tracepoint for AMD P-State module
  (bsc#1212445).
- cpufreq: amd-pstate: Fix struct amd_cpudata kernel-doc comment
  (bsc#1212445).
- cpufreq: amd-pstate: Add AMD P-State performance attributes
  (bsc#1212445).
- cpufreq: amd-pstate: Add AMD P-State frequencies attributes
  (bsc#1212445).
- cpufreq: amd-pstate: Add boost mode support for AMD P-State
  (bsc#1212445).
- cpufreq: amd-pstate: Add trace for AMD P-State module
  (bsc#1212445).
- cpufreq: amd-pstate: Introduce the support for the processors
  with shared memory solution (bsc#1212445).
- cpufreq: amd-pstate: Add fast switch function for AMD P-State
  (bsc#1212445).
- cpufreq: amd-pstate: Introduce a new AMD P-State driver to
  support future processors (bsc#1212445).
- commit 68cc349

- vhost_net: revert upend_idx only on retriable error (git-fixes).
- commit 8b2dc73

- s390/vmem: fix empty page tables cleanup under KASAN (git-fixes
  bsc#1213715).
- commit 6879f59

- s390/qeth: Fix vipa deletion (git-fixes bsc#1213713).
- commit 48f331c

- virtio_net: Fix error unwinding of XDP initialization
  (git-fixes).
- commit a90e297

- virtio-net: Maintain reverse cleanup order (git-fixes).
- commit ee47906

- x86/PVH: obtain VGA console info in Dom0 (git-fixes).
- commit a5c9518

- xen/pvcalls-back: fix double frees with
  pvcalls_new_active_socket() (git-fixes).
- commit ae3a872

- xen/blkfront: Only check REQ_FUA for writes (git-fixes).
- commit 05a3279

- platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind
  U100 (git-fixes).
- media: staging: atomisp: select V4L2_FWNODE (git-fixes).
- commit 29a4c8a

- net/sched: cls_fw: Fix improper refcount update leads to
  use-after-free (CVE-2023-3776 bsc#1213588).
- commit 057a69b

- block, bfq: Fix division by zero error on zero wsum
  (bsc#1213653).
- commit da28d59

- md: add error_handlers for raid0 and linear (bsc#1212766).
- commit 19b2ae4

- drm/ttm: fix warning that we shouldn't mix && and ||
  (git-fixes).
- commit 25df30d

- drm/ttm: fix bulk_move corruption when adding a entry
  (git-fixes).
- commit 04de7a2

- ASoC: rt5640: Fix sleep in atomic context (git-fixes).
- commit ee2d57e

- net: nfc: Fix use-after-free caused by nfc_llcp_find_local
  (bsc#1213601 CVE-2023-3863).
- nfc: llcp: simplify llcp_sock_connect() error paths (bsc#1213601
  CVE-2023-3863).
- nfc: llcp: nullify llcp_sock->dev on connect() error paths
  (bsc#1213601 CVE-2023-3863).
- commit 63ddbca

- mhi_power_down() kABI workaround (bsc#1207948).
- commit 24dd94d

- kabi/severities: relax kABI for ath11k local symbols (bsc#1207948)
- commit 3000949

- Update
  patches.suse/vc_screen-don-t-clobber-return-value-in-vcs_read.patch
  (git-fixes bsc#1213167 CVE-2023-3567).
- Update
  patches.suse/vc_screen-modify-vcs_size-handling-in-vcs_read.patch
  (git-fixes bsc#1213167 CVE-2023-3567).
- Update
  patches.suse/vc_screen-move-load-of-struct-vc_data-pointer-in-vcs.patch
  (git-fixes bsc#1213167 CVE-2023-3567).
  Add references.
- commit 86b316a

- drm/vmwgfx: Remove explicit and broken vblank handling
  (bsc#1213632).
- commit d21ac8b

- drm/vmwgfx: Fix Legacy Display Unit atomic drm support
  (bsc#1213632).
- commit 6057f49

- drm/vmwgfx: Remove rcu locks from user resources (bsc#1213632).
- commit a689fa2

- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in
  HCIUARTGETPROTO (bsc#1210780 CVE-2023-31083).
- commit ad56bc8

- ALSA: usb-audio: Add quirk for Microsoft Modern Wireless Headset
  (bsc#1207129).
- commit 6298aeb

- Revert "NFSv4: Retry LOCK on OLD_STATEID during delegation
  return" (git-fixes).
- NFSv4.1: freeze the session table upon receiving
  NFS4ERR_BADSESSION (git-fixes).
- svcrdma: Prevent page release when nothing was received
  (git-fixes).
- NFSD: add encoding of op_recall flag for write delegation
  (git-fixes).
- SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (git-fixes).
- nfsd: fix double fget() bug in __write_ports_addfd()
  (git-fixes).
- NFSD: Remove open coding of string copy (git-fixes).
- SUNRPC: Fix trace_svc_register() call site (git-fixes).
- SUNRPC: always free ctxt when freeing deferred request
  (git-fixes).
- SUNRPC: double free xprt_ctxt while still in use (git-fixes).
- SUNRPC: remove the maximum number of retries in call_bind_status
  (git-fixes).
- NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease
  (git-fixes).
- SUNRPC: Remove dead code in svc_tcp_release_rqst() (git-fixes).
- NFSD: Fix sparse warning (git-fixes).
- commit 8c604d4

- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays
  (git-fixes).
- commit d286bfe

- drm/amd/display: only accept async flips for fast updates
  (git-fixes).
- drm/amd/display: save restore hdcp state when display is
  unplugged from mst hub (git-fixes).
- drm/amd/display: Only update link settings after successful
  MST link train (git-fixes).
- commit d4f34b0

- net/sched: cls_u32: Fix reference counter leak leading to
  overflow (CVE-2023-3609 bsc#1213586).
- commit e129a1f

- net/sched: sch_qfq: account for stab overhead in qfq_enqueue
  (CVE-2023-3611 bsc#1213585).
- net/sched: sch_qfq: reintroduce lmax bound check for MTU
  (bsc#1213585).
- net/sched: sch_qfq: refactor parsing of netlink parameters
  (bsc#1213585).
- commit 67a1d0b

- Fix null pointer dereference in drm_dp_atomic_find_time_slots()
  (bsc#1213578).
- commit 453d6f3

- drm/amd/display: Add polling method to handle MST reply packet
  (bsc#1213578).
- commit 308c526

- IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes)
- commit cb2f513

- Revive drm_dp_mst_hpd_irq() function (bsc#1213578).
- commit 499a97d

- drm/dp_mst: Clear MSG_RDY flag before sending new message
  (bsc#1213578).
- commit a5454fb

- drm/amd/pm: conditionally disable pcie lane/speed switching
  for SMU13 (git-fixes).
- drm/amd/pm: share the code around SMU13 pcie parameters update
  (git-fixes).
- drm/i915: Don't preserve dpll_hw_state for slave crtc in
  Bigjoiner (git-fixes).
- drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime
  (git-fixes).
- drm/amd/display: Add monitor specific edid quirk (git-fixes).
- drm/amd/display: Remove Phantom Pipe Check When Calculating
  K1 and K2 (git-fixes).
- drm/amd/pm: add abnormal fan detection for smu 13.0.0
  (git-fixes).
- drm/amd/display: fix seamless odm transitions (git-fixes).
- drm/amdgpu: Fix minmax warning (git-fixes).
- drm/amdgpu: add the fan abnormal detection feature (git-fixes).
- commit e81cef2

- pinctrl: amd: Detect internal GPIO0 debounce handling
  (git-fixes).
- commit 2209e7e

- drm/msm/disp/dpu: get timing engine status from intf status
  register (git-fixes).
- Refresh
  patches.suse/drm-msm-dpu-Remove-duplicate-register-defines-from-I.patch.
- commit 01f0700

- usb: dwc2: platform: Improve error reporting for problems
  during .remove() (git-fixes).
- Refresh
  patches.suse/usb-dwc2-Fix-some-error-handling-paths.patch.
- commit c99cdac

- drm/atomic: Fix potential use-after-free in nonblocking commits
  (git-fixes).
- pinctrl: amd: Only use special debounce behavior for GPIO 0
  (git-fixes).
- drm/amdgpu: avoid restore process run into dead loop
  (git-fixes).
- i2c: xiic: Don't try to handle more interrupt events after error
  (git-fixes).
- drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes).
- drm/amdgpu: fix clearing mappings for BOs that are always
  valid in VM (git-fixes).
- USB: serial: option: add LARA-R6 01B PIDs (git-fixes).
- xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes).
- xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes).
- xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes).
- tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
  (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
  (git-fixes).
- PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
  (git-fixes).
- pinctrl: amd: Fix mistake in handling clearing pins at startup
  (git-fixes).
- drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK
  (git-fixes).
- drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes).
- drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes).
- drm/atomic: Allow vblank-enabled + self-refresh "disable"
  (git-fixes).
- drm/bridge: tc358768: Add atomic_get_input_bus_fmts()
  implementation (git-fixes).
- hwmon: (pmbus/adm1275) Fix problems with temperature monitoring
  on ADM1272 (git-fixes).
- selftests: rtnetlink: remove netdevsim device after ipsec
  offload test (git-fixes).
- leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev
  rename (git-fixes).
- mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes).
- mmc: sdhci: fix DMA configure compatibility issue when 64bit
  DMA mode is used (git-fixes).
- kselftest: vDSO: Fix accumulation of uninitialized ret when
  CLOCK_REALTIME is undefined (git-fixes).
- ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error
  (git-fixes).
- crypto: qat - Use helper to set reqsize (git-fixes).
- crypto: kpp - Add helper to set reqsize (git-fixes).
- wifi: ray_cs: Drop useless status variable in parse_addr()
  (git-fixes).
- wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes).
- hwmon: (adm1275) Allow setting sample averaging (git-fixes).
- i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in
  xiic_process() (git-fixes).
- wl3501_cs: use eth_hw_addr_set() (git-fixes).
- commit 87a543d

- Update References tag
  patches.suse/fbcon-set_con2fb_map-needs-to-set-con2fb_map.patch
  (git-fixes bsc#1213417 CVE-2023-38409).
- commit 256b397

- xfs: wait iclog complete before tearing down AIL (bsc#1211811).
- commit a2d37c4

- xfs: run callbacks before waking waiters in
  xlog_state_shutdown_callbacks (bsc#1211811).
- commit 602a6b0

- drm/i915/tc: Fix system resume MST mode restore for DP-alt sinks
  (git-fixes).
- commit c057899

- ASoC: SOF: ipc3-dtrace: uninitialized data in
  dfsentry_trace_filter_write() (git-fixes).
- ASoC: amd: acp: fix for invalid dai id handling in
  acp_get_byte_count() (git-fixes).
- fbdev: imxfb: Removed unneeded release_mem_region (git-fixes).
- commit 8fba390

- ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component
  remove (git-fixes).
- ASoC: codecs: wcd934x: fix resource leaks on component remove
  (git-fixes).
- ASoC: codecs: wcd938x: fix missing clsh ctrl error handling
  (git-fixes).
- ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR
  (git-fixes).
- ASoC: codecs: wcd938x: fix soundwire initialisation race
  (git-fixes).
- ASoC: codecs: wcd938x: fix codec initialisation race
  (git-fixes).
- ASoC: tegra: Fix ADX byte map (git-fixes).
- ASoC: tegra: Fix AMX byte map (git-fixes).
- commit 2c27c0a

- ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops
  (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx
  (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes).
- commit 61a595d

- ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp
  (git-fixes).
- ALSA: hda/realtek - remove 3k pull low procedure (git-fixes).
- fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
  (git-fixes).
- fbdev: imxfb: warn about invalid left/right margin (git-fixes).
- commit 61676e6

- xfs: drop async cache flushes from CIL commits (bsc#1211811).
- commit b52f8c8

- xfs: async CIL flushes need pending pushes to be made stable
  (bsc#1211811).
- commit a7a8e83

- xfs: move the CIL workqueue to the CIL (bsc#1211811).
- commit bdc017f

- xfs: CIL work is serialised, not pipelined (bsc#1211811).
- commit 41681a2

- xfs: AIL needs asynchronous CIL forcing (bsc#1211811).
- commit df27a10

- xfs: order CIL checkpoint start records (bsc#1211811).
- commit 1723063

- xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state()
  (bsc#1211811).
- commit 7d0f707

- xfs: don't run shutdown callbacks on active iclogs
  (bsc#1211811).
- Refresh patches.suse/xfs-pass-a-CIL-context-to-xlog_write.patch.
- commit bbe5b6f

- xfs: separate out log shutdown callback processing
  (bsc#1211811).
- commit 8739ead

- xfs: rework xlog_state_do_callback() (bsc#1211811).
- commit e073f75

- xfs: factor out log write ordering from xlog_cil_push_work()
  (bsc#1211811).
- commit 9190d3a

- xfs: pass a CIL context to xlog_write() (bsc#1211811).
- Delete
  patches.suse/xfs-drop-async-cache-flushes-from-CIL-commits.patch.
- commit 32853a9

- Revert "usb: gadget: udc: core: Offload usb_udc_vbus_handler processing"
  This reverts commit bc0618750f6987c96fa2a99ae8452ae74c5cb94b.
- commit 2488305

- Revert "usb: gadget: udc: core: Prevent soft_connect_store() race"
  This reverts commit b1dbc3a2da2b71fefe5889fb00557f6279033499.
  udc_lock and udc->connect_lock nesting must be resolved post-merge.
- commit aa5b47d

- xfs: XLOG_STATE_IOERROR must die (bsc#1211811).
- commit 90fa477

- xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
- commit b415a31

- kabi/severities: ignore kABI of vmwgfx
  The driver exports a function unnecessarily without used by anyone else.
  Ignore the kABI changes.
- commit 62ee467

- kabi/severities: ignore kABI of i915 module
  It's exported only for its sub-module, not really used by externals
- commit 63cfeb5

- Add alt-commit to amdgpu patches
- commit bee21b3

- drm/amdgpu/vkms: relax timer deactivation by
  hrtimer_try_to_cancel (git-fixes).
- drm/msm/a5xx: really check for A510 in a5xx_gpu_init
  (git-fixes).
- drm/msm/dpu: clean up dpu_kms_get_clk_rate() returns
  (git-fixes).
- drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK
  (git-fixes).
- drm/bridge: anx7625: Prevent endless probe loop (git-fixes).
- drm: Add fixed-point helper to get rounded integer values
  (git-fixes).
- drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes).
- drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: Add atomic_get_input_bus_fmts()
  implementation (git-fixes).
- drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2
  (git-fixes).
- drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1
  (git-fixes).
- drm/amd/pm: workaround for compute workload type on some skus
  (git-fixes).
- drm/amd/display: Reduce sdp bw after urgent to 90% (git-fixes).
- drm/amdgpu: change reserved vram info print (git-fixes).
- swsmu/amdgpu_smu: Fix the wrong if-condition (git-fixes).
- commit 3a68598

- drm/amd/pm: conditionally disable pcie lane switching for some
  sienna_cichlid SKUs (git-fixes).
- drm/amdgpu: enable tmz by default for GC 11.0.1 (git-fixes).
- drm/amd/pm: resolve reboot exception for si oland (git-fixes).
- drm/amd/pm: reverse mclk clocks levels for SMU v13.0.5
  (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for SMU v13.0.4
  (git-fixes).
- drm/amd/display: Have Payload Properly Created After Resume
  (git-fixes).
- drm/amd/pm: add missing NotifyPowerSource message mapping for
  SMU13.0.7 (git-fixes).
- drm/amd/pm: fix possible power mode mismatch between driver
  and PMFW (git-fixes).
- drm/amdgpu/gmc11: implement get_vbios_fb_size() (git-fixes).
- drm/amdgpu/gfx11: Adjust gfxoff before powergating on gfx11
  as well (git-fixes).
- drm/amdgpu/gfx11: update gpu_clock_counter logic (git-fixes).
- drm/amdgpu/jpeg: Remove harvest checking for JPEG3 (git-fixes).
- drm/amd/pm: avoid potential UBSAN issue on legacy asics
  (git-fixes).
- drm/amd/display: Enforce 60us prefetch for 200Mhz DCFCLK modes
  (git-fixes).
- drm/amdgpu: set gfx9 onwards APU atomics support to be true
  (git-fixes).
- drm/dsc: fix DP_DSC_MAX_BPP_DELTA_* macro values (git-fixes).
- drm/dsc: fix drm_edp_dsc_sink_output_bpp() DPCD high byte usage
  (git-fixes).
- commit 26f6cbe

- drm/amd/display: filter out invalid bits in pipe_fuses
  (git-fixes).
- commit 1fab8ae

- drm/amd/display: Change default Z8 watermark values (git-fixes).
- drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini()
  (git-fixes).
- drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini
  (git-fixes).
- drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v11_0_hw_fini
  (git-fixes).
- drm/i915: Check pipe source size when using skl+ scalers
  (git-fixes).
- drm/amd/display: Lowering min Z8 residency time (git-fixes).
- drm/amd/display: Add missing WA and MCLK validation (git-fixes).
- drm/amdgpu: reserve the old gc_11_0_*_mes.bin (git-fixes).
- drm/amdgpu: refine get gpu clock counter method (git-fixes).
- commit 6d48349

- drm/msm/disp/dpu: get timing engine status from intf status
  register (git-fixes).
- Refresh
  patches.suse/drm-msm-dpu-Remove-duplicate-register-defines-from-I.patch.
- commit 05668f6

- drm/amdgpu: Fix sdma v4 sw fini error (git-fixes).
- drm/amd/display: Correct DML calculation to follow HW SPEC
  (git-fixes).
- drm/amd/amdgpu: introduce gc_*_mes_2.bin v2 (git-fixes).
- drm/amd/display: fixed dcn30+ underflow issue (git-fixes).
- drm/amd/display: Fix 4to1 MPC black screen with DPP RCO
  (git-fixes).
- drm/amd/amdgpu: limit one queue per gang (git-fixes).
- drm/i915/tc: Fix TC port link ref init for DP MST during HW
  readout (git-fixes).
- drm/amd/display: Ensure vmin and vmax adjust for DCE
  (git-fixes).
- drm/amd/display: Enable HostVM based on rIOMMU active
  (git-fixes).
- drm/amd/display: Update minimum stutter residency for DCN314 Z8
  (git-fixes).
- drm/amd/display: Add minimum Z8 residency debug option
  (git-fixes).
- drm/amd/display: Do not update DRR while BW optimizations
  pending (git-fixes).
- drm/amd/display: Correct DML calculation to align HW formula
  (git-fixes).
- drm/amd/display: populate subvp cmd info only for the top pipe
  (git-fixes).
- drm/rockchip: dw_hdmi: cleanup drm encoder during unbind
  (git-fixes).
- drm/amd/display: fix a divided-by-zero error (git-fixes).
- commit 9c0d61f

- drm/amd/display: limit timing for single dimm memory
  (git-fixes).
- drm/amd/display: set dcn315 lb bpp to 48 (git-fixes).
- drm/amdgpu: Fix desktop freezed after gpu-reset (git-fixes).
- drm: buddy_allocator: Fix buddy allocator init on 32-bit systems
  (git-fixes).
- drm/amdgpu/gfx: set cg flags to enter/exit safe mode
  (git-fixes).
- drm/amdgpu: Force signal hw_fences that are embedded in
  non-sched jobs (git-fixes).
- drm/amdgpu: add mes resume when do gfx post soft reset
  (git-fixes).
- drm/i915/guc: Fix missing ecodes (git-fixes).
- drm/i915/fbdev: lock the fbdev obj before vma pin (git-fixes).
- commit 602ee99

- drm/amdgpu/vcn: Disable indirect SRAM on Vangogh broken BIOSes
  (git-fixes).
- drm/i915/sseu: fix max_subslices array-index-out-of-bounds
  access (git-fixes).
- drm/display: Don't block HDR_OUTPUT_METADATA on unknown EOTF
  (git-fixes).
- drm/msm/adreno: fix runtime PM imbalance at unbind (git-fixes).
- drm/amd: Don't allow s0ix on APUs older than Raven (git-fixes).
- drm/i915: Populate encoder->devdata for DSI on icl+ (git-fixes).
- drm/amd/display: Update Z8 SR exit/enter latencies (git-fixes).
- drm/amd/display: Remove stutter only configurations (git-fixes).
- drm/amd/display: Fix Z8 support configurations (git-fixes).
- drm/i915/guc: Rename GuC register state capture node to be
  more obvious (git-fixes).
- commit ae9d397

- drm/msm/dpu: Add DSC hardware blocks to register snapshot
  (git-fixes).
- drm/amdgpu: declare firmware for new MES 11.0.4 (git-fixes).
- drm: rcar-du: Fix setting a reserved bit in DPLLCR (git-fixes).
- drm: rcar-du: Add quirk for H3 ES1.x pclk workaround
  (git-fixes).
- drm/i915/mtl: update scaler source and destination limits for
  MTL (git-fixes).
- drm: Add missing DP DSC extended capability definitions
  (git-fixes).
- Revert "drm/i915: Disable DSB usage for now" (git-fixes).
- drm/i915: Do panel VBT init early if the VBT declares an
  explicit panel type (git-fixes).
- drm/i915: Introduce intel_panel_init_alloc() (git-fixes).
- commit cc492ab

- drm/msm/hdmi: use devres helper for runtime PM management
  (git-fixes).
- Refresh
  patches.suse/drm-msm-hdmi-Add-missing-check-for-alloc_ordered_wor.patch.
- commit 7348d6f

- drm/amd: Use `amdgpu_ucode_*` helpers for MES (git-fixes).
- drm/amd: Load MES microcode during early_init (git-fixes).
- drm/amd/display: fix PSR-SU/DSC interoperability support
  (git-fixes).
- drm/amd: Add a new helper for loading/validating microcode
  (git-fixes).
- drm/display/dp_mst: Fix payload addition on a disconnected sink
  (git-fixes).
- drm/bridge: anx7625: Convert to i2c's .probe_new() (git-fixes).
- drm: panel-orientation-quirks: Add quirk for DynaBook K50
  (git-fixes).
- drm/panel: boe-tv101wum-nl6: Ensure DSI writes succeed during
  disable (git-fixes).
- drm/i915: Fix a memory leak with reused mmap_offset (git-fixes).
- drm/drm_vma_manager: Add drm_vma_node_allow_once() (git-fixes).
- drm: Optimize drm buddy top-down allocation method (git-fixes).
- drm/virtio: Fix memory leak in virtio_gpu_object_create()
  (git-fixes).
- drm/amd/display: Add debug option to skip PSR CRTC disable
  (git-fixes).
- drm/amdgpu/mes11: enable reg active poll (git-fixes).
- drm/amd/amdgpu: update mes11 api def (git-fixes).
- drm/msm/adreno: Simplify read64/write64 helpers (git-fixes).
- drm/amd/display: Add Z8 allow states to z-state support list
  (git-fixes).
- drm/amd/display: Update Z8 watermarks for DCN314 (git-fixes).
- drm/virtio: Simplify error handling of
  virtio_gpu_object_create() (git-fixes).
- commit e9a6574

- Update
  patches.suse/net-tun-fix-bugs-for-oversize-packet-when-napi-frags.patch
  (git-fixes CVE-2023-3812 bsc#1213543).
  Added CVE reference.
- commit 98bd6ff

- drm/i915/guc: Limit scheduling properties to avoid overflow
  (git-fixes).
- Refresh
  patches.suse/drm-i915-Fix-compute-pre-emption-w-a-to-apply-to-com.patch.
- commit 696b0f8

- adreno: Shutdown the GPU properly (git-fixes).
- drm/i915: Use _MMIO_PIPE() for SKL_BOTTOM_COLOR (git-fixes).
- drm/etnaviv: reap idle mapping if it doesn't match the softpin
  address (git-fixes).
- drm/etnaviv: move idle mapping reaping into separate function
  (git-fixes).
- drm/amdgpu: Don't set struct drm_driver.output_poll_changed
  (git-fixes).
- drm/meson: Fix return type of meson_encoder_cvbs_mode_valid()
  (git-fixes).
- drm/amd/display (gcc13): fix enum mismatch (git-fixes).
- drm/amdgpu: remove deprecated MES version vars (git-fixes).
- drm/amd/display: Remove optimization for VRR updates
  (git-fixes).
- drm/amd/display: Refactor eDP PSR codes (git-fixes).
- drm/amd/display: Remove FPU guards from the DML folder
  (git-fixes).
- drm/i915/guc: Add error-capture init warnings when needed
  (git-fixes).
- drm/i915/gt: Cleanup partial engine discovery failures
  (git-fixes).
- drm/i915: Allow panel fixed modes to have differing sync
  polarities (git-fixes).
- drm/i915: Print return value on error (git-fixes).
- drm/i915: Fix TypeC mode initialization during system resume
  (git-fixes).
- drm/vmwgfx: Remove vmwgfx_hashtab (git-fixes).
- drm/vmwgfx: Refactor ttm reference object hashtable to use
  linux/hashtable (git-fixes).
- drm/vmwgfx: Refactor resource validation hashtable to use
  linux/hashtable implementation (git-fixes).
- drm/vmwgfx: Remove ttm object hashtable (git-fixes).
- drm/vmwgfx: Refactor resource manager's hashtable to use
  linux/hashtable implementation (git-fixes).
- drm/vmwgfx: Write the driver id registers (git-fixes).
- dma-buf/dma-resv: Stop leaking on krealloc() failure
  (git-fixes).
- Bluetooth: hci_sync: Avoid use-after-free in dbg for
  hci_remove_adv_monitor() (git-fixes).
- Bluetooth: ISO: fix iso_conn related locking and validity issues
  (git-fixes).
- Bluetooth: hci_event: call disconnect callback before deleting
  conn (git-fixes).
- Bluetooth: use RCU for hci_conn_params and iterate safely in
  hci_sync (git-fixes).
- commit a039f9f

- irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 (bsc#1213533)
- commit 42bde43

- irqchip/gicv3: Handle resource request failure consistently (bsc#1213533)
- commit 9a79248

- irqchip/gic-v3: Claim iomem resources (bsc#1213533)
- commit 58b558e

- drm/client: Fix memory leak in drm_client_target_cloned
  (git-fixes).
- net: phy: prevent stale pointer dereference in phy_init()
  (git-fixes).
- can: bcm: Fix UAF in bcm_proc_show() (git-fixes).
- selftests: tc: add ConnTrack procfs kconfig (git-fixes).
- selftests: tc: add 'ct' action kconfig dep (git-fixes).
- selftests: tc: set timeout to 15 minutes (git-fixes).
- rsi: remove kernel-doc comment marker (git-fixes).
- pie: fix kernel-doc notation warning (git-fixes).
- devlink: fix kernel-doc notation warnings (git-fixes).
- codel: fix kernel-doc notation warnings (git-fixes).
- commit a53eee1

- netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
  (CVE-2023-35001 bsc#1213059).
- netfilter: nf_tables: do not ignore genmask when looking up
  chain by id (CVE-2023-31248 bsc#1213061).
- commit 2165cfd

- uaccess: Add speculation barrier to copy_from_user()
  (bsc#1211738 CVE-2023-0459).
- commit 444186d

- fuse: ioctl: translate ENOSYS in outarg (bsc#1213524).
- fuse: revalidate: don't invalidate if interrupted (bsc#1213523).
- commit 6e0bfdd

- netfilter: nf_tables: incorrect error path handling with
  NFT_MSG_NEWRULE (CVE-2023-3390 CVE-2023-3117 bsc#1212846
  bsc#1213245).
- commit fc1ae7b

- powerpc/pseries/vas: Hold mmap_mutex after mmap lock during
  window close (jsc#PED-542 git-fixes).
- commit 0caaae2

- Drop
  patches.suse/nvme-warn-about-shared-namespaces-without-CONFIG_NVM.patch (bsc#1213311)
- Delete
  patches.suse/nvme-warn-about-shared-namespaces-without-CONFIG_NVM.patch.
- Refresh
  patches.suse/nvme-refactor-namespace-probing.patch
- commit a744f3d

- KVM: Add GDS_NO support to KVM (bsc#1206418, CVE-2022-40982).
- commit aa4b0be

- x86/speculation: Add Kconfig option for GDS (bsc#1206418, CVE-2022-40982).
- commit 9f327b6

- x86/speculation: Add force option to GDS mitigation (bsc#1206418, CVE-2022-40982).
- commit a0b814b

- x86/speculation: Add Gather Data Sampling mitigation (bsc#1206418, CVE-2022-40982).
- commit bc512dd

- drm/i915: Never return 0 if not all requests retired
  (git-fixes).
- drm/i915: Fix negative value passed as remaining time
  (git-fixes).
- drm/i915/sdvo: Grab mode_config.mutex during LVDS init to
  avoid WARNs (git-fixes).
- commit d9993e1

- drm/i915/dp_mst: Add the MST topology state for modesetted CRTCs
  (bsc#1213493).
- commit 8d27c97

- xfs: don't deplete the reserve pool when trying to shrink the fs
  (git-fixes).
- commit 5a2f80d

- xfs: don't reverse order of items in bulk AIL insertion
  (git-fixes).
- commit d6e35fc

- xfs: fix logdev fsmap query result filtering (git-fixes).
- commit c455cfa

- xfs: clean up the rtbitmap fsmap backend (git-fixes).
- commit 48d04d0

- xfs: fix getfsmap reporting past the last rt extent (git-fixes).
- commit c0bf1f4

- xfs: fix integer overflows in the fsmap rtbitmap and logdev
  backends (git-fixes).
- commit 2722715

- xfs: fix interval filtering in multi-step fsmap queries
  (git-fixes).
- commit bdbe0c0

- xfs: fix uninitialized variable access (git-fixes).
- commit 00489cf

- xfs: pass explicit mount pointer to rtalloc query functions
  (git-fixes).
- commit 8dd0d7d

- xfs: make the record pointer passed to query_range functions
  const (git-fixes).
- commit f3907e2

- xfs: make fsmap backend function key parameters const
  (git-fixes).
- commit f2d77e2

- xfs: fix off-by-one error when the last rt extent is in use
  (git-fixes).
- commit 6038622

- ocfs2: Switch to security_inode_init_security() (git-fixes).
- commit a16070d

- ocfs2: check new file size on fallocate call (git-fixes).
- commit 3af0daa

- ocfs2: fix use-after-free when unmounting read-only filesystem
  (git-fixes).
- commit 32172b2

- smb: client: fix missed ses refcounting (git-fixes).
- commit 1464145

- powerpc/security: Fix Speculation_Store_Bypass reporting on
  Power10 (bsc#1188885 ltc#193722 git-fixes).
- commit 298c13e

- Refresh
  patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s-asso.patch.
- commit d8bebeb

- security: keys: Modify mismatched function name (git-fixes).
- tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
  (git-fixes).
- commit 9b8aa64

- x86/cpu/amd: Add a Zenbleed fix (bsc#1213286, CVE-2023-20593).
- commit e269335

- x86/cpu/amd: Move the errata checking functionality up (bsc#1213286, CVE-2023-20593).
- commit 74df26d

- usb: gadget: udc: core: Prevent soft_connect_store() race
  (git-fixes).
- commit b1dbc3a

- usb: gadget: udc: core: Offload usb_udc_vbus_handler processing
  (git-fixes).
- commit bc06187

- x86/platform/uv: Update UV platform code for SNC (bsc#1212256
  jsc#PED-4718).
- x86/platform/uv: Remove remaining BUG_ON() and BUG() calls
  (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: UV support for sub-NUMA clustering (bsc#1212256
  jsc#PED-4718).
- x86/platform/uv: Helper functions for allocating and freeing
  conversion tables (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: When searching for minimums, start at INT_MAX
  not 99999 (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: Fix printed information in calc_mmioh_map
  (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: Introduce helper function uv_pnode_to_socket
  (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: Add platform resolving #defines for misc
  GAM_MMIOH_REDIRECT* (bsc#1212256 jsc#PED-4718).
- commit 22f8c94

- rpm: Update dependency to match current kmod.
- commit d687dc3

- usb: dwc2: Fix some error handling paths (git-fixes).
- commit b3ae2f4

- blacklist.conf: optimization
- commit 9e3e296

- blacklist.conf: kABI
- commit 938b640

- usb: typec: Fix fast_role_swap_current show function
  (git-fixes).
- commit b9a4a79

- blacklist.conf: Blacklist redundant patch
- commit 48411ae

- arm64: vdso: Pass (void *) to virt_to_page() (git-fixes)
- commit 80dd531

- arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes)
- commit beb79bd

- Revert "arm64: dts: zynqmp: Add address-cells property to interrupt (git-fixes)
- commit d0d71ee

- arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-fixes)
- commit ada238c

- arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
- commit c9bacb3

- spi: bcm63xx: fix max prepend length (git-fixes).
- commit 656db51

- drm/i915: Fix one wrong caching mode enum usage (git-fixes).
- drm/panel: simple: Add Powertip PH800480T013 drm_display_mode
  flags (git-fixes).
- drm/ttm: Don't leak a resource on swapout move error
  (git-fixes).
- drm/panel: simple: Add connector_type for innolux_at043tn24
  (git-fixes).
- wifi: rtw89: debug: fix error code in
  rtw89_debug_priv_send_h2c_set() (git-fixes).
- wifi: airo: avoid uninitialized warning in airo_get_rate()
  (git-fixes).
- commit d32565b

- net: mana: Add support for vlan tagging (bsc#1212301).
- commit b4b8120

- s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU
  ld < 2.36 (git-fixes bsc#1213264).
- commit 02c9941

- s390/debug: add _ASM_S390_ prefix to header guard (git-fixes
  bsc#1213263).
- commit ddf8224

- blacklist.conf: clang warning
- commit e4ffa77

- s390/ap: fix status returned by ap_aqic() (git-fixes
  bsc#1213259).
- commit 5299a79

- s390/ap: fix status returned by ap_qact() (git-fixes
  bsc#1213258).
- commit 43d22ed

- Move upstreamed x86 patch into sorted section
- commit d418f0a

- Move upstreamed AMDGPU patches into sorted section
- commit 399c97a

- Bluetooth: hci_bcm: do not mark valid bd_addr as invalid
  (git-fixes).
- commit 04e6123

- nilfs2: reject devices with insufficient block count
  (git-fixes).
- perf/x86/amd/core: Always clear status for idx (bsc#1213233).
- soundwire: bus_type: Avoid lockdep assert in sdw_drv_probe()
  (git-fixes).
- soundwire: cadence: Drain the RX FIFO after an IO timeout
  (git-fixes).
- commit 0234d5a

- s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
  (git-fixes bsc#1213252).
- commit c694863

- drm/amdgpu: Fix memcpy() in
  sienna_cichlid_append_powerplay_table function (git-fixes).
- net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()
  (git-fixes).
- net: qrtr: start MHI channel after endpoit creation (git-fixes).
- commit 7915fbb

- cpufreq: tegra194: Fix module loading (git-fixes).
- drm/bridge: anx7625: Fix refcount bug in anx7625_parse_dt()
  (git-fixes).
- commit 0b3f8c1

- Bluetooth: fix use-bdaddr-property quirk (git-fixes).
- Bluetooth: fix invalid-bdaddr quirk for non-persistent setup
  (git-fixes).
- acpi: Fix suspend with Xen PV (git-fixes).
- commit 7879a1f

- wifi: ath11k: Add missing check for ioremap (git-fixes).
- wifi: ath10k: Trigger STA disconnect after reconfig complete
  on hardware restart (git-fixes).
- usb: typec: Fix fast_role_swap_current show function
  (git-fixes).
- x86/amd_nb: Add PCI ID for family 19h model 78h (git-fixes).
- commit 51addf5

- PCI: vmd: Fix uninitialized variable usage in
  vmd_enable_domain() (git-fixes).
- soundwire: stream: Add missing clear of alloc_slave_rt
  (git-fixes).
- selftests: cgroup: fix unsigned comparison with less than zero
  (git-fixes).
- selftests/ir: fix build with ancient kernel headers (git-fixes).
- selftests: forwarding: Fix packet matching in mirroring
  selftests (git-fixes).
- commit 72553e2

- drm/bridge: tc358767: Switch to devm MIPI-DSI helpers
  (git-fixes).
- drm/bridge: ti-sn65dsi83: Fix enable error path (git-fixes).
- drm/bridge: it6505: Move a variable assignment behind a null
  pointer check in receive_timing_debugfs_show() (git-fixes).
- drm/msm/dpu: Assign missing writeback log_mask (git-fixes).
- commit 85e8c29

- drm/msm/dpu: set DSC flush bit correctly at MDP CTL flush
  register (git-fixes).
- drm/amdgpu: Fix usage of UMC fill record in RAS (git-fixes).
- drm/amd/display: Fix a test dml32_rq_dlg_get_rq_reg()
  (git-fixes).
- drm/amd/display: Fix a test CalculatePrefetchSchedule()
  (git-fixes).
- commit 68b289c

- Add alt-commit to an amdgpu patch
- commit 17f4d4e

- s390: discard .interp section (git-fixes bsc#1213247).
- commit 227bb94

- Bluetooth: ISO: Fix CIG auto-allocation to select configurable
  CIG (git-fixes).
- commit 2742425

- Bluetooth: ISO: use hci_sync for setting CIG parameters
  (git-fixes).
- Bluetooth: ISO: consider right CIS when removing CIG at cleanup
  (git-fixes).
- commit 2dd543b

- ASoC: Intel: sof_sdw: remove SOF_SDW_TGL_HDMI for MeteorLake
  devices (git-fixes).
- ASoC: SOF: topology: Fix logic for copying tuples (git-fixes).
- commit 13a5a3a

- kABI fix after Restore kABI for NVidia vGPU driver
  (bsc#1210825).
- commit 61abbf8

- s390/pci: clean up left over special treatment for function zero
  (bsc#1212525).
- s390/pci: remove redundant pci_bus_add_devices() on new bus
  (bsc#1212525).
- s390/pci: only add specific device in zpci_bus_scan_device()
  (bsc#1212525).
- PCI: s390: Fix use-after-free of PCI resources with per-function
  hotplug (bsc#1212525).
- commit 12637e5

- i2c: tegra: Set ACPI node as primary fwnode (bsc#1213226).
- commit 9454717

- Restore kABI for NVidia vGPU driver (bsc#1210825).
- commit 416c78b

- smb: client: remove redundant pointer 'server' (bsc#1193629).
- commit 20babff

- cifs: fix session state transition to avoid use-after-free issue
  (bsc#1193629).
- commit a0e7e51

- cifs: new dynamic tracepoint to track ses not found errors
  (bsc#1193629).
- commit 79e9e86

- cifs: log session id when a matching ses is not found
  (bsc#1193629).
- commit 920ccfd

- smb: client: improve DFS mount check (bsc#1193629).
- commit 8dd4bf1

- smb: client: fix shared DFS root mounts with different prefixes
  (bsc#1193629).
- commit 4ae5a6b

- smb: client: fix parsing of source mount option (bsc#1193629).
- commit 2375f35

- smb: client: fix broken file attrs with nodfs mounts
  (bsc#1193629).
- commit cf3707b

- cifs: print client_guid in DebugData (bsc#1193629).
- commit edd7762

- cifs: fix session state check in smb2_find_smb_ses
  (bsc#1193629).
- commit 8dbfb28

- cifs: fix session state check in reconnect to avoid
  use-after-free issue (bsc#1193629).
- commit 6191deb

- cifs: do all necessary checks for credits within or before
  locking (bsc#1193629).
- commit 5bb05f4

- cifs: prevent use-after-free by freeing the cfile later
  (bsc#1193629).
- commit b7bc433

- smb: client: fix warning in generic_ip_connect() (bsc#1193629).
- commit f671e4f

- smb: client: fix warning in CIFSFindNext() (bsc#1193629).
- commit d1f13ae

- smb: client: fix warning in CIFSFindFirst() (bsc#1193629).
- commit 01673ee

- smb3: do not reserve too many oplock credits (bsc#1193629).
- commit 73fb9a2

- cifs: print more detail when invalidate_inode_mapping fails
  (bsc#1193629).
- commit a875165

- smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
- commit 28577bd

- smb: client: fix warning in cifs_match_super() (bsc#1193629).
- commit c6a889a

- cifs: print nosharesock value while dumping mount options
  (bsc#1193629).
- commit 4243019

- Refresh
  patches.suse/x86-xen-fix-secondary-processor-fpu-initialization.patch.
- commit 011270e

- x86: Fix .brk attribute in linker script (git-fixes).
- commit cacd6a8

- ceph: fix blindly expanding the readahead windows (bsc#1213206).
- ceph: add a dedicated private data for netfs rreq (bsc#1213205).
- commit 9f18816

- blacklist.conf: Blacklist 23ee27dce30e and dc94bb8f271c
- commit aa7880b

- Update patches.suse/fs-hfsplus-fix-UAF-issue-in-hfsplus_put_super.patch (CVE-2023-2985, bsc#1211867).
- commit b8edf00
krb5
- Ensure array count consistency in kadm5 RPC; (bsc#1214054);
  (CVE-2023-36054);
- Added patches:
  * 0009-Ensure-array-count-consistency-in-kadm5-RPC.patch
libX11
- U_0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch
  U_0002-CVE-2023-43786-stack-exhaustion-from-infinite-recurs.patch
  U_0003-XPutImage-clip-images-to-maximum-height-width-allowe.patch
  U_0004-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch
  U_0005-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch
  * CVE-2023-43785 libX11: out-of-bounds memory access in
    _XkbReadKeySyms() (boo#1215683)
  * CVE-2023-43786 libX11: stack exhaustion from infinite recursion
  in PutSubImage() (boo#1215684)
  * CVE-2023-43787 libX11: integer overflow in XCreateImage()
    leading to a heap overflow (boo#1215685)
libapparmor
- Fix pam_apparmor %post and %postun scripts to handle pam-config errors
  (bsc#1215596)

- update zgrep profile to allow egrep helper use (bsc#1214458)
  - zgrep-profile-sync-with-master.diff

- Add pam_apparmor README, referenced from online cha-apparmor-pam.html
  documentation (bsc#1213472)
cryptsetup
- luksFormat: Handle system with low memory and no swap space [bsc#1211079]
  * Check for physical memory available also in PBKDF benchmark.
  * Try to avoid OOM killer on low-memory systems without swap.
  * Use only half of detected free memory on systems without swap.
  * Add patches:
  - cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
  - cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
  - cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
libeconf
- Additional info for version 0.5.2:
  * Fixed a stack-buffer-overflow vulnerability in "econf_writeFile"
    function. (CVE-2023-30078, CVE-2023-32181, bsc#1211078)
  * Fixed a stack-buffer-overflow vulnerability in "read_file"
    function. (CVE-2023-30079, CVE-2023-22652, bsc#1211078)

- Update to version 0.5.2:
  * Fixed build for aarch64 and gcc13.
  * Making the output verbose when a test fails.
  * Fixed a stack-buffer-overflow vulnerability in "econf_writeFile"
    function.
  * Fixed a stack-buffer-overflow vulnerability in "read_file"
    function.
  * Added new feature: econf_set_conf_dirs (const char **dir_postfix_list)
    Sets a list of directory structures (with order) which describes
    the directories in which the files have to be parsed.
    E.G. with the given list: {"/conf.d/", ".d/", "/", NULL} files in following
    directories will be parsed:
    "<default_dirs>/<project_name>.<suffix>.d/"
    "<default_dirs>/<project_name>/conf.d/"
    "<default_dirs>/<project_name>.d/"
    "<default_dirs>/<project_name>/"
    The entry "<default_dirs>/<project_name>.<suffix>.d/" will be added
    automatically.
  * General code cleanup.

- Update to version 0.5.1:
  * Reading files in /usr/_vendor_/_example_._suffix_.d/* regardless
    there is a /etc/_example_._suffix_ file. (#175)

- Update to version 0.5.0:
  * API calls econf_read*WithCallback supporting a general (void *)
    argument for user defined data with which the callback function is
    called.
  * Tagged following functions deprecated:
    econf_requireOwner, econf_requireGroup, econf_requirePermissions,
    econf_followSymlinks, econf_reset_security_settings
    Use one of the econf_read*WithCallback functions instead.

- Update to version 0.4.9:
  * libeconf.h: added missing sys/types.h header (#171)
  * new API calls: econf_readFileWithCallback,
    econf_readDirsWithCallback, econf_readDirsHistoryWithCallback (#172)
  * Checking NULL comment parameter in the parsing functions.

- Update to version 0.4.8+git20221114.7ff7704:
  * Parsing files which are containing keys only (#170)
    All delimiters are allowed now : "", " =", " ", "=". But the
    user should use "" in order to be distinct.
  * /usr/etc/shells.d/<file_name> will not be parsed if
    /etc/shells.d/<file_name> is defined too.
  * Lto build fixed (#168)
  * New calls: econf_comment_tag, econf_delimiter_tag, econf_set_comment_tag,
    econf_set_delimiter_tag
  * Checking UID,GroupID, permissions,... of the parsed files (#165)
    New calls: econf_requireOwner, econf_requireGroup, econf_requirePermissions,
    econf_followSymlinks
  * Ignoring Group without brackets; Do not hold brackets in the internal data structure. (#164)
  * Error handling improved for nums and booleans (#163)
libfido2
- Use openssl 1.1 still on SLES 15 SP4 to avoid pulling unnecessary
  openssl-3 dependency.  jsc#PED-4521
freetype2
- Added patch:
  * CVE-2023-2004.patch
    + fixes bsc#1210419, CVE-2023-2004: Integer overflow
gcc12
- Add gcc12-aarch64-bsc1214052.patch to fix -fstack-protector issues
  with variable length stack allocations on aarch64.
  Fixes CVE-2023-4039.  [bsc#1214052]
liblognorm
- Upgrade to liblognorm v2.0.6 (jsc#PED-4883)
  * 2018-11-02: nitfixes: issues deteced by CodeFactor.com
  * 2018-11-01: more cleanup of shell scripting
  * 2018-10-31: cleanup shell scripting
  * 2018-10-26: implement Checkpoint LEA transfer format
  * 2018-10-31: fix mising shebangs in test scripts
  * 2018-10-30: fix some bash style nits
  * 2018-07-15: fix very theoretic misadressing (gcc-8 warning)
  * 2018-06-26: string parser: add "lazy" matching mode
  * 2018-05-30: Update lognormalizer.c
  * 2018-05-30: Update lognormalizer.c to support case fallthrough
  * 2018-05-30: Update README
  * 2018-05-10: Fix for #229 (cisco-interface-spec at end of line)
  * 2018-03-21: Suppress invalid param error for name to fix #270
- Upgrade to liblognorm v2.0.5
  * 2018-04-25: fix potential NULL pointer addressing
  * 2018-04-07: Add test for nested user types
  * 2018-04-07: Fix use after free with nested user types (#235)
  * 2018-04-25: build system: fix gcc warning
  * 2018-04-25: make "make check" "succeed" on solaris 10
  * 2018-04-16: fix build warnings with some newer compilers
  * 2018-04-16: remove dead code
  * 2018-04-16: fix potential memory leaks during config processing
  * 2018-04-16: fix memory leak during config processing
  * 2018-04-16: csv encoder: fix format error when processing arrays
  * 2018-03-29: Explicitly list supported whitespace characters
  * 2018-03-28: "fix" return type of unused dummy function
  - replaces liblognorm-2.0.4-no-return-in-nonvoid-function.patch
  * 2018-03-21: Suppress invalid param error for name to fix #270
  * 2018-03-19: fix header guard
  * 2018-03-06: Correct CLI options in the docs
  * 2018-01-13: AIX port : added compatibility and modified lognormalizer for AIX.
  * 2017-11-29: codestyle: correct line length to 120
  * 2017-11-29: codestyle: set max line length to 120
  * 2017-11-25: fix some very bad line length violations
  * 2017-11-25: travis: temporarily permit longer line length
  * 2017-10-19: make build with gcc7
  * 2017-10-05: es_str2cstr leak in string-to v1 parse
nghttp2
- Fixes memory leak that happens when PUSH_PROMISE or HEADERS frame cannot be
  sent, and nghttp2_on_stream_close_callback fails with a fatal error.
  [CVE-2023-35945 bsc#1215713]
  + nghttp2-CVE-2023-35945.patch
openssl-1_1
- Displays "fips" in the version string (bsc#1215215)
  * Add openssl-1_1-fips-bsc1215215_fips_in_version_string.patch

- Security fix: (bsc#1213853, CVE-2023-3817)
  * Fix excessive time spent checking DH q parameter value
    (bsc#1213853, CVE-2023-3817). The function DH_check() performs
    various checks on DH parameters. After fixing CVE-2023-3446 it
    was discovered that a large q parameter value can also trigger
    an overly long computation during some of these checks. A
    correct q value, if present, cannot be larger than the modulus
    p parameter, thus it is unnecessary to perform these checks if
    q is larger than p. If DH_check() is called with such q parameter
    value, DH_CHECK_INVALID_Q_VALUE return flag is set and the
    computationally intensive checks are skipped.
  * Add openssl-1_1-CVE-2023-3817.patch

- Dont pass zero length input to EVP_Cipher because assembler
  optimized AES cannot handle zero size. [bsc#1213517]
  * Add openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch

- Security fix: [bsc#1213487, CVE-2023-3446]
  * Fix DH_check() excessive time with over sized modulus.
  * The function DH_check() performs various checks on DH parameters.
    One of those checks confirms that the modulus ("p" parameter) is
    not too large. Trying to use a very large modulus is slow and
    OpenSSL will not normally use a modulus which is over 10,000 bits
    in length.
    However the DH_check() function checks numerous aspects of the
    key or parameters that have been supplied. Some of those checks
    use the supplied modulus value even if it has already been found
    to be too large.
    A new limit has been added to DH_check of 32,768 bits. Supplying
    a key/parameters with a modulus over this size will simply cause
    DH_check() to fail.
  * Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch
parted
- fix null pointer dereference (bsc#1193412)
  - add: parted-fix-check-diskp-in-do_name.patch
- update mkpart options in manpage (bsc#1182142)
  - add: parted-mkpart-manpage.patch
pcre2
- Security fix: [bsc#1213514, CVE-2022-41409]
  * Integer overflow vulnerability in pcre2test before 10.41
    allows attackers to cause a denial of service or other
    unspecified impacts via negative input.
  * Add pcre2-CVE-2022-41409.patch
procps
- Add patch CVE-2023-4016.patch
  * CVE-2023-4016: ps buffer overflow (bsc#1214290)
python3
- Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing
  gh#python/cpython#108310, backport from upstream patch
  gh#python/cpython#108315
  (bsc#1214692, CVE-2023-40217)
systemd
- Import commit b473c02cc08e093e370034425671cbc001c6748e
  02caac7973 units/initrd-parse-etc.service: Conflict with emergency.target
  70b3bff9f8 sd-device-monitor: dynamically allocate receive buffer (bsc#1213873)
  e2e1fbba2b sd-device: change type of properties nulstr from uint8_t* to char*
  c9d3dd5954 udev: set description for device monitor
  3f07f44fde test: use sd_device_monitor_set_description()
  b304a1e1a2 sd-device-monitor: logs description for device monitor
  929d4066c5 sd-device-monitor: introduce sd_device_monitor_{set,get}_description()
  340e523048 sd-device-monitor: fix inversed condition
  02659c7b67 tree-wide: port various places over to new stat_inode_same() helper
  b35a4b042a stat-util: add helper stat_inode_same() for comparing stat's st_dev/st_ino in one
  d25219cbe3 libsystemd: ignore both EINTR and EAGAIN
  648a151313 errno-util: introduce ERRNO_IS_TRANSIENT()

- Import commit 155fe1917157bdeecf7e28ef0ea9f62084f27f14
  3b8c671f90 detach-md: similar to the DM case, also don't try to detach MD device backing /usr/ (bsc#1211576)
  6da5d2d1fc shutdown: don't attempt to detach DM volume backing /usr/ (bsc#1211576)
  37178881c1 udev: decrease devlink priority for iso disks (bsc#1213185)
  02ede28319 shutdown: get only active md arrays. (bsc#1212434 bsc#1213575 bsc#1211576)
  412b8dbb32 umount: /usr/ should never be unmounted regardless of HAVE_SPLIT_USR or not (bsc#1211576)
  16f897570a units: remove the restart limit on the modprobe@.service
  e4e85b08bd tests: add test case for long unit names
  3f84b06f9d core: shorten long unit names that are based on paths and append path hash at the end (bsc#1208194)

- Add 5001-sleep-don-t-init-sys-power-resume-if-resume-option-i.patch (bsc#1186606)

- Make sure to pre-install the groups systemd and udev rely on. This is needed
  when the tmpfiles are run at package installation time (i.e. when
  file-triggers are disabled).

- Move more packaging fixups in the fixlet script.

- Move the persistent net rule fix in udev fixlet script.

- Rather than having one script per fix, use a single script (or "fixlet") per
  (sub) package that contains all the fixups relative to a (sub) package. This
  has the advantage to limit the number of scripts but more importantly it will
  ease the sharing of the spec file between TW and SLE. We should also be able
  to compare the fixlets of two distros even if the spec files have diverged.
  Note that all the fixups are run just once now.

- kbd-model-map.legacy:: add 'ara' which should replace 'arabic' in the long
  term (bsc#1210702)

- kbd-model-map.legacy: drop some entries no longer needed by YaST
  Related to bsc#1194609.

- Include pam_keyinit.so in our systemd-user PAM service (bsc#1209741)
  That way "systemd --user" instances get their own session keyring instead of
  the user default session keyring. For some reasons cifscreds refuses to work
  with the latter. That's what is expected for every PAM session anyway.
libxml2
- Security update:
  * [CVE-2023-39615, bsc#1214768] Crafted xml can cause global
    buffer overflow
  - Added file libxml2-CVE-2023-39615.patch
libyajl
- add libyajl-CVE-2023-33460.patch (CVE-2023-33460, bsc#1212928)
libyui
- Version bump to 4.5.3 to fix master branch accidentially
  having been submitted to SLE-15-SP5 by CI for some versions
  (master is now 4.6.0 already, so there is no version clash)

- NCurses UI: Prevent buffer overflow when drawing very wide labels
  (bsc#1211354)
- 4.4.12
libzypp
- Fixup changes for 17.31.16. Remove faulty reference to a bug
  actually fixed in 2019.
- version 17.31.20 (22)

- Fix zypp-tui/output/Out.h to build with clang.
- Fix zypp/Arch.h for clang (fixes #478)
  Clang seems to have issues with picking the overload in
  std::men_fn if there is a static overload of a member function.
  We need to explicitely specify the correct type of the function
  pointer. To make sure this would not break compiling a
  application with clang that builds against libzypp this patch
  works around the problem.
- version 17.31.19 (22)

- SINGLE_RPMTRANS: Respect ZYPP_READONLY_HACK when checking the
  zypp-rpm lock (fixes openSUSE/openSUSE-repos#29)
- version 17.31.18 (22)

- Fix wrong filesize exceeded dl abort in zyppng::Downloader
  (bsc#1213673)
  In some cases when downloading very small files we can run into
  issues when the URL is protected by credentials.
- version 17.31.17 (22)

- Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231)
- Don't cleanup orphaned dirs if read-only mode was promised
  (bsc#1210740)
- version 17.31.16 (22)

- Fix build against protobuf >= 22 (fixes #465, closes #466)
  Port away from protobuf_generate_cpp. Upstream protobuf does not
  export protobuf_generate_cpp by default anymore.
  Use protobuf_generate instead, which is also available on older
  versions.
- Remove SUSE < SLE11 constructs (fixes #464).
- version 17.31.15 (22)
shadow
- bsc#1214806 (CVE-2023-4641):
  Fix potential password leak
- Add shadow-CVE-2023-4641.patch

- bsc#1213189: Change lock mechanism to file locking to prevent
  lock files after power interruptions
- Add shadow-4.8.1-lock-mechanism.patch

- bsc#1206627: Add --prefix support to passwd, chpasswd and chage
  Needed for YaST
- Add shadow-4.8.1-add-prefix-passwd-chpasswd-chage.patch
man
- Use inverted exit status in exec option of find command to
  avoid refreshing man database (boo#1155879)

- Minor corrections on %ghost /var/cache/man
nfs-utils
- Add 0032-exportfs-Ingnore-export-failures-in-nfs-server.seriv.patch
  Inconsistencies in /etc/exports shouldn't be fatal.
  (bsc#1212594)

- Add 0030-systemd-use-correct-modprobe-d-directory
  SLE15-SP5 an earlier don't use /usr/lib/modprobe.d
  (bsc#1200710)
- Add 0031-mountd-don-t-advertise-krb5-for-v4root-when-not-conf.patch
  Avoid unhelpful warning if rpcsec_gss_krb5.ko not installed

- Add 0028-mount.nfs-always-include-mountpoint-or-spec-if-error.patch
  boo#1157881
- Add 0029-nfsd.man-fix-typo-in-section-on-scope.patch
  bsc#1209859
- Allow scope to be set in sysconfig: NFSD_SCOPE
openssh
- Add openssh-CVE-2023-38408-PKCS11-execution.patch, Abort if
  requested to load a PKCS#11 provider that isnt a PKCS#11
  provider (bsc#1213504,CVE-2023-38408)

- openssh-7.7p1-fips_checks.patch: close the right filedescriptor
  to avoid fd leads, and also close fdh in read_hmac (bsc#1209536)
perl-Bootloader
- merge gh#openSUSE/perl-bootloader#157
- bootloader_entry script can have an optional 'force-default'
  argument (bsc#1215064)
- skip warning about unsupported options when in compat mode
- 0.945

- merge gh#openSUSE/perl-bootloader#152
- use signed grub EFI binary when updating grub in default EFI
  location (bsc#1210799)
- check whether grub2-install supports --suse-force-signed option
- 0.944

- merge gh#openSUSE/perl-bootloader#147
- UEFI: update also default location, if it is controlled by SUSE
  (bsc#1210799, bsc#1201399)
- 0.943

- merge gh#openSUSE/perl-bootloader#142
- use fw_platform_size to distinguish between 32 bit and 64 bit
  UEFI platforms (bsc#1208003)
- 0.942

- merge gh#openSUSE/perl-bootloader#141
- systemd-boot: easier initial setup
- 0.941

- merge gh#openSUSE/perl-bootloader#140
- add basic support for systemd-boot
- 0.940
perl
- enable TLS cert verification in CPAN [bnc#1210999] [CVE-2023-31484]
  new patch: perl-cpan_verify_cert.diff
python-configobj
- Add CVE-2023-26112.patch (bsc#1210070)
python3-ec2metadata
- Update to version 5.0.0 (bsc#1214215)
  + Remove the --use-token command line option. Aws is deprecating access
    to instance metadata without authentication token. Ability to access
    metadat without token has been removed
  + Support access to the metadata server over IPv6. If the customer
    enables the IPv6 endpoint for an instance it will be preferred over the
    IPv4 endpoint
python-pyasn1
- To avoid users of this package having to recompile bytecode
  files, change the mtime of any __init__.py. (bsc#1207805)
python-rpm
- build for all python modules (jsc#PED-68, jsc#PED-1988)
salt
- Fix inconsistency in reported version by egg-info metadata (bsc#1215489)
- Added:
  * write-salt-version-before-building-when-using-with-s.patch

- Revert usage of long running REQ channel to prevent possible
  missing responses on requests and dublicated responses
  (bsc#1213960, bsc#1213630, bsc#1213257)
- Fix gitfs cachedir basename to avoid hash collisions
  (bsc#1193948, bsc#1214797, CVE-2023-20898)
- Added:
  * fixed-gitfs-cachedir_basename-to-avoid-hash-collisio.patch
  * revert-usage-of-long-running-req-channel-bsc-1213960.patch

- Make sure configured user is properly set by Salt (bsc#1210994)
- Do not fail on bad message pack message (bsc#1213441, CVE-2023-20897)
- Fix broken tests to make them running in the testsuite
- Prevent possible exceptions on salt.utils.user.get_group_dict (bsc#1212794)
- Create minion_id with reproducible mtime
- Fix detection of Salt codename by "salt_version" execution module
- Fix regression: multiple values for keyword argument 'saltenv' (bsc#1212844)
- Fix the regression of user.present state when group is unset (bsc#1212855)
- Fix zypper repositories always being reconfigured
- Fix utf8 handling in 'pass' renderer and make it more robust
- Added:
  * make-sure-configured-user-is-properly-set-by-salt-bs.patch
  * prevent-possible-exceptions-on-salt.utils.user.get_g.patch
  * mark-salt-3006-as-released-586.patch
  * fix-the-regression-of-user.present-state-when-group-.patch
  * fix-tests-to-make-them-running-with-salt-testsuite.patch
  * fix-utf8-handling-in-pass-renderer-and-make-it-more-.patch
  * do-not-fail-on-bad-message-pack-message-bsc-1213441-.patch
  * zypper-pkgrepo-alreadyconfigured-585.patch
  * fix-regression-multiple-values-for-keyword-argument-.patch

- Prevent _pygit2.GitError: error loading known_hosts when $HOME is not set (bsc#1210994)
- Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591)
- tornado: Fix an open redirect in StaticFileHandler (CVE-2023-28370, bsc#1211741)
- Added:
  * 3006.0-prevent-_pygit2.giterror-error-loading-known_.patch
  * fix-some-issues-detected-in-salt-support-cli-module-.patch
  * tornado-fix-an-open-redirect-in-staticfilehandler-cv.patch
python-urllib3
- Add CVE-2023-43804.patch (bsc#1215968, CVE-2023-43804)
  gh#urllib3/urllib3#3139
  * Added the Cookie header to the list of headers to strip from
    requests when redirecting to a different host. As before,
    different headers can be set via Retry.remove_headers_on_redirect.
release-notes-sles
- 15.5.20230522 (tracked in bsc#933411)
- Updated certifications info (bsc#1211471)
rsyslog
-patches replaced by upgrade (see details in upgrade logs below)
  0001-fixing-the-deleteStateOnFileDelete-option.patch
  0001-imfile-Remove-inotify-watch-descriptor-on-inode-chan.patch
  0001-queue-Add-NULL-check-in-qDeqLinkedList.patch
  0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch
  0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch
  CVE-2022-24903.patch
- Upgrade to rsyslog 8.2306.0 (jsc#PED-4883)
  * 2023-06-09: mmnormalize bugfix: if msg cannot be parsed, parser chain is stopped
  * 2023-06-08: Add new global config option "libcapng.default"
  * 2023-06-08: imjournal: Add FileCreateMode module parameter
  * 2023-04-17: core bugfix: potential segfault on busy systems
  * 2023-05-11: GNUTls Driver: Fix memory leaks in gtlsInitCred
  * 2023-05-24: CI: update base ubuntu image for github actions
  * 2023-05-16: OMHIREDIS::ADDED:: New support for 'stream' mode
  * 2023-05-17: OMHIREDIS::ADDED:: new tests for existing functionalities
  * 2023-04-25: OMHIREDIS::FIXED:: Correctly suspend module in case of failure
  * 2023-05-17: OMHIREDIS::FIXED:: Synchronously try to authenticate
  * 2023-04-25: IMHIREDIS::ADDED:: New support for 'stream' mode
  * 2023-04-25: REDIS::ADDED:: Implement tests for imhiredis module
  * 2023-04-12: IMHIREDIS::CLEAN:: various improvements and fixes
    [#]## CHANGED
  - [IMHIREDIS] factorize code for different modes
  - [IMHIREDIS] Clean and improve logging lines
  - [IMHIREDIS] Poll extinction state less frequently for main thread (less aggresive)
  - [IMHIREDIS] Set 'key' action parameter to REQUIRED
  - [IMHIREDIS] Use known message length instead of calculating it when
    enqueuing message
    [#]## ADDED
  - [IMHIREDIS] Missing redis replies' types in enumeration
    [#]## FIXED
  - [IMHIREDIS] Correctly initialize instance object, especially for redisNodesList
  - [IMHIREDIS] Correctly print input mode's value in logs when set incorrectly
  * 2023-05-17: tests: mmexternal-SegFault-empty-jroot-vg.sh: fix typo
  * 2023-03-21: modify testbench test to detect wrong imptcp truncation
  * 2023-03-21: imptcp bugfix: spam log on oversize message
  * 2023-03-23: core/bugfix: using $uuid msg prop can deadlock rsyslog on shutdown
  * 2023-03-13: Remove halted LGTM badges on README
  * 2023-02-16: Do not preserve capabilities when changing credentials
  * 2023-01-23: CI/QA: do compile test both with NDEBUG set/unset
  * 2023-01-23: Fixed wrong type conversion in cstrLen() for debug mode as well
  * 2023-01-18: core/template: implement negative position.to
  * 2023-01-18: CI: fix github CodeQL settings
  * 2023-01-17: Remove CAP_DAC_OVERRIDE if privileges dropped
  * 2023-01-17: Adjust the capability set
  * 2023-01-13: substring function: enhancement and hardening
  * 2023-01-11: omfile: add action parameters "rotation.*"
  * 2023-01-11: CI: use newer version of zookeeper
  * 2023-01-09: ffaup fix : memory corruption with concurrent workers
  * 2023-01-02: openssl: fix undefined reference to CRYPTO_set_id_callback
  * 2022-12-30: testbench: add test for invalid json template generation
  * 2022-12-30: core bugfix: template system may generate invalid json
  * 2022-12-28: Fixed wrong type conversion in cstrLen()
  * 2022-12-08: Add CodeQL workflow for GitHub code scanning
- Upgrade to rsyslog 8.2212.0
  * 2022-12-05: testbench: make python http server based tests more reliable
  * 2022-12-05: omprog bugfix: invalid status handling at called program startup
  * 2022-11-29: testbench bugfix: wrong message injection object of instance 1
  * 2022-11-21: rsyslog.conf man page bugfix: description of selectors
  * 2022-11-18: imtcp bugfix: legacy config directives did no longer work
  - replaces 0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch
  * 2022-11-16: ksi bugfix: sending of too many signing requests fixed.
  * 2022-11-14: bugfix: prevent potential segfault when switchung to queue emergency mode
  * 2022-11-02: imjournal: add second fallback to _COMM
  * 2022-10-25: core bugfix: local hostname invalid if no global() config object given
  * 2022-10-25: testbench bugfix: fixed timing issue that sometimes lead to test failure
- Upgrade to rsyslog 8.2208.0
  * 2022-08-09: ksi bugfix: request cache size and send timeout issue fixed.
  * 2022-08-09: imjournal bugfix: segmentation fault in close journal
  * 2022-08-09: net subsystem: support sha256 for StreamDriverAuthMode="x509/fingerprint"
  * 2022-08-05: imfile bugfix: message loss/duplication when monitored file is rotated
  * 2022-08-05: ksi bugfix: optimize processing of signer queue to fix delays.
  * 2022-08-04: ksi bugfix: possible crash fixed when several log files are opened.
  * 2022-08-04: openssl: add support to split tls commands by semicolon
  * 2022-08-04: openssl subsystem bugfix: build issue on Solaris
  * 2022-08-04: openssl: add more details to error messages
  * 2022-08-04: omclickhouse: capture additional exceptions
  * 2022-08-04: mmanon bugfix: Simplified and fixed IPv4 digit detection.
  * 2022-07-21: imptcp: slight tuning
  * 2022-07-20: template procesing/json: performance optimization
  * 2022-07-19: core bugfix: memory leak when free action worker data table
  * 2022-07-13: omfile: support for zstd compression
  * 2022-07-07: stream cleanup: move error message to debug log, only
  * 2022-07-04: mmdblookup bugfix: Don't crash Rsyslog on mmdb file errors
  * 2022-06-28: build error fix: libbson requires out-of-date language constructs
  * 2022-06-27: OpenSSL: fix depreacted API issues for OpenSSL 3.x
- Upgrade to rsyslog 8.2206.0
  * 2022-05-25: omelastisearch: allow omitting _type field
  * 2022-05-18: tcpsrv/imtcp: slight performance improvements
  * 2022-05-12: imptcp bugfix: worker thread starvation on extreme traffic
  * 2022-05-11: omelasticsearch: several support option for ElasticSearch 8
  - config params searchIndex and documentType can be empty
  - support for Data Stream API
  - new config param esVersion.major
  * 2022-05-09: tcp receiver bugfix: delay/potential hang on some error conditions
  * 2022-05-05: net bugfix: potential buffer overrun
  - replaces CVE-2022-24903.patch
    Advisory:
    https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8#advisory-comment-72243
  * 2022-05-05: imptcp: set OS worker thread name
  * 2022-04-26: mmanon bugfix: shortened IPv6 form not always anonymized
  * 2022-04-22: mmdblookup fix: wrong copy of buffer
  * 2022-04-22: mmdblookup: several enhancements
  - support arrays in MMDB entry
  - support escaped quotes '"' in MMDB entry
  - support '<' characters in MMDB entry, when in a field
  - support '}' characters in MMDB entry, when in a field
- Upgrade to rsyslog 8.2204.0
  * 2022-04-18: gnutls bugfix: possibility of infinite loop
  * 2022-04-17: core/bugfix: errorfile could grow over max configures size
  * 2022-04-17: omkafka bugfix: potential misadressing
  * 2022-04-06: added new "FullJSONFmt" standard template (with addtl fields)
  * 2022-04-04: imfile: potential processing delay
  * 2022-04-04: bugfix: cosmetic data races
  * 2022-04-01: add property options to support ISO week/year number
  * 2022-04-01: core bugfix: "action suspended" message was emitted even when turned off
  * 2022-03-31: testbench: add more tests for rscript comparison operations
  * 2022-03-31: core bugfix: make internal logs emitted during HUP procesing appear quicker
  * 2022-03-20: refactor: Move the parser directive to the main config
  * 2022-03-16: refactor: ake the main message queue part of the config
  * regression bugfix: rsyslog may segfault during startup
  * regression fix: script string comparison did not work correctly
- Upgrade to rsyslog 8.2202.0
  * 2022-02-11: Make action counter part of the config
  * 2022-02-09: imfile: Remove inotify watch descriptor on inode change detected
  - replaces 0001-imfile-Remove-inotify-watch-descriptor-on-inode-chan.patch
  * 2022-02-03: omelasticsearch: Fix indexSuccess impstats counter in bulkmode
  * 2022-01-28: rscript: literal numbers were not compared correctly
  * 2022-01-17: ompgsql: PGsslInUse not supported on old distros
  * 2021-12-31: ompgsql: allow connection params via connection string
  * 2022-01-17: CI: remove fedora 33 based testing
  * 2022-01-14: Terminate all tcpsrv threads properly
  * 2022-01-04: Move timezone specific variables to rsconf
  * 2022-01-13: Fixes #4395 by correctly checking for EPIPE.
  * 2022-01-12: Move rsyslog global parameters to rsconf_t struct
  * 2022-01-12: cleanup: remove unused variable
  * 2022-01-07: CI: cleanup journal test environment
  * 2022-01-06: CI: remove unnecessary dependency
  * 2022-01-05: Update omlibdbi.c
  * 2022-01-05: omhttp: Fix memory leak in lokirest batchmode
  * 2021-12-15: Clarify meaning of loadConf and RunConf
- Upgrade to rsyslog 8.2112.0
  * 2021-12-14: refactor:Deallocate outchannel resources in rsconf destructor
  * 2021-12-14: refactor: use runConf instead of loadConf in ratelimiting during runtime
  * 2021-11-22: new contribtion: URL parser module function using libfa
  * 2021-11-18: mmanon: relax IPv6 detection - improve anonymization
  * 2021-11-10: ruleset bugfix: ruleset queue was incorrectly named
  * 2021-11-10: omsnmp: update module to current IP best practices
  * 2021-10-27: ommysql: fix threading bug
  * 2021-10-25: testbench: false positive when impstats was not built
  * 2021-10-25: imtcp: add support for permittedPeers setting at input() level
  * 2021-10-25: testbench: add test for legacy permittedPeer statement
  - replaces 0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch
- Upgrade to rsyslog 8.2110.0:
  * 2021-10-13: PrivDropToUser: fix abortOnIDResolutionFail handling #2
  * 2021-10-12: PrivDropToUser: fix abortOnIDResolutionFail handling
  * 2021-09-17: rscript fix: ruleset called async when ruleset had queue.type="direct"
  * 2021-10-07: tcpsrv: fix compilation without exceptions
  * 2021-09-29: build issue: handle undefined MAXPATHLEN, PATH_MAX
  * 2021-10-06: Fix typo in error message.
  * 2021-09-21: mmkubernetes bugfix: no connection retry to kubernetes APP
  * 2021-09-13: use correct api for es 6 and later
  * 2021-09-20: openssl: Correct gnutlsPriorityString (custom ciphers) behaviour
  * 2021-09-20: ksi bugfix: locking bug fixed in rsksiCtxOpenFile
  * 2021-09-13: Fix ElasticSearch Test broken by ES incompatibility
  * 2020-11-21: imhttp updates - query parameter ingestion & basic auth support
  * 2021-09-08: openssl: extended output information on connection failure
  * 2021-09-02: queue: Add NULL check in qDeqLinkedList
  - replaces 0001-queue-Add-NULL-check-in-qDeqLinkedList.patch
  * 2021-09-06: core bugfix: use of property $wday terminates string
  * 2021-09-02: gnutls: Propagate PrioritizeSAN when accepting a new connection
  * 2021-08-24: ratelimit: fix rate limiting for already parsed messages
  * 2021-08-23: config: implement script-equavalent for $PrivDrop* statements
- Upgrade to rsyslog 8.2108.0:
  * 2021-08-16: openssl tls: Improved error message output on tls failures.
  * 2021-07-01: imfile add `ignoreolderthanoption`
  * 2021-08-10: imklog: fix invalid memory adressing, could cause abort
  * 2021-08-09: omelasticsearch: fix incorrect mutex error handling regression
  * 2021-08-09: imfile bugfix: hash char invalidly added in readmode != 0
  * 2021-08-08: imudp: add socket type (IPv4 vs. 6) to input name
  * 2021-07-13: fixing the deleteStateOnFileDelete option
  - replaces 0001-fixing-the-deleteStateOnFileDelete-option.patch
  * 2021-07-07: CI: add test for imtcp not correctly starting up and a Solaris fix
  * 2021-08-05: omfwd: add capability for action-specific TLS certificate settings
  * 2021-07-01: imtcp: permit to use different certificate files per input/action
  * 2021-08-04: debug support: add indication of "being HUPed" to debug log
  * 2021-08-04: imptcp bugfix: keep alive interval was incorrectly set
  * 2021-07-22: Close file descriptor when freshStartTail is turned on
  * 2021-07-22: [omelasticsearch] Improve errorFile mutex handling
  * 2021-07-08: openssl network driver bugfix: small memory leak
  * 2021-07-07: tcpsrv bugfix: abort if no listener could be started
  * 2021-07-01: tcp subsystem: fix cosmetic memory leak on shutdown
  * 2021-07-01: fix typo in error message
  * 2021-06-30: OMMONGODB :: Fixes
  * 2021-06-29: mmkubernetes fix for apiserver error handling
  * 2021-06-21: omkafka updates
  * 2021-06-22: percentile module to track percentile metrics via impstats
  * 2021-06-17: CI: disable Travis CI for the time being
  * 2021-04-15: omhttp: Fix dynrestpath param in batch mode
  * 2021-06-14: add predefined template RSYSLOG_SyslogRFC5424Format
  * 2021-06-10: bugfix: _sender_stats reports integer counter as string

- fix removal of imfile state files (bsc#1213212)
  * add 0001-fixing-the-deleteStateOnFileDelete-option.patch
runc
- Update to runc v1.1.8. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.8>.
samba
- CVE-2023-4091: samba: Client can truncate file with read-only
  permissions; (bsc#1215904); (bso#15439).
- CVE-2023-42669: samba: rpcecho, enabled and running in AD DC,
  allows blocking sleep on request; (bso#1215905); (bso#15474).
- CVE-2023-42670: samba:  The procedure number is out of range
  when starting Active Directory Users and Computers;
  (bsc#1215906); (bso#15473).
- CVE-2023-3961: samba: Unsanitized client pipe name passed to
  local_np_connect(); (bsc#1215907); (bso#15422).
- CVE-2023-4154: samba: dirsync allows SYSTEM access with only
  "GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES;
  (bsc#1215908); (bso#15424).

- Fix DFS not working with widelinks enabled; (bsc#1213607);
  (bso#15435);

- Move libcluster-samba4.so from samba-libs to samba-client-libs;
  (bsc#1213940);

- net ads lookup with unspecified realm fails; (bso#15384);
  (bsc#1213826);

- secure channel faulty since Windows 10/11 update 07/2023;
  (bso#15418); (bsc#1213384).

- CVE-2022-2127: lm_resp_len not checked properly in
  winbindd_pam_auth_crap_send; (bso#15072); (bsc#1213174).
- CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite
  Loop Denial-of-Service Vulnerability; (bso#15340); (bsc#1213173).
- CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type
  Confusion Denial-of-Service Vulnerability; (bso#15341); (bsc#1213172).
- CVE-2023-34968: Spotlight server-side Share Path Disclosure;
  (bso#15388); (bsc#1213171).
- CVE-2023-3347: Samba doesn't require SMB2+ signing if
  `server signing = mandatory` is set; (bso#15397); (bsc#1213170).

- Update to 4.17.9
  * Backport --pidl-developer fixes; (bso#15404).
  * smbd_scavenger crashes when service smbd is stopped;
    (bso#15275).
  * vfs_fruit might cause a failing open for delete; (bso#15378).
  * named crashes on DLZ zone update; (bso#14030).
  * winbind recurses into itself via rpcd_lsad; (bso#15361).
  * cli_list loops 100% CPU against pre-lanman2 servers;
    (bso#15382).
  * smbclient leaks fds with showacls; (bso#15391).
  * aes256 smb3 encryption algorithms are not allowed in
    smb3_sid_parse(); (bso#15374).
  * winbindd gets stuck on NT_STATUS_RPC_SEC_PKG_ERROR;
    (bso#15413).
  * smbget memory leak if failed to download files recursively;
    (bso#15403).

- Update to 4.17.8
  * log flood: smbd_calculate_access_mask_fsp: Access denied:
    message level should be lower; (bso#15302).
  * Floating point exception (FPE) via cli_pull_send at
    source3/libsmb/clireadwrite.c; (bso#15306).
  * test_tstream_more_tcp_user_timeout_spin fails intermittently
    on Rackspace GitLab runners; (bso#15328).
  * Reduce flapping of ridalloc test; (bso#15329).
  * large_ldap test is unreliable; (bso#15351).
  * New filename parser doesn't check veto files smb.conf
    parameter; (bso#15143).
  * mdssvc may crash when initializing; (bso#15354).
  * Large directory optimization broken for non-lcomp path
    elements; (bso#15313).
  * streams_depot fails to create streams; (bso#15357).
  * shadow_copy2 and streams_depot don't play well together;
    (bso#15358).
  * wbinfo -u fails on ad dc with >1000 users; (bso#15366).
  * winbindd idmap child contacts the domain controller without a
    need; (bso#15317).
  * idmap_autorid may fail to map sids of trusted domains for the
    first time; (bso#15318).
  * idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings;
    (bso#15319).
  * net ads search -P doesn't work against servers in other
    domains; (bso#15323).
  * DS ACEs might be inherited to unrelated object classes;
    (bso#15338).
  * Temporary smbXsrv_tcon_global.tdb can't be parsed;
    (bso#15353).
  * Setting veto files = /.*/ break listing directories;
    (bso#15360); (bsc#1212375).
  * CVE-2020-25720 [SECURITY] Create Child permission should not
    allow full write to all attributes (additional changes);
    (bso#14810).
  * dsgetdcname: assumes local system uses IPv4; (bso#15325).
000release-packages:sle-module-basesystem-release
n/a
000release-packages:sle-module-containers-release
n/a
000release-packages:sle-module-desktop-applications-release
n/a
000release-packages:sle-module-development-tools-release
n/a
000release-packages:sle-module-public-cloud-release
n/a
000release-packages:sle-module-server-applications-release
n/a
000release-packages:SLES-release
n/a
supportutils-plugin-suse-public-cloud
- Update to version 1.0.8 (bsc#1213951)
  + Capture CSP billing adapter config and log (issue#13)
  + Accept upper case Amazon string in DMI table (issue#12)
supportutils
- Changes in version 3.1.26
  + powerpc plugin to collect the slots and active memory (bsc#1210950)
  + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
  + supportconfig: collect BPF information (pr#154)
  + Added additional iscsi information (pr#155)

- Added run time detection (bsc#1213127)

- ha_info sle15 uses /var/log/pacemaker/ (pq#153)

- Changes for supportutils version 3.1.25
  + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
  + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
  + powerpc: collect invscout logs (pr#150)
  + powerpc: collect RMC status logs (pr#151)
  + Added missing nvme nbft commands (bsc#1211599)
  + Fixed invalid nvme commands (bsc#1211598)
  + Added missing podman information (PED-1703, bsc#1181477)
  + Removed dependency on sysfstools
  + Check for systool use (bsc#1210015)
  + Added selinux checking (bsc#1209979)
  + Updated SLES_VER matrix

- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)

- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
  that `numactl --hardware` data is provided in supportconfigs

- Changes to supportconfig.rc version 3.1.11-35
  + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)

- Changes to supportconfig version 3.1.11-46.4
  + Added plymouth_info

- Changes to getappcore version 1.53.02
  + The location of chkbin was updated earlier. This documents that
    change (bsc#1205533, bsc#1204942)
suse-build-key
- add and run a import-suse-build-key scripts, this will be ran
  after installation with libzypp based installers. (jsc#PED-2777)
suse-module-tools
- Update to version 15.5.3:
  * blacklist RNDIS modules (bsc#1205767, jsc#PED-5731, CVE-2023-23559)
  * modprobe.d: Blacklist cls_tcindex module (bsc#1210335, CVE-2023-1829)
    (note: this is not a full fix for that CVE)

- Update to version 15.5.2:
  * rpm-script: update bootloader after creating initramfs
    (boo#1213822)
  * rpm-script: check for regenerate-initrd-posttrans in %posttrans
    (boo#1212957)
  * cert-script: skip cert handling if efivarfs is not writable
    (bsc#1213428, bsc#1201066)
systemd-presets-common-SUSE
- Fix another case of systemctl being called with an empty
  argument. This if a preemptive fix for a similar issue to
  bsc#1212496.

- Don't call systemctl list-unit-files with an empty argument,
  this will break enabling of system unit files [bsc#1212496]

- Add wtmpdb-update-boot.service and wtmpdb-rotate.timer to enable
  wtmpdb as Y2038 safe wtmp replacement
systemd-rpm-macros
- Bump version to 14

- Switch to `systemd-hwdb` tool when updating the HW database. It's been
  introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`.
sysuser-tools
- Remove all systemd requires, not supported on SLE15 [bsc#1214140]

- Version 3.2
- update sysusers_requires to request sysuser-shadow 3.2
- Use TAB consistently for indention in sysusers2shadow.sh
- This pkg needs to follow behavior which is described in sysusers.d(5).
  Always create a system group of the same name as the system user,
  even if the user already exists. (bsc#1205161, bsc#1207778, bsc#1213240)

- Add "quilt setup" friendly hint to %sysusers_requires usage
  It is not required to have sysuser-tools installed when working
  with a pkg source which uses sysuser-tools at build time.

- Use append so if a pre file already exists it isn't overridden

- invoke bash for bash scripts (bsc#1195391)
vim
- Use app icon generated from vimlogo.eps in source tarball; add
  higher res icons of sizes 128, 256, and 512px as png sources.
  Our current icons deviate from upstream flatpaks for example.
- Updated to version 9.0 with patch level 1632
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1443...v9.0.1632

- Updated to version 9.0 with patch level 1572, fixes the following security problems
  * Fixing bsc#1210996 (CVE-2023-2426) - VUL-0: CVE-2023-2426: vim: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
  * Fixing bsc#1211256 (CVE-2023-2609) - VUL-1: CVE-2023-2609: vim: NULL Pointer Dereference prior to 9.0.1531
  * Fixing bsc#1211257 (CVE-2023-2610) - VUL-1: CVE-2023-2610: vim: Integer Overflow or Wraparound prior to 9.0.1532
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1443...v9.0.1572

- Fixing bsc#1211461 - L3: vim "eats" first character from prompt in xterm
  * Add: reorder-exit-raw-mode.patch
  * Swaps out_str_t_TE() and cursor_on() during exit to prevent missing characters in xterm prompt on exit.
wicked
- ifconfig: fix arp notify loop (boo#1212806) and burst sending
  [+ 0001-fix_arp_notify_loop_and_burst_sending.patch]

- update to version 0.6.73
- spec: cleanup artefacts and fix some rpmlint warnings
- arp: allow verify/notify counter and interval configuration
- arp: handle ENOBUFS sending errors (bsc#1203300)
- extensions: improve environment variable handling
- firmware: refactor firmware extension definition
- firmware: enable, disable and revert cli commands
- code cleanup: fix memory leaks, add array/list utils
- wireless: Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026)
- cleanup /var/run leftovers in extension scripts (bsc#1194557)
- json: output formatting improvements and Unicode support
- removed patches included in the source archive:
  [- 0001-bond-workaround-6.1-enslave-regression-boo-1206674.patch,
  - 0002-extensions-nbft-add-post-up-script.bsc-1211647.patch]
xen
- bsc#1215744 - VUL-0: CVE-2023-34323: xen: xenstored: A
  transaction conflict can crash C Xenstored (XSA-440)
  xsa440.patch
- bsc#1215746 - VUL-0: CVE-2023-34326: xen: x86/AMD: missing IOMMU
  TLB flushing (XSA-442)
  xsa442.patch
- bsc#1215747 - VUL-0: CVE-2023-34325: xen: Multiple
  vulnerabilities in libfsimage disk handling (XSA-443)
  xsa443-01.patch
  xsa443-02.patch
  xsa443-03.patch
  xsa443-04.patch
  xsa443-05.patch
  xsa443-06.patch
  xsa443-07.patch
  xsa443-08.patch
  xsa443-09.patch
  xsa443-10.patch
  xsa443-11.patch
- bsc#1215748 - VUL-0: CVE-2023-34327,CVE-2023-34328: xen: x86/AMD:
  Debug Mask handling (XSA-444)
  xsa444-1.patch
  xsa444-2.patch

- bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional
  execution leak via division by zero (XSA-439)
  xsa439-00.patch
  xsa439-01.patch
  xsa439-02.patch
  xsa439-03.patch
  xsa439-04.patch
  xsa439-05.patch
  xsa439-06.patch
  xsa439-07.patch
  xsa439-08.patch
  xsa439-09.patch

- bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow
  reference dropped too early for 64-bit PV guests (XSA-438)
  xsa438.patch

- Handle potential unaligned access to bitmap in
  libxc-sr-restore-hvm-legacy-superpage.patch
  If setting BITS_PER_LONG at once, the initial bit must be aligned

- bsc#1212684 - xentop fails with long interface name
  64d33a57-libxenstat-Linux-nul-terminate-string.patch

- Update to Xen 4.17.2 bug fix release (bsc#1027519)
  xen-4.17.2-testing-src.tar.bz2
  * No upstream changelog found in sources or webpage
- bsc#1214082 - VUL-0: CVE-2023-20569: xen: x86/AMD: Speculative
  Return Stack Overflow (XSA-434)
- bsc#1214083 - VUL-0: CVE-2022-40982: xen: x86/Intel: Gather Data
  Sampling (XSA-435)
- Dropped patches contained in new tarball
  64525c61-tools-libs-guest-assist-gcc13s-realloc-analyzer.patch
  645dec48-AMD-IOMMU-assert-boolean-enum.patch
  64639e84-amd-fix-legacy-setting-of-SSBD-on-AMD-Family-17h.patch
  646b782b-PCI-pci_get_pdev-respect-segment.patch
  647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
  648863fc-AMD-IOMMU-Invalidate-All-check.patch
  64bea1b2-x86-AMD-Zenbleed.patch

- Handle potential off-by-one errors in libxc-sr-xg_sr_bitmap.patch
  A bit is an index in bitmap, while bits is the allocated size
  of the bitmap.

- Add more debug to libxc-sr-track-migration-time.patch
  This is supposed to help with doing the math in case xl restore
  fails with ERANGE as reported in bug#1209311

- bsc#1213616 - VUL-0: CVE-2023-20593: xen: x86/AMD: Zenbleed
  (XSA-433)
  64bea1b2-x86-AMD-Zenbleed.patch

- Upstream bug fixes (bsc#1027519)
  645dec48-AMD-IOMMU-assert-boolean-enum.patch
  646b782b-PCI-pci_get_pdev-respect-segment.patch
  647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
  648863fc-AMD-IOMMU-Invalidate-All-check.patch
yast2-installation
- Don't always enable sshd and open the ssh port (bsc#1211764)
- 4.5.17
yast2-network
- Fix typo when writing the wireless channel (bsc#1212976)
- 4.5.21

- bsc#1211431
  - Do not crash installation when storing vlan configuration into
    NetworkManager
yast2-packager
- Fixed crash when selecting incompatible modules/extensions from
  the Full medium in SLED (bsc#1210668)
- 4.5.17
yast2-storage-ng
- Ensure adding storage support software packages for MicroOS
  which uses its custom partitions_proposal client, not the
  standard inst_disk_proposal client (bsc#1212452)
  https://github.com/yast/yast-storage-ng/pull/1350
- 4.5.24

- Honor encryption settings if they are set into ProductFeatures
  by the Common Critera role (jsc#PED-4166, jsc#PED-4474).

- Prevent setting the volume label for a mounted btrfs or swap
  (bsc#1211337)
- 4.5.23
yast2-users
- bsc#1211583
  - do not pre-fill non-sense user password when going back after
    importing user
- 4.5.7

- Allow to edit the NIS master server databases instead of the
  local ones, relying on the --prefix argument added to several
  commands in the "shadow" package (bsc#1206627).
- 4.5.6
zypper
- Fix name of the bash completion script (bsc#1215007)
  In 1.14.63 the location of the bash completion script was changed
  to /usr/share/bash-completion/completions/. But the patch failed
  to also rename the completion script. The original script name
  zypper.sh is not recognized at the new location.
- Update notes about failing signature checks (bsc#1214395)
  It might be a transient issue if the server is in the midst of
  receiving new data. Retry after a few minutes might work.
- Improve the SIGINT handler to be signal safe (bsc#1214292)
  This patch updates the SIGINT handling strategy to be signal
  safe. Meaning the signal handler will do not much more than
  setting a flag, which we are going to check in the normal program
  flow as much as possible.
- version 1.14.64

- Changed location of bash completion script (bsc#1213854).
  This changes the location of zypper.sh bash completion script
  from /usr/share/bash-completion/completions/.
- version 1.14.63

- man: revised explanation of --force-resolution (bsc#1213557)
  Point out that the option not only allows to remove packages but
  may also violate any other active policy if there is no other way
  to resolve the job.
- Print summary hint if policies were violated due to
  - -force-resolution (bsc#1213557)
- BuildRequires:  libzypp-devel >= 17.31.16 (for zypp-tui)
- version 1.14.62