bash
- Add patch boo1227807.patch
  * Load completion file eveh if a brace expansion is in the
    command line included (boo#1227807)
glibc
- Apply libc_nonshared.a workaround also on s390x and ppc64le (bsc#1231051)
grub2
- Fix OOM error in loading loopback file (bsc#1230840)
  * 0001-tpm-Skip-loopback-image-measurement.patch

- Fix UEFI PXE boot failure on tagged VLAN network (bsc#1230263)
  * 0001-efinet-Skip-virtual-VLAN-devices-during-card-enumera.patch

- Fix grub screen is filled with artifects from earlier post menu (bsc#1224465)
  * grub2-SUSE-Add-the-t-hotkey.patch
  * 0001-fix-grub-screen-filled-with-post-screen-artifects.patch
kernel-default
- ACPICA: executer/exsystem: Don't nag user about every Stall()
  violating the spec (git-fixes).
- ACPICA: Implement ACPI_WARNING_ONCE and ACPI_ERROR_ONCE
  (stable-fixes).
- commit f94e799

- cachefiles: fix dentry leak in cachefiles_open_file()
  (bsc#1231183).
- ceph: remove the incorrect Fw reference check when dirtying
  pages (bsc#1231182).
- commit ba82da7

- can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into
  mcp251xfd_chip_start/stop() (stable-fixes).
- Refresh
  patches.suse/can-mcp251xfd-clarify-the-meaning-of-timestamp.patch.
- commit 6779985

- USB: serial: pl2303: add device id for Macrosilicon MS3020
  (stable-fixes).
- powercap/intel_rapl: Add support for AMD family 1Ah
  (stable-fixes).
- ASoC: amd: yc: Add a quirk for MSI Bravo 17 (D7VEK)
  (stable-fixes).
- ASoC: tda7419: fix module autoloading (stable-fixes).
- ASoC: intel: fix module autoloading (stable-fixes).
- ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI
  match less strict (stable-fixes).
- ALSA: hda: add HDMI codec ID for Intel PTL (stable-fixes).
- drm: komeda: Fix an issue related to normalized zpos
  (stable-fixes).
- can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing
  configuration (stable-fixes).
- spi: spidev: Add missing spi_device_id for jg10309-01
  (git-fixes).
- spi: bcm63xx: Enable module autoloading (stable-fixes).
- spi: spidev: Add an entry for elgin,jg10309-01 (stable-fixes).
- hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING
  (stable-fixes).
- wifi: iwlwifi: clear trans->state earlier upon error
  (stable-fixes).
- wifi: mac80211: free skb on error path in
  ieee80211_beacon_get_ap() (stable-fixes).
- wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
  (stable-fixes).
- wifi: iwlwifi: mvm: pause TCM when the firmware is stopped
  (stable-fixes).
- wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room()
  (stable-fixes).
- wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation
  (stable-fixes).
- wifi: iwlwifi: lower message level for FW buffer destination
  (stable-fixes).
- platform/x86: x86-android-tablets: Make Lenovo Yoga Tab 3 X90F
  DMI match less strict (stable-fixes).
- pinctrl: at91: make it work with current gpiolib (stable-fixes).
- can: mcp251xfd: properly indent labels (stable-fixes).
- commit a530f31

- kthread: Fix task state in kthread worker if being frozen
  (bsc#1231146).
- commit fe88a62

- supported.conf: mark adiantum and xctr crypto modules as supported (bsc#1231035)
- commit 59d03d7

- Refresh
  patches.suse/bpf-kprobe-remove-unused-declaring-of-bpf_kprobe_override.patch.
- commit 5a0b269

- bpf: Fix use-after-free in bpf_uprobe_multi_link_attach()
  (git-fixes).
- commit 1884922

- tracing: Avoid possible softlockup in tracing_iter_reset()
  (git-fixes).
- commit d5df75c

- tracing: Fix overflow in get_free_elt() (git-fixes
  CVE-2024-43890 bsc#1229764).
- commit ceb524e

- arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120 CVE-2024-46822)
- commit cc6d7b5

- mailbox: bcm2835: Fix timeout during suspend mode (git-fixes).
- mailbox: rockchip: fix a typo in module autoloading (git-fixes).
- i2c: designware: fix controller is holding SCL low while ENABLE
  bit is disabled (git-fixes).
- drm/amd/display: handle nulled pipe context in DCE110's
  set_drr() (git-fixes).
- drm/amdgpu: Fix get each xcp macro (git-fixes).
- tomoyo: fallback to realpath if symlink's pathname does not
  exist (git-fixes).
- cxl/pci: Fix to record only non-zero ranges (git-fixes).
- ata: libata-scsi: Fix ata_msense_control() CDL page reporting
  (git-fixes).
- firmware_loader: Block path traversal (git-fixes).
- driver core: Fix a potential null-ptr-deref in
  module_add_driver() (git-fixes).
- driver core: Fix error handling in driver API device_rename()
  (git-fixes).
- ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate()
  (git-fixes).
- iio: magnetometer: ak8975: Fix reading for ak099xx sensors
  (git-fixes).
- iio: chemical: bme680: Fix read/write ops to device by adding
  mutexes (git-fixes).
- ABI: testing: fix admv8818 attr description (git-fixes).
- iio: adc: ad7606: fix standby gpio state to match the
  documentation (git-fixes).
- iio: adc: ad7606: fix oversampling gpio array (git-fixes).
- tty: rp2: Fix reset with non forgiving PCIe host bridges
  (git-fixes).
- USB: class: CDC-ACM: fix race between get_serial and set_serial
  (git-fixes).
- usb: dwc2: drd: fix clock gating on USB role switch (git-fixes).
- usb: cdnsp: Fix incorrect usb_request status (git-fixes).
- USB: usbtmc: prevent kernel-usb-infoleak (git-fixes).
- USB: serial: kobil_sct: restore initial terminal settings
  (git-fixes).
- xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and
  freeing them (git-fixes).
- usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes).
- spi: atmel-quadspi: Avoid overwriting delay register settings
  (git-fixes).
- spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time
  (git-fixes).
- spi: atmel-quadspi: Undo runtime PM changes at driver exit time
  (git-fixes).
- rtc: at91sam9: fix OF node leak in probe() error path
  (git-fixes).
- i3c: master: svc: Fix use after free vulnerability in
  svc_i3c_master Driver Due to Race Condition (git-fixes).
- remoteproc: k3-r5: Fix error handling when power-up failed
  (git-fixes).
- remoteproc: imx_rproc: Initialize workqueue earlier (git-fixes).
- remoteproc: imx_rproc: Correct ddr alias for i.MX8M (git-fixes).
- KEYS: prevent NULL pointer dereference in find_asymmetric_key()
  (git-fixes).
- media: i2c: ar0521: Use cansleep version of gpiod_set_value()
  (git-fixes).
- media: ov5675: Fix power on/off delay timings (git-fixes).
- media: sun4i_csi: Implement link validate for sun4i_csi subdev
  (git-fixes).
- media: platform: rzg2l-cru: rzg2l-csi2: Add missing
  MODULE_DEVICE_TABLE (git-fixes).
- media: venus: fix use after free bug in venus_remove due to
  race condition (git-fixes).
- media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags
  (git-fixes).
- clk: ti: dra7-atl: Fix leak of of_nodes (git-fixes).
- watchdog: imx_sc_wdt: Don't disable WDT in suspend (git-fixes).
- pinctrl: single: fix missing error code in pcs_probe()
  (git-fixes).
- xz: cleanup CRC32 edits from 2018 (git-fixes).
- ata: pata_macio: Use WARN instead of BUG (stable-fixes).
- commit c5ab3ca

- Move upstreamed SCSI patches into sorted section
- commit aba5747

- kcm: Serialise kcm_sendmsg() for the same socket (CVE-2024-44946
  bsc#1230015).
- commit 4310760

- nvme-multipath: avoid hang on inaccessible namespaces
  (bsc#1228244).
- kcm: Serialise kcm_sendmsg() for the same socket
  (CVE-2024-44946,bsc#1230015).
- commit a84ca87

- nvme-multipath: system fails to create generic nvme device
  (bsc#1228244).
- commit 4fc57d2

- erofs: fix incorrect symlink detection in fast symlink
  (git-fixes).
- commit 2e1ae75

- afs: Don't cross .backup mountpoint from backup volume
  (git-fixes).
- commit f35dae1

- afs: Revert "afs: Hide silly-rename files from userspace"
  (git-fixes).
- commit 11353bb

- scsi: sd: Fix off-by-one error in
  sd_read_block_characteristics() (bsc#1223848).
- commit 621f2fb

- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
- commit af0ff0f

- drm/amd/display: Check denominator crb_pipes before used (CVE-2024-46772 bsc#1230772)
- commit 322be4a

- blacklist.conf: CVE-2024-46727 bsc#1230707: not applicable
  No OTG code and all return values from
  resource_get_otg_master_for_stream() are checked before use.
- commit f44b1e7

- arm64: dts: allwinner: h616: Add r_i2c pinctrl nodes
  (git-fixes).
- commit 642d7e6

- arm64: dts: imx8-ss-dma: Fix adc0 closing brace location
  (git-fixes).
- commit 970cc49

- arm64: dts: rockchip: Correct vendor prefix for Hardkernel
  ODROID-M1 (git-fixes).
- commit 87f0ae6

- arm64: dts: rockchip: Raise Pinebook Pro's panel backlight
  PWM frequency (git-fixes).
- commit 1582b94

- arm64: dts: rockchip: Correct the Pinebook Pro battery design
  capacity (git-fixes).
- commit 3b2ebbf

- arm64: dts: exynos: exynos7885-jackpotlte: Correct RAM amount
  to 4GB (git-fixes).
- commit 1059c29

- arm64: signal: Fix some under-bracketed UAPI macros (git-fixes).
- commit 9704ff3

- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO
  hog on RK3399 Puma (git-fixes).
- commit 6052a8c

- arm64: dts: rockchip: fix eMMC/SPI corruption when audio has
  been used on RK3399 Puma (git-fixes).
- commit 8b3743b

- Update
  patches.suse/powerpc-pseries-make-max-polling-consistent-for-long.patch
  (bsc#1215199 jsc#PED-10954).
- Update
  patches.suse/security-integrity-fix-pointer-to-ESL-data-and-.patch
  (bsc#1012628 jsc#PED-5085 jsc#PED-10954).
- commit ec9be2c

- arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for
  ROCK Pi E (git-fixes).
- commit 7527015

- arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes).
- commit 42389f0

- ipmi:ssif: Improve detecting during probing (bsc#1228771)
  Move patch into the sorted section.
- commit 77cf6fc

- Update patches.suse/ALSA-line6-Fix-racy-access-to-midibuf.patch
  (stable-fixes CVE-2024-44954 bsc#1230176).
- Update
  patches.suse/ASoC-dapm-Fix-UAF-for-snd_soc_pcm_runtime-object.patch
  (git-fixes CVE-2024-46798 bsc#1230830).
- Update
  patches.suse/Bluetooth-btnxpuart-Fix-Null-pointer-dereference-in-.patch
  (stable-fixes CVE-2024-46749 bsc#1230780).
- Update
  patches.suse/Bluetooth-btnxpuart-Shutdown-timer-and-prevent-rearm.patch
  (stable-fixes CVE-2024-44962 bsc#1230213).
- Update
  patches.suse/HID-amd_sfh-free-driver_data-after-destroying-hid-de.patch
  (stable-fixes CVE-2024-46746 bsc#1230751).
- Update
  patches.suse/HID-cougar-fix-slab-out-of-bounds-Read-in-cougar_rep.patch
  (stable-fixes CVE-2024-46747 bsc#1230752).
- Update patches.suse/Input-MT-limit-max-slots.patch (stable-fixes
  CVE-2024-45008 bsc#1230248).
- Update
  patches.suse/Input-uinput-reject-requests-with-unreasonable-numbe.patch
  (stable-fixes CVE-2024-46745 bsc#1230748).
- Update
  patches.suse/KVM-arm64-Make-ICC_-SGI-_EL1-undef-in-the-absence-of.patch
  (git-fixes CVE-2024-46707 bsc#1230582).
- Update
  patches.suse/KVM-s390-fix-validity-interception-issue-when-gisa-is-switched-off.patch
  (git-fixes bsc#1229167 CVE-2024-45005 bsc#1230173).
- Update
  patches.suse/PCI-Add-missing-bridge-lock-to-pci_bus_lock.patch
  (stable-fixes CVE-2024-46750 bsc#1230783).
- Update
  patches.suse/Squashfs-sanity-check-symbolic-link-size.patch
  (git-fixes CVE-2024-46744 bsc#1230747).
- Update
  patches.suse/VMCI-Fix-use-after-free-when-removing-resource-in-vm.patch
  (git-fixes CVE-2024-46738 bsc#1230731).
- Update
  patches.suse/bpf-Fix-a-kernel-verifier-crash-in-stacksafe.patch
  (bsc#1225903 CVE-2024-45020 bsc#1230433).
- Update
  patches.suse/btrfs-fix-race-between-direct-IO-write-and-fsync-whe.patch
  (git-fixes CVE-2024-46734 bsc#1230726).
- Update
  patches.suse/can-bcm-Remove-proc-entry-when-dev-is-unregistered.patch
  (git-fixes CVE-2024-46771 bsc#1230766).
- Update
  patches.suse/can-mcp251x-fix-deadlock-if-an-interrupt-occurs-duri.patch
  (git-fixes CVE-2024-46791 bsc#1230821).
- Update
  patches.suse/char-xillybus-Check-USB-endpoints-when-probing-devic.patch
  (git-fixes CVE-2024-45011 bsc#1230440).
- Update
  patches.suse/char-xillybus-Don-t-destroy-workqueue-from-work-item.patch
  (stable-fixes CVE-2024-45007 bsc#1230175).
- Update
  patches.suse/dmaengine-altera-msgdma-properly-free-descriptor-in-.patch
  (stable-fixes CVE-2024-46716 bsc#1230715).
- Update
  patches.suse/driver-core-Fix-uevent_show-vs-driver-detach-race.patch
  (git-fixes CVE-2024-44952 bsc#1230178).
- Update
  patches.suse/driver-iio-add-missing-checks-on-iio_info-s-callback.patch
  (stable-fixes CVE-2024-46715 bsc#1230700).
- Update
  patches.suse/drm-amd-display-Assign-linear_pitch_alignment-even-f.patch
  (stable-fixes CVE-2024-46732 bsc#1230711).
- Update
  patches.suse/drm-amd-display-Check-UnboundedRequestEnabled-s-valu.patch
  (stable-fixes CVE-2024-46778 bsc#1230776).
- Update
  patches.suse/drm-amd-display-Check-denominator-pbn_div-before-use.patch
  (stable-fixes CVE-2024-46773 bsc#1230791).
- Update
  patches.suse/drm-amd-display-Check-index-for-aux_rd_interval-befo.patch
  (stable-fixes CVE-2024-46728 bsc#1230703).
- Update
  patches.suse/drm-amd-display-Ensure-array-index-tg_inst-won-t-be-.patch
  (stable-fixes CVE-2024-46730 bsc#1230701).
- Update
  patches.suse/drm-amd-display-Ensure-index-calculation-will-not-ov.patch
  (stable-fixes CVE-2024-46726 bsc#1230706).
- Update
  patches.suse/drm-amd-display-Run-DC_LOG_DC-after-checking-link-li.patch
  (stable-fixes CVE-2024-46776 bsc#1230775).
- Update
  patches.suse/drm-amd-display-Skip-wbscl_set_scaler_filter-if-filt.patch
  (stable-fixes CVE-2024-46714 bsc#1230699).
- Update
  patches.suse/drm-amd-display-avoid-using-null-object-of-framebuff.patch
  (git-fixes CVE-2024-46694 bsc#1230511).
- Update
  patches.suse/drm-amd-pm-fix-the-Out-of-bounds-read-warning.patch
  (stable-fixes CVE-2024-46731 bsc#1230709).
- Update
  patches.suse/drm-amdgpu-Fix-out-of-bounds-read-of-df_v1_7_channel.patch
  (stable-fixes CVE-2024-46724 bsc#1230725).
- Update
  patches.suse/drm-amdgpu-Fix-out-of-bounds-write-warning.patch
  (stable-fixes CVE-2024-46725 bsc#1230705).
- Update
  patches.suse/drm-amdgpu-Forward-soft-recovery-errors-to-userspace.patch
  (stable-fixes CVE-2024-44961 bsc#1230207).
- Update patches.suse/drm-amdgpu-Validate-TA-binary-size.patch
  (stable-fixes CVE-2024-44977 bsc#1230217).
- Update
  patches.suse/drm-amdgpu-fix-dereference-after-null-check.patch
  (stable-fixes CVE-2024-46720 bsc#1230724).
- Update
  patches.suse/drm-amdgpu-fix-mc_data-out-of-bounds-read-warning.patch
  (stable-fixes CVE-2024-46722 bsc#1230712).
- Update
  patches.suse/drm-amdgpu-fix-ucode-out-of-bounds-read-warning.patch
  (stable-fixes CVE-2024-46723 bsc#1230702).
- Update
  patches.suse/drm-mgag200-Bind-I2C-lifetime-to-DRM-device.patch
  (git-fixes CVE-2024-44967 bsc#1230224).
- Update
  patches.suse/drm-msm-dpu-cleanup-FB-if-dpu_format_populate_layout.patch
  (git-fixes CVE-2024-44982 bsc#1230204).
- Update
  patches.suse/drm-msm-dpu-move-dpu_encoder-s-connector-assignment-.patch
  (git-fixes CVE-2024-45015 bsc#1230444).
- Update
  patches.suse/drm-vmwgfx-Fix-prime-with-external-buffers.patch
  (git-fixes CVE-2024-46709 bsc#1230539).
- Update
  patches.suse/fs-netfs-fscache_cookie-add-missing-n_accesses-check.patch
  (bsc#1229455 CVE-2024-45000 bsc#1230170).
- Update
  patches.suse/fscache-delete-fscache_cookie_lru_timer-when-fscache-.patch
  (bsc#1230602 CVE-2024-46786 bsc#1230813).
- Update
  patches.suse/fuse-Initialize-beyond-EOF-page-contents-before-setti.patch
  (bsc#1229456 CVE-2024-44947).
- Update
  patches.suse/hwmon-adc128d818-Fix-underflows-seen-when-writing-li.patch
  (stable-fixes CVE-2024-46759 bsc#1230814).
- Update
  patches.suse/hwmon-lm95234-Fix-underflows-seen-when-writing-limit.patch
  (stable-fixes CVE-2024-46758 bsc#1230812).
- Update
  patches.suse/hwmon-nct6775-core-Fix-underflows-seen-when-writing-.patch
  (stable-fixes CVE-2024-46757 bsc#1230809).
- Update
  patches.suse/hwmon-w83627ehf-Fix-underflows-seen-when-writing-lim.patch
  (stable-fixes CVE-2024-46756 bsc#1230806).
- Update
  patches.suse/media-dvb-usb-v2-af9035-Fix-null-ptr-deref-in-af9035.patch
  (git-fixes CVE-2023-52915 bsc#1230270).
- Update
  patches.suse/misc-fastrpc-Fix-double-free-of-buf-in-error-path.patch
  (git-fixes CVE-2024-46741 bsc#1230749).
- Update
  patches.suse/mmc-mmc_test-Fix-NULL-dereference-on-allocation-fail.patch
  (git-fixes CVE-2024-45028 bsc#1230450).
- Update
  patches.suse/msft-hv-3046-uio_hv_generic-Fix-kernel-NULL-pointer-dereference-i.patch
  (git-fixes CVE-2024-46739 bsc#1230732).
- Update
  patches.suse/msft-hv-3048-net-mana-Fix-error-handling-in-mana_create_txq-rxq-s.patch
  (git-fixes CVE-2024-46784 bsc#1230771).
- Update
  patches.suse/net-ethernet-mtk_wed-fix-use-after-free-panic-in-mtk.patch
  (git-fixes CVE-2024-44997 bsc#1230232).
- Update
  patches.suse/net-mana-Fix-RX-buf-alloc_size-alignment-and-atomic-.patch
  (bsc#1229086 CVE-2024-45001 bsc#1230244).
- Update
  patches.suse/net-phy-Fix-missing-of_node_put-for-leds.patch
  (git-fixes CVE-2024-46767 bsc#1230787).
- Update
  patches.suse/nfc-pn533-Add-poll-mod-list-filling-check.patch
  (git-fixes CVE-2024-46676 bsc#1230535).
- Update
  patches.suse/nilfs2-fix-missing-cleanup-on-rollforward-recovery-error.patch
  (git-fixes CVE-2024-46781 bsc#1230768).
- Update
  patches.suse/nilfs2-protect-references-to-superblock-parameters-exposed-in-sysfs.patch
  (git-fixes CVE-2024-46780 bsc#1230808).
- Update
  patches.suse/nouveau-firmware-use-dma-non-coherent-allocator.patch
  (git-fixes CVE-2024-45012 bsc#1230441).
- Update
  patches.suse/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch
  (git-fixes CVE-2024-46737 bsc#1230730).
- Update
  patches.suse/pci-hotplug-pnv_php-Fix-hotplug-driver-crash-on-Powe.patch
  (stable-fixes CVE-2024-46761 bsc#1230761).
- Update patches.suse/perf-Fix-event-leak-upon-exit.patch
  (git-fixes CVE-2024-43870 bsc#1229494).
- Update
  patches.suse/pinctrl-single-fix-potential-NULL-dereference-in-pcs.patch
  (git-fixes CVE-2024-46685 bsc#1230515).
- Update
  patches.suse/powerpc-qspinlock-Fix-deadlock-in-MCS-queue.patch
  (bac#1230295 ltc#206656 CVE-2024-46797 bsc#1230831).
- Update
  patches.suse/powerpc-rtas-Prevent-Spectre-v1-gadget-construction-.patch
  (bsc#1227487 CVE-2024-46774 bsc#1230767).
- Update
  patches.suse/s390-dasd-fix-error-recovery-leading-to-data-corruption-on-ESE-devices.patch
  (git-fixes bsc#1229452 CVE-2024-45026 bsc#1230454).
- Update
  patches.suse/s390-sclp-Prevent-release-of-buffer-in-I-O.patch
  (git-fixes bsc#1229169 CVE-2024-44969 bsc#1230200).
- Update
  patches.suse/soc-qcom-cmd-db-Map-shared-memory-as-WC-not-WB.patch
  (git-fixes CVE-2024-46689 bsc#1230524).
- Update
  patches.suse/thunderbolt-Mark-XDomain-as-unplugged-when-router-is.patch
  (stable-fixes CVE-2024-46702 bsc#1230589).
- Update
  patches.suse/tty-serial-fsl_lpuart-mark-last-busy-before-uart_add.patch
  (git-fixes CVE-2024-46706 bsc#1230580).
- Update
  patches.suse/usb-dwc3-core-Prevent-USB-core-invalid-event-buffer-.patch
  (stable-fixes CVE-2024-46675 bsc#1230533).
- Update
  patches.suse/usb-dwc3-st-fix-probed-platform-device-ref-count-on-.patch
  (git-fixes CVE-2024-46674 bsc#1230507).
- Update
  patches.suse/usb-gadget-core-Check-for-unset-descriptor.patch
  (git-fixes CVE-2024-44960 bsc#1230191).
- Update
  patches.suse/usb-typec-ucsi-Fix-null-pointer-dereference-in-trace.patch
  (stable-fixes CVE-2024-46719 bsc#1230722).
- Update
  patches.suse/wifi-brcmfmac-cfg80211-Handle-SSID-based-pmksa-delet.patch
  (git-fixes CVE-2024-46672 bsc#1230459).
- Update
  patches.suse/wifi-mwifiex-Do-not-return-unused-priv-in-mwifiex_ge.patch
  (stable-fixes CVE-2024-46755 bsc#1230802).
- Update
  patches.suse/wifi-rtw88-usb-schedule-rx-work-after-everything-is-.patch
  (stable-fixes CVE-2024-46760 bsc#1230753).
- Update
  patches.suse/x86-mm-Fix-pti_clone_pgtable-alignment-assumption.patch
  (git-fixes CVE-2024-44965 bsc#1230221).
- Update
  patches.suse/x86-mtrr-Check-if-fixed-MTRRs-exist-before-saving-them.patch
  (git-fixes CVE-2024-44948 bsc#1230174).
- Update
  patches.suse/xhci-Fix-Panther-point-NULL-pointer-deref-at-full-sp.patch
  (git-fixes CVE-2024-45006 bsc#1230247).
- commit 6da06c4

- Update patches.suse/gfs2-Fix-NULL-pointer-dereference-in-gfs2_log_flush.patch (bsc#1230948)
- commit 90a5b1b

- userfaultfd: fix checks for huge PMDs (CVE-2024-46787
  bsc#1230815).
- commit a236c90

- cachefiles: Fix non-taking of sb_writers around set/removexattr
  (bsc#1231008).
- commit 1b01b3e

- RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes)
- commit a6683f0

- PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes).
- Refresh
  patches.suse/PCI-dwc-endpoint-Introduce-.pre_init-and-.deinit.patch.
- commit 34c9950

- PCI: xilinx-nwl: Clean up clock on probe failure/removal
  (git-fixes).
- PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes).
- PCI: qcom-ep: Enable controller resources like PHY only after
  refclk is available (git-fixes).
- PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port()
  (git-fixes).
- PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
  (git-fixes).
- PCI: imx6: Fix missing call to phy_power_off() in error handling
  (git-fixes).
- PCI: dra7xx: Fix error handling when IRQ request fails in probe
  (git-fixes).
- PCI: dra7xx: Fix threaded IRQ request for "dra7xx-pcie-main"
  IRQ (git-fixes).
- PCI: Wait for Link before restoring Downstream Buses
  (git-fixes).
- commit 1528eee

- WIP DO NOT PUSH btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() (CVE-2024-46687 bsc#1230518)
- commit 17b4a47

- exfat: fix memory leak in exfat_load_bitmap() (git-fixes).
- commit 9f477b0

- net: ip_tunnel: prevent perpetual headroom growth
  (CVE-2024-26804 bsc#1222629).
- commit 0ca3b23

- Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq()
  (git-fixes).
- commit 45cee3b

- blacklist.conf: too risky
- commit f0e13c3

- Input: ilitek_ts_i2c - avoid wrong input subsystem sync
  (git-fixes).
- commit e5e587b

- Input: tsc2004/5 - fix reset handling on probe (git-fixes).
- commit 1366de4

- Input: tsc2004/5 - do not hard code interrupt trigger
  (git-fixes).
- commit 110dbdb

- Input: tsc2004/5 - use device core to create driver-specific
  device attributes (git-fixes).
- commit 958966c

- Input: adp5588-keys - fix check on return code (git-fixes).
- commit d15133c

- drm/amd/display: Fix incorrect size calculation for loop (bsc#1230704 CVE-2024-46729)
- commit 55d78a7

- RDMA/hns: Fix ah error counter in sw stat not increasing (git-fixes)
- commit d7bebcf

- RDMA/mlx5: Fix MR cache temp entries cleanup (git-fixes)
- commit b0aa848

- RDMA/mlx5: Drop redundant work canceling from clean_keys() (git-fixes)
- commit 6800d7e

- RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes)
- commit dcf63e1

- RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes)
- commit 23d3195

- RDMA/mlx5: Obtain upper net device only when needed (git-fixes)
- commit ca2d8dc

- RDMA/hns: Fix restricted __le16 degrades to integer issue (git-fixes)
- commit 4481358

- RDMA/hns: Optimize hem allocation performance (git-fixes)
- commit 7afe440

- RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS (git-fixes)
- commit 25e36c2

- RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes)
- commit a18704a

- RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes)
- commit 7b15e64

- RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes)
- commit 60eb35c

- RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 (git-fixes)
- commit 3ab1ca2

- RDMA/hns: Don't modify rq next block addr in HIP09 QPC (git-fixes)
- commit 7100eb8

- RDMA/mlx5: Limit usage of over-sized mkeys from the MR cache (git-fixes)
- commit 914ed66

- RDMA/mlx5: Fix counter update on MR cache mkey creation (git-fixes)
- commit 60e75bb

- RDMA/erdma: Return QP state in erdma_query_qp (git-fixes)
- commit 09a59c3

- IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes)
- commit 38bf526

- RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes)
- commit c4f28a8

- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes)
- commit 0456b72

- RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes)
- commit 4cb7201

- blacklist.conf: add one for clang and one PCI git-fixes
- commit b26aea4

- Revert "PCI: Extend ACS configurability (bsc#1228090)." (bsc#1229019)
  This reverts commit 571e4310e81312c847a5caee7e45e66aeea2a169. It breaks
  ACS on certain platforms. Even 6.11 is affected. So drop for now and
  investigate.
- commit 3b92a44

- blacklist.conf: CVE-2024-44972 bsc#1230212: not applicable
  Subpage code exists but zoned mode is not enabled being hidden behind
  CONFIG_BTRFS_DEBUG.
- commit ed17920

- btrfs: handle errors from btrfs_dec_ref() properly (CVE-2024-46753 bsc#1230796)
- commit 3e3b2cb

- blacklist.conf: kABI
- commit 05421bb

- media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes).
- commit 62ef4d1

- media: qcom: camss: Remove use_count guard in stop_streaming
  (git-fixes).
- commit ef85228

- Revert "media: tuners: fix error return code of
  hybrid_tuner_request_state()" (git-fixes).
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds
  write error (git-fixes).
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds
  write error (git-fixes).
- commit 48dc3a9

- net: bridge: xmit: make sure we have at least eth header len
  bytes (CVE-2024-38538 bsc#1226606).
- commit 2548071

- PKCS#7: Check codeSigning EKU of certificates in PKCS#7
  (bsc#1226666).
- commit dbae63e

- xen/swiotlb: fix allocated size (git-fixes).
- commit 199871d

- xen/swiotlb: add alignment check for dma buffers (bsc#1229928).
- commit 0ffbc04

- xen: tolerate ACPI NVS memory overlapping with Xen allocated
  memory (bsc#1226003).
- commit 3dc14d8

- xen: allow mapping ACPI data using a different physical address
  (bsc#1226003).
- commit 0928eec

- x86/tdx: Fix data leak in mmio_read() (CVE-2024-46794 bsc#1230825)
- commit 9a2a1c2

- tcp_bpf: fix return value of tcp_bpf_sendmsg() (CVE-2024-46783 bsc#1230810)
- commit eb9d143

- nvme: fix namespace removal list (git-fixes).
- commit b45d192

- ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() (CVE-2024-46735 bsc#1230727)
- commit 23e039f

- Update references for patches.suse/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch (CVE-2024-46737 bsc#1230730)
- commit 8ce7f58

- xen: add capability to remap non-RAM pages to different PFNs
  (bsc#1226003).
- commit 47109fd

- net/mlx5e: SHAMPO, Fix incorrect page release (CVE-2024-46717 bsc#1230719)
- commit d6a30a9

- xen: move max_pfn in xen_memory_setup() out of function scope
  (bsc#1226003).
- commit 2750357

- xen: move checks for e820 conflicts further up (bsc#1226003).
- commit 191a602

- xen: introduce generic helper checking for memory map conflicts
  (bsc#1226003).
- commit eb57cec

- xen: use correct end address of kernel for conflict checking
  (bsc#1226003).
- commit c40fc6b

- scsi: lpfc: Copyright updates for 14.4.0.4 patches (bsc#1229429
  jsc#PED-9899).
- scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429
  jsc#PED-9899).
- scsi: lpfc: Update PRLO handling in direct attached topology
  (bsc#1229429 jsc#PED-9899).
- scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct
  attached topology (bsc#1229429 jsc#PED-9899).
- scsi: lpfc: Fix unintentional double clearing of vmid_flag
  (bsc#1229429 jsc#PED-9899).
- scsi: lpfc: Validate hdwq pointers before dereferencing in
  reset/errata paths (bsc#1229429 jsc#PED-9899).
- scsi: lpfc: Remove redundant vport assignment when building
  an abort request (bsc#1229429 jsc#PED-9899).
- scsi: lpfc: Change diagnostic log flag during receipt of
  unknown ELS cmds (bsc#1229429 jsc#PED-9899).
- scsi: lpfc: Fix overflow build issue (bsc#1229429 jsc#PED-9899).
- commit 18ec475

- drm/vmwgfx: Prevent unmapping active read buffers (bsc#1230540 CVE-2024-46710)
- commit 84f019d

- nvme-tcp: fix link failure for TCP auth (git-fixes).
- nvmet: Identify-Active Namespace ID List command should reject
  invalid nsid (git-fixes).
- nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes).
- nvme-pci: allocate tagset on reset if necessary (git-fixes).
- nvmet-tcp: fix kernel crash if commands allocation fails
  (git-fixes).
- nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes).
- nvme: use srcu for iterating namespace list (git-fixes).
  Refresh:
  - patches.suse/nvme-tcp-sanitize-tls-key-handling.patch
- nvmet-rdma: fix possible bad dereference when freeing rsps
  (git-fixes).
- nvmet-tcp: do not continue for invalid icreq (git-fixes).
- nvme: clear caller pointer on identify failure (git-fixes).
- nvmet-trace: avoid dereferencing pointer too early (git-fixes).
- commit 7382ad4

- Update
  patches.suse/KVM-arm64-vgic-v2-Check-for-non-NULL-vCPU-in-vgic_v2.patch
  (git-fixes CVE-2024-36953 bsc#1225812).
- Update
  patches.suse/vfio-pci-fix-potential-memory-leak-in-vfio_intx_enab.patch
  (git-fixes CVE-2024-38632 bsc#1226860).
  Add CVE references.
- commit c9c3b6f

- nilfs2: fix potential oob read in nilfs_btree_check_delete()
  (git-fixes).
- commit cc0f59d

- nilfs2: determine empty node blocks as corrupted (git-fixes).
- commit 3244e52

- nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
  (git-fixes).
- commit 90f4e49

- media: mtk-vcodec: potential null pointer deference in SCP (CVE-2024-40973 bsc#1227890)
- commit ce5074d

- btrfs: don't BUG_ON() when 0 reference count at
  btrfs_lookup_extent_info() (bsc#1230786 CVE-2024-46751).
- btrfs: reduce nesting for extent processing at
  btrfs_lookup_extent_info() (bsc#1230794 CVE-2024-46752).
- btrfs: remove superfluous metadata check at
  btrfs_lookup_extent_info() (bsc#1230794 CVE-2024-46752).
- btrfs: replace BUG_ON() with error handling at
  update_ref_for_cow() (bsc#1230794 CVE-2024-46752).
- btrfs: simplify setting the full backref flag at
  update_ref_for_cow() (bsc#1230794 CVE-2024-46752).
- btrfs: remove NULL transaction support for
  btrfs_lookup_extent_info() (bsc#1230794 CVE-2024-46752).
- btrfs: remove level argument from btrfs_set_block_flags
  (bsc#1230794 CVE-2024-46752).
- commit a1c1176

- btrfs: send: allow cloning non-aligned extent if it ends at
  i_size (bsc#1230854).
- commit e9cad4b

- blacklist.conf: kABI
- commit 5244a06

- ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes).
- commit 1f37ac4

- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
  (git-fixes).
- commit b7bf7eb

- ocfs2: remove unreasonable unlock in ocfs2_read_blocks
  (git-fixes).
- commit e2cb129

- ocfs2: fix null-ptr-deref when journal load failed (git-fixes).
- commit b463b02

- jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes).
- commit d948d87

- of/irq: Prevent device address out-of-bounds read in interrupt
  map walk (CVE-2024-46743 bsc#1230756).
- commit 300f40a

- i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq()
  (git-fixes).
- i2c: isch: Add missed 'else' (git-fixes).
- i2c: xiic: Wait for TX empty to avoid missed TX NAKs
  (git-fixes).
- i2c: aspeed: Update the stop sw state when the bus recovery
  occurs (git-fixes).
- resource: fix region_intersects() vs add_memory_driver_managed()
  (git-fixes).
- drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind()
  (git-fixes).
- drm/msm: fix %s null argument error (git-fixes).
- drm/msm/dsi: correct programming sequence for SM8350 / SM8450
  (git-fixes).
- drm/msm/a5xx: workaround early ring-buffer emptiness check
  (git-fixes).
- drm/msm/a5xx: fix races in preemption evaluation stage
  (git-fixes).
- drm/msm/a5xx: properly clear preemption records on resume
  (git-fixes).
- drm/msm/a5xx: disable preemption in submits by default
  (git-fixes).
- drm/msm: Fix incorrect file name output in adreno_request_fw()
  (git-fixes).
- drm/mediatek: ovl_adaptor: Add missing of_node_put()
  (git-fixes).
- drm: omapdrm: Add missing check for alloc_ordered_workqueue
  (git-fixes).
- drm/radeon/evergreen_cs: fix int overflow errors in cs track
  offsets (git-fixes).
- drm/amd/amdgpu: Properly tune the size of struct (git-fixes).
- drm/radeon: properly handle vbios fake edid sizing (git-fixes).
- drm/amdgpu: properly handle vbios fake edid sizing (git-fixes).
- drm/amd/display: Add null check for set_output_gamma in
  dcn30_set_output_transfer_func (git-fixes).
- drm/amdgpu: fix a possible null pointer dereference (git-fixes).
- drm/radeon: fix null pointer dereference in
  radeon_add_common_modes (git-fixes).
- drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get
  (git-fixes).
- drm/bridge: lontium-lt8912b: Validate mode in
  drm_bridge_funcs::mode_valid() (git-fixes).
- drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode
  (git-fixes).
- drm/rockchip: vop: Allow 4096px width scaling (git-fixes).
- drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066
  (git-fixes).
- drm/rockchip: vop: clear DMA stop bit on RK3066 (git-fixes).
- drm/stm: ltdc: check memory returned by devm_kzalloc()
  (git-fixes).
- drm/stm: Fix an error handling path in stm_drm_platform_probe()
  (git-fixes).
- ata: libata: Clear DID_TIME_OUT for ATA PT commands with sense
  data (git-fixes).
- HID: wacom: Do not warn about dropped packets for first packet
  (git-fixes).
- HID: wacom: Support sequence numbers smaller than 16-bit
  (git-fixes).
- tpm: Clean up TPM space after command failure (git-fixes).
- ipmi: docs: don't advertise deprecated sysfs entries
  (git-fixes).
- commit b4e4911

- smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (CVE-2024-46686 bsc#1230517)
- commit a155846

- firmware: qcom: scm: Mark get_wq_ctx() as atomic call (CVE-2024-46692 bsc#1230520)
- commit ee65da0

- scsi: aacraid: Fix double-free on probe failure (CVE-2024-46673 bsc#1230506)
- commit 49aab2b

- gtp: fix a potential NULL pointer dereference (CVE-2024-46677 bsc#1230549)
- commit 9cdd14b

- blacklist.conf: CVE-2024-46711 bsc#1230542: code partially present, fix part of refactoring and fix series
  The patch to backport is one in a number of about 30 patches refactoring
  and reworking MPTCP subflow handling. Several other patches are needed
  just to apply it cleanly but also change some of the logic where the
  actual fix would apply.
- commit 1a03613

- ethtool: check device is present when getting link settings (CVE-2024-46679 bsc#1230556)
- commit 68643d1

- md/raid5: avoid BUG_ON() while continue reshape after
  reassembling (bsc#1229790, CVE-2024-43914).
- commit bfb799a

- xfs: restrict when we try to align cow fork delalloc to cowextsz
  hints (git-fixes).
- commit 96ac1b7

- clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get()
  (bsc#1227885).
- commit bf3362b

- Replace git-fixes tag by bsc#1226507,
  patches.suse/md-Don-t-wait-for-MD_RECOVERY_NEEDED-for-HOT_REMOVE_DISK-ioctl-a1fd.patch
  (bsc#1226507).
- commit b04e0cb

- closures: Change BUG_ON() to WARN_ON() (bsc#1229004,
  CVE-2024-42252).
- commit 84b7984

- clk: Add a devm variant of clk_rate_exclusive_get()
  (bsc#1227885).
- commit b6fb747

- r8152: add vendor/device ID pair for D-Link DUB-E250
  (git-fixes).
- Refresh
  patches.suse/r8152-add-vendor-device-ID-pair-for-ASUS-USB-C2500.patch.
- commit 0c077ab

- usbnet: ipheth: fix carrier detection in modes 1 and 4
  (git-fixes).
- commit 591cebb

- usbnet: ipheth: do not stop RX on failing RX callback
  (git-fixes).
- commit c58c483

- usbnet: ipheth: drop RX URBs with no payload (git-fixes).
- commit 73a78e2

- KVM: arm64: Disallow copying MTE to guest memory while KVM is
  dirty logging (git-fixes).
- commit 3cf4c02

- usbnet: ipheth: remove extraneous rx URB length check
  (git-fixes).
- commit 507443a

- usbnet: ipheth: add CDC NCM support (git-fixes).
- commit 1bf1d1e

- KVM: arm64: Release pfn, i.e. put page, if copying MTE tags
  hits ZONE_DEVICE (git-fixes).
- commit 64bccd6

- usbnet: ipheth: transmit URBs without trailing padding
  (git-fixes).
- usbnet: ipheth: fix risk of NULL pointer deallocation
  (git-fixes).
- commit d804072

- KVM: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe
  hyp init (git-fixes).
- commit 30df9d2

- drm/amd/display: Solve mst monitors blank out problem after
  resume (git-fixes).
- commit cd94b30

- virtio-net: synchronize probe with ndo_set_features (git-fixes).
- commit 1a471dd

- fbdev: hpfb: Fix an error handling path in hpfb_dio_probe()
  (git-fixes).
- hwmon: (ntc_thermistor) fix module autoloading (git-fixes).
- hwmon: (max16065) Fix overflows seen when writing limits
  (git-fixes).
- mtd: powernv: Add check devm_kasprintf() returned value
  (git-fixes).
- mtd: slram: insert break after errors in parsing the map
  (git-fixes).
- power: supply: hwmon: Fix missing temp1_max_alarm attribute
  (git-fixes).
- power: supply: Drop use_cnt check from
  power_supply_property_is_writeable() (git-fixes).
- power: supply: max17042_battery: Fix SOC threshold calc w/
  no current sense (git-fixes).
- power: supply: axp20x_battery: Remove design from min and max
  voltage (git-fixes).
- pinctrl: meteorlake: Add Arrow Lake-H/U ACPI ID (stable-fixes).
- drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes).
- drm/amd/display: Avoid race between dcn10_set_drr() and
  dc_state_destruct() (git-fixes).
- Input: synaptics - enable SMBus for HP Elitebook 840 G2
  (stable-fixes).
- Input: ads7846 - ratelimit the spi_sync error message
  (stable-fixes).
- drm/msm/adreno: Fix error return if missing firmware-name
  (stable-fixes).
- scripts: kconfig: merge_config: config files: add a trailing
  newline (stable-fixes).
- platform/surface: aggregator_registry: Add support for Surface
  Laptop Go 3 (stable-fixes).
- platform/surface: aggregator_registry: Add Support for Surface
  Pro 10 (stable-fixes).
- HID: multitouch: Add support for GT7868Q (stable-fixes).
- drm/mediatek: Set sensible cursor width/height values to fix
  crash (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Ayn Loki Max
  (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero
  (stable-fixes).
- wifi: mt76: mt7921: fix NULL pointer access in
  mt7921_ipv6_addr_change (stable-fixes).
- net: phy: vitesse: repair vsc73xx autonegotiation
  (stable-fixes).
- cxl/core: Fix incorrect vendor debug UUID define (git-fixes).
- drm/amd/display: Fix FEC_READY write on DP LT (stable-fixes).
- drm/amd/display: Defer handling mst up request in resume
  (stable-fixes).
- drm/amd/display: Disable error correction if it's not supported
  (stable-fixes).
- commit 040b0ea

- i2c: lpi2c: Avoid calling clk_get_rate during transfer
  (bsc#1227885 CVE-2024-40965).
- commit abb755c

- x86/mm/ident_map: Use gbpages only where full GB page should
  be mapped (bsc#1220382).
- x86/kexec: Add EFI config table identity mapping for kexec
  kernel (bsc#1220382).
- commit 26eab5b

- Move upstreamed nvme patches into sorted section
- commit 1e42d2f

- spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ
  (git-fixes).
- commit 1cec71a

- ASoC: meson: Remove unused declartion in header file
  (git-fixes).
- ASoC: soc-ac97: Fix the incorrect description (git-fixes).
- ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer
  the error (git-fixes).
- ASoC: tas2781-i2c: Get the right GPIO line (git-fixes).
- ASoC: cs42l42: Convert comma to semicolon (git-fixes).
- ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer
  the error (git-fixes).
- ALSA: hda: cs35l41: fix module autoloading (git-fixes).
- selftests: lib: remove strscpy test (git-fixes).
- scripts: sphinx-pre-install: remove unnecessary double check
  for $cur_version (git-fixes).
- Documentation: ioctl: document 0x07 ioctl code (git-fixes).
- module: Fix KCOV-ignored file name (git-fixes).
- reset: k210: fix OF node leak in probe() error path (git-fixes).
- reset: berlin: fix OF node leak in probe() error path
  (git-fixes).
- bus: integrator-lm: fix OF node leak in probe() (git-fixes).
- soc: fsl: cpm1: tsa: Fix tsa_write8() (git-fixes).
- firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp()
  (git-fixes).
- firmware: arm_scmi: Fix double free in OPTEE transport
  (git-fixes).
- soc: versatile: integrator: fix OF node leak in probe() error
  path (git-fixes).
- memory: mtk-smi: Use devm_clk_get_enabled() (git-fixes).
- memory: tegra186-emc: drop unused to_tegra186_emc() (git-fixes).
- spi: bcm63xx: Fix module autoloading (git-fixes).
- spi: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes).
- spi: meson-spicc: convert comma to semicolon (git-fixes).
- spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes).
- regulator: core: Fix regulator_is_supported_voltage() kerneldoc
  return value (git-fixes).
- regulator: core: Fix short description for
  _regulator_check_status_enabled() (git-fixes).
- regulator: Return actual error in of_regulator_bulk_get_all()
  (git-fixes).
- regulator: rt5120: Convert comma to semicolon (git-fixes).
- regulator: wm831x-isink: Convert comma to semicolon (git-fixes).
- clocksource/drivers/qcom: Add missing iounmap() on errors in
  msm_dt_timer_init() (git-fixes).
- commit 994b020

- cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails
  appropriately (git-fixes).
- ACPI: CPPC: Fix MASK_VAL() usage (git-fixes).
- ACPI: PMIC: Remove unneeded check in
  tps68470_pmic_opregion_probe() (git-fixes).
- ACPI: sysfs: validate return type of _STR method (git-fixes).
- crypto: ccp - do not request interrupt on cmd completion when
  irqs disabled (git-fixes).
- hwrng: mtk - Use devm_pm_runtime_enable (git-fixes).
- crypto: ccp - Properly unregister /dev/sev on sev
  PLATFORM_STATUS failure (git-fixes).
- hwrng: cctrng - Add missing clk_disable_unprepare in
  cctrng_resume (git-fixes).
- hwrng: bcm2835 - Add missing clk_disable_unprepare in
  bcm2835_rng_init (git-fixes).
- crypto: iaa - Fix potential use after free bug (git-fixes).
- crypto: xor - fix template benchmarking (git-fixes).
- can: m_can: m_can_close(): stop clocks after device has been
  shut down (git-fixes).
- can: m_can: enable NAPI before enabling interrupts (git-fixes).
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry()
  (git-fixes).
- Bluetooth: btusb: Fix not handling ZPL/short-transfer
  (git-fixes).
- Bluetooth: hci_sync: Ignore errors from
  HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes).
- Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED
  (git-fixes).
- wifi: mt76: mt7925: fix a potential array-index-out-of-bounds
  issue for clc (git-fixes).
- wifi: mt76: mt7615: check devm_kasprintf() returned value
  (git-fixes).
- wifi: mt76: mt7921: Check devm_kasprintf() returned value
  (git-fixes).
- wifi: mt76: mt7915: check devm_kasprintf() returned value
  (git-fixes).
- wifi: mt76: mt7996: fix uninitialized TLV data (git-fixes).
- wifi: mt76: mt7915: fix rx filter setting for bfee functionality
  (git-fixes).
- wifi: mt76: mt7603: fix mixed declarations and code (git-fixes).
- wifi: mt76: connac: fix checksum offload fields of connac3 RXD
  (git-fixes).
- wifi: mt76: mt7996: fix NULL pointer dereference in
  mt7996_mcu_sta_bfer_he (git-fixes).
- wifi: mt76: mt7996: fix EHT beamforming capability check
  (git-fixes).
- wifi: mt76: mt7996: fix HE and EHT beamforming capabilities
  (git-fixes).
- wifi: mt76: mt7996: fix wmm set of station interface to 3
  (git-fixes).
- wifi: mt76: mt7996: fix traffic delay when switching back to
  working channel (git-fixes).
- wifi: mt76: mt7996: use hweight16 to get correct tx antenna
  (git-fixes).
- wifi: mt76: mt7921: fix wrong UNII-4 freq range check for the
  channel usage (git-fixes).
- wifi: mt76: mt7915: fix oops on non-dbdc mt7986 (git-fixes).
- wifi: rtw88: remove CPT execution branch never used (git-fixes).
- wifi: wilc1000: fix potential RCU dereference issue in
  wilc_parse_join_bss_param (git-fixes).
- wifi: mac80211: use two-phase skb reclamation in
  ieee80211_do_stop() (git-fixes).
- wifi: cfg80211: fix two more possible UBSAN-detected off-by-one
  errors (git-fixes).
- wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan()
  (git-fixes).
- wifi: mac80211: fix the comeback long retry times (git-fixes).
- wifi: cfg80211: fix bug of mapping AF3x to incorrect User
  Priority (git-fixes).
- wifi: iwlwifi: mvm: increase the time between ranging
  measurements (git-fixes).
- wifi: mac80211: don't use rate mask for offchannel TX either
  (git-fixes).
- wifi: ath12k: fix invalid AMPDU factor calculation in
  ath12k_peer_assoc_h_he() (git-fixes).
- wifi: ath12k: match WMI BSS chan info structure with firmware
  definition (git-fixes).
- wifi: ath12k: fix BSS chan info request WMI command (git-fixes).
- wifi: ath9k: Remove error checks when creating debugfs entries
  (git-fixes).
- wifi: rtw88: always wait for both firmware loading attempts
  (git-fixes).
- wifi: rtw88: 8822c: Fix reported RX band width (git-fixes).
- wifi: brcmfmac: introducing fwil query functions (git-fixes).
- can: j1939: use correct function name in comment (git-fixes).
- commit ffce0ad

- net: tighten bad gso csum offset check in virtio_net_hdr
  (git-fixes).
- commit 6b94c45

- blacklist.conf: add 840b2d39a2dc ("virtio_ring: fix KMSAN error for premapped mode")
- commit 2b97440

- KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE
  and MSR_GS_BASE (git-fixes).
- commit aeba695

- blacklist.conf: add 611ff1b1ae98 ("xen: privcmd: Fix possible access to a freed kirqfd instance")
- commit d91e53f

- fscache: delete fscache_cookie_lru_timer when fscache exits
  to avoid  UAF (bsc#1230602).
- commit d2c95a5

- Update
  patches.suse/virtio_net-Fix-napi_skb_cache_put-warning.patch
  (git-fixes CVE-2024-43835 bsc#1229289).
- commit b9542fb

- x86/hyperv: fix kexec crash due to VP assist page corruption
  (git-fixes).
- Drivers: hv: vmbus: Fix the misplaced function description
  (git-fixes).
- commit c60d936

- Update references
  patches.suse/selinux-smack-don-t-bypass-permissions-check-in-inod.patch
  (stable-fixes CVE-2024-46695 bsc#1230519).
- commit 2a7bb57

- NFSv4: Add missing rescheduling points in
  nfs_client_return_marked_delegations (git-fixes).
- commit a563f31

- nfsd: Don't leave work of closing files to a work queue
  (bsc#1228140).
- Refresh
  patches.suse/nfsd-use-__fput_sync-to-avoid-delayed-closing-of-fil.patch.
- commit 83ce74a

- ASoC: meson: axg-card: fix 'use-after-free' (git-fixes).
- ASoC: codecs: avoid possible garbage value in peb2466_reg_read()
  (git-fixes).
- commit 5a67afd

- kABI workaround for soc-qcom pmic_glink changes (CVE-2024-46693
  bsc#1230521).
- commit 9a06e25

- usb: typec: ucsi: Move unregister out of atomic section
  (CVE-2024-46691 bsc#1230526).
- soc: qcom: pmic_glink: Fix race during initialization
  (CVE-2024-46693 bsc#1230521).
- commit 26dd9b4

- spi: nxp-fspi: fix the KASAN report out-of-bounds bug
  (git-fixes).
- drm/syncobj: Fix syncobj leak in drm_syncobj_eventfd_ioctl
  (git-fixes).
- drm/nouveau/fb: restore init() for ramgp102 (git-fixes).
- dma-buf: heaps: Fix off-by-one in CMA heap fault handler
  (git-fixes).
- drm/i915/guc: prevent a possible int overflow in wq offsets
  (git-fixes).
- usbnet: ipheth: race between ipheth_close and error handling
  (stable-fixes).
- commit 8d8bf2f

- md/raid1: Fix data corruption for degraded array with slow disk
  (bsc#1230455, CVE-2024-45023).
- commit 34cd7b5

- perf/x86/intel: Limit the period on Haswell (git-fixes).
- perf/x86: Fix smp_processor_id()-in-preemptible warnings
  (git-fixes).
- perf/x86/intel/cstate: Add pkg C2 residency counter for Sierra
  Forest (git-fixes).
- ARM: 9406/1: Fix callchain_trace() return value (git-fixes).
- bpf, events: Use prog to emit ksymbol event for main program
  (git-fixes).
- perf/x86/intel: Add a distinct name for Granite Rapids
  (git-fixes).
- perf/x86/intel/ds: Fix non 0 retire latency on Raptorlake
  (git-fixes).
- perf/x86/intel/uncore: Fix the bits of the CHA extended umask
  for SPR (git-fixes).
- perf: Fix event leak upon exit (git-fixes).
- perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake
  (git-fixes).
- perf: Fix default aux_watermark calculation (git-fixes).
- perf: Prevent passing zero nr_pages to rb_alloc_aux()
  (git-fixes).
- perf: Fix perf_aux_size() for greater-than 32-bit size
  (git-fixes).
- perf/x86/intel/pt: Fix pt_topa_entry_for_page() address
  calculation (git-fixes).
- perf/x86/intel/pt: Fix a topa_entry base address calculation
  (git-fixes).
- perf/x86/intel/pt: Fix topa_entry base length (git-fixes).
- perf/x86: Serialize set_attr_rdpmc() (git-fixes).
- perf/core: Fix missing wakeup when waiting for context reference
  (git-fixes).
- perf/x86/intel: Factor out the initialization code for SPR
  (git fixes).
- perf/x86/intel: Use the common uarch name for the shared
  functions (git fixes).
- commit bb48e43

- blacklist.conf: Add perf git-fix that won't be backported
- commit fbbd522

- nvme: move stopping keep-alive into nvme_uninit_ctrl() (CVE-2024-45013 bsc#1230442)
- commit ce739c4

- i2c: tegra: Do not mark ACPI devices as irq safe (CVE-2024-45029 bsc#1230451)
- commit 2870112

- netfilter: flowtable: initialise extack before use (CVE-2024-45018 bsc#1230431)
- commit 8b44b15

- net/mlx5e: Take state lock during tx timeout reporter (CVE-2024-45019 bsc#1230432)
- commit 2552371

- net/mlx5: Fix IPsec RoCE MPV trace call (CVE-2024-45017 bsc#1230430)
- commit 60aac02

- igb: cope with large MAX_SKB_FRAGS (CVE-2024-45030 bsc#1230457)
- commit d2d3c69

- Move s390 kabi patch into the kabi section
- commit 4ab5d36

- s390/uv: Don't call folio_wait_writeback() without a folio
  reference (git-fixes bsc#1229380 CVE-2024-43832).
- s390/mm: Convert gmap_make_secure to use a folio (git-fixes
  bsc#1230562).
- s390/mm: Convert make_page_secure to use a folio (git-fixes
  bsc#1230563).
- s390: allow pte_offset_map_lock() to fail (git-fixes
  bsc#1230564).
- commit 7069eb7

- mm/vmalloc: fix page mapping if vm_area_alloc_pages() with
  high order fallback to order 0 (CVE-2024-45022 bsc#1230435).
- commit cc8880a
curl
- Security fix: [bsc#1232528, CVE-2024-9681]
  * HSTS subdomain overwrites parent cache entry
  * Add curl-CVE-2024-9681.patch
gnutls
- FIPS: Do not allow curve P-192 for signature or keypair verification [bsc#1227669]
  * Add gnutls-FIPS-p192-disabled.patch

- FIPS: Allow to perform the integrity check with the hmac provided
  by each library [bsc#1226724]
  * Rebase gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch

- FIPS: bsc#1230166
  * Mark gnutls_hash_fast operations as approved in SLI.
  * Add gnutls-FIPS-gnutls_hash_fast-SLI.patch

- FIPS: bsc#1226733
  * Run pairwise consistency test only in FIPS mode
  * Backport upstream commit 5c276953c1536375fba96bc769e1cb5d3123b4a7
  * Add gnutls-pct-in-FIPS-only.patch

- FIPS: bsc#1226733
  * Use full hash+sign operations, not low level primitives in PCT test.
  * Add gnutls-FIPS-full-hash_sign.patch

- FIPS: bsc#1227642
  * Mark SHA1 as not allowed for signature verification in both RSA and ECDSA sigVer.
  * Add gnutls-FIPS-no-sha1-verify.patch

- FIPS: bsc#1227670
  * Allow RSA signature verification with min of 2048 bit modulus.
  * Add gnutls-FIPS-rsa-min-2048.patch

- FIPS: [bsc#1227671, bsc#1226731]
  * Remove not needed DSA in selfchecks in FIPS mode.
  * Add gnutls-FIPS-no_dsa_selftest.patch
open-iscsi
- Update to version 2.1.10.suse+51.fea0fde82ed1:
  * Incudes upstream version 2.1.10 plus some fixes
  * Fix firmware targets startup to always be "onboot" (#482)
    (bsc#1228084)
  * Change a discovery function to void return type (#481)
  * Fix gcc issues (#480)
  * Bugfix read specific sysfs value "off" of session attribute (#466)
  * Fix bug where abort_tmo read failures were ignored. (#467)
  * grammar nitpicks (#464)
  * Fix memory leak in iscsi_check_session_use_count (#465)
  * improve the comments in idbm_lock() (#458)
  * Make it visible when memory allocation failure (#457)
  * Better handle multiple iscsiadm commands (#453)
  * iscsiadm: allow hostnames in node-mode commands (#451)
  * Modify how workqueue priority is set (#445)
  * Fix authmethod check by printing a warning message when CHAP used and authmethod=None (#443)
  * iscsid: Rescan devices on relogin (#444)
  * Adds missing characters in README. (#440)
  * Turn off iSCSI NOP-Outs, by default.
  * fix: add usr/iscsid_req.h missinig underline (#431) (#436)

- Updated to latest upstream: two small changes, with no known
  functional changes:
  * Incorrect documentation for `iscsiadm -m session` print level
    (upstream issue #432)
  * Stop using deprecated inet_aton and inet_ntoa (upstream issue
    [#435])
- Also, stopped using pre-prepared tarballs for the build, instead
  now using a service file to get latest SUSE srouces directly.
  This removed these two files:
  * open-iscsi-2.1.9-suse.tar.bz2, and
  * open-iscsi-SUSE-latest.diff.bz2
  whcih were both created by a shell script, and added a service-
  file-generated file of the form:
  * open-iscsi-2.1.9.suse+TAG_OFFSET.tar.xz
  where TAG_OFFSET is of the form "COMMIT_COUNT.HASH", where
  COMMIT_COUNT is the count of commits since 2.1.9-suse (in this
  case), and HASH is the git commit hash being used.
openssl-1_1
- Security fix: [bsc#1220262, CVE-2023-50782]
  * Implicit rejection in PKCS#1 v1.5
  * Add openssl-CVE-2023-50782.patch

- FIPS: AES GCM external IV implementation [bsc#1228618]
  * Mark the standalone AES-GCM encryption with external IV
    as non-approved in the SLI.
  * Add openssl-1_1-ossl-sli-021-AES-GCM-external-IV.patch

- FIPS: Mark PBKDF2 and HKDF HMAC input keys with size >= 112 bits
  as approved in the SLI. [bsc#1228623]
  * openssl-1_1-ossl-sli-020-PBKDF2-HMAC-size-SLI.patch

- FIPS: Enforce KDF in FIPS style [bsc#1224270]
  * Add openssl-1_1-ossl-sli-019-Enforce-KDF.patch

- FIPS: Mark HKDF and TLSv1.3 KDF as approved in the SLI [bsc#1228619]
  * Add openssl-1_1-ossl-sli-018-TLS13-HKDF.patch

- FIPS: The X9.31 scheme is not approved for RSA signature
  operations in FIPS 186-5. [bsc#1224269]
  * Add openssl-1_1-ossl-sli-017-X9.31-sign.patch

- FIPS: Differentiate the PSS length requirements [bsc#1224275]
  * Add openssl-1_1-ossl-sli-016-PSS-length.patch

- FIPS: Mark sigGen and sigVer primitives as non-approved [bsc#1224272]
  * Add openssl-1_1-ossl-sli-015-sigver-hashing.patch

- FIPS: Disable PKCSv1.5 and shake in FIPS mode [bsc#1224271]
  * FIPS 186-5 Section 5.4 disallows RSA PKCSv1.5 signature
    operations with XOF.
  * Add openssl-1_1-ossl-sli-014-PKCSv1.5-and-shake.patch

- FIPS: Mark SHA1 as non-approved in the SLI [bsc#1224266]
  * Add openssl-1_1-ossl-sli-013-Mark-SHA1-unapproved.patch

- FIPS: DH FIPS selftest and safe prime group [bsc#1224264]
  * Add openssl-1_1-ossl-sli-012-DH-selftest-and-safe-prime-group.patch
openssl-3
- Security fix: [bsc#1220262, CVE-2023-50782]
  * Implicit rejection in PKCS#1 v1.5
  * Add openssl-CVE-2023-50782.patch
python3
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
  path names provided when creating a virtual environment
  (bsc#1232241, CVE-2024-9287)

- Drop .pyc files from docdir for reproducible builds
  (bsc#1230906).
cyrus-sasl
- Make DIGEST-MD5 work with openssl3 ( bsc#1230111 )
  RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings.
  * Add cyrus-sasl-make-digestmd5-work-ssl3.patch
libzypp
- PluginFrame: Send unescaped colons in header values
  (bsc#1231043)
  According to the STOMP protocol it would be correct to escape a
  colon in a header-value, but it breaks plugin receivers which do
  not expect this. The first colon separates header-name from
  header-value, so escaping in the header-value is not needed
  anyway.
  Escaping in the header-value affects especially the urlresolver
  plugins. The input URL is passed in a header, but sent back as
  raw data in the frames body. If the plugin receiver does not
  correctly unescape the URL we may get back a "https\c//" which is
  not usable.
- Do not ignore return value of std::remove_if in MediaSyncFacade
  (fixes #579)
- Fix hang in curl code with no network connection (bsc#1230912)
- version 17.35.12 (35)
shadow
- bsc#1230972: Add useradd warnings when requested UID is outside
  the default range
- add shadow-bsc1230972-useradd-warning.patch
samba
- Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated;
  (bso#15699); (bsc#1229684).
- Update to 4.19.8
  * Invalid client warning about command line passwords;
    (bso#15671);
  * Version string is truncated in manpages; (bso#15672);
  * --version-* options are still not ergonomic, and they reject
    tilde characters; (bso#15673);
  * cmdline_burn does not always burn secrets; (bso#15674);
  * Samba doesn't parse SDDL found in defaultSecurityDescriptor
    in AD_DS_Classes_Windows_Server_v1903.ldf; (bso#15685);
  * We have added new options --vendor-name and --vendor-patch-
    revision arguments to ./configure to allow distributions and
    packagers to put their name in the Samba version string so that
    when debugging Samba the source of the binary is obvious;
    (bso#15654);
  * When claims enabled with heimdal kerberos, unable to log on to a
    Windows computer when user account need to change their own
    password; (bso#15655);
  * Fix clock skew error message and memory cache clock skew
    recovery; (bso#15676);
  * CTDB RADOS mutex helper misses namespace support; (bso#15665);
  * The images don't build after the git security release and
    CentOS 8 Stream is EOL; (bso#15660);
  * Fix unnecessary delays in CTDB while processing requests under
    high load; (bso#15678);
  * Dynamic DNS updates with the internal DNS are not working;
    (bso#13019);
  * s4:nbt_server: does not provide unexpected handling, so winbindd
    can't use nmb requests instead cldap; (bso#15620);
  * Panic in vfs_offload_token_db_fetch_fsp(); (bso#15664);
  * "client use kerberos" and --use-kerberos is ignored for the machine
    account; (bso#15666);
  * Regression DFS not working with widelinks = true; (bso#15435);
  * ntlm_auth make logs more consistent with length check; (bso#15677);
wget
- Update 0001-possibly-truncate-pathname-components.patch
  * Take the patch from savannah repository where the checking of the file
    length doesn't include path length.
  * [bsc#1204720, bsc#1231661]
wicked
- Update to version 0.6.77
  - compat-suse: use iftype in sysctl handling (bsc#1230911, gh#openSUSE/wicked#1043)
  - Always generate the ipv4/ipv6 <enabled>true|false</enabled> node
  - Inherit all, default and interface sysctl settings also for loopback,
    except for use_tempaddr and accept_dad.
  - Consider only interface specific accept_redirects sysctl settings.
  - Adopt ifsysctl(5) manual page with wicked specific behavior.
  - route: fix family and destination processing (bsc#1231060)
  - man: improve wicked-config(5) file description (gh#openSUSE/wicked#1039)
  - dhcp4: add ignore-rfc3927-1-6 wicked-config(5) option (jsc#PED-10855, gh#openSUSE/wicked#1038)
  - team: set arp link watcher interval default to 1s (gh#openSUSE/wicked#1037)
  - systemd: use `BindsTo=dbus.service` in favor of `Requisite=` (bsc#1229745)
  - compat-suse: fix use of deprecated `INTERFACETYPE=dummy` (boo#1229555)
  - arp: don't set target broadcast hardware address (gh#openSUSE/wicked#1036)
  - dbus: don't memcpy empty/NULL array value (gh#openSUSE/wicked#1035)
  - ethtool: fix leak and free pause data in ethtool_free (gh#openSUSE/wicked#1030)
- Removed patches included in the source archive:
  [- 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]

- compat-suse: fix dummy interfaces configuration with
  INTERFACETYPE=dummy (boo#1229555, gh#openSUSE/wicked#1031)
  [+ 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]