SUSEConnect
- Update to 0.3.32
- Allow --regcode and --instance-data attributes at the same time (jsc#PCT-164)
- Document that 'debug' can also get set in the config file
- --status will also print the subscription name
- Update to 0.3.31
- Disallow registering via SUSEConnect if the system is managed by SUSE Manager.
- Add subscription name to output of 'SUSEConnect --status'
- Update to 0.3.30
- send payload of GET requests as part of the url,
  not in the body (see bsc#1185611)
apparmor
- apparmor-profiles-samba4.15.diff: Update samba profiles for
  samba 4.15 (jsc#SLE-23330);
at
- Increase TasksMax limit from 512 (systemd default) to 4915,
  fix bsc#1058557
bash
- Add patch bash-4.3-boo1192785.patch
  * setuid causing permission denied on popen (bsc#1192785)
bind
- Fixed CVE-2021-25219:
  The lame-ttl option controls how long named caches certain types
  of broken responses from authoritative servers (see the security
  advisory for details). This caching mechanism could be abused by
  an attacker to significantly degrade resolver performance. The
  vulnerability has been mitigated by changing the default value of
  lame-ttl to 0 and overriding any explicitly set value with 0,
  effectively disabling this mechanism altogether. ISC's testing has
  determined that doing that has a negligible impact on resolver
  performance while also preventing abuse.
  Administrators may observe more traffic towards servers issuing
  certain types of broken responses than in previous BIND 9 releases.
  [bsc#1192146, CVE-2021-25219, bind-CVE-2021-25219.patch]
binutils
- Add binutils-revert-hlasm-insns.diff for compatibility on old
  code stream that expect 'brcl 0,label' to not be disassembled
  as 'jgnop label' on s390x.  [bsc#1192267]
- Rebase binutils-2.37-branch.diff: fixes PR28523 aka boo#1188941.
- Fix empty man-pages from broken release tarball [PR28144].
- Update binutils-skip-rpaths.patch with contained a memory corruption
  (boo#1191473).
- Configure with --disable-x86-used-note on old code streams.
- Disable libalternatives temporarily for build cycle reasons.
- make TARGET-bfd=headers again, we patch bfd-in.h
- This state submitted to SLE12 and SLE15 code streams for annual
  toolchain update. [jsc#PM-2767, jsc#SLE-21561, jsc#SLE-19618]
- Bump binutils-2.37-branch.diff to 66d5c7003, to include fixes for
  PR28422, PR28192, PR28391.  Also adds some s390x arch14
  instructions [jsc#SLE-18637].
- Using libalternatives instead of update-alternatives.
- Adjust for testsuite fails on older products that configure
  binutils in different ways, adds  binutils-compat-old-behaviour.diff
  and adjusts binutils-revert-nm-symversion.diff and
  binutils-revert-plt32-in-branches.diff.
- Bump binutils-2.37-branch.diff: fixes PR28138.
- Use LTO & PGO build.
- Update to binutils 2.37:
  * The GNU Binutils sources now requires a C99 compiler and library to
    build.
  * Support for the arm-symbianelf format has been removed.
  * Support for Realm Management Extension (RME) for AArch64 has been
    added.
  * A new linker option '-z report-relative-reloc' for x86 ELF targets
    has been added to report dynamic relative relocations.
  * A new linker option '-z start-stop-gc' has been added to disable
    special treatment of __start_*/__stop_* references when
  - -gc-sections.
  * A new linker options '-Bno-symbolic' has been added which will
    cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
  * The readelf tool has a new command line option which can be used to
    specify how the numeric values of symbols are reported.
  - -sym-base=0|8|10|16 tells readelf to display the values in base 8,
    base 10 or base 16.  A sym base of 0 represents the default action
    of displaying values under 10000 in base 10 and values above that in
    base 16.
  * A new format has been added to the nm program.  Specifying
    '--format=just-symbols' (or just using -j) will tell the program to
    only display symbol names and nothing else.
  * A new command line option '--keep-section-symbols' has been added to
    objcopy and strip.  This stops the removal of unused section symbols
    when the file is copied.  Removing these symbols saves space, but
    sometimes they are needed by other tools.
  * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
    supported by objcopy now make undefined symbols weak on targets that
    support weak symbols.
  * Readelf and objdump can now display and use the contents of .debug_sup
    sections.
  * Readelf and objdump will now follow links to separate debug info
    files by default.  This behaviour can be stopped via the use of the
    new '-wN' or '--debug-dump=no-follow-links' options for readelf and
    the '-WN' or '--dwarf=no-follow-links' options for objdump.  Also
    the old behaviour can be restored by the use of the
    '--enable-follow-debug-links=no' configure time option.
    The semantics of the =follow-links option have also been slightly
    changed.  When enabled, the option allows for the loading of symbol
    tables and string tables from the separate files which can be used
    to enhance the information displayed when dumping other sections,
    but it does not automatically imply that information from the
    separate files should be displayed.
    If other debug section display options are also enabled (eg
    '--debug-dump=info') then the contents of matching sections in both
    the main file and the separate debuginfo file *will* be displayed.
    This is because in most cases the debug section will only be present
    in one of the files.
    If however non-debug section display options are enabled (eg
    '--sections') then the contents of matching parts of the separate
    debuginfo file will *not* be displayed.  This is because in most
    cases the user probably only wanted to load the symbol information
    from the separate debuginfo file.  In order to change this behaviour
    a new command line option --process-links can be used.  This will
    allow di0pslay options to applied to both the main file and any
    separate debuginfo files.
  * Nm has a new command line option: '--quiet'.  This suppresses "/no
    symbols"/ diagnostic.
- Includes fixes for these CVEs:
  bnc#1181452 aka CVE-2021-20197 aka PR26945
  bnc#1183511 aka CVE-2021-20284 aka PR26931
  bnc#1184519 aka CVE-2021-20294 aka PR26929
  bnc#1184620 aka CVE-2021-3487 aka PR26946
  bnc#1184794 aka CVE-2020-35448 aka PR26574
- Also fixes:
  bsc#1183909 - slow performance of stripping some binaries
- Rebased patches: binutils-build-as-needed.diff, binutils-fix-abierrormsg.diff,
  binutils-fix-invalid-op-errata.diff, binutils-fix-relax.diff,
  binutils-revert-nm-symversion.diff, binutils-revert-plt32-in-branches.diff
- Removed patches (are in upstream): ppc-ensure-undef-dynamic-weak-undefined.patch and
  ppc-use-local-plt.patch.
- Add binutils-2.37-branch.diff.gz.
- ppc-ensure-undef-dynamic-weak-undefined.patch: PPC: ensure_undef_dynamic
  on weak undef only in plt
- ppc-use-local-plt.patch: PowerPC use_local_plt (prerequisite for above
  patch)
- Update 2.36 branch diff which fixes PR27587.
- Do not run make TARGET-bfd=headers separately.
- Bump 2.36 branch diff (includes fix for PR27441 aka bsc#1182252).
- Bump 2.36 branch diff.
- Update 2.36 branch diff which should fix PR27311 completely.
  It fixes also PR27284.
- Remove temporary fix 0001-PR27311-ld.bfd-symbol-from-plugin-undefined-referenc.patch.
- Add temporary upstream fix for PR27311
  0001-PR27311-ld.bfd-symbol-from-plugin-undefined-referenc.patch.
- Update to binutils 2.36:
  New features in the Assembler:
    General:
  * When setting the link order attribute of ELF sections, it is now
    possible to use a numeric section index instead of symbol name.
  * Added a .nop directive to generate a single no-op instruction in
    a target neutral manner.  This instruction does have an effect on
    DWARF line number generation, if that is active.
  * Removed --reduce-memory-overheads and --hash-size as gas now
    uses hash tables that can be expand and shrink automatically.
    X86/x86_64:
  * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key
    Locker instructions.
  * Support non-absolute segment values for lcall and ljmp.
  * Add {disp16} pseudo prefix to x86 assembler.
  * Configure with --enable-x86-used-note by default for Linux/x86.
    ARM/AArch64:
  * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1,
    Cortex-R82, Neoverse V1, and Neoverse N2 cores.
  * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded
    Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call
    Stack Recorder Extension) and BRBE (Branch Record Buffer
    Extension) system registers.
  * Add support for Armv8-R and Armv8.7-A ISA extensions.
  * Add support for DSB memory nXS barrier, WFET and WFIT
    instruction for Armv8.7.
  * Add support for +csre feature for -march. Add CSR PDEC
    instruction for CSRE feature in AArch64.
  * Add support for +flagm feature for -march in Armv8.4 AArch64.
  * Add support for +ls64 feature for -march in Armv8.7
    AArch64. Add atomic 64-byte load/store instructions for this
    feature.
  * Add support for +pauth (Pointer Authentication) feature for
  - march in AArch64.
    New features in the Linker:
  * Add --error-handling-script=<NAME> command line option to allow
    a helper script to be invoked when an undefined symbol or a
    missing library is encountered.  This option can be suppressed
    via the configure time switch: --enable-error-handling-script=no.
  * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark
    x86-64-{baseline|v[234]} ISA level as needed.
  * Add -z unique-symbol to avoid duplicated local symbol names.
  * The creation of PE format DLLs now defaults to using a more
    secure set of DLL characteristics.
  * The linker now deduplicates the types in .ctf sections.  The new
    command-line option --ctf-share-types describes how to do this:
    its default value, share-unconflicted, produces the most compact
    output.
  * The linker now omits the "/variable section"/ from .ctf sections
    by default, saving space.  This is almost certainly what you
    want unless you are working on a project that has its own
    analogue of symbol tables that are not reflected in the ELF
    symtabs.
  New features in other binary tools:
  * The ar tool's previously unused l modifier is now used for
    specifying dependencies of a static library. The arguments of
    this option (or --record-libdeps long form option) will be
    stored verbatim in the __.LIBDEP member of the archive, which
    the linker may read at link time.
  * Readelf can now display the contents of LTO symbol table
    sections when asked to do so via the --lto-syms command line
    option.
  * Readelf now accepts the -C command line option to enable the
    demangling of symbol names.  In addition the --demangle=<style>,
  - -no-demangle, --recurse-limit and --no-recurse-limit options
    are also now availale.
- Includes fixes for these CVEs:
  bnc#1179898 aka CVE-2020-16590 aka PR25821
  bnc#1179899 aka CVE-2020-16591 aka PR25822
  bnc#1179900 aka CVE-2020-16592 aka PR25823
  bnc#1179901 aka CVE-2020-16593 aka PR25827
  bnc#1179902 aka CVE-2020-16598 aka PR25840
  bnc#1179903 aka CVE-2020-16599 aka PR25842
  bnc#1180451 aka CVE-2020-35493 aka PR25307
  bnc#1180454 aka CVE-2020-35496 aka PR25308
  bnc#1180461 aka CVE-2020-35507 aka PR25308
- Rebase the following patches:
  * binutils-fix-relax.diff
  * binutils-revert-nm-symversion.diff
  * binutils-revert-plt32-in-branches.diff
- Add missing dependency on bc (ld.gold testsuite uses it).
- Use --enable-obsolete for cross builds as ia64 is deprecated now.
- Add binutils-2.36-branch.diff.gz.
- Add binutils-fix-relax.diff to fix linking relaxation problems
  with old object files hitting some enterprise software. [bsc#1179341]
- Update binutils-2.35-branch.diff.gz to commit 1c5243df:
  * Fixes PR26520, aka [bsc#1179036], a problem in addr2line with
    certain DWARF variable descriptions.
  * Also fixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878,
    PR26740, PR26778, PR26763, PR26685, PR26699, PR26902, PR26869,
    PR26711
  * The above includes fixes for dwo files produced by modern dwp,
    fixing several problems in the DWARF reader.
- Reapply spec file cleanup from format_spec_file
- Remove a SLE10 version check
- Update to 2.35.1 and rebased branch diff:
  * This is a point release over the previous 2.35 version, containing bug
  fixes, and as an exception to the usual rule, one new feature.  The
  new feature is the support for a new directive in the assembler:
  "/.nop"/.  This directive creates a single no-op instruction in whatever
  encoding is correct for the target architecture.  Unlike the .space or
  .fill this is a real instruction, and it does affect the generation of
  DWARF line number tables, should they be enabled.
- Update binutils-2.35-branch.diff.gz to commit 23f268a0:
  * Add xBPF target
  * Fix various problems with DWARF 5 support in gas
- Toolchain module update for SLE15 [jsc#ECO-2373]
- Includes changes that were SLE-only in binutils-add-z15-name.diff
  for [bsc#1160590, jsc#SLE-7903 aka jsc#SLE-7464]
- Amend binutils-revert-plt32-in-branches.diff to adjust also new
  testcases.
- Add binutils-2.35-branch.diff.gz: it includes fix for
  nm -B for objects compiled with -flto and -fcommon.
- Add binutils-revert-nm-symversion.diff to be compatible with old
  output of nm relied on in scripts.
- Add binutils-fix-abierrormsg.diff to work around an eager (new)
  error message occuring without inputs and as-needed (affects
  nvme-cli build).
- Update to binutils 2.35:
  * The asseembler can now produce DWARF-5 format line number tables.
  * Readelf now has a "/lint"/ mode to enable extra checks of the files it is processing.
  * Readelf will now display "/[...]"/ when it has to truncate a symbol name.
    The old behaviour - of displaying as many characters as possible, up to
    the 80 column limit - can be restored by the use of the --silent-truncation
    option.
  * The linker can now produce a dependency file listing the inputs that it
    has processed, much like the -M -MP option supported by the compiler.
- Regenerate add-ulp-section.diff with -p1 due to a fuzzing issue.
- Remove binutils-2.34-branch.diff.gz.
- Regenerate binutils-build-as-needed.diff due to a fuzzing issue.
- Regenerate binutils-fix-invalid-op-errata.diff as one hunk was upstreamed.
- Remove upstreamed patch binutils-pr25593.diff.
- Regenerate unit-at-a-time.patch due to a fuzzing issue.
- Regenerate binutils-revert-plt32-in-branches.diff.
- Update binutils-2.34-branch.diff.gz.
- Remove fix-try_load_plugin.patch as it is part
  of the updated binutils-2.34-branch.diff.gz patch.
- Add binutils-pr25593.diff to fix DT_NEEDED order with -flto
  [bsc#1163744]
- Update fix-try_load_plugin.patch to latest version.
- Add fix-try_load_plugin.patch in order to fix fallback caused
  by backport for PR25355.
- Update to binutils 2.34:
  * The disassembler (objdump --disassemble) now has an option to
    generate ascii art thats show the arcs between that start and end
    points of control flow instructions.
  * The binutils tools now have support for debuginfod.  Debuginfod is a
    HTTP service for distributing ELF/DWARF debugging information as
    well as source code.  The tools can now connect to debuginfod
    servers in order to download debug information about the files that
    they are processing.
  * The assembler and linker now support the generation of ELF format
    files for the Z80 architecture.
- Rename and get binutils-2.34-branch.diff.gz (boo#1160254).
- Rebase add-ulp-section.diff, binutils-revert-plt32-in-branches.diff,
  cross-avr-size.patch and binutils-skip-rpaths.patch.
- Add new subpackages for libctf and libctf-nobfd.
- Disable LTO due to boo#1163333.
- Includes fixes for these CVEs:
  bnc#1153768 aka CVE-2019-17451 aka PR25070
  bnc#1153770 aka CVE-2019-17450 aka PR25078
- Disable LTO during testsuite run
- Add binutils-fix-invalid-op-errata.diff to fix various
  build fails on aarch64 (PR25210, bsc#1157755).
- Add add-ulp-section.diff for user space live patching.
- Update to binutils 2.33.1:
  * Adds support for the Arm Scalable Vector Extension version 2
    (SVE2) instructions, the Arm Transactional Memory Extension (TME)
    instructions and the Armv8.1-M Mainline and M-profile Vector
    Extension (MVE) instructions.
  * Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P
    processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE,
    Cortex-A76AE, and Cortex-A77 processors.
  * Adds a .float16 directive for both Arm and AArch64 to allow
    encoding of 16-bit floating point literals.
  * For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not)
    Loongson3 LLSC Errata.  Add a --enable-mips-fix-loongson3-llsc=[yes|no]
    configure time option to set the default behavior. Set the default
    if the configure option is not used to "/no"/.
  * The Cortex-A53 Erratum 843419 workaround now supports a choice of
    which workaround to use.  The option --fix-cortex-a53-843419 now
    takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp]
    which can be used to force a particular workaround to be used.
    See --help for AArch64 for more details.
  * Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and
    GNU_PROPERTY_AARCH64_FEATURE_1_PAC  in ELF GNU program properties
    in the AArch64 ELF linker.
  * Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI
    on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI
    on inputs and use PLTs protected with BTI.
  * Add -z pac-plt for AArch64 to pick PAC enabled PLTs.
  * Add --source-comment[=<txt>] option to objdump which if present,
    provides a prefix to source code lines displayed in a disassembly.
  * Add --set-section-alignment <section-name>=<power-of-2-align>
    option to objcopy to allow the changing of section alignments.
  * Add --verilog-data-width option to objcopy for verilog targets to
    control width of data elements in verilog hex format.
  * The separate debug info file options of readelf (--debug-dump=links
    and --debug-dump=follow) and objdump (--dwarf=links and
  - -dwarf=follow-links) will now display and/or follow multiple
    links if more than one are present in a file.  (This usually
    happens when gcc's -gsplit-dwarf option is used).
    In addition objdump's --dwarf=follow-links now also affects its
    other display options, so that for example, when combined with
  - -syms it will cause the symbol tables in any linked debug info
    files to also be displayed.  In addition when combined with
  - -disassemble the --dwarf= follow-links option will ensure that
    any symbol tables in the linked files are read and used when
    disassembling code in the main file.
  * Add support for dumping types encoded in the Compact Type Format
    to objdump and readelf.
- Includes fixes for these CVEs:
  bnc#1126826 aka CVE-2019-9077 aka PR1126826
  bnc#1126829 aka CVE-2019-9075 aka PR1126829
  bnc#1126831 aka CVE-2019-9074 aka PR24235
  bnc#1140126 aka CVE-2019-12972 aka PR23405
  bnc#1143609 aka CVE-2019-14444 aka PR24829
  bnc#1142649 aka CVE-2019-14250 aka PR90924
- Remove patches that are now included in the release:
  binutils-2.32-branch.diff.gz, binutils-fix-ld-segv.diff,
  binutils-pr24486.patch, riscv-abi-check.patch,
  rx-gas-padding-pr24464.patch.
- Add binutils-2.33-branch.diff.gz patch.
- Rebase binutils-revert-plt32-in-branches.diff and
  cross-avr-size.patch patch.
bzip2
- Implement %check, bsc#1191648
ca-certificates
- p11-kit 0.23.1 supports pem-directory-hash. Add patch
  0001-p11-kit-0.23.1-supports-pem-directory-hash-now.patch
  (jsc#SLE-23330)
ca-certificates-mozilla
- remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021.
  (bsc#1190858)
cairo
- Add cairo-fix-infinite-loop-bsc1122321-CVE-2019-6462.patch: This
  fixes a potentially infinite loop (bsc#1122321, CVE-2019-6462,
  glfo#cairo/cairo#155).
cloud-netconfig
- Update to version 1.6:
  + Ignore proxy when accessing metadata (bsc#1187939)
  + Print warning in case metadata is not accessible
  + Documentation update
cloud-regionsrv-client
- Update -addon-azure to 1.0.2 (bsc#1196305)
  + The is-registered() function expects a string of the update server FQDN.
    The regionsrv-enabler-azure passed an Object of type SMT. Fix the call
    in regionsrv-enabler-azure.
- Update -plugin-azure to 2.0.0 (bsc#1196146)
  + Lower case the region hint to reduce issues with Azure region name
    case inconsistencies
- Update to version 10.0.0 (bsc#1195414, bsc#1195564)
  + Refactor removes check_registration() function in utils implementation
  + Only start the registration service for PAYG images
  - addon-azure sub-package to version 1.0.1
- Follow up changes to (jsc#PCT-130, bsc#1182026)
  + Fix executable name for AHB service/timer
  + Update manpage for BYOS instance registration
- Update to version 9.3.0 (jsc#PCT-130)
  + Support AHB-v3
  + Support registration of BYOS instances against the update infrastructure
  + Properly extract the region for local zones in AWS to ensure instances
    get connected to the proper update servers
  + Azure addon service and executable rename
  + Support non SLE repos
  + Fix handling of regionservers configured with DNS names
- Avoid race confition with ca-certificates (bsc#1189362)
  + Make the service run after ca-sertificates is done
  + Attempt multiple times to update the trust chain
- New package to enable/disable access due to AHB
  This references bsc#1182026, (jsc#SLE-21246, jsc#SLE-21247, jsc#SLE-21248, jsc#SLE-21249, jsc#SLE-21250)
compat-openssl098
- Other OpenSSL functions that print ASN.1 data have been found to assume that
  the ASN1_STRING byte array will be NUL terminated, even though this is not
  guaranteed for strings that have been directly constructed. Where an application
  requests an ASN.1 structure to be printed, and where that ASN.1 structure
  contains ASN1_STRINGs that have been directly constructed by the application
  without NUL terminating the "/data"/ field, then a read buffer overrun can occur.
  * CVE-2021-3712 continued
  * bsc#1189521
  * Add CVE-2021-3712-other-ASN1_STRING-issues.patch
  * Sourced from openssl-CVE-2021-3712.tar.bz2 posted on bsc-1189521
    2021-08-24 00:47 PDT by Marcus Meissner
coreutils
- Add coreutils-du-fts-xfs-noleaf.patch to remove problematic
  special leaf optimization cases for XFS that can lead to du
  crashes.  (bsc#1190354)
corosync
- bsc#1191419, Update cancel_token_hold_on_retransmit_option patch, fix parsing of the option in corosync-2.3.6
  Modified: bsc#1189680-cancel_token_hold_on_retransmit-option.patch
- corosync totem: bsc#1189680, Add cancel_token_hold_on_retransmit config option
  Added: bsc#1189680-cancel_token_hold_on_retransmit-option.patch
cracklib
- %check: really test the package [bsc#1191736]
crash
- Fix module loading (bsc#1190743 ltc#194414).
  + crash-mod-fix-module-object-file-lookup.patch
crmsh
- Update to version 4.1.1+git.1642405877.e4f905fc:
  * Fix: ui_resource: Parse node and lifetime correctly (bsc#1192618)
  * Fix: ui_resource: Parse lifetime option correctly (bsc#1191508)
  * Fix: utils: Improve detect_cloud function and support non-Hyper-V in Azure
- Update to version 4.1.1+git.1630047134.803a70f2:
  * Fix: hb_report: Using python way to collect ra trace files (bsc#1189641)
  * Fix: history: use utils.mkdirp instead of system mkdir command(bsc#1179999, CVE-2020-35459)
- Remove patch:
  * 0001-Fix-history-use-utils.mkdirp-instead-of-system-mkdir.patch
cronie
- Increase limit of allowed entries in crontab files to fix bsc#1187508
  * cronie-1.4.11-increase_crontab_limit.patch
curl
- libcurl-devel: Add an explicit dependency on libnghttp2-devel
  since its not autodetected [bsc#1193483]
- libssh: do not let libssh create socket [bsc#1192790]
  * Fixes sftp over a proxy failure in curl with error:
    Failure establishing ssh session
  * Add curl-libssh-socket.patch
- MIME: Properly check Content-Type even if it has parameters
  * Add curl-check-content-type.patch [bsc#1190153]
- Security fix: [bsc#1190374, CVE-2021-22947]
  * STARTTLS protocol injection via MITM
  * Add curl-CVE-2021-22947.patch
- Security fix: [bsc#1190373, CVE-2021-22946]
  * Protocol downgrade required TLS bypassed
  * Add curl-CVE-2021-22946.patch
cyrus-sasl
-  CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store
  in plugins/sql.c (bsc#1196036)
  o add upstream patch:
    0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
cyrus-sasl-saslauthd
-  CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store
  in plugins/sql.c (bsc#1196036)
  o add upstream patch:
    0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
- bsc#1159635 VUL-0: CVE-2019-19906: cyrus-sasl: cyrus-sasl
  has an out-of-bounds write leading to unauthenticated remote
  denial-of-service in OpenLDAP via a malformed LDAP packet
  o apply upstream patch
- 0001-Fix-587.patch
- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518)
  * Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518)
  * Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
  * Add 0003-Check-return-error-from-gss_wrap_size_limit.patch
  * Add 0004-Add-support-for-retrieving-the-mech_ssf.patch
dracut
- fix ordering cycle that caused boot hang (bsc#1189545)
  * add 0632-dracut-systemd-add-back-missing-dependencies.patch
- Emergency shell fixes (bsc#1188376, bsc#1188378)
  * add 0630-emergency.service-use-Type-idle.patch
  * add 0631-dracut-systemd-fixed-dependencies.patch
- fix usage information for -f parameter (bsc#1187470)
  * add 0628-fix-suse-initrd-inform-on-usage-of-obsolete-f-parame.patch
- fix obsolete reference to 96insmodpost in manpage (bsc#1187774)
  * add 0629-docs-fix-reference-to-insmodpost-module.patch
drbd
- bsc#1189995, backport to fix the stuck in resync.
  Add patch fix-stuck-resync-when-cancelled.patch
expat
- Security fixes:
  * (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows
    attackers to insert namespace-separator characters into
    namespace URIs
  - Added expat-CVE-2022-25236.patch
  * (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before
    2.4.5 does not check whether a UTF-8 character is valid in a
    certain context.
  - Added expat-CVE-2022-25235.patch
  * (CVE-2022-25313, bsc#1196168) Stack exhaustion in
    build_model() via uncontrolled recursion
  - Added expat-CVE-2022-25313.patch
  - The fix upstream introduced a regression that was later
    amended in 2.4.6 version
    + Added expat-CVE-2022-25313-fix-regression.patch
  * (CVE-2022-25314, bsc#1196169) Integer overflow in copyString
  - Added expat-CVE-2022-25314-before.patch
  - Added expat-CVE-2022-25314.patch
  * (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames
  - Added expat-CVE-2022-25315.patch
- Security fix (CVE-2022-23852, bsc#1195054)
  * Expat (aka libexpat) before 2.4.4 has a signed integer overflow
    in XML_GetBuffer, for configurations with a nonzero
    XML_CONTEXT_BYTES
  * Add tests for CVE-2022-23852.
  * Added expat-CVE-2022-23852.patch
- Security fix (CVE-2022-23990, bsc#1195217)
  * Fix unsigned integer overflow in function doProlog triggered
    by large content in element type declarations when there is
    an element declaration handler present (from a prior call to
    XML_SetElementDeclHandler).
  * Add expat-CVE-2022-23990.patch
- Security fix (CVE-2021-45960, bsc#1194251)
  * A left shift by 29 (or more) places in the storeAtts function
    in xmlparse.c can lead to realloc misbehavior.
  * Added expat-CVE-2021-45960.patch
- Security fix (CVE-2021-46143, bsc#1194362)
  * Integer overflow exists for m_groupSize in doProlog
  * Added expat-CVE-2021-46143.patch
- Security fix (CVE-2022-22822, bsc#1194474)
  * Integer overflow in addBinding in xmlparse.c
  * Added expat-CVE-2022-22822.patch
- Security fix (CVE-2022-22823, bsc#1194476)
  * Integer overflow in build_model in xmlparse.c
  * Added expat-CVE-2022-22823.patch
- Security fix (CVE-2022-22824, bsc#1194477)
  * Integer overflow in defineAttribute in xmlparse.c
  * Added expat-CVE-2022-22824.patch
- Security fix (CVE-2022-22825, bsc#1194478)
  * Integer overflow in lookup in xmlparse.c
  * Added expat-CVE-2022-22825.patch
- Security fix (CVE-2022-22826, bsc#1194479)
  * Integer overflow in nextScaffoldPart in xmlparse.c
  * Added expat-CVE-2022-22826.patch
- Security fix (CVE-2022-22827, bsc#1194480)
  * Integer overflow in storeAtts in xmlparse.c
  * Added expat-CVE-2022-22827.patch
gd
  fix CVE-2021-40812 [bsc#1190400], out-of-bounds read in GD library
  + gd-CVE-2021-40812.patch
- security update
- added patches
gettext-runtime
- Added msgfmt-double-free.patch to fix a double free error
  (CVE-2018-18751 bsc#1113719)
glibc
- clnt-create-unix-overflow.patch: Buffer overflow in sunrpc clnt_create
  for "/unix"/ (CVE-2022-23219, bsc#1194768, BZ #22542)
- svcunix-create-overflow.patch: Buffer overflow in sunrpc svcunix_create
  (CVE-2022-23218, bsc#1194770, BZ #28768)
- getcwd-erange.patch: getcwd: Set errno to ERANGE for size == 1
  (CVE-2021-3999, bsc#1194640, BZ #28769)
- hton-identity.patch: Make endian-conversion macros always return correct
  types (bsc#1193478, BZ #16458)
- dl-sort-maps.patch, dlopen-filter-object.patch: Allow dlopen of filter
  object to work (bsc#1192620, BZ #16272)
- cancelable-syscall-stack-align.patch: x86: fix stack alignment in
  cancelable syscall stub (bsc#1191835)
- mq-notify-use-after-free.patch: Use __pthread_attr_copy in mq_notify
  (CVE-2021-33574, bsc#1186489, BZ #27896)
gmp
- Add gmp-6.2.1-CVE-2021-43618.patch to fix buffer overflow on
  malformed input to mpz_inp_raw.  [bsc#1192717, CVE-2021-43618]
gnutls
- Security fix: [bsc#1196167, CVE-2021-4209]
  * Null pointer dereference in MD_UPDATE
  * Add gnutls-CVE-2021-4209.patch
- Require libp11-kit0 >= 0.23.1 in libgnutls30 [bsc#1195583]
- renamed the libname-devel packages to libnameMAJOR-devel
  to avoid overlaps with system gnutls
- Update to version 3.4.17: [jsc#SLE-23330]
  * SONAME bump to gnutls30
  * Add gnutls-CVE-2020-11501.patch [bsc#1168345, CVE-2020-11501]
  * Rebased patches:
  - 0001-dummy_wait-correctly-account-the-length-field-in-SHA.patch
  - 0002-dummy_wait-always-hash-the-same-amount-of-blocks-tha.patch
  - 0003-cbc_mac_verify-require-minimum-padding-under-SSL3.0.patch
  - 0004-hmac-sha384-and-sha256-ciphersuites-were-removed-fro.patch
  * Remove gnutls-CVE-2017-10790.patch fixed in the update
grub2
- Fix error not a btrfs filesystem on s390x (bsc#1187645)
  * 80_suse_btrfs_snapshot
- Add support for simplefb (boo#1193532).
  * grub2-simplefb.patch
- Fix powerpc-ieee1275 lpar takes long time to boot with increasing number of
  nvme namespace (bsc#1177751)
  * 0001-ieee1275-Avoiding-many-unecessary-open-close.patch
- Fix error lvmid disk cannot be found after second disk added to the root
  volume group (bsc#1189874) (bsc#1071559)
  * 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch
- Fix error /boot/grub2/locale/POSIX.gmo not found (bsc#1189769)
  * 0001-Filter-out-POSIX-locale-for-translation.patch
- From Stefan Seyfried <seife@novell.slipkontur.de> : Fix grub2-install fails
  with "/not a directory"/ error (boo#1161641, bsc#1162403)
  * grub2-install-fix-not-a-directory-error.patch
- Fix error gfxterm isn't found with multiple terminals (bsc#1187565)
- Patch refreshed
  * grub2-fix-error-terminal-gfxterm-isn-t-found.patch
- Fix boot failure as journaled data not get drained due to abrupt power
  off after grub-install (bsc#1167756)
- Fix boot failure after kdump due to the content of grub.cfg is not
  completed with pending modificaton in xfs journal (bsc#1186975)
  * grub-install-force-journal-draining-to-ensure-data-i.patch
iproute2
- add follow-up fixes up to upstream 5.14 (bsc#1085669):
  tc-actions-add-helpers-to-parse-and-print-control-ac.patch
  tc-gact-fix-control-action-parsing.patch
  tc-don-t-print-error-message-on-miss-when-parsing-ac.patch
  tc-m_gact-Drop-dead-code.patch
  tc-util-Don-t-call-NEXT_ARG_FWD-in-__parse_action_co.patch
  ss-remove-duplicate-assignment.patch
  tc-fix-parsing-of-the-control-action.patch
  testsuite-Generate-generate_nlmsg-when-needed.patch
  tipc-Drop-unused-variable-genl.patch
  testsuite-declare-dependency-between-TESTS-and-gener.patch
  lib-libnetlink-ensure-a-minimum-of-32KB-for-the-buff.patch
  ip-address-Use-correct-max-attribute-value-in-print_.patch
  tc-pedit-Fix-wrong-pedit-ipv6-structure-id.patch
  devlink-Fix-monitor-command.patch
  m_mirred-don-t-bail-if-the-control-action-is-missing.patch
  tc-simple-don-t-hardcode-the-control-action.patch
  ip-reset-netns-after-each-command-in-batch-mode.patch
  ip-monitor-display-interfaces-from-all-groups.patch
  ip-address-do-not-set-nodad-option-for-IPv4-addresse.patch
  ip-address-do-not-set-home-option-for-IPv4-addresses.patch
  ip-address-do-not-set-mngtmpaddr-option-for-IPv4-add.patch
  man-tc-netem.8-fix-URL-for-netem-page.patch
  tc-netem-fix-r-parameter-in-Bernoulli-loss-model.patch
  json-fix-backslash-escape-typo-in-jsonw_puts.patch
  rdma-Check-comm-string-before-print-in-print_comm.patch
  testsuite-Fix-line-count-test.patch
  bridge-Fix-typo-in-error-messages.patch
  ip-fix-link-type-and-vlan-oneline-output.patch
  xfrm-not-try-to-delete-ipcomp-states-when-using-dele.patch
  xfrm-also-check-for-ipv6-state-in-xfrm_state_keep.patch
  bridge-Fix-typo.patch
  bpf-Fixes-a-snprintf-truncation-warning.patch
  ip-link-Fix-indenting-in-help-text.patch
  ip-iplink_ipoib.c-Remove-extra-spaces.patch
  bridge-fix-string-length-warning.patch
  f_u32-fix-compiler-gcc-10-compiler-warning.patch
  lib-namespace-fix-ip-all-netns-return-code.patch
  ip-xfrm-limit-the-length-of-the-security-context-nam.patch
  ip-drop-2-char-command-assumption.patch
  devlink-always-check-strslashrsplit-return-value.patch
  lib-bpf_legacy-fix-missing-socket-close-when-connect.patch
  lib-bpf_legacy-avoid-to-pass-invalid-argument-to-clo.patch
  ipmonitor-Fix-recvmsg-with-ancillary-data.patch
  tc-u32-Fix-key-folding-in-sample-option.patch
  ss-fix-fallback-to-procfs-for-raw-sockets.patch
  iptuntap-fix-multi-queue-flag-display.patch
- add support for IP6_TNL_F_ALLOW_LOCAL_REMOTE flag (bsc#1166978):
  ip-link_ip6tnl.c-ip6tunnel.c-Support-IP6_TNL_F_ALLOW.patch
  ip-link_gre6.c-Support-IP6_TNL_F_ALLOW_LOCAL_REMOTE-.patch
- update sync-UAPI-header-copies-with-SLE15-SP1.patch and
  rename to sync-UAPI-header-copies-with-SLE12-SP5.patch
- refresh
  gre-ip6tnl-tunnel-Fix-noencap-support.patch
- fix use after free in "/ip netns"/ (CVE-2019-20795 bsc#1171452):
  ipnetns-use-after-free-problem-in-get_netnsid_from_n.patch
jasper
- bsc#1188437 CVE-2021-27845: Fix divide-by-zery in cp_create()
  Add jasper-CVE-2021-27845.patch
java-1_7_1-ibm
- Update to Java 7.1 Service Refresh 5 Fix Pack 0 [bsc#1194232]
  [bsc#1194198, bsc#1192052, CVE-2021-41035]
  [bsc#1191914, CVE-2021-35586] [bsc#1191913, CVE-2021-35564]
  [bsc#1191911, CVE-2021-35559] [bsc#1191910, CVE-2021-35556]
  [bsc#1191909, CVE-2021-35565] [bsc#1191905, CVE-2021-35588]
  [bsc#1188564, CVE-2021-2341]
- Update to Java 7.1 Service Refresh 4 Fix Pack 90
  [bsc#1188565, CVE-2021-2369] [bsc#1188568, CVE-2021-2432]
- Update to Java 7.1 Service Refresh 4 Fix Pack 85
  [bsc#1185056, CVE-2021-2161][bsc#1185055, CVE-2021-2163]
  * Class Libraries:
  - Fix security vulnerability CVE-2021-2161
  * JIT Compiler:
  - A SEGV or AIOOB exception running jit compiled
    chartobyteutf8.convert() on ZOS java 7.1.4.80
  * Security:
  - Java 7 JVM startup crashes with javacore dump in JGSS
    nativecreds.dll.
  - Kerberos ticket renewal fails with debug enabled following
    java.lang.illegalstateexception
javapackages-tools
- Can't assume non-existence of python38 macros in Leap.
  gh#openSUSE/python-rpm-macros#107
  Test for suse_version instead. Only Tumbleweed has and needs the
  python_subpackage_only support.
- Fix typo in spec file sitearch -> sitelib
- Fix the python subpackage generation
  gh#openSUSE/python-rpm-macros#79
- Support python subpackages for each flavor
  gh#openSUSE/python-rpm-macros#66
- Replace old nose with pytest gh#fedora-java/javapackages#86
- when building extra flavor, BuildRequire javapackages-filesystem:
  /etc/java is being cleaned out of the filesystems package.
- Upgrade to version 5.3.1
- Modified patch:
  * suse-use-libdir.patch
    + rediff to changed context
- Define _rpmmacrodir for distributions that don't have it
- Use %{_rpmmacrodir} instead of %{_libexecdir}/rpm/macros.d: this
  just happens to overlap in some distros.
- Rename gradle-local and ivy-local to javapackages-gradle and
  javapackages-ivy and let them depend only on javapackages-tools
  and javapackages-local. These packages only install files
  produced during the javapackages-tools build. The dependencies
  will be pulled by gradle-local, ivy-local and maven-local
  meta-packages built in a separate spec file.
- Split maven-local meta-package out of javapackages-tools spec
  file
- Make the ivy-local and maven-local sub-packages depend on the
  right stuff, so that they actually can be used for building
- Provide both com.sun:tools and sun.jdk:jconsole that are part of
  standard OpenJDK installation. These provides cannot be generated
  from metadata due to build sequence.
- Modified patch:
  * suse-use-libdir.patch
    + fix directories for eclipse.conf too
- Make the javapackages-local package depend on java-devel. It is
  used for package building and this avoids each package to require
  java-devel itself.
- Replace the occurences of /usr/lib by libdir in configuration
  files too
- Update to version 5.3.0
- Modified patch:
  * suse-no-epoch.patch
    + rediff to changed code
- Build the :extras flavour as noarch
- Added patch:
  * suse-no-epoch.patch
    + we did not bump epoch of OpenJDK packages in SUSE
    + fix a potential generation of unresolvable requires
    + adapt the tests to not expect the epoch
- Switch to multibuild layout
- Update to version 5.2.0+git20180620.70fa2258:
  * Rename the async kwarg in call_script to wait (reverses the logic)
  * Actually bump version to 5.3.0 snapshot
  * Bump version in VERSION file
  * [man] s/Pacakge/Package/g
  * Fix typos in README
  * Fix configure-base.sh after filesystem macro split
  * Split filesystem macros to separate macro file
  * Introduce javapackages-filesystem package
  * [java-functions] extend ABRT Java agent options
  * change abrt-java-connector upstream URL
  * Remove resolverSettings/prefixes from XMvn config
  * Add macros to allow passing arbitrary options to XMvn
  * [spec] Bump package version to 5.1.0
  * Allow specifying custom repo when calling xmvn-install
- Refresh patches:
  * suse-use-libdir.patch
  * python-optional.patch
- Update to version 5.0.0+git20180104.9367c8f6:
  * [java-functions] Avoid colons in jar names
  * Workaround for SCL enable scripts not working with -e
  * Second argument to pom_xpath_inject is mandatory
  * [mvn_artifact] Provide more helpful error messages
  * Fix traceback on corrupt zipfile
  * [test] Add reproducer for rhbz#1481005
  * [spec] Fix default JRE path
  * [readme] Fix typo
  * Add initial content to README.md (#21)
  * Decouple JAVA_HOME setting from java command alternatives
- Rebase patches:
  * python-optional.patch
  * suse-use-libdir.patch
- Drop merged patch fix-abs2rel.patch
- Fix typo in suse-use-libdir.patch
- Fix url to correct one https://github.com/fedora-java/javapackages
- Split to python and non-python edition for smaller depgraph
- Add patch python-optional.patch
- Fix abs2rel shebang:
  * fix-abs2rel.patch
- Fix Requires on subpackages to point to javapackages-tools proper
- Update to version 4.7.0+git20170331.ef4057e7:
  * Reimplement abs2rel in Python
  * Don't expand {scl} in macro definitions
  * Install expanded rpmfc attr files
  * [spec] Avoid file conflicts between in SCL
  * Fix macros.d directory ownership
  * Make %ant macro enable SCL when needed
  * [spec] Fix file conflicts between SCL and non-SCL packages
  * Fix ownership of ivyxmldir
  * [test] Force locale for python processes
  * Don't include timestamp in generated pom.properties
- Remove patch merged by upstream:
  * create_valid_xml_comments.patch
- Remove patch suse-macros-install-location.patch
  * We switch to /usr/lib/ location for macros
- Try to reduce some dependencies bsc#1036025
- Refresh patch suse-use-libdir.patch
- Add create_valid_xml_comments.patch
  python-lxml 3.5.0 introduces validation for xml comments, and
  one of the comments created in this package were not valid.
  This patch fixes the problem.  It backported from upstream and
  should be in the next release.
  https://github.com/mizdebsk/javapackages/commit/84211c0ee761e93ee507f5d37e9fc80ec377e89d
- Version update to 4.6.0:
  * various bugfixes for maven tooling
  * introduction to gradle-local package for gradle packaging
- Drop dependency over source-highlight as it causes build cycle
- Try to break buildcycle detected on Factory
- Fix build on SLE11
- Use python-devel instead of pkgconfig to build on sle11
- Add python-javapackages as requirement for main package
- Update requires on python packages to properly have all the needed
  dependencies on runtime
- Install macros to /etc/rpm as we do in SUSE:
  * suse-macros-install-location.patch
- Cleanup with spec-cleaner
- Drop patches
  * depgen.patch
  * javapackages-2.0.1-fix-bashisms.patch
  * javapackages-2.0.1-java9.patch
  * maven_depmap-no-attribute-exit.patch
- Remove hacky workarounds
- Fix rpmlint errors
- Enable maven-local
- Avoid unsatisfiable dependencies
- Enable unit tests
- Update to version 4.4.0
- Added patch:
  * javapackages-2.0.1-java9.patch: create directories for java,
    so that ant build works
- Add virtual provide jpackage-utils-java9 to be able to
  distinguish the presence of java9 compatibility
- fix bashisms
- Added patches:
  * javapackages-2.0.1-fix-bashisms.patch
- maven_depmap-no-attribute-exit.patch: SLES patch for ZipFile
  having no attribute '__exit__' which was causing ecj build
  failures
- set correct libxslt package when building for SLES
kdump
- kdump-add-watchdog-modules.patch
  Add watchdog modules to kdump initrd (bsc#1189923)
- kdump-do-not-iterate-past-end-of-string.patch:
  URLParser::extractAuthority(): Do not iterate past end of string
  (bsc#1186037).
- kdump-fix-incorrect-exit-code-checking.patch: Fix incorrect exit
  code checking after "/local"/ with assignment (bsc#1184616
  LTC#192282).
- kdump-Add-bootdev-to-dracut-command-line.patch: Add 'bootdev=' to
  dracut command line (bsc#1182309).
- kdump-avoid-endless-loop-EAI_AGAIN.patch: Avoid an endless loop
  when resolving a hostname fails with EAI_AGAIN (bsc#1183070).
- kdump-install-etc-resolv.conf-using-resolved-path.patch: Install
  /etc/resolv.conf using its resolved path (bsc#1183070).
- kdump-query-systemd-network.service.patch: Query systemd
  network.service to find out if wicked is used (bsc#1182309).
- kdump-check-explicit-ip-options.patch: Do not add network-related
  dracut options if ip= is set explicitly (bsc#1182309 bsc#1188090
  LTC#193461).
- kdump-ensure-initrd.target.wants-directory.patch: Make sure that
  initrd.target.wants directory exists (bsc#1172670).
- kdump-activate-udev-rules-late-during-boot.patch: kdump: activate
  udev rules late during boot (bsc#1154837).
- kdump-make-sure-that-the-udev-runtime-directory-exists.patch:
  Make sure that the udev runtime directory exists (bsc#1164713).
kernel-default
- Update
  patches.suse/net-tipc-validate-domain-record-count-on-input.patch
  (bsc#1195254 CVE-2022-0435).
- commit 0369cb6
- net: allow retransmitting a TCP packet if original is still
  in queue (bsc#1188605 bsc#1187428).
- commit 8ae7229
- Update patch reference for BT fix (CVE-2021-3564 bsc#1186207)
- commit b2df5e2
- Update patch reference for vgacon patch (CVE-2020-28097 bsc#1187723 jsc#SLE-23486)
- commit 8272c66
- net: tipc: validate domain record count on input (bsc#1195254).
- commit eff4836
- s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194965).
- commit 3996412
- ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes).
- commit afd5597
- crypto: qat - fix undetected PFVF timeout in ACK loop
  (git-fixes).
- commit 22ebc8e
- s390/cio: make ccw_device_dma_* more robust (bsc#1193242).
- commit 8bea447
- kABI fixup after adding vcpu_idx to struct kvm_cpu
  (bsc#1190973).
- KVM: remember position in kvm->vcpus array (bsc#1190973).
- commit 768c666
- KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1190973).
- commit 67bbbe2
- Refresh
  patches.suse/ibmvnic-Allow-extra-failures-before-disabling.patch.
- Refresh patches.suse/ibmvnic-don-t-spin-in-tasklet.patch.
- Refresh patches.suse/ibmvnic-init-running_cap_crqs-early.patch.
- Refresh
  patches.suse/ibmvnic-remove-unused-wait_capability.patch.
- commit d68e92d
- ext4: set csum seed in tmp inode while migrating to extents
  (bsc#1195272).
- commit 294d77e
- nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096).
  Refresh:
  - patches.kabi/kabi-nvme-multipath-fix-iopolicy.patch.
  - patches.suse/nvme-multipath-disable-native-NVMe-multipath-per-def.patch.
- commit f17ae54
- drm/vmwgfx: Fix stale file descriptors on failed usercopy
  (CVE-2022-22942 bsc#1195065).
- commit 136a4b2
- s390/pci: add s390_iommu_aperture kernel parameter
  (bsc#1193234).
- virtio: write back F_VERSION_1 before validate (bsc#1193235).
- commit a307e0d
- bpf: Verifer, adjust_scalar_min_max_vals to always call
  update_reg_bounds() (bsc#1194227).
- commit c098fc7
- scsi: ufs: Correct the LUN used in eh_device_reset_handler()
  callback (bsc#1193864 CVE-2021-39657).
- commit 39c5f8e
- net: mana: Add RX fencing (bsc#1193507).
- net: mana: Add XDP support (bsc#1193507).
- hv_netvsc: Set needed_headroom according to VF (bsc#1193507).
- net, xdp: Introduce xdp_prepare_buff utility routine
  (bsc#1193507).
- net, xdp: Introduce xdp_init_buff utility routine (bsc#1193507).
- commit c70ed8e
- usb: gadget: configfs: Fix use-after-free issue with udc_name
  (bsc#1193861 CVE-2021-39648).
- commit 9ec119b
- fget: clarify and improve __fget_files() implementation
  (bsc#1193727).
- commit 3ce5a50
- ibmvnic: remove unused ->wait_capability (bsc#1195073
  ltc#195713).
- ibmvnic: don't spin in tasklet (bsc#1195073 ltc#195713).
- ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713).
- ibmvnic: Allow extra failures before disabling (bsc#1195073
  ltc#195713).
- commit 3d370d2
- tee: handle lookup of shm with reference count 0 (bsc#1193767
  CVE-2021-44733).
- commit 10b0db6
- drm/i915: Flush TLBs before releasing backing store
  (CVE-2022-0330 bsc#1194880).
- commit 20f1914
- drm/i915: Flush TLBs before releasing backing store
  (CVE-2022-0330 bsc#1194880).
- commit bd11976
- kabi/severities: Add a kabi exception for drivers/tee/tee
  According to the partner modules database, the structs of this driver
  are not used by anything external so make a kABI exception for them.
  Do that on purpose so that any external module using this fails to load
  instead of causing a potential memory corruption due to a kabi
  workaround which would use the same offset but for a different thing:
  - struct dma_buf *dmabuf;
  +	refcount_t refcount;
  See upstream commit
  dfd0743f1d9e ("/tee: handle lookup of shm with reference count 0"/)
- commit ac7feb6
- sctp: account stream padding length for reconf chunk
  (bsc#1194985 CVE-2022-0322).
- commit f5ee3ee
- of: Fix cpu node iterator to not ignore disabled cpu nodes
  (bsc#1065729).
- commit d8d9d32
- Refresh
  patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch.
- Refresh
  patches.suse/scsi-lpfc-Add-additional-debugfs-support-for-CMF.patch.
- Refresh
  patches.suse/scsi-lpfc-Adjust-CMF-total-bytes-and-rxmonitor.patch.
- Refresh patches.suse/scsi-lpfc-Cap-CMF-read-bytes-to-MBPI.patch.
- Refresh
  patches.suse/scsi-lpfc-Change-return-code-on-I-Os-received-during.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-NPIV-port-deletion-crash.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-leaked-lpfc_dmabuf-mbox-allocations-wi.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-lpfc_force_rscn-ndlp-kref-imbalance.patch.
- Refresh
  patches.suse/scsi-lpfc-Trigger-SLI4-firmware-dump-before-doing-dr.patch.
- Refresh
  patches.suse/scsi-lpfc-Update-lpfc-version-to-14.0.0.4.patch.
- commit f21e440
- vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888).
- commit b248150
- powerpc/pseries/mobility: ignore ibm, platform-facilities
  updates (bsc#1065729).
- commit 965bacc
- powerpc/traps: do not enable irqs in _exception (bsc#1065729).
- powerpc: add interrupt_cond_local_irq_enable helper
  (bsc#1065729).
- commit 4a386a2
- blacklist.conf: Add a2308836880b powerpc: Fix arch_stack_walk() to have
  running function as first entry
  The stacktrace interface in this kernel version does not provide the
  parameters used to implement the fix.
- commit 21795fd
- blacklist.conf: Add 79ca6f74dae0 tpm: fix Atmel TPM crash caused by too frequent queries
  Breaks kABI, there is no report of this problem affecting users, likely
  broken old TPM firmware.
- commit 8a8da53
- tpm: Check for integer overflow in tpm2_map_response_body()
  (bsc#1082555).
- commit efacd25
- tpm: add request_locality before write TPM_INT_ENABLE
  (bsc#1082555).
- commit 8057fac
- moxart: fix potential use-after-free on remove path
  (bsc#1194516).
- commit 5a3dfcb
- memstick: rtsx_usb_ms: fix UAF (bsc#1194516).
- commit 9692e25
- livepatch: Avoid CPU hogging with cond_resched (bsc#1071995).
- commit e59d06e
- of: add node name compare helper functions (bsc#1065729).
- commit 5ef3ecd
- of: Fix property name in of_node_get_device_type (bsc#1065729).
- of: Add device_type access helper functions (bsc#1065729).
- commit fd75973
- of: Add cpu node iterator for_each_of_cpu_node() (bsc#1065729).
- commit e0452f1
- powerpc/prom_init: Fix improper check of prom_getprop()
  (bsc#1065729).
- commit 1a169ee
- powerpc/pseries/cpuhp: delete add/remove_by_count code
  (bsc#1065729).
- powerpc/pseries/cpuhp: cache node corrections (bsc#1065729).
- commit ab66a06
- powerpc/perf: Fix data source encodings for L2.1 and L3.1
  accesses (bsc#1065729).
- commit 532dbbd
- tpm: fix potential NULL pointer access in tpm_del_char_device
  (bsc#1184209 ltc#190917 git-fixes bsc#1193660 ltc#195634).
- commit c218b13
- tracing/kprobes: 'nmissed' not showed correctly for kretprobe
  (git-fixes).
- commit 38d905a
- blacklist.conf: 77360f9bbc7e ("/tracing: Add test for user space strings when filtering on string pointers"/)
  The code in question was heavily modified by 80765597bc58 ("/tracing:
  Rewrite filter logic to be simpler and faster"/) which is not present in
  SLE12-SP5. The reproducer does not work and the logic is different, so
  the existing code seems to be safe.
- commit 4313ee6
- blacklist.conf: 3e2a56e6f639 ("/tracing: Have syscall trace events use trace_event_buffer_lock_reserve()"/)
  Optimization only.
- commit 856add1
- mm/hwpoison: do not lock page again when me_huge_page()
  successfully recovers (bsc#1194814).
- commit 5a48d23
- nfs: don't dirty kernel pages read by direct-io (bsc#1194410).
- commit 80f1a10
- select: Fix indefinitely sleeping task in
  poll_schedule_timeout() (bsc#1194027).
- commit 1e8594d
- x86/platform/uv: Add more to secondary CPU kdump info
  (bsc#1194493).
- commit 303a333
- blacklist.conf: f28439db470c ("/tracing: Tag trace_percpu_buffer as a percpu pointer"/)
  It fixes a sparse warning only.
- commit c384e17
- tracing: Fix check for trace_percpu_buffer validity in
  get_trace_buf() (git-fixes).
- commit 1ad63e6
- cgroup: Use open-time credentials for process migraton perm
  checks (bsc#1194302 CVE-2021-4197).
- commit b76ad03
- NFC: add NCI_UNREG flag to eliminate the race (CVE-2021-4202
  bsc#1194529).
- NFC: reorder the logic in nfc_{un,}register_device
  (CVE-2021-4202 bsc#1194529).
- NFC: reorganize the functions in nci_request (CVE-2021-4202
  bsc#1194529).
- commit 68b4b42
- Update patches.suse/tcp-fix-a-race-in-inet_diag_dump_icsk.patch
  (networking-stable-19_01_04 bsc#1186222).
  Fix bsc#1186222 by using proper atomic helper.
- commit bd29e90
- fget: check that the fd still exists after getting a ref to it
  (bsc#1193727 CVE-2021-4083).
- commit 5441599
- kprobes: Limit max data_size of the kretprobe instances
  (bsc#1193669).
- commit 3600b27
- btrfs: unlock newly allocated extent buffer after error (bsc#1194001, CVE-2021-4149).
- commit 0a8af05
- netdevsim: Zero-initialize memory for new map's value in
  function nsim_bpf_map_alloc (bsc#1193927 CVE-2021-4135).
- commit 1d46c55
- USB: serial: option: add Telit FN990 compositions (git-fixes).
- commit 20a8f2b
- usb: core: config: fix validation of wMaxPacketValue entries
  (git-fixes).
- commit 650dbdc
- blacklist.conf: Add 7ee285395b21 cgroup: Make rebind_subsystems() disable v2 controllers all at once
- commit 8237a58
- net: usb: lan78xx: add Allied Telesis AT29M2-AF (git-fixes).
- commit 8f95759
- net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
  (git-fixes).
- commit 7655e21
- blacklist.conf: cosmetics for clang
- commit a46466a
- usbnet: fix error return code in usbnet_probe() (git-fixes).
- commit a1b9e9d
- usbnet: sanity check for maxpacket (git-fixes).
- commit 97566d2
- scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc1192145).
- scsi: lpfc: Add additional debugfs support for CMF (bsc1192145).
- scsi: lpfc: Cap CMF read bytes to MBPI (bsc1192145).
- scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc1192145).
- scsi: lpfc: Trigger SLI4 firmware dump before doing driver
  cleanup (bsc1192145).
- scsi: lpfc: Fix NPIV port deletion crash (bsc1192145).
- scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance
  (bsc1192145).
- scsi: lpfc: Change return code on I/Os received during link
  bounce (bsc1192145).
- scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV
  (bsc1192145).
- commit 9e05239
- Update patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch
  Update meta data and move the patch into the sorted section.
- commit 7214bea
- ipv6: use prandom_u32() for ID generation (CVE-2021-45485
  bsc#1194094).
- commit 51d2a3b
- scsi: qla2xxx: Format log strings only if needed (git-fixes).
- scsi: qla2xxx: edif: Fix off by one bug in
  qla_edif_app_getfcinfo() (git-fixes).
- scsi: qla2xxx: Fix mailbox direction flags in
  qla2xxx_get_adapter_id() (git-fixes).
- scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes).
- scsi: qla2xxx: edif: Increase ELS payload (git-fixes).
- scsi: qla2xxx: edif: Flush stale events and msgs on session down
  (git-fixes).
- scsi: qla2xxx: edif: Fix app start delay (git-fixes).
- scsi: qla2xxx: edif: Fix app start fail (git-fixes).
- scsi: qla2xxx: Relogin during fabric disturbance (git-fixes).
- commit d5351f0
- inet: use bigger hash table for IP ID generation (CVE-2021-45486
  bsc#1194087).
- commit 0387442
- recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267).
- commit b8b1ef9
- recordmcount.pl: look for jgnop instruction as well as bcrl
  on s390 (bsc#1192267).
- Delete patches.suse/ftrace-recordmcount-binutils.patch.
- commit 9b6815f
- EDAC/amd64: Handle three rank interleaving mode (bsc#1114648).
- commit 25eb1b3
- Update config files.
- commit f87a32f
- af_unix: fix garbage collect vs MSG_PEEK (CVE-2021-0920
  bsc#1193731).
- commit 167f0fb
- net: split out functions related to registering inflight socket
  files (CVE-2021-0920 bsc#1193731).
- commit 8ec3ad8
- x86/pkey: Fix undefined behaviour with PKRU_WD_BIT
  (bsc#1114648).
- commit de2d84b
- blacklist.conf: ef775a0e36c6 x86/Kconfig: Fix an unused variable error in dell-smm-hwmon
- commit 78e6223
- platform/x86: hp_accel: Fix an error handling path in
  'lis3lv02d_probe()' (git-fixes).
- commit 898c404
- platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
  (git-fixes).
- commit 495c629
- blacklist.conf: irrelevant build fix for our configs
- commit c89c442
- blacklist.conf: cosmetic cleanup
- commit f6d64ba
- blacklist.conf: irrelevant in SLE12
- commit 0be6ca3
- xen/netback: don't queue unlimited number of packages
  (CVE-2021-28715 XSA-392 bsc#1193442).
- commit a67e40b
- xen/netback: fix rx queue stall detection (CVE-2021-28714
  XSA-392 bsc#1193442).
- commit aa10f67
- xen/console: harden hvc_xen against event channel storms
  (CVE-2021-28713 XSA-391 bsc#1193440).
- commit f9f6563
- xen/netfront: harden netfront against event channel storms
  (CVE-2021-28712 XSA-391 bsc#1193440).
- commit 785c1f2
- xen/blkfront: harden blkfront against event channel storms
  (CVE-2021-28711 XSA-391 bsc#1193440).
- commit adb747c
- tty: hvc: replace BUG_ON() with negative return value
  (git-fixes).
- commit 24773f9
- xen/netfront: don't trust the backend response data blindly
  (git-fixes).
- commit 61f473d
- xen/netfront: disentangle tx_skb_freelist (git-fixes).
- commit a27eb85
- blacklist.conf: optimization only
- commit 378ebea
- xen/netfront: don't read data from request on the ring page
  (git-fixes).
- commit d843191
- blacklist.conf: unavoidably breaks kABI
- commit 67be19c
- xen/netfront: read response from backend only once (git-fixes).
- commit 10c97f1
- blacklist.conf: unavoidably breaks kABI
- commit 5ef7f44
- blacklist.conf: designed to break kABI
- commit b345950
- xen/blkfront: don't trust the backend response data blindly
  (git-fixes).
- commit 8238939
- xen/blkfront: don't take local copy of a request from the ring
  page (git-fixes).
- commit 0c42763
- xen/blkfront: read response from backend only once (git-fixes).
- commit 7b30def
- xen: sync include/xen/interface/io/ring.h with Xen's newest
  version (git-fixes).
- commit 0df7133
- ring-buffer: Protect ring_buffer_reset() from reentrancy
  (CVE-2020-27825 bsc#1179960).
- commit 432ad3d
- blacklist.conf: Add clang and gcc-10 related kbuild commits
- commit 4915b6a
- Update
  patches.suse/bpf-fix-truncated-jump-targets-on-heavy-expansions.patch
  (bsc#1109837 bsc#1193575 CVE-2018-25020).
- commit fe9247a
- bpf: fix truncated jump targets on heavy expansions (bsc#1193575
  CVE-2018-25020).
- commit bf19161
- elfcore: correct reference to CONFIG_UML (git-fixes).
- commit 1e4477f
- x86/sme: Explicitly map new EFI memmap table as encrypted
  (bsc#1114648).
- commit 2516955
- USB: serial: option: add Fibocom FM101-GL variants (git-fixes).
- commit bd62975
- USB: serial: option: add Telit LE910S1 0x9200 composition
  (git-fixes).
- commit 5e11265
- usb: dwc2: hcd_queue: Fix use of floating point literal
  (git-fixes).
- commit 565a456
- blacklist.conf: cleanup, not fix
- commit a5a3790
- usb-storage: Add compatibility quirk flags for iODD 2531/2541
  (git-fixes).
- commit 63a477e
- USB: serial: qcserial: add EM9191 QDL support (git-fixes).
- commit 3bd0301
- USB: serial: option: add Quectel EC200S-CN module support
  (git-fixes).
- commit 2bd7313
- USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
- commit 7140e5b
- USB: serial: option: add Telit LE910Cx composition 0x1204
  (git-fixes).
- commit 65e0426
- blacklist.conf: for systems not supported in SLE12
- commit a7ca6ad
- nvme: return BLK_STS_TRANSPORT unless DNR for
  NVME_SC_NS_NOT_READY (bsc#1163405).
- commit a71cfce
- blk-mq: don't deactivate hctx if managed irq isn't used
  (bsc#1185762).
- nvme-fc: remove freeze/unfreeze around update_nr_hw_queues
  (bsc#1185762).
- nvme-fc: avoid race between time out and tear down
  (bsc#1185762).
- nvme-fc: update hardware queues before using them (bsc#1185762).
- nvme-fc: wait for queues to freeze before calling
  update_hr_hw_queues (bsc#1183678).
- commit 588c36e
- Update patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch (bsc#1189158)
- commit db3935d
- kABI compatibility for struct l2tp_tunnel (bsc#1192032
  CVE-2021-0935).
- commit 237dc6f
- l2tp: fix races with ipv4-mapped ipv6 addresses (bsc#1192032
  CVE-2021-0935).
- commit 3f8483b
- config: INPUT_EVBUG=n (bsc#1192974).
  Debug driver unsuitable for production, only enabled on ppc64.
- commit 7512f6a
- x86/xen: Add xenpv_restore_regs_and_return_to_usermode()
  (bsc#1114648).
- commit 0df9459
- kernel-binary.spec: Fix kernel-default-base scriptlets after packaging
  merge.
- commit 275c61a
- scsi: lpfc: Fix non-recovery of remote ports following an
  unsolicited LOGO (bsc#1189126).
- commit 447a5ca
- Drop unneeded workaround for nouveau (CVE-2020-27820 bsc#1179599)
  Drop the superfluous workaround from cve/linux-4.12 branch for nouveau,
  as SLE12-SP5 branch already has the proper upstream fixes.
- commit d1ca846
- nouveau: Suppress sysfs bind (CVE-2020-27820 bsc#1179599).
- commit c2489c9
- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of
  "/0"/ if no IRQ is available (git-fixes).
- commit 3deb124
- blacklist.conf: dependencies extremely intrusive
- commit e6b00e7
- blacklist.conf: cosmetic fix that breaks kABI
- commit 61a4cd2
- blacklist.conf: dependencies would break kABI
- commit 4cf79c7
- hugetlbfs: flush TLBs correctly after huge_pmd_unshare
  (bsc#1192946 (CVE-2021-4002)).
- commit c355959
- SUNRPC: Optimise transport balancing code (bnc#1192729).
- SUNRPC: Fix initialisation of struct rpc_xprt_switch
  (bnc#1192729).
- SUNRPC: Skip zero-refcount transports (bnc#1192729).
- SUNRPC: Replace division by multiplication in calculation of
  queue length (bnc#1192729).
- SUNRPC: Add basic load balancing to the transport switch - kabi fix.
  (bnc#1192729).
- commit 54dcd98
- SUNRPC: Add basic load balancing to the transport switch.
  (bnc#1192729)
- commit 6b24397
- scsi: mpt3sas: Fix kernel panic during drive powercycle test
  (git-fixes).
- commit 3adc68a
- blacklist.conf: 3ff1f6b6ba6f ("/scsi: ufs: core: Improve SCSI abort handling"/)
  requires context in ufs driver not present
- commit 557e4fb
- blacklist.conf: 5ae17501bc62 ("/scsi: core: Avoid leaving shost->last_reset with stale value if EH does not run"/)
  This adds to Scsi_Host, and there's no good workaround.
- commit 6d34c01
- blacklist.conf: 0b7a9fd934a6 ("/scsi: qla2xxx: Turn off target reset during issue_lip"/)
  This removes a qla2xxx module param, which breaks kABI.
- commit 1df022a
- scsi: qla2xxx: Fix gnl list corruption (git-fixes).
- commit 692434a
- cifs: fix missed refcounting of ipc tcon (git-fixes).
- commit e4aa7ad
- cifs: nosharesock should be set on new server (git-fixes).
- commit 7af943e
- lpfc: Reintroduce old IRQ probe logic (bsc#1183897).
- commit 95e0076
- tracing: Fix pid filtering when triggers are attached
  (git-fixes).
- commit 8158fe2
- atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
  (bsc#1192845 CVE-2021-43975).
- commit c3c1eae
- blacklist.conf: 27ff768fa21c ("/tracing: Test the 'Do not trace this pid' case in create event"/)
  Not applicable. SLE12-SP5 does not have no_pid_list.
- commit c8bbfd2
- tracing: Check pid filtering when creating events (git-fixes).
- commit 3e6f030
- scsi: core: Put LLD module refcnt after SCSI device is released
  (git-fixes).
- commit be7f0b6
- scsi: iscsi: Adjust iface sysfs attr detection (git-fixes).
- commit 75f38f7
- scsi: core: Fix bad pointer dereference when ehandler kthread
  is invalid (git-fixes).
- commit 9bbd7e2
- fuse: release pipe buf after last use (bsc#1193318).
- commit 46b3bf8
- rpm/kernel-binary.spec.in: don't strip vmlinux again (bsc#1193306)
  After usrmerge, vmlinux file is not named vmlinux-<version>, but simply
  vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set.
  So fix this by removing the dash...
- commit 83af88d
- x86/msi: Force affinity setup before startup (bsc#1193231).
- Refresh
  patches.suse/0002-x86-msi-Only-use-high-bits-of-MSI-address-for-DMAR-u.patch.
- commit 340ec51
- genirq: Remove mask argument from setup_affinity()
  (bsc#1193231).
- Refresh
  patches.suse/genirq-proc-Return-proper-error-code-when-irq_set_af.patch.
- commit f23ee47
- genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1193231).
- genirq: Split out irq_startup() code (bsc#1193231).
- genirq: Move initial affinity setup to irq_startup()
  (bsc#1193231).
- genirq: Rename setup_affinity() to irq_setup_affinity()
  (bsc#1193231).
- commit f86d4ca
- blacklist.conf: remove an entry to be backported
- commit 1008e63
- ixgbe: fix large MTU request from VF (bsc#1192877
  CVE-2021-33098).
- commit 56240b9
- Move upstreamed BT patch into sorted section
- commit a0f930a
- mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
  (CVE-2021-43976 bsc#1192847).
- commit c14a908
- blacklist.conf: 85b6d24646e4 ("/shm: extend forced shm destroy to support objects from several IPC nses"/)
  Unfortunately this breaks kABI and presents significant risk for
  addressing a theoretical issue.
- commit b6daf8c
- nvme-pci: add NO APST quirk for Kioxia device (git-fixes).
- commit 3efa0d0
- net: mana: Fix spelling mistake "/calledd"/ -> "/called"/
  (jsc#SLE-18779, bsc#1185727).
- net: mana: Support hibernation and kexec (jsc#SLE-18779,
  bsc#1185727).
- net: mana: Improve the HWC error handling (jsc#SLE-18779,
  bsc#1185727).
- net: mana: Fix the netdev_err()'s vPort argument in
  mana_init_port() (jsc#SLE-18779, bsc#1185727).
- net: mana: Allow setting the number of queues while the NIC
  is down (jsc#SLE-18779, bsc#1185727).
- net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779,
  bsc#1185727).
- commit bdc34f7
- blacklist.conf: add Renesas SuperH ethernet network driver
- commit c4584ae
- blacklist.conf: Add 78cc316e9583 bpf, cgroup: Assign cgroup in cgroup_sk_alloc when called from interrupt
- commit a67ce98
- brcmfmac: add CLM download support (bsc#1167162 CVE-2019-15126).
- commit 7737eec
- drm/nouveau: clean up all clients on device removal
  (CVE-2020-27820 bsc#1179599).
- drm/nouveau: Add a dedicated mutex for the clients list
  (CVE-2020-27820 bsc#1179599).
- drm/nouveau: use drm_dev_unplug() during device removal
  (CVE-2020-27820 bsc#1179599).
- commit cf01302
- constraints: Build aarch64 on recent ARMv8.1 builders.
  Request asimdrdm feature which is available only on recent ARMv8.1 CPUs.
  This should prevent scheduling the kernel on an older slower builder.
- commit 60fc53f
- objtool: Support Clang non-section symbols in ORC generation
  (bsc#1169514).
- commit 5ab2439
- elfcore: fix building with clang (bsc#1169514).
- commit b91821c
- x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
  (bsc#1169514).
- commit cf74b00
- nfsd: don't alloc under spinlock in rpc_parse_scope_id
  (git-fixes).
- pnfs/flexfiles: Fix misplaced barrier in
  nfs4_ff_layout_prepare_ds (git-fixes).
- nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero
  (git-fixes).
- md: fix a lock order reversal in md_alloc (git-fixes).
- cred: allow get_cred() and put_cred() to be given NULL
  (git-fixes).
- commit 40d8ea8
- cifs: release lock earlier in dequeue_mid error case
  (bsc#1190317).
- commit 81b7ca3
- smb3: add additional null check in SMB2_tcon (bsc#1190317).
- commit 8461098
- smb3: add additional null check in SMB2_open (bsc#1190317).
- commit eecdddd
- smb3: add additional null check in SMB2_ioctl (bsc#1190317).
- commit 23e41a6
- SUNRPC/xprt: async tasks mustn't block waiting for memory
  (bsc#1191876 bsc#1192866).
- SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC
  (bsc#1191876 bsc#1192866).
- SUNRPC/call_alloc: async tasks mustn't block waiting for memory
  (bsc#1191876 bsc#1192866).
- SUNRPC/auth: async tasks mustn't block waiting for memory
  (bsc#1191876 bsc#1192866).
- commit 1bfe7bc
- blacklist.conf: not needed in our configs
- commit e5f834d
- blacklist.conf: not needed in our configs
- commit dedc0a3
- net: lan78xx: fix division by zero in send path (git-fixes).
- commit 35358c9
- rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM
  request (git-fixes).
- commit 4593ea3
- net: hso: fix muxed tty registration (git-fixes).
- commit 032702d
- cifs: for compound requests, use open handle if possible
  (bsc#1190317).
- commit a69b935
- net: pegasus: fix uninit-value in get_interrupt_interval
  (git-fixes).
- commit 92716c5
- net: hso: fix control-request directions (git-fixes).
- commit b4b646e
- printk: Remove printk.h inclusion in percpu.h (bsc#1192987).
- commit 067cb3c
- xen/x86: fix PV trap handling on secondary processors
  (git-fixes).
- commit fcd0050
- swiotlb-xen: avoid double free (git-fixes).
- commit a4d6384
- xen-pciback: redo VF placement in the virtual topology
  (git-fixes).
- commit 345c6a7
- x86/Xen: swap NX determination and GDT setup on BSP (git-fixes).
- commit a4548aa
- kernel-source.spec: install-kernel-tools also required on 15.4
- commit 6cefb55
- Revert "/header.py: Reject Patch-mainline: No"/
  Allow Patch-mainline: No on historical branch.
- commit 93a453e
- cifs: fix memory leak of smb3_fs_context_dup::server_hostname
  (bsc#1190317).
- commit 98266ba
- cifs: fix potential use-after-free bugs (jsc#SLE-20656).
- commit 9ce3ceb
- smb3: remove trivial dfs compile warning (jsc#SLE-20656).
- commit a5c40ae
- cifs: support nested dfs links over reconnect (jsc#SLE-20656).
- commit 8b8ce3c
- blacklist.conf: 172f7ba9772c ("/ftrace: Make ftrace_profile_pages_init static"/)
  A cosmetic fix.
- commit 222b66d
- tracing: use %ps format string to print symbols (git-fixes).
- commit c56d6b1
- config: disable unprivileged BPF by default (jsc#SLE-22913)
  Backport of mainline commit 8a03e56b253e ("/bpf: Disallow unprivileged bpf
  by default"/) only changes kconfig default, used e.g. for "/make oldconfig"/
  when the config option is missing, but does not update our kernel configs
  used for build. Update also these to make sure unprivileged BPF is really
  disabled by default.
- commit 5f769a4
- smb3: do not error on fsync when readonly (bsc#1190317).
- commit 0ed4dff
- mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906).
- commit 45f2c8a
- cifs: set a minimum of 120s for next dns resolution
  (bsc#1190317).
- commit b46f000
- cifs: split out dfs code from cifs_reconnect() (jsc#SLE-20656).
- commit 6fb0a17
- blacklist.conf: Add 8520e224f547 bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode
- commit 9c51e14
- Refresh patches.suse/hisax-fix-spectre-issues.patch.
- commit 8ad1382
- btrfs: fix memory ordering between normal and ordered work functions (git-fixes).
- commit 44e9fe3
- cifs: convert list_for_each to entry variant (jsc#SLE-20656).
- commit 633a7c2
- cifs: introduce new helper for cifs_reconnect() (jsc#SLE-20656).
- commit f00696c
- cifs: fix print of hdr_flags in dfscache_proc_show()
  (jsc#SLE-20656).
- commit 5c49bc1
- cifs: nosharesock should not share socket with future sessions
  (bsc#1190317).
- commit 320796d
- cifs: To match file servers, make sure the server hostname
  matches (bsc#1190317).
- commit fbe0600
- cifs: On cifs_reconnect, resolve the hostname again
  (bsc#1190317).
- Refresh
  patches.suse/cifs-use-the-expiry-output-of-dns_query-to-schedule-next-resolution.patch.
- commit 5b1c01c
- cifs: Simplify reconnect code when dfs upcall is enabled
  (bsc#1190317).
- Refresh
  patches.suse/cifs-use-the-expiry-output-of-dns_query-to-schedule-next-resolution.patch.
- commit dae6de8
- bpf: Remove MTU check in __bpf_skb_max_len (bsc#1192045
  CVE-2021-0941).
- commit b304255
- cifs: fix incorrect check for null pointer in header_assemble
  (bsc#1190317).
- commit 2730221
- smb3: correct server pointer dereferencing check to be more
  consistent (bsc#1190317).
- commit 9de93d0
- smb3: correct smb3 ACL security descriptor (bsc#1190317).
- commit d60c7e5
- cifs: fix a sign extension bug (git-fixes).
- commit e0b32f1
- osst: fix spectre issue in osst_verify_frame (bsc#1192802).
- mpt3sas: fix spectre issues (bsc#1192802).
- infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802).
- hysdn: fix spectre issue in hycapi_send_message (bsc#1192802).
- hisax: fix spectre issues (bsc#1192802).
- gigaset: fix spectre issue in do_data_b3_req (bsc#1192802).
- iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802).
- drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802).
- media: wl128x: get rid of a potential spectre issue
  (bsc#1192802).
- net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
  (bsc#1192802).
- sysvipc/sem: mitigate semnum index against spectre v1
  (bsc#1192802).
- media: dvb_ca_en50221: prevent using slot_info for Spectre
  attacs (bsc#1192802).
- media: dvb_ca_en50221: sanity check slot number from userspace
  (bsc#1192802).
- commit f2e7f94
- cifs: properly invalidate cached root handle when closing it
  (bsc#1190317).
- commit d970616
- cifs: Do not leak EDEADLK to dgetents64 for
  STATUS_USER_SESSION_DELETED (bsc#1190317).
- commit b415fcb
- cifs: fix wrong release in sess_alloc_buffer() failed path
  (bsc#1190317).
- commit 745c05d
- CIFS: Fix a potencially linear read overflow (git-fixes).
- commit ee69183
- cifs: support share failover when remounting (jsc#SLE-20656).
- commit 7385d90
- cifs: Add new parameter "/acregmax"/ for distinct file and
  directory metadata timeout (bsc#1190317).
- commit d50239f
- cifs: convert revalidate of directories to using directory
  metadata cache timeout (bsc#1190317).
- Refresh
  patches.suse/cifs-check-the-timestamp-for-the-cached-dirent-when-deciding-on-rev.patch.
- commit 3f02ef6
- cifs: Add new mount parameter "/acdirmax"/ to allow caching
  directory metadata (bsc#1190317).
- commit 2e1084d
- cifs: move to generic async completion (bsc#1190317).
- commit 3728f87
- bpf: Disallow unprivileged bpf by default (jsc#SLE-22913).
- bpf: Add kconfig knob for disabling unpriv bpf
  by default (jsc#SLE-22913)
- Update config files: Add
  CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
- commit 065d420
- dm ioctl: fix out of bounds array access when no devices
  (CVE-2021-31916 bsc#1192781).
- commit 0ab7d09
- arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline
  functions (git-fixes).
- soc: fsl: dpio: replace smp_processor_id with
  raw_smp_processor_id (git-fixes).
- arm64/sve: Use correct size when reinitialising SVE state
  (git-fixes).
- drivers: base: cacheinfo: Get rid of
  DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes).
- prctl: allow to setup brk for et_dyn executables (git-fixes).
- tty: serial: fsl_lpuart: fix the wrong mapbase value
  (git-fixes).
- i2c: synquacer: fix deferred probing (git-fixes).
- commit 44f5032
- CIFS: fiemap: do not return EINVAL if get nothing (bsc#1190317).
- commit 213f474
- blacklist.conf: printk/workqueue: very hard to hit; works well with lockless
  ringuffer; but it might cause wrong timestamps or even lost messages
  on 4.12 where per-CPU buffers are used (bsc#1192750)
- commit d3cf891
- printk/console: Allow to disable console output by using
  console="/"/ or console=null (bsc#1192753).
- commit a452598
- printk: handle blank console arguments passed in (bsc#1192753).
- commit f2aeedd
- ipv4: make exception cache less predictible (bsc#1191790,
  CVE-2021-20322).
- ipv4: use siphash instead of Jenkins in fnhe_hashfun()
  (bsc#1191790, CVE-2021-20322).
- commit 74af5bd
- kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740).
- commit a133bf4
- fuse: fix page stealing (bsc#1192718).
- commit 75eca87
- Revert "/x86/kvm: fix vcpu-id indexed array sizes"/ (git-fixes).
- commit 849d93e
- Delete patches.kabi/kabi-fix-after-kvm-vcpu-id-array-fix.patch, as the
  patch requiring it is being reverted.
- commit c94cf8b
- x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
  (git-fixes).
- commit f5f547a
- xen-pciback: Fix return in pm_ctrl_init() (git-fixes).
- commit 57bd93f
- xen: Fix implicit type conversion (git-fixes).
- commit d1f7b51
- scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer
  (git-fixes).
- scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
  (git-fixes).
- scsi: core: Fix spelling in a source code comment (git-fixes).
- scsi: dc395: Fix error case unwinding (git-fixes).
- scsi: qla2xxx: Fix a memory leak in an error path of
  qla2x00_process_els() (git-fixes).
- scsi: csiostor: Add module softdep on cxgb4 (git-fixes).
- scsi: qedf: Fix error codes in qedf_alloc_global_queues()
  (git-fixes).
- scsi: qedi: Fix error codes in qedi_alloc_global_queues()
  (git-fixes).
- scsi: BusLogic: Fix missing pr_cont() use (git-fixes).
- scsi: iscsi: Fix iface sysfs attr detection (git-fixes).
- scsi: core: Retry I/O for Notify (Enable Spinup) Required error
  (git-fixes).
- scsi: be2iscsi: Fix an error handling path in
  beiscsi_dev_probe() (git-fixes).
- scsi: mpt3sas: Fix error return value in _scsih_expander_add()
  (git-fixes).
- scsi: FlashPoint: Rename si_flags field (git-fixes).
- scsi: snic: Fix an error message (git-fixes).
- scsi: core: Only put parent device if host state differs from
  SHOST_CREATED (git-fixes).
- scsi: core: Put .shost_dev in failure path if host state
  changes to RUNNING (git-fixes).
- scsi: core: Fix error handling of scsi_host_alloc() (git-fixes).
- scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes).
- scsi: qedf: Add pointer checks in qedf_update_link_speed()
  (git-fixes).
- scsi: qla2xxx: Make sure that aborted commands are freed
  (git-fixes).
- commit f8de973
- EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
  (bsc#1114648).
- commit 79e2184
- bpf: Use kvmalloc for map values in syscall (stable-5.14.16).
- commit 4390e0a
- Fix problem with missing installkernel on Tumbleweed.
- commit 2ed6686
- Revert "/config.sh: Build cve/linux-4.12 against SLE15-SP1."/
  This reverts commit ec3bd8c5b541a336b6608cd92493d50ba56230dc.
  See https://github.com/openSUSE/suse-module-tools/pull/44
- commit bede44a
- ibmvnic: Process crqs after enabling interrupts (bsc#1192273
  ltc#194629).
- ibmvnic: don't stop queue in xmit (bsc#1192273 ltc#194629).
- commit 7edfa65
- Revert "/ibmvnic: check failover_pending in login response"/
  (bsc#1190523 ltc#194510).
- ibmvnic: check failover_pending in login response (bsc#1190523
  ltc#194510).
- commit 49333a8
- Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
  (bsc#1191961 CVE-2021-34981).
- commit 0392318
- bpf: Fix potential race in tail call compatibility check
  (git-fixes).
- commit 122caf2
- bpf: Move owner type, jited info into array auxiliary data
  (bsc#1141655).
- commit afae5f6
- config.sh: Build cve/linux-4.12 against SLE15-SP1.
  SLE15 is no longer updated and we will need recent update to
  suse-module-tools to continue building the kernel.
- commit ec3bd8c
- ipv4: fix race condition between route lookup and invalidation
  (bsc#1190397).
- commit e4bb52c
- crypto: s5p-sss - Add error handling in s5p_aes_probe()
  (git-fixes).
- commit 776b7f3
- crypto: qat - disregard spurious PFVF interrupts (git-fixes).
- commit 80a9337
- crypto: qat - detect PFVF collision after ACK (git-fixes).
- commit b953c49
- ceph: take snap_empty_lock atomically with snaprealm refcount
  change (bsc#1191888).
- commit 4fbc9de
- blacklist.conf:
  0c0e37dc1167 x86/ioapic: Force affinity setup before startup
  ff363f480e59 x86/msi: Force affinity setup before startup
  This whole thing is needed when the affinity change happens after an
  interrupt is enabled - in that case an interrupt might get lost. The
  magic dance that protects against that is in ...apic/msi.c::msi_set_affinity().
  So both would need more involved backport as at least this prerequisite is
  needed:
  826da771291f ("/genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP"/)
  which calls irq_setup_affinity(), which, in 4.12 is called
  setup_affinity() and static... and there's likely other dependent
  changes in-between.
  So let's do the backport only when really needed in 12SP5.
- commit 24b1730
- Refresh
  patches.suse/scsi-lpfc-Adjust-bytes-received-vales-during-cmf-tim.patch.
- Refresh
  patches.suse/scsi-lpfc-Allow-PLOGI-retry-if-previous-PLOGI-was-ab.patch.
- Refresh
  patches.suse/scsi-lpfc-Allow-fabric-node-recovery-if-recovery-is-.patch.
- Refresh
  patches.suse/scsi-lpfc-Correct-sysfs-reporting-of-loop-support-af.patch.
- Refresh
  patches.suse/scsi-lpfc-Don-t-release-final-kref-on-Fport-node-whi.patch.
- Refresh
  patches.suse/scsi-lpfc-Don-t-remove-ndlp-on-PRLI-errors-in-P2P-mo.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-EEH-support-for-NVMe-I-O.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-FCP-I-O-flush-functionality-for-TMF-ro.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-I-O-block-after-enabling-managed-conge.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-NVMe-I-O-failover-to-non-optimized-pat.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-hang-on-unload-due-to-stuck-fport-node.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-link-down-processing-to-address-NULL-p.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-list_add-corruption-in-lpfc_drain_txq.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-premature-rpi-release-for-unsolicited-.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-rediscovery-of-tape-device-after-LIP.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-use-after-free-in-lpfc_unreg_rpi-routi.patch.
- Refresh
  patches.suse/scsi-lpfc-Improve-PBDE-checks-during-SGL-processing.patch.
- Refresh
  patches.suse/scsi-lpfc-Revert-LOG_TRACE_EVENT-back-to-LOG_INIT-pr.patch.
- Refresh
  patches.suse/scsi-lpfc-Update-lpfc-version-to-14.0.0.2.patch.
- Refresh
  patches.suse/scsi-lpfc-Update-lpfc-version-to-14.0.0.3.patch.
- Refresh
  patches.suse/scsi-lpfc-Wait-for-successful-restart-of-SLI3-adapte.patch.
- Refresh
  patches.suse/scsi-lpfc-Zero-CGN-stats-only-during-initial-driver-.patch.
- Refresh
  patches.suse/scsi-qla2xxx-Add-support-for-mailbox-passthru.patch.
- Refresh
  patches.suse/scsi-qla2xxx-Call-process_response_queue-in-Tx-path.patch.
- Refresh
  patches.suse/scsi-qla2xxx-Check-for-firmware-capability-before-cr.patch.
- Refresh
  patches.suse/scsi-qla2xxx-Display-16G-only-as-supported-speeds-fo.patch.
- Refresh
  patches.suse/scsi-qla2xxx-Fix-crash-in-NVMe-abort-path.patch.
- Refresh
  patches.suse/scsi-qla2xxx-Fix-kernel-crash-when-accessing-port_sp.patch.
- Refresh
  patches.suse/scsi-qla2xxx-Fix-use-after-free-in-eh_abort-path.patch.
- Refresh
  patches.suse/scsi-qla2xxx-Move-heartbeat-handling-from-DPC-thread.patch.
- Refresh
  patches.suse/scsi-qla2xxx-Remove-redundant-initialization-of-poin.patch.
- Refresh
  patches.suse/scsi-qla2xxx-Update-version-to-10.02.07.100-k.patch.
- Refresh
  patches.suse/scsi-qla2xxx-edif-Use-link-event-to-wake-up-app.patch.
  Update metadata
- commit 6872efb
- USB: serial: keyspan: fix memleak on probe errors (git-fixes).
- commit 5bb827b
- USB: iowarrior: fix control-message timeouts (git-fixes).
- commit debcb75
- ocfs2: do not zero pages beyond i_size (bsc#1190795).
- commit 8c3bda1
- ftrace: Fix scripts/recordmcount.pl due to new binutils
  (bsc#1192267).
- commit adeb3ce
- Refresh
  patches.suse/NFS-Do-uncached-readdir-when-we-re-seeking-a-cookie-.patch.
  Fix backport error - dir_cookie is a pointer to a u64, not a u64.
- commit 2f2b8d1
- Update
  patches.suse/usb-hso-fix-error-handling-code-of-hso_create_net_de.patch
  (bsc#1188601 CVE-2021-37159).
  Added bsc and CVE numbers
- commit 8f0d9dd
- usb: hso: fix error handling code of hso_create_net_device
  (bsc#1188601 CVE-2021-37159).
- commit 3ae1a19
- blacklist.conf: blacklist pair of obsoleted patches
  (bsc#1188601 CVE-2021-37159)
- commit 2c55ec1
- objtool-don-t-fail-on-missing-symbol-table.patch needed for vanilla
  flavor as well.
- commit 3a74d9d
- Delete
  patches.suse/net-stmmac-honor-error-code-from-stmmac_dt_phy.patch.
  Fix compilation
- commit 0c9657c
- Delete
  patches.suse/net-stmmac-add-error-handling-in-stmmac_mtl_setup.patch.
  Drop the patch since it breaks the build
- commit 00a2937
- Refresh
  patches.suse/net-stmmac-add-error-handling-in-stmmac_mtl_setup.patch.
- Delete
  patches.suse/stmmac-use-of_property_read_u32-instead-of-read_u8.patch.
  Restore KABI
- commit 527b0fe
- ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes).
- commit 34b1e28
- kernel, fs: Introduce and use set_restart_fn() and
  arch_set_restart_data() (bsc#1191713).
- hrtimer: Move copyout of remaining time to do_nanosleep()
  (bsc#1191713).
- hrtimer_nanosleep(): Pass rmtp in restart_block (bsc#1191713).
- commit 6a08992
- s390x: Turn off CONFIG_NUMA_EMU (jsc#SLE-11600).
- commit cd3b0dd
- net: stmmac: make dwmac4_release_tx_desc() clear all descriptor
  fields (git-fixes).
- commit c2aaa29
- net: stmmac: use correct barrier between coherent memory and
  MMIO (git-fixes).
- commit 5b3bc71
- net: stmmac: ensure that the MSS desc is the last desc to set
  the own bit (git-fixes).
- commit 5e15577
- net: stmmac: honor error code from stmmac_dt_phy() (git-fixes).
- commit 90f4ce8
- net: stmmac: add error handling in stmmac_mtl_setup()
  (git-fixes).
- commit 7929102
- net: stmmac: WARN if tx_skbuff entries are reused before cleared
  (git-fixes).
- commit c0d84ad
- net: stmmac: do not clear tx_skbuff entries in
  stmmac_xmit()/stmmac_tso_xmit() (git-fixes).
- commit 0df2794
- net: stmmac: remove redundant enable of PMT irq (git-fixes).
- commit ba002b8
- net: stmmac: rename GMAC_INT_DEFAULT_MASK for dwmac4
  (git-fixes).
- commit 6e907fc
- net: stmmac: discard disabled flags in interrupt status register
  (git-fixes).
- commit 567573c
- net: stmmac: Fix bad RX timestamp extraction (git-fixes).
- commit afa9845
- net: stmmac: Fix TX timestamp calculation (git-fixes).
- commit 696543d
- ethernet: dwmac-stm32: Fix copyright (git-fixes).
- commit de443fc
- net: stmmac: fix LPI transitioning for dwmac4 (git-fixes).
- commit 2005c6b
- stmmac: use of_property_read_u32 instead of read_u8 (git-fixes).
- commit abba706
- stmmac: copy unicast mac address to MAC registers (git-fixes).
- commit 6977802
- net: stmmac: First Queue must always be in DCB mode (git-fixes).
- commit ad4b502
- net: stmmac: dwc-qos-eth: Fix typo in DT bindings parsing
  (git-fixes).
- commit 442b571
- net: stmmac: Prevent infinite loop in get_rx_timestamp_status()
  (git-fixes).
- commit ccd6cc8
- net: stmmac: Fix stmmac_get_rx_hwtstamp() (git-fixes).
- commit 62f9aa4
- net: stmmac: Avoid VLA usage (git-fixes).
- commit 9c5bde7
- blacklist.conf: ed65df63a39a ("/tracing: Have all levels of checks prevent recursion"/)
  It fixes a corner case, which should be rare. The patch changes a public
  header file and even if the API should not be used externally, there is
  always a risk.
- commit e57f5b1
- IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes)
- commit 7fdd08f
- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
  (bsc#1114648).
- commit 2cef412
- Update
  patches.suse/net-fix-race-condition-in-__inet_lookup_established.patch.
  (bsc#1180624)
- handle also race conditions in /proc/net/tcp code
- drop debugging statements
- commit 8111fc8
- powerpc/xive: Discard disabled interrupts in get_irqchip_state()
  (fate#322438 bsc#1085030 git-fixes).
- commit 73c4634
- sctp: add vtag check in sctp_sf_ootb (CVE-2021-3772
  bsc#1190351).
- sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (CVE-2021-3772
  bsc#1190351).
- sctp: add vtag check in sctp_sf_violation (CVE-2021-3772
  bsc#1190351).
- sctp: fix the processing for COOKIE_ECHO chunk (CVE-2021-3772
  bsc#1190351).
- sctp: fix the processing for INIT_ACK chunk (CVE-2021-3772
  bsc#1190351).
- sctp: fix the processing for INIT chunk (CVE-2021-3772
  bsc#1190351).
- sctp: use init_tag from inithdr for ABORT chunk (CVE-2021-3772
  bsc#1190351).
- sctp: check asoc peer.asconf_capable before processing asconf
  (bsc#1190351).
- commit 81f6dbd
- KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path
  (bsc#1065729).
- commit f6a28db
- scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
- scsi: lpfc: Allow fabric node recovery if recovery is in
  progress before devloss (bsc#1192145).
- scsi: lpfc: Fix link down processing to address NULL pointer
  dereference (bsc#1192145).
- scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted
  (bsc#1192145).
- scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine
  (bsc#1192145).
- scsi: lpfc: Correct sysfs reporting of loop support after SFP
  status change (bsc#1192145).
- scsi: lpfc: Wait for successful restart of SLI3 adapter during
  host sg_reset (bsc#1192145).
- scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
  driver_resource_setup() (bsc#1192145).
- commit 36710f1
- scsi: lpfc: Fix crash when nvmet transport calls host_release
  (bsc#1192145).
- Refresh
  patches.suse/scsi-lpfc-Delay-unregistering-from-transport-until-G.patch.
- commit deaaa3b
- sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
  (CVE-2021-3655 bsc#1188563).
- sctp: validate chunk size in __rcv_asconf_lookup (CVE-2021-3655
  bsc#1188563).
- sctp: add size validation when walking chunks (CVE-2021-3655
  bsc#1188563).
- commit b0a2686
- Revert "/net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)"/
  This reverts commit 1c59b584ef0cc166f6f5c9f8ed6f47e2e811e1c0.
  With the backport of the upstream fix for bsc#1183405 race, this workaround
  is no longer needed.
- commit 0bfd1f2
- kabi: mask new member "/empty"/ of struct Qdisc (bsc#1183405).
- kabi: revert drop of Qdisc::atomic_qlen (bsc#1183405).
- net: sched: add barrier to ensure correct ordering for lockless
  qdisc (bsc#1183405).
- net: sched: avoid unnecessary seqcount operation for lockless
  qdisc (bsc#1183405).
- net: sched: fix tx action reschedule issue with stopped queue
  (bsc#1183405).
- net: sched: fix tx action rescheduling issue during deactivation
  (bsc#1183405).
- net: sched: fix packet stuck problem for lockless qdisc
  (bsc#1183405).
- net: sched: replaced invalid qdisc tree flush helper in
  qdisc_replace (bsc#1183405).
- net: sch_generic: aviod concurrent reset and enqueue op for
  lockless qdisc (bsc#1183405).
- net_sched: get rid of unnecessary dev_qdisc_reset()
  (bsc#1183405).
- net_sched: avoid resetting active qdisc for multiple times
  (bsc#1183405).
- net_sched: use qdisc_reset() in qdisc_destroy() (bsc#1183405).
- Revert "/net: dev: introduce support for sch BYPASS for lockless
  qdisc"/ (bsc#1183405).
- net/sched: annotate lockless accesses to qdisc->empty
  (bsc#1183405).
- net: sched: Avoid using yield() in a busy waiting loop
  (bsc#1183405).
- net/sched: fix race between deactivation and dequeue for NOLOCK
  qdisc (bsc#1183405).
- net/sched: pfifo_fast: fix wrong dereference in
  pfifo_fast_enqueue (bsc#1183405).
- net/sched: pfifo_fast: fix wrong dereference when qdisc is reset
  (bsc#1183405).
- Revert: "/net: sched: put back q.qlen into a single location"/
  (bsc#1183405).
- net: sched: when clearing NOLOCK, clear TCQ_F_CPUSTATS, too
  (bsc#1183405).
- net: sched: always do stats accounting according to
  TCQ_F_CPUSTATS (bsc#1183405).
- net: sched: prefer qdisc_is_empty() over direct qlen access
  (bsc#1183405).
- net: caif: avoid using qdisc_qlen() (bsc#1183405).
- net: dev: introduce support for sch BYPASS for lockless qdisc
  (bsc#1183405).
- net: sched: add empty status flag for NOLOCK qdisc
  (bsc#1183405).
- commit 53153a5
- Update
  patches.suse/net_sched-cls_route-remove-the-right-filter-from-has.patch
  references (add CVE-2021-3715 bsc#1190349).
  Conflict resolution in merge commit b424dbe52c2f discarded the references
  update done in cve/linux-4.12 branch so that CVE and bugzilla references
  got lost. Add them back again.
- commit 9fe9da5
- blacklist.conf: Add a7b359fc6a37 ("/sched/fair: Correctly insert cfs_rq's to list on unthrottle"/)
  The commit causes regression (bsc#1191238) more severe than the issue it
  solves. The blacklisting can be lifted when there is an upstream
  solution to both issues.
- commit 2abfc18
- cipso,calipso: resolve a number of problems with the DOI
  refcounts (CVE-2021-33033 bsc#1186109).
- commit 017dde5
- nfc: nci: fix the UAF of rf_conn_info object (CVE-2021-3760
  bsc#1190067).
- commit 6401849
- Update patch reference for a firewire fix (CVE-2021-42739 CVE-2021-3542 bsc#1184673)
- commit 7614f38
- blacklist.conf: fix later reverted
- commit 82b7006
- USB: xhci: dbc: fix tty registration race (git-fixes).
- commit 7a85cc3
- usb: xhci: dbc: Use GFP_KERNEL instead of GFP_ATOMIC in
  'xhci_dbc_alloc_requests()' (git-fixes).
- commit e64ec99
- usb: xhci: dbc: Simplify error handling in
  'xhci_dbc_alloc_requests()' (git-fixes).
- commit cb17031
- xfs: fix up non-directory creation in SGID directories
  (bsc#1190006 CVE-2018-13405).
- commit 888b5ee
- xfs: remove the icdinode di_uid/di_gid members (bsc#1190006
  CVE-2018-13405).
- commit d7d9af2
- xfs: ensure that the inode uid/gid match values match the
  icdinode ones (bsc#1190006 CVE-2018-13405).
- commit f969983
- kabi: hide return value type change of sctp_af::from_addr_param
  (CVE-2021-3655 bsc#1188563).
- sctp: fix return value check in __sctp_rcv_asconf_lookup
  (CVE-2021-3655 bsc#1188563).
- sctp: validate from_addr_param return (CVE-2021-3655
  bsc#1188563).
- sctp: fully initialize v4 addr in some functions (bsc#1188563).
- commit 535a60e
- Update
  patches.suse/net_sched-cls_route-remove-the-right-filter-from-has.patch
  references (add CVE-2021-3715 bsc#1190349).
- commit 2e6d83a
- ocfs2: Fix data corruption on truncate (bsc#1190795).
- commit be1119a
- kernel, fs: Introduce and use set_restart_fn() and
  arch_set_restart_data() (bsc#1191713).
- commit 510c626
- scsi: smartpqi: Fix an error code in pqi_get_raid_map()
  (git-fixes).
- uapi: nfnetlink_cthelper.h: fix userspace compilation error
  (git-fixes).
- commit 71655bf
- blacklist scsi sense patch: changes kABI, too invasive
- commit da61b32
- net: ipv6: Discard next-hop MTU less than minimum link MTU
  (bsc#1191241).
- commit a2d889b
- ipv6/netfilter: Discard first fragment not including all headers
  (bsc#1191241).
- commit 1b109bb
- IPv6: reply ICMP error if the first fragment don't include
  all headers (bsc#1191241).
- commit ac897ff
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition
  (bsc#1191241).
- commit cc7d40a
- net: mana: Fix error handling in mana_create_rxq() (git-fixes,
  bsc#1191801).
- commit 4ef5cd4
- media: firewire: firedtv-avc: fix a buffer overflow in
  avc_ca_pmt() (CVE-2021-3542 bsc#1184673).
- commit d196d58
- ocfs2: fix data corruption after conversion from inline format
  (bsc#1190795).
- commit cc44997
- xfs: fix string handling in label get/set functions
  (bsc#1191500, git-fixes).
- commit 91a6d54
- xfs: xfs_fsops: drop useless LIST_HEAD (bsc#1191500, git-fixes).
- commit 747051c
- xfs: fix check on struct_version for versions 4 or greater
  (bsc#1191500, git-fixes).
- commit 709b4ec
- blacklist.conf: 711885906b5c x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically
- commit e4d714b
- rpm/kernel-obs-build.spec.in: reduce initrd functionality
  For building in OBS, we always build inside a virtual machine
  that gets a new, freshly created scratch filesystem image. So
  we do not need to handle fscks because that ain't gonna happen,
  as well as not we do not need to handle microcode update in the
  initrd as these only can be run on the host system anyway. We
  can also strip and hardlink as an additional optimisation that
  should not significantly hurt.
- commit c72c6fc
- xen: reset legacy rtc flag for PV domU (git-fixes).
- commit 96789b2
- PM: base: power: don't try to use non-existing RTC for storing
  data (git-fixes).
- commit 0d0e287
- xen: fix setting of max_pfn in shared_info (git-fixes).
- commit 21f0574
- xfs: implement online get/set fs label (bsc#1191500).
- commit 322151d
- fs: copy BTRFS_IOC_[SG]ET_FSLABEL to vfs (bsc#1191500).
- commit 7cf692c
- xfs: move growfs core to libxfs (bsc#1191500).
- commit d95e8c0
- xfs: rework secondary superblock updates in growfs
  (bsc#1191500).
- commit 215c2e3
- xfs: separate secondary sb update in growfs (bsc#1191500).
- commit e06611a
- xfs: make imaxpct changes in growfs separate (bsc#1191500).
- commit 186aca9
- xfs: turn ag header initialisation into a table driven operation
  (bsc#1191500).
- commit 4718772
- xfs: factor ag btree root block initialisation (bsc#1191500).
- commit 2ea00a7
- NFS: Do uncached readdir when we're seeking a cookie in an
  empty page cache (bsc#1191628).
- commit 63090c9
- xfs: always honor OWN_UNKNOWN rmap removal requests
  (bsc#1191500).
- commit 15e2299
- xfs: convert growfs AG header init to use buffer lists
  (bsc#1191500).
- commit 65b6b97
- xfs: factor out AG header initialisation from growfs core
  (bsc#1191500).
- commit b0c0c3a
- xfs: one-shot cached buffers (bsc#1191500).
- commit a177a16
- xfs: refactor the geometry structure filling function
  (bsc#1191500).
- commit 266f45c
- xfs: hoist xfs_fs_geometry to libxfs (bsc#1191500).
- commit b0f32c6
- Correctly sort PPC patches.
- Refresh patches.suse/powerpc-64s-Fix-crashes-when-toggling-stf-barrier.patch.
- Refresh patches.suse/powerpc-64s-flush-L1D-after-user-accesses.patch.
- Refresh patches.suse/powerpc-64s-flush-L1D-on-kernel-entry.patch.
- commit 2c6662e
- netfilter: Drop fragmented ndisc packets assembled in netfilter
  (git-fixes).
- commit 587232d
- series.conf: update ordering
- commit 338b36a
- ext4: fix reserved space counter leakage (bsc#1191450).
- commit 445fefd
- blacklist.conf: Blacklist fd2ef39cc9a6
- commit 1e6ddf8
- ocfs2: drop acl cache for directories too (bsc#1191667).
- commit e858da2
- fs, mm: fix race in unlinking swapfile (bsc#1191455).
- commit 756937a
- blacklist.conf: Blacklist 889c05cc5834
- commit 67fc346
- blacklist.conf: Blacklist 6961fed42014
- commit 99285c7
- blacklist.conf: Blacklist filesystems that are not compiled
- commit ec1cca5
- scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling
  (bsc#1191349).
- commit e288eba
- blktrace: Fix uaf in blk_trace access after removing by sysfs
  (bsc#1191452).
- commit 60f6902
- ext4: fix potential infinite loop in ext4_dx_readdir()
  (bsc#1191662).
- commit c48ebd7
- blacklist.conf: blacklist 8c4bca10ceaf
- commit 2f013b8
- pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
  (git-fixes).
- commit df75ef9
- kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
  The semantic changed in an incompatible way so invoking the macro now
  causes a build failure.
- commit 3e55f55
- x86/resctrl: Free the ctrlval arrays when
  domain_setup_mon_state() fails (bsc#1114648).
- commit 849f5e6
- scsi: qla2xxx: Remove redundant initialization of pointer req
  (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
- scsi: qla2xxx: Fix use after free in eh_abort path
  (bsc#1190941).
- scsi: qla2xxx: Move heartbeat handling from DPC thread to
  workqueue (bsc#1190941).
- scsi: qla2xxx: Call process_response_queue() in Tx path
  (bsc#1190941).
- scsi: qla2xxx: Fix kernel crash when accessing port_speed
  sysfs file (bsc#1190941).
- scsi: qla2xxx: edif: Use link event to wake up app
  (bsc#1190941).
- scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
- scsi: qla2xxx: Check for firmware capability before creating
  QPair (bsc#1190941).
- scsi: qla2xxx: Display 16G only as supported speeds for 3830c
  card (bsc#1190941).
- scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
- scsi: qla2xxx: Fix excessive messages during device logout
  (bsc#1190941).
- scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_device_reset()
  (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_target_reset()
  (bsc#1190941).
- scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset
  (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
- scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
- scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
- scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
- scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
- scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
- scsi: qla2xxx: edif: Do secure PLOGI when auth app is present
  (bsc#1190941).
- scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
- scsi: qla2xxx: Fix hang during NVMe session tear down
  (bsc#1190941).
- scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
- scsi: qla2xxx: edif: Reject AUTH ELS on session down
  (bsc#1190941).
- scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
- scsi: qla2xxx: Sync queue idx with queue_pair_map idx
  (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
  (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
- scsi: qla2xxx: Suppress unnecessary log messages during login
  (bsc#1190941).
- scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
- scsi: qla2xxx: Fix unsafe removal from linked list
  (bsc#1190941).
- scsi: qla2xxx: Fix port type info (bsc#1190941).
- scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
- scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
- scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
- scsi: qla2xxx: Adjust request/response queue size for 28xx
  (bsc#1190941).
- scsi: qla2xxx: Add host attribute to trigger MPI hang
  (bsc#1190941).
- scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
  (bsc#1190941).
- commit fb73e90
- powerpc/bpf: Emit stf barrier instruction sequences
  for BPF_NOSPEC (bsc#1188983 CVE-2021-34556 bsc#1188985
  CVE-2021-35477).
- powerpc/security: Add a helper to query stf_barrier type
  (bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477).
- powerpc/bpf: Validate branch ranges (bsc#1188983 CVE-2021-34556
  bsc#1188985 CVE-2021-35477).
- powerpc/lib: Add helper to check if offset is within
  conditional branch range (bsc#1188983 CVE-2021-34556 bsc#1188985
  CVE-2021-35477).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc/lib: Fix emulate_step() std test (bsc#1065729).
- commit d4beb54
- blacklist.conf: ff1c08e1f74b ("/bpf: Change size to u64 for bpf_map_{area_alloc, charge_init}()"/)
  Only needed on 32-bit system and breaks kABI.
- commit f2ee98f
- blacklist.conf: cosmetic fix
- commit 5d07092
- blacklist.conf: misattributed, not needed
- commit e03f28e
- net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).
- commit 9a6227e
- net: usb: qmi_wwan: added support for Thales Cinterion PLSx3
  modem family (git-fixes).
- commit 4db3d45
- blacklist.conf: feature, not a fix
- commit 9144587
- Move upstreamed bpf patch into sorted section
- commit 848cbf8
- iov_iter_fault_in_readable() should do nothing in xarray  case
  (bsc#1191579).
- commit 1aec87e
- blacklist.conf: no CAN in SLE12
- commit 5fcdd60
- blacklist.conf: no CAN in SLE12
- commit 02f489a
- blacklist.conf: no CAN in SLE12
- commit e673913
- blacklist.conf: no CAN in SLE12
- commit 36eb69c
- blacklist.conf: no CAN in SLE12
- commit 3bde2bd
- blacklist.conf: no CAN in SLE12
- commit e3892df
- blacklist.conf: no CAN in SLE12
- commit 4b0b899
- blacklist.conf: feature, not a fix
- commit 41fc29b
- blacklist.conf: no CAN in SLE12
- commit f1f89ff
- blacklist.conf: no CAN in SLE12
- commit 420c816
- gianfar: Account for Tx PTP timestamp in the skb headroom
  (git-fixes).
- commit 5aee288
- gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
  (git-fixes).
- commit 3aeb7bc
- gianfar: Fix TX timestamping with a stacked DSA driver
  (git-fixes).
- commit 53a66df
- gianfar: simplify FCS handling and fix memory leak (git-fixes).
- commit 082815a
- blacklist.conf: 79f32b221b18 ("/ARM: 9079/1: ftrace: Add MODULE_PLTS support"/)
  We do not support arm32.
- commit eb72851
- soc: aspeed: lpc-ctrl: Fix boundary check for mmap
  (CVE-2021-42252 bsc#1190479).
- commit 5b9f8af
- USB: serial: option: add device id for Foxconn T99W265
  (git-fixes).
- commit 4cdae00
- USB: serial: cp210x: add ID for GW Instek GDM-834x Digital
  Multimeter (git-fixes).
- commit 2a96462
- USB: serial: option: add Telit LN920 compositions (git-fixes).
- commit 496498d
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
  (git-fixes).
- commit 6aff9cd
- Refresh
  patches.suse/bpf-Fix-integer-overflow-in-prealloc_elems_and_freel.patch.
- commit 956dc09
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
  (git-fixes).
- commit 9490aec
- locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to
  signal (git-fixes).
- selinux: fix inode_doinit_with_dentry() LABEL_INVALID error
  handling (git-fxes).
- selinux: fix error initialization in inode_doinit_with_dentry()
  (git-fixes).
- bitmap: remove unused function declaration (git-fixes).
- kernel/locking/mutex.c: remove caller signal_pending branch
  predictions (bsc#1050549).
- locking/pvqspinlock/x86: Use LOCK_PREFIX in
  __pv_queued_spin_unlock() assembly code (bsc#1050549).
- commit cdebbbe
- blacklist.conf: irrelevant in our config
- commit 0fad9fd
- USB: cdc-acm: fix break reporting (git-fixes).
- commit b5f11d9
- tpm: ibmvtpm: Avoid error message when process gets signal
  while waiting (bsc#1065729).
- commit 4d59711
- usb: typec: tcpm: handle SRC_STARTUP state if cc changes
  (git-fixes).
- commit 31b3220
- USB: cdc-acm: fix racy tty buffer accesses (git-fixes).
- commit 032b5be
- net: hso: fix NULL-deref on disconnect regression (git-fixes).
- commit 21929b4
- powerpc/pseries: Fix build error when NUMA=n (bsc#1190620
  ltc#194498 git-fixes).
- commit 662c283
- bpf: Fix integer overflow in prealloc_elems_and_freelist()
  (bsc#1191317, CVE-2021-41864).
- commit d0cde41
- net: hso: add failure handler for add_net_device (git-fixes).
- commit 3b14c25
- usb: hso: fix error handling code of hso_create_net_device
  (git-fixes).
- commit ebd03d3
- net: hso: fix null-ptr-deref during tty device unregistration
  (git-fixes).
- commit f398fe2
- net: hso: remove redundant unused variable dev (git-fixes).
- Refresh
  patches.suse/usb-hso-check-for-return-value-in-hso_serial_common_.patch.
- commit b58b0ce
- net: cdc_eem: fix tx fixup skb leak (git-fixes).
- commit ffbfb2e
- blacklist.conf: kABI
- commit 7b017ad
- net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
- commit b100ada
- net: cdc_ncm: use tasklet_init() for tasklet_struct init
  (git-fixes).
- commit 0200bdd
- cdc_ncm: Set NTB format again after altsetting switch for
  Huawei devices (git-fixes).
- commit a2bf5c7
- net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
  (git-fixes).
- commit 86bb85d
- blacklist.conf: kABI
- commit 25076fb
- blacklist.conf: kABI
- commit a8e4dd5
- rpm: use _rpmmacrodir (boo#1191384)
- commit e350c14
- net: 6pack: fix slab-out-of-bounds in decode_data
  (CVE-2021-42008 bsc#1191315).
- commit 7ea0770
- SUNRPC: Ensure to ratelimit the "/server not responding"/ syslog
  messages (bsc#1191136).
- commit 126cc01
- blacklist.conf: for 51e1bb9eeaf7
- commit 69a2dab
- crypto: x86/aes-ni-xts - use direct calls to and 4-way stride
  (bsc#1114648).
- commit 3c40299
- blacklist.conf: requires newer version of USB PD breaking kABI
- commit 27f4776
- blacklist.conf: kABI
- commit dbb45af
- blacklist.conf: already merged under different ID
- commit 6050f00
- usb: xhci-mtk: fix broken streams issue on 0.96 xHCI
  (git-fixes).
- commit 18d73ac
- blacklist.conf: not relevant in our config
- commit c99be6f
- ipc: remove memcg accounting for sops objects in do_semtimedop()
  (bsc#1190115 CVE-2021-3759).
- Delete
  patches.suse/ipc-remove-memcg-accounting-for-sops-objects.patch.
  This commit is effectively patch refresh but filename changed too. This
  only adds metadata to the patch after it was accepted upstream.
- ipc: remove memcg accounting for sops objects in do_semtimedop()
  (bsc#1190115).
- Delete
  patches.suse/ipc-remove-memcg-accounting-for-sops-objects.patch.
  Refreshing patch with upstream metadata.
- commit d2aacd0
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
- commit a0d125b
- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
- commit 3ec91a3
- powerpc/powernv: Fix machine check reporting of async store
  errors (bsc#1065729).
- commit abcaf17
- powerpc/mm/radix: Free PUD table when freeing pagetable
  (bsc#1065729).
- commit ab507b2
- blacklist.conf: update blacklist
- commit 158e64e
- powerpc/perf: Fix the check for SIAR value (bsc#1065729).
- powerpc/perf: Drop the case of returning 0 as instruction
  pointer (bsc#1065729).
- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
- powerpc/perf: Fix crash in perf_instruction_pointer() when
  ppmu is not set (bsc#1065729).
- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
- powerpc/perf: Use the address from SIAR register to set cpumode
  flags (bsc#1065729).
- commit 673ee59
- kABI compatibility for ath_key_delete() changes (CVE-2020-3702
  bsc#1191193).
- commit f8ebcef
- ath9k: Postpone key cache entry deletion for TXQ frames
  reference it (CVE-2020-3702 bsc#1191193).
- ath: Modify ath_key_delete() to not need full key entry
  (CVE-2020-3702 bsc#1191193).
- ath: Export ath_hw_keysetmac() (CVE-2020-3702 bsc#1191193).
- ath9k: Clear key cache explicitly on disabling hardware
  (CVE-2020-3702 bsc#1191193).
- ath: Use safer key clearing with key cache entries
  (CVE-2020-3702 bsc#1191193).
- commit 9bf1f45
- kabi/severities: skip kABI check for ath9k-local symbols (CVE-2020-3702 bsc#1191193)
  ath9k modules have some exported symbols for the common helpers
  and the recent fixes broke kABI of those.  They are specific to
  ath9k's own usages, so safe to ignore.
- commit b554871
- Refresh patches.suse/powerpc-pseries-Move-mm-book3s64-vphn.c-under-platfo.patch.
  Add back vphn.h
  There is a symlink pointing to this file which canot be removed because
  symlink removal is not supported by rapidquilt, and broken symlinks are
  not allowed by rpmlint so the file itself must stay as well.
- commit ba6520a
- drm/qxl: lost qxl_bo_kunmap_atomic_page in
  qxl_image_init_helper() (bsc#1186785).
- commit 555e9f5
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185727).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185727).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185727).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185727).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185727).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185727).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185727).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185727).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185727).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185727).
- hv: mana: adjust mana_select_queue to old API (jsc#SLE-18779, bsc#1185727).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185727).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185727).
- commit b0be2a7
- powerpc/pseries: Move mm/book3s64/vphn.c under platforms/pseries/
  (bsc#1190914).
- Refresh patches.suse/powerpc-numa-remove-timed_topology_update.patch.
- Refresh patches.suse/powerpc-numa-remove-unreachable-topology-timer-code.patch.
- Refresh patches.suse/powerpc-numa-remove-vphn_enabled-and-prrn_enabled-in.patch.
- Refresh patches.suse/powerpc-numa-stub-out-numa_update_cpu_topology.patch.
- commit 1e05ad9
- powerpc/numa: Early request for home node associativity
  (bsc#1190914).
- commit 6ce9c36
- blacklist.conf: prerequisites break kABI
- commit 8166416
- x86/mm: Fix kern_addr_valid() to cope with existing but not
  present entries (bsc#1114648).
- commit 0682cd5
- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
- commit bd71d08
- blacklist.conf: kABI
- commit ba647f3
- blacklist.conf: too intrusive
- commit b584766
- blacklist.conf: cosmetic fix
- commit 7a64292
- blacklist.conf: feature, not a bug fix
- commit c497262
- blacklist.conf: false positive
- commit 94e4d75
- fuse: truncate pagecache on atomic_o_trunc (bsc#1191051).
- commit 4e5d656
- qla2xxx: Fix bug reference for qla2xxx update to 10.02.00.107-k
  The bug reference changed half of the update of the qla2xxx driver.
  Use the correct.
  Meta data udpate for:
  patches.suse/scsi-qla2xxx-Fix-spelling-mistakes-allloc-alloc.patch
  patches.suse/scsi-qla2xxx-Fix-use-after-free-in-debug-code.patch
  patches.suse/scsi-qla2xxx-Remove-redundant-initialization-of-vari.patch
  patches.suse/scsi-qla2xxx-Update-version-to-10.02.00.107-k.patch
  patches.suse/scsi-qla2xxx-edif-Add-authentication-pass-fail-bsgs.patch
  patches.suse/scsi-qla2xxx-edif-Add-detection-of-secure-device.patch
  patches.suse/scsi-qla2xxx-edif-Add-doorbell-notification-for-app.patch
  patches.suse/scsi-qla2xxx-edif-Add-encryption-to-I-O-path.patch
  patches.suse/scsi-qla2xxx-edif-Add-extraction-of-auth_els-from-th.patch
  patches.suse/scsi-qla2xxx-edif-Add-getfcinfo-and-statistic-bsgs.patch
  patches.suse/scsi-qla2xxx-edif-Add-key-update.patch
  patches.suse/scsi-qla2xxx-edif-Add-send-receive-and-accept-for-au.patch
  patches.suse/scsi-qla2xxx-edif-Increment-command-and-completion-c.patch
- commit 1dca311
- Bluetooth: check for zapped sk before connecting (CVE-2021-3752
  bsc#1190023).
- commit 7504476
- usb: musb: tusb6010: uninitialized data in
  tusb_fifo_write_unaligned() (git-fixes).
- commit 371e551
- blacklist.conf: cosmetic fix
- commit 0680bbd
- USB: serial: option: remove duplicate USB device ID (git-fixes).
- commit 91495db
- Refresh
  patches.suse/scsi-lpfc-Fix-CPU-to-from-endian-warnings-introduced.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-compilation-errors-on-kernels-with-no-.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-gcc-Wstringop-overread-warning-again.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-sprintf-overflow-in-lpfc_display_fpin_.patch.
- Refresh patches.suse/scsi-lpfc-Remove-unneeded-variable.patch.
- Refresh
  patches.suse/scsi-lpfc-Use-correct-scnprintf-limit.patch.
  Update metadata
- commit 8a58a10
- blacklist.conf: 5297cfa6bdf9 EDAC/synopsys: Fix wrong value type assignment for edac_mode
- commit 7f5d8e7
- kernel-binary.spec: Do not sign kernel when no key provided
  (bsc#1187167).
- commit 6c24533
- powerpc/mm: Fix section mismatch warning (bsc#1148868).
- Refresh patches.suse/powerpc-Chunk-calls-to-flush_dcache_range-in-arch_-_.patch
- commit 3e2861d
- powerpc/mm: Fix section mismatch warning in early_check_vec5()
  (bsc#1148868).
- commit efdfc43
- powerpc: fix function annotations to avoid section mismatch
  warnings with gcc-10 (bsc#1148868).
- commit 9bd3650
- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543
  ltc#194523).
- Refresh patches.suse/pseries-drmem-update-LMBs-after-LPM.patch
- commit f032951
- cifs: create sd context must be a multiple of 8 (bsc#1190317).
- commit 0c189c0
- smb3: rc uninitialized in one fallocate path (bsc#1190317).
- commit ef65cd9
- SMB3: fix readpage for large swap cache (bsc#1190317).
- commit 9777939
- cifs: fix fallocate when trying to allocate a hole
  (bsc#1190317).
- commit e1aae9a
- CIFS: Clarify SMB1 code for POSIX delete file (bsc#1190317).
- commit 33b0806
- CIFS: Clarify SMB1 code for POSIX Create (bsc#1190317).
- commit 0420aa1
- cifs: only write 64kb at a time when fallocating a small region
  of a file (bsc#1190317).
- commit ab6dfdc
- SMB3.1.1: fix mount failure to some servers when compression
  enabled (bsc#1190317).
- commit 8fc56eb
- cifs: added WARN_ON for all the count decrements (bsc#1190317).
- commit 9af5354
- cifs: fix missing null session check in mount (bsc#1190317).
- commit 585846b
- cifs: handle reconnect of tcon when there is no cached dfs
  referral (bsc#1190317).
- commit e915f2a
- cifs: fix the out of range assignment to bit fields in
  parse_server_interfaces (bsc#1190317).
- commit b640bcd
- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
- commit 8a1b030
- powerpc/pseries: Prevent free CPU ids being reused on another
  node (bsc#1190620 ltc#194498).
- commit b044bb6
- net: sched: sch_teql: fix null-pointer dereference
  (bsc#1190717).
- commit 595c68d
- cifs: Do not use the original cruid when following DFS links
  for multiuser mounts (bsc#1190317).
- commit 11a9d6f
- cifs: use the expiry output of dns_query to schedule next
  resolution (bsc#1190317).
- commit eff2eb7
- CIFS: Clarify SMB1 code for POSIX Lock (bsc#1190317).
- commit cdd10c4
- CIFS: Clarify SMB1 code for rename open file (bsc#1190317).
- commit fda787c
- CIFS: Clarify SMB1 code for delete (bsc#1190317).
- commit 2162abd
- CIFS: Clarify SMB1 code for SetFileSize (bsc#1190317).
- commit 8043e27
- CIFS: Clarify SMB1 code for UnixSetPathInfo (bsc#1190317).
- commit ee3dce0
- CIFS: Clarify SMB1 code for UnixCreateSymLink (bsc#1190317).
- commit 1764af8
- cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1190317).
- commit cda0cd6
- cifs: make locking consistent around the server session status
  (bsc#1190317).
- commit 64d8217
- smb3: prevent races updating CurrentMid (bsc#1190317).
- commit fb5243c
- cifs: fix missing spinlock around update to ses->status
  (bsc#1190317).
- commit 8dde9ff
- smb3: fix possible access to uninitialized pointer to DACL
  (bsc#1190317).
- commit 3fb727d
- cifs: missing null check for newinode pointer (bsc#1190317).
- commit 32bd34a
- cifs: remove two cases where rc is set unnecessarily in
  sid_to_id (bsc#1190317).
- commit 7a8b905
- SMB3: Add new info level for query directory (bsc#1190317).
- commit 654aa5b
- cifs: fix NULL dereference in smb2_check_message()
  (bsc#1190317).
- commit 255dcbb
- cifs: Avoid field over-reading memcpy() (bsc#1190317).
- commit 334ee76
- cifs: fix SMB1 error path in cifs_get_file_info_unix
  (bsc#1190317).
- commit 7a643a8
- cifs: convert list_for_each to entry variant in cifs_debug.c
  (bsc#1190317).
- commit dd6750b
- cifs: convert list_for_each to entry variant in smb2misc.c
  (bsc#1190317).
- commit 855734a
- cifs: avoid extra calls in posix_info_parse (bsc#1190317).
- commit 13b1c32
- cifs: retry lookup and readdir when EAGAIN is returned
  (bsc#1190317).
- commit c673d7a
- cifs: improve fallocate emulation (bsc#1190317).
- commit 2a8db5f
- cifs: fix string declarations and assignments in tracepoints
  (bsc#1190317).
- commit 3e93365
- cifs: set server->cipher_type to AES-128-CCM for SMB3.0
  (bsc#1190317).
- commit c1692d4
- SMB3: incorrect file id in requests compounded with open
  (bsc#1190317).
- commit 6131456
- cifs: use echo_interval even when connection not ready
  (bsc#1190317).
- commit 12fbbbf
- cifs: detect dead connections only when echoes are enabled
  (bsc#1190317).
- commit ad68003
- cifs: add shutdown support (bsc#1190317).
- commit 50e9950
- smb3: limit noisy error (bsc#1190317).
- commit 74153ab
- cifs: remove unnecessary copies of tcon->crfid.fid
  (bsc#1190317).
- commit 7d56d84
- cifs: fix out-of-bound memory access when calling smb3_notify()
  at mount point (bsc#1190317).
- commit 2dc39ec
- smb2: fix use-after-free in smb2_ioctl_query_info()
  (bsc#1190317).
- commit 88d30f9
- cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1190317).
- commit 7873b68
- cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1190317).
- commit bba7899
- cifs: check the timestamp for the cached dirent when deciding
  on revalidate (bsc#1190317).
- commit 77d92f7
- cifs: pass the dentry instead of the inode down to the
  revalidation check functions (bsc#1190317).
- commit f3bdae2
- cifs: add a timestamp to track when the lease of the cached
  dir was taken (bsc#1190317).
- commit 2d38159
- cifs: add a function to get a cached dir based on its dentry
  (bsc#1190317).
- commit 6007f92
- cifs: Grab a reference for the dentry of the cached directory
  during the lifetime of the cache (bsc#1190317).
- commit 30fd1a2
- cifs: store a pointer to the root dentry in cifs_sb_info once
  we have completed mounting the share (bsc#1190317).
- commit ee518fe
- cifs: rename the *_shroot* functions to *_cached_dir*
  (bsc#1190317).
- commit c613589
- cifs: pass a path to open_shroot and check if it is the root
  or not (bsc#1190317).
- commit d014649
- cifs: move the check for nohandlecache into open_shroot
  (bsc#1190317).
- commit 2fb508c
- cifs: make build_path_from_dentry() return const char *
  (bsc#1190317).
- commit 3fd50e9
- cifs: constify pathname arguments in a bunch of helpers
  (bsc#1190317).
- commit 1c4348c
- cifs: constify path argument of ->make_node() (bsc#1190317).
- commit 8fe9c35
- SMB3: update structures for new compression protocol definitions
  (bsc#1190317).
- commit 13f517a
- update structure definitions from updated protocol documentation
  (bsc#1190317).
- commit 39cc1ab
- cifs: remove old dead code (bsc#1190317).
- commit 8f437f9
- blacklist.conf: update blacklist
- commit 1733bdb
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as
  well.
  Fixes: e98096d5cf85 ("/rpm: Abolish scritplet templating (bsc#1189841)."/)
- commit e082fbf
- x86/crash: Add e820 reserved ranges to kdump kernel's e820 table
  (bsc#1181193).
- commit d98824b
- x86/mm: Rework ioremap resource mapping determination
  (bsc#1181193).
- commit 0779517
- blacklist.conf: update blacklist
- commit cac7733
- x86/e820, ioport: Add a new I/O resource descriptor
  IORES_DESC_RESERVED (bsc#1181193).
- commit bbfb43c
- smb3: fix cached file size problems in duplicate extents
  (reflink) (bsc#1190317).
- commit cd5036a
- cifs: Silently ignore unknown oplock break handle (bsc#1190317).
- commit 323a094
- cifs: revalidate mapping when we open files for SMB1 POSIX
  (bsc#1190317).
- commit 22ad98e
- cifs: Fix chmod with modefromsid when an older ACE already
  exists (bsc#1190317).
- commit e0a19c1
- cifs: fix allocation size on newly created files (bsc#1190317).
- commit 485bf0c
- cifs: update new ACE pointer after populate_new_aces
  (bsc#1190317).
- commit ff11875
- cifs: have ->mkdir() handle race with another client sanely
  (bsc#1190317).
- commit 7d96ff8
- do_cifs_create(): don't set ->i_mode of something we had not
  created (bsc#1190317).
- commit 0814ca5
- cifs: ask for more credit on async read/write code paths
  (bsc#1190317).
- commit 3b81574
- resource: Fix find_next_iomem_res() iteration issue
  (bsc#1181193).
- Refresh
  patches.suse/0001-mm-resource-Let-walk_system_ram_range-search-child-r.patch.
- Refresh
  patches.suse/0001-mm-resource-Return-real-error-codes-from-walk-failur.patch.
- Refresh
  patches.suse/resource-fix-locking-in-find_next_iomem_res.patch.
- commit 0f2ad3d
- blacklist.conf: kABI
- commit 339a14d
- scsi: lpfc: Fix gcc -Wstringop-overread warning, again
  (bsc#1190576).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn()
  (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
- scsi: lpfc: Improve PBDE checks during SGL processing
  (bsc#1190576).
- scsi: lpfc: Zero CGN stats only during initial driver load
  and stat reset (bsc#1190576).
- scsi: lpfc: Fix I/O block after enabling managed congestion mode
  (bsc#1190576).
- scsi: lpfc: Adjust bytes received vales during cmf timer
  interval (bsc#1190576).
- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines
  (bsc#1190576).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path
  (bsc#1190576).
- scsi: lpfc: Don't remove ndlp on PRLI errors in P2P mode
  (bsc#1190576).
- scsi: lpfc: Fix rediscovery of tape device after LIP
  (bsc#1190576).
- scsi: lpfc: Fix hang on unload due to stuck fport node
  (bsc#1190576).
- scsi: lpfc: Fix premature rpi release for unsolicited TPLS
  and LS_RJT (bsc#1190576).
- scsi: lpfc: Don't release final kref on Fport node while ABTS
  outstanding (bsc#1190576).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
  (bsc#1190576).
- scsi: lpfc: Remove unneeded variable (bsc#1190576).
- scsi: lpfc: Fix compilation errors on kernels with no
  CONFIG_DEBUG_FS (bsc#1190576).
- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS
  processing (bsc#1190576).
- commit 789627e
- blacklist.conf: Append 'drm/i915/dsi: Use unconditional msleep for the panel_on_delay when there is no reset-deassert MIPI-sequence'
- commit 5666bbd
- blacklist.conf: Append 'drm/i915: Fix mismatch between misplaced vma check and vma insert'
- commit 0f10a6a
- blacklist.conf: Append 'drm/i915/gt: Program mocs:63 for cache eviction on gen9'
- commit 41bde63
- blacklist.conf: Append 'drm/i915: Avoid mixing integer types during batch copies'
- commit 44ead34
- blacklist.conf: Append 'drm/i915/gem: Avoid implicit vmap for highmem on x86-32'
- commit 60f6fe8
- blacklist.conf: Append 'drm/i915/dp: Track pm_qos per connector'
- commit 3d26f53
- blacklist.conf: Append 'drm/i915: Fix the GT fence revocation runtime PM logic'
- commit f507dcc
- blacklist.conf: Append 'drm/radeon: Avoid power table parsing memory leaks'
- commit 11e69b0
- blacklist.conf: Append 'amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create'
- commit 7770bde
- blacklist.conf: # not used in SLE12
- commit bf56840
- blacklist.conf: not used in SLE12
- commit 24e4b8a
- blacklist.conf: not used in SLE12
- commit 1d62d53
- blacklist.conf: not used in SLE12
- commit 516aee1
- USB: serial: option: add new VID/PID to support Fibocom FG150
  (git-fixes).
- commit 224b5d3
- cifs: If a corrupted DACL is returned by the server, bail out
  (bsc#1190317).
- commit 3b11d19
- cifs: minor simplification to smb2_is_network_name_deleted
  (bsc#1190317).
- commit acad494
- TCON Reconnect during STATUS_NETWORK_NAME_DELETED (bsc#1190317).
- commit 7ce4a95
- cifs: cleanup a few le16 vs. le32 uses in cifsacl.c
  (bsc#1190317).
- commit cce87e3
- cifs: Change SIDs in ACEs while transferring file ownership
  (bsc#1190317).
- commit c9f530c
- cifs: Retain old ACEs when converting between mode bits and ACL
  (bsc#1190317).
- commit c2e6395
- cifs: Fix cifsacl ACE mask for group and others (bsc#1190317).
- commit 0dda4bf
- cifs: Fix in error types returned for out-of-credit situations
  (bsc#1190317).
- commit 4559efe
- cifs: do not fail __smb_send_rqst if non-fatal signals are
  pending (bsc#1190317).
- commit d22783f
- x86/resctrl: Fix a maybe-uninitialized build warning treated
  as error (bsc#1114648).
- x86/resctrl: Fix default monitoring groups reporting
  (bsc#1114648).
- commit eb311f7
- blacklist.conf: Append 'drm/bridge: ti-sn65dsi86: Add some 100 us delays'
- commit ee5f3ed
- drm/msm/dsi: Fix some reference counted resource leaks (bsc#1129770)
- commit 97968dc
- drm/gma500: Fix end of loop tests for list_for_each_entry (bsc#1129770)
  Backporting changes:
  * refresh
- commit 6b17f22
- drm/mediatek: Add AAL output size configuration (bsc#1129770)
  Backporting changes:
  * adapted code to use writel() function
- commit 96668c3
- drm/rockchip: cdn-dp: fix sign extension on an int multiply for a u64 (bsc#1129770)
  Backporting changes
  * context changes
- commit 5a384ea
- drm/imx: ipuv3-plane: Remove two unnecessary export symbols (bsc#1129770)
  Backporting changes:
  * refreshed
- commit 7224acc
- drm/msm: Small msm_gem_purge() fix (bsc#1129770)
  Backporting changes:
  * context changes in msm_gem_purge()
  * remove test for non-existant msm_gem_is_locked()
- commit 4e9715d
- video: fbdev: imxfb: Fix an error message (bsc#1129770)
  Backporting changes:
  * context changes in imxfb_probe()
- commit 1484b0c
- fbmem: add margin check to fb_check_caps() (bsc#1129770)
  Backporting changes:
  * context chacnges in fb_set_var()
- commit 1b4eaeb
- blacklist.conf: 3bff147b187d x86/mce: Defer processing of early errors
- commit 2e4a7f5
- s390/bpf: Fix optimizing out zero-extensions (bsc#1190601).
- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
  (bsc#1190601).
- s390/bpf: Fix branch shortening during codegen pass
  (bsc#1190601).
- s390/bpf: Wrap JIT macro parameter usages in parentheses
  (bsc#1190601).
- s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_*
  (bsc#1190601).
- commit 79e76b1
- EDAC/i10nm: Fix NVDIMM detection (bsc#1114648).
- commit 9106036
- net: qed: fix left elements count calculation (git-fixes).
- commit a9679cd
- dt-bindings: pwm: stm32: Add #pwm-cells (git-fixes).
- commit e45ad2c
- fs/select: avoid clang stack usage warning (git-fixes).
- commit 45d68dc
- kdb: do a sanity check on the cpu in kdb_per_cpu() (git-fixes).
- commit 16d216d
- docs: Fix infiniband uverbs minor number (git-fixes).
- commit 0bc342c
- profiling: fix shift-out-of-bounds bugs (git-fixes).
- commit 7f38641
- s390/unwind: use current_frame_address() to unwind current task
  (bsc#1185677).
- commit 84c56d2
- KVM: x86: Use kernel's x86_phys_bits to handle reduced
  MAXPHYADDR (bsc#1114648).
- commit e37928c
- Refresh
  patches.suse/ibmvnic-check-failover_pending-in-login-response.patch.
- commit 9672a40
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
  (git-fixes).
- debugfs: Return error during {full/open}_proxy_open() on rmmod
  (bsc#1173746).
- net: sched: Fix qdisc_rate_table refcount leak when get
  tcf_block failed (bsc#1056657 FATE#322189 bsc#1056653
  FATE#322190 bsc#1056787).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
- e1000e: Do not take care about recovery NVM checksum
  (bsc#1158533).
- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
- xgene-v2: Fix a resource leak in the error handling path of
  'xge_probe()' (git-fixes).
- RDMA/bnxt_re: Add missing spin lock initialization (bsc#1050244
  FATE#322915).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
  (git-fixes).
- bnxt_en: Add missing DMA memory barriers (git-fixes).
- bnxt: disable napi before canceling DIM (bsc#1104745
  FATE#325918).
- net: linkwatch: fix failure to restore device state across
  suspend/resume (bsc#1109837).
- iavf: Set RSS LUT and key in reset handle path (git-fixes).
- ice: Prevent probing virtual functions (bsc#1118661
  FATE#325277).
- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
- nfp: update ethtool reporting of pauseframe control (git-fixes).
- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
- i40e: Fix log TC creation failure when max num of queues is
  exceeded (bsc#1109837 bsc#1111981 FATE#326312).
- i40e: Add additional info to PHY type error (git-fixes).
- i40e: Fix logic of disabling queues (git-fixes).
- net: sched: cls_api: Fix the the wrong parameter (bsc#1109837).
- bnxt_en: don't disable an already disabled PCI device
  (git-fixes).
- liquidio: Fix unintentional sign extension issue on left shift
  of u16 (git-fixes).
- cxgb4: fix IRQ free race during driver unload (git-fixes).
- igb: Check if num of q_vectors is smaller than max before
  array access (git-fixes).
- iavf: Fix an error handling path in 'iavf_probe()' (git-fixes).
- e1000e: Fix an error handling path in 'e1000_probe()'
  (git-fixes).
- fm10k: Fix an error handling path in 'fm10k_probe()'
  (git-fixes).
- igb: Fix an error handling path in 'igb_probe()' (git-fixes).
- ixgbe: Fix an error handling path in 'ixgbe_probe()'
  (git-fixes).
- igb: Fix use-after-free error during reset (git-fixes).
- i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes).
- i40e: Fix error handling in i40e_vsi_open (git-fixes).
- net: pch_gbe: Propagate error from devm_gpio_request_one()
  (git-fixes).
- be2net: Fix an error handling path in 'be_probe()' (git-fixes).
- commit 3c06958
- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI
  (bsc#1190576).
- scsi: lpfc: Copyright updates for 14.0.0.1 patches
  (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
- scsi: lpfc: Add bsg support for retrieving adapter cmf data
  (bsc#1190576).
- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
- scsi: lpfc: Add debugfs support for cm framework buffers
  (bsc#1190576).
- scsi: lpfc: Add support for maintaining the cm statistics buffer
  (bsc#1190576).
- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
- scsi: lpfc: Add support for the CM framework (bsc#1190576).
- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
- scsi: lpfc: Add EDC ELS support (bsc#1190576).
- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info
  to firmware (bsc#1190576).
- scsi: fc: Add EDC ELS definition (bsc#1190576).
  Refresh:
  - patches.kabi/scsi-fc-kABI-fixes-for-new-ELS_FPIN-definition.patch
- scsi: core: Add helper to return number of logical blocks in
  a request (bsc#1190576).
- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
  (bsc#1190576).
- scsi: core: Introduce the scsi_cmd_to_rq() function
  (bsc#1190576).
- scsi: fc: Update formal FPIN descriptor definitions
  (bsc#1190576).
- commit 7baf690
- kernel-binary.spec: Check for no kernel signing certificates.
  Also remove unused variable.
- commit bdc323e
- Revert "/rpm/kernel-binary.spec: Use only non-empty certificates."/
  This reverts commit 30360abfb58aec2c9ee7b6a27edebe875c90029d.
- commit 413e05b
- irqchip/gic-v3: Don't try to reset AP0Rn (bsc#1189407).
- commit e2955e8
- rpm/kernel-binary.spec: Use only non-empty certificates.
- commit 30360ab
- cifs: check pointer before freeing (bsc#1190317).
- Refresh
  patches.suse/cifs-keep-referral-server-sessions-alive.patch.
  Context adjustment.
- commit c622c6c
- Add SMB 2 support for getting and setting SACLs (bsc#1190317).
- commit f616635
- SMB3: Add support for getting and setting SACLs (bsc#1190317).
- commit 0a5aeb6
- cifs: fix rsize/wsize to be negotiated values (bsc#1190317).
- commit d6a5280
- cifs: remove some minor warnings pointed out by kernel test
  robot (bsc#1190317).
- commit 09fcc8a
- cifs: remove various function description warnings
  (bsc#1190317).
- commit bab1cd5
- cifs: cleanup misc.c (bsc#1190317).
- commit 82336f3
- cifs: minor kernel style fixes for comments (bsc#1190317).
- commit 827feef
- cifs: Make extract_sharename function public (bsc#1190317).
- commit fafbd95
- cifs: Make extract_hostname function public (bsc#1190317).
- commit 9e4ad61
- SMB3.1.1: do not log warning message if server doesn't populate
  salt (bsc#1190317).
- commit 90221e4
- SMB3.1.1: update comments clarifying SPNEGO info in negprot
  response (bsc#1190317).
- commit 8c596de
- cifs: Enable sticky bit with cifsacl mount option (bsc#1190317).
- commit 3513140
- cifs: Fix unix perm bits to cifsacl conversion for "/other"/
  bits (bsc#1190317).
- commit a058fee
- SMB3.1.1: remove confusing mount warning when no SPNEGO info
  on negprot rsp (bsc#1190317).
- commit 4cc3ecb
- SMB3: avoid confusing warning message on mount to Azure
  (bsc#1190317).
- commit 772de9a
- cifs: refactor create_sd_buf() and and avoid corrupting the
  buffer (bsc#1190317).
- commit aa87e05
- smb3: Handle error case during offload read path (bsc#1190317).
- commit 91f2cf7
- smb3: Avoid Mid pending list corruption (bsc#1190317).
- commit e4b377f
- smb3: Call cifs reconnect from demultiplex thread (bsc#1190317).
- commit 094f065
- cifs: fix a memleak with modefromsid (bsc#1190317).
- commit a829d6e
- smb3: add some missing definitions from MS-FSCC (bsc#1190317).
- commit 8475495
- SMB3: add support for recognizing WSL reparse tags
  (bsc#1190317).
- commit 5a9bbe0
- Fix build warnings.
  Also align code location with later codestreams and improve
  bisectability.
- Refresh patches.suse/0002-x86-msi-Only-use-high-bits-of-MSI-address-for-DMAR-u.patch.
- Refresh patches.suse/x86-apic-msi-Plug-non-maskable-MSI-affinity-race.patch.
- commit cc966a5
- smb3: do not try to cache root directory if dir leases not
  supported (bsc#1190317).
- commit 36f12b1
- smb3: fix stat when special device file and mounted with
  modefromsid (bsc#1190317).
- commit 777d7b7
- cifs: Print the address and port we are connecting to in
  generic_ip_connect() (bsc#1190317).
- commit c72e2a3
- SMB3: Resolve data corruption of TCP server info fields
  (bsc#1190317).
- commit aa71f25
- cifs: make const array static, makes object smaller
  (bsc#1190317).
- commit 33cdb7a
- SMB3.1.1: Fix ids returned in POSIX query dir (bsc#1190317).
- commit 851b243
- cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1190317).
- commit 144d874
- cifs: handle -EINTR in cifs_setattr (bsc#1190317).
- commit 59a70c7
- Handle STATUS_IO_TIMEOUT gracefully (bsc#1190317).
- commit b72a929
- cifs: compute full_path already in cifs_readdir() (bsc#1190317).
- commit 3c0e63a
- cifs: return cached_fid from open_shroot (bsc#1190317).
- commit ef8f80c
- cifs: fix DFS mount with cifsacl/modefromsid (bsc#1190317).
- commit 1fbec56
- SMB3: Fix mkdir when idsfromsid configured on mount
  (bsc#1190317).
- commit 2eb2464
- cifs: convert to use be32_add_cpu() (bsc#1190317).
- commit d6c1b47
- cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails
  (bsc#1190317).
- commit 4a6a7ef
- cifs`: handle ERRBaduid for SMB1 (bsc#1190317).
- commit 5c74855
- cifs: fix reference leak for tlink (bsc#1190317).
- commit fa6dc6f
- smb3: fix unneeded error message on change notify (bsc#1190317).
- commit 0d42fab
- cifs: remove the retry in cifs_poxis_lock_set (bsc#1190317).
- commit d476887
- smb3: fix access denied on change notify request to some servers
  (bsc#1190317).
- commit d2074d0
- cifs: prevent truncation from long to int in
  wait_for_free_credits (bsc#1190317).
- commit 3e51fb2
- cifs: Display local UID details for SMB sessions in DebugData
  (bsc#1190317).
- commit 6481ffc
- cifs: update ctime and mtime during truncate (bsc#1190317).
- commit e54222d
- ext4: fix race writing to an inline_data file while its xattrs
  are changing (bsc#1190159 CVE-2021-40490).
- commit 3973759
- irqchip/gic-v3: Reset APgRn registers at boot time
  (bsc#1189407).
- irqchip/gic-v2: Reset APRn registers at boot time (bsc#1189407).
- commit 3ed7bff
- crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
  (bsc#1189884 CVE-2021-3744 bsc#1190534 CVE-2021-3764).
- commit 5fef1e1
- series.conf: refresh order
- commit d9ddc03
- ibmvnic: check failover_pending in login response (bsc#1190523
  ltc#194510).
- commit c0c0352
- fix patch metadata
- fix Patch-mainline:
  - patches.suse/x86-apic-msi-Plug-non-maskable-MSI-affinity-race.patch
- commit d256a15
- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
- Refresh
  patches.suse/0002-x86-msi-Only-use-high-bits-of-MSI-address-for-DMAR-u.patch.
- Refresh
  patches.suse/0004-x86-apic-Support-15-bits-of-APIC-ID-in-IOAPIC-MSI-wh.patch.
- commit c750b3b
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V
  (bsc#1189297).
- commit 990d684
- pinctrl: samsung: Fix pinctrl bank pin count (git-fixes).
- commit c5a81f3
- clk: kirkwood: Fix a clocking boot regression (git-fixes).
- commit bcee2f3
- clk: at91: clk-generated: Limit the requested rate to our range
  (git-fixes).
- commit 6b2f323
- mailbox: sti: quieten kernel-doc warnings (git-fixes).
- commit e59288f
- blacklist.conf: add efa not applicable patches
- commit c7d022e
- RDMA/efa: Use the correct current and new states in modify QP (git-fixes)
- commit 3ad22e3
- RDMA/efa: Be consistent with modify QP bitmask (git-fixes)
- commit 2fd4a53
- time: Handle negative seconds correctly in timespec64_to_ns()
  (git-fixes).
- commit 5621854
- ipc: remove memcg accounting for sops objects in do_semtimedop()
  (bsc#1190115).
- commit 2e73db0
- Update patches.suse/scsi-sg-add-sg_remove_request-in-sg_write
  (bsc#1171420 CVE-2020-12770).
- commit 3c3facb
- mm/memory.c: do_fault: avoid usage of stale vm_area_struct
  (bsc#1136513).
- commit b87a4b0
- RDMA/efa: Remove double QP type assignment (git-fixes)
- commit 25e0934
- fixup "/rpm: support gz and zst compression methods"/ once more
  (bsc#1190428, bsc#1190358)
  Fixes: 3b8c4d9bcc24 ("/rpm: support gz and zst compression methods"/)
  Fixes: 23510fce36ec ("/fixup "/rpm: support gz and zst compression methods"/"/)
- commit 165378a
- fixup "/rpm: support gz and zst compression methods"/ once more
  Fixes: 3b8c4d9bcc24 ("/rpm: support gz and zst compression methods"/)
  Fixes: 23510fce36ec ("/fixup "/rpm: support gz and zst compression methods"/"/)
- commit 34e68f4
- fixup "/rpm: support gz and zst compression methods"/
  Fixes: 3b8c4d9bcc24 ("/rpm: support gz and zst compression methods"/)
- commit 23510fc
- bpf: Fix leakage due to insufficient speculative store bypass mitigation
  (bsc#1188983, bsc#1188985, CVE-2021-34556, CVE-2021-35477).
- Refresh
  patches.kabi/bpf-prevent-memory-disambiguation-attack.patch.
- Refresh
  patches.kabi/bpf-prevent-out-of-bounds-speculation-on-pointer-ari.patch.
- commit 15cd454
- kernel-cert-subpackage: Fix certificate location in scriptlets
  (bsc#1189841).
  Fixes: d9a1357edd73 ("/rpm: Define $certs as rpm macro (bsc#1189841)."/)
- commit 8684de8
- kernel-binary.spec.in Stop templating the scriptlets for subpackages
  (bsc#1190358).
  The script part for base package case is completely separate from the
  part for subpackages. Remove the part for subpackages from the base
  package script and use the KMP scripts for subpackages instead.
- commit 5d1f677
- kernel-binary.spec: Do not fail silently when KMP is empty
  (bsc#1190358).
  Copy the code from kernel-module-subpackage that deals with empty KMPs.
- commit d7d2e6e
- SUNRPC: Simplify socket shutdown when not reusing TCP ports
  (git-fixes).
- commit a1a975a
- SUNRPC: improve error response to over-size gss credential
  (bsc#1190022).
- commit f82dc9a
- smb3: Add new parm "/nodelete"/ (bsc#1190317).
- commit caf8424
- cifs: Fix double add page to memcg when cifs_readpages
  (bsc#1190317).
- commit 3720270
- cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1190317).
- commit d22575e
- smb3: Add debug message for new file creation with idsfromsid
  mount option (bsc#1190317).
- commit 511211a
- cifs: fix chown and chgrp when idsfromsid mount option enabled
  (bsc#1190317).
- commit 6bcaaec
- smb3: allow uid and gid owners to be set on create with
  idsfromsid mount option (bsc#1190317).
- commit dae5890
- smb3: add indatalen that can be a non-zero value to calculation
  of credit charge in smb2 ioctl (bsc#1190317).
- commit 5def2a1
- cifs: Add get_security_type_str function to return sec type
  (bsc#1190317).
- commit 08884b6
- smb3: remove static checker warning (bsc#1190317).
- commit ea12d61
- cifs: dump Security Type info in DebugData (bsc#1190317).
- commit 694fbdf
- smb3: fix incorrect number of credits when ioctl
  MaxOutputResponse > 64K (bsc#1190317).
- commit 686f50f
- smb3: minor update to compression header definitions
  (bsc#1190317).
- commit 66cc9e8
- cifs: move some variables off the stack in smb2_ioctl_query_info
  (bsc#1190317).
- commit aa7fba4
- cifs: reduce stack use in smb2_compound_op (bsc#1190317).
- Refresh
  patches.suse/cifs-do-not-send-close-in-compound-create-close-requests.patch.
  Context adjustment.
- commit 4732ad6
- cifs: handle "/nolease"/ option for vers=1.0 (bsc#1190317).
- commit dbe99c3
- cifs: fix leaked reference on requeued write (bsc#1190317).
- commit 874dba4
- cifs: Fix null pointer check in cifs_read (bsc#1190317).
- commit e94b8d3
- scsi: sg: add sg_remove_request in sg_write (bsc#1171420
  CVE-2020-12770).
- commit c1e2c47
- Bluetooth: schedule SCO timeouts with delayed_work
  (CVE-2021-3640 bsc#1188172).
- Refresh patches.kabi/bt_accept_enqueue-kabi-workaround.patch.
- Refresh patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch.
- commit adfd842
- rpm/kernel-source.spec.in: do some more for vanilla_only
  Make sure:
  * sources are NOT executable
  * env is not used as interpreter
  * timestamps are correct
  We do all this for normal kernel builds, but not for vanilla_only
  kernels (linux-next and vanilla).
- commit b41e4fd
- Revert "/memcg: enable accounting for file lock caches (bsc#1190115)."/
  This reverts commit 912b4421a3e9bb9f0ef1aadc64a436666259bd4d.
  It's effectively upstream commit
  3754707bcc3e190e5dadc978d172b61e809cb3bd applied to kernel-source (to
  avoid proliferation of patches). Make a note in blacklist.conf too.
- commit 84da196
- PCI: endpoint: Fix missing destroy_workqueue() (git-fixes).
- commit d20804d
- net: mvpp2: prs: fix PPPoE with ipv6 packet parse (git-fixes).
- commit 4eddc26
- net: mvpp2: Add TCAM entry to drop flow control pause frames
  (git-fixes).
- commit 0572c9e
- blacklist.conf: cosmetic fix
- commit 872d107
- i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs (git-fixes).
- commit ca293f5
- crypto: qat - use proper type for vf_mask (git-fixes).
- commit ef65d03
- virtio_net: Fix error code in probe() (git-fixes).
- commit a794197
- qlcnic: Fix error code in probe (git-fixes).
- commit a9a3898
- blacklist.conf: cosmetic fix
- commit 72e5d3d
- blacklist.conf: update blacklist
- commit ca7b8d4
- blacklist.conf: kABI
- commit fb7b745
- crypto: picoxcell - Fix potential race condition bug
  (git-fixes).
- commit 59b3b00
- crypto: picoxcell - Fix error handling in spacc_probe()
  (git-fixes).
- Refresh
  patches.suse/crypto-picoxcell-adjust-the-position-of-tasklet_init.patch.
- commit 7e7ebc8
- mm, vmscan: guarantee drop_slab_node() termination (VM
  Functionality, bsc#1189301).
- commit 7ca9c36
- blacklist.conf: prerequisites are too intrusive
- commit f71e985
- media: go7007: fix memory leak in go7007_usb_probe (git-fixes).
- commit 5eabb65
- kABI: revert change in struct bpf_insn_aux_data (bsc#1188983,
  bsc#1188985, CVE-2021-34556, CVE-2021-35477).
- commit 842ede0
- vhost: scsi: add weight support (CVE-2019-3900 bsc#1133374).
- vhost: vsock: add weight support (CVE-2019-3900 bsc#1133374).
- vhost_net: fix possible infinite loop (CVE-2019-3900 bsc#1133374).
- refresh patches.kabi/kabi-mask-changes-to-vhost_dev_init-and-struct-vhost.patch
- kabi: mask changes to vhost_dev_init() and struct vhost_dev
  (CVE-2019-3900 bsc#1133374).
- vhost: introduce vhost_exceeds_weight() (CVE-2019-3900
  bsc#1133374).
- vhost_net: introduce vhost_exceeds_weight() (CVE-2019-3900
  bsc#1133374).
- refresh patches.suse/vhost-log-dirty-page-correctly.patch
- vhost_net: use packet weight for rx handler, too (CVE-2019-3900
  bsc#1133374).
- refresh patches.suse/vhost-log-dirty-page-correctly.patch
- vhost-net: set packet weight of tx polling to 2 * vq size
  (CVE-2019-3900 bsc#1133374).
- commit fac5272
- sctp: implement memory accounting on rx path (CVE-2019-3874
  bsc#1129898).
- sctp: implement memory accounting on tx path (CVE-2019-3874
  bsc#1129898).
- commit d1cd2ad
- Update
  patches.suse/l2tp-pass-tunnel-pointer-to-session_create.patch
  references (add CVE-2018-9517 bsc#1108488).
- commit 902e6bb
- memcg: enable accounting of ipc resources (bsc#1190115
  CVE-2021-3759).
- memcg: enable accounting for file lock caches (bsc#1190115).
- commit e2a14e4
- Update
  patches.suse/usb-max-3421-Prevent-corruption-of-freed-memory.patch
  (CVE-2021-38204, bsc#1189291).
- Update
  patches.suse/virtio_console-Assure-used-length-from-device-is-lim.patch
  (CVE-2021-38160, bsc#1190117).
  Update metadata
- commit 4208778
- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
  (bsc#1189841).
  These are unchanged since 2011 when they were introduced. No need to
  track them separately.
- commit 692d38b
- rpm: Abolish image suffix (bsc#1189841).
  This is used only with vanilla kernel which is not supported in any way.
  The only effect is has is that the image and initrd symlinks are created
  with this suffix.
  These symlinks are not used except on s390 where the unsuffixed symlinks
  are used by zipl.
  There is no reason why a vanilla kernel could not be used with zipl as
  well as it's quite unexpected to not be able to boot when only a vanilla
  kernel is installed.
  Finally we now have a backup zipl kernel so if the vanilla kernel is
  indeed unsuitable the backup kernel can be used.
- commit e2f37db
- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
- commit e602b0f
- rpm: Define $certs as rpm macro (bsc#1189841).
  Also pass around only the shortened hash rather than full filename.
  As has been discussed in bsc#1124431 comment 51
  https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of
  the certificates is an API which cannot be changed unless we can ensure
  that no two kernels that use different certificate location can be built
  with the same certificate.
- commit d9a1357
- ocfs2: ocfs2_downconvert_lock failure results in deadlock
  (bsc#1188439).
- commit b239fae
- blacklist.conf: Add 2ca11b0e043b cgroup: Fix kernel-doc
- commit 70aa566
- virtio_console: Assure used length from device is limited
  (CVE-2021-38160 bsc#1190117).
- commit 495fc27
- scsi: libfc: Fix array index out of bound exception
  (bsc#1188616).
- commit f9984e7
- bcma: Fix memory leak for internally-handled cores (git-fixes).
- ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point()
  (git-fixes).
- mac80211: Fix insufficient headroom issue for AMSDU (git-fixes).
- Bluetooth: add timeout sanity check to hci_inquiry (git-fixes).
- Bluetooth: Move shutdown callback before flushing tx and rx
  queue (git-fixes).
- Bluetooth: fix repeated calls to sco_sock_kill (git-fixes).
- Bluetooth: increase BTNAMSIZ to 21 chars to fix potential
  buffer overflow (git-fixes).
- Bluetooth: sco: prevent information leak in
  sco_conn_defer_accept() (git-fixes).
- i2c: mt65xx: fix IRQ check (git-fixes).
- i2c: s3c2410: fix IRQ check (git-fixes).
- i2c: iop3xx: fix deferred probing (git-fixes).
- i2c: highlander: add IRQ check (git-fixes).
- mmc: moxart: Fix issue with uninitialized dma_slave_config
  (git-fixes).
- mmc: dw_mmc: Fix issue with uninitialized dma_slave_config
  (git-fixes).
- PCI: PM: Enable PME if it can be signaled from D3cold
  (git-fixes).
- power: supply: max17042: handle fails of reading status register
  (git-fixes).
- spi: spi-pic32: Fix issue with uninitialized dma_slave_config
  (git-fixes).
- spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config
  (git-fixes).
- Revert "/USB: serial: ch341: fix character loss at high transfer
  rates"/ (git-fixes).
- can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange
  of the CAN RX and TX error counters (git-fixes).
- PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes).
- PCI/MSI: Correct misleading comments (git-fixes).
- i2c: dev: zero out array used for i2c reads from userspace
  (git-fixes).
- commit e31f28c
- Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
  (CVE-2021-3640 bsc#1188172).
- commit d78ba89
- Move upstreamed BT fixes into sorted section
- commit f6001e5
- blacklist.conf: add following commit ids,
- 7f3d176f5f7e3f0477bf82df0f600fcddcdcc4e4
- 27ba3e8ff3ab86449e63d38a8d623053591e65fa
- 24f6b6036c9eec21191646930ad42808e6180510
- 848378812e40152abe9b9baf58ce2004f76fb988
- 854f32648b8a5e424d682953b1a9f3b7c3322701
- commit 9bb3f0c
- md/raid10: properly indicate failure when ending a failed
  write request (git-fixes).
- Refresh for the above change,
  patches.suse/md-display-timeout-error.patch.
- commit 41eb7ae
- overflow: Correct check_shl_overflow() comment (git-fixes).
- dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes).
- mm/rmap: fix potential pte_unmap on an not mapped pte
  (git-fixes).
- dm zoned: select CONFIG_CRC32 (git-fixes).
- dm: remove invalid sparse __acquires and __releases annotations
  (git-fixes).
- dm writecache: remove BUG() and fail gracefully instead
  (git-fixes).
- dm writecache: fix the maximum number of arguments (git-fixes).
- overflow: Include header file with SIZE_MAX declaration
  (git-fixes).
- arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache()
  cache writeback (git-fixes).
- dm writecache: handle DAX to partitions on persistent memory
  correctly (git-fixes).
- commit 7e2c4a9
- vt_kdsetmode: extend console locking (bsc#1190025
  CVE-2021-3753).
- commit 9420ba7
- rpm: Abolish scritplet templating (bsc#1189841).
  Outsource kernel-binary and KMP scriptlets to suse-module-tools.
  This allows fixing bugs in the scriptlets as well as defining initrd
  regeneration policy independent of the kernel packages.
- commit e98096d
- rpm/kernel-binary.spec.in: Use kmod-zstd provide.
  This makes it possible to use kmod with ZSTD support on non-Tumbleweed.
- commit 357f09a
- kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes).
- commit c0132a4
- rpm/kernel-binary.spec.in: avoid conflicting suse-release
  suse-release has arbitrary values in staging, we can't use it for
  dependencies. The filesystem one has to be enough (boo#1184804).
- commit 56f2cba
- mm: vmscan: scan anonymous pages on file refaults (VM
  Performance, bsc#1183050).
- blacklist.conf: unblacklist the backported commit.
- Delete patches.suse/prevent-active-list-thrashing.patch.
- commit 0d76c9c
- Refresh
  patches.suse/target-fix-XCOPY-NAA-identifier-lookup.patch.
- commit e4de461
- x86/kvm: fix vcpu-id indexed array sizes (git-fixes).
- commit 69834db
- rpm: fix kmp install path
- commit 22ec560
- xen/events: Fix race in set_evtchn_to_irq (git-fixes).
- commit 7115060
- ovl: prevent private clone if bind mount is not allowed
  (bsc#1189706, CVE-2021-3732).
- ovl: fix dentry leak in ovl_get_redirect (bsc#1189846).
- ovl: initialize error in ovl_copy_xattr (bsc#1189846).
- ovl: relax WARN_ON() on rename to self (bsc#1189846).
- ovl: filter of trusted xattr results in audit (bsc#1189846).
- ovl: check whiteout in ovl_create_over_whiteout() (bsc#1189846).
- commit 1f3eb84
- post.sh: detect /usr mountpoint too
- commit c7b3d74
- crypto: talitos - fix ECB algs ivsize (git-fixes).
- commit efdc2b9
- blacklist.conf: not needed in kernels older than SLE15-SP2
- commit b5c7137
- blacklist.conf: not needed in kernels older than SLE15-SP2
- commit 676baa3
- blacklist.conf: already included
- commit c2ae172
- scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650).
- commit 9967c14
- blacklist.conf: not needed in kernels older than SLE15-SP2
- commit 42b1f41
- blacklist.conf: cosmetical fix
- commit 30e7d35
- blacklist.conf: breaks kABI
- commit 51da5eb
- blacklist.conf: this enables use of a feature untested on this code base
- commit 3b2714a
- RDMA/efa: Free IRQ vectors on error flow (git-fixes)
- commit 92c4f0d
- x86/fpu: Limit xstate copy size in xstateregs_set()
  (bsc#1114648).
- commit 6e18da3
- blacklist.conf: 9625895011d1 x86/fpu: Fix copy_xstate_to_kernel() gap handling
- commit 982c8df
- dm btree remove: assign new_root only when removal succeeds
  (git fixes).
- commit d9e29a1
- dm snapshot: fix crash with transient storage and zero chunk
  size (git fixes).
- commit 765f88e
- blacklist.conf: add following commits,
- 974f51e8633f0f3f33e8f86bbb5ae66758aa63c7
- 5b0fab508992c2e120971da658ce80027acbc405
- 35d2835d2ac41dc0b3e3469f8e2b08ce9709ace8
- commit b30df21
- PCI: vmd: Filter resource type bits from shadow register (bsc#1183983).
- PCI: vmd: Fix shadow offsets to reflect spec changes (bsc#1183983).
- PCI: vmd: Fix config addressing when using bus offsets (bsc#1183983).
- commit d9a2aba
- blacklist.conf: 6c34df6f350d ("/tracing: Apply trace filters on all output channels"/)
  Requires at least commit 8cfcf15503f6 ("/tracing: kprobes: Output kprobe
  event to printk buffer"/) too. Let's wait if there is an actual problem
  for someone.
- commit feb6790
- kernel-binary.spec.in: make sure zstd is supported by kmod if used
- commit f36412b
- kernel-binary.spec.in: add zstd to BuildRequires if used
- commit aa61dba
- x86/signal: Detect and prevent an alternate signal stack
  overflow (bsc#1114648).
- commit bef29d1
- PCI: vmd: Add an additional VMD device id to driver device id table (bsc#1183983).
- PCI: vmd: Add offset to bus numbers if necessary (bsc#1183983).
- PCI: vmd: Assign membar addresses from shadow registers (bsc#1183983).
- PCI: Add Intel VMD devices to pci ids (bsc#1183983).
- commit 992b9c8
- rpm: support gz and zst compression methods
  Extend commit 18fcdff43a00 ("/rpm: support compressed modules"/) for
  compression methods other than xz.
- commit 3b8c4d9
- blacklist.conf: blacklist f5e55e777cc9
- commit 1dc35ff
- mm/memory-failure: unnecessary amount of unmapping
  (bsc#1189640).
- commit 8be0d40
- readdir: make sure to verify directory entry for legacy
  interfaces too (bsc#1189639).
- commit aa13def
- blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling
  (bsc#1189506).
- commit 0b494bd
- ocfs2: issue zeroout to EOF blocks (bsc#1189582).
- commit f5940a3
- ocfs2: fix zero out valid data (bsc#1189579).
- commit 7499943
- ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567).
- commit fbbd945
- writeback: fix obtain a reference to a freeing memcg css
  (bsc#1189577).
- commit 822695f
- ext4: fix avefreec in find_group_orlov (bsc#1189566).
- commit c07c38c
- ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
  (bsc#1189564).
- commit 6138aa9
- ext4: remove check for zero nr_to_scan in ext4_es_scan()
  (bsc#1189565).
- commit 050f1ea
- ext4: cleanup in-core orphan list if ext4_truncate() failed
  to get a transaction handle (bsc#1189568).
- commit 56dc9c6
- ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562).
- commit 2400907
- block: fix trace completion for chained bio (bsc#1189505).
- commit 388c70c
- ocfs2: fix snprintf() checking (bsc#1189581).
- commit c5a4e36
- mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page()
  (bsc#1189569).
- commit fa5864d
- bdi: Do not use freezable workqueue (bsc#1189573).
- commit 470e6f6
- PCI: hv: Use expected affinity when unmasking IRQ (bsc#1185973).
- commit 6b9e6fa
- Refresh patches.suse/KVM-nSVM-avoid-picking-up-unsupported-bits-from-L2-i.
- commit a1c39b1
- blacklist.conf: not needed in our config
- commit b0d7db4
- blacklist.conf: kABI
- commit 2996958
- blacklist.conf: kABI
- commit 2eafdea
- blacklist.conf: prerequisites break kABI
- commit bdd94ea
- blacklist.conf: optimization, not bug fix
- commit ed21db2
- blacklist.conf: optimization, not bug fix
- commit ae0ed70
- blacklist.conf: prerequisites break kABI
- commit fa576e3
- scsi: lpfc: Move initialization of phba->poll_list earlier to
  avoid crash (git-fixes).
- commit d0a33c0
- ASoC: cs42l42: Remove duplicate control for WNF filter frequency
  (git-fixes).
- ASoC: cs42l42: Fix inversion of ADC Notch Switch control
  (git-fixes).
- ASoC: cs42l42: Don't allow SND_SOC_DAIFMT_LEFT_J (git-fixes).
- USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2
  (git-fixes).
- USB: serial: option: add Telit FD980 composition 0x1056
  (git-fixes).
- USB: serial: ch341: fix character loss at high transfer rates
  (git-fixes).
- USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes).
- commit 5e66bd7
- PCI/MSI: Do not set invalid bits in MSI mask (git-fixes).
- PCI/MSI: Enable and mask MSI-X early (git-fixes).
- ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes).
- iio: adc: Fix incorrect exit of for-loop (git-fixes).
- iio: humidity: hdc100x: Add margin to the conversion time
  (git-fixes).
- ALSA: seq: Fix racy deletion of subscriber (git-fixes).
- pcmcia: i82092: fix a null pointer dereference bug (git-fixes).
- commit 4a00cc6
- Update
  patches.suse/ibmvnic-Allow-device-probe-if-the-device-is-not-read.patch
  (bsc#1167032 ltc#184087 bsc#1184114 ltc#192237).
- commit 06981c0
- crypto: nx - Fix RCU warning in nx842_OF_upd_status (git-fixes).
- commit 207e5e5
- crypto: nx - Fix memcpy() over-reading in nonce (git-fixes).
- commit 76d0d30
- crypto: ux500 - Fix error return code in hash_hw_final()
  (git-fixes).
- commit e17fffe
- blacklist.conf: Add acpica entry that has been reverted in the upstream (git-fixes)
- commit 3e0cbce
- blacklist.conf: 6c881ca0b304 ("/afs: Fix tracepoint string placement with built-in AFS"/)
  AFS is not supported on SLE12-SP5 (CONFIG_AFS_FS is not set).
- commit 79dd1f0
- x86/fpu: Make init_fpstate correct with optimized XSAVE
  (bsc#1114648).
- commit b2d2af9
- bpf: Introduce BPF nospec instruction for mitigating Spectre v4
  (bsc#1188983, bsc#1188985, CVE-2021-34556, CVE-2021-35477).
- commit 84b20f7
- kABI: s390/ap: Fix hanging ioctl caused by wrong msg counter
  (bsc#1188982 LTC#193818).
- commit afd3cd6
- kernel-binary.spec: Require dwarves for kernel-binary-devel when BTF is
  enabled (jsc#SLE-17288).
  About the pahole version: v1.18 should be bare mnimum, v1.22 should be
  fully functional, for now we ship git snapshot with fixes on top of
  v1.21.
- commit 8ba3382
- net: usb: ax88179_178a: remove redundant assignment to variable
  ret (git-fixes).
- commit 2fd56c0
- net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32
  (git-fixes).
- commit 7a3468e
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32
  (git-fixes).
- commit 0aeb3bd
- ftgmac100: Restart MAC HW once (git-fixes).
- commit e02aa55
- net: lapbether: Remove netif_start_queue / netif_stop_queue
  (git-fixes).
- commit a01b187
- x86/fpu: Reset state for all signal restore failures
  (bsc#1114648).
- commit a4f88f9
- blacklist.conf: add davicom legacy ethernet driver
- commit e12ce22
- KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
  (bsc#1189399, CVE-2021-3653).
- KVM: nSVM: always intercept VMLOAD/VMSAVE when nested
  (bsc#1189400, CVE-2021-3656).
- KVM: X86: MMU: Use the correct inherited permissions to get
  shadow page (CVE-2021-38198 bsc#1189262).
- commit 9c35f8d
- s390/ap: Fix hanging ioctl caused by wrong msg counter
  (bsc#1188982 LTC#193818).
- commit 7c2e796
- scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted()
  (bsc#1189385).
- scsi: lpfc: Remove redundant assignment to pointer pcmd
  (bsc#1189385).
- scsi: lpfc: Copyright updates for 14.0.0.0 patches
  (bsc#1189385).
- scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385).
- scsi: lpfc: Add 256 Gb link speed support (bsc#1189385).
- scsi: lpfc: Revise Topology and RAS support checks for new
  adapters (bsc#1189385).
- scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385).
- scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series
  adapters (bsc#1189385).
- scsi: lpfc: Copyright updates for 12.8.0.11 patches
  (bsc#1189385).
- scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385).
- scsi: lpfc: Skip issuing ADISC when node is in NPR state
  (bsc#1189385).
- scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC
  cmpl path (bsc#1189385).
- scsi: lpfc: Call discovery state machine when handling
  PLOGI/ADISC completions (bsc#1189385).
- scsi: lpfc: Delay unregistering from transport until GIDFT or
  ADISC completes (bsc#1189385).
- scsi: lpfc: Enable adisc discovery after RSCN by default
  (bsc#1189385).
- scsi: lpfc: Use PBDE feature enabled bit to determine PBDE
  support (bsc#1189385).
- scsi: lpfc: Clear outstanding active mailbox during PCI function
  reset (bsc#1189385).
- scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi()
  routine (bsc#1189385).
- scsi: lpfc: Remove REG_LOGIN check requirement to issue an
  ELS RDF (bsc#1189385).
- scsi: lpfc: Fix memory leaks in error paths while issuing ELS
  RDF/SCR request (bsc#1189385).
- scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF
  handling (bsc#1189385).
- scsi: lpfc: Keep NDLP reference until after freeing the IOCB
  after ELS handling (bsc#1189385).
- scsi: lpfc: Fix target reset handler from falsely returning
  FAILURE (bsc#1189385).
- scsi: lpfc: Discovery state machine fixes for LOGO handling
  (bsc#1189385).
- scsi: lpfc: Improve firmware download logging (bsc#1189385).
- scsi: lpfc: Remove use of kmalloc() in trace event logging
  (bsc#1189385).
- scsi: lpfc: Fix NVMe support reporting in log message
  (bsc#1189385).
- scsi: lpfc: Use list_move_tail() instead of
  list_del()/list_add_tail() (bsc#1189385).
- commit 7bc2e6b
- Bluetooth: switch to lock_sock in SCO (CVE-2021-3640
  bsc#1188172).
- Bluetooth: avoid circular locks in sco_sock_connect
  (CVE-2021-3640 bsc#1188172).
- commit 73d3a49
- Bluetooth: defer cleanup of resources in hci_unregister_dev()
  (CVE-2021-3640 bsc#1188172).
- commit c8012e0
- powerpc/pseries: Fix update of LPAR security flavor after LPM
  (bsc#1188885 ltc#193722 git-fixes).
- commit a405caa
- SUNRPC: Fix the batch tasks count wraparound (git-fixes).
- commit 86aec27
- mm/vmscan: fix infinite loop in drop_slab_node (VM Performance,
  bsc#1189301).
- commit 76f168e
- scsi: qla2xxx: Remove redundant initialization of variable
  num_cnt (bsc#1189384).
- scsi: qla2xxx: Fix use after free in debug code (bsc#1189384).
- scsi: qla2xxx: Fix spelling mistakes "/allloc"/ -> "/alloc"/
  (bsc#1189384).
- scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189384).
- scsi: qla2xxx: edif: Increment command and completion counts
  (bsc#1189384).
- scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189384).
- scsi: qla2xxx: edif: Add doorbell notification for app
  (bsc#1189384).
- scsi: qla2xxx: edif: Add detection of secure device
  (bsc#1189384).
- scsi: qla2xxx: edif: Add authentication pass + fail bsgs
  (bsc#1189384).
- scsi: qla2xxx: edif: Add key update (bsc#1189384).
- scsi: qla2xxx: edif: Add extraction of auth_els from the wire
  (bsc#1189384).
- scsi: qla2xxx: edif: Add send, receive, and accept for auth_els
  (bsc#1189384).
- scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs
  (bsc#1189384).
- commit 6e032e1
- scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392).
- scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392).
- scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI
  (bsc#1189392).
- scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392).
- scsi: qla2xxx: Remove redundant continue statement in a for-loop
  (bsc#1189392).
- scsi: qla2xxx: Add heartbeat check (bsc#1189392).
- scsi: qla2xxx: Use list_move_tail() instead of
  list_del()/list_add_tail() (bsc#1189392).
- scsi: qla2xxx: Remove duplicate declarations (bsc#1189392).
- scsi: qla2xxx: Log PCI address in
  qla_nvme_unregister_remote_port() (bsc#1189392).
- scsi: qla2xxx: Remove redundant assignment to rval
  (bsc#1189392).
- scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal
  (bsc#1189392).
- scsi: qla2xxx: Fix error return code in
  qla82xx_write_flash_dword() (bsc#1189392).
- commit 87ac3e9
- dm snapshot: properly fix a crash when an origin has no snapshots (git fixes).
- dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git fixes).
- dm space map common: fix division bug in sm_ll_find_free_block() (git fixes).
- dm persistent data: packed struct should have an aligned() attribute too (git fixes).
- dm ioctl: fix out of bounds array access when no devices (git fixes).
- dm era: only resize metadata in preresume (git fixes).
- dm era: Use correct value size in equality function of writeset tree (git fixes).
- dm era: Fix bitset memory leaks (git fixes).
- dm era: Verify the data block size hasn't changed (git fixes).
- dm era: Reinitialize bitset cache before digesting a new writeset (git fixes).
- dm era: Update in-core bitset after committing the metadata (git fixes).
- dm era: Recover committed writeset after crash (git fixes).
- dm table: fix iterate_devices based device capability checks (git fixes).
- Revert "/bcache: Kill btree_io_wq"/ (git fixes).
- dm: eliminate potential source of excessive kernel log noise (git fixes).
- dm snapshot: flush merged data before committing metadata (git fixes).
- dm ioctl: fix error return code in target_message (git fixes).
- dm thin metadata: Avoid returning cmd->bm wild pointer on error (git fixes).
- dm cache metadata: Avoid returning cmd->bm wild pointer on error (git fixes).
- commit 9b8016f
- staging: rtl8723bs: Fix a resource leak in sd_int_dpc
  (git-fixes).
- serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes).
- spi: mediatek: Fix fifo transfer (git-fixes).
- r8152: Fix potential PM refcount imbalance (git-fixes).
- regulator: rt5033: Fix n_voltages settings for BUCK and LDO
  (git-fixes).
- commit 6b8ffcb
- README: Modernize build instructions.
- commit 8cc5c28
- blacklist.conf: not needed in kernels older than SLE15-SP2
- commit 5796a14
- blacklist.conf: not needed in kernels older than SLE15-SP2
- commit 9582878
- blacklist.conf: not needed in kernels older than SLE15-SP2
- commit 24a4db1
- blacklist.conf: # not needed in kernels older than SLE15-SP2
- commit 2ec93d3
- rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305)
- commit 7f9ade7
- KVM: SVM: Call SEV Guest Decommission if ASID binding fails
  (12sp5).
- commit 70fb6f0
- usb: max-3421: Prevent corruption of freed memory
  (CVE-2021-38204 bsc#1189291).
- commit cfb9fc6
- blacklist.conf: Add fixes
  38c527aeb419 iommu/vt-d: Force to flush iotlb before creating superpage
  3ad1a6cb0abc bug: Remove redundant condition check in report_bug
- commit f77fdc6
- iommu/amd: Fix extended features logging (bsc#1189269).
- iommu/vt-d: Define counter explicitly as unsigned int
  (bsc#1189271).
- crypto: ccp - Annotate SEV Firmware file names (bsc#1189268).
- iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189272).
- iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK
  (bsc#1189270).
- commit 134494e
- NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times
  (git-fixes).
- SUNRPC: Should wake up the privileged task firstly (git-fixes).
- nfs: fix acl memory leak of posix_acl_create() (git-fixes).
- commit 2cf4f18
- NFSv4: Initialise connection to the server in
  nfs4_alloc_client() (bsc#1040364).
- Delete
  patches.suse/0001-NFSv4-don-t-let-hanging-mounts-block-other-mounts.patch.
  Upstream found a fix for this, so our local fix is no longer needed.
- commit 0f7c89e
- net: stmmac: use netif_tx_start|stop_all_queues() function
  (git-fixes).
- commit baf0e0c
- blacklist.conf: update blacklist
- commit ab18898
- Fix filesystem requirement and suse-release requires
  Reduce filesystem conflict to anything less than 16 to allow pulling the
  change into the next major stable version.
  Don't require suse-release as that's not technically required. Conflict
  with a too old one instead.
- commit 913f755
- USB: usbtmc: Fix RCU stall warning (git-fixes).
- commit 163a60e
- media: rtl28xxu: fix zero-length control request (git-fixes).
- clk: stm32f4: fix post divisor setup for I2S/SAI PLLs
  (git-fixes).
- cfg80211: Fix possible memory leak in function
  cfg80211_bss_update (git-fixes).
- commit df1ae37
- Drop bogus rtl28xx patch (bsc#1188683)
- commit 3c6c2e1
- rpm/kernel-source.rpmlintrc: ignore new include/config files
  In 5.13, since 0e0345b77ac4, config files have no longer .h suffix.
  Adapt the zero-length check.
  Based on Martin Liska's change.
- commit b6f021b
- tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop
  (CVE-2021-3679 bsc#1189057).
- commit dfd73b3
- crypto: talitos - Do not modify req->cryptlen on decryption
  (git-fixes).
- Refresh
  patches.suse/crypto-talitos-properly-handle-split-ICV.patch.
- commit 8d54016
- blacklist.conf: requires firmware update we cannot guarantee
- commit 301d584
- blacklist.conf: irrelevant fix of build dependency
- commit 53dd5e6
- cifs: keep referral server sessions alive (bsc#1185902).
- commit b3e1d78
- Refresh patches.suse/cifs-set_root_ses-ipc.patch.
- commit b39987c
- Delete
  patches.suse/nvme-do-not-update-disk-info-for-multipathed-device.patch.
- Delete
  patches.suse/nvme-do-not-update-multipath-disk-information-if-the.patch.
  Revert interim patches (bsc#1188000)
- commit 50d0280
- cifs: do not share tcp sessions of dfs connections
  (bsc#1185902).
- commit 78cebff
- cifs: prevent NULL deref in cifs_compose_mount_options()
  (bsc#1185902).
- commit b5900e6
- cifs: missing null pointer check in cifs_mount (bsc#1185902).
- commit afe3030
- cifs: fix check of dfs interlinks (bsc#1185902).
- commit 7b8fe47
- cifs: avoid starvation when refreshing dfs cache (bsc#1185902).
- commit b94fa41
- cifs: do not share tcp servers with dfs mounts (bsc#1185902).
- commit d0f5918
- cifs: set a minimum of 2 minutes for refreshing dfs cache
  (bsc#1185902).
- commit 2a60483
- cifs: fix path comparison and hash calc (bsc#1185902).
- commit 1934371
- cifs: handle different charsets in dfs cache (bsc#1185902).
- commit 029a8fd
- Revert "/block: revert back to synchronous request_queue removal (git"/
  For details, see bsc#1188863 #c15, bsc#1171285 #c16
  This reverts commit 7a0cca0c9b1cb9ca8862fd7570c645dfba392247.
- commit 678e48f
- cifs: get rid of @noreq param in __dfs_cache_find()
  (bsc#1185902).
- commit 06bac4e
- cifs: do not send tree disconnect to ipc shares (bsc#1185902).
- commit dc3818c
- cifs: Remove unused inline function is_sysvol_or_netlogon()
  (bsc#1185902).
- commit 8726f5c
  H_GET_CPU_CHARACTERISTICS (CVE-2018-3639 bsc#1087082 git-fixes bsc#1188885 ltc#193722).
- powerpc/security: Add a security feature for STF barrier
  (CVE-2018-3639 bsc#1087082 git-fixes bsc#1188885 ltc#193722).
- powerpc/pseries: Get entry and uaccess flush required bits
  from H_GET_CPU_CHARACTERISTICS (CVE-2020-4788 bsc#1177666 git-fixes bsc#1188885 ltc#193722).
- powerpc/64s: rename pnv|pseries_setup_rfi_flush to
  _setup_security_mitigations (CVE-2018-3639, bsc#1087082, bsc#1188885 ltc#193722).
- powerpc/pesries: Get STF barrier requirement from
- commit bd9e95f
- commit 6b810aa
- nvme-fc: fix racing controller reset and create association
  (bsc#1187076).
- nvme-fc: avoid calling _nvme_fc_abort_outstanding_ios from
  interrupt context (bsc#1187076).
- nvme-fc: remove nvme_fc_terminate_io() (bsc#1187076).
  Refresh:
  - patches.suse/nvme-flush-scan_work-when-resetting-controller.patch
- nvme-fc: eliminate terminate_io use by nvme_fc_error_recovery
  (bsc#1187076).
- nvme-fc: remove err_work work item (bsc#1187076).
- commit 870c933
- nvme-fc: track error_recovery while connecting (bsc#1187076).
- nvme-fc: fix io timeout to abort I/O (bsc#1187076).
  Refresh:
  - patches.suse/nvme-fc-clear-q_live-at-beginning-of-association-tea.patch
- nvme-fc: convert assoc_active flag to bit op (bsc#1187076).
  Refreshed:
  - patches.suse/nvme-fc-clear-q_live-at-beginning-of-association-tea.patch
- nvme-fc: fix double-free scenarios on hw queues (bsc#1187076).
- commit ccba174
- cifs: constify get_normalized_path() properly (bsc#1185902).
- commit 7d12947
- cifs: don't cargo-cult strndup() (bsc#1185902).
- commit d22c90a
  (CVE-2020-4788 bsc#1177666 git-fixes).
- powerpc/64s: Fix crashes when toggling entry flush barrier
- commit 3917f8f
- powerpc/64s: Fix crashes when toggling stf barrier (CVE-2018-3639 bsc#1087082 git-fixes).
- commit 2a6a70d
- Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
- commit f037781
- objtool: Don't fail on missing symbol table (bsc#1192379).
- commit e7ec5af
- net_sched: cls_route: remove the right filter from hashtable
  (networking-stable-20_03_28).
- commit a96d7a8
less
- Add missing runtime dependency on which, which is used by lessopen.sh.
  Fix bsc#1190552.
libgcrypt
- FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480]
  * gcry_mpi_sub_ui: fix subtracting from negative value
  * Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
libnettle
- Update to version 3.1: (jsc#SLE-23330)
  * SONAME bumps libnettle5, libhogweed3
  * Rebased patches:
  - CVE-2015-8805.patch
  - libnettle-CVE-2021-20305.patch
  - libnettle-CVE-2021-3580.patch
  - nettle-CVE-2016-6489.patch
libpwquality
- Replace %make_build with "/make -O %{?_smp_mflags}"/ for pre-SLE15
  builds.
  [jsc#SLE-22490, libpwquality.spec]
- update to 1.4.4
  * e11f2bd Fix regression with enabling cracklib check
  * 02e6728 Use make macros in rpm spec file
  * xxxxxxx Translated using Weblate (Polish, Turkish, Ukrainian)
- update to 1.4.3
  * 1213d33 Update translation files
  * a951fbe Add --disable-cracklib-check configure parameter
  * 6a8845b fixup static compilation
  * 92c6066 python: Add missing getters/setters for newly added settings
  * bfef79d Add usersubstr check
  * 09a2e65 pam_pwquality: Add debug message for the local_users_only option
  * a6f7705 Fix some gcc warnings
  * 8c8a260 pwmake: Properly validate the bits parameter.
  * 7be4797 we use Fedora Weblate now
  * xxxxxxx Translated using Weblate (Azerbaijani, Bulgarian,
    Chinese (Simplified), Czech, French, Friulian, Hungarian, Italian,
    Japanese, Norwegian Bokmål, Persian, Russian, Spanish, Turkish)
- update to 1.4.2:
  * Fix regression in handling retry, enforce_for_root, and
    local_users_only options introduced with the previous
    release.
- Register with pam-config in %post(un)
- Add baselibs.conf
- Update to version 1.4.1:
  + Minor bugfix update of the library.
- Drop libpwquality-pythons.patch: Fixed upstream. Following this,
  drop autoconf, automake and libtool BuildRequires and autoreconf
  call.
- Use modern macros.
- Do not recommend lang package. The lang package already has a
  supplements.
- Modernize spec-file by calling spec-cleaner
- Update RPM groups and summaries.
- Switch url to https://github.com/libpwquality/libpwquality/
- Update to release 1.4.0:
  * Fix possible buffer overflow with data from /dev/urandom
    in pwquality_generate().
  * Do not try to check presence of too short username in password.
    (thanks to Nikos Mavrogiannopoulos)
  * Make the user name check optional (via usercheck option).
  * Add an 'enforcing' option to make the checks to be warning-only
    in PAM.
  * The difok = 0 setting will disable all old password similarity
    checks except new and old passwords being identical.
  * Updated translations from Zanata.
- Add patch libpwquality-pythons.patch to avoid duping pythondir
- Make python3 default and enable py2 only when needed
- Build python3 version of bindings as well
libqb
- Add libqb-fix-linker-hack.patch to fix incomplete check for
  needing a work-around, which is wrong for newer binutils. (bsc#1192470)
  Related to [bsc#1075418].
- log: callsite symbols of main object are also handled in initializer (bsc#1075418)
  * bsc#1075418-libqb-log_register_one.patch
- IPC: server: avoid temporary channel priority loss, up to deadlock-worth (gh#ClusterLabs/libqb#352, rh#1718773, bsc#1188212)
  * bsc#1188212-0001-IPC-server-avoid-temporary-channel-priority-loss-up-.patch
libsolv
- Turn on rich dependency handling needed for ptf support
  [jsc#SLE-17973] [jsc#SLE-17974] [bnc#1190530]
- bump version to 0.6.38
libvirt
- CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults
  23b51d7b-libxl-disable-death-event.patch,
  a4e6fba0-libxl-rename-threadinfo-struct.patch,
  b9a5faea-libxl-handle-death-thread.patch,
  5c5df531-libxl-search-domid-in-thread.patch,
  a7a03324-libxl-protect-logger-access.patch
  bsc#1191668, bsc#1192017, bsc#1193981, bsc#1194041
- CVE-2021-3975: Add missing lock in qemuProcessHandleMonitorEOF
  1ac703a7-CVE-2021-3975.patch
  bsc#1192876
- Add upstream debug patch to the libxl driver to aid in future
  debugging
  27e1779f-libxl-debug.patch
- Include collection of active VM config files in the
  supportconfig plugin
- libxl: Fix driver reload
  65fab900-libxl-fix-driver-reload.patch,
  51eb680b-libxl-dont-autostart-on-reload.patch
  bsc#1190420
- CVE-2021-3667: storage_driver: Unlock object on ACL fail in
  storagePoolLookupByTargetPath
  447f69de-CVE-2021-3667.patch
  bsc#1188843
- resolve hangs/crashes on libvirtd shutdown
  c5bf40bf-add-driver-shutdown-helpers.patch,
  018e213f-always-init-prio-cond.patch,
  255437ee-add-threadpool-funcs.patch,
  1eae52b9-rpc-fix-double-unref.patch,
  0f38dedd-add-virNetDaemonSetShutdownCallbacks.patch,
  b776dfa8-add-shutdown-facility-netserver.patch,
  94e45d10-rpc-finish-threads.patch
  bsc#1182783
- libxl: Add support for 'e820_host' settings
  b7d6648d-conf-add-e820-host.patch,
  5749395b-libxl-e820-host.patch,
  f3ef7daf-xenconfig-e820-host.patch,
  34077c1b-tests-check-e820-host.patch
  bsc#1185081
- qemu: Normalize MAC address in device conf on netdev hotplug
  6c17606b-qemu-normalize-mac-addr.patch
  bsc#1184772
libvpx
- backport fix for  out-of-bounds read on truncated key frames
    CVE-2020-0034.patch bsc#1166066
libzypp
- Rephrase vendor conflict message in case 2 packages are
  involved (bsc#1187760)
  This covers the case where not the packages itself would change
  its vendor, but replaces a package from a different vendor.
- RepoManager: Don't probe for plaindir repo if URL schema is
  plugin: (bsc#1191286)
- version 16.22.3 (0)
- BuildRequires:  libsolv-devel >= 0.6.38
  Must rebuild all caches to make sure rich dependency handling is
  turned on. Needed for PTF support. (jsc#SLE-17974, bsc#1190530)
- version 16.22.2 (0)
- Fix solver jobs for PTFs (bsc#1186503)
- version 16.22.1 (0)
- Add support for PTFs (jsc#SLE-17974)
- version 16.22.0 (0)
- Patch: Identify well-known category names (bsc#1179847)
  This allows to use the RH and SUSE patch categrory names synonymously:
  (recommendedi = bugfix) and (optional = feature = enhancement).
- version 16.21.5 (0)
lifecycle-data-sle-live-patching
- Added data for 4_12_14-122_103, 4_12_14-122_98, 4_12_14-95_83,
  4_4_180-94_150. (bsc#1020320)
- Added data for 4_12_14-122_88, 4_12_14-122_91. (bsc#1020320)
- Added data for 4_12_14-122_77, 4_12_14-122_80, 4_12_14-122_83,
  4_12_14-95_80, 4_4_180-94_147. (bsc#1020320)
lvm2
- Update to LVM2.2.02.188 (bsc#1188202)
  * ** WHATS_NEW from 2.02.181 to 2.02.188 ***
  Version 2.02.188 - 07th May 2021
  ================================
    Fix problem with unbound variable usage within fsadm.
    Avoid removing LVs on error path of lvconvert during creation volumes.
    Fix crashing lvdisplay when thin volume was waiting for merge.
    Support option --errorwhenfull when converting volume to thin-pool.
    Improve thin-performance profile support conversion to thin-pool.
    Support resize of cached volumes.
    Allocation prints better error when metadata cannot fit on a single PV.
    Pvmove can better resolve full thin-pool tree move.
    Limit pool metadata spare to 16GiB.
    Improves convertsion and allocation of pool metadata.
    Support thin pool metadata 15.88GiB, adds 64MiB, thin_pool_crop_metadata=0.
    Enhance lvdisplay to report raid availiable/partial.
    Enhance error handling for fsadm and hanled correct fsck result.
    Stop logging rename errors from persintent filter.
    Dmeventd lvm plugin ignores higher reserved_stack lvm.conf values.
    Support using BLKZEROOUT for clearing devices.
    Support interruption when wipping LVs.
    Add configure --enable-editline support as an alternative to readline.
    Zero pool metadata on allocation (disable with allocation/zero_metadata=0).
    Failure in zeroing or wiping will fail command (bypass with -Zn, -Wn).
    Fix support for lvconvert --repair used by foreign apps (i.e. Docker).
    Support interruption for bcache waiting.
    Fix bcache when device has too many failing writes.
    Fix bcache waiting for IO completion with failing disks.
    Configure use own python path name order to prefer using python3.
    Enhance reporting and error handling when creating thin volumes.
    Use revert_lv() on reload error path after vg_revert().
    Improve estimation of needed extents when creating thin-pool.
    Use extra 1% when resizing thin-pool metadata LV with --use-policy.
    Enhance --use-policy percentage rounding.
    Switch code base to use flexible array syntax.
    Preserve uint32_t for seqno handling.
    Switch from mmap to plain read when loading regular files.
    Fix running out of free buffers for async writing for larger writes.
    Fix conversion to raid from striped lagging type.
    Fix conversion to 'mirrored' mirror log with larger regionsize.
    Fix support for lvconvert --repair used by foreign apps (i.e. Docker).
  Version 2.02.187 - 24th March 2020
  ==================================
    Avoid running cache input arg validation when creating vdo pool.
    Prevent raid reshaping of stacked volumes.
    Ensure minimum required region size on striped RaidLV creation.
    Fix resize of thin-pool with data and metadata of different segtype.
    Fix splitting mirror leg in cluster.
    Fix activation order when removing merged snapshot.
    Add support for DM_DEVICE_GET_TARGET_VERSION into device_mapper.
    Add lvextend-raid.sh to check on RaidLV extensions synchronization.
    Fix lvmetad shutdown and avoid lenghty timeouts when rebooting system.
    Prevent creating VGs with PVs with different logical block sizes.
    Pvmove runs in exlusively activating mode for exclusively active LVs.
    Activate thin-pool layered volume as 'read-only' device.
    Ignore crypto devices with UUID signature CRYPT-SUBDEV.
    Enhance validation for thin and cache pool conversion and swapping.
    Fixed activation on boot - lvm2 no longer activates incomplete VGs.
  Version 2.02.186 - 27th August 2019
  ===================================
    Improve internal removal of cached devices.
    Synchronize with udev when dropping snapshot.
    Add missing device synchronization point before removing pvmove node.
    Correctly set read_ahead for LVs when pvmove is finished.
    Fix metadata writes from corrupting with large physical block size.
    Report no_discard_passdown for cache LVs with lvs -o+kernel_discards.
    Prevent shared active mirror LVs with lvmlockd.
  Version 2.02.185 - 13th May 2019
  ================================
    Fix change of monitoring in clustered volumes.
    Improve -lXXX%VG modifier which improves cache segment estimation.
    Add synchronization with udev before removing cached devices.
    Fix missing growth of _pmspare volume when extending _tmeta volume.
    Automatically grow thin metadata, when thin data gets too big.
    Add support for vgsplit with cached devices.
    Fix signal delivery checking race in libdaemon (lvmetad).
    Add missing Before=shutdown.target to LVM2 services to fix shutdown ordering.
  Version 2.02.184 - 22nd March 2019
  ==================================
    Fix (de)activation of RaidLVs with visible SubLVs
    Change scan_lvs default to 0 so LVs are not scanned for PVs.
    Add scan_lvs config setting to control if lvm scans LVs for PVs.
    Fix missing proper initialization of pv_list struct when adding pv.
  Version 2.02.183 - 07th December 2018
  =====================================
    Avoid disabling lvmetad when repair does nothing.
    Fix component detection for md version 0.90.
    Use sync io if async io_setup fails, or use_aio=0 is set in config.
    Avoid opening devices to get block size by using existing open fd.
  Version 2.02.182 - 30th October 2018
  ====================================
    Fix possible write race between last metadata block and the first extent.
    Fix filtering of md 1.0 devices so they are not seen as duplicate PVs.
    Fix lvconvert striped/raid0/raid0_meta -> raid6 regression.
    Add After=rbdmap.service to {lvm2-activation-net,blk-availability}.service.
    Fix pvs with lvmetad to avoid too many open files from filter reads.
    Fix pvscan --cache to avoid too many open files from filter reads.
    Reduce max concurrent aios to avoid EMFILE with many devices.
    Fix lvconvert conversion attempts to linear.
    Fix lvconvert raid0/raid0_meta -> striped regression.
    Fix lvconvert --splitmirror for mirror type (2.02.178).
    Do not pair cache policy and cache metadata format.
    Fix mirrors honoring read_only_volume_list.
  Version 2.02.181 - 01 August 2018
  =================================
    Reject conversions on raid1 LVs with split tracked SubLVs.
    Reject conversions on raid1 split tracked SubLVs.
    Fix dmstats list failing when no regions exist.
    Reject conversions of LVs under snapshot.
    Limit suggested options on incorrect option for lvconvert subcommand.
  * ** WHATS_NEW_DM from 1.02.150 to 1.02.172 ***
  Version 1.02.172 - 07th May 2021
  ================================
    Add dm_tree_node_add_thin_pool_target_v1 with crop_metadata support.
    Add support for VDO in blkdeactivate script.
    Try to remove all created devices on dm preload tree error path.
    Fix dm_list interators with gcc 10 optimization (-ftree-pta).
    Dmeventd handles timer without looping on short intervals.
  Version 1.02.170 - 24th March 2020
  ==================================
    Add support for DM_DEVICE_GET_TARGET_VERSION.
  Version 1.02.164 - 27th August 2019
  ===================================
    Add debug of dmsetup udevcomplete with hexa print DM_COOKIE_COMPLETED.
    Fix versioning of dm_stats_create_region and dm_stats_create_region.
    Parsing of cache status understand no_discard_passdown.
  Version 1.02.158 - 13th May 2019
  ================================
  Version 1.02.156 - 22nd March 2019
  ==================================
    Ensure migration_threshold for cache is at least 8 chunks.
    Enhance ioctl flattening and add parameters only when needed.
    Add DM_DEVICE_ARM_POLL for API completness matching kernel.
  Version 1.02.154 - 07th December 2018
  =====================================
    Do not add parameters for RESUME with DM_DEVICE_CREATE dm task.
    Fix dmstats report printing no output.
  Version 1.02.152 - 30th October 2018
  ====================================
    Add hot fix to avoiding locking collision when monitoring thin-pools.
  Version 1.02.150 - 01 August 2018
  =================================
    Add vdo plugin for monitoring VDO devices.
- Drop patches that have been merged into upstream
  - bug-1164718_01-vgcreate-close-exclusive-fd-after-pvcreate.patch
  - bug-1158358_bcache-reduce-MAX_IO-to-256.patch
  - bug-1145231_lvmetad-improve-scan-for-pvscan-all.patch
  - bug-1173503_lvmetad-fix-pvs-for-many-devices.patch
  - bug-1145231_scan-use-full-md-filter-when-md-1.0-devices-are-pres.patch
  - bug-1145231_scan-enable-full-md-filter-when-md-1.0-devices-are-p.patch
  - bug-1114113_metadata-prevent-writing-beyond-metadata-area.patch
  - bug-1164718_02-io-use-sync-io-if-aio-fails.patch
  - bug-1164718_03-bcache-sync-io-fixes.patch
  - bug-1164718_04-lvconvert-restrict-command-matching-for-no-option-va.patch
  - bug-1145231_scan-md-metadata-version-0.90-is-at-the-end-of-disk.patch
  - bug-1145231_pvscan-lvmetad-use-full-md-filter-when-md-1.0-device.patch
  - bug-1145231_pvscan-lvmetad-use-udev-info-to-improve-md-component.patch
  - bug-1164718_05-lvmetad-only-disable-if-repair-will-do-something.patch
  - bug-1164718_06-lvmetad-fix-disabling-in-previous-commit.patch
  - bug-1164718_07-filter-add-config-setting-to-skip-scanning-LVs.patch
  - bug-1164718_08-pvscan-lvmetad-init-should-set-updating-before-scann.patch
  - bug-1164718_09-config-change-scan_lvs-default-to-0.patch
  - bug-1145231_apply-obtain_device_list_from_udev-to-all-libudev-us.patch
  - bug-1123327_pvscan.service.in-Move-StartLimitInterval-to-Service.patch
  - bug-1164718_10-config-add-new-setting-io_memory_size.patch
  - bug-1164718_11-io-warn-when-metadata-size-approaches-io-memory-size.patch
  - bug-1164718_12-io-increase-the-default-io-memory-from-4-to-8-MiB.patch
  - bug-1164718_13-bcache-Fix-memory-leak.patch
  - bug-1155668_systemd-add-missing-Before-shutdown.target-to-LVM2.patch
  - bug-1172597_1-libdaemon-use-pselect-to-avoid-condition-checking-ra.patch
  - bug-1172597_2-cleanup-missed-string-specifier.patch
  - bug-1122666_devices-drop-open-error-message.patch
  - bug-1172597_3-libdaemon-ensure-threads-are-reaped-before-checking-.patch
  - bug-1135984_cache-support-no_discard_passdown.patch
  - bug-1164718_14-lvmcache-remove-unused_duplicate_devs-list-from-cmd.patch
  - bug-1164718_15-cov-release-iterator-on-error-path.patch
  - bug-1164718_16-cov-check-lv_info.patch
  - bug-1172597_4-cov-check-for-socket_path-being-set.patch
  - bug-1164718_17-cov-add-stack-tracing-for-error-paths.patch
  - bug-1164718_18-cov-validate-pagesize-is-not-negative.patch
  - bug-1164718_19-cov-remove-unused-headers.patch
  - bug-1137296_pvremove-vgextend-fix-using-device-aliases-with-lvmetad.patch
  - bug-1164718_20-cov-check-result-of-dev_get_block_size.patch
  - bug-1164718_21-gcc-clean-uninitialized-var-warning.patch
  - bug-1164718_22-cov-release-iterator-on-error-path.patch
  - bug-1164718_23-Fix-rounding-writes-up-to-sector-size.patch
  - bug-1164718_24-pvscan-avoid-redundant-activation.patch
  - bug-1164718_25-devs-check-for-no-dev-when-dropping-aliases.patch
  - bug-1164718_26-pvscan-fix-activation-of-incomplete-VGs.patch
  - bug-1175110_dmeventd-avoid-bail-out-preventing-repair-in-raid-pl.patch
  - bug-1164718_27-lvmetad-fix-sync-cache-to-lvmetad.patch
  - bug-1172597_5-lvmetad-fix-timeout-on-shutdown.patch
  - bug-1164718_28-lvmcache-free-resource-on-error-path.patch
  - bug-1149408_01-vgcreate-vgextend-restrict-PVs-with-mixed-block-size.patch
  - bug-1149408_02-tests-allow-mixed-block-sizes.patch
  - bug-1149408_03-tests-allow-mixed-block-sizes-skip-with-older-losetu.patch
  - bug-1149408_04-config-allow_mixed_block_sizes-set-default-to-1.patch
  - bug-1149408_05-config-allow_mixed_block_sizes-set-version-2.02.187.patch
  - bug-1172597_6-cov-missing-checks-of-syscalls.patch
  - bug-1172597_7-daemon-better-error-path-handling-for-shutdown.patch
  - bug-1172597_8-daemons-check-for-non-zero-thread_id.patch
  - bug-1150021_01-fix-dev_unset_last_byte-after-write-error.patch
  - bug-1150021_02-radix-tree-Bring-radix-tree-up-to-date-with-the-mast.patch
  - bug-1150021_03-cov-Fix-a-leak.patch
  - bug-1150021_04-bcache-Bring-bcache-into-sync-with-master-branch.patch
  - bug-1150021_05-bcache-add-bcache_abort.patch
  - bug-1150021_06-label-Use-bcache_abort_fd-to-ensure-blocks-are-no-lo.patch
  - bug-1150021_07-bcache-add-unit-test.patch
  - bug-1150021_08-bcache-pass-up-the-error-from-io_submit-rather-than.patch
  - bug-1150021_09-bcache-reverse-earlier-patch.patch
  - bug-1150021_10-bcache-bcache_invalidate_fd-only-remove-prefixes-on.patch
  - bug-1150021_11-radix-tree-Add-missing-test-case.patch
  - bug-1150021_12-base-Get-Makefile-from-master.patch
  - bug-1164126_lvmetad-fix-heap-memory-leak.patch
  - bug-1150021_13-Fix-rounding-writes-up-to-sector-size.patch
  - bug-1150021_14-bcache-Fix-memory-leak-in-error-path.patch
  - bug-1179326_pvmove-correcting-read_ahead-setting.patch
  - bug-1183905_lvconvert-allow-stripes-stripesize-in-mirror-convers.patch
  - bug-1043040_test-fix-read-ahead-issues-in-test-scripts.patch
- Update patch
  - bug-998893_make_pvscan_service_after_multipathd.patch
  - fate-31841_fsadm-add-support-for-btrfs.patch
- lvm.conf, only list important changings
  - change indent from space to TAB
  - make it closely to upstream settings
  - [value change] global/cache_check_executable: "/autodetect"/ to "//usr/sbin/cache_check"/
  - [value change] global/cache_dump_executable = "/autodetect"/ to "//usr/sbin/cache_dump"/
  - [value change] global/cache_repair_executable: "/autodetect"/ to "//usr/sbin/cache_repair"/
  - [value change] global/cache_check_options: [ "/-q"/ ] to [ "/-q"/, "/--clear-needs-check-flag"/ ]
  - [value change] dmeventd/executable: "/"/ to "//usr/sbin/dmeventd"/
  - [item add] devices/scan_lvs = 0.
  - [item add] allocation/thin_pool_crop_metadata = 0
  - [item add] allocation/zero_metadata = 1
  - [item add] global/fsadm_executable = "//usr/sbin/fsadm"/
  - [item add] global/io_memory_size = 8192
  - [item add] log/debug_classes: add "/io"/
  - [item add] dmeventd/raid_library = "/libdevmapper-event-lvm2raid.so"/
  - [item add] add section tags
  - [no support] global/fallback_to_lvm1
  - [no support] global/format
  - [no support] detect_internal_vg_cache_corruption = 0
- lvm2.spec
  - enable clvmd feature "/singlenode"/ to allow running tests
mdadm
- Incremental: Remove redundant spare movement logic
  (bsc#1190376)
  0036-Incremental-Remove-redundant-spare-movement-logic.patch
- Remove Spare drives line from details for external metadata
  (bsc#1180661, bsc#1182642)
  0034-Remove-Spare-drives-line-from-details-for-external-m.patch
- Don't associate spares with other arrays during RAID Examine
  (bsc#1180661, bsc#1182642)
  0035-Don-t-associate-spares-with-other-arrays-during-RAID.patch
- Grow: be careful of corrupt dev_roles list (bsc#1181619)
  0033-Grow-be-careful-of-corrupt-dev_roles-list.patch
mozilla-nspr
- update to version 4.32:
  * implement new socket option PR_SockOpt_DontFrag
  * support larger DNS records by increasing the default buffer
    size for DNS queries
- update to version 4.31:
  * Lock access to PRCallOnceType members in PR_CallOnce* for
    thread safety bmo#1686138
- update to version 4.30
  * support longer thread names on macOS
  * fix a build failure on OpenBSD
- update to version 4.29
  * Remove macOS Code Fragment Manager support code
  * Remove XP_MACOSX and OS_TARGET=MacOSX
  * Refresh config.guess and config.sub
  * Remove NSPR's patch to config.sub
  * Add support for e2k target (64-bit Elbrus 2000)
- update to version 4.28
  * Fix a compiler warning
  * Add rule for cross-compiling with cygwin
- update to version 4.27
  * the macOS platform code for shared library loading was
    changed to support macOS 11.
    If the absolute path parameter given to PR_LoadLibrary
    begins with either /System/ or /usr/lib/ then no test is
    performed if the library exists at a file.
  * An include statement for a Windows system library header
    was added
- update to version 4.26
  * PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get
    information about the operating system build version.
  * Better support parallel building on Windows.
  * The internal release automatic script requires python 3.
mozilla-nss
- Mozilla NSS 3.68.2 (bsc#1193845)
  * mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses
    (bmo#966856)
- Mozilla NSS 3.68.1
  MFSA 2021-51 (bsc#1193170)
  * CVE-2021-43527 (bmo#1737470)
    Memory corruption via DER-encoded DSA and RSA-PSS signatures
- Remove now obsolete patch nss-bsc1193170.patch
- Add patch to fix CVE-2021-43527 (bsc#1193170):
  nss-bsc1193170.patch
- Removed nss-fips-kdf-self-tests.patch.  This was made
  obsolete by upstream changes. (bmo#1660304)
- Rebase nss-fips-stricter-dh.patch needed due to upstream changes.
- Update nss-fips-constructor-self-tests.patch to fix crashes
  reported by upstream. This was likely affecting WebRTC calls.
- update to NSS 3.68
  * bmo#1713562 - Fix test leak.
  * bmo#1717452 - NSS 3.68 should depend on NSPR 4.32.
  * bmo#1693206 - Implement PKCS8 export of ECDSA keys.
  * bmo#1712883 - DTLS 1.3 draft-43.
  * bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
  * bmo#1713562 - Validate ECH public names.
  * bmo#1717610 - Add function to get seconds from epoch from pkix::Time.
- update to NSS 3.67
  * bmo#1683710 - Add a means to disable ALPN.
  * bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66).
  * bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja.
  * bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c.
  * bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte.
- update to NSS 3.66
  * bmo#1710716 - Remove Expired Sonera Class2 CA from NSS.
  * bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority.
  * bmo#1708307 - Remove Trustis FPS Root CA from NSS.
  * bmo#1707097 - Add Certum Trusted Root CA to NSS.
  * bmo#1707097 - Add Certum EC-384 CA to NSS.
  * bmo#1703942 - Add ANF Secure Server Root CA to NSS.
  * bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS.
  * bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database.
  * bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler.
  * bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h.
  * bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators.
  * bmo#1709291 - Add VerifyCodeSigningCertificateChain.
  * Use GNU tar for the release helper script.
- update to NSS 3.65
  * bmo#1709654 - Update for NetBSD configuration.
  * bmo#1709750 - Disable HPKE test when fuzzing.
  * bmo#1566124 - Optimize AES-GCM for ppc64le.
  * bmo#1699021 - Add AES-256-GCM to HPKE.
  * bmo#1698419 - ECH -10 updates.
  * bmo#1692930 - Update HPKE to final version.
  * bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
  * bmo#1703936 - New coverity/cpp scanner errors.
  * bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
  * bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
  * bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.
- refreshed patches
- Firefox 90.0 requires NSS 3.66
- update to NSS 3.64
  * bmo#1705286 - Properly detect mips64.
  * bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and
    disable_crypto_vsx.
  * bmo#1698320 - replace __builtin_cpu_supports("/vsx"/) with
    ppc_crypto_support() for clang.
  * bmo#1613235 - Add POWER ChaCha20 stream cipher vector
    acceleration.
- update to NSS 3.63.1
  * no upstream release notes for 3.63.1 (yet)
  Fixed in 3.63
  * bmo#1697380 - Make a clang-format run on top of helpful contributions.
  * bmo#1683520 - ECCKiila P384, change syntax of nested structs
    initialization to prevent build isses with GCC 4.8.
  * bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual
    scalar multiplication.
  * bmo#1683520 - ECCKiila P521, change syntax of nested structs
    initialization to prevent build isses with GCC 4.8.
  * bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual
    scalar multiplication.
  * bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683.
  * bmo#1694214 - tstclnt can't enable middlebox compat mode.
  * bmo#1694392 - NSS does not work with PKCS #11 modules not supporting
    profiles.
  * bmo#1685880 - Minor fix to prevent unused variable on early return.
  * bmo#1685880 - Fix for the gcc compiler version 7 to support setenv
    with nss build.
  * bmo#1693217 - Increase nssckbi.h version number for March 2021 batch
    of root CA changes, CA list version 2.48.
  * bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's
    'Chambers of Commerce' and 'Global Chambersign' roots.
  * bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER.
  * bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS.
  * bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS.
  * bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs
    from NSS.
  * bmo#1687822 - Turn off Websites trust bit for the “Staat der
    Nederlanden Root CA - G3” root cert in NSS.
  * bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce
    Root - 2008' and 'Global Chambersign Root - 2008’.
  * bmo#1694291 - Tracing fixes for ECH.
- required for Firefox 88
- update to NSS 3.62
  * bmo#1688374 - Fix parallel build NSS-3.61 with make
  * bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add()
    can corrupt "/cachedCertTable"/
  * bmo#1690583 - Fix CH padding extension size calculation
  * bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail
  * bmo#1690421 - Install packaged libabigail in docker-builds image
  * bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing
  * bmo#1674819 - Fixup a51fae403328, enum type may be signed
  * bmo#1681585 - Add ECH support to selfserv
  * bmo#1681585 - Update ECH to Draft-09
  * bmo#1678398 - Add Export/Import functions for HPKE context
  * bmo#1678398 - Update HPKE to draft-07
- required for Firefox 87
- Add nss-btrfs-sqlite.patch to address bmo#1690232
- update to NSS 3.61
  * required for Firefox 86
  * bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key
    values under certain conditions.
  * bmo#1684300 - Fix default PBE iteration count when NSS is compiled
    with NSS_DISABLE_DBM.
  * bmo#1651411 - Improve constant-timeness in RSA operations.
  * bmo#1677207 - Upgrade Google Test version to latest release.
  * bmo#1654332 - Add aarch64-make target to nss-try.
- update to NSS 3.60.1
  Notable changes in NSS 3.60:
  * TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support
    has been added, replacing the previous ESNI (draft-ietf-tls-esni-01)
    implementation. See bmo#1654332 for more information.
  * December 2020 batch of Root CA changes, builtins library updated
    to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769
    for more information.
- removed obsolete ppc-old-abi-v3.patch
- update to NSS 3.59.1
  * bmo#1679290 - Fix potential deadlock with certain third-party
    PKCS11 modules
- update to NSS 3.59
  Notable changes
  * Exported two existing functions from libnss:
    CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData
  Bugfixes
  * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race
  * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
  * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent
  * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy
  * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed
    root certs when SHA1 signatures are disabled.
  * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to
    solve some test intermittents
  * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in
    our CVE-2020-25648 fix that broke purple-discord
    (boo#1179382)
  * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP
  * bmo#1667989 - Fix gyp linking on Solaris
  * bmo#1668123 - Export CERT_AddCertToListHeadWithData and
    CERT_AddCertToListTailWithData from libnss
  * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
  * bmo#1663091 - Remove unnecessary assertions in the streaming
    ASN.1 decoder that affected decoding certain PKCS8
    private keys when using NSS debug builds
  * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS.
- update to NSS 3.58
  Bugs fixed:
  * bmo#1641480 (CVE-2020-25648)
    Tighten CCS handling for middlebox compatibility mode.
  * bmo#1631890 - Add support for Hybrid Public Key Encryption
    (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello
    (draft-ietf-tls-esni).
  * bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto
    extensions.
  * bmo#1668328 - Handle spaces in the Python path name when using
    gyp on Windows.
  * bmo#1667153 - Add PK11_ImportDataKey for data object import.
  * bmo#1665715 - Pass the embedded SCT list extension (if present)
    to TrustDomain::CheckRevocation instead of the notBefore value.
- install libraries in %{_libdir} (boo#1029961)
- Fix build with RPM 4.16: error: bare words are no longer
  supported, please use "/..."/:  lib64 == lib64.
- update to NSS 3.57
  * The following CA certificates were Added:
    bmo#1663049 - CN=Trustwave Global Certification Authority
    SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8
    bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority
    SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4
    bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority
    SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
  * The following CA certificates were Removed:
    bmo#1651211 - CN=EE Certification Centre Root CA
    SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76
    bmo#1656077 - O=Government Root Certification Authority; C=TW
    SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
  * Trust settings for the following CA certificates were Modified:
    bmo#1653092 - CN=OISTE WISeKey Global Root GA CA
    Websites (server authentication) trust bit removed.
  * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes
- requires NSPR 4.29
- removed obsolete nss-freebl-fix-aarch64.patch (bmo#1659256)
- introduced _constraints due to high memory requirements especially
  for LTO on Tumbleweed
- Add patch to fix build on aarch64 - boo#1176934:
  * nss-freebl-fix-aarch64.patch
- Update nss-fips-approved-crypto-non-ec.patch to match RC2 code
  being moved to deprecated/.
- Remove nss-fix-dh-pkcs-derive-inverted-logic.patch. This was made
  obsolete by upstream changes.
- Modifications for NIST SP 800-56Ar3 compliance. This adds checks
  and restricts Diffie-Hellman parameters in FIPS mode
  (bsc#1176173).
  New patches:
  * nss-fips-stricter-dh.patch
  * nss-fips-kdf-self-tests.patch
- update to NSS 3.56
  Notable changes
  * bmo#1650702 - Support SHA-1 HW acceleration on ARMv8
  * bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS.
  * bmo#1654142 - Add CPU feature detection for Intel SHA extension.
  * bmo#1648822 - Add stricter validation of DH keys in FIPS mode.
  * bmo#1656986 - Properly detect arm64 during GYP build architecture
    detection.
  * bmo#1652729 - Add build flag to disable RC2 and relocate to
    lib/freebl/deprecated.
  * bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay.
  * bmo#1588941 - Send empty certificate message when scheme selection
    fails.
  * bmo#1652032 - Fix failure to build in Windows arm64 makefile
    cross-compilation.
  * bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent.
  * bmo#1653975 - Fix 3.53 regression by setting "/all"/ as the default
    makefile target.
  * bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert.
  * bmo#1659814 - Fix interop.sh failures with newer tls-interop
    commit and dependencies.
  * bmo#1656519 - NSPR dependency updated to 4.28
- do not hard require mozilla-nss-certs-32bit via baselibs
  (boo#1176206)
- update to NSS 3.55
  Notable changes
  * P384 and P521 elliptic curve implementations are replaced with
    verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
  * PK11_FindCertInSlot is added. With this function, a given slot
    can be queried with a DER-Encoded certificate, providing performance
    and usability improvements over other mechanisms. (bmo#1649633)
  * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)
  Relevant Bugfixes
  * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and
    P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
  * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
  * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
  * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part
    ChaCha20 (which was not functioning correctly) and more strictly
    enforce tag length.
  * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
  * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
  * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
  * bmo#1653202 - Fix initialization bug in blapitest when compiled
    with NSS_DISABLE_DEPRECATED_SEED.
  * bmo#1646594 - Fix AVX2 detection in makefile builds.
  * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot
    for a DER-encoded certificate.
  * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
  * bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
  * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
  * bmo#1649226 - Add Wycheproof ECDSA tests.
  * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
  * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in
    RSA_CheckSignRecover.
  * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the
    signature_algorithms extension.
    nss-fips-constructor-self-tests.patch
- update to NSS 3.54
  Notable changes
  * Support for TLS 1.3 external pre-shared keys (bmo#1603042).
  * Use ARM Cryptography Extension for SHA256, when available
    (bmo#1528113)
  * The following CA certificates were Added:
    bmo#1645186 - certSIGN Root CA G2.
    bmo#1645174 - e-Szigno Root CA 2017.
    bmo#1641716 - Microsoft ECC Root Certificate Authority 2017.
    bmo#1641716 - Microsoft RSA Root Certificate Authority 2017.
  * The following CA certificates were Removed:
    bmo#1645199 - AddTrust Class 1 CA Root.
    bmo#1645199 - AddTrust External CA Root.
    bmo#1641718 - LuxTrust Global Root 2.
    bmo#1639987 - Staat der Nederlanden Root CA - G2.
    bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4.
    bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4.
    bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3.
  * A number of certificates had their Email trust bit disabled.
    See bmo#1618402 for a complete list.
  Bugs fixed
  * bmo#1528113 - Use ARM Cryptography Extension for SHA256.
  * bmo#1603042 - Add TLS 1.3 external PSK support.
  * bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows.
  * bmo#1645186 - Add "/certSIGN Root CA G2"/ root certificate.
  * bmo#1645174 - Add Microsec's "/e-Szigno Root CA 2017"/ root certificate.
  * bmo#1641716 - Add Microsoft's non-EV root certificates.
  * bmo1621151 - Disable email trust bit for "/O=Government
    Root Certification Authority; C=TW"/ root.
  * bmo#1645199 - Remove AddTrust root certificates.
  * bmo#1641718 - Remove "/LuxTrust Global Root 2"/ root certificate.
  * bmo#1639987 - Remove "/Staat der Nederlanden Root CA - G2"/ root
    certificate.
  * bmo#1618402 - Remove Symantec root certificates and disable email trust
    bit.
  * bmo#1640516 - NSS 3.54 should depend on NSPR 4.26.
  * bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c.
  * bmo#1642153 - Fix infinite recursion building NSS.
  * bmo#1642638 - Fix fuzzing assertion crash.
  * bmo#1642871 - Enable SSL_SendSessionTicket after resumption.
  * bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs.
  * bmo#1643557 - Fix numerous compile warnings in NSS.
  * bmo#1644774 - SSL gtests to use ClearServerCache when resetting
    self-encrypt keys.
  * bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c.
  * bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding.
ncurses
- Add patch bsc1190793-63ca9e06.patch to fix bsc#1190793 for
  CVE-2021-39537: ncurses: heap-based buffer overflow in
  _nc_captoinfo in captoinfo.c
net-snmp
- Fix hrStorage autofs objects timeout problems (bsc#1179699, bsc#1145864).
  Add net-snmp-5.7.3-host-mib-skip-autofs-entries.patch
  Add net-snmp-5.7.3-fix-missing-mib-hrStorage-indexes.patch
- Fix NSS mounted volumes in hrStorageDescr (bsc#1100146).
  Add net-snmp-5.7.3-recognize-nss-pools-and-nss-volumes-oes.patch
- Fix subagent crash at save_set_var() (bsc#1178021).
  Add net-snmp-5.7.3-subagent-set-response.patch
- Fix subagent data corruption (bsc#1178351, bsc#1179009).
  Add net-snmp-5.7.3-fix-subagent-data-corruption.patch
- Fix confusing status for snmpd when start fails (bsc#1184839).
  Modify rc.snmpd
- Fix output for high memTotalReal RAM values (bsc#1152968).
  Add net-snmp-5.7.3-ucd-snmp-mib-add-64-bit-mem-obj.patch
- Make extended MIB read-only (bsc#1174961, CVE-2020-15862).
  Add net-snmp-5.7.3-make-extended-mib-read-only.patch
nfs-utils
- Add 0200-mountd-Initialize-logging-early.patch
  If an error or warning message is produced before
  closeall() is called, mountd gets confused and doesn't work.
  (bsc#1194661)
- 0191-mount-don-t-bind-a-socket-needlessly.patch
  Don't bind() a non-priv socket immediately before connecting,
  as this wastes port numbers.
  (bsc#1187922)
ocfs2-tools
- Rollback when dir_index creation fails (bsc#1192103)
  + libocfs2-roll-back-when-dir_index-creation-fails.patch
- Fix mounted.ocfs2 output when some devices are not ready (bsc#1191810)
  + fixed-mounted.ocfs2-output-when-some-devices-are-Not.patch
  + update-mounted.ocfs2-mounted.c.patch
openldap2
- bsc#1193296 - Resolve double free in sssvlv overlay
  * 0223-ITS-8592-Fix-double-free-in-sssvlv-overlay.patch
openssh
- Add openssh-bsc1190975-CVE-2021-41617-authorizedkeyscommand.patch
  (bsc#1190975, CVE-2021-41617), backported from upstream by
  Ali Abdallah.
openssl-1_0_0
- bsc#1190885
  * OpenSSL: parameters by name ffdheXXXX and modp_XXXX sometimes result in "/not found"/
  * modified openssl-DH.patch
- Other OpenSSL functions that print ASN.1 data have been found to assume that
  the ASN1_STRING byte array will be NUL terminated, even though this is not
  guaranteed for strings that have been directly constructed. Where an application
  requests an ASN.1 structure to be printed, and where that ASN.1 structure
  contains ASN1_STRINGs that have been directly constructed by the application
  without NUL terminating the "/data"/ field, then a read buffer overrun can occur.
  * CVE-2021-3712 continued
  * bsc#1189521
  * Add CVE-2021-3712-other-ASN1_STRING-issues.patch
  * Sourced from openssl-CVE-2021-3712.tar.bz2 posted on bsc-1189521
    2021-08-24 00:47 PDT by Marcus Meissner
- Add safe primes to DH parameter generation
  * RFC7919 and RFC3526
  * bsc#1180995
  * Added openssl-add_rfc3526_rfc7919.patch
  * Genpkey: "/-pkeyopt dh_param:"/ can now choose modp_* (rfc3526) and
    ffdhe* (rfc7919) groups. Example:
    $ openssl genpkey -genparam -algorithm DH -pkeyopt dh_param:modp_4096
p11-kit
- Update to 0.23.2; (jsc#SLE-23330);
  * Fix forking issues with libffi
  * Fix various crashes in corner cases
  * Updated translations
  * Build fixes
- Make building more verbose
- Enable tests
- Small spec file cleanup with spec-cleaner
- Fix multiple integer overflows in rpc code (bsc#1180064
  CVE-2020-29361):
  * 0001-common-Use-reallocarray-instead-of-realloc-as-approp.patch
  * 0001-Check-for-arithmetic-overflows-before-allocating.patch
  * 0001-Follow-up-to-arithmetic-overflow-fix.patch
- Rebased patches:
  * 0001-Fix-a-typo-in-x-cetrificate-value-see-also-https-bug.patch
  * 0001-Support-loading-new-NSS-attribute-CKA_NSS_MOZILLA_CA.patch
- Drop patches fixed in the update:
  * 0001-trust-Allow-BEGIN-PUBLIC-KEY-PEM-blocks-in-.p11-kit-.patch
  * 0001-trust-allow-to-also-add-openssl-style-hashes-to-pem-d.diff
  * trust-Fix-segfaults-in-expand_homedir-when-pw_dir-NULL.patch
- Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993,
  0001-trust-Support-CKA_NSS_-SERVER-EMAIL-_DISTRUST_AFTER.patch)
- add bcond to spec file to enable debug easily
- Also build documentation (boo#1013125)
- Use %license instead of %doc [bsc#1082318]
- 32-bit compatibility fixes:
  * Add PKCS11 module to p11-kit-32bit (bsc#996047#c39)
  * Add p11-kit-nss-trust-32bit NSS module
  * Fix potential bi-arch issue with private binaries
    (fdo#98817, p11-kit-biarch.patch)
pacemaker
- controller: ensure newly joining node learns the node names of non-DCs (bsc#1180618)
  * bsc#1180618-0002-Fix-controller-ensure-newly-joining-node-learns-the-.patch
- Update to version 1.1.24+20210811.f5abda0ee:
- scheduler: add test for probe of unmanaged resource on pending node (bsc#1188653)
- scheduler: update existing tests for probe scheduling change (bsc#1188653)
  * bsc#1188653-0002-Test-scheduler-update-existing-tests-for-probe-sched.patch
- scheduler: don't schedule probes of unmanaged resources on pending nodes (bsc#1188653)
- libcrmcommon: Correctly handle case-sensitive ids of xml objects when changing a value. (bsc#1187414)
  * bsc#1187414-0001-Fix-libcrmcommon-Correctly-handle-case-sensitive-ids.patch
- controld: purge attrd attributes when the remote node is up to ensure sync with CIB (bsc#1186693)
  * bsc#1186693-clean-attrd-attributes-when-remote-node-is-up.patch
- st_client: cleanup token whenever setting api to disconnected (bsc#1181744)
- libpe_status: handle pending migrations correctly (bsc#1177212)
pam
- pam_cracklib: backported code to check whether the password contains
  a substring of of the user's name of at least <N> characters length
  in some form from SLE-15.
  This is enabled by the new parameter "/usersubstr=<N>"/
  See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4
  [jsc#SLE-21741, pam-pam_cracklib-add-usersubstr.patch]
- Added tmpfiles for pam to set up directory for pam_faillock.
  [pam.conf]
- Added pam_faillock to the set of modules.
  [jsc#sle-20638, pam-sle20638-add-pam_faillock.patch]
patterns-sles
- add newly added libopenssl-1_1-hmac for openssl 1.1. (jsc#SLE-23033)
pcre
- pcre 8.45 (the final release)
  * Fixed a small (*MARK) bug in the interpreter (Bugzilla #2771).
- pcre 8.44
  * Small patch to pcreposix.c to set the erroroffset field to -1 immediately
  after a successful compile, instead of at the start of matching to avoid a
  sanitizer complaint (regexec is supposed to be thread safe).
  * Check the size of the number after (?C as it is read, in order to avoid
  integer overflow. (bsc#1172974, CVE-2020-14155)
  * Tidy up left shifts to avoid sanitize warnings; also fix one NULL deference
  in pcretest.
- pcre 8.43
  * In a pattern such as /[^x{100}-x{ffff}]*[x80-xff]/ which has a repeated
  negative class with no characters less than 0x100 followed by a positive class
  with only characters less than 0x100, the first class was incorrectly being
  auto-possessified, causing incorrect match failures.
  * If the only branch in a conditional subpattern was anchored, the whole
  subpattern was treated as anchored, when it should not have been, since the
  assumed empty second branch cannot be anchored. Demonstrated by test patterns
  such as /(?(1)^())b/ or /(?(?=^))b/.
  * Fix subject buffer overread in JIT when UTF is disabled and X or R has
  a greater than 1 fixed quantifier. This issue was found by Yunho Kim.
  (bsc#1172973 CVE-2019-20838)
  * If a pattern started with a subroutine call that had a quantifier with a
  minimum of zero, an incorrect "/match must start with this character"/ could be
  recorded. Example: /(?&xxx)*ABC(?<xxx>XYZ)/ would (incorrectly) expect 'A' to
  be the first character of a match.
- pcre 8.42
  * If a backreference with a minimum repeat count of zero was first in a
  pattern, apart from assertions, an incorrect first matching character could be
  recorded. For example, for the pattern /(?=(a))1?b/, "/b"/ was incorrectly set
  as the first character of a match.
  * Fix out-of-bounds read for partial matching of /./ against an empty string
  when the newline type is CRLF.
  * When matching using the the REG_STARTEND feature of the POSIX API with a
  non-zero starting offset, unset capturing groups with lower numbers than a
  group that did capture something were not being correctly returned as "/unset"/
  (that is, with offset values of -1).
  * Matching the pattern /(*UTF)C[^v]+x80/ against an 8-bit string
  containing multi-code-unit characters caused bad behaviour and possibly a
  crash. This issue was fixed for other kinds of repeat in release 8.37 by change
  38, but repeating character classes were overlooked.
- pcre 8.41
  * Fix a missing else in the JIT compiler (bsc#1025709 CVE-2017-6004)
  * A (?# style comment is now ignored between a basic quantifier and a
    following '+' or '?' (example: /X+(?#comment)?Y/.
  * Avoid use of a potentially overflowing buffer in pcregrep (patch by Petr
    Pisar).
  * In the 32-bit library in non-UTF mode, an attempt to find a Unicode
  property for a character with a code point greater than 0x10ffff (the Unicode
  maximum) caused a crash. (bsc#1030807 CVE-2017-7244)
  * The alternative matching function, pcre_dfa_exec() misbehaved if it
  encountered a character class with a possessive repeat, for example [a-f]{3}+.
  (bsc#1030066 CVE-2017-7186)
  * When pcretest called pcre_copy_substring() in 32-bit mode, it set the buffer
  length incorrectly, which could result in buffer overflow.
  (bsc#1030805 CVE-2017-7245, bsc#1030803 CVE-2017-7246)
  * Fix returned offsets from regexec() when REG_STARTEND is used with a
  starting offset greater than zero.
- pcre 8.40
  * Fix register overwite in JIT when SSE2 acceleration is enabled.
  * Ignore "/show all captures"/ (/=) for DFA matching.
  * Fix JIT unaligned accesses on x86. Patch by Marc Mutz.
  * In any wide-character mode (8-bit UTF or any 16-bit or 32-bit mode),
    without PCRE_UCP set, a negative character type such as D in a positive
    class should cause all characters greater than 255 to match, whatever else
    is in the class. There was a bug that caused this not to happen if a
    Unicode property item was added to such a class, for example [DP{Nd}] or
    [WpL].
  * A pattern such as (?<RA>abc)(?(R)xyz) was incorrectly compiled such that
    the conditional was interpreted as a reference to capturing group 1 instead
    of a test for recursion. Any group whose name began with R was
    misinterpreted in this way. (The reference interpretation should only
    happen if the group's name is precisely "/R"/.)
  * A number of bugs have been mended relating to match start-up optimizations
    when the first thing in a pattern is a positive lookahead. These all
    applied only when PCRE_NO_START_OPTIMIZE was *not* set:
    (a) A pattern such as (?=.*X)X$ was incorrectly optimized as if it needed
    both an initial 'X' and a following 'X'.
    (b) Some patterns starting with an assertion that started with .* were
    incorrectly optimized as having to match at the start of the subject or
    after a newline. There are cases where this is not true, for example,
    (?=.*[A-Z])(?=.{8,16})(?!.*[s]) matches after the start in lines that
    start with spaces. Starting .* in an assertion is no longer taken as an
    indication of matching at the start (or after a newline).
permissions
  * add capability for prometheus-blackbox_exporter (bsc#1191194)
- Update to version 20170707:
polkit
- CVE-2021-4115: fixed a denial of service via file descriptor leak (bsc#1195542)
  added CVE-2021-4115.patch
- CVE-2021-4034: fixed a local privilege escalation in pkexec (bsc#1194568)
  added CVE-2021-4034-pkexec-fix.patch
psmisc
  * Determine the namespace of a process only once to speed
    up the parsing of fdinfo (bsc#1194172).
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
python
- Set correct value of %python2_package_prefix to python
  (as expected on SLE-12). (bsc#1175619)
- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091
  (CVE-2019-20907, bpo#39017) avoiding possible infinite loop
  in specifically crafted tarball.
  Add recursion.tar as a testing tarball for the patch.
- Provide the newest setuptools wheel (bsc#1176262,
  CVE-2019-20916) in their correct form (bsc#1180686).
- Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211
  (CVE-2020-26116, bpo#39603) no longer allowing special characters in
  the method parameter of HTTPConnection.putrequest in httplib, stopping
  injection of headers. Such characters now raise ValueError.
- Renamed patch for assigned CVE:
  * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
    CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
    (boo#1189241, CVE-2021-3737)
- Renamed patch for assigned CVE:
  * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch
    (boo#1189287, CVE-2021-3733)
- Fix python-doc build (bpo#35293):
  * sphinx-update-removed-function.patch
- Update documentation formatting for Sphinx 3.0 (bpo#40204).
- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
  request (bpo#43075, boo#1189287).
- Add missing security announcement to
  bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
  which fixes http client infinite line reading (DoS) after a http
  100 (bpo#44022, boo#1189241).
- Modify Lib/ensurepip/__init__.py to contain the same version
  numbers as are in reality the ones in the bundled wheels
  (bsc#1187668).
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.
- (bsc#1180125) We really don't Require python-rpm-macros package.
  Unnecessary dependency.
- Add patch configure_PYTHON_FOR_REGEN.patch which makes
  configure.ac to consider the correct version of
  PYTHON_FO_REGEN (bsc#1078326).
- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
  - Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben
    Caller.
  - bsc#1155094 (CVE-2019-18348) Disallow control characters in
    hostnames in http.client. Such potentially malicious header
  - Fixed possible leak in `PyArg_Parse` and similar
    `PY_SSIZE_T_CLEAN` is not defined.
  - python-2.7.14-CVE-2017-1000158.patch
  - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch
  - CVE-2018-1061-DOS-via-regexp-difflib.patch
  - CVE-2019-10160-netloc-port-regression.patch
  - CVE-2019-16056-email-parse-addr.patch
- Add CVE-2019-9674-zip-bomb.patch to improve documentation
  warning about dangers of zip-bombs and other security problems
  with zipfile library. (bsc#1162825 CVE-2019-9674)
- Change to Requires: libpython%{so_version} == %{version}-%{release}
  to python-base to keep both packages always synchronized (add
  %{so_version}) (bsc#1162224).
- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug
  "/Python urrlib allowed an HTTP server to conduct Regular
  Expression Denial of Service (ReDoS)"/ (bsc#1162367)
- Provide python-testsuite from devel subkg to ease py2->py3
  dependencies
- bsc#1109847 (CVE-2018-14647): add
  CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing
  bpo-34623.
  fixing bpo-35746 (CVE-2019-5010).
python-base
- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091
  (CVE-2019-20907, bpo#39017) avoiding possible infinite loop
  in specifically crafted tarball.
  Add recursion.tar as a testing tarball for the patch.
- Provide the newest setuptools wheel (bsc#1176262,
  CVE-2019-20916) in their correct form (bsc#1180686).
- Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211
  (CVE-2020-26116, bpo#39603) no longer allowing special characters in
  the method parameter of HTTPConnection.putrequest in httplib, stopping
  injection of headers. Such characters now raise ValueError.
- Renamed patch for assigned CVE:
  * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
    CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
    (boo#1189241, CVE-2021-3737)
- Renamed patch for assigned CVE:
  * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch
    (boo#1189287, CVE-2021-3733)
- Fix python-doc build (bpo#35293):
  * sphinx-update-removed-function.patch
- Update documentation formatting for Sphinx 3.0 (bpo#40204).
- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
  request (bpo#43075, boo#1189287).
- Add missing security announcement to
  bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
  which fixes http client infinite line reading (DoS) after a http
  100 (bpo#44022, boo#1189241).
- Modify Lib/ensurepip/__init__.py to contain the same version
  numbers as are in reality the ones in the bundled wheels
  (bsc#1187668).
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.
- (bsc#1180125) We really don't Require python-rpm-macros package.
  Unnecessary dependency.
- Add patch configure_PYTHON_FOR_REGEN.patch which makes
  configure.ac to consider the correct version of
  PYTHON_FO_REGEN (bsc#1078326).
- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
  - Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben
    Caller.
  - bsc#1155094 (CVE-2019-18348) Disallow control characters in
    hostnames in http.client. Such potentially malicious header
  - Fixed possible leak in `PyArg_Parse` and similar
    `PY_SSIZE_T_CLEAN` is not defined.
  - python-2.7.14-CVE-2017-1000158.patch
  - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch
  - CVE-2018-1061-DOS-via-regexp-difflib.patch
  - CVE-2019-10160-netloc-port-regression.patch
  - CVE-2019-16056-email-parse-addr.patch
- Add CVE-2019-9674-zip-bomb.patch to improve documentation
  warning about dangers of zip-bombs and other security problems
  with zipfile library. (bsc#1162825 CVE-2019-9674)
- Change to Requires: libpython%{so_version} == %{version}-%{release}
  to python-base to keep both packages always synchronized (add
  %{so_version}) (bsc#1162224).
- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug
  "/Python urrlib allowed an HTTP server to conduct Regular
  Expression Denial of Service (ReDoS)"/ (bsc#1162367)
- Provide python-testsuite from devel subkg to ease py2->py3
  dependencies
- bsc#1109847 (CVE-2018-14647): add
  CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing
  bpo-34623.
  fixing bpo-35746 (CVE-2019-5010).
python3
- Add CVE-2021-3733-ReDoS-urllib-AbstractBasicAuthHandler.patch
  fixing ReDoS in urllib AbstractBasicAuthHandler (bsc#1189287,
  CVE-2021-3733, bpo#43075)
- Add CVE-2021-3737-infinite-loop-on-100-Continue.patch fixing bpo-44022
  (bsc#1189241, CVE-2021-3737): http.client now avoids infinitely
  reading potential HTTP headers after a 100 Continue status response
  from the server.
- Reorder and better documented patches related to bpo#30458 (also, for
  rechecking solution for bsc#1129071).
- Refresh patches:
  - CVE-2019-10160-netloc-port-regression.patch
  - CVE-2019-18348-CRLF_injection_via_host_part.patch
  - CVE-2019-9947-no-ctrl-char-http.patch
  - CVE-2020-8492-urllib-ReDoS.patch
  - Python-3.3.0b2-multilib.patch
  - python-3.6-CVE-2017-18207.patch
  - python3-urllib-prefer-lowercase-proxies.patch
  - subprocess-raise-timeout.patch
- Modify Lib/ensurepip/__init__.py to contain the same version
  numbers as are in reality the ones in the bundled wheels
  (bsc#1187668).
python3-base
- Add CVE-2021-3733-ReDoS-urllib-AbstractBasicAuthHandler.patch
  fixing ReDoS in urllib AbstractBasicAuthHandler (bsc#1189287,
  CVE-2021-3733, bpo#43075)
- Add CVE-2021-3737-infinite-loop-on-100-Continue.patch fixing bpo-44022
  (bsc#1189241, CVE-2021-3737): http.client now avoids infinitely
  reading potential HTTP headers after a 100 Continue status response
  from the server.
- Reorder and better documented patches related to bpo#30458 (also, for
  rechecking solution for bsc#1129071).
- Refresh patches:
  - CVE-2019-10160-netloc-port-regression.patch
  - CVE-2019-18348-CRLF_injection_via_host_part.patch
  - CVE-2019-9947-no-ctrl-char-http.patch
  - CVE-2020-8492-urllib-ReDoS.patch
  - Python-3.3.0b2-multilib.patch
  - python-3.6-CVE-2017-18207.patch
  - python3-urllib-prefer-lowercase-proxies.patch
  - subprocess-raise-timeout.patch
- Modify Lib/ensurepip/__init__.py to contain the same version
  numbers as are in reality the ones in the bundled wheels
  (bsc#1187668).
regionServiceClientConfigEC2
- Update to version 3.1.0 (bsc#1029162)
  + Add IPv6 addresses to config
  + Include IPv6 certificates
  + Requires cloud-regionsrv-client >= v9.3.0
release-notes-sles
- 12.5.20220202 (tracked in bsc#933411)
- Added kernel parameter change (bsc#1195107)
- Added note about deprecating XFS V4 (jsc#SLE-22661)
- Updated note about unixODBC drivers in production (jsc#SLE-20553)
- 12.5.20211208 (tracked in bsc#933411)
- Added note about unprivileged eBPF (jsc#SLE-22593)
- Added note about schedutil (bsc#1176440)
- Added note about 32-bit applications (bsc#1181589)
- Updated source code info (bsc#1188965)
- 12.5.20210831 (tracked in bsc#933411)
- Added note about user login fail (bsc#1187484)
- Removed mention of SES (bsc#1188305)
- Updated note about psqlODBC (jsc#SLE-11413)
- Added note about updated psqlODBC (jsc#SLE-13589)
- Added note about nested VMX (jsc#SLE-11270)
- Added note about Vagrant box support (bsc#1174599)
- Added support end date for PHP 7.2 (jsc#SLE-12474)
- Fixed IBM-Z doc link (bsc#1185109)
resource-agents
- RA reports "/string indices must be integers"/ to stderr after
  "/WARNING: Failed to reach the server: Gone"/ (bsc#1194502)
  Add upstream patch:
  0001-azure-events-report-error-if-jsondata-not-received.patch
- VirtualDomain RA using migration_network_suffix does create xenmigr
  URI causing live migration to fail (bsc#1180668)
- Failover issue due to a Google API being unreachable - request
  upstream patches which include a retry (bsc#1186830)
  Add upstream patches:
    0001-VirtualDomain-drop-prefix-xenmigr-from-migrate-uri.patch
    0001-gcp-vpc-move-vip.in-Adds-retries.patch
- SAPInstance fails to detect SAP unit files for systemd
  (bsc#1189535)
  Add upstream patches:
    0001-SAPInstance_fails_to_detect_SAP_unit_files_for_systemd.patch
    0002-SAPInstance_fails_to_detect_SAP_unit_files_for_systemd.patch
- (bsc#1188975) azure-lb RA is using /usr/bin/nc instead of
  /usr/bin/socat
  Add upstream patch:
    0001-ocf-distro-Improve-robustness-and-specificity-1558.patch
rsync
- Fixed an error when using the external compression library
  where files larger that 1GB would not be transferred completely
  and failing with error:
  - deflate on token returned 0 (XXX bytes left)
  - rsync error: error in rsync protocol data stream (code 12)
  * Add rsync-fix-external-compression.patch [bsc#1190828]
- Fix a segmentation fault in iconv [bsc#1188258]
  * Add rsync-iconv-segfault.patch
rsyslog
- fix memory leak when internal messages not processed internally
  (bsc#1190483)
  * add 0001-core-bugfix-memory-leak-when-internal-messages-not-p.patch
- fix memory leak in omfile (bsc#1189737)
  * add 0001-omfile-bugfix-file-handle-leak.patch
ruby2
Add patches to fix the following CVE's:
  - CVE-2021-32066.patch (CVE-2021-32066): Fix StartTLS stripping
    vulnerability in Net:IMAP (bsc#1188160)
  - CVE-2021-31810.patch (CVE-2021-31810): Fix trusting FTP PASV
    responses vulnerability in  Net:FTP (bsc#1188161)
  - CVE-2020-25613.patch (CVE-2020-25613): Fix potential HTTP request
    smuggling in WEBrick (bsc#1177125)
  - CVE-2021-31799.patch (CVE-2021-31799): Fix Command injection
    vulnerability in RDoc (bsc#1190375)
samba
- Fix ntlm authentications with "/winbind use default domain = yes"/;
  (bso#13126); (bsc#1173429); (bsc#1196308).
- Update spec file to do not provide nor require the bundled talloc,
  tdb, tevent and ldb libraries; (bsc#1195510);
- CVE-2021-44141: Information leak via symlinks of existance of
  files or directories outside of the exported share; (bso#14911);
  (bsc#1193690);
- CVE-2021-44142: Out-of-bounds heap read/write vulnerability
  in VFS module vfs_fruit allows code execution; (bso#14914);
  (bsc#1194859);
- CVE-2022-0336: Samba AD users with permission to write to an
  account can impersonate arbitrary services; (bso#14950);
  (bsc#1195048);
- Update to version 4.15.4; (jsc#SLE-23330);
  + CVE-2021-43566: Symlink race error can allow directory creation
    outside of the exported share; (bso#13979); (bsc#1139519);
  + CVE-2021-20316: Symlink race error can allow metadata read and
    modify outside of the exported share; (bso#14842); (bsc#1191227);
- Build samba with embedded talloc, pytalloc, pytalloc-util, tdb,
  pytdb, tevent, pytevent, ldb, pyldb and pyldb-util libraries.
  The tdb and ldb tools are installed in /usr/lib[64]/samba/bin and
  their manpages in /usr/lib[64]/samba/man
- Update to 4.15.4
  * Duplicate SMB file_ids leading to Windows client cache
    poisoning; (bso#14928);
  * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error -
    NT_STATUS_BUFFER_TOO_SMALL; (bso#14932);
  * kill_tcp_connections does not work; (bso#14934);
  * Can't connect to Windows shares not requiring authentication
    using KDE/Gnome; (bso#14935);
  * smbclient -L doesn't set "/client max protocol"/ to NT1 before
    calling the "/Reconnecting with SMB1 for workgroup listing"/
    path; (bso#14939);
  * Cross device copy of the crossrename module always fails;
    (bso#14940);
  * symlinkat function from VFS cap module always fails with an
    error; (bso#14941);
  * Fix possible fsp pointer deference; (bso#14942);
  * Missing pop_sec_ctx() in error path inside close_directory();
    (bso#14944);
  * "/smbd --build-options"/ no longer works without an smb.conf file;
    (bso#14945);
- Use pkgconfig(krb5) as dependency for the -devel package: allow
  OBS to pick the right flavor of krb5-devel (full vs mini).
- Do not require the 'krb5' symbol by samba-client-libs: this
  package has an automatic dependency due to linkage on
  libgssapi_krb5.so.2. Automatic deps are always better.
- Do not require the 'krb5' symbol from samba-libs: samba-libs
  requires samba-client-libs, which in turn requires krb5
  libraries. Samba-libs itself has no need for krb5 (but get it
  indirectly anyway).
- Reorganize libs packages. Split samba-libs into samba-client-libs,
  samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba
  public libraries depending on internal samba libraries into these
  packages as there were dependency problems everytime one of these
  public libraries changed its version (bsc#1192684). The devel
  packages are merged into samba-devel.
- Rename package samba-core-devel to samba-devel
- Add python-rpm-macros to build requirements
- Update the symlink create by samba-dsdb-modules to private samba
  ldb modules following libldb2 changes from /usr/lib64/ldb/samba to
  /usr/lib64/ldb2/modules/ldb/samba
- The username map [script] advice from CVE-2020-25717 advisory
  note has undesired side effects for the local nt token. Fallback
  to a SID/UID based mapping if the name based lookup fails;
  (bsc#1192849); (bso#14901)
- CVE-2016-2124: SMB1 client connections can be downgraded to
  plaintext authentication (bsc#1014440); (bso#12444);
- CVE-2020-25717: A user in an AD Domain could become root on
  domain members; (bsc#1192284); (bso#14556);
- CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability;
  (bsc#1192214); (bso#14875);
- Add msDS-AdditionalDnsHostName to the keytab; (bso#14396);
  (bsc#1185420);
- Add net-ads-join dnshostname option; (bso#14396); (bsc#1185420);
- Fix adding msDS-AdditionalDnsHostName to keytab with Windows DC;
  (bso#14406); (bsc#1185420);
- Fix wrong kvno exported to keytab after net ads changetrustpw due
  to replication delay; (bsc#1188727);
sapconf
- version update from 5.0.2 to 5.0.3
- adapt the activity detection of saptune to the upcoming saptune
  version 3
  (bsc#1189496)
sbd
- Update to version 1.5.0+20210720.f4ca41f:
- sbd-inquisitor: Implement default delay start for diskless sbd (bsc#1189398)
- sbd-inquisitor: Sanitize numeric arguments
- Update to version 1.5.0+20210629.1c72cf2:
- sbd-inquisitor: tolerate and strip any leading spaces of command line option values (bsc#1187547)
- sbd-inquisitor: tell the actual watchdog device specified with `-w` (bsc#1187547)
- Update to version 1.5.0+20210614.d7f447d (v1.5.0):
sqlite3
- Sync version 3.36.0 from Factory to implement jsc#SLE-16032.
- The following CVEs have been fixed in upstream releases up to
  this point, but were not mentioned in the change log so far:
  * bsc#1173641, CVE-2020-15358: heap-based buffer overflow in
    multiSelectOrderBy due to mishandling of query-flattener
    optimization
  * bsc#1164719, CVE-2020-9327: NULL pointer dereference and
    segmentation fault because of generated column optimizations in
    isAuxiliaryVtabOperator
  * bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds
    with WITH stack unwinding even after a parsing error
  * bsc#1160438, CVE-2019-19959: memory-management error via
    ext/misc/zipfile.c involving embedded '0' input
  * bsc#1160309, CVE-2019-19923: improper handling  of  certain uses
    of SELECT DISTINCT in flattenSubquery may lead to null pointer
    dereference
  * bsc#1159850, CVE-2019-19924: improper error handling in
    sqlite3WindowRewrite()
  * bsc#1159847, CVE-2019-19925: improper handling of NULL pathname
    during an update of a ZIP archive
  * bsc#1159715, CVE-2019-19926: improper handling  of certain
    errors during parsing  multiSelect in select.c
  * bsc#1159491, CVE-2019-19880: exprListAppendList in window.c
    allows attackers to trigger an invalid pointer dereference
  * bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE
    and CREATE VIEW statements, does not consider confusion with
    a shadow table name
  * bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an
    integrity_check PRAGMA command in certain cases of generated
    columns
  * bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger
    infinite recursion via certain types of self-referential views
    in conjunction with ALTER TABLE statements
  * bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits
    from the colUsed bitmask in the case of a generated column,
    which allows attackers to cause a denial of service
  * bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The
    function sqlite3Select in select.c allows a crash if a
    sub-select uses both DISTINCT and window functions, and also
    has certain ORDER BY usage
  * bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator
    vulnerability
  * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of
    collation-sequence names
  * CVE-2020-13434 boo#1172115: integer overflow in
    sqlite3_str_vappendf
  * CVE-2020-13630 boo#1172234: use-after-free in fts3EvalNextRow
  * CVE-2020-13631 boo#1172236: virtual table allowed to be renamed
    to one of its shadow tables
  * CVE-2020-13632 boo#1172240: NULL pointer dereference via
    crafted matchinfo() query
  * CVE-2020-13435: Malicious SQL statements could have crashed the
    process that is running SQLite (boo#1172091)
- Remove the following patches from there which are all upstream:
  * sqlite3-CVE-2017-10989.patch
  * sqlite3-CVE-2017-2518.patch,
  * sqlite3-CVE-2018-20346.patch,
  * sqlite3-CVE-2018-8740.patch,
  * sqlite3-CVE-2019-16168.patch,
  * sqlite3-CVE-2019-8457.patch,
  * sqlite3-journal-file.patch,
  * sqlite3-xFetch-null.patch,
  * sqlite3-CVE-2016-6153.patch
sudo
- Add support in the LDAP filter for negated users, patch taken
  from upstream (jsc#20068)
  * Adds sudo-feature-negated-LDAP-users.patch
- Restrict use of sudo -U other -l to people who have permission
  to run commands as that user (bsc#1181703, jsc#SLE-22569)
  * feature-upstream-restrict-sudo-U-other-l.patch
supportutils-plugin-suse-public-cloud
- Update to version 1.0.6 (bsc#1195095, bsc#1195096)
  + Include cloud-init logs whenever they are present
  + Update the packages we track in AWS, Azure, and Google
  + Include the ecs logs for AWS ECS instances
suse-module-tools
- Update to version 12.11: Import kernel scriptlets from kernel-source
  * rpm-script: fix bad exit status in OpenQA (bsc#1191922)
  * cert-script: Deal with existing $cert.delete file (bsc#1191804).
  * cert-script: Ignore kernel keyring for kernel certificates (bsc#1191480).
  * cert-script: Only print mokutil output in verbose mode.
  * inkmp-script(postun): don't pass  existing files to weak-modules2
    (boo#1191200)
  * kernel-scriptlets: skip cert scriptlet on non-UEFI systems
    (boo#1191260)
  * rpm-script: link config also into /boot (boo#1189879)
  * Import kernel scriptlets from kernel-source.
    (bsc#1189841, bsc#1190598)
  * Provide "/suse-kernel-rpm-scriptlets"/
sysstat
- Fix possible segfault in read_task_stats() [bsc#1194679]
- Add sysstat-fix-segfault-in-read_task_stats.patch
systemd
- Import commit 3fad90a5e2a1d0099ba2925793df42e0084cad35
  dbf8419fdb busctl: add a timestamp to the output of the busctl monitor command (bsc#1180225 jsc#SLE-21894)
  7a9abad886 sysctl: configure kernel parameters in the order they occur in each sysctl configuration files (#4205) (bsc#1191399)
  7dd902bfa6 manager: reexecute on SIGRTMIN+25, user instances only
  fb9e399bca basic/unit-name: do not use strdupa() on a path (bsc#1188063 CVE-2021-33910)
  e0fde642ec logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018)
  fe106cccdd units: make fsck/grows/makefs/makeswap units conflict against shutdown.target
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480)
- Avoid the error message when udev is updated due to udev being
  already active when the sockets are started again (bsc#1188291)
- Drop 1001-basic-unit-name-do-not-use-strdupa-on-a-path.patch
  It's been merged in branch SUSE/v228.
- Allow systemd sysusers config files to be overriden during system
  installation (bsc#1171962).
- While at it, add a comment to explain why we don't use
  %sysusers_create in %pre and why it should be safe in %post.
tcl
- New version 8.6.12:
  * (bug)[d43f96] [string trim*] broken for Emoji
  * (bug)[22324b] [string reverse] broken for Emoji
  * (bug)[1dab71,7c64aa] BRE broken by uninitialized value use
  * (bug)[8419c5] Unix tty channels tolerate EINTR
  * ** POTENTIAL INCOMPATIBILITY ***
  * (bug)[4c591f] [string compare] EIAS violation
  * (bug)[266494] [concat foo [list #]] EIAS violation
  * (bug)[24b918] Save IO buffers from modern optimizers
  * (new) support for POSIX error EILSEQ
  * (bug)[688fcc] segfault during traced delete of alias
  * (bug)[ccc448] segfault in ensemble rewrite machinery
  * (new) Update to Unicode-14
  * (bug)[a8579d] failed proc argument spec processing
  * Obsoletes tcl-aa4a13c15516da45.patch
- Bump %itclver and ensure it stays in sync.
- bsc#1185662: Move tcl.macros /usr/lib/rpm/macros.d .
- https://core.tcl-lang.org/thread/tktview?name=98ae20f0f5:
  Add tcl-aa4a13c15516da45.patch to disable lto for the stubs
  libraries.
- tclConfig.sh: Fix path names and avoid braces in TCL_PACKAGE_PATH
- Set TCL_LIBRARY at configure time for better consistency.
- New version: 8.6.11:
  * Add tcltest::(Setup|Eval|Cleanup|)Test
  * Update to Unicode-13
  * Add 3 libtommath functions to stub table
  * Many more bug fixes
- Potentially incompatible changes:
  * (bug)[ffeb20] [binary decode base64] ignore invalid chars
  * (bug)[b8e82d] some -maxlen values break uuencode round trip
  * (bug)[085913] Tcl_DStringAppendElement # quoting precision
  * (bug)[81242a] revised documentation for Tcl_UtfAtIndex()
  * (bug)[ed2980] Tcl_UtfToUniChar reads > TCL_UTF_MAX bytes
  * (bug)[a1bd37] [clock scan] new ISO format (clock-34.(19-24))
  * (bug)[501974] [clock scan] +time zone (clock-34.(53-68))
  * (new) force -eofchar 032 when evaluating library scripts
  * (new)[48898a] improve error message consistency
  * (new) revised case of module names
- Add a manpage symlink for tclsh8.6.
- Fix build with RPM 4.16: error: bare words are no longer
  supported, please use "/..."/:  lib64 == lib64.
- New version: 8.6.10:
  * (bug)[7a9dc5] [file normalize ~/~foo] segfault
  * (bug)[3cf3a9] variable 'timezone' deprecated in vc2017
  * (bug)[cc1e91] [list [list {*}[set a "/ "/]]] regression
    obsoletes tcl-expand-regression.patch.
  * (bug)[e3f481] tests var-1.2[01]
  * (new) Update to Unicode 12.0
  * (new)[TIP 527] New command [timerate]
  * (bug)[39fed4] [package require] memory validity
  * (new) New command tcl::unsupported::corotype
  * (bug) memlink when namespace deletion kills linked var
  * (new) README file converted to README.md in Markdown
  * (bug)[8b9854] [info level 0] regression with ensembles
  * (bug)[6bdadf] crash multi-arg write-traced [lappend]
  * (bug)[f8a33c] crash Tcl_Exit before init
  * (bug)[fa6bf3] Bytecode fails epoch recovery at numLevel=0
  * (bug)[fec0c1] C stack overflow compiling bytecode
  * tzdata updated to Olson's tzdata2019c
  * (bug)[16768d] Fix [info hostname] on NetBSD
  * (new) libtommath updated to release 1.2.0
  * (bug)[bcd100] bad fs cache when system encoding changes
  * (bug)[135804] segfault in [next] after destroy
  * (bug)[13657a] application/json us text, not binary
- binary-40.3 is expected to fail on riscv64 which does not support NaN
  propagation
- Use FAT LTO objects in order to provide proper static
  library (boo#1138797).
- Fix a regression in the handling of denormalized empty lists
  (tcl-expand-regression.patch, tcl#cc1e91552c).
- New version: 8.6.9:
  * NR-enable [package require]
  * (bug)[9fd5c6] crash in object deletion, test oo-11.5
  * (bug)[3c32a3] crash deleting object with class mixed in
  * (platform) stop using -lieee, removed from glibc-2.27
    (bsc#1179615, bsc#1181840).
  * (bug)[8e6a9a] bad binary [string match], test string-11.55
  * (bug)[1873ea] repair multi-thread std channel init
  * (bug)[db36fa] broken bytecode for index values
  * (bug) broken compiled [string replace], test string-14.19
  * (bug) [string trim*] engine crashed on invalid UTF
  * (bug) missing trace in compiled [array set], test var-20.11
  * (bug)[46a241] crash in unset array with search, var-13.[23]
  * (bug)[27b682] race made [file delete] raise "/no such file"/
  * (bug)[925643] 32/64 cleanup of filesystem DIR operations
  * (bug) leaks in TclSetEnv and env cache
  * (bug)[3592747] [yieldto] dying namespace, tailcall-14.1
  * (bug)[270f78] race in [file mkdir]
  * (bug)[3f7af0] [file delete] raised "/permission denied"/
  * (bug)[d051b7] overflow crash in [format]
  * revised quoting of [exec] args in generated command line
  * HTTP Keep-Alive with pipelined requests
  * (new)[TIP 505] [lreplace] accepts all out of range indices
  * (bug) Prevent crash from NULL keyName in the registry package
  * Update tcltest package for Travis support
  * (bug)[35a8f1] overlong string length of some lists
  * (bug)[00d04c] Repair [binary encode base64]
- handle s390 like s390x (bnc#1085480)
- Version 8.6.8:
  * [array names -regexp] supports backrefs
  * Fix gcc build failures due to #pragma placement
  * (bug)[b50fb2] exec redir append stdout and stderr to file
  * (bug)[2a9465] http state 100 continue handling broken
  * (bug)[0e4d88] replace command, delete trace kills namespace
  * (bug)[1a5655] [info * methods] includes mixins
  * (bug)[fc1409] segfault in method cloning, oo-15.15
  * (bug)[3298012] Stop crash when hash tables overflow 32 bits
  * (bug)[5d6de6] Close failing case of [package prefer stable]
  * (bug)[4f6a1e] Crash when ensemble map and list are same
  * (bug)[ce3a21] file normalize failure when tail is empty
  * (new)[TIP 477] nmake build system reform
  * (bug)[586e71] EvalObjv exception handling at level #0
- adapt check section for rpm-4.14.0
- Add more tests in Whitelist as bypass boo#1072657
  identified following tests failed on PowerPC
  interp-34.9 interp-34.13 http-3.25 timer-2.1 thread-20.9
- Whitelist known-failing tests. Further investigation needed.
tcpdump
- Security fix: [bsc#1195825, CVE-2018-16301]
  * Fix segfault when handling large files
  * Add tcpdump-CVE-2018-16301.patch
tcsh
- Modify patch tcsh-6.18.01-toolong.patch to avoid to be oom killed
  by broken history files (bsc#1192472)
telnet
- Update Source location to use Gentoo mirror, fixes bsc#1129925
- spec-cleaner used for cleaning the specfile up
- url was repaired
tiff
- security update: Fix buffer overwrite
  * CVE-2019-17546[bsc#1154365]
    + tiff-CVE-2019-17546.patch
- security update: Fix heap based buffer overflow in pal2rgb
  * CVE-2017-17095[bsc#1071031]
    + tiff-CVE-2017-17095.patch
- security update: Fix OOB in _TIFFmemcpy
  * CVE-2022-22844[bsc#1194539]
    + tiff-CVE-2022-22844.patch
- security update: Fix memory allocation failure in tif_read.c
  * CVE-2020-35521[bsc#1182808] CVE-2020-35522[bsc#1182809]
    + tiff-CVE-2020-35521,CVE-2020-35522.patch
- security update: Fix DOS via invertImage()
  * CVE-2020-19131[bsc#1190312]
    + tiff-CVE-2020-19131.patch
- security update: Fix heap-based buffer overflow in TIFF2PDF tool
  * CVE-2020-35524[bsc#1182812]
    + tiff-CVE-2020-35524.patch
- security update: Fix integer overflow in tif_getimage
  * CVE-2020-35523 [bsc#1182811]
    + tiff-CVE-2020-35523.patch
timezone
- timezone update 2021e (bsc#1177460):
  * Palestine will fall back 10-29 (not 10-30) at 01:00
- timezone update 2021d:
  * Fiji suspends DST for the 2021/2022 season
  * 'zic -r' marks unspecified timestamps with "/-00"/
- timezone update 2021c:
  * Revert almost all of 2021b's changes to the 'backward' file
  * Fix a bug in 'zic -b fat' that caused old timestamps to be
    mishandled in 32-bit-only readers
- timezone update 2021b:
  * Jordan now starts DST on February's last Thursday.
  * Samoa no longer observes DST.
  * Move some backward-compatibility links to 'backward'.
  * Rename Pacific/Enderbury to Pacific/Kanton.
  * Correct many pre-1993 transitions in Malawi, Portugal, etc.
  * zic now creates each output file or link atomically.
  * zic -L no longer omits the POSIX TZ string in its output.
  * zic fixes for truncation and leap second table expiration.
  * zic now follows POSIX for TZ strings using all-year DST.
  * Fix some localtime crashes and bugs in obscure cases.
  * zdump -v now outputs more-useful boundary cases.
  * tzfile.5 better matches a draft successor to RFC 8536.
- Refresh tzdata-china.patch
util-linux
- ipcutils: Avoid potential memory allocation overflow
  (bsc#1188921, CVE-2021-37600,
  util-linux-ipcutils-overflow-CVE-2021-37600.patch).
- Add bc to BuildRequires to run more complete testsuite,
  fix testsuite (bsc#1178236#c19,
  util-linux-ipcs-shmall-overflow-ts.patch).
- ipcs: Avoid overflows (bsc#1178236,
  util-linux-ipcs-shmall-overflow-1.patch,
  util-linux-ipcs-shmall-overflow-2.patch).
util-linux-systemd
- ipcutils: Avoid potential memory allocation overflow
  (bsc#1188921, CVE-2021-37600,
  util-linux-ipcutils-overflow-CVE-2021-37600.patch).
- Add bc to BuildRequires to run more complete testsuite,
  fix testsuite (bsc#1178236#c19,
  util-linux-ipcs-shmall-overflow-ts.patch).
- ipcs: Avoid overflows (bsc#1178236,
  util-linux-ipcs-shmall-overflow-1.patch,
  util-linux-ipcs-shmall-overflow-2.patch).
wicked
- fsm: fix device rename via yast (bsc#1194392)
  Reset worker config instead to reject a NULL/empty config
  xml node -- introduced in wicked 0.6.67 by commit c2a0385.
  [+ 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch]
- version 0.6.68
- sysctl: process sysctl.d directories as in sysctl --system
- sysctl: fix sysctl values for loopback device (bsc#1181163, bsc#1178357)
- dhcp4: add option to set route pref-src to dhcp IP (bsc#1192353)
- cleanup: warnings, time calculations and dhcp fixes (bsc#1188019)
- wireless: reconnect on unexpected wpa_supplicant restart (bsc#1183495)
- tuntap: avoid sysfs attr read error (bsc#1192311)
- ifstatus: fix warning of unexpected interface flag combination (bsc#1192164)
- dbus: config files in /usr shouldn't be marked as config in spec
- version 0.6.67
- dbus: install bus config in /usr (bsc#1183407,jsc#SLE-9750)
- logging: log reaped sub-process command and as debug, not error
- ifstatus: Don't show link as "/up"/ without RUNNING flag set
- firewalld: Make the zone assignment permanent (boo#1189560)
- fsm: cleanup and improve ifconfig and ifpolicy access utils
- dbus: cleanup the dbus-service.h file and unused property makros
- cleanup: applied code-spell run typo corrections
- dracut: initial fixes and improved option handling (boo#1182227)
- version 0.6.66
- wireless: migrate to wpa-supplicant v1 DBus interface (bsc#1156920)
  - support multiple networks configurations per interface
  - show connection status and scan-results (bsc#1160654)
  - corrected eap-tls,ttls cetificate handling and open vs. shared
    wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592)
  - cleanups and several other improvements, see changes
  - updated man ifcfg-wireless manual pages
- nanny: fix identify node owner exit condition
- schema: several xml-schema and dbus/property improvements
- utils: format/parse bitmap to array and string alternatives
- client: expose ethtool --get-permanent-address option
- removed sle15-sp3 patches included in the master sources (bsc#1181812)
  [- 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch]
  [- 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch]
- dhcp4: discover on reboot timeout after start-delay (bsc#1181812)
  [+ 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch]
- dhcp6: request nis options on sle15 by default (bsc#1181812)
  [+ 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch]
- version 0.6.65
- ifconfig: differentiate if to re-trigger dad on address updates (bsc#1177215)
- client: parse sysctl files in the correct order (bsc#1181186)
- ifup: fix for set up with unenslave from unconfigured master (boo#954329)
- rpm: prepare for new builds using usrmerged rpm macro (boo#1029961)
- rpm: Let wicked-service also provide service(network)
- cleanup: remove obsolete use-nanny=false (gh#openSUSE/wicked#815)
- dbus: add variant container, generic object-path and uint32 array macros
xen
- bsc#1193447 - Slow execution of hvmloader+ovmf when VM contains
  an sriov device
  61bc429f-revert-hvmloader-PA-range-should-be-UC.patch
- bsc#1194576 - VUL-0: CVE-2022-23033: xen: arm:
  guest_physmap_remove_page not removing the p2m mappings (XSA-393)
  xsa393.patch
- bsc#1194581 - VUL-0: CVE-2022-23034: xen: a PV guest could DoS
  Xen while unmapping a grant (XSA-394)
  xsa394.patch
- bsc#1194588 - VUL-0: CVE-2022-23035: xen: insufficient cleanup of
  passed-through device IRQs (XSA-395)
  xsa395.patch
- Upstream bug fixes (bsc#1027519)
  619b7ac9-harden-assign_pages.patch (Replaces xsa385.patch)
  - Drop xsa385.patch
  619b8cb0-x86-PoD-misaligned-GFNs.patch (Replaces xsa388-1.patch)
  - Drop xsa388-1.patch
  619b8cb1-x86-PoD-intermediate-page-orders.patch (Replaces xsa388-2.patch)
  - Drop xsa388-2.patch
  619b8cb2-x86-P2M-set-partial-success.patch (Replaces xsa389.patch)
  - Drop xsa389.patch
  61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch
- bsc#1191510 - [UEFI]15sp4 uefi fv guest on 12sp5 host unable to
  bootup with sriov pci device plugin
  5e15e174-libxl-dont-needlessly-report-highmem-in-use.patch
- bsc#1192554 - VUL-0: CVE-2021-28706: xen: guests may exceed their
  designated memory limit (XSA-385)
  xsa385.patch
- bsc#1192557 - VUL-0: CVE-2021-28704,CVE-2021-28707,CVE-2021-28708:
  xen: PoD operations on misaligned GFNs (XSA-388)
  xsa388-1.patch
  xsa388-2.patch
- bsc#1192559 - VUL-0: CVE-2021-28705,CVE-2021-28709: xen: issues
  with partially successful P2M updates on x86 (XSA-389)
  xsa389.patch
- Upstream bug fixes (bsc#1027519)
  5e5001ee-x86-p2m-PoD-accounting-in-gpae.patch (Replaces xsa378-0a.patch)
  5e86fa2a-x86-p2m_remove_page-retval.patch (Replaces xsa378-0b.patch)
  5e86fa57-x86-p2m-remove-MFN-check.patch (Replaces xsa378-0c.patch)
  611cba4e-VT-d-Tylersburg-errata-more-steppings.patch
  611f844b-AMD-IOMMU-dont-leave-pt-mapped.patch
  6126339d-AMD-IOMMU-global-ER-extending.patch (Replaces xsa378-1.patch)
  6126344f-AMD-IOMMU-unity-map-handling.patch (Replaces xsa378-2.patch)
  61263464-IOMMU-pass-access-to-p2m_get_iommu_flags.patch (Replaces xsa378-3.patch)
  6126347d-IOMMU-generalize-VT-d-mapped-RMRR-tracking.patch (Replaces xsa378-4.patch)
  6126349a-AMD-IOMMU-rearrange-reassignment.patch (Replaces xsa378-5.patch)
  612634ae-AMD-IOMMU-rearrange-ER-UM-recording.patch (Replaces xsa378-6.patch)
  612634c3-x86-p2m-introduce-p2m_is_special.patch (Replaces xsa378-7.patch)
  612634dc-x86-p2m-guard-identity-mappings.patch (Replaces xsa378-8.patch)
  612634f4-x86-mm-widen-locked-region-in-xatp1.patch (Replaces xsa379.patch)
  6126350a-gnttab-release-mappings-preemption.patch (Replaces xsa380-1.patch)
  6126351f-gnttab-replace-mapkind.patch (Replaces xsa380-2.patch)
  6126353d-gnttab-get-status-frames-array-capacity.patch (Replaces xsa382.patch)
  61263553-Arm-restrict-maxmem-for-dom0less.patch (Replaces xsa383.patch)
  6138ae99-gnttab-status-frame-mapping-race.patch (Replaces xsa384.patch)
  6138b7a1-x86-spec-ctrl-split-diagnostics-line.patch
  6138b7a2-x86-AMD-enum-speculative-hints.patch
  6138b7a3-x86-AMD-use-newer-SSBD.patch
  6139f1b1-x86-spec-ctrl-print-AMD-features.patch
  6148453b-VT-d-hidden-devices-unmap.patch
  6148455f-VT-d-PCI-segment-numbers-16-bits.patch
  61532102-PCI-bridge-with-subord-bus-0xFF.patch
  61655b5a-AMD-IOMMU-hidden-devices-flush.patch
- Dropped patches
  xsa378-0a.patch
  xsa378-0b.patch
  xsa378-0c.patch
  xsa378-1.patch
  xsa378-2.patch
  xsa378-3.patch
  xsa378-4.patch
  xsa378-5.patch
  xsa378-6.patch
  xsa378-7.patch
  xsa378-8.patch
  xsa379.patch
  xsa380-1.patch
  xsa380-2.patch
  xsa382.patch
  xsa383.patch
  xsa384.patch
- bsc#1191363 - VUL-0: CVE-2021-28702: xen: PCI devices with RMRRs
  not deassigned correctly (XSA-386)
  615c9fd0-VT-d-fix-deassign-of-device-with-RMRR.patch
- bsc#1189632 - VUL-0: CVE-2021-28701: xen: Another race in
  XENMAPSPACE_grant_table handling (XSA-384)
  xsa384.patch
- Upstream bug fixes (bsc#1027519)
  6128a856-gnttab-radix-tree-node-init.patch
  61375a11-x86-p2m_flags_to_access.patch
xfsprogs
- xfs_io: add label command (bsc#1191500)
  - add xfsprogs-xfs_io-add-label-command.patch
- xfs_repair: add flag -e to modify exit code for corrected errors
  (bsc#1190320)
  - add xfsprogs-xfs_repair-add-flag-e-to-modify-exit-code-for-correc.patch
- fsck.xfs: allow forced repairs using xfs_repair (bsc#1190320)
  - add xfsprogs-fsck.xfs-allow-forced-repairs-using-xfs_repair.patch
yast2
- Backport: Command line interface: Do not start an UI while
  evaluating current language settings (bsc#1173133).
- 3.2.52
- Do not use the 'installation-helper' binary to create snapshots
  during installation or offline upgrade (bsc#1180142).
- Add a new exception to properly handle exceptions
  when reading/writing snapshots numbers (related to bsc#1180142).
- save_y2logs: save kernel messages and udev log (snwint@suse.de).
  Related to bsc#1089647 and bsc#1085212.
- 3.2.51
yast2-installation
- Do not crash when it is not possible to create a snapshot after
  installing or upgrading the system (bsc#1180142).
- 3.4.3
- Ensure correct alignment when shrinking a PReP partition.
- bsc#1186371
- 3.4.2
yast2-samba-client
- With latest versions of samba (>=4.15.0) calling 'net ads lookup'
  with '-U%' fails; (boo#1193533).
- yast-samba-client fails to join if /etc/samba/smb.conf or
  /etc/krb5.conf don't exist; (bsc#1089938)
- Do not stop nmbd while nmbstatus is running, it is not necessary
  anymore; (bsc#1158916);
- 3.1.23
yast2-update
- Do not rely on the 'installation-helper' binary to create
  snapshots after installation or offline upgrade (bsc#1180142).
- Do not crash when it is not possible to create a snapshot before
  upgrading the system (related to bsc#1180142).
- 3.3.2
zlib
- Update 410.patch to include new fixes from upstream,
  fixes bsc#1192688
- Refresh bsc1174736-DFLTCC_LEVEL_MASK-set-to-0x1ff.patch
  to match upstream commit
- Drop patches which changes have been merged in 410.patch:
  * zlib-compression-switching.patch
  * zlib-390x-z15-fix-hw-compression.patch
  * bsc1174551-fxi-imcomplete-raw-streams.patch
zsh
- Added CVE-2019-20044.patch: fixes insecure dropping of privileges when
  unsetting PRIVILEGED option (CVE-2019-20044 bsc#1163882)
- Add CVE-2018-1100.patch: it fixes buffer overflow in utils.c:checkmailpath()
  can lead to local arbitrary code execution (CVE-2018-1100 bsc#1089030)
- Added CVE-2021-45444.patch: fixes a vulnerability in prompt expansion which
  could be exploited through e.g.  VCS_Info to execute arbitrary shell
  commands (CVE-2021-45444 bsc#1196435)
- Add CVE-2018-0502_CVE-2018-13259.patch. Fixes CVE-2018-0502 and
  CVE-2018-13259 (bsc#1107296 and bsc#1107294).
zypper
- Add support for PTFs (jsc#SLE-17974)
- version 1.13.60