000release-packages:SLES_SAP-release
n/a
aaa_base
- Add patch git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
  * respect /etc/update-alternatives/java when setting JAVA_HOME
    (bsc#1215434,bsc#1107342)
apparmor
- update zgrep profile to allow egrep helper use (bsc#1214458)
  - zgrep-profile-sync-with-master.diff
bind
- Update to release 9.16.44
  Security Fixes:
  * Previously, sending a specially crafted message over the
    control channel could cause the packet-parsing code to run out
    of available stack memory, causing named to terminate
    unexpectedly. This has been fixed. (CVE-2023-3341)
  [bsc#1215472]

- Update to release 9.16.43
  Bug Fixes:
  * Processing already-queued queries received over TCP could cause
    an assertion failure, when the server was reconfigured at the
    same time or the cache was being flushed. This has been fixed.

- Add dnstap support
  [jsc#PED-4852]

- Log named-checkconf output [bsc#1213049]
binutils
- Update to version 2.41 [PED-5778]:
  * The MIPS port now supports the Sony Interactive Entertainment Allegrex
  processor, used with the PlayStation Portable, which implements the MIPS
  II ISA along with a single-precision FPU and a few implementation-specific
  integer instructions.
  * Objdump's --private option can now be used on PE format files to display the
  fields in the file header and section headers.
  * New versioned release of libsframe: libsframe.so.1.  This release introduces
  versioned symbols with version node name LIBSFRAME_1.0.  This release also
  updates the ABI in an incompatible way: this includes removal of
  sframe_get_funcdesc_with_addr API, change in the behavior of
  sframe_fre_get_ra_offset and sframe_fre_get_fp_offset APIs.
  * SFrame Version 2 is now the default (and only) format version supported by
  gas, ld, readelf and objdump.
  * Add command-line option, --strip-section-headers, to objcopy and strip to
  remove ELF section header from ELF file.
  * The RISC-V port now supports the following new standard extensions:
  - Zicond (conditional zero instructions)
  - Zfa (additional floating-point instructions)
  - Zvbb, Zvbc, Zvkg, Zvkned, Zvknh[ab], Zvksed, Zvksh, Zvkn, Zvknc, Zvkng,
    Zvks, Zvksc, Zvkg, Zvkt (vector crypto instructions)
  * The RISC-V port now supports the following vendor-defined extensions:
  - XVentanaCondOps
  * Add support for Intel FRED, LKGS and AMX-COMPLEX instructions.
  * A new .insn directive is recognized by x86 gas.
  * Add SME2 support to the AArch64 port.
  * The linker now accepts a command line option of --remap-inputs
  <PATTERN>=<FILE> to relace any input file that matches <PATTERN> with
  <FILE>.  In addition the option --remap-inputs-file=<FILE> can be used to
  specify a file containing any number of these remapping directives.
  * The linker command line option --print-map-locals can be used to include
  local symbols in a linker map.  (ELF targets only).
  * For most ELF based targets, if the --enable-linker-version option is used
  then the version of the linker will be inserted as a string into the .comment
  section.
  * The linker script syntax has a new command for output sections: ASCIZ "string"
  This will insert a zero-terminated string at the current location.
  * Add command-line option, -z nosectionheader, to omit ELF section
  header.
- Removed obsolete patches: binutils-2.40-branch.diff.gz,
  riscv-dynamic-tls-reloc-pie.patch, riscv-pr22263-1.patch,
  extensa-gcc-4_3-fix.diff .
- Add binutils-2.41-branch.diff.gz .
- Add binutils-old-makeinfo.diff for SLE-12 and older.
- Rebased aarch64-common-pagesize.patch and binutils-revert-rela.diff .
- Contains fixes for these non-CVEs (not security bugs per upstreams
  SECURITY.md):
  * bsc#1209642 aka CVE-2023-1579 aka PR29988
  * bsc#1210297 aka CVE-2023-1972 aka PR30285
  * bsc#1210733 aka CVE-2023-2222 aka PR29936
  * bsc#1213458 aka CVE-2021-32256 aka PR105039 (gcc)
  * bsc#1214565 aka CVE-2020-19726 aka PR26240
  * bsc#1214567 aka CVE-2022-35206 aka PR29290
  * bsc#1214579 aka CVE-2022-35205 aka PR29289
  * bsc#1214580 aka CVE-2022-44840 aka PR29732
  * bsc#1214604 aka CVE-2022-45703 aka PR29799
  * bsc#1214611 aka CVE-2022-48065 aka PR29925
  * bsc#1214619 aka CVE-2022-48064 aka PR29922
  * bsc#1214620 aka CVE-2022-48063 aka PR29924
  * bsc#1214623 aka CVE-2022-47696 aka PR29677
  * bsc#1214624 aka CVE-2022-47695 aka PR29846
  * bsc#1214625 aka CVE-2022-47673 aka PR29876
cloud-netconfig
- Update to version 1.8:
  + Fix Azure metadata check (bsc#1214715)
  + Fix cleanup on ifdown
cloud-regionsrv-client
- Update to version 10.1.4 (bsc#1217451)
  + Fetch cert for new update server during failover

- Update to version 10.1.3 (bsc#1214801)
  + Add a warning if we detect a Python package cert bundle for certifi
    This will help with debugging and point to potential issues when
    using SUSE images in AWS, Azure, and GCE
kernel-default
- powerpc: Don't clobber f0/vs0 during fp|altivec register save
  (bsc#1217780).
- commit 46d31e2

- USB: serial: option: add Luat Air72*U series products
  (git-fixes).
- USB: serial: option: add Fibocom L7xx modules (git-fixes).
- USB: serial: option: don't claim interface 4 for ZTE MF290
  (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA
  (git-fixes).
- commit 4c40fde

- firewire: core: fix possible memory leak in create_units()
  (git-fixes).
- commit 0ade49c

- xfs: convert log ticket and iclog flags to unsigned (git-fixes).
- commit 57245d3

- xfs: convert quota options flags to unsigned (git-fixes).
- commit 7dfe466

- xfs: convert inode lock flags to unsigned (git-fixes).
- commit 831f7e2

- xfs: convert log item tracepoint flags to unsigned (git-fixes).
- commit 411032a

- xfs: convert dquot flags to unsigned (git-fixes).
- commit 1630213

- xfs: convert da btree operations flags to unsigned (git-fixes).
- commit 41198d9

- xfs: convert buffer log item flags to unsigned (git-fixes).
- commit d4d0c9c

- xfs: convert btree buffer log flags to unsigned (git-fixes).
- commit ced67a9

- xfs: convert AGI log flags to unsigned (git-fixes).
- commit 66d955b

- xfs: convert AGF log flags to unsigned (git-fixes).
- commit 91cefbb

- xfs: convert bmapi flags to unsigned (git-fixes).
- commit 1ec6360

- xfs: convert bmap extent type flags to unsigned (git-fixes).
- commit 30fead3

- xfs: convert scrub type flags to unsigned (git-fixes).
- commit c3c7c82

- xfs: convert attr type flags to unsigned (git-fixes).
- commit c641f4d

- xfs: convert buffer flags to unsigned (git-fixes).
- commit 6147a1c

- xfs: standardize inode generation formatting in ftrace output
  (git-fixes).
- commit 81e4504

- xfs: standardize remaining xfs_buf length tracepoints
  (git-fixes).
- commit 0960978

- xfs: resolve fork names in trace output (git-fixes).
- commit f8059aa

- xfs: rename i_disk_size fields in ftrace output (git-fixes).
- commit 57eae70

- xfs: disambiguate units for ftrace fields tagged "count"
  (git-fixes).
- commit 863210b

- xfs: disambiguate units for ftrace fields tagged "len"
  (git-fixes).
- commit 09c5eba

- xfs: disambiguate units for ftrace fields tagged "offset"
  (git-fixes).
- commit fd948b6

- xfs: disambiguate units for ftrace fields tagged "blkno",
  "block", or "bno" (git-fixes).
- commit 21df855

- xfs: standardize daddr formatting in ftrace output (git-fixes).
- commit 4559eca

- xfs: standardize rmap owner number formatting in ftrace output
  (git-fixes).
- commit 1582a5c

- xfs: standardize AG block number formatting in ftrace output
  (git-fixes).
- commit c4b29ba

- xfs: standardize AG number formatting in ftrace output
  (git-fixes).
- commit a02451d

- xfs: standardize inode number formatting in ftrace output
  (git-fixes).
- commit 3a0db07

- xfs: add attr state machine tracepoints (git-fixes).
- commit b0c0355

- xfs: mark the record passed into xchk_btree functions as const
  (git-fixes).
- commit 3247184

- xfs: remove xfs_btree_cur_t typedef (git-fixes).
- commit 4b79f37

- xfs: constify btree function parameters that are not modified
  (git-fixes).
- commit ca93659

- xfs: make the start pointer passed to btree update_lastrec
  functions const (git-fixes).
- commit 28eb06c

- xfs: make the start pointer passed to btree alloc_block
  functions const (git-fixes).
- commit 481ec89

- xfs: make the pointer passed to btree set_root functions const
  (git-fixes).
- commit 068596a

- xfs: make the keys and records passed to btree inorder functions
  const (git-fixes).
- commit 42fdf3b

- xfs: mark the record passed into btree init_key functions as
  const (git-fixes).
- Refresh
  patches.suse/xfs-fix-rm_offset-flag-handling-in-rmap-keys.patch.
- commit ff2d5e6

- xfs: make the key parameters to all btree query range functions
  const (git-fixes).
- Refresh
  patches.suse/xfs-make-the-record-pointer-passed-to-query_range-functions-const.patch.
- commit 6c6efbb

- xfs: make the key parameters to all btree key comparison
  functions const (git-fixes).
- Refresh
  patches.suse/xfs-fix-rm_offset-flag-handling-in-rmap-keys.patch.
- commit ff17042

- kernel-binary: suse-module-tools is also required when installed
  Requires(pre) adds dependency for the specific sciptlet.
  However, suse-module-tools also ships modprobe.d files which may be
  needed at posttrans time or any time the kernel is on the system for
  generating ramdisk. Add plain Requires as well.
- commit 8c12816

- scsi: lpfc: Copyright updates for 14.2.0.16 patches
  (bsc#1217731).
- scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731).
- scsi: lpfc: Enhance driver logging for selected discovery events
  (bsc#1217731).
- scsi: lpfc: Refactor and clean up mailbox command memory free
  (bsc#1217731).
- scsi: lpfc: Return early in lpfc_poll_eratt() when the driver
  is unloading (bsc#1217731).
- scsi: lpfc: Eliminate unnecessary relocking in
  lpfc_check_nlp_post_devloss() (bsc#1217731).
- scsi: lpfc: Fix list_entry null check warning in
  lpfc_cmpl_els_plogi() (bsc#1217731).
- scsi: lpfc: Fix possible file string name overflow when updating
  firmware (bsc#1217731).
- scsi: lpfc: Correct maximum PCI function value for RAS fw
  logging (bsc#1217731).
- commit beb2571

- net/tls: do not free tls_rec on async operation in
  bpf_exec_tx_verdict() (bsc#1217332 CVE-2023-6176).
- commit 4d4ef94

- Update metadata
- commit ca96232

- Revert "tracing: Fix warning in trace_buffered_event_disable()"
  (bsc#1217036)
  Temporarily revert the commit. It exposed a separate issue related to
  trace buffered event synchronization which needs to be fixed first.
- commit 4a725b5

- mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes).
- mmc: cqhci: Warn of halt or task clear failure (git-fixes).
- mmc: block: Retry commands in CQE error recovery (git-fixes).
- mmc: block: Be sure to wait while busy in CQE error recovery
  (git-fixes).
- mmc: cqhci: Increase recovery halt timeout (git-fixes).
- mmc: block: Do not lose cache flush during CQE error recovery
  (git-fixes).
- commit 49c4783

- ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
- commit 05bfbfe

- Disable Loongson drivers
  Loongson is a mips architecture, it doesn't make sense to build
  Loongson drivers on other architectures.
- commit 23ca0fb

- s390/ap: fix AP bus crash on early config change callback
  invocation (git-fixes bsc#1217687).
- commit 7155857

- pinctrl: avoid reload of p state in list iteration (git-fixes).
- commit 37ee48d

- README.SUSE: fix patches.addon use
  It's series, not series.conf in there.
  And make it more precise on when the patches are applied.
- commit cb8969c

- rxrpc: Fix race between conn bundle lookup and bundle removal
  (CVE-2023-2006 bsc#1210447).
- commit 88c559c

- kabi/severities: ignore kabi in rxrpc (bsc#1210447)
  The rxrpc module is built since SLE15-SP3 but it is not shipped as part of
  any SLE product, only in Leap (in kernel-*-optional).
- commit 10d922d

- Do not store build host name in initrd
  Without this patch, kernel-obs-build stored the build host name
  in its .build.initrd.kvm
  This patch allows for reproducible builds of kernel-obs-build and thus
  avoids re-publishing the kernel-obs-build.rpm when nothing changed.
  Note that this has no influence on the /etc/hosts file
  that is used during other OBS builds.
  https://bugzilla.opensuse.org/show_bug.cgi?id=1084909
- commit fd3a75e

- drm/amd/display: use full update for clip size increase of
  large plane source (git-fixes).
- commit 05445b7

- Input: xpad - add VID for Turtle Beach controllers (git-fixes).
- Refresh patches.suse/Input-xpad-add-PXN-V900-support.patch.
- commit a3a5e84

- Revert "i2c: pxa: move to generic GPIO recovery" (git-fixes).
- drm/amd/display: Change the DMCUB mailbox memory location from
  FB to inbox (git-fixes).
- tty: Fix uninit-value access in ppp_sync_receive() (git-fixes).
- drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
- drm/amdgpu: fix error handling in amdgpu_bo_list_get()
  (git-fixes).
- drm/qxl: prevent memory leak (git-fixes).
- mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of
  AER (git-fixes).
- pwm: Fix double shift bug (git-fixes).
- i2c: dev: copy userspace array safely (git-fixes).
- i2c: designware: Disable TX_EMPTY irq while waiting for block
  length byte (git-fixes).
- sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes).
- drm/amd/display: Avoid NULL dereference of timing generator
  (git-fixes).
- drm/amdgpu: don't use ATRM for external devices (git-fixes).
- media: imon: fix access to invalid resource for the second
  interface (git-fixes).
- media: ccs: Fix driver quirk struct documentation (git-fixes).
- media: cobalt: Use FIELD_GET() to extract Link Width
  (git-fixes).
- media: vivid: avoid integer overflow (git-fixes).
- media: gspca: cpia1: shift-out-of-bounds in set_flicker
  (git-fixes).
- i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes).
- i2c: i801: fix potential race in
  i801_block_transaction_byte_by_byte (git-fixes).
- i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing
  DAT_data (git-fixes).
- i3c: mipi-i3c-hci: Fix out of bounds access in
  hci_dma_irq_handler (git-fixes).
- mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes).
- usb: gadget: f_ncm: Always set current gadget in ncm_bind()
  (git-fixes).
- tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes).
- tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes).
- HID: lenovo: Detect quirk-free fw on cptkbd and stop applying
  workaround (git-fixes).
- HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W
  (git-fixes).
- PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk
  (git-fixes).
- PCI: Use FIELD_GET() to extract Link Width (git-fixes).
- PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width
  fields (git-fixes).
- misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe
  controller (git-fixes).
- selftests/efivarfs: create-read: fix a resource leak
  (git-fixes).
- selftests/resctrl: Remove duplicate feature check from CMT test
  (git-fixes).
- mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM
  L1.2 (git-fixes).
- drm/amdgpu: Fix a null pointer access when the smc_rreg pointer
  is NULL (git-fixes).
- drm/amdkfd: Fix shift out-of-bounds issue (git-fixes).
- drm/panel: st7703: Pick different reset sequence (git-fixes).
- drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
- drm/msm/dp: skip validity check for DP CTS EDID checksum
  (git-fixes).
- drm/amdgpu: Fix potential null pointer derefernce (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and
  Tonga (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
  (git-fixes).
- drm/amdkfd: Fix a race condition of vram buffer unref in svm
  code (git-fixes).
- drm/panel/panel-tpo-tpg110: fix a possible null pointer
  dereference (git-fixes).
- drm/panel: fix a possible null pointer dereference (git-fixes).
- drm/komeda: drop all currently held locks if deadlock happens
  (git-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad
  X120e (git-fixes).
- regmap: Ensure range selector registers are updated after
  cache sync (git-fixes).
- Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE
  (git-fixes).
- Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes).
- Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device
  tables (git-fixes).
- wifi: ath10k: Don't touch the CE interrupt registers after
  power up (git-fixes).
- wifi: ath10k: fix clang-specific fortify warning (git-fixes).
- wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
- wifi: mac80211: don't return unset power in
  ieee80211_get_tx_power() (git-fixes).
- serial: meson: Use platform_get_irq() to get the interrupt
  (git-fixes).
- commit 9bb6805

- ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings
  (git-fixes).
- ALSA: hda: Fix possible null-ptr-deref when assigning a stream
  (git-fixes).
- atm: iphase: Do PCI error checks on own line (git-fixes).
- string.h: add array-wrappers for (v)memdup_user() (git-fixes).
- ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes).
- atl1c: Work around the DMA RX overflow issue (git-fixes).
- bluetooth: Add device 13d3:3571 to device tables (git-fixes).
- bluetooth: Add device 0bda:887b to device tables (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559
  (git-fixes).
- commit 806162c

- netfilter: conntrack: dccp: copy entire header to stack buffer,
  not just basic one (CVE-2023-39197 bsc#1216976).
- commit b489a86

- Update upstream references (add CVE-2023-4244 bsc#1215420)
- patches.kabi/kabi-hide-changes-in-struct-nft_set.patch
- patches.suse/netfilter-nf_tables-GC-transaction-API-to-avoid-race.patch
- patches.suse/netfilter-nf_tables-GC-transaction-race-with-abort-p.patch
- patches.suse/netfilter-nf_tables-GC-transaction-race-with-netns-d.patch
- patches.suse/netfilter-nf_tables-fix-GC-transaction-races-with-ne.patch
- patches.suse/netfilter-nf_tables-fix-kdoc-warnings-after-gc-rewor.patch
- patches.suse/netfilter-nf_tables-use-correct-lock-to-protect-gc_l.patch
- commit fee74b6

- blacklist.conf: non-trivial dependencies (bsc#1216105)
- commit b8ada5d

- s390/dasd: fix hanging device after request requeue (git-fixes
  LTC#203629 bsc#1215124).
- commit 1f9716b

- s390/cio: unregister device when the only path is gone
  (git-fixes bsc#1217609).
- commit 1a12a29

- s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes
  bsc#1217599).
- commit c32f016

- s390/dasd: use correct number of retries for ERP requests
  (git-fixes bsc#1217598).
- commit 71adc5d

- Drivers: hv: vmbus: Remove unused extern declaration
  vmbus_ontimer() (git-fixes).
- x86/hyperv: fix a warning in mshyperv.h (git-fixes).
- x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg
  (git-fixes).
- HID: hyperv: avoid struct memcpy overrun warning (git-fixes).
- x86/hyperv: Make hv_get_nmi_reason public (git-fixes).
- hv: simplify sysctl registration (git-fixes).
- x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes).
- HID: hyperv: remove unused struct synthhid_msg (git-fixes).
- HID: hyperv: Replace one-element array with flexible-array
  member (git-fixes).
- commit be51c3e

- Update
  patches.suse/net-usb-lan78xx-reorder-cleanup-operations-to-avoid-.patch
  (bsc#1217068 CVE-2023-6039).
  Update reference. Bug retroactively declared a security issue.
- commit 867c96b

- hv_netvsc: Mark VF as slave before exposing it to user-mode
  (git-fixes).
- hv_netvsc: Fix race of register_netdevice_notifier and VF
  register (git-fixes).
- hv_netvsc: fix race of netvsc and VF register_netdevice
  (git-fixes).
- commit bbb7bfb

- s390/dasd: protect device queue against concurrent access
  (git-fixes bsc#1217515).
- commit 85f31b8

- net: mana: Fix return type of mana_start_xmit() (git-fixes).
- commit 9a9e0ef

- USB: serial: option: fix FM101R-GL defines (git-fixes).
- USB: dwc3: qcom: fix ACPI platform device leak (git-fixes).
- USB: dwc3: qcom: fix software node leak on probe errors
  (git-fixes).
- USB: dwc3: qcom: fix resource leaks on probe deferral
  (git-fixes).
- USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
- dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types
  (git-fixes).
- usb: dwc3: set the dma max_seg_size (git-fixes).
- usb: cdnsp: Fix deadlock issue during using NCM gadget
  (git-fixes).
- usb: dwc3: Fix default mode initialization (git-fixes).
- usb: typec: tcpm: Skip hard reset when in error recovery
  (git-fixes).
- dt-bindings: usb: hcd: add missing phy name to example
  (git-fixes).
- arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
- drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP
  full (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 bus flags
  (git-fixes).
- ata: pata_isapnp: Add missing error check for devm_ioport_map()
  (git-fixes).
- net: usb: ax88179_178a: fix failed operations during
  ax88179_reset (git-fixes).
- xhci: Enable RPM on controllers that support low-power states
  (git-fixes).
- commit 77def7a

- Ensure ia32_emulation is always enabled for kernel-obs-build
  If ia32_emulation is disabled by default, ensure it is enabled
  back for OBS kernel to allow building 32bit binaries (jsc#PED-3184)
  [ms: Always pass the parameter, no need to grep through the config which
  may not be very reliable]
- commit 56a2c2f

- blk-mq: fix null pointer dereference in
  blk_mq_clear_rq_mapping() (bsc#1217366).
- blk-mq: Don't clear driver tags own mapping (bsc#1217366).
- commit dfa78ac

- kobject: Fix slab-out-of-bounds in fill_kobj_path() (bsc#1216058
  CVE-2023-45863).
- commit 40e4871

- rpm: Define git commit as macro
- commit bcc92c8

- kernel-source: Move provides after sources
- commit dbbf742

- fbdev: imsttfb: fix double free in probe() (git-fixes).
- fbdev: imsttfb: Release framebuffer and dealloc cmap on error
  path (git-fixes).
- commit 04adf1c

- drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers
  (git-fixes).
- Refresh
  patches.suse/drm-bridge-lt8912b-Add-hot-plug-detection.patch.
- commit 44c514b

- drm/bridge: tc358768: Disable non-continuous clock mode
  (git-fixes).
- Refresh
  patches.suse/drm-bridge-tc358768-always-enable-HS-video-mode.patch.
- Refresh
  patches.suse/drm-bridge-tc358768-fix-TCLK_TRAILCNT-computation.patch.
- commit 1bb57d4

- platform/x86: wmi: remove unnecessary initializations
  (git-fixes).
- Refresh
  patches.suse/platform-x86-wmi-use-bool-instead-of-int.patch.
- commit 9e3bd62

- fbdev: imsttfb: fix a resource leak in probe (git-fixes).
- Fix termination state for idr_for_each_entry_ul() (git-fixes).
- crypto: caam/jr - fix Chacha20 + Poly1305 self test failure
  (git-fixes).
- crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure
  (git-fixes).
- crypto: hisilicon/hpre - Fix a erroneous check after snprintf()
  (git-fixes).
- HID: logitech-hidpp: Move get_wireless_feature_index() check
  to hidpp_connect_event() (git-fixes).
- HID: logitech-hidpp: Revert "Don't restart communication if
  not necessary" (git-fixes).
- HID: logitech-hidpp: Don't restart IO, instead defer
  hid_connect() only (git-fixes).
- drm/bridge: lt9611uxc: fix the race in the error path
  (git-fixes).
- drm/amdkfd: fix some race conditions in vram buffer alloc/free
  of svm code (git-fixes).
- drm/bridge: tc358768: Fix bit updates (git-fixes).
- drm/bridge: lt8912b: Manually disable HPD only if it was enabled
  (git-fixes).
- drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes).
- drm/bridge: lt8912b: Fix bridge_detach (git-fixes).
- clk: ti: fix double free in of_ti_divider_clk_setup()
  (git-fixes).
- platform/x86: wmi: Fix opening of char device (git-fixes).
- wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes).
- fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes).
- wifi: iwlwifi: call napi_synchronize() before freeing rx/tx
  queues (git-fixes).
- HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk
  (git-fixes).
- wifi: ath11k: debugfs: fix to work with multiple PCI devices
  (git-fixes).
- clk: ti: change ti_clk_register[_omap_hw]() API (git-fixes).
- mt76: dma: use kzalloc instead of devm_kzalloc for txwi
  (git-fixes).
- clk: ti: Update component clocks to use ti_dt_clk_name()
  (git-fixes).
- clk: ti: Update pll and clockdomain clocks to use
  ti_dt_clk_name() (git-fixes).
- clk: ti: Add ti_dt_clk_name() helper to use clock-output-names
  (git-fixes).
- drm/bridge: lt9611uxc: Register and attach our DSI device at
  probe (git-fixes).
- drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers
  (git-fixes).
- drm/bridge: lt8912b: Register and attach our DSI device at probe
  (git-fixes).
- drm/mipi-dsi: Create devm device attachment (git-fixes).
- drm/mipi-dsi: Create devm device registration (git-fixes).
- commit ff3b9ac

- ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes).
- ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC
  (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes).
- ALSA: hda/realtek - Add Dell ALC295 to pin fall back table
  (git-fixes).
- commit fe6b179

- Update
  patches.suse/vringh-don-t-use-vringh_kiov_advance-in-vringh_iov_x.patch
  (git-fixes, bsc#1215710, CVE-2023-5158).
- commit aba4986

- s390/crashdump: fix TOD programmable field size (git-fixes
  bsc#1217205).
- commit 4fa67bc

- USB: dwc2: write HCINT with INTMASK applied (bsc#1214286).
- commit 705073c

- s390/pkey: fix/harmonize internal keyblob headers (git-fixes
  bsc#1217200).
- commit 1330336

- net: fix use-after-free in tw_timer_handler (bsc#1217195).
- commit 797642c

- s390/ipl: add missing secure/has_secure file to ipl type
  'unknown' (bsc#1214976 git-fixes).
- commit 293b1d2

- hv_netvsc: fix netvsc_send_completion to avoid multiple message
  length checks (git-fixes).
- commit e571a42

- blacklist.conf: fix for only partially backported commit
- commit f8344aa

- idpf: add SRIOV support and other ndo_ops (bsc#1215458).
- Update config files.
- supported.conf: marked idpf supported
- commit 8518538

- idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
- PCI: Disable ATS for specific Intel IPU E2000 devices
  (bsc#1215458).
- PCI: Extract ATS disabling to a helper function (bsc#1215458).
- idpf: cancel mailbox work in error path (bsc#1215458).
- idpf: set scheduling mode for completion queue (bsc#1215458).
- idpf: add ethtool callbacks (bsc#1215458).
- idpf: add singleq start_xmit and napi poll (bsc#1215458).
- idpf: add RX splitq napi poll support (bsc#1215458).
- idpf: add TX splitq napi poll support (bsc#1215458).
- idpf: add splitq start_xmit (bsc#1215458).
- idpf: initialize interrupts and enable vport (bsc#1215458).
- idpf: configure resources for RX queues (bsc#1215458).
- idpf: configure resources for TX queues (bsc#1215458).
- idpf: add ptypes and MAC filter support (bsc#1215458).
- idpf: add create vport and netdev configuration (bsc#1215458).
- idpf: add core init and interrupt request (bsc#1215458).
- idpf: add controlq init and reset checks (bsc#1215458).
- idpf: add module register and probe functionality (bsc#1215458).
- virtchnl: add virtchnl version 2 ops (bsc#1215458).
- net: add macro netif_subqueue_completed_wake (bsc#1215458).
- net: piggy back on the memory barrier in bql when waking queues
  (bsc#1215458).
- net: provide macros for commonly copied lockless queue stop/wake
  code (bsc#1215458).
- docs: net: use C syntax highlight in driver.rst (bsc#1215458).
- docs: net: move the probe and open/close sections of driver.rst
  up (bsc#1215458).
- docs: net: reformat driver.rst from a list to sections
  (bsc#1215458).
- Documentation: networking: correct possessive "its"
  (bsc#1215458).
- commit 0dd7c0b

- blacklist.conf: Add 2ef269ef1ac0 cgroup/cpuset: Free DL BW in case can_attach() fails
- commit 635fb82

- scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124).
- scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag
  (bsc#1217124).
- scsi: lpfc: Validate ELS LS_ACC completion payload
  (bsc#1217124).
- scsi: lpfc: Reject received PRLIs with only initiator fcn role
  for NPIV ports (bsc#1217124).
- scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the
  same as pci offline (bsc#1217124).
- scsi: lpfc: Remove unnecessary zero return code assignment in
  lpfc_sli4_hba_setup (bsc#1217124).
- commit 36a063a

- scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields
  (git-fixes).
- scsi: qla2xxx: Fix double free of dsd_list during driver load
  (git-fixes).
- commit 7802965

- arm64: armv8_deprecated: fix unused-function error (git-fixes)
- commit 8a9ffd3

- arm64: Add Cortex-A520 CPU part definition (git-fixes)
- commit ec1fe6f

- arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
- commit bff85fe

- arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
- commit 5802265

- arm64: armv8_deprecated move emulation functions (git-fixes)
- commit cb05023

- arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
- commit 3a9b307

- arm64: rework EL0 MRS emulation (git-fixes)
- commit 9ce6c60

- arm64: factor insn read out of call_undef_hook() (git-fixes)
- commit 6831136

- arm64: factor out EL1 SSBS emulation hook (git-fixes)
- commit c8a644d

- arm64: split EL0/EL1 UNDEF handlers (git-fixes)
- commit de48edd

- arm64: allow kprobes on EL0 handlers (git-fixes)
- commit c9ac567

- arm64: rework BTI exception handling (git-fixes)
- commit f21a31f

- arm64: rework FPAC exception handling (git-fixes)
- commit da959d5

- arm64: consistently pass ESR_ELx to die() (git-fixes)
- commit b804637

- arm64: die(): pass 'err' as long (git-fixes)
- commit bac59fc

- arm64: report EL1 UNDEFs better (git-fixes)
- commit 0e93130

- nvme: update firmware version after commit (bsc#1215292).
- commit 1d3b546

- rpm/check-for-config-changes: add HAVE_SHADOW_CALL_STACK to IGNORED_CONFIGS_RE
  Not supported by our compiler.
- commit eb32b5a

- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir
  (LTC#203997 bsc#1217086).
- commit 651d5ec

- s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086).
- commit aa2ec99

- s390/mm: add missing arch_set_page_dat() call to gmap
  allocations (LTC#203997 bsc#1217086).
- commit b3d336b

- s390/mm: add missing arch_set_page_dat() call to
  vmem_crst_alloc() (LTC#203997 bsc#1217086).
- commit f15e0fe

- s390/cmma: fix initial kernel address space page table walk
  (LTC#203997 bsc#1217086).
- commit d8f4afa

- net: Avoid address overwrite in kernel_connect (bsc#1216861).
- commit 39cb2fd

- igb: set max size RX buffer when store bad packet is enabled
  (bsc#1216259 CVE-2023-45871).
- commit 15c91c9

- fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
- fbdev: omapfb: Drop unused remove function (git-fixes).
- drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE
  (git-fixes).
- drm/i915: Fix potential spectre vulnerability (git-fixes).
- i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes).
- ALSA: info: Fix potential deadlock at disconnection (git-fixes).
- ASoC: hdmi-codec: register hpd callback on component probe
  (git-fixes).
- spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies
  (git-fixes).
- Revert "mmc: core: Capture correct oemid-bits for eMMC cards"
  (git-fixes).
- mmc: vub300: fix an error code (git-fixes).
- mmc: sdhci_am654: fix start loop index for TAP value parsing
  (git-fixes).
- lsm: fix default return value for inode_getsecctx (git-fixes).
- lsm: fix default return value for vm_enough_memory (git-fixes).
- Input: synaptics-rmi4 - fix use after free in
  rmi_unregister_function() (git-fixes).
- i2c: iproc: handle invalid slave state (git-fixes).
- pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume
  (git-fixes).
- pwm: sti: Reduce number of allocations and drop usage of
  chip_data (git-fixes).
- can: isotp: isotp_sendmsg(): fix TX state detection and wait
  behavior (git-fixes).
- commit ba5a839

- perf/core: Fix potential NULL deref (bsc#1216584 CVE-2023-5717).
- commit 90eeaff

- perf: Disallow mis-matched inherited group reads (bsc#1216584 CVE-2023-5717).
  Implement KABI fix for above
- commit 6ca2dbc

- Update patch reference for QXL fix (CVE-2023-39198 bsc#1216965)
- commit d6014b6

- Add tag to
  patches.suse/RDMA-irdma-Prevent-zero-length-STAG-registration.patch
  (git-fixes CVE-2023-25775).
- commit 3c6e962

- can: isotp: fix race between isotp_sendsmg() and isotp_release()
  (git-fixes).
- Refresh
  patches.suse/can-isotp-isotp_sendmsg-fix-return-error-fix-on-TX-p.patch.
- commit b988ee1

- can: isotp: split tx timer into transmission and timeout
  (git-fixes).
- commit 65b452a

- can: isotp: fix tx state handling for echo tx processing
  (git-fixes).
- commit 9db78d6

- can: isotp: add local echo tx processing for consecutive frames
  (git-fixes).
- Refresh
  patches.suse/can-isotp-set-default-value-for-N_As-to-50-micro-sec.patch.
- commit 6c424b2

- usb: storage: set 1.50 as the lower bcdDevice for older "Super
  Top" compatibility (git-fixes).
- tty: 8250: Add support for Intashield IX cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes PX cards
  (git-fixes).
- tty: 8250: Add support for Intashield IS-100 (git-fixes).
- tty: 8250: Add support for Brainboxes UP cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes UC cards
  (git-fixes).
- ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection
  (git-fixes).
- PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD
  device (git-fixes).
- clk: Sanitize possible_parent_show to Handle Return Value of
  of_clk_get_parent_name (git-fixes).
- r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en()
  (git-fixes).
- r8152: Check for unplug in rtl_phy_patch_request() (git-fixes).
- ASoC: rt5650: fix the wrong result of key button (git-fixes).
- Input: synaptics-rmi4 - handle reset delay when using SMBus
  trsnsport (git-fixes).
- dmaengine: ste_dma40: Fix PM disable depth imbalance in
  d40_probe (git-fixes).
- irqchip/stm32-exti: add missing DT IRQ flag translation
  (git-fixes).
- ASoC: simple-card: fixup asoc_simple_probe() error handling
  (git-fixes).
- can: isotp: handle wait_event_interruptible() return values
  (git-fixes).
- can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID
  formatting (git-fixes).
- can: isotp: remove re-binding of bound socket (git-fixes).
- can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes).
- can: isotp: set max PDU size to 64 kByte (git-fixes).
- commit d668003

- regmap: prevent noinc writes from clobbering cache (git-fixes).
- pcmcia: ds: fix possible name leak in error path in
  pcmcia_device_add() (git-fixes).
- pcmcia: ds: fix refcount leak in pcmcia_device_add()
  (git-fixes).
- pcmcia: cs: fix possible hung task and memory leak pccardd()
  (git-fixes).
- commit afd2c59

- media: venus: hfi_parser: Add check to keep the number of
  codecs within range (git-fixes).
- media: venus: hfi: add checks to handle capabilities from
  firmware (git-fixes).
- media: venus: hfi: fix the check to handle session buffer
  requirement (git-fixes).
- media: venus: hfi: add checks to perform sanity on queue
  pointers (git-fixes).
- media: siano: Drop unnecessary error check for
  debugfs_create_dir/file() (git-fixes).
- staging: media: ipu3: remove ftrace-like logging (git-fixes).
- media: lirc: drop trailing space from scancode transmit
  (git-fixes).
- media: sharp: fix sharp encoding (git-fixes).
- media: ccs: Correctly initialise try compose rectangle
  (git-fixes).
- media: cedrus: Fix clock/reset sequence (git-fixes).
- media: vidtv: mux: Add check and kfree for kstrdup (git-fixes).
- media: vidtv: psi: Add check for kstrdup (git-fixes).
- media: bttv: fix use after free error due to btv->timeout timer
  (git-fixes).
- media: i2c: max9286: Fix some redundant of_node_put() calls
  (git-fixes).
- media: qcom: camss: Fix missing vfe_lite clocks check
  (git-fixes).
- media: qcom: camss: Fix VFE-17x vfe_disable_output()
  (git-fixes).
- media: qcom: camss: Fix vfe_get() error jump (git-fixes).
- media: qcom: camss: Fix pm_domain_on sequence in probe
  (git-fixes).
- commit b662ba0

- xfs: can't use kmem_zalloc() for attribute buffers
  (bsc#1216909).
- commit 02f7309

- i3c: master: svc: fix SDA keep low when polling IBIWON timeout
  happen (git-fixes).
- i3c: master: svc: fix check wrong status register in irq handler
  (git-fixes).
- i3c: master: svc: fix ibi may not return mandatory data byte
  (git-fixes).
- i3c: master: svc: fix wrong data return when IBI happen during
  start frame (git-fixes).
- i3c: master: svc: fix race condition in ibi work thread
  (git-fixes).
- i3c: Fix potential refcount leak in
  i3c_master_register_new_i3c_devs (git-fixes).
- i3c: master: cdns: Fix reading status register (git-fixes).
- mtd: rawnand: arasan: Include ECC syndrome along with in-band
  data while checking for ECC failure (git-fixes).
- modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host
  (git-fixes).
- dmaengine: stm32-mdma: correct desc prep when channel running
  (git-fixes).
- dmaengine: pxa_dma: Remove an erroneous BUG_ON() in
  pxad_free_desc() (git-fixes).
- dmaengine: ti: edma: handle irq_of_parse_and_map() errors
  (git-fixes).
- usb: raw-gadget: properly handle interrupted requests
  (git-fixes).
- usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm()
  (git-fixes).
- xhci: Loosen RPM as default policy to cover for AMD xHC 1.1
  (git-fixes).
- USB: usbip: fix stub_dev hub disconnect (git-fixes).
- usb: chipidea: Simplify Tegra DMA alignment code (git-fixes).
- usb: chipidea: Fix DMA overwrite for Tegra (git-fixes).
- usb: dwc2: fix possible NULL pointer dereference caused by
  driver concurrency (git-fixes).
- tty: n_gsm: fix race condition in status line change on dead
  connections (git-fixes).
- tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks
  (git-fixes).
- tty: 8250: Fix up PX-803/PX-857 (git-fixes).
- tty: 8250: Fix port count of PX-257 (git-fixes).
- tty: 8250: Remove UC-257 and UC-431 (git-fixes).
- tty/sysrq: replace smp_processor_id() with get_cpu()
  (git-fixes).
- serial: exar: Revert "serial: exar: Add support for Sealevel
  7xxxC serial cards" (git-fixes).
- tty: tty_jobctrl: fix pid memleak in disassociate_ctty()
  (git-fixes).
- seq_buf: fix a misleading comment (git-fixes).
- commit 9eaffc2

- mm/hmm: fault non-owner device private entries (bsc#1216844,
  jsc#PED-7237, git-fixes).
- commit 32900e8

- ARM: 9321/1: memset: cast the constant byte to unsigned char
  (git-fixes).
- leds: trigger: ledtrig-cpu:: Fix 'output may be truncated'
  issue for 'cpu' (git-fixes).
- leds: pwm: Don't disable the PWM when the LED should be off
  (git-fixes).
- leds: turris-omnia: Do not use SMBUS calls (git-fixes).
- mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated
  devs (git-fixes).
- mfd: dln2: Fix double put in dln2_probe (git-fixes).
- mfd: core: Ensure disabled devices are skipped without aborting
  (git-fixes).
- i2c: core: Run atomic i2c xfer when !preemptible (git-fixes).
- ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails
  (git-fixes).
- ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe
  (git-fixes).
- ASoC: ams-delta.c: use component after check (git-fixes).
- ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter
  or member not described (git-fixes).
- ASoC: codecs: wsa-macro: fix uninitialized stack variables
  with name prefix (git-fixes).
- ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time
  (git-fixes).
- ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes).
- ASoC: cs35l41: Undo runtime PM changes at driver exit time
  (git-fixes).
- ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler
  (git-fixes).
- hid: cp2112: Fix duplicate workqueue initialization (git-fixes).
- PCI/sysfs: Protect driver's D3cold preference from user space
  (git-fixes).
- PCI: keystone: Don't discard .probe() callback (git-fixes).
- PCI: keystone: Don't discard .remove() callback (git-fixes).
- PCI: exynos: Don't discard .remove() callback (git-fixes).
- PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common()
  (git-fixes).
- commit ee1f9b6

- selftests/resctrl: Reduce failures due to outliers in MBA/MBM
  tests (git-fixes).
- selftests/resctrl: Ensure the benchmark commands fits to its
  array (git-fixes).
- selftests/pidfd: Fix ksft print formats (git-fixes).
- soc: qcom: llcc: Handle a second device without data corruption
  (git-fixes).
- clk: scmi: Free scmi_clk allocated when the clocks with invalid
  info are skipped (git-fixes).
- mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes).
- drm/vc4: fix typo (git-fixes).
- drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map()
  (git-fixes).
- drm/amd/pm: Handle non-terminated overdrive commands
  (git-fixes).
- drm/mediatek: Fix iommu fault during crtc enabling (git-fixes).
- drm/mediatek: Fix iommu fault by swapping FBs after updating
  plane state (git-fixes).
- drm/amd/display: remove useless check in should_enable_fbc()
  (git-fixes).
- drm/radeon: possible buffer overflow (git-fixes).
- drm/rockchip: cdn-dp: Fix some error handling paths in
  cdn_dp_probe() (git-fixes).
- drm/bridge: tc358768: Fix use of uninitialized variable
  (git-fixes).
- drm/bridge: lt8912b: Add missing drm_bridge_attach call
  (git-fixes).
- drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in
  drm_bridge_state (git-fixes).
- drm/rockchip: vop: Fix call to crtc reset helper (git-fixes).
- drm/rockchip: vop: Fix reset of state in duplicate state crtc
  funcs (git-fixes).
- commit 811f56a

- clk: npcm7xx: Fix incorrect kfree (git-fixes).
- clk: keystone: pll: fix a couple NULL vs IS_ERR() checks
  (git-fixes).
- clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from
  PLL clocks (git-fixes).
- clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM
  (git-fixes).
- clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes).
- clk: qcom: mmcc-msm8998: Don't check halt bit on some branch
  clks (git-fixes).
- clk: qcom: clk-rcg2: Fix clock rate overflow for high parent
  frequencies (git-fixes).
- clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes).
- clk: imx: imx8mq: correct error handling path (git-fixes).
- clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes).
- clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data
  (git-fixes).
- clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data
  (git-fixes).
- clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data
  (git-fixes).
- clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data
  (git-fixes).
- clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data
  (git-fixes).
- clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data
  (git-fixes).
- platform/x86: wmi: Fix probe failure when failing to register
  WMI devices (git-fixes).
- hwmon: (coretemp) Fix potentially truncated sysfs attribute name
  (git-fixes).
- spi: nxp-fspi: use the correct ioremap function (git-fixes).
- spi: tegra: Fix missing IRQ check in tegra_slink_probe()
  (git-fixes).
- regmap: debugfs: Fix a erroneous check after snprintf()
  (git-fixes).
- gpio: mockup: remove unused field (git-fixes).
- gpio: mockup: fix kerneldoc (git-fixes).
- PM: hibernate: Use __get_safe_page() rather than touching the
  list (git-fixes).
- PM / devfreq: rockchip-dfi: Make pmu regmap mandatory
  (git-fixes).
- ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias()
  (git-fixes).
- ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes).
- thermal: core: prevent potential string overflow (git-fixes).
- wifi: ath11k: fix htt pktlog locking (git-fixes).
- wifi: ath11k: fix dfs radar event locking (git-fixes).
- wifi: ath11k: fix temperature event locking (git-fixes).
- wifi: iwlwifi: empty overflow queue during flush (git-fixes).
- wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
- wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes).
- wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for
  debugfs_create_file() (git-fixes).
- wifi: iwlwifi: Use FW rate for non-data frames (git-fixes).
- wifi: iwlwifi: honor the enable_ini value (git-fixes).
- wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes).
- can: dev: can_put_echo_skb(): don't crash kernel if
  can_priv::echo_skb is accessed out of bounds (git-fixes).
- can: dev: can_restart(): fix race condition between controller
  restart and netif_carrier_on() (git-fixes).
- can: dev: can_restart(): don't crash kernel if carrier is OK
  (git-fixes).
- can: sja1000: Fix comment (git-fixes).
- drm/gud: Use size_add() in call to struct_size() (git-fixes).
- commit 23d4c08

- rpm/check-for-config-changes: add AS_WRUSS to IGNORED_CONFIGS_RE
  Add AS_WRUSS as an IGNORED_CONFIGS_RE entry in check-for-config-changes
  to fix build on x86_32.
  There was a fix submitted to upstream but it was not accepted:
  https://lore.kernel.org/all/20231031140504.GCZUEJkMPXSrEDh3MA@fat_crate.local/
  So carry this in IGNORED_CONFIGS_RE instead.
- commit 7acca37

- io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid
  (bsc#1216693 CVE-2023-46862).
- commit 7e92d76

- blacklist.conf: Add d243b34459ce kernel/fork: beware of __put_task_struct() calling context
- commit 6b082e7

- net-memcg: Fix scope of sockmem pressure indicators
  (bsc#1216759).
- commit adef0b8

- blacklist.conf: Add dc6e0818bc9a sched/cpuacct: Optimize away RCU read lock
- commit 3d40657

- x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-fixes).
- commit 589a255

- x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-fixes).
- commit 7c87ee0

- x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
- commit b9734f1

- x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-fixes).
- commit 4f89ad9

- x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
- commit 83c32c0

- x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes).
- commit 215ed36

- x86/sev: Fix calculation of end address based on number of pages (git-fixes).
- commit 4005ffa

- iio: exynos-adc: request second interupt only when touchscreen
  mode is used (git-fixes).
- iio: adc: xilinx-xadc: Correct temperature offset/scale for
  UltraScale (git-fixes).
- iio: adc: xilinx-xadc: Don't clobber preset voltage/temperature
  thresholds (git-fixes).
- misc: fastrpc: Clean buffers on remote invocation failures
  (git-fixes).
- i2c: stm32f7: Fix PEC handling in case of SMBUS transfers
  (git-fixes).
- i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node()
  (git-fixes).
- i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node()
  (git-fixes).
- i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node()
  (git-fixes).
- i2c: aspeed: Fix i2c bus hang in slave read (git-fixes).
- drm/i915/pmu: Check if pmu is closed before stopping event
  (git-fixes).
- firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels()
  (git-fixes).
- r8152: Release firmware if we have an error in probe
  (git-fixes).
- r8152: Cancel hw_phy_work if we have an error in probe
  (git-fixes).
- r8152: Run the unload routine if we have errors during probe
  (git-fixes).
- r8152: Increase USB control msg timeout to 5000ms as per spec
  (git-fixes).
- net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg
  (git-fixes).
- net: ieee802154: adf7242: Fix some potential buffer overflow
  in adf7242_stats_show() (git-fixes).
- treewide: Spelling fix in comment (git-fixes).
- commit e69ab42

- netfilter: nf_tables: skip bound chain on rule flush
  (bsc#1215095 CVE-2023-3777).
- commit afb7c25

- Update
  patches.suse/0001-x86-sev-Disable-MMIO-emulation-from-user-mode.patch
  (bsc#1212649 CVE-2023-46813).
- Update
  patches.suse/0002-x86-sev-Check-IOBM-for-IOIO-exceptions-from-user-spa.patch
  (bsc#1212649 CVE-2023-46813).
- Update
  patches.suse/0003-x86-sev-Check-for-user-space-IOIO-pointing-to-kernel.patch
  (bsc#1212649 CVE-2023-46813).
- commit dd6a315

- quota: Fix slow quotaoff (bsc#1216621).
- commit 988e5f4

- x86/sev: Check for user-space IOIO pointing to kernel space
  (bsc#1212649).
- commit 816f817

- x86/sev: Check IOBM for IOIO exceptions from user-space
  (bsc#1212649).
- commit 2b69036

- x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
- commit 5dae47e

- phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins
  (git-fixes).
- phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
- phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
- gpio: vf610: set value before the direction to avoid a glitch
  (git-fixes).
- platform/surface: platform_profile: Propagate error if profile
  registration fails (git-fixes).
- platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c
  events (git-fixes).
- platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from
  0x20 to 0x2e (git-fixes).
- USB: serial: option: add Fibocom to DELL custom modem FM101R-GL
  (git-fixes).
- USB: serial: option: add entry for Sierra EM9191 with new
  firmware (git-fixes).
- USB: serial: option: add Telit LE910C4-WWX 0x1035 composition
  (git-fixes).
- mmc: core: Capture correct oemid-bits for eMMC cards
  (git-fixes).
- Bluetooth: hci_sock: Correctly bounds check and pad
  HCI_MON_NEW_INDEX name (git-fixes).
- Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
- Bluetooth: hci_sock: fix slab oob read in create_monitor_event
  (git-fixes).
- Bluetooth: hci_event: Fix coding style (git-fixes).
- Bluetooth: Reject connection with the device which has same
  BD_ADDR (git-fixes).
- Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Positivo C4128B
  (git-fixes).
- drm: panel-orientation-quirks: Add quirk for One Mix 2S
  (git-fixes).
- HID: multitouch: Add required quirk for Synaptics 0xcd7e device
  (git-fixes).
- HID: holtek: fix slab-out-of-bounds Write in
  holtek_kbd_input_event (git-fixes).
- wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
- wifi: mac80211: allow transmitting EAPOL frames with tainted
  key (git-fixes).
- wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
- wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
- wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len
  (git-fixes).
- Bluetooth: Avoid redundant authentication (git-fixes).
- Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
- i2c: mux: Avoid potential false error message in
  i2c_mux_add_adapter (git-fixes).
- gpio: timberdale: Fix potential deadlock on &tgpio->lock
  (git-fixes).
- commit b480af6

- nvme-fc: Prevent null pointer dereference in
  nvme_fc_io_getuuid() (bsc#1214842).
- commit 3b513db

- ubi: Refuse attaching if mtd's erasesize is 0 (CVE-2023-31085
  bsc#1210778).
- commit 86e05f1

- Update
  patches.suse/USB-ene_usb6250-Allocate-enough-memory-for-full-obje.patch
  (bsc#1216051 CVE-2023-45862).
  Retroactively recognized as a security issue
- commit 716929e

- KVM: s390: fix gisa destroy operation might lead to cpu stalls
  (git-fixes bsc#1216512).
- commit 3976fa9

- s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
- commit 2bb6835

- s390/cio: fix a memleak in css_alloc_subchannel (git-fixes
  bsc#1216510).
- commit d475feb

- ACPI: irq: Fix incorrect return value in acpi_register_gsi()
  (git-fixes).
- Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()"
  (git-fixes).
- mtd: rawnand: qcom: Unmap the right resource upon probe failure
  (git-fixes).
- mtd: rawnand: pl353: Ensure program page operations are
  successful (git-fixes).
- mtd: rawnand: arasan: Ensure program page operations are
  successful (git-fixes).
- mtd: spinand: micron: correct bitmask for ecc status
  (git-fixes).
- mtd: physmap-core: Restore map_rom fallback (git-fixes).
- mtd: rawnand: marvell: Ensure program page operations are
  successful (git-fixes).
- mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw
  (git-fixes).
- mmc: core: sdio: hold retuning if sdio in 1-bit mode
  (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe
  errors (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind
  (git-fixes).
- ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
- ASoC: codecs: wcd938x: drop bogus bind error handling
  (git-fixes).
- ASoC: pxa: fix a memory leak in probe() (git-fixes).
- drm/i915: Retry gtt fault when out of fence registers
  (git-fixes).
- commit 766bf5d

- net/sched: fix netdevice reference leaks in
  attach_default_qdiscs() (git-fixes).
- commit 31c27cf

- net: sched: add barrier to fix packet stuck problem for lockless
  qdisc (bsc#1216345).
- commit 508758e

- net: sched: fixed barrier to prevent skbuff sticking in qdisc
  backlog (bsc#1216345).
- commit 839637c

- Fix metadata references
- commit 42e4c9a

- net: rfkill: gpio: prevent value glitch during probe
  (git-fixes).
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset()
  (git-fixes).
- gve: Do not fully free QPL pages on prefill errors (git-fixes).
- Bluetooth: hci_event: Fix using memcmp when comparing keys
  (git-fixes).
- Bluetooth: Fix a refcnt underflow problem for hci_conn
  (git-fixes).
- Bluetooth: hci_event: Ignore NULL link key (git-fixes).
- nfc: nci: fix possible NULL pointer dereference in
  send_acknowledge() (git-fixes).
- thunderbolt: Check that lane 1 is in CL0 before enabling lane
  bonding (git-fixes).
- thunderbolt: Workaround an IOMMU fault on certain systems with
  Intel Maple Ridge (git-fixes).
- Input: powermate - fix use-after-free in
  powermate_config_complete (git-fixes).
- Input: xpad - add PXN V900 support (git-fixes).
- Input: goodix - ensure int GPIO is in input for gpio_count ==
  1 && gpio_int_idx == 0 case (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA
  (git-fixes).
- drm/amdgpu: add missing NULL check (git-fixes).
- drm/amd/display: Don't set dpms_off for seamless boot
  (git-fixes).
- pinctrl: avoid unsafe code pattern in find_pinctrl()
  (git-fixes).
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
  (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset
  (git-fixes).
- commit e8f9edc

- sched/rt: Fix live lock between select_fallback_rq() and RT push
  (git fixes (sched)).
- sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes
  (sched)).
- commit a2350c1

- blacklist.conf: Applies only to RCU tiny configurations
- commit 1d1726b

- blacklist.conf: Cosmetic change for !SMP configurations
- commit c9d6cc0

- blacklist.conf: KABI hazard, only backport in response to a customer bug to justify the complexity
- commit 96bc817

- sched/deadline,rt: Remove unused parameter from
  pick_next_[rt|dl]_entity() (git fixes (sched)).
- Refresh
  patches.suse/sched-rt-pick_next_rt_entity-check-list_entry.patch.
- commit d7f894e

- regmap: fix NULL deref on lookup (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd low when exiting
  mode (git-fixes).
- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer
  (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
  (git-fixes).
- usb: dwc3: Soft reset phy on probe for host (git-fixes).
- usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap
  call (git-fixes).
- usb: musb: Get the musb_qh poniter after musb_giveback
  (git-fixes).
- usb: musb: Modify the "HWVers" register address (git-fixes).
- usb: cdnsp: Fixes issue with dequeuing not queued requests
  (git-fixes).
- iio: pressure: ms5611: ms5611_prom_is_valid false negative bug
  (git-fixes).
- iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
- iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
- counter: microchip-tcb-capture: Fix the use of internal GCLK
  logic (git-fixes).
- Input: psmouse - fix fast_reconnect function for PS/2 mode
  (git-fixes).
- dmaengine: stm32-mdma: abort resume if no ongoing transfer
  (git-fixes).
- dmaengine: mediatek: Fix deadlock caused by synchronize_irq()
  (git-fixes).
- dmaengine: idxd: use spin_lock_irqsave before
  wait_event_lock_irq (git-fixes).
- drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid
  overflow (git-fixes).
- drm/msm/dsi: fix irq_of_parse_and_map() error checking
  (git-fixes).
- drm/msm/dsi: skip the wait for video mode done if not applicable
  (git-fixes).
- drm/msm/dp: do not reinitialize phy unless retry during link
  training (git-fixes).
- drm/vmwgfx: fix typo of sizeof argument (git-fixes).
- nfc: nci: assert requested protocol is valid (git-fixes).
- ieee802154: ca8210: Fix a potential UAF in ca8210_probe
  (git-fixes).
- pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
- ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
- commit 7f63276

- netfilter: nf_tables: unbind non-anonymous set if rule
  construction fails (git-fixes).
- commit b7f718b

- KVM: SVM: Don't kill SEV guest if SMAP erratum triggers in
  usermode (git-fixes).
- commit 5316d19

- KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs
  is changed (git-fixes).
- commit 1d58a92

- vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()
  (git-fixes).
- commit d4a31a2

- 9p: virtio: make sure 'offs' is initialized in zc_request
  (git-fixes).
- commit 66e7266

- Update config files: unset CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_64B
  for Arm
  Configuration option CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_64B=y is used
  only in the armv7hl + arm64 configurations and appears to be a relic
  from the update procedure in commit 98da1c5f42d ("SLE15-SP4: Update the
  base kernel version to 5.14.").
  Unset it because the option is intended for debugging, not really useful
  for production and makes the text size of vmlinux unnecessarily bigger
  by ~10%
- commit 4229357

- xen-netback: use default TX queue size for vifs (git-fixes).
- commit 84805af

- netfilter: nf_tables: skip immediate deactivate in
  _PREPARE_ERROR (CVE-2023-39193 bsc#1215860).
- commit 6c937af

- kabi: workaround for enum nft_trans_phase (bsc#1215104).
- commit 0a3d3d4

- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with
  bound set/chain (git-fixes).
- commit 2e62a61

- Update metadata
- commit e780ccd

- net: usb: dm9601: fix uninitialized variable use in
  dm9601_mdio_read (git-fixes).
- commit 236df4a

- crypto: qat - fix crypto capability detection for 4xxx
  (PED-6401).
- crypto: qat - Remove unused function declarations (PED-6401).
- crypto: qat - use kfree_sensitive instead of memset/kfree()
  (PED-6401).
- crypto: qat - replace the if statement with min() (PED-6401).
- crypto: qat - add heartbeat counters check (PED-6401).
- crypto: qat - add heartbeat feature (PED-6401).
- crypto: qat - add measure clock frequency (PED-6401).
- crypto: qat - drop obsolete heartbeat interface (PED-6401).
- crypto: qat - add internal timer for qat 4xxx (PED-6401).
- crypto: qat - add fw_counters debugfs file (PED-6401).
- crypto: qat - change value of default idle filter (PED-6401).
- crypto: qat - do not export adf_init_admin_pm() (PED-6401).
- crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
- crypto: qat - extend configuration for 4xxx (PED-6401).
- crypto: qat - refactor fw config logic for 4xxx (PED-6401).
- crypto: qat - make fw images name constant (PED-6401).
- crypto: qat - move returns to default case (PED-6401).
- crypto: qat - unmap buffers before free for RSA (PED-6401).
- crypto: qat - unmap buffer before free for DH (PED-6401).
- crypto: qat - update slice mask for 4xxx devices (PED-6401).
- crypto: qat - set deprecated capabilities as reserved
  (PED-6401).
- crypto: qat - add missing function declaration in adf_dbgfs.h
  (PED-6401).
- crypto: qat - move dbgfs init to separate file (PED-6401).
- crypto: qat - drop redundant adf_enable_aer() (PED-6401).
- crypto: qat - fix apply custom thread-service mapping for dc
  service (PED-6401).
- crypto: qat - add support for 402xx devices (PED-6401).
- crypto: qat - make state machine functions static (PED-6401).
- crypto: qat - refactor device restart logic (PED-6401).
- crypto: qat - replace state machine calls (PED-6401).
- crypto: qat - fix concurrency issue when device state changes
  (PED-6401).
- crypto: qat - delay sysfs initialization (PED-6401).
- crypto: qat - Include algapi.h for low-level Crypto API
  (PED-6401).
- crypto: qat - drop log level of msg in get_instance_node()
  (PED-6401).
- Documentation: qat: change kernel version (PED-6401).
- crypto: qat - add qat_zlib_deflate (PED-6401).
- crypto: qat - extend buffer list logic interface (PED-6401).
- crypto: qat - fix spelling mistakes from 'bufer' to 'buffer'
  (PED-6401).
- crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe
  (PED-6401).
- Documentation: qat: rewrite description (PED-6401).
- commit 3c119b1

- cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
- commit 555c311

- vmbus_testing: fix wrong python syntax for integer value
  comparison (git-fixes).
- Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present
  CPUs (git-fixes).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc()
  fails (git-fixes).
- commit a15e7ae

- nvmet-tcp: Fix a possible UAF in queue intialization setup
  (bsc#1215768 CVE-2023-5178).
- commit b965ee1

- bpf: Fix incorrect verifier pruning due to missing register
  precision taints (bsc#1215518 CVE-2023-2163).
- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- commit 71da1d6

- net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
- net: mana: Fix TX CQE error handling (bsc#1215986).
- commit 3666b58

- xen/events: replace evtchn_rwlock with RCU (bsc#1215745,
  xsa-441, cve-2023-34324).
- commit 291fb99

- netfilter: nfnetlink_osf: avoid OOB read (bsc#1216046
  CVE-2023-39189).
- commit 77dc791

- blacklist.conf: the codebase changed too much to backport the patch
- commit 11474a7

- kabi: blkcg_policy_data fix KABI (bsc#1216062).
- commit cf25442

- blk-cgroup: support to track if policy is online (bsc#1216062).
- commit 45c3300

- mm, memcg: reconsider kmem.limit_in_bytes deprecation
  (bsc#1208788 bsc#1213705).
- commit bdf774a

- Revert "Delete patches.suse/memcg-drop-kmem-limit_in_bytes.patch."
  This reverts commit 52c1db3eb4e2acbdd91aaaefddc26b7207cd4c90.
  It'll be fixed differently in a following commit.
  Restore the commit with upstream commit already for proper sorting.
- commit 8474b47

- blk-cgroup: Fix NULL deref caused by blkg_policy_data being
  installed before init (bsc#1216062).
- commit c2395af

- blacklist.conf: Add 82b90b6c5b38 cgroup:namespace: Remove unused cgroup_namespaces_init()
- commit 6f5ac45

- HID: sony: remove duplicate NULL check before calling
  usb_free_urb() (git-fixes).
- commit 7cd0962

- i2c: mux: gpio: Replace custom acpi_get_local_address()
  (git-fixes).
- commit ef5fd69

- gpio: aspeed: fix the GPIO number passed to
  pinctrl_gpio_set_config() (git-fixes).
- gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
- platform/x86: think-lmi: Fix reference leak (git-fixes).
- HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit
  (git-fixes).
- HID: sony: Fix a potential memory leak in sony_probe()
  (git-fixes).
- wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling
  (git-fixes).
- wifi: mwifiex: Fix oob check condition in
  mwifiex_process_rx_packet (git-fixes).
- wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
- wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
- wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
- net: nfc: llcp: Add lock when modifying device list (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in
  __smsc75xx_read_reg (git-fixes).
- leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
- regmap: rbtree: Fix wrong register marked as in-cache when
  creating new node (git-fixes).
- nilfs2: fix potential use after free in
  nilfs_gccache_submit_read_data() (git-fixes).
- Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" (git-fixes).
- serial: 8250_port: Check IRQ data before use (git-fixes).
- firmware: arm_ffa: Don't set the memory region attributes for
  MEM_LEND (git-fixes).
- soc: imx8m: Enable OCOTP clock for imx8mm before reading
  registers (git-fixes).
- firmware: imx-dsp: Fix an error handling path in
  imx_dsp_setup_channels() (git-fixes).
- bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
- bus: ti-sysc: Use fsleep() instead of usleep_range() in
  sysc_reset() (git-fixes).
- i2c: npcm7xx: Fix callback completion ordering (git-fixes).
- ata: libata-core: Do not register PM operations for SAS ports
  (git-fixes).
- ata: libata-core: Fix port and device removal (git-fixes).
- ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
- ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
- ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED
  OPERATION CODES (git-fixes).
- gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip
  (git-fixes).
- clk: tegra: fix error return case for recalc_rate (git-fixes).
- power: supply: ucs1002: fix error code in ucs1002_get_property()
  (git-fixes).
- gpio: tb10x: Fix an error handling path in tb10x_gpio_probe()
  (git-fixes).
- i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
- i2c: mux: demux-pinctrl: check the return value of
  devm_kstrdup() (git-fixes).
- i2c: i801: unregister tco_pdev in i801_probe() error path
  (git-fixes).
- ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link
  (git-fixes).
- ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag
  (git-fixes).
- ALSA: hda: Disable power save for solving pop issue on Lenovo
  ThinkCentre M70q (git-fixes).
- spi: stm32: add a delay before SPI disable (git-fixes).
- spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
- drm/amdgpu: Handle null atom context in VBIOS info ioctl
  (git-fixes).
- drm/amd/display: Don't check registers, if using AUX BL control
  (git-fixes).
- spi: sun6i: fix race between DMA RX transfer completion and
  RX FIFO drain (git-fixes).
- spi: sun6i: reduce DMA RX transfer width to single byte
  (git-fixes).
- watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not
  already running (git-fixes).
- watchdog: iTCO_wdt: No need to stop the timer in probe
  (git-fixes).
- commit 22d41cc

- net: usb: smsc75xx: Fix uninit-value access in
  __smsc75xx_read_reg (git-fixes).
- commit 38bd5fc

- r8152: check budget for r8152_poll() (git-fixes).
- commit b4330ba

- RDMA/core: Require admin capabilities to set system parameters (git-fixes)
- commit 165e98e

- RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
- commit ad12009

- RDMA/mlx5: Fix NULL string error (git-fixes)
- commit 5556b81

- IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
- commit 8c4cdf4

- RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
- commit a7c580d

- RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
- commit 7e80897

- RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
- commit 6e18278

- RDMA/siw: Fix connection failure handling (git-fixes)
- commit 107f7c6

- RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
- commit ecb5c5e

- doc/README.PATCH-POLICY.SUSE: Convert the document to Markdown
  (jsc#PED-5021)
- commit c05cfc9

- doc/README.SUSE: Convert the document to Markdown (jsc#PED-5021)
- commit bff5e3e

- ring-buffer: Do not attempt to read past "commit" (git-fixes).
- commit ee556e0

- ring-buffer: Avoid softlockup in ring_buffer_resize()
  (git-fixes).
- commit bd7050f

- tracing: Make trace_marker{,_raw} stream-like (git-fixes).
- commit fda0bf6

- ring-buffer: Update "shortest_full" in polling (git-fixes).
- commit aad1d04

- ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
- commit 296da6c

- tracing: Have event inject files inc the trace array ref count
  (git-fixes).
- commit 817c093

- tracing: Have option files inc the trace array ref count
  (git-fixes).
- commit 921a48a

- tracing: Have current_trace inc the trace array ref count
  (git-fixes).
- commit 586ee6a

- tracing: Have tracing_max_latency inc the trace array ref count
  (git-fixes).
- commit 322c826

- tracing: Increase trace array ref count on enable and filter
  files (git-fixes).
- commit fa9da0d

- kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
- commit de7b87f

- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback
  support (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops
  callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops
  callback (bsc#1212423).
- commit b7a7693

- Update
  patches.suse/ipv6-sr-fix-out-of-bounds-read-when-setting-HMAC-dat.patch
  (bsc#1211592 CVE-2023-2860).
- commit 6e15654

- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- commit 7ac0d16

- KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
- commit 14aa242

- s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956
  LTC#203788 bsc#1215957).
- commit a4355b3

- sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem
  (bsc#1215955).
- commit 59f5010

- blacklist.conf: Add c0f78fd5edcf cgroup/cpuset: Iterate only if DEADLINE tasks are present
  ... and its prereqs
- commit a4ba12c

- blacklist.conf: Add 98dfdd9ee939 sched/psi: Select KERNFS as needed
- commit d326b7e

- x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
- commit 48235ff

- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772).
- commit 237820b

- x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
- Refresh patches.suse/x86-srso-add-ibpb_brtype-support.patch.
- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
- commit 8ed20a4

- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes
  bsc#1215941).
- commit a62865f

- x86/cpu, kvm: Add the SMM_CTL MSR not present feature  (bsc#1213772).
- Refresh patches.suse/x86-srso-add-ibpb_brtype-support.patch.
- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
- commit aed5f36

- x86/cpu, kvm: Add the Null Selector Clears Base feature  (bsc#1213772).
- Refresh patches.suse/x86-srso-add-ibpb_brtype-support.patch.
- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
- commit 8f2a48f

- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf  (bsc#1213772).
- Refresh patches.suse/x86-srso-add-ibpb_brtype-support.patch.
- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
- commit 553f579

- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
- Refresh patches.suse/x86-srso-add-ibpb_brtype-support.patch.
- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
- commit 80fb630

- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit  propagation  code (bsc#1213772).
- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
- commit f21e4e4

- KVM: x86: synthesize CPUID leaf 0x80000021h if useful  (bsc#1213772).
- Refresh
  patches.suse/KVM-x86-Mask-off-reserved-bits-in-CPUID.80000001H.patch.
- Refresh
  patches.suse/KVM-x86-Move-lookup-of-indexed-CPUID-leafs-to-helper.
- commit 3d1c8b5

- KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
- Refresh
  patches.suse/KVM-x86-Mask-off-reserved-bits-in-CPUID.80000001H.patch.
- commit 320f1ae

- net: xfrm: Fix xfrm_address_filter OOB read (CVE-2023-39194
  bsc#1215861).
- commit 55308cb

- netfilter: xt_sctp: validate the flag_info count (CVE-2023-39193
  bsc#1215860).
- commit 5ec24b7

- netfilter: xt_u32: validate user space input (CVE-2023-39192
  bsc#1215858).
- commit 292c059

- ipv4: fix null-deref in ipv4_link_failure (CVE-2023-42754
  bsc#1215467).
- commit ad87dd3

- KVM: s390: pv: fix external interruption loop not always
  detected (git-fixes bsc#1215916).
- commit f1893aa

- btrfs: fix root ref counts in error handling in
  btrfs_get_root_ref (bsc#1214351 CVE-2023-4389).
- commit 3731029

- KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
  (git-fixes bsc#1215915).
- commit fe7fbfc

- KVM: s390/diag: fix racy access of physical cpu number in diag
  9c handler (git-fixes bsc#1215911).
- commit 6454286

- fs/smb/client: Reset password pointer to NULL (bsc#1215899
  CVE-2023-5345).
- commit 679511d

- blacklist.conf: kABi breakage (vmalloc)
- commit 10bad47

- KVM: s390: interrupt: use READ_ONCE() before cmpxchg()
  (git-fixes bsc#1215896).
- commit 8726736

- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes
  bsc#1215895).
- commit 9ff1a1e

- KVM: s390: vsie: Fix the initialization of the epoch extension
  (epdx) field (git-fixes bsc#1215894).
- commit 9c5bbd7

- doc/README.PATCH-POLICY.SUSE: Remove the list of links (jsc#PED-5021)
  All links have been incorporated into the text. Remove now unnecessary
  list at the end of the document.
- commit 43d62b1

- doc/README.SUSE: Adjust heading style (jsc#PED-5021)
  * Underscore all headings as a preparation for Markdown conversion.
  * Use title-style capitalization for the document name and
  sentence-style capitalization for section headings, as recommended in
  the current SUSE Documentation Style Guide.
- commit 11e3267

- netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro
  for ip_set_hash_netportnet.c (CVE-2023-42753 bsc#1215150).
- commit 7a6be79

- tcp: Reduce chance of collisions in inet6_hashfn()
  (CVE-2023-1206 bsc#1212703).
- commit e3ebd17

- blacklist.conf: workqueue: compiler warning on 32-bit systems with
  Clang (bsc#1215877)
- commit b7e65aa

- blacklist.conf: workqueue: Code refactoring
- commit e204334

- blacklist.conf: printk: the changes look good but they do not fix
  any serious problem
- commit c560ceb

- printk: ringbuffer: Fix truncating buffer size min_t cast
  (bsc#1215875).
- commit e0d3999

- scsi: storvsc: Handle additional SRB status values (git-fixes).
- commit d1a5f2f

- scsi: qedf: Add synchronization between I/O completions and
  abort (bsc#1210658).
- commit 96a8c32

- gve: fix frag_list chaining (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: use vmalloc_array and vcalloc (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants
  (bsc#1214479).
- gve: Add AF_XDP zero-copy support for GQI-QPL format
  (bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format
  (bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- commit 4dd2d8d

- net: sched: sch_qfq: Fix UAF in qfq_dequeue() (CVE-2023-4921
  bsc#1215275).
- commit 9408063

- fs: no need to check source (bsc#1215752).
- commit 1a42abf

- Refresh
  patches.suse/drm-msm-dpu-drop-enum-dpu_core_perf_data_bus_id.patch
  (git-fixes)
  Alt-commit
- commit f8178cd

- Refresh
  patches.suse/drm-amd-display-check-attr-flag-before-set-cursor-de.patch
  (git-fixes)
  Alt-commit
- commit f507792

- Refresh
  patches.suse/drm-amdgpu-Fix-vram-recover-doesn-t-work-after-whole.patch
  (git-fixes)
  Alt-commit
- commit 38e2a92

- Refresh
  patches.suse/drm-amdgpu-add-a-missing-lock-for-AMDGPU_SCHED.patch
  (git-fixes)
  Alt-commit
- commit 2ecd3e8

- Refresh
  patches.suse/drm-amd-display-fix-flickering-caused-by-S-G-mode.patch
  (git-fixes)
  Alt-commit
- commit 33e82b2

- Refresh
  patches.suse/drm-nouveau-kms-nv50-fix-nv50_wndw_new_-prototype.patch
  (git-fixes)
  Alt-commit
- commit 4c21b50

- SUNRPC: Mark the cred for revalidation if the server rejects it
  (git-fixes).
- NFS/pNFS: Report EINVAL errors from connect() to the server
  (git-fixes).
- nfsd: fix change_info in NFSv4 RENAME replies (git-fixes).
- pNFS: Fix assignment of xprtdata.cred (git-fixes).
- NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).
- NFS: Guard against READDIR loop when entry names exceed
  MAXNAMELEN (git-fixes).
- nfs/blocklayout: Use the passed in gfp flags (git-fixes).
- NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info
  (git-fixes).
- NFSD: da_addr_body field missing in some GETDEVICEINFO replies
  (git-fixes).
- fs: lockd: avoid possible wrong NULL parameter (git-fixes).
- nfsd: Fix race to FREE_STATEID and cl_revoked (git-fixes).
- xprtrdma: Remap Receive buffers after a reconnect (git-fixes).
- NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).
- NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).
- NFSv4: Fix dropped lock for racing OPEN and delegation return
  (git-fixes).
- commit 087b1c4

- doc/README.PATCH-POLICY.SUSE: Reflow text to 80-column width
  (jsc#PED-5021)
- commit be0158c

- uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).
- commit 68da368

- usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).
- commit bd8b5cf

- usb: ehci: add workaround for chipidea PORTSC.PEC bug
  (git-fixes).
- commit a447793

- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
- commit 613dba7

- doc/README.PATCH-POLICY.SUSE: Update information about the tools
  (jsc#PED-5021)
  * Replace bugzilla.novell.com with bugzilla.suse.com and FATE with Jira.
  * Limit the range of commits in the exportpatch example to prevent it
  from running for too long.
  * Incorporate URLs directly into the text.
  * Fix typos and improve some wording, in particular avoid use of "there
  is/are" and prefer the present tense over the future one.
- commit c0bea0c

- doc/README.PATCH-POLICY.SUSE: Update information about the patch
  format (jsc#PED-5021)
  * Replace bugzilla.novell.com with bugzilla.suse.com and FATE with Jira.
  * Remove references to links to the patchtools and kernel source. They
  are incorporated in other parts of the text.
  * Use sentence-style capitalization for section headings, as recommended
  in the current SUSE Documentation Style Guide.
  * Fix typos and some wording, in particular avoid use of "there is/are".
- commit ce98345

- doc/README.PATCH-POLICY.SUSE: Update the summary and background
  (jsc#PED-5021)
  * Drop information about patches being split into directories per
  a subsystem because that is no longer the case.
  * Remove the mention that the expanded tree is present since SLE11-SP2
  as that is now only a historical detail.
  * Incorporate URLs and additional information in parenthenses directly
  into the text.
  * Fix typos and improve some wording.
- commit 640988f

- kernel-binary: Move build-time definitions together
  Move source list and build architecture to buildrequires to aid in
  future reorganization of the spec template.
- commit 30e2cef

- net: mana: Add page pool for RX buffers (bsc#1214040).
- bnx2x: new flag for track HW resource allocation (bsc#1202845
  bsc#1215322).
- commit 0f79d4d

- blacklist.conf: Ignore redundant patch
- commit 6d0ecfc

- powerpc/fadump: make is_kdump_kernel() return false when fadump
  is active (bsc#1212639 ltc#202582).
- vmcore: remove dependency with is_kdump_kernel() for exporting
  vmcore (bsc#1212639 ltc#202582).
- commit a5cc68e

- x86/srso: Fix srso_show_state() side effect (git-fixes).
- commit 619e525

- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- commit 5e42be0

- x86/srso: Don't probe microcode in a guest (git-fixes).
- commit 74b567d

- x86/srso: Set CPUID feature bits independently of bug or mitigation  status (git-fixes).
- commit c6caed4

- platform/x86: intel_scu_ipc: Fail IPC send if still busy
  (git-fixes).
- platform/x86: intel_scu_ipc: Don't override scu in
  intel_scu_ipc_dev_simple_command() (git-fixes).
- platform/x86: intel_scu_ipc: Check status upon timeout in
  ipc_wait_for_interrupt() (git-fixes).
- platform/x86: intel_scu_ipc: Check status after timeout in
  busy_loop() (git-fixes).
- ASoC: imx-audmix: Fix return error with devm_clk_get()
  (git-fixes).
- ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates
  (git-fixes).
- ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol
  (git-fixes).
- ASoC: meson: spdifin: start hw on dai probe (git-fixes).
- ALSA: hda/realtek: Splitting the UX3402 into two separate models
  (git-fixes).
- commit 5e7ab5c

- Update
  patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch.
  (bsc#1207036 CVE-2023-23454)
  Fold downstream fixup of caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12.
- commit 6635291

- scsi: lpfc: Prevent use-after-free during rmmod with mapped
  NVMe rports (git-fixes).
- scsi: lpfc: Early return after marking final NLP_DROPPED flag
  in dev_loss_tmo (git-fixes).
- scsi: lpfc: Fix the NULL vs IS_ERR() bug for
  debugfs_create_file() (git-fixes).
- commit 39e6404

- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir()
  (git-fixes).
- scsi: qla2xxx: Use raw_smp_processor_id() instead of
  smp_processor_id() (git-fixes).
- commit 2981c3a

- fuse: nlookup missing decrement in fuse_direntplus_link
  (bsc#1215581).
- commit 7cedbed

- Drop amdgpu patch causing spamming (bsc#1215523)
  Deleted:
  patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch.
- commit 2cab595

- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- commit cc9aa11

- USB: core: Change usb_get_device_descriptor() API (bsc#1213123
  CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552).
  Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk)
  Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context)
- commit 6271d90

- virtio-net: set queues after driver_ok (git-fixes).
- commit a8caba5

- vhost: handle error while adding split ranges to iotlb
  (git-fixes).
- commit 059dc93

- vhost: allow batching hint without size (git-fixes).
- commit 8c5d403

- kernel-binary: python3 is needed for build
  At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18
  Other simimlar scripts may exist.
- commit c882efa

- KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
- commit e049205

- KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues
  (git-fixes).
- commit fced801

- blacklist.conf: add b439eb8ab57855, as prereq patch is missing
- commit 7f6a95d

- vhost_vdpa: fix the crash in unmap a large memory (git-fixes).
- commit 5c68686

- iommu/virtio: Detach domain on endpoint release (git-fixes).
- commit b648ef9

- vhost-scsi: unbreak any layout for response (git-fixes).
- commit 374c9ef

- drm/virtio: Use appropriate atomic state in
  virtio_gpu_plane_cleanup_fb() (git-fixes).
- commit 491eae6

- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling
  (git-fixes).
- commit e8e33de

- virtio-net: fix race between set queues and probe (git-fixes).
- commit 1089568

- virtio_net: Fix probe failed when modprobe virtio_net
  (git-fixes).
- commit 5915735

- virtio_net: add checking sq is full inside xdp xmit (git-fixes).
- commit 87c00dd

- virtio_net: separate the logic of checking whether sq is full
  (git-fixes).
- commit 7064a0d

- virtio_net: reorder some funcs (git-fixes).
- commit 4f7fbb1

- nvme-auth: use chap->s2 to indicate bidirectional authentication
  (bsc#1214543).
- commit 41ae88c

- module: Expose module_init_layout_section() (git-fixes)
- commit 54615cb

- arm64: tegra: Update AHUB clock parent and rate (git-fixes)
- commit d3da4d8

- arm64: module: Use module_init_layout_section() to spot init sections (git-fixes)
- commit f80791e

- arm64: sdei: abort running SDEI handlers during crash (git-fixes)
- commit ec53ad3

- virtio: acknowledge all features before access (git-fixes).
- commit 4e146ad

- hwrng: virtio - Fix race on data_avail and actual data
  (git-fixes).
- commit 6d20bd3

- virtio-rng: make device ready before making request (git-fixes).
- commit c09ce65

- vhost: fix hung thread due to erroneous iotlb entries
  (git-fixes).
- commit cc76cf8

- arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)
- commit 89467e1

- arm64: module-plts: inline linux/moduleloader.h (git-fixes)
- commit afca04d

- hwrng: virtio - always add a pending request (git-fixes).
- commit 912363c

- hwrng: virtio - don't waste entropy (git-fixes).
- commit 4771c4e

- hwrng: virtio - don't wait on cleanup (git-fixes).
- commit e9188eb

- af_unix: Fix null-ptr-deref in unix_stream_sendpage()
  (CVE-2023-4622 bsc#1215117).
- commit a6ce336

- hwrng: virtio - add an internal buffer (git-fixes).
- commit 477109e

- net/sched: sch_hfsc: Ensure inner classes have fsc curve
  (CVE-2023-4623 bsc#1215115).
- commit 72e753f

- virtio_ring: fix avail_wrap_counter in virtqueue_add_packed
  (git-fixes).
- commit 60546dd

- net: do not allow gso_size to be set to GSO_BY_FRAGS
  (git-fixes).
- commit b96a7ad

- virtio-mmio: don't break lifecycle of vm_dev (git-fixes).
- commit 45da2ea

- KVM: SEV: remove ghcb variable declarations (CVE-2023-4155
  bsc#1214022).
- KVM: SEV: only access GHCB fields once (CVE-2023-4155
  bsc#1214022).
- KVM: SEV: snapshot the GHCB before accessing it (CVE-2023-4155
  bsc#1214022).
- commit f5b3d4d

- xen: remove a confusing comment on auto-translated guest I/O
  (git-fixes).
- commit 80c5d27

- x86/PVH: avoid 32-bit build warning when obtaining VGA console
  info (git-fixes).
- commit 8d6614d

- doc/README.SUSE: Reflow text to 80-column width (jsc#PED-5021)
- commit e8f2c67

- doc/README.SUSE: Minor content clean up (jsc#PED-5021)
  * Mark the user's build directory as a variable, not a command:
  'make -C $(your_build_dir)' -> 'make -C $YOUR_BUILD_DIR'.
  * Unify how to get the current directory: 'M=$(pwd)' -> 'M=$PWD'.
  * 'GIT' / 'git' -> 'Git'.
- commit 1cb4ec8

- blacklist.conf: Append 'Revert "fbcon: Use kzalloc() in fbcon_prepare_logo()"'
- commit 501bd2e

- blacklist.conf: Append 'video/aperture: Only remove sysfb on the default vga pci device'
- commit bfaaaff

- doc/README.SUSE: Update information about module paths
  (jsc#PED-5021)
  * Use version variables to describe names of the
  /lib/modules/$VERSION-$RELEASE-$FLAVOR/... directories
  instead of using specific example versions which get outdated quickly.
  * Note: Keep the /lib/modules/ prefix instead of using the new
  /usr/lib/modules/ location for now. The updated README is expected to
  be incorporated to various branches that are not yet usrmerged.
- commit 7eba2f0

- doc/README.SUSE: Update information about custom patches
  (jsc#PED-5021)
  * Replace mention of various patches.* directories with only
  patches.suse as the typical location for patches.
  * Replace i386 with x86_64 in the example how to define a config addon.
  * Fix some typos and wording.
- commit 2997d22

- blacklist.conf: Append 'parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory()'
- commit 30a9db6

- blacklist.conf: Append 'parisc/agp: Annotate parisc agp init functions with __init'
- commit 9eb45cc

- ata: libata: disallow dev-initiated LPM transitions to
  unsupported states (git-fixes).
- i2c: aspeed: Reset the i2c controller when timeout occurs
  (git-fixes).
- selftests: tracing: Fix to unmount tracefs for recovering
  environment (git-fixes).
- drm/amd/display: fix the white screen issue when >= 64GB DRAM
  (git-fixes).
- drm: gm12u320: Fix the timeout usage for usb_bulk_msg()
  (git-fixes).
- commit 1f4e814

- btrfs: don't hold CPU for too long when defragging a file
  (bsc#1214988).
- commit 9b89645

- 9p/xen : Fix use after free bug in xen_9pfs_front_remove due
  to race condition (bsc#1215206, CVE-2023-1859).
- commit f333aa7

- doc/README.SUSE: Update information about config files
  (jsc#PED-5021)
  * Use version variables to describe a name of the /boot/config-... file
  instead of using specific example versions which get outdated quickly.
  * Replace removed silentoldconfig with oldconfig.
  * Mention that oldconfig can automatically pick a base config from
  "/boot/config-$(uname -r)".
  * Avoid writing additional details in parentheses, incorporate them
  instead properly in the text.
- commit cba5807

- doc/README.SUSE: Update the patch selection section
  (jsc#PED-5021)
  * Make the steps how to obtain expanded kernel source more generic in
  regards to version numbers.
  * Use '#' instead of '$' as the command line indicator to signal that
  the steps need to be run as root.
  * Update the format of linux-$SRCVERSION.tar.bz2 to xz.
  * Improve some wording.
- commit e14852c

- netfilter: nftables: exthdr: fix 4-byte stack OOB write
  (CVE-2023-4881 bsc#1215221).
- commit 0de26c1

- doc/README.SUSE: Update information about (un)supported modules
  (jsc#PED-5021)
  * Update the list of taint flags. Convert it to a table that matches the
  upstream documentation format and describe specifically flags that are
  related to module support status.
  * Fix some typos and wording.
- commit e46f0df

- doc/README.SUSE: Bring information about compiling up to date
  (jsc#PED-5021)
  * When building the kernel, don't mention to initially change the
  current directory to /usr/src/linux because later description
  discourages it and specifies to use 'make -C /usr/src/linux'.
  * Avoid writing additional details in parentheses, incorporate them
  instead properly in the text.
  * Fix the obsolete name of /etc/modprobe.d/unsupported-modules ->
  /etc/modprobe.d/10-unsupported-modules.conf.
  * Drop a note that a newly built kernel should be added to the boot
  manager because that normally happens automatically when running
  'make install'.
  * Update a link to the Kernel Module Packages Manual.
  * When preparing a build for external modules, mention use of the
  upstream recommended 'make modules_prepare' instead of a pair of
  'make prepare' + 'make scripts'.
  * Fix some typos+grammar.
- commit b9b7e79

- sctp: leave the err path free in sctp_stream_init to
  sctp_stream_free (CVE-2023-2177 bsc#1210643).
- commit 337b7d8

- doc/README.SUSE: Bring the overview section up to date
  (jsc#PED-5021)
  * Update information in the overview section that was no longer
  accurate.
  * Improve wording and fix some typos+grammar.
- commit 798c075

- doc/README.SUSE: Update the references list (jsc#PED-5021)
  * Remove the reference to Linux Documentation Project. It has been
  inactive for years and mostly contains old manuals that aren't
  relevant for contemporary systems and hardware.
  * Update the name and link to LWN.net. The original name "Linux Weekly
  News" has been deemphasized over time by its authors.
  * Update the link to Kernel newbies website.
  * Update the reference to The Linux Kernel Module Programming Guide. The
  document has not been updated for over a decade but it looks its
  content is still relevant for today.
  * Point Kernel Module Packages Manual to the current version.
  * Add a reference to SUSE SolidDriver Program.
- commit 0edac75

- doc/README.SUSE: Update title information (jsc#PED-5021)
  * Drop the mention of kernel versions from the readme title.
  * Remove information about the original authors of the document. Rely as
  in case of other readmes on Git metadata to get information about all
  contributions.
  * Strip the table of contents. The document is short and easy to
  navigate just by scrolling through it.
- commit 06f5139

- doc/README.SUSE: Update information about DUD (jsc#PED-5021)
  Remove a dead link to description of Device Update Disks found
  previously on novell.com. Replace it with a short section summarizing
  what DUD is and reference the mkdud + mksusecd tools and their
  documentation for more information.
- commit 7eeba4e

- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events
  (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows
  (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more
  descriptors (git-fixes).
- kselftest/runner.sh: Propagate SIGTERM to runner child
  (git-fixes).
- commit 495d04f

- Delete patches.suse/genksyms-add-override-flag.diff.
  Unncessary after KBUILD_OVERRIDE removed.
- commit 870adc7

- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- commit 834e1c2

- jbd2: restore t_checkpoint_io_list to maintain kABI
  (bsc#1214946).
- commit 1a1980a

- rpm/kernel-binary.spec.in: Drop use of KBUILD_OVERRIDE=1
  Genksyms has functionality to specify an override for each type in
  a symtypes reference file. This override is then used instead of an
  actual type and allows to preserve modversions (CRCs) of symbols that
  reference the type. It is kind of an alternative to doing kABI fix-ups
  with '#ifndef __GENKSYMS__'. The functionality is hidden behind the
  genksyms --preserve option which primarily tells the tool to strictly
  verify modversions against a given reference file or fail.
  Downstream patch patches.suse/genksyms-add-override-flag.diff which is
  present in various kernel-source branches separates the override logic.
  It allows it to be enabled with a new --override flag and used without
  specifying the --preserve option. Setting KBUILD_OVERRIDE=1 in the spec
  file is then a way how the build is told that --override should be
  passed to all invocations of genksyms. This was needed for SUSE kernels
  because their build doesn't use --preserve but instead resulting CRCs
  are later checked by scripts/kabi.pl.
  However, this override functionality was not utilized much in practice
  and the only use currently to be found is in SLE11-SP1-LTSS. It means
  that no one should miss this option and KBUILD_OVERRIDE=1 together with
  patches.suse/genksyms-add-override-flag.diff can be removed.
  Notes for maintainers merging this commit to their branches:
  * Downstream patch patches.suse/genksyms-add-override-flag.diff can be
  dropped after merging this commit.
  * Branch SLE11-SP1-LTSS uses the mentioned override functionality and
  this commit should not be merged to it, or needs to be reverted
  afterwards.
- commit 4aa02b8

- drm/display: Don't assume dual mode adaptors support i2c
  sub-addressing (bsc#1213808).
- commit 9c64306

- blacklist.conf: Add ef73dcaa3121 ("powerpc: xmon: remove unused variables")
- commit 78179fa

- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
  (bsc#1065729).
- powerpc/xics: Remove unnecessary endian conversion
  (bsc#1065729).
- word-at-a-time: use the same return type for has_zero regardless
  of endianness (bsc#1065729).
- commit bde8063

- mlx4: Delete custom device management logic (bsc#1187236).
- mlx4: Connect the infiniband part to the auxiliary bus
  (bsc#1187236).
- mlx4: Connect the ethernet part to the auxiliary bus
  (bsc#1187236).
- mlx4: Register mlx4 devices to an auxiliary virtual bus
  (bsc#1187236).
- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver
  (bsc#1187236).
- mlx4: Move the bond work to the core driver (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.activate callback
  (bsc#1187236).
- mlx4: Replace the mlx4_interface.event callback with a notifier
  (bsc#1187236).
- commit 0aba257

- mlx4: Use 'void *' as the event param of mlx4_dispatch_event()
  (bsc#1187236).
- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.get_dev callback
  (bsc#1187236).
- net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
- kabi/severities: ignore mlx4 internal symbols
- tracing: Fix race issue between cpu buffer write and swap
  (git-fixes).
- tracing: Remove extra space at the end of hwlat_detector/mode
  (git-fixes).
- tracing: Remove unnecessary copying of tr->current_trace
  (git-fixes).
- bpf: Clear the probe_addr for uprobe (git-fixes).
- commit 47e9584

- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes).
- commit 74c2613

- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
- commit a8877f3

- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
- commit 670fb4d

- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
- commit 9871c87

- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes).
- commit 3949a2b

- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
- commit 4534667

- x86/sgx: Reduce delay and interference of enclave release (git-fixes).
- commit ef6d157

- x86/rtc: Remove __init for runtime functions (git-fixes).
- commit 4511d93

- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
- commit cb39678

- x86/mce: Retrieve poison range from hardware (git-fixes).
- commit c9f1ddb

- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
- commit 96d9365

- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
- commit 12a2933

- x86/resctl: fix scheduler confusion with 'current' (git-fixes).
- commit 0d855b9

- x86/purgatory: remove PGO flags (git-fixes).
- commit 9d8ada6

- x86/ioapic: Don't return 0 from arch_dynirq_lower_bound() (git-fixes).
- commit ea0772f

- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
- commit c1031f1

- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes).
- commit bbfad26

- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
- commit bf6d064

- x86/cpu: Add Lunar Lake M (git-fixes).
- commit 7ecc64d

- x86/bugs: Reset speculation control settings on init (git-fixes).
- commit 2a6dd8e

- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
- commit ac06968

- x86/alternative: Fix race in try_get_desc() (git-fixes).
- commit d841323

- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
- commit 11f0960

- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
- commit cae635f

- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
- commit 2a03ef8

- Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset"
  (git-fixes).
- PCI: Free released resource after coalescing (git-fixes).
- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
- ntb: Drop packets when qp link is down (git-fixes).
- ntb: Clean up tx tail index on link down (git-fixes).
- idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
- commit a1c9c68

- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42
  codecs (git-fixes).
- arm64: csum: Fix OoB access in IP checksum code for negative
  lengths (git-fixes).
- commit f43b75b

- patches.suse/ovl-remove-privs-in-ovl_copyfile.patch:(git-fixes).
- commit daa1815

- s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (bsc#1214873
  git-fixes).
- commit b0dc76c

- nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
- nvme-tcp: delay error recovery until the next KATO interval
  (bsc#1201284).
- nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
- nvme-tcp: Do not terminate commands when in RESETTING
  (bsc#1201284).
- commit 96ee377

- s390/zcrypt: don't leak memory if dev_set_name() fails
  (git-fixes bsc#1215148).
- commit 62bce52

- drm/amd/display: prevent potential division by zero errors
  (git-fixes).
- drm/i915: mark requests for GuC virtual engines to avoid
  use-after-free (git-fixes).
- net: phy: micrel: Correct bit assignments for phy_device flags
  (git-fixes).
- pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
- i3c: master: svc: fix probe failure when no i3c device exist
  (git-fixes).
- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt()
  (git-fixes).
- commit 3aa0807

- blacklist.conf: kABI
- commit fe6afec

- blacklist.conf: kABI
- commit b1fabe7

- blacklist.conf: kABI
- commit c50e08f

- Input: tca6416-keypad - fix interrupt enable disbalance
  (git-fixes).
- commit de27518

- fs: do not update freeing inode i_io_list (bsc#1214813).
- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE
  (bsc#1214813).
- commit 2c1c38b

- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load
  (git-fixes).
- backlight: gpio_backlight: Drop output GPIO direction check
  for initial power state (git-fixes).
- USB: serial: option: add FOXCONN T99W368/T99W373 product
  (git-fixes).
- USB: serial: option: add Quectel EM05G variant (0x030e)
  (git-fixes).
- tcpm: Avoid soft reset when partner does not support get_status
  (git-fixes).
- usb: typec: tcpci: clear the fault status bit (git-fixes).
- ARM: pxa: remove use of symbol_get() (git-fixes).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove
  due to race condition (git-fixes).
- usb: typec: tcpci: move tcpci.h to include/linux/usb/
  (git-fixes).
- commit 72d5b0f

- blacklist.conf: add git-fix to ignore
  this one removes unused kABI functions, but
  just leave them in
- commit 8007015

- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
- commit 1ed2b1b

- blacklist.conf: 9011e49d54dc ("modules: only allow symbol_get of
  EXPORT_SYMBOL_GPL modules") is not really fixing any existing bug.
- commit 550f5fc

- Move upstreamed pinctrl patch into sorted section
- commit 38f70f2

- Update References tag
  patches.suse/Bluetooth-L2CAP-Fix-use-after-free-in-l2cap_sock_rea.patch
  (git-fixes bsc#1214233 CVE-2023-40283).
- commit 731b49d

- ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
- kconfig: fix possible buffer overflow (git-fixes).
- commit 4a140a1

- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- commit ac82be8

- Refresh sorted section
- commit a6fbcee

- netfilter: nf_tables: use correct lock to protect gc_list
  (CVE-2023-4563 bsc#1214727).
- netfilter: nf_tables: GC transaction race with abort path
  (CVE-2023-4563 bsc#1214727).
- netfilter: nf_tables: GC transaction race with netns dismantle
  (CVE-2023-4563 bsc#1214727).
- netfilter: nf_tables: fix GC transaction races with netns and
  netlink event exit path (CVE-2023-4563 bsc#1214727).
- netfilter: nf_tables: fix kdoc warnings after gc rework
  (CVE-2023-4563 bsc#1214727).
- refresh
  - patches.kabi/kabi-hide-changes-in-struct-nft_set.patch
- kabi: hide changes in struct nft_set (CVE-2023-4563
  bsc#1214727).
- netfilter: nf_tables: GC transaction API to avoid race with
  control plane (CVE-2023-4563 bsc#1214727).
- commit cfed41c

- quota: add new helper dquot_active() (bsc#1214998).
- commit 26cc2da

- quota: rename dquot_active() to inode_quota_active()
  (bsc#1214997).
- commit c4d7e83

- quota: factor out dquot_write_dquot() (bsc#1214995).
- commit 40e5ccd

- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
- commit 47ff352

- block/mq-deadline: use correct way to throttling write requests
  (bsc#1214993).
- commit a152c28

- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost
  (bsc#1214992).
- commit 61a6c12

- loop: Fix use-after-free issues (bsc#1214991).
- commit 761b7ce

- loop: loop_set_status_from_info() check before assignment
  (bsc#1214990).
- commit 777c353

- blk-iocost: fix divide by 0 error in calc_lcoefs()
  (bsc#1214986).
- commit bfe49ae

- cpufreq: Fix the race condition while updating the
  transition_task of policy (git-fixes).
- rpmsg: glink: Add check for kstrdup (git-fixes).
- leds: turris-omnia: Drop unnecessary mutex locking (git-fixes).
- leds: trigger: tty: Do not use LED_ON/OFF constants, use
  led_blink_set_oneshot instead (git-fixes).
- leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always
  false (git-fixes).
- leds: multicolor: Use rounded division when calculating color
  components (git-fixes).
- leds: pwm: Fix error code in led_pwm_create_fwnode()
  (git-fixes).
- docs: printk-formats: Fix hex printing of signed values
  (git-fixes).
- commit 1c98d58

- scsi: qedf: Fix firmware halt over suspend and resume
  (git-fixes).
- scsi: qedi: Fix firmware halt over suspend and resume
  (git-fixes).
- scsi: snic: Fix possible memory leak if device_add() fails
  (git-fixes).
- scsi: core: Fix possible memory leak if device_add() fails
  (git-fixes).
- scsi: core: Fix legacy /proc parsing buffer overflow
  (git-fixes).
- scsi: 53c700: Check that command slot is not NULL (git-fixes).
- scsi: fnic: Replace return codes in fnic_clean_pending_aborts()
  (git-fixes).
- scsi: scsi_debug: Remove dead code (git-fixes).
- scsi: 3w-xxxx: Add error handling for initialization failure
  in tw_probe() (git-fixes).
- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
- commit f8c12c2

- cifs: Fix UAF in cifs_demultiplex_thread() (bsc#1208995
  CVE-2023-1192).
- commit 542332a

- blacklist.conf: add git-fix that breaks kabi
- commit 8b9578b

- udf: Fix uninitialized array access for some pathnames
  (bsc#1214967).
- commit 00df6f1

- udf: Fix off-by-one error when discarding preallocation
  (bsc#1214966).
- commit 03b82ad

- udf: Fix file corruption when appending just after end of
  preallocated extent (bsc#1214965).
- commit 4b5134d

- udf: Fix extension of the last extent in the file (bsc#1214964).
- commit ae72675

- quota: fix dqput() to follow the guarantees dquot_srcu should
  provide (bsc#1214963).
- commit e6fd888

- quota: fix warning in dqgrab() (bsc#1214962).
- commit e51a8ce

- quota: Properly disable quotas when add_dquot_ref() fails
  (bsc#1214961).
- commit 4d1d992

- fs: Lock moved directories (bsc#1214959).
- commit cae328c

- fs: Establish locking order for unrelated directories
  (bsc#1214958).
- commit 5f1d5b9

- ext4: Remove ext4 locking of moved directory (bsc#1214957).
- commit 37394c0

- blacklist.conf: Blacklist 69562eb0bd3e
- commit 1f4b3d5

- sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes).
- sched/fair: Fix inaccurate tally of ttwu_move_affine (git
  fixes).
- commit 4be7d48

- jbd2: correct the end of the journal recovery scan range
  (bsc#1214955).
- commit 11f4a50

- ext4: fix memory leaks in
  ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- commit 4b6c845

- jbd2: check 'jh->b_transaction' before removing it from
  checkpoint (bsc#1214953).
- commit 03f7b6f

- jbd2: fix checkpoint cleanup performance regression
  (bsc#1214952).
- commit 5a6fc81

- ext4: avoid potential data overflow in next_linear_group
  (bsc#1214951).
- commit 3e19652

- ext4: correct inline offset when handling xattrs in inode body
  (bsc#1214950).
- commit 86048c8

- jbd2: fix a race when checking checkpoint buffer busy
  (bsc#1214949).
- commit 003f040

- jbd2: Fix wrongly judgement for buffer head removing while
  doing checkpoint (bsc#1214948).
- commit 4a7cf2e

- jbd2: remove journal_clean_one_cp_list() (bsc#1214947).
- commit c697d1d

- jbd2: remove t_checkpoint_io_list (bsc#1214946).
- commit fb2b64f

- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
- commit bc0367a

- ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).
- commit bf72f09

- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
- commit a5e1fe1

- ext4: get block from bh in ext4_free_blocks for fast commit
  replay (bsc#1214942).
- commit f797e3b

- ext4: reflect error codes from ext4_multi_mount_protect()
  to its callers (bsc#1214941).
- commit eadc3e7

- USB: core: Fix oversight in SuperSpeed initialization
  (bsc#1213123 CVE-2023-37453).
- commit 6b6c148

- ext4: set goal start correctly in ext4_mb_normalize_request
  (bsc#1214940).
- commit cc90b6a

- blacklist.conf: Not a fix, relatively high risk of performance regression
- commit fd04425

- USB: core: Fix race by not overwriting udev->descriptor in
  hub_port_init() (bsc#1213123 CVE-2023-37453).
- commit a1f446d

- USB: core: Unite old scheme and new scheme descriptor reads
  (bsc#1213123 CVE-2023-37453).
- commit 9f60ef1

- Refresh
  patches.suse/0002-nvme-tcp-fix-potential-unbalanced-freeze-unfreeze.patch.
- Refresh
  patches.suse/0003-nvme-rdma-fix-potential-unbalanced-freeze-unfreeze.patch.
- commit 452e63f

- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE
  (git-fixes).
- scsi: lpfc: Modify when a node should be put in device recovery
  mode during RSCN (git-fixes).
- scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
- commit 8c191d2

- scsi: qla2xxx: Remove unused variables in
  qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
- Revert "scsi: qla2xxx: Fix buffer overrun" (bsc#1214928).
- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit()
  (bsc#1214928).
- scsi: qla2xxx: Remove unsupported ql2xenabledif option
  (bsc#1214928).
- scsi: qla2xxx: Error code did not return to upper layer
  (bsc#1214928).
- scsi: qla2xxx: Add logs for SFP temperature monitoring
  (bsc#1214928).
- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
- scsi: qla2xxx: Flush mailbox commands on chip reset
  (bsc#1214928).
- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
- commit 1dd6a86

- series: update meta data
  Move qla2xxx, lpcf, powerpc, net anc cpu patches into main section.
- commit b5aafc0

- scsi: RDMA/srp: Fix residual handling (git-fixes)
- commit 429e77b

- RDMA/efa: Fix wrong resources deallocation order (git-fixes)
- commit c7f667b

- RDMA/siw: Correct wrong debug message (git-fixes)
- commit 3732fc1

- RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes)
- commit 9281d22

- Revert "IB/isert: Fix incorrect release of isert connection" (git-fixes)
- commit 1b277c9

- RDMA/irdma: Prevent zero-length STAG registration (git-fixes)
- commit e55bab1

- IB/uverbs: Fix an potential error pointer dereference (git-fixes)
- commit 0e5f5fb

- RDMA/hns: Fix CQ and QP cache affinity (git-fixes)
- commit fee7fe7

- RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes)
- commit 988bb43

- RDMA/hns: Fix port active speed (git-fixes)
- commit f1ca0f2

- RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes)
- commit dd0f3ab

- RDMA/irdma: Replace one-element array with flexible-array member (git-fixes)
- commit e8addea

- RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes)
- commit c2623e0

- RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes)
- commit c6f50a4

- IB/hfi1: Fix possible panic during hotplug remove (git-fixes)
- commit 632a598

- RDMA/umem: Set iova in ODP flow (git-fixes)
- commit ec8b3f4

- RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes)
- commit 1ff5e5f

- dmaengine: ste_dma40: Add missing IRQ check in d40_probe
  (git-fixes).
- dmaengine: idxd: Modify the dependence of attribute
  pasid_enabled (git-fixes).
- phy/rockchip: inno-hdmi: do not power on rk3328 post pll on
  reg write (git-fixes).
- phy/rockchip: inno-hdmi: round fractal pixclock in rk3328
  recalc_rate (git-fixes).
- phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328
  (git-fixes).
- mtd: rawnand: fsmc: handle clk prepare error in
  fsmc_nand_resume() (git-fixes).
- mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes).
- mtd: rawnand: brcmnand: Fix potential out-of-bounds access in
  oob write (git-fixes).
- mtd: rawnand: brcmnand: Fix crash during the panic_write
  (git-fixes).
- mtd: rawnand: brcmnand: Fix potential false time out warning
  (git-fixes).
- mtd: spi-nor: Check bus width while setting QE bit (git-fixes).
- HID: wacom: remove the battery when the EKR is off (git-fixes).
- HID: logitech-dj: Fix error handling in
  logi_dj_recv_switch_to_dj_mode() (git-fixes).
- HID: multitouch: Correct devm device reference for hidinput
  input_dev name (git-fixes).
- media: i2c: rdacm21: Fix uninitialized value (git-fixes).
- media: i2c: ccs: Check rules is non-NULL (git-fixes).
- media: ov2680: Fix regulators being left enabled on
  ov2680_power_on() errors (git-fixes).
- media: ov2680: Fix ov2680_set_fmt() which ==
  V4L2_SUBDEV_FORMAT_TRY not working (git-fixes).
- media: ov2680: Add ov2680_fill_format() helper function
  (git-fixes).
- media: ov2680: Don't take the lock for try_fmt calls
  (git-fixes).
- media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes).
- media: ov2680: Fix vflip / hflip set functions (git-fixes).
- media: ov2680: Fix ov2680_bayer_order() (git-fixes).
- media: ov5640: Enable MIPI interface in ov5640_set_power_mipi()
  (git-fixes).
- media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking
  interrupts (git-fixes).
- media: venus: hfi_venus: Only consider sys_idle_indicator on V1
  (git-fixes).
- media: go7007: Remove redundant if statement (git-fixes).
- media: rkvdec: increase max supported height for H.264
  (git-fixes).
- media: cx24120: Add retval check for cx24120_message_send()
  (git-fixes).
- media: dvb-usb: m920x: Fix a potential memory leak in
  m920x_i2c_xfer() (git-fixes).
- media: dib7000p: Fix potential division by zero (git-fixes).
- drivers: usb: smsusb: fix error handling code in
  smsusb_init_device (git-fixes).
- media: v4l2-core: Fix a potential resource leak in
  v4l2_fwnode_parse_link() (git-fixes).
- media: i2c: tvp5150: check return value of devm_kasprintf()
  (git-fixes).
- media: ad5820: Drop unsupported ad5823 from i2c_ and
  of_device_id tables (git-fixes).
- fbdev: Update fbdev source file paths (git-fixes).
- amba: bus: fix refcount leak (git-fixes).
- dma-buf/sync_file: Fix docs syntax (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
  (git-fixes).
- driver core: test_async: fix an error code (git-fixes).
- Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes).
- Documentation: devices.txt: Remove ttySIOC* (git-fixes).
- Documentation: devices.txt: Remove ttyIOC* (git-fixes).
- serial: sc16is7xx: fix bug when first setting GPIO direction
  (git-fixes).
- serial: sc16is7xx: fix broken port 0 uart init (git-fixes).
- serial: tegra: handle clk prepare error in tegra_uart_hw_init()
  (git-fixes).
- serial: sprd: Fix DMA buffer leak issue (git-fixes).
- serial: sprd: Assign sprd_port after initialized to avoid
  wrong access (git-fixes).
- usb: typec: tcpm: set initial svdm version based on pd revision
  (git-fixes).
- usb: dwc3: meson-g12a: do post init to fix broken usb after
  resumption (git-fixes).
- USB: gadget: f_mass_storage: Fix unused variable warning
  (git-fixes).
- usb: phy: mxs: fix getting wrong state with
  mxs_phy_is_otg_host() (git-fixes).
- usb: chipidea: imx: improve logic if samsung,picophy-* parameter
  is 0 (git-fixes).
- platform/x86: dell-sysman: Fix reference leak (git-fixes).
- commit 729e789

- target: compare and write backend driver sense handling
  (bsc#1177719 bsc#1213026).
- Refresh patches.suse/target-rbd-support-COMPARE_AND_WRITE.patch.
- commit a2ae103

- bus: ti-sysc: Fix cast to enum warning (git-fixes).
- commit 586e58b

- Add cherry-picked if to fbdev patch
- commit 32815f6

- ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360
  15-eu0xxx (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable
  mute LED (git-fixes).
- commit 2c05a9a

- ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes).
- commit 3ba2db1

- PCI: microchip: Remove cast between incompatible function type
  (git-fixes).
- PCI: meson: Remove cast between incompatible function type
  (git-fixes).
- PCI: microchip: Correct the DED and SEC interrupt bit offsets
  (git-fixes).
- PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes).
- wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes).
- wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes).
- PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes).
- pinctrl: cherryview: fix address_space_handler() argument
  (git-fixes).
- pinctrl: mcp23s08: check return value of devm_kasprintf()
  (git-fixes).
- ipmi_si: fix a memleak in try_smi_init() (git-fixes).
- ipmi:ssif: Fix a memory leak when scanning for an adapter
  (git-fixes).
- ipmi:ssif: Add check for kstrdup (git-fixes).
- firmware: meson_sm: fix to avoid potential NULL pointer
  dereference (git-fixes).
- firmware: cs_dsp: Fix new control name check (git-fixes).
- fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
  (git-fixes).
- PCI: acpiphp: Use pci_assign_unassigned_bridge_resources()
  only for non-root bus (git-fixes).
- PCI: acpiphp: Reassign resources on bridge if necessary
  (git-fixes).
- commit 10e5d93

- drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes).
- drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes).
- dt-bindings: clocks: imx8mp: make sai4 a dummy clock
  (git-fixes).
- dt-bindings: clock: xlnx,versal-clk: drop select:false
  (git-fixes).
- dt-bindings: crypto: ti,sa2ul: make power-domains conditional
  (git-fixes).
- drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes).
- drm/msm/mdp5: Don't leak some plane state (git-fixes).
- drm/msm: Update dev core dump to not print backwards
  (git-fixes).
- drm/etnaviv: fix dumping of active MMU context (git-fixes).
- drm/amd/pm: fix variable dereferenced issue in
  amdgpu_device_attr_create() (git-fixes).
- drm/mediatek: Fix potential memory leak if vmap() fail
  (git-fixes).
- drm/mediatek: Fix dereference before null check (git-fixes).
- drm/panel: simple: Add missing connector type and pixel format
  for AUO T215HVN01 (git-fixes).
- drm/bridge: fix -Wunused-const-variable= warning (git-fixes).
- drm/armada: Fix off-by-one error in
  armada_overlay_get_property() (git-fixes).
- drm/atomic-helper: Update reference to
  drm_crtc_force_disable_all() (git-fixes).
- drm/tegra: dpaux: Fix incorrect return value of platform_get_irq
  (git-fixes).
- fbdev: fix potential OOB read in fast_imageblit() (git-fixes).
- fbdev: Fix sys_imageblit() for arbitrary image widths
  (git-fixes).
- fbdev: Improve performance of sys_imageblit() (git-fixes).
- commit a3652b5

- docs: kernel-parameters: Refer to the correct bitmap function
  (git-fixes).
- clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src
  (git-fixes).
- clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock
  (git-fixes).
- clk: qcom: camcc-sc7180: fix async resume during probe
  (git-fixes).
- clk: imx: pll14xx: dynamically configure PLL for
  393216000/361267200Hz (git-fixes).
- clk: imx: composite-8m: fix clock pauses when set_rate would
  be a no-op (git-fixes).
- clk: imx8mp: fix sai4 clock (git-fixes).
- clk: sunxi-ng: Modify mismatched function name (git-fixes).
- drivers: clk: keystone: Fix parameter judgment in
  _of_pll_clk_init() (git-fixes).
- bus: ti-sysc: Fix build warning for 64-bit build (git-fixes).
- ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl
  (git-fixes).
- ASoC: tegra: Fix SFC conversion for few rates (git-fixes).
- ALSA: ac97: Fix possible error value of *rac97 (git-fixes).
- ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes).
- drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask
  (git-fixes).
- drm/amdgpu: avoid integer overflow warning in
  amdgpu_device_resize_fb_bar() (git-fixes).
- drm/bridge: anx7625: Drop device lock before
  drm_helper_hpd_irq_event() (git-fixes).
- drm: adv7511: Fix low refresh rate register for ADV7533/5
  (git-fixes).
- drm/ast: Fix DRAM init on AST2200 (git-fixes).
- backlight/lv5207lp: Compare against struct fb_info.device
  (git-fixes).
- backlight/gpio_backlight: Compare against struct fb_info.device
  (git-fixes).
- backlight/bd6107: Compare against struct fb_info.device
  (git-fixes).
- drm/bridge: tc358764: Fix debug print parameter order
  (git-fixes).
- audit: fix possible soft lockup in __audit_inode_child()
  (git-fixes).
- ALSA: ymfpci: Fix the missing snd_card_free() call at probe
  error (git-fixes).
- drm/amd/display: check TG is non-null before checking if enabled
  (git-fixes).
- drm/amd/display: do not wait for mpc idle if tg is disabled
  (git-fixes).
- commit 08c4f7b

- Kbuild: add -Wno-shift-negative-value where -Wextra is used
  (bsc#1214756).
- commit 8140064

- rpm/mkspec-dtb: support for nested subdirs
  Commit 724ba6751532 ("ARM: dts: Move .dts files to vendor
  sub-directories") moved the dts to nested subdirs, add a support for
  that. That is, generate a %dir entry in %files for them.
- commit 6484eda

- wifi: mwifiex: Fix missed return in oob checks failed path
  (git-fixes).
- commit 9baf357

- nilfs2: fix WARNING in mark_buffer_dirty due to discarded
  buffer reuse (git-fixes).
- lib/test_meminit: allocate pages up to order MAX_ORDER
  (git-fixes).
- HWPOISON: offline support: fix spelling in Documentation/ABI/
  (git-fixes).
- wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes).
- wifi: ath9k: protect WMI command response buffer replacement
  with a lock (git-fixes).
- wifi: ath9k: fix races between ath9k_wmi_cmd and
  ath9k_wmi_ctrl_rx (git-fixes).
- wifi: mwifiex: avoid possible NULL skb pointer dereference
  (git-fixes).
- wifi: radiotap: fix kernel-doc notation warnings (git-fixes).
- wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color
  attribute (git-fixes).
- wifi: mwifiex: fix memory leak in mwifiex_histogram_read()
  (git-fixes).
- Bluetooth: btusb: Do not call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- Bluetooth: Fix potential use-after-free when clear keys
  (git-fixes).
- Bluetooth: Remove unused declaration amp_read_loc_info()
  (git-fixes).
- Bluetooth: nokia: fix value check in
  nokia_bluetooth_serdev_probe() (git-fixes).
- wifi: mwifiex: fix error recovery in PCIE buffer descriptor
  management (git-fixes).
- wifi: mt76: mt7915: fix power-limits while chan_switch
  (git-fixes).
- wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH
  (git-fixes).
- wifi: mt76: mt7921: do not support one stream on secondary
  antenna only (git-fixes).
- wifi: mwifiex: Fix OOB and integer underflow when rx packets
  (git-fixes).
- wifi: rtw89: debug: Fix error handling in
  rtw89_debug_priv_btc_manual_set() (git-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow
  errors also in case of OOM (git-fixes).
- hwrng: iproc-rng200 - Implement suspend and resume calls
  (git-fixes).
- crypto: caam - fix unchecked return value error (git-fixes).
- crypto: stm32 - Properly handle pm_runtime_get failing
  (git-fixes).
- hwrng: pic32 - use devm_clk_get_enabled (git-fixes).
- hwrng: nomadik - keep clock enabled while hwrng is registered
  (git-fixes).
- hwmon: (tmp513) Fix the channel number in tmp51x_is_visible()
  (git-fixes).
- spi: tegra20-sflash: fix to check return value of
  platform_get_irq() in tegra_sflash_probe() (git-fixes).
- regmap: rbtree: Use alloc_flags for memory allocations
  (git-fixes).
- commit 243ba95

- docs/process/howto: Replace C89 with C11 (bsc#1214756).
- commit 8393e27

- Kbuild: move to -std=gnu11 (bsc#1214756).
- commit ef844c1

- blacklist.conf: kABI
- commit 382e160

- netfilter: nf_tables: deactivate catchall elements in next
  generation (bsc#1214729 CVE-2023-4569).
- commit 6289fe5

- netfs: fix parameter of cleanup() (bsc#1214743).
- netfs: Fix lockdep warning from taking sb_writers whilst
  holding  mmap_lock (bsc#1214742).
- commit bb32ecc

- selftests/futex: Order calls to futex_lock_pi (git-fixes).
- selftests/resctrl: Close perf value read fd on errors
  (git-fixes).
- selftests/resctrl: Unmount resctrl FS if child fails to run
  benchmark (git-fixes).
- selftests/resctrl: Don't leak buffer in fill_cache()
  (git-fixes).
- PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes).
- ACPI: x86: s2idle: Fix a logic error parsing AMD constraints
  table (git-fixes).
- selftests/harness: Actually report SKIP for signal tests
  (git-fixes).
- pstore/ram: Check start of empty przs during init (git-fixes).
- commit ad35b22

- Move upstreamed powerpc patches into sorted section
- commit 3a27181

- Move upstreamed HID patch into sorted section
- commit 85ada69

- e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738).
- commit 411ade7

- intel/e1000:fix repeated words in comments (jsc#PED-5738).
- commit 36d3f87

- intel: remove unused macros (jsc#PED-5738).
- commit 8c0592a

- e1000: Fix typos in comments (jsc#PED-5738).
- commit b74464e

- e1000: switch to napi_build_skb() (jsc#PED-5738).
- commit 8f3d353

- e1000: switch to napi_consume_skb() (jsc#PED-5738).
- commit b269f24

- tracing: Fix memleak due to race between current_tracer and
  trace (git-fixes).
- commit cd1e0a8

- tracing: Fix cpu buffers unavailable due to 'record_disabled'
  missed (git-fixes).
- commit 8e87d30

- ring-buffer: Do not swap cpu_buffer during resize process
  (git-fixes).
- commit e5ec19f

- xfs: fix sb write verify for lazysbcount (bsc#1214661).
- commit 29e65a8

- cpufreq: intel_pstate: Adjust balance_performance EPP for
  Sapphire Rapids (bsc#1214659).
- commit c3cfee9

- cpufreq: intel_pstate: Enable HWP IO boost for all servers
  (bsc#1208949 jsc#PED-6003 jsc#PED-6004).
- commit bd6042f

- cpufreq: intel_pstate: Fix scaling for hybrid-capable systems
  with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927
  jsc#PED-4929).
- commit 0340dfe

- cpufreq: intel_pstate: hybrid: Use known scaling factor for
  P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- commit 91615ae

- cpufreq: intel_pstate: Read all MSRs on the target CPU
  (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- commit 639f9f6

- cpufreq: intel_pstate: hybrid: Rework HWP calibration
  (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- Update
  patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq-initi.patch
  (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- commit 689587b

- Use the cherry-picked id for an AMDGPU patch and resort
- commit 07365e7

- tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes).
- Refresh
  patches.suse/tty-serial-fsl_lpuart-add-earlycon-for-imx8ulp-platf.patch.
- commit f34a3a2

- selftests: forwarding: tc_actions: Use ncat instead of nc
  (git-fixes).
- watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller
  Hub) (git-fixes).
- thunderbolt: Read retimer NVM authentication status prior
  tb_retimer_set_inbound_sbtx() (git-fixes).
- usb: chipidea: imx: add missing USB PHY DPDM wakeup setting
  (git-fixes).
- usb: chipidea: imx: don't request QoS for imx8ulp (git-fixes).
- usb: gadget: u_serial: Avoid spinlock recursion in
  __gs_console_push (git-fixes).
- pcmcia: rsrc_nonstatic: Fix memory leak in
  nonstatic_release_resource_db() (git-fixes).
- PCI: tegra194: Fix possible array out of bounds access
  (git-fixes).
- tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A
  (git-fixes).
- tty: serial: fsl_lpuart: make rx_watermark configurable for
  different platforms (git-fixes).
- selftests: forwarding: tc_actions: cleanup temporary files
  when test is aborted (git-fixes).
- usb: dwc3: Fix typos in gadget.c (git-fixes).
- commit 5394953

- drm/amd: flush any delayed gfxoff on suspend entry (git-fixes).
- commit d60a005

- i2c: designware: Handle invalid SMBus block data response
  length value (git-fixes).
- drm/qxl: fix UAF on handle creation (git-fixes).
- drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes).
- Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally
  (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free (git-fixes).
- media: v4l2-mem2mem: add lock to protect parameter num_rdy
  (git-fixes).
- ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB
  related warnings (git-fixes).
- drm/amdgpu: install stub fence into potential unused fence
  pointers (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion
  (git-fixes).
- HID: add quirk for 03f0:464a HP Elite Presenter Mouse
  (git-fixes).
- HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech
  G915 TKL Keyboard (git-fixes).
- PCI: s390: Fix use-after-free of PCI resources with per-function
  hotplug (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays
  (git-fixes).
- drm/amd/display: save restore hdcp state when display is
  unplugged from mst hub (git-fixes).
- iio: adc: stx104: Implement and utilize register structures
  (git-fixes).
- iio: adc: stx104: Utilize iomap interface (git-fixes).
- ARM: dts: imx6sll: fixup of operating points (git-fixes).
- commit e2faa35

- clk: Fix slab-out-of-bounds error in devm_clk_release()
  (git-fixes).
- clk: Fix undefined reference to `clk_rate_exclusive_{get,put}'
  (git-fixes).
- pinctrl: renesas: rza2: Add lock around
  pinctrl_generic{{add,remove}_group,{add,remove}_function}
  (git-fixes).
- drm/vmwgfx: Fix shader stage validation (git-fixes).
- dma-buf/sw_sync: Avoid recursive lock during fence signal
  (git-fixes).
- commit 7c5f1b7

- batman-adv: Hold rtnl lock during MTU update via netlink
  (git-fixes).
- commit 8468886

- batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes).
- batman-adv: Fix TT global entry leak when client roamed back
  (git-fixes).
- batman-adv: Do not get eth header before
  batadv_check_management_packet (git-fixes).
- batman-adv: Don't increase MTU when set by user (git-fixes).
- batman-adv: Trigger events for auto adjusted MTU (git-fixes).
- commit d59057e

- smb: client: fix null auth (git-fixes).
- commit f89a725

- powerpc/rtas: block error injection when locked down
  (bsc#1023051).
  Refresh patches.kabi/lockdown-kABI-workaround-for-lockdown_reason-changes.patch
- powerpc/rtas: enture rtas_call is called with MMU enabled
  (bsc#1023051).
- commit e7f7145

- Input: cyttsp4_core - change del_timer_sync() to
  timer_shutdown_sync() (bsc#1213971 CVE-2023-4134).
- commit 2dfd188

- Refresh patches.suse/powerpc-rtas-Keep-MSR-RI-set-when-calling-RTAS.patch.
- commit 0cbb740

- Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428)
  It caused mysterious problem wrt NVMe.
  Better to drop and blacklist for now.
- commit 2257ff2

- powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503).
- commit af67897

- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (bsc#1213927, CVE-2023-20588).
- commit eb5704d

- x86/CPU/AMD: Do not leak quotient data after a division by 0 (bsc#1213927, CVE-2023-20588).
- commit 8b5290e

- scsi: storvsc: Fix handling of virtual Fibre Channel timeouts
  (git-fixes).
- scsi: storvsc: Limit max_sectors for virtual Fibre Channel
  devices (git-fixes).
- scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
- scsi: storvsc: Always set no_report_opcodes (git-fixes).
- commit aace9fd

- old-flavors: Drop 2.6 kernels.
  2.6 based kernels are EOL, upgrading from them is no longer suported.
- commit 7bb5087

- kunit: make kunit_test_timeout compatible with comment
  (git-fixes).
- commit e060c5b

- blacklist.conf: kABI
- commit 2db68b2

- blacklist.conf: kABI
- commit b9b490f

- blacklist.conf: specific to Clang
- commit 0d88df7

- blacklist.conf: not used in our build process
- commit 5705a43

- blacklist.conf: designed to break kABI but relevant only on big endian
- commit 3477f1d

- lib/test_meminit: destroy cache in kmem_cache_alloc_bulk()
  test (git-fixes).
- commit 0595e9f

- blacklist.conf: cleanup
- commit 8d51620

- blacklist.conf: We do not use that tool
- commit f8ec126

- docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx
  (git-fixes).
- commit d96f965

- kabi: Allow extra bugsints (bsc#1213927).
- commit fc75ce0

- Refresh patches.suse/x86-srso-add-ibpb.patch.
  CPU_IBPB_ENTRY is always on so adjust code accordingly.
- commit 0ed13bd

- Update
  patches.suse/net-vmxnet3-fix-possible-NULL-pointer-dereference-in.patch
  (bsc#1200431 bsc#1214451 CVE-2023-4459).
  Added CVE reference.
- commit 13a12f4

- net: nfc: Fix use-after-free caused by nfc_llcp_find_local
  (bsc#1213601 CVE-2023-3863).
- nfc: llcp: simplify llcp_sock_connect() error paths (bsc#1213601
  CVE-2023-3863).
- nfc: llcp: nullify llcp_sock->dev on connect() error paths
  (bsc#1213601 CVE-2023-3863).
- commit 0932a11

- kabi/severities: Ignore newly added SRSO mitigation functions
- commit 4452f05

- tty: fix hang on tty device with no_room set (git-fixes).
- n_tty: Rename tail to old_tail in n_tty_read() (git-fixes).
- commit 22b52a9

- tty: n_gsm: fix the UAF caused by race condition in
  gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: Clear the error flags by writing 1
  for lpuart32 platforms (git-fixes).
- commit 2bc2940

- x86/static_call: Fix __static_call_fixup() (git-fixes).
- commit 57d4f01

- x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
- commit c2d3421

- x86/srso: Explain the untraining sequences a bit more (git-fixes).
- commit f62146e

- x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
- commit 7f39f56

- x86/cpu: Cleanup the untrain mess (git-fixes).
- commit 13632c3

- objtool/x86: Fixup frame-pointer vs rethunk (git-fixes).
- commit 522332f

- objtool: Union instruction::{call_dest,jump_table} (git-fixes).
- commit d5ea86a

- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- commit 847a96f

- xfrm: add NULL check in xfrm_update_ae_params (bsc#1213666
  CVE-2023-3772).
- commit 9e44d01

- x86/cpu: Rename original retbleed methods (git-fixes).
- commit 81c5e75

- x86/cpu: Clean up SRSO return thunk mess (git-fixes).
- commit fa0b815

- objtool/x86: Fix SRSO mess (git-fixes).
- commit 8bf5635

- x86/alternative: Make custom return thunk unconditional (git-fixes).
- commit a446ea5

- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
- commit 06974c4

- x86/cpu: Fix __x86_return_thunk symbol type (git-fixes).
- commit 086adb4

- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with  retpolines and IBT (git-fixes).
- commit 9392b3c

- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes).
- commit 99556d6

- x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
- commit af52734

- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (git-fixes).
- commit 43e1da9

- x86/srso: Fix build breakage with the LLVM linker (git-fixes).
- commit 7af6810

- powerpc/rtas_flash: allow user copy to flash block cache objects
  (bsc#1194869).
- commit 0fccbf5

- i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue
  (git-fixes).
- i2c: hisi: Only handle the interrupt of the driver's transfer
  (git-fixes).
- i2c: designware: Correct length byte validation logic
  (git-fixes).
- fbdev: mmp: fix value check in mmphw_probe() (git-fixes).
- commit 5738f62

- supported.conf: fix typos for -!optional markers
- commit a15b83f

- ALSA: hda/realtek - Remodified 3k pull low procedure
  (git-fixes).
- ASoC: meson: axg-tdm-formatter: fix channel slot allocation
  (git-fixes).
- ASoC: lower "no backend DAIs enabled for ... Port" log severity
  (git-fixes).
- ASoC: rt5665: add missed regulator_bulk_disable (git-fixes).
- ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes).
- ALSA: hda/realtek: Switch Dell Oasis models to use SPI
  (git-fixes).
- ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes).
- ALSA: usb-audio: Add support for Mythware XA001AU capture and
  playback interfaces (git-fixes).
- mmc: wbsd: fix double mmc_free_host() in wbsd_init()
  (git-fixes).
- mmc: block: Fix in_flight[issue_type] value error (git-fixes).
- arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict
  (git-fixes).
- bus: ti-sysc: Flush posted write on enable before reset
  (git-fixes).
- arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4
  (git-fixes).
- soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes).
- net: phy: broadcom: stub c45 read/write for 54810 (git-fixes).
- selftests: mirror_gre_changes: Tighten up the TTL test match
  (git-fixes).
- net: phy: fix IRQ-based wake-on-lan over hibernate / power off
  (git-fixes).
- drm/panel: simple: Fix AUO G121EAN01 panel timings according
  to the docs (git-fixes).
- commit a48515a

- Update config files. Drop the dpt_i2o kernel module.
  For: jsc#PED-4579, CVE-2023-2007
- commit f332a85

- mkspec: Allow unsupported KMPs (bsc#1214386)
- commit 55d8b82

- libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393).
- ceph: defer stopping mdsc delayed_work (bsc#1214392).
- commit 722c601

- check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380).
  gcc7 on SLE 15 does not support this while later gcc does.
- commit 5b41c27

- s390/purgatory: disable branch profiling (git-fixes
  bsc#1214372).
- commit 28f91ce

- scsi: zfcp: Defer fc_rport blocking until after ADISC response
  (git-fixes bsc#1214371).
- commit 5ac3747

- KVM: s390: fix sthyi error handling (git-fixes bsc#1214370).
- commit 3711e45

- powerpc/kexec: Fix build failure from uninitialised variable
  (bsc#1212091 ltc#199106).
- powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106).
- Refresh patches.suse/powerpc-Take-in-account-addition-CPU-node-when-build.patch
- Refresh patches.suse/powerpc-kexec_file-fix-implicit-decl-error.patch
- commit c8f4ed0

- Update
  patches.suse/net-vmxnet3-fix-possible-use-after-free-bugs-in-vmxn.patch
  (bsc#1200431 bsc#1214350 CVE-2023-4387).
  Added CVE reference.
- commit 8897012

- module: avoid allocation if module is already present and ready
  (bsc#1213921).
- commit a42ca12

- module: move check_modinfo() early to early_mod_check()
  (bsc#1213921).
- commit b97680b

- module: move early sanity checks into a helper (bsc#1213921).
- commit d4f0452

- Update config files.
  run_oldconfig.sh
- CONFIG_NVME_VERBOSE_ERRORS=y          gone with a82baa8083b
- CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13   gone with 7e152d55123
- commit 7a11d4b

- module: extract patient module check into helper (bsc#1213921).
- commit de545b1

- Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759)
- commit 63c2b4e

- net: mana: Fix MANA VF unload when hardware is unresponsive
  (git-fixes).
- iavf: fix potential races for FDIR filters (git-fixes).
- ice: Fix RDMA VSI removal during queue rebuild (git-fixes).
- qed: Fix scheduling in a tasklet while getting stats
  (git-fixes).
- i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
  (git-fixes).
- ice: Fix memory management in ice_ethtool_fdir.c (git-fixes).
- net: hns3: fix wrong bw weight of disabled tc issue (git-fixes).
- ice: Fix max_rate check while configuring TX rate limits
  (git-fixes).
- commit 66cd4bc

- powerpc/iommu: Fix iommu_table_in_use for a small default DMA
  window case (bsc#1212091 ltc#199106).
- powerpc/kernel/iommu: Add new iommu_table_in_use() helper
  (bsc#1212091 ltc#199106).
- powerpc/iommu: don't set failed sg dma_address to
  DMA_MAPPING_ERROR (bsc#1212091 ltc#199106).
- powerpc/iommu: return error code from .map_sg() ops (bsc#1212091
  ltc#199106).
- commit 63fd00c

- misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes).
- drm/nouveau/gr: enable memory loads on helper invocation on
  all channels (git-fixes).
- commit 8a7a168

- kernel-binary: Common dependencies cleanup
  Common dependencies are copied to a subpackage, there is no need for
  copying defines or build dependencies there.
- commit 254b03c

- kernel-binary: Drop code for kerntypes support
  Kerntypes was a SUSE-specific feature dropped before SLE 12.
- commit 2c37773

- net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs
  (git-fixes).
- commit 9c04620

- powerpc/iommu: TCEs are incorrectly manipulated with DLPAR
  add/remove of memory (bsc#1212091 ltc#199106).
- powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV
  device (bsc#1212091 ltc#199106).
- pseries/iommu/ddw: Fix kdump to work in absence of
  ibm,dma-window (bsc#1214297 ltc#197503).
- powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters
  (bsc#1212091 ltc#199106).
- powerpc: fix typos in comments (bsc#1212091 ltc#199106).
- powerpc/pseries: Add __init attribute to eligible functions
  (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: Do not try direct mapping with persistent
  memory and one window (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091
  ltc#199106).
- powerpc/pseries/iommu: Add of_node_put() before break
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is
  present (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Check if the default window in use
  before removing it (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091
  ltc#199106).
- powerpc/pseries/iommu: Rename "direct window" to "dma window"
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Make use of DDW for indirect mapping
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Find existing DDW with given property
  name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Update remove_dma_window() to accept
  property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Reorganize iommu_table_setparms*()
  with new helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_property_create() and refactor
  enable_ddw() (bsc#1212091 ltc#199106).
  Refresh patches.suse/powerps-pseries-dma-Add-support-for-2M-IOMMU-page-si.patch
- powerpc/pseries/iommu: Allow DDW windows starting at 0x00
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_list_new_entry() helper
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Replace hard-coded page shift
  (bsc#1212091 ltc#199106).
  Refresh patches.suse/powerpc-iommu-Limit-number-of-TCEs-to-512-for-H_STUF.patch
- commit 4f11eef

- powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059
  git-fixes).
- commit f722e3b

- bnx2x: fix page fault following EEH recovery (bsc#1214299).
- commit f8a9432

- target_core_rbd: fix leak and reduce kmalloc calls
  (bsc#1212873).
- target_core_rbd: fix rbd_img_request.snap_id assignment
  (bsc#1212857).
- target_core_rbd: remove snapshot existence validation code
  (bsc#1212857).
- file: reinstate f_pos locking optimization for regular files
  (bsc#1213759).
- commit 0469dd9

- net: ieee802154: at86rf230: Stop leaking skb's (git-fixes).
- commit 3d175df

- mlxsw: pci: Add shutdown method in PCI driver (git-fixes).
- commit d9c79ec

- blacklist.conf: add drivers/net/ethernet/renesas/ drivers
- commit 0c8d3f5

- sfc: fix crash when reading stats while NIC is resetting
  (git-fixes).
- commit 61c7a4c

- ice: Fix crash by keep old cfg when update TCs more than queues
  (git-fixes).
- commit 4e80ce2

- powerpc/pseries: Honour current SMT state when DLPAR onlining
  CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462
  ltc#200161 ltc#200588).
  Update config files.
- powerpc/pseries: Initialise CPU hotplug callbacks earlier
  (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Allow enabling partial SMT states via sysfs
  (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Remove topology_smt_supported() (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Store the current/max number of threads (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- commit 8bd8972

- sched/psi: use kernfs polling functions for PSI trigger polling
  (bsc#1209799).
- commit 4477665

- md/raid0: Fix performance regression for large sequential writes
  (bsc#1213916).
- md/raid0: Factor out helper for mapping and submitting a bio
  (bsc#1213916).
- commit d85264e

- ceph: don't check for quotas on MDS stray dirs (bsc#1214238).
- commit dcb3418

- iommu/dma: Fix incorrect error return on iommu deferred attach
  (git-fixes).
- Refresh patches.suse/iommu-dma-Fix-arch_sync_dma-for-map.patch.
- Refresh
  patches.suse/iommu-dma-check-config_swiotlb-more-broadly.
- commit c7a880f

- iommu/dma: return error code from iommu_dma_map_sg()
  (git-fixes).
- Refresh patches.suse/iommu-dma-Fix-arch_sync_dma-for-map.patch.
- Refresh
  patches.suse/iommu-dma-check-config_swiotlb-more-broadly.
- commit 5d989c6

- iommu/amd: Fix pci device refcount leak in ppr_notifier()
  (git-fixes).
- iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and
  ivrs_acpihid options (git-fixes).
- iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes).
- iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
  (git-fixes).
- iommu/rockchip: fix permission bits in page table entries v2
  (git-fixes).
- iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes).
- iommu/sun50i: Implement .iotlb_sync_map (git-fixes).
- iommu/sun50i: Fix flush size (git-fixes).
- iommu/sun50i: Fix R/W permission check (git-fixes).
- iommu/sun50i: Consider all fault sources for reset (git-fixes).
- iommu/sun50i: Fix reset release (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in
  dmar_dev_scope_init() (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in has_external_pci()
  (git-fixes).
- iommu/vt-d: Set SRE bit only when hardware has SRS cap
  (git-fixes).
- iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging
  entries (git-fixes).
- iommu/vt-d: Clean up si_domain in the init_dmars() error path
  (git-fixes).
- iommu/iova: Fix module config properly (git-fixes).
- iommu/omap: Fix buffer overflow in debugfs (git-fixes).
- iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT
  device to identity (git-fixes).
- iommu/vt-d: Check correct capability for sagaw determination
  (git-fixes).
- iommu/vt-d: Correctly calculate sagaw value of IOMMU
  (git-fixes).
- iommu/vt-d: Fix kdump kernels boot failure with scalable mode
  (git-fixes).
- iommu/amd: use full 64-bit value in build_completion_wait()
  (git-fixes).
- iommu/amd: Fix compile warning in init code (git-fixes).
- iommu/amd: Add PCI segment support for ivrs_ commands
  (git-fixes).
- iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up
  to 35bit (git-fixes).
- iommu/dma: Fix iova map result check bug (git-fixes).
- iommu/arm-smmu-v3: check return value after calling
  platform_get_resource() (git-fixes).
- iommu/arm-smmu: fix possible null-ptr-deref in
  arm_smmu_device_probe() (git-fixes).
- iommu/vt-d: Add RPLS to quirk list to skip TE disabling
  (git-fixes).
- iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes).
- iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes).
- commit b73aa3b

- nvme-rdma: fix potential unbalanced freeze & unfreeze
  (bsc#1208902).
- nvme-tcp: fix potential unbalanced freeze & unfreeze
  (bsc#1208902).
- commit 2d8bf94

- x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes).
- commit 64aa9ec

- x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes).
- commit b1259cb

- x86/speculation: Add cpu_show_gds() prototype (git-fixes).
- commit edd5557

- fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes).
- commit ae6500e

- iio: cros_ec: Fix the allocation size for cros_ec_command
  (git-fixes).
- iio: adc: ina2xx: avoid NULL pointer dereference on OF device
  match (git-fixes).
- usb: dwc3: Properly handle processing of pending events
  (git-fixes).
- usb-storage: alauda: Fix uninit-value in alauda_check_media()
  (git-fixes).
- usb: common: usb-conn-gpio: Prevent bailing out if initial
  role is none (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd when configuring
  pin assignment (git-fixes).
- usb: typec: tcpm: Fix response to vsafe0V event (git-fixes).
- commit d86b205

- netfilter: KABI workaround for CVE-2023-3610 bsc#1213580
  (git-fixes).
- commit ecae123

- netfilter: nf_tables: fix chain binding transaction logic
  (bsc#1213580 CVE-2023-3610).
- commit 12da4f7

- hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for
  pfe1100 (git-fixes).
- nilfs2: fix use-after-free of nilfs_root in dirtying inodes
  via iput (git-fixes).
- drm/amd/display: check attr flag before set cursor degamma on
  DCN3+ (git-fixes).
- drm/shmem-helper: Reset vma->vm_ops before calling
  dma_buf_mmap() (git-fixes).
- drm/rockchip: Don't spam logs in atomic check (git-fixes).
- drm/nouveau/disp: Revert a NULL check inside
  nouveau_connector_get_modes (git-fixes).
- arm64: dts: imx8mn-var-som: add missing pull-up for onboard
  PHY reset pinmux (git-fixes).
- soundwire: fix enumeration completion (git-fixes).
- net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
  (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
  (git-fixes).
- selftests/rseq: check if libc rseq support is registered
  (git-fixes).
- soundwire: bus: pm_runtime_request_resume on peripheral
  attachment (git-fixes).
- commit 1f8ce0d

- net/sched: cls_route: No longer copy tcf_result on update  to
  avoid use-after-free (bsc#1214149 CVE-2023-4128).
- net/sched: cls_fw: No longer copy tcf_result on update to
  avoid use-after-free (bsc#1214149 CVE-2023-4128).
- net/sched: cls_u32: No longer copy tcf_result on update  to
  avoid use-after-free (bsc#1214149 CVE-2023-4128).
- commit 9904c3b

- ceph: never send metrics if disable_send_metrics is set
  (bsc#1214180).
- commit 32f3ae7

- wifi: cfg80211: fix sband iftype data lookup for AP_VLAN
  (git-fixes).
- selftests: forwarding: tc_flower: Relax success criterion
  (git-fixes).
- selftests: forwarding: ethtool_extended_state: Skip when using
  veth pairs (git-fixes).
- selftests: forwarding: ethtool: Skip when using veth pairs
  (git-fixes).
- selftests: forwarding: Add a helper to skip test when using
  veth pairs (git-fixes).
- selftests: forwarding: Switch off timeout (git-fixes).
- selftests: forwarding: Skip test when no interfaces are
  specified (git-fixes).
- net: phy: at803x: remove set/get wol callbacks for AR8032
  (git-fixes).
- dmaengine: pl330: Return DMA_PAUSED when transaction is paused
  (git-fixes).
- dmaengine: mcf-edma: Fix a potential un-allocated memory access
  (git-fixes).
- commit b70a6bf

- blacklist.conf: Blacklist useless doc fix
- commit 685dbed

- exfat: check if filename entries exceeds max filename length
  (bsc#1214120 CVE-2023-4273).
- commit b7e68de

- x86/srso: Fix return thunks in generated code (git-fixes).
- commit b4d125e

- Refresh patches.suse/kvm-add-gds_no-support-to-kvm.patch.
- Refresh
  patches.suse/x86-speculation-add-force-option-to-gds-mitigation.patch.
- Refresh
  patches.suse/x86-speculation-add-gather-data-sampling-mitigation.patch.
- Refresh
  patches.suse/x86-speculation-add-kconfig-option-for-gds.patch.
- Refresh
  patches.suse/x86-srso-add-a-speculative-ras-overflow-mitigation.patch.
- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
  Sort latest set of security vulnerabilities according to upstream order.
- commit 4a12398

- tracing/histograms: Return an error if we fail to add histogram
  to hist_vars list (git-fixes).
- commit d08da8a

- Drop cfg80211 lock fix patches that caused a regression (bsc#1213757)
  Deleted:
  patches.suse/wifi-cfg80211-fix-locking-in-regulatory-disconnect.patch
  patches.suse/wifi-cfg80211-fix-locking-in-sched-scan-stop-work.patch
- commit f824698

- netfilter: nf_tables: disallow rule addition to bound chain
  via NFTA_RULE_CHAIN_ID (CVE-2023-4147 bsc#1213968).
- commit c0bb265

- cxgb4: fix use after free bugs caused by circular dependency
  problem (bsc#1213970 CVE-2023-4133).
- timers: Provide timer_shutdown[_sync]() (bsc#1213970).
- timers: Add shutdown mechanism to the internal functions
  (bsc#1213970).
- timers: Split [try_to_]del_timer[_sync]() to prepare for
  shutdown mode (bsc#1213970).
- timers: Silently ignore timers with a NULL function
  (bsc#1213970).
- timers: Rename del_timer() to timer_delete() (bsc#1213970).
- timers: Rename del_timer_sync() to timer_delete_sync()
  (bsc#1213970).
- timers: Use del_timer_sync() even on UP (bsc#1213970).
- timers: Update kernel-doc for various functions (bsc#1213970).
- timers: Replace BUG_ON()s (bsc#1213970).
- clocksource/drivers/sp804: Do not use timer namespace for
  timer_shutdown() function (bsc#1213970).
- clocksource/drivers/arm_arch_timer: Do not use timer namespace
  for timer_shutdown() function (bsc#1213970).
- ARM: spear: Do not use timer namespace for timer_shutdown()
  function (bsc#1213970).
- commit 0322b50

- xen/netback: Fix buffer overrun triggered by unusual packet
  (CVE-2023-34319, XSA-432, bsc#1213546).
- commit 6591b03
containerd
- Update to containerd v1.7.8. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.8> bsc#1200528
- Rebase patches:
  * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch

- Update to containerd v1.7.7. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.7>
- Add patch to fix build on SLE-12:
  + 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch

- Update to containerd v1.7.6 for Docker v24.0.6-ce. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.6> bsc#1215323

- Add `Provides: cri-runtime` to use containerd as container runtime in Factory
  Kubernetes packages
crmsh
- Update to version 4.4.2+20231010.03e9316f:
  * Fix: report: Pick up tarball suffix dynamically (bsc#1215438)
  * Fix: report: Pick 'gzip' as the first compress prog for cross-platform compatibility(bsc#1215438)
  * Fix: upgradeutil: reduce ConnectTimeout when checking the availability of ssh access (bsc#1213797)
  * Fix: ui_cluster: 'crm cluster stop' failed to stop services (bsc#1203601)
  * Dev: utils: Change the way to get pacemaker's version (bsc#1208216)
crypto-policies
- Make the supported versions change in the update-crypto-policies(8)
  man page persistent [bsc#1209998].
  * Add patch crypto-policies-supported.patch
  * Rebase patches:
  - crypto-policies-asciidoc.patch
  - crypto-policies-no-build-manpages.patch

- FIPS: Adapt the fips-mode-setup script to use the pbl command
  from the perl-Bootloader package to replace grubby. Add a note
  for transactional systems. Ship the man 8 pages for
  fips-mode-setup and fips-finish-install [jsc#PED-5041].
  * Rebase crypto-policies-FIPS.patch

- FIPS: Enable to set the kernel FIPS mode with fips-mode-setup
  and fips-finish-install commands, add also the man pages.
  * Adapt the fips-mode-setup script for SLE [jsc#PED-5041]
  * Rebase crypto-policies-FIPS.patch
  * Simplify the man pages creation:
  - Rebase crypto-policies-no-build-manpages.patch
  - Add crypto-policies-asciidoc.patch

- Update the update-crypto-policies(8) man pages and README.SUSE
  to mention the supported back-end policies. [bsc#1209998]
samba
- CVE-2023-4091: samba: Client can truncate file with read-only
  permissions; (bsc#1215904); (bso#15439).
- CVE-2023-42669: samba: rpcecho, enabled and running in AD DC,
  allows blocking sleep on request; (bso#1215905); (bso#15474).
- CVE-2023-4154: samba: dirsync allows SYSTEM access with only
  "GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES;
  (bsc#1215908); (bso#15424).

- Move libcluster-samba4.so from samba-libs to samba-client-libs;
  (bsc#1213940);
cups
- cups-2.2.7-CVE-2023-4504.patch fixes CVE-2023-4504
  "CUPS PostScript Parsing Heap Overflow"
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h
  bsc#1215204

- cups-2.2.7-CVE-2023-32360.patch fixes CVE-2023-32360
  "Information leak through Cups-Get-Document operation"
  by requiring authentication for CUPS-Get-Document in cupsd.conf
  https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-7pv4-hx8c-gr4g
  bsc#1214254
- cups-2.2.7-additional_policies.patch is an updated version
  of cups-2.0.3-additional_policies.patch that replaces it
  to add the 'allowallforanybody' policy to cupsd.conf
  after cups-2.2.7-CVE-2023-32360.patch was applied
curl
- Security fixes:
  * [bsc#1217573, CVE-2023-46218] cookie mixed case PSL bypass
  * [bsc#1217574, CVE-2023-46219] HSTS long file name clears contents
  * Add curl-CVE-2023-46218.patch curl-CVE-2023-46219.patch

- Security fixes:
  * [bsc#1215888, CVE-2023-38545] SOCKS5 heap buffer overflow
  * [bsc#1215889, CVE-2023-38546] Cookie injection with none file
  * Add curl-CVE-2023-38545.patch curl-CVE-2023-38546.patch

- Security fix: [bsc#1215026, CVE-2023-38039]
  * http: return error when receiving too large header
  * Add curl-CVE-2023-38039.patch
lvm2
- blkdeactivate calls wrong mountpoint cmd (bsc#1214071)
  + bug-1214071-blkdeactivate_calls_wrong_mountpoint.patch
docker
- update to Docker 24.0.5-ce. See upstream changelong online at
  <https://docs.docker.com/engine/release-notes/24.0/#2405>. bsc#1213229

- Update to Docker 24.0.4-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500

- Update to Docker 24.0.3-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120
- Rebase patches:
  * cli-0001-docs-include-required-tools-in-source-tree.patch

- Recommend docker-rootless-extras instead of Require(ing) it, given
  it's an additional functionality and not inherently required for
  docker to function.

- Add docker-rootless-extras subpackage
  (https://docs.docker.com/engine/security/rootless)

- Update to Docker 24.0.2-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368
  * Includes the upstreamed fix for the mount table pollution issue.
    bsc#1210797
- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
  being provided by this package.
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * cli-0001-docs-include-required-tools-in-source-tree.patch
dracut
- Update to version 055+suse.351.g30f0cda6:
  * fix(dracut.sh): remove microcode check based on CONFIG_MICROCODE_[AMD|INTEL] (bsc#1217031)
  * fix(network): correct network device naming (bsc#1192986)

- Update to version 055+suse.347.gdcb9bdbf:
  * fix(dracut-install): protect against broken links pointing to themselves
  * fix(dracut.sh): exit if resolving executable dependencies fails (bsc#1214081)
glibc
- dl-map-segment-align-munmap.patch: elf: Align argument of __munmap to
  page size (bsc#1215891, BZ #28676)

- gai-merge-continue-actions.patch: Simplify allocations and fix merge and
  continue actions (CVE-2023-4813, bsc#1215286, BZ #28931)

- gb18030-2022.patch: add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)

- nscd-netlink-cache-invalidation.patch: nscd: Fix netlink cache
  invalidation if epoll is used (bsc#1212910, BZ #29415)

- nss-files-hosts-v4mapped.patch: Restore lookup of IPv4 mapped addresses
  in files database (bsc#1212819, BZ #25457)

- remove-excessive-p-align-check.patch: elf: Remove excessive p_align
  check on PT_LOAD segments (bsc#1211829, BZ #28688)
- segment-align.patch: elf: Properly align PT_LOAD segments (bsc#1211829,
  BZ #28676)
- ld-so-always-use-map-copy.patch: ld.so: Always use MAP_COPY to map the
  first segment (BZ #30452)
gpg2
- Suppress error message on trial reading as PEM format when using
  dirmngr to validate broken DER encoded files (bsc#1217212)
  * Add patches:
  - gnupg-dirmngr-Suppress-error-message-on-trial-reading-as-PEM.patch
  - gnupg-dirmngr-Clear-the-error-count-to-try-certificate-as-binary.patch
grub2
- Fix failure to identify recent ext4 filesystem (bsc#1216010)
  * 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch
  * 0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch
- Add patch to fix reading files from btrfs with "implicit" holes
  * 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch

- Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253)
  * 0001-kern-ieee1275-init-ppc64-Restrict-high-memory-in-pre.patch

- Fix detection of encrypted disk's uuid in powerpc to cope with logical disks
  when signed image installation is specified (bsc#1216075)
  * 0003-grub-install-support-prep-environment-block.patch
- grub2.spec: Add support to unlocking multiple encrypted disks in signed
  grub.elf image for logical disks

- Fix CVE-2023-4692 (bsc#1215935)
- Fix CVE-2023-4693 (bsc#1215936)
  * 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch
  * 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch
  * 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch
  * 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch
  * 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
  * 0006-fs-ntfs-Make-code-more-readable.patch
- Bump upstream SBAT generation to 4

- Fix a boot delay regression in PowerPC PXE boot (bsc#1201300)
  * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
resource-agents
- Fileystem resource fails due to sed command (bsc#1213083)
  Add upstream patch:
  0001-Filesystem-list_mounts-fix-mount-command-output-pars.patch
libX11
- U_0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch
  U_0002-CVE-2023-43786-stack-exhaustion-from-infinite-recurs.patch
  U_0003-XPutImage-clip-images-to-maximum-height-width-allowe.patch
  U_0004-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch
  U_0005-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch
  * CVE-2023-43785 libX11: out-of-bounds memory access in
    _XkbReadKeySyms() (boo#1215683)
  * CVE-2023-43786 libX11: stack exhaustion from infinite recursion
  in PutSubImage() (boo#1215684)
  * CVE-2023-43787 libX11: integer overflow in XCreateImage()
    leading to a heap overflow (boo#1215685)
libXpm
- U_0000-test-Add-unit-tests-using-glib-framework.patch
  U_0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch
  U_0002-test-Add-test-case-for-CVE-2023-43789-corrupt-colorm.patch
  U_0003-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch
  * fixes CVE-2023-43788 libXpm: out of bounds read in
    XpmCreateXpmImageFromBuffer() (boo#1215686)
  * fixes CVE-2023-43789 libXpm: out of bounds read on XPM with
    corrupted colormap (boo#1215687)
- U_0004-test-Add-test-case-for-CVE-2023-43786-stack-exhausti.patch
  U_0005-Avoid-CVE-2023-43786-stack-exhaustion-in-XPutImage.patch
  U_0006-test-Add-test-case-for-CVE-2023-43787-integer-overfl.patch
  U_0007-Avoid-CVE-2023-43787-integer-overflow-in-XCreateImag.patch
  * avoids to trigger CVE-2023-43786,CVE-2023-43787 (boo#1215684,
    boo#1215685); see changelog in libX11 update ...
libapparmor
- update zgrep profile to allow egrep helper use (bsc#1214458)
  - zgrep-profile-sync-with-master.diff
avahi
- Add avahi-CVE-2023-38470.patch: Ensure each label is at least one
  byte long (bsc#1215947, CVE-2023-38470).

- Add avahi-CVE-2023-38473.patch: derive alternative host name from
  its unescaped version (bsc#1216419 CVE-2023-38473).
libeconf
- Additional info for version 0.5.2:
  * Fixed a stack-buffer-overflow vulnerability in "econf_writeFile"
    function. (CVE-2023-30078, CVE-2023-32181, bsc#1211078)
  * Fixed a stack-buffer-overflow vulnerability in "read_file"
    function. (CVE-2023-30079, CVE-2023-22652, bsc#1211078)

- Update to version 0.5.2:
  * Fixed build for aarch64 and gcc13.
  * Making the output verbose when a test fails.
  * Fixed a stack-buffer-overflow vulnerability in "econf_writeFile"
    function.
  * Fixed a stack-buffer-overflow vulnerability in "read_file"
    function.
  * Added new feature: econf_set_conf_dirs (const char **dir_postfix_list)
    Sets a list of directory structures (with order) which describes
    the directories in which the files have to be parsed.
    E.G. with the given list: {"/conf.d/", ".d/", "/", NULL} files in following
    directories will be parsed:
    "<default_dirs>/<project_name>.<suffix>.d/"
    "<default_dirs>/<project_name>/conf.d/"
    "<default_dirs>/<project_name>.d/"
    "<default_dirs>/<project_name>/"
    The entry "<default_dirs>/<project_name>.<suffix>.d/" will be added
    automatically.
  * General code cleanup.

- Update to version 0.5.1:
  * Reading files in /usr/_vendor_/_example_._suffix_.d/* regardless
    there is a /etc/_example_._suffix_ file. (#175)

- Update to version 0.5.0:
  * API calls econf_read*WithCallback supporting a general (void *)
    argument for user defined data with which the callback function is
    called.
  * Tagged following functions deprecated:
    econf_requireOwner, econf_requireGroup, econf_requirePermissions,
    econf_followSymlinks, econf_reset_security_settings
    Use one of the econf_read*WithCallback functions instead.

- Update to version 0.4.9:
  * libeconf.h: added missing sys/types.h header (#171)
  * new API calls: econf_readFileWithCallback,
    econf_readDirsWithCallback, econf_readDirsHistoryWithCallback (#172)
  * Checking NULL comment parameter in the parsing functions.

- Update to version 0.4.8+git20221114.7ff7704:
  * Parsing files which are containing keys only (#170)
    All delimiters are allowed now : "", " =", " ", "=". But the
    user should use "" in order to be distinct.
  * /usr/etc/shells.d/<file_name> will not be parsed if
    /etc/shells.d/<file_name> is defined too.
  * Lto build fixed (#168)
  * New calls: econf_comment_tag, econf_delimiter_tag, econf_set_comment_tag,
    econf_set_delimiter_tag
  * Checking UID,GroupID, permissions,... of the parsed files (#165)
    New calls: econf_requireOwner, econf_requireGroup, econf_requirePermissions,
    econf_followSymlinks
  * Ignoring Group without brackets; Do not hold brackets in the internal data structure. (#164)
  * Error handling improved for nums and booleans (#163)
nghttp2
- security update
- added patches
  fix CVE-2023-44487 [bsc#1216123], HTTP/2 Rapid Reset Attack
  + nghttp2-CVE-2023-44487.patch

- Fixes memory leak that happens when PUSH_PROMISE or HEADERS frame cannot be
  sent, and nghttp2_on_stream_close_callback fails with a fatal error.
  [CVE-2023-35945 bsc#1215713]
  + nghttp2-CVE-2023-35945.patch
openssl-1_1
- Security fix: [bsc#1216922, CVE-2023-5678]
  * Fix excessive time spent in DH check / generation with large Q
    parameter value.
  * Applications that use the functions DH_generate_key() to generate
    an X9.42 DH key may experience long delays. Likewise,
    applications that use DH_check_pub_key(), DH_check_pub_key_ex
    () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
    DH parameters may experience long delays. Where the key or
    parameters that are being checked have been obtained from an
    untrusted source this may lead to a Denial of Service.
  * Add openssl-CVE-2023-5678.patch

- Displays "fips" in the version string (bsc#1215215)
  * Add openssl-1_1-fips-bsc1215215_fips_in_version_string.patch
parted
- fix null pointer dereference (bsc#1193412)
  - add: parted-fix-check-diskp-in-do_name.patch
- update mkpart options in manpage (bsc#1182142)
  - add: parted-mkpart-manpage.patch
pciutils
- Apply "lspci-Fixed-buffer-overflows-in-ls-tree.c.patch" to fix a
  buffer overflow error that would cause lspci to crash on systems
  with complex topologies. [bsc#1215265]
- Add "pciutils.keyring" so that the tarball's signature can be
  verified at build time.
- Use "%license" tag instead of "%doc" to install the package's
  license file.
procps
- Add patch CVE-2023-4016.patch
  * CVE-2023-4016: ps buffer overflow (bsc#1214290)
python3
- Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing
  gh#python/cpython#108310, backport from upstream patch
  gh#python/cpython#108315
  (bsc#1214692, CVE-2023-40217)
libqb
- log: fix potential overflow with long log messages (CVE-2023-39976, bsc#1214066)
  * bsc#1214066-0001-fix-potential-overflow-with-long-log-messages.patch
ruby2.5
- update suse.patch to 531fb8b2cc
  - fix quadratic behavior in the uri parser (boo#1209891
    CVE-2023-28755)
  - fix expensive regexp in the RFC2822 time parser (boo#1209967
    CVE-2023-28756)
  - backport date 2.0.3 (boo#1193035 CVE-2021-41817)
  - merge CGI 0.1.0.2: (boo#1205726 CVE-2021-33621)
  - When parsing cookies, only decode the values
  - HTTP response splitting in CGI
sqlite3
- Sync version 3.44.0 from Factory
  * Fixes bsc#1210660, CVE-2023-2137: Heap buffer overflow
  * sqlite3-rtree-i686.patch: temporary build fix for 32-bit x86.
  * Obsoletes sqlite-CVE-2022-46908.patch
  * Obsoletes sqlite-src-3390000-func7-pg-181.patch
libssh2_org
- Upgrade to version 1.11.0 in SLE-15: [jsc#PED-7040]
  * Add the keyring file: libssh2_org.keyring
  * Rebase libssh2-ocloexec.patch
  * Remove libssh2_org-CVE-2020-22218.patch

- Security fix: [bsc#1214527, CVE-2020-22218]
  * The function _libssh2_packet_add() allows to access out of
    bounds memory.
  * Add libssh2_org-CVE-2020-22218.patch

- Update to 1.11.0:
  * Enhancements and bugfixes
  - Adds support for encrypt-then-mac (ETM) MACs
  - Adds support for AES-GCM crypto protocols
  - Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys
  - Adds support for RSA certificate authentication
  - Adds FIDO support with *_sk() functions
  - Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends
  - Adds Agent Forwarding and libssh2_agent_sign()
  - Adds support for Channel Signal message libssh2_channel_signal_ex()
  - Adds support to get the user auth banner message libssh2_userauth_banner()
  - Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519,
    AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options
  - Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex()
  - Adds wolfSSL support to CMake file
  - Adds mbedTLS 3.x support
  - Adds LibreSSL 3.5 support
  - Adds support for CMake "unity" builds
  - Adds CMake support for building shared and static libs in a single pass
  - Adds symbol hiding support to CMake
  - Adds support for libssh2.rc for all build tools
  - Adds .zip, .tar.xz and .tar.bz2 release tarballs
  - Enables ed25519 key support for LibreSSL 3.7.0 or higher
  - Improves OpenSSL 1.1 and 3 compatibility
  - Now requires OpenSSL 1.0.2 or newer
  - Now requires CMake 3.1 or newer
  - SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs
  - SFTP: No longer has a packet limit when reading a directory
  - SFTP: now parses attribute extensions if they exist
  - SFTP: no longer will busy loop if SFTP fails to initialize
  - SFTP: now clear various errors as expected
  - SFTP: no longer skips files if the line buffer is too small
  - SCP: add option to not quote paths
  - SCP: Enables 64-bit offset support unconditionally
  - Now skips leading \r and \n characters in banner_receive()
  - Enables secure memory zeroing with all build tools on all platforms
  - No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive
  - Speed up base64 encoding by 7x
  - Assert if there is an attempt to write a value that is too large
  - WinCNG: fix memory leak in _libssh2_dh_secret()
  - Added protection against possible null pointer dereferences
  - Agent now handles overly large comment lengths
  - Now ensure KEX replies don't include extra bytes
  - Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER
  - Fixed possible buffer overflow in keyboard interactive code path
  - Fixed overlapping memcpy()
  - Fixed Windows UWP builds
  - Fixed DLL import name
  - Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows
  - Support for building with gcc versions older than 8
  - Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files
  - Restores ANSI C89 compliance
  - Enabled new compiler warnings and fixed/silenced them
  - Improved error messages
  - Now uses CIFuzz
  - Numerous minor code improvements
  - Improvements to CI builds
  - Improvements to unit tests
  - Improvements to doc files
  - Improvements to example files
  - Removed "old gex" build option
  - Removed no-encryption/no-mac builds
  - Removed support for NetWare and Watcom wmake build files
  * Rebase libssh2-ocloexec.patch

- Bump to version 1.10.0
    Enhancements and bugfixes:
  * support ECDSA certificate authentication
  * fix detailed _libssh2_error being overwritten by generic errors
  * unified error handling
  * fix _libssh2_random() silently discarding errors
  * don't error if using keys without RSA
  * avoid OpenSSL latent error in FIPS mode
  * fix EVP_Cipher interface change in openssl 3
  * fix potential overwrite of buffer when reading stdout of command
  * use string_buf in ecdh_sha2_nistp() to avoid attempting to parse malformed data
  * correct a typo which may lead to stack overflow
  * fix random big number generation to match openssl
  * added key exchange group16-sha512 and group18-sha512.
  * add support for an OSS Fuzzer fuzzing target
  * adds support for ECDSA for both key exchange and host key algorithms
  * clean up curve25519 code
  * update the min, preferred and max DH group values based on RFC 8270.
  * changed type of LIBSSH2_FX_* constants to unsigned long
  * added diffie-hellman-group14-sha256 kex
  * fix for use of uninitialized aes_ctr_cipher.key_len when using HAVE_OPAQUE_STRUCTS, regression
  * fixes memory leaks and use after free AES EVP_CIPHER contexts when using OpenSSL 1.0.x.
  * fixes crash with delayed compression option using Bitvise server.
  * adds support for PKIX key reading
  * use new API to parse data in packet_x11_open() for better bounds checking.
  * double the static buffer size when reading and writing known hosts
  * improved bounds checking in packet_queue_listener
  * improve message parsing (CVE-2019-17498)
  * improve bounds checking in kex_agree_methods()
  * adding SSH agent forwarding.
  * fix agent forwarding message, updated example.
  * added integration test code and cmake target. Added example to cmake list.
  * don't call `libssh2_crypto_exit()` until `_libssh2_initialized` count is down to zero.
  * add an EWOULDBLOCK check for better portability
  * fix off by one error when loading public keys with no id
  * fix use-after-free crash on reinitialization of openssl backend
  * preserve error info from agent_list_identities()
  * make sure the error code is set in _libssh2_channel_open()
  * fixed misspellings
  * fix potential typecast error for `_libssh2_ecdsa_key_get_curve_type`
  * rename _libssh2_ecdsa_key_get_curve_type to _libssh2_ecdsa_get_curve_type
- Rebased patch libssh2-ocloexec.path
- Removed patch libssh2_org-CVE-2019-17498.patch: the security fix
    is already included in the latest version.
libstorage-ng
- add support for MD RAID type LINEAR (bsc#1215022)
  new patch:
  + linear.patch
suseconnect-ng
- Update to version 1.4.0~git0.b0f7c25bfdfa
  * Added EULA display for addons (bsc#1170267)
  * Fix zypper argument for auto-agreeing licenses (bsc#1214781)
  * Enable building on SLE12 SP5 (jsc#PED-3179)

- Update to version 1.3.0
  * Track .changes file in git

- Update to version 1.2.0~git0.abd0fec:
  * enhance docs for package testing
  * Fixed `provides` to work with yast2-registration on SLE15 < SP4 (bsc#1212799)
  * Improve error message if product set more than once
tiff
- security update:
  * CVE-2023-38289 [bsc#1213589]
    + tiff-CVE-2023-38289.patch
  * CVE-2023-38288 [bsc#1213590]
    + tiff-CVE-2023-38288.patch
  * CVE-2023-3576 [bsc#1213273]
    + tiff-CVE-2023-3576.patch
  * CVE-2020-18768 [bsc#1214574]
    + tiff-CVE-2020-18768.patch
  * CVE-2023-26966 [bsc#1212881]
    + tiff-CVE-2023-26966.patch
  * CVE-2023-3618 [bsc#1213274]
    + tiff-CVE-2023-3618.patch
  * CVE-2023-2908 [bsc#1212888]
    + tiff-CVE-2023-2908.patch
  * CVE-2023-3316 [bsc#1212535]
    + tiff-CVE-2023-3316.patch
libtirpc
- fix sed parsing for libtirpc.pc.in in specfile (boo#1216862)

-  update to 1.3.4 (bsc#1199467)
  * binddynport.c honor ip_local_reserved_ports
  - replaces: binddynport-honor-ip_local_reserved_ports.patch
  * gss-api: expose gss major/minor error in authgss_refresh()
  * rpcb_clnt.c: Eliminate double frees in delete_cache()
  * rpcb_clnt.c: memory leak in destroy_addr
  * portmapper: allow TCP-only portmapper
  * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep
  * clnt_raw.c: fix a possible null pointer dereference
  * bindresvport.c: fix a potential resource leakage
- update to 1.3.3 (bsc#1201680, CVE-2021-46828):
  * Fix DoS vulnerability in libtirpc
  - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch
  * _rpc_dtablesize: use portable system call
  * libtirpc: Fix use-after-free accessing the error number
  * Fix potential memory leak of parms.r_addr
  - replaces 0001-fix-parms.r_addr-memory-leak.patch
  * rpcb_clnt.c add mechanism to try v2 protocol first
  - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
  * Eliminate deadlocks in connects with an MT environment
  * clnt_dg_freeres() uncleared set active state may deadlock
  * thread safe clnt destruction
  * SUNRPC: mutexed access blacklist_read state variable
  * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c
- drop 0001-Fix-DoS-vulnerability-in-libtirpc.patch (upstream)
- update to 1.3.2:
  * Replace the final SunRPC licenses with BSD licenses
  * blacklist: Add a few more well known ports
  * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS
- Update to libtirpc 1.3.1
  * Remove AUTH_DES interfaces from auth_des.h
    The unsupported  AUTH_DES authentication has be
    compiled out since commit d918e41d889 (Wed Oct 9 2019)
    replaced by API routines that return errors.
  * svc_dg: Free xp_netid during destroy
  * Fix memory management issues of fd locks
  * libtirpc: replace array with list for per-fd locks
  * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf
  * __rpc_dtbsize: rlim_cur instead of rlim_max
  * pkg-config: use the correct replacements for libdir/includedir
  Patches replaced by update:
  binddynport-honor-ip_local_reserved_ports.patch (bsc#1199467)
  0001-Fix-DoS-vulnerability-in-libtirpc.patch (bsc#1201680)
  0001-fix-parms.r_addr-memory-leak.patch (bsc#1198752)
  0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
  (bsc#1196647), (bsc#1200800), (bsc#1198176)
  * replaces /etc/netconfig-try-2-first by the environment variable
  RPCB_V2FIRST
libwebp
- Add 0001-Fix-OOB-write-in-BuildHuffmanTable.patch
  Add 0001-Fix-invalid-incremental-decoding-check.patch:
  [boo#1215231] [CVE-2023-4863]
libxml2
- Security update:
  * [CVE-2023-45322, bsc#1216129] use-after-free in xmlUnlinkNode()
    in tree.c
  - Added file libxml2-CVE-2023-45322.patch

- Security update:
  * [CVE-2023-39615, bsc#1214768] Crafted xml can cause global
    buffer overflow
  - Added file libxml2-CVE-2023-39615.patch
zlib
- Fix CVE-2023-45853, integer overflow and resultant heap-based buffer
  overflow in zipOpenNewFileInZip4_6, bsc#1216378
  * CVE-2023-45853.patch
zchunk
- Fix CVE-2023-46228, bsc#1216268
  * Handle overflow errors in malformed zchunk files.
- Added patch:
  * CVE-2023-46228.patch
libzypp
- Preliminary disable 'rpm --runposttrans' usage for chrooted
  systems (bsc#1216091)
  This limits the %transfiletrigger(postun|in) support in the
  default installer if --root is used (as described in bsc#1041742).
  The chrooted execution of the scripts in 'rpm --runposttrans'
  broke in rpm-4.18. It's expected to be fixed in rpm-4.19.
  Then we'll enable the feature again.
- fix comment typo on zypp.conf (boo#1215979)
- version 17.31.22 (22)

- Attempt to delay %transfiletrigger(postun|in) execution if rpm
  supports it (bsc#1041742)
  Decide during installation whether rpm is capable of delayed
  %posttrans %transfiletrigger(postun|in) execution or whether we
  can just handle the packages %posttrans. On TW a delayed
  %transfiletrigger handling is possible since rpm-4.17.
- Make sure the old target is deleted before a new one is created
  (bsc#1203760)
- version 17.31.21 (22)

- Fixup changes for 17.31.16. Remove faulty reference to a bug
  actually fixed in 2019.
- version 17.31.20 (22)

- Fix zypp-tui/output/Out.h to build with clang.
- Fix zypp/Arch.h for clang (fixes #478)
  Clang seems to have issues with picking the overload in
  std::men_fn if there is a static overload of a member function.
  We need to explicitely specify the correct type of the function
  pointer. To make sure this would not break compiling a
  application with clang that builds against libzypp this patch
  works around the problem.
- version 17.31.19 (22)

- SINGLE_RPMTRANS: Respect ZYPP_READONLY_HACK when checking the
  zypp-rpm lock (fixes openSUSE/openSUSE-repos#29)
- version 17.31.18 (22)

- Fix wrong filesize exceeded dl abort in zyppng::Downloader
  (bsc#1213673)
  In some cases when downloading very small files we can run into
  issues when the URL is protected by credentials.
- version 17.31.17 (22)

- Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231)
- Don't cleanup orphaned dirs if read-only mode was promised
  (bsc#1210740)
- version 17.31.16 (22)

- Fix build against protobuf >= 22 (fixes #465, closes #466)
  Port away from protobuf_generate_cpp. Upstream protobuf does not
  export protobuf_generate_cpp by default anymore.
  Use protobuf_generate instead, which is also available on older
  versions.
- Remove SUSE < SLE11 constructs (fixes #464).
- version 17.31.15 (22)
shadow
- bsc#1214806 (CVE-2023-4641):
  Fix potential password leak
- Add shadow-CVE-2023-4641.patch
mlocate
- Set umask 0022 before running /usr/bin/updatedb (boo#1209409)

- Remove ProtectKernelModules from systemd unit as it makes files
  inaccessible that are then not visible for locate (bsc#1207884)
opensc
- Security Fix: [CVE-2023-40661, bsc#1215761]
  * opensc: multiple memory issues with pkcs15-init (enrollment tool)
  * Add patches:
  - opensc-CVE-2023-40661-1of12.patch
  - opensc-CVE-2023-40661-2of12.patch
  - opensc-CVE-2023-40661-3of12.patch
  - opensc-CVE-2023-40661-4of12.patch
  - opensc-CVE-2023-40661-5of12.patch
  - opensc-CVE-2023-40661-6of12.patch
  - opensc-CVE-2023-40661-7of12.patch
  - opensc-CVE-2023-40661-8of12.patch
  - opensc-CVE-2023-40661-9of12.patch
  - opensc-CVE-2023-40661-10of12.patch
  - opensc-CVE-2023-40661-11of12.patch
  - opensc-CVE-2023-40661-12of12.patch

- Security Fix: [CVE-2023-40660, bsc#1215762]
  * opensc: PIN bypass when card tracks its own login state
  * Add patches:
  - patches/opensc-0_22_0-CVE-2023-40660-1of2.patch
  - patches/opensc-0_22_0-CVE-2023-40660-2of2.patch
patterns-server-enterprise
- [aarch64] install system with all patterns, nothing provides 'sapconf' when installing pattern ‘sap_server’
  (bsc#1214811)
  The pattern sap_server is only available for x86_64 and ppc64le
perl-Bootloader
- merge gh#openSUSE/perl-bootloader#157
- bootloader_entry script can have an optional 'force-default'
  argument (bsc#1215064)
- skip warning about unsupported options when in compat mode
- 0.945
psmisc
- Fix version at configure time as there was no .tarball-version
python-instance-billing-flavor-check
- Version 0.0.4
  Run the command as sudo only

- Version 0.0.3
  Handle exception for Python 3.4
python3-ec2metadata
- Update to version 5.0.0 (bsc#1214215)
  + Remove the --use-token command line option. Aws is deprecating access
    to instance metadata without authentication token. Ability to access
    metadat without token has been removed
  + Support access to the metadata server over IPv6. If the customer
    enables the IPv6 endpoint for an instance it will be preferred over the
    IPv4 endpoint
python-psutil
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

- Fix tests: setuptools changed the builddir library path and does
  not find the module from it. Use the installed platlib instead
  and exclude psutil.tests only later.
- Refresh skip-obs.patch
python-rpm
- build for all python modules (jsc#PED-68, jsc#PED-1988)
salt
- Randomize pre_flight_script path (CVE-2023-34049 bsc#1215157)
- Allow all primitive grain types for autosign_grains (bsc#1214477)
- Added:
  * allow-all-primitive-grain-types-for-autosign_grains-.patch
  * fix-cve-2023-34049-bsc-1215157.patch

- Fix optimization_order opt to prevent testsuite fails
- Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
- Use salt-call from salt bundle with transactional_update
- Only call native_str on curl_debug message in tornado when needed
- Implement the calling for batch async from the salt CLI
- Fix calculation of SLS context vars when trailing dots
  on targetted sls/state (bsc#1213518)
- Rename salt-tests to python3-salt-testsuite
- Added:
  * improve-salt.utils.json.find_json-bsc-1213293.patch
  * only-call-native_str-on-curl_debug-message-in-tornad.patch
  * fix-optimization_order-opt-to-prevent-test-fails.patch
  * use-salt-call-from-salt-bundle-with-transactional_up.patch
  * implement-the-calling-for-batch-async-from-the-salt-.patch
  * fix-calculation-of-sls-context-vars-when-trailing-do.patch

- Fix inconsistency in reported version by egg-info metadata (bsc#1215489)
- Added:
  * write-salt-version-before-building-when-using-with-s.patch

- Revert usage of long running REQ channel to prevent possible
  missing responses on requests and dublicated responses
  (bsc#1213960, bsc#1213630, bsc#1213257)
- Fix gitfs cachedir basename to avoid hash collisions
  (bsc#1193948, bsc#1214797, CVE-2023-20898)
- Added:
  * fixed-gitfs-cachedir_basename-to-avoid-hash-collisio.patch
  * revert-usage-of-long-running-req-channel-bsc-1213960.patch

- Make sure configured user is properly set by Salt (bsc#1210994)
- Do not fail on bad message pack message (bsc#1213441, CVE-2023-20897)
- Fix broken tests to make them running in the testsuite
- Prevent possible exceptions on salt.utils.user.get_group_dict (bsc#1212794)
- Create minion_id with reproducible mtime
- Fix detection of Salt codename by "salt_version" execution module
- Fix regression: multiple values for keyword argument 'saltenv' (bsc#1212844)
- Fix the regression of user.present state when group is unset (bsc#1212855)
- Fix zypper repositories always being reconfigured
- Fix utf8 handling in 'pass' renderer and make it more robust
- Added:
  * fix-tests-to-make-them-running-with-salt-testsuite.patch
  * zypper-pkgrepo-alreadyconfigured-585.patch
  * fix-regression-multiple-values-for-keyword-argument-.patch
  * mark-salt-3006-as-released-586.patch
  * fix-utf8-handling-in-pass-renderer-and-make-it-more-.patch
  * do-not-fail-on-bad-message-pack-message-bsc-1213441-.patch
  * prevent-possible-exceptions-on-salt.utils.user.get_g.patch
  * make-sure-configured-user-is-properly-set-by-salt-bs.patch
  * fix-the-regression-of-user.present-state-when-group-.patch
python-urllib3
- Add CVE-2023-45803.patch (bsc#1216377, CVE-2023-45803)
  gh#urllib3/urllib3@4e98d57809da

- Add CVE-2023-43804.patch (bsc#1215968, CVE-2023-43804)
  gh#urllib3/urllib3#3139
  * Added the Cookie header to the list of headers to strip from
    requests when redirecting to a different host. As before,
    different headers can be set via Retry.remove_headers_on_redirect.
regionServiceClientConfigEC2
- Update to version 4.1.1 (bsc#1217536)
  + Replace 54.247.166.75.pem and 54.253.118.149.pem old soon to expired certs
    with new generated ones that expire in 8 years and have longer length (4096)
rsyslog
- fix rsyslog crash in imrelp (bsc#1210286)
  * add: 0001-Avoid-crash-on-restart-in-imrelp-SIGTTIN-handler.patch
rubygem-actionview-5_1
- security update
- added patches
  fix CVE-2023-23913 [bsc#1209826], DOM Based Cross-site Scripting in rails-ujs
  + rubygem-actionview-5_1-CVE-2023-23913.patch
rubygem-puma
- Add CVE-2023-40175.patch (bsc#1214425, CVE-2023-40175.patch)
  Reject empty string for Content-Length
rubygem-rails-html-sanitizer
- Fixing typos in CVEs corrected by prior submission

- Add patch 0002_CVE-2022-23517_CVE-2022-23518_CVE-2022-23519_CVE-2022-23520.patch
  This patch fixes 4 different CVEs:
  * CVE-2022-23517 (bsc#1206433)
  * CVE-2022-23518 (bsc#1206434)
  * CVE-2022-23519 (bsc#1206435)
  * CVE-2022-23520 (bsc#1206436)
  In order to have the
  0002_CVE-2022-23517_CVE-2022-23518_CVE-2022-23519_CVE-2022-23520.patch
  working smoothly I monkey patched loofah API and crass rubygem code into
  rails-html-sanitizer.
runc
- Update to runc v1.1.10. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.10>.

- Update to runc v1.1.9. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.9>.

- Update to runc v1.1.8. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.8>.
saptune
- update package version of saptune to 3.1.1
  * typo in logfile directory name creates /varlog/saptune instead
    of /var/log/saptune
    (bsc#1215969)
  * SAP Note 2382421
    fix missing handling for Azure systems regarding parameter
    'net.ipv4.tcp_timestamps'. This exclude setting was left out
    during the last SAP Note update by mistake.
  * add parameter IGNORE_RELOAD to /etc/sysconfig/saptune to
    prevent saptune from stopping and starting the system tuning
    during package update
    Related to sapconf bug bsc#1209408.
- create a flag file in preinstall and remove it in posttrans of
  the package installation to inform saptune that currently a
  package installation/update takes place so that some special
  situations can be handled as expected.

- update package version of saptune to 3.1.0
  * machine readable interfaces for saptune
    add json output support
    related json v1 schemas can be found after installation
    on the system at /usr/share/saptune/schemas/1.0/
    (jsc#PED-2194, jsc#PED-2195, jsc#SLE-23696)
  * enhance the identification of the cloud service provider
    (jsc#SLE-23779)
  * add a command line syntax check
  * colorized and filtered output for 'saptune note verify'
    It is now possible to uses a 'color scheme' for the output to
    highlight the non-compliant parameter or to limit the verify
    output to show only non-compliant parameter.
    (jsc#SLE-23727)
  * add action 'saptune solution change' to switch to a new
    solution even that another solution was already applied.
    It's basically a 'revert OLDSOLUTION' && 'apply NEWSOLUTION'.
    This will change the Note order in case of additional applied
    Notes, but this is intended.
    The confirmation for the revert of the old solution can be
    suppressed by '--force'
    (jsc#PED-2196)
  * introduce a Trento naming convention for custom solutions in
    the saptune man page to support trento checks.
    (jsc#PED-4118)
  * deprecate action 'saptune note|solution simulate'.
    The action might get removed in a future saptune version
    (jsc#PED-2199)
  * deprecate support for the v1 vendor or custom specific Note
    definition file format
    (jsc#SLE-23725)
  * detect virtualization environment by 'systemd-detect-virt' and
    add the information to 'saptune status'.
    (jsc#SLE-23885)
  * enhance saptune with the new action 'check' to directly call
    the external check script '/usr/sbin/saptune_check'.
    (jsc#SLE-23726)
  * de-deprecate the MAXDB solution definition. It is still active
    supported by SAP.
    And add solution NETWEAVER+MAXDB
    (jsc#SLE-23724)
  * support inline comments in the Note definition files
    (jsc#SLE-23729)
  * rework Note representation in 'saptune status' output
    (jsc#SLE-24530)
  * fix problem with 'verify' output, if a sysctl parameter is
    empty on the system
    (bsc#1199527)
  * add hint to the manual page of saptune(8) regarding 'missing'
    line feed for 'saptune note applied' and 'saptune note enabled'
    It's intended.
    (bsc#1193714)
  * rework the version section to make it clear, which information
    needs to be provided
    (jsc#SLE-23722)
  * add more information to 'saptune status':
    differ between 'enabled' and 'applied' Solutions and add the
    related Notes.
    differ between Notes and Solutions in the staging area.
    rename 'system state' line to 'systemd system state' to prevent
    misunderstandings.
    add virtualisation information.
  * add tuning state to 'saptune status' output.
    The check of the tuning state (an internal 'verify' operation)
    can be skipped by using the flag '--non-compliance-check'.
    In this case the tuning state will be reported as
    unknown (checking disabled)
    'saptune status' will exit with a return code of '4', if the
    saptune service is enabled, the system is tuned, but the
    tuning state is 'not compliant'.
    (jsc#SLE-24928)
  * add support for the IBM Power architecture to the vendor and
    model section tagging
    (jsc#SLE-23824)
  * add new SAP Note 1868829 to set fs.aio-max-nr and add it to
    the HANADB related solutions for SLE12 and SLE15.
  * SAP Note 3024346 updated to Version 6
    SAP Note 1557506 updated to Version 16
    SAP Note 1656250 updated to Version 46
    SAP Note 1805750 updated to Version 9
    SAP Note 2161991 updated to Version 28
    SAP Note 2205917 updated to Version 63
    SAP Note 2382421 updated to Version 45
    SAP Note 2534844 updated to Version 15
    SAP Note BOBJ updated to Version 1
    but without parameter value changes, only house keeping of the
    version section and comment updates
  * SAP Note 1984787 updated to Version 40
    SAP Note 2578899 updated to Version 46
    SAP Note 2684254 updated to Version 23
    SAP Note 1680803 updated to Version 27
    includes version 3.1 of 'SAP Applications on SAP Adaptive
    Server Enterprise - Best Practices for Migration and Runtime'
  * Solution 'SAP-ASE' changed - remove SAP Note 1410736.
    The best practice document (version 3.1) for ASE was changed
    and the SAP Note 1410736 is no longer referenced. Instead the
    parameter 'net.ipv4.tcp_keepalive_time' is set in
    SAP Note 1680803 (the ASE SAP Note) directly.
  * introduce an additional parameter 'SKIP_SYSCTL_FILES' in the
    /etc/sysconfig/saptune configuration file, which contains a
    comma separated list of sysctl.conf files or directories
    containing sysctl.conf files, which should be excluded from
    the 'additional defined' WARNING messages.
    Default is
    SKIP_SYSCTL_FILES="/boot"
    to skip the WARNINGS for '/boot/sysctl.conf-<kernelversion>'
- check in preinstall and posttrans of the package installation,
  if the active tuned profile is still 'saptune', even that this
  profile no longer exists. If yes, try to remove it.
  (bsc#1194688)
scap-security-guide
- ssg-fix-journald.patch: switch buggy journald plugindir remediation
  to write into journald.conf. (bsc#1217832)

- updated to 0.1.70 (jsc#ECO-3319)
  - Add openembedded distro support (#10793)
  - Remove DRAFT wording for OpenShift STIG (#11100)
  - Remove test-function-check_playbook_file_removed_and_added test (#10982)
  - scap-security-guide: Add Poky support (#11046)
000release-packages:sle-ha-release
n/a
000release-packages:sle-module-basesystem-release
n/a
000release-packages:sle-module-containers-release
n/a
000release-packages:sle-module-desktop-applications-release
n/a
000release-packages:sle-module-development-tools-release
n/a
000release-packages:sle-module-public-cloud-release
n/a
000release-packages:sle-module-sap-applications-release
n/a
000release-packages:sle-module-server-applications-release
n/a
supportutils
- Changes in version 3.1.26
  + powerpc plugin to collect the slots and active memory (bsc#1210950)
  + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
  + supportconfig: collect BPF information (pr#154)
  + Added additional iscsi information (pr#155)

- Added run time detection (bsc#1213127)

- ha_info sle15 uses /var/log/pacemaker/ (pq#153)

- Changes for supportutils version 3.1.25
  + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
  + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
  + powerpc: collect invscout logs (pr#150)
  + powerpc: collect RMC status logs (pr#151)
  + Added missing nvme nbft commands (bsc#1211599)
  + Fixed invalid nvme commands (bsc#1211598)
  + Added missing podman information (PED-1703, bsc#1181477)
  + Removed dependency on sysfstools
  + Check for systool use (bsc#1210015)
  + Added selinux checking (bsc#1209979)
  + Updated SLES_VER matrix

- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)

- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
  that `numactl --hardware` data is provided in supportconfigs

- Changes to supportconfig.rc version 3.1.11-35
  + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)

- Changes to supportconfig version 3.1.11-46.4
  + Added plymouth_info

- Changes to getappcore version 1.53.02
  + The location of chkbin was updated earlier. This documents that
    change (bsc#1205533, bsc#1204942)
suse-build-key
- replace libzypp-post-script based installation with a systemd timer
  and service.
  - suse-build-key-import.service
  - suse-build-key-import.timer

- add and run a import-suse-build-key scripts, this will be ran
  after installation with libzypp based installers. (jsc#PED-2777)
suse-module-tools
- Update to version 15.4.18:
  * blacklist RNDIS modules (bsc#1205767, jsc#PED-5731, CVE-2023-23559)
  * modprobe.d: Blacklist cls_tcindex module (bsc#1210335, CVE-2023-1829)
  (note: this is not a full fix for that CVE)

- Update to version 15.4.17:
  * cert-script: warn only once about non-writable efivarfs
  * cert-script: skip cert handling if efivarfs is not writable
    (bsc#1213428, bsc#1201066)
systemd-rpm-macros
- Bump version to 14

- Switch to `systemd-hwdb` tool when updating the HW database. It's been
  introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`.
sysuser-tools
- Remove all systemd requires, not supported on SLE15 [bsc#1214140]

- Version 3.2
- update sysusers_requires to request sysuser-shadow 3.2
- Use TAB consistently for indention in sysusers2shadow.sh
- This pkg needs to follow behavior which is described in sysusers.d(5).
  Always create a system group of the same name as the system user,
  even if the user already exists. (bsc#1205161, bsc#1207778, bsc#1213240)

- Add "quilt setup" friendly hint to %sysusers_requires usage
  It is not required to have sysuser-tools installed when working
  with a pkg source which uses sysuser-tools at build time.

- Use append so if a pre file already exists it isn't overridden

- invoke bash for bash scripts (bsc#1195391)
vim
- Updated to version 9.0 with patch level 2103, fixes the following security problems
  * Fixing bsc#1215940 (CVE-2023-5344) - VUL-0: CVE-2023-5344: vim: Heap-based Buffer Overflow in vim prior to 9.0.1969.
  * Fixing bsc#1216001 (CVE-2023-5441) - VUL-0: CVE-2023-5441: vim: segfault in exmode when redrawing
  * Fixing bsc#1216167 (CVE-2023-5535) - VUL-0: CVE-2023-5535: vim: use-after-free from buf_contents_changed()
  * Fixing bsc#1216696 (CVE-2023-46246) - VUL-0: CVE-2023-46246: vim: Integer Overflow in :history command
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1894...v9.0.2103

- Updated to version 9.0 with patch level 1894, fixes the following security problems
  * Fixing bsc#1214922 (CVE-2023-4738) - VUL-0: CVE-2023-4738: vim: heap-buffer-overflow in vim_regsub_both
  * Fixing bsc#1214924 (CVE-2023-4735) - VUL-0: CVE-2023-4735: vim: OOB Write ops.c
  * Fixing bsc#1214925 (CVE-2023-4734) - VUL-0: CVE-2023-4734: vim: segmentation fault in function f_fullcommand
  * Fixing bsc#1215004 (CVE-2023-4733) - VUL-0: CVE-2023-4733: vim: use-after-free in function buflist_altfpos
  * Fixing bsc#1215006 (CVE-2023-4752) - VUL-0: CVE-2023-4752: vim: Heap Use After Free in function ins_compl_get_exp
  * Fixing bsc#1215033 (CVE-2023-4781) - VUL-0: CVE-2023-4781: vim: heap-buffer-overflow in function vim_regsub_both
- drop patches: disable-unreliable-tests.patch
    ignore-flaky-test-failure.patch
    vim-8.1.0297-dump3.patch
- dropped %check - most of tests didn't work correctly in OBS
    and maintenance burden of this was getting too big
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1632...v9.0.1894

- Use app icon generated from vimlogo.eps in source tarball; add
  higher res icons of sizes 128, 256, and 512px as png sources.
  Our current icons deviate from upstream flatpaks for example.
- Updated to version 9.0 with patch level 1632
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1443...v9.0.1632
xen
- bsc#1216807 - VUL-0: CVE-2023-46836: xen: x86: BTC/SRSO fixes not
  fully effective (XSA-446)
  xsa446.patch

- bsc#1216654 - VUL-0: CVE-2023-46835: xen: x86/AMD: mismatch in
  IOMMU quarantine page table levels (XSA-445)
  xsa445.patch

- bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow
  reference dropped too early for 64-bit PV guests (XSA-438)
  650abbfe-x86-shadow-defer-PV-top-level-release.patch
- bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional
  execution leak via division by zero (XSA-439)
  64e5b4ac-x86-AMD-extend-Zenbleed-check.patch
  65087000-x86-spec-ctrl-SPEC_CTRL_EXIT_TO_XEN-confusion.patch
  65087001-x86-spec-ctrl-fold-DO_SPEC_CTRL_EXIT_TO_XEN.patch
  65087002-x86-spec-ctrl-SPEC_CTRL-ENTRY-EXIT-asm-macros.patch
  65087003-x86-spec-ctrl-SPEC_CTRL-ENTER-EXIT-comments.patch
  65087004-x86-entry-restore_all_xen-stack_end.patch
  65087005-x86-entry-track-IST-ness-of-entry.patch
  65087006-x86-spec-ctrl-VERW-on-IST-exit-to-Xen.patch
  65087007-x86-AMD-Zen-1-2-predicates.patch
  65087008-x86-spec-ctrl-Zen1-DIV-leakage.patch
- bsc#1215746 - VUL-0: CVE-2023-34326: xen: x86/AMD: missing IOMMU
  TLB flushing (XSA-442)
  65263470-AMD-IOMMU-flush-TLB-when-flushing-DTE.patch
- bsc#1215747 - VUL-0: CVE-2023-34325: xen: Multiple
  vulnerabilities in libfsimage disk handling (XSA-443)
  65263471-libfsimage-xfs-remove-dead-code.patch
  65263472-libfsimage-xfs-amend-mask32lo.patch
  65263473-libfsimage-xfs-sanity-check-superblock.patch
  65263474-libfsimage-xfs-compile-time-check.patch
  65263475-pygrub-remove-unnecessary-hypercall.patch
  65263476-pygrub-small-refactors.patch
  65263477-pygrub-open-output-files-earlier.patch
  65263478-libfsimage-function-to-preload-plugins.patch
  65263479-pygrub-deprivilege.patch
  6526347a-libxl-allow-bootloader-restricted-mode.patch
  6526347b-libxl-limit-bootloader-when-restricted.patch
- bsc#1215748 - VUL-0: CVE-2023-34327,CVE-2023-34328: xen: x86/AMD:
  Debug Mask handling (XSA-444)
  6526347c-SVM-fix-AMD-DR-MASK-context-switch-asymmetry.patch
  6526347d-x86-PV-auditing-of-guest-breakpoints.patch
- Upstream bug fixes (bsc#1027519)
  64e6459b-revert-VMX-sanitize-rIP-before-reentering.patch
  64eef7e9-x86-reporting-spurious-i8259-interrupts.patch
  64f71f50-Arm-handle-cache-flush-at-top.patch
  65084ba5-x86-AMD-dont-expose-TscFreqSel.patch
- Patches dropped / replaced by newer upstream versions
  xsa438.patch
  xsa439-00.patch
  xsa439-01.patch
  xsa439-02.patch
  xsa439-03.patch
  xsa439-04.patch
  xsa439-05.patch
  xsa439-06.patch
  xsa439-07.patch
  xsa439-08.patch
  xsa439-09.patch
  xsa442.patch
  xsa443-01.patch
  xsa443-02.patch
  xsa443-03.patch
  xsa443-04.patch
  xsa443-05.patch
  xsa443-06.patch
  xsa443-07.patch
  xsa443-08.patch
  xsa443-09.patch
  xsa443-10.patch
  xsa443-11.patch
  xsa444-1.patch
  xsa444-2.patch

- bsc#1215744 - VUL-0: CVE-2023-34323: xen: xenstored: A
  transaction conflict can crash C Xenstored (XSA-440)
  xsa440.patch
- bsc#1215746 - VUL-0: CVE-2023-34326: xen: x86/AMD: missing IOMMU
  TLB flushing (XSA-442)
  xsa442.patch
- bsc#1215747 - VUL-0: CVE-2023-34325: xen: Multiple
  vulnerabilities in libfsimage disk handling (XSA-443)
  xsa443-01.patch
  xsa443-02.patch
  xsa443-03.patch
  xsa443-04.patch
  xsa443-05.patch
  xsa443-06.patch
  xsa443-07.patch
  xsa443-08.patch
  xsa443-09.patch
  xsa443-10.patch
  xsa443-11.patch
- bsc#1215748 - VUL-0: CVE-2023-34327,CVE-2023-34328: xen: x86/AMD:
  Debug Mask handling (XSA-444)
  xsa444-1.patch
  xsa444-2.patch

- bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional
  execution leak via division by zero (XSA-439)
  xsa439-00.patch
  xsa439-01.patch
  xsa439-02.patch
  xsa439-03.patch
  xsa439-04.patch
  xsa439-05.patch
  xsa439-06.patch
  xsa439-07.patch
  xsa439-08.patch
  xsa439-09.patch

- bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow
  reference dropped too early for 64-bit PV guests (XSA-438)
  xsa438.patch

- Handle potential unaligned access to bitmap in
  libxc-sr-restore-hvm-legacy-superpage.patch
  If setting BITS_PER_LONG at once, the initial bit must be aligned
xterm
- xterm-CVE-2023-40359.patch: Fixed reporting characterset names
  in ReGiS graphics mode (bsc#1214282)
yast2-storage-ng
- New MdLevel value for linear RAIDs (bsc#1215022)
- 4.4.46
zypper
- Return 104 also if info suggests near matches (fixes #504)
- Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422)
- Fix typo (fixes #484)
- version 1.14.66

- Fix some typos and spelling errors found by Lintian (fixes #501)
- Prefer unaliased `grep` to avoid unexpected/wrong completions.
  (#503)
- commit: Insert a headline to separate output of different rpm
  scripts (bsc#1041742)
- Fix typo in changes file.
- version 1.14.65

- Fix name of the bash completion script (bsc#1215007)
  In 1.14.63 the location of the bash completion script was changed
  to /usr/share/bash-completion/completions/. But the patch failed
  to also rename the completion script. The original script name
  zypper.sh is not recognized at the new location.
- Update notes about failing signature checks (bsc#1214395)
  It might be a transient issue if the server is in the midst of
  receiving new data. Retry after a few minutes might work.
- Improve the SIGINT handler to be signal safe (bsc#1214292)
  This patch updates the SIGINT handling strategy to be signal
  safe. Meaning the signal handler will do not much more than
  setting a flag, which we are going to check in the normal program
  flow as much as possible.
- version 1.14.64

- Changed location of bash completion script (bsc#1213854).
  This changes the location of zypper.sh bash completion script
  from /usr/share/bash-completion/completions/.
- version 1.14.63

- man: revised explanation of --force-resolution (bsc#1213557)
  Point out that the option not only allows to remove packages but
  may also violate any other active policy if there is no other way
  to resolve the job.
- Print summary hint if policies were violated due to
  - -force-resolution (bsc#1213557)
- BuildRequires:  libzypp-devel >= 17.31.16 (for zypp-tui)
- version 1.14.62